VPC & Subnets
VPC: private network to deploy your resources (regional resource)
Subnets: partition your network inside your VPC (AZ resource)
Public subnet: able to access internet
Private subnet...
Running DB instnace as a mulit-az deployment can further reduce the implace of a mainatenance event becasue Amazon RDS applies operating system updates by following these steps
Perform maintenance ...
EBS Volume
Allow your instance to persist data, even after their termination
Can only be mounted to one instance at a time
Bound to a specific availability zone (us-esat-1a volume cannot be attached ...
OriginsS3 BucketFor distributing files and caching them at the edgeEnhanced security with CloudFront Origin Access Identity (OAI: S3 only allow traffic from CloudFront) CloudFront can be used as ...
What is KMS
Managed service that makes it easy for you to create and control the encryption keys used to encrypt your data
Seamlessly integrated with many AWS services to make encrypting data in thos...
Overview
Kinesis Streams
Streaming data and video in real-time
Kinesis Data Firehose
Data analytics with BI tools
Kinesis Data Analytics
Real-time data analytics with SQL
Kinesis Streams
Has Pro...
CloudWatch
Bascily you can use CloudWatch to monitoring everything in AWS.
CloudWatch Logs allow you to monitor operating system and application logs.
By default, EC2 doesn't send operating system-le...
Overview
Different from SQS, once data into Kinesis, it cannot be deleted. SQS will be deleted after processed
Kinesis is regional
Kinesis Producers
Data record consists of:
Sequence number ...
Traffic splitting: Using ALB
Blue/Green: Using Route 53
Delete some application after xxx days
You cannot change the Load balancer once created
Dockerrun.aws.json is used for run multi d...
Pull-Based
SQS is pull-based, not pushed-based
256KB
Messages are 256 KB in size.
Text Data
Including XML, JSON, and unformatted text.
Guarantee
Messages will be processed at least once
Up to 14 Days...
Web Identity Federation
Simplifies authentication and authorization for web applications.
An Authentication token JWT is exchanged for temporary AWS credentials, allowing users to assume an IAM rol...
AWS STS - Security Token ServiceAllows to grant limited and temporary access to AWS resource (up to 1 hour)AssumeRole: Assume roles within your account or cross accountGetSessionToken: for MFA, from a...
https://resources.owllabs.com/hs-fs/hubfs/Zoom_BG2_Office-View-jpg.jpeg?width=873&name=Zoom_BG2_Office-View-jpg.jpeg
ECSSteps to create a ECSCreate Cluster: EC2 Linux + Networking
When y...
Lambda Execution Role (IAM Role)
Lambda -> other serivce
Grants the Lambda function permissions to AWS servcies / resources
For example, when you want to send message to SQS, you need to have "AWS...
The gola of an Auto Scaling Group (ASG) is to:
Scale out (add EC2 instances) to match an increased load
Scale in (remove EC2 instances) to match a decreased load
Ensure we have a minimum and maximum ...
Serverless framework with AWS
Link to each sections
Table of Content:
Part 0: Serverless Project structure
Part 1: DynamoDB & ApiGateway
Part 2: Event Processing with WebSocket and DyanmoDB ...
"warm-up" for LB to boot faster
503 error for capacity or not registered target
Support HTTP redirects to HTTPS at ALB level
ALB works with ECS
NLB has one static IP per AZ
Extreme p...
