amazon web services - computer engineering · pdf fileamazon web services ... auto scaling,...
TRANSCRIPT
Amazon Web Services
Università degli Studi di Roma “Tor Vergata” Dipartimento di Ingegneria Civile e Ingegneria Informatica
Corso di Sistemi Distribuiti e Cloud Computing A.A. 2016/17
Valeria Cardellini
Amazon Web Services • A broad set of services that provides developers with
global compute, storage, database, and more advanced services, such as analytics, application and deployment services, messaging
Valeria Cardellini - SDCC 2016/17
1
• Mostly popular for IaaS services and primarily for its elastic compute service EC2
• A market leader • See 2016 Magic Quadrant
for Cloud Infrastructure as a Service by Gartner
• See AWS analyst reports
Which services (partial list) • Compute
– Elastic Compute Cloud (EC2) + Auto Scaling, Elastic Load Balancing
– EC2 Container Service – Elastic Beanstalk – Lambda – Lightsail
• Storage – Simple Storage Service (S3) – Glacier – Elastic File System (EFS)
• Database – DynamoDB – Relational Database Service (RDS) – ElastiCache
• Management Tools – CloudWatch
2 Valeria Cardellini - SDCC 2016/17
• Networking & Content Delivery - Virtual Private Cloud (VPC) - Route 53 - CloudFront
• Analytics - Elastic MapReduce (EMR) - Kinesis - Data Pipeline - Elasticsearch Service
• Artificial Intelligence - Machine Learning
• Messaging – Simple Queue Service (SQS) – Simple Notification Service (SNS)
• Application Services – Elastic Transcoder
• Security, Identity & Compliance – Identity and Access Management (IAM)
In red the services we’ll see
Full list of services from the dashboard
Valeria Cardellini - SDCC 2016/17
3
AWS global infrastructure • AWS Regions aws.amazon.com/about-aws/globalinfrastructure/
– Geographically dispersed (16 geographic regions) – Current regions: US East (Northern Virginia, Ohio), US West
(Oregon, Northern California), EU (Ireland, Frankfurt, London), Canada (Central), Asia Pacific (Singapore, Sydney, Tokyo, Seoul, Mumbai), South America (Sao Paulo), China (Beijing)
– Special AWS GovCloud region for US government agencies and customers (security issues!)
• Some services are global, i.e., do not require AWS region selection – E.g., S3 is a global service
• Some services are not supported in all the regions – See
aws.amazon.com/about-aws/global-infrastructure/regional-product-services/
Valeria Cardellini - SDCC 2016/17
4
Elastic Compute Cloud (EC2) • Provides resizable compute capacity in the cloud
– Allows to increase/decrease capacity (start/stop instances) within seconds
– Multiple server instances can be launched simultaneously
• Instances can be configured for memory, number of vCPUs, and storage by choosing T-shirt sizes
• Pricing: pay-per-use on hourly basis • Guarantees complete control over instances
– Root SSH access, GUI, command line tools, APIs
• Offers advanced services – Elastic Block Store (EBS) – Elastic Load Balancer (ELB) – CloudWatch + AutoScaling – Elastic IP
5 Valeria Cardellini - SDCC 2016/17
EC2 instances: types
Valeria Cardellini - SDCC 2016/17
6
• Computing power of EC2 instances expressed as number of core and EC2 Compute Units (ECU) - 1 ECU = equivalent CPU capacity of a 1.0-1.2 GHz 2007
Opteron or 2007 Xeon processor - See aws.amazon.com/ec2/pricing/ for pricing
• EC2 instance types aws.amazon.com/ec2/instance-types/ – General-purpose (t2, m4, m3)
• Various “T-shirt sizes”: nano, micro, small, medium, large, xlarge, 2xlarge
• Micro instances: very low-cost instance option (included at no charge in AWS Free tier), providing a small amount of CPU resources (good choice for SDCC project development!)
– Compute optimized (c4, c3) • medium, large, xlarge, 2xlarge, 4xlarge, 8xlarge (up to 36 vCPUs)
– Memory optimized (x1, r4, r3) • xlarge, 2xlarge, 4xlarge, 8xlarge (up to 1,952 GiB)
– Storage optimized (i3) • xlarge, 2xlarge, 4xlarge, 8xlarge, 16xlarge (up to 8 x 1.9 TB SSD)
– GPU instances (NVIDIA GPUs) (p2, g2) • xlarge, 8xlarge, 16xlarge (up to 16 GPUs)
EC2 instances: pricing • On-demand instances
– Billing per-hour with no long-term commitments – Read carefully the pricing:
• “Pricing is per instance-hour consumed for each instance, from the time an instance is launched until it is terminated or stopped. Each partial instance-hour consumed will be billed as a full hour”
• Reserved instances – One-time payment to reserve an instance for 1 or 3 years – Significant discount on hourly usage charge (up to 75%)
• Spot instances – Enable users to bid for unused EC2 capacity – Spot price fluctuates in real-time according to supply and
demand – Run whenever the user bid exceeds the current spot price – Can be interrupted by Amazon – Allow to lower computing costs for time-flexible, interruption-
tolerant tasks
7 Valeria Cardellini - SDCC 2016/17
EC2 instances: pricing • Spot instances (continue)
– Pricing history can be examined before bidding – New opportunities for business: companies such as CloudCheckr
and Flux7 (VyScale) offer new services for the spot instance market to optimize costs paid by AWS EC2 users
8 Valeria Cardellini - SDCC 2016/17
Amazon Machine Images
• Amazon Machine Images (AMIs) are templates from which it is possible to create a virtual machine – Contain a software configuration, including an operating
system – Specified when launching an instance (first step)
• Created from scratch or bundled from existing EC2 instances
• Once created, stored in S3 and identified by a unique identifier – Personal use – Available to other users
Valeria Cardellini - SDCC 2016/17
9
EC2 locations • Amazon EC2 is hosted in multiple locations world-wide
(AWS Regions) • Each region is completely independent
• Each region consists of one or more availability zones • Availability Zones (AZ)
– Distinct locations in the same region engineered to be insulated from failures in other availability zones
– AZs in a region are connected through low-latency links – Used to protect applications from failure of a single location
10 Valeria Cardellini - SDCC 2016/17
EC2 interface • AWS management console
• Command Line Interface (CLI)
• API tools
• Third-party libraries – E.g., boto: AWS SDK for Python (not only EC2) ec2.create_instances(ImageId='<ami-image-id>', MinCount=1, MaxCount=5)!
• Third-party management frameworks
Valeria Cardellini - SDCC 2016/17
11
Elastic Block Store (EBS) • Provides persistent block-level storage volumes for EC2
instances – Off-instance storage that persists independently from the life of an
EC2 instance – EBS volumes from 1 GB to 1 TB
• EBS volume is automatically replicated within its AZ to avoid data loss
• EBS volume can be adapted as the needs of the applications change (capacity, performance, size)
• EBS volume can be used at instance’s boot partition or attached to running instance – EBS volumes attached only to instances in the same AZ – 1 EBS volume attached to 1 instance at time (1-to-1), but N EBS
volumes attached to a single instance (N-to-1)
• Can create point-in-time snapshots of volumes stored to S3 12 Valeria Cardellini - SDCC 2016/17
CloudWatch
• Provides monitoring for AWS resources (e.g., EC2 instances, DynamoDB tables) and applications running on AWS
• Used to collect and track metrics • CloudWatch alarms send notifications or automatically
make changes to monitored resources based on user-defined rules
13 Valeria Cardellini - SDCC 2016/17
• Useful also for cost monitoring – E.g., to stop under-
used instances
CloudWatch concepts • Metric
– Time-ordered set of data points – PutMetricData API allows users to create custom metrics
• Statistics – Metric data aggregated over specified periods of time – Available statistics: min, max, sum, average, sample count – Retrieved by GetMetricStatistics API
• Period – Length of time associated with a specific CloudWatch statistic – Measured in seconds, ranges from 60 (one minute) to 1209600
(two weeks)
• Alarm – Watches a single metric over a specified time period – Performs one or more actions based on the value of the metric
relative to a given threshold over a number of time periods
14 Valeria Cardellini - SDCC 2016/17
CloudWatch metrics
• EC2 metrics – CPU utilization: CPUUTilization!– Disk usage: DiskReadOps/DiskWriteOps, DiskReadBytes/DiskWriteBytes
– Data transfer: NetworkIn/NetworkOut!
• Elastic Load Balancing metrics – Latency!– RequestCount: number of completed requests!– HealthyHostCount/UnHealthyHostCount: number of
healthy/unhealthy instances in each Availability Zone!– Count of HTTP response codes (2xx, 3xx, 4xx, 5xx) generated
by Load Balancer or back-end instances
15 Valeria Cardellini - SDCC 2016/17
CloudWatch interface • Command line interface • Libraries
– Java, .NET, Python, Ruby, Node.js, …
• CloudWatch API • Amazon CloudWatch console (also for Android and IoS)
16 Valeria Cardellini - SDCC 2016/17
CloudWatch Alarms & Auto Scaling • An alarm watches a single metric over a time period and performs
one or more actions based on the value of the metric relative to a given threshold over a number of time periods
• Possible states: OK, ALARM, INSUFFICIENT_DATA!• When an alarm changes its state, an action is invoked
– Auto Scaling policy
Example Threshold = 3
minimum breach = 3 periods
17 Valeria Cardellini - SDCC 2016/17
Auto Scaling • Auto Scaling allows to automatically scale EC2 capacity
up or down based on user-defined policies, health status checks, and schedules, e.g., – Dynamically based on conditions specified by user (e.g.,
increasing CPU utilization of the Amazon EC2 instance) – Predictably according to a schedule defined by user (e.g.,
every Friday at 13:00:00). • Enabled by Amazon CloudWatch
– Uses CloudWatch alarms
• Included with EC2 – No additional fee
18 Valeria Cardellini - SDCC 2016/17
Auto Scaling policies
• Auto Scaling policy defines actions to take when an alarm state changes
• For every monitored event, 2 policies to be defined: – Scale-in policy – Scale-out policy
• Example: – Scale-out: to add new Amazon EC2 instances in increments of 3
instances to the Auto Scaling Group when the average CPU utilization of the Amazon EC2 fleet goes above 70%
– Scale-in: to remove Amazon EC2 instances in the same increments when CPU Utilization falls below 10%
19 Valeria Cardellini - SDCC 2016/17
Auto Scaling policies (2) • A policy can be created or updated using PutScalingPolicy API with parameters (some): – AdjustmentType: possible values are ChangeInCapacity, ExactCapacity, PercentChangeInCapacity!
– Cooldown: amount of time after a scaling activity completes and before the next scaling activity can start
– ScalingAdjustment: the amount of instances by which to scale (positive or negative)
!
"ScaleUpPolicy" : {! "Type" : "AWS::AutoScaling::ScalingPolicy",! "Properties" : {! "AdjustmentType" : "ChangeInCapacity",! "AutoScalingGroupName" : { "Ref" : "asGroup" },! "Cooldown" : "1",! "ScalingAdjustment" : "1"! }!}!
20 Valeria Cardellini - SDCC 2016/17
Elastic Load Balancing (ELB)
• Automatically distributes incoming traffic across multiple EC2 instances
21 Valeria Cardellini - SDCC 2016/17
ELB features • Detects unhealthy instances within a pool and
automatically reroutes traffic to healthy instances • Enabled across multiple availability zones within a region
– Not between availability zones in different regions! • Uses a least loaded balancing policy • Supports sticky sessions
– Load balancer generated HTTP cookies – Application-generated HTTP cookies
• Supports HTTPS • Enables the client to define an application health check
for the instances through the following parameters: – Threshold, Interval, Target, Timeout,
UnhealthyThreshold!
• Provides APIs to add/remove instances – RegisterInstancesWithLoadBalancer!– DeregisterInstancesWithLoadBalancer! 22
Valeria Cardellini - SDCC 2016/17
EC2 and related services problems • General problems
– No real-time billing – Performance level of a single VM may be variable and there is
very little guarantees regarding the performance of seemingly identical virtual machine instance; e.g., see Resource Provisioning of Web Applications in Heterogeneous Clouds
– Load balancing policy cannot be customized
• CloudWatch problems – Metric variation over a time interval is missing – Request count considers only the requests processed by the
load balancer (system throughput behind the ELB)
23 Valeria Cardellini - SDCC 2016/17
EC2 Container service • Provides container management service for Docker
containers • Allows the user to run applications (containerized
microservices) on a managed cluster of EC2 instances • API to launch and stop Docker-enabled applications,
query the cluster state, and access many features (security groups, ELB, EBS volumes, and IAM roles)
• Integrated with Application Load Balancer – Application-layer load balancing option ELB – Allows you to define routing rules based on content across
multiple services or containers running on EC2 instances
• No additional charge: the user pays for AWS resources (e.g. EC2 instances or EBS volumes) that creates to store and run the application
Valeria Cardellini - SDCC 2016/17
24
AWS Lambda
• Provides compute service that automatically runs the code without requiring the user to provision or manage servers – Code for virtually any type of application or backend service
• Automatically scales the application by running code in response to each trigger
• Used to build serverless applications composed of functions that are triggered by events and to automatically deploy them using AWS CodePipeline and AWS CodeBuild
• Fine-grained billing: charged for every 100ms the code executes and the number of times the code is triggered
Valeria Cardellini - SDCC 2016/17
25
Elastic IP & Virtual Private Cloud
• Elastic IP – IP address is not associated with a particular instance but
with a user account – The user controls an elastic IP address until she/he explicitly
releases it – Allows to mask instance or availability zone failures by
quickly remapping the elastic IP address to another instance/load balancer
• Virtual Private Cloud – Enables enterprises to connect their existing infrastructure to
a set of isolated AWS compute resources via a Virtual Private Network (VPN) connection
26 Valeria Cardellini - SDCC 2016/17
DNS service: Route 53
• Highly available and scalable DNS service – Routing queries to infrastructure running in AWS and outside
AWS
• Authoritative DNS server that answers DNS queries with low latency by using a global network of DNS servers – Queries are routed to the nearest DNS server through IP
anycast – Designed to automatically scale to handle very large query
volumes without any human intervention • Routing to AWS resources
– Latency-based routing: to the lowest-latency AWS endpoint available
– Weighted Round Robin: probabilistic selection based on statically assigned weight
27 Valeria Cardellini - SDCC 2016/17
Storage: Simple Storage Service (S3) • Distributed, eventually consistent, key value data store • Main features
– Insert, write, read, delete operations on objects up to 5 TB each • Objects cannot be manipulated (renamed, modified, relocated)
– Objects are stored into buckets and retrieved via a unique key • Flat structure, with no hierarchy as in a file system (e.g., buckets cannot be
nested) • The bucket region can be selected and related objects will not leave the region
– Accessible through REST interface – Access control policies, as well as encryption for both secure transit
and secure storage on disk – Objects are redundantly stored across multiple facilities in an
Amazon S3 Region • PUT and COPY operations synchronously store data across multiple facilities
before returning SUCCESS – Data integrity regularly verified using checksum – Reduced Redundancy Storage (RRS): storage option to reduce
costs by storing data at lower levels of redundancy 28 Valeria Cardellini - SDCC 2016/17
Databases: DynamoDB • Fully managed NoSQL database service that provides
fast and predictable performance with seamless scalability
• Consistency model – Eventually consistent reads (default) – Strongly consistent reads
• Automatically spreads the table data and traffic over a sufficient number of servers to handle the request capacity specified by the customer and the amount of data stored, while maintaining consistent, fast performance
• Data items stored on SSDs and automatically replicated across multiple availability zones in a region
• Integration with Elastic MapReduce
29 Valeria Cardellini - SDCC 2016/17
Databases: RDS • Relational DB (MySQL, Aurora, …) • Automatic configuration, management (software
patching, backup) and monitoring • For MySQL, possible to associate one or more read
replicas • Read carefully the AWS pricing!
– Data transfer cost between AWS regions and out from RDS to Internet
– Remember that you always pay on per-hour basis even if you use the service only for 10 seconds!
30 Valeria Cardellini - SDCC 2016/17
ElastiCache • Provides in-memory cache in the cloud to accelerate
applications that rely on slower disk-based storage and databases
Valeria Cardellini - SDCC 2016/17
31
• Supports two open-source in-memory caching engines: – Memcached: widely adopted
memory object caching system
– Redis: popular open-source in-memory key-value store that supports data structures such as sorted sets and lists; ElastiCache supports master/slave replication and Multi-AZ
• Cautions: consider trade-offs when caching query results (read/write ratio)
Content delivery: CloudFront • Content delivery network on top of the Amazon distributed
storage infrastructure • Delivers static, dynamic and streaming content using a
global network of edge replica servers • Requests are routed to the closest edge replica through
DNS redirection • Objects organized in distributions
– A distribution identifies the origin server – A distribution has a unique CloudFront.net domain name (e.g.
mydistribution.cloudfront.net)
• An origin server is the location of the definitive version of an object – This could be another ASW (S3 bucket, Amazon EC2 instance) or an
external origin server
• With respect to other CDNs, pay-per-use pricing 32 Valeria Cardellini - SDCC 2016/17
Simple Queue Service (SQS)
• Provides message queuing service that enables asynchronous message based communication between distributed components of an application
• When a message is received, it becomes “locked” while being processed – If the message processing fails, the lock will expire and the
message will be available again
33 Valeria Cardellini - SDCC 2016/17
Big Data: Elastic MapReduce (EMR) • Hadoop implementation of MapReduce running on
Amazon EC2 • Input and output: Amazon S3, DynamoDB • Allows to implement data processing applications in
many languages including Java, Python, and R • Also open-source frameworks in the Hadoop ecosystem
can be run on EMR – Hive, Pig, HBase, Ganglia (monitoring), Impala (SQL query
engine) and Hue (Hadoop UI)
• Also Spark and Flink • Read carefully EMR pricing!
– You have to pay for: EMR + EC2 (at least medium size) + input/output (S3, DynamoDB)
– Enable auto-terminate to create a transient cluster
34 Va
leria
Car
delli
ni -
SD
CC
201
6/17
Big Data: Kinesis • Cloud-based service for real-time data processing
over large, distributed data streams – Manages the infrastructure, storage, networking, and
configuration needed for data stream processing, including data replication across three facilities in an AWS Region
Valeria Cardellini - SDCC 2016/17
35
• Input: events and log data from sources such as servers, desktops, mobile devices, sensors
• Output: emits aggregated data to other AWS services: S3, EMR and Lambda
Data Pipeline
• A web service to reliably process and move data between different AWS compute and storage services, as well as on-premise data sources, at specified intervals
Valeria Cardellini - SDCC 2016/17
36
Elastic Beanstalk • Allows to deploy and manage applications leveraging AWS services
(EC2, S3, ELB, Auto Scaling, ElastiCache, SQS) but without the need to manage the corresponding services
• Supports multiple application environments: Docker, Python, PHP, Node.js, .NET, Ruby, and Java
• Features – Allows to simply and quickly create and manage applications through
the console
37 Valeria Cardellini - SDCC 2016/17
– When the developer creates the application environment, Elastic Beanstalk provisions the resources required to run it
– Allows the developer to customize and configure the environment
– Environment monitoring • Pricing: no additional charge for Elastic
Beanstalk, the user pays only for the underlying AWS resources that the application consumes
38 Valeria Cardellini - SDCC 2016/17
Example: Web application on AWS
How to obtain your AWS grant • Apply to the AWS Educate program
– See instructions in the specific email and follow them! – Two main portals:
• www.awseducate.com/SiteLogin Learning and training material
• console.aws.amazon.com/console/home Console for AWS cloud services
• Redeem the credit code before using AWS! • Be careful: when your credit expires, your credit card
will be charged • Check the list of AWS services that are included in
the grant • How to increase your grant
– GitHub Student Developer Pack
Valeria Cardellini - SDCC 2016/17
39
AWS Free Tier
• In addition to your grant • AWS Free Tier includes:
– Services with a free tier available for 12 months following your AWS sign-up date
– Additional service offers that do not automatically expire at the end of your 12 month AWS Free Tier term
See aws.amazon.com/free/
Valeria Cardellini - SDCC 2016/17
40
Monitoring AWS usage and costs
• Various methods, including: – Check the pricing of each service (also AWS Price List API) – Use CloudWatch to monitor charges with alerts and
notifications • Create a BillingAlarm
– Use Cost Explorer from the AWS dashboard
See Monitoring AWS usage and costs
Valeria Cardellini - SDCC 2016/17
41
Avoiding unexpected charges • Check the pricing of each service before using it!
- aws.amazon.com/pricing/services/ - E.g., db.r3.8xlarge for RDS: $4.64 per hour (or fraction of
hour) - Some services have linked costs, because services can be
launched by other services (e.g., EMR and EC2) - Consider also data transfer pricing (e.g., S3)
• Stop or terminate unused EC2 instances – Stop: you can start the instance again later, but you might be
charged for storage – Terminate: you permanently delete the instance
• Deregister unused AMIs • Release unused elastic IP addresses
See Avoiding Unexpected Charges Valeria Cardellini - SDCC 2016/17
42
Avoiding unexpected charges (2)
• Do not put your secret access keys on GitHub!
• Protect your access keys – Do not have an access key for your root account
See Best Practices for Managing AWS Access Keys
Valeria Cardellini - SDCC 2016/17
43
Some useful links
• AWS Documentation aws.amazon.com/documentation/
• AWS Articles & Tutorials aws.amazon.com/articles
• AWS Instructional Videos and Labs aws.amazon.com/training/intro_series/
• AWS Educate site www.awseducate.com/microsite
Valeria Cardellini - SDCC 2016/17
44