Global Infrastructure

What is VPC?
  • It is a virtual Network our data center dedicated to you are AWS account.
  • One can launch EC2 Instances into their VPC.
  • VPC is the abbreviation of Virtual Private Cloud.
  • There can be multiple availability zones in a VPC.
  • A private cloud is a cloud architecture owned by a company where a company can create its own data center, storage, network devices, which is accessible only to the authorized premises of that company.
  • A virtual private cloud is a virtual network that closely resembles a traditional networking that you operate in your own data center, with the benefits of using the scalable infrastructure.
  • It is logically isolated from other virtual net work in the AWS cloud.
  • Maximum of five VPC can be created in a region and 200 subnets can be created in one VPC.
    • We can create 200 routing tables in a VPC corresponding to VPC.
    • We can allocate five elastic IP in an account.
      • We can extend this limit after requesting Amazon.
  • Once we create a VPC DHCP, NACL and security group will be automatically created.
  • A VPC is confined to an AWS region and does not extend between regions.
  • Two subnets in a VPC should have different CIDR.
    • However, the subnets in two different VPC may have same CIDR.
  • If we are doing VPC peering then the CIDR should be different.
    • If the VPC has same CIDR then one of them has to create a secondary VPC to peer with the first one.
  • Maximum capacity of VPC to have IP addresses is 256.
What is a Subnet?
  • Subnets our smaller networks inside VPC.
  • We need subnets because of following reasons
    • Security reasons need to provide security for different departments.
    • Resource allocation - different resources me require different access by different users.
  • Inside subnets we launch of AWS resources
  • We can create one or more than one subnets in availability zone.
  • There are three types of subnets
    • Public
      • Traffic is routed to Internet gateway
    • Private
      • Traffic is neither routed to Internet gateway nor routed to virtual private gateway.
    • VPN only
      • Traffic is routed to virtual private gateway.(VPG)
Show a CIDR calculation to have single subnet in a VPC and to have 2 subnets in a VPC?
  • Single Subnet in a VPC.
    • CIDR - 172.31.0.0/24
      • Network portion
        • 172.31.0 - 24 bits
        • Can’t be used
      • Host Portion - 0/24 (32-24 =8)
        • So we have eight bits here which gives us to 2 to power 8 i.e 256 servers.
    • So here we can’t allocate host portion as 25 as we do not get 200 servers which is a requirement so we go with host portion as 24.
  • Two subnets in a VPC
    • Subnet 1 CIDR - 172.31.0.0/25
      • Network Portion - 25
      • Host Portion is (32-25) = 7
        • So here we have 7 bits which gives us 2 to power 7 i.e. 128 servers.
      • IP range is from 0 to 127.
    • Subnet 2 CIDR - 172.31.0.128/25
      • Network Portion - 25
      • Host Portion is (32-25) = 7
        • So here we have 7 bits which gives us 2 to power 7 i.e. 128 servers.(from 128 till 255)
      • IP range is from 128 to 255.
What is a security group?
  • Manages the traffic of our instances.
  • We can write further conditional rules for allowed traffic, which is inbound and outbound.
  • There are two types of rules
  • Inbound rules
    • Rules for incoming traffic.
      • Instance is accessible from Internet
  • Outbound rules
    • Rules for outgoing traffic.
      • Instance can/cannot access Internet.
  • By default, all inbound ports are blocked to access in security groups. Only traffic is allowed to leave resource.
What are placement groups?
  • It is used to control the placement strategy of EC2 instance.
  • Three surges for placement groups
    • Cluster
      • Logical grouping of instances within a single availability zone.
      • Provides the lowest latency and the highest packet per second network performance for your placement group.
      • If the grouping fails, all instances fails.
        • Use-case
          • Application having high processing power, example big data.
          • Machine learning application.
    • Spread
      • Span across each availability zones.
      • Reduce the risk of. Simultaneous failure.
      • Each EC2 placed on distinct hardware.
      • Use case
        • Application that needs to maximize high availability.
        • Where each application should be in isolation.
    • Partition
      • Span across multiple availability zones in same region.
      • Instances in a partition, do not share racks with Instances in Other partition.
      • Maximum of seven petitions per availability zone.
      • Use case
        • HDFS
        • HBASE
        • CASSENDRA 
  • Helps to make sure availability of instances in case of fail over.
What is EBS optimised instance?
  • EBS is cloud-based storage provided by AWS used for storing persistent data.
  • Even if we turn off our instance, data persists on the device.
  • EBS volume types
    • Hard disk drives (HDD)
      • Throughput optimized HDD -ST1
      • Cold HDD - SC1
    • Solid state drive(SSD)
      • General-purpose, SSD – GP1, GP2
      • Provisioned IOPS - io2,io2, io2 block express
How to reduce cost of EBS optimised instance?
  • We can take a snapshot and then terminate the volumes of Stopped EC2 instances.
  • Select right sizing of EBS instance’s.
  • Get rid of orphaned, EBS volumes.
    • Aged EBS snapshot’s

Comments

Post a Comment

Popular posts from this blog

Effect : Deny vs No Action

No action allows us to provide granular level control over resources operations. For example, if we use effect, deny For all actions in IAM An, then we use effect allow over some actions in IAM then deniable supersede allow. The way to overcome above issue is to use NoAction on all IAM operations And action on Allowed IAM operations. Example { "Version" : "2012-10-17" , "Statement" : [ { "Effect" : "Allow" , "NotAction" : [ "iam:*" , "organizations:*" , "account:*" ], "Resource" : "*" }, { "Effect" : "Allow" , "Action" : [ "iam:CreateServiceLinkedRole" , "iam:DeleteServiceLinkedRole" , "iam:ListRoles" , "organizations:DescribeOrganization" , "account:ListRegions" ,
Read more

AWS Summaries

Database Summary  RDS(OLTP) SQL My SQL Post Gre SQL Oracle Aurora Maria DB Dynamo DB(No SQL) Redshift OLAP Elastic cache Memcached Redis RDS runs on virtual machines We cannot log into this operating systems however Patching of our RDS Operating system and DB is Amazons responsibility. RDS is not server-less. Aurora surverless is seven less which is an exception. Dynamo DB is server-less. There are two types of backups for RDS Automated backups Database snapshots Read replicas Can be multi availability zones. Use to increase performance Must have backups turned on. Can be in different regions. Can be MySQL,PostgreSQL,Maria DB, Oracle, Aurora, SQL Server is not supported. Can be promoted to master, this will break read replica. Multi availability zone Used for DRG only and not performance. You can force a fail over from one availability zone to another by re-booting the RDS instance. Encryption at Rest Is supported for My SQL, Oracle, SQL server, Postgre SQL, Maria DB and Aurora. Encryp
Read more

Infrastructure Setup using Cloud Formation Templates

Services Required to create CICD Code Build Build code and deploy image in jfrog Code Pipeline Has (Continuous Integration Continuous Deployment)CICD flow Cloud Formation To deploy and create infrastructure we use yml files. S3 Store our data packages and yml files which are used by CFT. ECS To deploy our application on fargate servers We can also create our manual EC2 instances from pipeline. Secrets Manager Manages all the secrets. ELB/ALB Elastic/Application Load Balancer To map context paths of different services GitHub Stores our code Jfrog Used to store all the docker images Dockerfile Used to create a customised docker image Scanning for Vulnerabilities free code Sonarcube Checkmarx Twistlock Cloudwatch Used to store logs We create log group for each of instances Lambda Functions Used for serverless technologies. Creating a new Environment Create the YML images of the different resources required in the environment. The CFT templates are stored in S3 or can be uploaded from syst
Read more