Professional Documents
Culture Documents
Youjun 03
Youjun 03
• Destinations include:
• Amazon Simple Notification Service (SNS) topics
• Amazon Simple Queue Service (SQS) queues
• AWS Lambda
Server S3 Standard IA
AWS Storage Gateway
Can store data
in multiple S3
A local cache provides A virtual gateway storage classes
low latency access to appliance runs on
recently used data S3 One Zone IA
Hyper-V, VMware,
or EC2
Server S3 Standard
AWS Storage Gateway
Data backed up as
STORED VOLUME MODE point-in-time
iSCSI
snapshots
Asynchronous replication
Server S3 Standard
AWS Storage Gateway
S3 standard is
Backup server can used when
use many common S3 Standard writing to tapes
backup applications
Region
VPC
Address is 8.1.2.1
Availability Zone
Public subnet
simple.dctlabs.com A 1.1.1.1 60
2.2.2.2
simple2.dctlabs.com A 3.3.3.3 60
Amazon Route 53
2
Region
DNS query
20%
3
2.2.2.2
20%
Region – us-east-1
DNS query
1.1.1.1
2.2.2.2
Region – ap-southeast-2
New York
Sydney
DNS query
DNS query ALB
Region – us-east-1
Region – ap-southeast-2
ap-southeast-2 is the
secondary Region
ALB
Region – us-east-1
Mexico
2.2.2.2
DNS query
Region – ap-southeast-2
New Zealand
ALB
DNS query
2
Region
DNS query
VPC
1
Amazon Route 53
Public subnet
2
DNS server
Private subnet VPN gateway VPN connection Customer
gateway
VPC
Amazon Route 53
Public subnet
3
Inbound Client
EC2 Instance
Endpoint
Result is returned by
Route 53 via the Inbound
Endpoint
Edge location
Edge locations
are distributed
around the world
Edge location Users are directed
to the nearest
Edge location Users
edge location
Edge location
Edge location
Users
Users Edge location
Users
Users
© Digital Cloud Training | https://digitalcloud.training
CloudFront Origins and Distributions
CloudFront Distribution
Name: d1schtd9zdwrm1.cloudfront.net
Region
There are 12 Regional Global
Edge Caches Users
CloudFront Origins
Edge location
Edge location
Origin 1
The path pattern determines
where to send the request
Beach.jpg
Behaviors HTTP GET beach.jpg
*.jpg = Origin 1
*.mp4 = Origin 2 HTTP GET clip.mp4
Origin 2 Default = Origin 1
Clip.mp4
Origin 1
The default origin is used Origin 2
Origin 1
for any requests that don’t
match a path pattern
4
Signed URLs should be used for Signed URL returned
individual files and clients that
don’t support cookies. 2
1
Serverless
Mobile app authenticates to Application
application and requests
signed URL
© Digital Cloud Training | https://digitalcloud.training
CloudFront Signed Cookies
• Similar to Signed URLs
• Use signed cookies when you don’t want to change
URLs
• Can also be used when you want to provide access to
multiple restricted files (Signed URLs are for individual
files)
GET https://mybucket.s3.amazonaws.com/beach.jpg
Viewer Protocol
For CloudFront
certificate must be
issued in us-east-1
Certificate can be ACM or a
trusted third-party CA Default CF domain
name can be AWS Certificate
changed using Manager
CNAMES
S3 has its own certificate
Certificate can be ACM
(can’t be changed)
(ALB) or third-party (EC2)
Origin Protocol
Origin certificates
S3 Origin must be public
certificates Custom Origin
S3 Origin
Custom Origin
Users are
Requests are redirected to
routed to the another endpoint
optimal endpoint
AWS Global Network
Resolve dctlabs.com
Addresses:
51.45.2.12
53.58.31.89
Answer:
Users in US Edge location Global Accelerator
51.45.2.12 Amazon Route 53
53.58.31.89 Connect via Edge Location
us-east-1 ap-southeast-2
RDS is a managed,
relational database
Amazon RDS
EC2
RDS supports the following
database engines:
Ø Amazon Aurora
Ø MySQL
Ø MariaDB
Ø Oracle
Ø Microsoft SQL Server
Ø PostgreSQL
db.m4.2xlarge
M4 Instance 4 vCPUs, 32
GiB RAM
M4 instance
db.m4.large 2
vCPUs, 8 GiB
RAM
Region
VPC
Application servers
Availability Zone can read from the
read replica and
Multi-AZ creates a write to the master
Writes
passive standby.
Primarily used for RDS Standby Writes EC2 App Server EC2 App Server
disaster recovery
Synchronous
replication
Asynchronous
replication
Read Replicas are used
RDS Master RDS Read Replica for scaling database
queries (reads)
Only database engine on primary instance is active All read replicas are accessible and can be used for read scaling
Always span two Availability Zones within a single Region Can be within an Availability Zone, Cross-AZ, or Cross-Region
Database engine version upgrades happen on primary Database engine version upgrade is independent from source
instance
Automatic failover to standby when a problem is detected Can be manually promoted to a standalone database instance
New DB Instance
Backup
Snapshot
DB Instance
Retention is
0–35 days
Ø Operating system and DB patching can require taking the database offline
VPC
Encryption
in-transit
IP
SSL/TLS encryption
DB Volume
DB Snapshot
© Digital Cloud Training | https://digitalcloud.training
Amazon RDS Security
Ø Encryption at rest can be enabled – includes DB storage, backups, read
replicas and snapshots
Ø You can only enable encryption for an Amazon RDS DB instance when you
create it, not after the DB instance is created
Ø DB instances that are encrypted can't be modified to disable encryption
Ø Uses AES 256 encryption and encryption is transparent with minimal
performance impact
Ø RDS for Oracle and SQL Server is also supported using Transparent Data
Encryption (TDE) (may have performance impact)
Ø AWS KMS is used for managing encryption keys
Snapshot Snapshot
(unencrypted) (encrypted)
Offers high performance, self-healing storage that scales up to 64TB, point-in-time recovery
High performance and scalability
and continuous backup to S3
DB compatibility Compatible with existing MySQL and PostgreSQL open source databases
Aurora Replicas In-region read scaling and failover target – up to 15 (can use Auto Scaling)
Cross-region cluster with read scaling and failover target – up to 5 (each can have up to 15
MySQL Read Replicas
Aurora Replicas)
Cross-region cluster with read scaling (fast replication / low latency reads). Can remove
Global Database
secondary and promote
Multi-Master Scales out writes within a region. In preview currently and will not appear on the exam
On-demand, autoscaling configuration for Amazon Aurora - does not support read replicas
Serverless
or public IPs (can only access through VPC or Direct Connect - not VPN)
Number of replicas Up to 15 Up to 5
Asynchronous
replication Reads Reads
Asynchronous
replication
Region
Reads Reads
Region Region
Primary Region Secondary Region
Replication uses
the Aurora
storage layer
App Server
Warm pool of
capacity
Database
Storage
Region A Region B
2 Promote to primary
1
Fails RTO as it will
Create Read Replica take > 5 minutes to
RDS Primary RDS Read Replica activate primary
1
2 Failover to mirrored DB
Database mirroring
EC2 instance - MySQL DBs EC2 instance Meets RTO as failover
can be very fast
Can implement
solution on EC2
or on RDS
© Digital Cloud Training | https://digitalcloud.training
Amazon ElastiCache Core
Knowledge
Database write
Yes, place nodes in multiple AZs. Yes, with auto-failover. Uses read replicas (0-5 Yes, with auto-failover. Uses read replicas (0-5
Multi-AZ
No failover or replication per shard) per shard)
Scaling Up (node type); out (add nodes) Up (node type); out (add replica) Up (node type); out (add shards)
Multithreaded Yes No No
Backup and restore No (and no snapshots) Yes, automatic and manual snapshots Yes, automatic and manual snapshots
Redis
• Cluster mode disabled:
• Add replica or change node type – creates a new cluster and migrates data
Region A
Region A
Shard
Can failover to a
replica
Primary
DynamoDB Table
Ø Tables
Ø Items
Ø Attributes userid orderid book price date
Horizontal scaling Seamless scalability to any scale with push button scaling or Auto Scaling
Captures a time-ordered sequence of item-level modifications in a DynamoDB table and durably stores
DynamoDB Streams
the information for up to 24 hours. Often used with Lambda and the Kinesis Client Library (KCL)
DynamoDB Accelerator (DAX) Fully managed in-memory cache for DynamoDB that increases performance (microsecond latency)
Transaction options Strongly consistent or eventually consistent reads, support for ACID transactions
Backup Point-in-time recovery down to the second in last 35 days; On-demand backup and restore