AWS

AWS Artifacts

  1. Access AWS compliance reports on-demand.
  2. Review, accept, and manage agreements with AWS.

A lot of services

Cloud computing

it is on demand delivery of IT resources (db, app, compute power etc etc) via internet as pay-to-go pricing

Benefits

Global infrusturcture

AWS regions

Local Zones

Wavelength Zone (5G)

Direct Connect locations (Hybrid AWS and on premises)

Edge locations CloudFront (cache copy, it is not region)

Regional edge cache

"CloudFront"

AWS Compute Services

VMs

Amazon Elastic Compute Cloud (EC2) (Basically VM)

Amazon EC2 scaling (Group EC2 instances)

Containers

Amazon Elastic Kubernetes Service (EKS)

Amazon Elastic Container Service (ECS)

Elastic Load Balancing (Balance incoming traffic between grouped EC2 instances)

Serverless (Triggers and functions, no need to provision or manage a server)

AWS Lambda function (max time 15min)

availability zones

instance type

General Pupose

Compute Optimized

Memory Optimized

Accelerated Computing (GPU)

Storage Optimized

Amazon Machine Images (AMI)

Auto Scaling Group (each web server in EC2 has same code)

Clients communicate with load balancer, load balancer communicates with EC2 instances

Gateway load balancer

App load balancer

Stateless architecture

AWS Storage Service

Block level storage

Object storage

Amazon Elastic Block Store (EBS)

Amazon Simple Storage Service (S3)

file storage

Amazon Elastic File System

Amazon FSx

AWS Database service

Relational DB

Amazon Relational Database Service (RDS)

Non-relational DB

Amazon DynamoDB

For Any DB

DB Cache

Amazon ElastiCache

AWS Networking Service

Amazon Virtual Private Cloud (virtual network in cloud)

Security Groups (virtual Firewall on instance level)

Route 53 (DNS)

VPC attached to region

Network Access Control Lists ( is firewall on subnet level )

Flow logs (log about all traffic in subnet)

AWS Security, Identity, and Compliance services

AWS shared responsibility model

AWS is responsible for the security of the cloud

Customers and APN partners are responsible for security in the cloud

Identity and Access Management (IAM)

AWS interface

AWS Management Console (AMC) - is graphical web interface

Command Line Interface (AWS CLI)

Software Development Kits (SDKs)

Subnets

Subnet attached to Availability Zone

Migration

Migration Readiness Assessment

7 R

  1. Rehost: list and shift (use 3-party migration tool)
  2. Relocate: Hypervisor-level lift and shift (simple relocate)
  3. Replatform: Lift, tinker(make slight changes), and shift (db server to aws supported db)
  4. Refactor (Bad during migration)
  5. Retire (shutting of non-useful app)
  6. Retain/Revisit (keep some apps on-premises)
    7.Repurchase

Cloud architecture best practices

  1. Design for failure and nothing fails

The Well-Architected Framework

Tool

CloudFormation

AWS Quick Starts

MultiAZ (Replica of DB so we have copy of that )

Subnets

route tables (Destination / Target, destination within network to Target)

Peering connection (connection between VPCs)

Read Replica

Performance

General Purpose Storage (gp2)

Provisioned IOPS (SSD) Storage

Magnetic Storage (for backward compatibility)

Multi-Master Clusters feature in Amazon Aurora DB (Read and Write for Scale out)

Durability

Creates multiple copies in other AZ for durability in case main db fails

IAM user & groups

Permissions

IAM roles (temporary session not permanent credentials )

IAM access analysis

High performance

Amazon DocumentDB (mongoDB)

Flexible Schema

High integration with AWS

Horizontal scability

Like JSON

Key-value no sql db

Amazon Neptune

Graph database (objects and relations between them)

Amazon ElastiCache and Amazon DynamoDB Accelerator

In memory DB (like Redis)

Amazon OpenSearch Service

DB for searching and analyzing

Feature consistent read

sort key and primary (partition) key

each item has attributes

Schema is defined per item

seamless integration with existing infrastructure

EC2 pricing

On Demand

EC2 saving plans

Instance Reservation

Spot Instance

Dedicated Host (On demand or reserved)

Microservice architecture

Amazon SNS (simple notification service) (receiver can be service web server or email and etc etc.)

Amazon SQS (simple queue service) - message is sent to queue, receiver gets and processes a message and message is removed from a queue

Where to run?

EC2 (lame!!)

AWS Fargate (serverless computing for containers)

different pricing (taxes etc etc)

Content Network Delivery (CDN)

Access Types

Public (internet gateway)

Private (Virtual Private Gateway)

Direct connect (direct fiber cable to aws data centers)

stateless (no memory)

stateful (have memory, can allow package if it is response)

S3 Standard

S3 Glacier

Write once/ read many(WORM)

S3 Standard Infrequent Access

S3 Lifecycle management

Editing of file is faster because updating only blocks of file, not entire object like in S3

It is AZ resource and attached to one EC2 instance (EC2 have to be in the same AZ)

2TB, it is not auto scalable

Auto scalable

multiple EC2 instances

Regional resource

Amazon Aurora

simple tables, no complex relations

Complex relations, not so simple tables

Amazon Redshift

Database warehouse for analytical purposes

Migration

Amazon Database Migration Service

Homogeneous Database

Target (PostgreSQL) to Source(PostgreSQL same type of db)

  1. Target can be on premises, EC2, or RDS
  2. Source can be EC2 or RDS

Click a button and DMS will take care of everything

Heterogeneous Database

Different scheme

AWS Organizations for managing multiple aws accounts

AWS Shield

Defends customers from DDoS attacks

AWS Key Management Service (AWS KMS)

AWS WAF

Amazon Inspector

Amazon GuardDuty

Multi-factor authentication (MFA)

Amazon CloudWatch (All Metric about cloud, custom alarms, dashboard)

Amazon CloudTrail (audit helping tool, logs every action done in cloud)

AWS Trusted Advisor (performs checks and recommends best practices)

Cost Savings

Performance

Security

Service Limits

Fault tolerance

Pricing

Billing dashboards

consolidated billing

AWS budget

Cost explorer

AWS Cloud Adoption Framework (CAF)

AWS CAF Action Plan

AWS CAF Perspectives

Business

People

Governance

This perspective responsible for finding needed skills and people for cloud adoption

Platform

Architecture and Patterns in a cloud

Security

Makes sure that all security requirements are fulfilled

Operations

defines how solution operates from day-to-day, month-to-month- year-to-year perspective

6 R's

Rehost

"lift-and-shift", just moving all structure to AWS cloud

Replatform

"lift, tinker, and shift" move architecture with small cloud optimization

Refactoring

Repurchasing

purchase new license for services

Retaining

Leaving some applications on on-premise

Retire

remove all excessive and not needed apps

AWS Snow Family

AWS SnowCone

AWS Snowcone is a small, rugged, and secure edge computing and data transfer device.


It features 2 CPUs, 4 GB of memory, and 8 TB of usable storage.

AWS SnowBall

AWS SnowMobile

Snowball Edge Storage Optimized

Snowball Edge Storage Optimized devices are well suited for large-scale data migrations and recurring transfer workflows, in addition to local computing with higher capacity needs.

Storage: 80 TB of hard disk drive (HDD) capacity for block volumes and Amazon S3 compatible object storage, and 1 TB of SATA solid state drive (SSD) for block volumes.

Compute: 40 vCPUs, and 80 GiB of memory to support Amazon EC2 sbe1 instances (equivalent to C5).

Snowball Edge Compute Optimized

Snowball Edge Compute Optimized provides powerful computing resources for use cases such as machine learning, full motion video analysis, analytics, and local computing stacks.

Storage: 42-TB usable HDD capacity for Amazon S3 compatible object storage or Amazon EBS compatible block volumes and 7.68 TB of usable NVMe SSD capacity for Amazon EBS compatible block volumes.

Compute: 52 vCPUs, 208 GiB of memory, and an optional NVIDIA Tesla V100 GPU. Devices run Amazon EC2 sbe-c and sbe-g instances, which are equivalent to C5, M5a, G3, and P3 instances.

AWS Snowmobile is an exabyte-scale data transfer service used to move large amounts of data to AWS.


You can transfer up to 100 petabytes of data per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi trailer truck.

AWS Well-Architected Framework

AWS Well-Architected Tool is helping tool in AWS console management

Pillars

Operational Excellence

Security

Cost optimization

Performance

Reliability

flexibility of small changes without disrupting a system, reliability and responsiveness of a system

Benefit from massive economics of scale

Do not pay for servers and data centers

stop guessing capacity

Increase speed and agility

Stop spending money on server maintenance

Go global in minutes

Internet gateway

Virtual private gateway (VPN connection)

AWS Direct Connect

inteligent tier