Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2017 AWSome day Taichung sharing

162 views

Published on

Kimi

Published in: Engineering
  • Be the first to comment

2017 AWSome day Taichung sharing

  1. 1. 2017 AWSome day Taichung sharing Kimi 2017/02/24
  2. 2. Retro • EC2 • VPC • Load Balancer • Auto Scaling • VPC • CloudWatch • RDS • S3 • DynamoDB • IAM • CloudTrail • EBS • Glacier • AWS Architect
  3. 3. What is cloud?
  4. 4. What is cloud? • On-demand • Resources • Pay-as-you-go
  5. 5. Cloud computing generation • Cost less • High ability • New skill to cloud • Amazon Web Service (AWS) • Microsoft Azure • Google Cloud Platform
  6. 6. Region, AZ and Edge • Region • Availability Zones • Edge
  7. 7. Region and AZ
  8. 8. Example: Region: Taiwan AZ:3 Taipei Taichung Kaohsiung
  9. 9. Edge • Route 53 - Domain name service • Cloud Front - Content Delivery Network (CDN)
  10. 10. Instance • Meta Data - Instance resume (e.g. Memory size) • User Data - User customize - e.g. pre-configuration script - Only execution at first launch (restart/reboot don’t take effect)
  11. 11. Muti-AZ Instance
  12. 12. EC2 pricing
  13. 13. VPC
  14. 14. S3 Tips • Bucket name - Unique of the world • Object limit - 5 TB
  15. 15. S3 Encryption • Server side - Cost on aws side • Client side - Cost on user side
  16. 16. Another cheaper storage solution • AWS Glacier - Cold Storage - Very Cheap
  17. 17. EBS Tips • Single AZ • Alive if EC2 instance terminated • Expensive than S3
  18. 18. EBS backup • Create a EBS snapshot • Store it into S3 • Create a new EBS volume • Attach snapshot to new EBS
  19. 19. Instance Storage Instance Instance Instance Storage EBS
  20. 20. Instance Storage Tips • Fast Read/Write IOPS • It's size based on EC2 instance type. • Automatically deletes when stop, fails or terminated
  21. 21. IAM • User • Role • Policy
  22. 22. IAM - User
  23. 23. IAM - User Permission
  24. 24. IAM - User Group
  25. 25. IAM Role • Access permission between AWS services • Not all of the AWS services have “Role” setting • Any actions must add permission in “Role”.
  26. 26. IAM Role use case - ECS ECS Front-end Back-end C2C ECR
  27. 27. IAM Role use case - ECS ECSEC2 ECR S3 1.
  28. 28. IAM Role use case - ECS ECSEC2 ECR ECR Access S3 1.
  29. 29. IAM Role use case - ECS ECSEC2 ECR ECR Access S3 1. ECSEC2 ECR ECR Access S3 2. S3 Access
  30. 30. IAM - Policy
  31. 31. Access service via Role • Hard code access key • High Risk awsConfig({ region: 'us-east-1' // explicitly set AWS region sslEnabled: true, // override whether SSL is enabled maxRetries: 3, // override the number of retries for a request accessKeyId: 'your_aws_access_key', // can omit access key and secret key secretAccessKey: 'your_secret_key' // if relying on a profile or IAM profile: 'profile_name', // name of profile from ~/.aws/credentials timeout: 15000 // optional timeout in ms. Will use AWS_TIMEOUT });
  32. 32. Cloud Tail • Records AWS API calls for accounts.
  33. 33. SQL vs NoSQL
  34. 34. RDS • Fast to deploy • Fast to scale • Easy to Backup - Automatic - Manual backup via Snapshots
  35. 35. Cross-Region DB
  36. 36. Multi-AZ RDS
  37. 37. Classis Load Balancer
  38. 38. Auto scaling
  39. 39. CloudWatch • A monitoring service • Visibility • Connecting a lots of AWS services
  40. 40. Scale Up vs Scale Down CPU: i5 MEM: 4GB CPU: i7*2 MEM: 16GB Scale Up Scale Down
  41. 41. Scale In vs Scale Out CPU: i5 MEM: 4GB CPU: i5 MEM: 4GB CPU: i5 MEM: 4GB… CPU: i5 MEM: 4GB Scale Out Scale In

×