System Design Basics II

AWS Well-Architected Framework

The AWS Well-Architected Framework helps cloud architects build secure, high-performing, resilient, and efficient infrastructure. It's based on six key areas called pillars:

1. Operational Excellence

Focus: How well you run and monitor your systems.

• Automate Everything: Use code to manage your systems and processes.

• Small Changes: Make frequent, small updates to minimize risk.

• Regular Updates: Continuously improve your procedures.

• Plan for Failure: Think ahead and prepare for things going wrong.

• Learn from mistakes: Use past failures to improve your processes.

• Use Managed Services: Let AWS handle some tasks to reduce your workload.

2. Security

Focus: Protecting your systems and data.

• Strong Access Controls: Only let the right people access your resources.

• Track Everything: Monitor and record all actions and changes.

• Multi-layer Security: Use multiple security measures at different levels.

• Automate Security: Use automated tools to enhance security.

• Protect Data: Encrypt data both when it's stored and when it's moving.

• Limit Direct Access: Reduce the need for manual data handling.

• Prepare for Incidents: Have a plan for dealing with security issues.

3. Reliability

Focus: Ensuring your system works correctly and consistently.

• Automatic Recovery: Set up systems to fix themselves when problems occur.

• Test Failures: Regularly test how your system handles failures.

• Scale Horizontally: Use multiple smaller resources instead of one big one.

• No Capacity Guessing: Scale resources based on actual demand.

• Automate Changes: Use automation to manage changes to your infrastructure.

4. Performance Efficiency

Focus: Using resources efficiently.

• Leverage Advanced Tech: Use AWS's services to handle complex tasks.

• Global Deployment: Deploy your systems worldwide for better performance.

• Serverless Options: Use serverless technologies to reduce management overhead.

• Frequent Experimentation: Regularly test different configurations to improve performance.

• Tech Matching: Choose the right technology for your specific needs.

5. Cost Optimization

Focus: Reducing unnecessary expenses.

• Pay-as-You-Go: Only pay for what you use.

• Measure Efficiency: Track the cost vs. benefit of your services.

• Avoid Heavy Lifting: Let AWS manage infrastructure to save costs.

6. Sustainability

Focus: Building environmentally friendly systems.

• Efficient Infrastructure: Use energy-efficient data centers.

• Reduce Carbon Footprint: Implement strategies to lower carbon emissions.

• Innovative Data Centers: Invest in new technologies for better efficiency.

• Data Management: Optimize storage to reduce waste.

• Transparency: Report on environmental impact.

• Education: Learn and promote sustainable practices.

---

Three-tier Architecture

It has 3 distinct layers/architecture.

1. Presentation tier (Frontend)

2. Logic tier (Backend)

3. Data tier (Database)

A brief explanation of the three distinct layers of architecture:

1. Presentation Tier (Frontend):

   • Description: This layer is responsible for the user interface and user experience. It’s what the end-user interacts with directly.

   • Components: Web pages, mobile apps, desktop applications, and other client interfaces.

   • Technologies: HTML, CSS, JavaScript, React, Angular, Flutter.

2. Logic Tier (Backend):

   • Description: This layer contains the business logic and processes user inputs from the presentation tier. It’s responsible for data processing, application logic, and communications between the frontend and the database.

   • Components: Application servers, APIs, microservices.

   • Technologies: Java, Python, Node.js, Ruby on Rails, Django.

3. Data Tier (Database):

   • Description: This layer is responsible for storing, retrieving, and managing data. It serves as the central repository where data is kept.

   • Components: Databases, data storage systems.

   • Technologies: SQL databases (MySQL, PostgreSQL), NoSQL databases (MongoDB, Cassandra).

These three layers work together to create a well-organized, scalable, and maintainable application architecture.

Securing different tiers

1. Presentation tier:

   • Use HTTPS: Encrypt data transmitted between the client & the server to prevent eavesdropping & tampering.

   • Input validation: Validate all user inputs or client-side (using JS) & server-side to prervent injection attacks.

2. Application tier:

   • Authentication & Authorization: Implement strong authentication mechanisms like OAuth, JWT, or SAML to verify user identity. Use role-based access control (RBAC) or attribute-based access control (ABAC) to restrict access to resources based on user roles.

   • Secure session Management: Use secure session management practices such as using unique session identifiers, setting expiration times & using HTTPS for sesssion data transmission.

3. Data tier:

   • Data Encryption: Encrypt sensitive data at rest (using database encryption) and in transit (using TLS/SSL) to protect it from unauthorized access.

   • Database security best practices: Follow database security best practices such as keeping db s/w update, applying patches and regularly auditing db access logs.

Three tier architecture on AWS

Can you guess single point of failures in the above architecture?

• Yes there are multiple points. Web server, App server and the DB.

• About the load balancer, they're actually highly available, they span across 3 AZs under the hood. It just appears like a single aspect.

Then, how to make them highly available?

• Deploying into multi AZs.

For network security,

• We can deploy ELB in public subnet, while keeping web & app server in private subnets.

• We can use WAF with ELB.

• Using NACLs and SGs to enhance the security for instances.

What about database?

• We can use either SQL or NoSQL database.

• Prefer AWS native databases. Say, for Aurora, it has Multi AZ, Global database replication features just to mention few.

• For database optimization, we can use read replica, caching layer & query tuning.

A well architected 3 tiered architecture example:

Three-Tier Architecture with Serverless

• S3 is used for serving static contents while any interactive contents are handle using API through API Gateway. Using lambda as compute and Amazon Aurora as database.

• Amazon S3 (Simple Storage Service) is designed for high durability, availability, and scalability. It can handle massive amounts of data and serves static content such as images, videos, CSS, and JavaScript files. S3 automatically scales to meet the needs of your application, and its integration with Amazon CloudFront (a Content Delivery Network) enhances performance and availability by distributing content closer to users globally.

• Amazon API Gateway serves as the front door for applications to access data, business logic, or functionality from backend services. It handles thousands of concurrent API calls and scales seamlessly with your application’s traffic.

  AWS Lambda is a serverless compute service that automatically scales up and down based on the number of incoming requests. Each invocation of a Lambda function is run in a separate execution environment, allowing for high concurrency without the need to manage servers.

• Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud, combining the performance and availability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases.

Three-Tier Architecture with K8's

Description:

• Web/App running in a container within a pod.

• Pods can run either in EC2 worker node under EKS service or Fargate.

• We make this scalable using K8's scaling constructs which is Replica Set, HPA (horizontal pod autoscaler) & Cluster Autoscaler.

• The load balancer fronting the webserver will be ALB ingress while in the back-end, the ELB could be another ingress or a K8's service.