CPSC 4820 - DAY 7 FEBRUARY 13, 2018 ================================================================================ Review AMI defines Root volume, launch permissions, which block to attach. EC2 instance from an AMI can launch multiple instances of a different type. data warehousing - storage VPC config can be customized - selection of IP address range, creation of subnets, configuration of route tables, network gateways. Web server - public, application server - private. EC2 instances - security groups, subnets - network ACLs VPN can be created in an EC2 instance. S3 - stored as objects in buckets. EBS - good for raw block-level storage. EBS volumes attached to an instance persists if an instance is stopped. Shared responsibility model - security of platform, OS, firewall config and network traffic are responsibility of the customer. AWS allows HTTPS access so you can establish secure communication sessions with AWS, including SSL and TLS using customer access points, also called: api endpoints. Load balancer can protect individual clients from overloading a single server. IAM policies can be assigned to users, groups, roles. Three entities which may assume IAM roles include: users, applications and services. IAM is not appropriate for OS and application authentication. CloudTrail can be used to record AWS API calls for accounts, deliver log files to an AMAZON s3 bucket. database types that can be used with RDS, MySQL, MS SQL SERVER, Oracle Automatic backups are enabled by default. Security groups control which IP addresses or EC2 instances that can connect to your databases on a DB instance. You can provision a Multi-AZ DB instance which will provide failover. Elasticity - can create a triad of services. Cloudwatch - holds metrics. Alarms can be set on cloudwatch. Autoscaling is a template that an auto scaling group uses to launch to EC2 instances. Desired is the target number of instances, automatically launches new instances to reach this number. AWS Trusted Advisor can improve performance and security recommendation One Tier Model Clients <--> Mainframe, Two Tier Model Clients <--> Web Server <--> Database Web Services model