-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathaws_network.aws.txt
298 lines (227 loc) · 16.4 KB
/
aws_network.aws.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
┏━━━━━━━━━━━━━━━━━┓
┃ AWS_NETWORK ┃
┗━━━━━━━━━━━━━━━━━┛
SEE ALSO ==> #Doc for AWS general (and related)
┌─────────────────┐
│ IDEMPOTENCY │
└─────────────────┘
REQ.ClientToken #STR. Do not perform if already performed with same STR.
#Meant for idempotence.
#Only for some SERVICEs
#Sometimes called ClientRequestToken
#Only valid for a specific amount of time, e.g. 36h
#Usually limited to specific chars, usually always at least [:alnum:]-
#Often max 128 chars
REQ|RES.RevisionId #'REVISION_ID'. Changes each time a MACHINE is updated
#Update call fails if not matching
#I.e. can fetch it, then make update call, which fails if there was a concurrent update in-between
#Only for some SERVICEs, e.g. Lambda or Step Functions VERSION
DELETING RESOURCES ==> #Must delete other resources that use it first
┌──────────────────────────┐
│ EVENTUAL CONSISTENCY │
└──────────────────────────┘
EVENTUAL CONSISTENCY ==> #Most endpoints use eventual consistency:
# - action happens async, after response
# - effects takes time to propagate, i.e. different clients might return different results
#After change:
# - should test existence
# - with exponential retry delays up to a limit (e.g. 5 mins)
# - can be slow, i.e. avoid in critical paths
WAIT ==> #Most clients (but not REST API) implement wait methods.
#It calls an ACTION repeatedly until a specific condition fulfills.
#Does it NUM times (SERVICE-specific), every NUM seconds (SERVICE-specific)
#Using an exponential backoff, multiplying by 2 each time.
#Documented with the ACTION it repeats
#Client parameters:
# - same as ACTION
# - client-specific backoff|cancellation
┌──────────────────────────────┐
│ EVENTUAL CONSISTENCY SDK │
└──────────────────────────────┘
waitUntilWAITComplete
(WAIT_OPTS, COMMAND_OPTS) #Wait until WAIT complete
->>OBJ #COMMAND_OPTS are of the underlying COMMAND
OBJ.state #STR among:
# - 'SUCCESS'
# - 'FAILURE': condition failed
# - 'TIMEOUT': WAIT_OPTS.maxWaitTime
# - 'ABORTED': WAIT_OPTS.abortSignal
# - 'RETRY': too many attempts (NUM is COMMAND-specific)
OBJ.reason #STR
WAIT_OPTS.client #CLIENT
WAIT_OPTS.minDelay #NUM (in secs, def: 30) start of exponential backoff
WAIT_OPTS.maxDelay #NUM (in secs, def: 120) end of exponential backoff
WAIT_OPTS.maxWaitTime #Max NUM secs total (def: none)
WAIT_OPTS.abortSignal #ABORT_SIGNAL
┌──────────────────────────────┐
│ EVENTUAL CONSISTENCY CLI │
└──────────────────────────────┘
aws SERVICE WAIT-complete
aws SERVICE wait WAIT #Wait until WAIT complete
┌───────────┐
│ RETRY │
└───────────┘
SERVER ERROR RETRIES ==> #Should retry on 5**, with exponential backoff
#Could be due to throttling, transient network error, outage, etc.
#Different from retries which wait for eventual consistency
┌──────────────────┐
│ RETRY CONFIG │
└──────────────────┘
CONFIG.retry_mode #One of:
ENVVAR AWS_RETRY_MODE # - 'legacy'
# - retry on socket errors and throttling
# - exponential backoff multiplying by 2
# - 'standard' (def): same but also:
# - retry on quotas and timeouts
# - exponential backoff max 20s
# - 'adaptive': same but also:
# - backoff is error-specific
CONFIG.max_attempts
ENVVAR AWS_MAX_ATTEMPTS #NUM of retries (def: 5 with retry_mode 'legacy', 3 otherwise)
┌───────────────┐
│ RETRY SDK │
└───────────────┘
COPTS.retryMode|maxAttempts #Like CONFIG.*
amz-sdk-request [C] #'attempt=NUM; max=NUM' of retries
#Optional. Set by multiple SDKs
amz-sdk-invocation-id [C] #'UUID' not changed when doing retries
#Optional. Set by multiple SDKs
METADATA.attempts #NUM of retries
METADATA.totalRetryDelay #NUM of retry delay
┌───────────────┐
│ RETRY CLI │
└───────────────┘
--debug #Prints retries
┌───────────────┐
│ ABORT SDK │
└───────────────┘
SOPTS.abortSignal #ABORT_SIGNAL, stopping a single ACTION's underlying HTTP request
┌────────────────────┐
│ TIMEOUT CONFIG │
└────────────────────┘
CONNECTION TIMEOUT ==> #Timeout on TCP|TLS connection start
#Depends on CONFIG.defaults_mode:
# - 'in-region': 1s
# - else: 3s
# - 'mobile': 30s
┌─────────────────┐
│ TIMEOUT CLI │
└─────────────────┘
--cli-connect-timeout #NUM (secs, def: 60). Timeout for connection
--cli-read-timeout #NUM (secs, def: 60). Timeout, excluding connection
┌─────────────────┐
│ TIMEOUT SDK │
└─────────────────┘
*HOPTS|SOPTS.requestTimeout #NUM (in ms, def: 0) to timeout HTTP connection
#See AWS JavaScript doc for *HOPTS|SOPTS
┌────────────────────────┐
│ PERFORMANCE CONFIG │
└────────────────────────┘
CONFIG.tcp_keepalive #BOOL (def: false)
CONFIG.parameter_validation #BOOL (def: true). Validate request parameters
#Can disable for performance.
┌─────────────────────┐
│ PERFORMANCE SDK │
└─────────────────────┘
ENVVAR AWS_NODEJS_CONNECTION
_REUSE_ENABLED #If '1' (def), use a pool of TCP connections
COPTS.requestHandler #REQ_HANDLER. How HTTP requests are done.
#Def:
# - Node.js: node-http-handler
# - browsers: fetch-http-handler
#Can also directly pass *HOPTS instead of REQ_HANDLER:
# - most SERVICEs use NHOPTS in Node, FHOPTS in browser
# - some SERVICEs use N2HOPTS in Node, FHOPTS in browser
# - Kinesis, Lex Runtime v2, QBusiness, TranscribeStreaming
#Cached, i.e. if multiple CLIENTs, should:
# - pass same REQ_HANDLER instance as COPTS.requestHandler
# - not use *HOPTS shortcut syntax
@aws-sdk/node-http-handler #Use Node HTTP
new NodeHttpHandler([NHOPTS]) #REQ_HANDLER
NHOPTS.http[s]Agent #AGENT|AGENT_OPTS
#E.g. can set AGENT_OPTS.maxSockets NUM to parallelize HTTP requests
@aws-sdk/node-http2-handler #Use Node HTTP2
new NodeHttp2Handler
([N2HOPTS]) #REQ_HANDLER
N2HOPTS.sessionTimeout #Node HTTP2_SESSION.setTimeout()
N2HOPTS.maxConcurrentStreams #Like Node HTTP2 maxConcurrentStreams
N2HOPTS
.disableConcurrentStreams #BOOL (def: false)
@aws-sdk/fetch-http-handler #Use fetch()
new FetchHttpHandler([FHOPTS]) #REQ_HANDLER
@aws-sdk/xhr-http-handler #Use XHR
new XhrHttpHandler([XHOPTS]) #REQ_HANDLER
┌────────────────┐
│ TLS CONFIG │
└────────────────┘
CONFIG.ca_bundle
ENVVAR AWS_CA_BUNDLE #'PATH.pem'. Override CA certificate bundle
┌─────────────┐
│ TLS CLI │
└─────────────┘
--no-verify-ssl #BOOL (def: false)
--ca-bundle #Like CONFIG.ca_bundle
--debug #Prints TLS info
┌─────────────────┐
│ TLS LOGGING │
└─────────────────┘
LOG_EVENT.tlsDetails #TLS_DETAILS. With CloudTrail
TLS_DETAILS.tlsVersion #'TLSv1.*'
TLS_DETAILS.cipherSuite #STR, e.g. 'ECDHE-RSA-AES128-GCM-SHA256'
TLS_DETAILS
.clientProvidedHostHeader #Host [C], e.g. 'SERVICE_DOMAIN'
MANAGED_TRAIL_DASHBOARD #Includes QUERYs:
Management_Events # - TLS versions of last requests
# - top IDENTITYs using TLS <1.2
┌────────────────────┐
│ USER AGENT API │
└────────────────────┘
x-amz-user-agent [C] #Optional. Set by multiple SDKs
#Includes multiple info for analytics:
# - SDK, e.g. 'aws-sdk-js X.Y.Z'
# - runtime, e.g. 'md/nodejs X.Y.Z'
# - OS, e.g. 'os/linux X.Y.Z-A-generic'
# - APPLICATION_ID (see AWS identifiers doc)
# - opt-in features (as letters), e.g. S3 express, ACCOUNT-based endpoint, etc.
┌────────────────────┐
│ USER AGENT SDK │
└────────────────────┘
COPTS.customUserAgent #STR|USER_AGENTS. x-amz-user-agent [C]
USER_AGENTS #['NAME'[, VERSION]]_ARR
┌────────────────────┐
│ USER AGENT CLI │
└────────────────────┘
--debug #Prints user agent
┌────────────────────────┐
│ USER AGENT LOGGING │
└────────────────────────┘
LOG_EVENT.userAgent #STR of User-Agent [C]. With CloudTrail
#Can also be:
# - 'signin.amazonaws.com': UI console, as USER
# - 'console.amazonaws.com': UI console, as root
# - 'lambda.amazonaws.com': inside a Lambda FUNCTION
# - 'AWS Internal/INTERNAL_ID'
┌────────────┐
│ QUOTAS │
└────────────┘
QUOTAS ==> #Also named "limits"
#"Flexible": when can increase through support request
#Usually per REGION
┌────────────────┐
│ THROTTLING │
└────────────────┘
THROTTLING ==> #Throttling quota is ACTION-specific, sometimes also REGION-specific
#Error 'CODE' is also ACTION-specific
┌────────────────────┐
│ THROTTLING SDK │
└────────────────────┘
AWS_ERROR.$retryable.throttling #BOOL. Was throttled
┌────────────────────────┐
│ THROTTLING LOGGING │
└────────────────────────┘
MANAGED_TRAIL_DASHBOARD
Highlights #Includes QUERY: throttled requests with management EVENTs
MANAGED_TRAIL_DASHBOARD
Overview|Error_Analysis_Dashboard#Includes QUERY: top throttled ACTIONs
MANAGED_TRAIL_DASHBOARD
DataEvents_Overview_Dashboard #Includes QUERY: top throttled ACTIONs with data EVENTs