Unit 3 Enriching The Cloud Security With Computing Technology
Unit 3 Enriching The Cloud Security With Computing Technology
Unit - III
ENRICHING THE CLOUD SECURITY WITH COMPUTING
TECHNOLOGY
Prof. XYZ
AY 2023-2024 SEM-I
Unit III - Syllabus
● Users have allocated compute power and can start, stop, access, and
configure their computer resources as desired.
https://aws.amazon.com/what-is/compute/
Terminology
Amazon EC2 Amazon EC2 Amazon Elastic Amazon Elastic VMware Cloud
Auto Container Registry Container Service on AWS
Scaling (Amazon ECR) (Amazon ECS)
AWS Elastic AWS Lambda Amazon Elastic Amazon Lightsail AWS Batch
Beanstalk Kubernetes
Service (Amazon
EKS)
• Amazon ECS • Container-based computing • Spin up and run jobs more AWS Fargate reduces
• Amazon EKS • Instance-based quickly administrative overhead, but
• AWS Fargate you can use options that give
• Amazon ECR you more control.
• AWS Elastic • Platform as a service (PaaS) • Focus on your code (building Fast and easy to get started.
Beanstalk • For web applications your application)
• Can easily tie into other
services—databases, Domain
Name System (DNS), etc.
What is a container? (Content beyond syllabus)
Before software is released, it must be tested, packaged, and installed. Software deployment refers to the
process of preparing an application for running on a computer system or a device.
● Containers (or Docker Images) can then run on any platform via a docker engine.
● Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management
service that supports Docker containers and allows you to easily run applications on a managed cluster of
Amazon EC2 instances.
● This ensures quick, reliable, and consistent deployments, regardless of the environment.
Choosing the best AWS infrastructure depends on your application requirements, lifecycle,
code size, demand, and computing needs.
● If you want to deploy a selection of on-demand instances offering a wide array of different
performance benefits within your AWS environment, you would use
Amazon Elastic Compute Cloud (EC2).
● If you want to run your own code using only milliseconds of compute resource in response
to event-driven triggers in serverless environment, you could use AWS Lambda.
What are the benefits of AWS compute services?
● Amazon Elastic Container Services (Amazon ECS) offer choice and flexibility to run containers.
Built-in security
● AWS offers significantly more security, compliance, and governance services, and key features than the next largest
cloud provider.
● The AWS Nitro System has security built in at the chip level to continuously monitor, protect, and verify the instance
hardware.
Cost optimization
● With AWS compute you pay only for the instance or resource you need, for as long as you use it, without requiring long-
term contracts or complex licensing.
Flexibility
● AWS provides multiple ways to build, deploy, and get applications to market quickly. For example, Amazon Lightsail is an
easy-to-use service that offers you everything you need to build an application or website.
AWS compute services
● AWS EC2 provides various instance types with different configurations of CPU, memory, storage, and networking
resources so a user can tailor their compute resources to the needs of their application.
● Amazon EC2 Auto Scaling helps you maintain application availability and allows you to automatically add or remove
EC2 instances according to conditions you define.
● EC2 Image Builder simplifies the building, testing, and deployment of VMs and container images for use on AWS or
on-premises
● Amazon Lightsail is designed to be the easiest way to launch and manage a virtual private server with AWS.
● Amazon Linux 2023 (AL2023) is our new Linux-based operating system for AWS that is designed to provide a secure,
stable, high-performance environment to develop and run your cloud applications.
● AWS App Runner is a fully managed service that makes it easy for developers to quickly deploy containerized web
applications and APIs, at scale and with no prior infrastructure experience required.
AWS compute services
● AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing
jobs on AWS.
● AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with
Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker
● AWS Fargate is a compute engine for Amazon ECS that allows you to run containers without having to manage servers or clusters.
● AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume—there
is no charge when your code is not running.
● AWS Serverless Application Repository enables you to quickly deploy code samples, components, and complete applications for
common use cases such as web and mobile back-ends, event and data processing, logging, monitoring, Internet of Things (IoT),
and more.
● AWS Outposts bring native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or
on-premises facility.
● You can use the same APIs, the same tools, the same hardware, and the same functionality across on-premises and the cloud to
deliver a truly consistent hybrid experience
Amazon EC2
overview
• Amazon Elastic Compute Cloud (Amazon EC2)
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing
capacity in the Amazon Web Services (AWS) Cloud.
Using Amazon EC2 eliminates your need to invest in hardware up front, so you
can develop and deploy applications faster.
You can use Amazon EC2 to launch as many or as few virtual servers as you
need, configure security and networking, and manage storage.
Amazo
Amazon EC2 enables you to scale up or down to handle changes in
n requirements or spikes in popularity, reducing your need to forecast traffic.
EC2
Introduction
• The full form of Amazon EC2 is Amazon Elastic Compute Cloud. Amazon
EC2 is one of the most used and most basic services in Amazon so it
makes sense to start with EC2 when you are new to AWS.
• Well, to be very simple, EC2 is a machine with an operating system and
hardware components of your choice. But the difference is that it is totally
virtualized. You can run multiple virtual computers in a single physical
hardware.
• Elastic Compute Cloud (EC2) is one of the integral parts of the
AWS ecosystem. EC2 enables on-demand, scalable computing capacity in
the AWS cloud.
• Amazon EC2 instances eliminate the up-front investment for hardware, and
there is no need to maintain any rented hardware. It enables you to build
Features
Launch Start
pending
AMI
Reboot Stop
rebooting running stopping stopped
Stop-
Hibernate
Terminate
shutting-
down
Terminate
terminated
Consider using an Elastic IP address
• Rebooting an instance will not • If you require a persistent public IP
address –
change any IP addresses or DNS • Associate an Elastic IP address with the
hostnames. instance.
Jack, a poor country boy, trades the family cow for a handful of magic
beans, which grow into a massive, towering beanstalk reaching up into
the clouds. Jack climbs the beanstalk and finds himself in the castle of an
unfriendly giant. The giant senses Jack's presence and wants to kill him.
Outwitting the giant, Jack is able to retrieve many goods once stolen from his family, including a bag of gold, an enchanted
goose that lays golden eggs and a magic golden harp that plays and sings by itself. Jack then escapes by chopping down the
beanstalk. The giant, who is pursuing him, falls to his death, and Jack and his family prosper.
Deploying and Scaling services using AWS elastic beanstalk
Step 6: Scaling Your Application: Elastic Beanstalk simplifies the scaling process by automatically handling
load changes. You can configure auto-scaling settings based on metrics like CPU utilization or request count.
Elastic Beanstalk will automatically scale the number of instances up or down to handle the load efficiently.
Step 7: Application Updates: As you make changes or release new versions of your application, Elastic
Beanstalk allows you to perform rolling updates to minimize downtime. You can either manually trigger the
update or configure automatic deployments when new versions are available.
Step 8: Monitoring and Optimizing Costs: Continuously monitor and optimize your environment to control
costs. Analyze your application's resource usage, adjust instance types, and optimize auto-scaling settings to
match the actual workload. Utilize AWS Cost Explorer and other cost management tools to gain insights into
your expenses and identify potential cost-saving opportunities.
By following these steps, you can effectively deploy, manage, and scale your applications using AWS Elastic
Beanstalk. Elastic Beanstalk abstracts the underlying infrastructure complexities, allowing you to focus on
your application's development and functionality while taking advantage of AWS's scalable and reliable
infrastructure.
SECTION 4: AWS SHARED
RESPONSIBILITY MODEL
Shared Responsibility Model - AWS
8. Vendor Management:
a. Establish clear security requirements and responsibilities in contracts and
service level agreements (SLAs) with CSPs.
b. Regularly review the security practices and compliance certifications of your
CSP to ensure they align with your requirements.
22
IAM policies
• An IAM policy is a document that defines permissions
• Enables fine-grained access control
• Two types of policies – identity-based and resource-based IAM entities
• Identity-based policies –
• Attach a policy to any IAM entity Attach to
one of
• An IAM user, an IAM group, or an IAM role IAM user
• Policies specify:
• Actions that may be performed by the entity IAM
• Actions that may not be performed by the entity policy
IAM group
• A single policy can be attached to multiple entities
• A single entity can have multiple policies attached to it
IAM role
• Resource-based policies
• Attached to a resource (such as an S3 bucket)
25
Resource-based policies
• Identity-based policies are attached to a
user, group, or role
• Resource-based policies are attached to AWS
Account
a resource (not to a user, group or role) IAM user S3 bucket
MaryMajor photos
• Characteristics of resource-based
policies – attached Defined inline
on the bucket
• Specifies who has access to the resource and
what actions they can perform on it
• The policies are inline only, not managed Identity-based Resource-
policy based policy
• Resource-based policies are Policy grants list, Policy grants user
supported only by some AWS read objects to the MaryMajor list, read
photos bucket objects
services
26
IAM permissions
How IAM determines permissions:
Ye Ye
s s
Den Allo
y w
SECTION 6: SECURING
ACCOUNTS
35
• Enables you to control the use of encryption across AWS services and in your
applications.
• Integrates with AWS CloudTrail to log all key usage.
Amazon Cognito
Amazon Cognito features:
• Adds user sign-up, sign-in, and access control to your web and mobile
applications.
• Scales to millions of users.
• Supports sign-in with social identity providers, such as Facebook, Google, and Amazon;
and enterprise identity providers, such as Microsoft Active Directory via Security
Assertion Markup Language (SAML) 2.0.
Amazon Cognito
37
AWS Shield
• AWS Shield features:
• Is a managed distributed denial of service (DDoS) protection service
AWS Shield
SECTION 7: SECURING DATA
ON AWS
39
TLS encrypted
data traffic TLS or SSL
encrypted Amazon S3
Amazon EC2 Amazon EFS AWS Storage Gateway
41
THANK YOU