Shulou(Shulou.com)06/02 Report--

AWS network service VPCVPC and virtual network are logically isolated a VPC can only belong to one area, but can belong to multiple availability zones VPC main properties: IP scope, routing, gateway, security settings Direct Connect user data center to AWS private network connection can reduce network costs and increase bandwidth throughput Route53 highly available DNS services AWS computing services EC2 customers fully control computing resources And you can run Amazon EC2 in a mature Amazon computing environment to reduce the time it takes to acquire and start a new server instance to a few minutes, so that you can quickly expand or reduce your computing capacity when your computing requirements change. Amazon EC2 charges according to your actual usage. Support for most versions of Windows and Linux operating systems can create, save and reuse mirrored AMI can enable one or more instances at a time with the mouse or API to start and abort instances on demand, use security groups to control traffic to and from the instance, select the factors that the instance considers: core, memory, storage size and type, Network performance and CPU Technology EMR (Elastic MapReduce) it's Web scale infrastructure based on Amazon EC2 technology and Amazon Simple Storage Service (Amazon S3) technology Is a Hadoop managed service running architecture. Amazon EMR can instantly and flexibly configure its own required capacity, perform data-intensive application calculations, and complete Web index, data mining, log file analysis, data warehouse, machine learning, financial analysis, scientific simulation and bioinformation research tasks. The zero-management computing platform developed by AWS Lambda for back-end Web runs the back-end code directly in AWS, providing a highly available, secure, performance, and scalable Auto Scaling based on AWS infrastructure that allows you to automatically scale Amazon EC2 capacity according to the conditions you define. By using Auto Scaling, you can ensure that the number of Amazon EC2 instances used grows seamlessly during peak demand periods to maintain performance, or it can be automatically reduced during periods of weak demand to minimize costs. Auto Scaling is especially suitable for applications with different hourly, daily, or weekly usage. Auto Scaling is enabled through Amazon CloudWatch and does not have to pay any fees other than Amazon CloudWatch fees. Elastic Load Balancing automatically distributes incoming traffic from an application among multiple Amazon EC2 instances Elastic Load Balancing can detect unsound instances and automatically change routes to point to sound instances Until the unsound instance is restored, the quickest and easiest way for AWS Elastic Benstalk to deploy Web applications on AWS is to upload code directly, while AWS allocates resources on its own. AWS storage type block storage: operate on a part of the data, and can quickly access and modify Object storage: EBS storage can create separate data volumes and mount them on EC2 block-level storage for EC2 boot volumes and storage with file systems data storage blocks and persistent block-level storage volumes for EC2 for enterprise applications EBS is automatically replicated in the availability zone to improve availability and can be backed up to S3S3-hosted object storage solutions 11 9 storage availability seamlessly and arbitrarily extended storage pools can access S3 objects through the AWS console or third-party API changes can trigger notifications, processes, scripts dynamic and static data can be automatically encrypted to pay for requests such as usage GB, cross-domain replication, PUT/COPY, etc. Mainly suitable for infrequently accessed data support including HTML, source code, image and encrypted data formats such as backup and recovery, near-line archiving, big data analysis, disaster recovery, cloud applications and content distribution to provide cost-effective object storage S3 Glacier data archiving services Suitable for less accessible data security, persistence and very low cost support for static and dynamic SSL/TLS encrypted data retrieval usually takes several hours for AWS Storage Gateway to deploy software devices internally to connect to cloud-based storage users maintain frequently accessed data caches in the local data center while providing low-latency access to CloudFront content for all data stored in S3 or Glacier to deliver Web services Global CDN services that provide low latency, high speed and minimum usage commitment provide access to the entire website using the global edge network Including file lifecycle policies stored on dynamic, static, streaming and interactive content AWS AWS database RDS relational database hosting service can be called through the AWS console, RDS command line and API extensible, support automatic redundancy and backup support SQL, Oracle and other database scenarios: complex things and complex queries, medium and high reading and writing below 30K IOPS Fragmentation with no more than one node and high persistence are not suitable for scenarios: ultra-high read and write, such as 150K IOPS, can be implemented with NoSQL to simply request DynamoDB fully hosted NoSQL database to achieve lower latency than 10ms on any scale. Fully run in SSD support document and key storage mode is very suitable for mobile, web, games, advertising and IOT can be called through the AWS console, command line and API users need to set the throughput capacity that they want to preset for reads and writes to ensure consistent low-latency performance. Reads are usually in one unit of 4KB/s. Write a standard SQL interface to Redshift's fast and fully managed PB-level data warehouse service based on 1KB/s Using existing BI tools for simple and efficient structured data analysis, providing parallel query across multiple nodes to improve fast query performance allows organizations to perform and configure and monitor most of the management tasks in the cloud data warehouse ElastiCache uses Web services to simplify the deployment of memory cache in the cloud and expand support for Memcached and Redis cache engine management tools Amazon CloudWatch cloud resources and cloud application monitoring service collection tracking indicators, Collect and monitor log files and set alarms to obtain system-wide resource utilization and visibility of program performance and health AWS CloudFormation configures and updates AWS resources in an orderly and predictable manner defines a template language based on JSON and YAML AWS CloudTrail records account API calls and provides log files for audit and review information including API caller identity Call time, source IP address, request parameters, and service return response values AWS Config provides AWS resource inventory, configuration history, and configuration change notification support compliance audit, security analysis, change tracking and troubleshooting security and identity IAM identity and access management effective secure organizational user access to AWS services and resources creation and management of AWS users, groups, and roles And use rights management to allow or deny AWS key management service KMS to create and manage encrypted data encryption key support using the hardware security module HSM to protect root key security AWS Directory Service allows you to set up and run MicroSoft AD on AWS or associate resources with existing AD to manage user sharing using AD And create and apply group policy AWS Certificate Manager configuration and management and deployment of SSL/TLS certificates for AWS cloud services support quick application AWS WAF Web application firewall to help Web applications defend against common * by customizing Web security rules Create, publish, maintain, monitor and protect fully managed services for organizations that control traffic application services that allow or organize their Web applications API of all sizes can accept and handle up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, Monitoring and API version management Amazon Elastic Transcoder elastic transcoder transcodes the media in the cloud in AWS to convert the media file from its source format to be available on smart phones, The Amazon SNS simple Notification Service, which is played on devices such as tablets and PC, manages Web services that send messages or messages to recipients. Web services support two roles: publishers and subscribers send messages to subscribers through the publisher to achieve asynchronous communication. Amazon SES simple email service uses SES to send transaction, marketing information and other content email to customers an application scenario: receiving messages through SES Passing to S3, triggering Lambda, and then issuing notifications to SNSAmazon Simple Workflow Service to build, run, and scale background jobs with sequential or parallel steps cloud-based fully managed state tracker and task coordinator scenarios are the steps to monitor the application, track the processing status, and whenever the task fails, restore and retry Improve application reliability Amazon Simple Queue Service fully managed, reliable and scalable message queuing service is suitable for any level of throughput, transfers any data without losing messages, and requires that other services always be available with Amazon Workspaces services to host desktop services, cloud-based desktop code service can be quickly configured AWS CodeBuildAWS CodeBuild is a fully managed continuous integration service You can compile source code, run tests, and generate software packages available for deployment. With CodeBuild, you don't need to provision, manage, and extend your own build server. CodeBuild can scale continuously and handle multiple build tasks at the same time, so your build task will not wait in the queue. You can start quickly with a prepackaged build environment, or you can create a custom build environment that uses your own build tools. With CodeBuild, you will be paid by the number of minutes you use computing resources. AWS CodeDeployAWS CodeDeploy is a fully managed deployment service that automatically deploys software to various computing services such as Amazon EC2, AWS Fargate, AWS Lambda, and local servers. With AWS CodeDeploy, you can release new features more easily and quickly, avoid downtime during application deployment, and simplify application updates. You can use AWS CodeDeploy to automate software deployment without having to perform error-prone manual operations. Services scale according to your deployment needs. AWS Core Services deployment Best practices IAM user Group Management create an IAM group and grant full administrator privileges to stop using the root account Use IAM user credentials to log in to enable MFA software MFA:AWS Virtual MFA, Google Authenticator, Authenticator, SMS hardware MFA: Gemalto key card, etc. open AWS CloudTrail records for all API request records in the account, including API call identity, time, source IP, request parameters, response elements returned, etc., mainly used for security analysis, tracking resource changes, troubleshooting operation problems, etc. Compliance collaboration, etc., ensure that S3 for CloudTrail is authorized only to specified users to integrate with APN's log analysis tools Fully managed services such as Splunk, SumoLogic, AlertLogic enable AWS Config to track resource configuration changes AWS Config is the detailed configuration view of the resources in the AWS account to view the links between resources. You can take a snapshot of the current resource configuration, retrieve the historical configuration information of related resources, provide AWS resource list, configuration history and configuration change notification, open billing report on AWS resource usage and estimated cost report to the specified S3 and update EC2 security using federated identity once a day. IAM users and IAM Role access to AWS resources and API establish credential management policies and program security groups for creating, allocating, rotating, and revoking AWS access credentials only allow access to the IP scope of specific instances to periodically patch and update operating systems and applications And save the image for reuse EC2 storage EC2 Instance can support its own instance storage and EBS, different storage types vary in data persistence, backup, recovery, and total size. EC2 Resource Management uses instance metadata and custom tags to more easily track and identify instance metadata is data about instances, including AMI ID, instance ID, public and private IP, host address, MAC address, and associated IAM instance roles and security groups use tags to classify AWS in different ways, such as by purpose, owner, environment, etc. The label contains keys and optional values to form EC2 backup and recovery regular backup instances copy important data to multiple locations key components of applications deployed across multiple regions consider how to handle and respond to dynamic IP monitoring events after the instance is restarted For example, CloudWatch ensures that it can handle failover periodic test instances and EBS recovery process at any time. There is an upper limit on the number of AWS service limits-the limit can be slightly different in each region where the limits option persists. There are some hard restrictions that cannot be modified. You can adjust the use of Trusted Advisor service check limits for soft limits.

Link: https://www.jianshu.com/p/205272f0c64d

Welcome to scan the code and follow us for more information.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.