More Related Content
Similar to AWS Basic Practitioner Heena Talreja.pptx
Similar to AWS Basic Practitioner Heena Talreja.pptx (20)
AWS Basic Practitioner Heena Talreja.pptx
- 1. CONFIDENTIAL AND PROPRIETARY
© Encora 2023. Any use of this material without specific permission is strictly prohibited
AWS Basic Cloud Practitioner
Heena Talreja
Internal Use Only
Engineering Manager
- 2. 2
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Agenda for Today
Client Server Model
Section 1
Introduction to AWS
Section 2
AWS Global Infrastructure
Section 3
AWS Identity & Access Management (IAM)
Section 4
Q & A
Section 9
AWS Service Management
Section 5
Migration Services
Section 7
Architectural Best Practices
Section 8
Core Technologies
Section 6
- 4. 4
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Defining the Key Terms
Client-Server Model
What Is It?
In computing,
a client can be a web
browser or desktop
application that a
person interacts with
to make requests to
computer servers
A server can be
services such as
Amazon Elastic
Compute Cloud
(Amazon EC2), a type
of virtual server
Internet
Clients
Server
- 8. 8
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Comparing Cloud-Based, On-Premises & Hybrid
Deployment Models for Cloud Computing
Cloud-Based Deployment On-Premises Deployment Hybrid Deployment
Run all part of application in
the cloud
Migrate existing applications
to the cloud
Design & build new
applications in the cloud
Deploy resources by using
virtualization & resource
management tools
Increase resource utilization
by using application
management &
virtualization technologies
Connect cloud-based
resources to on-premises
infrastructure
Integrate cloud-based
resources with legacy IT
applications
- 9. 9
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
A Faster & More Global Presence
Advantages of Cloud Computing
What Are the Advantages?
Trade upfront expense
for variable expense
Stop spending money to
run & maintain data
centers
Stop guessing capacity
Benefit from massive
economies of sales
Increase speed & agility
Go global in minutes
- 11. 11
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Exploring the Regions
AWS Global Infrastructure
Source: https://www.researchgate.net/figure/Map-of-AWS-global-
infrastructure_fig1_350101944
Source: https://cloudacademy.com/blog/aws-global-infrastructure/
Each AZ is fully isolated from other AZs
within the Region
High Speed, low latency connection
between AZs within a region
Completely isolated from each other
Certain resources tied to regions
L o c a l Z o n e s
W a v e l e n g t h Z o n e s
D i r e c t C o n n e c t Z o n e s
E d g e L o c a t i o n s
R e g i o n a l E d g e C a c h e s
- 19. 19
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Policies Are Documents
AWS IAM Policies
Key Takeaways
Policy: Document
that grants or
denies permissions
to AWS services &
resources
Best Practice:
Follow the security
principle of least
privilege
Image Source:
https://www.w3schools.com/aws/aws
_cloudessentials_sec_userpermissions
andaccess.php
@2023, Amazon Web Services, Inc. Or its affiliates. All rights reserved.
- 20. 20
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Collection of IAM Users
AWS IAM Groups
Key Takeaways
Group: Collection of
IAM users that
inherit the policies
assigned to the
group
Best Practice:
Attach IAM Policies
to IAM groups,
rather than to
individual IAM users
Image Source:
https://www.w3schools.com/aws/a
ws_cloudessentials_sec_userpermis
sionsandaccess.php
@2023, Amazon Web Services, Inc. Or its affiliates. All rights reserved.
- 21. 21
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Temporary Access to Services or Resources
AWS IAM Roles
Roles
Identity that can be assumed by a person or service to gain temporary access to other AWS resources or
services
Image Source: https://aws.amazon.com/blogs/security/how-to-audit-cross-account-roles-using-aws-cloudtrail-and-amazon-cloudwatch-events/
(please refer to the AWS site for the original image & content)
@2023, Amazon Web Services, Inc. Or its affiliates. All rights reserved.
- 22. 22
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Question 1
What are the four main factors to consider when choosing a Region?
1. Latency, price, service availability, & compliance
2. Latency, high availability, taxes & compliance
3. Latency, taxes, speed & compliances
4. Latency, security, high availability & resiliency
Knowledge Check
- 23. 23
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Question 2
Which of the following accurately describes the relationship among Regions, Availability
Zones & data centers?
1. Availability Zones consists of one or more Regions - Regions are cluster of data
centers
2. Data centers are clusters of Availability Zones - Regions are clusters of Availability
Zones
3. Regions are clusters of Availability Zones - Availability Zones consist of one or more
data centers
4. Data centers are clusters of Regions. Regions are clusters of Availability Zones
Knowledge Check
- 25. 25
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Question 4
Users in a company are authenticated in their corporate network and want to use AWS without
signing in again
Which is the best option along with user federation or single sign-on to grant permissions?
1. IAM root user
2. IAM user
3. IAM role
4. IAM group
Knowledge Check
- 32. 32
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Core Technologies
Benefits of Amazon EC2
Elasticity
1
Control
2
Flexibility
3
Integrated
4
Reliable
5
Secure
6
Cost-Effective
7
Image Source: Image 1 - ttps://www.testpreptraining.com/tutorial/aws-certified-solutions-architect-professional-sap-c01/elasticity-and-scalability-in-aws/
Image 2 - https://help.thorntech.com/docs/sftp-gateway-classic/locked-out-of-ec2-instance/
Image 3 - https://www.datacamp.com/tutorial/aws-ec2-beginner-tutorial
- 35. 35
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Core Technologies
Automatically adjusts
resource capacity
Define where
Amazon EC2 Auto
scaling deploys
resources
Specify the
Amazon VPC & subnets
Amazon EC2 Auto Scaling Group
Image Source: https://aws.amazon.com/blogs/machine-
learning/configuring-autoscaling-inference-endpoints-in-
amazon-sagemaker/
(please refer to the AWS site for the original image & content)
- 36. 36
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Core Technologies
Automatically distribute traffic across
multiple EC2 instances
Configure health checks
Offload encryption & decryption
Types:
– Application Load Balancer (App
Layer)
– Network Load Balancer (Network
Layer)
– Gateway Load Balancer (Third-Party
Virtual Appliances)
Amazon Elastic Load Balancing (Amazon ELB)
Image Source: https://aws.amazon.com/blogs/aws/elb-connection-draining-
remove-instances-from-service-with-care/
(please refer to the AWS site for the original image & content)
- 38. 38
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Core Technologies
Amazon Elastic Block Store (Amazon EBS)
Image Source:
https://www.softnas.com/docs/softnas/v3/html/ebs_volumes_and_device_mapping_
print.html
Network attached block storage for use with Amazon
EC2 instances
Persists independently from instance
Used like a physical hard drive
Automatically replicated
Attached to any instance in the same AZ
One EBS volume to one EC2 instance
One instance to many EBS volumes
EMS volumes can retain data after EC2 instance
termination
Allow point-in-time snapshots to S3 GiB
increments
- 39. 39
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Core Technologies
Infinite scalability, greater analysis,
and faster data retrieval
– Highly scalable object storage
with 99.999999999%
durability
– And 99.99% availability
Amazon Simple Storage Service (Amazon S3)
Common S3 use cases:
– Data Lakes
– Backup & Storage
– Application hosting
– Media hosting
– Software delivery
Image Source: Obtained from AWS Practitioner Training (Do Not Distribute)
- 44. 44
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Core Technologies
Key Takeaways
Cloud Security at AWS is the highest priority
Inherit Benefits from data centers & network
architecture
Similar to on-premises data centers, without
maintaining facilities & hardware
Can be easily automated
Inherit all the best practices of AWS
One of the most important concepts to understand
AWS is designed to help build secure, high-
performing, resilient & efficient infrastructure for
applications
Security
- 49. 49
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Core Technologies
Security Group
Amazon EC2 Auto Scaling
Amazon Elastic Block Store (EBS)
Availability Zone
Block storage for Amazon EC2 instances
Virtual firewall providing security at the
instance level
Service maintaining availability of
resources by increasing or decreasing
capacity
Separate geographic area within an AWS
Region, designed to facilitate high
availability
Knowledge Check
- 58. 58
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Architectural Best Practices
Design for failure & nothing fails
– Avoid single points of failure
– Multiple instances
– Multiple Availability Zones
– Separate single server into multiple
tiered application
– For Amazon RDS, use Multi-AZ
feature
Design for failure & nothing fails
Build security in every layer
Leverage different storage options
Implement elasticity
Think parallel
Loose coupling sets you free
Don't fear constraints
Cloud Architectural Best Practices
- 59. 59
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Architectural Best Practices
Build security in every layer
– Encrypt Data at rest & in transit
– Enforce principle of least privilege in
IAM
– Implement both Security Groups &
Network Access Control List (NACL)
– Consider advanced security features
& services
Design for failure & nothing fails
Build security in every layer
Leverage different storage options
Implement elasticity
Think parallel
Loose coupling sets you free
Don't fear constraints
Cloud Architectural Best Practices
- 60. 60
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Architectural Best Practices
Leverage different storage options
– Move static web assets to Amazon S3
– Use Amazon CloudFront
– Store session state in DynamoDB
Design for failure & nothing fails
Build security in every layer
Leverage different storage options
Implement elasticity
Think parallel
Loose coupling sets you free
Don't fear constraints
Cloud Architectural Best Practices
- 61. 61
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Architectural Best Practices
Implement elasticity
– Implement Auto Scaling policies
– Architect resiliency to reboot &
relaunch
– Leverage managed scalable like
Amazon S3 & Amazon DynamoDB
Design for failure & nothing fails
Build security in every layer
Leverage different storage options
Implement elasticity
Think parallel
Loose coupling sets you free
Don't fear constraints
Cloud Architectural Best Practices
- 62. 62
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Architectural Best Practices
Think parallel
– Scale horizontally, not vertically
– Decouple compute from
session/state
– Use Elastic Load Balancing
– Right-size your infrastructure
Design for failure & nothing fails
Build security in every layer
Leverage different storage options
Implement elasticity
Think parallel
Loose coupling sets you free
Don't fear constraints
Cloud Architectural Best Practices
- 63. 63
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Architectural Best Practices
Loose coupling sets you free
– Instead of a single, ordered,
workflow, use multiple queues
– Use Amazon Simple Queue Service &
Simple Notification Service (SQS &
SNS)
– Leverage existing services
Design for failure & nothing fails
Build security in every layer
Leverage different storage options
Implement elasticity
Think parallel
Loose coupling sets you free
Don't fear constraints
Cloud Architectural Best Practices
- 64. 64
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Architectural Best Practices
Don't fear constraints
– Rethink traditional constraints
– Need more RAM?
– Better IOPS for databases?
– Response to failure?
Design for failure & nothing fails
Build security in every layer
Leverage different storage options
Implement elasticity
Think parallel
Loose coupling sets you free
Don't fear constraints
Cloud Architectural Best Practices
- 65. 65
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Well Architected Framework
A framework for ensuring infrastructures are:
– Secure
– High-performing
– Resilient
– Efficient
– Sustainable
Practices developed through reviewing customer’s architectures on AWS
Systematic approach for evaluating & implementing architectures
Well-Architected Tool in the console
Overview
- 67. 67
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Well Architected Framework
Well Architected Framework
Horizontal Scaling
Replatform
Rightsizing instances
N on-premised application to the cloud,
while making targeted cloud optimization
A critical resource to help you design
solutions following best practice
Add more resources to an application,
instead of more power to compute
resources
Reviewing deployed resources, seeking
opportunities to downsize instance types
Knowledge Check
- 68. 68
CONFIDENTIAL
AND
PROPRIETARY
©
ENCORA
2023
Case-Study
ABC Apparel is a large online clothing seller
We are in business since 8 yrs now & experienced steady growth since the beginning
We acquired a small company XYZ 2 months ago
They make unique custom t-shirts & hoodies
Their customer can design their own or they offer assists service to help with design
They have lot of musician & theatre group clients
I am regional IT director, so I absorbed their infrastructure
Their site does neat things, and we plan to keep it as it for time being, but we need to make it
lot robust
Performance is not good, during certain hours really slow to respond to users