Post on 17-Mar-2020
AWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS suneys@amazon.com
AWS Core Infrastructure and Services
AWSTechnicalEssen/als3.8ILT
Security
Network
Security
Network
Security Groups NACLs Access Mgmt
VPCVPC EC2 “Classic”
“Public”
ELB On-Demand Provision
Traditional Infrastructure Amazon Web Services
ServersAMI Amazon EC2 Instances On-Premises Servers
SecuritySecurity Groups NACLs AWS IAM Firewalls ACLs Administrators
NetworkingVPC ELB Router Network Pipeline Switch
Storageand
DatabaseRDBMS DAS SAN NAS Amazon
EBS Amazon
EFS Amazon
S3 Amazon
RDS
PublicSubnet PublicSubnet
PrivateSubnet PrivateSubnet
PrivateSubnet PrivateSubnet
PublicELB
InternalELB
RDSMaster
Usersoverinternet
InternetGateway
RDSStandby
CorporatePremises
VirtualPrivateGatewayCustomerGateway
VPNConnec@on
DirectConnect
CorporateUsers
S3
AZ1 AZ2
NatGateway NatGateway
InternetRoute53
Web-Autoscaling
App-Autoscaling
Mul/-AZRDS
Snapshot
PrivateSubnet
AmazonElas/Cache
PrivateSubnet
AmazonElas/Cache
AmazonCloudFront
Sta/
cCo
nten
t
DynamicContent
AmazonDynamoDB
Sessionstate
AmazonElas/Cache
SessionState
AmazonElas/Cache
SessionState
AmazonGlacier
PublicSubnet PublicSubnet
PrivateSubnet PrivateSubnet
PrivateSubnet PrivateSubnet
PublicELB
InternalELB
RDSMaster
Usersoverinternet
InternetGateway
RDSStandby
CorporatePremises
VirtualPrivateGatewayCustomerGateway
VPNConnec@on
DirectConnect
CorporateUsers
S3
AZ1 AZ2
NatGateway NatGateway
Internet
Web-Autoscaling
App-Autoscaling
Mul/-AZRDS
Snapshot AmazonElas/Cache
AmazonCloudFront
Sta/
cCo
nten
t
DynamicContent
AmazonGlacier
Usersoverinternet
InternetGateway
AZ1 AZ2
Internet
PublicSubnet PublicSubnet
PrivateSubnet PrivateSubnet
PrivateSubnet PrivateSubnet
Let’sdiscuss
• Whatisaregion?• WhatisanAZ?• WhatisaVPCandwhataresubnets?• WhatareNACLandSecurityGroups
AWSGlobalInfrastructure
Achieving High Availability Using Multi-AZ
Availability
Zone - A Availability Zone - B
Availability Zone - C
Region
AmazonVirtualPrivateCloud(VPC)• Provisionalogicallyisolatedsec/onoftheAWScloud
• Controlyourvirtualnetworkingenvironment– Subnets– RouteTables– SecurityGroups– NetworkACLs
• Connecttoyouron-premisesnetworkviahwVPN
• ControlifandhowyourinstancesaccesstheInternet
EC2Instance
VPC
172.31.0.128
172.31.0.129
172.31.1.24
172.31.1.27
VPC
VPC&Subnets
AvailabilityZone1a AvailabilityZone1b
Internet
10.0.0.5
10.0.0.6
10.0.3.17
10.0.3.5
10.0.1.5
10.0.1.25 10.0.1.8
10.0.1.6
VPCSubnet
VPCSubnet
VPCSubnet
VirtualPrivateGateway
CustomerGateway
VPNConnec@on
InternetGateway
CustomerDataCenter
ChoosingIPaddressrangesforyoursubnets172.31.0.0/16
Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet
172.31.0.0/24 172.31.1.0/24 172.31.2.0/24
eu-west-1a eu-west-1b eu-west-1c
Authorizingtraffic:NetworkACLssecuritygroups
NetworkACLs=statelessfirewallrules
Englishtransla/on:Allowalltrafficin
Canbeappliedonasubnetbasis
SecurityGroups
Securitygroups=statefulfirewall
InEnglish:HostsinthisgrouparereachablefromtheInternetonport80(HTTP)
Usersoverinternet
InternetGateway
CorporatePremises
CustomerGateway
VPNConnec@on
DirectConnect
CorporateUsers
AZ1 AZ2
Internet
PublicSubnet PublicSubnet
PrivateSubnet PrivateSubnet
PrivateSubnet PrivateSubnet
VirtualPrivateGateway
Let’sdiscuss
• WhataretheVPCconnec/vityop/ons?
Connec/vityOp/onsTobeginwiththereisinternetandaddi/onally:• VPN• DirectConnect
VPNconnec/ons
VPNconnec/ons
DirectConnect
PublicSubnet PublicSubnet
PrivateSubnet PrivateSubnet
PrivateSubnet PrivateSubnet
PublicELB
InternalELB
Usersoverinternet
InternetGateway
CorporatePremises
VirtualPrivateGatewayCustomerGateway
VPNConnec@on
DirectConnect
CorporateUsers
AZ1 AZ2
NatGateway NatGateway
Internet
Web-Autoscaling
App-Autoscaling
Let’sdiscuss
• NATGateway• ELB
NATGateway
NATAvailableas:
• EC2InstancerunningaLinuxAMI.• ManagedNATservicefromAWS.
Elastic Load Balancing Example
PublicSubnet PublicSubnet
PrivateSubnet PrivateSubnet
PrivateSubnet PrivateSubnet
PublicELB
InternalELB
Usersoverinternet
InternetGateway
CorporatePremises
VirtualPrivateGatewayCustomerGateway
VPNConnec@on
DirectConnect
CorporateUsers
AZ1 AZ2
NatGateway NatGateway
Internet
Web-Autoscaling
App-Autoscaling
Let’sdiscuss
• EC2• Autoscaling
AmazonElas/cComputeCloud(EC2)- Elas/cvirtualserversinthecloud
Physical Servers in AWS Global Regions
HostserverHypervisor
Guest1 Guest2 GuestnEC2Instances
EC2instances:FamiliesandGenera/ons
General-purpose: M1,M3,M4,T2Compute-op/mized: C1,CC2,C3,C4Memory-op/mized: M2,CR1,R3Dense-storage: HS1,D2I/O-op/mized: HI1,I2GPU: CG1,G2Micro: T1,T2
c4.large Instance family
Instance generation
Instance size
EC2 instances: Types and Sizes
StorageOp/ons• Locallyafachedor“instancestorage”• AmazonEBSGeneralPurpose(SSD)volumes• AmazonEBSProvisionedIOPS(SSD)volumes• AmazonEBSMagne/cvolumes• AmazonS3andAmazonGlacierforobjectstorage
AMIDetailsAnAMIincludesthefollowing:• Atemplatefortherootvolumefortheinstance(forexample,anopera/ngsystem,anapplica/onserver,andapplica/ons).
• LaunchpermissionsthatcontrolwhichAWSaccountscanusetheAMItolaunchinstances.
• Ablockdevicemappingthatspecifiesthevolumestoafachtotheinstancewhenit'slaunched.
Amazon EC2 Instances
OS, Applications, & Configuration
AMI
Running or Stopped VM
Instances
AZ
VPC
Region
EBS
S3
EBS Snapshots S3 Buckets
EBS EBS EBS EBS EBS
AZ
Instances Instances
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
Tradi/onalcapacityrequired
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
Tradi/onalcapacityrequired
1serverfor8hours
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
Tradi/onalcapacityrequired
1serverfor8hours 1serverfor8hours
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
Tradi/onalcapacityrequired
1serverfor8hours 1serverfor8hours
1serverfor8hours
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
Tradi/onalcapacityrequired
1serverfor8hours 1serverfor8hours
1serverfor8hours
1serverfor8hours
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
Tradi/onalcapacityrequired
1/3rdsaving
0
1
2
3
4
5
6
0 1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930
Instan
cecou
nt
Dayofmonth
0
1
2
3
4
5
6
0 1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930
Instan
cecou
nt
Dayofmonth
Monthlypredictable
peakprocessing
0
1
2
3
4
5
6
0 1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930
Instan
cecou
nt
Dayofmonth
Tradi/onalcapacityrequired
0
1
2
3
4
5
6
0 1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930
Instan
cecou
nt
Dayofmonth
Elas/ccapacity
Tradi/onalcapacityrequired
0
1
2
3
4
5
6
0 1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930
Instan
cecou
nt
Dayofmonth
75%savings
Tradi/onalcapacityrequired
Elas/ccapacity
Trio of Services Elastic Load Balancing
CloudWatch Auto Scaling Execute Scaling
Policy
CPU Utilization
AWSomeDays3.8
WhatisAmazonEBS?
EBSvolume
AvailabilityZone
AWSregion
EC2instance
WhatisAmazonEBS?
EBSboot
volume
AvailabilityZone
AWSregion
EC2instance
EBSdata
volume
EBSdata
volume
WhatisAmazonEBS?
EBSvolume
AvailabilityZone AvailabilityZone
AWSregion
Replica
WhatisAmazonEBS?
EBSvolume
AvailabilityZone
AWSregion
AmazonS3 EBSsnapshot
AvailabilityZone
Replica
WhatisAmazonEBS?
EBSvolume
AvailabilityZone
AWSregion
AmazonS3 EBSsnapshot
AvailabilityZone
EBSvolume
Replica Replica
WhatisAmazonEBS?
EBSvolume
AvailabilityZone
AWSregion
AmazonS3 EBSsnapshot
EBSvolume
AvailabilityZone
AWSregion
EBSsnapshot
Replica Replica
WhatifanEBSvolumefails?
EBSvolume
AvailabilityZone
EC2instance
AWSregion
EBSvolume
Replica
WhatifanEBSvolumefails?
AvailabilityZone
EBSvolume
EC2instance
AWSregion
Replica
WhataboutEC2instancefailure?
AvailabilityZone
AWSregion
EBSvolume
EC2instance
Replica
WhataboutEC2instancefailure?
AvailabilityZone
AWSregion
EBSvolume
NewEC2instance
Replica
EBSVolumeTypes
Afewdefini/ons…IOPS:Input/outputopera/onspersecond(#)
Throughput:Read/writeratetostorage(MB/s)
Latency:Delaybetweenrequestandcomple/on(ms)
Capacity:Volumeofdatathatcanbestored(GB)
Blocksize:SizeofeachI/O(KB)
EBSVolumeTypes
HarddiskdriveSolidstatedrive
EBSVolumeTypes
GeneralPurposeSSD
gp2!ProvisionedIOPS
SSD
io1!ThroughputOp/mized
HDD
st1!ColdHDD
sc1!
SSD HDD
EBSVolumeTypes:I/OProvisioned
GeneralPurposeSSD
gp2!
Throughput:160MB/s
Latency:Single-digitms
Capacity:1GBto16TB
Baseline:3IOPSperGBupto10,000
Greatforbootvolumes,lowlatencyapplica6onsandburstydatabases
EBSVolumeTypes:I/OProvisioned
ProvisionedIOPSSSD
io1!
Baseline:100to20,000IOPS
Throughput:320MB/s
Latency:Single-digitms
Capacity:4GBto16TB
Idealforcri6calapplica6onsanddatabaseswithsustainedIOPS
EBSVolumeTypes:ThroughputProvisioned
NEW!
ThroughputOp/mizedHDD
st1!
Baseline:40MB/sperTBupto500MB/s
Capacity:500GBto16TB
Burst:250MB/sperTBupto500MB/s
Idealforlargeblock,highthroughputsequen6alworkloads
NEW!
ColdHDD
sc1
EBSVolumeTypes:ThroughputProvisioned
Baseline:12MB/sperTBupto192MB/s
Capacity:500GBto16TB
Burst:80MB/sperTBupto250MB/s
Idealforsequen6althroughputworkloadssuchasloggingandbackup
IOProvisionedVolumes ThroughputProvisionedVolumes
sc1!st1!io1!gp2!
$0.10perGB $0.125perGB$0.065perPIOPS
*Allpricesarepermonthandfromtheus-west-2regionasofApril2016
$0.045perGB $0.025perGB
Performance:BandwidthMafers
EBSc3.2xlarge
EC2instances
Internet
Databases
~125MB/s
S3
c3.8xlarge
10Gbps~1250MB/s
Performance:EBS-Op/mizedInstances
Formaxthroughputsta/s/csperinstancetypes,see:hfp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOp/mized.html
• DedicatednetworkbandwidthforEBSI/O
• Enabledbydefaultonc4,d2,andm4instances
• Canbeenabledatinstancelaunchoronarunninginstance
• Notanop/ononsome10Gbpsinstancetypes(c3.8xlarge,r3.8xlarge,i2.8xlarge)
Performance:EBS-Op/mizedInstances
EBS
EC2instances InternetDatabases
c3.2xlarge
~125MB/s
S3
BestPrac/ce:RAID
WhentoRAID?• Storagerequirement>16TB
• Throughputrequirement>500MB/s
• IOPSrequirement>20,000@16K
BestPrac/ce:RAID
EBSvolume
AvailabilityZone
AWSregion
EC2instance
EBSvolume
RAID0RAID0
Replica Replica
BestPrac/ce:RAID
AvoidRAIDforredundancy
• RAID1halvesavailableEBSbandwidth
• RAID5/6loses20–30%ofusableI/Otoparity
BestPrac/ce:Security
EBSencryp@on
• Afachbothencryptedandunencrypted
• Novolumeperformanceimpact
• Anycurrentgenera/oninstance
• SupportedbyallEBSvolumetypes
• Snapshotsalsoencrypted
• Noextracost
BestPrac/ce:Security
EBSencryp@on:datavolumes
HowAWSpricingwork• Payasyougo:Nominimumcommitments• Paylesswhenyoureserve• Payevenlessperunitbyusingmore• PayevenlessasAWSgrows:44pricedropssince2006
• CustomPricing
PlusServicesofferedfreeofcost• AmazonVPC• AWSElas/cBeanstalk• AWSCloudforma/on• AWSIden/tyandAccessManagement• Autoscaling• AWSOpsworks
FundamentalPricingCharacters/cs• Fundamentalcharacters/csyoupayfor:
– Compute– Storage– Datatransferout
• Customersarechargedfordataxferout.• DataxferintoAWSisfree.• OutbounddatatransferisaggregatedacrossAmazonEC2,AmazonS3,AmazonRDS,AmazonSimpleDB,AmazonSQS,AmazonSNS,andAmazonVPC
EC2PurchasingOp/ons• OnDemand• Reserved• Spot• DedicatedHosts
EC2ReservedInstances
EC2DedicatedHosts&Instances
EC2costs:Pointstoconsider• Serverclockhours• Instanceconfigura/on• InstancePurchaseop/on• NumberofInstances• LoadBalancing• Detailedmonitoring• Autoscaling• Elas/cIP• OSandSoxware
S3costs:Pointstoconsider• Storageclass• Storage• Numberofrequests• DataTransfer
EBSCosts:Pointstoconsider• Volume(GB)provisioned• IOPsprovisioned• Snapshot• DataTransfer
Complicated?Wellyouhaveagreattool
• hfp://calculator.s3.amazonaws.com/index.htmlAWSSimplemonthlycalculator