Uploaded by omomohabraham

Cloud+for+Beginners+Course+Slides

advertisement
SECTION 2
The Building Blocks of
Cloud Computing
Compute – Basic architecture of a computer
Compute – Basic architecture of a computer
RAM is nonpersistent
storage
Central Processing
Unit (CPU)
Processor (CPU)
Memory (RAM)
Random Access
Memory (RAM)
Files/data are loaded
into memory
Measurements:
Ø CPU is measured in Gigahertz
(Ghz)
Ø RAM is measured in Gigabyte (GB)
Ø HDD is measured in Gigabyte (GB)
Ø NIC is measured in Megabits per
second (Mbps) or Gigabits per
second (Gbps)
Network
Switch/Router
Hard Disk Drive (HDD)
Data is persistent
Network
Interface Card
(NIC)
Internet
Compute – Basic architecture of a computer
Processor (CPU)
Memory (RAM)
Network
Switch/Router
Hard Disk Drive (HDD)
Network
Interface Card
(NIC)
Internet
Compute – Servers vs Desktops/Laptops
Server
Server Hardware Build:
Ø Hardware is more specialized
Ø Much higher prices compared
to desktops / laptops
Ø Includes redundancy
Desktop
Laptop
Servers can be used by
many users over a network
Compute – Client / Server Computing
Port: 80
The client application
finds the server by IP
address
Protocol: HTTP
A port is like a door
into the server
Web Server
Port: 445
Protocol: SMB
File Server
Port: 25
Email Server
Protocol: SMTP
Storage – Hard Drives
Hard Disk Drive (HDD)
Solid State Drive (SSD)
Ø Also known as magnetic
drives
Ø Older technology
Ø Much slower than SSD
Ø Much cheaper than SSD
Ø
Ø
Ø
Ø
Uses flash memory
Newer technology
MUCH faster than HDD
More expensive than HDD
Storage – Hard Drives
Disk Management
Hard drives are
block-based
storage systems
C:Volume D:
8001000
GB GB200 GB
The Operating System
(OS) sees a volume. A
volume can be partitioned
and formatted
Hard Disk Drive
(HDD)
Hard drives are block-based storage systems
Storage – Network Attached Storage
The Operating System (OS)
sees a filesystem that is
mapped to a local drive letter
The NAS “shares”
filesystems over the
network
NIC
Network Switch
Network Attached
Storage Server (NAS)
NAS devices are file-based storage systems
Storage – Object Storage Systems
User uploads objects
using a web browser
There is no hierarchy of
objects in the container
Objects can be files,
videos, images etc.
The HTTP protocol is
used with a REST API
(e.g. GET, PUT, POST,
SELECT, DELETE)
Object Storage
Container
Storage – Block vs File vs Object
The OS sees volumes
that can be partitioned
and formatted
A filesystem can be
shared by many users
Block Storage
Massively scalable,
low cost
File Storage
Object Storage
Disk Management
There is no
hierarchy of
objects in the
container
C:Volume D:
8001000
GB GB200 GB
Object Storage
Container
The OS reads/writes at
the block level. Disks
can be internal, or
network attached
A filesystem is
“mounted” to the OS
using a network share
Uses a REST
API
IP Addressing Primer
User enters website
address in browser
Name
Type
Value
mycompany.local
A
192.168.0.1
emailserver.local
A
192.168.0.2
DNS Server
Domain name is resolved
to the IP address of the
webserver
Computer connects to
192.168.0.1
Web Server
IP Addressing Primer
Each part of the
address is a
binary octet
An IPv4 address has a
network and host ID
192
.
168
.
11111111
00000000
Host ID
0
.
1
255
.
255
. 255 .
Network ID
The subnet mask is
used to define the
network and host ID
0
IP Addressing Primer
11000000
192
11111111
10101000
.
168
.
0
1
.
255
.
00000000
255
. 255 .
0
00000001
Most significant bit
1
1
1
1
1
1
1
1
128
64
32
16
8
4
2
1
Binary Values
Least significant bit
IP Addressing Primer
A network and subnet mask can
also be written in this format
Network
192
.
168
.
0
.
0
255
.
255
. 255 .
0
Subnet Mask
=
192.168.0.0/24
IP Addressing Primer – How many host addresses?
8 bits
Class A
10
8 bits
.
0
8 bits
.
0
8 bits
.
0
Class B
172
.
16
.
0
.
0
Class C
192
.
168
.
0
.
0
First address = 10.0.0.1
Last address = 10.255.255.255
Total addresses = 16777214
First address = 172.16.0.0
Last address = 172.16.255.255
Total addresses = 65534
First address = 192.168.0.1
Last address = 192.168.0.255
Total addresses = 255
Networking – Routers and Switches
IP Subnet A: 192.168.0.0/24
Destination
Interface
192.168.0.0/24
eth0
10.0.0.0/24
eth1
Route Table
192.168.0.1
192.168.0.2
192.168.0.6
Switch
eth0
eth1
10.0.0.1
10.0.0.6
192.168.0.3
10.0.0.2
Switch
Router
192.168.0.5
192.168.0.4
IP Subnet B: 10.0.0.0/24
10.0.0.3
10.0.0.5
10.0.0.4
Networking - Firewalls
POLICY
PROTOCOL
PORT
DESTINATION
SOURCE
ALLOW
HTTP
80
INTERNAL
ANY
ALLOW
HTTPS
443
INTERNAL
ANY
DENY
ANY
ANY
INTERNAL
ANY
Firewall Rules
IP Subnet A
Database Server
IP Subnet B
Application Server
Firewall
Database Server
Application Server
Web Server
Firewall
Web Server
Firewall
The Internet
Databases
Structured Query Language (SQL) query:
SELECT FirstName
FROM employees
WHERE Location = Sydney
Application servers are
specialized computers
running software
Database servers are
specialized computers
running a database engine
Application Servers
Database Server
Popular database engines:
Ø Microsoft SQL Server
Ø MySQL
Ø Oracle
Ø PostgreSQL
Ø DB2
Ø SAP HANA
Server without Virtualization
Application
Operating System
Limitations:
Ø OS is tied to hardware (no portability)
Ø Hardware resources may be underutilized
Website
Windows OS
Hardware
Server
Server with Virtualization
Website
Windows OS
Many VMs can run on the
same physical hardware
This is known as a
virtual server or
”virtual machine”
Website
Windows OS
Virtual hardware is
presented to the OS
The hypervisor creates a
layer of abstraction
Hypervisor
Server
Server with Virtualization
Website
Windows OS
Website
Windows OS
Website
Windows OS
Website
Windows OS
Hypervisor
Server
Website
Windows OS
Website
Windows OS
Server Virtualization: Portability
Website
Windows OS
Hypervisor
Server
Hypervisor
Server
Server Virtualization: Portability
Website
Windows OS
Hypervisor
Server
Hypervisor
Server
Docker Containers
Every VM needs an operating system
which uses significant resources
Website
Windows OS
Docker Engine
Hypervisor
Server
Windows OS
Server
Docker Containers
Containers are very
resource efficient
Containers start up very
quickly
A container includes all
the code, settings, and
dependencies for
running the application
Each container is isolated
from other containers
Docker Engine
Windows OS
Server
Application Programming Interfaces (APIs) – Building a house analogy
Builder provides set
of standard options
Client
Builder
Application Programming Interfaces (APIs) – Building a house analogy
Electrician
Client
Builder
The builder gives
instructions to the
workers in a language
they understand
Carpenter
Construction
Application Programming Interfaces (APIs)
The API provides the
instructions developers
use in their code
HTTP Protocol
Client
Web Site
API
Application
RESTful API
Instructions are sent to
API using the HTTP
protocol
Database
SECTION 3
Cloud Computing
Overview
Legacy IT / Traditional IT
This model is very
capital intensive
Corporate
data center
The IT equipment
is owned by the
company
Storage Servers
Servers
A company typically
leases space in a data
center, or may own the
whole building
Router
Switch
Firewall
Backup System
Legacy IT / Traditional IT
Corporate
data center
Corporate Office
Storage Servers
Servers
Router
Switch
Firewall
Backup System
IT staff must design,
build, operate, and
manage equipment
Legacy IT / Traditional IT
Corporate
data center
Storage Servers
Servers
Router
Switch
Firewall
Backup System
Costs:
Ø Data center building
Ø Data center security
Ø Physical IT hardware
Ø Software licensing costs
Ø Maintenance contracts
Ø Power
Ø Internet connectivity
Ø Staff wages (design, build,
operations, maintenance)
What is Cloud Computing? Well-known examples
Non-Cloud Services:
Email Server
Cloud Services:
Gmail
You don’t own or manage
the infrastructure on which
the service runs
Cloud services are offered
on a subscription /
consumption model
File Server
Dropbox
The service scales as
demand changes
Customer Relationship
Management (CRM)
Salesforce
What is Cloud Computing? The Key Characteristics
Name
Description
On-demand, self-service
A user can consume cloud resources, as needed, automatically,
and without human interaction
Broad network access
Capabilities are available over the network using standard
mechanisms. Can be the Internet or a Wide Area Network
(WAN)
Resource pooling
The providers resources are pooled and serve multiple
consumers using a multi-tenant model
Rapid elasticity
Capabilities can scale “elastically” based on demand
Measured service
Resource usage is monitored and metered
Deploying an eCommerce Website on-premises (aka the old way)
Assumes you don’t have a private
cloud, or don’t have enough capacity
Activity:
1) Purchase hardware
Timeline:
4-12 weeks
2) Install and build
3) Acceptance testing
1) Handover to operations
4-8 weeks
2-4 weeks
1-2 weeks
3-6 months
Deploying an eCommerce Website in the Cloud
Customers connect
over the Internet to
place orders
Customers
AWS Cloud
Corporate Office
Website
Admin
The Internet
The admin deploys an eCommerce website / database
to AWS using the AWS Management Console
Database
Launching Cloud Services: Management Console
Management Console
A web-based console accessed
through a standard web browser
Launching Cloud Services: Command Line
Command Line
This command launches a virtual server
(instances) on Amazon Web Services
aws ec2 run-instances --image-id ami-xxxxxxxx --count 1 --instance-type
t2.micro
aws s3 ls s3://mys3databucket
This command lists the contents
of a storage container (bucket) on
Amazon S3
Launching Cloud Services: Software Development Kit
Code (SDK)
A developer writes code in an integrated
development environment (IDE)
The code leverages
the SDK to work
with cloud services
Cloud Service Models: Private Cloud
Java WebApp
Data
Java Runtime
Managed
by you
Linux OS
Hypervisor
Server
A private cloud must also
include self-service,
multi-tenancy, metering,
and elasticity
Cloud Service Models: Infrastructure as a Service (IaaS)
Java WebApp
Managed
by you
Data
Java Runtime
Linux OS
Examples:
Ø Amazon Elastic Compute Cloud (EC2)
Ø Azure Virtual Machines
Ø Google Compute Engine
Cloud Service Models: Platform as a Service (PaaS)
Managed
by you
Java WebApp
Data
Examples:
Ø AWS Elastic Beanstalk
Ø Azure WebApps
Ø Compute App Engine
Cloud Service Models: Software as a Service (SaaS)
Managed
by you
Java WebApp
Pure consumption
model
Examples:
Ø Google Apps
Ø Salesforce.com
Ø Zoom
Cloud Service Models: Comparison
Private Cloud
IaaS
PaaS
Java WebApp
Java WebApp
Java WebApp
Data
Data
Data
Java Runtime
Linux OS
Java Runtime
Linux OS
Hypervisor
You manage from the
virtual server upwards
You manage everything greater responsibility +
greater control
You simply upload your
code/data to create your
application
SaaS
Java WebApp
You simply consume the
service - little
responsibility + little
control
Cloud Computing Deployment Models
Name
Description
Examples
Private Cloud
An enterprise deploys their own infrastructure
VMware, Microsoft,
and applications into their own data center
RedHat, OpenStack
The IT services that you consume are hosted and
AWS, Microsoft Azure,
Public Cloud
delivered from a third-party and accessed over the Google Cloud Platform
Internet
Hybrid Cloud
A combination of on-premises, private cloud, and
public cloud services are consumed
Multicloud
Usage of two or more public clouds at a time, and
possibly multiple private clouds
Deployment Models – Private Cloud
Data center
Self Service Portal
/ Service Catalog
Network & Firewall
You build and manage the
cloud deployment
Automation and
Configuration
Management
Billing and
Reporting
Virtualization Cluster
Multi-tenancy
controller
Storage & Backup
Cloud management
software layer
Benefits
Ø Complete control of the
entire stack
Ø Security – in a few
cases, organizations
may need to keep all or
some of their
applications and data in
house
Deployment Models – Public Cloud
Benefits:
Ø Variable expense, instead of capital expense
Ø Economies of scale
Ø Massive elasticity
Public Cloud
AWS Cloud
Corporate Office
Compute
The Internet
Connected using either the
Internet or a private link
Network
Storage
Database
Deployment Models – Hybrid Cloud
Benefits:
Ø Allows companies to keep the critical applications and sensitive data in a traditional
data center environment or private cloud
Ø Take advantage of public cloud resources like SaaS, for the latest applications, and
IaaS, for elastic virtual resources
Ø Facilitates portability of data, apps and services and more choices for deployment
models
Public Cloud
AWS Cloud
Private Cloud
Data center
Organization
The Internet
Connected using either the
Internet or a private link
SECTION 4
Demystifying Cloud
Architecture
Stateful vs Stateless Applications
Stateless:
Stateful:
Netflix records
what has been
watched
No “state” is
recorded about
the user's session
Person check a
news website
Person logs into
Netflix
Stateful vs Stateless Applications
No data is stored
on the web server,
it is stateless
eCommerce Application
Database Server
Application Server
Web Server
When the user purchases, the
application layer processes the
order and records the data in the
database. This is stateful
User
The cart items are
stored in cookies
on the computer
Stateful vs Stateless Applications
No data is stored
on the web server,
it is stateless
eCommerce Application
Database Server
Application Server
Web Server
When the user purchases, the
application layer processes the
order and records the data in the
database. This is stateful
User
The cart items are
stored in cookies
on the computer
Scalability and Elasticity: Scaling Up
Application
Windows OS
Server
Scalability and Elasticity: Scaling Up
Application
Scaling up means
adding resources to
the server
Windows OS
Server
Scalability and Elasticity: Scaling Up
Application
Windows OS
Scaling up means
adding resources to
the server
Server
Scalability and Elasticity: Scaling Out
Application
Windows OS
Server
Scalability and Elasticity: Scaling Out
Application
Windows OS
Server
Scalability and Elasticity: Scaling Out
Scaling out means
adding additional
servers
Application
Windows OS
Application
Application
Windows OS
Application
Windows OS
Windows OS
Server
Server
Load Balancing
Each user connects
to example.com
Cloud
Web Server 1
Web Server 2
Web Server 3
User 1
Load Balancer
User 2
The load balancer
re-routes the
connection
User 3
Fault Tolerance
Redundant components
allow the system to
continue to operate
Processor (CPU)
Hard Disk Drive
Memory (RAM)
Hard Disk Drive
Network Card
The system may fail if
there is no built-in
redundancy
High Availability and Fault Tolerance
Cloud
Availability Zone
Think of an availability
zone as a separate
data center
Web Server 1
User 1
Web Server 2
Availability Zone
Web Server 3
Web Server 4
Load Balancer
User 2
User 3
High Availability and Fault Tolerance
Cloud
Availability Zone
Auto Scaling
launches a new
web server
Think of an availability
zone as a separate
data center
Web Server 1
User 1
Web Server 5
Availability Zone
Auto Scaling
Web Server 3
Web Server 4
Load Balancer
User 2
User 3
High Availability and Fault Tolerance
Cloud
Availability Zone
Think of an availability
zone as a separate
data center
Web Server 1
User 1
Web Server 5
Load Balancer
User 2
User 3
Tight Coupling
Web Tier
App Tier
App tier cannot keep
up with demand
Loose Coupling
Web Tier
App Tier
Messages wait in the
queue for processing
Message Queue
Producers send
messages to the queue
Loose Coupling
Web Tier
App Tier
Messages wait in the
queue for processing
Consumers poll the
queue for messages
Message Queue
Monolithic Application
Storefront User
Interface
Mobile
Interface
Order
Service
Account
Management
Payment
Service
Shipping
Service
Database
Monolithic Application
Updates to, or
failures of, any single
component can take
down the whole
application
Storefront User
Interface
Mobile
Interface
Order
Service
Account
Management
Payment
Service
Shipping
Service
Database
The user interface,
business logic, and
data access layer are
combined on a single
platform
Monolithic Application
Monolithic Application
Linux OS
User 1
Monolithic Application
Linux OS
Monolithic Application
Linux OS
Load Balancer
User 2
User 3
Monolithic Application
Storefront User
Interface
Mobile
Interface
Order
Service
Account
Management
Payment
Service
Shipping
Service
Database
A microservice is an
independently
deployable unit of code
Microservices Architecture
Microservices are often
loosely coupled
Order
Microservice
Order
Database
Storefront User
Interface
Microservice
Account
Microservice
Customer
Database
Mobile
Interface
Microservice
Payment
Microservice
Billing
Database
Microservices are
organized around
business capabilities
Shipping
Microservice
Shipping
Database
Microservices using Docker Containers
Storefront User
Interface
Microservice
Shipping
Microservice
Order
Microservice
Docker Engine
Linux OS
Server
Microservices using Docker Containers
Many instances of each microservice
can run on each host
Microservices can also be
spread across hosts
Docker Engine
Docker Engine
Docker Engine
Linux OS
Linux OS
Linux OS
Server
Server
Server
Microservices: Attributes and Benefits
Microservices Attribute
Microservices Benefit
Use of Application Programming Interfaces (APIs) Easier integrations between application components;
assists with loose coupling
Independently deployable blocks of code
Can be scaled and maintained independently
Business-oriented architecture
Development organized around business capabilities;
teams may be cross-functional and services may be reused
Flexible use of technologies
Each microservice can be written using different
technologies (e.g. programming languages)
Speed and agility
Fast to deploy and update. Easy to include high availability
and fault tolerance for each microservice
Event-driven Architecture
eCommerce Application
Database Server
Application Server
Web Server
User
User places an
order
Event-driven Architecture
eCommerce Application
Database Server
Application Server
Web Server
User
User places an
order
Event-driven Architecture
eCommerce Application
Database Server
Application Server
Web Server
User
Event-driven Architecture
A record of the
order is written to
the database
eCommerce Application
Database Server
Application Server
Web Server
User
The event publisher notifies
an event processor
Event Processor
The event processor
processes the record
from the database
Database Server
The processed data is
written to a separate
database
SECTION 5
Getting Started with
AWS
Amazon Web Services History
Internally
launched in
2002
Amazon SQS
public launch
2004
Vision set out for AWS
publicly with potential
for public offerings 2003
Re-launch with
S3, SQS, EC2
2006
All amazon.com
retail sites migrated
to AWS 2010
Sales of $1.57
billion 2015
Revenue of $25
billion 2018
Amazon Web Services (AWS)
This is actually a
snapshot of AWS
services from a few
years ago..
There are now well
over 200 services!
Gartner Magic Quadrant 2019
Ø According to Gartner in 2018 AWS was the leader in
IaaS with over 48% share
Ø AWS has been the leader for 10 years in a row!
Ø $40 billion in revenue in 2019
The AWS Global Infrastructure
Every region is connected
via a high bandwidth, fully
redundant network
Region – us-east-1
Availability
Zone
Availability
Zone
Region – eu-west-1
Availability
Zone
Availability
Zone
Availability
Zone
Availability
Zone
An Availability Zone
is composed of one
or more data centers
Each region consists
of two or more
Availability Zones
There are 24 regions
around the world
Region – ap-southeast-2
Availability
Zone
Availability
Zone
Availability
Zone
Each region is
completely
independent
Fundamentals of AWS Pricing
Compute
Storage
Outbound Data Transfer
Quantity of data
that is
transferred out
from all services
Amount of resources
such as CPU and
RAM and duration
Quantity of data
stored
AWS Identity and Access Management Service (IAM)
AWS Identity and Access Management (IAM)
Policies are documents
that define permissions
and can be applied to
users, groups and roles
IAM Policy
IAM Policy
Roles are “assumed” by
trusted entities and can
be used for delegation
IAM Policy
IAM User
An IAM user is an
entity that represents
a person or service
Groups are collections of
users and have policies
attached to them
IAM Group
IAM Role
Authentication Methods
Consists of an Access key
ID and secret access key
Used for programmatic
access to the API
Access Key
API
EJPx!*21p9%
IAM User
Password
AWS Management Console
Used for authenticating to
the AWS Management
console
Amazon Virtual Private Cloud (VPC)
A VPC is a logically
isolated portion of the
AWS cloud within a
region
Region
VPC
Subnets are
created within
AZs
Main Route Table
Availability Zone
Public subnet
Destination
Target
172.31.0.0/16
Local
0.0.0.0/0
igw-id
EC2 Instance
Availability Zone
Router
Private subnet
You can launch virtual servers
into your VPC subnets
Internet
gateway
EC2 Instance
An Internet Gateway is
used to connect to the
Internet
The route table is used
to configure the VPC
router
Multiple VPCs
Each VPC has a different
block of IP addresses
CIDR stands for Classless
Interdomain Routing
Region
VPC
VPC
CIDR 172.31.0.0/16
CIDR 10.0.0.0/16
Availability Zone
Availability Zone
Availability Zone
Availability Zone
Public subnet
Public subnet
Public subnet
Public subnet
Private subnet
Private subnet
Private subnet
Private subnet
Each subnet has a block
of IP addresses from the
CIDR block
You can create multiple
VPCs within each region
AWS Public and Private Services
AWS Cloud
VPC
Availability Zone
Amazon DynamoDB
Amazon S3
EC2 Instance
Public services have
public IP addresses /
endpoints
Public Internet
Internet
gateway
Amazon CloudFront
Amazon RDS
Private subnet
EC2 Instance
Amazon Route 53
Private services can
have public IP
addresses but exist
within the VPC
Public subnet
Amazon Elastic File
System
Security Groups & Network Access Control Lists (NACLs)
VPC
Availability Zone
Private subnet
Public subnet
Security
Group B
Security Groups
apply at the
Instance level
Security
Group A
Network ACL
Network ACL
Availability Zone
Private subnet
Security
Group A
Security
Group B
NACLs apply at
the subnet level
Public subnet
Security
Groups can be
applied to
Network ACL
instances in
any subnet
Router
Security
Group A
Network ACL
Stateful vs Stateless Firewalls
PROTOCOL
SOURCE IP
HTTP
10.1.1.1
10.2.1.10
65188
80
HTTP
10.2.1.10
10.1.1.1
80
65188
Web Server
(10.2.1.10)
DESTINATION IP SOURCE PORT
Src Port: 80
Dest Port: 65188
Dest Port: 80
Src Port: 65188
A stateful firewall
allows the return
traffic automatically
Firewall
DESTINATION PORT
Client
(10.1.1.1)
A stateless firewall
checks for an allow
rule for both
connections
Security Groups & Network Access Control Lists (NACLs)
Security Group
Network ACL
Operates at the instance (interface) level
Operates at the subnet level
Supports allow rules only
Supports allow and deny rules
Stateful
Stateless
Evaluates all rules
Processes rules in order
Applies to an instance only if associated
Automatically applies to all instances in
with a group
the subnets its associated with
SECTION 6
Amazon Elastic
Compute Cloud (EC2)
Amazon Elastic Compute Cloud
EC2 instances
run Windows or
Linux OS
EC2 Instance EC2 Instance EC2 Instance
EC2 hosts are
managed by AWS
An EC2 instance
is a virtual server
Website
Windows OS
EC2 Instance EC2 Instance EC2 Instance
EC2 Instance EC2 Instance EC2 Instance
EC2 Host Server
Public, Private, and Elastic IP addresses
Type
Description
Public IP address
Lost when the instance is stopped
Used in Public Subnets
No charge
Associated with a private IP address on the instance
Cannot be moved between instances
Private IP address
Retained when the instance is stopped
Used in Public and Private Subnets
Elastic IP address
Static Public IP address
You are charged if not used
Associated with a private IP address on the instance
Can be moved between instances and Elastic Network Adapters
Public Subnets
Region
Public Subnet Route Table
VPC
Availability Zone
Public subnet
Public-IP or
Elastic IP
EC2 Instance
Private subnet
Internet
gateway
Destination
Target
172.31.0.0/16
Local
0.0.0.0/0
igw-id
Private Subnets
NAT = Network Address Translation
Region
NAT Gateway forwards
connections to the Internet
VPC
Availability Zone
Public subnet
NAT gateway
Elastic-IP
Public Subnet Route Table
Destination
Target
172.31.0.0/16
Local
0.0.0.0/0
igw-id
Private-IP
Private subnet
Private-IP
EC2 Instance
Internet
gateway
Private Subnet Route Table
Destination
Target
172.31.0.0/16
Local
0.0.0.0/0
nat-gateway-id
Launching an Amazon EC2 instance
Amazon Machine
Image (AMI)
EBS Snapshot
Linux
Microsoft
Windows
Instance Type
Family
Type
vCPUs
Memory (GiB)
General purpose
t2.micro
1
1
Compute optimized
c5n.large
2
5.25
Memory optimized
r5ad.large
2
16
Storage optimized
d2.xlarge
4
30.5
GPU instances
g2.2xlarge
8
15
Using Key Pairs with Amazon EC2
AWS Cloud
The key pair is
associated with an
IAM account
VPC
Availability Zone
Public subnet
S3 Bucket
IAM User
EC2 Instance
Private subnet
The key pair will use
any permissions
assigned to the IAM
user
Policy
AWS CLI configured
with key pair
Using Roles with Amazon EC2
AWS Cloud
VPC
The role is assumed
by the EC2 instance
S3 Bucket
IAM Role
Availability Zone
Public subnet
EC2 Instance
Private subnet
Policy
No credentials are
stored on the instance
Amazon EC2 Auto Scaling
Auto Scaling
launches extra
instance
Availability Zone
Availability Zone
Public subnet
EC2 Status
Checks fail
Public subnet
EC2 Instances
Auto Scaling group
EC2 Instances
CloudWatch
notifies Auto
Scaling to scale
ASG replaces
failed instance
Metric reports
CPU > 80%
Metrics
Amazon CloudWatch
Metrics
Amazon Elastic Load Balancing
Availability Zone
Public subnet
EC2 Auto Scaling
terminates instance 1
Instance 1
ELB takes instance 1
out of service (failed
health check)
User 1
Instance 2
Auto Scaling
Availability Zone
Public subnet
Elastic Load
Balancer
Instance 3
Instance 4
User 2
User 3
User 1 is
connected to
instance 4
Amazon Elastic Load Balancing
Availability Zone
Public subnet
EC2 Auto Scaling
Launches instance 5
User 1
Instance 5
Instance 2
User 2
Auto Scaling
Availability Zone
Public subnet
Elastic Load
Balancer
User 3
Instance 3
Instance 4
This architecture includes high availability and fault tolerance
User 4
SECTION 7
AWS Storage
Block, File, and Object Storage
Amazon Elastic Block
Store (EBS)
Amazon Elastic File
System
Corporate data center
http://s3.aws-region.amazonaws.com/bucket/object
Availability Zone
HDD/SSD
Amazon S3
File system
On-premises client
Volume
REST API: GET, PUT,
POST, SELECT, DELETE
Uses the NFS
Protocol
/dev/xvdf
or C:
Linux only
Availability Zone
/efs-mnt
EC2 Instance
EC2 Instance
Availability Zone
Object
/efs-mnt
EC2 Instance
Internet Client
Amazon Elastic Block Store (EBS)
Availability Zone
EBS volumes
exist within an
Availability Zone
The volume is automatically
replicated within the AZ
EBS Volume
EBS Volume
The volume is
mounted over a
network
C:
D:
EC2 Instance
Amazon Elastic Block Store (EBS)
Solid State Drives (SSD)
Volume Type
Short Description
Use Cases
Hard Disk Drives (HDD)
EBS Provisioned
EBS General Purpose
Throughput Optimized HDD
Cold HDD (sc1)
IOPS SSD (io1)
SSD (gp2)
(st1)
Highest
General Purpose SSD
Low cost HDD volume
Lowest cost HDD
performance
volume
I/O-Intensive
Boot volumes, low-
Big data, data warehouses,
Colder data requiring
NoSQL and
latency interactive apps,
log processing
fewer scans per day
relational
dev & test
databases
Volume Size
4GB – 16TB
1 GB – 16 TB
500 GB – 16 TB
500 GB – 16 TB
Max IOPS/Volume
64,000
16,000
500
250
Max
1,000 MB/s
250 MB/s
500 MB/s
250 MB/s
Throughput/Volume
Amazon Elastic Block Store (EBS) vs Instance Store
EBS volumes are
attached over the
network
Availability Zone
EBS Volume
EBS Volume
Instance Store volumes
are ephemeral (nonpersistent
Instance Store volumes are
physically attached to the host
and offer high -performance
EC2 Host Server
EBS volumes
offer persistent
storage
Amazon EBS Snapshots
Region
Availability Zone A
EBS Volume
EC2 Instance
Snapshots are
incremental and are
stored on S3
Amazon S3
A snapshot is a pointin-time backup of your
volume
Availability Zone B
EC2 Instance
Snap A
EBS Volume
You can restore to a
volume in another AZ
Snap B
You only need the
most recent snapshot
to restore
Snap C
Amazon Elastic File System (EFS)
Amazon Elastic File
System
File system
Uses the NFS
Protocol
Corporate data center
On-premises client
Linux only
Availability Zone
/efs-mnt
EC2 Instance
Availability Zone
/efs-mnt
EC2 Instance
Amazon Simple Storage Service (S3)
Bucket
A bucket is a container
for objects
http://bucket.s3.aws-region.amazonaws.com
EC2 instances
connect using
private addresses
Private Connection
Amazon S3
http://s3.aws-region.amazonaws.com/bucket
VPC
S3 Gateway Endpoint
Public subnet
Object
An objects consists of:
Ø Key (name of objects)
Ø Version ID
Ø Value (actual data)
Ø Metadata
Ø Subresources
Ø Access control information
Public Internet
Internet
gateway
EC2 instances
connect using
public addresses
EC2 Instance
Private subnet
EC2 Instance
Internet Client
SECTION 8
AWS Databases
Amazon Relational Database Service (RDS)
RDS runs on EC2
instances, so you choose
an instance type
RDS is a managed,
relational database
Amazon RDS
RDS supports the following
database engines:
Ø Amazon Aurora
Ø MySQL
Ø MariaDB
Ø Oracle
Ø Microsoft SQL Server
Ø PostgreSQL
EC2
Amazon RDS – Scaling up (vertically)
M4 Instance
M4 instance
db.m4.large 2
vCPUs, 8 GiB
RAM
db.m4.2xlarge 4
vCPUs, 32 GiB
RAM
Amazon RDS – Disaster Recovery (DR) and Scaling Out (horizontally)
Region
VPC
Application servers can
read from the read replica
and write to the master
Availability Zone
Multi-AZ creates a
passive standby.
Primarily used for
disaster recovery
Writes
RDS Standby
EC2 App Server
Writes
EC2 App Server
Synchronous
replication
Availability Zone
Asynchronous
replication
RDS Master
RDS Read Replica
Reads only
Read Replicas are used
for scaling database
queries (reads)
Amazon DynamoDB
Fully managed
service. You create
tables on an existing
database
Offers seamless,
horizontal, scaling
DynamoDB Table
DynamoDB is a NoSQL,
key-value type of database
Data is replicated
across multiple AZs
within a region
Amazon DynamoDB
Ø DynamoDB is made up of:
Ø Tables
Ø Items
Ø Attributes
userid
orderid
book
price
date
user001
1000092
ISBN100..
9.99
2020.04..
user002
1000102
ISBN100..
24.99
2020.03..
user003
1000168
ISBN2X0..
12.50
2020.04..
SECTION 9
Automating Your
Deployments
AWS CloudFormation
CloudFormation
deploys infrastructure
using code
You define the AWS
services to create in a
template
AWS CloudFormation
CloudFormation creates
and configures resources
according the the template
AWS Elastic Beanstalk
Region
VPC
Elastic Beanstalk environment
AWS Elastic Beanstalk
Availability Zone
Everything within
the EB environment
is launched and
managed by EB
Developer
Client
Public subnet
Upload source
code in ZIP file
Instance
Auto Scaling
group
Availability Zone
Application
Load
Balancer
Public subnet
Instance
SECTION 10
DevOps on AWS –
Creating a Code Pipeline
Continuous Integration
Build servers build
and test code
Code repository
could be GitHub,
CodeCommit etc.
AWS CodeCommit
Developer
pushes code
AWS CodeBuild
Results returned to
Developer
Continuous Integration & Continuous Delivery
AWS CodePipeline
Build servers build
and test code
AWS CodeCommit
Developer
pushes code
Code released for
deployment
AWS CodeBuild
Code pushed to
application
AWS CodeDeploy
Results returned to
Developer
Application
Application
AWS CodePipeline with Elastic Beanstalk
AWS CodePipeline
AWS CodeCommit
AWS Elastic Beanstalk
Elastic Beanstalk environment
Node.js App
Developer
AWS CodeStar
IDE connects to
CodeStar
AWS CodeStar
AWS CloudFormation
Bucket
AWS CodeCommit
AWS CodeBuild
Lambda function
Developers
AWS CodeDeploy
API Endpoint
SECTION 11
Content Delivery and
DNS Services
Amazon Route 53
Amazon Route 53
Health Checks
Domain Registration
.net
.com
.org
Hosted zone
example.com
dctlabs.com
EC2 Instances
Traffic Flow
DNS Resolution
User enters website
address in browser
Name
Type
Value
mycompany.local
A
192.168.0.1
emailserver.local
A
192.168.0.2
DNS Server
Domain name is resolved
to the IP address of the
webserver
Computer connects to
192.168.0.1
Web Server
DNS Resolution with AWS Route 53
Amazon Route 53
What’s the address for
example.com?
A hosted zone represents a
set of records belonging to a
domain
example.com
Region
Address is 8.1.2.1
VPC
Availability Zone
Public subnet
HTTP GET to 8.1.2.1
Web Server:
8.1.2.1
Route 53 DNS Record Types
Routing Policy
What it does
Simple
Simple DNS response providing the IP address associated with a name
Failover
If primary is down (based on health checks), routes to secondary destination
Geolocation
Uses geographic location you’re in (e.g. Europe) to route you to the closest
region
Geoproximity
Routes you to the closest region within a geographic area
Latency
Directs you based on the lowest latency route to resources
Multivalue answer
Weighted
Returns several IP addresses and functions as a basic load balancer
Uses the relative weights assigned to resources to determine which to route to
Amazon CloudFront
CloudFront Origins
Content is pushed
from the origin and
cached
Users
Region
Amazon S3
Amazon EC2
Users
Edge location
Edge location
Edge locations are
distributed around
the world
Edge location
Edge location
Users are directed
to the nearest edge
location
Users
Edge location
Users
Edge location
Users
Users
Edge location
Users
SECTION 12
Containers and
Serverless
Amazon Elastic Container Service (ECS)
Availability Zone
Availability Zone
ECS Cluster
An Amazon ECS
Cluster is a logical
grouping of tasks
or services
ECS Service
Task
Task
Task
Task
An ECS Task is
created from a
Task Definition
Task
Task
An ECS Task is a
running Docker
container
ECS Services are
used to maintain a
desired count of
tasks
Task
Task
Task Definition
{
"containerDefinitions": [
{
"name": "wordpress",
"links": [
"mysql"
],
"image": "wordpress",
"essential": true,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
],
"memory": 500,
"cpu": 10
}
AWS Lambda
Code is executed
Developer uploads
some code
Event occurs: Source
can be CLI, API,
SDK or a trigger
Lambda function
Developer
AWS Lambda – Hello World
Region
Event is written to
CloudWatch Logs
Amazon CloudWatch
Run test event
AWS Lambda
User
SECTION 13
Loose Coupling
Amazon Simple Notification Service (SNS)
Transport
Protocols
Subscribers
Lambda
Decoupling
Amazon Simple Queue
Service
Publisher
Amazon Simple
Notification Service
Topic
HTTP/HTTPS
Email/EmailJSON
Web Application
Email
SMS
Text
Amazon Simple Queue Service (SQS)
Auto Scaling Group
Auto Scaling Group
Direct integration
Web Tier
Auto Scaling Group
App Tier
Decoupled integration
Auto Scaling Group
Queue
Amazon Simple Queue
Service
Web Tier
EC2 instance
polls SQS
App Tier
AWS Lambda to Amazon SQS Event Source Mapping
Add message to
SQS queue
Region
AWS Lambda
Event written to
CloudWatch Logs
Lambda polls
the SQS queue
Amazon CloudWatch
Amazon Simple Queue
Service
User
Serverless application: Amazon SQS, SNS, and Lambda
Amazon CloudWatch
Event is written to
CloudWatch Logs
Amazon SNS Topic
Amazon Simple Queue
Service
Submit notification
to SNS Topic
User
Lambda
polls SQS
AWS Lambda Function
SECTION 14
Get Certified on AWS
Why work in cloud computing?
1)
2)
3)
4)
Job demand
Globally relevant skills
Rewarding career paths
Great salaries
Why get AWS certified?
1)
2)
3)
4)
Demonstrate skills to employers
Differentiate yourself
Gain knowledge
Develop practical skills
AWS Certification
THE END
Hope you enjoyed the
course!
Download