Module 1 AWS Cloud Defined Module Overview ● Introduction to the Cloud ○ ○ ○ General concepts and characteristics “As a Service” Deployment models ● Introduction to AWS Cloud ○ ○ Service categories Services and tools in each Introduction to the Cloud What is the Cloud? ● NIST Definition: “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” ● A loaded definition! Let’s break it down Cloud Characteristics ● On-demand self service ○ ○ ○ Directly provision and manage resources yourself No intervention from specialist personnel Independently manage resources as needed ● Broad network access ○ ○ Resources accessible through standard protocols e.g. HTTPS Promotes compatibility across wide range of devices ● Resource pooling ○ ○ ○ Physical hardware divided amongst multiple customers Promotes location independence Customer can still specify location of resources if needed Cloud Characteristics (contd.) ● Rapid elasticity ○ ○ Scale resources inward or outward based on demand Tools to do this automatically ● Measured service ○ ○ ○ Full transparency on usage for both provider and customer Aids in correct billing and resource allocation Based on storage, processing, bandwidth, active users ● Rich Monitoring ○ ○ Comprehensive analytics and logs Allows for more informed customer decisions, in every aspect of their application or architecture Types of Cloud Computing (“ x as a Service”) ● Software as a Service (SaaS) ○ ○ ○ Product ran by service provider Users access the app through a web app or GUI Cannot configure underlying cloud infrastructure, only account specific settings ● Platform as a Service (PaaS) ○ ○ ○ Deploy your code or app, platform does the rest Minimal configuration required, provider provisions required cloud infrastructure for you Customer can still configure deployed application and hosting environment ● Infrastructure as a Service (IaaS) ○ ○ ○ Full control over what cloud resources you provision Processing, Storage, OS, Networking No access to underlying physical infrastructure, this is managed by AWS Deployment Models ● Private Cloud ○ ○ ○ Provisioned exclusively for one organization Managed by organization, third party or combination of both Can exist on or off premises ● Community Cloud ○ ○ ○ Provisioned by consumers in multiple organizations with similar requirements Managed by organization, third party or combination of both Can exist on or off premises ● Public Cloud ○ ○ ○ Provisioned for open use by the general public Managed by business, academic institution, government body or combo off all three Exists on premises of cloud provider Deployment Models (contd.) ● Hybrid Cloud ○ ○ Any combination of three mentioned previously Deployments remain unique but linked to enable data and application portability AWS Cloud Overview Compute Services ● For executing and processing workloads ● Elastic Compute Cloud (EC2) ○ ○ ○ Highly configurable server which uses VM instances Backbone of many AWS services, most use EC2 as their underlying servers Applications and workloads will be hosted on these servers, up to your discretion ● Lambda ○ ○ Allows you to run code or functions without provisioning any servers or containers Charged based on runtime of uploaded function ● Elastic Beanstalk ○ ○ ○ PaaS service which deploys and scales applications based on your requirements Ran on familiar servers such as Apache, Nginx etc. Automatically handles much of the configuration unlike EC2 Compute Services (contd.) ● Elastic Container Service (ECS) ○ ○ Container management service for docker containers Launches and orchestrates cluster of EC2 instances Storage Services ● For storage of different types of data ● Simple Storage Service (S3) ○ ○ ○ ○ Object storage, with data, metadata and unique ID Scales with no file limit or storage limit Supports multiple reads and writes concurrently (no locks) Used as primary storage of application assets or bulk repository for analytics, amongst many more use cases ● Elastic Block Store (EBS) ○ ○ ○ ○ Persistent block storage for use with an EC2 instance Accessible quickly by these instances Automatically replicated in multiple data centers, promoting high availability and durability Cannot be read by multiple concurrent machines Storage Services (contd.) ● Glacier ○ ○ ○ Secure, durable and extremely low cost Used mainly for long term backup and archiving Cannot be accessed quickly, can take anywhere from minutes to several hours to retrieve data ● Elastic File System (EFS) ○ ○ ○ File storage as opposed to Block or Object, for use with EC2 instances Allows for multiple connections via network share For when you need file share where multiple users/VMs need to access same drive Network Services ● For securely connecting resources in your architecture ● Virtual Private Cloud (VPC) ○ ○ ○ ○ ○ Isolated section of AWS network where resources are launched You define your IP range, subnets, route tables and network gateways Subnets are logical partition of VPC into multiple smaller segments Subnets need to have smaller IP range than VPC Public Subnet can reach the internet, private subnet cannot ● Route 53 ○ ○ ○ Domain Name System (DNS) web service Routes user requests to specific resources on your network DNS health checks to route traffic to healthy endpoints if a resource fails Network Services (contd.) ● CloudFront ○ ○ ○ Content delivery service Content is delivered from specific edge locations depending on what region the IP is making request from All in the name of better performance ● API Gateway ○ ○ API creation which allows your resources to be accessed programmatically by EC2 instances or Lambda functions etc. A “front door” in which applications can access your backend services ● Direct Connect ○ ○ Private connection from your premises directly to AWS Can reduce network costs, increase bandwidth throughput and provide a more consistent network experience overall Database Services ● For fully managed, purpose built databases ● Relational Database Service (RDS) ○ ○ Easily create and manage relational database Aurora, PostgreSQL, mySQL, MariaDB, Oracle, Microsoft SQL Server ● DynamoDB ○ ○ Serverless, key/value NoSQL database service Easily scalable, cost effective and very quick ● ElastiCache ○ ○ ○ In-memory cache database Improves performance of applications by retrieving information from fast caches instead of slow hard-disks Not an AWS solution, actually runs Redis and Memcache Network Services (contd.) ● Redshift ○ ○ Petabyte-scale data warehouse Allows for the generation of analytics reports based on large amounts of data Security Services ● For protecting your resources from malicious actors ● Identity and Access Management (IAM) ○ ○ Allows you to control access to resources for specific users Give users permissions and add users to specific access groups ● Security groups ○ ○ Acts as firewall at the instance level Implicitly denies all traffic, only allow rules can be created ● Network ACLs ○ ○ Acts as a firewall at the subnet level Can create Allow or Deny rules Automation and Application Support ● Tools to automate application deployment ● CodeDeploy ○ ○ Automates software deployments to a variety of compute services Makes it easy to rapidly release new features and helps avoid downtime ● CloudFormation ○ ○ ○ IaC (Infrastructure as Code) service Allows the provisioning of resources automatically from templates Mitigates mistakes in when building architectures and provisioning resources ● OpsWorks ○ ○ Configuration management service that uses Chef or Puppet Automates how servers are configured and deployed through code Management Tools ● Manage AWS services and resources ● Service Catalog ○ ○ ○ Allows organisations to create and manage catalogs of external IT services approved for use on AWS VM images, server configs etc. Helps to meet governance and compliance requirements across all of your resources ● Systems Manager ○ ○ ○ View and control resources in your infrastructure through a user interface Group resources together and perform group-wide changes View operational data of these groups for monitoring and troubleshooting purposes ● Trusted Advisor ○ ○ Helps reduce costs, increase performance and improve security Ensures provisioning of resources follow AWS best practices Monitoring ● Track performance and stats of your AWS resources ● CloudWatch ○ ○ Collect and track metrics on your AWS resources Can set alarms and automatically react to changes on your resources that you specify ● CloudTrail ○ ○ ○ Web service that records API calls for your account Delivers log files based on this analysis Can include information on from an API request including identity of API caller, time of the API call etc.