Abhiram's Blog

Cloud Computing and AWS in Breadth (Part-2)

Photo by Christian Wiediger on Unsplash

Cloud Computing and AWS in Breadth (Part-2)

Describing half of the AWS Services introduced in the previous part in a brief

Abhiram Satpute's photo
Abhiram Satpute
·

8 min read

Table of contents

Describing the predominant half of AWS

As per part 1, we introduced what cloud computing refers to in general terms and also one of the top providers which provide the services for it, namely the AWS.

We will discuss the services mentioned earlier based on those categories and especially those which have relatively more impact in the development phase.

Computation

  • Elastic Cloud Compute (EC2)
    AWS EC2 is one of the most popular AWS Services, which enables on-demand, scalable, and optimized (in terms of computing, memory, storage, etc.). Local storage and enhanced networking options available with a wide variety of EC2 instances further help optimize performance for workloads that are disk or network I/O bound. The EC2 was introduced as Infrastructure as a Service (IaaS) to reduce server allocation time, and provide automatic scaling, monitoring with alert systems, scheduled provisioning, etc.

  • Lambda & Lambda Edge
    AWS Lambda is a serverless, event-driven, automatically scalable, function-as-a-service to run virtually any type of application or backend service without the responsibility of provisioning or managing servers. With AWS Lambda, the computing resources scale up and back down automatically based on real-time demands.
    AWS Lambda can be set up and triggered to automatically run code in response to multiple events, such as HTTP requests via Amazon API Gateway or AWS SDK, modifications to objects in Amazon S3 buckets, table updates in Amazon DynamoDB, state transitions in AWS Step Functions, notification triggers from Amazon SNS, Amazon EventBridge, etc.

  • Auto Scaling & EC2 Auto Scaling
    AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. It provides UI to build plans regarding the same for resources such as EC2, ECS, DynamoDB, Aurora, etc.

  • AWS Elastic Beanstalk
    AWS Elastic Beanstalk helps in easily and rapidly deploying and scaling web apps and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on servers such as Apache, Nginx, etc. directly by using AWS Management Console, Git repository, etc. It automatically handles the deployment, from capacity provisioning, load balancing, and auto-scaling to application health monitoring. Behind the scenes, Elastic Beanstalk creates regular EC2 instances with Load Balancer that you will see in your AWS Console.

Storage and Databases

  • Simple Storage Service (S3)
    Amazon S3 is an object storage service offering industry-leading scalability, data availability, security, and performance. It offers a range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads. This storage is preferred for media files, logs, backups, etc.
    What separates S3 from a few other storage services is that it has flat structure object storage (no root folder), the data can be accessed from the outside irrespective of the S3's region via HTTP/HTTPS API access, the storage is metadata-driven (Attributes, Policy, etc.), etc. S3 storage classes are purpose-built to provide the lowest cost storage for different access patterns. E.g. Standard, Intelligent, Infrequent Access (IA), Glacier, Deep Archive, Outposts, etc.

  • Elastic File System / FSx for Windows
    Amazon Elastic File System (Amazon EFS provided a file system with hierarchical structure (root folder) and should be mounted on EC2 or on-premises servers. EFS automatically grows and shrinks as you add and remove files with no need for management or provisioning. The ideal use cases include shared file access, persist and share AWS containers and serverless apps, enhancing CMS (Content Management Systems), AI/ML and Big Data analytics workloads, etc.

  • Elastic Block Store (EBS)
    Amazon EBS is an easy-to-use, scalable, high-performance block-storage service designed for Amazon EC2. It allows you to create storage volumes and attach them to Amazon EC2 instances. Once attached, you can create a file system (root folder and subsequent folders) on top of these volumes, run a database, etc. They are designed such that the EBS of one EC2 cannot directly be accessed from another EC2, and are placed and automatically replicated in a specific availability zone.
    This storage is preferred for quick and low latency access to data, Boot/Data volumes for EC2s, Relational and NoSQL DB storage, etc.

  • Relational Database Service (RDS)
    RDS helps us to set up, operate, deploy and scale relational database engines of our choice and remove inefficient, complicated, time-consuming admin tasks. They provide high availability with Multi-Availability Zone deployments.

  • DynamoDB
    Amazon DynamoDB is a fully managed, serverless, key-value NoSQL database designed to run high-performance applications at any scale. It offers built-in security, continuous backups, automated multi-Region replication, in-memory caching, and data export tools.

  • ElastiCache
    It is a fully managed, in-memory caching service supporting flexible, real-time use cases. It can be used for caching or as a primary data store for use cases that don't require durability. ElastiCache is compatible with Redis and Memcached.

  • Aurora
    Amazon Aurora is a relational database management system (RDBMS) built for the cloud with full MySQL and PostgreSQL compatibility and provides the simplicity and cost-effectiveness of open-source databases. It also has up to 5X the throughput of MySQL and 3X the throughput of PostgreSQL (SysBench).

  • Neptune
    Amazon Neptune is a fast, reliable, fully-managed graph database service for apps such as identity (e.g. social graphs for personalization), knowledge (e.g. topical data to product catalogs, generalization), fraud graphs (e.g., graph queries for near-real-time identity fraud pattern detection in transactions), etc.

Authentication, Security, and Monitoring

  • Identity Access Management (IAM)
    IAM ensures that the AWS resources are accessed and are also allowed securely. You manage access in AWS by creating policies (often called Policy Documents) and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. Important terms for further references: users, groups, roles, and trust relationships.
    Pro Tips: protect root account at all costs, explicitly deny accesses in the policy documents, use least privilege models, etc.

  • Cognito
    Amazon Cognito User Pools provide a secure identity store that scales to millions of users. It also allowers users to sign in through social identity providers such as Apple, Google, Facebook, and Amazon, and through enterprise identity providers such as SAML and OpenID Connect. It is always a great strategy to combine IAM and Cognito to have better control over data security and access. Alternate options to Cognito include Auth0, Google Cloud Identity Platform, Firebase Auth, Okta, etc.

  • Key Management Service (KMS)
    AWS KMS lets you create, store, and manage KMS keys securely. The KMS keys never leave AWS KMS unencrypted. To use a KMS key in a cryptographic operation, you call AWS KMS.
    When you encrypt data, you need to protect your encryption key. If you encrypt your key, you need to protect its encryption key. Eventually, you must protect the highest level encryption key (known as a root key) in the hierarchy that protects your data, which is done by KMS.

  • AWS Certificate Manager (ACM)
    It provides provision, manages, and deploys public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and internal connected resources and removes the manual processes of purchasing, uploading, and renewing these certificates.

  • Web Application Firewall (WAF), Network Firewall, and Firewall Manager
    These services help to configure and manage firewall rules across accounts and applications. They also help in protecting the applications from common web exploits and bots, and deploy essential network protections for Amazon Virtual Private Clouds (VPCs).

  • Cloudwatch
    CloudWatch is a monitoring service to monitor the applications, services, and resources in the form of logs, metrics, and events. These data are used to detect anomalous behavior in environments, set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly and reduce mean time to resolution (MTTR).

Networking

  • Virtual Private Cloud (VPC)
    Amazon VPC gives you full control over your virtual networking environment (more like an exclusive intranet isolated from the public internet), including resource placement, connectivity, and security. We can add EC2 instances, RDS, etc. in it and define how the VPCs communicate with each other.

  • Route 53
    Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service somewhat similar to Cloudflare DNS, Google Cloud DNS, Azure DNS, etc.

  • Network Address Translation (NAT Gateway and Instance)
    A NAT gateway allows instances in a private subnet (VPC) to connect to services outside the VPC or the public internet based on the connectivity type. However, external services cannot initiate a connection with those instances. The NAT gateway replaces the source IP address of the instances with the IP address of the NAT gateway. NAT gateways provide better availability and bandwidth and require less attention as an admin as compared to NAT instances.

  • Elastic Load Balancing (ELB)
    ELB automatically distributes incoming application traffic across multiple targets and virtual appliances in one or more Availability Zones (AZs). ELB improves fault tolerance and detects unhealthy instances and automatically reroutes traffic to healthy instances until the unhealthy instances have been restored. It can also be used in VPCs to distribute traffic between application tiers in a virtual network.

  • API Gateway
    It is a service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale. API developers can create APIs that access AWS or other web services, as well as data stored in the AWS Cloud.
    The RESTful APIs are HTTP-based and enable HTTP methods such as GET, POST, PUT, PATCH, and DELETE, and enable stateless client-server communication. It also adheres to WebSocket protocol and routes incoming messages based on message content.

  • Direct Connect
    It creates a dedicated network connection and the shortest path to your AWS resources. While in transit, your network traffic remains on the AWS global network and never touches the public internet. This reduces the chance of hitting bottlenecks or unexpected increases in latency.

  • CloudFront
    It is a content delivery network (CDN) service built for high performance, security, and developer convenience. Alternative to AWS CDN are Cloudflare CDNs, Fastly, Akamai, etc.

That's all for this part, in the next one we will cover the rest of the categories - Analysis, Containerization, Application Integration, Developer Tools & Others. Stay tuned!

AWSDatabasesnetworkingSecurityCloud Computing