Route53

Amazon Route 53
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other, often using a process called recursion.

CNAME Record
A Canonical Name record (CNAME) is a type of resource record in the Domain Name System (DNS) used to specify that a domain name is an alias for another domain, the “canonical” domain. All information, including subdomains, IP addresses, etc. are defined by the canonical domain.

Canonical Domain
Canonical Domain is another name for the CNAME DNS record type. The CNAME record is used to create an alias for the canonical domain.

Alias Record
Alias resource record sets provide an Amazon Route 53 specific extension to DNS functionality. Instead of an IP address or a domain name, an alias resource record set contains a pointer to a CloudFront distribution, an ELB load balancer, an Amazon S3 bucket that is configured as a static website, or another Amazon Route 53 resource record set in the same hosted zone. When Amazon Route 53 receives a DNS query that matches the name and type in an alias resource record set, Amazon Route 53 follows the pointer and responds with the applicable value.

Resource Record Set
Resource record sets are the basic information elements of the domain name system. Each record set includes the name of a domain or a subdomain, a record type, and other information applicable to the record type.

The Name Server (NS) Resource Record Set
Amazon Route 53 automatically creates a name server (NS) resource record set when you create a new hosted zone with the same name as your hosted zone. It lists the four name servers that are the authoritative name servers for your hosted zone. Do not add, change, or delete name servers in this resource record set.

For Example:

  • ns-2048.awsdns-64.com
  • ns-2049.awsdns-65.net
  • ns-2050.awsdns-66.org
  • ns-2051.awsdns-67.co.uk

Health check

AWS auto scaling

EC2からauto scaling groupを押下します。

get started を押下後、Amazon Linux 2 AMIを選択します。

public ip addressを各インスタンスに割り当てる。

セキュリティグループの設定

auto scaling groupの詳細設計

auto scaling group

Elastic File System(EFS)

EC2 に行き、セキュリティグループを触ります。

-ファイルシステムの作成
何やってるか、わからなくなってくる。

ファイルシステムへのアクセス

VPC、アベイラビリティゾーン、サブネット、IPアドレス、セキュリティグループがあります。

puttyでec2にログインします。

mount instruction

sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport fs-7ac198b3.efs.eu-west-1.amazonaws.com:/ efs

[ec2-user@ip-10-0-1-61 ~]$ sudo df -hT
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 488M 56K 488M 1% /dev
tmpfs tmpfs 497M 0 497M 0% /dev/shm
/dev/xvda1 ext4 7.8G 1.2G 6.5G 16% /

sudo fio –name=fio-efs –filesize=10G –filename=./efs/fio-efs-test.img –bs=1M –nrfiles=1 –direct=1 –sync=0 –rw=write –iodepth=200 –ioengine=libaio

CloudWatch

なんだこれ、凄いな。

AWS 暗号化キーの作成

IAMで作成します。

キーID
arn:aws:kms:us-east-1:835000831331:key/fac3b7bf-50f8-4c2f-8e86-c986f32b5511

CloudTrail

S3でuploadする際に、AWS KMS マスターキーで暗号化キーを選択します。

https://s3-us-west-2.amazonaws.com/mycloudtrailbucket7777/AWSLogs/835000831331/CloudTrail/us-west-2/2018/08/28/835000831331_CloudTrail_us-west-2_20180828T1225Z_sQK866tTbfY8AWgK.json.gz
access denied.

CloudFront

ネットワーキング & コンテンツ配信ですね。

CloudFront distributionでS3を選択します。

Distribution ID E3U6CEULBHSZIB
ARN arn:aws:cloudfront::838236696057:distribution/E3U6CEULBHSZIB
Log Prefix –
Delivery Method Web
Cookie Logging Off
Distribution Status InProgress
Comment –
Price Class Use All Edge Locations (Best Performance)
AWS WAF Web ACL –
State Enabled
Alternate Domain Names (CNAMEs) –
SSL Certificate Default CloudFront Certificate (*.cloudfront.net)
Domain Name d24aew1nc9kquu.cloudfront.net
Custom SSL Client Support –
Security Policy TLSv1
Supported HTTP Versions HTTP/2, HTTP/1.1, HTTP/1.0
IPv6 Enabled
Default Root Object –
Last Modified 2018-08-28 21:03 UTC+9
Log Bucket

deployに15~20分かかるとのこと。

Redshift

A cluster is a fully managed data warehouse that consists of a set of compute nodes. Each cluster runs an Amazon Redshift engine and contains one or more databases.

クラスターの起動

詳細設定

クラスターの起動

クラスターのエンドポイント

connect
うお!なんだこれ

IAMロール

run query

COPY users FROM 's3://awssampledbuswest2/tickit/allusers_pipe.txt'
CREDENTIALS 'aws_iam_role=arn:aws:iam::363059336304:role/Redshift-Role'
DELIMITER '|';

S3からimport
凄い

SELECT userid, firstname, lastname, city, state
FROM users
WHERE likesports AND NOT likeopera AND state = 'OH'
ORDER BY firstname;

割と早いですね。
ここでもCSVをS3に保存して処理してます♪

Amazon

概念図

Lambda Node.js 8.10を選択します。
index.jsをsetする。

新規API

{“q”:”How do I compile my AWS Lambda function Java code?”,”a”:”You can use standard tools like Maven or Gradle to compile your Lambda function. Your build process should mimic the same build process you would use to compile any Java code that depends on the AWS SDK. Run your Java compiler tool on your source files and include the AWS SDK 1.9 or later with transitive dependencies on your classpath. For more details, see our documentation.”}

う~ん、よくわからん。lambdaと組み合わせて使ってますね。他も、AWSのメニューとの組み合わせが多いですな。

AWS IAM

IAMに行きます。Securityは詳しくなりたい。

in the navigation pane on the left, click users.

あ、userとroleだ。これはIAMでなくてもやりますね。
ユーザー1はアクセス権限がありません。

ユーザーだけでなく、グループもある。

IAM Policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:Describe*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "elasticloadbalancing:Describe*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cloudwatch:ListMetrics",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:Describe*"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "autoscaling:Describe*",
      "Resource": "*"
    }
  ]
}

business scenario
User In Group Permissions
user-1 S3-Support Read-Only access to Amazon S3
user-2 EC2-Support Read-Only access to Amazon EC2
user-3 EC2-Admin View, Start and Stop Amazon EC2 instances

Groupにユーザーを追加

作成したユーザー+permissionでコンソールにログインできるようになる。

なるほどね。
意外と重要な知識だった。