挨踢小茶去年年底低分通过AWS(助理)解决方案架构师考试,现在把当时做的一些读书笔记记录下来。
综合来说,官网的FAQ是一定要看的,而且作为入门的第一个考试,对所有的AWS组件都应该要有一个初步的了解。
阅览的资料
- CloudAcedemy - Video&Labs
- ACloudGuru - Video
- AWS White Paper
- AWS Well-Architected Framework
- Architecting for the Cloud: Best Practices
- Building Fault-Tolerant Applications on AWS Whitepaper
- Using AWS for Disaster Recovery Whitepaper
- Operational Checklists for AWS
- Web Hosting Best Practices Whitepaper
- Leveraging Different Storage Options in the AWS Cloud Whitepaper
- AWS Security Best Practices Whitepaper
- Amazon Simple Email Service Best Practices Whitepaper
- AWS FAQS
- AWS Service Limits - http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html
- AWS Global Infrastructure - https://aws.amazon.com/about-aws/global-infrastructure/
- 16 regions around the world and 42 Availability Zones
- AWS Blog
- AWS DynamoDB Pratise!!
- Spot fleet
- AWS CodeDeploy - Youtue & Hand-on
- AWS ElasticBeantalk
- Amazon Kinesis
- AWS CodeCommit - Youtue
- AWS CodeCommit is a fully-managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories. CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.
- Controlling Which Instances Auto Scaling Terminates During Scale In
- http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html
- https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/
- http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination
- https://media.amazonwebservices.com/AWS_Cloud_Best_Practices.pdf
- https://d0.awsstatic.com/whitepapers/DDoS_White_Paper_June2015.pdf
- http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html
- http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html
Amazon S3
Gateway-cached volumes
You can store your primary data in Amazon S3 and retain your frequently accessed data locally. Gateway-cached volumes provide substantial cost savings on primary storage, minimize the need to scale your storage on-premises, and retain low-latency access to your frequently accessed data.
Gateway-stored volumes
In the event that you need low-latency access to your entire data set, you can configure your gateway to store your primary data locally, and asynchronously back up point-in-time snapshots of this data to Amazon S3. Gateway-stored volumes provide durable and inexpensive off-site backups that you can recover locally or from Amazon EC2 if, for example, you need replacement capacity for disaster recovery.
Gateway-virtual tape library (gateway-VTL)
With gateway-VTL, you can have an almostlimitless collection of virtual tapes. You can store each virtual tape in a virtual tape library (VTL) backed by Amazon S3 or a virtual tape shelf (VTS) backed by Amazon Glacier. The virtual tape library exposes an industry standard iSCSI interface that provides your backup application with on-line access to the virtual tapes. When you no longer require immediate or frequent access to data contained on a virtual tape, you can use your backup application to move it from its VTL to your VTS to further reduce your storage costs.
EC2
Comparison of Security Groups and Network ACLs
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html
The following table summarizes the basic differences between security groups and network ACLs.
| Security Group | Network ACL |
|---|---|
| Operates at the instance level (first layer of defense) | Operates at the subnet level (second layer of defense) |
| Supports allow rules only | Supports allow rules and deny rules |
| Is stateful: Return traffic is automatically allowed, regardless of any rules | Is stateless: Return traffic must be explicitly allowed by rules |
| We evaluate all rules before deciding whether to allow traffic | We process rules in number order when deciding whether to allow traffic |
| Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on | Automatically applies to all instances in the subnets it's associated with (backup layer of defense, so you don't have to rely on someone specifying the security group) |
What is the underlying Hypervisor for EC2? - XEN
AWS Global Infrastructure
The AWS Cloud operates 42 Availability Zones within 16 geographic Regions around the world, with five more Availability Zones and two more Regions coming online throughout the next year.
AWS Regions and Availability Zones
The AWS Cloud infrastructure is built around Regions and Availability Zones (“AZs”). A Region is a physical location in the world where we have multiple Availability Zones. Availability Zones consist of one or more discrete data centers, each with redundant power, networking and connectivity, housed in separate facilities. These Availability Zones offer you the ability to operate production applications and databases which are more highly available, fault tolerant and scalable than would be possible from a single data center. The AWS Cloud operates 38 Availability Zones within 14 geographic Regions around the world.
- Online Analytics Processing (OLAP) - Redshift
- The valid ways of encrypting data on S3 are Server Side Encryption (SSE)-S3, SSE-C, SSE-KMS or a client library such as Amazon S3 Encryption Client.
- Dynamal DB: The combined Value and Name combined must not exceed 400 KB
- CloudWatch: Using the default settings metrics are sent every 5 minutes to CloudWatch. Using the detailed settings, metrics are then sent every 1 minute.
RDS
- Amazon RDS supports Amazon Aurora, MySQL, MariaDB, Oracle, SQL Server, and PostgreSQL database engines.
- What AWS DB platform is most suitable for OLTP? - RDS
- In RDS, what is the maximum value I can set for my backup retention period? - 35 Days
Comparison of NAT Instances and NAT Gateways
The following is a high-level summary of the differences between NAT instances and NAT gateways.
| Attribute | NAT gateway | NAT instance |
|---|---|---|
| Availability | Highly available. NAT gateways in each Availability Zone are implemented with redundancy. Create a NAT gateway in each Availability Zone to ensure zone-independent architecture. | Use a script to manage failover between instances. |
| Bandwidth | Supports bursts of up to 10Gbps. | Depends on the bandwidth of the instance type. |
| Maintenance | Managed by AWS.You do not need to perform any maintenance. | Managed by you, for example, by installing software updates or operating system patches on the instance. |
| Performance | Software is optimized for handling NAT traffic. | A generic Amazon Linux AMI that's configured to perform NAT. |
| Cost | Charged depending on the number of NAT gateways you use, duration of usage, and amount of data that you send through the NAT gateways. | Charged depending on the number of NAT instances that you use, duration of usage, and instance type and size. |
| Type and size | Uniform offering; you don’t need to decide on the type or size. | Choose a suitable instance type and size, according to your predicted workload. |
| Public IP addresses | Choose the Elastic IP address to associate with a NAT gateway at creation. | Use an Elastic IP address or a public IP address with a NAT instance. You can change the public IP address at any time by associating a new Elastic IP address with the instance. |
| Private IP addresses | Automatically selected from the subnet's IP address range when you create the gateway. | Assign a specific private IP address from the subnet's IP address range when you launch the instance. |
| Security groups | Cannot be associated with a NAT gateway. You can associate security groups with your resources behind the NAT gateway to control inbound and outbound traffic. | Associate with your NAT instance and the resources behind your NAT instance to control inbound and outbound traffic. |
| Network ACLs | Use a network ACL to control the traffic to and from the subnet in which your NAT gateway resides. | Use a network ACL to control the traffic to and from the subnet in which your NAT instance resides. |
| Flow logs | Use flow logs to capture the traffic. | Use flow logs to capture the traffic. |
| Port forwarding | Not supported. | Manually customize the configuration to support port forwarding. |
| Bastion servers | Not supported. | Use as a bastion server. |
| Traffic metrics | Not supported. | View CloudWatch metrics. |
| Timeout behavior | When a connection times out, a NAT gateway returns an RST packet to any resources behind the NAT gateway that attempt to continue the connection (it does not send a FIN packet). | When a connection times out, a NAT instance sends a FIN packet to resources behind the NAT instance to close the connection. |
| IP fragmentation | Supports forwarding of IP fragmented packets for the UDP protocol.
Does not support fragmentation for the TCP and ICMP protocols. Fragmented packets for these protocols will get dropped. |
Supports reassembly of IP fragmented packets for the UDP, TCP, and ICMP protocols. |
文章评论