Shulou(Shulou.com)06/02 Report--

AWS Architecture Best Practices AWS Well-architected Framework Pillars Security-Protect and Monitor Systems Protect Information, Systems and assets Reliability-Recovery from failures and reduced outages Recovery-from infrastructure or service failures Dynamically acquire compute resources to meet demand Reduce configuration errors and transient network issues Reduce outages Performance-Prudent use of resourcesEfficient use of compute resources to meet system demand Maintains efficiency as demand changes and technology evolves Cost optimization Eliminate unnecessary costs Reduce unnecessary costs and suboptimal resources Operational excellence Rational architectural design principles Stop guessing capacity requirements-Traditional environments are wasted Testing systems at the production level-Traditional environments often cannot realistically simulate production environments for testing due to high testing costs Reduce the risk of architectural changes-Traditional environments require queuing for test serialization, and changes in the testing process can affect subsequent testing. Simpler deployment through automation-low cost scripting to create and replicate systems, track changes and recover to support evolving architectures-legacy environments are limited by product lifecycles and can be hampered by early decisions to respond to changing business requirements Data-driven architectures-in cloud environments, CloudWatch can collect data to understand architecture load. Cloud infrastructure exists as code, so this data can be leveraged to improve the architecture. Improve by simulating large traffic volumes-Improve architecture deficiencies by simulating large traffic volumes, and gain experience and solutions to address them. High Availability and Redundancy Discover single points of failure in current architectures and introduce redundancy to eliminate Select the most appropriate backup and recovery solution Most efficient redundancy Uses different availability zones for geo-high availability Leverage Route53 and ELB Active switching for proactive redundancy Reduce downtime Resilient systems designed to respond to sudden changes in business requirements over time or in response to growing loads, with users, traffic, Growth in data size without affecting performance Resource growth should introduce economies of scale, costs should follow the nursery rhyme Dimensions you give to make the system create business value Vertical scaling by stopping instances Adjust more CPU, RAM, IO, network, etc. Vertical scaling has its upper limit and is not easy to achieve Horizontal scaling Stateless applications All operations do not need to know the context of the past, sessions are not stored Can be arbitrarily horizontally scaled and can be arbitrarily safely terminated Because session data is not shared between system resources, all nodes do not need to be aware of the existence of other nodes, only need to handle the workload assigned to them. Autoscaling is a best practice stateless component. Most applications need to maintain some state information, such as login information. Option 1: Applications can be stored locally on the client through user session identification (such as HTTP cookies) to achieve a certain degree of stateless, but there will be two problems: the information placed in the client local cookies is easy to be tampered with, each time the user session state needs to be transmitted to occupy resources increase delay scheme II: User session information is stored in server-associated databases such as DynamoDB, enabling stateless server components Stateful components Many applications and architectures cannot be transformed into stateless Many legacy system settings are designed to run on local, standalone compute resources Automated deployments The biggest benefit of public clouds is the ability to leverage APIs to automate deployment processes Automation and repeatable deployment will effectively reduce errors and enable an efficient and scalable update process Bootstrap instances leverage automated actions Bootstrap instances are used during initialization for simple specifications such as name, role information, and others are automatically scripted, providing all necessary automated startup resources for different options, including code, script, and configuration. Create the same environment repeatedly Maintain abstraction for cloud infrastructure Reduce opportunities for manual deployment errors Create a self-discovering and self-healing environment Select the right storage S3Web requires large-scale storage capacity and performance High durability data and disaster recovery-enabled backup Glacier Data Archive and long-term backup Cloudfront Leverage content delivery networks Deploy static, dynamic, streaming, and interactive content at global edge locations DynamoDB Fast and flexible NoSQL database Flexible data model and reliable performance can be used to decouple stateful applications, store user state in DynamoDB enables applications to implement stateless components EBS Reliable parcel storage Run critical programs such as Oracle, SAP, Exchange, etc. RDS Highly available SQL databases Redshift PB-level data warehouse, support business analytics ElasticCacheRedis Cluster Memory Cache EFS (Elastic File System) Common file system for sharing applications between multiple EC2 instances

Build security at each layer Traditional security audits are periodic and audited, but in the cloud continuous monitoring and governance can be provided, colleagues leverage code to embed security policies into infrastructure design best practices inventory and prioritize data, apply appropriate encryption levels in transit and storage AWS capabilities enable multiple levels of defense Network layer: VPC, subnet, security group, routing control Host layer: WAF, IAM turn security over to AWS using AWS Managed Services Patching and security managed by AWS Reduced privilege access applications run on EC2 using temporary security tokens Use IAM for account and rights management Use temporary tokens to provide federated access Automatic distribution and rotation of credentials Standard security practices for granting minimal privileges Use code for security Use CloudFormation scripts for reliable security deployments Called "Golden Environment" Security best practices will be easily reused in different environments and integrated into the CICD pipeline. Security testing can be leveraged to automatically detect deviations from security policy baselines. CloudFormation can be imported as a product into the AWS Service Catalog for consistent governance. Real-time audits. AWS enables continuous monitoring and control automation to minimize security risks. Config Rules can tell if a component is non-compliant in a short period of time. CloudWatch provides extensive logging. CloudTrail implements actual API calls All logs can be automatically processed by Lambda, EMR, etc. Parallel processing can be easily implemented in the cloud When retrieving and storing data, the cloud is designed to handle massively parallel operations, so in order to improve performance and throughput, Web applications should be designed with parallel requests whenever possible. Should be designed to support ELB Load Balancer Parallel processing of incoming request distribution In batch scenarios, more use of hadoop architecture with multiple dependent nodes Loosely coupled design The system is designed into multiple independent systems, the looser the components, the lower the interdependence, the larger the system scale Amazon API Gateway provides a way to publicly define interfaces, is a fully managed service to support developers to create, publish, Maintenance and monitoring and protection APIs of all sizes can handle hundreds of thousands of concurrent API calls involved, including traffic management, authorization and access control Asynchronous integration is a common pattern of loose coupling, loosely coupled integration with SQS or Kinesis Asynchronous integration can introduce additional elasticity Failed messages can be reprocessed AWS best practices enable scaling architecture-to respond to changing requirements Automate deployment environments-eliminate manual operations Improve system stability and consistency, and improve organizational efficiency Use disposable resources-treat servers and other components as temporary Loosely coupled components-reduce interdependencies, when one component changes or fails, others are unaffected, ELB and SQS are primarily decoupled solutions Design services rather than design servers-Managed solutions and no service architectures enable environments with higher reliability and environments such as Lambda, SQS,SNS,DynamoDB More appropriate database solutions-technology matched to workload, choice of relational databases, NoSQL databases, data warehouses, and data storage optimized for search Avoid single points of failure-implement redundancy to avoid single points of failure destroying the entire system, Choose from automated solutions for downtime start-up or managed services that automatically replace the bottom layer in the event of a failure to optimize costs-ensuring resources are appropriately sized, can be automatically scaled down and expanded according to demand, and take advantage of different pricing scenarios. Converting capital expenditures into variable expenditures. Use caching-Minimize redundant data retrieval operations Secure infrastructure at all locations-Security can be achieved at the perimeter and within or between resources Event-driven architecture Overview The advantage of cloud computing is to respond quickly to changes in resource requirements to cope with change. In traditional mode, even in cloud computing platforms, when the server is fully loaded, it will not respond to access. Although manual expansion only takes a few minutes, it is also an unacceptable event-driven architecture monitoring solution CloudWatch uses CloudWatch to monitor server queues and trigger expansion by setting various thresholds. Threshold rules can be set to specific application custom metrics. AutoScaling scales instances by receiving CloudWatch alerts, ready to provide a seamless experience before application services reach full capacity Vertical scaling changes instance specifications, such as CPU, memory, etc. Vertical scaling always has its ceiling, and there may be more performance issues, such as recycling time due to large Java stacks, and may need to restart servers Horizontal scaling changes the number of instances, adding and deleting instances has almost no capacity limit, It's just that support for horizontal scaling needs to be considered during application design

EC2 Auto Recovery When EC2 has a problem, it automatically recovers or automatically replaces the damaged instance. CloudWatch detects EC2 damage that may be caused by network connection loss, system power loss, host software and hardware problems. Replacement instance can keep the same instance ID, metadata, IP address, but memory data will be lost. Not yet supported in China. Cannot use instance storage. Must be EBS supported. Web application design business value of Web application

Web hosting architecture practices based on cloud architecture

Route53 provides DNS services Cloudfront provides edge caching for high-volume content Front-end ELB distributes traffic to Web servers AutoScaling groups Web servers Security groups Implement security policies for external firewalls Back-end servers Security groups Implement security policies for back-end firewalls Back-end ELB distributes traffic to back-end application clusters ElastiCache provides caching services for applications to reduce the load on the database tier Storage and provision of static assets via S3 Welcome to scan for more information

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.