AWS Booklet
AWS Booklet
Gmail
➢Email cloud service.
➢Pay for only your emails
Stored.
Dropbox
➢Cloud storage service.
➢Originally built on AWS.
Netflix
➢Built on AWS.
➢Videos on Demand.
The Deployment Models of Cloud
Private Cloud :
• Cloud services used by a single organization, not exposed to
the public.
• Complete control
• Security for sensitive applications
• Meet specific business needs
Public Cloud :
• Cloud resources owned and operated by a third party cloud
service provider delivered over the Internet.
• Six Advantages of Cloud Computing
Hybrid Cloud :
• Measured service:
• Usage is measured, users pay correctly for what they have used
Six Advantages of Cloud Computing
• Infrastructure as a Service:
• Amazon EC2 (on AWS)
• GCP, Azure, Rackspace, Digital Ocean, Linode
• Platform as a Service:
• Elastic Beanstalk (on AWS)
• Heroku, Google App Engine (GCP), Windows Azure (Microsoft)
• Software as a Service:
• Many AWS services (ex: Rekognition for Machine Learning)
• Google Apps (Gmail), Dropbox, Zoom
Pricing of the Cloud – Quick Overview
• Compute:
• Pay for compute time
• Storage:
• Pay for data stored in the Cloud
• AWS Regions
• AWS Availability Zones
• AWS Data Centers
• AWS Edge Locations / Points of Presence
AWS Regions
• Each region has many availability zones (usually 3, min is 3, max is 6).
Example: • ap-southeast-2a
• ap-southeast-2b
• ap-southeast-2c
• Each availability zone (AZ) is one or more discrete data centers with
redundant power, networking, and connectivity
• They’re separate from each other, so that they’re isolated from disasters
Costumer
Responsibility IN the Cloud
AWS
Responsibility OF the Cloud
AWS Acceptable Use Policy
• No Security Violations
• No Network Abuse
• Common roles:
• EC2 Instance Roles
• Lambda Function Roles
• Roles for CloudFormation
IAM Guidelines and Best
Practices
AWS
• Infrastructure (global network security)
• Configuration and vulnerability analysis
• Compliance validation
YOU
• Users, Groups, Roles, Policies management and monitoring
• Enable MFA on all accounts
• Rotate all your keys often
• Use IAM tools to apply appropriate permissions
• Analyze access patterns & review permissions
IAM Section
• Users: mapped to a physical user, has a password for AWS Console
• Groups: contains users only
• Policies: JSON document that outlines permissions for users or groups
• Roles: for EC2 instances or AWS services
• Security: MFA + Password Policy
• AWS CLI: manage your AWS services using the command-line
• AWS SDK: manage your AWS services using a programming language
EC2
SECTION
Amazon EC2
➢General Purpose
➢Compute Optimised
➢Memory Optimised
➢Accelerated Computing
➢Storage Optimised
➢HPC Optimised
➢Instance Features
➢Measuring Instance Performance
Security Groups
• Spot instances: the hotel allows people to bid for the empty
rooms and the highest bidder keeps the rooms. You can get
kicked out at any time
AWS
• Infrastructure (global network
security)
• Isolation on physical hosts
• Replacing faulty hardware
• Compliance validation
YOU
• Security Groups rules
• Operating-system patches and updates
• Software and utilities installed on the EC2 instance
• IAM Roles assigned to EC2 & IAM user access
management
• Data security on your instance
EC2 Section Summary
• Managed NFS (network file system) that can be mounted on 100s of EC2
• EFS works with Linux EC2 instances in multi-AZ
• Highly available, scalable, expensive (3x gp2), pay per use, no capacity
planning
EBS VS EFS
Elastic Load Balancing and Auto Scaling
Groups Section
Vertical Scalability
High Availability
• When a CloudWatch alarm is triggered (example CPU < 30%), then remove 1
• Scheduled Scaling
• Anticipate a scaling based on known usage patterns
• Predictive Scaling
• Uses Machine Learning to predict future traffic ahead of time
• Automatically provisions the right number of EC2 instances in advance
• Useful when your load has predictable time - based patterns
Amazon S3
Section
Introduction
• Static website
Amazon S3 – Buckets
• Naming convention
• No uppercase, No underscore
• 3-63 characters long
• Not an IP
• Must start with lowercase letter or number
• Must NOT start with the prefix xn-- • Must NOT end with the suffix -s3alias
Amazon S3 – Objects
• Just keys with very long names that contain slashes (“/”)
• Tags (Unicode key / value pair – up to 10) – useful for security / lifecycle
• User-Based
• IAM Policies – which API calls should be allowed for a specific
user from IAM
• Resource-Based
• Bucket Policies – bucket wide rules from the S3 console -
allows cross account
• Object Access Control List (ACL) – finer grain (can be disabled)
• Bucket Access Control List (ACL) – less common (can be
disabled)
• If you get a 403 Forbidden error, make sure the bucket policy allows
public reads!
Amazon S3 – Versioning
• Notes:
• Any file that is not versioned prior to enabling versioning will have
version “null”
• Suspending versioning does not delete the previous versions
Amazon S3 – Replication ( CRR and SRR )
• Use cases:
• CRR – compliance, lower latency access, replication across accounts
• SRR – log aggregation, live replication between production and test
accounts
S3 Durability and Availability
• Durability:
• High durability (99.999999999%, 11 9’s) of objects across multiple AZ
• If you store 10,000,000 objects with Amazon S3, you can on average
expect to incur a loss of a single object once every 10,000 years
• Same for all storage classes
• Availability:
• Measures how readily available a service is
• Varies depending on storage class
• Example: S3 standard has 99.99% availability = not available 53 minutes a
year
S3 Storage Classes
• 99.99% Availability
• Used for frequently accessed data
• Low latency and high throughput
• Sustain 2 concurrent facility failures
• Use Cases: Big Data analytics, mobile & gaming
applications, content distribution…
• For data that is less frequently accessed, but requires rapid access
when needed
• Lower cost than S3 Standard
• Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
• 99.9% Availability
• Use cases: Disaster Recovery, backups
S3 Encryption
Shared Responsibility Model for S3
AWS
YOU
• S3 Versioning
• S3 Bucket Policies
• S3 Replication Setup
• Logging and Monitoring
• S3 Storage Classes
• Data encryption at rest and in transit
AWS Snow Family for Data Migrations