Concept
Cloud Computing Concept includes:
- on demand
- IT
- access online
- pay as you go
Using cloud computing has the benefits as low cost, elastic, flexible, secured.
Product
Here’re the tables to list AWS key services by 5 pilars (security, reliability, performance)
Areas | Key Services |
---|---|
Identity and Access Management | IAM, MFA |
Detective Control | CloudTrail, Config, Cloudwatch |
Infrastructure protection | VPC |
Data Protection | ELB, EBS, S3, RDS |
Incident Response | IAM, Cloudformation |
Reliability Key Service: Cloudwatch
Areas | Key Services |
---|---|
Foundations | IAM, VPC |
Change Management | CloudTrail, Config |
Failure Management | Cloudformation |
Performance Key Service: Cloudwatch
Areas | Key Services |
---|---|
Selection | EBS, Auto Scaling, S3, Glacier, RDS, Dynamo DB |
Review | Cloudformation |
Monitoring | Cloudwatch, Lamda |
Trade-off | Cloudfront, Elasticache, RDS read replica |
Cost optimisation:
- Cost allocation tag: A tag is the label you assign to AWS resource. When you enable the cost allocation tag, AWS use it to enrich cost report by categorized details, make it easier to track your cost.
- AWS Trusted Advisor, it provide real time guidance to help you provision your resources following AWS best practices.
Operational Excellence: Cloudformation
CloudTrail: records account activity by actions across different services in AWS
ELB Detect health remove fail reroute to healthy
VPC Use case: Corporate Data Center
Route 53
EBS, S3, Glacier: How to duplicate EBS in other region: Snapshot EBS to S3( auto scaling) and restore S3 in other region as EBS Automated lifecycle S3 -> Glacier -> delete (notice: one way only)
IAM: active folder?
Cloutwatch: SNS trigger alarm
Redshift: data warehousing and analytics
Cloudformation: yaml, json format, cloudformer to export
AWS snowball: Import/Export, use physical storage to upload to S3
Topic
Cow/ Pet strategy for server
EC2 T2 - For burst usage, e.g. high traffic in specific time
Reserved Cost Model: Pay upfront, 50 -75% lower hourly rate
Disaster Recovery: Multi site, Warm Standby , pilot light, backup & restore.
Web architect: Route 53 -> ELB -> Security Group(EC2, Cloudwatch), RDS -> S3 -> Cloudfront
Security Groups: set firewall and apply them to all instance in scalling
Pricing tool: TCO Calculator
Security done by AWS: ddos shield, API SSL(MAN in the middle), package sniffing and so on..
Key Management Service, Encrypt service ….
Storage gateway?
Regions
It’s public trans between region, encrypt your data. (alt solution private cloud)