This document provides a summary of an internship presentation on AWS solution architecture and development. It includes sections on designing resilient, high-performance, secure, and cost-optimized architectures on AWS. Some key points covered are designing for availability and fault tolerance using replication, decoupling, and reliable storage; providing scalable and high performance compute, storage, networking and databases; implementing secure access controls and encryption; and identifying cost-effective storage, compute, database and networking solutions on AWS. The presentation contains information to help design optimized and secure AWS architectures.

1. Central University Of Haryana
Final Semester Internship PPT
On
AWS Solution Architect and Developer
By
Shivji Prasad 11515
Department :CSE
School of Engineering
CUH

2. Table of Contents
❖ Design Resilient Architecture
❖ Design High-performance Architecture
❖ Design Secture Architecture
❖ Design Cost-optimize Architecture

3. Design Resilient Architecture
❖ Design Multi-Tier Architecture
❖ Design High Availability and Fault-Tolerance Architecture
❖ Design Decoupling Architecture
❖ Choose reliable Storage
❖ Design Multi-Tier Architecture

4. Design High Availability and Fault-Tolerance Architecture
Resource Replication Multiple-DC,Avoid Failure

5. Resilient Storage and Decoupling Mechanism

6. High-Performance Architecture
❖ Elastic and Scalable Compute Workload
➢ The ability to acquire resources as you need them and release resources when you no longer
need them.
➢ Service Like Lambda,ECS,EC2 , Fargate and so on
❖ High-Performance & Scalable Storage Workload
➢ Amazon FSx for Lustre is a fully managed high performance file system used for High Performance Computing
(HPC), machine learning and video redering applications. FSx for Lustre offers millions of IOPS, sub-millisecond
latencies and up to hundreds of GB/s of throughput.
❖ High-Performance & Scalable Networking Workload
➢ EFA, GLobal Accelerator and Route53 and CloudFront
➢ Placement Group
■ Cluster Placement Group
❖ High-Performance & Scalable Database Workload
➢ RDS Aurora and Aurora Severless, In-memory cache

7. Design Secure Application
❖ Design secure access to AWS resources
❖ Design Secure application tiers
❖ Choose appropriate Data security Options
Design secure access to AWS

8. Design secure access to AWS
❖ AWS Organisation
➢ It is used to manage several Aws account using SCP
❖ AWS SDK and AWS CLI
➢ It is used access AWS Software Development Kit and Command Line Interface
❖ AWS STS
➢ Security Token Service is a web service that enables you to request temporary, limited-privilege credentials for AWS
(IAM) users or for users that you authenticate (federated users).
❖ AWS Security Groups
➢ Firewall at Instance Level
❖ AWS NACL
➢ Firewall at subnet level
❖ AWS NAT Gateway
➢ A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway
so that instances in a private subnet can connect to services outside your VPC but external
services cannot initiate a connection with those instances.

9. Design Secure application tiers
❖ Using SSL with Application Load Balancer
➢ SSL load balancer performs the decryption of requests and encryption of responses that the
web or application server. It encrypts the server's response before returning to client.
❖ Using WAF:
➢ AWS WAF is a web application firewall that helps protect your web applications or APIs
against common web exploits and bots that may affect availability, compromise security,
consume excessive resources
❖ Using Firewall Manager
➢ AWS Firewall Manager is a security management service which allows you to centrally
configure and manage firewall rules across your accounts and applications in AWS
Organizations.
❖ Using Shield:
➢ AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that
safeguards applications running on AWS.

10. Choose appropriate Data security Options
❖ EBS encryption tightly integrates with KMS
❖ Server-Side Encryption with S3 managed keys (SEE-S3)
❖ Server-Side Encryption with KMS managed keys(SEE-KMS)
❖ Server-Side Encryption with Customer provide Key
❖ Client-Side Encryption with KMS managed Keys(CSE-KMS)
❖ Client-Side Encryption with Customer provide Key(CSE-C)

11. Cost-optimized Solution
❖ Identify cost-effective storage solution
❖ Identify cost-effective compute solution
❖ Identify cost-effective Database solution
❖ Identify cost-effective Network solution
Identify cost-effective storage solution

12. Identify cost-effective compute solution
❖ Spot Fleets = set of Spot Instances + (optional) On-Demand Instances
❖ Spot Instances: short workloads, cheap, can lose instances (less reliable)
❖ Spot Block :reverse instance for 1 to 6 hours
❖ Dedicated Hosts: book an entire physical server, control instance placement
❖ Dedicated Instances: no other customers will share your hardware
❖ On-Demand Instances: short workload, predictable pricing
❖ Reserved: (MINIMUM 1 year)
➢ Reserved Instances: long workloads
➢ Convertible Reserved Instances: long workloads with flexible instances
➢ Scheduled Reserved Instances: example – every Thursday between 3 and 6 pm

13. Identify cost-effective Networking solution
❖ Purchasing Options
❖ Backup Storage
❖ Snapshots Exports
❖ Database Storage
❖ I/O Pricing
❖ Data Transfer
Identify cost-effective Database solution
❖ AWS CloudFront
❖ AWS Direct Connect
❖ AWS VPN
❖ AWS VPC Endpoints
❖ AWS Global Accelerator

14. Thank You for Listening...