AWS Cloud and Services refer to a wide range of cloud computing solutions provided by Amazon Web Services, the world’s leading cloud platform. AWS offers scalable, secure, cost-effective services that support everything from computing power and storage to networking, databases, machine learning, and security. Businesses and developers use AWS to build and run applications without managing physical hardware.
Characteristics of Cloud Computing
- Elasticity
- On-demand
- Agility
- High availability
- Backup and Data Recovery
- Scalability
- Pay-per-use model
Advantages of Cloud Computing
• Trade fixed expense for variable expense
• Economies of scale
• Stop guessing capacity (because of the on-demand usage model)
• Increase speed and agility
• No more money spent on data centres
• Go global in minutes
AWS Global Infrastructure
• Region → Physical location spread across the globe to store your data.
• Availability Zone (AZ) → AZ combines one or more data centres in a region.
• Edge Location → An edge location is where an end user accesses services located at AWS.
• Delivers content close to the user
• Caches responses, so it reduces traffic on the origin server
• CloudFront can be used
Elastic Compute Cloud (EC2)
• AMI (Amazon Machine Image) → OS image from which EC2 instance is launched.
Example: Ubuntu, Windows, etc.
• EBS (Elastic Block Store) → Storage service for EC2 instances.
EBS Snapshots
→ Create point-in-time backups of your Amazon EBS volumes using Amazon EBS Snapshots to ensure data protection and recovery.
Instance Types
→ Each instance type has CPU, memory, network, and capacity options.
VPC and Subnets
→ A Virtual Private Cloud (VPC) is a logically isolated section of a public cloud where all users can launch resources in a secure, customizable network environment.
→ A subnet, or sub-network, is a segmented piece of a larger network. Specifically, subnets consist of a logical partition of an Internet Protocol (IP) network, broken into multiple smaller network segments.
• EC2 instances must be created inside the VPC.
• Each VPC has a particular set of subnets. Each subnet has a different IP range.
Internet Gateway
→ The Internet is a Gateway component that allows communication between the resources inside the VPC and the Internet.
• It allows both inbound and outbound communication.
Types of Subnets
🔹 Public Subnet
→ Has an Internet Gateway attached to it.
1. Users can directly connect to resources in the public subnet from the Internet.
🔹 Private Subnet
→ No Internet Gateway is attached to the subnet.
1. No new connections from the Internet can reach the EC2 instances within the private subnet.
NAT Gateway
→ NAT (Network Address Translation) Gateway allows instances in the private subnet to initiate a new connection to the Internet.
• But no new internet connections will be allowed from the Internet to those instances.
VPC Peering
• By default, two VPCs cannot communicate with each other.
• VPC peering establishes a networking link between two VPCs, allowing instances in each VPC to communicate as if they were within the same network.
Shared Responsibility Model
• AWS responsibility → “Security of the Cloud”
• Customer responsibility → “Security in the Cloud”
Customer Responsibilities:
1. Customer data
2. Platform, Applications, Identity & Access Management
3. Operating System, Network & Firewall Configuration
4. Client-side data, Server-side encryption, Network traffic protection
AWS Responsibilities
• Software: Compute, Storage, Database, Networking
• Hardware / AWS Global Infrastructure:
Regions, Availability Zones, Edge Locations
• 13) Pricing Models of EC2
• On-Demand
• → Pay for how much you use
• Spot Instances
• → Bid & spare Amazon EC2 computing capacity for up to 90% off the on-demand cost
→ Best for stateless, interruptible workloads
• • Reserved Instances
→ Save up to 72% on Amazon EC2 usage by committing to use a set level of compute power in $/hour for 1 or 3 years.
• • Savings Plan
→ Same as Reserved, but in a specific AWS region and instance family.
• • Dedicated Hosts
→ A physical EC2 server focused on your use.
Types of Firewalls
• Security Group
→ Gets attached at an instance level.
• Network ACL (NACL)
→ Gets attached at a subnet level.
Web Application Firewall (WAF)
→ Protects web applications against user-based attacks.
→ Attacks like:
• SQL Injection
• Cross-Site Scripting (XSS)
→ Integrates with:
• CloudFront
• API Gateway
• ALB (Application Load Balancer)
• AppSync
Identity and Access Management (IAM)
Identity and Access Management
• → Identity and Access Management (IAM) is a framework of policies and technologies that ensures the right authorized individuals in an organization have proper access to technology resources
IAM Concepts
• IAM User
→ Represents a human user or a service account that uses the IAM user to interact with AWS.
• IAM Policy
→ IAM policies define permissions for an action to be allowed or denied in AWS.
• IAM Group
→ A collection of IAM users. IAM policies can be defined at the group level.
• IAM Role
→ Object associated with AWS services.
➤ It lets users in one AWS account safely use resources in another.
Amazon Machine Image (AMI)
• An AMI is a ready-made image to start virtual servers on Amazon EC2.
• It is the fundamental element used to deploy services on EC2.
• An AMI includes the necessary information to launch an instance, such as:
• Operating system
• Application server
• Applications
Developer Tools
1. CodeCommit:
• Git repository for storing central code.
• Version Control
2. CodeBuild:
• Build and test code.
3. CodeDeploy:
• To deploy applications.
4. CodePipeline:
• Connects CodeCommit, CodeBuild, and CodeDeploy.
5. CodeStar:
• Set up a continuous delivery pipeline efficiently.
6. CodeGuru:
• Improving code quality.
7. X-Ray:
• Capabilities to view end-to-end performance metrics and troubleshoot distributed applications.
8. Cloud9:
• IDE that helps you write, run, and debug your code with just a browser.
9. ECR:
• Store and manage Docker container images.
10. Redshift:
• Data Warehouse.
11. API Gateway:
• REST APIs.
AWS Health
• AWS Health events are notifications that AWS sends on behalf of other AWS services.
• You can use these events to learn about upcoming or scheduled changes affecting your account.
Simple Queue Service (SQS)
• Fully managed message queuing service.
• Supports First-In-First-Out messaging (FIFO).
• Useful for the architecture design of loosely coupled systems.
• Loosely Coupled System, Microservice Architecture:
• Important design principles (SQS, Step Function)
• Tightly Coupled System, Monolithic Architecture:
• Bad design.
Simple Notification Service (SNS)
• SNS is a fully managed messaging service that can provide mobile notification services for delivering messages to the subscribed endpoints.
• Can send text messages (SMS), emails, etc., from distributed applications.
RDS Multi-AZ Architecture
• In this approach, Amazon creates a standby DB instance and synchronously replicates data from the primary DB instance in a different availability zone.
• Useful for building highly available architecture
Database Migration Service
• Cloud service that makes it possible to migrate the same databases, data warehouses, NoSQL databases, and other types of data stores.
