[AWS Certification + 서버관리 마스터] RDS


[Course Outline]

 1. IAM & EC2

 2. EC2: Elastic Load Balancing(ELB) & Auto Scaling

 3. VPC

 4. Database

 5. Storage

 6. Application Services

 7. AWS Well-Architected Framework & DevOps

 8. Presentation & Review


[RDS]

 - Multi-AZ deployment (Synchronously replicate)

 - Automatic failover

 - Provisioned in subnets

 - DB subnet group

 - Use security groups as a firewall

 - Can disable DB access from the Internet

 - Encryption at rest

 - Automatic backup

 - Point in time restore

 - Automatic minor version upgrade

 - Can choose time to perform maintenance

 - Can modify configuration after provisioned 
 - Changes can be applied immediately or during maintenance window
 - Snapshot (Create a point-in-time backup)
 - Read replica: read-only replica (Asynchronously replicate), up to 5
 - Replica lag
 - How to encrypt??
 - Can only stop an instance for 7 days

[Multi-AZ Deployments vs Read Replicas]



[AWS Aurora]

 - MySQL and PostgreSQL-compatible

 - Up to five times faster than MySQL

 - Up to three times faster than PostgreSQL

 - Auto-scales up to 64TB per database instance

 - Up to 15 read-replicas per a cluster


[DynamoDB]

 - Fully managed NoSQL database 

 - Automatically replicate data across three data center

 - Eventual consistent reads by default

 - Read capacity unit & Write capacity unit

 - https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ProvisionedThroughput.html

 - Use cases


 - Which of the following are use cases for Amazon DynamoDB? Choose 3 answers

A. Storing BLOB data.

B. Managing web sessions.

C. Storing JSON documents.

D. Storing metadata for Amazon S3 objects.

E. Running relational joins and complex updates.

F. Storing large amounts of infrequently accessed data.


[Elasticache]
 - Managed Redis and Memcached nodes 
 - High throughput and low latency in-memory data stores
 - Database, cache, Message broker, queue
 - AWS use cases?? Gaming, DB query

[Redshift]

 - OLAP (Online Analytical Processing) 

 - Columnar Data Storage

 - Advanced Compression

 - Massively Parallel Processing

 - https://www.youtube.com/watch?v=AUvn49gey8Y


[Kinesis]

 - https://s3.amazonaws.com/kinesis-demo-bucket/amazon-kinesis-data-visualization-sample/kinesis-data-vis-sample-app.template


[AWS IoT]


[Homework]


 - Qwiklabs

* Hosting WordPress Using Amazon S3

* Caching Static Files with Amazon CloudFront

* Introduction to Amazon Elastic File System(EFS)


 - Reading

* https://aws.amazon.com/rds/faqs/

* AWS Kinesis FAQs

* https://aws.amazon.com/whitepapers/storage-options-aws-cloud




[AWS Certification + 서버관리 마스터] 3주차 VPC(Virtual Private Cloud)


[Course Outline]

 1. IAM & EC2

 2. EC2 : Elastic Load Balancing(ELB) & Auto Scaling

 3. VPC

 4. Database

 5. Storage

 6. Application Services

 7. AWS Well-Architected Framework & DevOps

 8. Presentation & Review


 - Amazon Virtual Private Cloud(Amazon VPC)는 사용자의 AWS 계정 전용 가상 네트워크이다.

 - VPC는 AWS 클라우드에서 다른 가상 네트워크와 논리적으로 분리되어 있다.


[VPC]

 - One default VPC per AWS region

 - Block sizes must be between a /16 netmask and /28 netmask

 - Main CIDR range cannot be modified

 - Tenancy: Default (Shared) vs Dedicated (Single)

 - By default, a VPC security group, a NACL, a routing table, a route for local

 - Carefully choose VPC CIDR range to avoid network address conflict if connecting to other networks through VPN or VPC peering

 - Default VPC can be deleted


[Subnet]

 - A logical subdivision of an IP network(VPC)

 - Reside in an Availability Zone

 - Subnet CIDR block can be the same as VPC CIDR block

 - Subnet CIDR block cannot be smaller than /28 netmask

 - The first four IP addresses and the last IP address in each subnet CIDR block are not available

 - https://docs.aws.amazon.com/ko_kr/vpc/latest/userguide/what-is-amazon-vpc.html

 - Public Subnet mask vs Private Subnet mask? What's the difference?


[Route Table]

 - VPC has an implicit router

 - VPC automatically comes with the main route table

 - Can modify the main table and create a new custom route table

 - Each subnet must be associated with a routing table

 - If you don't explicitly associate a subnet with a particular route table, the subnet is implicitly associated with the main route table.

 - Each route in a table specifies a destination CIDR and a target

 - Internet Gateway, an egress-only Internet gateway, a virtual private gateway, a NAT device, a peering connection, or a VPC endpoint

 - Use the most specific route that matches the traffic to determine how to route the traffic


[Internet Gateway]

 - Allows communication between instances in VPC and the Internet

 - Horizontally scaled, redundant, and highly available

 - Only One Internet Gateway per VPC


[Egress-Only Internet Gateway]

 - Allows outbound communication over IPv6 from instances in VPC to the Internet

 - Prevents the Internet from initiating an IPv6 connection with instances

 - To allow outbound-only Internet communication over IPv4, use a NAT gateway

 - Horizontally scaled, redundant, and highly available

 - Only One Egress-Only Internet Gateway per VPC


[NAT Gateway]

 - Allows outbound communication over IPv6 from instances in VPC to the Internet

 - Prevents the Internet from initiating an IPv6 connection with instances

 - Horizontally scaled but not redundant and highly available

 - Can Create More Than One NAT Gateway Per Subnet

 - Require an Elastic IP and an Internet Gateway


[NAT Instance]

 - Allows outbound communication over IPv4 from instances in VPC to the internet

 - Prevents the internet from initiating an IPv4 connection with instances

 - Not horizontally scaled, redundant and highly available

 - Can Create More Than One NAT Instance Per Subnet

 - Require a Public IP and internet Gateway

 - ** Must disable source/destination checks on NAT instances **

 - AWS provides custom AMI configured NAT functionality


[Bastion Host]

 - Adding the extra layer of security to instances in private and public subnets


[VPC EndPoint]

 - Enables instances to privately connect your VPC to supported AWS services and VPC endpoint services powered by Private Link without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection

 - Instances in VPC do not require public IP addresses to communicate with resources in service

 - Traffic between VPC and the other service does not leave the Amazon network

 - Horizontally scaled, redundant and highly available


[VPC Peering]

 - A networking connection between two VPCs that enables routing traffic between them using private addresses

 - Instances in ether VPC can communicate with each other as fi they are within the same network.

 - Can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account.
   The VPCs can be in different regions

 - Not support Transitive routing


[Network ACLs]

 - Subnet level firewall for controlling traffic in and out of subnets

 - Default nACL allows all inbound and outbound traffic by default

 - Custom nACL denies  all inbound and outbound traffic by default

 - Each subnet must be associated with an nACL

 - If you don't explicitly associate a subnet with a particular nACL, the subnet is  implicitly associated with the default nACL.

 - Contains a numbered list of rules that we evaulate in order, starting with the lowest numbered rule

 - Separate inbound and outbound rules

 - Stateless; responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa)



[Network ACLs vs Security Group]


[VPC Flow Logs]

 - Capture information about the IP traffic going to and from network interfaces in VPC

 - Can be published to Amazon CloudWatch Logs and Amazon S3

 - https://docs.aws.amazon.com/ko_kr/vpc/latest/userguide/flow-logs.html



[Homework]

Qwiklabs

 - Introduction to Amazon Relational Database Service (RDS)

 - Introduction to Amazon DynamoDB

 - Hosting WordPress Using Amazon S3

 - Using Open Data with Amazon S3


Reading

주제 

사이트 

 VPC QnA

 https://aws.amazon.com/ko/vpc/faqs/

 AWS Single VPC Design

 https://aws.amazon.com/ko/answers/networking/aws-single-vpc-design/

 Recommended Network ACL Rules for Your VPC

 https://docs.aws.amazon.com/ko_kr/vpc/latest/userguide/vpc-recommended-nacl-rules.html

Architecting for the Cloud

 http://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf


 - 기본적으로 인터넷 게이트웨이가 연결되어 있는 VPC


 - 퍼블릭 IPv4가 없는 구조



 - 인터넷 게이트웨이와 Elastic IP를 설정하여 인터넷 엑세스가 가능하게 만든 구조


- Private Gateway를 VPC와 Custom Gateway를 추가하여 AWS Cloud 확장


 - VPC endpoint를 사용하여 internet gateway를 거치지 않고 직접적으로 연결



[AWS Certification + 서버관리 마스터] EC2 : Elastic Load Balancing(ELB) & Auto Scaling


[Course Outline]

 1. IAM & EC2

 2. EC2: Elastic Load Balancing(ELB) & Auto Scaling

 3. VPC

 4. Database

 5. Storage

 6. Application Services

 7. AWS Well-Architected Framework & DevOps

 8. Presentation & Review


[Elastic Load Balancer]

 - Elastic: Auto scaling

 - Secure: SSL/TLS decryption, Firewall, VPC, Authentication

 - Flexible: Hybrid load balancing

 - Integrated: WAF, CloudFront, Route53, CloudWatch, ECS, ACM

 - Cost-effective: AWS managed service


[Elastic Load Balancer - Type]
 - Class Load Balancer
- HTTP, HTTPS and TCP
- Layer 4 & 7
- Previous (Depreciated) generation
 - Application Load Balancer
- HTTP and HTTPS
- Layer 7
 - Network Load Balancer
- TCP
- Layer 4

[Application Load Balancer]

 - Listener

 - Availability Zones

 - SSL Certificate

 - Target Group

 - Health Check

 - Target

 - Rules


[Auto Scaling Group]

- Launch Configuration

- Launch Template

- Manual Scaling

- Scheduled Scaling

- Dynamic Scaling

- Cooldown

- Health Check Grace Period

- Health Check Type

- CloudWatch Alarm


[Qwiklabs]

 - Creating an Amazon Virtual Private Cloud (VPC) with AWS CloudFormation

 - Building Your First Amazon Virtual Private Cloud (VPC)

 - Introduction to Amazon Relational Database Service (RDS) (Linux) – optional

 - Introduction to Amazon DynamoDB – optional

 - Programming Amazon SQS and Amazon SNS with .NET – Advanced only


[References]

 - https://aws.amazon.com/elasticloadbalancing/faqs/

 - https://aws.amazon.com/blogs/compute/fleet-management-made-easy-with-auto-scaling/

[AWS Certification + 서버관리 마스터] 목차


[Contents]

 - Lectures

 - Hands-On-Labs

 - Practice Questions

 - Qwiklabs

 - Readings

 - Final Project


[Course Outline]

 1. IAM & EC2

 2. EC2

 3. VPC

 4. Database

 5. Storage

 6. Application Services

 7. AWS Well-Architected Framework & DevOps

 8. Presentation & Review


[AWS Certification + 서버관리 마스터] IAM & EC2 Part 1


[Course Outline]

 1. IAM & EC2

 2. EC2 : Elastic Load Balancing(ELB) & Auto Scaling

 3. VPC

 4. Database

 5. Storage

 6. Application Services

 7. AWS Well-Architected Framework & DevOps

 8. Presentation & Review


[Preperation]

1. AWS Account

2. Billing alert


[Identity and Access Management : IAM]

 - Identity and Access Management

 - Groups

 - Users

 - Roles

 - Polices

 - KMS (Key Management Service)


[Elastic Compute Cloud : EC2]

 - AMI (Amazon Machine Image)

 - Instance Type

 - EC2 Options

 - IAM Role

 - T2/T3 Unlimited

 - User Data

 - Storage

 - Tag

 - Security Group

 - Key Pair

 - Metadata

 - Status Checks

 - Monitoring

 - Elastic IP


[Elastic Block Store : EBS]

 - Snapshot

 - Encryption

 - Existing unencrypted volumes cannot be encrypted directly


[Hands-On-Lab]

 - 


[Qwiklabs]

 - Working with Amazon Elastic Block Store (EBS)

 - Automating AWS Services with Scripting and the AWS CLI

 - Working with Elastic Load Balancing

 - Maintaining High Availability with Auto Scaling (for Linux)


[References]

 - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

 - https://aws.amazon.com/ebs/faqs/


+ Recent posts