Scriptorium

[AWS] Load Balancing

Load balancing is a method used to distribute incoming connections across a group of servers or services.

Elastic Load Balancing (ELB) automates distributing traffic evenly to all instances in multiple AZs within a region.
- Cross Zone Load Balancing allows load balancers to cross multiple AZs.
SSL can be directly applied to ELB – can help reduce the compute power on an EC2 instance.

[AWS] CloudFront

Cloud Front is a Content Delivery Network (CDN) – lower latency, higher transfer speed, and reduced server load. It has built-in DDoS (distributed denial of service) attack protection.

CloudFront is a global service.
The domain name is created when a distribution is created and is used to view contents in a browser.
Objects are cached for the life of the Time to Live (TTL). – 24 hours by default
You can invalidate (clear) cached contents manually with some costs.
You can use CloudFront Groups (the primary origin and the second origin) for origin failover.

[AWS] Route 53

Route 53 configures and manages domains: domain registration, DNS (Domain Name System) service, and health checking. – DNS uses port 53. That is how the name comes from.

Route 53 is commonly used with ELB (Elastic Load Balancer) and CloudFront.
Split-View DNS option (Hosted zones) allows maintaining both a private and a public hosted zone with the same domain name.
- The private hosted zones are allowed with VPCs. Associated VPCs can see the interval version of a website by using the private zone’s A record.
- A public hosted zone holds the information about how to route the public domain name. The host (www) portion is not included in a public zone’s naming convention.
In Route 53, the TTL (Time to Live) is the amount of time that the DNS resolver will cache the record.
When creating an A record, you need to specify TTL, a routing policy, and IP values.

Domain Name System (DNS)

DNS is a process of mapping a human-friendly domain name to an IP address.

DNS Root Servers: A group of servers to answer the root zone. Top Level Domains (TLDs) are controlled by the root zone database – Internet Assigned Numbers Authority (IANA).
Domain Registrars: All domain names must be unique. A registrar is an authority that can assign domain names to top-level domains and ensure its uniqueness. Each domain name becomes registered in a central database (WhoIS server).

[AWS] VPC – VPC Flow Logs

This post deals with how to monitor VPC traffics. VPC Flow Logs can capture IP traffic information going from or to the network interfaces in a VPC.

Every year in North America, there are a couple of occasions when we can have huge discounts for almost everything. Black Friday sales or Boxing days are well known. One of the chances is the Amazon prime day sales (10/13 – 10/14 in 2020). Even weeks before the event, we were bombarded by the advertisement from Amazon and shopping guides from all types of media.

[AWS] VPC – Security

VPCs can be protected with 2 layers of firewalls; One for a subnet (NACL) and another for an instance (Security Group).

[AWS] VPC – IGW

Internet Gateway (IGW)

Internet Gateway (IGW) is an entry point to the VPC from the public.

IGW provides NAT (Network Address Translation) for instances that have a public IP assigned:
Translation between public IP to Private IP
Only 1 IGW can be attached to a VPC.
The default VPC is already attached to an IGW.