# AWS成本分析
$ aws ce get-cost-and-usage \
–time-period Start=2026-03-01,End=2026-03-31 \
–granularity MONTHLY \
–metrics “BlendedCost” “UnblendedCost” “UsageQuantity” \
–group-by Type=DIMENSION,Key=SERVICE

# Azure成本分析
$ az cost management export create \
–name “cost-export” \
–storage-account-id
“/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/my-resource-group/providers/Microsoft.Storage/storageAccounts/mystorageaccount”
\
–container “cost-exports” \
–format “Csv” \
–schedule “Daily” \
–timeframe “MonthToDate”

# GCP成本分析
$ gcloud beta billing accounts budgets create \
–billing-account=0X0X0X-0X0X0X-0X0X0X \
–display-name=my-budget \
–amount=1000 \
–currency=USD \
–time-unit=month

# 成本分析工具
– AWS Cost Explorer
– Azure Cost Management
– GCP Cost Management
– CloudHealth
– Densify
– Turbonomic

# 预留实例/承诺使用折扣
# AWS预留实例
$ aws ec2 purchase-reserved-instances-offering \
–instance-type t3.medium \
–instance-count 1 \
–offering-type Standard \
–term 1 \
–product-description Linux/UNIX

# Azure预留虚拟机
$ az reservations create \
–name my-reservation \
–resource-group my-resource-group \
–location eastus \
–sku Standard_DS1_v2 \
–term 1 \
–count 1 \
–billing-scope /subscriptions/12345678-1234-1234-1234-123456789012

# GCP承诺使用折扣
$ gcloud compute commitments create \
–name my-commitment \
–resource-type VCPU \
–plan 1Y \
–level 10 \
–region us-central1

# 按需实例与竞价实例
# AWS竞价实例
$ aws ec2 run-instances \
–image-id ami-0c55b159cbfafe1f0 \
–instance-type t3.medium \
–key-name my-key \
–security-groups my-security-group \
–instance-market-options ‘{“MarketType”: “spot”, “SpotOptions”: {“MaxPrice”: “0.01”, “SpotInstanceType”:
“one-time”, “InstanceInterruptionBehavior”: “terminate”}}’

# Azure低优先级虚拟机
$ az vm create \
–name my-spot-vm \
–resource-group my-resource-group \
–image UbuntuLTS \
–instance-type Standard_DS1_v2 \
–priority Spot \
–max-price -1 \
–eviction-policy Delete

# GCP抢占式虚拟机
$ gcloud compute instances create my-preemptible-vm \
–machine-type e2-medium \
–preemptible \
–image-family ubuntu-2004-lts \
–image-project ubuntu-os-cloud \
–zone us-central1-a

# 资源标签管理
# AWS标签
$ aws ec2 create-tags \
–resources i-0123456789abcdef0 \
–tags Key=Environment,Value=Production Key=Project,Value=MyProject Key=CostCenter,Value=IT

# Azure标签
$ az resource tag –tags Environment=Production Project=MyProject CostCenter=IT \
–ids
/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/my-resource-group/providers/Microsoft.Compute/virtualMachines/my-vm

# GCP标签
$ gcloud compute instances add-labels my-vm \
–labels Environment=Production,Project=MyProject,CostCenter=IT \
–zone us-central1-a

# 成本告警
# AWS预算
$ aws budgets create-budget \
–account-id 123456789012 \
–budget ‘{“BudgetName”: “MyBudget”, “BudgetLimit”: {“Amount”: 1000, “Unit”: “USD”}, “TimeUnit”: “MONTHLY”,
“BudgetType”: “COST”}’ \
–notifications-with-subscribers ‘[{“Notification”: {“NotificationType”: “ACTUAL”, “ComparisonOperator”:
“GREATER_THAN”, “Threshold”: 80, “ThresholdType”: “PERCENTAGE”}, “Subscribers”: [{“SubscriptionType”: “EMAIL”,
“Address”: “user@fgedu.net.cn”}]}]’

# Azure成本告警
$ az monitor alert create \
–name cost-alert \
–resource-group my-resource-group \
–scopes /subscriptions/12345678-1234-1234-1234-123456789012 \
–condition “avg aggregation cost > 800” \
–description “Cost alert when monthly cost exceeds $800”

# GCP预算告警
$ gcloud beta billing accounts budgets update 0X0X0X-0X0X0X-0X0X0X \
–budget-id BUDGET_ID \
–alert-spent-percents 80 90 95 \
–notification-channels projects/my-project/notificationChannels/CHANNEL_ID

风哥风哥提示：成本优化是云资源优化的重要组成部分，通过合理使用预留实例、竞价实例和成本控制措施，可以显著降低云服务成本。

3. 性能优化

3.1 计算性能优化

# 实例类型选择
# AWS实例类型
$ aws ec2 run-instances \
–image-id ami-0c55b159cbfafe1f0 \
–instance-type c5.xlarge \
–key-name my-key \
–security-groups my-security-group

# Azure虚拟机大小
$ az vm create \
–name my-vm \
–resource-group my-resource-group \
–image UbuntuLTS \
–size Standard_D4s_v3 \
–admin-username azureuser \
–generate-ssh-keys

# GCP机器类型
$ gcloud compute instances create my-vm \
–machine-type n2-standard-4 \
–image-family ubuntu-2004-lts \
–image-project ubuntu-os-cloud \
–zone us-central1-a

# 实例配置优化
# 启用增强型网络
$ aws ec2 modify-instance-attribute \
–instance-id i-0123456789abcdef0 \
–ena-support

# 配置CPU选项
$ aws ec2 run-instances \
–image-id ami-0c55b159cbfafe1f0 \
–instance-type c5.xlarge \
–cpu-options “CoreCount=4,ThreadsPerCore=2” \
–key-name my-key \
–security-groups my-security-group

# 内存优化
$ cat /etc/sysctl.conf
vm.swappiness = 10
vm.dirty_background_ratio = 5
vm.dirty_ratio = 10

$ sysctl -p

# 存储类型选择
# AWS EBS卷类型
$ aws ec2 create-volume \
–availability-zone us-east-1a \
–size 100 \
–volume-type gp3 \
–iops 3000 \
–throughput 125

# Azure存储类型
$ az storage account create \
–name mystorageaccount \
–resource-group my-resource-group \
–location eastus \
–sku Standard_GRS \
–kind StorageV2 \
–access-tier Hot

# GCP存储类型
$ gcloud compute disks create my-disk \
–size 100GB \
–type pd-ssd \
–zone us-central1-a

# 存储优化配置
# 启用EBS优化
$ aws ec2 run-instances \
–image-id ami-0c55b159cbfafe1f0 \
–instance-type t3.medium \
–ebs-optimized \
–key-name my-key \
–security-groups my-security-group

# 配置IO调度器
$ cat /etc/udev/rules.d/60-io-scheduler.rules
ACTION==”add|change”, KERNEL==”sd*”, ATTR{queue/scheduler}=”deadline”

# 测试存储性能
$ fio –name=random-write –ioengine=libaio –rw=randwrite –bs=4k –direct=1 –size=1G –numjobs=1 –runtime=60
–group_reporting

# 输出案例
random-write: (g=0): rw=randwrite, bs=(R) 4096B-4096B, (W) 4096B-4096B, (T) 4096B-4096B, ioengine=libaio,
iodepth=1
fio-3.16
Starting 1 process
Jobs: 1 (f=1): [w(1)][100.0%][w=12.3MiB/s][w=3147 IOPS][eta 00m:00s]
random-write: (groupid=0, jobs=1): err= 0: pid=12345: Thu Apr 3 10:00:00 2026
write: IOPS=3150, BW=12.3MiB/s (12.9MB/s)(741MiB/60001msec)
slat (usec): min=2, max=1234, avg= 4.51, stdev=12.34
clat (usec): min=12, max=2345, avg= 312.45, stdev=156.78
lat (usec): min=14, max=2349, avg= 316.96, stdev=156.89
clat percentiles (usec):
| 1.00th=[ 100], 5.00th=[ 150], 10.00th=[ 180], 20.00th=[ 220],
| 30.00th=[ 250], 40.00th=[ 280], 50.00th=[ 300], 60.00th=[ 330],
| 70.00th=[ 360], 80.00th=[ 400], 90.00th=[ 450], 95.00th=[ 500],
| 99.00th=[ 650], 99.50th=[ 750], 99.90th=[ 1000], 99.95th=[ 1200],
| 99.99th=[ 1800]
bw (KiB/s): min=10240, max=13312, per=99.99%, avg=12595.23, stdev=512.34
iops : min=2560, max=3328, avg=3148.81, stdev=128.09
lat (usec) : 200=18.75%, 500=81.25%
cpu : usr=1.23%, sys=2.34%, ctx=18900, majf=0, minf=0
IO depths : 1=100.0%, 2=0.0%, 4=0.0%, 8=0.0%, 16=0.0%, 32=0.0%, >=64=0.0%
submit : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
complete : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
issued rwts: total=189120,0,0,0 short=0,0,0,0 dropped=0,0,0,0
latency : target=0, window=0, percentile=100.00%, depth=1

Run status group 0 (all jobs):
WRITE: bw=12.3MiB/s (12.9MB/s), 12.3MiB/s-12.3MiB/s (12.9MB/s-12.9MB/s), io=741MiB (777MB), run=60001-60001msec

Disk stats (read/write):
sda: ios=0/189000, merge=0/0, ticks=0/58700, in_queue=58700, util=99.80%

# 网络配置优化
# AWS网络优化
$ aws ec2 modify-instance-attribute \
–instance-id i-0123456789abcdef0 \
–ena-support

# 配置网络接口
$ aws ec2 create-network-interface \
–subnet-id subnet-0123456789abcdef0 \
–description “High performance network interface” \
–groups sg-0123456789abcdef0

# 附加网络接口
$ aws ec2 attach-network-interface \
–network-interface-id eni-0123456789abcdef0 \
–instance-id i-0123456789abcdef0 \
–device-index 1

# Azure网络优化
$ az network nic create \
–name my-nic \
–resource-group my-resource-group \
–subnet my-subnet \
–accelerated-networking true

# GCP网络优化
$ gcloud compute instances create my-vm \
–machine-type n2-standard-4 \
–image-family ubuntu-2004-lts \
–image-project ubuntu-os-cloud \
–zone us-central1-a \
–network-interface subnet=my-subnet,network-tier=PREMIUM

# 测试网络性能
$ iperf3 -s
# 在另一台机器上运行
$ iperf3 -c 192.168.1.100 -t 30

# 输出案例
Connecting to host 192.168.1.100, port 5201
[ 5] local 192.168.1.101 port 54321 connected to 192.168.1.100 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 1.10 GBytes 9.44 Gbits/sec 0 1.08 MBytes
[ 5] 1.00-2.00 sec 1.12 GBytes 9.60 Gbits/sec 0 1.12 MBytes
[ 5] 2.00-3.00 sec 1.11 GBytes 9.53 Gbits/sec 0 1.15 MBytes
[ 5] 3.00-4.00 sec 1.12 GBytes 9.60 Gbits/sec 0 1.18 MBytes
[ 5] 4.00-5.00 sec 1.11 GBytes 9.53 Gbits/sec 0 1.21 MBytes
[ 5] 5.00-6.00 sec 1.12 GBytes 9.60 Gbits/sec 0 1.24 MBytes
[ 5] 6.00-7.00 sec 1.11 GBytes 9.53 Gbits/sec 0 1.27 MBytes
[ 5] 7.00-8.00 sec 1.12 GBytes 9.60 Gbits/sec 0 1.30 MBytes
[ 5] 8.00-9.00 sec 1.11 GBytes 9.53 Gbits/sec 0 1.33 MBytes
[ 5] 9.00-10.00 sec 1.12 GBytes 9.60 Gbits/sec 0 1.36 MBytes
– – – – – – – – – – – – – – – – – – – – – – – – –
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 11.1 GBytes 9.55 Gbits/sec 0 sender
[ 5] 0.00-10.00 sec 11.1 GBytes 9.55 Gbits/sec receiver

iperf Done.

学习交流加群风哥微信: itpux-com

4. 资源利用率优化

4.1 资源监控

# AWS CloudWatch
$ aws cloudwatch get-metric-statistics \
–namespace AWS/EC2 \
–metric-name CPUUtilization \
–dimensions Name=InstanceId,Value=i-0123456789abcdef0 \
–start-time 2026-04-01T00:00:00Z \
–end-time 2026-04-03T00:00:00Z \
–period 3600 \
–statistics Average Maximum Minimum

# Azure Monitor
$ az monitor metrics list \
–resource
/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/my-resource-group/providers/Microsoft.Compute/virtualMachines/my-vm
\
–metric “Percentage CPU” \
–time-grain PT1H \
–start-time 2026-04-01T00:00:00Z \
–end-time 2026-04-03T00:00:00Z

# GCP Monitoring
$ gcloud monitoring metrics list \
–filter=”metric.type=’compute.googleapis.com/instance/cpu/utilization'”

# 安装Prometheus和Grafana
$ helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
$ helm install prometheus prometheus-community/kube-prometheus-stack

# 配置资源监控
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: resource-monitor
namespace: monitoring
spec:
selector:
matchLabels:
app: my-app
endpoints:
– port: metrics

# 应用ServiceMonitor
$ kubectl apply -f service-monitor.yaml

# 资源调整
# AWS实例调整
$ aws ec2 modify-instance-attribute \
–instance-id i-0123456789abcdef0 \
–instance-type t3.large

# Azure虚拟机调整
$ az vm resize \
–resource-group my-resource-group \
–name my-vm \
–size Standard_D4s_v3

# GCP机器类型调整
$ gcloud compute instances set-machine-type my-vm \
–machine-type n2-standard-4 \
–zone us-central1-a

# 资源自动调整
# AWS Auto Scaling
$ aws autoscaling create-auto-scaling-group \
–auto-scaling-group-name my-asg \
–launch-configuration-name my-launch-config \
–min-size 1 \
–max-size 10 \
–desired-capacity 2 \
–vpc-zone-identifier subnet-0123456789abcdef0,subnet-0123456789abcdef1

# 创建扩展策略
$ aws autoscaling put-scaling-policy \
–auto-scaling-group-name my-asg \
–policy-name cpu-scaling-policy \
–policy-type TargetTrackingScaling \
–target-tracking-configuration ‘{“PredefinedMetricSpecification”: {“PredefinedMetricType”:
“ASGAverageCPUUtilization”}, “TargetValue”: 70}’

# Azure自动缩放
$ az monitor autoscale create \
–resource-group my-resource-group \
–name my-autoscale \
–resource
/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/my-resource-group/providers/Microsoft.Compute/virtualMachineScaleSets/my-vmss
\
–min-count 1 \
–max-count 10 \
–count 2

# 添加缩放规则
$ az monitor autoscale rule create \
–resource-group my-resource-group \
–autoscale-name my-autoscale \
–condition “Percentage CPU > 70 avg 5m” \
–scale out 1

# GCP自动缩放
$ gcloud compute instance-groups managed set-autoscaling my-mig \
–zone us-central1-a \
–min-num-replicas 1 \
–max-num-replicas 10 \
–target-cpu-utilization 0.7

# 容器化
# 安装Docker
$ apt-get update && apt-get install -y docker.io

# 构建容器镜像
$ docker build -t myapp:latest .

# 运行容器
$ docker run -d -p 8080:8080 myapp:latest

# 安装Kubernetes
$ kubeadm init –pod-network-cidr=192.168.0.0/16

# 部署应用
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 3
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
– name: my-app
image: myapp:latest
resources:
limits:
memory: “512Mi”
cpu: “500m”
requests:
memory: “256Mi”
cpu: “200m”
ports:
– containerPort: 8080

# 应用部署
$ kubectl apply -f deployment.yaml

# 配置资源配额
apiVersion: v1
kind: ResourceQuota
metadata:
name: my-quota
namespace: default
spec:
hard:
requests.cpu: “4”
requests.memory: “8Gi”
limits.cpu: “8”
limits.memory: “16Gi”

# 应用资源配额
$ kubectl apply -f resource-quota.yaml

学习交流加群风哥QQ113257174

5. 弹性伸缩优化

5.1 自动伸缩配置

# AWS Auto Scaling
# 创建启动配置
$ aws autoscaling create-launch-configuration \
–launch-configuration-name my-launch-config \
–image-id ami-0c55b159cbfafe1f0 \
–instance-type t3.medium \
–key-name my-key \
–security-groups sg-0123456789abcdef0

# 创建Auto Scaling组
$ aws autoscaling create-auto-scaling-group \
–auto-scaling-group-name my-asg \
–launch-configuration-name my-launch-config \
–min-size 1 \
–max-size 10 \
–desired-capacity 2 \
–vpc-zone-identifier subnet-0123456789abcdef0,subnet-0123456789abcdef1

# 配置扩展策略
$ aws autoscaling put-scaling-policy \
–auto-scaling-group-name my-asg \
–policy-name cpu-scaling-policy \
–policy-type TargetTrackingScaling \
–target-tracking-configuration ‘{“PredefinedMetricSpecification”: {“PredefinedMetricType”:
“ASGAverageCPUUtilization”}, “TargetValue”: 70}’

# 配置缩容策略
$ aws autoscaling put-scaling-policy \
–auto-scaling-group-name my-asg \
–policy-name cpu-scaling-policy-down \
–policy-type TargetTrackingScaling \
–target-tracking-configuration ‘{“PredefinedMetricSpecification”: {“PredefinedMetricType”:
“ASGAverageCPUUtilization”}, “TargetValue”: 30}’

# 查看Auto Scaling组
$ aws autoscaling describe-auto-scaling-groups –auto-scaling-group-names my-asg

# Azure虚拟机规模集
# 创建虚拟机规模集
$ az vmss create \
–name my-vmss \
–resource-group my-resource-group \
–image UbuntuLTS \
–instance-count 2 \
–admin-username azureuser \
–generate-ssh-keys \
–vm-sku Standard_DS2_v2

# 配置自动缩放
$ az monitor autoscale create \
–resource-group my-resource-group \
–name my-autoscale \
–resource
/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/my-resource-group/providers/Microsoft.Compute/virtualMachineScaleSets/my-vmss
\
–min-count 1 \
–max-count 10 \
–count 2

# 添加缩放规则
$ az monitor autoscale rule create \
–resource-group my-resource-group \
–autoscale-name my-autoscale \
–condition “Percentage CPU > 70 avg 5m” \
–scale out 1

$ az monitor autoscale rule create \
–resource-group my-resource-group \
–autoscale-name my-autoscale \
–condition “Percentage CPU < 30 avg 5m" \ --scale in 1 # GCP托管实例组 # 创建实例模板 $ gcloud compute instance-templates create my-instance-template \ --machine-type e2-medium \ --image-family ubuntu-2004-lts \ --image-project ubuntu-os-cloud \ --scopes https://www.googleapis.com/auth/cloud-platform # 创建托管实例组 $ gcloud compute instance-groups managed create my-mig \ --base-instance-name my-instance \ --size 2 \ --template my-instance-template \ --zone us-central1-a # 配置自动缩放 $ gcloud compute instance-groups managed set-autoscaling my-mig \ --zone us-central1-a \ --min-num-replicas 1 \ --max-num-replicas 10 \ --target-cpu-utilization 0.7 \ --cool-down-period 60

# 基于CPU的自动缩放
# AWS
$ aws autoscaling put-scaling-policy \
–auto-scaling-group-name my-asg \
–policy-name cpu-scaling-policy \
–policy-type TargetTrackingScaling \
–target-tracking-configuration ‘{“PredefinedMetricSpecification”: {“PredefinedMetricType”:
“ASGAverageCPUUtilization”}, “TargetValue”: 70}’

# Azure
$ az monitor autoscale rule create \
–resource-group my-resource-group \
–autoscale-name my-autoscale \
–condition “Percentage CPU > 70 avg 5m” \
–scale out 1

# GCP
$ gcloud compute instance-groups managed set-autoscaling my-mig \
–zone us-central1-a \
–target-cpu-utilization 0.7

# 基于内存的自动缩放
# AWS
$ aws cloudwatch put-metric-alarm \
–alarm-name Memory-Utilization \
–alarm-description “Memory utilization alarm” \
–metric-name MemoryUtilization \
–namespace System/Linux \
–statistic Average \
–period 300 \
–threshold 70 \
–comparison-operator GreaterThanThreshold \
–dimensions Name=InstanceId,Value=i-0123456789abcdef0 \
–evaluation-periods 2 \
–alarm-actions
arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:abcd1234-5678-90ab-cdef-1234567890ab:autoScalingGroupName/my-asg:policyName/cpu-scaling-policy

# 基于自定义指标的自动缩放
# AWS
$ aws cloudwatch put-metric-data \
–namespace MyApp \
–metric-name RequestCount \
–dimensions InstanceId=i-0123456789abcdef0 \
–value 1000 \
–unit Count

$ aws autoscaling put-scaling-policy \
–auto-scaling-group-name my-asg \
–policy-name request-scaling-policy \
–policy-type TargetTrackingScaling \
–target-tracking-configuration ‘{“CustomizedMetricSpecification”: {“MetricName”: “RequestCount”, “Namespace”:
“MyApp”, “Dimensions”: [{“Name”: “AutoScalingGroupName”, “Value”: “my-asg”}], “Statistic”: “Sum”, “Unit”:
“Count”}, “TargetValue”: 5000}’

# 基于计划的自动缩放
# AWS
$ aws autoscaling put-scheduled-update-group-action \
–auto-scaling-group-name my-asg \
–scheduled-action-name scale-up-morning \
–min-size 5 \
–max-size 10 \
–desired-capacity 5 \
–recurrence “0 8 * * 1-5”

$ aws autoscaling put-scheduled-update-group-action \
–auto-scaling-group-name my-asg \
–scheduled-action-name scale-down-evening \
–min-size 1 \
–max-size 10 \
–desired-capacity 1 \
–recurrence “0 18 * * 1-5”

# Azure
$ az monitor autoscale profile create \
–resource-group my-resource-group \
–autoscale-name my-autoscale \
–profile-name workday \
–min-count 5 \
–max-count 10 \
–count 5 \
–recurrence week Mon,Tue,Wed,Thu,Fri 08:00:00

$ az monitor autoscale profile create \
–resource-group my-resource-group \
–autoscale-name my-autoscale \
–profile-name weekend \
–min-count 1 \
–max-count 5 \
–count 1 \
–recurrence week Sat,Sun 00:00:00

# GCP
$ gcloud compute instance-groups managed update my-mig \
–zone us-central1-a \
–autoscaling-policy “{
‘min_num_replicas’: 1,
‘max_num_replicas’: 10,
‘cool_down_period_sec’: 60,
‘scaling_schedules’: {
‘workday’: {
‘start_time’: ‘0 8 * * 1-5’,
‘end_time’: ‘0 18 * * 1-5’,
‘min_required_replicas’: 5,
‘max_required_replicas’: 10
},
‘weekend’: {
‘start_time’: ‘0 0 * * 6-0’,
‘end_time’: ‘0 23 * * 6-0’,
‘min_required_replicas’: 1,
‘max_required_replicas’: 5
}
}
}”

# AWS存储类型
# S3存储类
$ aws s3 cp file.txt s3://my-bucket/ –storage-class STANDARD
$ aws s3 cp file.txt s3://my-bucket/ –storage-class STANDARD_IA
$ aws s3 cp file.txt s3://my-bucket/ –storage-class GLACIER

# EBS卷类型
$ aws ec2 create-volume \
–availability-zone us-east-1a \
–size 100 \
–volume-type gp3 \
–iops 3000 \
–throughput 125

$ aws ec2 create-volume \
–availability-zone us-east-1a \
–size 1000 \
–volume-type st1

$ aws ec2 create-volume \
–availability-zone us-east-1a \
–size 1000 \
–volume-type sc1

# Azure存储类型
# Blob存储
$ az storage blob upload \
–account-name mystorageaccount \
–container-name mycontainer \
–name file.txt \
–file file.txt \
–type BlockBlob

# 存储账户类型
$ az storage account create \
–name mystorageaccount \
–resource-group my-resource-group \
–location eastus \
–sku Standard_GRS \
–kind StorageV2 \
–access-tier Hot

# GCP存储类型
# Cloud Storage
$ gsutil cp file.txt gs://my-bucket/

# 设置存储类
$ gsutil lifecycle set lifecycle.json gs://my-bucket/

$ cat lifecycle.json
{
“rule”: [
{
“action”: {
“type”: “SetStorageClass”,
“storageClass”: “COLDLINE”
},
“condition”: {
“age”: 30
}
},
{
“action”: {
“type”: “SetStorageClass”,
“storageClass”: “ARCHIVE”
},
“condition”: {
“age”: 90
}
}
]
}

# 持久磁盘
$ gcloud compute disks create my-disk \
–size 100GB \
–type pd-ssd \
–zone us-central1-a

$ gcloud compute disks create my-disk \
–size 1000GB \
–type pd-standard \
–zone us-central1-a

# 数据生命周期管理
# AWS S3生命周期配置
$ cat lifecycle.json
{
“Rules”: [
{
“ID”: “Transition to IA”,
“Status”: “Enabled”,
“Filter”: {
“Prefix”: “logs/”
},
“Transition”: {
“Days”: 30,
“StorageClass”: “STANDARD_IA”
}
},
{
“ID”: “Transition to Glacier”,
“Status”: “Enabled”,
“Filter”: {
“Prefix”: “logs/”
},
“Transition”: {
“Days”: 90,
“StorageClass”: “GLACIER”
}
},
{
“ID”: “Expire objects”,
“Status”: “Enabled”,
“Filter”: {
“Prefix”: “logs/”
},
“Expiration”: {
“Days”: 365
}
}
]
}

$ aws s3api put-bucket-lifecycle-configuration \
–bucket my-bucket \
–lifecycle-configuration file://lifecycle.json

# Azure Blob存储生命周期
$ cat lifecycle.json
{
“rules”: [
{
“name”: “Transition to cool storage”,
“enabled”: true,
“type”: “Lifecycle”,
“definition”: {
“actions”: {
“baseBlob”: {
“tierToCool”: {
“daysAfterModificationGreaterThan”: 30
},
“tierToArchive”: {
“daysAfterModificationGreaterThan”: 90
},
“delete”: {
“daysAfterModificationGreaterThan”: 365
}
}
},
“filters”: {
“prefixMatch”: [“logs/”]
}
}
}
]
}

$ az storage account management-policy create \
–account-name mystorageaccount \
–resource-group my-resource-group \
–policy file://lifecycle.json

# GCP Cloud Storage生命周期
$ cat lifecycle.json
{
“rule”: [
{
“action”: {
“type”: “SetStorageClass”,
“storageClass”: “COLDLINE”
},
“condition”: {
“age”: 30,
“matchesPrefix”: [“logs/”]
}
},
{
“action”: {
“type”: “SetStorageClass”,
“storageClass”: “ARCHIVE”
},
“condition”: {
“age”: 90,
“matchesPrefix”: [“logs/”]
}
},
{
“action”: {
“type”: “Delete”
},
“condition”: {
“age”: 365,
“matchesPrefix”: [“logs/”]
}
}
]
}

$ gsutil lifecycle set lifecycle.json gs://my-bucket/

# 存储性能优化
# AWS EBS优化
$ aws ec2 run-instances \
–image-id ami-0c55b159cbfafe1f0 \
–instance-type t3.medium \
–ebs-optimized \
–key-name my-key \
–security-groups my-security-group

# 配置EBS卷
$ aws ec2 modify-volume \
–volume-id vol-0123456789abcdef0 \
–iops 3000 \
–throughput 125

# Azure存储优化
$ az storage account update \
–name mystorageaccount \
–resource-group my-resource-group \
–enable-large-file-share true

# 配置Azure磁盘
$ az disk update \
–name my-disk \
–resource-group my-resource-group \
–disk-iops-read-write 5000 \
–disk-mbps-read-write 125

# GCP存储优化
$ gcloud compute disks create my-disk \
–size 100GB \
–type pd-ssd \
–zone us-central1-a \
–provisioned-iops 3000

# 测试存储性能
$ fio –name=random-write –ioengine=libaio –rw=randwrite –bs=4k –direct=1 –size=1G –numjobs=1
–runtime=60 –group_reporting

# 输出案例
random-write: (g=0): rw=randwrite, bs=(R) 4096B-4096B, (W) 4096B-4096B, (T) 4096B-4096B, ioengine=libaio,
iodepth=1
fio-3.16
Starting 1 process
Jobs: 1 (f=1): [w(1)][100.0%][w=12.3MiB/s][w=3147 IOPS][eta 00m:00s]
random-write: (groupid=0, jobs=1): err= 0: pid=12345: Thu Apr 3 10:00:00 2026
write: IOPS=3150, BW=12.3MiB/s (12.9MB/s)(741MiB/60001msec)
slat (usec): min=2, max=1234, avg= 4.51, stdev=12.34
clat (usec): min=12, max=2345, avg= 312.45, stdev=156.78
lat (usec): min=14, max=2349, avg= 316.96, stdev=156.89
clat percentiles (usec):
| 1.00th=[ 100], 5.00th=[ 150], 10.00th=[ 180], 20.00th=[ 220],
| 30.00th=[ 250], 40.00th=[ 280], 50.00th=[ 300], 60.00th=[ 330],
| 70.00th=[ 360], 80.00th=[ 400], 90.00th=[ 450], 95.00th=[ 500],
| 99.00th=[ 650], 99.50th=[ 750], 99.90th=[ 1000], 99.95th=[ 1200],
| 99.99th=[ 1800]
bw (KiB/s): min=10240, max=13312, per=99.99%, avg=12595.23, stdev=512.34
iops : min=2560, max=3328, avg=3148.81, stdev=128.09
lat (usec) : 200=18.75%, 500=81.25%
cpu : usr=1.23%, sys=2.34%, ctx=18900, majf=0, minf=0
IO depths : 1=100.0%, 2=0.0%, 4=0.0%, 8=0.0%, 16=0.0%, 32=0.0%, >=64=0.0%
submit : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
complete : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
issued rwts: total=189120,0,0,0 short=0,0,0,0 dropped=0,0,0,0
latency : target=0, window=0, percentile=100.00%, depth=1

Run status group 0 (all jobs):
WRITE: bw=12.3MiB/s (12.9MB/s), 12.3MiB/s-12.3MiB/s (12.9MB/s-12.9MB/s), io=741MiB (777MB),
run=60001-60001msec

Disk stats (read/write):
sda: ios=0/189000, merge=0/0, ticks=0/58700, in_queue=58700, util=99.80%

author:www.itpux.com

7. 网络优化

7.1 网络配置优化

# AWS网络优化
# 启用增强型网络
$ aws ec2 modify-instance-attribute \
–instance-id i-0123456789abcdef0 \
–ena-support

# 配置弹性IP
$ aws ec2 allocate-address \
–domain vpc

$ aws ec2 associate-address \
–instance-id i-0123456789abcdef0 \
–public-ip 203.0.113.1

# 配置VPC
$ aws ec2 create-vpc \
–cidr-block 10.0.0.0/16

$ aws ec2 create-subnet \
–vpc-id vpc-0123456789abcdef0 \
–cidr-block 10.0.1.0/24 \
–availability-zone us-east-1a

$ aws ec2 create-internet-gateway

$ aws ec2 attach-internet-gateway \
–internet-gateway-id igw-0123456789abcdef0 \
–vpc-id vpc-0123456789abcdef0

$ aws ec2 create-route-table \
–vpc-id vpc-0123456789abcdef0

$ aws ec2 create-route \
–route-table-id rtb-0123456789abcdef0 \
–destination-cidr-block 0.0.0.0/0 \
–gateway-id igw-0123456789abcdef0

$ aws ec2 associate-route-table \
–subnet-id subnet-0123456789abcdef0 \
–route-table-id rtb-0123456789abcdef0

# Azure网络优化
# 创建虚拟网络
$ az network vnet create \
–name my-vnet \
–resource-group my-resource-group \
–address-prefixes 10.0.0.0/16 \
–subnet-name my-subnet \
–subnet-prefixes 10.0.1.0/24

# 创建公共IP
$ az network public-ip create \
–name my-public-ip \
–resource-group my-resource-group \
–allocation-method Static

# 创建网络安全组
$ az network nsg create \
–name my-nsg \
–resource-group my-resource-group

# 创建入站规则
$ az network nsg rule create \
–name allow-ssh \
–nsg-name my-nsg \
–resource-group my-resource-group \
–priority 100 \
–source-address-prefixes ‘*’ \
–destination-port-ranges 22 \
–access Allow \
–protocol Tcp

# 关联网络安全组
$ az network vnet subnet update \
–name my-subnet \
–vnet-name my-vnet \
–resource-group my-resource-group \
–network-security-group my-nsg

# GCP网络优化
# 创建VPC网络
$ gcloud compute networks create my-vpc \
–subnet-mode custom

# 创建子网
$ gcloud compute networks subnets create my-subnet \
–network my-vpc \
–region us-central1 \
–range 10.0.1.0/24

# 创建防火墙规则
$ gcloud compute firewall-rules create allow-ssh \
–network my-vpc \
–allow tcp:22 \
–source-ranges 0.0.0.0/0

# 创建外部IP
$ gcloud compute addresses create my-external-ip \
–region us-central1

# 网络性能测试
# 测试网络延迟
$ ping -c 10 192.168.1.100

# 输出案例
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.234 ms
64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=0.212 ms
64 bytes from 192.168.1.100: icmp_seq=3 ttl=64 time=0.208 ms
64 bytes from 192.168.1.100: icmp_seq=4 ttl=64 time=0.215 ms
64 bytes from 192.168.1.100: icmp_seq=5 ttl=64 time=0.209 ms
64 bytes from 192.168.1.100: icmp_seq=6 ttl=64 time=0.211 ms
64 bytes from 192.168.1.100: icmp_seq=7 ttl=64 time=0.213 ms
64 bytes from 192.168.1.100: icmp_seq=8 ttl=64 time=0.207 ms
64 bytes from 192.168.1.100: icmp_seq=9 ttl=64 time=0.214 ms
64 bytes from 192.168.1.100: icmp_seq=10 ttl=64 time=0.210 ms

— 192.168.1.100 ping statistics —
10 packets transmitted, 10 received, 0% packet loss, time 9ms
rtt min/avg/max/mdev = 0.207/0.212/0.234/0.008 ms

# 测试网络带宽
$ iperf3 -s
# 在另一台机器上运行
$ iperf3 -c 192.168.1.100 -t 30

# 输出案例
Connecting to host 192.168.1.100, port 5201
[ 5] local 192.168.1.101 port 54321 connected to 192.168.1.100 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 1.10 GBytes 9.44 Gbits/sec 0 1.08 MBytes
[ 5] 1.00-2.00 sec 1.12 GBytes 9.60 Gbits/sec 0 1.12 MBytes
[ 5] 2.00-3.00 sec 1.11 GBytes 9.53 Gbits/sec 0 1.15 MBytes
[ 5] 3.00-4.00 sec 1.12 GBytes 9.60 Gbits/sec 0 1.18 MBytes
[ 5] 4.00-5.00 sec 1.11 GBytes 9.53 Gbits/sec 0 1.21 MBytes
[ 5] 5.00-6.00 sec 1.12 GBytes 9.60 Gbits/sec 0 1.24 MBytes
[ 5] 6.00-7.00 sec 1.11 GBytes 9.53 Gbits/sec 0 1.27 MBytes
[ 5] 7.00-8.00 sec 1.12 GBytes 9.60 Gbits/sec 0 1.30 MBytes
[ 5] 8.00-9.00 sec 1.11 GBytes 9.53 Gbits/sec 0 1.33 MBytes
[ 5] 9.00-10.00 sec 1.12 GBytes 9.60 Gbits/sec 0 1.36 MBytes
– – – – – – – – – – – – – – – – – – – – – – – – –
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 11.1 GBytes 9.55 Gbits/sec 0 sender
[ 5] 0.00-10.00 sec 11.1 GBytes 9.55 Gbits/sec receiver

iperf Done.

# 配置网络参数
$ cat /etc/sysctl.conf
net.core.somaxconn = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.ip_local_port_range = 1024 65535

$ sysctl -p

# 网络安全配置
# AWS安全组
$ aws ec2 create-security-group \
–group-name my-security-group \
–description “My security group” \
–vpc-id vpc-0123456789abcdef0

$ aws ec2 authorize-security-group-ingress \
–group-id sg-0123456789abcdef0 \
–protocol tcp \
–port 22 \
–cidr 0.0.0.0/0

# Azure网络安全组
$ az network nsg create \
–name my-nsg \
–resource-group my-resource-group

$ az network nsg rule create \
–name allow-ssh \
–nsg-name my-nsg \
–resource-group my-resource-group \
–priority 100 \
–source-address-prefixes ‘*’ \
–destination-port-ranges 22 \
–access Allow \
–protocol Tcp

# GCP防火墙规则
$ gcloud compute firewall-rules create allow-ssh \
–network my-vpc \
–allow tcp:22 \
–source-ranges 0.0.0.0/0

# 配置网络ACL
# AWS网络ACL
$ aws ec2 create-network-acl \
–vpc-id vpc-0123456789abcdef0

$ aws ec2 create-network-acl-entry \
–network-acl-id acl-0123456789abcdef0 \
–rule-number 100 \
–protocol tcp \
–port-range From=22,To=22 \
–cidr-block 0.0.0.0/0 \
–rule-action allow

$ aws ec2 associate-network-acl \
–network-acl-id acl-0123456789abcdef0 \
–subnet-id subnet-0123456789abcdef0

# AWS安全配置
# 配置IAM角色
$ aws iam create-role \
–role-name my-role \
–assume-role-policy-document file://trust-policy.json

$ cat trust-policy.json
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“Service”: “ec2.amazonaws.com”
},
“Action”: “sts:AssumeRole”
}
]
}

# 配置安全组
$ aws ec2 create-security-group \
–group-name my-security-group \
–description “My security group” \
–vpc-id vpc-0123456789abcdef0

# Azure安全配置
# 配置网络安全组
$ az network nsg create \
–name my-nsg \
–resource-group my-resource-group

# 配置Azure AD
$ az ad sp create-for-rbac \
–name my-service-principal \
–role Contributor \
–scopes /subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/my-resource-group

# GCP安全配置
# 配置服务账号
$ gcloud iam service-accounts create my-service-account \
–display-name “My Service Account”

# 配置IAM政策
$ gcloud projects add-iam-policy-binding my-project \
–member serviceAccount:my-service-account@my-project.iam.gserviceaccount.com \
–role roles/compute.instanceAdmin

# 配置防火墙规则
$ gcloud compute firewall-rules create allow-http \
–network my-vpc \
–allow tcp:80 \
–source-ranges 0.0.0.0/0

# AWS安全监控
# 配置CloudTrail
$ aws cloudtrail create-trail \
–name my-trail \
–s3-bucket-name my-bucket

# 配置CloudWatch告警
$ aws cloudwatch put-metric-alarm \
–alarm-name Security-Group-Change \
–alarm-description “Security group change detected” \
–metric-name SecurityGroupEventCount \
–namespace AWS/CloudTrail \
–statistic Sum \
–period 300 \
–threshold 1 \
–comparison-operator GreaterThanOrEqualToThreshold \
–evaluation-periods 1 \
–alarm-actions arn:aws:sns:us-east-1:123456789012:my-topic

# Azure安全监控
# 配置Azure Security Center
$ az security pricing create \
–name “VirtualMachines” \
–tier “Standard”

# 配置Azure Sentinel
$ az deployment group create \
–resource-group my-resource-group \
–template-uri https://aka.ms/sentinel-arm-template

# GCP安全监控
# 配置Cloud Audit Logs
$ gcloud logging sinks create my-sink \
storage.googleapis.com/my-bucket \
–log-filter “resource.type=\”gce_instance\” AND severity>=ERROR”

# 配置Security Command Center
$ gcloud services enable securitycenter.googleapis.com
$ gcloud alpha scc sources update-project \
–project my-project \
–enable

# AWS监控工具
# CloudWatch
$ aws cloudwatch get-metric-statistics \
–namespace AWS/EC2 \
–metric-name CPUUtilization \
–dimensions Name=InstanceId,Value=i-0123456789abcdef0 \
–start-time 2026-04-01T00:00:00Z \
–end-time 2026-04-03T00:00:00Z \
–period 3600 \
–statistics Average Maximum Minimum

# CloudTrail
$ aws cloudtrail lookup-events \
–start-time 2026-04-01T00:00:00Z \
–end-time 2026-04-03T00:00:00Z

# Azure监控工具
# Azure Monitor
$ az monitor metrics list \
–resource
/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/my-resource-group/providers/Microsoft.Compute/virtualMachines/my-vm
\
–metric “Percentage CPU” \
–time-grain PT1H \
–start-time 2026-04-01T00:00:00Z \
–end-time 2026-04-03T00:00:00Z

# Azure Log Analytics
$ az monitor log-analytics workspace create \
–resource-group my-resource-group \
–workspace-name my-workspace \
–location eastus

# GCP监控工具
# Cloud Monitoring
$ gcloud monitoring metrics list \
–filter=”metric.type=’compute.googleapis.com/instance/cpu/utilization'”

# Cloud Logging
$ gcloud logging read “resource.type=gce_instance AND severity>=ERROR” \
–limit 10

# 开源监控工具
# Prometheus和Grafana
$ helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
$ helm install prometheus prometheus-community/kube-prometheus-stack

# 配置监控仪表盘
$ kubectl port-forward svc/prometheus-grafana 3000:80
# 打开浏览器访问 http://fgedudb:3000

# 性能分析工具
# AWS X-Ray
$ aws xray create-group \
–group-name my-group \
–filter-expression “service(\”my-service\”)”

# Azure Application Insights
$ az monitor app-insights component create \
–app my-app-insights \
–resource-group my-resource-group \
–location eastus

# GCP Cloud Trace
$ gcloud services enable cloudtrace.googleapis.com

# 性能分析命令
# 查看CPU使用情况
$ top

# 查看内存使用情况
$ free -h

# 查看磁盘使用情况
$ df -h

# 查看网络使用情况
$ netstat -tuln

# 查看进程情况
$ ps aux

# 分析应用性能
$ perf top

# 输出案例
$ top

top – 10:00:00 up 1 day, 2:34, 1 user, load average: 0.10, 0.05, 0.01
Tasks: 123 total, 1 running, 122 sleeping, 0 stopped, 0 zombie
%Cpu(s): 1.0 us, 0.5 sy, 0.0 ni, 98.0 id, 0.5 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 16384.0 total, 8192.0 free, 4096.0 used, 4096.0 buff/cache
MiB Swap: 8192.0 total, 8192.0 free, 0.0 used. 11264.0 avail Mem

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1234 root 20 0 102400 20480 16384 S 0.3 0.1 0:01.23 nginx
5678 root 20 0 51200 10240 8192 S 0.2 0.1 0:00.56 sshd
9012 root 20 0 25600 5120 4096 S 0.1 0.0 0:00.23 bash

# 成本分析工具
# AWS Cost Explorer
$ aws ce get-cost-and-usage \
–time-period Start=2026-03-01,End=2026-03-31 \
–granularity MONTHLY \
–metrics “BlendedCost” “UnblendedCost” “UsageQuantity” \
–group-by Type=DIMENSION,Key=SERVICE

# Azure Cost Management
$ az cost management export create \
–name “cost-export” \
–storage-account-id
“/subscriptions/12345678-1234-1234-1