2017 awsome day taichung sharing
TRANSCRIPT
![Page 1: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/1.jpg)
2017 AWSome day Taichung sharing
Kimi2017/02/24
![Page 2: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/2.jpg)
Retro• EC2
• VPC
• Load Balancer
• Auto Scaling
• VPC
• CloudWatch
• RDS
• S3
• DynamoDB
• IAM
• CloudTrail
• EBS
• Glacier
• AWS Architect
![Page 3: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/3.jpg)
What is cloud?
![Page 4: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/4.jpg)
What is cloud?
• On-demand
• Resources
• Pay-as-you-go
![Page 5: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/5.jpg)
Cloud computing generation
• Cost less
• High ability
• New skill to cloud
• Amazon Web Service (AWS)
• Microsoft Azure
• Google Cloud Platform
![Page 6: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/6.jpg)
Region, AZ and Edge• Region
• Availability Zones
• Edge
![Page 7: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/7.jpg)
Region and AZ
![Page 8: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/8.jpg)
Example:Region: TaiwanAZ:3
Taipei
Taichung
Kaohsiung
![Page 9: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/9.jpg)
Edge• Route 53 - Domain name service
• Cloud Front - Content Delivery Network (CDN)
![Page 10: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/10.jpg)
Instance• Meta Data
- Instance resume (e.g. Memory size)• User Data
- User customize
- e.g. pre-configuration script
- Only execution at first launch
(restart/reboot don’t take effect)
![Page 11: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/11.jpg)
Muti-AZ Instance
![Page 12: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/12.jpg)
EC2 pricing
![Page 13: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/13.jpg)
VPC
![Page 14: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/14.jpg)
S3 Tips• Bucket name
- Unique of the world
• Object limit
- 5 TB
![Page 15: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/15.jpg)
S3 Encryption
• Server side
- Cost on aws side
• Client side
- Cost on user side
![Page 16: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/16.jpg)
Another cheaper storage solution
• AWS Glacier
- Cold Storage
- Very Cheap
![Page 17: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/17.jpg)
EBS Tips• Single AZ
• Alive if EC2 instance terminated• Expensive than S3
![Page 18: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/18.jpg)
EBS backup• Create a EBS snapshot
• Store it into S3
• Create a new EBS volume
• Attach snapshot to new EBS
![Page 19: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/19.jpg)
Instance Storage
Instance
Instance
InstanceStorage EBS
![Page 20: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/20.jpg)
Instance Storage Tips• Fast Read/Write IOPS
• It's size based on EC2 instance type.
• Automatically deletes when stop, fails or terminated
![Page 21: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/21.jpg)
IAM
• User
• Role
• Policy
![Page 22: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/22.jpg)
IAM - User
![Page 23: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/23.jpg)
IAM - User Permission
![Page 24: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/24.jpg)
IAM - User Group
![Page 25: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/25.jpg)
IAM Role• Access permission between AWS services
• Not all of the AWS services have “Role” setting
• Any actions must add permission in “Role”.
![Page 26: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/26.jpg)
IAM Role use case - ECS
ECS
Front-end
Back-endC2C
ECR
![Page 27: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/27.jpg)
IAM Role use case - ECS
ECSEC2 ECR S3
1.
![Page 28: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/28.jpg)
IAM Role use case - ECS
ECSEC2 ECR
ECR Access
S3
1.
![Page 29: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/29.jpg)
IAM Role use case - ECS
ECSEC2 ECR
ECR Access
S3
1.
ECSEC2 ECR
ECR Access
S3
2.
S3 Access
![Page 30: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/30.jpg)
IAM - Policy
![Page 31: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/31.jpg)
Access service via Role
• Hard code access key
• High Risk
awsConfig({ region: 'us-east-1' // explicitly set AWS region sslEnabled: true, // override whether SSL is enabled maxRetries: 3, // override the number of retries for a request accessKeyId: 'your_aws_access_key', // can omit access key and secret key secretAccessKey: 'your_secret_key' // if relying on a profile or IAM profile: 'profile_name', // name of profile from ~/.aws/credentials timeout: 15000 // optional timeout in ms. Will use AWS_TIMEOUT });
![Page 32: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/32.jpg)
Cloud Tail• Records AWS API calls for accounts.
![Page 33: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/33.jpg)
SQL vs NoSQL
![Page 34: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/34.jpg)
RDS• Fast to deploy
• Fast to scale
• Easy to Backup
- Automatic
- Manual backup via Snapshots
![Page 35: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/35.jpg)
Cross-Region DB
![Page 36: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/36.jpg)
Multi-AZ RDS
![Page 37: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/37.jpg)
Classis Load Balancer
![Page 38: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/38.jpg)
![Page 39: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/39.jpg)
![Page 40: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/40.jpg)
Auto scaling
![Page 41: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/41.jpg)
![Page 42: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/42.jpg)
CloudWatch• A monitoring service
• Visibility• Connecting a lots of AWS services
![Page 43: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/43.jpg)
![Page 44: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/44.jpg)
![Page 45: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/45.jpg)
Scale Up vs Scale Down
CPU: i5MEM: 4GB
CPU: i7*2MEM: 16GB
Scale UpScale Down
![Page 46: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/46.jpg)
Scale In vs Scale OutCPU: i5
MEM: 4GB
CPU: i5MEM: 4GB
CPU: i5MEM: 4GB…
CPU: i5MEM: 4GB
Scale Out
Scale In
![Page 47: 2017 AWSome day Taichung sharing](https://reader036.vdocument.in/reader036/viewer/2022062223/58b885d51a28ab44078b70d5/html5/thumbnails/47.jpg)