This section of the Solution Architect Associate learning path introduces you to the core computing concepts and services relevant to the SAA-C03 exam. We start with an introduction to the AWS compute services, understand the options available and learn how to select and apply AWS compute services to meet specific requirements.
Want more? Try a lab playground or do a Lab Challenge!
Learning Objectives
- Learn the fundamentals of AWS compute services such as EC2, ECS, EKS, and AWS Batch
- Understanding how load balancing and autoscaling can be used to optimize your workloads
- Learn about the AWS serverless compute services and capabilities
In the architecture diagram shown, we have an application deployed to private subnets in an auto-scaling target group service by an Application Load Balancer. The Application Load Balancers are deployed to public subnets. We also have a separate security VPC with a Gateway Load Balancer and security appliances in a target group for auto-scaling. This will allow for the appliance fleet to adjust based on application load, and therefore, scaling horizontally.
We can follow the steps, a packet will travel in this architecture.
Step 1, a customer access your web application and a request is generated.
Step 2, the landing place for public traffic request is the Application Load Balancer. However, the Internet Gateway is configured with an Ingress route table to direct traffic to a Gateway Load Balancer endpoint.
In step 3, the Gateway Load Balancer endpoint directs traffic to the Gateway Load Balancer in the security VPC.
Step 4, at the Gateway Load Balancer, the packets are wrapped using the GENEVE tunneling protocol and dispatch through the security appliance selected.
Step 5, the packet analysis takes place in the security appliance. What actually happens depends on the appliance being used and the configuration that you define.
Step 6, after analysis, the packets are sent back, still encapsulated to the Gateway Load Balancer where the encapsulation is removed and traffic is sent to the Gateway Load Balancer endpoint where it originally came from.
Step 7, the corresponding Gateway Load Balancer endpoint will direct traffic to the Application Load Balancer and will target your application.
From step 8, the response flow is very similar in that the application response will pass through the Application Load Balancer and into the subnet with the Gateway Load Balancer endpoint in the same availability zone. This will send traffic to the Gateway Load Balancer yet again in the return path for the security VPC.
Step 9, the packets are encapsulated yet again and sent to the security appliance where they are processed.
Step 10, the packets are sent back to the Gateway Load Balancer where encapsulation is removed and packets moved to the Gateway Load Balancer endpoint.
Step 11, the Gateway Load Balancer endpoint will send traffic out through the Internet Gateway.
And in step 12, the response is received by the customer. So, as we get to see from this example flow, the Gateway Load Balancer allows you to leverage and horizontally scale third-party security appliances from the AWS Marketplace in your Amazon VPCs.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.