-
-
Save cemeng/ba0219756caa9c5f3c2d818600823ece to your computer and use it in GitHub Desktop.
Focus on automation | |
Preso by Gerardo Estaba - AWS solution architect | |
keyword: on premise | |
az - multiple data centres close to each other - to allow synchronous replication | |
global services -> cloudfront, route 53 | |
other services are region based for example: S3, DynamoDB etc | |
don't wait too long to build - if you have 60% information - start build and iterate on it | |
lightsail -> easiest way to get started on aws, convinient, not a lot of control | |
database option - you can self managed using EC2 - or use RDS (relational db service) or DynamoDB (noSQL) which is fully managed | |
Aurora - mysql / postgres compatible, 6 way replication across 3 zones. up tp 15 read replicas. | |
DynamoDB - items up to 400kb (!!!), auto scale (just new) | |
Amazon Cognito - authentication service - users directory - is this alternative of Gigya? is this IDAM? managed federated identities. | |
the number of users I guess drive the complexity of AWS architecture you need. | |
load balancer - question: can you load balance across regions? felix: that wouldn't make sense would it? | |
ELB - elastic load balancer - now become Classic Load balancer -> don't use this, AWS recommends application load balancer | |
S3 - limit: objects up to 5TB in size (is this per object limit or bucket limit?), answer this is the limit of 1 object size. | |
ElastiCache -> internal cache oh this redis / memcached - where to use this instead of read replicas? | |
tips: use DynamoDB or noSQL for user session data - as this is key / value data anyway | |
When you break things into microservices - how to glue them? | |
* you can use SQS (queue system) | |
Automation: | |
higher level -> lower | |
lightsail, elastic beanstalk, opsworks, cloud formation | |
opswork uses puppet and chef | |
cloud formation is suggested as the first thing that you should learn - it's the power house of aws deployment | |
automating server provisioning | |
code services: | |
codecommit - aws's github | |
codebuild - build system | |
codedeploy - deployment system | |
ci / cd | |
aws codestar -> devops in minutes (ci/cd) | |
other options | |
use container - docker | |
serverless w/ lambda and SPA | |
event driven system |
sumologic aggregates hundreds of logs
would be good to use this - how different it is to loggly
log reduce -> to find things when you don't know what to look for - this group the logs into a pattern
_sourceCategory=Labs/Apache/Access | logreduce
you can do log compare - to compare stats before and after a deployment for example - not sure how to specify comparison periods
Sumologic is a SAAS alternative to splunk and ELK (you have to build it yourselves and on premise)
https://www.sumologic.com/learn/certifications/
there is a limit of 5 VPC per account- you need to ask aws for more.
suggestion: use yaml first - it is easier than json.
very important to design VPC correctly in the first place - you have to plan for this first before doing anything else.
Well architected framework - david williams from polar seven
5 pillars:
security, reliability, performance, cost optimisation, operational excellence
your bill mostly will be ec2 - hehe - you should save money - use reserved instance, the easiest way to save money.
look at cloud formation quick start - these are good examples.
not going to use default VPC - because by default it has public iP address which probably not good idea by default.
VPC
what you set the size of subnet- you're stuck - it's not elastic.
plan your VPC - consider future AWS regition, consider future connectivity, consider subnet design, CIDR cannot be modified after creation
best practice: whitelist your security group of the instances - so for example: when your laptop stolen - ppl can't ssh in to your services.
IAM - best practices -> good stuff
infrastructure as code -> cloud formation
sumologic
outlier detection - intelligent monitoring - this is very interesting - good for detecting fraud maybe?
are we using sumologic in ffx - if so maybe we can leverage that
sumologic is more for the ops - monitoring cloud infra - a bit different to newrelic - which focuses on the app level?