Amazon Web Services (AWS) is a collection of remote computing services (also called web services) that make up a cloud computing platform, offered by Amazon.com.
AWS Cloud Fundamentals include:
Compute Services: EC2 (Elastic Compute Cloud), Lightsail, Elastic Container Service (ECS), Elastic Beanstalk, Lambda
Storage Services: S3 (Simple Storage Service), EBS (Elastic Block Store), Glacier
Database Services: RDS (Relational Database Service), DynamoDB, ElastiCache
Networking Services: VPC (Virtual Private Cloud), Route 53, Direct Connect
Security & Compliance: IAM (Identity and Access Management), Certificate Manager, KMS (Key Management Service)
Analytics Services: Athena, Redshift, EMR (Elastic MapReduce)
Management Tools: CloudWatch, CloudFormation, CloudTrail
AWS allows businesses and individuals to rent virtual computers and other resources on demand, with flexible pricing and capacity.
AWS ACCOUNTS
An AWS account is a unique customer login provided by Amazon Web Services (AWS) that provides access to AWS services.
There are two types of AWS accounts:
Root account: The first account created when signing up for AWS. It has complete control over all AWS services and resources.
IAM user account: A sub-account created under the root account. It has limited permissions set by the root account administrator, providing a secure way to grant access to AWS services and resources.
IAM
IAM stands for "Identity and Access Management" in Amazon Web Services (AWS). IAM is a service that enables you to securely control access to AWS resources for your users.
IAM enables you to:
Create and manage AWS users and groups
Grant and revoke permissions to access AWS resources
Use policies to define permissions for AWS resources
Control access to AWS resources through identity federation, multi-factor authentication (MFA), and temporary security credentials
It is an important part of AWS security, allowing you to enforce the principle of least privilege, which means that users are given only the minimum level of access they need to perform their tasks.
Simple Storage Service (S3)
It is a cloud-based object storage service offered by Amazon Web Services (AWS). It provides scalable, highly available, and durable storage for data and files and is designed to be highly scalable and highly available.
With S3, you can:
Store and retrieve any amount of data, at any time, from anywhere on the web
Serve content through a highly performant and highly scalable content delivery network (CDN)
Store backups, static files, and user-generated content, such as photos and videos
Analyze big data workloads using Amazon S3 as a data lake
S3 is an object-based storage system, meaning that data is stored as objects within a bucket. An object consists of a file and any associated metadata. S3 provides various storage classes for different use cases, including standard, intelligent tiering, standard-IA, and glacier.
AWS Security
It provides a comprehensive set of security measures to help protect customer data and meet security and compliance requirements. AWS security includes:
Physical security: AWS data center are physically secure with access restricted to authorized personnel only.
Network security: AWS implements strict network security protocols to protect data in transit and at rest.
Access control: AWS uses Identity and Access Management (IAM) to control access to AWS resources.
Encryption: AWS provides encryption for data at rest and in transit, including the option to use customer-managed encryption keys.
Compliance: AWS meets a variety of compliance standards, such as PCI DSS, SOC, ISO, and HIPAA.
Monitoring and logging: AWS provides services such as Amazon CloudWatch and AWS CloudTrail to monitor and log activity on the AWS platform.
AWS provides a wide range of security tools and services to help customers secure their workloads on the AWS cloud, and it is recommended to regularly review and update security policies to ensure the continued protection of data.
VIRTUAL PRIVATE CLOUD (VPC) BASICS
A virtual network dedicated to your AWS account. It enables you to launch AWS resources into a virtual network that you've defined.
With a VPC, you can:
Control the IP address range and create subnets.
Define network gateways and configure route tables.
Control network access through security groups and network access control lists (ACLs).
Connect your VPC to the internet or to an on-premises network through an AWS Direct Connect.
Isolate your AWS resources from the public internet, making it a secure network environment.
A VPC provides the isolation required to run public-facing web applications, as well as private services in the same network, with complete control over the network's access and visibility.
VPCs are an essential component of any AWS-based infrastructure, and they offer the flexibility and security required to run a variety of workloads on the AWS cloud.
ELASTIC COMPUTE CLOUD (EC2) BASICS
A web service that provides scalable computing capacity in the AWS cloud. It enables customers to rent virtual computing instances, called EC2 instances, and run their own applications on the instances.
With EC2, you can:
Launch and manage instances with a variety of operating systems, including Windows and Linux.
Choose from a range of instance types and sizes to meet your computing needs.
Automatically scale instances up or down based on demand.
Store data on attached instance storage or Amazon Elastic Block Store (EBS) volumes.
Use Amazon Elastic Load Balancer (ELB) to distribute incoming traffic across multiple instances.
Secure your instances using security groups and network ACLs.
EC2 provides customers with complete control over their instances and enables them to install and run their own software, including applications and libraries. EC2 instances can be launched into a Virtual Private Cloud (VPC) for increased security and network configuration options.
EC2 is a highly scalable and highly available service that enables customers to quickly and easily scale their computing resources up or down as needed. It is a fundamental building block of many AWS-based infrastructures and is widely used for a variety of use cases, including web and application hosting, big data processing, and machine learning.
Monitoring
Amazon CloudWatch is the primary monitoring service in AWS for tracking the performance and health of your AWS resources, such as EC2 instances, RDS databases, and S3 buckets.
With CloudWatch, you can:
Monitor metrics, such as CPU utilization, network traffic, and disk read/write operations.
Set alarms to trigger automated actions, such as scaling EC2 instances up or down, in response to metric thresholds.
Create custom metrics and dashboards to visualize your performance data.
Store and access logs from your AWS resources and applications.
CloudWatch provides a unified view of your entire AWS infrastructure, enabling you to quickly identify and troubleshoot performance issues. The service integrates with many other AWS services, such as EC2, RDS, and ELB, to provide a complete monitoring solution for your AWS environment.
Logging
Amazon CloudTrail is the primary logging service in AWS for tracking changes to your AWS resources, such as EC2 instances, RDS databases, and S3 buckets.
With CloudTrail, you can:
Log and track changes to your AWS resources, such as API calls, resource changes, and user logins.
Monitor the security of your AWS environment by tracking changes made by users, roles, and services.
Store log data in an S3 bucket for long-term retention and analysis.
Integrate log data with other AWS services, such as Amazon CloudWatch and Amazon Elasticsearch, for further analysis and visualization.
Auditing
Auditing in AWS refers to the process of monitoring and reviewing the access and usage of AWS resources, to ensure compliance with security policies and detect potential security incidents. AWS provides various tools and services for auditing, such as:
AWS CloudTrail: Records API calls made on your AWS account and stores the logs in S3.
AWS Config: Monitors the configuration of AWS resources in real-time and provides change history for auditing purposes.
AWS IAM Access Analyzer: Analyzes IAM policies to detect potential security vulnerabilities.
AWS Security Hub: Centralizes and prioritizes security findings from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, and Amazon Macie.
AWS Systems Manager: Helps automate the collection of information required for auditing and compliance reporting.
Containers
AWS Containers are a family of technologies that enable customers to build, deploy, and manage applications on the cloud. This includes Amazon Elastic Container Service (ECS), Amazon Elastic Kubernetes Service (EKS), Amazon Elastic Container Registry (ECR), and Amazon Fargate. AWS Containers provide a platform to easily build, deploy, and manage containerized applications using popular open-source tools, such as Docker and Kubernetes.
ECS & ECR
ECS (Amazon Elastic Container Service) is a fully managed service for running Docker containers on AWS. ECS allows you to easily run, stop, and manage Docker containers on a cluster of EC2 instances.
ECR (Amazon Elastic Container Registry) is a fully managed Docker container registry that makes it easy to store, manage, and deploy Docker container images. With ECR, you can host Docker images in a secure and scalable manner, and use them with ECS or other Docker-compatible tools.
Infrastructure as Code (CloudFormation)
AWS' CloudFormation is an AWS service that implements IAC. It allows you to define, deploy, and manage infrastructure as templates written in YAML or JSON. You can use it to create and update infrastructure, reducing the risk of errors and making it easier to manage changes.
Global Service Discovery and Content Delivery (R53 and CloudFront)
Route 53 is an AWS service that provides a scalable and highly available Domain Name System (DNS) service. Route 53 is designed to work with other AWS services and can be used to route users to the appropriate resources, such as EC2 instances, S3 buckets, or ELBs. Using CloudFront, you can serve content directly from a location close to your users, reducing the load on your back-end servers.
Scaling
Scaling in DevOps refers to the process of dynamically increasing or decreasing the resources used by an application or system to handle changes in demand. In DevOps, scaling is an important aspect of ensuring the reliability and performance of applications.
There are two main types of scaling in DevOps:
Horizontal scaling: This involves adding more instances of an application or service to handle increased demand. For example, you might add more EC2 instances to a cluster to handle a spike in traffic.
Vertical scaling: This involves increasing the resources of a single instance, such as by adding more memory or CPU, to handle increased demand.
Load Balancing & High-Availability
Load balancing is a technique used to distribute incoming traffic across multiple servers or resources to ensure high availability, performance, and reliability.
In AWS, there are several services available for load balancing, including:
Elastic Load Balancer (ELB): ELB is a fully managed service that automatically distributes incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses. ELB supports two types of load balancing: Application Load Balancer and Network Load Balancer.
Application Load Balancer (ALB): ALB is a type of ELB designed for application traffic. It provides features such as HTTP and HTTPS routing, and can also be used for microservices architectures.
Network Load Balancer (NLB): NLB is a type of ELB designed for high performance traffic, such as TCP and UDP.
High-Availability in AWS refers to the design and implementation of systems and services that are highly available, meaning that they are always operational and available to users, even in the event of failures or outages.
There are several strategies for achieving high availability in AWS, including:
Redundancy: This involves creating multiple copies of resources, such as EC2 instances, to ensure that if one resource fails, another is available to take its place.
Load balancing: As discussed above, load balancing helps distribute traffic across multiple resources, reducing the impact of failures and ensuring high availability.
Auto Scaling: This allows you to automatically adjust the number of resources in a system based on demand, ensuring that there are enough resources to handle changes in traffic.
Region and Availability Zone diversity: By deploying resources across multiple AWS regions and availability zones, you can reduce the risk of failures caused by regional outages or failures in a single availability zone.
By combining these strategies, you can achieve a highly available, scalable, and fault-tolerant system in AWS.
Questions –
What is Amazon Web Services (AWS)?
AWS is a cloud computing platform that provides a wide range of services and tools for building and running applications and services in the cloud. AWS provides a secure, scalable, and cost-effective infrastructure that can be used to host websites, run applications, store and analyze data, and more.
What is an EC2 instance in AWS?
An EC2 (Elastic Compute Cloud) instance in AWS is a virtual machine that runs on the AWS cloud. EC2 instances are used to host applications and services, and can be easily launched, scaled, and managed using the AWS Management Console or the AWS CLI. EC2 instances can be customized to meet specific requirements and can be used for a wide range of use cases, such as web hosting, application hosting, and data processing.
What is a security group in AWS VPC?
A security group in AWS VPC is a virtual firewall that controls inbound and outbound network traffic to your instances. Security groups are associated with instances and provide an additional layer of security for your resources by allowing you to specify which traffic is allowed to reach your instances and which traffic is not.
What is CloudWatch in AWS?
CloudWatch in AWS is a monitoring service that provides real-time visibility into the performance, operational, and health metrics of your AWS resources. CloudWatch enables you to monitor and track performance, set alarms, and visualize your data over time.
What is Amazon S3 used for in AWS monitoring and logging?
Amazon S3 (Simple Storage Service) is used in AWS monitoring and logging as a durable and scalable data repository for storing log data and other monitoring data. S3 can store large amounts of log data and can be used to archive data for long-term retention, making it an ideal data storage solution for monitoring and logging.
What is Amazon CloudTrail in AWS monitoring and logging?
Amazon CloudTrail is an AWS service that provides a centralized log of all API calls made in your AWS account. CloudTrail enables you to monitor, track, and store information about the actions taken in your AWS account, making it easier to comply with security and compliance requirements.
What is Amazon CloudWatch Logs in AWS monitoring and logging?
Amazon CloudWatch Logs is an AWS service that provides real-time log data collection and analysis for your AWS resources. CloudWatch Logs allows you to monitor, store, and access your log data in real-time, making it easier to troubleshoot issues and monitor your resources.
What are the benefits of using CloudFormation in AWS?
The benefits of using CloudFormation in AWS include:
Automation and version control of infrastructure provisioning
Improved reliability and consistency in infrastructure deployment
Easier management and scaling of infrastructure
Improved collaboration and communication between DevOps teams
What are the components of a CloudFormation template?
A CloudFormation template consists of several components, including:
Description: A brief summary of the stack
Resources: The AWS resources that will be created by the stack
Parameters: Values that are passed into the template to customize the deployment
Mappings: A collection of key-value pairs that can be used to conditionally create resources
Outputs: The values that are returned after the stack is created
What is Docker in DevOps?
Docker is an open-source platform for automating the deployment of applications as containers. Docker provides a standard way to package and run applications, making it easier to deploy and manage containers in a DevOps environment.
How do Amazon ECR and ECS integrate with CloudFormation in AWS?
Amazon ECR and ECS integrate with CloudFormation in AWS by providing a way to manage containers and container images as part of your infrastructure as code. CloudFormation templates can be used to automate the deployment of containers and container images, making it easier to manage and scale your containers and container images in a DevOps environment.
How does auto scaling work in AWS?
Auto scaling in AWS works by automatically adjusting the number of EC2 instances that are running based on changes in demand. Auto scaling can be achieved by using services like Amazon EC2 Auto Scaling, which allows you to define policies that determine when and how many EC2 instances should be added or removed based on changes in demand.
Also Read: Introduction to Docker & Kubernetes