Rocking+System+Design+Course+Slides v2
Rocking+System+Design+Course+Slides v2
cloudwithraj.com
Cloud With Raj
cloudwithraj
linkedin.com/in/rajdeep-sa-at-aws/
Instructor Bio:
Sr. Solutions Architect @
Bestselling Udemy/Pluralsight author
Tech Advisor of crypto startup
Public speaker and guest lecturer
Author of multiple official AWS blogs
YouTuber with 30K subscribers
Previously - Distinguished Cloud Architect @Verizon
Opinions are my own
SECTION1: SYSTEM DESIGN
BASICS
- Wikipedia
store/get
Monolith
API
store/post Gateway/Load Entry function check the Database
balancer url/path and executes logic
store/delete accordingly
API Monolith
store/post Gateway/Load Database
balancer (Running on VM)
store/delete
CPU
Amazon EC2
(M5.12xlarge)
API Monolith
store/post Gateway/Load Database
balancer (Running on VM)
store/delete
CPU
Amazon EC2
(M5.12xlarge)
store/get
Monolith
Monolith
(Running on VM)
API
store/post Gateway/Load (Running on VM)
Database
balancer
store/delete
CPU CPU
store/get backend
store/get (smaller VM1) (t3.large)
API
store/post store/post backend
Gateway/Load Database
(smaller VM2)
balancer
store/delete
(t3.medium)
store/delete backend
(smaller VM3)
(t3.micro)
API
store/post store/post backend Datab
Gateway/Load
(smaller VM2) ase
balancer
store/delete
(t3.medium)
store/delete backend Datab
(smaller VM3) ase
(t3.micro)
store/get backend
store/get (smaller VM1) (t3.large)
API
store/post store/post backend
Gateway/Load Database
(smaller VM2)
balancer
store/delete
(t3.medium)
store/delete backend
(smaller VM3)
(t3.micro)
(t3.micro)
Polyglot
(t3.micro)
Amazon EC2
Amazon EC2
Amazon EC2
Amazon EC2
store/post
Elastic Load Balancing
AWS Lambda
Elastic Load Balancing
store/post
AWS Lambda
store/delete
Amazon API Gateway
AWS Lambda
store/delete
Amazon API Gateway Amazon Elastic Container
Service
store/get
ServiceA
store/post
ServiceB
Ingress ALB
store/delete
ServiceC
store/post
Amazon EC2
ALB
store/delete
AWS Lambda
Amazon EC2
10.10.100.200
Amazon EC2
10.10.110.200
Amazon EC2
10.10.120.200
Amazon EC2
10.10.150.200
Amazon EC2
10.10.120.200
Amazon EC2
10.10.150.200
Amazon EC2
10.10.120.200
Amazon EC2
10.10.130.200
X
Amazon EC2
10.10.150.200
Amazon EC2
10.10.120.200
Amazon EC2
10.10.130.200
X
Amazon EC2
10.10.150.200
Amazon EC2
10.10.120.200
Amazon EC2
10.10.130.200
AWS Lambda
AWS Lambda
Elastic Load Balancing
123xyz.com
AWS Lambda
AWS Lambda
AWS Lambda
Elastic Load Balancing
123xyz.com
Amazon Route 53
• “Elastic”
Amazon EC2
10.10.150.200
Amazon EC2
10.10.120.200
Amazon EC2
www.store.com
www.store.com/get
www.store.com/post
www.store.com/delete Amazon EC2
www.store.com/get
Amazon EC2 Amazon EC2
www.store.com/post
www.store.com
www.store.com/delete
• Sticky session
www.store.com/get
Amazon EC2 Amazon EC2
www.store.com www.store.com/post
www.store.com/delete
AWS Lambda
• SSL passthrough
• Influenced by choices
• API Gateway REST API Private integration with NLB
with Private Link
• NLB supports EC2 instance and IP address as backend
target group
• ALB supports EC2, IP address, and Lambda
Waiter
Kitchen
Waiter
Kitchen
Kitchen
API
Amazon EC2
Bank/Airline Booking
Pre-defined input fields
Amazon EC2
Bank/Airline Booking
• Traffic management
• Load balancing
Amazon EC2
API
Amazon EC2
AWS Lambda
/insert
AWS EC2
API Gateway
AWS Lambda
/POST
/DELETE
AWS EC2
API Gateway ALB
Can implement rate limiting, bursting for No rate limiting, bursting capability
APIs
Integrate with AWS WAF for protection Integrate with AWS WAF for protection
Not possible to get a static IP address for Possible to get a static IP address for load
endpoint balancer endpoint
Accepts HTTPS traffic Accepts HTTP, HTTPS traffic
Able to do request validation, Not able to do request validation,
request/response mapping request/response mapping
Able to handle spiky traffic (default rate – Delay during spiky traffic, pre-allocate LCUs to
10k rps, 5k burst rate) avoid delay (charged extra)
Able to integrate with Lambda from different ALB is a regional service
region, even different AWS account
API Gateway ALB
Able to export/import APIs cross API No direct method to import/export rules for
platforms using swagger, Open API Spec cross platforms
3.0
Have extensive AuthN/Z integration – API Integration with any OIDC compliant IdP
Key, IAM, Cognito User Pool, Cognito (Cognito, LDAP etc.)
Identity Pool, external IdP
Able to cache responses Not able to cache responses
CPU
Your App in the
server
CPU
Your App in the
server
CPU
Your App in the
server
CPU
Your App in the
BIGGER server
CPU
Your App in the
BIGGER server
CPU
Your App in the
server
CPU
Your App in the
server
Application load balancer
CPU
Your App in the
server
Application load balancer
CPU
Your App in the
server
• Expensive
CPU
Your App in the
server
CPU
Your App in the
server
CPU
Your App in the
server
CPU
Your App in the
server
CPU
Your App in the
server
CPU
Your App in the
server
CPU
Your App in the
server
Application load balancer
CPU
Your App in the
server
• Cost effective
Application load balancer CPU
Your App in the
server • Legacy code needs to be refactored for
horizontal scaling
Put the VMs in auto scaling group and use load balancer
Pre-warm Load
ALB Ingress
Balancers
Use cluster
overprovisioner to
provision nodes
Autoscaler
Cluster
Amazon EC2
store/delete
Amazon API Gateway
AWS Lambda
This call
failed
Reached Limit
failed
Challenges
• All components of Synchronous architectures MUST scale together
• Consumer needs to resend transaction for re-processing
• Expensive
Amazon API Gateway Amazon Simple Queue AWS Lambda Amazon DynamoDB
Service
Advantages
• Each component can scale independently
• Retry built in
• Cost effective than synchronous architecture
● SQL Vs NoSQL
● AWS Database Options
● Amazon Aurora Vs DynamoDB
● Conclusion
SQL Vs NoSQL Database
SQL Database (RDBMS) NoSQL Database
Tables have predefined schema Schemaless
Holds structured data Holds structured and unstructured
data
Good fit for joins and complex Generally, not good fit for complex
queries multi table queries
Emphasizes on ACID properties Follows the Brewers CAP theorem
(Atomicity, Consistency, Isolation (Consistency, Availability and
and Durability) Partition tolerance )
Generally, scales vertically Generally, scales horizontally.
AWS DynamoDB scales
automatically!
Schema Vs Schemaless Schemaless
Schema
Amazon Aurora
Amazon DynamoDB
Note - You can always run your favorite non-AWS database on EC2
Amazon DynamoDB
Amazon Aurora Amazon DynamoDB
Choosing Multi-AZ & Read Replicas provide High Inherently replicates across three AZs - HA and
Availability Durable
Inherently Scalable, can handle more than 10
Vertical scaling. Serverless Aurora scales
trillion requests/day & peaks of more than 20
automatically, not as scalable as Dynamo.
million requests/second
Has integrated caches, can’t be adjusted Provides adjustable in-memory caching via
DAX
Enable backups, snapshots for DR Inherently durable, Point In Time Backups can
be enabled
TAKING IT ALL IN - RIGHT TOOL FOR RIGHT JOB!
Websockets
Client Server
$connect
Client Server
Client Server
API
Gateway/Load Backend Database
Balancer
Backend
API
(Running
Gateway/Load
complex Database
Balancer
queries)
Cache
Backend
API
(Returns data
Gateway/Load
from cache if
Balancer
present)
Database
Backend Cache
API (Fetch from
Gateway/Load DB and insert
Balancer into cache for
cache miss)
Database
Cache
API
Gateway/Load Backend
Balancer
Database
Amazon ElastiCache
Amazon CloudFront
Cache
Amazon Simple Storage
Service
(Static Content)
Amazon ElastiCache
Cache hit
Read Cache miss
Writes cache Amazon ElastiCache
Write
Write/Update to cache
Amazon ElastiCache
Write/Update to database
Amazon EC2
Amazon Aurora
• Database
• Load balancer
Amazon EC2
Auto Scaling
Group
AWS Lambda
Amazon EC2
Amazon EC2
• Don’t over index on cost when you design or answer interview question
X
Availability Zone 1 Availability Zone 2
X
Availability Zone 1 Availability Zone 2
X
Availability Zone 1 Availability Zone 2
X
Availability Zone 1 Availability Zone 2 Availability Zone 3
X X
Availability Zone 1 Availability Zone 2
X
Availability Zone 1 Availability Zone 2 Availability Zone 3
Single Server
Single Server
Single Server
Load Balancer
#
This is a
sample a1234xc67
message
Hash Function Fixed sized string
DynamoDB
Table
{
Partition key "Artist":"Dua Lipa",
Sort key "Song":"Levitating",
"Album":"Future Nostalgia",
"Year":2020,
"SongRating":4.8,
"Genre":"Pop"
}
DynamoDB Partitions
{
"Artist":"Dua Lipa",
"Song":"Levitating",
"Album":"Future Nostalgia",
"Year":2020, f(x)
"SongRating":4.8,
"Genre":"Pop" Hash Function
} (on partition key)
f(x)
Hash Function
(on partition key)
{
"Artist":"Dua Lipa",
"Song":"Levitating",
"Album":"Future Nostalgia",
"Year":2020,
"SongRating":4.8,
"Genre":"Pop"
}
f(x)
Hash Function
(on partition key)
{
{ "Artist":"Dua Lipa",
"Artist":"Queen", "Song":"Levitating",
"Song":“We Will Rock You", "Album":"Future Nostalgia",
"Album":“News of the world", "Year":2020,
"Year":1977 "SongRating":4.8,
} "Genre":"Pop"
}
{
"Artist":"Dua Lipa",
"Song":"Pretty Please",
"Album":"Future Nostalgia",
"Year":2020
}
{
{ "Artist":"Dua Lipa",
"Artist":"Queen", "Song":"Levitating",
"Song":“We Will Rock You", "Album":"Future Nostalgia",
"Album":“News of the world", "Year":2020,
"Year":1977 "SongRating":4.8,
} "Genre":"Pop"
}
{
"Artist":"Dua Lipa",
"Song":"Pretty Please",
"Album":"Future Nostalgia",
"Year":2020
}
Database
Database
m5.large
ID NAME PRICE
1 Alarm clock 25
2 Chair 20
3 Chocolate 10
4 TV 400
5 Couch
Copyright © Rajdeep Saha - All Rights Reserved
100
Elastic Load Balancing
Database
m5.large
ID NAME PRICE
1 Alarm clock 25
2 Chair 20
3 Chocolate 10
4 TV 400
5 Couch
Copyright © Rajdeep Saha - All Rights Reserved
100
Elastic Load Balancing
Database
m5.2xlarge
ID NAME PRICE
1 Alarm clock 25
2 Chair 20
3 Chocolate 10
4 TV 400
5 Couch
Copyright © Rajdeep Saha - All Rights Reserved
100
Elastic Load Balancing
Database
m5.large
ID NAME PRICE
1 Alarm clock 25
2 Chair 20
3 Chocolate 10
4 TV 400
5 Couch
Copyright © Rajdeep Saha - All Rights Reserved
100
Database Sharding
ID NAME PRICE
1 Alarm clock 25
2 Chair 20 Database
3 Chocolate 10
m5.large
4 TV 400
5 Couch 100
1Hour 1Hour
Backup at 1 PM Backup at 2 PM
Storage
Backup at 1 PM
Storage
30 min 30 min
Replication
Application
Application
https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-options-
in-the-cloud.html
Copyright © Rajdeep Saha - All Rights Reserved
Backup Restore
https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-options-in-the-
cloud.html
Copyright © Rajdeep Saha - All Rights Reserved
Pilot Light
https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-options-in-the-
cloud.html
Copyright © Rajdeep Saha - All Rights Reserved
Warm Standby
https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-options-in-the-
cloud.html
Copyright © Rajdeep Saha - All Rights Reserved
Multi-site Active/Active
https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-options-in-the-
cloud.html
Copyright © Rajdeep Saha - All Rights Reserved
SECTION 2 – REUSABLE
PARTS OF SYSTEM
DESIGN
Application
Layer
(Backend)
Database
Application
Layer
(Backend)
Database
Application
Layer Bunch of Business Logic
(Backend)
Database
Application
Layer
(Backend)
Database
Database
50.60.70.80
Database
Database
Database
Database
Private Subnet
Private Subnet
Private Subnet
Amazon EC2 Amazon EC2
Appserver Appserver
Database
Private Subnet
Amazon EC2
• NACL Webserver
Amazon EC2
Webserver
• Security Group
Private Subnet
Private Subnet
Amazon EC2 Amazon EC2
Appserver Appserver
Database
Private Subnet
Databases
Auto Scaling Group
Availability Zone 1 Availability Zone 2
Private Subnet
Amazon EC2 Amazon EC2
Appserver Appserver
Database
Private Subnet
Private Subnet
Amazon EC2 Amazon EC2
Appserver Appserver
Amazon Aurora
Copyright © Rajdeep Saha - All Rights Reserved
Database Optimization Public Subnet
Private Subnet
• Query Tuning
Auto Scaling Group
Availability Zone 1 Availability Zone 2
Private Subnet
Amazon EC2 Amazon EC2
Appserver Appserver
Amazon Aurora
Copyright © Rajdeep Saha - All Rights Reserved
Presentation Layer
Elastic Load Balancing
Amazon Aurora
Copyright © Rajdeep Saha - All Rights Reserved
Three-Tier Architecture
with Serverless
Amazon Aurora
Copyright © Rajdeep Saha - All Rights Reserved
Presentation Layer
Static Content
Application Layer
Amazon API Gateway
AWS Lambda
Database
Amazon Aurora
Copyright © Rajdeep Saha - All Rights Reserved
Three-Tier Architecture
with Kubernetes
Amazon Aurora
Copyright © Rajdeep Saha - All Rights Reserved
ALB Ingress
Presentation Layer
Autoscaler
Elastic Load Balancing
Cluster
Availability Zone 1 Availability Zone 2
ALB Ingress
Application Layer
Amazon Aurora
Copyright © Rajdeep Saha - All Rights Reserved
Data Analytics System Design
on
AWS
Collect Reports
Transform Query
Data and insight
Collect Reports
Transform Query
Data and insight
Crawler
Redshift
Spectrum
Amazon Kinesis Amazon Simple Storage AWS Glue Amazon Simple Storage Amazon Redshift
Data Firehose Service Service
Amazon Redshift
Amazon Redshift
Amazon RDS
Amazon EMR
Database running
on Amazon EC2
Crawler
Amazon Kinesis
Data Streams
SQL
Amazon Kinesis
Java, Scala, Python Amazon Kinesis Amazon Simple Storage
Data Analytics Data Firehose Service
Amazon Managed
Streaming for Kafka
Collect Reports
Transform Query
Data and insight
Collect Reports
Transform Query
Data and insight
Amazon Elasticsearch
Service Amazon SageMaker
Amazon Simple
Storage Service
Copyright © Rajdeep Saha - All Rights Reserved
Using Well Architected for
Performance/Cost Optimization
(Challenge Faced Question)
• Measure
• Remediate
• Measure
• Define KPI
• Send alarms
• Remediate
• Configuration
• Code
• Measure
• Define KPI
• Send alarms – CloudWatch Alarm
• Remediate
• Configuration – Used home grown algorithm/compute optimizer to optimize EC2
capacity
• Code
• Measure
• Define KPI – found which section is taking longer
• Send alarms
• Remediate
• Configuration
• Code – Moved database connection to global section
Database
Encryption Key
Encryption Algorithm
Plaintext Encrypted
Client Side Encryption
Your Application running in EC2 or
Onprem
A4$x
Bob acvf4
1234
Plaintext Encrypted
A4$xacvf
4
Encrypted
AWS Storage
S3, EBS, RDS etc.
Server Side Encryption
Your Application running in EC2 or Onprem
Bob
1234
Plaintext
Bob
1234 HTTPS
Plaintext
AWS Storage
A4$x
acvf4
Encrypted
Managing Key Yourselves
Encryption Key
Plaintext Encrypted
Encryption Algorithm
Data Key Data Key
Managing Key Yourselves
Encryption Key
Encryption Key
Encryption Algorithm
Plaintext Encrypted
Envelope Encryption
Customer
Master Key
Plaintext Encrypted
Encryption Algorithm
Data Key Data Key
AWS KMS
● AWS Managed
Plaintext Encrypted
Encryption Algorithm
Data Key Data Key
AWS Managed CMK Customer Managed CMK
● Identified by ● Can be given any name
aws/servicename
● AWS generated ● Customer created
● Can’t be deleted ● Can be
deleted/enabled/disabled
● Can’t be baked into ● Can baked into custom
custom roles roles
● Rotated once every 3 ● Rotated once a year
years automatically automatically or manually
Security at Transit
Client
Server
Client
ServerHello
ClientHello
Send server certificate
Server
Server
Server
Server
Server
Server
Server
Actual communication
begins
Server
Server
For MTLS:
• Client validates Server cert
• Server also validate Client cert
CA stored in Server
Server
For MTLS:
• Client validates Server cert
• Server also validate Client cert
Server
Amazon API Gateway
For MTLS:
• Client validates Server cert
• MTLS is used for B2B
• Server also validate Client cert
For MTLS:
• Client validates Server cert
• Server also validate Client cert
Server
Amazon API Gateway
HTTPS
Amazon EC2
HTTPS
Server
SSL/TLS Terminates
Amazon EC2
HTTPS
• API Gateway can create an SSL
cert for backend
Server
SSL/TLS Terminates
• Backend server needs to
Amazon API Gateway AWS Certificate Manager
validate the cert
HTTPS
Amazon EC2
HTTPS
Amazon EC2
HTTPS
• ALB can accept either HTTP or
HTTPS traffic from client
Server
SSL/TLS Terminates
(SSL Offloading)
ALB
• SSL/TLS will terminate at ALB
AWS Certificate Manager
• Backend traffic within AWS
HTTP network
Amazon EC2
HTTPS
HTTPS
Amazon EC2
Firewall
Alert
IDS
Application
Firewall
Alert
IDS
Application
Firewall Firewall
Alert
Alert
IDS IPS
Quarantine
Delete
Application Application
Firewall Firewall
Alert
Alert
IDS IPS
Quarantine
Delete
Application Application
Firewall Firewall
Alert
Alert
IDS IPS
Quarantine
Delete
Application Application
AI/ML Analysis of
Traffic
Amazon EC2
(Running IDS)
Amazon EC2
(Running Application)
AI/ML Analysis of
IDS Traffic
Amazon EC2
(Running Application + IDS Agent)
Analysis of Logs
Amazon EC2
(Running Application)
Firewall Firewall
Alert
Alert
IDS IPS
Quarantine
Delete
Application Application
Amazon EC2
(Running IPS)
Amazon EC2
(Running Application)
Amazon EC2
(Running Application)
Goes to bit.ly
Short URL saved into a database
Primary Key
Amazon Aurora
Copyright © Rajdeep Saha - All Rights Reserved
Basic Functionality - Retrieving
Goes to bit.ly
Looks up long URL and redirects
Primary Key
Amazon Aurora
Copyright © Rajdeep Saha - All Rights Reserved
High Level Diagram
Amazon Aurora
Copyright © Rajdeep Saha - All Rights Reserved
Some Math!
Already exists
Randomly generated short URL
Long URL
Already exists
Randomly generated short URL
Amazon EC2
Inserted okay
Already exists
Randomly generated short URL Same short URL Another
Long URL Long URL
Already exists
Amazon EC2 Randomly generated short URL
Amazon EC2
Inserted okay
• Hash algorithm
• Same input strings will always generate same output string
• Two different strings can NOT produce the same output
• 42 bits to 7 characters
1101…. (Total 42 bits)
=21+21+20+21 + …
=12345
• For each URL shortening request if the application has a unique number between
1 - 3.5 Trillion as input, the output will be unique
• For each URL request use a number, then increment it by one for the next request
3,500,000,000,000/1,000,000
=3,500,000
Amazon EMR
Each EC2 grabs a range
when it comes up
Amazon Aurora
Copyright © Rajdeep Saha - All Rights Reserved
Requirements/Design Spec
REQUIREMENTS DESIGN SPEC
• Product catalog • Scalable
Application Layer
Amazon API Gateway
AWS Lambda
Database
Amazon Aurora
Copyright © Rajdeep Saha - All Rights Reserved
Presentation Layer
Static Content
Application Layer
Amazon API Gateway
AWS Lambda
Browse Buy
Database
Application Layer
Amazon API Gateway
AWS Lambda
Browse
Buy
Database
Presentation Layer
Static Content
Application Layer
replica, caching, global database in mind
Amazon API Gateway
AWS Lambda
Browse
Buy
Database
ShoppingCart
CartID PersonLogin ProductID
10000 John.Wilson 100
10000 John.Wilson 200
20000 Tina.Smith 300
Application Layer
Amazon API Gateway
AWS Lambda
Browse
Buy
Database
Presentation Layer
Amazon CloudFront Amazon Simple Storage
Service
Application Layer
Amazon API Gateway
Database
DB DB DB
Presentation Layer
Amazon CloudFront Amazon Simple Storage
Service
Application Layer
Amazon API Gateway
DB DB DB
Presentation Layer
Amazon CloudFront Amazon Simple Storage
Service
Application Layer
Amazon API Gateway
Database
DB DB DB
Presentation Layer
Amazon CloudFront Amazon Simple Storage
Service
Application Layer
Amazon API Gateway
Amazon SQS
Database
DB DB
DB
• Collaborative Filtering
Data at Rest DB DB DB