Cloud Concepts
Cloud computing allows the on-demand delivery of IT resources via the internet with Pay as Go Pricing. AWS allows to provision servers, database, storage resources in seconds & can be treated as disposable rather than long leases of IT infrastructure created in the datacenter.
Cloud computing generally increases agility and AWS Infrastructure designed with regions & availability zones supports elastic, highly available & easily scalable computing resources.
AWS infrastructure spreads across several regions across the globe in secure data centers and customers can support data residency regulations by choosing their own region.
Cloud computing generally increases agility and AWS Infrastructure designed with regions & availability zones supports elastic, highly available & easily scalable computing resources.
AWS infrastructure spreads across several regions across the globe in secure data centers and customers can support data residency regulations by choosing their own region.
Core Services
a) Compute - An example service is Amazon EC2
b) Storage - An example service is Amazon S3, Amazon EBS.
c) Databases - An example service is Amazon RDS, Amazon DynamoDB, Amazon Redshift.
d) Networking & Content Delivery - An example service may be Amazon VPC, Amazon Route 53.
e) Security, Identity & Compliance - An example service is AWS Identity & Access Management.
b) Storage - An example service is Amazon S3, Amazon EBS.
c) Databases - An example service is Amazon RDS, Amazon DynamoDB, Amazon Redshift.
d) Networking & Content Delivery - An example service may be Amazon VPC, Amazon Route 53.
e) Security, Identity & Compliance - An example service is AWS Identity & Access Management.
AWS Global Infrastructure
a) Region - Helps you optimize latency, minimize cost & support regulatory requirements. Resources in one region are not automatically replicated to other region. Region generally constitutes two or more Availability Zones (AZ).
b) Availability Zones (AZ) - Collection of data centers in a region, which are isolated from one another but connected with a low latency network. Multiple AZs in a region support reliability & availability requirements of distributed systems.
c) Edge Locations - Hosts the content delivery network (Amazon Cloudfront) to support low latency & fast delivery of content to the customers.
b) Availability Zones (AZ) - Collection of data centers in a region, which are isolated from one another but connected with a low latency network. Multiple AZs in a region support reliability & availability requirements of distributed systems.
c) Edge Locations - Hosts the content delivery network (Amazon Cloudfront) to support low latency & fast delivery of content to the customers.
Amazon Virtual Private Cloud (VPC)
Amazon VPC - Allows you to create a private network within a AWS cloud and lets you configure the IP address spaces, subnets & routing tables. These configurations helps you control what you expose to the internet & what you isolate in the VPC. Other AWS services can then deploy in the foundational VPC infrastructure designed with the custom configurations.
Amazon VPC lives within a region & can span across multiple AZs. VPC defines an address space that is further divided into subnets. Route Tables control the traffic between the subnets & between subnets & internet. Subnets are categorized as public [access to Internet] & private [no access to the internet]
Amazon VPC lives within a region & can span across multiple AZs. VPC defines an address space that is further divided into subnets. Route Tables control the traffic between the subnets & between subnets & internet. Subnets are categorized as public [access to Internet] & private [no access to the internet]
AWS Security with Shared Responsibility Model
AWS Datacenters & network architecture is designed & build to satisfy the security requirements of most sensitive & controlled environments, and at cloud scale all customers benefits from it. AWS infrastructure manages security of the cloud with core AWS IAM, provide logging & monitoring capabilities with services like AWS cloud watch, Encryption & Key Management with likes of AWS KMS & Certificate Manager, Network Segmentation with VPC & AWS Direct Connect, Standard DDos protection with AWS Shield.
Under the shared responsibility model, AWS operates, manages & controls the components from the vitualization layer down to the physical data centers. AWS protects the global infrastructure to secure the AWS cloud services.
When using AWS services, customers manages their content including requirements like [What to store, Which AWS services, In what location, Content format & structure, Access to the content]. Customers responsibility differs slightly with AWS services, as with managed service like DynamoDB, AWS secure the OS layer but with EC2, customer is responsible for securing host OS. Thus customer is responsible for security in the cloud.
Identity & Access Management (IAM)
AWS with CLI Interface
Under the shared responsibility model, AWS operates, manages & controls the components from the vitualization layer down to the physical data centers. AWS protects the global infrastructure to secure the AWS cloud services.
Identity & Access Management (IAM)
Amazon IAM - Allows you to manage access to AWS account by allowing you to create users, groups, roles & policies, enable Identity Federation & multi-factor authentication mechanism & integrate with other AWS services & let you configure access to the account AWS resources.
User: People who are logging into your AWS account.
Groups: Collection of users with common set of permissions. You can create a marketing group who need to access same files on the S3 bucket.
Role: It defines a common set of permissions, for eg: S3 bucket access & then a role can be assigned to the either users or AWS resources (like EC2 instance) to give access to the S3 bucket.
Policies: A document that defines one or more permissions which can then be assigned to user, group or roles.
IAM is a universal service, and not region specific. Users initially are created with no permissions (least privilege), and are assigned access key & secret which can used to access AWS with APIs & command line.
Amazon EC2
Elastic Load Balancers
Amazon Route 53
User: People who are logging into your AWS account. Groups: Collection of users with common set of permissions. You can create a marketing group who need to access same files on the S3 bucket.
Role: It defines a common set of permissions, for eg: S3 bucket access & then a role can be assigned to the either users or AWS resources (like EC2 instance) to give access to the S3 bucket.
Policies: A document that defines one or more permissions which can then be assigned to user, group or roles.
IAM is a universal service, and not region specific. Users initially are created with no permissions (least privilege), and are assigned access key & secret which can used to access AWS with APIs & command line.
Amazon EC2
AWS EC2 is Elastic Compute Cloud, allows you to create & destroy server instances of resizable compute capacity in the AWS cloud infrastructure. Amazon EC2 are virtual server instances and attached with virtual disks of Elastic Block Storage (EBS).
Region-->EC2 Wizard-->AMI-->Select Instance Type-->Configure Network--> Configure Storage-->Configure KeyPairs-->Launch & Connect. Putty can be used to connect to running instance after configuring the private key. EC2 offers various instance types for different purposes, some of them are mentioned below:
T2: Lower Cost & General Purpose usually used for Web Servers & Small DBs
M5: General Purpose usually used for Application Servers
D2: Dense Storage usually used for File Servers / Data Warehousing/ Hadoop
Region-->EC2 Wizard-->AMI-->Select Instance Type-->Configure Network--> Configure Storage-->Configure KeyPairs-->Launch & Connect. Putty can be used to connect to running instance after configuring the private key. EC2 offers various instance types for different purposes, some of them are mentioned below:
T2: Lower Cost & General Purpose usually used for Web Servers & Small DBs
M5: General Purpose usually used for Application Servers
D2: Dense Storage usually used for File Servers / Data Warehousing/ Hadoop
Elastic Load Balancers
Elastic load balancers is a distributed load balancing service that allows you to configure listeners & targets and helps you scale EC2 instances, storages, containers & other services across multiple AZs. AWS categorizes elastic load balancers as Classic & Application Load Balancers.
Classic Load Balancers addresses use-cases like [Accessing web servers through a single load balanced endpoint], [provide scalability & high availability by enabling internal load balancing in application environments]. ELB can work in layer 7 to support http/https protocol and can also be enabled at layer 4 network layer to support TCP protocols.
Application Load Balancers adds more features to existing classic load balancers and supports additional scenarios that cover load balancing across multiple containers in an EC2 instance. It also added support for additional protocols, enhanced cloudwatch metrics& targeted health checks. You can enabled path-based routing, IPV6 support, dynamic ports with port mapping rules etc.
While defining load balancers, you configure listeners [process that checks for connection requests for a specified protocol on a configured port], listener rules to route the traffic to targets [destination like application servers on EC2 instances] & target groups.
Classic Load Balancers addresses use-cases like [Accessing web servers through a single load balanced endpoint], [provide scalability & high availability by enabling internal load balancing in application environments]. ELB can work in layer 7 to support http/https protocol and can also be enabled at layer 4 network layer to support TCP protocols.
Application Load Balancers adds more features to existing classic load balancers and supports additional scenarios that cover load balancing across multiple containers in an EC2 instance. It also added support for additional protocols, enhanced cloudwatch metrics& targeted health checks. You can enabled path-based routing, IPV6 support, dynamic ports with port mapping rules etc.
While defining load balancers, you configure listeners [process that checks for connection requests for a specified protocol on a configured port], listener rules to route the traffic to targets [destination like application servers on EC2 instances] & target groups.
Amazon Route 53
AWS Route 53 is a DNS service that map the domain names to EC2 instances, load balancers & S3 buckets. Typically you will create a A record which can map to an IPV4 address of the load balancer, which has a registered target as an EC2 instance running the website. You can then type the DNS address in the browser which should bring up the home page of the website deployed on the EC2 instance.
Auto Scaling
Elastic Block Storage
Auto Scaling
Auto Scaling helps you ensure that you have correct number of EC2 instances available to handle the load for your application. With Cloud Watch you can determine the appropriate capacity for the instances & then configure autoscaling rules [capacity over 60%] to automate on demand provisioning [Scale Out by launching instances] / or de-provisioning [Scale In by terminating instances] of EC2 instances.
Autoscaling is quite important in environment with fluctuating performance requirements. You can configure multiple Auto scaling groups & auto scaling policies to schedule manage different capacities & load scenarios.
Autoscaling is quite important in environment with fluctuating performance requirements. You can configure multiple Auto scaling groups & auto scaling policies to schedule manage different capacities & load scenarios.
Elastic Block Storage
EC2 Instances can be allocated storage using disk volumes managed by Amazon Elastic Block Storage service on pay as go basis. EBS volumes are designed to be durable & available as data is automatically replicated across multiple disk volumes in different AZs. AWS let's you choose storage volumes based on speed of IOs & cost benefit analysis, and also let you re-create volumes from the snapshots.
AWS with CLI Interface
AWS CLI lets you manage, run AWS services from the command line. Let's say you want to create a bucket & upload some files from your local disk.
aws configure - lets you authenticate by providing the KeyID & Access Key.
aws s3 mb [bucket name] - Create an S3 bucket [ for eg: s3://demobucket-111718]
aws s3 copy hello.txt s3://demobucket-111718 - copies hello.txt from local filesystem to s3 bucket.
aws s3 ls s3://demobucket-111718 - lists the files in the bucket [hello.txt]
You can access the bucket files from the S3 service on AWS console. You can also access the file with DNS address if you have enable public access.
aws configure - lets you authenticate by providing the KeyID & Access Key.
aws s3 mb [bucket name] - Create an S3 bucket [ for eg: s3://demobucket-111718]
aws s3 copy hello.txt s3://demobucket-111718 - copies hello.txt from local filesystem to s3 bucket.
aws s3 ls s3://demobucket-111718 - lists the files in the bucket [hello.txt]
You can access the bucket files from the S3 service on AWS console. You can also access the file with DNS address if you have enable public access.
No comments:
Post a Comment