DevOps
AWS: Core Services
Netflix runs entirely on AWS: millions of EC2 instances, petabytes of video in S3, Aurora for user data, Lambda for recommendation scoring. When AWS us-east-1 had an outage in 2021, Netflix stayed up because they had built multi-region from day one. Cloud is not a destination - it is an architecture discipline.
- **Airbnb** stores millions of photos in S3 and uses Presigned URLs for direct upload from mobile apps - servers never handle photo bytes.
- **Slack** uses Aurora PostgreSQL for message storage - Multi-AZ failover in under 30 seconds versus 5-10 minutes for standard RDS PostgreSQL during a primary node failure.
- **Coca-Cola** moved production systems to Lambda + API Gateway - order processing cost dropped 65% by paying only for actual invocations instead of idle EC2 instances.
EC2
EC2 (Elastic Compute Cloud) provides virtual machines in AWS. Instance types are organized by workload: t3/t4g (general purpose, burstable), m7g (steady general purpose), c7g (compute-intensive), r7g (memory-intensive). Graviton (ARM) instances offer 20-40% better price-performance than x86.
Spot Instances save 60-90% for fault-tolerant workloads (batch processing, stateless workers). Reserved Instances save 30-60% for steady-state workloads with 1-3 year commitment.
An application has unpredictable traffic: quiet nights, busy days, occasional viral spikes. What is the correct EC2 deployment strategy?
S3
S3 (Simple Storage Service) is AWS object storage with 11 nines durability (99.999999999%). Objects are stored in buckets with versioning, lifecycle rules, and cross-region replication. S3 is not a filesystem - it is an object store with a flat key namespace.
S3 Intelligent-Tiering automatically moves objects between storage classes based on access patterns without requiring manual lifecycle rules - useful when access patterns are unpredictable.
A mobile app allows users to upload photos. Server bandwidth is the bottleneck. What is the S3-based solution?
RDS and Aurora
RDS is managed relational databases: PostgreSQL, MySQL, MariaDB, Oracle, SQL Server. AWS handles backups, patching, failover, and monitoring. Aurora is AWS's cloud-native reimplementation with 5x MySQL and 3x PostgreSQL performance, 6-way storage replication across 3 AZs, and Multi-AZ failover in under 30 seconds.
Aurora Serverless v2 scales from 0.5 ACU (0.5GB RAM) to 64 ACU (128GB RAM) in seconds. It is the correct choice for workloads with variable traffic - no idle capacity cost during quiet periods.
A startup has unpredictable traffic: 10 req/s on weekdays, 500 req/s on weekends. Which RDS option minimizes cost without compromising availability?
AWS Lambda
AWS Lambda runs code in response to events (API Gateway, S3, SQS, EventBridge, DynamoDB Streams) without managing servers. Billing is per 100ms of execution. Maximum timeout: 15 minutes. Maximum concurrent executions: 1,000 per region (default).
Lambda pricing: 1M requests + 400,000 GB-seconds free per month. For event-driven, intermittent workloads (image resize, email sending, data processing), Lambda is typically 10-50x cheaper than always-on EC2.
A service processes uploaded images: resize to 3 sizes on S3 upload. Expected load: 100 uploads/day normally, 50,000/day during campaigns. What is the correct compute choice?
VPC and Network Security
VPC (Virtual Private Cloud) is an isolated network in AWS. Standard architecture: public subnets (Load Balancer, NAT Gateway) and private subnets (EC2, RDS, Lambda). Resources in private subnets are not reachable from the internet.
VPC Endpoints eliminate NAT Gateway data transfer charges for S3 and DynamoDB traffic (typically $0.045/GB via NAT vs $0.00/GB via endpoint). For high S3 throughput applications, this can save thousands per month.
VPC isolation means services in different subnets cannot communicate
VPC isolation means services are not reachable from the internet. Communication between subnets within the same VPC uses Security Groups to control which ports are open between services.
RDS in a private subnet is reachable from EC2 in another private subnet (same VPC) via Security Group rules. It is not reachable from the internet. Isolation is from external traffic, not from internal services.
A Lambda function in a private subnet needs to access S3 and call an external payment API. What network components are required?
Key Ideas
- **EC2 + ASG** - virtual machines with auto-scaling; t4g/m7g (Graviton ARM) offer the best price-performance ratio.
- **S3 + RDS/Aurora** - object storage (11 nines durability) + managed database with automatic failover; Aurora Serverless v2 for variable load.
- **Lambda + VPC** - serverless for event-driven architectures; VPC isolates resources; VPC Endpoints eliminate NAT Gateway charges for S3 and DynamoDB.
Related Topics
AWS core services integrate with the compute and scaling layer:
- Serverless: Lambda and Cloud Functions — Lambda is the primary AWS serverless service; details on cold start, event-driven patterns, and limits.
- Autoscaling and HPA — EC2 Auto Scaling Group is AWS horizontal scaling; HPA in Kubernetes is the equivalent for containers.
Вопросы для размышления
- When should Aurora Serverless v2 be chosen over standard Aurora with a fixed instance?
- If an application stores user files - how do you organize upload via S3 Presigned URL while validating file type and size?
- Why is RDS better than self-managed PostgreSQL on EC2 in most production cases?