Notes on AWS, Big Data, Machine Learning and Leadership: December 2017

Sunday, 31 December 2017

AWS CloudWatch (Events)

Overview

AWS Resources publish information about state changes as CloudWatch Events
Target can execute action upon event
Rule can route event to Target
Use cases
- Invoke Lambda to modify DNS when EC2 instance is launched
- Direct CloudTrail records to Kinesis
- Run SSM command on when instance is launced
- Log AWS API Calls
Near real-time
At least-one trigger

Event

Triggered by:
- AWS resource changes state, e.g
  - EC2 instance pending->running
  - ASG launches or terminates an instance
  - EBS created a snapshot
  - Code Deploy instance state change
  - Sign-in to AWS Management Console
  - [many other AWS Services]
- AWS CloudTrail
  - Can be used as intermediary
  - Read/Write calls supported by CloudTrail can be relayed as Events
- Customer code publishes event (PutEvents)
- Scheduled (self-triggered)
  - Cron expressions
  - Rate expressions
Uses JSON format
Can contain custom payload (useful for Lambda)

Event Bus

Each AWS account has default bus
Allows sending events to receiver AWS account
- On receiver account specify permissions
- Create a rule
- Attach foreign Event Bus as a target

Rule

matches incoming events and route to targets
matching is unordered

Target

Receives event as JSON
- AWS Systems Manager (Run Command)
- EC2 API calls
- ECS tasks
- Lambda
- Kinesis Streams
- SNS
- [other AWS Services]
- Event Bus in another account

References

http://docs.aws.amazon.com/AmazonCloudWatch/latest/events/DocumentHistory_cwe.html

AWS ELB(NLB)

Overview

Operates at OSI Level 4 (connection level)
- TCP: IP + Port
- Level 3 would be just IP
Full control over IP addresses
- Single IP address per AZ (VPC subnet)
  - EIP possible to attach
  - No CNAME resolution
Long-running connections (months) supported
- Normally idles after timeout
- Use cases: IoT, gaming, messaging
- No idle-timeout configuration
Zonality
- No cross-zone balancing
  - But fails over to another AZ if all targets unhealthy (Route 53)

Limitations

No SSL termination
No Backend server encryption

Types

Internet-facing
Internal

Target Types

Instance Id or IP (just like ALB)

Performance

Scales to millions of requests
Very low latency
Handles volatile traffic well
- Sudden spike (e.g. "flash sales")

Client source IP

Unlike other ELB it preserves source IP address
Only applies to targets registered by instance ID (not IP targerts)
Proxy Protocol still available
No need for X-Forwarded-For

Monitoring

VPC flow logs (instead of access logs)
CloudWatch

Healthchecks

Network level
- Observes normal (organic) traffic to target
Application level (like CLB/ALB)
- Synthetic

Pricing

NLCU
- 100K active connections / minute
- 800 new connections (flows) / second
- 2.22 Mbps (1 GB / h)
Highest dimension used (like in ALB)

References

https://aws.amazon.com/elasticloadbalancing/details/#compare https://aws.amazon.com/elasticloadbalancing/details/#compare

AWS ELB(ALB)

Overview

Layer 7 (advanced)
- Content based routing
Evaluates listener rules
Use cases
- Single LB fronting different types of services (e.g. website, api)
- Microservices in containers (integrated wih ECS)
Improved performance over ELB (cheaper)
Integrated with WAF
IPv6 support

Types

Internet facing
Internal

Limitations

No backend authentication (unlike CLB)

Listeners

HTTP/HTTPS
- Ports 1-65535
HTTPS
- Multiple certificates possible (SNI)
  - Smart selection if
WebSockets
- HTTP (ws://) or HTTPS (wss://)
HTTP/2
- HTTPS listeners only
- Server-Push not available
Has Listener Rules (1+)

Listener Rule

Contains
- Priority
- Action
  - Always forward request
- Optional Host
  - Host-based routing
- Optional Path
  - Path-based routing
Default rule has no conditions (catch-all)

Target

Type
- EC2 instance
- IP address
  - Inside/outside VPC (e.g. on-premise)
  - IP must be private
    - ClassicLink instances
    - Peered-VPC
    - On-premise instances (Direct Connection/VPN)
      - Use case: migrate-to-cloud/burst-to-cloud/fail-over-to-cloud
State
- draining
Same target may be registered multiple times (different ports) e.g. microservices

Target Group

Set of targets
Listener rule forwards traffic to Target Group
Has its own HealthCheck
- If no healthy targets still routes traffic
You don't need to take the whole instance out of rotation
May be attached to Auto Scaling Group

Request Tracing

LB injects a header X-Amzn-Trace-Id
Supports chaining: Field={Root, Self}
Visible in Access Logs ("trace_id")

Sticky Sessions

Only LB cookie supported (AWSALB)
Websockets are inherently sticky (long-lasting connection)

Healthchecks

Ability to define "successful" HTTP status codes

Pricing

Per-hour fee
LCU
- Dimenstions
  - 3000 Active Connections per minute
  - 25 new connections established per second
    - Certificate key size matters (shorter = cheaper)
  - 1000 rules evaluation
  - Data transferred 2.25 Mbps (=1 GB/per-hour)
- Highest dimension used to evaluate number of LCUs consumed

References

Thursday, 28 December 2017

AWS Batch

Overview

Simplifies running batch jobs
Provisions EC2 resources
- Allows to specify % of spot instances
Lower level than Hadoop
No additional pricing
Uses ECS container instances to execute jobs
Scales to 100K+ jobs

Batch Computing Advantages

You can shift computing when it is cheaper
Avoids idling resources + higher efficiency
Enables prioritization

Use Cases

File uploaded to S3
- SNS notification
  - Lambda submits a batch job

Job (what)

Unit of work
- Shell script
- Linux executable
- Container image (docker)
  - Pulled from internal/external registry
Runs as containerized application
Has AWS Job Id and Name
Can reference other jobs (dependencies)
- You can chain multiple jobs
Parameters can get overridden

Job Definition (how)

"Blueprint for resources"
Name:RevisionNumber
Hardware requirements
- vCPU
- Memory
Mount points
Environmental variables
jobRoleARN - permission passed to the container

Job States

SUBMITTED
- Added to the queue
- Upon evaluation by Job Scheduler transitions to
  - PENDING (has dependencies)
  - RUNNABLE (no dependencies
PENDING
- cannot run due to dependencies
- if dependency fails the parent jobs moves to FAILED, too
RUNNABLE
- no outstanding dependencies
- can be started as soon as resources are available
STARTING
- scheduled on the host
- container initialization is underway; transitions to
  - RUNNING
RUNNING
- Running as a container job on ECS container instance
SUCCEEDED
- Job completed with Exit code = 0
- Logs available in CloudWatch Logs
FAILED
- All available attempts failed
- Retry
  - Trigger
    - Exit Code != 0
    - EC2 instancec failure
    - AWS failure
  - Attempts
    - Default:1 , Max:10
    - AWS_BATCH_JOB_ATTEMPT environmental variable passed

Job Queue

Place where submitted jobs reside until scheduled
Priority value associated
Has Compute Environments associated
- Ordered, Max 3

Scheduler

Attached to a Job Queue
Decides when and where jobs are run (i.e. what resources)
Dependency-aware
Runs queues according to priorities
FIFO

Compute Environment

Same as ECS Cluster
Set of compute resources
Types
- Managed
  - Specific Instance Types (multiple) or The Newest
  - Min/Max/Desired vCPUs
- Unmanaged
  - AWS Batch creates ECS Cluster
  - Use when you need special resources (e.g. EFS, Dedicated Hosts)

Array Job

Collection or
Examples (embarrassingly parallel)
- Monte Carlo simulations
- Parametric sweeps
- Large rendering jobs
Submitted like a single job
- Specify array size
- AWS_BATCH_JOB_ARRAY_INDEX passed to container
Parent Array Job has normal AWS Batch Id (e.g. 1)
- Children have index appended (e.g. 1:0)
Dependency type
- SEQUENTIAL
  - A:1 cannot start until A:0 succeeds
- N_TO_N
  - Allows to run multi-stage processing
  - Each job corresponds to input split

References