22BKT0075

S.SUMANTH REDDY

AWS SOLUTIONS ARCHIETECT

DIGITAL ASSIGNMENT-1
NAME: S.SUMANTH REDDY
REG.NO: 22BKT0075
SLOT: F1+TF1
 22BKT0075
S.SUMANTH REDDY

(1) Discuss the motivation towards cloud computing in recent time

and identify any 10 cloud applications with neat specifications?

Answer:
Motivation Towards Cloud Computing in Recent Times:
Cloud computing has become a cornerstone of modern technology, driven by
various factors that address the needs of businesses, developers, and consumers.
The following key motivations explain why cloud computing has seen rapid
adoption and growth:

1. Cost Efficiency : Cloud computing eliminates the need for significant upfront
capital expenditure on hardware and software. Organizations can leverage cloud
services on a pay-as-you-go basis, reducing operational costs.
2. Scalability : Cloud computing offers unparalleled scalability. Businesses can scale
their IT resources up or down based on demand, ensuring they only use what they
need. This is particularly important for startups and enterprises experiencing rapid
growth.
3.Accessibility and Mobility : Cloud services can be accessed from anywhere with
an internet connection, allowing employees to work remotely and collaborate in
real-time. This accessibility has become crucial with the rise of remote work.
4.Business Continuity : Cloud computing enhances business continuity by offering
disaster recovery and backup solutions. Data stored in the cloud is often replicated
across multiple geographic locations, minimizing the risk of data loss.
5.Innovation and Agility : Cloud platforms provide tools and services that enable
rapid development and deployment of applications. Businesses can experiment
with new ideas and bring products to market faster, fostering innovation.
6.Security : Leading cloud providers invest heavily in security measures, often
surpassing what many organizations can afford to implement on their own. Cloud
services offer encryption, identity management, and access controls, ensuring
data security.
 22BKT0075
S.SUMANTH REDDY

7.Global Reach : Cloud services enable businesses to reach a global audience by

providing infrastructure across different regions. This global reach is essential for
companies looking to expand internationally.
8.Compliance and Governance : Cloud providers often offer tools and frameworks
to help businesses comply with various regulatory requirements, making it easier
to manage data governance and compliance across different jurisdictions.
9.Environmental Impact : By consolidating IT resources in large, energy-efficient
data centers, cloud computing reduces the environmental impact of individual
companies maintaining their own data centers.
10.Focus on Core Business : Cloud computing allows businesses to focus on their
core activities rather than managing complex IT infrastructure. By outsourcing IT
needs to cloud providers, companies can concentrate on innovation and growth.

Cloud Applications: Examples and Specifications

Cloud applications, often referred to as cloud-based applications, are software
programs that run on the cloud rather than on local computers or servers. These
applications leverage cloud computing infrastructure to deliver services over the
internet. Below are ten common types of cloud applications, each with detailed
specifications:

1. Google Workspace (SaaS)

• Type : Software as a Service (SaaS)
• Description : Google Workspace is a collection of cloud-based productivity
and collaboration tools, including Gmail, Google Drive, Google Docs, Google
Sheets, and Google Meet. It is widely used by businesses and educational
institutions for communication and document management.
• Features : Real-time collaboration, secure cloud storage, integrated
communication tools, and compatibility with various devices.
 22BKT0075
S.SUMANTH REDDY

2. AWS Elastic Beanstalk (PaaS)

• Type : Platform as a Service (PaaS)
• Description : AWS Elastic Beanstalk is a service that allows developers to
deploy and manage applications in the cloud without worrying about the
underlying infrastructure. It supports various programming languages,
including Java, .NET, Node.js, Python, Ruby, and Go.
• Features : Automatic scaling, application monitoring, simplified deployment,
and integration with other AWS services.
3.Microsoft Azure (IaaS)
• Type : Infrastructure as a Service (IaaS)
• Description : Microsoft Azure provides virtualized computing resources over
the internet, including virtual machines, storage, and networking. It
supports various operating systems and frameworks, allowing businesses to
build, deploy, and manage applications on a global scale.
• Features : High availability, robust security, pay-as-you-go pricing, and global
reach.
4.Dropbox (Storage Service)
• Type : Cloud Storage
• Description : Dropbox is a cloud storage service that allows users to store,
sync, and share files across multiple devices. It is popular among individuals
and businesses for its ease of use and integration with other applications.
• Features : Secure file storage, file sharing, real-time collaboration, and
cross-platform accessibility.
5.Salesforce (CRM)
• Type : Customer Relationship Management (CRM)
• Description : Salesforce is a cloud-based CRM platform that helps
businesses manage customer relationships, sales, marketing, and customer
service. It is widely used for tracking customer interactions, automating
sales processes, and generating analytics.
 22BKT0075
S.SUMANTH REDDY

• Features : Customizable dashboards, automation tools, integration with

other business systems, and advanced analytics.
6.Zoom (Collaboration Tool)
• Type : Cloud-Based Collaboration Tool
• Description : Zoom is a cloud-based video conferencing platform that
enables virtual meetings, webinars, and online collaboration. It gained
popularity during the COVID-19 pandemic as a primary tool for remote
work and education.
• Features : High-definition video and audio, screen sharing, recording
capabilities, and support for large meetings.
7.WordPress (CMS)
• Type : Content Management System (CMS)
• Description : WordPress is a cloud-based platform that allows users to
create, manage, and modify content on websites without needing to code.
It powers a significant percentage of websites globally, offering themes,
plugins, and customizability.
• Features : User-friendly interface, extensive plugin library, customizable
themes, and SEO optimization.
8. Amazon RDS (Cloud Database)
• Type : Cloud Database
• Description : Amazon RDS (Relational Database Service) is a managed
database service that provides scalable and reliable database solutions in
the cloud. It supports multiple database engines, including MySQL,
PostgreSQL, Oracle, and SQL Server.
• Features : Automated backups, scalability, high availability, and encryption.
9.Google BigQuery (Big Data and Analytics)
• Type : Big Data and Analytics
• Description : Google BigQuery is a fully-managed, serverless data warehouse
that enables super-fast SQL queries using the processing power of Google's
infrastructure. It is designed for analyzing large datasets and deriving
insights.
 22BKT0075
S.SUMANTH REDDY

• Features : Real-time analytics, scalability, integration with other Google

Cloud services, and machine learning capabilities.
10.Veeam (Backup and Disaster Recovery)
• Type : Backup and Disaster Recovery
• Description : Veeam provides backup, recovery, and data management
solutions for virtual, physical, and cloud-based workloads. It ensures that
data is securely backed up and can be quickly restored in the event of a
disaster.
• Features : Automated backups, quick recovery, data replication, and
encryption.
 22BKT0075
S.SUMANTH REDDY

(2) A company has strict data protection requirements. A solution architect must
configure security for a VPC to ensure that backend amazon DB instances cannot
be accessed from the internet. The solutions architect must ensure that the DB
instances are accessible from the application tier over a specified port only.
Discuss the actions taken by solutions architect with neat diagram?
Answer:
Actions Taken by the Solutions Architect
To meet the stringent data protection requirements and ensure that the backend
Amazon DB instances are secure and accessible only from the application tier over
a specified port, the solutions architect would implement the following steps:

1.Designing the Virtual Private Cloud (VPC):

-VPC Creation: Start by creating a VPC, which acts as a logically isolated network
environment in AWS. This VPC will contain all the necessary resources, ensuring
they are securely managed and isolated from external networks.
- Subnet Configuration: Within the VPC, create multiple subnets in different
Availability Zones (AZs) to enhance fault tolerance and high availability. The
subnets will be categorized into public and private:
- Public Subnet: This subnet is accessible from the internet and will contain
resources that need public access, such as NAT Gateways and Load Balancers.
- Private Subnet : This subnet is isolated from the internet and will host
sensitive resources like the Amazon DB instances. These subnets will only allow
controlled access from within the VPC.

2.Implementing NAT Gateways:

- NAT Gateway Deployment : Deploy NAT Gateways in the public subnets. The
NAT Gateway allows instances in the private subnet to initiate outbound traffic to
the internet (for example, to download software updates) while preventing
inbound traffic from the internet, thereby maintaining security.
 22BKT0075
S.SUMANTH REDDY

3. Configuring Security Groups :

- Application Security Group: Define a security group for the application servers
located in the private subnets. This security group will:
- Allow inbound traffic on specific ports (e.g., port 443 for HTTPS) from the
Application Load Balancer.
- Restrict outbound traffic to specific destinations or ports as required by the
application.
- Database Security Group: Define another security group for the Amazon DB
instances. This group will:
- Allow inbound traffic only from the Application Security Group on the specific
database port (e.g., port 3306 for MySQL).
- Deny all other inbound traffic, ensuring the DB instances are not accessible
directly from the internet.
- Restrict outbound traffic to necessary resources like backups or logging
services.

4. Deploying the Application Load Balancer (ALB):

- ALB Placement : Place an Application Load Balancer in the public subnets. The
ALB will manage incoming traffic from the internet, distributing it to the
application servers in the private subnets.
- ALB Security Group : Configure the ALB with a security group that allows
inbound traffic on ports 80 (HTTP) and 443 (HTTPS). The ALB will forward this
traffic to the application servers, which will process requests and interact with the
DB instances as needed.

5. Setting Up Auto Scaling:

- Auto Scaling Group (ASG) : Implement an ASG for the application servers in the
private subnets. The ASG will automatically scale the number of instances up or
down based on demand, ensuring the application can handle varying loads
 22BKT0075
S.SUMANTH REDDY

efficiently. The ASG also ensures high availability by distributing instances across
multiple Availability Zones.

6. Implementing Amazon S3 Gateway Endpoint:

- S3 Gateway : If the application needs to access Amazon S3, configure an S3
Gateway endpoint. This endpoint allows traffic between the VPC and S3 to be
routed internally within the AWS network, avoiding the internet and enhancing
security.

7. Database Configuration :
- DB Instance Placement : Place the Amazon DB instances in the private subnets,
ensuring they have no public IP addresses. This configuration guarantees that the
DB instances are not directly accessible from the internet.
- DB Access Control : The database instances will only accept connections from
the application servers via the specified security group rules, ensuring that only
authorized components within the VPC can interact with the database.

8. Monitoring and Logging :

- VPC Flow Logs : Enable VPC Flow Logs to capture information about the IP
traffic going to and from network interfaces in the VPC. This provides visibility into
traffic patterns and helps detect potential security issues.
- AWS CloudTrail and CloudWatch : Use CloudTrail to monitor API calls and
CloudWatch for monitoring metrics and setting up alerts. These tools help in
tracking access to resources and responding to potential security incidents.
 22BKT0075
S.SUMANTH REDDY

Description of the Image Diagram

The diagram provided is a visual representation of a secure and highly available
architecture within an AWS VPC. Below is a detailed description of each
component in the diagram:
1.Region:
- The entire setup is contained within a single AWS region, which is a
geographical area that contains multiple Availability Zones (AZs). The region
provides redundancy and fault tolerance across multiple locations.

2.Availability Zones:
- The VPC spans two Availability Zones. This setup ensures high availability and
fault tolerance by distributing resources across different physical locations. If one
AZ fails, the resources in the other AZ can continue to operate.
3. Virtual Private Cloud (VPC):
 22BKT0075
S.SUMANTH REDDY

- The VPC is the network boundary that contains all the resources. It provides
complete control over network configurations, including IP address ranges,
subnets, route tables, and network gateways.

4.Public Subnets:
- Each Availability Zone contains a public subnet. These subnets are used for
resources that need to be accessible from the internet, such as:
- NAT Gateway: A NAT Gateway is deployed in each public subnet, allowing
instances in the private subnets to access the internet securely.
- Application Load Balancer : The ALB is positioned across the public subnets to
distribute incoming traffic from the internet to the application servers in the
private subnets.

5.Private Subnets :
- The private subnets in each Availability Zone host the application servers and
Amazon DB instances. These subnets are isolated from the internet to protect
sensitive data and resources:
- Application Servers : Deployed within the private subnets, these servers
handle the application logic and interact with the backend databases.
- Database Instances**: Also deployed in the private subnets, these instances
store sensitive data and are only accessible from the application servers.

6.Security Groups:
- The diagram includes security groups that control the flow of traffic to and
from the application servers and database instances:
- Application Security Group : Associated with the application servers, this
group allows traffic from the ALB on specified ports.
 22BKT0075
S.SUMANTH REDDY

- Database Security Group : Associated with the database instances, this group
restricts inbound traffic to only allow connections from the application servers.

7. Auto Scaling Group (ASG) :

- The ASG is associated with the application servers in the private subnets. It
ensures that the application can scale based on demand, automatically adding or
removing instances as needed.

8. Amazon S3 Gateway :
- The diagram includes an S3 Gateway, representing secure access to S3
resources. Traffic between the VPC and S3 is routed internally, avoiding the
internet and enhancing security.
Placement of Components in the Diagram

- S3 Gateway : Positioned outside the VPC boundary but connected to it,

symbolizing secure access to S3 without internet exposure.
- VPC: Encloses the entire setup, with a clear distinction between public and
private subnets across two Availability Zones.
-Public Subnets : Located in the upper half of each AZ, hosting the NAT Gateways
and Application Load Balancer.
- Private Subnets : Located in the lower half of each AZ, containing the application
servers and database instances. The security groups and ASG are linked to these
subnets.
- Application Load Balancer : Centralized between the public subnets, showing its
role in distributing traffic to the private subnets.
- Security Groups: Indicated with icons, they illustrate the logical boundaries for
traffic control, ensuring that only authorized communication occurs between
components.
 22BKT0075
S.SUMANTH REDDY

This configuration illustrates a robust, scalable, and secure architecture, meeting

the company’s data protection requirements by ensuring that sensitive database
instances are well-protected and only accessible through defined application tiers.

***