Читать книгу AWS Certified SysOps Administrator Official Study Guide - Cole Stephen - Страница 14
Chapter 1
Introduction to Systems Operations on AWS
Reference Architecture: The Three-Tier Design
ОглавлениеOne of the earliest cloud-native architectures used is the three-tier design, which includes the following:
■ A front-end web server layer
■ An application middle layer
■ A database layer
In many cases, the first two layers might be fronted, or decoupled, with elastic load balancers.
Introduction to the Three-Tier Design
The model of a three-tier architecture was introduced in the late 1990s. It was an evolution from a two-tier architecture (client/server), which was an evolution from a monolithic (mainframe-based) architecture. One of the original drivers for a three-tier architecture was the desire to implement a web-based interface to existing applications, which were currently being accessed via a command-line interface (CLI).
The focus of this model is on application architecture. Each application has its own unique architecture, which exists independently of any other application.
Web Tier
The Web Tier is the front end to the application. It accepts the request from the user and passes that request to the Application Tier. It takes the response from the Application Tier and presents it back to the user. The format of the response is controlled at this tier, whether it is an HTML document, a CSV file, a PDF file, or some other format.
This tier has no direct access to the Database Tier, and it should be decoupled from any processes happening in the Application Tier or the Database Tier.
Application Tier
The Application Tier is a middleware tier where the internal business logic resides. It responds to requests from the Web Tier and communicates directly with the Database Tier. The Application Tier operates and scales independently of the other tiers.
Database Tier
The Database Tier is a back-end tier where the databases manage the state of the application. This tier should only be accessed by the Application Tier. It processes requests from the Application Tier and provides responses back to the Application Tier.
Sample Scenario
To better prepare you for the exam, this book references a few sample architectures. These are provided to give a framework to the discussions. Although the problem we might be addressing is specific, the services we use are universal to most architectures on AWS.
Three-Tier Architecture
The Challenge
An application runs an order management system for a global company. The application will manage inventory, customer records, and orders in an integrated system.
Some of the system requirements include flexibility to adjust to changing needs. It must be scalable to handle variable customer loads. It must have separate front-end and processing layers to allow User Interface (UI) development to be isolated from business logic programming.
It must be cost effective. In addition to scalable web and application instances, it should leverage native, cost-effective services such as elastic load balancing and Amazon S3.
The environment must be secure. Steps should be taken to ensure that all traffic is properly protected in transit and at rest. All access must be controlled and monitored at all times. All critical data must be stored in durable, highly-available systems, protected against node failure.
The Solution
As we examine the pieces of the solution, we start by breaking down the components of the architecture. Then we focus on how systems operators interact with the individual pieces and begin thinking about how those pieces fit into the certification exam.
Environment
Architectures live inside AWS Regions; in this scenario, in us-west-2 (Oregon, United States). Regions are made up of multiple Availability Zones, which provide the foundation for highly available architectures. Although this is a systems operation exam, it is critical to understand the nature of AWS Regions and Availability Zones.
Each AWS Region is a separate geographic area. Each AWS Region has multiple, isolated locations known as Availability Zones. AWS Regions and Availability Zones are discussed in Chapter 5, “Networking.”
Networking
Networking components start inside the AWS Region with Amazon Virtual Private Cloud (Amazon VPC). Amazon VPC is a private network in the AWS Region that isolates all traffic from the millions of other applications running in AWS. A deep dive into Amazon VPC (and the rest of its components) is found in Chapter 5.
Amazon VPC is divided into subnets; all assets running in your Amazon VPC are assigned to a subnet. Unlike on-premises subnetting decisions that can affect latency between servers, Amazon VPC subnets only affect access. Access between subnets is controlled through network Access Control Lists (nACLs), and access in and out of Amazon VPC is controlled through attached gateways. In this scenario, the only gateway is the Internet Gateway (IGW), and it allows traffic to and from external (public IP) sources.
By granting route table access to the gateway only to specific subnets, ingress and egress can be tightly controlled. In this scenario, public subnets indicate IGW access. Without IGW access, the subnets become private; that is, they are accessible only to private IP networks.
To learn about the other gateways that could be leveraged to create hybrid or other private architectures, refer to Chapter 5.
Security groups are often part of the networking discussion. They provide stateful firewalls that operate at the hypervisor levels for all individualAmazon Elastic Compute Cloud (Amazon EC2) instances and other Amazon VPC objects. In this scenario, we potentially have seven different security groups:
Public Elastic Load Balancing The only security group that allows full public access
Web Tier Amazon EC2 This accepts traffic only from public Elastic Load Balancing.
Private Elastic Load Balancing This accepts traffic only from Web Tier Amazon EC2.
Application Tier Amazon EC2 This accepts traffic only from private Elastic Load Balancing.
Amazon ElastiCache This accepts traffic only from Application Tier Amazon EC2.
Amazon Relational Database Service (Amazon RDS) This accepts traffic only from Application Tier Amazon EC2.
Network Address Translation (NAT) This is used only for internally initiated outbound traffic.
By specifically stacking security groups in this manner, you can provide layers of network security that surround the database portion of the three-tier design.
Compute
In this scenario, you use traditional compute methods, such as Linux servers running on Amazon EC2. Amazon EC2 comes in many sizes (how many CPUs, how much memory, how much network capacity, and so on), known as instances. Based on the Amazon Machine Image (AMI), each Amazon EC2 instance can run a wide range of Linux- or Windows-based operating systems as well as preinstalled software packages. Amazon EC2 instances also support runtime configuration as required.
The requirements for the scenario include scalable solutions. AWS provides Auto Scaling as an engine that can take predefined launch configurations and dynamically add or remove instances from the web or the Application Tier based on metrics.
Details on Amazon EC2, Auto Scaling, and other compute resources are found in Chapter 4, “Compute.”
Database
Amazon RDS runs in your Amazon VPC on Amazon EC2. You select the database engine and version (MySQL, Oracle, Postgres, and so forth) and the configuration (the size of the Amazon EC2 instance, which subnets to use, how often to take backups, and so on). Amazon RDS takes care of the infrastructure of the instances and the engine; your database administrator (DBA) takes care of the database schema and data.
This scenario also includes Amazon DynamoDB, a native NoSQL engine optimized for consistent low latency, high availability, and strongly consistent reads and writes. Unlike Amazon RDS (or do-it-yourself databases running on Amazon EC2), Amazon DynamoDB operates at the regional level through API access only.
For details on how Amazon DynamoDB and other databases function, refer to Chapter 7, “Databases.”
Storage
This scenario looks at storage in three different areas: the block storage used by the Amazon EC2 instances, the object storage keeping all of the media as well as backups and AMIs, and the caching storage used by Amazon CloudFront.
Amazon EBS is durable, persistent block storage used by most Amazon EC2 and Amazon RDS instances. It provides drive space for boot volumes and data volumes. Additionally, AWS provides ephemeral storage for many Amazon EC2 instance types through instance storage. Deciding which one to use becomes an operational value judgment, one that compares speed, persistence, and cost.
Object storage is provided by Amazon S3. Amazon S3, like Amazon DynamoDB, operates at the regional level outside Amazon VPC. It is only accessed through API commands that your operations team controls with fine-grained precision. Highly cost-effective and massively durable, Amazon S3 provides web-enabled storage for content as well as protected storage for database backups and AMI storage.
Amazon CloudFront is the AWS content delivery network service (CDN). This application leverages Amazon CloudFront to cache content close to consumers in order to improve performance (reduce latency) and reduce costs.
Storage systems, including shared file systems, the Amazon Elastic File System (Amazon EFS), and cold storage via Amazon Glacier, are discussed in Chapter 6, “Storage.”
User Management
Although not drawn in the sample three-tier architecture diagram, user management becomes one of the critical elements of the AWS operational design. Operator access is controlled through AWS Identity and Access Management (IAM). IAM maintains control over validating authentication methods (passwords, access keys, and so on) and then grants access to authenticated operators.
Because everything in AWS is accessed through APIs, IAM becomes a comprehensive tool for controlling all permissions to AWS services and resources.
For established enterprise customers, IAM can be integrated with existing directory systems via AWS Directory Service.
AWS IAM controls access to AWS services and resources. It does not control access to the Amazon EC2 operating system or application-level authentication. For more details, refer to the shared responsibility model in Chapter 3, “Security and AWS Identity and Access Management (IAM).”
Security, Monitoring, and Deployment
Security is integral to every part of the AWS platform. This means that security is part of each piece of the architecture.
There are some specific AWS security tools, such as Amazon Inspector, Amazon VPC Flow Logs, Amazon CloudWatch Logs, and others which provide a more focused toolset that the AWS operations team can leverage to ensure the security profile of the AWS application. These and many other tools are discussed in Chapter 3.
Monitoring of critical systems is provided by Amazon CloudWatch, which provides visibility into metrics that happen on the Customer side of the shared responsibility model. Thousands of metrics across more than 90 services keep track of everything from CPU consumption to latency, queue depths, and so on.
AWS CloudTrail records every API call in the AWS system, including:
■ Who made the API call
■ When the API call was performed
■ Where the API call originated
■ The result of the API call
These records and other log files are processed through Amazon CloudWatch Logs, which analyze text data for patterns that trigger alerts and corresponding actions.
Automated deployment methods ensure that human error does not disrupt rollouts or updates to production or sandbox environments. AWS CloudFormation turns infrastructure plans into code, allowing your operations team to build and tear down entire systems in a single action. Refer to Chapter 8, “Application Deployment and Management,” for more details.
Key Products: Three-Tier Design
As described above, the three-tier architecture consists of a web front end, an application layer, and database layer. In addition to the compute, storage, and database resources, additional AWS infrastructure may need to be deployed. Refer to Table 1.1 for a list of key products.
TABLE 1.1 Key products: three-tier architecture
It may seem like a daunting list, but this represents the core services (the toolset) that all AWS systems operators need to understand fully. As with any craft, it is important to use the right tool for the right job. You could use a torque wrench to smooth wet concrete, but of course there are much more appropriate tools for that task. Knowing the wide variety of AWS tools available to you is just as important.
Reference Architecture: The Serverless Design
As application design continues to evolve, individual instances are replaced with container services. Container services eventually are replaced by the final abstraction: serverless architectures.
There are many variations of serverless architectures. Rather than assume a generic use case, let’s look at a specific scenario that might be used by your operations team.
Serverless Architectures
The Challenge
In this scenario, we want to find a better way to track the number of outstanding security updates on our production fleet. A serverless solution would be ideal, because we would not be adding any servers to maintain and we would only be paying for the compute time of the AWS Lambda functions.
The Solution
Python code executing in AWS Lambda on a regular schedule will use the Secure Shell (SSH) protocol to query for outstanding security updates on production instances. Python code (running anywhere) can use the AWS Boto Software Development Kit (SDK) to query Amazon EC2 for a list of specially tagged instances. The Python code establishes an SSH connection to the instances, and it executes a small script to find the number of required security updates. After you have this information, you can present it to the systems operations team as a tag on the instances, again using the AWS Boto SDK.
Networking
The AWS Lambda functions run in their own Amazon VPC. We establish Amazon VPC peering between the two Amazon VPCs to allow network connections between the AWS Lambda function and the production Amazon EC2 instances. This requires the creation of routing tables to direct the traffic between the two Amazon VPCs.
Security and Authentication
The AWS Lambda function must authenticate at two different levels: when the function queries the Amazon EC2 APIs via the Boto SDK and when the function establishes an SSH connection to the operating system on the production instances. AWS Lambda functions are configured with an IAM role and policy, which grants access to query the Amazon EC2 APIs. SSH authentication uses a Rivest-Shamir-Adleman (RSA) public/private key authentication. The AWS Lambda function has the private portion on the key. The Linux operating system on the production instances is configured with the public portion of the key. The operating system uses the public key to authenticate the SSH connection being initiated from the AWS Lambda function (see Figure 1.1).
FIGURE 1.1 Lambda function interacting with the Amazon EC2 API and EC2 instances
Lambda supports these runtime versions: Node.js, Java, and .Net Core. For more information, see Chapter 4.
Let’s take an extra step to secure the private portion of the SSH key. This key is used by the AWS Lambda function to prove that it is allowed to SSH into the production instances and execute a script – so it is very important to keep secrets secret! The secret key is encrypted using the AWS Key Management Service (AWS KMS) and stored in Amazon S3. For the AWS Lambda function to retrieve the key from Amazon S3 and decrypt with AWS KMS, you must update the IAM policy associated with the AWS Lambda function. More information on cryptography is provided in Chapter 3. (See Figure 1.2.)
FIGURE 1.2 AWS KMS operations with Lambda
Who is allowed to access the encrypted private key in Amazon S3? Who is allowed to decrypt it? This is determined by the IAM policies in the AWS application.
Where and how do we apply network firewall type rules? The AWS Lambda function will be communicating to the production Amazon EC2 instances on the SSH port 22. Let’s apply the least privilege principle here and ensure that only the AWS Lambda function is able to connect on port 22. We do this by creating security groups for both the production instances and the AWS Lambda function.
Key Product: Serverless Design
Many of the same services used in the three-tier architecture are used in the serverless design. Here are some of the unique services leveraged by this serverless architecture:
TABLE 1.2 Key Products: Serverless Design