AWS Academy Cloud Virtual Internship

A Summer internship -1 Report Submitted in Portal Fulfilment of the

Requirements for the award of Degree of
Bachelor of Technology
in
Computer Science and Systems Engineering
By
JAMPANA PRAVALLIKA

20KD1A1528

Department of Computer Science and Systems Engineering

Lendi Institute of Engineering and Technology (A)
(Affiliated to Jawaharlal Nehru Technological University, Kakinada)
Approved by AICTE, Accredited by NBA & NAAC with ‘A’ Grade
Vizianagaram – 53500
November 2021 – September 2022
CERTIFICATE
CONTENTS
1. AWS Academy Cloud Foundation

1.1: Cloud Concepts Overview

1.2: Cloud Economics and Billing

1.3: AWS Global Infrastructure Overview

1.4: AWS Cloud Security

1.5: Networking and Content Delivery

1.6: Compute

1.7: Storage

1.8: Databases

1.9: Cloud Architecture

1.10: Automatic Scaling and Monitoring

2. AWS Academy Cloud Architecture

2.1 - Welcome to AWS Academy Cloud Architecting

2.2 - Introducing Cloud Architecting

2.3 - Adding a Storage Layer

2.4 - Adding a Compute Layer

2.5 - Adding a Database Layer

2.6 - Creating a Networking Environment

2.7 - Connecting Networks

2.8 - Securing User and Application Access

2.9 - Implementing Elasticity, High Availability, and Monitoring

2. 10 - Automating Your Architecture

 1. AWS Academy Cloud Foundation

Introduction:
In 2006, Amazon Web Services (AWS) began offering IT infrastructure services to businesses as web
services—now commonly known as cloud computing. One of the key benefits of cloud computing is
the opportunity to replace upfront capital infrastructure expenses with low variable costs that scale
with your business. With the cloud, businesses no longer need to plan for and procure servers and
other IT infrastructure weeks or months in advance. Instead, they can instantly spin up hundreds or
thousands of servers in minutes and deliver results faster. Today, AWS provides a highly reliable,
scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of
businesses in 190 countries around the world.
This article is part of a technical content series crafted by AWS Star tup Solutions Architects to help
guide early stage start ups in setting the foundations needed to start building quickly and easily. The
series offers a high-level overview of the technical decisions start up founders need to make when
getting off the ground, along with which AWS services are best suited to address those decisions.
Establishing your first start up is extremely exciting, and it comes with a lot of challenges. You need
to hire skilled people to build, maintain, and operate your products, finalize your next fundraising
round, reach and penetrate global markets, and earn your customers’ trust by providing them a
great experience, keeping your innovative edge, and securing their data. And you have to do all of
that while keeping your costs down.

At AWS, we understand, and a lot of us have first-hand experience with the day-to-day challenges
faced by early-stage founders. Since 2006, when AWS first brought cloud infrastructure to the world,
we’ve worked alongside hundreds of thousands of founders all over the globe, helping them to build
and scale their businesses. Some of them have gone on to revolutionize the world.
There are many advantages for a start up to use AWS, and in this article, we cover how you can
leverage AWS to limit your overhead, start building quickly, and focus your time and energy on
developing the aspects of your product or service that make your start up shine.

1.1 What is AWS? (Amazon Web Service)

Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud
platform, offering over 200 fully featured services from data centres globally. Millions of
customers--- including the fastest-growing start up, largest enterprises, and leading government
agencies---are using AWS to lower costs, become more agile, and innovate faster.
BACKGROUND:

o 2003: In 2003, Chris Pinkham and Benjamin Black presented a paper on how
Amazon's own internal infrastructure should look like. They suggested to sell
it as a service and prepared a business case on it. They prepared a six-page
document and had a look over it to proceed with it or not. They decided to
o proceed with the documentation.
2004: SQS stands for "Simple Queue Service" was officially launched in
o 2004. A team
launched this service in Cape Town, South Africa.
2006: AWS (Amazon Web Services) was officially launched.
o 2007: In 2007, over 180,000 developers had signed up for the AWS.
o 2010: In 2010, amazon.com retail web services were moved to the AWS, i.e.,
amazon.com is now running on AWS.
o 2011: AWS suffered from some major problems. Some parts of volume of EBS (Elastic
Block Store) was stuck and were unable to read and write requests. It took two days
for the problem to get resolved.
o 2012: AWS hosted a first customer event known as re:Invent conference. First
re:Invent conference occurred in which new products were launched. In AWS, another
major problem occurred that affects many popular sites such as Pinterest, Reddit, and
Foursquare.
2013: In 2013, certifications were launched. AWS started a certifications program for
o
software engineers who had expertise in cloud computing.
2014: AWS committed to achieve 100% renewable energy usage for its global
o footprint.
2015: AWS breaks its revenue and reaches to $6 Billion USD per annum. The revenue
o was growing 90% every year.
2016: By 2016, revenue doubled and reached $13Billion USD per annum.
o 2017: In 2017, AWS re: invent releases a host of Artificial Intelligence Services due to
o which revenue of AWS doubled and reached $27 Billion USD per annum.
2018: In 2018, AWS launched a Machine Learning Speciality Certs. It heavily focussed
o on automating Artificial Intelligence and Machine learning.
1.2 What is exactly cloud Computing?

Cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go
pricing. That means that instead of buying, owning, and maintaining physical data centres or
servers, you can access technology services such as computing power, storage, and databases,
on an as-needed basis from a cloud provider.
1.3 How does AWS work?
Now that we know what cloud computing is, let's understand a little more about AWS. AWS is the
world's most comprehensive and widely adopted cloud platform, with the broadest and deepest
set of services. Millions of customers trust AWS to power their infrastructure and applications.
Start ups and organizations of every type and size are using AWS services to experiment,
innovate faster, lower costs, and become more agile.
Because we take care of the heavy lifting for you, you can build and run virtually any type of
application, including a social network, a smart city, genomic research, gaming, video streaming,
online banking, and many others. You use those services without upfront costs or long-term
commitments.
Thanks to the pay-as-you-go model, you are able to experiment with different technologies until
you find the ones that fit your needs and shorten your time to market. That way, start-ups finish
building their product and features faster while keeping their cost minimal.

AWS services come in different shapes and forms, from infrastructure technologies like compute,
storage and databases to emerging technologies such as machine learning and artificial
intelligence, data lakes and analytics, Internet of Things, and many more.

Some services give you full control while AWS manages the infrastructure and underlying
resources. For other services, AWS is responsible for the operation and security of the entire
stack so all that is left for you to do is use it. We call this the shared responsibility model.

1.4 AWS in Action: A Relational Database for an E- Commerce

Start-up:
Let’s say you are working on your e-commerce start up and you need a relational data store
for your application. After experimenting with different relational databases, you choose
MySQL.
You can choose to install it on a service like Amazon Elastic Compute Cloud (Amazon EC2),
which is basically a secure and resizable virtual server. AWS manages the infrastructure all the
way to the hypervisor. Everything above that is your responsibility, like managing the guest
operating system, the MySQL engine, or the data in it.
Your e-commerce start up is responsible for updates and security patches, scaling, backups,
failovers, and more. Those tasks usually have nothing to do with your main business. A more
convenient option would be to use Amazon Relational Database Service (Amazon RDS). In a
few clicks in the AWS Management Console, you have a running relational DB of your choice in
a very short time. RDS is a managed service. That means it takes care of time-consuming
database administration tasks for you such as provisioning, patching, backup, recovery, failure
detection, and repair. This frees you up to focus on your application, data, and business.
1.5 A Global Footprint:
Once you build your product and need to grow to global markets and extend your reach, the
global footprint of AWS becomes handy. The global AWS infrastructure is built from Availability
Zones, Regions, and Edge locations.
AWS data centres are clustered together using private and redundant fibre links into what’s
called an Availability Zone. There are multiple Availability Zones within a geographic Region,
such as Oregon, Ireland, Tokyo, and so on. These Availability Zones are likewise geographically
distant from each other across natural disaster zones and flood plains, with independent utilities
and other isolations in place. Leveraging multiple Availability Zones makes it easy to design and
operate workloads that are scalable, fault tolerant, and highly available.

It’s important to note that Regions in AWS operate independently from each other, which means
different Regions will have different pricing and services available. We recommend building in a
Region that gives you the best end-user latency and service selection for the lowest price, while
adhering to any data locality laws applicable to your business. AWS Edge Locations extend your
global reach even further. They allow you to cache and serve content, run your code, use
security services, connect to the AWS network backbone, and even reach-out to space from all
over the globe and closer to your clients.
All this massive global infrastructure is interconnected via a purpose-built, highly available, and
low-latency private network infrastructure that crosses oceans and continents. It’s hard to grasp
the magnitude of this, but we are now working on the trans-pacific cable that connects New
Zealand, Australia, Hawaii, and Oregon that spans 14K kilo-meters.

1.6 Highest Standards for Privacy and Data Security:

Our infrastructure and services are built to satisfy the security standards of the most risk-
sensitive organizations, and the same features are offered to everyone.
The security experts who monitor and secure our infrastructure also build and maintain our broad
selection of innovative security services, which help you simplify meeting your own security,
compliance, and regulatory requirements.

To let you experiment, AWS provides a Free Tier for many services. Check out what kind of
resources you can run and for how long under the Free Tier, and see if you can orient your
workloads to maximize them. You may also qualify for our AWS Activate program, providing
credits, support, and training all free of charge. Visit our Activate page to check your eligibility
and apply.
Every journey starts with a first step. Now that you are familiar with cloud computing and basic
AWS concepts such as Regions, Availability Zones, and services, the real fun begins.
Have fun, and build on!
1.7 Types of Cloud Computing:
Cloud computing provides developers and IT departments with the ability to focus on
what matters most and avoid undifferentiated work such as procurement, maintenance, and
capacity planning. As cloud computing has grown in popularity, several different models and
deployment strategies have emerged to help meet specific needs of different users. Each
type of cloud service and deployment method provides you with different levels of control,
flexibility, and management. Understanding the differences between Infrastructure as a
Service, Platform as a Service, and Software as a Service, as well as what deployment
strategies you can use, can help you decide what set of services is right for your needs.

Cloud Computing Models:

Infrastructure as a Service (IaaS):
Infrastructure as a Service (IaaS) contains the basic building blocks for cloud IT and
typically provides access to networking features, computers (virtual or on dedicated hardware),
and data storage space. IaaS provides you with the highest level of flexibility and management
control over your IT resources and is most similar to existing IT resources that many IT
departments and developers are familiar with today.

1.8 Platform as a Service (PaaS):

Platform as a Service (PaaS) removes the need for your organization to manage the
underlying infrastructure (usually hardware and operating systems) and allows you to focus on
the deployment and management of your applications. This helps you be more efficient as you
don’t need to worry about resource procurement, capacity planning, software maintenance,
patching, or any of the other undifferentiated heavy lifting involved in running your
application.

1.9 Software as a Service (SaaS):

Software as a Service (SaaS) provides you with a completed product that is run and
managed by the service provider. In most cases, people referring to Software as a Service are
referring to end-user applications. With a SaaS offering you do not have to think about how
the service is maintained or how the underlying infrastructure is managed; you only need to
think about how you will use that particular piece of software. A common example of a SaaS
application is web-based email which you can use to send and receive email without having to
manage feature additions to the email product or maintain the servers and operating systems
that the email program is running on.

1.10 Management Tools:

AWS Managed Services Accelerate:
Incident management

AMS Accelerate is designed to help detect and respond to incidents and assists your team in
resolving issues. You can reach out to AMS Accelerate operations engineers 24x7 using AWS
Support Centre, with incident response time SLAs depending on the level of response you
selected for your account.
Monitoring

Accounts enrolled in AMS Accelerate are configured with a baseline deployment of CloudWatch
events and alarms that have been optimized to reduce noise and to identify a possible upcoming
incident. After receiving the alerts, the AMS team uses automated remediations, people, and
processes, to bring the resources back to a healthy state and engage with your teams when
appropriate to provide insights into learnings on the behaviour and how to prevent it. If
remediation fails, AMS starts the incident management process. You can change the baselines
by updating the default configuration file.

Security management

AMS helps you protect your information assets and helps you keep your AWS infrastructure
secure by using multiple controls. AMS deploys a collection of AWS Config rules aligned with
the National Institute of Standards and Technology Cloud Security (Framework NIST CSF) and
the Centre for Internet Security AWS Foundations (CIS) security frameworks. These rules
continuously check whether your existing and new resources are conformant with those
security frameworks.
In addition, AMS leverages Amazon Guard Duty to help identify potentially unauthorized or
malicious activity in your AWS managed environment. Guard Duty findings are monitored 24x7
by AMS. AMS collaborates with you to understand the impact of the findings and remediations
based
your on best practice recommendations. AMS also supports Amazon Macie to help protect
sensitive data such as personal health information (PHI), personally identifiable information
(PII),
and financial data.
Patch management

For an AWS account with the patch add-on, AMS applies and installs vendor updates to EC2
instances for supported operating systems during your chosen maintenance windows. AMS
creates a snapshot of the instance prior to patching, monitors the patch installation, and notifies
you of the outcome. If the patch fails, AMS investigates the failure, tries to remediate it, or
restores the instance as needed. AMS provides reports of patch compliance coverage and
advises you of the recommended course of action for your business.
 2.AWS Academy Cloud Architecture

2.1 AWS Managed Services Advanced:

Logging, Monitoring, Guardrails, and Event Management

AMS Advanced configures and monitors your managed environment for logging activity and
defines alerts based on a variety of health checks. Alerts are investigated by AMS for applicable
AWS services, and those that negatively impact your usage of those services result in the
creation of incidents. AMS Advanced is designed to aggregate and store all logs generated as a
result of all operations in CloudWatch, CloudTrail, and system logs in S3. Upon request, you can
ask for additional alerts to be put in place. In addition to AMS’ preventative controls, AMS
Advanced deploys configuration guardrails and detective controls to provide ongoing protection
for you from misconfigurations that could reduce the operational and security integrity of the
managed accounts, to enforce your controls such as tagging and compliance. When a monitored
control is detected an alarm is generated that results in notification, modification, or termination
of resources based on pre-defined AMS defaults that can be modified by you.

Continuity management (Backup and Restore)

AMS Advanced provides backups of resources on a scheduled interval determined by you.

Restore actions from specific snapshots can be performed by AMS Advanced with your RFC.
Data changes that occur between snapshot intervals are the responsibility of you to backup.
You can submit an RFC for backup or snapshot requests outside of scheduled intervals. In the
case of Availability Zone (AZ) unavailability in an AWS Region, with your permission, AMS
Advanced
is designed to restore the managed environment by recreating new stack(s) based on
templates and available EBS snapshots of the impacted Stacks.
Security and access management

AMS Advanced provides security management services such as configuring anti-virus and anti-
malware protection. AMS Advanced also configures default AWS security capabilities that are
approved by you during onboarding, to monitor and respond to security issues. You manage your
users through an approved directory service provided by you.

Patch management

AMS Advanced is designed to apply and install updates to EC2 instances for supported
operating systems (OSs) and software pre-installed with supported operating
systems.
AMS Advanced manages two models for patching:

● AMS standard patch for traditional account-based patching, and

● AMS Patch Orchestrator, for tag-based patching.
2.2 Media Services
AWS Elemental Media Store:
AWS Elemental Media Store is a video origination and storage service. The service can be
accessed through the AWS Management Console, or via APIs or AWS SDKs and configured to
your workflow.

Performance when you need it

When you create or update a video file in AWS Elemental Media Store, it is held in a
replicated cache for the first few minutes. This is designed to provide predictable latency
and consistent performance, regardless of how many viewers watch your stream.

Consistent, low latency reads, writes, and updates

Consistent read-after-write, and read-after-update performance is required for HTTP-based
streaming video protocols that use manifests to tell a player what objects to download. If the
content is not available immediately when requested, buffering or playback failures will occur,
and if content manifests aren’t current, devices will simply stop playback. AWS Elemental Media
Store is built for low-latency reads and writes, and high volumes of requests, which is designed
to allow you to deliver consistent quality-of-service to viewers.

2.3 AWS Elemental Media Package:

AWS Elemental Media Package is a video delivery service that allows video providers to
distribute streaming video at scale. It simplifies the preparation of your live and on-demand video
content for delivery to multiple devices, and improves the viewer experience with advanced
features. With Media Package, customers can reduce workflow complexity, increase origin
resiliency, and better protect multiscreen assets without the risk of under or over-provisioning
video infrastructure.

Comprehensive Output Formats

AWS Elemental Media Package supports a wide range of standards and formats commonly used
to stream video.
Flexible Video Content Protection
AWS Elemental Media Package lets you protect your streams by integrating with multiple
Digital Rights Management (DRM) technologies, based on the capabilities of each playback
device.
High Availability
AWS Elemental Media Package helps you scale based on the incoming stream requests you
receive. Media Package has a built-in origin shield and cache for reliable performance when
accessed directly by one or more CDNs, and runs on redundant infrastructure. Integrated
monitoring continuously tracks metrics (such as bandwidth, number of concurrent contacts or
instance resources), and new instances can be launched to scale with increased workload as
needed.

Use Independently or with AWS Media Services

AWS Elemental Media Package can be used as a standalone service or integrated with other
AWS Elemental Media Services for live video encoding, VOD processing, ad personalization and
monetization, or media-optimized storage. It is also interoperable with other AWS services, such
as the Amazon CloudFront CDN.

2.4 Management & Governance:

AWS Service Catalogue:

Products

AWS Service Catalogue allows you to create and manage catalogue of IT services you want to
make available for deployment on AWS. Each such IT service is considered a product, which can
comprise one or more AWS resources and can be a single compute instance running AWS
Linux, a fully configured multi-tier web application running in its own environment, or anything in
between. You create your products in AWS Service Catalogue by importing AWS
CloudFormation templates.

Portfolios

AWS Service Catalogue allows you to create portfolios that are collections of products, together
with configuration information. With AWS Service Catalogue, you can create a customized
portfolio for each type of user in your organization and selectively grant access to the
appropriate portfolio. When you add a new version of a product to a portfolio, that version is
made available
to all current users of that portfolio. You also can share your portfolios with other AWS accounts
and allow the administrator of those accounts to distribute your portfolios with additional
constraints.
Constraints

Constraints restrict the ways that specific AWS resources can be deployed for a product.
You can use them to apply limits to products for governance or cost control.

Stack

Every product in AWS Service Catalogue is launched as an AWS CloudFormation stack, which is
a set of resources provisioned for that instance of the product.

Service Actions

Using service actions, you can enable end users to perform operational tasks, troubleshoot
issues, run approved commands, or request permissions in AWS Service Catalogue on your
provisioned products, without needing to grant end users full access to AWS services. You use
AWS Systems Manager documents to define service actions.

2.5 AWS Well-Architected Tool:

The AWS Well-Architected Tool is designed to help you review the state of your applications and
workloads. It provides a central place for you to find AWS architectural best practices and
guidance. The AWS Well-Architected Framework is designed to provide a consistent approach
for evaluating your cloud architecture and to help scale with your application needs over time.
In addition to the standard guidance provided by the AWS Well-Architected Framework and
AWS-developed lenses, the AWS Well-Architected Tool allows you to add your own best practice
guidance using custom lenses.

Benefits
Get architectural guidance

You can benefit from access to knowledge and best practices used by AWS solutions architects.
You can answer questions about your application or workload, and the AWS Well-Architected
Tool is designed to deliver an action plan with step-by-step guidance to help you identify areas
for improvement.

Review your workloads consistently

Designed to provide a single tool and a consistent process to help you review and measure
your cloud architectures. The AWS Well-Architected Tool helps you to monitor the status of
multiple workloads across your organization and helps you understand potential risks. With
the action
plan, you can identify next steps for improvement, drive architectural decisions, and build for
the cloud with confidence.

2.6 Amazon Elastic Transcoder

Amazon Elastic Transcoder is media transcoding in the cloud. It is designed to
be a highly scalable, easy-
to-use, and cost-effective way for developers and businesses to convert (or
transcode) media files from
their source format into versions that will play back on devices like
smartphones, tablets, and PCs.
Amazon CloudFront

Amazon CloudFront is a fast content delivery network (CDN) service that

securely delivers data, videos, applications, and APIs to customers
globally with low latency, high transfer speeds, all within a developer-
friendly environment. CloudFront is integrated with AWS – both physical
locations that are directly connected to the AWS global infrastructure, as
well as other AWS services. CloudFront works seamlessly with services
including AWS Shield for DDoS mitigation, Amazon S3, Elastic Load
Balancing or Amazon EC2 as origins for
your applications, and Lambda@Edge to run custom code closer to
customers’ users and to customize the user experience.
You can get started with the Content Deliver Network minutes, using the

same
CAWonSs otoleo,ls that you're already familiar with: APIs, AWS
Management
AWS CloudFormation, CLIs, and SDKs. Amazon's
CDN offers a simple, pay-as-you-go pricing model with no upfront fees or
required long-term contracts, and support for the CDN is included in your
existing AWS Support subscription.
Amazon Route 53
Amazon Route 53 is a highly available and scalable cloud Domain Name
System (DNS) web service. It is designed to give developers and businesses an
extremely reliable and cost-effective way to route 60OverviewofAmazonWeb
Services AWS Whitepaper Amazon VPC users to Internet applications by
translating human readable names, such as www.example.com, into the
numeric IP addresses, such as 192.0.2.1, that computers use to connect to
each other.
Amazon Route 53 is fully compliant with IPv6 as well.
Amazon Route 53 effectively connects user requests to infrastructure running
in AWS—such as EC2 instances, Elastic Load Balancing load balancers, or
Amazon S3 buckets—and can also be used to route
users to infrastructure outside of AWS. You can use Amazon Route 53 to
configure DNS health checks to route traffic to healthy endpoints or to
independently monitor the health of your application and its endpoints. Amazon
Route 53 traffic flow makes it easy for you to manage traffic globally through a
variety of routing types, including latency-based routing, Geo DNS, and
weighted round robin—all of which can be combined with DNS Failover in
order to enable a variety of low-latency, fault-tolerant architectures. Using
Amazon Route 53 traffic flow’s simple visual editor, you can easily manage
how your end users are routed to your application’s endpoints whether in a
single AWS Region or distributed around the globe. Amazon Route 53 also
offers Domain Name Registration—you can purchase and
manage domain names such as example.com and Amazon Route 53 will
automatically configure DNS settings for your domains.
Amazon VPC

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically
isolated section of the AWS Cloud where you can launch AWS resources in a
virtual network that you define. You have complete control over your virtual
networking environment, including selection of your own IP address range,
creation of subnets, and configuration of route tables and network gateways.
You can use both IPv4 and IPv6 in your VPC for secure and easy access to
resources and applications.

You can easily customize the network configuration for your VPC. For
example, you can create a public- facing subnet for your web servers that has
access to the Internet, and place your backend systems, such as databases or
application servers, in a private-facing subnet with no Internet access. You can
leverage multiple layers of security (including security groups and network
access control lists) to help control access to EC2 instances in each subnet.
Additionally, you can create a hardware virtual private network (VPN)
connection between your corporate data centre and your VPC and leverage the
AWS Cloud as an extension of your corporate data Centre.
Amazon Elastic Block Store

Amazon Elastic Block Store (Amazon EBS) provides persistent block storage
volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon
EBS volume is automatically replicated within
its Availability Zone to protect you from component failure, offering high
availability and durability.

Amazon EBS volumes offer the consistent and low-latency performance needed
to run your workloads. With Amazon EBS, you can scale your usage up or
down within minutes—all while paying a low price for only what you
provision.
2.7 Developer Tools
Amazon Corretto
Amazon Corretto is a no-cost, multiplatform, production-ready distribution of
the Open Java Development Kit (OpenJDK). Corretto comes with long-term
support that will include performance enhancements and security fixes. Amazon
runs Corretto internally on thousands of production services and Corretto is
certified as compatible with the Java SE standard. With Corretto, you can
develop and run Java applications on popular operating systems, including
Amazon Linux 2, Windows, and macOS.

AWS Cloud9

AWS Cloud9 is a cloud-based integrated development environment (IDE) that

lets you write, run, and
debug your code with just a browser. It includes a code editor, debugger, and
terminal. Cloud9 comes
pre packaged with essential tools for popular programming languages, including
JavaScript, Python, PHP and more, so you don’t need to install files or
configure your development machine to start new projects.
Since your Cloud9 IDE is cloud-based, you can work on your projects from
your office, home, or anywhere
using an internet-connected machine. Cloud9 also provides a seamless
experience for developing serverless applications enabling you to easily define
resources, debug, and switch between local and remote execution of serverless
applications. With Cloud9, you can quickly share your development
environment with your team, enabling you to pair program and track each
other's inputs in real time.

2.8 Front-End Web & Mobile

Services Amazon Location Service

Amazon Location Service makes it easy for developers to add location
functionality to applications without compromising data security and user
privacy.
Location data is a vital ingredient in today’s applications, enabling capabilities
ranging from asset tracking to location-based marketing. However, developers
face significant barriers when integrating
location functionality into their applications. This includes cost, privacy and
security compromises, and tedious and slow integration work.
Amazon Location Service provides affordable data, tracking and geofencing
capabilities, and native integrations with AWS services, so you can create
sophisticated location-enabled applications quickly, without the high cost of
custom development. You retain control of your location data with Amazon
Location, and you can combine proprietary data with data from the service.

Amazon Location provides cost-effective location-based services (LBS) using

high-quality data from global, trusted providers Esri and HERE.

Amazon CloudWatch

Amazon CloudWatch is a monitoring and management service built for

developers, system operators, site reliability engineers (SRE), and IT managers.
CloudWatch provides you with data and actionable
insights to monitor your applications, understand and respond to systemwide
performance changes, optimize resource utilization, and get a unified view of
operational health.

CloudWatch collects monitoring and operational data in the form of logs,

metrics, and events, providing you with a unified view of AWS resources,
applications and services that run on AWS, and on-premises servers. You can
use CloudWatch to set high resolution alarms, visualize logs and metrics side
by side, take automated
Amazon Cloud Directory

Amazon Cloud Directory enables you to build flexible, cloud-native directories

for organizing hierarchies of data along multiple dimensions. With Cloud
Directory, you can create directories for a variety of use cases, such as
organizational charts, course catalogue, and device registries. While traditional
directory solutions, such as Active Directory Lightweight Directory Services
(AD LDS) and other LDAP-based directories, limit you to a single hierarchy,
Cloud Directory offers you the flexibility to create directories
with hierarchies that span multiple dimensions. For example, you can create an
organizational chart that can be navigated through separate hierarchies for
reporting structure, location, and cost centre.
Amazon Cloud Directory automatically scales to hundreds of millions of
objects and provides an extensible schema that can be shared with multiple
applications. As a fully-managed service, Cloud Directory eliminates time-
consuming and expensive administrative tasks, such as scaling infrastructure
66Overview of Amazon Web Services AWS Whitepaper Amazon Detective
and managing servers. You simply define the schema, create a directory, and
then populate your directory by making calls to the Cloud Directory API.

Amazon Detective

Amazon Detective makes it easy to analyse, investigate, and quickly identify

the root cause of potential security issues or suspicious activities. Amazon
Detective automatically collects log data from your AWS resources and uses
machine learning, statistical analysis, and graph theory to build a linked set of
data that enables you to easily conduct faster and more efficient security
investigations.
AWS security services like Amazon Guard Duty, Amazon Macie, and AWS
Security Hub as well as partner security products can be used to identify
potential security issues, or findings. These services are really helpful in alerting
you when something is wrong and pointing out where to go to fix it.
But sometimes there might be a security finding where you need to dig a lot
deeper and analyse more information to isolate the root cause and take action.
Determining the root cause of security findings can be a complex process that
often involves collecting and combining logs from many separate data sources,
using extract, transform, and load (ETL) tools or custom scripting to organize
the data, and then security analysts having to analyse the data and conduct
lengthy investigations.
Amazon Detective simplifies this process by enabling your security teams to
easily investigate and quickly get to the root cause of a finding. Amazon
Detective can analyse trillions of events from multiple data sources such as
Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail, and Amazon Guard
Duty, and automatically creates a unified, interactive view of your resources,
users, and the interactions between them over time. With this unified view, you
can visualize all the details and context in one place to
identify the underlying reasons for the findings, drill down into relevant
historical activities, and quickly determine the root cause.

You can get started with Amazon Detective in just a few clicks in the AWS
Console. There is no software to deploy, or data sources to enable and maintain.

Amazon Elastic Container Registry

Amazon Elastic Container Registry (ECR) is a fully-managed Docker container

registry that makes it easy for developers to store, manage, and deploy Docker
container images. Amazon ECR is integrated with Amazon Elastic Container
Service (Amazon ECS), simplifying your development to production work
flow.
Amazon ECR eliminates the need to operate your own container repositories or
worry about scaling the underlying infrastructure. Amazon ECR hosts your
images in a highly available and scalable architecture, allowing you to reliably
deploy containers for your applications. Integration with AWS Identity and
Access Management (IAM) (p. 69) provides resource-level control of each
repository.

With Amazon ECR, there are no upfront fees or commitments. You pay
only for the amount of data you store in your data.

2.9 End User Computing

Amazon App Stream 2.0

Amazon App Stream 2.0 is a fully managed application streaming
service. You centrally manage your
desktop applications on App Stream 2.0 and securely deliver them to
any computer. You can easily
scale to any number of users across the globe without acquiring,
provisioning, and operating hardware
or infrastructure. App Stream 2.0 is built on AWS, so you benefit from a
data centre and network
architecture designed for the most security-sensitive organizations.
Each user has a fluid and responsive
experience with your applications, including GPU-intensive 3D design
and engineering ones, because
your applications run on virtual machines (VMs) optimized for specific
use cases and each streaming
session automatically adjusts to network conditions.
Enterprises can use App Stream 2.0 to simplify application delivery and
complete their migration to the
cloud. Educational institutions can provide every student access to the
applications they need for class
Amazon Work Spaces
on any computer. Software vendors can use App Stream 2.0 to deliver
trials, demos, and training for their
Amazon Workwith
applications Spaces
no is a fully managed,
downloads secure cloud
or installations. desktop
They service.
can also You
develop
can
a fulluse Work Spaces to provision
software-as-a-service either Windows or Linux desktops in just a
(SaaS)
few minutes and quickly scale to provide thousands of desktops to workers
across the globe. You can pay either monthly or hourly, just for the Work
Spaces you launch, which helps you save money when compared to traditional
desktops and on-premises VDI solutions.

Work Spaces helps you eliminate the complexity in managing hardware

inventory, OS versions and patches, and Virtual Desktop Infrastructure (VDI),
which helps simplify your desktop delivery
strategy.

With Work Spaces, your users get a fast, responsive desktop of their choice that
they can access anywhere, anytime, from any supported device.
Amazon Work Link

Amazon Work Link is a fully managed service that lets you provide your
employees with secure, easy access to your internal corporate websites and web
apps using their mobile phones. Traditional solutions
such as Virtual Private Networks (VPNs) and device management software are
inconvenient to use on the go, and often require the use of custom browsers that
have a poor user experience. As a result, employees often forgo using them
altogether.

With Amazon Work Link, employees can access internal web content as easily
as they access any public
website, without the hassle of connecting to their corporate network. When a
user accesses an internal website, the page is first rendered in a browser running
in a secure container in AWS.
Amazon Work Link then sends the contents of that page to employee phones as
vector graphics while preserving the functionality and interactivity of the page.
This approach is more secure than traditional solutions because internal content
is never stored or cached by the browser on employee phones, and employee
devices never connect directly to your corporate network.
With Amazon Work Link, there are no minimum fees or long-term
commitments. You pay only for users
that connect to the service each month, and there is no additional charge for
bandwidth consumption.

2.10 Database:
Amazon Aurora:
Amazon Aurora is a MySQL and PostgreSQL compatible relational database engine that
combines the speed and availability of high-end commercial databases with the simplicity and cost-
effectiveness of open source databases.

Amazon Aurora is up to five times faster than standard MySQL databases and three times faster
than standard PostgreSQL databases. It provides the security, availability, and reliability of
commercial databases at 1/10th the cost. Amazon Aurora is fully managed by Amazon Relational
Database Service (Amazon RDS), which automates time-consuming administration tasks like
hardware provisioning, database setup, patching, and backups.

Amazon Aurora features a distributed, fault-tolerant, self-healing storage system that auto-scales up
to 128TB per database instance. It delivers high performance and availability with up to 15 low-
latency read replicas, point-in-time recovery, continuous backup to Amazon S3, and replication
across three Availability Zones (AZs).
Amazon DynamoDB:
Amazon DynamoDB is a key-value and document database that delivers single-digit
millisecond performance at any scale. It's a fully managed, multi region, multi master database with
built-in security, backup and restore, and in-memory caching for internet-scale applications.
DynamoDB can handle more than 10 trillion requests per day and support peaks of more than 20
million requests per second.

Many of the world's fastest growing businesses such as Lyft, Airbnb, and Redfin as well as
enterprises such as Samsung, Toyota, and Capital One depend on the scale and performance of
DynamoDB to support their mission-critical workloads.

Hundreds of thousands of AWS customers have chosen DynamoDB as their key-value and document
database for mobile, web, gaming, ad tech, IoT, and other applications that need low-latency data
access at any scale. Create a new table for your application and let DynamoDB handle the rest.
Conclusion:
The AWS Well-Architected Framework provides architectural best practices across
the five pillars for designing and operating reliable, secure, efficient, and cost-
effective systems in the cloud. The Framework provides a set of questions that
allows you to review an existing or proposed architecture. It also provides a set of
AWS best practices for each pillar. Using the Framework in your architecture will
help you produce stable and efficient systems, which allow you to focus on your
functional requirements.