SECTION 2

The Building Blocks of

Cloud Computing
Compute – Basic architecture of a computer
Compute – Basic architecture of a computer

RAM is non-
Central Processing
persistent
Unit (CPU)
storage

Random Access
Memory (RAM) Measurements:
Processor (CPU) Memory (RAM)
Ø CPU is measured in Gigahertz
(Ghz)
Ø RAM is measured in Gigabyte (GB)
Ø HDD is measured in Gigabyte (GB)
Files/data are loaded Ø NIC is measured in Megabits per
into memory second (Mbps) or Gigabits per
second (Gbps)
Network
Switch/Router

Hard Disk Drive (HDD)

Network
Data is persistent Interface Card
Internet
(NIC)
Compute – Basic architecture of a computer

Processor (CPU) Memory (RAM)

Network
Switch/Router

Hard Disk Drive (HDD)

Network
Interface Card
Internet
(NIC)
Compute – Servers vs Desktops/Laptops

Desktop
Server
Laptop
Server Hardware Build:
Ø Hardware is more specialized
Ø Much higher prices compared
to desktops / laptops Servers can be used by
Ø Includes redundancy many users over a network
Compute – Client / Server Computing The client application
finds the server by IP
address

Port: 80 Protocol: HTTP

A port is like a door

Web Server into the server

Port: 445 Protocol: SMB

File Server

Port: 25 Protocol: SMTP

Email Server
Storage – Hard Drives

Hard Disk Drive (HDD) Solid State Drive (SSD)

Ø Also known as magnetic Ø Uses flash memory

drives Ø Newer technology
Ø Older technology Ø MUCH faster than HDD
Ø Much slower than SSD Ø More expensive than HDD
Ø Much cheaper than SSD
Storage – Hard Drives

Disk Management
The Operating System
C:Volume D: (OS) sees a volume. A
8001000
GB GB200 GB volume can be partitioned
Hard drives are and formatted
block-based
storage systems

Hard Disk Drive

(HDD)

Hard drives are block-based storage systems

Storage – Network Attached Storage

The Operating System (OS)

sees a filesystem that is
mapped to a local drive letter

The NAS “shares”

filesystems over the
network

NIC
Network Switch Network Attached
Storage Server (NAS)

NAS devices are file-based storage systems

Storage – Object Storage Systems

There is no hierarchy of
User uploads objects objects in the container
using a web browser

Objects can be files,

videos, images etc.

The HTTP protocol is

used with a REST API
(e.g. GET, PUT, POST, Object Storage
SELECT, DELETE) Container
Storage – Block vs File vs Object

The OS sees volumes

that can be partitioned A filesystem can be Massively scalable,
and formatted shared by many users low cost

Block Storage File Storage Object Storage

Disk Management There is no
hierarchy of
C:Volume D:
objects in the
8001000
GB GB200 GB container

Object Storage
Container
Uses a REST
API
A filesystem is
“mounted” to the OS
The OS reads/writes at using a network share
the block level. Disks
can be internal, or
network attached
IP Addressing Primer

User enters website

address in browser

Name Type Value

mycompany.local A 192.168.0.1

emailserver.local A 192.168.0.2

DNS Server

Domain name is resolved

to the IP address of the
webserver

Computer connects to Web Server

192.168.0.1
IP Addressing Primer

Each part of the

address is a
binary octet

An IPv4 address has a

network and host ID 11111111 00000000
Host ID

192 168 0 1 255 255

. . . . . 255 . 0

Network ID

The subnet mask is

used to define the
network and host ID
IP Addressing Primer

11000000 10101000 11111111 00000000

192 168 0 1 255 255

. . . . . 255 . 0

00000001

Most significant bit 1 1 1 1 1 1 1 1 Least significant bit

128 64 32 16 8 4 2 1

Binary Values
IP Addressing Primer

A network and subnet mask can

Network
also be written in this format

192 168 0 0
. . .
= 192.168.0.0/24
255 255
. . 255 . 0

Subnet Mask
IP Addressing Primer – How many host addresses?

First address = 10.0.0.1

Last address = 10.255.255.255
8 bits 8 bits 8 bits 8 bits Total addresses = 16777214

Class A 10 0 0 0
. . . First address = 172.16.0.0
Class B 172 16 0 0 Last address = 172.16.255.255
. . . Total addresses = 65534
Class C 192 168 0 0
. . .
First address = 192.168.0.1
Last address = 192.168.0.255
Total addresses = 255
Networking – Routers and Switches Destination Interface

192.168.0.0/24 eth0
IP Subnet A: 192.168.0.0/24 IP Subnet B: 10.0.0.0/24
10.0.0.0/24 eth1

192.168.0.1 Route Table 10.0.0.1

192.168.0.6 192.168.0.2 eth0 eth1 10.0.0.6 10.0.0.2

Switch Switch
Router

192.168.0.5
10.0.0.5 10.0.0.3
192.168.0.3

192.168.0.4 10.0.0.4
 POLICY PROTOCOL PORT DESTINATION SOURCE
Networking - Firewalls
ALLOW HTTP 80 INTERNAL ANY
ALLOW HTTPS 443 INTERNAL ANY
DENY ANY ANY INTERNAL ANY

Firewall Rules

IP Subnet A IP Subnet B

Database Server Application Server Web Server

Firewall Firewall Firewall

The Internet

Database Server Application Server Web Server

Databases Structured Query Language (SQL) query:

SELECT FirstName
FROM employees
WHERE Location = Sydney
Application servers are Database servers are
specialized computers specialized computers
running software running a database engine

Popular database engines:

Application Servers Database Server Ø Microsoft SQL Server
Ø MySQL
Ø Oracle
Ø PostgreSQL
Ø DB2
Ø SAP HANA
Server without Virtualization

Limitations:
Ø OS is tied to hardware (no portability)
Ø Hardware resources may be underutilized
Application Website

Operating System Windows OS

Hardware

Server
Server with Virtualization

Website

Windows OS
Many VMs can run on the
same physical hardware

This is known as a
Website
virtual server or
”virtual machine”
Windows OS
Virtual hardware is
presented to the OS

Hypervisor
The hypervisor creates a
layer of abstraction

Server
Server with Virtualization

Website Website Website

Windows OS Windows OS Windows OS

Website Website Website

Windows OS Windows OS Windows OS

Hypervisor

Server
Server Virtualization: Portability

Website

Windows OS

Hypervisor Hypervisor

Server Server
Server Virtualization: Portability

Website

Windows OS

Hypervisor Hypervisor

Server Server
Docker Containers

Every VM needs an operating system

which uses significant resources

Website

Windows OS

Docker Engine

Hypervisor Windows OS

Server Server
Docker Containers
Containers are very
resource efficient
Containers start up very
quickly

Each container is isolated

A container includes all from other containers
the code, settings, and
dependencies for
running the application Docker Engine

Windows OS

Server
Application Programming Interfaces (APIs) – Building a house analogy

Builder provides set

of standard options

Client Builder
Application Programming Interfaces (APIs) – Building a house analogy

Electrician

Client Builder Carpenter

The builder gives

instructions to the
workers in a language Construction
they understand
Application Programming Interfaces (APIs)

The API provides the

instructions developers
use in their code

Web Site
HTTP Protocol
API
Client RESTful API Application
Instructions are sent to
API using the HTTP
protocol
Database
 SECTION 3
Cloud Computing
Overview
Legacy IT / Traditional IT This model is very
capital intensive

Corporate
data center

The IT equipment
is owned by the
company

Servers Storage Servers

A company typically
leases space in a data
center, or may own the
whole building
Router Switch Firewall
Backup System
Legacy IT / Traditional IT

Corporate
data center

Corporate Office

Servers Storage Servers

IT staff must design,

Router Switch Firewall
Backup System build, operate, and
manage equipment
Legacy IT / Traditional IT

Corporate
data center
Costs:
Ø Data center building
Ø Data center security
Ø Physical IT hardware
Ø Software licensing costs
Servers Storage Servers Ø Maintenance contracts
Ø Power
Ø Internet connectivity
Ø Staff wages (design, build,
operations, maintenance)

Router Switch Firewall

Backup System
What is Cloud Computing? Well-known examples
Non-Cloud Services: Cloud Services:

You don’t own or manage

the infrastructure on which
Email Server Gmail the service runs

Cloud services are offered

on a subscription /
consumption model
File Server Dropbox

The service scales as

demand changes

Customer Relationship Salesforce

Management (CRM)
What is Cloud Computing? The Key Characteristics

Name Description
On-demand, self-service A user can consume cloud resources, as needed, automatically,
and without human interaction
Broad network access Capabilities are available over the network using standard
mechanisms. Can be the Internet or a Wide Area Network
(WAN)
Resource pooling The providers resources are pooled and serve multiple
consumers using a multi-tenant model
Rapid elasticity Capabilities can scale “elastically” based on demand

Measured service Resource usage is monitored and metered

Deploying an eCommerce Website on-premises (aka the old way)

Assumes you don’t have a private

cloud, or don’t have enough capacity
Activity: Timeline:

1) Purchase hardware 4-12 weeks

2) Install and build 4-8 weeks

3) Acceptance testing 2-4 weeks

1) Handover to operations 1-2 weeks

3-6 months
Deploying an eCommerce Website in the Cloud

Customers connect
over the Internet to
place orders

AWS Cloud
Customers

Corporate Office

Website Database
Admin
The Internet

The admin deploys an eCommerce website / database

to AWS using the AWS Management Console
Launching Cloud Services: Management Console
A web-based console accessed
through a standard web browser
Management Console
Launching Cloud Services: Command Line

Command Line This command launches a virtual server

(instances) on Amazon Web Services

aws ec2 run-instances --image-id ami-xxxxxxxx --count 1 --instance-type

t2.micro

aws s3 ls s3://mys3databucket

This command lists the contents

of a storage container (bucket) on
Amazon S3
Launching Cloud Services: Software Development Kit

A developer writes code in an integrated

Code (SDK) development environment (IDE)

The code leverages

the SDK to work
with cloud services
Cloud Service Models: Private Cloud

Java WebApp

Data A private cloud must also

include self-service,
Java Runtime multi-tenancy, metering,
Managed and elasticity
Linux OS
by you

Hypervisor

Server
Cloud Service Models: Infrastructure as a Service (IaaS)

Examples:
Java WebApp Ø Amazon Elastic Compute Cloud (EC2)
Ø Azure Virtual Machines
Data Ø Google Compute Engine
Managed
by you
Java Runtime

Linux OS
Cloud Service Models: Platform as a Service (PaaS)

Examples:
Java WebApp Ø AWS Elastic Beanstalk
Managed Ø Azure WebApps
by you Ø Compute App Engine
Data
Cloud Service Models: Software as a Service (SaaS)

Managed Examples:
Java WebApp Ø Google Apps
by you
Ø Salesforce.com
Ø Zoom

Pure consumption
model
Cloud Service Models: Comparison
Private Cloud IaaS PaaS SaaS

Java WebApp
Java WebApp Java WebApp Java WebApp

Data Data Data

You simply consume the
Java Runtime Java Runtime service - little
responsibility + little
Linux OS Linux OS You simply upload your control
code/data to create your
application
Hypervisor
You manage from the
virtual server upwards

You manage everything -

greater responsibility +
greater control
Cloud Computing Deployment Models

Name Description Examples

Private Cloud An enterprise deploys their own infrastructure VMware, Microsoft,
and applications into their own data center RedHat, OpenStack

Public Cloud The IT services that you consume are hosted and AWS, Microsoft Azure,
delivered from a third-party and accessed over the Google Cloud Platform
Internet
Hybrid Cloud A combination of on-premises, private cloud, and
public cloud services are consumed
Multicloud Usage of two or more public clouds at a time, and
possibly multiple private clouds
Deployment Models – Private Cloud

Data center

Self Service Portal Automation and Billing and Multi-tenancy

Cloud management
/ Service Catalog Configuration Reporting controller software layer
Management

Benefits
Ø Complete control of the
entire stack
Ø Security – in a few
cases, organizations
may need to keep all or
some of their
Network & Firewall Virtualization Cluster Storage & Backup applications and data in
house

You build and manage the

cloud deployment
Deployment Models – Public Cloud

Benefits:
Ø Variable expense, instead of capital expense
Public Cloud
Ø Economies of scale
Ø Massive elasticity AWS Cloud

Corporate Office
Compute
Storage

Network Database
The Internet

Connected using either the

Internet or a private link
Deployment Models – Hybrid Cloud

Benefits:
Ø Allows companies to keep the critical applications and sensitive data in a traditional
data center environment or private cloud
Ø Take advantage of public cloud resources like SaaS, for the latest applications, and
IaaS, for elastic virtual resources
Ø Facilitates portability of data, apps and services and more choices for deployment
models
Public Cloud

AWS Cloud
Private Cloud

Data center

Organization The Internet

Connected using either the

Internet or a private link
 SECTION 4
Demystifying Cloud
Architecture
Stateful vs Stateless Applications

Stateless: Stateful:
Netflix records
No “state” is what has been
recorded about watched
the user's session

Person check a
news website Person logs into
Netflix
Stateful vs Stateless Applications

No data is stored
on the web server,
it is stateless
eCommerce Application

Database Server Application Server Web Server User

When the user purchases, the The cart items are

application layer processes the stored in cookies
order and records the data in the on the computer
database. This is stateful
Stateful vs Stateless Applications

No data is stored
on the web server,
it is stateless
eCommerce Application

Database Server Application Server Web Server User

When the user purchases, the The cart items are

application layer processes the stored in cookies
order and records the data in the on the computer
database. This is stateful
Scalability and Elasticity: Scaling Up

Application

Windows OS

Server
Scalability and Elasticity: Scaling Up

Application

Windows OS
Scaling up means
adding resources to
the server

Server
Scalability and Elasticity: Scaling Up

Application

Windows OS

Scaling up means
adding resources to
the server

Server
Scalability and Elasticity: Scaling Out

Application

Windows OS

Server
Scalability and Elasticity: Scaling Out

Application

Windows OS

Server
Scalability and Elasticity: Scaling Out

Application Application
Scaling out means
adding additional
servers Windows OS Windows OS

Application Application

Windows OS Windows OS

Server Server
Load Balancing

Each user connects

Cloud
to example.com

Web Server 1
User 1

Web Server 2 Load Balancer

User 2
The load balancer
re-routes the
connection
Web Server 3
User 3
Fault Tolerance

Processor (CPU) Memory (RAM)

Redundant components
allow the system to
continue to operate

Hard Disk Drive Hard Disk Drive

Network Card

The system may fail if

there is no built-in
redundancy
High Availability and Fault Tolerance
Cloud
Think of an availability
Availability Zone zone as a separate
data center

Web Server 1

User 1

Web Server 2

Availability Zone User 2

Load Balancer

Web Server 3
User 3

Web Server 4
High Availability and Fault Tolerance
Cloud
Think of an availability
Availability Zone zone as a separate
data center

Auto Scaling Web Server 1

launches a new
web server
User 1

Web Server 5

Availability Zone User 2

Auto Scaling Load Balancer

Web Server 3
User 3

Web Server 4
High Availability and Fault Tolerance
Cloud
Think of an availability
Availability Zone zone as a separate
data center

Web Server 1

User 1

Web Server 5

User 2
Load Balancer

User 3
Tight Coupling

Web Tier App Tier

App tier cannot keep

up with demand
Loose Coupling

Web Tier App Tier

Messages wait in the

queue for processing

Message Queue

Producers send
messages to the queue
Loose Coupling

Web Tier App Tier

Messages wait in the

queue for processing

Consumers poll the

queue for messages
Message Queue
Monolithic Application

Storefront User Mobile

Interface Interface

Order Account
Service Management

Payment Shipping
Service Service

Database
Monolithic Application

Storefront User Mobile

Updates to, or Interface Interface
failures of, any single
component can take
down the whole
application Order Account
Service Management

Payment Shipping The user interface,

Service Service business logic, and
data access layer are
combined on a single
platform
Database
Monolithic Application

Monolithic Application

Linux OS

User 1

Monolithic Application

Linux OS
Load Balancer User 2

Monolithic Application User 3

Linux OS
Monolithic Application

Storefront User Mobile

Interface Interface

Order Account
Service Management

Payment Shipping
Service Service

Database
 A microservice is an
Microservices Architecture independently
deployable unit of code

Storefront User Mobile

Interface Interface
Microservices are often Microservice Microservice
loosely coupled Microservices are
organized around
business capabilities

Order Account Payment Shipping

Microservice Microservice Microservice Microservice

Order Customer Billing Shipping

Database Database Database Database
Microservices using Docker Containers
Storefront User
Interface
Microservice

Shipping
Microservice
Order
Microservice

Docker Engine

Linux OS

Server
Microservices using Docker Containers

Microservices can also be Many instances of each microservice

spread across hosts can run on each host

Docker Engine Docker Engine Docker Engine

Linux OS Linux OS Linux OS

Server Server Server

Microservices: Attributes and Benefits

Microservices Attribute Microservices Benefit

Use of Application Programming Interfaces (APIs) Easier integrations between application components;
assists with loose coupling

Independently deployable blocks of code Can be scaled and maintained independently

Business-oriented architecture Development organized around business capabilities;

teams may be cross-functional and services may be reused

Flexible use of technologies Each microservice can be written using different

technologies (e.g. programming languages)

Speed and agility Fast to deploy and update. Easy to include high availability
and fault tolerance for each microservice
Event-driven Architecture

eCommerce Application

Database Server Application Server Web Server User

User places an
order
Event-driven Architecture

eCommerce Application

Database Server Application Server Web Server User

User places an
order
Event-driven Architecture

eCommerce Application

Database Server Application Server Web Server User

Event-driven Architecture
A record of the
order is written to
the database

eCommerce Application

Database Server Application Server Web Server User

The event publisher notifies

an event processor

The processed data is

written to a separate
database
Event Processor Database Server
The event processor
processes the record
from the database
 SECTION 5
Getting Started with
AWS
Amazon Web Services History

Internally
launched in
2002
Vision set out for AWS
publicly with potential
for public offerings 2003
Amazon SQS
public launch
2004

Re-launch with
S3, SQS, EC2
2006

All amazon.com
retail sites migrated
to AWS 2010

Sales of $1.57
billion 2015

Revenue of $25
billion 2018
Amazon Web Services (AWS)

This is actually a
snapshot of AWS
services from a few
years ago..

There are now well

over 200 services!
Gartner Magic Quadrant 2019

Ø According to Gartner in 2018 AWS was the leader in

IaaS with over 48% share
Ø AWS has been the leader for 10 years in a row!
Ø $40 billion in revenue in 2019
The AWS Global Infrastructure
Region – eu-west-1

Region – us-east-1
Every region is connected
via a high bandwidth, fully Availability Availability Availability
redundant network Zone Zone Zone

Availability Availability Availability

Zone Zone Zone

There are 24 regions

around the world
An Availability Zone
is composed of one
or more data centers Region – ap-southeast-2

Availability Availability Availability

Zone Zone Zone Each region is
Each region consists completely
of two or more independent
Availability Zones
Fundamentals of AWS Pricing

Compute Storage Outbound Data Transfer

Quantity of data
that is
transferred out
from all services

Quantity of data
Amount of resources stored
such as CPU and
RAM and duration
AWS Identity and Access Management Service (IAM)

AWS Identity and Access Management (IAM)

Policies are documents

that define permissions An IAM user is an
and can be applied to entity that represents
IAM Policy IAM User a person or service
users, groups and roles

Groups are collections of

users and have policies
attached to them
IAM Policy
IAM Group
Roles are “assumed” by
trusted entities and can
be used for delegation

IAM Policy IAM Role

Authentication Methods

Consists of an Access key

ID and secret access key

Used for programmatic

access to the API
Access Key
API

EJPx!*21p9%

Password AWS Management Console

IAM User

Used for authenticating to

the AWS Management
console
 A VPC is a logically
Amazon Virtual Private Cloud (VPC) isolated portion of the
AWS cloud within a
region

Region

VPC
Main Route Table
Subnets are
created within
Availability Zone Destination Target
AZs Public subnet
172.31.0.0/16 Local
0.0.0.0/0 igw-id
EC2 Instance

Availability Zone The route table is used

Router Internet to configure the VPC
Private subnet gateway
router
You can launch virtual servers
EC2 Instance
into your VPC subnets

An Internet Gateway is
used to connect to the
Internet
Multiple VPCs

Each VPC has a different

CIDR stands for Classless
block of IP addresses
Interdomain Routing
Region

VPC VPC
CIDR 172.31.0.0/16 CIDR 10.0.0.0/16

Availability Zone Availability Zone Availability Zone Availability Zone

Public subnet Public subnet Public subnet Public subnet

Private subnet Private subnet Private subnet Private subnet

Each subnet has a block

of IP addresses from the
CIDR block You can create multiple
VPCs within each region
AWS Public and Private Services

AWS Cloud
VPC

Availability Zone

Public subnet
Private services can
Amazon DynamoDB Amazon S3 have public IP
addresses but exist
within the VPC

Public services have EC2 Instance Amazon RDS

public IP addresses /
endpoints Private subnet
Internet
Public Internet gateway

EC2 Instance Amazon Elastic File

System

Amazon Route 53 Amazon CloudFront

Security Groups & Network Access Control Lists (NACLs)
VPC

Availability Zone

Private subnet Public subnet

Security Security
NACLs apply at
Group B Group A
the subnet level
Security Groups
apply at the
Instance level
Network ACL Network ACL

Availability Zone
Router
Private subnet Public subnet
Security Security
Group B Group A
Security Security
Group A Groups can be
applied to Network ACL
Network ACL
instances in
any subnet
Stateful vs Stateless Firewalls

PROTOCOL SOURCE IP DESTINATION IP SOURCE PORT DESTINATION PORT

HTTP 10.1.1.1 10.2.1.10 65188 80
HTTP 10.2.1.10 10.1.1.1 80 65188

Src Port: 80 Dest Port: 65188

Dest Port: 80 Src Port: 65188

Web Server Firewall Client
(10.2.1.10) (10.1.1.1)
A stateful firewall A stateless firewall
allows the return checks for an allow
traffic automatically rule for both
connections
Security Groups & Network Access Control Lists (NACLs)

Security Group Network ACL

Operates at the instance (interface) level Operates at the subnet level
Supports allow rules only Supports allow and deny rules
Stateful Stateless
Evaluates all rules Processes rules in order
Applies to an instance only if associated Automatically applies to all instances in
with a group the subnets its associated with
 SECTION 6
Amazon Elastic
Compute Cloud (EC2)
Amazon Elastic Compute Cloud

EC2 instances
run Windows or
Linux OS
An EC2 instance
is a virtual server

EC2 Instance EC2 Instance EC2 Instance Website

EC2 hosts are Windows OS

managed by AWS
EC2 Instance EC2 Instance EC2 Instance

EC2 Instance EC2 Instance EC2 Instance

EC2 Host Server

Public, Private, and Elastic IP addresses

Type Description
Public IP address Lost when the instance is stopped

Used in Public Subnets

No charge

Associated with a private IP address on the instance

Cannot be moved between instances

Private IP address Retained when the instance is stopped

Used in Public and Private Subnets

Elastic IP address Static Public IP address

You are charged if not used

Associated with a private IP address on the instance

Can be moved between instances and Elastic Network Adapters

Public Subnets

Region

VPC Public Subnet Route Table

Availability Zone Destination Target

Public subnet 172.31.0.0/16 Local
Public-IP or
Elastic IP 0.0.0.0/0 igw-id

EC2 Instance

Private subnet Internet

gateway
Private Subnets
NAT = Network Address Translation

Region

NAT Gateway forwards

VPC connections to the Internet Public Subnet Route Table

Availability Zone Destination Target

Public subnet 172.31.0.0/16 Local
NAT gateway Elastic-IP
0.0.0.0/0 igw-id
Private-IP

Private subnet Internet

Private-IP
gateway Private Subnet Route Table

Destination Target
EC2 Instance
172.31.0.0/16 Local

0.0.0.0/0 nat-gateway-id
Launching an Amazon EC2 instance

Amazon Machine Instance Type

Image (AMI)
Family Type vCPUs Memory (GiB)
General purpose t2.micro 1 1
Compute optimized c5n.large 2 5.25

EBS Snapshot
Memory optimized r5ad.large 2 16
Storage optimized d2.xlarge 4 30.5
GPU instances g2.2xlarge 8 15

Linux Microsoft
Windows
Using Key Pairs with Amazon EC2

AWS Cloud

The key pair is VPC

associated with an
IAM account Availability Zone

Public subnet
AWS CLI configured
with key pair

S3 Bucket IAM User EC2 Instance

Private subnet

The key pair will use

any permissions Policy
assigned to the IAM
user
Using Roles with Amazon EC2

AWS Cloud
VPC

The role is assumed Availability Zone

by the EC2 instance
Public subnet
No credentials are
stored on the instance

IAM Role
S3 Bucket EC2 Instance

Private subnet

Policy
Amazon EC2 Auto Scaling

Auto Scaling
launches extra
instance

Availability Zone Availability Zone

Public subnet Public subnet

EC2 Status
EC2 Instances Auto Scaling group EC2 Instances
Checks fail

CloudWatch
notifies Auto
Scaling to scale
ASG replaces
failed instance

Metric reports Metrics Metrics

CPU > 80% Amazon CloudWatch
Amazon Elastic Load Balancing

Availability Zone
Public subnet

EC2 Auto Scaling

terminates instance 1 ELB takes instance 1
Instance 1
out of service (failed
health check) User 1

Instance 2
Auto Scaling
Availability Zone User 2
Public subnet
Elastic Load
Balancer

Instance 3 User 3
User 1 is
connected to
instance 4
Instance 4
Amazon Elastic Load Balancing

Availability Zone
Public subnet

EC2 Auto Scaling

Launches instance 5
Instance 5 User 1

Instance 2
Auto Scaling User 2
Availability Zone
Public subnet
Elastic Load
Balancer
User 3
Instance 3

Instance 4 User 4

This architecture includes high availability and fault tolerance

SECTION 7
AWS Storage
Block, File, and Object Storage

Amazon Elastic Block Amazon Elastic File

Store (EBS) System Corporate data center Amazon S3
http://s3.aws-region.amazonaws.com/bucket/object
Availability Zone

HDD/SSD
File system On-premises client
Volume
REST API: GET, PUT,
Uses the NFS POST, SELECT, DELETE
Protocol
Linux only

/dev/xvdf Object
Availability Zone Availability Zone
or C:
/efs-mnt /efs-mnt

EC2 Instance EC2 Instance EC2 Instance Internet Client

Amazon Elastic Block Store (EBS)

Availability Zone

EBS volumes The volume is automatically

exist within an replicated within the AZ
Availability Zone
EBS Volume EBS Volume

The volume is
mounted over a
network

C: D:

EC2 Instance
Amazon Elastic Block Store (EBS)

Solid State Drives (SSD) Hard Disk Drives (HDD)

Volume Type EBS Provisioned EBS General Purpose Throughput Optimized HDD Cold HDD (sc1)
IOPS SSD (io1) SSD (gp2) (st1)
Short Description Highest General Purpose SSD Low cost HDD volume Lowest cost HDD
performance volume
Use Cases I/O-Intensive Boot volumes, low- Big data, data warehouses, Colder data requiring
NoSQL and latency interactive apps, log processing fewer scans per day
relational dev & test
databases
Volume Size 4GB – 16TB 1 GB – 16 TB 500 GB – 16 TB 500 GB – 16 TB

Max IOPS/Volume 64,000 16,000 500 250

Max 1,000 MB/s 250 MB/s 500 MB/s 250 MB/s

Throughput/Volume
Amazon Elastic Block Store (EBS) vs Instance Store

EBS volumes are

Availability Zone
attached over the
network

EBS Volume EBS volumes

offer persistent
storage
Instance Store volumes EBS Volume
are ephemeral (non-
persistent
Instance Store volumes are
physically attached to the host
and offer high -performance
EC2 Host Server
Amazon EBS Snapshots
Region

Availability Zone A

EBS Volume Snapshots are

EC2 Instance
Amazon S3 incremental and are
A snapshot is a point- stored on S3
in-time backup of your
volume
Availability Zone B
Snap A Snap B Snap C

EBS Volume You only need the

EC2 Instance most recent snapshot
to restore
You can restore to a
volume in another AZ
Amazon Elastic File System (EFS)

Amazon Elastic File

System Corporate data center

File system On-premises client

Uses the NFS

Protocol
Linux only

Availability Zone Availability Zone

/efs-mnt /efs-mnt

EC2 Instance EC2 Instance

Amazon Simple Storage Service (S3)
EC2 instances
connect using
private addresses
A bucket is a container
for objects
Bucket Private Connection
http://bucket.s3.aws-region.amazonaws.com Amazon S3
http://s3.aws-region.amazonaws.com/bucket
VPC
S3 Gateway Endpoint
Public subnet

Object
Internet EC2 Instance
An objects consists of: gateway
Ø Key (name of objects) Public Internet
Ø Version ID EC2 instances Private subnet

Ø Value (actual data) connect using

Ø Metadata public addresses
Ø Subresources EC2 Instance
Ø Access control information

Internet Client
 SECTION 8
AWS Databases
Amazon Relational Database Service (RDS)

RDS runs on EC2

instances, so you choose
an instance type

RDS is a managed,
relational database
Amazon RDS
EC2

RDS supports the following

database engines:
Ø Amazon Aurora
Ø MySQL
Ø MariaDB
Ø Oracle
Ø Microsoft SQL Server
Ø PostgreSQL
Amazon RDS – Scaling up (vertically)

db.m4.2xlarge 4
M4 Instance vCPUs, 32 GiB
RAM

M4 instance
db.m4.large 2
vCPUs, 8 GiB
RAM
Amazon RDS – Disaster Recovery (DR) and Scaling Out (horizontally)

Region

VPC
Application servers can
Availability Zone
read from the read replica
and write to the master
Multi-AZ creates a
Writes
passive standby.
Primarily used for RDS Standby Writes EC2 App Server EC2 App Server
disaster recovery
Synchronous
replication
Availability Zone Reads only

Asynchronous
replication
Read Replicas are used
RDS Master RDS Read Replica for scaling database
queries (reads)
Amazon DynamoDB

Fully managed
service. You create Offers seamless,
tables on an existing horizontal, scaling
database

DynamoDB Table
Data is replicated
across multiple AZs
within a region
DynamoDB is a NoSQL,
key-value type of database
Amazon DynamoDB
Ø DynamoDB is made up of:
Ø Tables
Ø Items
userid orderid book price date
Ø Attributes
user001 1000092 ISBN100.. 9.99 2020.04..

user002 1000102 ISBN100.. 24.99 2020.03..

user003 1000168 ISBN2X0.. 12.50 2020.04..

 SECTION 9
Automating Your
Deployments
AWS CloudFormation
CloudFormation
deploys infrastructure
using code

You define the AWS

services to create in a
template
AWS CloudFormation

CloudFormation creates
and configures resources
according the the template
AWS Elastic Beanstalk

Region
VPC
Elastic Beanstalk environment

AWS Elastic Beanstalk Developer

Client
Availability Zone
Public subnet
Everything within
the EB environment Upload source
is launched and code in ZIP file
managed by EB
Instance
Auto Scaling
group
Availability Zone
Application
Public subnet Load
Balancer
Instance
 SECTION 10
DevOps on AWS –
Creating a Code Pipeline
Continuous Integration

Build servers build

and test code

Code repository
could be GitHub,
CodeCommit etc.

AWS CodeCommit AWS CodeBuild

Results returned to
Developer Developer
pushes code
Continuous Integration & Continuous Delivery
AWS CodePipeline

Build servers build Code released for

and test code deployment Code pushed to
application

AWS CodeCommit AWS CodeBuild AWS CodeDeploy

Results returned to
Developer Developer
pushes code

Application Application
AWS CodePipeline with Elastic Beanstalk

AWS CodePipeline

AWS CodeCommit AWS Elastic Beanstalk

Elastic Beanstalk environment

Node.js App
Developer
AWS CodeStar IDE connects to
CodeStar

AWS CodeStar Developers

AWS CloudFormation AWS CodeCommit AWS CodeBuild AWS CodeDeploy

Bucket Lambda function API Endpoint

 SECTION 11
Content Delivery and
DNS Services
Amazon Route 53

Amazon Route 53

Health Checks Traffic Flow

Domain Registration Hosted zone

.net example.com
.com dctlabs.com
.org
EC2 Instances
DNS Resolution

User enters website

address in browser

Name Type Value

mycompany.local A 192.168.0.1

emailserver.local A 192.168.0.2

DNS Server

Domain name is resolved

to the IP address of the
webserver

Computer connects to Web Server

192.168.0.1
DNS Resolution with AWS Route 53

Amazon Route 53
A hosted zone represents a
set of records belonging to a
domain
What’s the address for
example.com? example.com

Region

VPC
Address is 8.1.2.1
Availability Zone
Public subnet

HTTP GET to 8.1.2.1 Web Server:

8.1.2.1
Route 53 DNS Record Types

Routing Policy What it does

Simple Simple DNS response providing the IP address associated with a name
Failover If primary is down (based on health checks), routes to secondary destination
Geolocation Uses geographic location you’re in (e.g. Europe) to route you to the closest
region
Geoproximity Routes you to the closest region within a geographic area
Latency Directs you based on the lowest latency route to resources
Multivalue answer Returns several IP addresses and functions as a basic load balancer
Weighted Uses the relative weights assigned to resources to determine which to route to
Amazon CloudFront
CloudFront Origins
Content is pushed Region
from the origin and
cached

Users Amazon S3 Amazon EC2

Edge location Users

Edge location

Edge locations are

distributed around
the world
Edge location Users are directed
to the nearest edge
Edge location Users
location

Edge location

Edge location
Users
Users Edge location
Users
Users
SECTION 12
Containers and
Serverless
Amazon Elastic Container Service (ECS)

Availability Zone Availability Zone

ECS Cluster

An Amazon ECS ECS Service

Cluster is a logical An ECS Task is
grouping of tasks created from a
or services Task Definition

Task Definition
Task Task Task Task
{
"containerDefinitions": [
{
"name": "wordpress",
"links": [
Task Task Task Task "mysql"
],
"image": "wordpress",
"essential": true,
An ECS Task is a "portMappings": [
{
running Docker "containerPort": 80,
"hostPort": 80
container }
],
"memory": 500,
"cpu": 10
}

ECS Services are

used to maintain a
desired count of
tasks
AWS Lambda

Code is executed

Developer uploads
some code

Event occurs: Source

can be CLI, API,
SDK or a trigger

Lambda function Developer

AWS Lambda – Hello World

Region

Event is written to
CloudWatch Logs Run test event

Amazon CloudWatch AWS Lambda User

 SECTION 13
Loose Coupling
Amazon Simple Notification Service (SNS)
Subscribers
Transport
Protocols

Lambda

Decoupling

Amazon Simple Queue

Service
HTTP/HTTPS
Amazon Simple Topic
Publisher Notification Service
Web Application
Email/Email-
JSON

Email
SMS

Text
Amazon Simple Queue Service (SQS)

Auto Scaling Group Auto Scaling Group

Direct integration

Web Tier App Tier

Decoupled integration
Auto Scaling Group Auto Scaling Group

Queue
Amazon Simple Queue
Service
EC2 instance
Web Tier polls SQS App Tier
AWS Lambda to Amazon SQS Event Source Mapping

Add message to
SQS queue
Region

AWS Lambda Amazon Simple Queue User

Service
Lambda polls
Event written to the SQS queue
CloudWatch Logs

Amazon CloudWatch
Serverless application: Amazon SQS, SNS, and Lambda

Amazon CloudWatch

Event is written to
CloudWatch Logs

Amazon SNS Topic Amazon Simple Queue Lambda

Service AWS Lambda Function
polls SQS

Submit notification
to SNS Topic

User
 SECTION 14
Get Certified on AWS
Why work in cloud computing?

1) Job demand
2) Globally relevant skills
3) Rewarding career paths
4) Great salaries
Why get AWS certified?

1) Demonstrate skills to employers

2) Differentiate yourself
3) Gain knowledge
4) Develop practical skills
AWS Certification
 THE END
Hope you enjoyed the
course!