Read this before taking your AWS SysOps Certification exam…

The AWS SysOps Administrator Associate Certificate may seem like the opposite of “serverless,” but in many real-world serverless applications, “server-full” and serverless resources are used in combination. At Serverless Guru, for example, we have some customers who use AWS Lambda for computing but RDS instances within a VPC for the database.

If your serverless resources are interacting with a VPC, SysOps skills can be invaluable. Plus, the SysOps certification does also cover topics that are relevant for monitoring your “purely serverless” resources such as Lambda and S3.

Here are some tips that have helped me work with hybrid serverless environments and in my SysOps Administrator Associate exam, which I just passed this week.

Understanding Targets and Destinations in the Routing Table

• In a Route Table, the destination is always a CIDR block (like 0.0.0.0/0).
• And the target is often the logical ID of an AWS resource (like igw-xxxxxxxx) for the internet gateway).

Example in a private subnet’s route table:

  
Destination: 0.0.0.0/0 Target:i-2c2304np
  

Here i-2c2304np is the logical id of a NAT gateway. Any traffic from this private subnet that’s destined for the internet (0.0.0.0/0) will go to the NAT gateway. A NAT gateway allows an AWS resource’s private IP address to be “translated” so it can reach the internet.

The Super Simple Math of Netmasks

You can assign a netmask of /16 (65,536 IP addresses) to /28 (16 IP addresses) for your AWS VPCs and subnets.

How many IP addresses do you get with a netmask of /25?

  
32 – 25 = 7
  

Then take that 7 and

  
2⁷ = 128
  

So a netmask of /n has 2^(32-n) IP addresses. And /n can be between 16 and 28.

Where does that 32 come from? An IP address has 32 possible binary values: 00000000.00000000.00000000.00000000.

Where does the 2^ come from?

Each of the four groups of 8 zeros (octets) listed above represent 256, 128, 64, 32, 16, 8, 4, 2, in other words, the powers of 2.

AWS typically uses about 5 IP addresses of those IP addresses, to help you manage your network. So, with a netmask of /n, you have 2^(32-n) - 5usable IP addresses.

CloudFront Prevents Website Crashes for EC2-Based Websites — Not Just for S3 Websites

S3 Static Site Hosting is a great solution for hosting your website’s frontend. Serverless Guru engineers have written about using that service for React and Angular.

S3 works smoothly with CloudFront, AWS’s Content Delivery Network (CDN). It’s a way to bring those websites closer, and therefore faster, to your users.

Because of the power of AWS’s Edge Locations that make up its CDN, CloudFront can play a huge role in defending against DDoS attacks. CloudFront is so powerful, that it can sometimes absorb enough traffic to make a DDoS attacker give up and move on to an easier target.

Psst, by the way…AWS Shield is AWS’s dedicated DDoS protection service.

But what if you’re not that serverless yet, and you’re still hosting your website on EC2?

No problem. You can still take advantage of the power of CloudFront, by making your EC2 instance the origin of your CloudFront distribution. Just use your EC2 instance’s “Public DNS (IPv4)” as the “Origin Domain Name” when you’re setting up your CloudFront distribution.

The AWS Personal Health Dashboard

Monitoring and troubleshooting is a big part of SysOps. The AWS Service Health Dashboard displays the health status of all regions and services. And the Personal Health Dashboard is a hub for AWS service announcements relevant to your resources.

Monitor Your Resources Every Second? 🤩

You may have known about the basic 5-minute monitoring CloudWatch provides, and the detailed 1-minute monitoring. But CloudWatch custom metrics also provides the option of 1-second, 5-second, 10-second, 30-second, or any multiple of 60-second intervals. Share your custom metrics story in the comments!

Difference between Trusted Advisor and Config and Artifact

AWS Trusted Advisor

• Recommendations to optimize your AWS resources in terms of cost, performance, security, etc.
• Full set of recommendations comes only with Business and Enterprise Support plans.

AWS Artifact

• Free.
• Not for monitoring.
• Good for highly regulated industries, because it provides the legal documents that say AWS is compliant with certain regulations.

AWS Config

• View the history of changes of any or all of your AWS resources as they relate to rules you choose. There are 52 preset rules that define AWS best practices that you can choose from.
• You can also define custom rules.
• Helps you become aware of resources that are not following best practices.
• Available to all plans. Pay for what you use.

‍