I have a project with Web part on both areas (EU and China) and i have two account on both AWS (Global and AWS China).
Can i make private channel between Chinese Zone and any Zone in Global AWS (for example Signapore) for replication of DB/Sync data and other issues.
I need something like that private channel because ping and connect between that zones via public DNS almost already bad.
Maybe someone have some experience with some architecture like this.
Thank you.
Note in most cases this works poorly for China because VPNs generally are not stable across the GFW interface; you can stay up for a while but IPSEC, etc. are not stable. Some companies can do cross-connects such as Aryaka and CBC, and of course MPLS - expect $1-3K/month to start.
Ideally you would use an official third party connection with DirectConnect to connect Singapore with one of the AWS China regions. I know China Mobile International can do this.
Related
I have a bucket where I store some images and short clips to use inside my app. but I've noticed that users in Iran cannot see the images and watch the videos without using a proxy.
Is there any solution that those people be able to see images and watch the videos?
My bucket is public, located within the Asia Pacific (Singapore) ap-southeast-1 region.
Is there any solution that those people be able to see images and watch the videos?
No, unfortunately.
In compliance with (extreme) United States government sanctions & export control regulations, Amazon Web Services prohibits access to customers located within Iran.
Amazon Web Services is theoretically exempted from US sanctions targeting Iran according to the Iran General License (No. D-1) issued by the US Treasury.
However in practice, Amazon is over-complying with the sanctions, unfortunately crippling access for Iranian customers.
Due to the extremely high number of sanctions that apply to doing business with Iran, US based businesses simply do not take risks and would rather block off access completely than allow it on a case-by-case basis.
AWS falls within this category, as do virtually all other US companies e.g. PayPal (ZarinPal), Uber (Snapp!) & eBay (Digikala) to name a few.
If you're providing an international service, Cloudflare as a CDN will work. Popular Iranian websites like hamyarwp.com use Cloudflare and are still accessible within Iran.
If you're providing a local service, local Iranian hosting is the best way to move forward to guarantee access.
For object storage, perhaps try out Google Cloud Storage.
I'm working for a german company, therefor we're bound to GDPR. We're selling our product as a software as a service offering and are hosting the systems in AWS. Our customers are spread over Europe, USA and Asia. So we're running multiple VPCs in AWS in the Regions EU-West, US-Northeast and APAC. Our plan is to implement Keycloak as SSO backend.
Up to this point our initial idea was to imlement Keycloak with the so called Cross Data Center Replication. This would mean one Keycloak-Cluster per VPC with a load balancer in front, the Infispan cluster for inter VPC caching/communication and an Aurora RDS cluster as the centralised database, but we are not pinned to that. The problem is, as mentioned above, we're bound to the GDPR and so the data of european users must not leave the EU except the customer orders us to do so. All I've read is saying that Keycloak is expecting that all data is synced accross the database cluster.
Information about our topology and the issue itself:
Every customer has dedicated EC2 instances in the best suitable geographical region. Additionally there are centralized services hosted in the EU. So user from the USA or APAC need to have access to systems in the EU but EU users don't need to have access to instances/services outside of the EU, except the customers explicitely orders it.
So how do we achieve this?
My only idea atm would be to build up a database cluster (likely not AWS Aurora RDS) and configure on the database itself to not sync all of the data. But this sounds very gross to me and I don't think, that Keycloak is doing well with this. Any ideas or tips would be appreciated!
Ok, in case someone is interested in our solution:
It seems, that we will accept the fact, that not EU customer have a latency under some circumstances. The Infinispan cluster will serve as a cache, so these users will only have once in a while this latency. The DB will reside in the EU.
I'm not sure, if the Infinispan servers will act as a cache, if the connection to the nodes in the other datacenters is lost, but maybe I'll find something about that.
We are building an application that stores email and phone numbers of the users. We understand that German data privacy laws require the database and web services to be hosted in Germany (i.e. a data centre in Germany). Our AWS EC2 instance is hosted in us-west. Do we need to host the application on the German data centre as well? We are using PHP5 with MySQL.
The German privacy law requires you to store and compute personal data in data centers located in the EU. So you are able to use eu-west-1 (Ireland) and eu-central-1 (Germany) on AWS at the moment.
But this tackles only one of the technical requirements you need to fulfill to be compliant with the German privacy law. There are other technical and non-technical requirements as well (e.g. an agreeement called Auftragsdatenverarbeitungsvereinbarung, not using global AWS services, ...).
The short answer is yes. Regional data must be stored within a data center located in that region. For instance, I have an application that is mainly hosted in US East, but I have customers in Ireland, Sydney, and Japan so I have deployments in those regions as well.
Your best bet is to either intimately familiarize yourself with the data laws in countries you are targeting, or hire a lawyer that can help you through it. You do not want to be on the receiving end of a lawsuit for mishandling customer data!
I'm looking for a way to pick the best AWS region to host a Proof of Concept installation for a potential customer in India.
For this, I'd like to try to ping the customer's web site (I verified that it's hosted in India, I assume by the customer itself since that's part of their business) from multiple AWS regions and see which one gives best results.
I found multiple tools which would allow me to run ping from my own browser to multiple AWS locations (e.g. https://cloudharmony.com/speedtest, http://www.cloudping.info/) but none which will allow me to ping between all AWS regions and a specific third party.
Does such a tool exist, or is my only option to run up an EC2 instance in each region and try to ping from it?
You might want to check the answers to this very similar question.
Keep in mind that not all regions have all AWS services available at this time, so make sure the region you pick has all the services that you plan to use. Also, Amazon has said that an India region is in the works.
I am working on a project and am at a point where the POC is done and now want to move towards a real product. I am trying to understand the Amazon cloud offerings just to see if I need to be aware of them at development time. I have a bunch of questions that I cannot get answered from the Amazon site. Its probably because I am new to the whole web services thing and have never hosted a site before. I am hoping someone out here will explain this to me like I am a C programmer :)
I see amazon has a bunch of offerings -
EC2
Elastic Block Store
Simple DB
AuotScaling
Elastic Load Balancing
I understand EC2 is virtual server instances that I can use and these could come pre-loaded with what I want (say Apache + python). I have the following questions -
If I want a custom instance of something (like say a custom apache module I wrote for my project). Can I create a server instance using the exact modules and make it the default the next time I create a new instance or in Autoscaling?
Do I get an IP Address to access this? Can I set my own hostname to it? I mean do I get a DNS record? Or is it what Elastic IP is?
How do I access it from the outside? SSH? Remote Desktop? Or is it entirely up to how I configure the instance?
What do they mean by Inter-Region or Intra-Region data transfer? What is data transfer to begin with? Is it just people using my instance? So if I go live with it that will be the cost I have to pay for people using it?
What is the difference between AutoScaling and Elastic Load Balancing?
What is Elastic Block Store? Is it storage? If so do I have to worry about backups or do they take care of it?
About the Simple DB -
It looks like the interface to use this is different to my regular SQL calls. Am I correct?
If so the whole development needs to be tailored specifically for Amazon. Which kind of sucks. Is there a better alternative?
Do I get data backups or do I have to worry about it myself?
Will I be able to connect to the DB using regular tools to inspect the DB (during or afte development). Or do I get other tools made by Amazon for it?
What about security? The DB is obviously somewhere in the cloud farm away from the EC2 instance. My DB password is going over the wire and so is all my data totally unencrypted. Don't I have to worry about that? The question comes up only because I don't own any of the hardware.
I really hope some one points me in the right direction here.
Thanks for taking the time to read.
P
I just went through the question and here I tried to answer few of them,
1) AWS EC2 instances doesnt publish pre-configured instances, in fact its configured by the developers and made it publicly available to the users so that they can use it. One can any one of those instances or you can just opt for what ever OS you want which is raw and provision it accordingly and create a snap shot of it so that you can use it for autos caling.The snap shot becomes the base AMI in your case.
2) Every instance you boot will have a public DNS attach to it, you can use the public DNS to connect to that instance using ssh if your are a linux user or using putty if you are a windows users. Apart from that, you can also attach a elastic IP which comes with a cost will is like peanuts and attach it to the instance and access your instance through the elastic IP and you can either map the public DNS or elastic ip to map to a website by adding a A record or Cname respectively.
3)AWS owns databases in the different parts of the world. For example you deploy your application depending upon your customer base, if you target customers are based out of India, the nearest region available is Singapore which is called as ap-southeast-1 by AWS. Each region will have multiple availability zones, example ap-southeast-1a and ap-southeast-1b, which are two different databases and geographically part. Intre region means from ap-southeast-1a to ap-southeast-1b. Inter Region means, from ap-southeast-1 to us-east-1 which is Northern Virginia Data centre. AWS charges from in coming and out going bandwidth, trust me its nothing.
They chargge 1/8th of a cent per GB. Its a thing to even think about it.
4)Elastic Load balancer is cluster which divides the load equally to all your regions across availability zones (if you are running in multi AZ) ELB sits on top the AWS EC2 instances and monitors the instance health periodically and enables auto scaling
5) To help you understand what is autoscaling please go through this document http://aws.amazon.com/autoscaling/
6)Elastic Block store or EBS are like hard disk which is a persistent data storage which can be attached to your instance.Regarding back up yes dependents upon your use case. I do backups of EBS periodically.
7)Simple Db now renamed as dynamo DB is nosql DB, I hope you understand what is nosql db, its a non RDMS db systems. Please read some documentation to understand what is nosql db is.
8)If you have mysql or oracle db you can opt for RDS, please read the documents.
9)I personally feel you are newbie to the entire cloud eco system, you need to understand what exactly cloud does first.
10)You dont have to make large number of changes to development as such, just make sure it works fine in your local box, it can be deployed to cloud with out much ado.
11) You dont have to use any extra tool for that, change the database end point to RDS(if your use it) or else install mysql in your ec2 instance and connect to the local db which resides in the ec2 instance and connect to it,which is as simple as your development mode.
12)You dont have to worry about any security issues aws, it is secured. Dont follow the myths, I am have been using aws since 3 years running I dont even know remember how many applications, like(e-commerce,m-commerce,social media apps) I never faced any kind of security issues and also aws allows to set your security how ever you want.
Go ahead, happy coding. Contact me if you have any problem.
The answer above is a good summary on AWS. Just wanted to add
AWS offers full data center, so it depends what you are trying to achieve. For starters you will need,
EC2 - This is your server, it comes with instance storage, which will be lost on restart
EBS - Your mounted storage, the data is persisted across reboots
S3 - Provides storage (RESTful API's on top, the cost is usage based rather than "provisioned" as in EBS)
Databases - can start with Amazon RDS, which provides managed database services, you can chose between various available databases. You can also install your own database using EC2 + EBS, you will have to take care of managing the database yourself.
Elastic IP: Public facing IP address, you can point your DNS server to this.
One great tool to calculate the pricing,
http://calculator.s3.amazonaws.com/calc5.html
Some other services to take in account are:
VPC (Virtual Private Cloud). This is your own private network. You can define subnets, route tables and internet gateways there. I would strongly recommend to use VPC for any serious deployment of more than one instance.
Glacier - this will replace your tape library to storing backups.
Cloud Formation - great tool for deployment and automation of instances.