AWS

• AWS: Amazon Web Services

Table of Contents

• Global Infrastructure
• AWS Pricing
• AWS IAM
• Amazon VPC
• Amazon EC2
  • Connecting different AWS services to each other
  • Amazon EC2 Auto Scaling
  • Amazon EC2 Load Balancing
• Amazon Storage Services
  • Amazon EBS
    • Amazon EBS Snapshots
  • Amazon EFS
  • Amazon S3
• AWS Databases
  • Amazon RDS
  • Amazon DynamoDB
• Automation on AWS
  • AWS CloudFormation
  • AWS Elastic Beanstalk
• DevOps on AWS
  • AWS Deveoper Tools
    • AWS CodeCommit
    • AWS CodeArtifact
    • AWS CodeBuild
    • AWS CodeDeploy
    • AWS CodePipeline
  • AWS CodeStar
• DNS and Content Delivery
  • Amazon Route 53
  • Amazon CloudFront
• Containers and Serverless Computing
  • Amazon ECS
  • AWS Lambda
• Application integration and loose coupling
  • Amazon SNS
  • Amazon SQS
  • SNS and SQS example

Global Infrastructure

• There are various regions around the world (around 25) and every region has multiple availability zones (AZs).
• Every region is isolated from other regions and every AZ is isolated from the other AZs in that regios.
• Each AZ can span over multiple data centers, but no AZ shares data centers.
• AWS global infrastructure

AWS Pricing

• AWS pricing
• AWS pricing calculator
• Billing alarm uses Amazon CloudWatch and Amazon SNS.

AWS IAM

• IAM = Identity and Access Management
• IAM Policy is used to define permissions for users.
• Root account (log in with e-mail ID) has all privileges.
  • Not recommeded for regular use. Use an IAM User for daily use.
• IAM User represents users or services.
• IAM Group allows the application of an IAM Policy to a group of users.
  • It is better to assign policies to groups and the add users to groups rather than assigning policies to users individually.
• IAM Role can be assumed by a service and get the permissions provided by the policy and delegate certain things.
• AWS IAM

Amazon VPC

• Prerequisite: CIDR

  • IPv4, CIDR, NAT and VPC subnets

    

  • Understanding CIDR Ranges and dividing networks
  • IP Subnetting from CIDR Notations
  • Imp terms: Subnet mask, network ID, host ID, broadcast ID, 0.0.0.0/0, ::/0, gateway, router
  • Private IP address ranges:
    • For class A: 10.0.0.0/8 (10.0.0.0 to 10.255.255.255)
    • For class B: 172.16.0.0/12 (172.16.0.0 to 172.31.255.255)
    • For class C: 192.168.0.0/16 (192.168.0.0 to 192.168.255.255)
• VPC = Virtual Private Cloud
• Logically isolated portion of the AWS cloud within a region.

• Route tables are used by routers to communicate within the VPC and with the internet gateway (igw) to communitcate with the outside world.

  

• Services in the public subnet get a public IP address and can directly access the internet gateway. Direct access is not possible with private subnets.
• Default no. of subnets = no. of AZs in a region
• Tenancy is multi-tenancy (default/shared) and the pricing is more for a dedicated space.
• VPC -> subnets -> route tables -> internet gateway (if public facing)
• Security group affects instances of resources (eg: Amazon EC2) in the subnet and NACLs (Network Access Control Lists) affect the entire subnet. Both are responsible for allowing or disallowing certain network traffic based on rules.
  • So instance to instance talking within a subnet will be governed by a security group, but not by a NACL. NACL is only concerned with subnet to subnet or subnet to public communication.

  
  

• Security groups are stateful firewalls while NACLs are stateless firewalls.
  • Stateful firewalls send outbound traffic implicitly if the inbound for those IPs is allowed by a rule. A stateless firewall would require an explicit rule for the outbound communication even if the inbound connection was allowed by a rule.

  
  

• AWS public and private services

  

• Amazon VPC

Amazon EC2

• EC2 = Elastic Compute Cloud
• Allows running virtualized servers on AWS.
• Core service at the center of everything, as it provides the compute power.

• EC2 instances in a public subnet can get a public IP address. They always have a private IP address.

  

  • Instances within a public subnet

    

  • Instances within a private subnet

    

• EC2 instance types

  

• Amazon Machine Images (AMIs)
  • Virtualization types: HVM vs PV
• Connecting to an EC2 instance from Windows 10 using SSH.

Connecting different AWS services to each other

• Key pairs (access keys)

• IAM roles

  

Amazon EC2 Auto Scaling

• Provides resilience, fault tolerance, availability, cost management and elasticity.
• Minimum capacity <= desired capacity <= maximum capacity
• Adding instances is called ‘scaling out’ and removing instances is called ‘scaling in’.

Amazon EC2 Load Balancing

• ELB = Elastic Load Balancer

• Advantages of this architechture: High availability, fault tolerance and elasticity.
• Types of Load Balancers in AWS
  • Application Load Balancer (Layer 7 Load Balancer)
  • Network Load Balancer (Layer 4 Load Balancer)
  • Gateway Load Balancer
  • Classic Load Balancer (being deprecated)
• Steps
  • Create a VPC.
  • Create a security policy.
  • Create an IAM role for S3 (if used).
  • Create a Launch Template.
  • Create a Target Group. (Has the instances to be handled by the ELB.)
  • Create an IAM.
  • Create an Auto-Scaling Group.
• What can be done is that the security group (SG) for the EC2 instance can only allow inbound traffic from the SG of the ELB. The SG of the ELB can then be allowed to be contacted by anyone on the internet for public access.
  • In such a scenario, if the link to the final app does not work (no error, but just doesn’t load completely), check the ELB SG and check if it allows HTTP or HTTPS traffic from everywhere (public, i.e., 0.0.0.0/0 or ::/0).

Amazon Storage Services

• Three types of storage
  • Amazon EBS: Block storage
  • Amazon EFS: File storage (Linux only)
  • Amazon S3: Object storage

Amazon EBS

• EBS = Elastic Block Store
• Block-based storage, i.e., drives/volumes.
• With EBS, one can attach volumes to EC2 instances.
• Remember to create the volume and the EC2 instance in the same AZ and subnet. Better perf, I guess?

• IOPS: Input Output Operations Per Second
• RDP client

Amazon EBS Snapshots

• EBS Snapshots are built-in volume backups.
• Snapshots can be used to back up a volume and to use its data in another AZ in a new volume.

Amazon EFS

• EFS = Elastic File System
• File-based storage system.
• EFS can only be used with Linux and not with Windows.

Amazon S3

• S3 = Simple Storage Service
• Object-based storage system. (Any file type is accepted, for e.g., spreadsheets, images, videos, etc.)
• It supports versioning. Deleted files or previous versions of a file can be restored, unless the saved history itself is deleted.
• The bucket needs to be empty (with) before it can be deleted.
• Public access needs to be defined at bucket level and individual object levels as well.
• Files can be uploaded from the AWS CLI as well.

AWS Databases

• Relational (SQL) DB: Amazon RDS
• Non-relational (NoSQL) DB: Amazon DynamoDB

Amazon RDS

• RDS = Relational Database Service
• Engines supported
  • Amazon Aurora
  • MySQL
  • MariaDB
  • Oracle
  • Microsoft SQL Server
  • PostgreSQL
• RDS runs on EC2 instances and the instances can be changed as and when required, at the cost of the DB temporarily going offline.

• Managed relational DB service, so it automatically handles a lot of things for the developer, like backups. Scalability, perf gains and multi-AZ fail-over for high availability and disaster recovery are also some features provided. It’s difficult to do it all by oneseld.

  

Amazon DynamoDB

• Non-relational (NoSQL) DB.

• DynamoDB is made up of
  • Tables
  • Items (rows)
  • Attributes (values) (Red box in the picture below.)

  
  

Automation on AWS

• AWS CloudFormation
• AWS Elastic Beanstalk (PaaS)

AWS CloudFormation

• Helps deploying intrastructure (infra) as code.
• Enables automatic infrastructure deployment on AWS through code in template files in JSON or YAML (YML) formats.
• Anything from deploying VPCs, subnet configs, DBs, etc on AWS.

• Code view 👇

  

• Graphic view of the code provided by AWS CloudFormation Designer 👇

  

• Create stacks and upload templates.
• On deleteing a stack, it rolls back the deployed infra.
  • Even then, make sure to check that all resources are deleted, because certain modifications to the infra might lead to some infra not being rolled back (stopped).

AWS Elastic Beanstalk (EB)

• PaaS
• Only code needs to be uploaded, everything else (infra and config) is managed by EB.

DevOps on AWS

AWS Developer Tools

• AWS CodeCommit
  • Provides repositories

• AWS CodeArtifact

• AWS CodeBuild
  • For building out the application and testing it.
• AWS CodeDeploy
  • To deploy the application code on various AWS services.
• AWS CodePipeline
  • Combines the above tools to create a CI/CD pipeline.
  • Eg: Source -> Build -> Deploy

AWS CodeStar

• It creates a project and uses AWS Developer Tools to build out an environment.
• It uses AWS CloudFormation to build out the infra.
• It can delete all resources on deleting the project.

DNS and Content Delivery

• Amazon Route 53
• Amazon CloudFront (CDN)

Amazon Route 53

• The DNS protocol uses port 53 on devices and thus the ‘53’ in the name of the service.

• Routing policies

  

• Record types
  • Alias record (not mentioned in pic below)
    • Alias records let’s one route traffic to selected AWS resources, such as CloudFront distributions and Amazon S3 buckets.
    • They also let one route traffic from one record in a hosted zone to another record.

  

• Before taking domain from Route 53, create a S3 bucket with the exact domain name. The same bucket name needs to be available.
• Use dig (Linux) or nslookup (Windows) from the command line to check whether the site is working fine.
  • ‘NX’ implies non-existant domain.

Amazon CloudFront

• Global CDN
• Consists of CloudFront Origin location and edge locations.

• Be in the North Virginia section while adding a TLS certificate.

Containers and Serverless Computing

• Amazon ECS
• AWS Lambda

Amazon ECS

• ECS = Elastic Container Service
• AWS service to run Docker containers

• It uses Fargate to manage the underlying infra.
• Uses AWS CloudFormation to delete all resources.

AWS Lambda

• Serverless service. Just put in code and everything related to infra (scaling up and down, etc) is managed by AWS automatically.
• Event driven service.
• Suffers from cold starts.
• No payment for code until Lambda executes it in response to some event.
• Payment is for amount of execution time and amount of memory used.

• It supports concurrent execution

Application integration and loose coupling

• Add something in between services for them to be able to communicate without being tightly coupled.
• Amazon SQS
• Amazon SNS

Amazon SNS

• SNS = Simple Notification Service
• Pub/Sub model

Amazon SQS

• SQS = Simple Queue Service

SNS and SQS example

• Part 1/2

  

• Part 2/2