Differences

This shows you the differences between two versions of the page.

--- certification:awscertifiedsolutionarchitecprofessional [2024/01/25 10:59] – skipidar
+++ certification:awscertifiedsolutionarchitecprofessional [2024/02/03 12:21] (current) – skipidar
@@ Line 27: / Line 27: @@
       * Coralogix, and
       * Elastic.
+  * When connecting to S3 from **on-prem**, **DONT use Gateway endpoints** for Amazon **S3**
+    * Gateway endpoints [[https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html | Do not allow access from on premises]]
+  * for migration of **AuroraDB** **to another AWS account**, with **minimal downtime** - [[https://aws.amazon.com/blogs/database/perform-cross-account-amazon-aurora-mysql-migration-with-minimal-downtime/ | use DataBaseMigration DMS replication]]
+  *
@@ Line 74: / Line 78: @@
     * you should **not use CIDR** as this will open the communication from other EC2 instances on the subnet as well. It is **recommended to use security group IDs**
     * {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/3hY2LRVCzu.png}}
+    * {{https://cdn.matt-rickard.com/images/2021/09/image-12.png}}
   * **AWS Security Groups**
     * can't block by Ports.
@@ Line 196: / Line 201: @@
       * is probably <color #ed1c24>NOT Highly available</color>. As on customer side
       * {{https://docs.aws.amazon.com/images/vpn/latest/s2svpn/images/vpn-how-it-works-cgw.png}}
-    * A **Virtual Private Gateway**
+    * A **Virtual Private Gateway**  alias  **virtual gateway**
       * A virtual private gateway is the VPN concentrator on the Amazon side of the Site-to-Site VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the Site-to-Site VPN connection.
       * https://docs.aws.amazon.com/vpn/latest/s2svpn/how_it_works.html
@@ Line 210: / Line 215: @@
       * Site-to-Site VPN connection with AWS Direct Connect {{https://docs.aws.amazon.com/images/vpn/latest/s2svpn/images/vpn-direct-connect.png}}
       * Private IP Site-to-Site VPN connection with AWS Direct Connect {{https://docs.aws.amazon.com/images/vpn/latest/s2svpn/images/private-ip-dx.png}}
+  * Direct Connect - summary https://jayendrapatil.com/aws-direct-connect-dx/
+    * only ONE **Virtual Gateway (VGW)** can be attached per VPC
+    * Each connection requires a **Virtual Interface (VIF)**
+    * {{https://jayendrapatil.com/wp-content/uploads/2016/05/screen-shot-2016-05-17-at-1-56-15-pm.png}}
   * AWS **Placement Groups** - use to group EC2 machines, to achive minimal latency between High-performance apps relying on low latency.
     * adding the instance to a group
@@ Line 256: / Line 265: @@
     * Can generate **System Manager Patch compliance report**
     * reference Systems Manager properties - **by name of property** from RDS environment variable
+  * AWS Systems Manager > State Manager
+    * configuration management, like "Ansible"
+    * ensure that the instances are bootstrapped with specific software at startup
+    * The following list describes the types of tasks you can perform with State Manager:
+      * Bootstrap instances with specific software at start-up
+      * **Download and update agents** on a defined schedule, including SSM Agent
+      * Configure **network** settings
+      * **Join instances to a Windows domain** (Windows instances only)
+      * Patch instances with software updates throughout their lifecycle
+      * **Run scripts** on Linux and Windows managed instances throughout their lifecycle
+    * AWS Systems Manager > **SESSION Manager**
+      * the SSH console with port 22
   * VPC Sharing
     * within the **same organization** - allows to **share subnets of a VPC** for reuse in another accounts.
@@ Line 296: / Line 317: @@
       * {{https://miro.medium.com/v2/resize:fit:4800/format:webp/1*INxsvZFPK6G3Dixo5GVRdQ.png}}
  {{https://miro.medium.com/v2/resize:fit:4800/format:webp/1*fWy6sEBlR5Fu3YVC7ZUbCw.png}}
-    * **Global database** - means there are read replica installed in other regions
+    * **RDS Global Databases** - means there are **async secondary clusters** cross regions
-      * **Aurora MySQL** can do cross-region Aurora Replicas
+      * Cross-region Global DB replication happens **Asynchronously**, using [[https://docs.aws.amazon.com/prescriptive-guidance/latest/aurora-replication-options/aurora-global-database.html | block storage replication]]
-      * **Aurora Postgres** - can NOT cross-replicate between regions
+      * only **one writer instance in the primary AWS Region**, and all write operations must be directed to that instance.
-    * Failover (when region fails) or Switchover (when planned) happens in seconds but **surprisingly manually**
+      * **Aurora MySQL** - **can** have global tables cross-regions
-    * Each Aurora DB cluster has **one cluster endpoint** and **one primary DB instance**. A **cluster endpoint (or writer endpoint)** for an Aurora DB cluster connects to the current primary DB instance for that DB cluster. This **cluster-endpoint** is the **only one that can perform write operations** such as DDL statements. Because of this, the cluster endpoint is the one that you connect to when you first set up a cluster or when your cluster only contains a single DB instance.
+      * **Aurora Postgres** - **can** have global tables cross-regions [[https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Replication.html|cross-replicate between regions]]
-    * https://aws.amazon.com/de/blogs/database/cross-region-disaster-recovery-using-amazon-aurora-global-database-for-amazon-aurora-postgresql/
+      * https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database-disaster-recovery.html#aurora-global-database-failover
-      * After detaching the read-replica in another region - the **endpoint of the new Write-cluster** in a new region after the failover - **changes**. Application must know the new endpoint, or cross regional DNS must be in place.
+      * {{https://docs.aws.amazon.com/images/AmazonRDS/latest/AuroraUserGuide/images/aurora-global-db-managed-failover-1.png}}
-        * Manual promotion of read replica:
+      * Manual promotion of secondary-cluster:
         * Region is down: {{https://d2908q01vomqb2.cloudfront.net/887309d048beef83ad3eabf2a79a64a389ab1c9f/2021/03/01/Screen-Shot-2021-03-01-at-17.36.25.png}}
         * Remove read replica from global: {{https://d2908q01vomqb2.cloudfront.net/887309d048beef83ad3eabf2a79a64a389ab1c9f/2021/02/25/DBBLOG-1244-12.png}}
@@ Line 309: / Line 330: @@
         * Get new endpoints {{https://d2908q01vomqb2.cloudfront.net/887309d048beef83ad3eabf2a79a64a389ab1c9f/2021/06/18/dbblog1603-10.png}}
         * Add to DNS {{https://d2908q01vomqb2.cloudfront.net/887309d048beef83ad3eabf2a79a64a389ab1c9f/2021/06/18/dbblog1603-11.png}}
+    * **Cross Region replication** - means there are read replica installed in other regions
+      * Cross-region Read replication happens **synchronously**, using MySQL protocol
+      * **Aurora MySQL** can do cross-region Aurora Replicas
+      * **Aurora Postgres** - can NOT [[https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Replication.html|cross-replicate between regions]]
+    * Failover (when region fails) or Switchover (when planned) happens in seconds but **surprisingly manually**
+    * Each Aurora DB cluster has **one cluster endpoint** and **one primary DB instance**. A **cluster endpoint (or writer endpoint)** for an Aurora DB cluster connects to the current primary DB instance for that DB cluster. This **cluster-endpoint** is the **only one that can perform write operations** such as DDL statements. Because of this, the cluster endpoint is the one that you connect to when you first set up a cluster or when your cluster only contains a single DB instance.
+    * https://aws.amazon.com/de/blogs/database/cross-region-disaster-recovery-using-amazon-aurora-global-database-for-amazon-aurora-postgresql/
+      * After detaching the read-replica in another region - the **endpoint of the new Write-cluster** in a new region after the failover - **changes**. Application must know the new endpoint, or cross regional DNS must be in place.
   * EC2
     * Emphimeral **Ec2 instance volumes** - **doesnt support snapshots**. Only EBS does.
@@ Line 347: / Line 376: @@
     * Weighted routing policy – Use to route traffic to multiple resources in proportions that you specify.
     * https://tutorialsdojo.com/latency-routing-vs-geoproximity-routing-vs-geolocation-routing/
   * AWS **Database Migration Service (DMS)**
     * With AWS DMS, you can discover your source data stores, convert your source schemas, and migrate your data.
     * At a basic level, AWS DMS is a server in the AWS Cloud that runs replication software. You create a source and target connection to tell AWS DMS where to extract data from and where to load it.
@@ Line 612: / Line 641: @@
     * from e.g. IP spoofing
   * AWS Elastic Beanstalk - deployment strategy https://stackoverflow.com/questions/38656595/difference-between-rolling-rolling-with-additional-batch-and-immutable-deployme
+    * https://blog.shikisoft.com/which_elastic_beanstalk_deployment_should_you_use/
     * **All at once**: Replace all v1 with v2 at the same time. Failure not handled.
     * **Canary**: A v2 is deployed and observed. If successful, all remaining v2 instances are deployed immediately.