⬡ Hub
Skip to content

AWS & General System Design Deep Dive

1. Core System Design Concepts

Fundamental Layers

  • Client-Server Architecture: The client-server model is a distributed application structure that partitions tasks or workloads between the providers of a resource or service, called servers, and service requesters, called clients.

    • Clients: Devices or applications that request services or resources from a server. Examples include web browsers, mobile apps, and desktop applications.
    • Servers: Powerful computers or applications that provide services or resources to clients. Examples include web servers, database servers, and email servers.
    • Communication: Clients and servers communicate over a network using a request-response protocol, such as HTTP/HTTPS.

  • IP Addressing & DNS:

    • IP Address: A unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.
    • DNS (Domain Name System): A hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It translates human-readable domain names (e.g., www.google.com) to machine-readable IP addresses (e.g., 172.217.168.68).
    • DNS Record Types:
      • A Record: Maps a domain name to an IPv4 address.
      • AAAA Record: Maps a domain name to an IPv6 address.
      • CNAME Record: Maps a domain name to another domain name (canonical name).
      • MX Record: Specifies the mail server responsible for accepting email messages on behalf of a domain name.
      • NS Record: Delegates a DNS zone to use the given authoritative name servers.

Intermediaries

  • Proxy/Reverse Proxy:

    • Proxy: An intermediary server that acts as a gateway between a client and the internet. It can be used to filter requests, log traffic, and cache content.
    • Reverse Proxy: An intermediary server that sits in front of one or more web servers, intercepting requests from clients. It can be used for load balancing, SSL termination, and caching.

  • Load Balancer: A device that distributes network or application traffic across a number of servers. Load balancers are used to increase capacity (concurrent users) and reliability of applications.

    • Algorithms:
      • Round Robin: Each server is used in turn.
      • Least Connections: The server with the fewest active connections is chosen.
      • IP Hash: The IP address of the client is used to determine which server receives the request.

  • Content Delivery Network (CDN): A geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially relative to end-users.

Protocols & APIs

  • HTTP/HTTPS:

    • HTTP (Hypertext Transfer Protocol): An application protocol for distributed, collaborative, and hypermedia information systems.
    • HTTPS (HTTP Secure): An extension of HTTP for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, its predecessor, Secure Sockets Layer (SSL).

  • API Patterns:

    • REST (Representational State Transfer): A software architectural style that defines a set of constraints to be used for creating web services. RESTful web services allow the requesting systems to access and manipulate textual representations of web resources by using a uniform and predefined set of stateless operations.
    • GraphQL: A query language for APIs and a runtime for fulfilling those queries with your existing data. GraphQL provides a complete and understandable description of the data in your API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables powerful developer tools.
    • API Gateway: An API management tool that sits between a client and a collection of backend services. An API gateway acts as a reverse proxy to accept all application programming interface (API) calls, aggregate the various services required to fulfill them, and return the appropriate result.

Data Systems

  • Databases:

    • SQL (Structured Query Language): A standard language for storing, manipulating and retrieving data in relational databases.
      • ACID Properties: Atomicity, Consistency, Isolation, Durability.
    • NoSQL (Not only SQL): A database that provides a mechanism for storage and retrieval of data that is modeled in means other than the tabular relations used in relational databases.
      • Types: Document databases, key-value stores, wide-column stores, and graph databases.

  • Scaling Patterns:

    • Vertical Scaling (Scale Up): Increasing the resources of a single server, such as CPU, RAM, or storage.
    • Horizontal Scaling (Scale Out): Adding more servers to a pool of resources.

  • Indexing & Caching:

    • Indexing: A data structure technique to efficiently retrieve records from a database file based on some attributes on which the indexing has been done.
    • Caching: The process of storing copies of files in a cache, or temporary storage location, so that they can be accessed more quickly.

  • Replication & Sharding:

    • Replication: The process of sharing information to ensure consistency between redundant resources, such as software or hardware components, to improve reliability, fault-tolerance, or accessibility.
    • Sharding: A type of database partitioning that separates very large databases into smaller, faster, more easily managed parts called data shards.

  • Partitioning: The process of dividing a large database into smaller, more manageable parts.

    • Horizontal Partitioning: Putting different rows into different tables.
    • Vertical Partitioning: Dividing a table into multiple tables that contain fewer columns.

  • Data Denormalization: The process of trying to improve the read performance of a database, at the expense of losing some write performance, by adding redundant copies of data or by grouping data.

Distributed Systems

  • CAP Theorem: A theorem for distributed systems that states it is impossible for a distributed data store to simultaneously provide more than two out of the following three guarantees:

    • Consistency: Every read receives the most recent write or an error.
    • Availability: Every request receives a (non-error) response, without the guarantee that it contains the most recent write.
    • Partition Tolerance: The system continues to operate despite an arbitrary number of messages being dropped (or delayed) by the network between nodes.

  • Blob/Object Storage: A data storage architecture that manages data as objects, as opposed to other storage architectures like file systems which manage data as a file hierarchy and block storage which manages data as blocks within sectors and tracks.

  • Real-Time Communication:

    • WebSockets: A computer communications protocol, providing full-duplex communication channels over a single TCP connection.
    • WebRTC (Web Real-Time Communication): A free and open-source project providing web browsers and mobile applications with real-time communication (RTC) via simple application programming interfaces (APIs).

Microservices & Modern Patterns

  • Microservices: A software development technique—a variant of the service-oriented architecture (SOA) architectural style that structures an application as a collection of loosely coupled services.
  • Async Messaging: A communication method between services where the sender and receiver do not have to be available at the same time.
    • Message Queues: A component of messaging middleware solutions that enables asynchronous communication between different parts of a distributed system.
    • Event Streaming: The practice of capturing data in real-time from event sources like databases, sensors, mobile devices, cloud services, and software applications in the form of streams of events.
  • Idempotency: An operation is idempotent if it produces the same result whether it is executed once or multiple times.

Security Best Practices

  • Encryption:
    • In Transit: Encrypting data that is moving between a client and a server.
    • At Rest: Encrypting data that is stored on a disk or in a database.
  • Authentication/Authorization:
    • Authentication: The process of verifying the identity of a user.
    • Authorization: The process of verifying that a user has the necessary permissions to access a resource.
    • RBAC (Role-Based Access Control): A method of restricting network access based on the roles of individual users within an enterprise.
    • IAM (Identity and Access Management): A framework of policies and technologies for ensuring that the right users have the appropriate access to technology resources.

2. System Design on AWS (Deep Dive)

Monolith vs. Microservices

  • Monolith:
    • Architecture: All logic (UI, business, data) in one deployable unit.
    • Pros: Simplicity for small projects, easier to debug and test in early stages.
    • Cons: Hard to scale, long release cycles, all-or-nothing deployments, technology stack is locked in.
  • Microservices:
    • Architecture: Each service is a small, independent application that can be deployed and scaled individually.
    • Pros: Services can be developed, deployed, and scaled independently. Supports using different programming languages per microservice (polyglot). Allows for better fault isolation.
    • Cons: More complex to manage, requires a mature DevOps culture, potential for increased network latency.

AWS Implementation Patterns

  • Compute Layer Choices:

    • EC2 (Elastic Compute Cloud): Virtual servers in the cloud. Provides maximum control and flexibility.
    • Lambda: A serverless compute service that lets you run code without provisioning or managing servers.
    • Containers: A standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.
      • ECS (Elastic Container Service): A fully managed container orchestration service from AWS.
      • EKS (Elastic Kubernetes Service): A managed Kubernetes service from AWS.

  • LoadBalancers:

    • ALB (Application Load Balancer): Best for load balancing of HTTP and HTTPS traffic. Provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers.
    • NLB (Network Load Balancer): Best for load balancing of TCP traffic where extreme performance is required. It is capable of handling millions of requests per second while maintaining ultra-low latencies.

  • DNS (Route 53): A highly available and scalable cloud Domain Name System (DNS) web service.

  • Scaling Tactics:

    • Vertical Scaling: Increasing the size of the instance.
    • Horizontal Scaling: Increasing the number of instances.
    • Auto Scaling: Automatically adjusting the number of instances in response to traffic changes.
    • Pre-Warming: Proactively increasing capacity before a predicted traffic spike.

  • DB Scaling:

    • RDS Proxy: A fully managed, highly available database proxy for Amazon RDS that makes applications more scalable, resilient to database failures, and secure.
    • Aurora Serverless: An on-demand, auto-scaling configuration for Amazon Aurora.

Special Topics

  • Three Tier Architecture:

    • Presentation Tier: The user interface and communication layer of the application.
    • Application Tier: The business logic and processing layer of the application.
    • Data Tier: The data storage and management layer of the application.

  • Serverless Computing: A cloud computing execution model in which the cloud provider runs the server, and dynamically manages the allocation of machine resources.

    • Benefits: No server management, flexible scaling, high availability, no idle capacity.
    • Use Cases: Web applications, backends, data processing, chatbots.

  • Security Considerations:

    • Network Security: Use private subnets, NACLs, Security Groups, and AWS WAF.
    • Identity and Access Management: Use IAM and Cognito for authentication and authorization.
    • Data Protection: Use encryption at rest and in transit.

3. Video Streaming System Design (Netflix/OTT/Prime/Hotstar etc.)

Functional Requirements:

  • User registration/authentication
  • Plan subscription/purchase
  • Video searching
  • Multi-resolution video playback
  • Recommendations

Non-Functional Requirements:

  • High availability
  • Low latency
  • Scalability
  • Durability
  • Security

Detailed High-Level Design:

  • API Gateway + Load Balancer: The entry point for all requests.
  • User/Subscription/Payment Services: Microservices that handle user management, subscriptions, and payments.
  • Search Service: A dedicated service for searching video titles and metadata.
  • Uploader & Video Storage: A service for uploading and storing video files.
  • Video Processing Pipeline: A pipeline of services that transcode videos into different formats and resolutions.
  • Adaptive Bitrate Streaming: A technique for streaming video that adjusts the quality of the video based on the user's network conditions.
  • CDN Integration: A CDN is used to cache video segments and deliver them to users with low latency.
  • Caching: A caching layer is used to store frequently accessed data, such as video metadata and user session information.

Digital Rights Management (DRM)

  • DRM: A set of access control technologies for restricting the use of proprietary hardware and copyrighted works.
  • How it works: DRM technologies encrypt the video content and require a license to decrypt and play it.
  • AWS Elemental MediaConvert: A file-based video transcoding service with broadcast-grade features. It allows you to create video-on-demand (VOD) content for broadcast and multiscreen delivery at scale.
  • Compute: EC2, Lambda, ECS, EKS, Fargate
  • Storage: S3, EBS, EFS, FSx
  • Database: Aurora, DynamoDB, RDS, ElastiCache, Neptune
  • Networking: VPC, CloudFront, Route 53, ELB
  • Analytics: Kinesis, Redshift, Glue, Athena
  • Machine Learning: SageMaker, Rekognition, Polly, Translate
  • Security: IAM, KMS, WAF, Shield
  • Monitoring: CloudWatch, CloudTrail, X-Ray

5. Design Patterns and Best Practices

  • Decomposition Patterns: How to break down a monolithic application into microservices.
    • Decompose by business capability: Break down the application into services that represent business capabilities.
    • Decompose by subdomain: Break down the application into services that represent subdomains of the business domain.
  • Integration Patterns: How to integrate microservices with each other.
    • API Gateway: Use an API gateway to provide a single entry point for all clients.
    • Messaging: Use messaging to communicate between services asynchronously.
    • Event Sourcing: Persist the state of a business entity such as an Order or a Customer as a sequence of state-changing events.
  • Database Patterns: How to manage data in a microservices architecture.
    • Database per service: Each service has its own private database.
    • Shared database: Multiple services share the same database.
  • Observability Patterns: How to monitor a microservices architecture.
    • Log aggregation: Aggregate logs from all services into a central location.
    • Distributed tracing: Trace requests as they flow through the system.
    • Health check API: Expose an endpoint that returns the health of the service.
  • Cross-Cutting Concerns: How to handle cross-cutting concerns such as security, configuration, and service discovery.
    • Service mesh: A dedicated infrastructure layer for handling service-to-service communication.
    • Externalized configuration: Store configuration in an external store, such as a Git repository or a configuration server.