about:blank

Chapter Fundamentals of Amazon

Topics covered in this unit:

• AWS

• AWS Zones

• Authorisation Access-Control Model

• Understanding

• AWS Credentials

• AWS Services

Amazon Web Services

Amazon group of cloud-based

Amazon. services. They offer
CPU instead of a commodity.
hardware upfront based on projected usage. servers
can be spun up quickly even during peak traffic. It saves cost and lets companies
focus on their core business instead of worrying about procuring hardware resources.

1 of 26 3/9/2020, 2:43 PM
 about:blank

At present, Amazon Web Services is the undoubtedly the market leader in cloud
services. It offers a highly reliable, scalable, low-cost infrastructure platform on the
cloud powering many businesses in more than 190 countries across the world.

Key advantages of AWS are listed below:

• Low pay-as-you-go pricing

or usage cost for these
competitive other cloud service

• Instant of whether one virtual

servers, user to scale as per requirement.
immediate access to Internetscale infrastructure which allows for instant access.
The user only pays for the resources used. This makes it extremely affordable.

• Open and Flexible: AWS supports a wide variety of languages, operating

systems, allows users across
preferences seamlessly.

• Secure: following audits: PCI

FISMA SAS 70 Type II. As AWS access
to medium size company
infrastructure usually more secure than in-house infrastructure
systems.

AWS Regions and Availability Zones

A region location where Amazon

regions independent of each other
internet geographic location. Currently,
regions: Virginia), US West (Oregon),
California), Asia Pacific (Tokyo), US East (Ohio), CA Central (Canada), EU West
(London), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Mumbai), Asia Pacific

2 of 26 3/9/2020, 2:43 PM
 about:blank

(Seoul), EU Central (Frankfurt), EU Central (Paris), South America (Sao Paulo), Asia
Pacific (Sydney), China (Beijing) and AWS GovCloud.

Amazon has intentionally kept regions independent of each other, to make sure if one
region goes down, it does not have a cascading effect, which leads to failure of other
regions. An Availability Zone (AZ) is a distinct set of data centers within a region.
Each source and cooling,
insulated regions. By running services
one can single point of failure.

For example, offers two Availability

apsoutheast-1a, ap-southeast-1b. Users can choose to access each area
depending on the following criteria:

• User Proximity: Where is the target user base? You want your infrastructure as
close to your users as possible for shorter round trip, lower latency, and higher
throughput.

• Cost in all regions remain

pricing region.

• Compliance have strict laws regarding

might mandate that infrastructure be present in the country or group of countries.
It might limit the AWS Regions you can use for a given workload.

• Service Availability: Not all services are available in all regions. If you want to use
a service, make sure it’s is present in the region of your choice.

3 of 26 3/9/2020, 2:43 PM
 about:blank

AWS Region https://aws.amazon.com

Important: Communication between regions is done over the internet.

Communication between AZs is done with the help of Amazon's high-speed
network. Keep this in mind while designing your architecture.

an application, which
recommends distributing your
your application is still

Understanding AWS Console

AWS console gives convenient access to a growing suite of AWS services through a
simple interface. The console
management computing, storage,
Almost services are manageable

4 of 26 3/9/2020, 2:43 PM
 about:blank

AWS Console
http://console.aws.amazon.com.

AWS Security Credentials

There security credentials. AWS

terminology, clear which credential

• Sign-in email address/password

signing these to log in to the AWS management console and
can be considered the root credentials as they allow you to regenerate all other
types of credentials. These credentials should be kept extremely safe. There is no
need for all the developers to get access to these root credentials and it should be
shared among very few people. If required, Identity and Access Management
(IAM) service be used to generate IAM account for each

• Access three types: key pair,

access

The which are used for

instances. and third type allow connecting APIs, the
type of credential to use depends on which API and tool you are using. Some
APIs and tools support both options, whereas others support just one.

5 of 26 3/9/2020, 2:43 PM
 about:blank

Types of Access Credentials

• Key Pairs: SSH key pairs are used to login to Linux based EC2 instances. When
an instance is created, Amazon inserts public key of your SSH key pair into the
new instance to enable logging in with the private key. New SSH key pairs can be
added to the AWS management console. Key Pairs are present under
Networking Navigation pane; there
Pair name, prompt to download
key the public portion of
/home/user/. when a new instance
private downloaded again. The
generated.

• Access Key & Secret Key: Access Key and secret key are used to make requests
to AWS REST or Query APIs. These can be obtained/regenerated from the
Access Keys tab on the AWS Security Credentials page.

• X. certificates are used to make

requests These can be obtained/regenerated
X. AWS Security Credentials

Note: Do not accidently push your Access keys and Secret Access keys in
any public repository especially that of Root Account.

AWS Services

AWS some important ones

description.

Please http: aws.amazon.com for a full list

Storage
6 of 26 3/9/2020, 2:43 PM
 about:blank

Amazon Simple Storage Service(S3)

Amazon Simple Storage Service (S3) is highly available, secure, scalable, durable,
limitless cloud storage accessible through web services API. Replicates data across
multiple data centers to provide high availability and durability.

Amazon

AWS and data achieving

durable storage service. AWS
infrequently of data in glacier

AWS Snowball

AWS Snowball can be used with AWS Import/Export Service. It is a shock-proof and
waterproof physical device which can be used to transfer data to and from AWS. The
user anymore to transfer
most today’s world of transferring fast
and secure

AWS

AWS Snowball Edge is a data transfer device, which has onboard storage and
compute capacities. With Snowball Edge, one can transfer 100TB of data into and
out of AWS. It streams the data transfer process using the standard storage
interfaces connecting to the customers’ existing application and infrastructure.

AWS

AWS This helps in transferring

amount AWS data center.
data transfer; transfer up to 100PB per Snowmobile. service makes
it simple to transfer massive amounts of data, including videos, images, data library
or even the entire data center migration.

7 of 26 3/9/2020, 2:43 PM
 about:blank

AWS Storage Gateway

The AWS Storage Gateway is a service that provides secure integration of data
between an organization's on-premises storage and AWS storage. It is a virtual
machine that you deploy in your data center, which sits in between your application
and your primary storage system. It makes a copy of your data, both on your storage
system

Amazon

AWS service for AWS EC2

a simple creating and configuring file systems easily quickly.

Amazon Elastic Block Storage(EBS)

It is persistent block storage volume to use with EC2 instances. To protect from any
failure, within its Availability
and durability.

This down within minutes.

Compute

Elastic Compute Cloud (EC2)

Amazon provides virtual machines

We will in later chapters of
lab.

Amazon ECS)

AWS ECS is a container management service that supports Docker. It is highly

scalable with optimal performance.

8 of 26 3/9/2020, 2:43 PM
 about:blank

Amazon EC2 Container Registry (ECR)

This is entirely managed Docker container registry making it easy to store, retrieve,
manage and deploy Docker container images. ECR can be integrated with ECS
simplifying the workflow from developmental to production.

Amazon

Amazon way to get started with

includes project – virtual machine, data
transfer, static IP.

Elastic Beanstalk

AWS Elastic Beanstalk is an easy way to deploy quickly and manage applications in
the AWS cloud. You upload your application, and Elastic Beanstalk automatically
handles capacity provisioning,
and application

AWS

AWS Lambda allows us to run code without managing any servers. The charges are
for the compute time the code consumes.

AWS Auto Scaling

You can Amazon EC2 capacity

defined auto scaling. This eliminates manually
adding EC2 instances for a

AWS

This service enables the users to execute hundreds of thousands of batches

computing jobs in AWS easily and efficiently. There is no requirement to install and

9 of 26 3/9/2020, 2:43 PM
 about:blank

manage batch computing software or server clusters which are used by many
customers, which allows the users to focus on analyzing and solving the problems.
There is a broad range of workflow and engines used by AWS including Pegasus,
WMS, Cromwell, Luigi, etc.

Networking and Content Delivery

Amazon VPC)

Amazon Amazon VPC) gives you

networking instances. You can provision network resources
where you can control private IP addresses, Route tables, Internet access, VPN
tunnels, etc.

AWS Direct Connect

AWS users to have dedicated

their AWS. This results in reduced
increased and provided a better
internet

Route 53

Amazon Route 53 is a highly available and scalable Domain Name System (DNS)
web service.

Elastic

Elastic automatically shares incoming

multiple

CloudFront

10 of 26 3/9/2020, 2:43 PM
 about:blank

Amazon CloudFront is a web service that makes it easy to distribute content with low
latency via a global network of edge locations. CloudFront integrates with other AWS
services to give businesses and developers a simple and easy way to distribute
content to end-users.

Developer Tools

AWS

AWS manage and work

projects the user to develop and build

AWS CodeCommit

AWS CodeCommit is a source control service, which facilitates companies to host a

secure Git repository.

AWS

AWS which automates code

which includes Amazon EC2 instances and on-premises

AWS CodePipeline

AWS CodePipeline is a continuous delivery service for fast and reliable updates for
applications.

CodePipeline deploys code every time

code.

AWS CodeBuild

With CodeBuild, users do not have to facilitate, manage and scale their build servers.

11 of 26 3/9/2020, 2:43 PM
 about:blank

These services give a fully managed built service, which compiles the codes, run
tests and produces software packages, which are deployment ready. CodeBuild is
charged by the minute for the compute resources used.

AWS X-Ray

This helps the developers

of their how the application
are performing, help in identifying the
cause. analyzing, debug production
applications.

AWS Command Line Interface

This is a tool to manage all AWS services.

Database

Amazon

Amazon fully managed NoSQL database provides fast

and predictable performance with seamless scalability.

Amazon Relational Database Service (RDS)

AWS Service makes it easy scale

a relational

Amazon

Amazon web service which makes it easy operate and

scale an inmemory cache on the cloud.

12 of 26 3/9/2020, 2:43 PM
 about:blank

Amazon Redshift

AWS Redshift is fully managed, fast, petabyte-scale data warehouse which makes it
costeffective to analyze the data using business-intelligence-tools available.

Amazon Aurora

Aurora which is compatible with

and high-end with simplicity and
time MySQL. AWS gives the
either

Management Tools

AWS CloudFormation

AWS which gives developers

way to AWS resources and
and predictable

AWS CloudWatch

Amazon CloudWatch is a web service that provides monitoring for AWS cloud
resources, starting with Amazon EC2.

AWS

AWS which records AWS API

our account.

AWS Config

AWS Config is a service that provides us with a resource inventory, configuration

13 of 26 3/9/2020, 2:43 PM
 about:blank

history, and configuration notifications to enable security and governance.

AWS OpsWorks

OpsWorks is a service, which helps to deploy and operate application smoothly. You
can define the application’s architecture and specification like package installation,
configurations, resources. You can run your
as well.

AWS

AWS Service catalog provides organizations to create and manage service catalogs
of IT services, which are approved to be utilized in AWS. These include images,
servers, software, etc.

AWS Trusted Advisor

AWS cloud expert, which helps

services best practices.

AWS

The user can focus on their application with the help of AWS Managed services. It
provides infrastructure management of user’s existing infrastructure.

AWS EC2 System Manager

This clients to routinely

apply images, configure Windows/Linux
system. by EC2 system manager
and tracking compliance, etc. It
available manage both; EC2 and onpremise

AWS Personal Health Dashboard

14 of 26 3/9/2020, 2:43 PM
 about:blank

Health Dashboard gives a user a peek under the hood of AWS resources being used.
It is a guidance system when AWS is experiencing events, which may impact the
customer.

It gives a personalized view of the performance, availability and displays timely

information, which helps the user in to plan for scheduled activities.

Security, Compliance

Identity Management (IAM)

AWS Identity and Access Management (IAM) makes you able to securely control
access to AWS services and resources for your users.

AWS Directory Service

AWS connect our AWS resources

premises This helps set up
directory

Amazon

AWS Inspector in automated security assessment service, which helps in improving

the security of the applications deployed on AWS.

AWS

AWS security system that helps

applications exploits security availability.

AWS Organizations

This lets you programmatically create AWS accounts, create and administer groups

15 of 26 3/9/2020, 2:43 PM
 about:blank

of accounts and set policies on those groups. For example, the administrator can set
the policy on the group, which defines the access to the different services and
groups. These are tighter policies than IAM and Organizations give consolidated
billing options, which gives the user financial control and flexibility necessary to
manage large numbers of AWS accounts.

AWS

This Directory; AWS Directory Service

connect an existing on-premises
a new to a local directory.
client application access AWS resources and applications existing
corporate credentials.

AWS Certificate Manager (ACM)

Certificate certificates over AWS

and CloudFront.

AWS KMS)

It is a managed which makes it easy to generate manage cryptographic

keys and operates cryptographic service provider. It uses Hardware Security Model
(HSM) to protect the security of keys.

AWS Shield

It is managed service, which is safeguarding

running on-demand and automatic helps
in minimizing application and latency.
defending the most common and
attacks network layer.

There are two types of shield offered by AWS – Standard or Advance.

16 of 26 3/9/2020, 2:43 PM
 about:blank

AWS Artifact

The user can download AWS security and compliance documents such as ISO
certifications and SOC reports with the help AWS Artifact.

Amazon Macie

Amazon learning to discover and

entirely

Analytics

AWS Data Pipeline

AWS Data Pipeline is a service, which helps to reliably move data between storage
services compute as well as on-premise
intervals.

AWS

AWS ElasticSearch is a service that makes it easy and

scale ElasticSearch in AWS Cloud. ElasticSearch service is a popular search and
analytic engine for usecases such as log analytics and real-time application
monitoring.

AWS

AWS streaming data on AWS.

which analyze the streaming
custom for our needs.

AWS EMR

17 of 26 3/9/2020, 2:43 PM
 about:blank

Amazon Elastic Map Reduce is a web service that enables businesses, researchers,
data analysts and developers to process vast amounts of data easily and cost-
effectively.

AWS Glue

AWS the data between

the user the data around using
in understanding data and load it steadily
the destination. simplifying and automating
consuming conversion, mapping and job

Amazon QuickSight

This is fast business analytics service which makes it easy to build visualizations,
perform ad-hoc analysis and get business insights with the data. Provided, using
QuickSight connect to their data
analytics which can be accessed

Amazon

It is an query service for users to analyze the present using

standard SQL easily. This is a serverless service, which makes it more relaxed as
there is no infrastructure to manage, the users only pay for the query they run.

Amazon CloudSearch

Amazon fully-managed search service

customers and highly scalable
applications.

Messaging

18 of 26 3/9/2020, 2:43 PM
 about:blank

Amazon Simple Queue Service (SQS)

Amazon Simple Queue Service provides a hosted queue for storing messages while
they travel from one computer to another. It makes it easy to build automated
workflow between web services.

Amazon Service (SNS)

Amazon is one kind of web

while sending notifications from

Amazon Simple Email Service (SES)

Amazon Simple Email Service is an email-sending service on the cloud. It is highly

scalable and costeffective for sending email in bulk.

Application

Amazon Service (SWF)

Amazon Service (Amazon SWF) is a workflow building

scalable and resilient applications.

AWS Step Functions

Step allows the user to

distributed microservices using visual

Amazon

The user to access data, API Gateway publish,

maintain, monitor, and secure APIs at any scale.

19 of 26 3/9/2020, 2:43 PM
 about:blank

Amazon Elastic Transcoder

The user can convert media file stored in S3 in any format that is required for
consumer playback devices.

Desktop & App Streaming

Amazon

Amazon desktop computing

WorkSpaces to provision cloud-based desktops access to
other users to any of the documents, applications, and all the resources they need
from any supported device including Windows and Mac computers, Chrome books,
iPads, Kindle Fire tablets and Android tablets.

Amazon

It is fully service that allows the user

applications browser.

Internet of Things (IoT)

AWS IoT Platform

AWS another service by Amazon

which upload their data in real-time.
uploaded analytics service or database
DynamoDB. processed and mapped
feature the devices.

AWS Greengrass

20 of 26 3/9/2020, 2:43 PM
 about:blank

This is a software which helps developer run local compute, messaging and data
caching for all the connected devices securely.

Devices running on AWS Greengrass can run AWS Lambda functions which help in
keeping the data sync and communication with other devices are done unshakeably.
This communication can be achieved even without Internet connection. The use of
AWS ensures the faster response
diminishing data to the cloud.

AWS

This button AWS Dash Button hardware, it is programmable a simple

Wi-Fi device easy to configure. It is designed for developers to get started with IoT,
AWS Lambda, AWS DynamoDB, AWS SNS, etc. This button can be used to control
anything from ordering a pizza to calling your Mother to calling the Uber driver.

Mobile

AWS

The mobile Console to build, test and monitor

applications. It helps you to easily add and configure features for your apps like
authentication, data storage, backend logic, etc. AWS mobile hub also gives you
easy access to test real devices.

Amazon

AWS users data, like game

without managing infrastructure.
Identity Synchronization. We can
allow users

AWS Device Farm

21 of 26 3/9/2020, 2:43 PM
 about:blank

Device Farm provides hundreds of physical devices/phones for testing Android, iOS,
and fire OS mobile application. It gives detail test report, which provides high-level
results, low-level logs, and pixel-to-pixel screenshots.

Mobile Analytics

Mobile analytics like Google

obtain rate of returning users.
charts transfer the data directly
custom Amazon Redshift.

Amazon Pinpoint

This service helps you to run very calculatedly constructed campaigns for user
engagement in mobile apps by helping developers understand the user conduct. This
is helpful in defining the target users, determining the user to send messages,
scheduling optimal time to deliver.

Migration

Amazon Migration Service (DMS)

This service helps the users to migrate the database to AWS exceptionally easily.
With just a few clicks on AWS Management Console, users can migrate their
database to AWS, while keeping the original database live. AWS DMS handles all the
complexity. to switch back to an
the databases Availability Zones.

AWS

AWS Migration user migrate their applications, servers,

plan migrations, and track the status of each application migration.

22 of 26 3/9/2020, 2:43 PM
 about:blank

AWS Application Discovery Service

Application Discovery Service will identify applications running on-premise data

centers, their performance profile, and their associated dependencies after that it will
provide an application migration plan.

AWS

Using user can migrate on-premises

AWS

Server Migration Service replicates user server as AMIs (Amazon Machine AMIs). It
can be used for deployment on EC2.

Payments & Billing

Amazon Service (FPS and ASP)

Amazon allows for digital money

two entities.

It includes Humans and/or computers.

Amazon DevPay

Amazon billing and account management

developers AWS applications.

Amazon

Amazon allows various companies to access global

workers on- demand and programmatically integrate their work into different business
processes.

23 of 26 3/9/2020, 2:43 PM
 about:blank

Business and Productivity

Amazon WorkDocs

Amazon enterprise storage and sharing

managed. administrative control and
improve

Amazon

Amazon Work Mail is a managed email and calendaring service that offers strong
security controls and support for existing desktop and mobile clients.

Amazon Chime

Amazon real-time, unified communications

transforms them more efficient and

Artificial

Amazon Lex

Lex is a natural language understanding or automatic speech recognition powered by

deep learning understanding of automatic speech recognition helping convert the
speech language understanding
the speech technology, which fuels
related to you to build all
application.

Amazon Polly

This is service which uses advanced deep learning technologies to turn text into

24 of 26 3/9/2020, 2:43 PM
 about:blank

lifelike speech.

Polly allows you to submit a text stream, and then it gives back the MP3 audio stream
repeating what you submitted in the text.

This helps the creative developers to build an application which can talk at a fraction
of the with 24 different languages managed.

Amazon

It is a you built an application

fraud detection, forecasting demand, click prediction, etc. Amazon Machine learning
uses multiple algorithms to discover patterns and data, which helps in constructing
mathematical models using these patterns to make predictions from new data.

Amazon Recognition

It is an allows to pass an
and the with identifying the objects
images wheel, etc. This will
like “How in the given image?
driving put cherry on top, this service also for
sentiment in the picture and facial matching. For example, is the person smiling? Is
the person frowning? Is the person wearing a hat? Are these two faces present in the
picture are same?

Contact

Amazon

Amazon cloud-based contact center that to deploy

a contact center of any scale in just a few steps. It provides real-time reporting and
multiple rich metrics that can be used to putting customers to the right agent.

25 of 26 3/9/2020, 2:43 PM
 about:blank

Game Development

Amazon GameLift

The user session-based games

The user setup own servers.
that allows operate and scale multiplayer

global, some are region

option
Service/Feature Global Region Availability Zone

S3 bucket Yes

EC2 instance Yes Yes

EBS volume Yes

EBS snapshot Yes

RDS snapshot Yes

AMI Yes

VPC Yes

IAM Yes

CloudTrail Yes

Route53 Yes

SNS Yes

SQS Yes

Dynamodb Yes

ACM Yes

AWS Operation Level

26 of 26 3/9/2020, 2:43 PM