AWS Application Architecture
The following provides a list of points which are useful when it comes to architecting your next AWS application.
When you’re looking to architect an application or solution in AWS, you must determine the minimum memory requirements for the application and also determine required I/O operations. With this information, you will be in a position to correctly size instances appropriate for your project.
Note that the minimum design for high availability across two availability zones is an ELB, serving traffic to two instances (one in each AZ), where cross zone load balancing is enabled on the ELB. Additionally, an auto-scaling group should be created as this applies high availability when a single AZ is no longer available.
The AWS VPC allows you to connect your cloud resources to your own encrypted IPSec VPN connections. To create these site to site VPN connections from on premise to the VPC you will need to assign a public IP address on the customer gateway for the on-premise network.
If you and a colleague manually poll an SQS queue, you may not see the same messages due to the visibility time out and the fact you might be using short polling – when a message is retrieved, that message is hidden from other polling attempts – until the message is deleted or the visibility time-out expires. Short polling does not query all servers that SQS messages can reside on. Note: deletion of an SQS queue used in an application will cause the application to fail. SQS guarantees delivery of at least one message but cannot guarantee it won’t create duplicates. It also cannot guarantee message order.
Sensitive information should be handled by encrypting the file system on the EBS volume using Linux tools and by enabling EBS and S3 encryption.
Reserved instance type, platform, instance type and availability zone must be selected at purchase. If you need to move the instance to a new AZ, you need to sell the old instance on the market place and launch a new one. Terminating reserved instances will mean that on-demand instances (of the same type) will be billed as reserved instances
Eventual consistency is no longer a problem, read after write is available in all regions
When an EC2 instance with an elastic IP associated to it in a VPC is stopped and started, the instance store data will be lost and the underlying host could be changed
The basic monitoring package for RDS provides database visible metrics, such as number of connections