1. How to Build an AWS Application?
1. Set up using a private network with Amazon VPC
2. Place backend code on Amazon EC2 Instance (virtual machines, etc.)
3. Store data in databases like Amazon RDS or Amazon DynamoDB
4. Store image data in Amazon S3
5. Use Amazon CloudWatch for monitoring
6. To ensure scalability and distribution, add Elastic Load Balancer (ELB) and Amazon EC2 Auto Scaling
7. For security, use AWS IAM
2. How to Interact with AWS?
There are three ways to interact with AWS:
1. The AWS Management Console: Configure AWS using a web-based console
2. The AWS Command Line Interface (CLI): Configure AWS using the command line
3. AWS Software Development Kits (SDKs): Configure AWS using SDKs
3. AWS Accounts and Permissions
AWS accounts include root users and IAM (Identity and Access Management).
Root User: The first account created in AWS is called the root user, which has all permissions in AWS. We can log in to the web console using email/password or log in to the command line or API using access keys.
IAM (Identity and Access Management): IAM is a web service that allows you to manage access to AWS accounts and resources. It can also show who and what is allowed to authenticate (sign in) and be authorized (have permissions) to use resources in your AWS account. Some IAM-related concepts are as follows:
1. IAM User: Represents a person or service that interacts with AWS. We can create IAM Users in an AWS account. IAM user credentials include account passwords for logging into the web console and access keys for logging into the command line and API. IAM user credentials exist until an administrator forces a rotation.
2. IAM Group: A group of users. All users in the group inherit the permissions assigned to the group.
3. IAM Policy: We manage access to AWS by creating IAM policies and attaching them to IAM users, groups, and roles. Policies specify:
"Version": "2012-10-17",
"statement": [{
"Effect": "Allow",
"Action": [
"iam: ChangePassword",
"iam : GetUser"
]
"Resource": "arn:aws:iam::123456789012:user/${aws:username}"
}]
Effect: Whether the statement allows or denies access
Action: Describes the specific action that will be allowed or denied
Resource: Specifies the object(s) the policy statement covers
IAM Role: Represents a person or service that interacts with AWS and requires temporary credentials. Unlike IAM users, IAM roles do not have static login credentials; they are dynamic and are revoked after a period of time.
2. AWS Computing
The first building block needed for setting up an application is the server. Servers power applications by handling user requests and converting them into responses through providing CPU, memory, and network capacity.
There are several computing options available on AWS for setting up servers to run your infrastructure. Fundamentally, there are three types of computing options: virtual machines, container services, and serverless.
1. Amazon EC2
Amazon EC2 is a web service that allows the configuration of virtual servers called EC2 instances. When launching an EC2 instance, the first setting is to configure the desired operating system by selecting an Amazon Machine Image (AMI). An AMI can configure the desired operating system and also choose storage mappings, architecture types (such as 32-bit, 64-bit, or 64-bit ARM), and additional installed software.
EC2 instances are live instances defined in an Amazon Machine Image (AMI), similar to the relationship between classes and objects. When a new instance is launched, AWS allocates a virtual machine running on a hypervisor. The selected AMI is then copied to the root device volume, which contains the boot volume image. This results in a server where you can connect, install packages, and any other necessary software.
2. Amazon Container Service
Containers are standardized units used to package code and its dependencies. The package is designed to run reliably on any platform because containers create their own isolated environment. This makes it easy to transfer workloads from one place to another, such as from development to production or from on-premises to the cloud.
Docker is a popular container runtime that simplifies managing the entire OS stack required for container isolation, including networking and storage.
In AWS, containers run on EC2 instances. For large-scale compute management, you need to understand how to place containers on instances and handle container failures. AWS provides two container orchestration services: Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS).
Amazon ECS: An end-to-end container orchestration service that allows you to quickly launch new containers and manage them across a cluster of EC2 instances.
Amazon EKS: Ideal for running containers on Kubernetes, offering advanced orchestration with simplicity, high availability, and fine control over your infrastructure.
3. Serverless and AWS Lambda
Serverless computing is defined by four aspects:
● No need to configure or manage servers.
● Scales with usage.
● No payment for idle resources.
● Built-in availability and fault tolerance.
AWS provides several serverless computing options, including AWS Fargate and AWS Lambda.
AWS Fargate: A serverless compute engine built for containers, eliminating the need to choose and handle EC2 instances, cluster capacity, and scaling. It supports both Amazon ECS and Amazon EKS architectures.
AWS Lambda: Runs code without provisioning or managing servers or containers. Users upload source code, and Lambda handles everything needed to run and scale the code with high availability. Lambda functions have three main components: triggers, code, and configuration.
Code: The source code that describes what the Lambda function should do.
Configuration: Specifies how the function should run, including network placement, environment variables, memory, invocation type, permission sets, and other settings.
Triggers: Describe when the Lambda function should run, integrating Lambda functions with other AWS services to run in response to specific API calls in your AWS account.
3. AWS Networking
1. Networking Basics
Networking connects computers globally, allowing them to communicate. In the digital world, message passing between computers is handled through routing.
Each computer has an IP address, a combination of bits, 0s, and 1s.
IPv4 Notation: Uses 32 bits grouped into 8-bit sets, converted into decimal format separated by periods.
CIDR Notation: Starts with an IP address, followed by a slash (“/”) and a number indicating the fixed bits in the IP address. For example, 192.168.1.0/24 means the first 24 bits are fixed.
2. Amazon VPC
A VPC is an isolated network within the AWS cloud, similar to traditional networks in data centers. When creating a VPC, you choose three main components: VPC name, region, and IP address range in CIDR notation.
a) Subnets: Smaller networks within a VPC, used for high availability and providing different connectivity options for resources. You set the VPC name, availability zone, and IP address range in CIDR notation. EC2 instances are launched in subnets, located in chosen availability zones. To maintain redundancy and fault tolerance, create at least two subnets in different availability zones.
AWS reserves five IP addresses in each subnet for routing, DNS, and network management.
b) Gateways:
● Internet Gateway: Enables Internet connectivity for the VPC.
● Virtual Private Gateway: Connects AWS VPC to another private network. The customer gateway connects to the other private network. An encrypted VPN connection can be established between the two gateways.
c) Route Tables: Contain rules called routes that determine the direction of network traffic.
Main Route Table: Default configuration allows traffic between all subnets within the local network.
Custom Route Tables: Created for specific routing needs, allowing communication between resources and subnets within the VPC.
3. Network Security
There are two types of network security in AWS: ACLs (Access Control Lists) and Security Groups.
Network ACLs: Subnet-level firewalls controlling the types of traffic allowed to enter or leave a subnet. Default allows all traffic, but can be customized to restrict traffic based on requirements, such as allowing only HTTPS and RDP traffic for a web application.
Security Groups: EC2 instance-level firewalls, defaulting to block all inbound traffic and allow all outbound traffic.
4. AWS Storage
AWS storage services are categorized into three types: block storage, file storage, and object storage.
● File Storage: Organizes files in a tree hierarchy of folders and subfolders. Ideal for centralized access where files need to be shared and managed by multiple hosts.
● Block Storage: Divides files into fixed-size data chunks called blocks, each with its own address, allowing efficient retrieval. Ideal for low-latency operations in high-performance enterprise workloads like databases or ERP systems.
● Object Storage: Stores data as individual units (objects) in a flat structure. Useful for storing large datasets, unstructured files like media assets, and static assets like photos.
1. AWS Storage Services
a) Amazon EC2 Instance Store: Provides temporary block-level storage for instances, linked to the EC2 instance lifecycle. Ideal for temporary storage of changing information like buffers, caches, and staging data.
b) Amazon EBS: Elastic Block Storage, suitable for data that changes frequently and needs to persist even if the instance stops or terminates.
SSD-backed volumes: Performance depends on IOPS, ideal for transactional workloads like databases and boot volumes.
HDD-backed volumes: Performance depends on MB/s, suitable for throughput-intensive workloads like big data, data warehouses, log processing, and sequential data I/O.
c) Amazon S3: Standalone object storage solution, requiring objects to be stored in containers called buckets. Buckets require a name and AWS region during creation. S3 bucket policies, similar to IAM policies, specify allowed or denied operations on the bucket.
Amazon EFS and Amazon FSx: File storage solutions mountable to multiple EC2 instances.
2. AWS Databases
a) Relational Databases
Relational databases organize data into tables with rows and columns, allowing data in one table to link to data in another table, creating relationships. Managed using RDBMS (e.g., MySQL, PostgreSQL, Oracle, SQL Server, Amazon Aurora).
● Unmanaged Database: AWS handles physical infrastructure, users manage the EC2 instance, database, query optimization, and data security.
● Managed Database: AWS sets up and maintains EC2 instances and databases, providing high availability, scalability, patching, and backup systems. Users handle database tuning, query optimization, and data security.
b) Amazon DynamoDB
Amazon DynamoDB fully managed NoSQL database service offering fast and predictable performance and seamless scalability. Key components include tables, items, and attributes. DynamoDB uses primary keys to uniquely identify items and secondary indexes for greater query flexibility.
5. AWS Monitoring
Monitoring involves collecting, analyzing, and using data to make decisions or address IT resource and system issues. Data points created by resources are metrics, and over time, these metrics form statistics (e.g., average CPU utilization). AWS provides Amazon CloudWatch for monitoring and observability, collecting data mentioned in this module.
6. Optimization
System availability is often expressed as the percentage of uptime in a given year. To improve availability, redundancy is required, which usually means more infrastructure: data centers, servers, databases, and data replication. In AWS, several strategies optimize systems for high availability.
1. Load Balancing
Distributes tasks across a set of resources, using a load balancer to distribute requests across servers hosting the application. Requests from client browsers are sent to the load balancer, which then sends them to one of the EC2 instances, and the return traffic flows back through the load balancer to the client browser.
Elastic Load Balancing (ELB): Distributes incoming application traffic across EC2 instances, containers, IP addresses, and AWS Lambda functions. ELB consists of three main components:
● Listeners: Clients providing a port and protocol.
● Target Groups: Define the backend type for directing traffic (e.g., EC2 instances, AWS Lambda functions, or IP addresses).
● Rules: Conditions such as client source IP addresses and traffic redirection rules.
ELB Types:
● Application Load Balancer (ALB)
● Network Load Balancer (NLB)
2. Scaling
Different scaling methods are used for different types of systems (active-passive and active-active).
Vertical Scaling: Adding more power (CPU, RAM) to an existing machine.
Horizontal Scaling: Adding more machines to the resource pool.
The Amazon EC2 Auto Scaling service can automatically create and delete EC2 instances based on metrics from Amazon CloudWatch to handle this task. The ELB service integrates seamlessly with EC2 Auto Scaling.
EC2 Auto Scaling comprises three main components:
Launch Template or Configuration: Specifies which resources should be auto-scaled.
EC2 Auto Scaling Group: Defines where the resources should be deployed.
Scaling Policies: Determines when resources should be added or removed.
