AW S A c a d e m y C l o u d F o u n d a t i o n s

Module 5: Networking and Content Delivery

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights

reserved.
Section 1: Networking basics
Networks

Subnet 1 Subnet 2

Router

2
Open Systems Interconnection (OSI) model

Layer Number Function Protocol/Address

HTTP(S), FTP,
Application 7 Means for an application to access a computer network
DHCP, LDAP

Presentatio • Ensures that the application layer can read the data
6 ASCI, ICA
n • Encryption

Session 5 Enables orderly exchange of data NetBIOS, RPC

Transport 4 Provides protocols to support host-to-host communication TCP, UDP

Network 3 Routing and packet forwarding (routers) IP

Transfer data in the same LAN network (hubs and
Data link 2
© 2019, Amazon Web Services, Inc. or its switches)
Affiliates. All
MAC
3
rights reserved.

Transmission and reception of raw bitstreams over a

Physical 1 Signals (1s and 0s)
physical medium
Module 5: Networking and Content Delivery

Section 2: Amazon VPC

© 2019, Amazon Web Services, Inc. or its Affiliates. All

rights reserved.
Amazon VPC

• Enables you to provision a logically isolated section of the

AWS Cloud where you can launch AWS resources in a virtual
network that you define
Amazon • Gives you control over your virtual networking resources,
VPC including:
• Selection of IP address range
• Creation of subnets
• Configuration of route tables and network gateways
• Enables you to customize the network configuration for
your VPC
• Enables you to use multiple layers of security
5
VPCs and subnets

• VPCs:
• Logically isolated from other VPCs AWS Cloud
• Dedicated to your AWS account
• Belong to a single AWS Region Region
and can span multiple Availability Availability Availability
Zones Zone 1 Zone 2
VPC
• Subnets:
Subnet Subnet
• Range of IP addresses that divide
a VPC
• Belong to a single Availability
Zone
• Classified as public or private

6
Public IP address types

Public IPv4 address Elastic IP address

• Manually assigned • Associated with an AWS
through an Elastic IP account
address • Can be allocated and
• Automatically assigned remapped anytime
through the auto-assign • Additional costs might
public IP address settings apply
at the subnet level
© 2019, Amazon Web Services, Inc. or its Affiliates. All
7
rights reserved.
Elastic network interface

• An elastic network interface is a virtual network interface

that you can:
• Attach to an instance.
• Detach from the instance, and attach to another instance to
redirect network traffic.
• Its attributes follow when it is reattached to a new instance.
• Each instance in your VPC has a default network interface
that is assigned a private IPv4 address from the IPv4
address range of your VPC.
© 2019, Amazon Web Services, Inc. or its Affiliates. All
Subnet: 10.0.1.0/24
8
rights reserved.

Elastic network interface

Route tables and routes

• A route table contains a set of Main (Default) Route Table

rules (or routes) that you can
configure to direct network traffic Destination Target
from your subnet.
• Each route specifies a destination 10.0.0.0/16 local
and a target.
• By default, every route table
contains a local route for
communication within the VPC.
• Each subnet must be associated VPC CIDR block
with a route table (at most one).

© 2019, Amazon Web Services, Inc. or its Affiliates. All

9
rights reserved.
 • A VPC is a logically isolated section
of the AWS Cloud.
Section 2 key
• A VPC belongs to one Region
takeaways • A VPC is subdivided into subnets.
• A subnet belongs to one Availability
Zone.
• Route tables control traffic for a
subnet.
• Route tables have a built-in local
route.
• You add additional routes to the table.
• The local route cannot be deleted.
© 2019, Amazon Web Services, Inc. or its Affiliates. All
10
rights reserved.
Module 5: Networking and Content Delivery

Section 3: VPC networking

© 2019, Amazon Web Services, Inc. or its Affiliates. All

rights reserved.
 Internet gateway

AWS Cloud
Public Subnet Route Table
Region
Availability Zone Destination Target
VPC: 10.0.0.0/16
Public subnet: 10.0.0.0/16 local
10.0.1.0/24
0.0.0.0/0 igw-id

Private subnet: Route Internet

10.0.2.0/24 table gateway
(igw-id) Internet

12
 Activity: Label this network diagram

AWS Cloud

?
?
? Public?subnet:
? ? Internet
10.0.1.0/24

_?_ IP address Q6 ?
Destination Target
Private
? subnet:
10.0.2.0/24 ? ? local
? 0.0.0.0/0 ?
_?_ IP address 10.0.0.0/16

© 2019, Amazon Web Services, Inc. or its Affiliates. All

13
rights reserved.
 Activity: Solution

AWS Cloud

Region
Availability Zone
VPC Public
Publicsubnet:
subnet
10.0.1.0/24 Internet Route table Internet
gateway

Private IP address NAT gateway Route

Destination Target
Privatesubnet:
Private subnet
10.0.2.0/24 Route table
10.0.0.0/16 local
Elastic
network
interfacePrivate IP address 0.0.0.0/0 igw
10.0.0.0/16

14
Module 5: Networking and Content Delivery

Section 4: VPC security

© 2019, Amazon Web Services, Inc. or its Affiliates. All

rights reserved.
 Security groups

AWS Cloud

Region
Availability Zone
VPC: 10.0.0.0/16
Public subnet:
10.0.1.0/24Security
group

Security groups act at

Private subnet:
10.0.2.0/24Security the instance level.
group

16
Security groups

• Security groups have rules that control inbound and

outbound instance traffic.
• Default security groups deny all inbound traffic and allow
all outbound traffic. 17

• Security groups are stateful.

Custom security groups

• You can specify allow rules, but not deny rules. 18

• All rules are evaluated before the decision to allow traffic.

Activity: Design a VPC

Scenario: You have a small business with a website that is hosted on an Amazon
Elastic Compute Cloud (Amazon EC2) instance. You have customer data that is
stored on a backend database that you want to keep private. You want to use
Amazon VPC to set up a VPC that meets the following requirements:
• Your web server and database server must be in separate subnets.
• The first address of your network must be 10.0.0.0. Each subnet must have 256
total IPv4 addresses.
• Your customers must always be able to access your web server.
• Your database server must be able to access the internet to make patch updates.
• Your architecture must be highly available and use at least one custom firewall
layer.

19
Section 4 key • Build security into your
takeaways VPC architecture:
• Isolate subnets if possible.
• Choose the appropriate
gateway device or VPN
connection for your needs.
• Use firewalls.

© 2019, Amazon Web Services, Inc. or its Affiliates. All

20
rights reserved.
Lab 2: Scenario

In this lab, you use Amazon VPC to create your own

VPC and add some components to produce a
customized network. You create a security group for
your VPC. You also create an EC2 instance and
configure it to run a web server and to use the security
group. You then launch the EC2 instance into the VPC.
Amazon Amazon
VPC EC2

21
Lab 2: Tasks

• Create a VPC.

• Create additional subnets.

Security
group • Create a VPC security group.

• Launch a web server instance.

22
Lab 2: Final product

AWS Cloud
Public Route Table
Region
Destinatio
Availability Zone A Availability Zone B Target
n
VPC: 10.0.0.0/16
Internet
Public subnet 1: gateway Public subnet 2: 10.0.0.0/16 Local
10.0.0.0/24 10.0.2.0/24
Security
NAT Internet
group
Web 0.0.0.0/0
gateway gateway
server
Private subnet 1: Private subnet 2:
10.0.1.0/24 10.0.3.0/24 Private Route Table

Destinati
Target
on
© 2019, Amazon Web Services, Inc. or its Affiliates. All
23
rights reserved.
10.0.0.0/16 Local

0.0.0.0/0 NAT gateway

Module 5: Networking and Content Delivery

Section 5: Amazon Route 53

© 2019, Amazon Web Services, Inc. or its Affiliates. All

rights reserved.
 Amazon Route 53

• Is a highly available and scalable Domain Name System (DNS) web

service
Amazon • Is used to route end users to internet applications by translating
Route 53 names (like www.example.com) into numeric IP addresses (like
192.0.2.1) that computers use to connect to each other
• Is fully compliant with IPv4 and IPv6
• Connects user requests to infrastructure running in AWS and also
outside of AWS
• Is used to check the health of your resources
• Features traffic flow
• Enables you to register domain names
25
Amazon Route 53 DNS resolution

Requests Checks with Route

www.example.com 53 for IP address

User Returns IP address DNS resolver Returns IP address Amazon

192.0.2.0 192.0.2.0 Route 53

26
Amazon Route 53 supported routing

• Simple routing – Use in single-server environments

• Weighted round robin routing – Assign weights to resource record sets
to specify the frequency
• Latency routing – Help improve your global applications
• Geolocation routing – Route traffic based on location of your users
• Geoproximity routing – Route traffic based on location of your resources
• Failover routing – Fail over to a backup site if your primary site becomes
unreachable
• Multivalue answer routing – Respond to DNS queries with up to eight
healthy records selected at random
27
Section 5 key
• Amazon Route 53 is a highly
takeaways available and scalable cloud
DNS web service that
translates domain names into
numeric IP addresses.
• Amazon Route 53 supports
several types of routing
policies

28
Module 5: Networking and Content Delivery

Section 6: Amazon CloudFront

© 2019, Amazon Web Services, Inc. or its Affiliates. All

rights reserved.
Content delivery and network latency

Hop
Router
Hop Hop
Origin server
Hop Router
Router
Hop
Hop
Client
Router Hop
User

30
Content delivery network (CDN)

• Is a globally distributed system of caching servers

• Caches copies of commonly requested files (static
content)
• Delivers a local copy of the requested content from a
nearby cache edge or Point of Presence
• Accelerates delivery of dynamic content
• Improves application performance and scaling

31
Amazon CloudFront

• Fast, global, and secure CDN

service
• Global network of edge locations
and Regional edge caches
• Self-service model
Amazon
CloudFront • Pay-as-you-go pricing

32
 Amazon CloudFront infrastructure

Edge locations
Multiple edge locations
Regional edge caches

• Edge locations – Network of data

centers
that CloudFront uses to serve popular
content quickly to customers.

• Regional edge cache – CloudFront

location that caches content that is
not
popular enough to stay at an edge
©location.
2019, Amazon Web Services, Inc. or its Affiliates. All
33
rights reserved.
It is located between the origin server
and
the global edge location.
Amazon CloudFront pricing

Data transfer out

• Charged for the volume of data transferred out from Amazon CloudFront edge location
to the internet or to your origin.
HTTP(S) requests
• Charged for number of HTTP(S) requests.
Invalidation requests
• No additional charge for the first 1,000 paths that are requested for invalidation each
month. Thereafter, $0.005 per path that is requested for invalidation.
Dedicated IP custom SSL
• $600 per month for each custom SSL certificate that is associated with one or more
CloudFront distributions that use the Dedicated IP version of custom SSL certificate
support.

34
 AW S A c a d e m y C l o u d F o u n d a t i o n s
Module 6: Compute

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights

reserved.
Module objectives

After completing this module, you should be able to:

• Provide an overview of different AWS compute services in the cloud
• Demonstrate why to use Amazon Elastic Compute Cloud (Amazon EC2)
• Identify the functionality in the EC2 console
• Perform basic functions in Amazon EC2 to build a virtual computing
environment
• Identify Amazon EC2 cost optimization elements
• Demonstrate when to use AWS Elastic Beanstalk
• Demonstrate when to use AWS Lambda
• Identify how to run containerized applications in a cluster of managed servers
© 2019 Amazon Web Services, Inc. or its Affiliates. All
37
rights reserved.
Module 6: Compute
Section 1: Compute services overview

© 2019 Amazon Web Services, Inc. or its Affiliates. All

rights reserved.
AWS compute services

Amazon Web Services (AWS) offers many compute services.

This module will discuss the highlighted services.

Amazon EC2 Amazon EC2 Amazon Elastic Amazon Elastic VMware Cloud
Auto Scaling Container Registry Container Service on AWS
(Amazon ECR) (Amazon ECS)

AWS Elastic AWS Lambda Amazon Elastic Amazon Lightsail AWS Batch
Beanstalk Kubernetes Service
(Amazon EKS)

39

AWS Fargate AWS Outposts AWS Serverless

Application Repository
Categorizing compute services

Services Key Concepts Characteristics Ease of Use

• Amazon EC2 • Infrastructure as a service • Provision virtual machines that A familiar concept to many IT
(IaaS) you can manage as you choose professionals.
• Instance-based
• Virtual machines
• AWS Lambda • Serverless computing • Write and deploy code that runs A relatively new concept for
• Function-based on a schedule or that can be many IT staff members, but
• Low-cost triggered by events easy to use after you learn
• Use when possible (architect for how.
the cloud)
• Amazon ECS • Container-based computing • Spin up and run jobs more AWS Fargate reduces
• Amazon EKS • Instance-based quickly administrative overhead, but
• AWS Fargate you can use options that give
• Amazon ECR you more control.
• AWS Elastic • Platform as a service (PaaS) • Focus on your code (building Fast and easy to get started.
Beanstalk • For web applications your application)
• Can easily tie into other services
—databases, Domain Name 40
System (DNS), etc.
Choosing the optimal compute service

• The optimal compute service or services that you use will

depend on your use case
• Some aspects to consider –
• What is your application design?
• What are your usage patterns?
• Which configuration settings will you want to manage?
• Selecting the wrong compute solution for an architecture can
lead to lower performance efficiency
• A good starting place—Understand the available compute options
41
Module 6: Compute
Section 2: Amazon EC2

© 2019 Amazon Web Services, Inc. or its Affiliates. All

rights reserved.
Amazon Elastic Compute Cloud (Amazon EC2)

Example uses of
Amazon EC2
instances
✓ Application server
✓ Web server
✓ Database server
✓ Game server
✓ Mail server
✓ Media server Amazon EC2 instance
Photo by Taylor Vick on Unsplash ✓ Catalog server
✓ File server
On-premises servers ✓ Computing server
✓ Proxy server
43
Amazon EC2 overview

• Amazon Elastic Compute Cloud (Amazon EC2)

• Provides virtual machines—referred to as EC2
instances—in the cloud.
• Gives you full control over the guest operating system
(Windows or Linux) on each instance.
• You can launch instances of any size into an
Availability Zone anywhere in the world.
• Launch instances from Amazon Machine Images
Amazon (AMIs).
EC2 • Launch instances with a few clicks or a line of code,
and they are ready in minutes.
• You can control traffic to and from instances.
© 2019 Amazon Web Services, Inc. or its Affiliates. All
44
rights reserved.
Launching an Amazon EC2 instance

This section of the

module walks through
nine key decisions to
make when you create an
EC2 instance by using
the AWS Management
Console Launch
Instance Wizard.

➢Along the way,

essential Amazon EC2 45

concepts will be
explored.
 1. Select an AMI

Launch
Choices made using the instance
Launch Instance Wizard: AMI Instanc
e
1. AMI • Amazon Machine Image (AMI)
2. Instance Type • Is a template that is used to create an EC2 instance (which is a
3. Network settings virtual machine, or VM, that runs in the AWS Cloud)
4. IAM role • Contains a Windows or Linux operating system
5. User data • Often also has some software pre-installed
6. Storage options
7. Tags • AMI choices:
8. Security group • Quick Start – Linux and Windows AMIs that are provided by AWS
9. Key pair • My AMIs – Any AMIs that you created
• AWS Marketplace – Pre-configured templates from third parties
• Community AMIs – AMIs shared by others; use at your own risk

46
 Creating a new AMI: Example

AWS Cloud
AMI Region A
details Connect to the
instance and
Quick Start manually modify it or
or other run a script that Capture as
Launch
existingStarter modifies the a new AMI
an
AMI AMI instance (for
instance
1 2upgrade 3
Unmodifieexample, Modifie New
d installed software) d AMI
Instance Instanc
(Optional) MyAMI
e
Import
a virtual Region B Copy the AMI to any other Regions
machine where you want to use it
New 4
47
AMI
2. Select an instance type

Choices made using the • Consider your use case

Launch Instance Wizard: • How will the EC2 instance you create be used?
• The instance type that you choose determines –
1. AMI • Memory (RAM)
• Processing power (CPU)
2. Instance Type • Disk space and disk type (Storage)
3. Network settings • Network performance

4. IAM role • Instance type categories –

• General purpose
5. User data • Compute optimized
6. Storage options • Memory optimized
• Storage optimized
7. Tags • Accelerated computing
8. Security group • Instance types offer family, generation, and size
9. Key pair
48
EC2 instance type naming and sizes

Instance type
details
Example instance sizes
Instance vCP Memory
Storage
Instance type naming Name U (GB)
t3.nano 2 0.5 EBS-Only
• Example: t3.large
t3.micro 2 1 EBS-Only
• T is the family name
• 3 is the generation number
t3.small 2 2 EBS-Only
• Large is the size

t3.medium 2 4 EBS-Only

t3.large 2 8 EBS-Only
49
t3.xlarge 4 16 EBS-Only

t3.2xlarge 8 32 EBS-Only
 Select instance type: Based on use case

Instance type
details

General Compute Memory Accelerated Storage

Purpose Optimized Optimized Computing Optimized

Instance a1, m4, m5, r4, r5, f1, g3, g4,

c4, c5 d2, h1, i3
Types t2, t3 x1, z1 p2, p3

High In-memory Machine Distributed

Use Case Broad
performance databases learning file systems

50
3. Specify network settings

• Where should the instance be deployed?

Choices made by • Identify the VPC and optionally the subnet
using the
Launch Instance • Should a public IP address be automatically
Wizard: assigned?
• To make it internet-accessible
1. AMI
2. Instance Type
3. Network settings AWS Cloud
4. IAM role Region

5. User data Availability Zone Availability Zone

1 2
VPC
6. Storage options
Public subnet
7. Tags Example:
8. Security group specify to
© 2019 Amazon Web Services, Inc. or its Affiliates. All deploy the Instance
51
9. reserved.
rights Key pair Private subnet
instance here
4. Attach IAM role (optional)

Choices made by • Will software on the EC2 instance need to interact with other
AWS services?
using the
• If yes, attach an appropriate IAM Role.
Launch Instance
• An AWS Identity and Access Management (IAM) role that is
Wizard: attached to an EC2 instance is kept in an instance profile.
• You are not restricted to attaching a role only at instance
1. AMI launch.
2. Instance Type • You can also attach a role to an instance that already exists.
3. Network settings
4. IAM role Example: Application on
attached to instance can
5. User data
access
6. Storage options
Role that grants Amazon
7. Tags S3 bucket with
Simple Storage Service Instance
objects
8. Security group (Amazon S3) bucket access
9. Key pair permissions 52
5. User data script (optional)

User data
Choices made by
#!/bin/bash
using the
Launch Instance yum update –y
Wizard: yum install -y wget
AMI Running
1. AMI EC2
2. Instance Type instance
3. Network settings
4. IAM role
5. User data • Optionally specify a user data script at instance launch
6. Storage options • Use user data scripts to customize the runtime environment of your
instance
7. Tags
• Script runs the first time the instance starts
8. Security group
• Can be used strategically 53
9. Key pair • For example, reduce the number of custom AMIs that you build and maintain
6. Specify storage

Choices made by
using the • Configure the root volume
Launch Instance • Where the guest operating system is installed
Wizard:
• Attach additional storage volumes (optional)
1. AMI • AMI might already include more than one volume
2. Instance Type • For each volume, specify:
3. Network settings • The size of the disk (in GB)
4. IAM role • The volume type
• Different types of solid state drives (SSDs) and hard
5. User data disk drives (HDDs) are available
6. Storage options • If the volume will be deleted when the instance is
7. Tags terminated
8. Security group • If encryption should be used
54
9. Key pair
7. Add tags

• A tag is a label that you can assign to

Choices made by an AWS resource.
using the
• Consists of a key and an optional value.
Launch Instance
Wizard: • Tagging is how you can attach
metadata to an EC2 instance.
1. AMI
2. Instance Type • Potential benefits of tagging—
3. Network settings Filtering, automation, cost allocation,
4. IAM role and access control.
5. User data
6. Storage options Example:
7. Tags
8. Security group
55
9. Key pair
8. Security group settings

Choices made by • A security group is a set of firewall rules that

using the control traffic to the instance.
Launch Instance • It exists outside of the instance's guest OS.
Wizard: • Create rules that specify the source and which
ports that network communications can use.
1. AMI • Specify the port number and the protocol, such as
2. Instance Type Transmission Control Protocol (TCP), User Datagram
Protocol (UDP), or Internet Control Message Protocol
3. Network settings (ICMP).
4. IAM role • Specify the source (for example, an IP address or
5. User data another security group) that is allowed to use the rule.
6. Storage options
7. Tags Example rule:
8. Security group
56
9. Key pair
9. Identify or create the key pair

Choices made by • At instance launch, you specify an existing

using the key pair or create a new key pair.
Launch Instance • A key pair consists of – mykey.pem
Wizard: • A public key that AWS stores.
• A private key file that you store.
1. AMI • It enables secure connections to the instance.
2. Instance Type • For Windows AMIs –
3. Network settings • Use the private key to obtain the administrator
4. IAM role password that you need to log in to your instance.
5. User data • For Linux AMIs –
6. Storage options • Use the private key to use SSH to securely connect
7. Tags to your instance.
8. Security group
57
9. Key pair
Amazon EC2 console view of a running EC2 instance

58
Another option: Launch an EC2 instance with the AWS Command Line Interface

• EC2 instances can also be

created programmatically. AWS Command
Line Interface
(AWS CLI)
Example command:
• This example shows how
simple the command can be.
• This command assumes that the key pair
and security group already exist. aws ec2 run-instances \
--image-id ami-1a2b3c4d \
• More options could be specified. See the --count 1 \
AWS CLI Command Reference for --instance-type c3.large \
details. --key-name MyKeyPair \
--security-groups MySecurityGroup \
59
--region us-east-1
Amazon EC2 instance lifecycle

Only instances backed by Amazon EBS

Launch Start
pending

AMI

Reboot Stop
rebooting running stopping stopped
Stop-
Hibernate
Terminat
e
shutting-
down

60
Terminate
terminated
 Consider using an Elastic IP address

• Rebooting an instance will not • If you require a persistent public

change any IP addresses or DNS IP address –
hostnames. • Associate an Elastic IP address with
the instance.

• When an instance is stopped • Elastic IP address characteristics

and then started again – –
• The public IPv4 address and external • Can be associated with instances in
DNS hostname will change. the Region as needed.

• The private IPv4 address and internal • Remains allocated to your account
DNS hostname do not change. until you choose to release it.

61

Elastic IP
Address
Amazon CloudWatch for monitoring

• Use Amazon CloudWatch to monitor EC2

instances
Amazon CloudWatch Instance with CloudWatch
• Provides near-real-time metrics
• Provides charts in the Amazon EC2 console
Monitoring tab that you can view
• Maintains 15 months of historical data

• Basic monitoring
• Default, no additional cost
• Metric data sent to CloudWatch every 5 minutes

• Detailed monitoring
• Fixed monthly rate for seven pre-selected metrics
• Metric data delivered every 1 minute

© 2019 Amazon Web Services, Inc. or its Affiliates. All

62
rights reserved.
 • Amazon EC2 enables you to run Windows and Linux
Section 2 key virtual machines in the cloud.
• You launch EC2 instances from an AMI template
takeaways into a VPC in your account.
• You can choose from many instance types. Each
instance type offers different combinations of CPU,
RAM, storage, and networking capabilities.
• You can configure security groups to control access
to instances (specify allowed ports and source).
• User data enables you to specify a script to run the
first time that an instance launches.
• Only instances that are backed by Amazon EBS
can be stopped.
• You can use Amazon CloudWatch to capture and
review metrics on EC2 instances.

© 2019 Amazon Web Services, Inc. or its Affiliates. All

63
rights reserved.
Lab 3:
Introduction to Amazon
EC2

© 2019 Amazon Web Services, Inc. or its Affiliates. All

64
rights reserved.
 Lab 3 scenario

In this lab, you will launch and configure your first virtual machine that runs
on Amazon EC2.
AWS Cloud
Region
Availability
Lab VPC Zone 1
Public subnet

Web server
instance

© 2019 Amazon Web Services, Inc. or its Affiliates. All

65
rights reserved.
Lab 3: Tasks

• Task 1 – Launch Your Amazon EC2 Instance

• Task 2 – Monitor Your Instance

• Task 3 – Update Your Security Group and Access the Web

Server

• Task 4 – Resize Your Instance: Instance Type and EBS Volume

• Task 5 – Explore EC2 Limits

• Task 6 – Test Termination Protection

66
Lab 3: Final product

Amazon
By the end of the lab, you EC2
will have: VPC
AMI
1. Launched an instance that is Security
configured as a web server group
2. Viewed the instance system log t2.micro t2.small
instance instance
3. Reconfigured a security group
4. Modified the instance type and Amazon
root volume size Elastic Block
Store
(Amazon 8-GB 10-GB
EBS) root root
volume volume
© 2019 Amazon Web Services, Inc. or its Affiliates. All
67
rights reserved.
Activity: Check your understanding

1. Between Amazon EC2 or Amazon RDS, which provides a managed service? What does managed
service mean?
• ANSWER: Amazon RDS provides a managed service. Amazon RDS handles provisioning, installation and
patching, automated backups, restoring snapshots from points in time, high availability, and monitoring.
2. Name at least one advantage of deploying Microsoft SQL Server on Amazon EC2 instead of Amazon
RDS.
• ANSWER: Amazon EC2 offers complete control over every configuration, the OS, and the software stack.
3. What advantage does the Quick Start provide over a manual installation on Amazon EC2?
• ANSWER: The Quick Start is a reference architecture with proven best practices built into the design.
4. Which deployment option offers the best approach for all use cases?
• ANSWER: Neither. The correct deployment option depends on your specific needs.
5. Which approach costs more: using Amazon EC2 or using Amazon RDS?
• ANSWER: It depends. Managing the database deployment on Amazon EC2 requires more customer oversight and
time. If time is your priority, then Amazon RDS might be less expensive. If you have in-house expertise, Amazon
EC2 might be more cost-effective.

68
Module 6: Compute
Section 3: Amazon EC2 cost optimization

© 2019 Amazon Web Services, Inc. or its Affiliates. All

rights reserved.
Amazon EC2 pricing models
On-Demand Instances
• Pay by the hour
• No long-term commitments.
• Eligible for the AWS Free Tier.
Dedicated Hosts
• A physical server with EC2 instance
capacity fully dedicated to your use.
Dedicated Instances
• Instances that run in a VPC on
hardware that is dedicated to a
single customer.
Per second billing available for On-Demand Instances, Reserved Instances, and
Spot Instances that run Amazon Linux or Ubuntu.
Reserved Instances
• Full, partial, or no upfront payment
for instance you reserve.
• Discount on hourly charge for that
instance.
• 1-year or 3-year term.
Scheduled Reserved
Instances
• Purchase a capacity reservation
that is always available on a
recurring schedule you specify.
• 1-year term.
Spot Instances
• Instances run as long as they are
available and your bid is above the
Spot Instance price.
• They can be interrupted by AWS
with a 2-minute notification.
• Interruption options include
terminated, stopped or hibernated.
• Prices can be significantly less
expensive compared to On-
Demand Instances
• Good choice when you have
flexibility in when your applications
can run.
70
Amazon EC2 pricing models: Benefits

On-Demand Reserved
Spot Instances Dedicated Hosts
Instances Instances
• Low cost and • Large scale, • Predictability • Save money on
flexibility dynamic ensures licensing costs
workload compute • Help meet
capacity is compliance and
available when regulatory
© 2019 Amazon Web Services, Inc. or its Affiliates. All
rights reserved.
needed requirements 71
 Amazon EC2 pricing models: Use cases

Spiky Workloads Time-Insensitive Steady-State Workloads Highly Sensitive

Workloads Workloads

On-Demand Reserved
Spot Instances Dedicated Hosts
Instances Instances
• Short-term, spiky, or • Applications with • Steady state or • Bring your own license
unpredictable flexible start and end predictable usage (BYOL)
workloads times workloads • Compliance and
• Application • Applications only • Applications that regulatory restrictions
development or testing feasible at very low require reserved • Usage and licensing
compute prices capacity, including tracking
• Users with urgent disaster recovery
© 2019 Amazon Web Services, Inc. or its Affiliates. All • Control instance 72
rights reserved. computing needs for • Users able to make placement
large amounts of upfront payments to
additional capacity reduce total computing
costs even further
 • Amazon EC2 pricing models include On-
Section 3 key Demand Instances, Reserved Instances,
Spot Instances, Dedicated Instances, and
takeaways Dedicated Hosts.

• Spot Instances can be interrupted with a 2-

minute notification. However, they can offer
significant cost savings over On-Demand
Instances.

• The four pillars of cost optimization are:

• Right size
• Increase elasticity
• Optimal pricing model
• Optimize storage choices

© 2019 Amazon Web Services, Inc. or its Affiliates. All

73
rights reserved.
Module 6: Compute
Section 4: Container services

© 2019 Amazon Web Services, Inc. or its Affiliates. All

rights reserved.
Container basics

• Containers are a method of

Your Container
operating system virtualization.

• Benefits – Your application

• Repeatable.
• Self-contained environments.
Dependencies
• Software runs the same in different
environments.
• Developer's laptop, test, production. Configurations
• Faster to launch and stop or terminate
than virtual machines
Hooks into OS
© 2019 Amazon Web Services, Inc. or its Affiliates. All
75
rights reserved.
What is Docker?

• Docker is a software platform

that enables you to build, test, Container
and deploy applications
quickly.
Containers have everything the
• You run containers on Docker. software needs to run:
• Containers are created from a
template called an image.
• A container has everything a Libraries
System
tools
Code Runtime
software application needs to
run.
© 2019 Amazon Web Services, Inc. or its Affiliates. All
76
rights reserved.
 Containers versus virtual machines

Three virtual machines on three EC2 instances

Example
VM 1 VM 2 VM 3
Three containers on one EC2 Container
instance App 1 App 2 App 3
Container Container Container Bins/ Bins/ Bins/
Libs Libs Libs
Docke instance 1 instance 2 instance 3
r App 1 App 2 App 3 EC2 EC2 EC2
engin Bins/ Bins/ Bins/ instanc instanc instanc
e Libs Libs Libs e guest e guest e guest
EC2 instance guest OS OS OS OS

Hypervisor
Part of
Host operating system AWS Global
Physical server Infrastructur
77

e
Amazon Elastic Container Service (Amazon ECS)

• Amazon Elastic Container Service (Amazon ECS) –

• A highly scalable, fast, container management service

• Key benefits – Amazon Elastic

• Orchestrates the running of Docker containers Container
• Maintains and scales the fleet of nodes that run your containers Service
• Removes the complexity of standing up the infrastructure

• Integrated with features that are familiar to Amazon EC2 service users –
• Elastic Load Balancing
• Amazon EC2 security groups
• Amazon EBS volumes
• IAM roles

78
 Amazon ECS orchestrates containers

EC2 instance
Requests to run
containers
x3 x2

Container A
EC2 instance

Container B
Amazon Elastic Container
Service (Amazon ECS)

79

ECS cluster
What is Kubernetes?

• Kubernetes is open source software for container orchestration.

• Deploy and manage containerized applications at scale.
• The same toolset can be used on premises and in the cloud.
• Complements Docker.
• Docker enables you to run multiple containers on a single OS host.
• Kubernetes orchestrates multiple Docker hosts (nodes).
• Automates –
• Container provisioning.
• Networking.
• Load distribution.
• Scaling.

80
Amazon Elastic Kubernetes Service (Amazon EKS)

• Amazon Elastic Kubernetes Service (Amazon EKS)

• Enables you to run Kubernetes on AWS
• Certified Kubernetes conformant (supports easy migration)
• Supports Linux and Windows containers Amazon Elastic
Kubernetes
• Compatible with Kubernetes community tools and supports Service
popular Kubernetes add-ons

• Use Amazon EKS to –

• Manage clusters of Amazon EC2 compute instances
• Run containers that are orchestrated by Kubernetes on
those instances

© 2019 Amazon Web Services, Inc. or its Affiliates. All

81
rights reserved.
Amazon Elastic Container Registry (Amazon ECR)

Amazon ECR is a fully managed Docker container

registry that makes it easy for developers to store,
manage, and deploy Docker container images. Amazon ECS
integration

Docker support

Team collaboration
Amazon Elastic
Container Access control
Registry
Third-party
integrations
Image Registry

© 2019 Amazon Web Services, Inc. or its Affiliates. All

© 2019 Amazon Web Services, Inc. or its Affiliates. All 82
rights reserved.
rights reserved.
 • Containers can hold everything that an
Section 4 key application needs to run.
• Docker is a software platform that packages
takeaways software into containers.
• A single application can span multiple containers.
• Amazon Elastic Container Service (Amazon
ECS) orchestrates the running of Docker
containers.
• Kubernetes is open source software for container
orchestration.
• Amazon Elastic Kubernetes Service (Amazon
EKS) enables you to run Kubernetes on AWS
• Amazon Elastic Container Registry (Amazon
ECR) enables you to store, manage, and deploy
your Docker containers.

© 2019 Amazon Web Services, Inc. or its Affiliates. All

83
rights reserved.
Module 6: Compute
Section 5: Introduction to AWS Lambda

© 2019 Amazon Web Services, Inc. or its Affiliates. All

84
rights reserved.
 AWS Lambda: Run code without servers

AWS Lambda is a serverless compute service.

The code you run

is a Lambda function
Upload your code

AWS HTTP
services endpoint Your code Pay only for the
Mobile apps s
runs only when it is compute time that
Run your code on a schedule
triggered you use 85
or in response to events
Benefits of Lambda

It supports multiple programming languages

Completely automated administration
Built-in fault tolerance
AWS It supports the orchestration of multiple functions
Lambda Pay-per-use pricing

86
 AWS Lambda event sources

Event sources Configure other AWS services as event source

to invoke your function as shown here.

Amazon S3 Alternatively, invoke a Lambda function from the

Lambda console, AWS SDK, or AWS CLI.
Amazon DynamoDB

Amazon Simple Notification

Service (Amazon SNS)
Lambda Running of yo
Amazon Simple Queue function (only when trig
Service (Amazon SQS)
AWS Lambda
Amazon API Gateway
Logging,
monitorin
Application Load Balancer metrics
Amazon
87
Many more… CloudWatch
AWS Lambda function configuration

Lambda function
configuration

Function
code
Running of your code
AWS (only when it is
Dependencies Lambda
AWS Lambda triggered)
(code libraries, etc.) function
Logging,
monitoring, and
Amazonmetrics
Execution CloudWatch 88

role
Schedule-based Lambda function example:

Stop instances example

Stop
IAM role

Time-based
1 CloudWatch 2 Lambda 3 EC2 instances
function stopped
event
triggered
Start instances example

Start
IAM role
© 2019 Amazon Web Services, Inc. or its Affiliates. All
rights reserved. Time-based 89
4 CloudWatch 5 Lambda function 6 EC2 instances
triggered started
event
Event-based Lambda function example:

AWS Cloud
1
2 3

User

Source Lambda 4
bucket
Execution
5
role
Access
policy
Target 90

bucket Lambda
function
 • Serverless computing enables you to build
Section 5 key and run applications and services without
provisioning or managing servers.
takeaways • AWS Lambda is a serverless compute
service that provides built-in fault tolerance
and automatic scaling.
• An event source is an AWS service or
developer-created application that triggers a
Lambda function to run.
• The maximum memory allocation for a single
Lambda function is 3,008 MB.
• The maximum run time for a Lambda
function is 15 minutes.

91