Our current server of web application is deployed in Singapore region but as we're going to launch our services in Europe so we want to replicate our ec2 instance in London region so any traffic coming from that region will be served from that instance which will give us low latency. How we can achieve that?
You should address this using AWS Route 53 routing policies.
Route 53 has 5 different routing policies and you can use one of following two policies in this case.
Geolocation routing policy – Use when you want to route traffic based on the location of your users.
Latency routing policy – Use when you have resources in multiple locations and you want to route traffic to the resource that provides the best latency.
Since you are looking at a latency based traffic allocation, as the name suggest, you should use Latency routing policy.
For more information about routing policies please refer this link.
To replicate the EC2 instance to a different region,
Create a snapshot of your EBS volume.
Copy the EBS Snapshot to a London Region
If you are using a custom AMI, you will have to copy the AMI to London region as well
Launch a new EC2 Instance using the copied snapshot in the London region.
Related
I am planning to deploy my api gateway to multiple regions in AWS. I implement a health endpoint in the gateway in each region and configure them in route53 healthy check. So route53 will forward the request to the healthy regions if one region fails on healthy check.
My question is in case of all regions are healthy, will route53 route traffic to the closest region? For example, if there are 2 regions configured in route53, ap-southeast-1 and ap-southeast-2, can route53 route the traffic to ap-southeast-2 if the request is from Sydney since it is closer? If yes, how does route53 decide which one is closer?
Yes, you can do that using Route 53 Geolocation routing policy, which can be used when you want to serve your site based on the location of the client or user.
There are three routing policies in R53 that you may consider:
Geolocation routing policy – Use when you want to route traffic based on the location of your users.
Geoproximity routing policy – Use when you want to route traffic based on the location of your resources and, optionally, shift traffic from resources in one location to resources in another.
Latency routing policy – Use when you have resources in multiple AWS Regions and you want to route traffic to the region that provides the best latency.
how does route53 decide which one is closer?
Geolocation is based the location that DNS queries originate from.
Geoproximity routing lets Amazon Route 53 route traffic to your resources based on the geographic location of your users and your resources.
Latency-based routing is based on latency measurements performed over a period of time.
For all these, AWS can also use EDNS0 edns-client-subnet extension.
In AWS, an EC2 instance is launched within a subnet created in an Availability Zone which is again, in a VPC. So, the VPC can be thought of like a container to which only the AWS account and its users have access to. But when creating EBS volumes, only the Availability Zone is asked for / provided and the same EBS volume can be attached to any EC2 instance irrespective of the VPC it belongs to (Of course, for the same AWS account only). My question is - How does AWS prevent other AWS accounts from seeing this EBS volume present in the AZ? Is that implementation abstracted by AWS?
An Amazon VPC is a virtual construct that is used to connect virtual computers according to traditional networking. Resources (eg EC2 instances, RDS databases) can be connected via a VPC, which determines how network traffic flows between them. It is not necessarily how the resources are physically created.
An Availability Zone is a physical data center (or a group of data centers). Resources are created in an AZ, which determines their physical location. For example, an Amazon EBS volume resides in a data center, so it is in only one AZ. It can be logically connected to any EC2 instance in the same account in the same AZ.
Amazon EBS volumes are connected via a backplane that is invisible to the resources. It just magically "attaches" to the instance. It does not use the same network as a VPC.
The Amazon EBS service will only provide EBS volumes to EC2 instances in the same AWS account.
According to AWS Shared Responsibility Model:
AWS responsibility “Security of the Cloud” - AWS is responsible for
protecting the infrastructure that runs all of the services offered in
the AWS Cloud. This infrastructure is composed of the hardware,
software, networking, and facilities that run AWS Cloud services.
AWS provides isolation of all resources between accounts, and this implementation is abstracted, and a part of AWS responsibility.
In addition, it is recommended to Encrypt EBS Volumes, it is free and doesn't impact volume performance.
My ec2 instance is getting charged for data transfer from almost every available AWS region (Tokyo, Seoul, Singapore, Paris, London, Germany, Ireland, Ohio, Oregon, Sydney, Canada Central, Sao Paulo, Cloud Front, INCLUDING AWS GovCloud (US)). our 99.99% users are from India. As per recommendations of AWS representative have checked no other script are running on our instance and have changed rules for security group inbound rule having only SSH connection on port 22 to static IP. But still, there is data transfer of almost 600GB+. And the documentation for security group doesn't help much is there any other way to stop this data transfer?
Please note that EC2 instance runs the php code and java api tomcat7 service & RDS is on other instance.
First, your question looks like you mention data transfer to other EC2 instances in another region. Perhaps you meant traffic to internet users in other regions?
Second, according to pricing you'll be billed for Data Transfer OUT From Amazon EC2 To Internet whichever region you are and regardless whether the endpoint is in internet or AWS region. So, even if you have users in Mumbai you'll be billed for outbound traffic anyway.
Third, if you want to block transfer on country basis use CDN with proper capability, e.g. CloudFlare.
Please elaborate your question if you meant something else.
To design a system I need to decide on where to deploy the instances (suppose that I don't really care where they are but only want to optimize costs).
The on-demand page mentions several billing items:
Data Transfer IN To Amazon EC2 From Internet
Data Transfer OUT From Amazon EC2 To Internet
Data Transfer OUT From Amazon EC2 To (a list of regions)
Data Transfer Across AZ within this Region
My questions:
About item 1 - they say this is free, is it? does it make sense that from Internet to Amazon is free while from Amazon to Amazon is not free? (I'm talking on the inbound data here, not the outbound).
In items 2-3: does "Amazon" refer to all AWS services, including another EC2 instance?
Regarding item 4: it is written "Data transferred "in" to and "out" of Amazon EC2, Amazon RDS, Amazon Redshift , Amazon DynamoDB Accelerator (DAX), and Amazon ElastiCache instances or Elastic Network Interfaces across VPC peering connections in the same AWS region is charged at $0.01/GB." Is that meaning that if I run a process between 2 EC2 instances on the same region then I pay for each GB twice? first for outbound from one instance and second for the inbound on the other instance.
The simple rules-of-thumb are:
Inbound traffic from the Internet to the AWS Cloud is free.
Outbound traffic from the AWS Cloud to the Internet is charged at the applicable rates in each region (this is the majority of the cost). This applies to anything that sends traffic out to the Internet from your AWS services.
Outbound traffic from the AWS Cloud to Amazon CloudFront has a lesser rate
Traffic within a region but between Availability Zones is 1c/GB in each direction. In fact, the wording on the EC2 Instance Pricing page now shows this.
To answer your specific questions:
Inbound is free
Outbound is for any AWS service that sends traffic to the Internet
Traffic between AZs or via VPC Peering is charged in "each direction"
I'm fairly new to Amazon services and wondering what some of the best practices are for clustering/load balancing?
I have a load balancer in my colo (NJ) which may potentially be upgraded to Netscaler.
The application we're hosting on Amazon is nothing crazy and don't expect too much traffic. We're looking at 2 linux instances that would run a Node JS application with a MongoDB replica set. From what I understand, Amazon will evenly divide the traffic amongst the zones. The end-users location has no effect on where they'll be distributed (ie if I have a server in the west coast and one in the east coast, the user in the east coast could be directed to either east or west).
If I wanted to direct users traffic based on location, a global DNS solution would make more sense?
One server would be the master db and the other would be slave with data replicating to each other.
Anybody have any experience with this and how is the network performance?
A question about EC2/S3
EC2 Instances and S3 buckets can only communicate if they are in the same region, correct?
The load balancer only works within one region. If you want to balance traffic between different regions you will need to look at latency based routing in Route 53. Keep in mind that availability zone and region have different meanings within EC2
MongoDB replica set is a flexible master/slave configuration. If the primary instance fails, a secondary, based on configured priority can automatically become primary. Network within a region is fast, you will have some latency if you use multiple regions.
EC2 instance can access an s3 bucket in any region, you wont pay for outgoing bandwidth if both are in the same region.