AWS Overview
EC2 architecture
Methods of Computing
-
Instances (VMs)
Use cases-
Hosting environment, developing, testing, backup/disaster recovery
-
Containers - OS virtualization. Run apps and dependencies in resoruce-isolted processes. Containers are smaller than VMs and do not contain an entire OS. They share a virualized OS and run as resource-isolated processes - ensuring quick, reliable, consistent deployments.. The container holds everytying you need - libraries, system tools, code, and the runtime.
-
Serverless - run code without provisioning or managing servers. Automatic sclaing, and pay-for-use billing model. Eliminate infrstructure management tasks like capactity provisioning and patching.
Use cases - file processing, web apps, mobile backends, cron jobs (scheduled tasks)
-
Hybrid - Combines cloud and onprem infrastructure
Use cases - Legacy apps, regulatory requirements
Billing Model
-
EC2 (elastic compute cloud) - pay for only the compute time used while your instances are running. Provides resizable, virtual server instances for compute-heavy tasks like running applications.
EC2 = "Resizable computing capacity in the cloud"
-
Cloud computing is the on-demand delivery of IT resources over hte internet with pay-as-you go pricing.
Deployment models
-
IaaS - Access to networking, vms, and storage.
-
PaaS - Hardware and OS - gives developers the ability to farm out resource procerment, capacity planning, patching.
-
SaaS - a completed software product that the provider runs and manages. The customer only thinks about how to use it.
Five main drivers of instance cost
Purchasing options:
Tenancy:
Launching an EC2 instance
-
Instance Name and Tags
-
AMI
-
Instance Type
-
Key Pair
-
Netowrk settings
-
Configure storage
-
Advanced Details
Instance name and tags
AMI - Amazon Machine Image
An AMI is an anonymized, bloc,k-level copy of the root volume of a donor machine, the 'golden instance'.
It is a VM that you configured with OS and app content. WHen you create an AMI, EC2 stops the instance, snapshots its root volume, and registers the snpshot as an AMI.
Instance Types
ex: large, xl, 2x -
Instance categories
Key Pair
Public IP
Security Groups
Rules
Stateless- inbound rules automatically apply to outbound rules.
AWS core storage services
Elastic Block Store
Elastic File System
Simple Storage Service
EBS Storage Configuration Options
Volume Types
-
No Throughput Optimized or Cold HDD for root volumes
-
Root volume must be a general purpose or a Provisioned IOPs volume
Volume Size
-
General purpose - 1 to 16,384 GiB
-
Provisioned IOPS - 4 to 16,384 GiB
-
Throughput Optimized or Cold HHD - 125 to 16,384 GiB
Delete on Termination
Should the volume be automatically deleted when the instance is terminated? Otherwise it will persist independently of the running life of the EC2 instance and remain provisioned in your account until you manually delete it.
Encryption
The option to encrypt your root volume and any additional volumes attached to your EC2 instance. EBS encryption uses AWS KMS keys to encrypt volumes
EBS Volume types
General Purpose SSD
Most common
-
virtual desktops
-
medium-sized single instance databases such as MS SQL server and Oracle
-
latency-sensitive interactive applications
-
boot volumes
-
dev and test environments
Provisioned IOPS
Input/Output Operations per Second
-
Measures the max number or reads and writes that a storage device can perform in a second.
-
These are the highest-performance SSDs, for mission-critical, low-latency or high-throughput workloads involving large databases.
Throughput Optimized
Lower cost HDD volume for frequently accessed, throughput-intenstive workloads.
-
streaming
-
big data
-
data warehousing
-
log processing
-
cannot be a boot volume
Cold
Lowest cost
-
Large volumes of infrequently accessed data
-
cannot be a boot volume
File System
IAM - Identify & Access Management
Create identities - users, groups, roles - and define policies to specify access.
An instance profile is a container for an IAM role. From that profile you can select a role to associate with the instance
Lets create a policy allowing a user full access to S3.
We've created the admin account and signed in as admin. Want to create a delegated user account.
Launching
Instance lifecycle states
EC2 Auto Scaling options
Scaling
scaling options
End section - Getting Started with Compute
EC2 Instance Connect:
one of several ways to SSH into instances
Pillars of AWS Well-Architected Framework
- Operational Excellence
- Reliability
- Security
- Sustainability
- Performance
- Efficiency
- Cost optimization
Instance types
- Lambda
- On-Demand
- Reserved
- Spot
IAM Demo
Note - When you first create an AWS account, you become the account Owner. AWS recommends creating an 'Admin' account for daily tasks. For this demo, that's alraedy been done and we're logged in as Admin.
As the admin, we created a folder in S3 for this demo. The goal here is to create a delegate user who can access the folder.
Navigate to IAM
Create a new User
IAM>Users>Add users
Create a new User Group
IAM>User groups>Create group
All users in this group will have access to S3.
Apply filter 's3'
Policy Link leads to the policy page
The policy page shows how the policy permissions work, here on the JSON tab. We can see that the policy allows actions. The actions apply to S3 and Lambda. The asterisks mean that all actions are allowed. The last item, the Resource key- Asterisk means grant full permissions to all items in S3.
to be continued...
Summary of all AWS Computing Services
EC2
Resizable compute capacity, provision virt servers "ec2 instances"
Lambda
Serverless - uload your code, you can set it up to auto launch from other AWS services or call it directly from any web or mobile app.
ECS - Elastic Container Service
Container managment system - You need an open-source ECS container agent on your EC2 instance, 'the container instance', then use API calls to control docker-enabled apps. Craete and manage new containers. Supports docker. You need a container instance - can be run on linux or AMI (windows amazon machine image).
EKS - Elastic Kubernetes Service
Start, run , and scale Kubernetes apps in Cloud or on prem. Provides secure clusters.
Fargate
Serverless compute engine for containers. Supports both ECS and EKS architectures.
Beanstalk
Services for deploying and sclaing we apps. Automatically handles deployment, capacity provisioning, load balancing, auto scaling and health monitoring.
Regions
Affects latency, and some data types must remain in-region for legal reasons.
The primary region for AWS is us-east-1
Regions - Isolated locations around the world where datacenters are clustered. Regions consist of 1 or more Availability Zones which are one of at least three discrete datacenters with redunant powre, networking, connectivity within a region. Files are redundalty copied between zones.
Not every service is a global service. Be careful about where you provision resources and note what regions have resourcse in them.
Security
Customers are responsbile for their security within the cloud.
-
Platform, Application, Identity and Access management, Data encryption
AWS is responsbile for the security of the cloud itself - Regions, Availability Zones, Edge Locations, Hardware and software infrastrucutre, Network and Virtualization infrastrcture.
Summary of all services
AWS
Provides cloud computing plaoforms and APIs on a metered, pay-as-you go basis. One of the foundational services is EC2 - Amazon Elastic Compute Cloud, enabling virtual clusters with high availablity. Subscribers can pay for a single virtual AWS computer, a dedicated physical computer, or clusters of either. The autoscaling process allows a client to scale resources up or down depending on needs.
Overall there are about 200 cloud services available to cover any possible need. Besides general-purpose services, it has dozens of more specialized services in machine learning, IoT, Media, and other categories. Here are some highlights:
Amazon EC2 (Elastic Compute Cloud)
This service lets you rent virtual servers in the cloud. Most of them are virtual machines, ranging from tiny two vCPU and 0.5Gb of RAM to beefy 96-core machines with 384 Gb of RAM. You can also rent physical dedicated servers with EC2. The service is designed for any workload, although you’ll still need to choose the best instances for your specific tasks. Besides generic ones, EC2 also offers cost-saving ARM instances and bare metal Mac minis.
Amazon ECR (Elastic Container Registry)
ECR is a highly available and high-performance container registry for easy storage, management, and deployment of your container images. Images can be private to your organization or shared worldwide. It works great with Amazon ECS, AWS Lambda, and AWS Fargate, enabling fast single-click deployments. It’s a fully managed service, and you pay only for the amount of data stored and data transferred over the internet.
Amazon ECS (EC2 Container Service)
ECS is a fully managed container orchestration service that enables you to run, scale, and secure Docker applications on Amazon EC2 and AWS Fargate. You can define multiple related containers and configure their various deployment parameters in task definitions.
Being a foundational pillar for critical Amazon services, it can natively integrate with Route 53, Secrets Manager, IAM, CloudWatch, and other services.
Amazon DynamoDB
DynamoDB is a high-performance managed NoSQL database that supports both key-value and document store. It can handle more than 10 trillion requests per day, with peaks of more than 20 million requests per second.
This durable and secure database with built-in in-memory caching, backups, and restore is the number one choice for many fastest-growing startups that demand low-latency data storage at any scale.
Amazon ElastiCache
This service offers fully managed Redis and Memcached as high-throughput and low-latency in-memory data stores for your cloud applications. ElastiCache’s primary purpose is to boost web applications’ performance by caching mission-critical data on top of slower databases. It is also suitable for session storage, real-time analytics, and other tasks.
Amazon Aurora
Aurora is a MySQL and PostgreSQL-compatible high-performance distributed relational database. Out of the box, it’s much faster than both MySQL and PostgreSQL and offers high security, availability, and reliability of traditional commercial databases. On top of that, it provides replication across three Availability Zones, point-in-time recovery, and continuous backup to Amazon S3.
Amazon RDS (Relational Database Service)
This service manages relational databases in the cloud. It takes care of hardware provisioning, database setup, patching, and backups. Amazon RDS supports various database engines like Amazon Aurora, PostgreSQL, MySQL, Microsoft SQL Server, Oracle Database, and MariaDB.
Amazon Route 53
Route 53 is an advanced, highly available, and scalable DNS Service. Besides simple IP lookups, it has sophisticated routing types like GeoDNS, Geoproximity, and Latency Based Routing. Together with health checks and DNS failover, this enables different fault-tolerant low-latency architectures configurable with a simple visual editor.
Amazon CloudFront
CloudFront is a fast and secure programmable content delivery network (CDN) that caches your content and APIs on globally scaled edge locations for more rapid responses. It also offers protection against multiple types of attacks, including network, transport, and application-layer DDoS attacks. CloudFront is cost-effective and deeply integrated with other AWS services like S3, EC2, Route 53, and Elastic Load Balancing.
Amazon API Gateway
API Gateway makes it easy to create, publish, monitor, and secure RESTful and WebSocket APIs. It handles traffic management, CORS, authorization and access control, throttling, monitoring, and API version management. API Gateway can process hundreds of thousands of concurrent API calls. It’s a fully managed service, and you pay only for the API calls your application receives and the amount of outgoing traffic.
AWS Elastic Load Balancing
Elastic Load Balancing distributes incoming application traffic across multiple servers, containers, or Lambda functions. It enables the application to handle more concurrent requests without affecting response time. Multiple request handlers
Amazon VPC (Virtual Private Cloud)
With Amazon VPC, you can create logically isolated virtual networks inside AWS. You have full control over the configuration of the network, its subnets, and routing tables. It’s possible to create a public-facing subnet with internet access for your web servers while keeping most of the backend infrastructure in a private subnet with no internet connection, making it much more secure.
Amazon S3 (Simple Storage Service)
Amazon S3 is a generic object storage service designed for incredible durability, high scalability, availability, security, and performance. It has various storage classes for different use cases. S3 automatically stores copies of objects across multiple systems. It offers a fine-grained access control system and auditing capabilities for compliance. Using Amazon Athena, you can analyze data in S3 at any scale with simple SQL queries.
Amazon S3 Glacier
For data archiving and long-term backups at extremely low-cost, Amazon offers S3 Glacier with extreme durability. There are three options for access to archives. Expedited retrievals typically return data in 1-5 minutes, standard generally complete in 3-5 hours, while the cheapest bulk retrievals take 5-12 hours to get large amounts of data.
Amazon EBS (Elastic Block Storage)
EBS is generic long-term high-performance block storage for EC2 instances. It’s designed for both throughput and transactional workloads and can scale to petabytes of data. You can choose different storage types with various throughput and latency suitable for your needs. The EBS replicates volumes within the Availability Zone, and you can use EBS Snapshots to backup your volumes to S3.
Amazon EFS (Elastic File System)
Amazon Elastic File System is a fully managed scalable elastic NFS. It grows and shrinks automatically, eliminating the need to provision and manually manage capacity. EFS is designed to provide massively parallel shared access to thousands of EC2 instances with a high level of aggregate throughput and IOPS, maintaining consistent latency.
Sources
squirrelworks