Core AWS Services

• AWS EC2 ( Elastic Compute Cloud )

• AWS VPC ( Virtual Private Cloud )

• AWS IAM ( Identity and Access Management)

• AWS S3 ( Simple Storage Service)

• AWS RDS ( Relational Database Service )

 AWS EC2 Service

• Introduction to EC2

• AMI ( Amazon Machine Image )

• Instance Type

• Key Pair

• Security Group

• VPC ( Virtual Private Cloud )

 Introduction to EC2
• EC2 enables you to create and manage virtual servers (Virtual
Machine), known as instances, in a secure and reliable manner.

• Allows users to rent virtual computers on which to run (deploy) their

own computer applications.

• EC2 instances are widely used for a variety of purposes, including web
hosting, running applications, data processing, and deploying and
scaling infrastructure for software development projects.

• For EC2 creation, we do need : AMI (Amazon Machine Image)

Instance type

Security Group

VPC (Virtual Private Cloud)

Key Pair
 AMI ( Amazon Machine Image )
• It is a template or snapshot of a virtual machine (an EC2 instance) that contains all the
information required to launch an instance.

• It includes the operating system, pre-installed software, configurations, and any

additional data associated with the instance, access permissions, volume information.

• AWS provides a variety of pre-configured AMIs with different operating systems (such
as Amazon Linux, Ubuntu, Windows Server, etc.) and software pre-installed (such as
databases, web servers, development environments, etc.).

• You can create your own custom AMIs based on existing instances.

• Why do we need AMI ?

Let us suppose that we want to launch 5 servers with the same configuration. One way of
doing that would be to launch a new EC2 instance every time and install the required
packages every time. While the other way of doing it would be to configure your EC2
instance once and then create an image of that instance. Using that image you can deploy
4 more EC2 servers.
 Instance Type
• Amazon EC2 (Elastic Compute Cloud) offers a wide range of instance types to
cater to different compute, memory, storage, and networking requirements.
(hardware specifications)

• General Purpose instance -- Applications built on open-source software such as

application servers, micro services, gaming servers, midsize data stores, and
caching fleets. Eg : t2,t3,m5,a1,and etc.,

• Compute Optimized -- compute bound applications that benefit from high

performance processors. Eg : c5, c5n, c5a…

• Memory Optimized -- to deliver fast performance for workloads that process

large data sets in memory. Eg : r5n,r5…

• Accelerated computing -- Machine learning, high performance computing,

computational fluid dynamics, computational finance, seismic analysis, speech
recognition, autonomous vehicles, and drug discovery. Eg : p2,p3….

• Storage Optimized -- designed for workloads that require high, sequential read
and write. Eg : i3, d3 etc…
 Key Pair
• A key pair, consisting of a private key and a public key, is a set of security
credentials that you use to prove your identity when connecting to an
instance.

• A key pair, consisting of a public key and a private key, Amazon EC2 stores the
public key on your instance, and you store the private key.

• Anyone who possesses your private key can connect to your instances, so it's
important that you store your private key in a secure place.
 AWS VPC Service

• Introduction to VPC

• Subnets

• Routing Tables

• Internet Gateway

• Security Groups

• Network Access Control List (NACL)

 Introduction to VPC
• Amazon VPC creates a virtual network topology for your Amazon EC2
resources.

• You have complete control over your virtual networking environment,

including selection of your own IP address range, creation of subnets, and
configuration of route tables and network gateways.

• All new AWS accounts have a default VPC .

 Subnets
• Subnet is a range of IP addresses within a VPC.

• Public subnet – The subnet has a direct route to an internet gateway.

Resources in a public subnet can access the public internet.

• Private subnet – The subnet does not have a direct route to an internet
gateway. Resources in a private subnet require a NAT device to access the
public internet.
 Routing Tables
• Routing tables that control the flow of traffic within the VPC.

• You can configure routes to direct traffic between subnets, to the internet via
the IGW, or to other network devices.
 Internet Gateway (IGW)
• Allow resources (eg. EC2 instances) in a VPC connect to the
internet.

• Must be created separately from a VPC.

• One VPC can only be attached to one IGW and vice versa.

Security Group
• A security group is a virtual firewall that controls inbound and
outbound traffic for instances or resources within a Virtual Private
Cloud (VPC) or cloud network.

• It acts as a rule-based filter, allowing or denying network traffic based

on specified rules.
 Network Access Control List
• NACL are like a firewall which control traffic from and to subnets.

• NACL are a great way of blocking a specific IP address at the

subnet level.
 AWS IAM Service
• What is Access Control?

• Why do we need access management?

• What is IAM?

• Components of IAM

-- Users

-- Groups

-- Role

-- Policies

• Multi-factor Authentication (MFA)

 What is Access Control?
Access Control is the selective restriction of access to a place or
other resource.
Why do we need access
management?
 What is IAM?
• IAM is web service that helps you securely control access to AWS resources for your
users.

• We use IAM to control who can use your AWS resources (authentication) and what
resources they can use and in what ways (authorization).

• It safe guards accesses to AWS services and resources and to create and manage AWS
users and groups and use permissions to grant or deny access to AWS services.
Components of Click icon to add picture

IAM
 IAM user represents an entity
(person or an application) that
interacts with AWS resources
and services.

 Using IAM, we can create and

manage AWS users, and use
permissions to allow and deny
their access to AWS resources.

 The root user can grant

permissions to the IAM user.

 It is created without permissions

by default.
 IAM Policies are documents.
 They customize user access to AWS resources and services.
 They deny or allow permissions to AWS resources and services.

 A collection of IAM users is called an IAM group.

 IAM policy assigned to the IAM group grants permissions to all IAM users of
that group.
 IAM role is temporary access to services or resources.
 Multi-factor Authentication (MFA)
• MFA stands for Multi-
Factor Authentication, and
it is a security measure
used to protect sensitive
information and enhance
the security of online
accounts and systems.

• WHY MFA ---- > Increased

security, Mitigation of
password related risks,
Protection against
phishing attacks,
Compliance with security
standards, and Enhanced
user trust.
 AWS S3 Service

• Why S3?

• Introduction to S3

• Storage Classes

• Buckets

• Objects

• Key

• S3 Security
 Why S3 ?

• Finding a way to store distribute and manage all of the data is a big challenge .

• Running applications, delivering content to the users, hosting high traffic websites or
backing up documents databases and email all require a lot of storage and need for
more storage space keeps growing everyday.

• Building or maintaining your own storage repository is expensive and time

consuming. First you have to buy racks and racks of dedicated hardware and software
then to get it all up and running you have to hire staff and set up complex processes
to make sure your storage is performing well and backed up in case something fails.

• Adding more capacity costs money and time to deploy more servers hard drives and
tape backup machines and guessing how much capacity you need in the future is
difficult.
 Introduction to S3
Amazon S3 is a cloud-based storage service offered by Amazon
Web Services (AWS) .It allows you to store and retrieve any
amount of data at any time from the internet.
In Amazon S3, data is organized into containers called
“BUCKETS”. Think of a bucket as a directory or folder where you
can store your data . Each bucket must have a unique name
globally across all AWS.
Inside each bucket , you store individual files , which are referred
to as “OBJECTS”. These objects can be anything, such as
images,videos,documents,or backups.Object names must also be
unique within the bucket.
 It is object-level storage. Each object is made up of :
Data :: any type of file
Metadata :: information about what data is
Key :: unique identifier
 Max Object size = 5TB(5000 GB)
 If > 5000 GB , we do use multi-part upload.
 When we create a bucket ,
S3 Storage Classes
Buckets
 A bucket is a container used for storing the objects.

 Every object is incorporated in a bucket.

 For example, if the object named photos/tree.jpg is stored in the treeimage bucket,
then it can be addressed by using the URL
http://treeimage.s3.amazonaws.com/photos/tree.jpg.
 A bucket has no limit to the amount of objects that it can store. No bucket can exist
inside of other buckets.
 The AWS user that creates a bucket owns it, and no other AWS user cannot own it.
Therefore, we can say that the ownership of a bucket is not transferrable.
 The AWS account that creates a bucket can delete a bucket, but no other AWS user
can delete the bucket.
 100 buckets can be created in each of the AWS accounts.
 Objects
Objects are the entities which are stored in an S3 bucket.

An object consists of object data and metadata where metadata

is a set of name-value pair that describes the data.
An object consists of some default metadata such as date last
modified, and standard HTTP metadata, such as Content type.
 It is uniquely identified within a bucket by key and version ID.
 Key
A key is a unique identifier for an object.

Every object in a bucket is associated with one key.

An object can be uniquely identified by using a combination of

bucket name, the key, and optionally version ID.
 S3 Security
 Access Control :: IAM Policies

Bucket Policies

Access Control Lists(ACLs)

S3 Block Public Access

 Encryption :: At Rest -- S3 Managed Keys(SSE-SE)

AWS Key Management Service Keys(SSE-KMS)

Client-Side Encryption

At Transit – SSL/TLS Secure Sockets Layer/Transport

Layer Security
 AWS RDS Service

• What is Amazon RDS

• Features of RDS
 What is Amazon RDS

• Amazon RDS (Relational Database Service) is a fully-managed

SQL database cloud service that allows to create and operate
relational databases.

• Using RDS you can access your files and database anywhere in a
cost-effective and highly scalable way.
Features of RDS