Skip to main content

High Lights- 2

Secrets Management​

  • AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources.
    • Enables easy rotation, management, and retrieval of database credentials, API keys, and other secrets.
    • Applications can retrieve secrets via Secrets Manager APIs, removing the need to hardcode secrets.
    • Offers secret rotation with Amazon RDS, Amazon Redshift, and Amazon DocumentDB.
    • Note: KMS is an encryption service, not a secrets store.

Auto Scaling Group (ASG) Behavior​

  • Auto Scaling Group is not terminating an unhealthy Amazon EC2 instance:
    • Instance may be in Impaired status.
    • The health check grace period has not yet expired.
    • Instance has failed the ELB health check.

ASG termination policies

Amazon RDS​

  • Read Replicas are used for scalability (not availability). Amazon RDS RR

  • DB Snapshots are stored in an S3 bucket in the same region.

    • No direct access is granted to these snapshots.
  • Billing:
    • Read replicas are billed as standard DB instances.
    • No charges for intra-region replication traffic.

DNS Settings for Private Hosted Zones​

DNS hostnames and DNS resolution are required for private hosted zones to function.

DNS Hostnames​

  • Disabled by default in non-default VPCs.
  • Must be enabled to use private hosted zones.

DNS Resolution​

  • Works only with the VPC DNS server (reserved IP: base of VPC IPv4 + 2).
  • Enable only if using private hosted zones, not if using custom DNS servers via DHCP options.

EC2 User Data Scripts​

  • Scripts run as root (no need for sudo).
  • Files are owned by root.
  • Adjust permissions for non-root access.

Placement Groups in EC2​

Cluster Placement Group​

  • Packs instances in one AZ for low-latency.
  • Best for HPC workloads.
  • Not for distributed workloads like Hadoop.

Partition Placement Group​

  • Spreads across partitions with separate hardware.
  • Ideal for distributed, replicated systems like Kafka, Hadoop, Cassandra.

Spread Placement Group​

  • Spreads a few instances across distinct hardware.
  • Reduces correlated failure risk.
  • Not for distributed workloads like Hadoop.

Amazon Kinesis & Firehose​

  • With Kinesis Data Stream as the source for Kinesis Firehose:
    • Firehose's PutRecord and PutRecordBatch are disabled.
    • Kinesis Agent cannot write directly to Firehose.
    • Use Kinesis Data Streams PutRecord and PutRecords APIs.

Routing policies

AWS Transit Gateway & Shared Services Architecture​

  • In a hub-and-spoke architecture, Transit Gateway connects VPCs across accounts.
  • A Shared Services VPC centralizes services like:
    • Directory Services
    • VPC Endpoints
Benefits:
  • Reduces duplication and admin overhead.
  • Centralized control and cost efficiency.