AWS基础知识

news2024/11/14 15:39:52

VPC (Virtual Private Cloud):

参考:https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
With Amazon Virtual Private Cloud (Amazon VPC), you can launch AWS resources in a logically isolated virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

The following diagram shows an example VPC. The VPC has one subnet in each of the Availability Zones in the Region, EC2 instances in each subnet, and an internet gateway to allow communication between the resources in your VPC and the internet.
在这里插入图片描述

VPC Peering

参考: https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different Regions (also known as an inter-Region VPC peering connection).

AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck.

A VPC peering connection helps you to facilitate the transfer of data. For example, if you have more than one AWS account, you can peer the VPCs across those accounts to create a file sharing network. You can also use a VPC peering connection to allow other VPCs to access resources you have in one of your VPCs.
在这里插入图片描述

PrivateLink

参考:https://www.megaport.com/blog/aws-privatelink-explained/
PrivateLink is a networking construct that allows an application/service residing in one VPC (the “Service Provider VPC”) to be accessed by clients/consumers in (or through) other VPCs within the AWS Region (“Consumer VPCs”).

The consumer accesses the service privately via an interface (VPC Endpoint) deployed locally in the Consumer VPC, avoiding any requirement for internet connectivity and keeping all traffic inside AWS’s private network.

Importantly, the Service Provider VPC and the consumer VPCs can be owned by different AWS accounts.
在这里插入图片描述

VPC endpoints

VPC endpoints are resources that can be deployed into a VPC to serve as a path through which to access various services. Part of the VPC endpoint functionality forms part of PrivateLink.

There are 3 types of VPC endpoints:

  1. Interface endpoint - this is the type used by PrivateLink. It is a network interface with an IP address that sits inside the VPC subnet, and requests are made either directly to this IP or more commonly to a DNS name that resolves to this IP. PrivateLink then transparently sends these requests to the backend (the service provider) and returns the response.
  2. Gateway endpoint - this type of endpoint attaches to the VPC in a similar fashion to an Internet Gateway (IGW) or Virtual Gateway (VGW). It doesn’t appear as an IP within your VPC, but rather as a destination/target for routes in the VPC Route Table. Traffic to the IP addresses of the destination service is routed through the gateway endpoint. This type of endpoint is only available for S3 and DynamoDB (although you can also use an Interface Endpoint for those services), and can only be used by resources in the local VPC.
  3. Gateway Load Balancer endpoint - this type of VPC Endpoint is used to direct network traffic to a set of network virtual appliances (eg. firewalls) which are deployed using the Gateway Load Balancer service/architecture.

PrivateLink VS VPC Peerings

PrivateLink and VPC Peerings both provide a way to access resources in one VPC from another VPC, however, the method and use cases are quite different.

While PrivateLink creates a local interface with a local IP which allows unidirectional access to a specific application/port, VPC Peering creates a bidirectional layer 3 connection between two VPCs.

What this means is that PrivateLink allows consumers in one VPC to access a specific app in another VPC (with no traffic in the reverse direction), whereas VPC Peering allows all resources in two VPCs to talk to each other.

VPC Peering can also connect VPCs that are in different regions, where PrivateLink cannot. However, VPC Peering can be used in combination with PrivateLink to extend PrivateLink across regions.

Key Differences:

  1. Connectivity
    AWS PrivateLink: Provides unidirectional access from consumers in one VPC to a specific application or service in another VPC through a local interface with a local IP.
    VPC Peering: Establishes a bidirectional layer 3 connection between two VPCs, allowing all resources in both VPCs to communicate with each other.
  2. Use Case
    AWS PrivateLink: Ideal for exposing a specific service or application to consumers in another VPC while maintaining high security and isolation.
    VPC Peering: Suitable for creating a fully-meshed network where multiple VPCs need to communicate directly with each other.
  3. Architecture
    AWS PrivateLink: Uses interface endpoints to create a private connection to the service, simplifying the access control and security.
    VPC Peering: Requires the establishment of peering connections between each pair of VPCs, which can become complex as the number of VPCs increases.
  4. Transitive Routing
    AWS PrivateLink: Does not support transitive routing. Traffic is confined to the endpoint connection.
    VPC Peering: Does not support transitive routing. Each VPC must be directly peered with every other VPC it needs to communicate with.
  5. Network Connectivity
    AWS PrivateLink: Limited to the AWS region where the VPCs reside, but can be extended across regions using VPC Peering.
    VPC Peering: Supports both intra-region and inter-region connections, allowing VPCs in different regions to communicate directly.
  6. Security
    AWS PrivateLink: Provides enhanced security by isolating traffic within the AWS network and limiting exposure to a specific application or service.
    VPC Peering: Ensures secure communication between VPCs without traversing the public internet, but exposes all resources in the peered VPCs to each other.
  7. Complexity
    AWS PrivateLink: Easier to set up for specific service access, with simplified access control.
    VPC Peering: More complex to manage with an increasing number of VPCs due to the need for multiple peering connections.

Use Cases

  1. Choose AWS PrivateLink if:
    You need to provide access to a specific application or service in another VPC.
    You require unidirectional access to ensure tighter security controls.
    You want to simplify the setup and management of network connections to a specific service.
  2. Choose VPC Peering if:
    You need full bidirectional communication between two or more VPCs.
    Your architecture requires direct connectivity between all resources in the connected VPCs.
    You are connecting VPCs across different regions and need direct communication paths.

ELB (Elastic Load Balancing)

https://www.geeksforgeeks.org/elastic-load-balancer-in-aws/
The elastic load balancer is a service provided by Amazon in which the incoming traffic is efficiently and automatically distributed across a group of backend servers in a manner that increases speed and performance. It helps to improve the scalability of your application and secures your applications. Load Balancer allows you to configure health checks for the registered targets. In case any of the registered targets (Autoscaling group) fails the health check, the load balancer will not route traffic to that unhealthy target. Thereby ensuring your application is highly available and fault tolerant. To know more about load balancing refer to Load Balancing in Cloud Computing.

Types of Load Balancers:

  1. Classic Load Balancer
    It is the traditional form of load balancer which was used initially. It distributes the traffic among the instances and is not intelligent enough to support host-based routing or path-based routing. It ends up reducing efficiency and performance in certain situations. It is operated on the connection level as well as the request level. Classic Load Balancer is in between the transport layer (TCP/SSL) and the application layer (HTTP/HTTPS).
  2. Application Load Balancer
    This type of Load Balancer is used when decisions are to be made related to HTTP and HTTPS traffic routing. It supports path-based routing and host-based routing. This load balancer works at the Application layer of the OSI Model. The load balancer also supports dynamic host port mapping.
  3. Network Load Balancer
    This type of load balancer works at the transport layer(TCP/SSL) of the OSI model. It’s capable of handling millions of requests per second. It is mainly used for load-balancing TCP traffic.
  4. Gateway Load Balancer
    Gateway Load Balancers provide you the facility to deploy, scale, and manage virtual appliances like firewalls. Gateway Load Balancers combine a transparent network gateway and then distribute the traffic.

Placement Group

To meet the needs of your workload, you can launch a group of interdependent EC2 instances into a placement group to influence their placement.

Depending on the type of workload, you can create a placement group using one of the following placement strategies:

  • Cluster Placement Group – Packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of high-performance computing (HPC) applications.

  • Partition Placement Group – Spreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka.

  • Spread Placement Group – Strictly places a small group of instances across distinct underlying hardware to reduce correlated failures.

Placement groups are optional. If you don’t launch your instances into a placement group, EC2 tries to place the instances in such a way that all of your instances are spread out across the underlying hardware to minimize correlated failures.

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/1934715.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

【音视频 | HTTP协议】HTTP协议详细介绍(HTTP方法、报文格式、报文头部字段、状态码)

😁博客主页😁:🚀https://blog.csdn.net/wkd_007🚀 🤑博客内容🤑:🍭嵌入式开发、Linux、C语言、C、数据结构、音视频🍭 🤣本文内容🤣&a…

农业旅游与乡村旅游:融合绿色田野与诗意远方的经济新篇章

在这个快节奏的时代,人们对于回归自然、体验淳朴生活的渴望日益增强。农业旅游与乡村旅游,作为新兴的旅游形态,正逐步成为连接城市与乡村的桥梁,不仅为都市人提供了一片心灵的栖息地,也为农村地区带来了前所未有的发展…

pycharm如何debug for循环里面的错误值

一般debug时,在for循环里面的话,需要自己一步一步点。如果循环几百次那种就比较麻烦。此时可以采用try except的方式来解决 例子如下 #ptyhon debug for循环的代码 num[1,2,3,s,4] ans0 for i in num:try:ansiexcept:print(错误) print(ans) 结果如下&a…

m个人拉m盏灯后求灯的状态问题

之前看过一道题:有m盏灯,编号分别为1,2,3,...,m,每拉一次灯的开关,灯的亮灭状态就发生一次变化。这m盏灯初始状态都是亮着的,有m个人去拉灯,第1个人把所有的灯…

【Qt】之【Bug】error:C1083 无法打开包括文件

背景 a.cpp引用b.h正常,但是a.h引用b.h就报 “无法打开包括文件”的错误 分析 查看“编译输出”,显示不是a.h引起的错误,而是C插件, 查看后发现,C插件引用了a所在插件pro,但是没有引用a依赖的b所在的插件…

AI 模型本地推理 - YYPOLOE - Python - Windows - GPU - 吸烟检测(目标检测)- 有配套资源直接上手实现

Python 运行 - GPU 推理 - windows 环境准备python 代码 环境准备 FastDeploy预编译库下载 conda config --add channels conda-forge && conda install cudatoolkit11.2 cudnn8.2 pip install fastdeploy_gpu_python-0.0.0-cp38-cp38-win_amd64.whlpython 代码 impo…

[Doris]阿里云搭建Doris,测试环境1FE 1BE

首先:阿里云的国内服务器千万不要用容器搭建,或者自己Dockfile构建镜像。两种方式都不得行,压根拉不到github的镜像,开了镜像加速器也拉不到,不要折腾了,极其愚蠢。 背景:现在测试环境&#xff…

排序算法(4)之快速排序(2)

个人主页:C忠实粉丝 欢迎 点赞👍 收藏✨ 留言✉ 加关注💓本文由 C忠实粉丝 原创 排序算法(4)之快速排序(2) 收录于专栏【数据结构初阶】 本专栏旨在分享学习数据结构学习的一点学习笔记,欢迎大家在评论区交流讨论💌 目…

Pytorch学习笔记day3——用神经网络学习一组函数

好的,我们开始吧。首先第一个问题,神经网络的本质是什么?是古典主义的人类的神经元吗?绝对不是,他只是一个优化函数 y f θ ( x ) y f_{\theta}(x) yfθ​(x) 这和小学学到的线性函数拟合并无本质区别。只是其中参数…

使用IDEA编写lua脚本并运行

下载lua https://github.com/rjpcomputing/luaforwindows/releases 是否创建桌面快捷方式:我们的目标是使用IDEA编写lua脚本,所以不需要勾选。后面需要的话,可以到安装目录下手动创建快捷方式 环境变量自动配置 安装后会自动配置好环境变量…

Net8 Spire最新版去水印,去页数限制,转word/pptx/ofd等

新建控制台程序,添加Spire.pdf,最新版本为2024年7月17日 try {Spire.Pdf.PdfDocument pdf new Spire.Pdf.PdfDocument();pdf.LoadFromFile("test.pdf");pdf.SaveToFile("newpdf.pdf");pdf.SaveToFile("newppx.pptx", Spi…

20分钟迁移完阿里云ECS跨区域迁移,用老操作系统作为新服务操作系统

由于特殊原因或者数据备份需要迁移ecs服务器 跨区域复制 镜像复制 由于特殊原因或者数据备份需要迁移ecs服务器 1.老服务快照 选择ecs实例,点开实例 进入云盘 https://ecs.console.aliyun.com/disk 在云盘上点击建立快照 https://oss.console.aliyun.com/bu…

PyTorch 深度学习实践-循环神经网络基础篇

视频指路 参考博客笔记 参考笔记二 文章目录 上课笔记基于RNNCell实现总代码 基于RNN实现总代码 含嵌入层的RNN网络嵌入层的作用含嵌入层的RNN网络架构总代码 其他RNN扩展基本注意力机制自注意力机制(Self-Attention)自注意力计算多头注意力机制&#xf…

纯前端小游戏,4096小游戏,有音效,Html5,可学习使用

// 游戏开始运行create: function(){this.fieldArray [];this.fieldGroup this.add.group();this.score 0;//4096 增加得分this.bestScore localStorage.getItem(gameOptions.localStorageName) null ? 0 : localStorage.getItem(gameOptions.localStorageName);for(var …

vscode通过ssh链接远程服务器上的docker

目录 1 编译docker image1.1 编译镜像1.2 启动镜像 2 在docker container中启动ssh服务2.1 确认是否安装ssh server2.2 修改配置文件2.3 启动ssh服务 3 生成ssh key4 添加ssh公钥到docker container中5 vscode安装插件Remote - SSH6 在vscode中配置 1 编译docker image 一般来…

uni-app开发日志:unicloud使用时遇到的问题解决汇总(不断补充)

插件安装后提示与原数据库表冲突(2024.7.18) 安装uni-admin后再安装uni-cms,在uni-admin中添加好菜单,结果提示该错误 回到hbuilder中uniCloud/database中找到冲突的部分 比较一下,选中老的删除 opendb-news-articl…

第122天:内网安全-域信息收集应用网络凭据CS 插件AdfindBloodHound

目录 前置知识 背景和思路 判断是否在域内 案例一:架构信息类收集-网络&用户&域控等 案例二:自动化工具探针-插件&Adfind&BloodHound Adfind(域信息收集工具) ​BloodHound(自动化域渗透工具) 前置知识 本…

【Git标签管理】理解标签 | 创建标签 | 查看标签 | 删除标签 | 推送标签

目录 1.理解标签 2.创建标签 3.查看标签 4.删除本地仓库的标签 5.推送标签 6.删除远程仓库的标签 1.理解标签 Git提供一个打标签的功能tag,对某一次事务/提交的表示(作用/意义)。标签 tag ,可以简单的理解为是对某次 comm…

【Git】(基础篇四)—— GitHub使用

GitHub使用 经过上一篇的文章,相信大家已经对git的基本操作熟悉了,但哪些使用git的方法只是在本地仓库进行,本文介绍如何使用git和远程仓库进行连接使用。 Github和Gitee 主要用到的两个远程仓库在线平台是github和gitee GitHub GitHub …

Postman导出excel文件

0 写在前面 在我们后端写接口的时候,前端页面还没有出来,我们就得先接口测试,在此记录下如何使用postman测试导出excel接口。 如果不会使用接口传参可以看我这篇博客如何使用Postman 1 方法一 2 方法二 3 写在末尾 虽然在代码中写入文件名…