Skip to content

Instantly share code, notes, and snippets.

@faermanj

faermanj/rel1.md

Last active May 14, 2019 16:28
Show Gist options
  • Save faermanj/6b49afa6c48a19dd4d871ed2c11fc06e to your computer and use it in GitHub Desktop.
Save faermanj/6b49afa6c48a19dd4d871ed2c11fc06e to your computer and use it in GitHub Desktop.
Download ZIP
AWS Well Architected Solutions on Twitch.TV/AWS - Reliability Pillar
Raw
rel1.md

REL 1: How are you managing AWS service limits for your accounts?

AWS Service Limits

Active monitoring and managing limits

AWS Service Limits API

AWS Trusted Advisor Adds Service Limit Dashboard and CloudWatch Metrics

Create AWS CloudWatch Alarm on the Number of Running EC2 Instances

AWS Config Rules – Dynamic Compliance Checking for Cloud Resources

Using the AWS Config Service to Detect Unexpected Resource Usage

Implemented automated monitoring and management of limits

AWS Limit Monitor

$ aws support describe-trusted-advisor-check-result
--check-id eW7HH0l7J9
--query 'result.sort_by(flaggedResources[?status!="ok"],&metadata[2])[].metadata'
--output table
--region us-east-1

Aware of fixed service limits

Ensure there is a sufficient gap between the current service limit and the max usage to accommodate for fail over

  • How much redundancy should you provision? (domino effect vs. waste)

Flux: A New Approach to System Intuition

"In this situation we don’t have enough extra capacity running hot to instantly fail over, so scaling up takes some time."

Service limits are managed across all relevant accounts andr egions

Remember that service limits are usually per-region

Partner Tools

Clean Cloud(https://imgur.com/gallery/vAMGxZJ)

Raw
rel2.md

REL 2 How do you plan your network topology on AWS?

Connectivity back to data center is not needed

Consider startup vs. enterprise / new vs migration

Highly available connectivity between AWS and on-premises environment is implemented

AWS Direct Connect

Amazon VPC - VPN Connections

AWS Marketplace - OpenVPN

Multiple Data Center HA Network Connectivity

Multiple Region Multi-VPC Connectivity

Highly available network connectivity for the users of the workload is implemented

Amazon Route53

Amazon CloudFront

Elastic Load Balancing

  • Application Load Balancer
  • Network Load Balancer
  • Classic Load Balancer

Using static IP addresses for Application Load Balancers

AWS Marketplace - F5 Networks

AWS Marketplace - KEMP Technologies

Using non-overlapping private IP address ranges in multiple VPCs

https://en.wikipedia.org/wiki/Private_network

10.0.0.0 – 10.255.255.255 172.16.0.0 – 172.31.255.255 192.168.0.0 – 192.168.255.255

IP subnet allocation accounts for expansion and availability

  • Auto Scaling
  • Load Balancer
Raw
rel3.md
Raw
vpc.yaml
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
CidrBlock:
Type: String
Default: 192.168.0.0/16
Description: CIDR block for environment
SubnetPubACidr:
Type: String
Default: 192.168.1.0/24
Description: CIDR block for environment
SubnetPubBCidr:
Type: String
Default: 192.168.3.0/24
Description: CIDR block for environment
SubnetPvtACidr:
Type: String
Default: 192.168.2.0/24
Description: CIDR block for environment
SubnetPvtBCidr:
Type: String
Default: 192.168.4.0/24
Description: CIDR block for environment
Resources:
EnvironmentVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref CidrBlock
EnableDnsSupport: 'false'
EnableDnsHostnames: 'false'
InstanceTenancy: default
SubnetPubA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref EnvironmentVPC
CidrBlock: !Ref SubnetPubACidr
MapPublicIpOnLaunch: true
AvailabilityZone: !Select
- 0
- Fn::GetAZs: !Ref 'AWS::Region'
SubnetPubB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref EnvironmentVPC
CidrBlock: !Ref SubnetPubBCidr
MapPublicIpOnLaunch: true
AvailabilityZone: !Select
- 1
- Fn::GetAZs: !Ref 'AWS::Region'
SubnetPvtA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref EnvironmentVPC
CidrBlock: !Ref SubnetPvtACidr
MapPublicIpOnLaunch: false
AvailabilityZone: !Select
- 0
- Fn::GetAZs: !Ref 'AWS::Region'
SubnetPvtB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref EnvironmentVPC
CidrBlock: !Ref SubnetPvtBCidr
MapPublicIpOnLaunch: false
AvailabilityZone: !Select
- 1
- Fn::GetAZs: !Ref 'AWS::Region'
GatewayToInternet:
Type: AWS::EC2::InternetGateway
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref EnvironmentVPC
InternetGatewayId: !Ref GatewayToInternet
PubRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref EnvironmentVPC
PvtRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref EnvironmentVPC
PubToInternet:
Type: AWS::EC2::Route
DependsOn: GatewayToInternet
Properties:
RouteTableId: !Ref PubRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref GatewayToInternet
PubARouteTableAssociaton:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetPubA
RouteTableId: !Ref PubRouteTable
PubBRouteTableAssociaton:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetPubB
RouteTableId: !Ref PubRouteTable
PvtARouteTableAssociaton:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetPvtA
RouteTableId: !Ref PvtRouteTable
PvtBRouteTableAssociaton:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetPvtB
RouteTableId: !Ref PvtRouteTable
NatGateway:
Type: AWS::EC2::NatGateway
Properties:
AllocationId:
Fn::GetAtt:
- EIP
- AllocationId
SubnetId:
Ref: SubnetPubA
EIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
NatRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PvtRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: NatGateway
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment