Unity University

Department Of Computer Science

Network Adminstration

AWS (Amazon Web Service)

Group Members #ID

1. Michael Solomon …………….UU91768R
2. Yordanos Abrham…………… UU90731R

6/22/2025
Addis Ababa, Ethiopia.
AWS (Amazon Web Services)

Amazon Web Services (AWS) is a secure and versatile cloud platform that provides a broad
range of services such as computing power, storage, and networking, allowing businesses to
innovate and scale without having to manage physical infrastructure. Let’s explore the key
AWS components and services in a clear and engaging way, occasionally using lists when it
aids understanding.
At its core, AWS eliminates the need to invest in and maintain physical servers. Instead, it
allows users to rent virtual resources on-demand—from storage to servers, databases to AI
tools, and beyond. But to truly understand the power of AWS, we need to dive into its major
areas of functionality.

AWS Account Setup & Management

To begin using AWS, you need to create an account. This Root Account—registered using
your email—should be secured and reserved for administrative tasks only. For security, AWS
recommends enabling Multi-Factor Authentication (MFA), which adds a second layer of
protection beyond your password.
For managing multiple AWS accounts across a company or team, AWS Organizations is
used. It helps consolidate billing and apply policies to all accounts under one roof.
Identity and Access Management (IAM) is another critical tool that allows you to manage
users and their permissions securely. Following IAM best practices—like using roles over
users, enabling MFA, and granting least privilege—greatly improves your cloud security
posture.
To avoid surprise billing, AWS provides:
 Budgets: to set monthly cost limits.
 Cost Explorer: to analyse past usage and forecast future spending patterns.

Compute Services

AWS compute services provide the processing power your applications need.
EC2 (Elastic Compute Cloud) is the primary compute service that lets you run virtual
machines (instances) on the cloud. You can choose different instance types based on
performance and cost:
  On-Demand Instances are ideal for unpredictable workloads.
 Reserved Instances offer savings if you commit long-term.
 Spot Instances are deeply discounted but can be interrupted.
You can launch, stop, reboot, or terminate instances as needed. Security Groups (like
virtual firewalls) control network access, and key pairs are used for secure SSH access.For
scalability and reliability, Auto Scaling adjusts capacity based on demand, and Load
Balancers distribute traffic evenly across multiple EC2 instances.
AWS Lambda enables you to run code in response to events—without managing servers.
For example, you can trigger a Lambda function when a file is uploaded to S3, when a new
row is added to DynamoDB, or when an HTTP request is made through API Gateway.

Storage Services
AWS offers multiple storage options tailored to different needs.
Amazon S3 (Simple Storage Service) is used for storing files (objects). It provides:
 Bucket policies and ACLs to manage access.
 Versioning to retain multiple versions of an object.
 Lifecycle rules to transition data to cheaper storage classes (like Glacier).
 Cross-Region Replication to back up data across geographical locations.
For block-level storage used with EC2, AWS offers EBS (Elastic Block Store), with
different volume types (e.g., SSD or HDD). Snapshots allow point-in-time backups, and
Amazon Machine Images (AMIs) can be created for rapid instance deployment.
When you need a shared file system that multiple EC2 instances can access simultaneously,
EFS (Elastic File System) is the go-to option.

Networking & Content Delivery

AWS gives you the tools to design secure and scalable networks. Using VPC (Virtual Private
Cloud), you can define your own network, complete with subnets, route tables, and internet
gateways. Security groups and network ACLs (Access Control Lists) let you control access at
different levels.
Amazon VPC (Virtual Private Cloud), you can design a secure and isolated network in the
AWS cloud. You can break the VPC into subnets, route traffic using route tables, and
connect it to the internet via internet gateways or NAT gateways (for private instances).
Security Groups act at the instance level, whereas Network ACLs act at the subnet level,
providing layered security.
To manage domain names and DNS routing, Amazon Route 53 provides highly available
and scalable domain name services. For faster content delivery across the globe, Amazon
CloudFront (a Content Delivery Network) caches and distributes your static and dynamic
content efficiently.

Database Services

For relational databases, AWS offers RDS (Relational Database Service), which simplifies
database setup, operation, and scaling. It supports engines like MySQL, PostgreSQL, and
Aurora, and provides features such as automated backups, high availability (Multi-AZ), and
read replicas
Amazon RDS (Relational Database Service) makes it easy to set up, operate, and scale
databases like:
 MySQL
 PostgreSQL
 Amazon Aurora
RDS automates backups, patching, and provides Multi-AZ deployments for high
availability. Read Replicas can be used for read-heavy applications. For high-speed, low-
latency NoSQL databases, DynamoDB is AWS's NoSQL database for applications needing
low latency at scale. It supports flexible key-value and document data structures.
To further enhance speed, ElastiCache provides in-memory caching with Redis or
Memcached, which reduces database load and improves application performance.

Security & Compliance

Security in AWS operates under a shared responsibility model: AWS is responsible for
securing the cloud infrastructure, while you are responsible for securing your workloads,
data, and configurations within the cloud.
Key security services include:
 IAM (Identity and Access Management): Define fine-grained access policies using
roles, groups, and users. By leveraging IAM roles, you can grant temporary access
without sharing credentials.
 MFA (Multi-Factor Authentication): Strengthens account security by requiring a
second verification step beyond the password.
 AWS Shield: Provides automatic protection against Distributed Denial of Service
(DDoS) attacks. AWS Shield Advanced offers additional protection and real-time
visibility.
  AWS WAF (Web Application Firewall): Protects web applications from common
threats like SQL injection and cross-site scripting (XSS) by filtering incoming HTTP
traffic.
 KMS (Key Management Service): Manages and protects encryption keys for your
data. KMS integrates with services like S3, EBS, and RDS to enable seamless
encryption.
 CloudTrail: Records every API call made in your account, including who made it,
from where, and when. Crucial for auditing and governance.
 AWS Config: Tracks configuration changes and helps ensure compliance with
internal policies and external regulations by maintaining a history of resource
configurations.
 Security Hub: Centralizes security findings from AWS services and third-party tools,
offering a consolidated view of your security posture.
 Amazon GuardDuty: Continuously monitors for malicious activity and potential
threats using machine learning and anomaly detection techniques.
These tools help organizations meet various compliance requirements including GDPR,
HIPAA, SOC, and PCI DSS. Additionally, AWS Artifact provides access to AWS
compliance reports and agreements.

Monitoring & Logging

Visibility into your AWS environment is key to maintaining performance, security, and
operational health.
 Amazon CloudWatch: Collects monitoring data from AWS resources and
applications in the form of logs, metrics, and events. Features include:
o Custom dashboards for visualization
o Alarms for real-time notifications
o Automated actions based on defined thresholds (e.g., restart EC2 on failure)
 CloudWatch Logs: Ingests log data from services like Lambda, ECS, and VPC Flow
Logs. You can set up metric filters to trigger alarms based on log content.
 CloudTrail: Captures detailed records of API calls and activity history across your
AWS environment, useful for auditing and forensic analysis.
 AWS X-Ray: Provides distributed tracing for applications, particularly useful in
microservices architectures. It helps developers understand latency bottlenecks and
pinpoint service faults by tracing individual user requests across components.
  AWS Trusted Advisor: While not a monitoring service per se, it offers real-time
recommendations across five categories: cost optimization, security, fault tolerance,
performance, and service limits.
 Amazon DevOps Guru: Uses machine learning to identify operational issues before
they impact customers, providing recommendations to resolve anomalies.
Effective use of these services allows teams to detect issues early, troubleshoot quickly, and
maintain high availability and performance in the cloud.

Automation & DevOps

AWS provides a rich ecosystem for implementing DevOps practices and automating
infrastructure management. Automation improves deployment speed, reduces manual errors,
and enhances consistency across environments.
 AWS CLI & SDKs: These tools allow developers and system administrators to script
and manage AWS services programmatically, supporting automation in provisioning,
deployment, and monitoring.
 AWS CloudFormation: This service enables Infrastructure as Code (IaC),
allowing you to define your entire cloud environment (EC2 instances, VPCs, IAM
roles, databases, etc.) in YAML or JSON templates. These templates can be version-
controlled, reused, and audited, which is critical for compliance and repeatability.
 Elastic Beanstalk: A Platform-as-a-Service (PaaS) that simplifies the deployment
and scaling of web applications and services. It handles provisioning of resources like
EC2, load balancers, and RDS, letting developers focus on code rather than
infrastructure.
 AWS CI/CD Tools:
o CodePipeline: Automates the software release process by orchestrating build,
test, and deploy phases.
o CodeBuild: Fully managed build service that compiles source code, runs tests,
and produces ready-to-deploy artifacts.
o CodeDeploy: Automates code deployments to Amazon EC2, on-premise
servers, or AWS Lambda with options for rolling updates, blue/green
deployments, and rollback.
By combining these tools, teams can achieve faster, more reliable software delivery pipelines
with minimal manual intervention.

High Availability & Disaster Recovery

Ensuring uptime and data durability is a top priority in cloud architecture. AWS offers built-
in support for building highly available and fault-tolerant applications.
 Availability Zones (AZs): AWS regions consist of multiple isolated AZs.
Distributing workloads across AZs protects against data center failures.
 Multi-AZ Deployments:
o RDS Multi-AZ: Automatically replicates databases across AZs and provides
automated failover in case of an outage.
o Elastic Load Balancing (ELB): Distributes traffic across healthy instances in
multiple AZs to ensure uptime.
 Cross-Region Redundancy:
o Amazon S3: Offers Cross-Region Replication (CRR) for automatic,
asynchronous copying of objects between buckets in different regions—vital
for compliance and disaster recovery.
 Backup & Recovery Tools:
o AWS Backup: Centralized backup service for EBS, RDS, DynamoDB, EFS,
and more.
o EBS Snapshots: Point-in-time backups of volumes that can be restored
quickly.
o S3 Lifecycle Policies: Automate data archival by transitioning older data to S3
Glacier or deleting it after a specified period.
These tools help businesses meet Recovery Time Objectives (RTO) and Recovery Point
Objectives (RPO) efficiently.

Cost Optimization & Best Practices

Controlling cloud spending is essential for maintaining budget efficiency without sacrificing
performance or security.
 Right-Sizing: Analyze workloads and adjust instance types and sizes to avoid
overprovisioning and underutilization.
 Pricing Models:
o On-Demand: Pay per use—great for unpredictable workloads.
o Reserved Instances/Savings Plans: Provide significant discounts for
predictable, long-term workloads.
o Spot Instances: Offer up to 90% savings for interruptible, non-critical tasks
like batch jobs or testing.
 Monitoring & Insights:
 o AWS Cost Explorer: Visualize and track spending patterns over time.
o Budgets: Set cost or usage limits and receive alerts when thresholds are
breached.
 Trusted Advisor: Continuously scans your environment and provides real-time
recommendations across five categories: cost optimization, performance, security,
fault tolerance, and service limits.

Cost Optimization & Best Practices

AWS provides tools and guidance to reduce unnecessary costs.

Right-sizing means choosing the right instance types and storage classes. For less critical
tasks, using Spot Instances saves money.

Savings Plans let you commit to usage over time at discounted rates. AWS Trusted Advisor
gives recommendations for cost savings, security improvements, and performance boosts.

Cost Explorer helps you analyze spending trends and optimize accordingly.

AWS is more than just cloud hosting. It’s an integrated platform that supports building
scalable, secure, and efficient applications. From setting up your account and securing your
infrastructure to scaling applications and optimizing costs, mastering AWS opens doors to
modern cloud architecture and innovation.