Additional Topics

  1. Bastion host: An AWS bastion host can provide a secure primary connection point as a ‘jump’ server for accessing your private instances via the internet.
    1. Basically bastion host is EC2 running in your public subnet
    2. Allows SSH and RDP only to certain ip ranges
    3. bastion host run in security group that has SSH/RDP permissions to EC2 instances in your Private subnets
    4. You can SSH to bastion using private key and do further SSH to EC2 in private subnet using
      1. Remote Desktop Gateway for windows
      2. Agent forwarding for Linux SSH
  2. Elastic Map Reduce (EMR)
  3. Data Pipeline
  4. Simple Email Service (SES)
  5. Quick Site:
    1. AWS service that will aggregate your data from multiple data sources (S3, DynamoDB, RDS, etc.) and provide business intelligence based on this data.
  6. NAS (Network Attached Storage) EFS (Elastic File System):
    1. An Amazon EFS file system is accessed by EC2 instances running inside one of your VPCs.
    2. Instances connect to a file system by using a network interface called a mount target.
    3. Each mount target has an IP address or DNS (, which AWS assigns automatically or you can specify.
    4. Use linux mount command to mount this to a folder such as /home/mysharedfolder
    5. Cost in .xx US$ per GB/Month units (around 30 cents per GB/hour)
  7. Status Checks
    1. System status check checks the physical host
      1. Examples: Power failure, Network Failure, System software issues, Hardware failure. When this happens, simply stop and restart the VM which will restart it on a different host (hardware)
    2. Instance status check checks the VM/OS
      1. Corrupt memory
      2. Exhausted memory
      3. Misconfigured network
      4. Kernel issues
      5. Reboot will fix
  8. EBS Volume types (16 TB max for all) (burst max 3000 IOPS)
    1. General Purpose SSD: gp2 Can be root/boot volume
      1. General VMs, web servers. Min 1 GB
      2. 3 IOPS/GB max 10,0000 IOPS
    2. Provisioned IOPS SSD: io1 Can be root/boot volume
      1. High volume db server. Min 4 GB
    3. Throughput Optimized HDD:  st1
      1. Can’t be root/boot volume. Min 500 GB
      2. Big data, Data warehousing, Log processing
    4. Cold HDD: sc1 Can’t be root/boot volume
      1. . Min 500 GB
  9. Workplaces
    1. Using AWS WS client one can connect to virtual desktop (windows only)
    2. Workspaces are persistent
    3. data on D drive is backed up every 12 hours
    4. No need to have AWS account
  10. Elasticity vs Scalability and difference between scaling up and scaling out
    1. Elasticity is being able to scale out and scale back (horizontal scaling) within a short period such as hours or days or weeks. You can achieve this by launching additional instances of the same type and closing them after the demand comes down
    2. Scalability is to scale up your systems as the business grows and demand increases over long term (think months and years). You can achieve scale up (vertical scaling) by increasing the memory/CPU by upgrading your instances to a new type (m1 to m2 etc)
    3. Scaling up may not be instantaneous. May need some downtime unlike scaling out which can happen instantaneously.
    4. DynamoDb is inherently scalable,  however you can increase the IOPS and decrease later to achieve elasticity
    5. RDS is not elastic. You can scale it by upgrading to a higher instance type (small to medium etc)
  11. Snowball imports/exports your data to S3. Replaces Import/Export service where you send your hard disk to AWS by courier.
    1. Snowball: 80 TB data can be transferred to AWS using a physical device
    2. Snowball Edge: 100 TB storage plus EC2 running lamda functions all in one box. Use case: On board an aircraft
    3. Snowmobile: Extremely large amounts of data. Mounted on a truck. Capacity 100 PB
  12. Advantage of Direct Connect over VPN
    1. Better bandwidth as DC uses dedicated VLAN connection from your data center to AWS
    2. VPN uses ipsec protocol over internet and can drop while using if internet has problems.
    3. VPN connections can be setup in minutes whereas direct connect takes weeks to setup
  13. Amazon Resource Names (arn)
    1. Uniquely address any resource
    3. arn:PARTITION:SERVICE:REGION:ACCOUNTID:resourcetype/resource
    4. arn:PARTITION:SERVICE:REGION:ACCOUNTID:resourcetype:resource
    5. PARTITION=aws SERVICE=s3 or iam etc REGION=us-west-2 etc ACCOUNTID is your accountid
    6. For globally unique resources such as S3, need of REGION or ACCOUNTID  so simply use ::: ex: arn:aws:s3:::bybucket/myfile.txt
  14. Data transfer cost optimization
    1. Always use private ip to transfer data between two instances within a single AZ to avail local transfer rates. Otherwise regional data transfer rates will be applied.
    2. If the instances are in different AZs the regional data transfer rate will be applied regardless or private or public ip is used.
  15. Nitro vs Xen Hipervisor
    1. Nitro reduces software components at host level thus more bare metal access to EC2 hence less wastage or memory and CPU resources
    2. Eventually all XEN will be phased out to Nitro
    3. Nitro allows upto 27 PCI devices to be attached to your EC2 including all your EBS and ENI
<<< LambdaArchitecting for the AWS Cloud – Best Practices >>>
Copyright 2005-2016 KnowledgeHills. Privacy Policy. Contact .