We have our web server cluster in the AWS's US-WEST-2 region reading/writing to Postgres RDS in the same region. As per AWS's SLA a region can be down for 22 mins in a month.
To mitigate this downtime of 22 min when ever it happens. I am setting up another cluster in US-EAST-1 region with it's own RDS.
To have both the clusters in sync I want the PUT requests to be relayed to both the clusters in US-WEST-2 and US-EAST-1. Is there a web proxy/AWS service which can help me?
Related
We have 2 regions, primary and secondary where the VPC is configured so that the EC2 instances in that VPC would make requests to a private VPC endpoint that would serve up DynamoDB from that region. Our Amazon DynamoDB tables are global tables. The goal is to have our requests stay within the Amazon network for security reasons.
We have a scheduled task that would run on an EC2 instance in our primary region. We want to make it more resilient by having it failover DynamoDB requests to the secondary region in the event that the primary region DynamoDB service is degraded. This was recommend by AWS in the Availability and Durability section.
I've looked through these documentations: Endpoints for Amazon DynamoDB and Using Amazon VPC Endpoints to Access DynamoDB, but they don't seem to offer any solution. Is it even possible to make requests to a private VPC endpoint from another region?
The goal is to have multi-region resilient and good security by not having requests going out to the internet.
Unfortunately this isn't possible from the documentation at https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-ddb.html:
Endpoints currently do not support cross-region requests—ensure that you create your endpoint in the same Region as your DynamoDB tables.
Also documented here: https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-gateway.html#vpc-endpoints-limitations
Endpoint connections cannot be extended out of a VPC. Resources on the other side of a VPN connection, VPC peering connection, transit gateway, AWS Direct Connect connection, or ClassicLink connection in your VPC cannot use the endpoint to communicate with resources in the endpoint service.
I have 7 Spring microservices which I would like to deploy into AWS Elastic Beanstalk. I see that I will be charged by outbound and inbound network traffic. It's not clear to me will I be charged for the internal communication between the microservices?
will I be charged for the internal communication between the microservices?
Depends. If all services are in same AZ and you use private IP addresses, they you will not be charged for traffic. From docs:
Data transferred between Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache instances, and Elastic Network Interfaces in the same Availability Zone is free.
But if you spread your services across AZs, then you will be probably paying for the traffic:
Data transferred "in" to and "out" from Amazon EC2, Amazon RDS, Amazon Redshift, Amazon DynamoDB Accelerator (DAX), and Amazon ElastiCache instances, Elastic Network Interfaces or VPC Peering connections across Availability Zones in the same AWS Region is charged at $0.01/GB in each direction.
Cross-region traffic will also have cost.
I setup a JDBC connection in AWS Glue to an RDS database. When I test the connection from AWS Console, I get an error: Could not find S3 endpoint or NAT gateway for subnetId xxxx. Why does AWS Glue connection to RDS need S3 VPC Endpoint?
The RDS instance has a security group that is completely open to all IP addresses.
I don't know exactly what it is needed for, but my Glue connection to RDS started working only when I had created S3 endpoint.
VPC → Endpoints
Create S3 endpoint
Service category: AWS services
Service name: com.amazonaws.eu-central-1.s3
VPC: choose one that your RDS is associated with
Route tables: choose one that contain subnets for VPC
My application is hosted on virginia as well as mumbai EC2 instances and we use geo based location routing for our application . Now our Prod RDS is hosted in Virginia region which has a read replica in Mumbai region.
For all write operations we use Virginia region RDS and for all read actions(for mumbai region users only) we use mumbai region RDS. Now we are receiving random connection timeout errors from RDS . This can be some lag but we have set our timeout to 10000ms. Virginia region users have never reported this issue(their read/write actions point to virginia RDS only).
Any suggestion if we need to modify any setting in RDS?
To design a system I need to decide on where to deploy the instances (suppose that I don't really care where they are but only want to optimize costs).
The on-demand page mentions several billing items:
Data Transfer IN To Amazon EC2 From Internet
Data Transfer OUT From Amazon EC2 To Internet
Data Transfer OUT From Amazon EC2 To (a list of regions)
Data Transfer Across AZ within this Region
My questions:
About item 1 - they say this is free, is it? does it make sense that from Internet to Amazon is free while from Amazon to Amazon is not free? (I'm talking on the inbound data here, not the outbound).
In items 2-3: does "Amazon" refer to all AWS services, including another EC2 instance?
Regarding item 4: it is written "Data transferred "in" to and "out" of Amazon EC2, Amazon RDS, Amazon Redshift , Amazon DynamoDB Accelerator (DAX), and Amazon ElastiCache instances or Elastic Network Interfaces across VPC peering connections in the same AWS region is charged at $0.01/GB." Is that meaning that if I run a process between 2 EC2 instances on the same region then I pay for each GB twice? first for outbound from one instance and second for the inbound on the other instance.
The simple rules-of-thumb are:
Inbound traffic from the Internet to the AWS Cloud is free.
Outbound traffic from the AWS Cloud to the Internet is charged at the applicable rates in each region (this is the majority of the cost). This applies to anything that sends traffic out to the Internet from your AWS services.
Outbound traffic from the AWS Cloud to Amazon CloudFront has a lesser rate
Traffic within a region but between Availability Zones is 1c/GB in each direction. In fact, the wording on the EC2 Instance Pricing page now shows this.
To answer your specific questions:
Inbound is free
Outbound is for any AWS service that sends traffic to the Internet
Traffic between AZs or via VPC Peering is charged in "each direction"