DEV Community: Anja

Amazon Route 53

Anja — Tue, 20 Dec 2022 10:39:34 +0000

Amazon Route 53 is a Domain Name System (DNS) web service. The task of a DNS is to translate domain names into IP addresses. An example for a domain name is www.google.com, an IP address could be e.g. 172.217.0.0. When you open a new URL, like www.google.com, the browser first checks in the caches if the IP for this domain name is already present. If it can't find one, it will send a request to a DNS server to receive the IP address. With the IP address the browser is then able to connect to the destination server.

Route 53 is in authoritative DNS, meaning that you have control over which DNS record entries it has. Its also possible to add health checks so that as a result Route 53 returns the IP of the healthy resource.

Elements of a DNS record

domain name: e.g. google.com
record type: A,AAAA, CNAME, ..¹
value: e.g. 172.217.0.0
routing policy
TTL: Time to Live, how long the DNS record is cached

Hosted Zones

Hosted Zones are containers for records that define how to route traffic to a domain. Public hosted zones contain records for traffic on the internet. Private Hosted Zones contain records for one or more Virtual Private Networks (VPN).

Time to Live (TTL)

When the client receives the IP address from Route 53, there will also be an information about the TTL contained. If the TTL is e.g. 24 hours, then the client will ask Route 53 for a new IP address of this destination when the time has passed. If you configure a low TTL this will cost more as there are more requests to Route 53 neccessary.

Routing Policies

Routing policies define how Route 53 will respond to DNS queries.

Simple

The simple policy means, that Route 53 will send back one or more IP addresses for one domain name. The client can then choose one of these randomly. This policy can't be combined with health checks.

Weighted

With the weighted policy you control how many % of the requests should go to each destination server. You can assign a weight to each DNS record then, when these have the same name and type. You can also add health checks. A possible use case for this policy is to test a new app version with some of your customers.

Latency based

If you would like to redirect to the resource that has the least latency for the client that send the request, you can use the latency based policy. Again, you can add a health check.

Failover (active-passive)

With the failover policy you can define a primary resource with a health check and a different resource for failover. When the first resource is unhealthy, the traffic will be routed to the second resource.

Geolocation

The geolocation policy is based on the user-location. You can e.g. define that if the DNS request originates from France, you route them to a resource in Germany. You can define geolocations by continent, by country, or in the US by state.

Geoproximity

Geoproximity routing routes traffic to your resources based on the geolocation of the users and the resources. You can shift more traffic to a certain resource with a bias².

Multi-Value

When configured for Multi-value Route 53 will return multiple IP-addresses for the same domain name which the client can choose from. It is possible to add health checks.

📚 Learn more: AWS Route 53 documentation

Full list with details about the types: Record types ↩
Detailed explanation with visuals: Geoproximity policy ↩

Amazon S3 - Basics

Anja — Fri, 16 Dec 2022 14:07:47 +0000

Amazon S3 is a highly available data storage that can be used for example for backups, app hosting, data lakes and hosting of static websites. With S3 you can store objects in buckets, objects are similar to files and buckets can be thought of as directories. A bucket must have a globally unique name and is tied to a specific region.

Objects have a unique key as an identifier and are composed of the folder name and the object name:

ss3://EXAMPLE-BUCKET.s3.us-west-2.amazonaws.com/picture/cat.png

Here "picture/cat.png" would be the unique key.

🔒Security

You can control access to your S3 buckets by using S3 bucket policies, IAM roles or IAM policies. If your data in the S3 buckets isn`t supposed to be public, check that the bucket settings to block public access are configured correctly. To encrypt your data, you can enable server-side encryption, which encrypts your data when it gets stored in the bucket. Alternatively you could use client-side encryption, meaning that you encrypt your data before you load it into the S3 bucket.

Versioning

When you enable versioning on your buckets, a new version will be created when you upload a file to a destination where a file already exists. It's recommended to enable it so you don't accidentally overwrite files you still need.

Replication

With replication you can crate copies of objects across S3 buckets asynchronously. This can be replication inside of the same or a different region, "Same region replication" or "Cross region replication".

💾 Storage classes

There are different S3 storage classes available.

1. General purpose

The general purpose class offers an availability of 99,99% and is fitting for frequently accessed data. It offers a low latency and a high throughput. Use cases are e.g. cloud apps, dynamic websites or mobile apps.

2. Infrequent access

With the infrequent access class you have an availability of 99,9%. It should be used for less frequently accessed data, that still requires a rapid access to the data. Its cheaper than "general purpose", but there's cost for the retrieval of data. It's useful for e.g. backup and disaster recovery.

3. One Zone-infrequent access

Fitting when you access your data infrequently and only want your data in one Availability Zone(AZ). The availability is 99,5%. It can be used for storing secondary backup copies of on-premise data or re-creatable data.

4. Glacier storage classes

The purpose of the glacier storage classes is archiving and backup. You need to pay for storage and object retrieval.

Glacier instant retrieval offers a fast retrieval of data(milliseconds) that is rarely accessed.

With Glacier flexible retrieval you have flexible retrieval times ranging from minutes to hours.

Glacier deep archive offers a long term storage with a retrieval time of 12 hours.

5. Intelligent Tiering

Intelligent Tiering automatically moves data to the most cost-effective tier based on the access frequency. You are charged an object monitoring and automation charge, but you don't need to pay for data retrieval. When activated, your objects are moved automatically to these tiers:

Frequent Access Tier: default
Infrequent Access Tier: objects are not accessed for 30 days
Archive Instant Access Tier: objects are not accessed for 90 days

You can also configure additional tiers for the Intelligent Tiering:

Archive Access Tier: objects not accessed >=90 days
Deep Archive Access Tier: objects not accessed >=180 days

📚 Learn more: AWS S3 documentation

AWS Elastic Load Balancer and Auto Scaling Group - Basics

Anja — Thu, 15 Dec 2022 14:42:50 +0000

Before understanding Elastic Load Balancers(ELB) and Auto Scaling Groups we need to look at a few definitions.

Scalability: Increase or decrease a system`s performance in response to a greater or smaller load

Vertical Scaling: Changing the power of an instance by switching the type. The type might have more RAM or CPU for example. Increasing the power means to scale up, decreasing it to scale down.

Horizontal Scaling: Increase ("scale out") or decrease ("scale in") the number of AWS instances.

High Availability: Run an app in at least 2 Availabilty Zones. If there's a disaster in one of the AZs the second one is still available.

Elastic Load Balancer /ELB

An Elastic Load Balancer is a server that forwards the traffic to multiple instances. The ELB serves as a single point of access for clients. It performs health checks on the instances and forwards the traffic only to the healthy ones. ELBs can offer a high availability across Availability Zones and AWS takes care of their maintenance. You only need to configure the ELB according to your needs. Its possible to create your own custom Load Balancer, but then you have to maintain it yourself so its more time consuming.

There are four types of Load Balancers:

Application Load Balancer - works on layer 7 of the OSI model
Network Load Balancer - functions on layer 4
Gateway Load Balancer - layer 3, forwards traffic to 3rd Party security virtual apps. Only when the security checks pass, the traffic is forwarded to the destination
Classic Load Balancer (retires in 2023) - layer 4 and 7

Auto Scaling Groups / ASG

An Auto Scaling group contains EC2 instances that are treated as a group for automatic scaling and it can automatically scale in or out depending on the load. When scaling out, instances are added, when scaling in, instances are removed. New instances can be auto-registered to your Load Balancer. Unhealthy instances can be replaced by the ASG.

Scaling Strategies

There are a few scaling strategies that can be used:

Manual scaling: change size manually
Simple/ Step Scaling: choose threshold values for CloudWatch alarms that invoke the scaling process. E.g.: when the CPU utilization is >80%, add 2 instances
Target tracking Scaling: specify an Amazon CloudWatch average utilization value for your app, e.g. the CPU utilization should stay at 70% for each instance
Scheduled Scaling: E.g. each Friday at 5 p.m. add 2 instances for 4 hours.
Predictive Scaling: uses machine learning to predict capacity requirements based on data from CloudWatch and adjusts the number of instances accordingly

Amazon EC2 Storage - Basics

Anja — Tue, 13 Dec 2022 13:42:13 +0000

Let's have a look at EC2 Storage. There are different storage options for EC2 instances.

💾 EBS Volumes

An EBS volume is a network drive that can be attached to an instance. It stores data even after the termination of the instance, when you configure it to. EBS volumes are bound to a specific availabilty zone. If you want to move an EBS volume to a different Availability zone(AZ) you need to create a snapshot first and then copy it to the new AZ. You can also detach an EBS volume to attach it to a different instance.

💾 EC2 Instance Store

The EC2 instance store is a temporary storage for your instance. It is located on disks that are physically attached to the host computer. If you need a high-performance disk, this option is a good choice. The instance store gets deleted when your instance is stopped.

📁 EFS - Elastic File Storage

EFS is a scalable shared file system that can be mounted to a lot of EC2 instances. It works across multiple Availability Zones. EFS Infrequent Access (EFS-IA) is a storage class that is less expensive than EFS Standard. Its fitting when your instance doesn't access your files every day. When you enable Amazon EFS Lifecycle Management for your file system, Amazon EFS will automatically move your files to the lower cost storage class based on the last time they were accessed.

📁 Amazon FSx

Amazon FSx is a service to launch high-performance file systems on AWS. There are three different options: FSx for Lustre, FSx for Windows File Server and FSx for NetApp ONTAP. FSx for Lustre can be used for High-Perfomance Computing (HPC) and needs to run on Linux based instances.

💻 AMI - Amazon Machine image

An Amazon Machine Image (AMI) is an image from AWS that provides the information required to launch an instance. You can also create your own customized image. On the AWS Marketplace you can find and buy AMIs which have been created by a third party. AMIs can be build from your instances.

AWS IAM / Identity Access Management - Basics

Anja — Sat, 10 Dec 2022 15:06:53 +0000

Let's learn about AWS IAM - Identity Access management basics.

With IAM you can define who or what can access services and resources in AWS. For each person you should create a separate user. Users can be grouped, but groups can't contain other groups.

You can create policies which define permissions for users or groups in a JSON document. Always keep in mind the principle of least privilege. The user should only get as many rights as needed. Inline policy is a policy that only applies to one user.

Here is an example of a policy from the AWS website:


{
  "Version": "2012-10-17",
  "Statement": [{
    "Sid": "1",
    "Effect": "Allow",
    "Principal": {"AWS": ["arn:aws:iam::account-id:root"]},
    "Action": "s3:*",
    "Resource": [
      "arn:aws:s3:::mybucket",
      "arn:aws:s3:::mybucket/*"
    ]
  }]
}

Version is the version of the policy language that you want to use. Sid is an optional identifier, the effect can be Allow or Deny. The principal is the user, role or account that the policy shall apply to. Action lists the actions that are allowed or denied. Resource lists the resources and there can also be conditions that specify when the policy is applied. In the example above we don`t have a condition.

MFA

There is the possibility to use Multi-Factor-Authentication which is strongly recommended. Apply it for the root account and all IAM users. You can use a virtual MFA device, like e.g. the app Authy or a physical MFA device. One possible physical MFA device is a universal 2nd factor(U2F) security key, e.g. the YubiKey.

Access AWS

There are three ways to access AWS:

AWS Management Console
AWS CLI/ Command Line Interface
AWS Software Development Kit (SDk)

For the options 2 and 3 you need to generate an access key, which you can do in the AWS Console.

IAM role

An IAM role is a permission that you can assign to an AWS service to enable the service to perform an action. An example is the Lambda Function role.

Security tools

With the IAM credentials report you can list all the users of your account and check the status of their credentials.
To check the service permissions of your users and when the services were last accessed, use the IAM access advisor.

Learn more: AWS IAM documentation

5 tips for a great software documentation

Anja — Wed, 26 Oct 2022 05:43:44 +0000

👩🏻‍💻Describe what your program does from start to finish. It needs to be so detailed that you could implement it based on the description.

📊Include architectural diagrams to enhance the understanding

📝Write down the steps of how to install, update and run the software

🖼Add screenshots

🖥Add infos about the servers used for development, testing and production

What would you like to add?

Python GUI with Tkinter - Calculator app

Anja — Mon, 22 Nov 2021 05:43:34 +0000

Hey everyone! Today I show you how you can create a calculator with a GUI. We are using Tkinter for this. Have a nice day! :)

➤ Github: https://github.com/Lumary2/Python/blob/master/calculator.py
➤ Tkinter Doc: https://docs.python.org/3/library/tk.html

How to write your first Bash Script

Anja — Fri, 20 Aug 2021 12:10:31 +0000

Hi everyone! Today Im showing you an introduction to bash/shell scripting. Shell scripts can be used for executing one or more commands or for task automation e.g. Have a nice day! :)

➤ Timestamps:
0:00 Introduction
0:31 creating the sortinghat script
3:50 make script executable and run it

Github: https://github.com/Lumary2/YoutubeTutorials

How I switched careers to Software Engineering

Anja — Sat, 03 Jul 2021 10:08:44 +0000

Hey everyone! Today I talk about how I switched careers from law to Software Engineering. In Germany you have different education paths and I tell you more about dual studies and an education at a company.

➤ Timestamps:
Introduction 0:00
Education for programmers: 0:55
Dual studies: 1:50
Application process: 2:10

Study/life updates playlist:
➤ https://youtube.com/playlist?list=PLWzVVoNwuhYlpGBw12JP-h8-hwjkBrco6

Build a Command Line interface with Python Click

Anja — Sun, 30 May 2021 13:42:56 +0000

Hey everyone! Today I show you how you can create a CLI (Command line interface) with Pythons Click library.

Find the documentation with example code here:

https://click.palletsprojects.com/en/8.0.x/quickstart/

➤ Timestamps
0:00 Intro
0:13 Set up virtual environment, install Click
0:55 click command, option and argument
3:36 click group

Solving Merge Conflicts with Pycharm

Anja — Sun, 09 May 2021 14:26:57 +0000

Hi everyone! Today I show you how you can solve merge conflicts in Pycharm. Take care and stay healthy! :)

➤ Timestamps
0:00 Intro
0:15 Provoking a conflict
1:15 Solving the conflict

Find me also here:
➤ https://www.instagram.com/lumarycodes/
➤ My Blog: https://lumarycodes.wordpress.com/

Flask app with postgreSQL

Anja — Sat, 01 May 2021 03:44:26 +0000

Hi! In my video I'm showing you a Flask app that I have connected with PostgreSQL. We are also using pgadmin4, Psycopg2 (a database adapter) and SQLAlchemy. Have a nice day! :)

➤Code:
https://github.com/Lumary2/Python/tree/master/Python_HTML_flask

➤Timestamps:
0:00 Introduction
0:16 Which libraries we use
1:37 Tutorial overview
2:10 Flask app
8:33 Create table, post and get data
12:12 Solve error "connection refused"
Postgres conf file (path Manjaro): /var/lib/postgres/data/postgres.conf
ArchWiki: https://wiki.archlinux.org/index.php/PostgreSQL