Skip to content

Compute

EC2

  • Pricing:
    • On demand: by hour (recent change: Linux instances by seconds)
    • Reserved: 1 or 3 year commitment
      • Standard
      • Convertible (changeable, as long as higher priced)
      • Scheduled: only during a time window
    • Spot: bid prices
      • If you terminate, pay the full hour, if Amazon terminates, hour is free
    • Dedicated hosts: (can be purchased on-demand, reserved)
  • Types: General purpose or optimized for Compute, Storage, Memory
  • Root volume types:
    • EBS -- permanent
    • Instance store -- Ephemeral cannot stop instance, only reboot/terminate
  • Instance Status check:
    • System status: The underlying h/w and hypervisor are okay
    • Instance status: The guest OS is reachable, not hung
  • Default AMI can’t encrypt root volume
  • Metadata URL: http://169.254.169.264/latest/meta-data/
  • Placement group: For low latency, high network throughput, eg Hadoop cluster
    • Must be within single AZ
  • AMIs are regional

EC2 AutoScaling Group

  • load balance across AZ
  • uses launch configuration as template to launch additional instances
  • have life-cycle hooks to take action before and after instance is put in the fleet
  • Will receive health check data from ELB when selected
  • Policies
    • Simple: increase/decrease instances based on a metric alarm
    • Stepped: same as simple, but multiple thresholds
    • Target tracking: dynamically auto scale based on a metric (eg CPU utilization)

ELB

  • Application, Network and Gateway
  • route traffic to single AZ or multiple AZ
  • health check: ELB routes traffic only to healthy instance, containers, IP addresses, microservices, lambda and appliances
    • Unhealthy: response time exceed specified number of consecutive times
    • Needs a health-check URL
  • supports sticky session, i.e. requests from the same client go to the same target
  • Gateway LB allow third-party virtual appliances to be deployed and scale
    • e.g. DDoS protection service, intrusion detection and prevention devices
  • Application LB
    • Features: WebSocket, sticky sessions, TLS offloading, User authentication (using Amazon Cognito)
    • content based routing: path, header, http method, query string parameter, source IP (CIDR based)
    • can route to outpost, lambda functions, containers running on single instance via multiple ports
  • Network
    • static IP, very high performance
  • Classic LB: legacy, for applications built with EC2 classic network
feature Application Network Gateway
Layer 7 4 3 (Gateway) 4 (LB)
Target IP, instance, Lambda IP, Instance IP, instance
Proxy Yes Yes No
Protocol HTTP(S), gRPC TCP, UDP, TLS IP
Reachable Via VIP VIP Route table entry

CloudWatch

  • Dashboards
  • Alarms: notify using SNS on threshold
  • Events: Run, eg, lambda in response to events, eg, webserver coming up
  • Log: Collects logs from agents installed on various instances

Lambda

  • Pricing: # of requests, duration, GB/sec
  • Supports serverless services: S3, dynamodb, API gateway
  • Default timeout: 5 min

API Gateway

  • Can cache results for TTL period
  • Can scale automatically, can be throttled to prevents attacks
  • Can log results to CloudWatch
  • CORS: When using Javascript or AJAX that use multiple domains (eg S3 images, fonts etc to be referenced from external website) enable CORS
  • Lambda can run up to 15 minutes, but API Gateway has a limit of 30 seconds

Containers

  • EKS: Uses K8S, open-source components, cloud agnostic
  • ECS: Integrates well with ECS, little cheaper (no control plane cost)
  • Fargate: Works with either EKS or ECS, but not with BeanStalk or LighSail
    • no EC2 to manage
    • max 4 VCPU, 30GB storage
                          | EKS                          | ECS

      ----------------|------------------------------|--------------------------------- concepts | Pod, ReplicaSet, HPA | Task, Service, Capacity Provider scaling | Horizontal Pod Autoscaling | AWS auto-scaling logging | fluentD, fluentBit | CloudWatch monitoring | Prometheus, Grafana | CloudWatch security | RBAC, Network Policies, ISRA | SG, NACL, VPC constructs AWS Integration | Some - LB | spot instances, API gateway, HA cost | 72$/month control plane | control plane is free

                  | BeanStalk            | App Runner       | LightSail

      -------------|----------------------|------------------|------------------------- provisioning | 1 Container/EC2 | vCPU + Memory | 1 container/pseudo EC2 auto scale | based on EC2 metrics | # of connections | None ALB | Yes | Yes | Yes Private ECR | Yes | Yes | No/Lightsail registry Same VPC | Yes | No | No EFS | Yes | No | With Peering

Elastic MapReduce EMR

  • is a managed cluster for BigData processing. Cluster consists of
    • One master node to control the cluster and distribute data to other nodes
    • One or more core node runs application data and access HDFS
    • One or more task node that can run application but does not access HDFS (typically spot instances)
  • can run in Cluster mode, which is long running, or Step execution mode which allows you to add steps to run when you create a cluster and cluster terminates after the steps run.
  • can use multiple instance groups, for example, to take advantage of spot instances
  • storage:
    • HDFS: ephemeral storage that is reclaimed when cluster is terminated. Ideal for a lot of random IO for transient storage
    • EMRFS: S3 that works as HDFS. Ideal for persistent starting input and final output storage
    • Local: instance level ephemeral storage
  • YARN is the default resource manager
  • lifecycle of a cluster
    • Starting provisions EC2 instances with either the default or a custom AMI
    • bootstrapping install custom applications via bootstrapping
    • install native applications on each instance. e.g. pig, hive, spark etc
    • Running running the work that is specified at cluster creation. Can add more steps that get queued behind current work
    • Waiting/shutting down after the curren work has been processed, if auto terminate is not set/set.
    • completed after the cluster has been terminated

Glue

  • Serverless ETL
  • Components:
    • Data Catalog: compatible with Hive meta-store
    • Crawlers: use classifiers for automatic data catalog and inferring schema and partitions
      • can read from S3, DynamoDB or JDBC
      • classifier infer schema, built-in: JSON, XML, CSV, various log formats
      • Custom classifier can be written using grok, XML, JSON or CSV
      • can be scheduled to automatically pick up new files
    • ETL jobs:
      • Python shell: non-distributed environment
      • Apache spark: distributed environment to run PySpark or Scala scripts
    • Job triggers: orchestrate job scheduling using job event triggers and monitoring
    • Developer end-point: provides ability to develop using Zeppelin or Jupyter notebooks