SAA
EBS Snapshot
- Snapshot is available in Region
- "Copy snapshot" can help to move the EBS to another region
- "Create Volume" can help to move EBS to another AZ
AMI
- For GP3, the IOPS can be set independently
- But for GP2, IOPS and volume are linked together
- You got already 8000GB >5334 GB, increase volume size won't help anymore
- Nitro EC2 for better IOPS
- Only for io1/2
- In same AZ
- EBS is always AZ bounded, so always Same AZ
- Multi attach is the same Volume attach to mulit EC2 instances
- Performance
- But one Volume fail, whole data lost
- No change in Performance
- but tolerance
EFS
- Use cases: content management, web serving, data sharing, Wordpress
- Uses NFSv4.1 protocol
- Uses security group to control access to EFS
- Encryption at rest using KMS
- POSIX file system (Linux) that has a standard file API
- FIle system scales automatically, pay-per-use, no capacity planning
- Multi AZs
- General purpose / MAX I/O
- Bursting / Provisioned (set throughput regardless of storage size)
SAP
EBS - Volume Types
- gp2: General Purpose Volumes (cheap)
- You get 3 IOPS / GiB
- minimum 100 IOPS
- as long as under 3000 IOPS, you are able to burst to 3000 IOPS
- max 16000 IOPS
- Volume size from 1 GiB - 16 TiB
- increase 1 TiB = Increase 3000 IOPS (1 TiB = 1000 GiB)
- After 5.5 TiB, you won't get any IOPS increase
- io 1: Provisioned IOPS
- Min 100 IOPS, Max 64000 IOPS (for Nitro instances) or 32000 (other instances type)
- 4 GiB - 16 TiB. Size of volume and IOPS are independent
- st 1: Throughput Optimized HDD
- 500 GiB - 16 TiB, 500 MiB/s throughput
- sc 1: Cold HDD, Infrequently accessed data
- 250 GiB - 16 TiB, 250 MiB/s throughput
EBS - Snapshot
- Snapshots will be stored in S3 (but you won't directly see them)
- Copy snapshots across regions (for DR)
- Can make Image (AMI) from snapshot
- EBS volumes restored by snapshots need to be pre-warmed
- Snapshots can be automated using Amazon Data Lifecycle Manager
EFS
- Can only attach to one VPC, create one ENI per AZ
- You can has EFS inside a VCP
- With ENI attach to each AZ
- Your EC2 instance can locate in another VPC
- Talk to EFS by using VPC peering
- On-Premise Server can also talk to EFS
- You can use Direct Connect or/and Site-to-Site VPN (due to whether you need redundancy in DX, failover)
- Access EFS only by private IPv4, not DNS name
- Which means you EFS can work across Multi accounts and even on-premise
- NFS by itself is not considered a secure protocol
- So not recommend running it over the raw internet without DC or VPN
- You can also use DataSync to keep the storage in sync with EFS or S3 over a DC and it does so securely
- DataSync supports EFS to EFS Sync
- On-prmise use DataSync to connect to EFS
- EFS mount points to multi AZ for EC2
