2024년 SAA-C03 자격증 준비하면서 필요한 노트 정리했습니다
강의는 유데미 "Ultimate AWS Certified Solutions Architect Associate SAA-C03" 통해 공부했습니다
https://www.udemy.com/course/aws-certified-solutions-architect-associate-saa-c03
같이 공부해서 합격해보자구요 !
Section 8 : High Availability and Scalability : ELB & ASG
69. High Availability and Scalability
- Scalability - system can handle greater loads by adapting
- vertical scalability (scale up/down)
- increase the size of the instance, scale up
- RDS, ElastiCatche services are for this scalability
- theres a limit high much it can scale up, hardware limits
- horizontal scalability (elasticity) (scale out/in)
- scale out - increase the number of instances
- vertical scalability (scale up/down)
- high availability
- means running your application in at least 2 data centers (az)
- ex. system in japan & sydney
- high availability usually goes hand in hand with horizontal scalability
- auto scaling group in multi az
- load balancer multi az
- means running your application in at least 2 data centers (az)
70. Elastic Load Balancing (ELB) Overview
- load balancer is
- servers that forward traffic to multiple servers downstream
- spread load across multiple instances
- expose a single point of access (dns)
- seamlessly handle failures
- regular health checks to instances
- provide ssl
- enforce stickiness with cookies
- high availability across zones
- seperate public / private traffics
- elastic load balancer
- very cost effective
- comes with various aws offerings/services
- ec2, ec2 auto scaling groups, cloud watch, route 53, waf etc
- health checks
- crucial for load balancers
- done by port and a route
- ex. elb sends a request to an instance on http protocol + port 4567 + endpoint /heatlh, if receives an response, it means instance is alive and well 200 ok
- if not healthy, elb will not forward request to that specific instance
- 4 types of load balances
- classic load balancer -(v1 old gen 2009) clb - http, https, tcp, ssl
- application laod balancer - (v2 new gen 2016) alb - http, https, websocket
- network load balancer - (v2 new gen 2017) nlb - tcp, tls, udp
- gateway load balancer - (2020) gwlb - operates at layer 3 ip protocol
72. Application load balancer (alb)
- layer 7
- multiple http applications across machines = target groups
- multiple application on the same machine ex containers
- supports redirects
- routing tables to different target groups**
- path in url (ex. example.com/users)
- hostname in url (example.com)
- query string, headers (example.com/users?id=123)
- great fit for micro services & container based applications (ex. dockers)
- target groups
- ec2 instances
- ecs tasks
- lambda functions
- ip addresses
75. Network load balancer (nlb)
- layer 4
- tcp & udp traffic
- handle millions of request per seconds
- 100ms latency, (alb 400ms)
- nlb has one static ip per az (whitelisting specific ip)
- not included in aws free tier
- target groups
- ec2 instances
- ip address, must be private
- application load balancer alb - maintaining http rules while mainitaining a fixed ip
77. Gateway load balancer (gwlb)
- deploy scale manager a 3rd party network virtual appliances in aws
- layer 3 ip packets
- transparent network gateway - single entry exit for all traffic
- load balancer
- uses the geneve protocol 6081
- target groups
- ec2 instances
- ip addresses, must be private
78. Elastic load balancer - sticky sessions
- possible to implement stickiness - same client is always redirected to the same instance through load balancer
- cookie is used for stickiness, has an expiration date
- may bring imbalance
- cookie names
- application based cookies
- custom cookie
- generated by the tasrget
- cookie name must be specified for each target group
- DONT USE AWSALB, AWSALBAPP OR AWSALBTG
- application cookie
- generated by the load balancer
- cookie name is AWSALBAPP
- custom cookie
- Duration based cookies
- cookie generated by the load baalancer
- cookie name is AWSALB for alb, AWSELB for clb
- application based cookies
79. Elastic load balancer - cross zone load balancing
- cross zone load balancing - request distributed evenly across all registered az region
- without it, requests are distrubted based on elb nodes
- alb
- cross zone is enabled by default
- no charges for inter az data
- nlb
- cross zone is disabled by default
- will be charged
- clb
- cross zone is disabled
- will not be charged
80. Elastic load balancer - SSL Certificates
- ssl - allows traffic between clients <-> load balancer will be encrypted in transit (in-flight encryption)
- ssl - secure sockets layer used for encrypt connection
- tls - transport layer security, newer version
- public ssl are issued by ca (certificate authorities)
- have expiriation date, must be renewed
- load balancer uses an x.509 certificate
- you can manage certificates using acm (aws certificate manager)
- server name indication (sni)
- sni solves the problem of loading multiple ssl certificates on to one web server
- newer protocol
- only works for alb, nlb, cloud front
- does not work with old clb
82. Elastic load balancer - Connection Draining
- connection draining - clb
- deregistration delay - alb, nlb
- stops sending new requests if is in de-registering
- can be disabled (set value to 0)
- set to a low value if your requests are short
- if requests in general are responed from the server say 1sec or less, you can set the value to 5sec
83. Auto scaling groups (asg) overview
- scale out to match an increase load
- scale in to match decreased load
- automatically register new instances to a load balancer
- recreate if ec2 instance is terminated
- asg are free, only pay for ec2 instances
- options
- minimum capacity
- desired capacity
- maximum capacity
- asg attributes
- a launch template
- ami + instance type
- ec2 user data
- ebs volumes
- security groups
- ssh key pair
- iam roles for your ec2
- network and subnet
- load balancer information
- scaling policies
- a launch template
- scale in/out based on cloudwatch alarms
- alarm monitors
- average cpu
- custom metric
- metris such as average cpu are computed for the overall asg instances
- can create scale in/ scale out policies
85. Auto scaling groups - Scaling policies
- Dynamic scaling
- target tracking scaling
- simple to setup
- ex. avg cpu to stay around 40%
- simple / step scaling
- cloudwatch alarm is triggered ex cpu > 70%, add 2 more instance
- same as above except ex cpu < 30%, remove 1 instance
- target tracking scaling
- Scheduled scaling
- anticipate a scaling based on known usage patterns ex. 10 ~ 5pm on friday
- predictive scaling
- forecast load and schedule scaling ahead (very handy for cycling or predictable traffic)
- good metrics to scale on
- cpu utilization
- request count per target
- scaling cooldowns
- after scaling activity, in a cooldown period (default 300)
- asg will not terminate or launch new instances
- use a ready to use ami to reduce the cooldown period
틀렸던 질문 키워드
- fixed static ip = nlb
- there is no cloudwatch metric for number of request per minute, you need to create your own cloudwatch custom metric then create cloudwatch alarm.
- you have an asg and nlb. application is integrated with nlb health checks. also using tcp health checks but you want to migrate to http health checks. (답은 migrate to heatlh check 왜냐면 nlb는 tcp + http둘다 제공하기 때문이다)
- migrate to an alb
- migrate the health check to http
- your site used http protocol for alb. but now want to update to https. you have updated but what can you do to force users to access to site using https instead of http? (답은 alb http redirect)
- configure the alb to redirect http to https
- configure the dns record to redirect http to https
같이 파이팅해서 합격해봅시당 ㅎㅎ
저는 24년 10월 중순에 시험 볼 예정입니다 ! (후기 남기도록 하겠습니다 후후)