In this blog I’m trying to cover the high level explanation of AWS Cloud Services.
Cloud Concept & Technology
It will cover AWS Core Services, Global Infrastructure & Design Principle.
AWS Cloud Computing models covers:
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)
- Software as a Service (SaaS)
Region: Physical location. Cluster of data centers. Each Region consists of multiple, isolated, and physically separate AZ (Availability Zone). Each region comprises of at least 2 AZs. Region Example: US Ease (Ohio) Region, Asia Pacific (Mumbai) Region.
Availability Zone(AZ): One or more discrete data centers within region. AZ within a Region provide low-latency network connectivity to other AZ in the same Region. This helps in data replication.
Edge Locations: Used for caching the data for faster delivery with lower latency.
No of Edge Locations > AZ > Region
Elastic Compute Cloud (EC2): Provide scalable computing capacity in the Amazon cloud. Types of EC2 Instance :
- On Demand – Recommended for short temp applications, irregular works that cannot be interrupted. No long term commitments, no upfront money, pay only for seconds instance are in running state.
- Spot Instance – Unused EC2 available for less than on-demand price. Cost effective choice when you have no issues with interruption. Hourly price for spot instance is called spot price, which depends on the demand and supply trend of spare EC2. Instance will be interrupted, if the spot price exceeds the maximum price for your request or if capacity is no longer available.
- Reserved Instance (RI) – Not physical instances but rather a billing discount applied to use of on-demand instance. Recommended when you have commitment to use EC2 over a 1 or 3 year term. Pricing is determined by Instance type, region, tenancy & platform.
- Dedicated Instance – Physically isolated at the hardware level. It runs in VPC.
Dedicated Hosts is recommended for BYOL.
Reserved Instances Types:
- Standard – Steady State usage. You cannot modify the instance i.e. convert.
- Convertible – You can modify attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. Attributes like instance family, operating system, payment option & tenancy.
- Scheduled – Scheduled RIs are available to launch within the time windows you reserve. This option allows you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month. You cannot modify the instance
Relational Database Service (RDS): Service that makes easy to setup, operate & scale a relational database in the Amazon cloud. Cost efficient & re-sizable features available. Refer AWS RDS Instance Setup blog for more details.
- DynamoDB – NoSQL db service used for storing non-structured data.
- Redshift – fast, fully managed data warehouse service that is specifically designed for Online Analytic Processing System (OLAP) i.e. Data-warehouse & Business Intelligence.
- Aurora – Relational database engine that’s compatible with MySQL & PostgreSQL. Aurora is part of Amazon RDS service, it take care of tasks such as patching, backup & recovery.
Simple Storage Service (S3): – Secure, durable, highly-scalable object storage service. You can store any amount data from anywhere. It is designed for 99.999999999% (11 9’s) of durability. In single PUT function you can upload 1 file up-to max of 5TB. Types of S3:
- Standard S3 – General Purpose for frequent accessed data.
- S3 Standard – Infrequent Access (S3 Standard-IA) and S3 One Zone-Infrequent Access (S3 One Zone-IA) for long-lived, but less frequently accessed data.
- S3 Intelligent – Tiering for data with changing access pattern or unpredictable access patterns.
- S3 Glacier (S3 Glacier) and Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive) for archive.
S3 & Dynamo DB – AWS services is designed with native Multi-AZ
Elastic Load Balancing (ELB): Service that is used to distribute load is the AWS service.
ElastiCache: In-memory data store or cache. It improves the performance of applications by retrieve information from cache instead of disk/db. Redis or memcached.
Marketplace: Online store where one can sell/buy software that runs on AWS platform.
Database Migration Service (DMS) : Service helps user to migrate databases with minimal downtime. It can migrate the data between homogeneous (Oracle to Oracle) as well as heterogeneous system (Oracle to Amazon Aurora).
Simple Queue Service (SQS): Message queuing service that enables you to send, store, and receive messages b/w software applications, without losing messages.
Simple Notification Service (SNS) : Service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients. There are two types of clients – publishers and subscribers. Enables you to decouple micro-services, distributed systems, and server-less applications.
Simple Email Service (SES): Email messaging platform
CloudFront: Fast Content delivery network service which securely deliver content to global users like Image data or videos. It uses the global network of Edge Locations and Regional Edge Caches.
CloudWatch: Used to monitor the utilization of AWS resources and services. Basically you create metrics & retrieve the statistics based on those metrics. You can create alarms also using cloud watch.
Route 53: Global service that provides Domain Name System (DNS) services, domain name registration, and health-checking web services.
Elastic MapReduce (EMR) Big data processing and analysis.
Elastic File System (EFS): Shared file system for use with Cloud services and on-premises resources.
CloudFormation: Enable architects to manage Infrastructure as code.
Command Line Interface (CLI): Manage AWS services from the command line and automate them through scripts.
Software Development Kit (SDK): Allows you to interact with AWS services using your preferred programming language.
OpsWorks: Configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.
CloudTrail: Service that can be used to monitor all user interactions with the AWS environment. It is designed to log all actions performed which is usefull for governance, compliance & auditing.
Snowball: Petabyte-scale data transport solution into and out of the AWS Cloud.
Elastic Container Registry (ECR): Docker container registry that allows developers to store, manage, and deploy Docker container images.
Athena: is an interactive query service that is mainly used to analyze data in Amazon S3 using standard SQL.
CloudEndure: Provides disaster recovery and cloud migration to AWS from any physical, virtual, or cloud-based infrastructure.
AWS Lambda: is a compute service that lets you run code without provisioning or managing servers. Allow you to run applications without administration.
Security & Compliance
It will cover Shared Responsibility Model, Cloud Security, Compliance, Access Management & Support
Amazon Inspector: Automated security assessment service solution which assesses services for vulnerabilities or deviations from best practices. It helps improve the security and compliance of applications. It create a detailed report for all security findings which can be viewed using Amazon Inspector console.
AWS Config: Provides you configuration history, and change notifications to enable security and governance.
AWS Trusted Advisor: which provide you best practice checks and recommendations for cost optimization, security, fault tolerance, performance & service limits. It also provides security recommendations to protect your AWS environment.
AWS Shield: Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.
AWS WAF: To control and absorb traffic, and deflect unwanted requests
AWS Support Plans: Developer, Business & Enterprise.
Technical Account Manager (TAM): Primary point of contact for ongoing support for enterprise level support . TAM work with AWS Solution Architects and provide technical expertise & best practice for all AWS services.
- AWS Security team – Responsible for security services provided by AWS.
- AWS Concierge – Responsible for billing and account management related issues.
- AWS Abuse team – Can assist you for issues like Spam, denial of service attacks, port scanning, intrusion etc.
Infrastructure Event Management (IEM): Program available to enterprise level customers for event management support & planning. Example: Product launch, infra migration & marketing events etc.
Shared Controls & Responsibility: Apply to both the infrastructure layer and customer layers.
- Patch Management
- Configuration Management
- Awareness & Training
Customer is responsible for protecting the data rest /transit for all services.
IAM Best Practice:
- Least privilege – means granting users the required permissions to perform the tasks entrusted to them and nothing more.
Key Management Service (KMS): Create and control the encryption keys used to encrypt your data.
Artifacts: To manage agreements & compliance documents.
Personal Health Dashboard : AWS services health view. Alerts for event impacting AWS resources.
Service Health Dashboard : Information about the current status and availability of the AWS services any time.
Billing & Pricing
In AWS, most of the services are available with no upfront costs as it follows the pay-as-you-go pricing.
AWS Consolidated Billing: For billing purposes, this feature treats all the accounts in the organization as one account. You can combine the usage across all accounts in the organization to share the Reserved Instance discounts, volume pricing discounts, and Savings Plans.
AWS Cost & Usage Report: Accessing the detailed information available about your AWS costs and usage.
Total Cost of Ownership (TCO): Calculator allows customers to evaluate the savings from using AWS and compare an AWS Cloud environment to on-premises and co-location environments. Calculator matches your current infrastructure to the most cost-effective AWS offering.
AWS Budgets: gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.
Cost Explorer: Tool that you can use to view your costs and usage. You can forecast and also get recommendations on usage.
Happy Learning! Your feedback would be appreciated!