There’s limited knowledge of hardware location and their capabilities
Clouds may be limited to a single organization (enterprise clouds), or be available to many organizations (public cloud)
Cloud Computing
On-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user
Processing on the Internet or a private network where the exact processor location is unknown
The use of AWS can reduce hardware, operational and deployment costs;
AWS Benefits
Hardware Cost
Operational Cost
Deployment Cost
– upfront investment vs. usage-based cost
– operational cost to manage physical vs. virtual infrastructure;
– people can be freed to do other work;
– faster turn around on deployment;
– scale up and down as needed;
Resiliency
Performance
Capacity
– resiliency refers to recoverability from a failure (health monitoring);
– auto-scaling servers based on usage;
– capacity in terms of storage, cup, memory etc.
Cloud Computing Deployment Methods
Full Cloud Deployment/ All-In Cloud Deployment
All Components are in the cloud, including databases, processing, storage etc.
Nothing is available on-premises
Hybrid Deployment
Some resources are internal, while others are in the cloud
e.g. long-running processes on the cloud while others internally
e.g. archiving on the cloud as data is not needed for fast retrieval
Cloud Service Models
Infrastructure as a Service (IaaS)
The entire infrastructure is in the cloud, servers, network services etc.
Platforms and software run on other’s infrastructure
You must manage it all
Platform as a Service (PaaS)
You don’t manage the infrastructure
Applications are deployed onto the platform instead
Typical web hosting model
Software as a Service (SaaS)
Someone else develops the software, and you use it from the cloud
Early examples include email services (e.g. Gmail)
AWS Foundation Services
Compute
Storage
EC2 – Elastic Compute Cloud; the leading focus service of the exam; this is how to build an instance; manual setup & configuration.
Elastic Beanstalk – application-based environments that can be easily spun up; auto-config based specs;
Lambda – serverless apps; run code without servers;
EFS – Elastic File System; in relation to EC2 volumes/ drives;
Glacier – archives; the least expensive storage option;based on non-frequent access;
Storage Gateway – how to access cloud storage locally;
Databases
Migration
RDS – Relational Database Service; a fully managed service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud;
DynamoDB – NoSQL; a key-value and document database that delivers single-digit millisecond performance at any scale;
ElastiCache – a service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud;
Amazon Redshift – a fully managed, petabyte-scale data warehouse service in the cloud;
Amazon Migration Hub – importing data/ VMs into AWS; a single place to discover your existing servers, plan migrations and track the status of each application migration;
App Discovery Service – helps enterprise customers plan migration projects by gathering information about their on-premises data centers;
Database Migration Service
Server Migration Service
Snowball – service that uses physical storage devices to transfer large amounts of data between S3 and onsite data storage location at faster-than-internet speeds;
Network & Content Delivery
Mgmt & Governance
VPC – Virtual Private Cloud, a virtual network dedicated to an AWS account. It is logically isolated from other virtual networks in the AWS Cloud;
CloudFront – a web service that speeds up distribution of your static and dynamic web content, such as HTML, CSS, JavaScript, and image files, to your users;
Route 53 – a highly available and scalable cloud Domain Name System (DNS) web service.
API Gateway – management tool to create, configure, and deploy an APIs;
Direct Connect – used to establish private connectivity between AWS and a private data center, office, or the collocated environment;
CloudWatch – a monitoring and management service that provides data and actionable insights for AWS, hybrid, and on-premises applications and infrastructure resources;
Auto Scaling – a service that lets you build scaling plans that automate how groups of different resources respond to changes in demand;
Organizations – an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage;
CloudFormation – a service that gives developers and businesses an easy way to create a collection of related AWS and third-party resources and provision them in an orderly and predictable fashion;
CloudTrail – a service that enables governance, compliance, operational auditing, and risk auditing of an AWS account;
Trusted Advisor – it helps to observe best practices for the use of AWS by inspecting environment to save money, improve system performance and reliability, and closing security gaps;
Config – a service that enables you to assess, audit, and evaluate the configurations of your AWS resources;
Analytics
Sec & Compliance
Kinesis – a service for processing big data in real-time. It is capable of processing hundreds of terabytes per hour from high volumes of streaming data from sources such as operating logs, financial transactions and social media feed;
IAM – Identity and Access Management; It enables you to manage access to AWS services and resources securely.
Cognito – a simple user identity and data synchronization service that helps you securely manage and synchronize app data for your users across their mobile devices.
Inspector – an automated security assessment service that helps improve the security and compliance of applications deployed on AWS;
CloudHSM – a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud;
Directory Services – it lets you run Microsoft Active Directory (AD) as a managed service;
WAF – Web Application Firewall;
Shield – a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS;
App Integration
Cost Mgmt
SNS – Simple Notification Service; a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications;
SQS – Simple Queue Service; a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless application;
AWS Cost Explorer – it lets you visualize, understand, and manage your AWS costs and usage over time;
AWS Budgets – give you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount;
Media Services
End User Computing
Elastic Transcoder – a media transcoding in the cloud;
Kinesis Video Streams – a service that makes it easy to securely stream video from connected devices to AWS for analytics, machine learning (ML), playback, and other processing.
WorkSpaces – a cloud-based virtual desktop that can act as a replacement for a traditional desktop;
AppStreams 2.0 – a fully managed application streaming service. You centrally manage your desktop applications on AppStream 2.0 and securely deliver them to any computer;
Shared Responsibility Model
AWS customer is responsible for the security of their data and client-side ops, while AWS is responsible for the security of its services and infrastructure.
Regions and Availability Zones
Regions – a physical location or a boundary within AWS that consists of two or more Availability Zones.
Availability Zone– one or more discrete data centers with redundant power and networks; housed in separate facilities;
Edge Areas –endpoints for AWS, which are used for caching content. They are typically consisting of CloudFront, Amazon’s Content Delivery Network (CDN).
A Comprehensive Guide Understanding Terraform’s basic building blocks is crucial for effective infrastructure management. This guide covers essential components and best practices for structuring your Terraform code. Core Building Blocks Provider Configuration Providers are your Read more…
The Infrastructure as Code Tool Terraform has revolutionized how we manage cloud infrastructure. This powerful tool, created by HashiCorp, enables developers and operations teams to define infrastructure using code rather than clicking through cloud provider Read more…
Simplified Multi-Account Management AWS Control Tower provides a streamlined way to set up and govern a secure, multi-account AWS environment. This service automates the setup of baseline environments using AWS best practices, making it easier Read more…