mirror of
https://github.com/nickpoida/og-aws.git
synced 2025-03-09 15:40:06 +00:00
Joshua Levy
GitHub
commit
9f68b312a3
1 changed files with 10 additions and 9 deletions
19
README.md
19
README.md
|
|
@ -877,13 +877,13 @@ EFS
|
||||||
|
|
||||||
### EFS Tips
|
### EFS Tips
|
||||||
|
|
||||||
- With EFS being based on NFSv4.1, any directory on the EFS can be mounted directly, it doesn't have to be the root directory. One application could mount *fs-12345678:/prog1*, another *fs-12345678:/prog2*.
|
- With EFS being based on NFSv4.1, any directory on the EFS can be mounted directly, it doesn't have to be the root directory. One application could mount *fs-12345678:/prog1*, another *fs-12345678:/prog2*.
|
||||||
- [User and group level permissions](https://docs.aws.amazon.com/efs/latest/ug/accessing-fs-nfs-permissions.html) can be used to control access to certain directories on the EFS file system.
|
- [User and group level permissions](https://docs.aws.amazon.com/efs/latest/ug/accessing-fs-nfs-permissions.html) can be used to control access to certain directories on the EFS file system.
|
||||||
- ⏱ One EFS file system can be used for multiple applications or services, but it should be considered carefully:
|
- ⏱ One EFS file system can be used for multiple applications or services, but it should be considered carefully:
|
||||||
|
|
||||||
Pros:
|
Pros:
|
||||||
- Because performance is based on total size of stored files, having everything on one drive will increase performance for everyone. One application consuming credits faster than it can accumulate might be offset by another application that just stores files on EFS and rarely accesses them.
|
- Because performance is based on total size of stored files, having everything on one drive will increase performance for everyone. One application consuming credits faster than it can accumulate might be offset by another application that just stores files on EFS and rarely accesses them.
|
||||||
|
|
||||||
Cons:
|
Cons:
|
||||||
- Since credits are shared, if one application over-consumes them, it will affect the others.
|
- Since credits are shared, if one application over-consumes them, it will affect the others.
|
||||||
- A compromise is made with regards to [security](http://docs.aws.amazon.com/efs/latest/ug/security-considerations.html). All clients will have to have network access to the drive. Someone with root access on one client instance can mount any directory on the EFS and they have read-write access to all files on the drive, even if they don't have access to the applications hosted on other clients.
|
- A compromise is made with regards to [security](http://docs.aws.amazon.com/efs/latest/ug/security-considerations.html). All clients will have to have network access to the drive. Someone with root access on one client instance can mount any directory on the EFS and they have read-write access to all files on the drive, even if they don't have access to the applications hosted on other clients.
|
||||||
|
|
@ -1194,10 +1194,10 @@ Lambda
|
||||||
|
|
||||||
### Lambda Code Samples
|
### Lambda Code Samples
|
||||||
|
|
||||||
- Example of using Lambda to 'fan-out' or copy data from one service, in this case Kinesis to multiple other AWS data service as [Fan-out](https://github.com/awslabs/aws-lambda-fanout). Destinations for fan-out data in the sample include IoT, SQS and more.
|
- [Fan-out](https://github.com/awslabs/aws-lambda-fanout) is an example of using Lambda to “fan-out” or copy data from one service, in this case Kinesis, to multiple other AWS data services. Destinations for fan-out data in the sample include IoT, SQS and more.
|
||||||
- AWS Service Limit Monitor [using Lambdas](https://github.com/awslabs/aws-limit-monitor). Example code shows use of multiple lambdas for monitoring.
|
- This [AWS limit monitor using Lambdas](https://github.com/awslabs/aws-limit-monitor) shows use of multiple Lambdas for monitoring.
|
||||||
- Example of using Lambda with ECS in an 'extended worker' pattern via [Lambda ECS Worker Pattern](https://github.com/awslabs/lambda-ecs-worker-pattern). Example code shows use of lambda in a workflow, data from S3 is picked up by the lambda, pushed to a queue, then sent to ECS for more processing.
|
- This [Lambda ECS Worker Pattern](https://github.com/awslabs/lambda-ecs-worker-pattern) shows use of Lambda in a workflow where data from S3 is picked up by the Lambda, pushed to a queue, then sent to ECS for more processing.
|
||||||
- Sample Java application which uses Lambda and API Gateway with Cognito (for user identity) via [Secure Pet Store](https://github.com/awslabs/api-gateway-secure-pet-store). Example shows services working together in a complete application.
|
- The [Secure Pet Store](https://github.com/awslabs/api-gateway-secure-pet-store) is a sample Java application which uses Lambda and API Gateway with Cognito (for user identity).
|
||||||
|
|
||||||
🚧 [*Please help expand this incomplete section.*](CONTRIBUTING.md)
|
🚧 [*Please help expand this incomplete section.*](CONTRIBUTING.md)
|
||||||
|
|
||||||
|
|
@ -1248,8 +1248,9 @@ Route 53
|
||||||
- You can use them for CLBs/ALBs or any other resource where AWS supports it.
|
- You can use them for CLBs/ALBs or any other resource where AWS supports it.
|
||||||
- Somewhat confusingly, you can have CNAME and A aliases, depending on the type of the target.
|
- Somewhat confusingly, you can have CNAME and A aliases, depending on the type of the target.
|
||||||
- Because aliases are extensions to regular DNS records, if exported, the output [zone file](https://en.wikipedia.org/wiki/Zone_file) will have additional non-standard “ALIAS” lines in it.
|
- Because aliases are extensions to regular DNS records, if exported, the output [zone file](https://en.wikipedia.org/wiki/Zone_file) will have additional non-standard “ALIAS” lines in it.
|
||||||
- Take advantage of AWS Route 53 latency based routing. This means that your users around the globe are automatically directed to the nearest AWS region where you are running in terms of having the shortest latency.
|
- [**Latency-based routing**](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-latency) allows users around the globe to be automatically directed to the nearest AWS region where you are running, so that latency is reduced.
|
||||||
- Understand that domain registration and DNS management (hosted zones) are two separate Route 53 services. When you buy/transfer a domain, Route 53 automaticcaly assigns four name servers to it (e.g. ns-2.awsdns-00.com). Route 53 also offers to automatically create a hosted zone for DNS management, but you are not required do do your DNS management in the same account or even in Route 53. You just need to create an NS record pointing to the servers assigned to your domain in Route 53. A use case would be to put your domain registration (very mission critical) in a [bastion account] (https://cloudonaut.io/your-single-aws-account-is-a-serious-risk/) while managing the hosted zones within another account which is accessible by your applications.
|
- Understand that domain registration and DNS management (hosted zones) are two separate Route 53 services. When you buy/transfer a domain, Route 53 automaticaly assigns four name servers to it (e.g. ns-2.awsdns-00.com). Route 53 also offers to automatically create a hosted zone for DNS management, but you are not required do your DNS management in the same account or even in Route 53; you just need to create an NS record pointing to the servers assigned to your domain in Route 53.
|
||||||
|
- One use case would be to put your domain registration (very mission critical) in a [bastion account](https://cloudonaut.io/your-single-aws-account-is-a-serious-risk/) while managing the hosted zones within another account which is accessible by your applications.
|
||||||
|
|
||||||
CloudFormation
|
CloudFormation
|
||||||
--------------
|
--------------
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue