Chapter 14: Architecture Best Practices

1. B, E. Amazon Kinesis is a platform for streaming data on AWS, offering powerful services to make it easy to load and analyze streaming data. Amazon SQS is a fast, reliable, scalable, and fully managed message queuing service. Amazon SQS makes it simple and cost-effective to decouple the components of a cloud application.

• Kinesis 提供了流处理能力，简化了加载和分析流式数据。
• Amazon SQS提供了mq能力供解耦；

2. B, C. Launching instances across multiple Availability Zones helps ensure the application is isolated from failures in a single Availability Zone, allowing the application to achieve higher availability. Whether you are running one Amazon EC2 instance or thousands ,you can use Auto Scaling to detect impaired Amazon EC2 instances and unhealthy applications and replace the instances without your intervention. This ensures that your application is getting the compute capacity that you expect, thereby maintaining your availability.

• 多AZ可以提升可用性；
• AS可以将受损实例快速替换掉；

3. A, E. Amazon DynamoDB runs across AWS proven, high-availability data centers. The service replicates data across three facilities in an AWS region to provide fault tolerance in the event of a server failure or Availability Zone outage. Amazon S3 provides durable infrastructure to store important data and is designed for durability of 99.999999999% of objects. Your data is redundantly stored across multiple facilities and multiple devices in each facility. While Elastic Load Balancing and Amazon ElastiCache can be deployed across multiple Availability Zones, you must explicitly take such steps when creating them.

• Amazon DynamoDB是按照单region跨AZ设计的，支持容灾；
• S3也是按照单Region中多az自动复制设计的，支持容灾高可用；
• ELB、Elastic Cache的跨AZ能力必须在创建的时候指定；

4. A, D. Auto Scaling enables you to follow the demand curve for your applications closely, reducing the need to provision Amazon EC2 capacity manually in advance. For example, you can set a condition to add new Amazon EC2 instances in increments to the Auto Scaling group when the average CPU and network utilization of your Amazon EC2 fleet monitored in Amazon CloudWatch is high; similarly, you can set a condition to remove instances in the same increments when CPU and network utilization are low.

• 通过CloudWatch来监控实例的网络和cpu利用率；通过AS自动伸缩实例个数；

5. B, D, E. There is no direct way to encrypt an existing unencrypted volume. However, you can migrate data between encrypted and unencrypted volumes.

• 没有办法将已经存储数据的卷进行加密。可以通过迁移数据的方式完成；

6. A, C, D. The attack surface is composed of the different Internet entry points that allow access to your application. The strategy to minimize the attack surface area is to (a) reduce the number of necessary Internet entry points, (b) eliminate non-critical Internet entry points, (c) separate end user traffic from management traffic, (d) obfuscate necessary Internet entry points to the level that untrusted end users cannot access them, and (e) decouple Internet entry points to minimize the effects of attacks. This strategy can be accomplished with Amazon VPC.

• 降低或者减少攻击区域策略如下：
• 减少internet entry points个数；
• 终止不重要的internet entry points
• 分离用户流量和管理平台流量；
• 模糊访问入口，对不被信任的用户不开放；
• 解耦internet访问入口，减少攻击效果；

7. C. Amazon RDS read replicas provide enhanced performance and durability for Amazon RDS instances. This replication feature makes it easy to scale out elastically beyond the capacity constraints of a single Amazon RDS instance for read-heavy database workloads. You can create one or more replicas of a given source Amazon RDS instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput.

• RDS提供了读的副本能力，可以缓解数据库读的压力；

8. A. An alias resource record set can point to an ELB. You cannot create a CNAME record at the top node of a Domain Name Service (DNS) namespace, also known as the zone apex, as the case in this example. Alias resource record sets can save you time because Amazon Route 53 automatically recognizes changes in the resource record sets to which the alias resource record set refers.

• 我们不能再R53创建CNAME指向ELB的连接。主要是我们不能在顶级DNS空间中创建一个CNAME记录；alias资源记录设置可以节省时间，因为R53可以自动识别资源记录的改变。

9. D. An instance profile is a container for an AWS Identity and Access Management (IAM) role that you can use to pass role information to an Amazon EC2 instance when the instance starts. The IAM role should have a policy attached that only allows access to the AWS Cloud services necessary to perform its function.

• 一个Instance profile 可以将IAM ROLE的信息传递到EC2 instance

10. B. Amazon API Gateway is a fully managed service that makes it easy for developers to publish, maintain, monitor, and secure APIs at any scale. You can create an API that acts as a “front door” for applications to access data, business logic, or functionality from your code running on AWS Lambda. Amazon API Gateway handles all of the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management.

• AWS提供了API gateway支持微服务落地；

11. C. Amazon EFS is a file storage service for Amazon EC2 instances. Multiple Amazon EC2 instances can access an Amazon EFS file system at the same time, providing a common data source for the content of the WordPress site running on more than one instance.

• EFS这个共享存储的卷可以支持多个EC2节点共同挂载；

12. A. Amazon DynamoDB is a NoSQL database store that is a great choice as an alternative due to its scalability, high-availability, and durability characteristics. Many platforms provide open-source, drop-in replacement libraries that allow you to store native sessions in Amazon DynamoDB. Amazon DynamoDB is a great candidate for a session storage solution in a share-nothing, distributed architecture.

• 一般是nosqldb来存储session状态这类数据，DynamoDB就是NOSQLDB；

13. B. Amazon SQS is a fast, reliable, scalable, and fully managed message queuing service. Amazon SQS should be used to decouple the large volume of inbound transactions, allowing the back-end services to manage the level of throughput without losing messages.

• 交易解耦一般通过SQS这种方式来做；

14. B, C, E. You should protect AWS user access keys like you would your credit card numbers or any other sensitive secret. Use different access keys for different applications so that you can isolate the permissions and revoke the access keys for individual applications if an access key is exposed. Remember to change access keys on a regular basis. For increased security, it is recommended to configure MFA for any sensitive operations. Remember to remove any IAM users that are no longer needed so that the user’s access to your resources is removed. Always avoid having to embed access keys in an application.

• 保护aws的ak方式如下：
• 使用不同的ak对于不同的application；
• 定期更改ak；
• 使用MFA来控制敏感操作；
• 要避免将ak嵌入到application中；
• 记得删除IAM USER的时候，也会将用户的ak删除；

15. A, B, E. You can enable AWS CloudTrail in your AWS account to get logs of API calls and related events’ history in your account. AWS CloudTrail records all of the API access events as objects in an Amazon S3 bucket that you specify at the time you enable AWS CloudTrail. You can take advantage of Amazon S3’s bucket notification feature by directing Amazon S3 to publish object-created events to AWS Lambda. Whenever AWS CloudTrail writes logs to your Amazon S3 bucket, Amazon S3 can then invoke your AWS Lambda function by passing the Amazon S3 object-created event as a parameter. The AWS Lambda function code can read the log object and process the access records logged by AWS CloudTrail.

• 记录api的调动并审计，主要使用CloudTrail服务，然后存储到S3中，然后通过lambda函数来进行处理；

16. B. Amazon Glacier enables businesses and organizations to retain data for months, years, or decades, easily and cost effectively. With Amazon Glacier, customers can retain more of their data for future analysis or reference, and they can focus on their business instead of operating and maintaining their storage infrastructure. Customers can also use Amazon Glacier Vault Lock to meet regulatory and compliance archiving requirements.

• 最佳性价比的方法是使用Glacier，因为不需要随时查询，只是存档；

17. A. Many companies that distribute content via the Internet want to restrict access to documents, business data, media streams, or content that is intended for selected users, such as users who have paid a fee. To serve this private content securely using Amazon CloudFront, you can require that users access your private content by using special Amazon CloudFront-signed URLs or signed cookies.

• 只针对付费用户服务，可以使用signed URL的方式提供服务；

18. B. Amazon S3 provides highly durable and available storage for a variety of content. Amazon S3 can be used as a big data object store for all of the videos. Amazon S3’s low cost combined with its design for durability of 99.999999999% and for up to 99.99% availability make it a great storage choice for transcoding services.

• 对于视频的存储转码，可以使用S3进行存储，然后调用转码付费进行转换；

19. A. An Availability Zone consists of one or more physical data centers. Availability zones within a region provide inexpensive, low-latency network connectivity to other zones in the same region. This allows you to distribute your application across data centers. In the event of a catastrophic failure in a data center, the application will continue to handle requests.

• 如果只是容灾，可以通过多个az的分布式完成；

20. C. You can use a NAT gateway to enable instances in a private subnet to connect to the Internet or other AWS services, but prevent the Internet from initiating a connection with those instances. If you have resources in multiple Availability Zones and they share one NAT gateway, resources in the other Availability Zones lose Internet access in the
    event that the NAT gateway’s Availability Zone is down. To create an Availability Zone independent architecture, create a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone.

• NAT实例提供了对外调用的能力，如果是担心单点故障，可以通过单AZ独立创建一个NAT的方式进行处理；

知识点总结

• Understand highly available architectures. A system is highly available when it can withstand the failure of an individual or multiple components. If you design architectures around the assumption that any component will eventually fail, systems won’t fail when an individual component does.

• 系统的高可用是指当一个或者多个组件失败的时候，系统仍旧可用。架构师设计系统的时候就要假定任何组件会失败，系统不会宕机当任何单一组件不可用。

• Understand redundancy. Redundancy can be implemented in either standby or active mode. When a resource fails in standby redundancy, functionality is recovered on a secondary resource using a process called failover. The failover will typically require some time before it is completed, and during that period the resource remains unavailable. In active redundancy, requests are distributed to multiple redundant compute resources, and when one of them fails, the rest can simply absorb a larger share of the workload. Compared to standby redundancy, active redundancy can achieve better utilization and affect a smaller
  population when there is a failure.

• 冗余可以通过standby和active模式实现。当一个资源通过standby方式冗余。功能是可以通过failover机制恢复的。failover将会需要一些时间完成回复，资源将保持不可用。在active模式下，请求被分发到多个冗余的计算资源上，当其中一个失败了，剩下的会简单完成请求分发。相对于standby冗余，active冗余可以获得更好的利用率，同时在发生失败的时候产生的影响较小。

• Understand elasticity. Elastic architectures can support growth in users, traffic, or data size with no drop in performance. It is important to build elastic systems on top of a scalable architecture. These architectures should scale in a linear manner, where adding extra resources results in at least a proportional increase in ability to serve additional system load.
  The growth in resources should introduce economies of scale, and cost should follow the same dimension that generates business value out of that system. There are generally two ways to scale an IT architecture: vertically and horizontally.

• 理解弹性伸缩。弹性架构可以支持用户流量及数据量的快速增长，同时不影响性能。构建一个弹性可伸缩的系统架构非常重要。当增加额外的资源提升能力的时候，这些架构可以支持负载线性增长。资源的增加会导致经济成本的扩展，成本会随时商业价值提升而增长。这里一般有水平扩展和垂直扩展两种方法来扩展架构；

• Understand vertical scaling. Scaling vertically takes place through an increase in the specifications of an individual resource (for example, upgrading a server with a larger hard drive or a faster CPU). This way of scaling can eventually hit a limit, and it is not always a cost efficient or highly available approach.

• 垂直扩展是通过增加资源规格的方式提升性，例如通过增加一个大的硬盘或者更高的CPU来提升一个服务器。这种形式的扩展会有一个限制，同时他不会是一个高可用的方法。

• Understand horizontal scaling. Scaling horizontally takes place through an increase in the number of resources. This is a great way to build Internet-scale applications that leverage the elasticity of cloud computing. It is important to understand the impact of stateless and stateful architectures before implementing horizontal scaling.

• 水平扩展是通过增加一定数量资源完成的。这事一个比较好的方法去构建互联网应用，借助了云的弹性伸缩能力。在实现水平扩展的时候，理解有状态或者无状态的架构非常重要。

• Understand stateless applications. A stateless application needs no knowledge of the previous interactions and stores no session information. A stateless application can scale horizontally because any request can be serviced by any of the available system compute resources.

• 理解无状态应用。一个无状态应用不需要上一步的动作，同时不存储session信息。一个无状态应用可以水平扩展，因为任何请求都可以被任何可用的计算资源处理。

• Understand loose coupling. As application complexity increases, a desirable characteristic of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed as “black boxes” to reduce interdependencies so that a change or a failure in one component does not cascade to other components. The more loosely system components are coupled, the larger they scale.

• 应用复杂度增加的情况下，小的、组件松耦合的IT系统特性被期望。这就意味着IT系统需要被设计成黑盒去减少交互依赖，以保证一个组件的改变或者失败不会关联到其他组件。系统组件松耦合做的越好，他们就越容易扩展。

• Understand the different storage options in AWS. AWS offers a broad range of storage choices for backup, archiving, and disaster recovery, as well as block, file, and object storage to suit a plethora of use cases. It is important from a cost, performance, and functional aspect to leverage different storage options available in AWS for different types of datasets.

• AWS提供了一系列的的存储选择，如备份、归档、容灾恢复、块存储、文件存储和对象存储，去匹配不同的使用场景。对于不同的数据集，从性价比，功能特性等角度考虑存储选择是非常重要的。