AWS Services Usages - End to End Architecture

End to End Architecture

• Hits the browser -
• Goes to internet Service provider
• It has DNS resolver
• Resolver call DNS root name Server
• Root server looks the request and check for ".com"
• Send .com TLD (name server), goes back to Service provider (recursive resolver)
• Get the name server
• Send this name server (.com TLD) and gets the harkeninformation.com
• If it is hosted in AWS
• Route 53 server will get Www.harkeninformation.com and return ip address to ISP resolver
• Once ISP get the ip address it send back to browser
• Browser makes a request to webserver which is hosting application
• Webserver will display the request page after fulfilling requirement

 

• Route 53
• Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service.
• Manage DNS records for domain names
• Connect user requests to infrastructure in AWS and outside of AWS

 

• AWS CloudFront
• is a web service that speeds up distribution of your static and dynamic web content, such as . html, . css, . js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations.
• Edge location - Edge locations are connected to the AWS Regions through the AWS network backbone to improved content acceleration.
• It has multiple servers and cache the content on servers, use across all geography
• Static Content
• Store static content in S3 with expiry timeline
• No one can access S3 directly, put OAI (origin access identity) through Cloud front

 

• Dynamic content
• CF direct to ALB / ELB
• No one directly access to ALB and NLB, add custom header from CloudFront to ALB/NLB and then ALB/NLB can validate the header and allow the request

 

• Security
• These are applicable before request goes to ALB/NLB
• AWS Shield
• AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. It is free of cost
• Protect Layer3 and layer 4 attacks

 

• AWS Shield Advance
• It is not free
• On demand DDOS response team from AWS
• It covers any financial losses due to data attacks

 

• AWS WAF
• It can be integrated with CloudFront or ALB or API gateway
• It does GEO block
• If want to block certain IP users from certain countries or malicious IPS, it can be blocked
• It protects cross site scripting, SQL injection, OS unknown vulnerabilities.
• Create rules in WAF, use these rules to protect all external or internal threat

 

 

• Load Balancing
• Have 3 option for load balancing point of view
• Elastic Load Balancing / Network Load Balancing / API Gateway
• When request route to ALB or NLB from CloudFront
• ALB distribute traffic across AZ to increase availabilities of the application
• Choosing right options
• NLB
• It provides two static IPS so if you want to route request from on perm to AWS
• Needs to whitelist certain IPS which will correspondence to the NLB
• Each static IPS across Availabilities Zone
• If you need fixed IPS than use NLB
• NLB works at layer 3 and layer 4
• It route the traffic extremely fast
• If you need high performance routing use NLB
• It does not support Lambda so you can use NLB for lambda integration (Lambda as a target group)

 

• ALB
• IPS are dynamic so these IPS cannot be whitelist
• Used for advances routing mostly use for Microservices
• Path based routing
• www.abc.com/nameid
• Routed to based on nameid
• Host based routing
• www.abc.com/ or www.xyz.com
• It help route based routing to different host as well
• When you need to do advance routing, lambda as backend, container as backend, it is good for microservices, must use ALB
• Api Gateway
• It commonly used in MS
• Lot of similarities like ALB
• Additional features
• Rate limiting
• Request response mapping - transformation
• Cache
• Authentication in API
• Traffic has reached ALB
• We choose ALB then
• Add app and web layer
• Add EC2 or compute layer

• Compute Layer
• Have 3 option for compute layers (EC2/ECS with EC2 or Fargate launch type/Lambda)
• Add EC2 - Want to Add Compute Layer
• Want to scale Compute layer
• Select Auto scaling group which can help you to Scale Compute Layer
• CPU utilization will reach to threshold alert will trigger and auto scale will add new EC2 instances at compute layer
• Mainly use for lift and shift
• From in-perm virtual machine to cloud virtual machine
• ECS EC2
• It is managed service
• It is manual provisioning
• ECS Fargate
• It is serverless offering from ECS
• Containers
• When to use containers
• During the use of micro services
• During the batch job
• Use of containers
• It scales the individual servers quickly
• There is no OS so they can boot quickly, it uses the hostess
• If want to scale individual services, use Containers

 

• Lambda
• Mainly use for event based
• Traffic is unpredictable
• Event must be triggers to execute Lambda functions
• You will use compute service when event triggers
• It pay per use
• Scale up
• Add provision concurrency if want to rapid scale up (it does have cold start problem)

• Databases Layer
• Have 3 option for DB layers (RDS/install FSX on EC2 and have SQL instance and DB/Aurora)
• RDS
• It is Managed services
• RDS MySQL multi-AZ, so can have RDS primary in one AZ environment and others as standby
• Standby RDS do the synch replication from primary RDS
• If one failed other one is ready for use (automatic failover)
• Read replica across AZ or regions
• It is asynch application, but it is slower
• Region’s failures always have to be done manually
• It will be more than 5 minutes
• OS level access is not available in RDS MySQL
• Storage is scalable
• Setup threshold and do auto scale
• Rights scalable
• Change the instance type
• RDS has EC2 as underlying instance
• So the bigger size of instance will be available for use
• Service needs to bring down and upgrade to bigger instance type
• Read replica in same AZ or different AZ or regions
• That can offload a lot of read request without any interruptions
• Increase the number of read replica and then take care of read issues
• Use read replica when data is changing frequently

 

• Elastic Cache - use when data is not changing often
• Redis
• In memory DB
• Store queries that can help scale the read issues

 

• Memcached

 

• Aurora
• It is propriety solution services from AWS
• It is cheaper and faster than RDS
• Read replica across AZ or regions
• Service Failure in one region can be supported by other regions with low latency
• RTO/RPO is less than 5 minutes
• Read replica asynch in another region is always available
• In case of switch over of a region failure RTO/RPO can be less than 5 minutes (to another read replica)
• Storage is scalable
• Setup threshold and do auto scale

 

• Install FSX on EC2 and have SQL instance and DB
• Installed DB on FSX
• For linux based use EFS
• Provides more flexibilities and control
• You can mount MySQL as well

 

• Dynamo DB
• AWS Managed Service
• Usages for session stores
• It has DAX
• DAX has elastic cache for Dynamo DB

 

• Active Directory
• Have 3 options
• AWS managed AD
• Managed Active director in AWS
• It can authenticate any AWS users to access the service using AWS AD
• It can delegate to on-perm AD for user authentication
• AD Connector
• It cannot authenticate itself but it can delegates to on-perm AD for user authentication
• After authentication it allows users to access services
• Cognito
• Mainly use for Web App or Mobile App to be authenticating users

 

 

 

references:

• https://aws.amazon.com/architecture/?cards-all.sort-by=item.additionalFields.sortDate&cards-all.sort-order=desc&awsf.content-type=*all&awsf.methodology=*all&awsf.tech-category=*all&awsf.industries=*all&awsf.business-category=*all
• https://aws.amazon.com/solutions/implementations/media-insights-on-aws/?did=sl_card&trk=sl_card
• https://www.youtube.com/watch?v=nyPUpmDP8lY