AWS

AWS Services Who's Who

Basic Concepts
- Types of Cloud Computing
  - Laas/Paas/Saas
    - IaaS - Infrastructure (network, computation, storage)
    - PaaS - Platform (managed hardware + OS)
    - SaaS - Software (end-user product such as email)
  - Cloud/Hybrid/On-premises
- Global Infrastructure
  - Region
    - Physical location
    - Have n Availability Zones
    - Completely isolated from each other
  - Availability Zone
    - 1..n discrete Data Centers, each
      - redundant power, networking, connectivity, in separate facilities
    - AZs isolated but in same Region connected with low-latency links
    - Designed as independent failure zone (flood, power, etc.)
- Security & Compliance
  - Model
    - AWS manages security OF the cloud, user manages apps IN the cloud
Management
- Management Console (web)
- Mobile app (view)
- CLI
- SDK
Computation
- EC2
  - Retain - boot partition
  - Integrate - AWS storage, RDBS, Virtual Private (VPC)
  - Storage
    - Root- content lost when terminated (or hardware failure, no redundancy)
    - Attached EBS : content not lost, can be separated from the instance
    - EFS: like a shared drive
  - Security
    - Locate in VPC with access control
    - ACL - inbound / outbound network access
    - IPSec VPN - connect to back office
    - Dedicated Instance - run on hardware dedicated to single customer
    - Dedicated Hosts - physical servers
  - Cost
    - On-demand Instances
    - Reserved Instances
    - Spot Instances
- EC2 Container (Elastic Container Service) / ECR (Elastic Container Registry)
  - Docker Containers
- EKS (Kubernetes)
- Fargate
  - Automated container launch
  - Vs. EC2 which is more customizable
- EC2 Container Registry
  - Integrated Docker registry
- Lightsail
  - Virtual private server with everything included
- Batch - batch tasks using EC2 & EC2 Spot
- Elastic Beantalk
  - Familiar server environment
- Lambda
  - Serverless
  - Can associate with specific AWS resources
  - Function responsive to events, such as
    - HTTP via AWS API Gateway
    - Modification to objects in Amazon S3 buckets
    - table update in Amazon DynamicDB
    - state transition in AWS Step functions
  - Usage scenario
    - custom logic to AWS resources
    - build back-end services
  - Language, supports
    - Java, Node.js, C#, Python
  - Completely automated administration
  - Code in response to CloudFront (content) requests (personalized content)
  - Orchestration - AWS Step Functions
    - define workflow of a collection of functions
  - Security
    - Allow access to other services through SDK
    - Integrate with AWS Identity & Access Management (IAM)
    - Runs within a VPC by default, can be configured to access resources behind own VPC
- Auto Scaling
Storage
- Simple Storage Service (S3)
  - Object (file) storage with web service interface
  - Purpose
    - as primary storage of app
    - bulk repository for analytics
    - target for backup & disaster recovery
    - with serverless computing
    - Can be automatically tiered into lower cost, longer-term cloud storage classes
      - S3 Standard - Infrequent Access
      - Amazon Glacier - archiving
  - Feature
    - REST-API & SDK
    - Backed up
    - Scalable - it just grows
    - Security - SSL transmission, auto encryption, bucket policies
    - Migration - network, physical disk-based (snowball edge, 400/job), or connector
- Elastic Block Storage (EBS)
  - Provide volumes for EC2
  - Replicated within AZ for HA & durability
  - Consistent & low-latency
    - SSD / HDD
  - Encryption, access management
  - Snapshots
- Elastic File System
  - Capacity grow and shrink automatically
  - Multiple EC2 instance can simultaneously access
    - provide common data source
- Glacier
  - low-cost archive
- Storage Gateway - bridge on-premises storage with cloud
Database
- Aurora (MySQL & PostSQL)
  - MySQL & PostgreSQL compatible RDBS
  - high performance & cost effective
  - security - encryption & transit
  - compatible - MySQL5.6 InnoDB engine
  - Backtrack
    - Able to quickly move data back to a time point without restoring from backup
    - Can be enabled at launch time for new clusters
    - Specify how far (at most 72 hours) can back track
    - Cost depends on frequency of update
  - HA&durability
    - recovery is transparent, instance fail-over <30s, 6 copies of data
- RDS (easy to go DB)
  - Fast & easy to go
  - 6 engines to choose
- DynamoDB (NoSQL)
  - NoSQL
  - Very fast (single-digit ms)
    - Automatically partitioning & SSD
  - Both document & key-value model
  - Event driven programming with Lambda
  - Access control with IAM
- ElastiCache (in-memory cache)
  - In-memory Cache
  - Engines - Redis / Memcached
- Redshife (data warehouse)
- Neptune (graph database)
Migration
Network & Content Delivery
- VPC (virtual private cloud)
  - a logically isolated cloud
  - sub-nets, IP ranges, route tables, gateways
  - can VPN with corporate data center
- CloudFront (CDN)
  - CDN
  - Work with S3, EC2, Elastic Load Balancing, ROute 53
  - Work with non-AWS server that stores the original files
- Route 53 (DNS routing)
  - cloud DNS
  - work with AWS infrastructure to route user to service
  - also able to route user outside of AWS
  - Manageable
    - latency-based, Geo, weighted round robin...
- Direct Connect (dedicated connection from premises to AWS)
- Elastic Load Balancing
  - distribute incoming traffic across multiple EC2 instances
  - [type] - [route based on]
    - classic - on application or network level information
    - application - advanced application-level including content of request
      - for microservice, container-based
Developer tools
- Code Commit (source control)
  - private Git
- Code Build (build & test & packaging)
- Code Deploy
- Code Pipeline (CI & CD)
- X-Ray (analyze & debug tools for distributed applications)
Management
- Cloud Watch (monitoring tools)
- EC2 System Manager (manage OS & software inventory)
  - software inventory
  - automatic OS patches
  - create system images
  - configure OS
- CloudFormation (infrastructure template & editor)
  - Easily create and manage a collection of related resources
  - Can use sample templates or create own templates
  - Version controlling the infrastructure like code
  - Visualize the template & drag&drop edit with designer
    - visualized JSON/YAML editor
- CloudTrail (API Call Trailer)
  - Records AWS API calls & send log
- AWS Config (inventory & configuration history)
  - Resource inventory
  - Configuration history
  - change notifications
  - automatically checking
- OpsWorks (Chef, automate server configuration as code)
  - Automate how server to be configured, deployed & managed
- Service Catalog (catalog for governance & compliance)
- Trusted Advisor (real-time guidance, analysis tool)
- Personal Health Dashboard (AWS events personalized)
  - Alerts & remediation guidance when AWS experience events
  - Notification for scheduled activities
- Managed Services
Security
- Cloud Directory (directory)
  - Directory service (AD, LDAP)
  - Multiple hierarchy dimention
- Identity & Access Management (IAM) (corporate users)
  - manage enterprise users who access AWS resource & services
- Cognito (user sign-up sign-in & data sync)
  - user sign-up, sign-in
  - support social ID
  - enables save data locally on user devices (allow user work offline)
    - then synchronize when online
- Inspector (automated assessment based on rules)
- Certificate Manager
  - request, deploy certificates
  - handles renewals
  - free
- CloudHSM (Hardware Security Module)
  - dedicated HSM, $/hour
- AWS Directory Service (Microsoft AD Enterprise)
- Key Management Service (KMS)
  - HSM based
  - Integrated with several other AWS services
  - Integrated with CloudTrail to log key usage
  - request based pricing, much cheaper than HSM
- Secrets Manager
  - Avoid hardcode secrets
  - Retrieve secrets with a call to Secrets Manager
  - Enables
    - audit secret rotation with built-in integration for RDS etc.
    - permission & audit
  - Extensible to other secrets
- Organizations (automate accounts)
  - Automate accounts
- Shield (DDos protection)
  - Standard - free, Advanced - yearly subscription
- WAF (web application firewall)
  - create rules to block
    - common attacks (SQL injection, cross-site scripting)
    - application specific rules
  - can be used to quick respond to an attack
  - with API to automate rules
- Firewall Manager (WAF rules manager)
- GuardDuty (threat detection)
- Macie (Machine learning data protection)
- Single Sign-On
- Artifact (audit & compliance portal)
Analytics
AI
Mobile
Application Services
- Step Functions (orchestrated components)
- API Gateway
  - create, public, maintain, monitor & secure API
  - as front door for access to back-end services
    - EC2, Lambda, or any web application
  - handles
    - accepting calls
    - traffic management
    - authorization & access control
    - monitoring
    - version management
- Elastic Transcoder (media transcodeing)
- SWF (Simple workflow)
Messaging
- SQS (Simple Queue Service)
  - transmit any volume of data
  - standard queue with at least once processing
  - FIFO queue with exactly once processing
- SNS (SMS, email & other push notification messages)
  - Simple Notification Service - push notifications
  - individual messages or fan-out messages
  - can deliver messages to SQS, Lambda functions or HTTP endpoint
- SES (Simple Email Service)
  - send email to customers
  - receive & deliver to S3 bucket then Lambda function
Business Productivity
Desktop & App Streaming
- Amazon WorkSpaces (Cloud Desktop)
- AppStream (stream desktop applications to browser)
IoT
Game

Google Sites

Report abuse