Amazon EFS vs Amazon FSx for Windows vs Amazon FSx for Lustre

 

Amazon EFS	Amazon FSx for Windows File Server	Amazon FSx for Lustre
• Amazon EFS is a serverless, scalable, high-performance file system in the cloud. • EFS file systems can be accessed by Amazon EC2 Linux instances, Amazon ECS, Amazon EKS, AWS Fargate, and AWS Lambda functions via a file system interface such as NFS protocol. • Amazon EFS supports file system access semantics such as strong consistency and file locking. • EFS file systems can automatically scale in storage to handle petabytes of data. With Bursting mode, the throughput available to a file system scales as a file system grows. Provisioned Throughput mode allows you to provision a constant file system throughput independent of the amount of data stored. • EFS file systems can be concurrently accessed by thousands of compute services without sacrificing performance. • Common use cases for EFS file systems include big data and analytics workloads, media processing workflows, content management, web serving, and home directories. • Amazon EFS has four storage classes: Standard, Standard Infrequent Access, One Zone, and One Zone Infrequent Access • You can create lifecycle management rules to move your data from standard storage classes to infrequent access storage classes. • Every EFS file system object of Standard storage is redundantly stored across multiple AZs. • EFS offers the ability to encrypt data at rest and in transit. Data encrypted at rest using AWS KMS for encryption keys. Data encryption in transit uses TLS 1.2 • To access EFS file systems from on-premises, you must have an AWS Direct Connect or AWS VPN connection between your on-premises datacenter and your Amazon VPC.	• Amazon FSx for Windows File Server is a fully managed, scalable file storage that is accessible over SMB protocol.  • Since it is built on Windows Server, it natively supports administrative features such as user quotas, end-user file restore, and Microsoft Active Directory integration. • FSx for WFS is accessible from Windows, Linux, and MacOS compute instances and devices. Thousands of compute instances and devices can access a file system concurrently. • FSx  for WFS can connect your file system to Amazon EC2, Amazon ECS, VMware Cloud on AWS, Amazon WorkSpaces, and Amazon AppStream 2.0 instances. • Every file system comes with a default Windows file share, named “share”. • Common use cases for FSx for WFS include CRM, ERP, custom or .NET applications, home directories, data analytics, media and entertainment workflows, software build environments, and Microsoft SQL Server. • You can access FSx file systems from your on-premises environment using an AWS Direct Connect or AWS VPN connection between your on-premises datacenter and your Amazon VPC.  • You can choose the storage type for your file system: SSD storage for latency-sensitive workloads or workloads requiring the highest levels of IOPS/throughput. HDD storage for throughput-focused workloads that aren’t latency-sensitive. • Every FSx for WFS file system has a throughput capacity that you configure when the file system is created and that you can change at any time. • Each Windows File Server file system can store up to 64 TB of data. You can only manually increase the storage capacity. • Your file system can be deployed in multiple AZs or a single AZ only. Multi-AZ file systems provide automatic failover. • FSx for Windows File Server always encrypts your file system data and your backups at-rest using keys you manage through AWS KMS. Data-in-transit encryption uses SMB Kerberos session keys.	• Amazon FSx for Lustre is a serverless file system that runs on Lustre ー an open-source, high-performance file system. • The Lustre file system is designed for applications that require fast storage. FSx for Lustre file systems can scale to hundreds of GB/s of throughput and millions of IOPS. FSx for Lustre also supports concurrent access to the same file or directory from thousands of compute instances. • Unlike EFS, storage capacity needs to be manually increased, and only every six hours can you do so. • Amazon FSx for Lustre also integrates with Amazon S3, which lets you process cloud data sets with the Lustre high-performance file system. • Common use cases for Lustre include machine learning, high-performance computing (HPC), video processing, financial modeling, genome sequencing, and electronic design automation (EDA). • FSx for Lustre can only be used by Linux-based instances. To access your file system, you first install the open-source Lustre client on that instance. Then you mount your file system using standard Linux commands. Lustre file systems can also be used with Amazon EKS and AWS Batch. • FSx for Lustre provides two deployment options:  Scratch file systems are for temporary storage and shorter-term processing of data. Data is not replicated and does not persist if a file server fails. Persistent file systems are for longer-term storage and workloads. The file servers are highly available, and data is automatically replicated within the AZ that is associated with the file system. • You can choose the storage type for your file system: SSD storage for latency-sensitive workloads or workloads requiring the highest levels of IOPS/throughput. HDD storage for throughput-focused workloads that aren’t latency-sensitive. • FSx for Lustre always encrypts your file system data and your backups at-rest using keys you manage through AWS KMS. FSx encrypts data-in-transit when accessed from supported EC2 instances.

Amazon Cognito User Pools vs Identity Pools

 With the proliferation of smartphones in our connected world, more and more developers are quickly deploying their applications on the cloud. One of the first challenges in developing applications is allowing users to log in and authenticate on your applications. There are multiple stages involved in user verification and most of these are not visible from the end-user. AWS provides an easy solution for this situation.

User Identity verification is at the core of Amazon Cognito. It provides solutions for three key areas of user identification: 

1. Authentication – provides users sign-up and sign-in options. Enables support for federation with Enterprise Identities (Microsoft AD), or Social Identities (Amazon, Facebook, Google, etc.)
2. Authorization – sets of permission or operations allowed for a user. It provides fine-grained access control to resources. 
3. User Management – allows management of user lifecycles, such as importing users, onboarding users, disabling users, and storing and managing user profiles.

In this post, we’ll talk about Cognito User Pools and Identity Pools, including an overview of how they are used to provide authentication and authorization functionalities that can be integrated on your mobile app.

Amazon Cognito User Pools

Amazon Cognito User Pools are used for authentication. To verify your user’s identity, you will want to have a way for them to login using username/passwords or federated login using Identity Providers such as Amazon, Facebook, Google, or a SAML supported authentication such as Microsoft Active Directory. You can configure these Identity Providers on Cognito, and it will handle the interactions with these providers so you only have to worry about handling the Authentication tokens on your app.

With Cognito User Pools, you can provide sign-up and sign-in functionality for your mobile or web app users. You don’t have to build or maintain any server infrastructure on which users will authenticate. 

This diagram shows how authentication is handled with Cognito User Pools:

1. Users send authentication requests to Cognito User Pools. 
2. The Cognito user pool verifies the identity of the user or sends the request to Identity Providers such as Facebook, Google, Amazon, or SAML authentication (with Microsoft AD).
3. The Cognito User Pool Token is sent back to the user. 
4. The person can then use this token to access your backend APIs hosted on your EC2 clusters or in API Gateway and Lambda.

If you want a quick login page, you can even use the pre-built login UI provided by Amazon Cognito which you just have to integrate on your application.

On the Amazon Cognito User Pool page, you can also manage users if you need to. You can reset the password, disable/enable users, and enroll/delete users or other actions needed for User Management. 

Amazon Cognito Identity Pools

Cognito Identity Pools (Federated Identities) provides different functionality compared to User Pools. Identity Pools are used for User Authorization. You can create unique identities for your users and federate them with your identity providers. Using identity pools, users can obtain temporary AWS credentials to access other AWS services. 

Identity Pools can be thought of as the actual mechanism authorizing access to AWS resources. When you create Identity Pools, think of it as defining who is allowed to get AWS credentials and use those credentials to access AWS resources.

This diagram shows how authorization is handled with Cognito Identity Pools:

1. The web app or mobile app sends its authentication token to Cognito Identity Pools. The token can come from a valid Identity Provider, like Cognito User Pools, Amazon, or Facebook. 
2. Cognito Identity Pool exchanges the user authentication token for temporary AWS credentials to access resources such as S3 or DynamoDB. AWS credentials are sent back to the user. 
3. The temporary AWS credentials will be used to access AWS resources. 

You can define rules in Cognito Identity Pools for mapping users to different IAM roles to provide fine-grain permissions. 

Here’s a table summary describing Cognito User Pool and Identity Pool:

Cognito User Pools	Cognito Identity Pools
Handles the IdP interactions for you	Provides AWS credentials for accessing resources on behalf of users
Provides profiles to manage users	Supports rules to map users to different IAM roles
Provides OpenID Connect and OAuth standard tokens	Free
Priced per monthly active user

Amazon Aurora vs Amazon RDS

 

	Aurora	RDS
Type of database	Relational database
Features	• MySQL and PostgreSQL compatible. • 5x faster than standard MySQL databases and 3x faster than standard PostgreSQL databases. • Use Parallel Query to run transactional and analytical workloads in the same Aurora database, while maintaining high performance. • You can distribute and load balance your unique workloads across different sets of Aurora DB instances using custom endpoints. • Aurora Serverless allows for on-demand, autoscaling of your Aurora DB instance capacity.	• Has several database instance types for different kinds of workloads and support five database engines – MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server. • Can use either General Purpose Storage and Provisioned IOPS storage to deliver a consistent IOPS performance
Maximum storage capacity	128 TB	64 TB for MySQL, MariaDB, Oracle, and PostgreSQL engines 16 TB for SQL Server engine
DB instance classes	• Memory Optimized classes – for workloads that need to process large data sets in memory. • Burstable classes – provides the instance the ability to burst to a higher level of CPU performance when required by the workload.	• Standard classes – for a wide range of workloads, you can use general purpose instance. It offers a balance of compute, memory, and networking resources. • Memory Optimized classes – for workloads that need to process large data sets in memory. • Burstable classes – provides the instance the ability to burst to a higher level of CPU performance when required by the workload.
Availability and durability	• Amazon Aurora uses RDS Multi-AZ technology to automate failover to one of up to 15 Amazon Aurora Replicas across three Availability Zones • Amazon Aurora Global Database uses storage-based replication to replicate a database across multiple AWS Regions, with typical latency of less than 1 second. • Self-healing: data blocks and disks are continuously scanned for errors and replaced automatically.	• Amazon RDS Multi-AZ deployments synchronously replicates your data to a standby instance in a different Availability Zone. • Amazon RDS will automatically replace the compute instance powering your deployment in the event of a hardware failure.
Backups	• Point-in-time recovery to restore your database to any second during your retention period, up to the last five minutes. • Automatic backup retention period up to thirty-five days. • Backtrack to the original database state without needing to restore data from a backup.	• The automated backup feature enables point-in-time recovery for your database instance. • Database snapshots are user-initiated backups of your instance stored in Amazon S3 that are kept until you explicitly delete them.
Scalability	• Aurora automatically increases the size of your volumes as your database grows larger (increments of 10 GB). • Aurora also supports replica auto-scaling, where it automatically adds and removes DB replicas in response to changes in performance metrics. • Cross-region replicas provide fast local reads to your users, and each region can have an additional 15 Aurora replicas to further scale local reads.	• The MySQL, MariaDB, SQL Server, Oracle, and PostgreSQL engines scale your storage automatically as your database workload grows with zero downtime. • Read replicas are available for Amazon RDS for MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server. Amazon RDS creates a second DB instance using a snapshot of the source DB instance and uses the engines’ native asynchronous replication to update the read replica whenever there is a change to the source. • Can scale compute and memory resources (vertically) of up to a maximum of 32 vCPUs and 244 GiB of RAM.
Security	• Isolate the database in your own virtual network via VPC. • Connect to your on-premises IT infrastructure using encrypted IPsec VPNs or Direct Connect and VPC Endpoints. • Configure security group firewall and network access rules to your database instances. • Integrates with IAM.
Encryption	• Encrypt your databases using keys you manage through AWS KMS. With Amazon Aurora encryption, data stored at rest is encrypted, as are its automated backups, snapshots, and replicas in the same cluster. • Supports the use of SSL (AES-256) to secure data in transit.	• Encrypt your databases using keys you manage through AWS KMS. With Amazon RDS encryption, data stored at rest is encrypted, as are its automated backups, read replicas, and snapshots. • Supports Transparent Data Encryption in SQL Server and Oracle. • Supports the use of SSL to secure data in transit
DB Authentication	• Password authentication • Password and IAM database authentication	• Password authentication • Password and IAM database authentication • Password and Kerberos authentication
Maintenance	• Amazon Aurora automatically updates the database with the latest patches. • Amazon Aurora Serverless enables you to run your database in the cloud without managing/maintaining any database infrastructure.	• Amazon RDS will update databases with the latest major and minor patches on scheduled maintenance windows. You can exert optional control over when and if your database instance is patched.
Monitoring	• Use Enhanced Monitoring to collect metrics from the operating system instance. • Use Performance Insights to detect database performance problems and take corrective action. • Uses Amazon SNS to receive a notification on database events.
Pricing	• A monthly charge for each database instance that you launch if you use on-demand. This includes both the instance compute capacity and the amount of storage being used. • Option to reserve a DB instance for a one or three-year term (reserve instances) and receive discounts in pricing.
Use Cases	• Enterprise applications – a great option for any enterprise application that uses relational database since it handles provisioning, patching, backup, recovery, failure detection, and repair. • SaaS applications – without worrying about the underlying database that powers the application, you can concentrate on building high-quality applications. • Web and mobile gaming – since games need a database with high throughput, storage scalability, and must be highly available. Aurora suits the variable use pattern of these apps perfectly.	• Web and mobile applications – since the application needs a database with high throughput, storage scalability, and must be highly available. RDS also fulfills the needs of such highly demanding apps. • E-commerce applications – a managed database service that offers PCI compliance. You can just focus on building high-quality customer experiences without thinking of the underlying database. • Mobile and online games – game developers don’t need to worry about provisioning, scaling, and monitoring of database servers since RDS manages the database infrastructure.

AWS support plans

 With hundreds of services and features, AWS provides a combination of various tools, technologies, programs and human resources to proactively help their customers. AWS offers various support plans that customers can choose from based on their needs.

AWS has 5 different Support Plans:

1. Basic
2. Developer
3. Business
4. Enterprise On-Ramp
5. Enterprise

The Basic Support plan is already available to all AWS customers by default and is free of charge. It also offers support for account and billing questions including requests for service limit increases. This AWS Support type includes the following:

• Customer Service & Communities – You have 24×7 access to customer service, AWS documentation, whitepapers, and support forums.
• AWS Trusted Advisor – This provides guidance on how to properly provision your AWS resources based on the best practices to further increase performance and improve the overall security of your cloud architecture. You are only provided access to the 7 core Trusted Advisor checks.
• AWS Personal Health Dashboard – This is a personalized view of the health status of each AWS service that you currently have. It also provides an alert when your resources are impacted by an AWS-initiated activity.

A Technical Account Manager (TAM) is a technical point of contact who provides advocacy and guidance to assist you in planning and building solutions in AWS using industry best practices. This person proactively coordinates and liaises your concerns to subject matter experts and product teams to ensure that your AWS environment operates optimally. 

Take note that a designated TAM is only available if you opt for the AWS Enterprise Support plan.

Comparison of AWS Support Plans

	DEVELOPER	BUSINESS	ENTERPRISE ON-RAMP	ENTERPRISE
Use Case	Recommended if you are experimenting or testing in AWS	Recommended if you have production workloads in AWS	Recommended if you have business and/or mission critical workloads in AWS
AWS Trusted Advisor Best Practice Checks	Service quota and security checks	Full set of checks
Architectural Guidance	General	Contextual to your use-cases	Consultative review and guidance based on your applications
Technical Account Management	X	X	A pool of Technical Account Managers to provide proactive guidance, and coordinate access to programs.	Designated Technical Account Manager (TAM) to proactively monitor your environment and assist with optimization.
Training	X	X	X	Access to online self-paced labs
Account Assistance	X	X	Concierge Support Team
Enhanced Technical Support	Business hours’ ‘ email access to Cloud Support Associates, Unlimited cases / 1 primary contact Prioritized responses on AWS re:Post	24×7 phone, email, and chat access to Cloud Support Engineers Unlimited cases / unlimited contacts (IAM supported) Prioritized responses on AWS re:Post
Programmatic Case Management	X	AWS Support API
Third-Party Software Support	X	Interoperability & configuration guidance and troubleshooting
Proactive Programs	Access to Support Automation Workflows with prefixes AWSSupport.	Access to Infrastructure Event Management for additional fee.  Access to Support Automation Workflows with prefixes AWSSupport.	Infrastructure Event Management (one-per-year) Access to Support Automation Workflows with prefixes AWSSupport and AWSPremiumSupport.	Infrastructure Event Management Access to proactive reviews, workshops, and deep dives. Access to Support Automation Workflows with prefixes AWSSupport and AWSPremiumSupport.

Customers with an Enterprise support plan are eligible for additional services that are not available in the Developer or Business plans. Aside from having a designated Technical Account Manager, you will also have the following benefits if you opt for an Enterprise-level support in AWS: 

• Infrastructure Event Management 
• Architecture Support
• White-glove case routing
• Management business reviews
• Concierge Support Team

Technical Support Response Times 

	DEVELOPER	BUSINESS	ENTERPRISE ON-RAMP	ENTERPRISE
Case Severity / Response Times*	General guidance: < 24 business hours**	General guidance: < 24 hours	General guidance: < 24 hours
	System impaired: < 12 business hours**	System impaired: < 12 hours	System impaired: < 12 hours
		Production system impaired: < 4 hours	Production system impaired: < 4 hours
		Production system down:  < 1 hour	Production system down:  < 1 hour
			Business-critical system down: < 30 minutes	Business-critical system down: < 15 minutes

You can also choose a type of AWS Support Plan based on your production workload. If you are only experimenting, testing or doing a Proof of Concept (POC) in AWS, it is recommended that you choose the Developer plan. If you have production workloads running in AWS, it is suitable to opt for the Business plan. Lastly, if you have mission-critical workloads, it is better to stick with an Enterprise plan because it provides the most efficient response times to support your systems.

With its Enhanced Technical Support, the Enterprise Support plan provides you with 24×7 access to the AWS Cloud Support Engineers via phone, chat, and email. You can also have an unlimited number of contacts that can open an unlimited amount of cases. AWS also provides you with a response time of less than 15 minutes in the event that your business-critical systems go down.