Comprehensive Guide to AWS Global Accelerator, Lambda, CloudFormation, and More
Global Accelerator
AWS Global Accelerator is a service that improves the availability and performance of your applications with local or global users
AWS Global Accelerator uses the AWS global network to optimize the path from your users to your applications, improving the performance of your traffic by as much as 60%
AWS Global Accelerator continually monitors the health of your application endpoints and redirects traffic to healthy endpoints in less than 30 seconds
Without AWS Global Accelerator
It can take many networks to reach the application. Paths to and from the application may differ. Each hop impacts performance and can introduce risks
With AWS Global Accelerator
Adding AWS Global Accelerator removes these inefficiencies. It leverages the Global AWS Network, resulting in improved performance.
Benefits
Improve global application availability
Accelerate your global applications
Easily manage endpoints
AWS Lambda
AWS Lambda is a compute service that lets you run code without provisioning or managing servers
AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second
You pay only for the compute time you consume
- there is no charge when your code is not running
With AWS Lambda, you can run code virtually for any type of application or backend service
- all with zero administration
AWS Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging
All you need to do is supply your code in one of the languages that AWS Lambda supports
You can use AWS Lambda to run your code in response to events, such as changes to data in an Amazon S3 bucket or an Amazon DynamoDB table
When Should I Use AWS Lambda?
AWS Lambda is an ideal compute platform for many application scenarios, provided that you can write your application code in languages supported by AWS Lambda, and run within the AWS Lambda standard runtime environment and resources provided by Lambda
When using AWS Lambda, you are responsible only for your code
AWS Lambda manages the compute fleet that offers a balance of memory, CPU, network, and other resources
This is in exchange for flexibility, which means you cannot log in to compute instances, or customize the operating system on provided runtimes
These constraints enable AWS Lambda to perform operational and administrative activities on your behalf, including provisioning capacity, monitoring fleet health, applying security patches, deploying your code, and monitoring and logging your Lambda functions
Lambda is a highly available service
Languages supported by AWS Lambda are .NET, Go, Java, Node.js, Python, Ruby
If you need to manage your own compute resources, Amazon Web Services also offers other compute services to meet your needs-
- Amazon Elastic Compute Cloud (Amazon EC2) service offers flexibility and a wide range of EC2 instance types to choose from. It gives you the option to customize operating systems, network and security settings, and the entire software stack, but you are responsible for provisioning capacity, monitoring fleet health and performance, and using Availability Zones for fault tolerance
AWS Lambda - Building Block
Lambda Function : The foundation, it is comprised of your custom code and any dependent libraries
Event Source : An AWS service, such as Amazon SNS, that triggers your function and executes its logic
Downstream resources : An AWS service, such Dynamo DB tables or Amazon S3 buckets, that your Lambda function calls once it is triggered
Log Streams : While Lambda automatically monitors your function invocations and reports metrics to CloudWatch
Event Source Mapping
In AWS Lambda, Lambda functions and event sources are the core components
An event source is the entity that publishes events, and a Lambda function is the custom code that processes the events
Supported event sources refer to those AWS services that can be pre-configured to work with AWS Lambda
The configuration is referred to as event source mapping which maps an event source to a Lambda function
AWS Lambda supports many AWS services as event sources-
When you configure these event sources to trigger a Lambda function, the Lambda function is invoked automatically when events occur
Some of the supported AWS Event sources for Lambda functions are
Amazon S3
Amazon DynamoDB
Amazon Simple Notification Service
Amazon SQS
Amazon CloudWatch
Lambda Function Configuration
Compute resources that you need
You only specify the amount of memory you want to allocate for your Lambda function
AWS Lambda allocates CPU power proportional to the memory
You can update the configuration and request additional memory in 64 MB increments from 128 MB to 3008 MB
If the maximum memory use is exceeded, function invocation will be terminated
Functions larger than 1536 MB are allocated multiple CPU threads, and multi-threaded or multi-process code is needed to take advantage of the additional performance
Maximum execution time (timeout)
You pay for the AWS resources that are used to run your Lambda function
To prevent your Lambda function from running indefinitely, you specify a timeout
When the specified time out is reached, AWS Lambda terminates your Lambda function
Default is 3 seconds, maximum is 900 seconds (15minutes)
AWS CLoudFormation
AWS Cloud Formation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment
Cloud Formation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts
This file serves as the single source of truth for your cloud environment.
AWS Cloud Formation is available at no additional charge, and you pay only for the AWS resources needed to run your applications
Benefits
MODEL IT ALL
AWS Cloud Formation allows you to model your entire infrastructure in a text file. This template becomes the single source of truth for your infrastructure. This helps you to standardize infrastructure components used across your organization, enabling configuration compliance and faster troubleshooting.
AUTOMATE AND DEPLOY
AWS Cloud Formation provisions your resources in a safe, repeatable manner, allowing you to build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts.
IT'S JUST CODE
Codifying your infrastructure allows you to treat your infrastructure as just code. You can author it with any code editor, check it into a version control system, and review the files with team members before deploying into production.
How it works
Amazon FSx for Windows File Server
Amazon FSx for Windows File Server provides fully managed, highly reliable file storage that is accessible over the industry-standard Service Message Block (SMB) protocol
It is built on Windows Server, delivering a wide range of administrative features such as user quotas, end-user file restore, and Microsoft Active Directory (AD) integration
It offers single-AZ and multi-AZ deployment options, fully managed backups, and encryption of data at rest and in transit
Amazon FSx file storage is accessible from Windows, Linux, and MacOS compute instances and devices running on AWS or on premises
You can optimize cost and performance for your workload needs with SSD and HDD storage options
Amazon FSx helps you optimize TCO with no data duplication, reducing costs by up to 50 60% on your general-purpose file shares
Amazon FSx for Lustre for high-performance file system
Amazon FSx for Lustre makes it easy and cost effective to launch and run the world’s most popular high-performance file system, Lustre
Use it for workloads where speed matters, such as machine learning, high performance computing (HPC), video processing, and financial modeling
The open source Lustre file system was built for and is used for the world’s most demanding workloads, and is the most widely used file system for the 500 fastest computers in the world
Amazon FSx brings the Lustre file system to the masses by making it easy and cost effective for you to use Lustre for any workload where you want to process data as quickly as possible
You can also link your FSx for Lustre file systems to Amazon S3, making it simple to process data stored on S3
Benefits
Simple and fully managed
Fast and inexpensive
Available and durable
Integration with other AWS services
AWS Migration Services
Moving your data and applications to the cloud isn't easy, but Amazon has a number of services that can take some of the load off. Some of them are :
AWS Migration Hub
AWS Migration Hub provides a single place to monitor migrations in any AWS region where your migration tools are available
There is no additional cost for using Migration Hub.
You only pay for the cost of the individual migration tools you use, and any resources being consumed on AWS
Features
Allows you to import information about their on-premises servers and applications into the Migration Hub so you can track the status of application migrations.
Shows the latest status and metrics for your entire migration portfolio.
This allows you to quickly understand the progress of your migrations, as well as identify and troubleshoot any issues that arise.
Provides all application details in a central location.
This allows you to track the status of all the moving parts across all migrations, making it easier to view overall migration progress.
AWS Database Migration Service
AWS Database Migration Service helps you migrate databases to AWS quickly and securely
Can migrate your data to and from most widely used commercial and open-source databases
Supports homogeneous migrations such as Oracle to Oracle, as well as heterogeneous migrations between different database platforms, such as Oracle or Microsoft SQL Server to Amazon Aurora
Benefits
Simple to use
Minimal downtime
Supports widely used databases
Low cost
Fast and easy to setup
Reliable
Snow Family
The Snow Family of services offers a number of physical devices and capacity points, including some with built-in compute capabilities
These services help physically transport up to Exabyte's of data into and out of AWS
The Snow Family of services are owned and managed by AWS and integrate with AWS security, monitoring, storage management and computing capabilities
AWS Snowball Services
AWS Snowball is a petabyte scale data transport solution that uses secure appliances to transfer large amounts of data into and out of AWS
The AWS Snowball service uses physical storage devices to transfer large amounts of data between Amazon Simple Storage Service (Amazon S3) and your onsite data storage location at faster-than-internet speeds
Snowball uses multiple layers of security designed to protect your data including tamper resistant enclosures, 256-bit encryption, and an industry-standard Trusted Platform Module (TPM) designed to ensure both security and full chain of custody of your data.
Once the data transfer job has been processed and verified, AWS performs a software erasure of the Snowball appliance
How it works
Snowball Features
80 TB and 50 TB models are available in US Regions
50 -100 TB model available in all AWS Regions
Enforced encryption protects your data at rest and in physical transit
There's no need to buy or maintain your own hardware devices
Benefits
High speed & Extremely scalable
Tamper resistant and secure
Simple and compatible
Easy data retrieval
Snowmobile
The AWS Snowmobile moves up to 100PB of data (equivalent to 1,250 AWS Snowball devices) in a 45-foot long ruggedized shipping container and is ideal for multi petabyte or Exabyte scale digital media migrations and datacenter shutdowns
A Snowmobile arrives at the customer site and appears as a network attached data store for more secure, high-speed data transfer
After data is transferred to Snowmobile, it is driven back to an AWS Region where the data is loaded into Amazon S3
Key Features
Faster data transfer
Strong encryption
Rugged, durable and Secure
Customized for your needs Massively Scalable
CloudFront
Is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users
CloudFront delivers your content through a worldwide network of data centers called edge locations
When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance
If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately
If the content is not in that edge location, CloudFront retrieves it from an origin that you've defined, such as an Amazon S3 bucket, a Media Package channel, or an HTTP server (for example, a web server)
You also get increased reliability and availability because copies of your files (also known as objects) are now held (or cached) in multiple edge locations around the world
AWS Storage Gateway
AWS Storage Gateway connects an on-premises software appliance with cloud-based storage
You can use the service to store data in the AWS Cloud for scalable and cost-effective storage that helps maintain data security
AWS Storage Gateway offers file-based, volume-based, and tape-based storage solutions.
File Gateway
A file gateway supports a file interface into Amazon Simple Storage Service (Amazon S3) and combines a service and a virtual software appliance
By using this combination, you can store and retrieve objects in Amazon S3 using industry standard file protocols such as Network File System (NFS) and Server Message Block (SMB)
The gateway, is deployed into your on-premises environment as a virtual machine (VM) running on VMware ESXi or Microsoft Hyper-V hypervisor
The gateway provides access to objects in S3 as files or file share mount points
Volume Gateway
A volume gateway provides cloud-backed storage volumes that you can mount as Internet Small Computer System Interface (iSCSI) devices from your on-premises application servers.
The gateway supports the following volume configurations
Cached volumes
Stored Volume
Tape Gateway
Can cost-effectively and durably archive backup data in Amazon S3 Glacier or S3 Glacier Deep Archive
A tape gateway provides a virtual tape infrastructure that scales seamlessly with your business needs and eliminates the operational burden of provisioning, scaling, and maintaining a physical tape infrastructure
You can run AWS Storage Gateway either on-premises as a VM appliance, as a hardware appliance, or in AWS as an Amazon Elastic Compute Cloud (Amazon EC2) instance
AWS Certificate Manager
AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources
SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet as well as resources on private networks
AWS Certificate Manager removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates
With AWS Certificate Manager, you can quickly request a certificate, deploy it on ACM integrated AWS resources, such as Elastic Load Balancers, Amazon CloudFront distributions, and APIs on API Gateway, and let AWS Certificate Manager handle certificate renewals
It also enables you to create private certificates for your internal resources and manage the certificate lifecycle centrally
Use Cases
Protect and secure your website: SSL, and its successor TLS, are industry standard protocols for encrypting network communications and establishing the identity of websites over the Internet
Protect and Secure your internal resources: Private certificates are used for identifying and securing communication between connected resources on private networks, such as servers, mobile and IoT devices, and applications