Uploaded by norman.shongo

Module 1 - AWS Cloud Defined

advertisement
Module 1
AWS Cloud Defined
Module Overview
● Introduction to the Cloud
○
○
○
General concepts and characteristics
“As a Service”
Deployment models
● Introduction to AWS Cloud
○
○
Service categories
Services and tools in each
Introduction to the Cloud
What is the Cloud?
● NIST Definition:
“a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing
resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction”
● A loaded definition! Let’s break it down
Cloud Characteristics
● On-demand self service
○
○
○
Directly provision and manage resources yourself
No intervention from specialist personnel
Independently manage resources as needed
● Broad network access
○
○
Resources accessible through standard protocols e.g. HTTPS
Promotes compatibility across wide range of devices
● Resource pooling
○
○
○
Physical hardware divided amongst multiple customers
Promotes location independence
Customer can still specify location of resources if needed
Cloud Characteristics (contd.)
● Rapid elasticity
○
○
Scale resources inward or outward based on demand
Tools to do this automatically
● Measured service
○
○
○
Full transparency on usage for both provider and customer
Aids in correct billing and resource allocation
Based on storage, processing, bandwidth, active users
● Rich Monitoring
○
○
Comprehensive analytics and logs
Allows for more informed customer decisions, in every aspect of their application or
architecture
Types of Cloud Computing (“ x as a Service”)
●
Software as a Service (SaaS)
○
○
○
Product ran by service provider
Users access the app through a web app or GUI
Cannot configure underlying cloud infrastructure, only
account specific settings
●
Platform as a Service (PaaS)
○
○
○
Deploy your code or app, platform does the rest
Minimal configuration required, provider provisions required
cloud infrastructure for you
Customer can still configure deployed application and
hosting environment
●
Infrastructure as a Service (IaaS)
○
○
○
Full control over what cloud resources you provision
Processing, Storage, OS, Networking
No access to underlying physical infrastructure, this
is managed by AWS
Deployment Models
● Private Cloud
○
○
○
Provisioned exclusively for one organization
Managed by organization, third party or combination of both
Can exist on or off premises
● Community Cloud
○
○
○
Provisioned by consumers in multiple organizations with similar requirements
Managed by organization, third party or combination of both
Can exist on or off premises
● Public Cloud
○
○
○
Provisioned for open use by the general public
Managed by business, academic institution, government body or combo off all three
Exists on premises of cloud provider
Deployment Models (contd.)
● Hybrid Cloud
○
○
Any combination of three mentioned previously
Deployments remain unique but linked to enable data and application portability
AWS Cloud Overview
Compute Services
● For executing and processing workloads
● Elastic Compute Cloud (EC2)
○
○
○
Highly configurable server which uses VM instances
Backbone of many AWS services, most use EC2 as their underlying servers
Applications and workloads will be hosted on these servers, up to your discretion
● Lambda
○
○
Allows you to run code or functions without provisioning any servers or containers
Charged based on runtime of uploaded function
● Elastic Beanstalk
○
○
○
PaaS service which deploys and scales applications based on your requirements
Ran on familiar servers such as Apache, Nginx etc.
Automatically handles much of the configuration unlike EC2
Compute Services (contd.)
● Elastic Container Service (ECS)
○
○
Container management service for docker containers
Launches and orchestrates cluster of EC2 instances
Storage Services
● For storage of different types of data
● Simple Storage Service (S3)
○
○
○
○
Object storage, with data, metadata and unique ID
Scales with no file limit or storage limit
Supports multiple reads and writes concurrently (no locks)
Used as primary storage of application assets or bulk repository for analytics, amongst many
more use cases
● Elastic Block Store (EBS)
○
○
○
○
Persistent block storage for use with an EC2 instance
Accessible quickly by these instances
Automatically replicated in multiple data centers, promoting high availability and durability
Cannot be read by multiple concurrent machines
Storage Services (contd.)
● Glacier
○
○
○
Secure, durable and extremely low cost
Used mainly for long term backup and archiving
Cannot be accessed quickly, can take anywhere from minutes to several hours to retrieve data
● Elastic File System (EFS)
○
○
○
File storage as opposed to Block or Object, for use with EC2 instances
Allows for multiple connections via network share
For when you need file share where multiple users/VMs need to access same drive
Network Services
● For securely connecting resources in your architecture
● Virtual Private Cloud (VPC)
○
○
○
○
○
Isolated section of AWS network where resources are launched
You define your IP range, subnets, route tables and network gateways
Subnets are logical partition of VPC into multiple smaller segments
Subnets need to have smaller IP range than VPC
Public Subnet can reach the internet, private subnet cannot
● Route 53
○
○
○
Domain Name System (DNS) web service
Routes user requests to specific resources on your network
DNS health checks to route traffic to healthy endpoints if a resource fails
Network Services (contd.)
● CloudFront
○
○
○
Content delivery service
Content is delivered from specific edge locations depending on what region the IP is making
request from
All in the name of better performance
● API Gateway
○
○
API creation which allows your resources to be accessed programmatically by EC2 instances or
Lambda functions etc.
A “front door” in which applications can access your backend services
● Direct Connect
○
○
Private connection from your premises directly to AWS
Can reduce network costs, increase bandwidth throughput and provide a more consistent
network experience overall
Database Services
● For fully managed, purpose built databases
● Relational Database Service (RDS)
○
○
Easily create and manage relational database
Aurora, PostgreSQL, mySQL, MariaDB, Oracle, Microsoft SQL Server
● DynamoDB
○
○
Serverless, key/value NoSQL database service
Easily scalable, cost effective and very quick
● ElastiCache
○
○
○
In-memory cache database
Improves performance of applications by retrieving information from fast caches instead of
slow hard-disks
Not an AWS solution, actually runs Redis and Memcache
Network Services (contd.)
● Redshift
○
○
Petabyte-scale data warehouse
Allows for the generation of analytics reports based on large amounts of data
Security Services
● For protecting your resources from malicious actors
● Identity and Access Management (IAM)
○
○
Allows you to control access to resources for specific users
Give users permissions and add users to specific access groups
● Security groups
○
○
Acts as firewall at the instance level
Implicitly denies all traffic, only allow rules can be created
● Network ACLs
○
○
Acts as a firewall at the subnet level
Can create Allow or Deny rules
Automation and Application Support
● Tools to automate application deployment
● CodeDeploy
○
○
Automates software deployments to a variety of compute services
Makes it easy to rapidly release new features and helps avoid downtime
● CloudFormation
○
○
○
IaC (Infrastructure as Code) service
Allows the provisioning of resources automatically from templates
Mitigates mistakes in when building architectures and provisioning resources
● OpsWorks
○
○
Configuration management service that uses Chef or Puppet
Automates how servers are configured and deployed through code
Management Tools
● Manage AWS services and resources
● Service Catalog
○
○
○
Allows organisations to create and manage catalogs of external IT services approved for use
on AWS
VM images, server configs etc.
Helps to meet governance and compliance requirements across all of your resources
● Systems Manager
○
○
○
View and control resources in your infrastructure through a user interface
Group resources together and perform group-wide changes
View operational data of these groups for monitoring and troubleshooting purposes
● Trusted Advisor
○
○
Helps reduce costs, increase performance and improve security
Ensures provisioning of resources follow AWS best practices
Monitoring
● Track performance and stats of your AWS resources
● CloudWatch
○
○
Collect and track metrics on your AWS resources
Can set alarms and automatically react to changes on your resources that you specify
● CloudTrail
○
○
○
Web service that records API calls for your account
Delivers log files based on this analysis
Can include information on from an API request including identity of API caller, time of the API
call etc.
Download