Secciones 7.8.9

7 ELB + ASG
8 RDS + Aurora + ElastiCache
9 Route 53

Scalability app can handle greater loads

• horizontal, vertical
  High availability run app on at least 2 data centers
• pasive or active

Load Balancer server that forwards traffic

• health checks
• Classic, Gateway, Network, Application
• ELB Security group (allows access to port 80 and 443) + app Security group (allows access to only the ELB)

ALB Application Load Balancer

• layer 7 HTTP/2 y websockets
• supports redirects
• Routing to target groups, based on path (...com/a o ...com/b), hostname (a_ex_com o b_ex_com), queries o headers
• great fit for microservices & container-based applications
• fixed hostname (XXX_region_elb_amazonaws_com)
• client info comes in headers (X-Forwarded-For, -Port, -Proto)

Target Group grupo de instancias relacionadas

• EC2s, ECS tasks, Lambdas, IPs
• Health checks son al nivel del target group

NLB Network Load Balancer

• Forward TCP & UDP traffic
• millions of requests per second
• ultra low latency
• has 1 static IP per AZ

GLB Gateway Load Balancer

• deploy, scale and manage a fleet of 3rd party network virtual appliances
• layer 3
• GENEVE
• Target groups are EC2s and IPs

Sticky Session same client goes to the same instance

• works on classic, application and network
• custom cookie, generated by target, can include extras,
• application cookie, generated by load balancer
• duration based cookie, generated by load balancer

Cross-Zone Load Balancing

• activado, se distribuye la carga igual a todos
• desactivado, se distribuye la carga igual en cada instancia del load balancer
• activado automaticamente para ALB

SSL

• subir los tuyos o usar aws certificate manager
• USER --HTTPS-- ELB --HTTP_VPC-- EC2s
• se pueden agregar multiples certificados para soportar multiples dominios

SNI Server Name Indication, el cliente especifica que hostname quiere

• resuelve el problema de tener multiples certificados en un solo servidor
• es soportado por ALB y NLB

Connection Draining/ Deregistration Delay

• El tiempo que se va a esperar a las conexiones que ya llegaron cuando empieza el proceso de substituir una instancia no saludable o se esta bajando el numero de instancias en el ASG
• ENTRE 1 Y 3600 SEGUNDOS

ASG Auto Scaling Group

• un Launch Template es AMI + EC2 User Data + EBS Volume + Security Group + SSH key pair + IAM Role + VPC y subnets + Load Balancer Info
• Se puede escalar usando CloudWatch alarms (monitorean una metrica)
• Scaling policies: Target tracking, Simple, Scheduled, Predictive
• Cooldowns: tiempo de espera despues de que un scaling event suceda
• Instance Refresh: recrear todas las instancias al actualizar el launch template

Scaling policies

• a scaling policy instructs amazon ec2 auto scaling to track a specific cloduwatch metric, it defines what action to take when the associated cloaudwatch alarm is in ALARM
• if the capacity calculation produces a number outside of the minimum and maximum size range for that group amazon ec2 auto scaling ensures that the new capacity never goes outside of the min or max limits

PAGINA 140

Seccion 8 RDS, Aurora & Elasticache

RDS Relational Database Service

• Storage Auto Scaling, increases storage automatically, needs Maximum Storage Threshold to be set
  RDS Read Replicas
• Up to 15, replicas can be promoted to their own DB
• Replication
  • Within AZ for performance
  • Cross AZ (has network cost) for disaster recovery
  • Cross Region replication (has network cost) for high availability check, is this right?
• replication is ASYNC
• Network cost implicit when data goes out of the AZ
• From single AZ to Multi AZ, zero downtime

RDS Proxy check, proxy? why and how

• reduce failover time by up to 66%
• never publicly accessible

Aurora proprietary belongs to AWS

• cloud optimized, storage automatically grows in 10GB increments

• Up to 15 replicas

• Instantaneous failover, it's High Availability native

• You get 6 copies of your data across 3AZs

  • 4 of them do writes, 3 of them do reads CHECK
  • self healing, peer to peer replication
  • one instance takes writes (master)

• A cluster has 1 write endpoint and one reader endpoint (load balancing)

• at rest encryption, must be defined at launch time

• IAM authentication, no user/pwd

ElastiCache in-memory database

• helps reduce load off and make apps stateless check, stateless?

ElastiCache Redis vs Memcached

• Redis
  • Multi ZA with failover
  • Read replicas to scale and high availability
  • amazon has MemoryDB, in-memory database service
• Memcached
  • Multi node for partitioning of data (sharding)
  • no high availability (replication)

Caching implementations

• just cache data that makes sense
• lazy loading
  • only requested data is cached
  • cache miss results in 3 round trips
  • data in cache can be outdated
  • easy to implement and works as a foundation
• write through
  • cached data is never outdated
  • each write requires 2 calls
  • a lot of data will never be read
  • usually combined with lazy loading

lazy loading

write through

PAGINA 167

DNS

• DNS Domain Name System, translates hostnames into ips
• Registar: Amazon, GoDaddy
• Top Level Domain TLD .com | .us | .gov | etc
• Second Level Domain amazon.com | google.com | etc

DNS - checks servers in order
Root DNS Server -> TLD DNS Server -> SLD DNS Server

Root DNS Server recognizes the .com and where to find more
TLD DNS Server recognizes example.com ans where to find more
SLD DNS Server owned by the Registar returns the info of the server

Route53

• highly available, fully managed and Authoritative DNS (the user controls the DNS records)
• also a domain registrar
• only service 100% availability SLA

Records

• 5 parts domain | type | value | routing policy | TTL
• types
  • A maps a IPv4
  • AAAA maps a IPv6
  • CNAME maps hostname a hostname
    • ONLY WORK FOR NON ROOT DOMAIN (domain.com wouldn't work) (some.domain.com would work)
  • NS Name Servers for the Hosted Zone (controlan como el trafico es ruteado)

Hosted Zones

• Public Hosted Zones contains records that specify how to route public domain names
• Private Hosted Zones contains records that specify how to route private domain names (within one or more VPCs)

TTL

• time the result is cached

Alias records

• Points a hostname to an AWS Resource
• works for root domains and non root domains
• free of charge
• native health check
• automatically recognizes changes on resources ip's
• of type A or AAAA
• you cannot set the TTL
• targets
  • ELB | Cloudfront distribution | API Gateway | beanstalk | s3 websites
• an EC2 DNS name CANNOT be a target

Routing Policies

• simple can have multiple records, client chooses one randomly does not allowed health checks
• weighted if all records weight 0 all records will be returned equally
• latency
• Failover
• Geolocation based on users location
• Ip based uses the client's IP addresses, you give a list of CIDRs for your clients
• Multi-Value can be associated with health checks, up to 8,
• Geoproximity based on location of resources and users | use trafficflow for visual feedback

Health Checks

• Only for public resources
• health checks for an endpoint
  • 15 global checkers check the health
  • every 30 seconds
  • if > 18% marked as healthy
• health checks for other health checkers (calculated health checks)
  • combine results
  • you can use OR | AND | NOT operators
  • up to 256 childs
• Health checks Private Hosted Zones
  • you have to create a cloudwatch metric associated to a cloudwatch alarm then create the health check on the alarm itself

Domain Registar vs. DNS Service

• Registar from whom you bought the domain
• DNS Service is a service that helps you manage your DNS records