AWS

AWS Essentials

by msypniewski511 in AWS

Account Basics

Multi-Account AWS environment.

You can have a separate account for all your experimentation work such as developing new applications (sandbox environment) and other accounts for your actual development, testing, and production environments.

AWS Organisations icon Organizing Your AWS Environment Using Multiple Accounts

AWS Organizations.

AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources.
AWS Organizations can be deployed using one of two options:

  1. All features.
  2. Consolidated billing feature.

Free Tier

Free Tier core Srvices
    Compute
  • EC2 (Elastic Cloud Compute)
  • ELB (Elastic Load Balancing)
  • Lambda (Serverless Computing)
    Storage
  • S3 (Simple Storage Service)
  • Glacier
  • EBS (Elastic Block Storage)

Bill alarms

Setup Receive Free Tier Usage Alerts
  1. Find billing in search bar.
  2. Find submenu Billing Preferences
  3. In Cost Management Preferences mark the check box Receive Free Tier Usage Alerts
Creating a billing alarm. Billing metric data is stored in the US-East-1 Region.
  1. Find billing in search bar.
  2. Find submenu Billing Preferences
  3. In Cost Management Preferences mark check box Receive Billing Alerts
  4. Find CloudWatch in search bar.
  5. Select Alarms than Billing
  6. Press Create alarm
  7. Check Greater/Equal
  8. Define the amount of alarms.
  9. Click Next
  10. Choose Create new topic
  11. Create topic name
  12. Enter recipients of alarm.
  13. Press Create topic button.
  14. Add name and description.
  15. Click Create alarm.
  16. Confirm subscription send by email. Check-in spam.

Budgets

Setup budget
  • Find AWS Budget in search bar.
  • Click 'Create budget'
  • Choose custom/templates
  • Fill form
  • Click 'Confirm budget'

Identity and Access Management (IAM)

alt IAM - Identity and Access Management
AWS Doc

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

Definition

IAM is where you manage your users and their access to AWS accounts and services.

    is used to manage:
  • Users
  • Groups
  • IAM Access Policies
  • Roles - IAM Roles are used to grant temporary access to multiple identities. These identities assume the role temporarily, and any permission policies attached to the role are by proxy applied to the identity assuming that role.
AWS Identity and Access Management (IAM) – Explained With an Analogy
By default when you create an account you work as root user and that user has full access to anything. So you have to complete the task listed in IAM.
  • Delete root access keys
  • Activate MFA on root account
  • Create individual IAM users
  • Use groups to assign permissions
  • Apply an IAM password policty

Activate MFA on root account.

  1. Click Manage MFA.
  2. Click Continue to Security Credentials.
  3. Go to MFA and click Activate MFA.
  4. Choose the appropriate option - in our case Virtual MFA device.
  5. Install Google Authenticator on your device.
  6. Click in case it is not visible Show QR Code.
  7. Using the app in your device scan the QR code and enter in input area twice.
  8. You are successfully activated MFA.

Creating IAM user

  1. Go to Users
  2. Click Add users
  3. Enable console access
  4. Choose Autogenerated password/Custom password
  5. Set permissions.
    Access types:
    • PowerUserAccess - Provides full access to AWS services and resources, but does not allow management of Users and groups.
    • AdministratorAccess - Provides full access to AWS services and resources.
  6. Click Next
  7. Click Create User
  8. We can send email sign-in instructions.
Re-login into AWS Management Console as IAM user by going to link https://{your-account-id}.signin.aws.amazon.com/console

AWS Network Services

AWS Networking and Content Delivery

Understanding the difference between a region, an Available Zone(AZ's) and Edge Location.
  • A Region is a physical location in the world which consists of two or more Available Zones (AZs).
  • An AZ is one or more discrete data centres, each with redundant power, networking and connectivity, housed in separate facilities.
  • Edge Location are endpoints for AWS which are used for caching content. Typically this consists of CloudFront, Amazon's Content Delivery Network (CDN)

Virtual Private Cloud (VPC)

AWS VPC Guides
Amazon/AWS VPC (Virtual Private Cloud) Basics | VPC Tutorial | AWS for Beginners

Amazon Virtual Private Cloud (Amazon VPC) enables you to provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you've defined.

Internet Gateways (IGW)

Definition
A combination of hardware and software that provides your private network with a router to the world outside of the VPC

AWS Definfition

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. It supports IPv4 and IPv6 traffic. It does not cause availability risks or bandwidth constraints on your network traffic.

Route Tables(RTs)

A route table contains a set of rules, called routes, that determine where network traffic from your subnet or gateway is directed.

Network Access Control List (NACLs)

NACL icon A network access control list (ACL) allows or denies specific inbound or outbound traffic at the subnet level.

For the "default" NACL ALL traffic is allowed.

AWS Definfition

A network access control list (NACL) is an optional layer of security for your VPC that acts as a firewall for controlling in and out of one or more subnets

Security Groups

A security group allows or denies specific inbound or outbound traffic at the instance level.

Security groups are Stateful - this means that any changes applied to an income rule will be automatically applied to the outgoing rule.

Security group supports allow rules only (by default all rules are denied).

Subnets

AWS docs

A subnet is a range of IP addresses in your VPC. You can launch AWS resources, such as EC2 instances, into a specific subnet. When you create a subnet, you specify the IPv4 CIDR block for the subnet, which is a subset of the VPC CIDR block. Each subnet must reside entirely within one Availability Zone and cannot span zones. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single zone.

You can optionally add subnets in a Local Zone, which is an AWS infrastructure deployment that places compute, storage, database, and other select services closer to your end users. A Local Zone enables your end users to run applications that require single-digit millisecond latencies.

Rules and Guidelines

  • CIDR block size can be between /16 and /28
  • The first four and last IP addresses are not available to use
RFC 1918 Range Example CIDR Block
10.0.0.0 - 10.255.255.255 (10/8 prefix) VPC must be /16 or smaller, for example, 10.0.0.0/16
172.16.0.0 - 172.31.255.255 (172.1/12 prefix) VPC must be /16 or smaller, for example, 172.31.0.0/16
192.168.0.0 - 192.168.255.255 (192.168/16 prefix) VPC can be smaller, for example, 192.168.0.0/20
  1. Subnets must be associated with a route table.
  2. A Public subnet has a route to the internet.
  3. A Private subnet does not have root to the internet.
  4. VPN-only subnet: The subnet has a route to a Site-to-Site VPN connection through a virtual private gateway. The subnet does not have a route to an internet gateway
  5. A subnet is located in one specific Availability Zone.

Availability Zones (VPC Specific)

AWS Regions and Availability Zones

Amazon cloud computing resources are housed in highly available data center facilities in different areas of the world (for example, North America, Europe, or Asia). Each data center location is called an AWS Region.

Each AWS Region contains multiple distinct locations called Availability Zones, or AZs. Each Availability Zone is engineered to be isolated from failures in other Availability Zones. Each is engineered to provide inexpensive, low-latency network connectivity to other Availability Zones in the same AWS Region. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single location. For more information, see Regions, Availability Zones, and Local Zones.

You can run your DB instance in several Availability Zones, an option called a Multi-AZ deployment. When you choose this option, Amazon automatically provisions and maintains one or more secondary standby DB instances in a different Availability Zone. Your primary DB instance is replicated across Availability Zones to each secondary DB instance. This approach helps provide data redundancy and failover support, eliminates I/O freezes, and minimizes latency spikes during system backups. In a Multi-AZ DB cluster deployment, the secondary DB instances can also serve read traffic.

Edge locations

Amazon CloudFront Key Features

VPC Componenet What it is
Virtual Private Cloud (VPC) A logically isolated virtual network in the AWS cloud
Subnet A segment of VPC's IP address range where you can place groups of isolated resources
Internet Gateway/Egress-only Internet Gateway The Amazon VPC side of connection to public Internet for IPv4/IPv6
Router Routers interconnect subnets and direct traffic between Internet gateways, virtual private gateways, NAT gateways, and subnets
Peering Connection Direct connection between two VPCs
VPC Endpoints Private connection to public AWS services
NAT Instance Enable Internet access for EC2 instances in private subnet managed by you
NAT Gateway Enable Internat access for EC2 instances in private subnet manage by AWS
Virtual Private Gateway The Amazon VPC side of a Virtual Private Network (VPN) connection
Customer Gateway Customer side of VPN connection
AWS Direct Connect High speed, high bandwidth, private network connection from the customer to AWS
Security Group Instance -level firewall
Network ACL Subnet-level firewall

Compute Services Overview

Elastic Cloud Compute (EC2)

alt
AWSEC2 docs

AWS Definfition

Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. Using Amazon EC2 eliminates your need to invest in hardware upfront, so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic.

Amazon EC2 features:

  • Virtual computing environments, known as instances
  • Preconfigured templates for your instances, known as Amazon Machine Images (AMIs), that package the bits you need for your server (including the operating system and additional software)
  • Various configurations of CPU, memory, storage, and networking capacity for your instances, known as instance types
  • Secure login information for your instances using key pairs (AWS stores the public key, and you store the private key in a secure place)
  • Storage volumes for temporary data that's deleted when you stop, hibernate, or terminate your instance, known as instance store volumes
  • Persistent storage volumes for your data using Amazon Elastic Block Store (Amazon EBS), known as Amazon EBS volumes
  • Multiple physical locations for your resources, such as instances and Amazon EBS volumes, known as Regions and Availability Zones
  • A firewall that enables you to specify the protocols, ports, and source IP ranges that can reach your instances using
    security groups

    Security groups act as a firewall for associated instances, controlling both inbound and outbound traffic at the instance level. You must add rules to a security group that enable you to connect to your instance from your IP address using SSH. You can also add rules that allow inbound and outbound HTTP and HTTPS access from anywhere.

  • Static IPv4 addresses for dynamic cloud computing, known as Elastic IP addresses
  • Metadata, known as tags, that you can create and assign to your Amazon EC2 resources
  • Virtual networks you can create that are logically isolated from the rest of the AWS Cloud, and that you can optionally connect to your own network, known as virtual private clouds (VPCs)

Provisioning EC2

  1. Set up to use Amazon EC2

    1. Sign up for AWS.
    2. Create a key pair.
      Note that if you plan to launch instances in multiple Regions, you'll need to create a key pair in each Region.
      Steps:
      • Open the Amazon EC2 console.
      • Choose Key Pairs.
      • Choose Create key pair
      • Fill Name
      • For Key pair type, chhose RSA or ED25519
      • For Private key format, in case of using OpenSSH, choose pem
      • Choose Create key pair.
      • The private key file is automatically downloaded by your browser.
        Important This is the only chance for you to save the private key file.
      • If you will use an SSH client on a macOS or Linux computer to connect to your Linux instance, use the following command to set the permissions of your private key file so that only you can read it. chmod 400 key-pair-name.pem
    3. Create a security group
      Note that if you plan to launch instances in multiple Regions, you'll need to create a security group in each Region.
      Steps:
      1. Open the Amazon EC2 console.
      2. From the top navigation bar, select a Region for the security group. Security groups are specific to a Region, so you should select the same Region in which you created your key pair.
      3. Choose Security Groups.
      4. Choose Create security group.
      5. For Basic details, do the following:
        1. Enter a name for the new security group and a description. Use a name that is easy for you to remember, such as your user name, followed by SG, plus the Region name. For example, me_SG_uswest2.
        2. In the VPC list, select your default VPC for the Region.
      6. For Inbound rules, create rules that allow specific traffic to reach your instance. For example, use the following rules for a web server that accepts HTTP and HTTPS traffic.
        1. Choose Add rule. For Type, choose HTTP. For Source, choose Anywhere.
        2. Choose Add rule. For Type, choose HTTPS. For Source, choose Anywhere.
        3. Choose Add rule. For Type, choose SSH. For Source, do one of the following:
          • Choose My IP to automatically add the public IPv4 address of your local computer.
          • Choose Custom and specify the public IPv4 address of your computer or network in CIDR notation. To specify an individual IP address in CIDR notation, add the routing suffix /32, for example, 203.0.113.25/32. If your company or your router allocates addresses from a range, specify the entire range, such as 203.0.113.0/24.
            Warning For security reasons, do not choose Anywhere for Source with a rule for SSH. This would allow access to your instance from all IP addresses on the internet. This is acceptable for a short time in a test environment, but it is unsafe for production environments.
      7. For Outbound rules, keep the default rule, which allows all outbound traffic.
      8. Choose Create security group.

  2. Lunching an EC2 instace.

    Steps:
    1. vOpen the Amazon EC2 console
    2. In the Launch instance box, choose Launch instance, and then choose Launch instance.
    3. Under Name and tags, for Name, enter a descriptive name for your instance.
    4. Under Application and OS Images (Amazon Machine Image), do the following:
      1. Choose Quick Start, and then choose Amazon Linux. This is the operating system (OS) for your instance.
      2. From Amazon Machine Image (AMI), select an HVM version of Amazon Linux 2. 2 Notice that these AMIs are marked Free tier eligible. An Amazon Machine Image (AMI) is a basic configuration that serves as a template for your instance.
    5. Under Instance type, from the Instance type list, you can select the hardware configuration for your instance. Choose the t2.micro instance type, which is selected by default. The t2.micro instance type is eligible for the free tier. In Regions where t2.micro is unavailable, you can use a t3.micro instance under the free tier. For more information, see AWS Free Tier
    6. Under Key pair (login), for Key pair name, choose the key pair that you created when getting set up.
      7. Warning Do not choose Proceed without a key pair (Not recommended). If you launch your instance without a key pair, then you can't connect to it.
    7. Next to Network settings, choose Edit. For Security group name, you'll see that the wizard created and selected a security group for you. You can use this security group, or alternatively you can select the security group that you created when getting set up using the following steps:
      1. Choose Select existing security group.
      2. From Common security groups, choose your security group from the list of existing security groups.
    8. Keep the default selections for the other configuration settings for your instance.
    9. Review a summary of your instance configuration in the Summary panel, and when you're ready, choose Launch instance.
    10. A confirmation page lets you know that your instance is launching. Choose View all instances to close the confirmation page and return to the console.
    11. On the Instances screen, you can view the status of the launch. It takes a short time for an instance to launch. When you launch an instance, its initial state is pending. After the instance starts, its state changes to running and it receives a public DNS name. If the Public IPv4 DNS column is hidden, choose the settings icon ( Settings icon. ) in the top-right corner, toggle on Public IPv4 DNS, and choose Confirm.
    12. It can take a few minutes for the instance to be ready for you to connect to it. Check that your instance has passed its status checks; you can view this information in the Status check column.

EC2 Instance Types

Family Speciality Use case
F1 Field Programmable Gate Array Genomics research, financial analytics, real-time video processing, big date etc
I3 High Speed Storage NoSQL DBs, Data Warehousing etc
G3 Graphics Intensive Video Encoding/3D Application Streaming
H1 High Disk Throughput MapReduce-based workloads, distributed file systems such as HDFS and MapR-FS
T3 Lowest Cost, General Purpose Web Servers/Small DBs
D2 Dense Storage Fileservers/Data Warehousing/Hadoop
R5 Memory Optimized Memory Intensive Apps/DBs
M5 General Purpose Application Servers
C5 Compute Optimized CPU Intensive Apps/DBs
P3 Graphics/General Purpose GPU Machine Learning, BitCoin Mining etc
X1 Memory Optimized SAP HANA/Apache Spark etc
Z1D HCC and HMF ?
A1 Arm-based workloads Scale-out workloads such as web servers
U-6tb1 Bare Metal Bare metal capabilities that eliminate virtualization overhead

Storage Services

Amazon S3

alt > Amazon Simple Storage Service (Amazon S3)

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. Customers of all sizes and industries can use Amazon S3 to store and protect any amount of data for a range of use cases, such as data lakes, websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides management features so that you can optimize, organize, and configure access to your data to meet your specific business, organizational, and compliance requirements.

Amazon Simple Storage Service User Guide

Basics

Amazon S3 is an object storage service that stores data as objects within buckets. An object is a file and any metadata that describes the file. A bucket is a container for objects.

Buckets and the objects in them are private and can be accessed only if you explicitly grant access permissions. You can use bucket policies, AWS Identity and Access Management (IAM) policies, access control lists (ACLs), and S3 Access Points to manage access.

Buckets

Root level - is a container for objects (files) stored in Amazon S3.
1 bucket cans store any number of objects.
1 account max 100 buckets.

Objects
Fundamental entities stored in Amazon S3 (files)
Consist of object data and metadat.

Keys
Object key is the unique identifier for an object within a bucket.
Every object access = https://{bucket-name}.s3.{region}.amazon.com/{key}

S3 Versioning
Multiple variants of an object in the same bucket.

Version ID
When S3 Versioning is active all new objects get a unique version ID.

Bucket Policy
A bucket policy is a resource-based AWS Identity and Access Management (IAM) policy that you can use to grant access permissions to your bucket and the objects in it. Only the bucket owner can associate a policy with a bucket. The permissions attached to the bucket apply to all of the objects in the bucket that are owned by the bucket owner. Bucket policies are limited to 20 KB in size.

S3 Access Points
Amazon S3 Access Points are named network endpoints with dedicated access policies that describe how data can be accessed using that endpoint.

Access control lists (ACLs)
You can use ACLs to grant read and write permissions to authorized users for individual buckets and objects. A majority of modern use cases in Amazon S3 no longer require the use of ACLs, and we recommend that you disable ACLs except in unusual circumstances where you need to control access for each object individually.

Regions
You can choose the geographical AWS Region where Amazon S3 stores the buckets that you create. You might choose a Region to optimize latency, minimize costs, or address regulatory requirements.

Buckets & Objects

Versioning

  • Stores all versions of an object.
  • Can be used as a backup tool.
  • Versioning cannot be disabled, only suspended.
  • Integrates with Lifecycle rules.
  • Versioning's MFA Delete capability.

When we upload a new version of an object we need to change access to it otherwise object won't be public.
When we delete an object - the object is marked as deleted but still all versions exist in the bucket.
To restore an object we need to delete permanently an object marked as deleted.
We can not disable versioning we can suspend versioning

Storage Classes

Object Lifecycles

  • Automate moving objects between the different storage tiers.
  • Can be used in conjunction with versioning.
  • Can be applied to current versions and previous versions.
  • Find S3.
  • Choose bucket.
  • Go to Management.
  • Click Create lifecycle rule.
  • File name.
  • Choose a rule scope.
  • Fill depends on requirements.
  • Press Create rule

Permissions

By default, all Amazon S3 resources—buckets, objects, and related subresources (for example, lifecycle configuration and website configuration)—are private. Only the resource owner, the AWS account that created it, can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy.

Databases

databases

RDS RDS vs DynamoDB DynamoDB

Amazon RDS Doc

Amazon RDS

RDS Amazon RDS provides cost-efficient and scalable relational database capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.

DB instances A DB instance is an isolated database environment in the AWS Cloud. The basic building block of Amazon RDS is the DB instance.

DB engines
A DB engine is the specific relational database software that runs on your DB instance. Amazon RDS currently supports the following engines:

  • MariaDB
  • Microsoft SQL Server
  • MySQL
  • Oracle
  • PostgreSQL

DB instance classes
A DB instance class determines the computation and memory capacity of a DB instance. A DB instance class consists of both the DB instance type and the size. Each instance type offers different compute, memory, and storage capabilities. For example, db.m6g is a general-purpose DB instance type powered by AWS Graviton2 processors. Within the db.m6g instance type, db.m6g.2xlarge is a DB instance class.

AWS Regions and Availability Zones
You can run your DB instance in several Availability Zones, an option called a Multi-AZ deployment. When you choose this option, Amazon automatically provisions and maintains one or more secondary standby DB instances in a different Availability Zone. Your primary DB instance is replicated across Availability Zones to each secondary DB instance. This approach helps provide data redundancy and failover support, eliminate I/O freezes, and minimize latency spikes during system backups. In a Multi-AZ DB clusters deployment, the secondary DB instances can also serve read traffic.

Setting up Amazon RDS

Creating a PostgreSQL DB instance and connecting to a database on a PostgreSQL DB instance

Provisioning PostgreSQL and ssh tunnelling.

Two subnets are required to form a subnet group.
  1. Configuring a private subnet group:
    1. Navigate to Subnet Groups.
    2. Create DB subnet group.
    3. Complete the form, making sure to select our two private subnets.
  2. Launching an RDS Database.
    1. Select an engine.
    2. Specify DB details.
    3. Configure advanced options.
    4. Launch DB instance.
  3. Security groups in VPC.
    1. Select your security group attached to RDS.
    2. Go to inbound rules
    3. Edit rules.
    4. Add ssh rule for everyone.

How to Access a Private RDS Database (Using a Jump Box) From Your Home Network

  1. Configure the network.

    1. VPC console.
    2. create private subnet 1
    3. create private subnet 2
    4. Create a custom route table
    5. go to the route tables section.
    6. create a new route table.
    7. associate the new route with our two private subnets.

  2. Creating Jump Box.

    1. Go to EC2
    2. IMPORTANT - we need key pair login.
    3. In network settings click edit.
    4. Set iec2 instance in a public subnet.
    5. Launch instance.
    6. Connect to the instance.
    7. chmod 400 key-pair-name.pem
    8. ssh -i "key-pair-name.pem" ec2-user@endpoint.

  3. Creating RDS Database.

    1. Go to RDS Section in console.
      1. In Subnet groups create new subnet group.
      2. In Availability Zones choose those where are your private subnets.
      3. In Subnets choose yours private subnets.
    2. Go to Databases section.
      1. Create a database.
      2. In DB subnet group choose the one you created in the previous step.
      3. VPC security group (firewall) - create new.
      4. Create a database.
    3. Modify the security group.
      1. Go into your instance itself.
      2. Open the security group tab.
      3. Go to inbound rules.
      4. Add rule
      5. Choose the appropriate type PostgreSQL.
      6. In source find a name of our EC2 security group created in previous step.
      7. Save rules
    4. Connect using ssh tunnelling.
      1. Go to RDS instance.
      2. Copy Endpoint in Connectivity & security
      3. Connect to RDS through jump box - ssh -i "key-pair-name.pem" -f -N -L 5432:Endpoint:5432 ec2-user@ip-add-ec2 -v

Overview of Monitoring, Alerts, and Notifications

Simple Notification Service (SNS)

Amazon Simple Notification Service (Amazon SNS) is a managed service that provides message delivery from publishers to subscribers (also known as producers and consumers). Publishers communicate asynchronously with subscribers by sending messages to a topic, which is a logical access point and communication channel. Clients can subscribe to the SNS topic and receive published messages using a supported endpoint type, such as Amazon Kinesis Data Firehose, Amazon SQS, AWS Lambda, HTTP, email, mobile push notifications, and mobile text messages (SMS). Amazon Simple Notification Service Developer Guide

Management Tools

CloudWatch

CloudWatch Definition

CloudWatch is service that allows to monitor various elements of AWS account.

Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real-time. You can use CloudWatch to collect and track metrics, which are variables you can measure for your resources and applications. With CloudWatch, you gain system-wide visibility into resource utilization, application performance, and operational health. What is Amazon CloudWatch?

CloudWatch Pricing

Amazon CloudWatch Pricing

Amazon CloudWatch concepts

Namespaces

A namespace is a container for CloudWatch metrics. Metrics in different namespaces are isolated from each other so that metrics from different applications are not mistakenly aggregated into the same statistics.
Example: Amazon EC2 uses the AWS/EC2 namespace

Metrics

Metrics are the fundamental concept in CloudWatch. A metric represents a time-ordered set of data points that are published to CloudWatch. Think of a metric as a variable to monitor, and the data points as representing the values of that variable over time. For example, the CPU usage of a particular EC2 instance is one metric provided by Amazon EC2. The data points themselves can come from any application or business activity from which you collect data.
Metrics exist only in the Region in which they are created. Metrics cannot be deleted, but they automatically expire after 15 months if no new data is published to them. Data points older than 15 months expire on a rolling basis; as new data points come in, data older than 15 months is dropped.

Time stamps

Each metric data point must be associated with a time stamp. The time stamp can be up to two weeks in the past and up to two hours into the future. If you do not provide a time stamp, CloudWatch creates a time stamp for you based on the time the data point was received.

Metrics retention

CloudWatch retains metric data as follows:

  • Data points with a period of less than 60 seconds are available for 3 hours. These data points are high-resolution custom metrics.
  • Data points with a period of 60 seconds (1 minute) are available for 15 days
  • Data points with a period of 300 seconds (5 minute) are available for 63 days
  • Data points with a period of 3600 seconds (1 hour) are available for 455 days (15 months).

Dimensions

A dimension is a name/value pair that is part of the identity of a metric. You can assign up to 30 dimensions to a metric.

Resolution

Each metric is one of the following:

  • Standard resolution, with data having a one-minute granularity
  • High resolution, with data at a granularity of one second

Statistics

Statistics are metric data aggregations over specified periods of time. CloudWatch provides statistics based on the metric data points provided by your custom data or provided by other AWS services to CloudWatch. Aggregations are made using the namespace, metric name, dimensions, and the data point unit of measure, within the time period you specify.

Units

Each statistic has a unit of measure. Example units include Bytes, Seconds, Count, and Percent. Units help provide conceptual meaning to your data.

Periods

A period is the length of time associated with a specific Amazon CloudWatch statistic. Each statistic represents an aggregation of the metrics data collected for a specified period of time. Periods are defined in numbers of seconds, and valid values for period are 1, 5, 10, 30, or any multiple of 60. For example, to specify a period of six minutes, use 360 as the period value. You can adjust how the data is aggregated by varying the length of the period. A period can be as short as one second or as long as one day (86,400 seconds). The default value is 60 seconds.

Aggregation

Amazon CloudWatch aggregates statistics according to the period length that you specify when retrieving statistics. You can publish as many data points as you want with the same or similar time stamps. CloudWatch aggregates them according to the specified period length. CloudWatch does not automatically aggregate data across Regions, but you can use metric math to aggregate metrics from different Regions.

Percentiles

A percentile indicates the relative standing of a value in a dataset. For example, the 95th percentile means that 95 percent of the data is lower than this value and 5 percent of the data is higher than this value. Percentiles help you get a better understanding of the distribution of your metric data.

Alarms

You can use an alarm to automatically initiate actions on your behalf. An alarm watches a single metric over a specified time period, and performs one or more specified actions, based on the value of the metric relative to a threshold over time. The action is a notification sent to an Amazon SNS topic or an Auto Scaling policy. You can also add alarms to dashboards.

Elastic Load Balancer (ELB)

AWS Doc

Elastic Load Balancing automatically distributes your incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones. It monitors the health of its registered targets, and routes traffic only to the healthy targets. Elastic Load Balancing scales your load balancer as your incoming traffic changes over time. It can automatically scale to the vast majority of workloads.

Elastic Load Balancing supports the following load balancers: Application Load Balancers, Network Load Balancers, Gateway Load Balancers, and Classic Load Balancers. You can select the type of load balancer that best suits your needs. This guide discusses Application Load Balancers.

Auto Scaling

Route 53

Lambda

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque risus mi, tempus quis placerat ut, porta nec nulla. Vestibulum rhoncus ac ex sit amet fringilla. Nullam gravida purus diam, et dictum felis venenatis efficitur. Aenean ac eleifend lacus, in mollis lectus. Donec sodales, arcu et sollicitudin porttitor, tortor urna tempor ligula, id porttitor mi magna a neque. Donec dui urna, vehicula et sem eget, facilisis sodales sem.

0 Replies

Leave a replay

To replay you need to login. Don't have an account? Sign up for one.

Topics/Channels

Table of Content