This document discusses using Amazon Web Services (AWS) to host a web application. It outlines various AWS services that can be used for computing, content storage and delivery, databases, user management, security, availability, and monitoring of the application. These include EC2 for computing, S3 and EBS for content, RDS and DynamoDB for databases, IAM for user management, KMS and Certificate Manager for security, Availability Zones for high availability, and CloudWatch for monitoring.

1. LET’S ROLL WITH AMAZON
WEB SERVICES
A PRACTICAL USE CASE FOR AWS SERVICES

2. A TYPICAL EXAMPLE – A WEB APPLICATION

3. CONSIDERATIONS
• Computing
• Content
• Backend Databases services
• User Management and provisioning
• Application Security
• Availability
• Application Monitoring

4. COMPUTING
• Web applications need computing power to run the application
• Amazon Elastic Computing Cloud (EC2) provides scalable
compute capacity
• Amazon Elastic Beanstalk provides developers to just upload
their application code and Amazon handles resource
provisioning, load balancing, auto-scaling and monitoring

5. CONTENT
• Any web application needs a mechanism to store and serve content
to the users
• Amazon Simple Storage Service (S3) serves static content to users
• Amazon Elastic Block Storage (EBS) provides auto-scalable, auto-
replicated, fault tolerant block storage and can run a multitude of
workloads
• Amazon CloudFront provides low latency, high-speed data transfer
managed service to deliver dynamic, static, streaming or interactive
content to the users

6. BACKEND SERVICES
• All web-applications require a database and Amazon provides both
SQL, NoSQL, and data warehouse managed services for databases
• Amazon RDS provides support for relational databases like Amazon
Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and
MariaDB
• Amazon provides similar support for NoSQL databases through
Amazon DynamoDB and Amazon Redshift for data warehouses
• Applications use caching to boost performance and reduce access
time of data from disk-based systems
• Amazon ElastiCache comes to the rescue by providing a fast,
managed in-memory cache based on Memcached and Redis caching
engines

7. USER MANAGEMENT AND PROVISIONING
• The first step of securing an application is through the authentication
and authorization process
• Granularity of this process is maintained through the usage of user-
groups
• Amazon Identity Access Management provides services for fully
managed user management and provisioning
• For on premise (or AWS hosted) LDAP consumers, Amazon Directory
Services can plug-in to Active Directory of organizations and provide
SSO, group policies, and workload deployment

8. APPLICATION SECURITY
• Any application level data needs to be encrypted using public-private
encryption keys
• We will use Amazon Key Management Service (KMS) to control
application encryption keys
• It uses Hardware Security Modules to secure keys
• In-flight data is when it is most vulnerable and applications use
SSL/TLS certificates to secure communications between client and the
server
• Amazon Certificate Manager provides a managed services to create,
deploy and renew such certificates

9. AVAILABILITY
• Application availability is still a major concerns for all
stakeholders
• Amazon provides the concept of Availability Zones (AZ) which
enable applications to be available in multiple, isolated
geographies for fault tolerance
• Making an application run on multiple AZs has to be enabled
explicitly
• Requests are served from the nearest AZ to reduce network
transient time

10. APPLICATION MONITORING
• Application monitoring gives better insight into resource
utilization, performance bottlenecks and operational health and
stability
• It enables stakeholders to react timely to factors that might
prevent the application from running smoothly
• Amazon CloudWatch comes handy under these conditions to
provide managed services to collect and track application
metrics, log files, and establish thresholds