Compute & Load Balancing Flashcards
(78 cards)
1
Q
EC2 R Instance Types
A
Applications that need a lot of RAM (e.g in memory cache)
2
Q
EC2 C Instance Types
A
Applications that need good CPU (e.g databases or compute)
3
Q
EC2 M Instance Types
A
Applications that are balanced (e.g general or web apps)
4
Q
EC2 I Instance Types
A
Applications that need good local I/O (e.g databases)
5
Q
EC2 G Instance Types
A
Applcations that need a GPU (e.g video rendering or machine learning)
6
Q
EC2 T2/T3 Instance Types
A
Burstable instances
7
Q
EC2 Cluster Placement Strategy
A
Clusters instances into a low latency group in a single AZ
* Pro: Low latency
* Con: If the rack fails, all instances fail
8
Q
EC2 Spread Placement Strategy
A
Spreads instances across underlying hardware
* Pro: span across AZs, reduce risk of simultaneous failure
* Con: Limited to 7 instances per group per AZ
9
Q
EC2 Partition Placement Strategy
A
Spreads instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups in different partitions
10
Q
How to move instances between placement groups
A
- Stop the instance
- Use the CLI to modify the placement
- Start the instance
11
Q
EC2 Instance Launch Type
A
- On demand: short workload, predictable pricing, reliable
- Spot: short workload, cheap, can lose instances
- Reserved: minimum 1 year
- Dedicated: no other customers will share hardware
- Dedicated host: book an entire physical server and control instance placement
12
Q
EC2 Instance Connect
A
Secure way to connect to your Linux instances over SSH. You use IAM policies and principals to control SSH access to your instances, removing the need to share and manage SSH keys.
13
Q
Auto-Scaling EC2
Attribute-based instance type selection
A
Specify a set of instance attributes that describe your compute requirements
* Optimal flexibility for Spot Instances
* Easily use the right instance types
* Automatic use of new instance types
14
Q
AWS Saving Plans
A
Get a discount based on long-term usage, any usage beyond is billed as on-demand
15
Q
EC2 Saving Plans
A
Up to 72% discount (same as standars RIs)
1. Select instance family and region
2. Flexible across size, OS and tenancy
16
Q
Compute Saving Plans
A
Up to 66% discount (same as Convertible RIs)
1. Ability to move between instance families, region, compute type (EC2, Fargate, Lambda)
17
Q
EC2 Graviton
A
Family of processors designed to deliver the best price performance for your cloud workloads
18
Q
EC2 Enhanced Networking
A
Higher bandwidth, higher pps, lower latency
* Elastic Network Adapter (ENA) up to 100 Gbps
* Legacy: Intel 82599 VF
19
Q
Elastic Fabric Adapter
A
Improved Elastic Network Adapter, only works for Linux. Great for inter node communication, tightly coupled workloads.
20
Q
Auto Scaling Groups
Dynamic Scaling Policies
A
- Target tracking scaling: Increase and decrease the capacity based on a CloudWatch metric and a target value
- Simple step scaling: Increase and decrease capacity based on a set of scaling adjustments
- Scheduled actions
21
Q
Auto Scaling Groups
Predictive Scaling
A
Continously forecast load and schedule scaling ahead
22
Q
EC2 Spot Instances discount
A
Up to 90% compared to On-Demand
23
Q
Spot Fleets
A
Set of Spot Instances and On-Demand Instances.
- Define launch pools (instance type, OS, AZ)
- Can have multiple pools to choose from
24
Q
Strategies to allocate Spot Instance
A
- lowestPrice
- diversified distributed across all pools
- capacityOptimized
- priceCapacityOptimized (recommended) pools with highest capacity, then select the lowest price
25
ECS - ALB Integration
Dynamic Port Mapping so multiple instances of the same task can be deployed on the same EC2 instance
Note: *host* and *awsvpc* networking do not support Dynamic Port Mapping
26
ECS networking
* none: don't have external connectivity and port mappings can't be specified
* bridge: uses Docker's built-in virtual network
* host: maps container ports directly to the ENI of the instance that hosts the task. A port on a host can’t be used by multiple tasks.
* awsvpc: the task is allocated an elastic network interface (default for Fargate)
27
Fargate Spot Instances
Specify minimum number of regular tasks that should run at all times and then add tasks on Fargate Spot to improve service performance in a cost-efficient way.
28
ECR Image Scanning
* Manual scan or scan on push
* Basic scanning (common CVE)
* Enhanced scanning: Leverages Inspector
29
Data Volumes EKS
Specify StorageClass manifest, leverages a Container Storage Interface compliant.
Support with EBS, EFS, and FSx.
30
AWS App Runner
Fully managed service that builds and deploy web applications and APIs
31
ECS Anywhere
Run containers on customer managed infrastructure. Install ECS Container Agent and SSM Agent, deploy with **EXTERNAL** launch type.
32
EKS Distro
Kubernetes distribution mantained by AWS
33
EKS Anywhere
Create and operate Kubernetes clusters outside AWS. Reduce support costs and avoid maintaining 3rd party tools
34
EKS Connector
Connect an EKS Anywhere cluster to AWS.
* Fully connected & Partially Disconnected to levarage the EKS console
35
Lambda & Code Deploy
CodeDeploy can help automate traffic shift for Lambda aliases.
* Linear: grow traffic every N minutes
* Canary: try x% then 100%
* AllAtOnce
36
Lambda Logging, Monitoring and Tracing
* CloudWatch
* X-Ray: run a deamon and should use AWS SDK in code
37
Lambda Aynchronous vs Synchronous Invocation
* Synchronous: Error handling must happen client side
* Asynchronous: Lambda attepts to retry on 3 errors. The processing must be idempotent
38
Lambda Extensions
Augment your functions. For example, integrate functions with your preferred monitoring, observability, security, and governance tools.
1. Add an extension as a Lambda layer (zip file)
2. You can add extensions to your container image
39
Protocols supported by load balancers
* Classic Load Balancer: HTTP, HTTPS, TCP, SSL
* Application Load Balancer: HTTP HTTPS, WebSocket
* Network Load Balancer: TCP, TLS, UDP
* Gateway Load Balancer: IP
40
Difference in certificates between LB and ALB
LB supports only one SSL certificate, it can have many Subject Alternate Name (SAN). ALB supports Server Name Indication (SNI), which allows to present multiple certificates.
41
ALB Target Groups
* EC2 instances
* ECS tasks
* Lambda functions (HTTP request is translated into a JSON event)
* IP addresses (must be private)
42
Use case for NLB
Extreme performance. Less latency (100ms vs 400ms for ALB).
* EC2 instances
* IP addresses
* ALB
43
Use case ALB as target group for NLB
When you need to have an static IP address
44
# NLB
Zonal DNS Name
Use to determine the IP address of an specific node to limit cross-zone traffic.
## Footnote
https://aws.amazon.com/es/blogs/networking-and-content-delivery/resolve-dns-names-of-network-load-balancer-nodes-to-limit-cross-zone-traffic/
45
Cross zone load balancing
Each load balancer node distributes traffic across the registered targets in all enabled Availability Zones.
It costs for NLB and GLB, other balancers doesn't generate charge.
## Footnote
https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/how-elastic-load-balancing-works.html#cross-zone-load-balancing
46
Sticky Sessions in Load Balancers
The same client is always redirected to the same instance behind. It works for CLB and ALB.
47
# LB Request Routing Algorithm
Least Outstanding Requests
The next instance to receive the request is the one that has the lowest number of pending requests
(ALB and CLB)
48
# LB Request Routing Algorithm
Round Robin
Equally choose the targets from the target group.
(ALB and CLB)
49
# LB Request Routing Algorithm
Flow Hash
Selects a target based on the protocol, IP Address, port and TCP sequence number. Each connection is routed to a singe target for the life of the connection.
Works with NLB.
50
API Gateway limits
* 29 seconds timeout to respond a request
* 10 MB max payload size
51
API Gateway response pane
The response consists of an HTTP status code, a set of additional headers that are specified by parameter mappings, and a payload that is generated by a non-VTL mapping template.
52
# API Gateway
Lambda non-proxy integration
You specify how the incoming request data is mapped to the integration request and how the resulting integration response data is mapped to the method response.
53
# API Gateway
WebSocket API
* Two way interactive communication between a users browser and a server
* Server can push information to the client
* This enables **stateful** applications
54
AWS AppSync
Enables developers to connect their applications and services to data and events with secure, serverless and high-performing GraphQL and Pub/Sub APIs.
55
AWS AppSync Events
* Real time updates and events
* Pub/Sub channels
* Event handlers to transform before publish
56
AWS AppSync Authorization
Perform authorization on Cognito users bases on the groups they belong to.
57
EC2 with Elastic IP
The Elastic IP Address is moved to an standby instance.
* Quick failover
* Helpful if the client resolves by static public IP address
* Doesn't scale
58
Cross region DNS based load balancing
Ability to use multiple instances
* Route53 TTL implies clients might not be able to access if their instance fails
* Adding an instance may not receive full traffic due tu DNS TTL
59
AWS Outposts
Server racks within your on-premises infrastructure that offers AWS services (EC2, EBS,S3, EKS, ECS, RDS and EMR), APIs and tools.
Your are responsible of physical security.
60
S3 on AWS Outposts
Store and retrieve data locally, reducing data transfers to AWS regions. Storage class named S3 Outposts.
To access from AWS use *S3 Access Point* or syncrnonize with *DataSync*
61
AWS WaveLength
Brings AWS services to the edge of 5G networks, with infrastructure embedded within the telecommunications providers. No additional charges.
It is connected to AWS Regions.
62
WaveLenght Zones VPC extension
Services in Wavelength are part of a VPC that is connected to an AWS Region:
1. A VPC extends to a Wavelength Zone when you create a subnet in the VPC and associate it
2. Instances that are in different Wavelength Zones in the same VPC are not allowed to communicate with each other.
63
Carrier gateway for AWS Wavelength
It allows inbound traffic from a carrier network in a specific location, and it allows outbound traffic to the carrier network and the internet.
64
AWS Local Zones
Extensions of an AWS Region to place AWS services closer to end users to run latency sensitive applications.
65
Amazon CloudFront
Improves read performance because contents is cached at the edge. Expose external HTTPS
66
Amazon CloudFront - Origins
1. **S3 Buckets:** For distributing and loading files. You can use Origin Acccess Control for security.
2. **S3 configured as a website:** Enable Static Webshite Hosting
3. **MediaStore & MediaPackage:** Deliver video on demand
4. **Custom origin:** HTTP endpoints
67
CloudFront vs S3 Cross Region Replication
**CloudFront**
Great for static content that mus be available everywhere
**S3 Cross Region Replication**
Great for dynamic content that needs to be available at low-latency in few regions
68
CloudFront Origin Groups
A primary and secondary origin to increase availability and do failover. Origins can be cross regions.
69
CloudFront Geo Restrictions
Restrict which countries can access distribution
70
CloudFront Pricess Classes
* Price class all: best performance
* Price class 200: most regions, but excludes the most expensive
* Price class 100: only the least expensive regions
71
CloudFront Functions & Lambda Edge deployment
Lambda Edge Functions are deployed at Regional Edge Caches. While CloudFront Functions are deployed at Edge Locations.
72
When to use Lambda Edge over CloudFront Functions
* Longer execution time (more than 1ms)
* Adjustable CPU or Memory
* Access to the request body or file system
* Network access
* Third party APIs calls
* Loading content based on User Agent
73
CloudFront Functions use cases
1. Cache key normalization: Transform request attributes (headers, cookies, query strings, URL)
2. Header manipulation
3. URL rewrites or redirects
4. Request authentication & authorization
74
ElastiCache Use Cases
* Database cache
* User Session Store
75
# ElastiCache
Redis vs Memcached
**Redis:**
* Multi AZ with auto-failover
* Read replicas
* Peristent
**Memcached**
* Multi node for partitioning data
* Non persistent
* Multi-threaded architecture
76
AppStream 2.0
Fully managed application streaming service that provides users with instant access to their desktop applications from anywhere.
77
Access SaaS products through AWS Private Link
1. The service provider creates an endpoint service
2. You create an interface VPC endpoint, establishes connections between subnets in your VPC and the endpoint service
78
Associating a VPC and a private hosted zone in different accounts
* Using the account that created the hosted zone, authorize the association of the VPC
* Using the account that created the VPC, associate the VPC with the hosted zone
* Delete the authorization to associate the VPC with the hosted zone.
