The document discusses cloud computing concepts including compute servers, virtual machines, hypervisors, cloud services models (IaaS, PaaS, SaaS), and cloud deployment models. Compute servers have CPUs, memory, storage, and networking components. Virtual machines isolate operating systems and allow multiple systems to run on a single physical server. Hypervisors manage virtual machines and come in type 1 (bare metal) and type 2 (hosted on an OS). IaaS provides infrastructure resources, PaaS provides platforms and tools, and SaaS provides complete software applications. Clouds can be public, private on-premises, or hybrid.
AWS Cloud Computing Concepts provides an overview of cloud computing concepts including compute, infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). Compute refers to physical servers running operating systems and networking. IaaS provides access to compute instances, storage, and networking where users manage the operating system. PaaS removes infrastructure management, allowing users to focus on application deployment. SaaS provides completed software products managed by the service provider that users access over the internet.
The document discusses cloud computing from the perspectives of application developers, quality assurance teams, and enterprises. It provides rationales for why cloud computing can reduce capital expenditures and operational expenditures compared to maintaining their own on-premise hardware and software. The document also summarizes the NIST definition of cloud computing and describes its essential characteristics, service models, and deployment models.
Introduction Cloud Computing, Basics about cloud computing, This ppt contains information about cloud model such as Iaas, Paas, Saas and Hybrid Cloud and platform available to create your own cloud.
--session donnée lors du SQL Saturday Lisbon 2015--
Data Management Gateway (and also AS Connector) is what make modern Microsoft BI stack hybrid. Power BI and Azure Data Factory use that component to interact with On-Prem Data assets.
That session is a Deep dive into the DMG and the hybrid architecture involved by Power BI and ADF. How does it work ? Security, Firewall, Certificates, Multiple gateways, Admin delegation, Scale out, Disaster Recovery…. All that topics will be covered during that technical session.
This document provides an overview of architecting applications for the AWS cloud. It discusses key AWS cloud computing attributes like scalability, on-demand provisioning, and efficiency of experts. It also outlines best practices like designing for failure, loose coupling, dynamism, and security. Specific AWS services are mapped to common application needs like compute, storage, content delivery, databases, and more. Overall the document aims to educate readers on how to leverage AWS architectural principles and services.
The document provides an overview of cloud computing concepts including definitions, characteristics, deployment and service models. It defines cloud computing as providing on-demand access to computing resources and applications over the internet. The key characteristics are on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. The common deployment models are public, private and hybrid clouds. The main service models are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
** Diadem Technologies | Cloud Computing | Nasscom Workshop in Kolkata **
Diadem Technologies is a leading web hosting service provider, specialising in providing managed and customised hosted solutions for its 1500+ clients.
The document provides an introduction to cloud computing. It begins with an overview of the course agenda and then defines cloud computing. It discusses the three main service models of cloud computing: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). The document then provides examples of each service model and their advantages. It also discusses public and private cloud models as well as cloud architecture, including load balancing, data centers, and virtualization. The document concludes with a discussion of the future of cloud computing including Kubernetes and containerization.
AWS Cloud Computing Concepts provides an overview of cloud computing concepts including compute, infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). Compute refers to physical servers running operating systems and networking. IaaS provides access to compute instances, storage, and networking where users manage the operating system. PaaS removes infrastructure management, allowing users to focus on application deployment. SaaS provides completed software products managed by the service provider that users access over the internet.
The document discusses cloud computing from the perspectives of application developers, quality assurance teams, and enterprises. It provides rationales for why cloud computing can reduce capital expenditures and operational expenditures compared to maintaining their own on-premise hardware and software. The document also summarizes the NIST definition of cloud computing and describes its essential characteristics, service models, and deployment models.
Introduction Cloud Computing, Basics about cloud computing, This ppt contains information about cloud model such as Iaas, Paas, Saas and Hybrid Cloud and platform available to create your own cloud.
--session donnée lors du SQL Saturday Lisbon 2015--
Data Management Gateway (and also AS Connector) is what make modern Microsoft BI stack hybrid. Power BI and Azure Data Factory use that component to interact with On-Prem Data assets.
That session is a Deep dive into the DMG and the hybrid architecture involved by Power BI and ADF. How does it work ? Security, Firewall, Certificates, Multiple gateways, Admin delegation, Scale out, Disaster Recovery…. All that topics will be covered during that technical session.
This document provides an overview of architecting applications for the AWS cloud. It discusses key AWS cloud computing attributes like scalability, on-demand provisioning, and efficiency of experts. It also outlines best practices like designing for failure, loose coupling, dynamism, and security. Specific AWS services are mapped to common application needs like compute, storage, content delivery, databases, and more. Overall the document aims to educate readers on how to leverage AWS architectural principles and services.
The document provides an overview of cloud computing concepts including definitions, characteristics, deployment and service models. It defines cloud computing as providing on-demand access to computing resources and applications over the internet. The key characteristics are on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. The common deployment models are public, private and hybrid clouds. The main service models are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
** Diadem Technologies | Cloud Computing | Nasscom Workshop in Kolkata **
Diadem Technologies is a leading web hosting service provider, specialising in providing managed and customised hosted solutions for its 1500+ clients.
The document provides an introduction to cloud computing. It begins with an overview of the course agenda and then defines cloud computing. It discusses the three main service models of cloud computing: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). The document then provides examples of each service model and their advantages. It also discusses public and private cloud models as well as cloud architecture, including load balancing, data centers, and virtualization. The document concludes with a discussion of the future of cloud computing including Kubernetes and containerization.
Introduction to Cloud computing and Microsoft azureShravandeepYadav
Basic introduction to Cloud Computing and microsoft azure. Journey of Cloud computing. Journey of azure certification.Microsoft azure Services. Azure Subsricptions.
Third year diploma in Information technology
The document provides an overview of cloud computing fundamentals including:
- The cloud computing industry is growing rapidly with worldwide revenue projected to reach $150.1 billion by 2013.
- Businesses are increasingly adopting cloud solutions to reduce costs and improve flexibility.
- The document discusses key cloud concepts like service models, deployment models, and examples of major cloud vendors.
- Security is a major concern for organizations adopting cloud solutions.
This document provides an overview of cloud architecture and cloud computing reference architecture. It discusses:
1. The scope covers defining functional requirements and reference architecture for cloud computing, including functional layers, blocks, and service architectures.
2. The cloud computing reference architecture includes layers like the user layer, access layer, services layer, resources and network layer, and cross-layer functions. It also describes functional blocks within these layers.
3. Requirements for cloud architecture are outlined, such as supporting standards, deployment models, and enabling services to appear like intranet services.
Hadoop is an open-source framework that allows distributed processing of large datasets across clusters of computers. It has two major components - the MapReduce programming model for processing large amounts of data in parallel, and the Hadoop Distributed File System (HDFS) for storing data across clusters of machines. Hadoop can scale from single servers to thousands of machines, with HDFS providing fault-tolerant storage and MapReduce enabling distributed computation and processing of data in parallel.
Unique Ways Veritas can Supercharge your AWS Investment - Session Sponsored b...Amazon Web Services
Information is the lifeblood of the modern enterprise! Yet there are escalating challenges around information explosion, fragmentation and availability.
Moving data and workloads to the cloud undoubtedly brings efficiencies, cost savings and new capabilities – however there are a raft of critical issues to consider before, during and after this significant transition.
Addressing such concerns requires a renewed focus on the information. Recognition that more data does not equal more value - and that adding yet more infrastructure isn't going to solve anything.
Veritas address these new information challenges head-on! With Information Insight, Business Continuity, High Availability and Backup and Disaster Recovery solutions that operate seamlessly across on-premise, private cloud and the AWS public cloud.
Technology experts from Veritas resolve these questions while profiling exciting new developments around Data Insight, Veritas Risk Advisor, Veritas Resiliency Platform and NetBackup that significantly enhance the AWS environment
Speakers: Dave Hamilton, Distinguished Engineer, Storage and Availability, Veritas & Ian Fehring, Senior Technical Engineer, Veritas
Announcing Symantec & Microsoft’s Azure Cloud Disaster Recovery as a Service ...Symantec
Symantec today announced it will extend Symantec’s Storage Foundation High Availability for Windows and Veritas Volume replicator disaster recovery (DR) software solution to the Windows Azure cloud platform. Symantec’s solution will allow organizations of any size to recover business critical applications and their associated data in Windows Azure in the event of a local failure or site disaster. The solution will expand the ability of Symantec’s existing business continuity solutions for Microsoft Corp., providing on-premise-to-cloud disaster recovery as a service (DRaaS).
SaaS (Software as a Service) involves hosting applications online and providing access to customers via the internet on a pay-per-use basis. Some key benefits of SaaS include lower upfront costs than purchasing software licenses, reduced IT requirements as maintenance is handled by the provider, and the ability to access applications from anywhere. However, SaaS also presents security and availability risks if the provider's systems go down. Service level agreements are used to define the service quality customers can expect.
The document provides recommendations for books on cloud computing concepts and technologies. It then discusses the history and drivers of the Fourth Industrial Revolution powered by cloud, social, mobile, IoT, and AI technologies. The document defines cloud computing and discusses characteristics such as on-demand access to computing resources, utility computing models, and service delivery of infrastructure, platforms, and applications. It also outlines some major cloud platform providers including Eucalyptus, Nimbus, OpenNebula, and the CloudSim simulation framework.
This document provides an overview of virtualization and cloud computing technologies. It defines virtualization as using software to allow multiple operating systems to run on a single hardware host. A hypervisor manages shared access to the physical resources. The document outlines the history of virtualization and describes popular virtualization platforms like Hyper-V, VMware vSphere, and cloud services from Amazon Web Services, Google Apps, and Windows Azure. Benefits of cloud computing include reduced costs, increased storage, flexibility, and mobility. Public, private and hybrid cloud models are discussed along with case studies of major cloud providers.
AWS provides a wide range of cloud computing services including compute, storage, databases, analytics, machine learning, and more. The document discusses key AWS services such as EC2 for virtual servers, S3 for object storage, DynamoDB for NoSQL databases, Lambda for serverless computing, and others. It also covers AWS concepts like regions, availability zones, deployment models, and service models.
The document discusses cloud architecture and describes the different layers of cloud computing including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It explains how virtualization allows for the pooling of computing resources and rapid provisioning of these resources. The document also discusses multi-tenancy and how a single software instance can be configured for multiple tenants' needs in a SaaS environment. As an example, it describes how a payroll processing application currently used by multiple government departments could be migrated to a cloud environment for improved maintenance and reduced costs.
This document provides an overview of Azure SQL DB environments. It discusses the different types of cloud platforms including IaaS, PaaS and DBaaS. It summarizes the key features and benefits of Azure SQL DB including automatic backups, geo-replication for disaster recovery, and elastic pools for reducing costs. The document also covers pricing models, performance monitoring, automatic tuning capabilities, and security features of Azure SQL DB.
Enterprise Cloud Architecture Best PracticesDavid Veksler
Introduction to cloud service models - IAAS, SAAS, PAAS.
Best practices for enterprise cloud service architecture, with a focus on Western companies operating in the China market.
Comparison of Azure and AWS from cost and feature perspective.
This document discusses 5 patterns for building high performance web applications on AWS:
1. Decoupling application components to improve scalability and manageability.
2. Scaling out horizontally by adding more instances to handle increased load.
3. Optimizing for cost by using reserved instances, spot instances, and autoscaling.
4. Calibrating resources for CPU or I/O performance based on application needs.
5. Automating operations to reduce manual work and enable dynamic scaling.
Microsoft Azure is a cloud computing service that provides infrastructure, platform and software services through global data centers. It supports virtual machines, web apps, storage, databases, analytics and more. Azure uses a specialized operating system called Microsoft Azure to manage computing resources across its global fabric layer.
Facebook's data center fabric provides scalable networking infrastructure to support increasing traffic and new products. It uses ECMP routing and multi-speed links for load balancing. The fabric is designed as a non-oversubscribed environment and uses automation tools to manage topology changes.
Google's first data centers used donated hardware from Sun, Intel and IBM. It has numerous centers worldwide with large facilities in the US, Europe and Asia. Google developed software for
Cloud computing and Cloud Security - Basics and TerminologiesTechsparks
Cloud Computing is a new trending field these days and is an Internet-based service. It is based on the concept of virtualization.
http://www.techsparks.co.in
IBM Bluemix is a cloud platform that allows users to build, deploy and manage applications. It is built on Cloud Foundry and supports various programming languages and services. Bluemix provides tools for continuous delivery and is optimized to improve developer productivity. It offers a catalog of services that can be integrated into applications without needing to manage the underlying infrastructure.
Cloud computing provides on-demand access to computing resources like servers, storage, databases and applications via the internet. There are three main cloud computing models: Infrastructure as a Service (IaaS) provides basic computing infrastructure like servers and storage; Platform as a Service (PaaS) provides platforms to build and deploy applications without managing the underlying infrastructure; Software as a Service (SaaS) provides complete software solutions that are managed by the service provider. Virtualization allows multiple virtual machines to run on the same physical server, isolating each from the other.
This document discusses cloud computing and its various models and architectures. It provides definitions of software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). It also describes the advantages of each model and discusses public cloud, private cloud, hybrid cloud, and cloud computing penetration compared to traditional in-house systems.
Introduction to Cloud computing and Microsoft azureShravandeepYadav
Basic introduction to Cloud Computing and microsoft azure. Journey of Cloud computing. Journey of azure certification.Microsoft azure Services. Azure Subsricptions.
Third year diploma in Information technology
The document provides an overview of cloud computing fundamentals including:
- The cloud computing industry is growing rapidly with worldwide revenue projected to reach $150.1 billion by 2013.
- Businesses are increasingly adopting cloud solutions to reduce costs and improve flexibility.
- The document discusses key cloud concepts like service models, deployment models, and examples of major cloud vendors.
- Security is a major concern for organizations adopting cloud solutions.
This document provides an overview of cloud architecture and cloud computing reference architecture. It discusses:
1. The scope covers defining functional requirements and reference architecture for cloud computing, including functional layers, blocks, and service architectures.
2. The cloud computing reference architecture includes layers like the user layer, access layer, services layer, resources and network layer, and cross-layer functions. It also describes functional blocks within these layers.
3. Requirements for cloud architecture are outlined, such as supporting standards, deployment models, and enabling services to appear like intranet services.
Hadoop is an open-source framework that allows distributed processing of large datasets across clusters of computers. It has two major components - the MapReduce programming model for processing large amounts of data in parallel, and the Hadoop Distributed File System (HDFS) for storing data across clusters of machines. Hadoop can scale from single servers to thousands of machines, with HDFS providing fault-tolerant storage and MapReduce enabling distributed computation and processing of data in parallel.
Unique Ways Veritas can Supercharge your AWS Investment - Session Sponsored b...Amazon Web Services
Information is the lifeblood of the modern enterprise! Yet there are escalating challenges around information explosion, fragmentation and availability.
Moving data and workloads to the cloud undoubtedly brings efficiencies, cost savings and new capabilities – however there are a raft of critical issues to consider before, during and after this significant transition.
Addressing such concerns requires a renewed focus on the information. Recognition that more data does not equal more value - and that adding yet more infrastructure isn't going to solve anything.
Veritas address these new information challenges head-on! With Information Insight, Business Continuity, High Availability and Backup and Disaster Recovery solutions that operate seamlessly across on-premise, private cloud and the AWS public cloud.
Technology experts from Veritas resolve these questions while profiling exciting new developments around Data Insight, Veritas Risk Advisor, Veritas Resiliency Platform and NetBackup that significantly enhance the AWS environment
Speakers: Dave Hamilton, Distinguished Engineer, Storage and Availability, Veritas & Ian Fehring, Senior Technical Engineer, Veritas
Announcing Symantec & Microsoft’s Azure Cloud Disaster Recovery as a Service ...Symantec
Symantec today announced it will extend Symantec’s Storage Foundation High Availability for Windows and Veritas Volume replicator disaster recovery (DR) software solution to the Windows Azure cloud platform. Symantec’s solution will allow organizations of any size to recover business critical applications and their associated data in Windows Azure in the event of a local failure or site disaster. The solution will expand the ability of Symantec’s existing business continuity solutions for Microsoft Corp., providing on-premise-to-cloud disaster recovery as a service (DRaaS).
SaaS (Software as a Service) involves hosting applications online and providing access to customers via the internet on a pay-per-use basis. Some key benefits of SaaS include lower upfront costs than purchasing software licenses, reduced IT requirements as maintenance is handled by the provider, and the ability to access applications from anywhere. However, SaaS also presents security and availability risks if the provider's systems go down. Service level agreements are used to define the service quality customers can expect.
The document provides recommendations for books on cloud computing concepts and technologies. It then discusses the history and drivers of the Fourth Industrial Revolution powered by cloud, social, mobile, IoT, and AI technologies. The document defines cloud computing and discusses characteristics such as on-demand access to computing resources, utility computing models, and service delivery of infrastructure, platforms, and applications. It also outlines some major cloud platform providers including Eucalyptus, Nimbus, OpenNebula, and the CloudSim simulation framework.
This document provides an overview of virtualization and cloud computing technologies. It defines virtualization as using software to allow multiple operating systems to run on a single hardware host. A hypervisor manages shared access to the physical resources. The document outlines the history of virtualization and describes popular virtualization platforms like Hyper-V, VMware vSphere, and cloud services from Amazon Web Services, Google Apps, and Windows Azure. Benefits of cloud computing include reduced costs, increased storage, flexibility, and mobility. Public, private and hybrid cloud models are discussed along with case studies of major cloud providers.
AWS provides a wide range of cloud computing services including compute, storage, databases, analytics, machine learning, and more. The document discusses key AWS services such as EC2 for virtual servers, S3 for object storage, DynamoDB for NoSQL databases, Lambda for serverless computing, and others. It also covers AWS concepts like regions, availability zones, deployment models, and service models.
The document discusses cloud architecture and describes the different layers of cloud computing including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It explains how virtualization allows for the pooling of computing resources and rapid provisioning of these resources. The document also discusses multi-tenancy and how a single software instance can be configured for multiple tenants' needs in a SaaS environment. As an example, it describes how a payroll processing application currently used by multiple government departments could be migrated to a cloud environment for improved maintenance and reduced costs.
This document provides an overview of Azure SQL DB environments. It discusses the different types of cloud platforms including IaaS, PaaS and DBaaS. It summarizes the key features and benefits of Azure SQL DB including automatic backups, geo-replication for disaster recovery, and elastic pools for reducing costs. The document also covers pricing models, performance monitoring, automatic tuning capabilities, and security features of Azure SQL DB.
Enterprise Cloud Architecture Best PracticesDavid Veksler
Introduction to cloud service models - IAAS, SAAS, PAAS.
Best practices for enterprise cloud service architecture, with a focus on Western companies operating in the China market.
Comparison of Azure and AWS from cost and feature perspective.
This document discusses 5 patterns for building high performance web applications on AWS:
1. Decoupling application components to improve scalability and manageability.
2. Scaling out horizontally by adding more instances to handle increased load.
3. Optimizing for cost by using reserved instances, spot instances, and autoscaling.
4. Calibrating resources for CPU or I/O performance based on application needs.
5. Automating operations to reduce manual work and enable dynamic scaling.
Microsoft Azure is a cloud computing service that provides infrastructure, platform and software services through global data centers. It supports virtual machines, web apps, storage, databases, analytics and more. Azure uses a specialized operating system called Microsoft Azure to manage computing resources across its global fabric layer.
Facebook's data center fabric provides scalable networking infrastructure to support increasing traffic and new products. It uses ECMP routing and multi-speed links for load balancing. The fabric is designed as a non-oversubscribed environment and uses automation tools to manage topology changes.
Google's first data centers used donated hardware from Sun, Intel and IBM. It has numerous centers worldwide with large facilities in the US, Europe and Asia. Google developed software for
Cloud computing and Cloud Security - Basics and TerminologiesTechsparks
Cloud Computing is a new trending field these days and is an Internet-based service. It is based on the concept of virtualization.
http://www.techsparks.co.in
IBM Bluemix is a cloud platform that allows users to build, deploy and manage applications. It is built on Cloud Foundry and supports various programming languages and services. Bluemix provides tools for continuous delivery and is optimized to improve developer productivity. It offers a catalog of services that can be integrated into applications without needing to manage the underlying infrastructure.
Cloud computing provides on-demand access to computing resources like servers, storage, databases and applications via the internet. There are three main cloud computing models: Infrastructure as a Service (IaaS) provides basic computing infrastructure like servers and storage; Platform as a Service (PaaS) provides platforms to build and deploy applications without managing the underlying infrastructure; Software as a Service (SaaS) provides complete software solutions that are managed by the service provider. Virtualization allows multiple virtual machines to run on the same physical server, isolating each from the other.
This document discusses cloud computing and its various models and architectures. It provides definitions of software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). It also describes the advantages of each model and discusses public cloud, private cloud, hybrid cloud, and cloud computing penetration compared to traditional in-house systems.
Comparison of Several IaaS Cloud Computing Platformsijsrd.com
Today, the question is less about whether or not to use Infrastructure as a Services (IaaS), but rather which providers to use. Cloud infrastructure services, known as Infrastructure as a Service (IaaS), are self-service models for accessing, monitoring, and managing remote data center infrastructures, such as compute, storage, networking, and networking services. Instead of having to purchase hardware outright, users can purchase Infrastructure as a Service (IaaS) based on consumption, similar to electricity or other utility billing. Most providers offer the core services of server instances, storage and load balancing. When choosing and evaluating a service, it is important to look at issues around location, resiliency and security as well as the features and cost. In order to evaluate which provider best suits requirements.
The document discusses elastic data warehousing in the cloud. It begins with an introduction to data warehousing and cloud computing. Cloud computing offers benefits like reduced costs, expertise, and elasticity. However, challenges include data import/export performance, low-end cloud nodes, latency, and loss of control. The goal is an elastic data warehousing system that can automatically scale resources based on usage, saving money. It will provide overviews of traditional data warehousing and current cloud offerings to analyze the potential for elastic data warehousing in the cloud.
This document provides an overview of cloud computing, including definitions, examples of cloud services, basic concepts around service and deployment models, and advantages and disadvantages. Specifically, it defines cloud computing as on-demand access to computer resources without direct management. It lists common cloud services like Google Drive, Dropbox, and AWS. It also describes the main service models of SaaS, PaaS, and IaaS and deployment models of public, private, and hybrid clouds. Finally, it outlines advantages like flexibility and cost savings as well as disadvantages like lack of control and potential bandwidth issues.
This document provides an overview of cloud computing, including the different types (IaaS, PaaS, SaaS, etc.), how it works by hosting information on remote servers accessed over the internet, the benefits of scalability and reduced costs, and the risks around loss of control and dependency on cloud providers. It also discusses cloud clients, examples of cloud applications, and storage as a service.
The document discusses server provisioning using Canonical's MAAS (Metal as a Service) solution. MAAS allows organizations to provision physical servers as easily as virtual machines in the cloud, providing programmatic control over hardware. It describes how MAAS automates operating system deployment and can dynamically allocate physical resources to match workload requirements. MAAS helps organizations maximize the value of their hardware investments.
Cloud computing provides computing services over the Internet. It offers lower costs, flexibility, and economies of scale compared to traditional infrastructure. There are several common benefits to cloud computing including reduced costs, increased speed and global scaling, improved productivity, enhanced performance and reliability, and strengthened security. Cloud services can be deployed via public, private, or hybrid clouds. The main types of cloud services are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), serverless computing, and Software as a Service (SaaS).
Presentation on Cloud Computing,Traditional Architecture, Characteristics of Cloud Computing, Why Cloud Computing?, Cloud service Model, Graphical comparison between service model, Cloud Deployment model
Cloud computing allows users to access computer programs, files, and other applications remotely through the internet instead of having to install and run them locally. It offers three main models - Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). SaaS provides access to applications, PaaS provides platforms for developing applications, and IaaS provides basic computing infrastructure and storage. The cloud offers benefits like reduced costs, flexibility, and maintenance being handled by the cloud provider, but also risks like dependence on the cloud provider and internet connectivity.
This document provides an overview of cloud computing, including:
1. It defines cloud computing as a model for enabling on-demand access to configurable computing resources that can be rapidly provisioned with minimal management effort.
2. It describes the three main service models of cloud computing: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
3. It discusses the benefits of cloud computing such as reduced costs, increased storage, and flexibility compared to traditional computing methods.
Whitepaper - Choosing the right cloud provider for your businessRick Blaisdell
As cloud computing becomes an increasingly important part of any IT organization’s delivery model, assessing and selecting the right cloud provider also becomes one of the most strategic decisions that business leaders undertake. The accumulation of the necessary data to base cloud buying decisions is often achieved in production, or reproduction models mainly as paid customer engagements or trial engagements – which often occurs AFTER the major decisions have been made in the sales process.
This white paper will deliver data that provides valuable information based on real compute scenarios to assist buyers of cloud services in understanding how their workloads might perform and what costs are associated with those environments across multiple cloud computing platforms BEFORE they invest in the selection of a cloud computing provider.
Lecture #6 - ET-3010
Cloud Computing - Overview and Examples
Connected Services and Cloud Computing
School of Electrical Engineering and Informatics SEEI / STEI
Institut Teknologi Bandung ITB
Update April 2017
Cloud Computing | Dimension Data EuropeDavid Martin
A model for delivering information technology services in which resources are retrieved from the internet through web-based tools and applications, rather than a direct connection to a server.
This document discusses different cloud delivery models from the perspective of cloud consumers. It covers considerations for infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). For IaaS, it describes how virtual servers can be accessed and managed. For PaaS, it outlines tools and resources for developers as well as management features. For SaaS, it notes that services usually have APIs to incorporate into other solutions and discusses customization options and responsibilities for cloud consumers.
Emergence and Importance of Cloud Computing for the EnterpriseManish Chopra
Cloud appeared as a buzzword around a decade ago, and the technology has made inroads into many enterprises now.
For any modern IT organisation, it is essential to have an active presence on the internet. Few techniques of automation would enhance such presence, as customers, stakeholders and employees get a single platform to be in sync anytime and from anywhere.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
1. AWS Cloud Computing Concepts
Fundamentallythe term“compute”referstophysical serverscomprisedof the
processing,memory,andstorage requiredtorunan operatingsystemsuchasMicrosoft
WindowsorLinux,andsome virtualizednetworkingcapability.
The componentsof a compute serverinclude the following:
Processor or Central ProcessingUnit (CPU) ·the CPU isthe brainsof the computerand carries
out the instructionsof computerprograms
Memory or Random Access Memory(RAM) ·withinacomputermemoryisveryhigh-speed
storage for data storedonan integratedcircuitchip
Storage ·the storage locationforthe operatingsystemfiles(andoptionallydata).Thisis
typicallyalocal diskstoredwithinthe computerora networkdiskattachedusingablock
protocol such as iSCSI
Network·physicalnetworkinterfacecards(NICs) tosupportconnectivitywithotherservers.
Whenusedincloudcomputing,the operatingsystemsoftwarethatisinstalleddirectlyon
the serverisgenerallyahypervisorthatprovidesahardwareabstractionlayerontowhich
additionaloperatingsystemscanbe runasvirtualmachines(VMs)or“instances”.Thistechnique is
knownas hardware virtualization.
A VMisa containerwithinwhichvirtualizedresourcesincludingCPU(vCPU),memoryand
storage are presented,andanoperatingsystemcanbe installed.EachVMisisolatedfrom
otherVMs runningonthe same hosthardware and manyVMs can run on a single physical host,
witheachpotentiallyinstalledwithdifferentoperatingsystemsoftware.
The diagram belowdepictshardware virtualizationwithguestVMsrunningontopof a hostOS:
There are two maintypesof hypervisor:
Type 1 ·the hypervisorisinstalleddirectlyontopof the hardware andisconsidereda“bare-
metal”hypervisor
Type 2 ·the hypervisorsoftware runsontopof a hostoperatingsystem
Examplesof Type 1 hypervisorsinclude VMware ESXi andMicrosoftHyper-V andexamplesof
Type 2 hypervisorsinclude VMware WorkstationandOracle Virtual Box.Type 1hypervisors
typicallyprovidebetterperformance andsecuritythanType 2hypervisors.
The diagram above showsahardware virtualizationstackusingaType 1 hypervisor.The
diagrambelowdepictsaType 2 hypervisor:
As youcan see,the keydifference isthatthere isanadditional hostoperatingsystemlayer
that sitsdirectlyabove the physical hardware andbeneaththe hypervisorlayer.
Cloudcomputingisthe on-demanddeliveryof compute power,database storage,
applicationsandotherITresourcesthrougha cloudservicesplatformviathe Internetwith
pay-as-you-gopricing.
Cloudcomputingprovidesasimplewaytoaccessservers,storage,databasesandabroadsetof
Application servicesoverthe Internet.
A cloudservicesplatformsuchasAmazonWebServicesownsandmaintainsthe
network- connectedhardware requiredforthese applicationservices,while youprovisionand
use what youneedviaa webapplication.
6 advantages of cloud:
2. a) Trade capital expense forvariable expense
Insteadof havingto investheavilyindatacentersandserversbefore youknow how you’re
goingto use them,youcan pay onlywhenyouconsume computingresources,andpayonlyfor
howmuch youconsume.
b) Benefitfrom massive economiesofscale
By usingcloudcomputing,youcanachieve a lowervariable costthanyoucan get onyour own.
Because usage from hundredsof thousandsof customersis aggregatedin the cloud,providers
such as AWS can achieve highereconomiesof scale,whichtranslatesintolowerpayas-you-go
price.
c) Stop guessingabout capacity
Eliminate guessingonyourinfrastructure capacityneeds.Whenyoumake acapacitydecision
priorto deployingan application,youoftenendupeithersittingonexpensive idle resources
or dealingwithlimitedcapacity.
With cloudcomputing,these problemsgoaway.You can access as much or as little capacityas
youneed,andscale up and downas requiredwithonly afew minutes’notice.
d) Increase speedand agility
In a cloudcomputingenvironment,newITresourcesare onlya clickaway,whichmeansthat
youreduce the time to make those resourcesavailable toyourdevelopersfromweekstojust
minutes.
Thisresultsina dramaticincrease inagilityforthe organization,since the costandtime ittakes
to experimentanddevelopissignificantlylower.
e) Stop spendingmoneyrunning and maintainingdata centers
Focuson projectsthat differentiate yourbusiness,notthe infrastructure.Cloudcomputinglets
youfocus onyour owncustomers,ratherthanon the heavyliftingof racking,stacking,and
poweringservers.
f) Go global in minutes
Easilydeployyourapplicationinmultiple regionsaroundthe worldwithjust afew clicks.This
meansyoucan provide lowerlatencyandabetterexperience for yourcustomersatminimal
cost.
3. CloudComputing Service Models
1. Infrastructure as a Service (IaaS)
Infrastructure asa Service (IaaS) containsthe basicbuildingblocksfor cloudITand
typicallyprovideaccesstonetworkingfeatures,computers(virtual orondedicatedhardware),
and data storage space. IaaS providesyouwiththe highestlevelof flexibilityandmanagement
control overyour IT resourcesandismost similartoexistingITresourcesthatmanyIT
departmentsanddevelopersare familiarwithtoday.
WithIaaS services,suchas AmazonEC2, yourcompanycan consume compute servers,
knownas “instances”,on-demand.Thismeansthatthe hardware andsoftware stack,upto
the operatingsystemismanagedforyou.You thenneedtochoose whichoperatingsystemto
use withyourinstance (e.g.Linux orWindows) andyouare responsibleforthe configuration
and managementof the operatingsystemandanysoftware youinstallonit.An application
programminginterface (API) istypicallyprovidedforall cloudservices,whichcanbe usedfor
programmaticmanagement.Eachcompute instance will haveanallocatedstorage capacity,
and cloudnetworkingfunctionssuchasrouting,firewalls,andloadbalancerscanbe
configured. IaaSisthe leastpopularof the cloudcomputingservice modelsatpresent,though
it isgaininginpopularity.Currently,around12% of enterprise workloadsrunonIaaS.
The benefitsofIaaS include:
You don’tneedtoinvestinyourownhardware
The infrastructure scaleson-demandtosupportdynamicworkloads
Increase stability,reliabilityandsupportability
Maintainoperational control of the operatingsystem.
Examplesof IaaS services:MicrosoftAzure IaaS, Amazon EC2, Google Compute Cloud
(GCP), and Rackspace.
2. Platform as a Service (PaaS)
Platformasa Service (PaaS)removesthe needforyourorganizationtomanage the
underlyinginfrastructure (usuallyhardware andoperatingsystems) andallowsyoutofocuson
the deploymentandmanagementof yourapplications.Thishelpsyoube more efficientasyou
don’tneedtoworryaboutresource procurement,capacityplanning,softwaremaintenance,
patching,oranyof the otherundifferentiatedheavyliftinginvolvedinrunningyourapplication.
Developerslove PaaSasitremovesmore complexityandoperational overheadfrom
them.WithPaaS,the cloudserviceprovidermanagesthe infrastructure layerandalsothe
middleware,developmenttools,businessintelligence(BI) services,database management
systemsandmore.Thisallowsdeveloperstoconcentrate ontheircode withoutneedingto
manage the environmentonwhichitruns.Developerssimplyuploadtheircode tobuildweb
applications.PaaSisdesignedtosupportthe completewebapplicationlife cycle:building,
testing,deploying,managing,andupdating.
You are notjust limitedtowebserviceswithPaaS.Databasescanalsobe offeredina
platformasa service model.Inthiscase the managementof the database engine and
underlyinghardware istakencare of bythe service provider,andyoucreate tablesandadd
data. Examplesof database PaaSofferingsinclude MicrosoftAzure SQLand Amazon RDS.
PaaS iscurrentlythe mostpopularcloudcomputingservice model,comprisingaround32% of all
enterprise workloadsandis expectedtogrow in 2020.
The benefitsofPaaS include:
Cut codingtime – developapplicationsfasterDeploynew webapplicationstothe cloud
inminutes
Reduce complexitywithmiddlewareasa service
Examplesof PaaS services:MicrosoftAzure WebApps, AWSElasticBeanstalk,
Heroku,Force.com and GoogleApp Engine.
4. 3. Software as a Service (SaaS)
Software asa Service (SaaS) providesyouwithacompletedproductthatisrunand
managedbythe service provider.Inmostcases,people referringtoSoftware asa Service are
referringtoend-userapplications.WithaSaaS offeringyoudonothave to thinkabouthow the
service ismaintainedorhowthe underlyinginfrastructure ismanaged;youonlyneedtothink
abouthow youwill use thatparticularpiece of software.A commonexampleof aSaaS
applicationisweb-basedemail whichyoucanuse to sendand receive emailwithouthavingto
manage feature additionstothe email productormaintainthe serversandoperatingsystems
that the email programisrunningon.Provideshighavailability,faulttolerance,scalabilityan
elasticity.SaaSisa service model where software applicationsare deliveredoverthe Internet.
In the consumerspace,examplesinclude Gmail,FacebookandDropbox ·these servicesare
readyto use,no codingrequired,youjustuse them.With SaaSthe entire stackismanagedfor
you,thoughyouwill oftenhave some limitedscope toconfigure the service accordingtoyour
needs.SaaSisthe secondmostpopularcloudcomputingservice modelforenterprises,totalling
around 24% of all enterprise workloads.
The benefitsofSaaS include:
Signup and rapidlystartusinginnovativebusinessapps
Appsand data are accessible fromanyconnectedcomputer
No data islostif your computerbreaks,asdata is inthe cloud
The service isable to dynamicallyscale tousage needs
Examplesof SaaS services:Google Apps, MicrosoftOffice 365, and Salesforce.
The diagram belowdepictsthesethree service modelsandshowswherethe responsibilityfor
managementlies,italsocomparesagainstthe “legacyIT” or “on-premises”model:
5. Cloud Computing Deployment Models
CloudComputingservicesmaybe deliveredon-premises,orinpublicclouds
There are 3 types of clouddeployment:
PublicCloudorsimple “Cloud” –e.g.AWS,Azure,GCP.
HybridCloud – mixture of publicandprivate clouds.
Private Cloud(on-premise)–managedinyour owndata centre,e.g.Hyper-V,
OpenStack,VMware.
1. Private Cloud
In an on-premises,orprivate cloudcomputingdeploymentmodel anenterprisedeploys
theirowninfrastructure andapplications intotheirowndatacenter.The data centercan be on-
premisesorco-location(col0).Thoughanon-premisesdeploymentisverymuchthe “legacyIT”
setup,itcan have many of the characteristicsof cloudcomputingif the stack isdesignedproperly
– hence turningitintoa “private cloud”.
For instance,aprivate cloudcan be deliveredusingavirtualizationplatformwithorchestration
and self-service software.Fromadevelopersperspective,thiscanmeanelasticcompute capacity
isdeliveredon-demand, elastically(withinthe capacityconstraintsof the system),and
programmatically.
The private clouddeploymentistypicallysingle-tenant,meaningthe platformisnot
sharedwithotherorganizations.Itmay,however,have multipletenantswhichcouldbe
departmentswithinthe organization.
Private cloud is not a pay-as-you-go expense as you own (and pay for) the entire stack,
whetherit’sbeingusedor not. However,youcan use meteringtoeitherrecordand displayusage
across different tenants or to actually charge those user groups – these methods are sometimes
called“showback”or“chargeback”.
A private clouddeploymentdoesn’tprovidemanyof the benefitsof cloudcomputingbutis
sometimessoughtforitsabilitytoprovide dedicatedresources.Thoughyouhave complete control
onhowyoudeployandmanage aprivate cloud,thisneedstobe weighedagainstthe capitalexpense
of owningyourowndata center,and the limitationsinscalabilitythistype of architecture typically
imposes.
The benefitsof private cloud include:
a. Complete control of the entire stack
b. Security – ina fewcases,organizationsmayneedtokeepall orsome of theirapplications
and data inhouse
Vendorsof private cloud“stacks” include VMware,Microsoft,RedHat, Dell
EMC, OpenStack,and HPE EMC, OpenStack, and HPE.
2. PublicCloud
Whenwe talkabout “cloudcomputing”thisistypicallywhat’sbeingdiscussedandisthe
6. model whichprovidesmostof the advantagesof cloud computing.A Publiccloudcomputing
deploymentmodel meansthe ITservicesthatyouconsume are hostedanddeliveredfromathird
party andaccessedoverthe Internet.Servicesare available tothe “public”touse,soany
organizationorendusercan create an accountwiththeircreditcard.
Thismodel istypicallymulti-tenantwithmanycustomerssharingthe same underlying
infrastructure (thoughyoucanuse dedicatedhardware inapubliccloud,e.g.AmazonEC2
DedicatedHosts.
Top public cloudproviders include:AWS,MicrosoftAzure,and Google Cloud
Platform.
3. Hybrid Cloud
What is hybrid cloud? This is a cloud computingdeployment model in which a combination of on-
premises,private cloud,and public cloud services areconsumed.This model is extremely common,
especially with larger organizations,as a singlecloud deployment model may not be optimal for all
workloads.For instance,an organization may require some data to be maintained on-premises (or atleast
not in a multi-tenant public cloud) for compliancereasons,butmay wish to deploy web services in public
cloud providers around the world to leverage the elasticity and get content closer to customers. Hybrid
cloud models are also used for cloud bursting.This means that the organization may run their applications
primarily on-premises,or in a privatecloud,but in times of heavy load they can “burst” into the public
cloud,launchingadditional application servers to servicethe load,This model delivers some of the
benefits of private cloud and public cloud,though some organizations havefound that there are
operational advantages to going “all in”on a singledeployment model. It’s really up to each and every
organization to evaluate the pros and cons of each deployment model to work out the ideal fit.
Benefitsofhybrid cloud include:
a. Allowscompaniestokeepthe critical applicationsandsensitive dataina traditional data
centerenvironmentorprivate cloud
b. Enablestakingadvantage of publiccloudresourceslike SaaS,forthe latest
applications,andIaaS,forelasticvirtual resources
c. Facilitatesportabilityof data,appsand servicesandmore choicesfordeploymentmodels.
How do you decide onthe bestcloud computing deploymentmodel?
You shouldnowunderstandthe variouspatternsandanti-patternsassociatedwitheach
cloudcomputingdeploymentmodel.There are several approachestowardsdeterminingthe
bestmodel foryourorganization.These include:
Workloadcentric approach – in thisapproachyou analyze everyworkloadtodeterminethe
mostsuitable cloudcomputingdeploymentmodel.Youneedtotake intoaccountmultiple
factors,includingtechnologyfit,operational fit,andcost.
Organizationallycentric approach – in thisapproachyou take a more holisticview of whichtype
of cloudcomputingdeploymentmodelismostsuitable foryourcompany.Factorsto consider
wouldinclude businessagilityandgrowth,competitivedifferentiation,operational preference,
and CAPEXvsOPEX preferences
7. AWS Global Infrastructure
The AWS infrastructure isbuiltaroundRegionsandAvailabilityZones (AZs). AnAWSRegion
isa physical locationinthe worldwhere AWShave multipleAZs.
AZsconsistof one or more discrete datacenters, eachwithredundantpower,networking,and
connectivity,housedinseparate facilities.
Each regioniscompletelyindependent.EachAvailabilityZone isisolated,butthe AvailabilityZones
ina regionare connectedthroughlow-latencylinks.
AWS are constantlyexpandingaroundthe worldandcurrentlythere are:
Regions
A regionisa geographical area. Each regionconsistsof 2 or more availabilityzones. EachAmazon
Regionisdesignedtobe completelyisolated fromthe otherAmazonRegions. EachAWSRegion
has multiple AvailabilityZonesanddatacenters. Youcan replicate datawithinaregionand
betweenregionsusingprivateorpublicInternetconnections.
You retaincomplete control andownershipoverthe regioninwhichyourdataisphysicallylocated,
makingiteasyto meetregional complianceanddataresidencyrequirements.
Note that there isa charge fordata transferbetweenregions. WhenyoulaunchanEC2 instance,
youmust selectanAMI that’sin the same region.If the AMI isin anotherregion,youcancopy the
AMI to the regionyou’re using.
Regionsand Endpoints:
Whenyouwork withan instance usingthe commandline interface orAPIactions,you
mustspecifyitsregional endpoint.
To reduce data latencyinyourapplications,mostAmazonWebServicesofferaregional
endpointtomake yourrequests.
An endpointisaURL that isthe entrypointfor a webservice.
8. For example, https://dynamodb.us-west-2.amazonaws.comisanentrypointforthe
AmazonDynamoDBservice.
AvailabilityZones
AvailabilityZonesare physicallyseparate andisolatedfromeachother. AZsspanone or more data
centersandhave direct,low-latency,highthroughputandredundantnetwork connections
betweeneachother. EachAZ isdesignedasanindependentfailure zone.
Whenyoulaunch an instance,youcanselectanAvailabilityZone orletAWSchoose one foryou.
If you distribute yourEC2instancesacrossmultiple AvailabilityZonesandone instance fails,you
can designyourapplicationsothatan instance inanotherAvailabilityZone canhandle requests.
You can alsouse Elastic IPaddressestomaskthe failure of aninstance inone AvailabilityZone by
rapidlyremappingthe addresstoaninstance inanotherAvailabilityZone.
An AvailabilityZone isrepresentedbyaregion code followedbyaletteridentifier;forexample, us-
east-1a.
To ensure thatresourcesare distributedacrossthe AvailabilityZonesforaregion,AWS
independentlymapAvailabilityZonestonamesforeachAWSaccount.
For example,the AvailabilityZoneus-east-1aforyourAWSaccount mightnot be the same location
as us-east-1aforanotherAWSaccount.
To coordinate AvailabilityZonesacrossaccounts,youmustuse the AZ ID,whichisa unique and
consistentidentifierforanAvailabilityZone.
AZsare physicallyseparatedwithinatypical metropolitanregionandare locatedinlowerriskflood
plains.
AZsuse discrete UPS andonsite backupgenerationfacilitiesandare fedviadifferentgridsfrom
independentfacilities.
AZsare all redundantlyconnectedtomultipletier-1transitproviders.
The followinggraphicshowsthree AWSRegionseachof whichhasthree AvailabilityZones:
9. Local Zones
AWS Local Zonesplace compute,storage,database,andotherselectAWSservicesclosertoend-
users. WithAWS Local Zones,youcan easilyrunhighly-demandingapplicationsthatrequire single-
digitmillisecondlatenciestoyourend-users.
Each AWS Local Zone locationisan extensionof anAWSRegionwhere youcan runyour latency
sensitiveapplicationsusingAWSservicessuchasAmazonElasticCompute Cloud,AmazonVirtual
Private Cloud,AmazonElasticBlockStore,AmazonFileStorage,andAmazonElasticLoadBalancing
ingeographicproximitytoend-users.
AWS Local Zonesprovide ahigh-bandwidth,secure connectionbetweenlocal workloadsandthose
runninginthe AWS Region,allowingyoutoseamlesslyconnecttothe full range of in-region
servicesthroughthe same APIsandtool sets.
AWSWavelength
AWS Wavelengthenablesdeveloperstobuildapplicationsthatdeliver single-digitmillisecond
latenciestomobile devicesandend-users.
AWS developerscandeploytheirapplicationstoWavelengthZones,AWSinfrastructure
deploymentsthatembedAWScompute andstorage serviceswithinthe telecommunications
providers’datacentersatthe edge of the 5G networks,andseamlesslyaccessthe breadth of AWS
10. servicesinthe region. AWSWavelengthbringsAWSservicestothe edge of the 5G network,
minimizingthe latencytoconnecttoan applicationfromamobile device.
AWSOutposts
AWS Outpostsbringnative AWSservices,infrastructure,andoperatingmodelstovirtuallyanydata
center,co-locationspace, oron-premisesfacility. Youcanuse the same AWSAPIs,tools,and
infrastructure acrosson-premisesandthe AWScloudto deliver atrulyconsistenthybrid
experience.
AWS Outpostsisdesignedforconnectedenvironmentsandcanbe usedto supportworkloadsthat
needtoremainon-premisesdue tolow latencyorlocal data processingneeds.
Edge Locations and Regional Edge Caches
Edge locationsare ContentDeliveryNetwork (CDN)endpointsforCloudFront. There are many
more edge locationsthanregions. Currentlythere are over200 edge locations. Regional Edge
CachessitbetweenyourCloudFrontOrigin serversandthe Edge Locations. A Regional Edge Cache
has a largercache-widththaneachof the individual Edge Locations. The followingdiagramshows
CloudFrontEdge locations:
11. Identity and Access Management
General IAMConcepts
AWS IdentityandAccessManagement(IAM) isawebservice thathelpsyousecurelycontrol
access to AWSresources. Youuse IAMto control whois authenticated(signedin) andauthorized
(haspermissions) touse resources. IAMmakesiteasyto provide multipleuserssecure accessto
AWS resources.
Whenyoufirstcreate an AWSaccount, youbeginwitha single sign-inidentitythathascomplete
access to all AWSservicesandresourcesinthe account.
Thisidentityiscalledthe AWSaccount rootuser and isaccessedbysigninginwiththe email
addressandpasswordthat youusedto create the account.
IAMcan be usedtomanage:
Users.
Groups.
Accesspolicies.
Roles.
User credentials.
User passwordpolicies.
Multi-factorauthentication(MFA).
APIkeysforprogrammaticaccess (CLI).
IAMprovidesthe followingfeatures:
Sharedaccessto your AWS account.
Granular permissions.
Secure accessto AWS resourcesforapplicationthatrunon AmazonEC2.
Multi-Factorauthentication.
Identityfederation.
Identityinformationforassurance.
PCIDSS compliance.
IntegratedwithmayAWSservices.
Eventuallyconsistent.
12. Free to use.
You can work withAWSIdentityandAccessManagementinanyof the followingways:
AWS ManagementConsole.
AWS CommandLine Tools.
AWS SDKs.
IAMHTTPS API.
By defaultnewusersare createdwithNOaccessto any AWSservices – theycan onlylogintothe
AWS console.
Permissionmustbe explicitlygrantedtoallow auserto access an AWSservice.
IAMusersare individualswhohave beengrantedaccesstoan AWS account.
Each IAMuser hasthree maincomponents:
A user-name.
A password.
Permissionstoaccessvariousresources.
You can apply granularpermissionswithIAM. Youcan assignusersindividual securitycredentials
such as accesskeys,passwords,andmulti-factorauthenticationdevices.
IAMisnot usedfor application-level authentication. IdentityFederation(includingAD,Facebook
etc.) can be configuredallowingsecure accesstoresourcesinanAWS account withoutcreatingan
IAMuseraccount.
Multi-factorauthentication(MFA) canbe enabled/enforcedfor the AWSaccount andfor individual
usersunderthe account. MFA usesan authenticationdevice thatcontinuallygeneratesrandom,
six-digit,single-useauthenticationcodes.
You can authenticate usinganMFA device inthe followingtwoways:
Throughthe AWSManagementConsole – the userispromptedfora user name,password
and authenticationcode.
Usingthe AWSAPI – restrictionsare addedtoIAMpoliciesanddeveloperscanrequest
temporarysecuritycredentialsandpassMFA parametersintheirAWSSTS API requests.
Usingthe AWSCLI by obtainingtemporarysecuritycredentialsfromSTS(awsstsget-
session-token).
13. It isa bestpractice to alwayssetupmulti-factorauthenticationonthe rootaccount.
IAMisuniversal (global) anddoesnotapplytoregions.
IAMreplicatesdataacrossmultiple datacentresaroundthe world.
The “root account” is the account createdwhenyousetupthe AWSaccount. It has complete
Adminaccessand isthe onlyaccount that has thisaccessby default.
It isa bestpractice to avoid usingthe rootaccount for anythingotherthanbilling.
Poweruseraccessallowsall permissionsexceptthe managementof groupsandusersinIAM.
Temporarysecuritycredentialsconsistof the AWSaccesskeyID, secretaccesskey,andsecurity
token.
IAMcan assigntemporarysecuritycredentialstoprovide userswithtemporaryaccessto
services/resources. Tosign-inyoumustprovide youraccountIDor account aliasinadditiontoa
username and password.
The sign-inURL includesthe accountIDor account alias,e.g:
https://My_AWS_Account_ID.signin.aws.amazon.com/console/.
Alternatively,youcansign-inatthe followingURLand enteryouraccount ID or aliasmanually:
https://console.aws.amazon.com/
IAMintegrateswithmanydifferentAWSservices.
AuthenticationMethods
Console password:
A passwordthatthe usercan enterto signinto interactive sessionssuchasthe AWS
ManagementConsole.
You can allowuserstochange theirownpasswords.
You can allowselectedIAMuserstochange theirpasswords bydisablingthe optionforall
usersand usinganIAM policytogrant permissionsforthe selectedusers.
Access Keys:
A combinationof an access key ID and a secret accesskey.
You can assigntwoactive access keystoa userat a time.
These can be used to make programmaticcallsto AWSwhenusingthe API inprogram
code or at a commandpromptwhenusingthe AWSCLI or the AWSPowerShell tools.
You can create,modify,view orrotate accesskeys.
14. WhencreatedIAMreturnsthe access keyID andsecretaccess key.
The secretaccess isreturnedonlyat creationtime andif losta new keymustbe created.
Ensure access keysandsecretaccesskeysare storedsecurely.
Users can be givenaccessto change theirownkeysthroughIAMpolicy(notfromthe
console).
You can disable auser’saccesskeywhichpreventsitfrombeingusedforAPIcalls.
Servercertificates:
SSL/TLS certificatesthatyoucan use to authenticate withsome AWSservices.
AWS recommendsthatyouuse the AWSCertificate Manager(ACM) to provision,manage
and deployyourservercertificates.
Use IAMonlywhenyoumustsupportHTTPS connectionsinaregionthat isnot supported
by ACM.
IAM Users
An IAMuserisan entitythatrepresentsapersonor service.
15. Can be assigned:
An accesskeyID and secretaccesskey for programmaticaccessto the AWS API,CLI,SDK,
and otherdevelopmenttools.
A passwordforaccess to the managementconsole.
By default,userscannotaccessanythinginyouraccount.
The account root usercredentialsare the email addressusedtocreate the accountand a
password.
The root account has full administrativepermissionsandthese cannotbe restricted.
Bestpractice for root accounts:
Don’tuse the root usercredentials.
Don’tshare the root usercredentials.
Create an IAMuserand assignadministrative permissionsasrequired.
Enable MFA.
IAMuserscan be createdtorepresentapplicationsandthese are knownas“service accounts”.
You can have up to 5000 usersperAWS account.
Each user accounthas a friendlyname and anARN whichuniquelyidentifiesthe useracrossAWS.
A unique IDisalsocreatedwhichisreturnedonlywhenyoucreate the userusingthe API,Toolsfor
WindowsPowerShell orthe AWSCLI.
You shouldcreate individual IAMaccountsforusers(bestpractice notto share accounts).
The AccessKeyID and SecretAccessKeyare notthe same as a passwordand cannotbe usedto
logintothe AWSconsole.
The AccessKeyID and SecretAccessKeycan onlybe usedonce and must be regeneratedif lost.
A passwordpolicy canbe definedforenforcingpasswordlength,complexityetc.(appliestoall
users).
You can allowor disallow the abilitytochange passwordsusinganIAMpolicy.
Accesskeysandpasswordsshouldbe changedregularly.
Groups
Groups are collectionsof usersandhave policiesattachedtothem.
A groupis notan identityandcannotbe identifiedasaprincipal inan IAMpolicy.
16. Use groupsto assignpermissionstousers.
Use the principle of leastprivilege whenassigningpermissions.
You cannot nestgroups(groupswithingroups).
Roles
Rolesare createdand then“assumed”bytrustedentitiesanddefine asetof permissions for
makingAWSservice requests.
WithIAMRolesyoucan delegate permissionstoresourcesforusersandserviceswithoutusing
permanentcredentials(e.g.username andpassword).
IAMusersor AWS servicescanassume a role toobtaintemporarysecuritycredentialsthatcanbe
usedto make AWSAPIcalls.
You can delegate usingroles.
There are nocredentialsassociatedwitharole (passwordoraccesskeys).
IAMuserscan temporarilyassume arole totake onpermissionsforaspecifictask.
A role can be assignedtoa federateduserwhosignsinusinganexternal identityprovider.
Temporarycredentialsare primarilyusedwithIAMrolesand automaticallyexpire.
Rolescan be assumedtemporarilythroughthe console orprogrammaticallywiththe AWS
CLI, Tools for WindowsPowerShell orAPI.
IAMroleswithEC2 instances:
IAMrolescan be usedfor grantingapplicationsrunningonEC2 instances permissionsto
AWS APIrequestsusinginstance profiles.
Onlyone role can be assignedtoan EC2 instance ata time.
A role can be assignedatthe EC2 instance creationtime or at any time afterwards.
Whenusingthe AWS CLI or APIinstance profilesmustbe createdmanually(it’sautomatic
and transparentthroughthe console).
Applicationsretrieve temporarysecuritycredentialsfromthe instance metadata.
Role Delegation:
Create an IAMrole withtwopolicies:
17. o Permissionspolicy –grantsthe user of the role the requiredpermissionsona
resource.
o Trust policy – specifiesthe trustedaccountsthatare allowedtoassume the role.
Wildcards(*) cannot be specifiedasaprincipal.
A permissionspolicymustalsobe attachedtothe userin the trustedaccount.
Policies
Policiesare documentsthatdefine permissionsandcanbe appliedtousers,groupsandroles.
Policydocumentsare writteninJSON (keyvaluepairthatconsistsof an attribute anda value).
All permissionsare implicitlydeniedbydefault.
The most restrictive policyisapplied.
The IAM policysimulatorisa tool to helpyouunderstand,test,andvalidatethe effectsof access
control policies.
The Conditionelementcanbe usedtoapplyfurtherconditional logic.
STS
18. The AWS SecurityTokenService (STS) isawebservice thatenablesyoutorequesttemporary,
limited-privilege credentialsforIAMusersorfor usersthat youauthenticate (federatedusers).
Temporarysecuritycredentialsworkalmostidenticallytolong-termaccesskeycredentialsthat
IAMuserscan use,withthe followingdifferences:
Temporarysecuritycredentialsare short-term.
Theycan be configuredtolastanywhere fromafew minutestoseveral hours.
Afterthe credentialsexpire,AWSnolongerrecognizesthemorallowsanykindof accessto
APIrequestsmade withthem.
Temporarysecuritycredentialsare notstoredwiththe userbutare generateddynamically
and providedtothe userwhenrequested.
When(or evenbefore)the temporarysecuritycredentialsexpire,the usercanrequest new
credentials,aslongasthe userrequestingthemstill haspermissiontodoso.
Advantagesof STSare:
You do nothave to distribute orembedlong-termAWSsecuritycredentialswithan
application.
You can provide accessto yourAWS resourcestousers withouthavingtodefine anAWS
identityforthem(temporarysecuritycredentialsare the basisforIAMRolesandID
Federation).
The temporarysecuritycredentialshave alimitedlifetime,soyoudonothave to rotate
themor explicitlyrevokethemwhen they’re nolongerneeded.
Aftertemporarysecuritycredentialsexpire,theycannotbe reused(youcanspecifyhow
longthe credentialsare validfor,upto a maximumlimit)
Users can come from three sources.
Federation(typicallyAD):
Uses SAML 2.0.
Grants temporaryaccessbasedon the usersAD credentials.
Doesnot needtobe a userinIAM.
Single sign-onallowsuserstologintothe AWS console withoutassigningIAMcredentials.
FederationwithMobile Apps:
Use Facebook/Amazon/GoogleorotherOpenIDproviderstologin.
Cross Account Access:
19. Letsusersfrom one AWSaccount access resourcesinanother.
To make a requestinadifferentaccountthe resource inthataccount musthave an
attachedresource-basedpolicywiththe permissionsyouneed.
Or you mustassume a role (identity-basedpolicy) withinthataccountwiththe permissions
youneed.
IAM Best Practices
Lock away the AWSroot useraccess keys.
Create individual IAMusers.
Use AWSdefinedpoliciestoassignpermissionswheneverpossible.
Use groupsto assignpermissionstoIAMusers.
Grant leastprivilege.
Use accesslevelstoreviewIAMpermissions.
Configure astrongpasswordpolicyforusers.
Enable MFA.
Use rolesforapplicationsthatrunon AWSEC2 instances.
Delegate byusingrolesinsteadof sharingcredentials.
Rotate credentialsregularly.
Remove unnecessarycredentials.
Use policyconditionsforextrasecurity.
Monitoractivityinyour AWSaccount.
20. AWS Compute
Amazon EC2
AmazonElasticCompute Cloud(AmazonEC2) isa web service withwhichyoucanrun virtual
server“instances”inthe cloud.
AmazonEC2 instancescanrun the Windows,Linux,orMacOS operatingsystems.
The EC2 simple webservice interface allowsyoutoobtainandconfigure capacitywithminimal
friction.
EC2 isdesignedtomake web-scalecloudcomputingeasierfordevelopers.
AmazonEC2 changesthe economicsof computingbyallowingyoutopay onlyforcapacitythat you
actuallyuse.
AmazonEC2 providesdevelopersthe toolstobuildfailureresilientapplicationsandisolate them
fromcommon failure scenarios.
Benefitsof EC2include:
Elastic Web-Scale computing– youcan increase ordecrease capacitywithinminutesnot
hoursand commissionone tothousandsof instancessimultaneously.
Completelycontrolled –You have complete control include rootaccesstoeachinstance
and can stopand start instanceswithoutlosingdataandusingwebservice APIs.
Flexible CloudHostingServices – youcan choose from multipleinstance types,operating
systems,andsoftware packagesaswell asinstanceswithvaryingmemory,CPUand
storage configurations.
Integrated– EC2 isintegratedwithmostAWSservicessuchasS3, RDS, and VPCto provide
a complete,secure solution.
Reliable – EC2 offersahighlyreliable environmentwhere replacementinstancescanbe
rapidlyandpredictablycommissionedwithSLAsof 99.99% foreach region.
Secure – EC2 worksinconjunctionwithVPCtoprovide asecure locationwithanIP address
range you specifyandoffersSecurityGroups,NetworkACLs, andIPSecVPN features.
21. Inexpensive –Amazonpassesonthe financial benefitsof scale bychargingverylow rates
and on a capacityconsumedbasis.
An AmazonMachine Image (AMI) isa special type of virtual appliance thatisusedtocreate a
virtual machine withinthe AmazonElasticCompute Cloud(“EC2”).
An AMI includesthe following:
One or more EBS snapshots,or,for instance-store-backedAMIs,atemplate forthe root
volume of the instance (forexample,anoperatingsystem, anapplicationserver,and
applications).
Launch permissionsthatcontrol whichAWSaccountscan use the AMI to launchinstances.
A blockdevice mappingthatspecifies the volumestoattachto the instance whenit’s
launched.
AMIs come inthree maincategories:
CommunityAMIs – free touse,generallyyoujustselectthe operatingsystemyouwant.
AWSMarketplace AMIs – pay to use,generallycome packagedwithadditional,licensed
software.
My AMIs – AMIsthat you create yourself.
22. Metadata and UserData:
User data isdata that is suppliedbythe useratinstance launchinthe formof a script.
Instance metadataisdata aboutyour instance thatyou can use to configure ormanage the
runninginstance.
User data islimitedto16KB.
User data and metadataare not encrypted.
Instance metadataisavailable at http://169.254.169.254/latest/meta-data.
The Instance Metadata Querytool allowsyoutoquerythe instance metadatawithouthavingto
type out the full URIor categorynames.
Pricing
On-demand:
Good forusersthat want the low cost and flexibilityof EC2withoutanyup-frontpayment
or longterm commitment.
23. Applicationswithshortterm,spiky,orunpredictable workloadsthatcannotbe
interrupted.
ApplicationsbeingdevelopedortestedonEC2 for the firsttime.
Reserved:
Applicationswithsteadystate orpredictable usage.
Applicationsthatrequirereserved capacity.
Users can make up-frontpaymentstoreduce theirtotal computingcostsevenfurther.
StandardReservedInstances(RIs) provide upto75% off on-demandprice.
ConvertibleRIsprovide upto54% off on-demandprice –providesthe capabilitytochange
the attributesof the RI as longas the exchange resultsinthe creationof RIsof equal or
greatervalue.
ScheduledRIsare available tolaunchwithinthe timewindow youreserve.Thisoption
allowsyoutomatch your capacityreservationtoa predictable recurringschedulethatonly
requiresafractionof a day,a week,ora month.
Spot:
Applicationsthathave flexible startandendtimes.
Applicationsthatare onlyfeasible atverylow compute prices.
Users withanurgentneedfora large amountof additional computecapacity.
If Amazonterminate yourinstancesyoudonotpay, if youterminate youpayfor the hour.
Dedicatedhosts:
Physical serversdedicatedjustforyouruse.
You thenhave control overwhichinstancesare deployedonthathost.
Available asOn-DemandorwithDedicatedHostReservation.
Useful if youhave server-boundsoftware licencesthatuse metricslike per-core,per-
socket,or per-VM.
Each dedicatedhostcan onlyrunone EC2 instance size andtype.
Good forregulatorycompliance orlicensingrequirements.
Predictable performance.
Complete isolation.
Most expensive option.
24. Billingisperhost.
Dedicatedinstances:
Virtualizedinstancesonhardware justforyou.
AlsousesphysicallydedicatedEC2servers.
Doesnot provide the additional visibilityandcontrolsof dedicatedhosts(e.g.how instance
are placedona server).
Billingisperinstance.
May share hardware withothernon-dedicatedinstancesinthe same account.
Available asOn-Demand,ReservedInstances,andSpotInstances.
Cost additional $2perhour perregion.
Savings Plans:
SavingsPlansisa flexible pricingmodelthatprovidessavingsof upto 72% on your AWS
compute usage.
Thispricingmodel offerslowerpricesonAmazonEC2 instancesusage,regardlessof
instance family,size,OS,tenancyorAWSRegion.
AlsoappliestoAWSFargate and AWSLambda usage.
Instance Types
AmazonEC2 providesawide selectionof instancetypesoptimizedtofitdifferentuse cases.
Instance typescomprise varyingcombinationsof CPU, memory,storage,andnetworkingcapacity
and give youthe flexibilitytochoose the appropriate mix of resourcesforyourapplications.
Each instance type includesone ormore instance sizes,allowingyoutoscale yourresourcestothe
requirementsof yourtargetworkload.
The table belowprovidesanoverview of the differentEC2instance types:
25. Amazon Elastic ContainerService (ECS)
AmazonElasticContainerService (ECS) isanotherproductinthe AWSCompute category.It
providesahighlyscalable,high performancecontainermanagementservice thatsupportsDocker
containersandallowsyoutoeasilyrunapplicationsonamanagedclusterof AmazonEC2
instances.
AmazonECS eliminatesthe needforyoutoinstall,operate,andscale yourowncluster
managementinfrastructure.
UsingAPI callsyoucan launchand stopcontainer-enabledapplications,querythe complete state
of clusters,andaccessmanyfamiliarfeatureslike securitygroups,ElasticLoadBalancing,EBS
volumesandIAMroles.
AmazonECS can be usedto schedule the placementof containersacrossclustersbasedon
resource needs andavailabilityrequirements. AnAmazonECSlaunchtype determinesthe type of
infrastructure onwhichyourtasksand servicesare hosted.
There are twolaunchtypesand the table below describessome of the differencesbetweenthe
twolaunch types:
26. The Elastic containerregistry(ECR) isamanagedAWS Dockerregistryservice forstoring,managing
and deployingDockerimages.
There isno additional charge forAmazonECS. You pay forAWS resources(e.g.EC2instancesor
EBS volumes) youcreate tostore and runyour application.
AmazonECR is integratedwithAmazonEC2ContainerService(ECS).
WithAmazonECR, there are noupfrontfeesorcommitments.Youpayonlyforthe amountof data
youstore inyourrepositoriesanddatatransferredtothe Internet.
AWSLambda
AWS Lambdais a serverlesscomputingtechnologythatallowsyoutorun code without
provisioningormanagingservers.
AWS Lambdaexecutescode onlywhenneeded andscalesautomatically.
You pay onlyforthe compute time youconsume (youpaynothingwhenyourcode isnot running).
Benefitsof AWSLambda:
No serverstomanage.
Continuousscaling.
Subsecondmetering.
Integrateswithalmostall otherAWSservices.
Primaryuse casesfor AWS Lambda:
Data processing.
Real-time file processing.
27. Real-time streamprocessing.
Buildserverlessbackendsforweb,mobile,IOT,and3rd partyAPI requests.
AmazonLightsail (AmazonLightSail Instances)
AmazonLightsail isone of the newestservicesinthe AWSCompute suite of products.Amazon
Lightsail isgreatfor userswhodonot have deepAWStechnical expertise asitmake itveryeasyto
provisioncompute services.
AmazonLightsail providesdeveloperscompute,storage,andnetworkingcapacityandcapabilities
to deployandmanage websites,webapplications,anddatabasesinthe cloud.
AmazonLightsail includeseverythingyouneedtolaunchyourprojectquickly –a virtual machine,
SSD-basedstorage,datatransfer,DNSmanagement, andastaticIP.
AmazonLightsail providespreconfiguredvirtualprivate servers(instances) thatinclude everything
requiredtodeployandapplicationorcreate adatabase.
The underlyinginfrastructure andoperatingsystemismanagedbyAmazonLightsail.
Bestsuitedtoprojectsthat require afew dozeninstancesorfewer.
Providesasimple managementinterface.
Good forblogs,websites,webapplications,e-commerceetc.
Can deployloadbalancersandattachblockstorage.
PublicAPI.
Limitedto20 Amazon Lightsail instances,5static IPs,3 DNS zones,20 TB blockstorage,40
databases,and5 loadbalancersperaccount.
Up to 20 certificatespercalendaryear.
Can connectto each otherandotherAWS resourcesthroughpublicInternetandprivate (VPC
peering) networking.
Applicationtemplatesinclude WordPress,WordPressMultisite,Drupal,Joomla!,Magento,
Redmine,LAMP,Nginx (LEMP),MEAN,Node.js,andmore.
AmazonLightsail currentlysupports6Linux orUnix-like distributions:AmazonLinux,CentOS,
Debian,FreeBSD,OpenSUSE,andUbuntu,as well as2 WindowsServerversions:2012 R2 and
2016.
Amazon LightSail Databases
AmazonLightsail databasesare instancesthatare dedicatedtorunningdatabases.
28. An AmazonLightsail database cancontainmultiple user-createddatabases,andyoucan accessit
by usingthe same toolsandapplicationsthatyouuse witha stand-alone database.
AmazonLightsail manageddatabasesprovide aneasy,low maintenance waytostore yourdata in
the cloud. AmazonLightsail managesarange of maintenance activitiesandsecurityforyour
database and itsunderlyinginfrastructure.
AmazonLightsail automaticallybacksupyourdatabase and allowspointintime restore fromthe
past 7 days usingthe database restore tool. AmazonLightsail databasessupportthe latestmajor
versionsof MySQL.Currently,these versionsare 5.6,5.7, and8.0 for MySQL. AmazonLightsail
databasesare available inStandardandHighAvailabilityplans.
HighAvailabilityplansaddredundancyanddurabilitytoyourdatabase,byautomaticallycreating
standbydatabase ina separate AvailabilityZone. AmazonLightsail isveryaffordable. Amazon
Lightsail plansare billedonanon-demandhourlyrate,so youpayonlyforwhat youuse. For every
AmazonLightsail planyouuse,we charge youthe fixedhourlyprice,uptothe maximummonthly
plancost.
AWSElastic Beanstalk
AWS ElasticBeanstalkisthe fastestandsimplestwaytogetwebapplicationsupandrunningon
AWS.Developerssimplyuploadtheirapplicationcode andthe service automaticallyhandlesall the
detailssuchas resource provisioning,loadbalancing,auto-scaling,andmonitoring.ElasticBeanstalk
isideal if youhave a PHP, Java,Python,Ruby,Node.js,.NET,Go,or Dockerwebapplication.Elastic
Beanstalkusescore AWSservicessuchas AmazonEC2, AmazonElasticContainerService (Amazon
ECS),AutoScaling,andElastic LoadBalancingto easilysupportapplicationsthatneedtoscale to
29. serve millionsof users.
AWSBatch
AWS Batch enablesdevelopers,scientists,andengineerstoeasilyandefficientlyrunhundredsof
thousandsof batch computingjobsonAWS.
AWS Batch dynamicallyprovisionsthe optimalquantityandtype of compute resources(e.g.,CPU
or memoryoptimizedinstances) basedonthe volume andspecificresource requirementsof the
batch jobssubmitted.
AWS Storage
Amazon Simple Storage Service (S3)
AmazonS3 is objectstorage builttostore and retrieve anyamountof datafrom anywhere –web
sitesandmobile apps,corporate applications,anddatafromIoT sensorsordevices.
30. You can store any type of file inS3. S3 is designedtodeliver99.999999999% durability,andstores
data for millionsof applicationsusedbymarketleadersineveryindustry.
S3 providescomprehensive securityandcompliance capabilitiesthatmeeteventhe moststringent
regulatoryrequirements.
S3 givescustomersflexibilityinthe waytheymanage dataforcost optimization,accesscontrol,
and compliance.
Typical use casesinclude:
Backup and Storage – Provide databackupand storage servicesforothers.
ApplicationHosting – Provide servicesthatdeploy,install,andmanage webapplications.
MediaHosting – Builda redundant,scalable,andhighlyavailable infrastructure thathosts
video,photo,ormusicuploadsanddownloads.
Software Delivery– Host yoursoftware applicationsthatcustomerscandownload.
Static Website – youcan configure astaticwebsite torunfrom an S3 bucket.
S3 providesquery-in-place functionality,allowingyoutorunpowerful analyticsdirectlyonyour
data at rest inS3. AndAmazonS3 isthe most supportedcloudstorage service available,with
integrationfromthe largestcommunityof third-partysolutions,systemsintegratorpartners,and
otherAWS services. Filescanbe anywhere from0bytesto 5 TB. There isunlimitedstorage
available.
Filesare storedinbuckets.Bucketsare root level folders. Anysubfolderwithinabucketisknown
as a “folder”. S3 isa universal namespace sobucketnamesmustbe unique globally.
There are six S3 storage classes.
S3 Standard (durable,immediatelyavailable,frequentlyaccessed).
S3 Intelligent-Tiering(automaticallymovesdatatothe most cost-effective tier).
S3 Standard-IA (durable,immediatelyavailable, infrequentlyaccessed).
S3 One Zone-IA (lowercostforinfrequentlyaccesseddatawithlessresilience).
S3 Glacier(archiveddata,retrieval timesinminutesorhours).
S3 GlacierDeepArchive (lowestcoststorage classfor longtermretention).
The table belowprovidesthe detailsof eachAmazonS3storage class:
31. Whenyousuccessfullyuploadafile toS3you receive aHTTP 200 code.
S3 is a persistent,highlydurabledatastore.
Persistentdatastoresare non-volatilestorage systemsthatretaindatawhenpoweredoff.
Thisis incontrast to transientdatastoresand ephemeraldatastoreswhichlose the datawhen
poweredoff.
The followingtable providesadescriptionof persistent,transientandephemeral datastoresand
whichAWSservice touse:
Bucket names must followa set of rules:
32. Namesmustbe unique acrossall of AWS.
Namesmustbe 3 to 63 characters inlength.
Namescan onlycontainlowercase letters,numbersandhyphens.
Namescannotbe formattedasan IP address.
Objectsconsist of:
Key (name of the object).
Value (datamade upof a sequence of bytes).
VersionID(usedforversioning).
Metadata (dataabout the data that isstored).
Subresources:
Accesscontrol lists.
Torrent.
Objectsharing– the abilitytomake any objectpubliclyavailable viaaURL.
Lifecycle management –setrulestotransferobjectsbetweenstorage classesatdefinedtime
intervals.
Versioning–automaticallykeepmultiple versionsof anobject(whenenabled).
Encryptioncan be enabledforbucket. Datais securedusingACLsandbucketpolicies.
Tiers:
S3 standard.
S3-IA.
S3 One Zone – IA.
Glacier.
Charges:
Storage.
Requests.
Storage managementpricing.
Data transferpricing.
Transferacceleration.
Whenyoucreate a bucketyouneedto selectthe regionwhere itwill be created.
33. It isa bestpractice to create bucketsinregionsthatare physicallyclosesttoyourusersto reduce
latency.
Additional capabilitiesofferedbyAmazonS3include:
AWSSnowball
WithAWS Snowball (Snowball),youcantransferhundredsof terabytesorpetabytesof data
betweenyouron-premisesdatacentersandAmazonSimple Storage Service (AmazonS3).
Uses a secure storage device forphysical transportation.
AWS Snowball Clientissoftwarethatisinstalledonalocal computerandis usedtoidentify,
compress,encrypt,andtransferdata.
Uses 256-bit encryption(managedwiththe AWSKMS) and tamper-resistantenclosureswithTPM.
Snowball (80TB) (50TB model available onlyinthe USA).
Snowball Edge (100TB) comeswithonboardstorage andcompute capabilities.
Snowmobile–exabyte scale withupto100PB perSnowmobile.
Snowcone isa small device usedforedge computing,storage anddatatransfer.
Snowball canimportto S3 or exportfromS3.
Import/exportiswhenyousendyourowndisksintoAWS – thisisbeingdeprecatedinfavourof
Snowball.
Snowball mustbe orderedfromandreturnedtothe same region.
To speedupdata transferitis recommendedtorunsimultaneousinstancesof the AWSSnowball
Clientinmultiple terminalsandtransfersmall files asbatches.
34. Amazon Elastic Block Store (EBS)
AmazonElasticBlockStore (AmazonEBS) providespersistentblockstorage volumesforuse
withAmazonEC2 instancesinthe AWS Cloud.
Each AmazonEBS volume isautomaticallyreplicatedwithinitsAvailability Zone toprotectyou
fromcomponentfailure,offeringhighavailabilityanddurability.
AmazonEBS volumesofferthe consistentandlow-latencyperformance neededtorunyour
workloads.WithAmazonEBS,youcan scale your usage up or downwithinminutes –all while
payinga lowprice for onlywhatyouprovision.
The followingtable showsacomparisonof a few EBS volume types:
35. EBS volume datapersistsindependentlyof the lifeof the instance. EBSvolumesdonotneed tobe
attachedto an instance. Youcan attach multiple EBSvolumestoaninstance. Youcannot attach an
EBS volume tomultiple instances(useElasticFileStore instead). EBSvolumesmustbe inthe same
AZ as the instancestheyare attachedto. Terminationprotectionisturnedoff bydefaultandmust
be manuallyenabled(keepsthe volume/datawhenthe instance isterminated). RootEBSvolumes
are deletedonterminationbydefault. Extranon-bootvolumesare notdeletedonterminationby
default. The behaviorcanbe changedbyalteringthe “DeleteOnTermination”attribute.
EBS Snapshots:
Snapshotscapture a point-in-timestate of aninstance. Snapshotsare storedonS3.
Doesnot provide granularbackup(nota replacementforbackupsoftware).
If you make periodicsnapshotsof avolume,the snapshotsare incremental,whichmeans
that onlythe blocksonthe device thathave changedafteryourlastsnapshotare savedin
the newsnapshot.
Eventhoughsnapshotsare savedincrementally,the snapshotdeletionprocessisdesigned
so that youneedtoretainonlythe most recentsnapshotinorderto restore the volume.
Snapshotscan onlybe accessedthroughthe EC2 APIs. EBS volumesare AZspecificbut
snapshotsare regionspecific.
36. INSTANCE STORES
Instance store volumesare highperformance local disks thatare physicallyattachedtothe host
computeronwhichan EC2 instance runs.
Instance storesare ephemeral whichmeansthe dataislostwhenpoweredoff (non-persistent).
Instancesstoresare ideal fortemporarystorage of informationthatchangesfrequently,suchas
buffers,caches,or scratch data.
Instance store volume rootdevicesare createdfromAMItemplatesstoredonS3.
Instance store volumescannotbe detached/reattached.
Amazon Elastic File System(EFS)
EFS isa fully-managedservicethatmakesiteasyto setup and scale file storage inthe Amazon
Cloud.
Good forbig data andanalytics,mediaprocessingworkflows,contentmanagement,webserving,
home directoriesetc.
EFS usesthe NFSprotocol.
Pay forwhat youuse (nopre-provisioningrequired).
Can scale up to petabytes.
EFS iselasticandgrows andshrinksas youadd and remove data.
Can concurrentlyconnect1 to 1000s of EC2 instances,frommultiple AZs.
A file systemcanbe accessedconcurrentlyfromall AZsinthe regionwhere itislocated.
By defaultyoucancreate upto 10 file systemsperaccount.
On-premisesaccesscanbe enabledviaDirectConnectorAWS VPN.
Can choose General Purpose orMax I/O(bothSSD).
The VPC of the connectinginstance musthave DNShostnamesenabled.
EFS providesafile systeminterface,filesystemaccesssemantics(suchasstrongconsistencyand
file locking).
Data is storedacrossmultiple AZ’swithinaregion.
Readafterwrite consistency.
Needtocreate mounttargets andchoose AZ’sto include (recommendedtoinclude all AZ’s).
Instancescan be behindanELB.
37. There are twoperformance modes:
“General Purpose”performance modeisappropriate formostfile systems.
“Max I/O” performance mode isoptimizedforapplicationswhere tens,hundreds,or
thousands of EC2 instancesare accessingthe file system.
AmazonEFS isdesignedtoburstto allow highthroughputlevelsforperiodsof time.
AWSStorage Gateway
AWS Storage Gatewayisa hybridcloudstorage service thatgivesyouon-premisesaccessto
virtually unlimitedcloudstorage. Customersuse Storage Gatewaytosimplifystorage management
and reduce costsfor keyhybridcloudstorage use cases.
These include movingbackupstothe cloud,usingon-premisesfilesharesbackedbycloudstorage,
and providinglowlatencyaccesstodatain AWSfor on-premisesapplications.
To supportthese use cases,Storage Gatewayoffersthree differenttypesof gateways:
File Gateway – providesfilesysteminterfacestoon-premisesservers.
Volume Gateway –providesblock-basedaccessforon-premisesservers.
Tape Gateway – providesavirtual tape librarythatis compatible withcommonbackup
software (blockandfile interfaces).
38. AWS Networking
Amazon Virtual Private Cloud (VPC)
A virtual private cloud(VPC) isavirtual network dedicatedtoyourAWSaccount. Analogousto
havingyourownDC inside AWS. Itislogicallyisolatedfromothervirtualnetworksinthe AWS
Cloud. Providescompletecontrol overthe virtual networkingenvironmentincludingselectionof IP
ranges,creationof subnets,andconfigurationof route tablesandgateways.
You can launchyour AWSresources,suchas AmazonEC2 instances,intoyourVPC.
Whenyoucreate a VPC,youmust specifyarange of IPv4addressesforthe VPCinthe formof a
ClasslessInter-DomainRouting(CIDR) block;forexample, 10.0.0.0/16.
Thisis the primaryCIDR blockforyour VPC. A VPCspansall the AvailabilityZonesinthe region.
You have full control overwhohasaccess to the AWS resourcesinside yourVPC.
You can create your ownIP addressranges,andcreate subnets,route tablesandnetwork
gateways.
Whenyoufirstcreate yourAWS account a defaultVPCiscreatedforyouin eachAWS region.
A defaultVPCiscreatedineachregionwitha subnetineachAZ. By defaultyoucan create up to 5
VPCsperregion.
39. You can define dedicatedtenancyforaVPCto ensure instancesare launchedondedicated
hardware (overridesthe configurationspecifiedatlaunch).
A defaultVPCisautomaticallycreatedforeachAWSaccount the firsttime AmazonEC2 resources
are provisioned.
The defaultVPChasall-publicsubnets.
Publicsubnetsare subnetsthathave:
“Auto-assignpublicIPv4address”setto“Yes”.
The subnetroute table hasan attached InternetGateway.
Instancesinthe defaultVPCalwayshave bothapublicandprivate IPaddress.
AZsnamesare mappedtodifferentzonesfordifferentusers(i.e.the AZ“ap-southeast-2a”may
map to a differentphysical zone foradifferentuser).
Componentsof aVPC:
A Virtual Private Cloud: A logicallyisolatedvirtual networkinthe AWScloud.Youdefine a
VPC’sIPaddressspace fromrangesyou select.
Subnet:A segmentof a VPC’sIPaddressrange where youcan place groupsof isolated
resources(mapstoan AZ, 1:1).
InternetGateway: The AmazonVPCside of a connectiontothe publicInternet.
NAT Gateway: A highlyavailable,managedNetworkAddressTranslation(NAT) service for
your resourcesina private subnettoaccessthe Internet.
Hardware VPNConnection:A hardware-basedVPN connectionbetweenyour AmazonVPC
and yourdatacenter,home network,orco-locationfacility.
Virtual Private Gateway: The AmazonVPCside of a VPN connection.
CustomerGateway: Your side of a VPN connection.
Router: Routersinterconnectsubnetsanddirecttrafficbetween Internetgateways,virtual
private gateways,NATgateways,andsubnets.
PeeringConnection:A peeringconnectionenablesyoutoroute trafficviaprivate IP
addressesbetweentwopeeredVPCs.
VPC Endpoints:Enablesprivate connectivitytoserviceshostedinAWS,fromwithinyour
VPCwithoutusinganInternetGateway,VPN,NetworkAddressTranslation(NAT) devices,
or firewall proxies.
Egress-onlyInternetGateway:A stateful gatewaytoprovide egressonlyaccessforIPv6
trafficfromthe VPCto the Internet.
40. Optionsfor securelyconnectingto a VPC are:
AWS managedVPN – fastto setup.
DirectConnect– highbandwidth,low-latencybuttakesweekstomonthstosetup.
VPN CloudHub – usedforconnectingmultiple sitestoAWS.
Software VPN –use 3rd party software.
An ElasticNetworkInterface (ENI) isalogical networkingcomponentthatrepresentsaNIC.
ENIscan be attachedand detachedfromEC2 instancesandthe configurationof the ENIwill be
maintained.
FlowLogs capture informationaboutthe IPtrafficgoingtoand fromnetworkinterfacesinaVPC.
Flowlogdata isstoredusingAmazonCloudWatchLogs.
Flowlogscan be createdat the followinglevels:
VPC.
Subnet.
Networkinterface.
Peeringconnectionscanbe createdwithVPCsindifferentregions(available inmostregionsnow).
Subnets
Aftercreatinga VPC,youcan add one or more subnetsineach AvailabilityZone.
Whenyoucreate a subnet,youspecifythe CIDRblockforthe subnet,whichisa subsetof the VPC
CIDR block.
Each subnetmustreside entirely withinone AvailabilityZone andcannotspanzones.
Typesof subnet:
If a subnet’strafficisroutedtoan internetgateway,the subnetisknownasa public
subnet.
If a subnetdoesn’thave aroute to the internetgateway,the subnetisknownasa private
subnet.
If a subnetdoesn’thave aroute to the internetgateway,buthasitstrafficroutedtoa
virtual private gatewayforaVPN connection,the subnetisknownasa VPN-onlysubnet.
An InternetGatewayisahorizontallyscaled,redundant,andhighlyavailableVPCcomponentthat
allowscommunicationbetweeninstancesinyourVPCandthe internet.
41. Firewalls
NetworkAccessControl Lists(ACLs) provideafirewall/securitylayeratthe subnetlevel.
SecurityGroupsprovide afirewall/securitylayeratthe instance level.
The table belowdescribessome differencesbetweenSecurityGroupsandNetworkACLs:
VPC Wizard
The VPC Wizardcan be usedtocreate the followingfourconfigurations:
VPCwitha Single PublicSubnet:
Your instancesrunina private,isolatedsectionof the AWScloudwithdirectaccessto the
Internet.
Networkaccesscontrol listsandsecuritygroupscan be usedto provide strictcontrol over
inboundandoutboundnetworktraffictoyourinstances.
Createsa /16 networkwitha/24 subnet.Publicsubnetinstancesuse ElasticIPsorPublic
IPsto access the Internet.
42. VPC withPublic and Private Subnets:
In additiontocontainingapublicsubnet,thisconfigurationaddsaprivate subnetwhose
instancesare notaddressable fromthe Internet.
Instancesinthe private subnetcanestablishoutboundconnectionstothe Internetviathe
publicsubnetusingNetworkAddressTranslation(NAT).
Createsa /16 networkwithtwo/24 subnets.
Publicsubnetinstancesuse ElasticIPstoaccess the Internet.
Private subnetinstancesaccessthe InternetviaNetworkAddressTranslation(NAT).
VPCwithPublicandPrivate SubnetsandHardware VPN Access:
ThisconfigurationaddsanIPsecVirtual Private Network(VPN) connectionbetweenyour
AmazonVPCand yourdata center– effectivelyextendingyourdatacenterto the cloud
while alsoprovidingdirectaccesstothe Internetforpublicsubnetinstancesinyour
AmazonVPC.
Createsa /16 networkwithtwo/24 subnets.
One subnetisdirectlyconnectedtothe Internetwhile the othersubnetisconnectedto
your corporate networkviaanIPsecVPN tunnel.
VPCwitha Private SubnetOnlyandHardware VPN Access:
Your instancesrunina private,isolatedsectionof the AWScloudwitha private subnet
whose instancesare notaddressable fromthe Internet.
You can connectthisprivate subnettoyour corporate data centerviaan IPsecVirtual
Private Network(VPN) tunnel.
Createsa /16 networkwitha/24 subnetandprovisionsanIPsecVPN tunnel betweenyour
AmazonVPCand yourcorporate network.
NAT Instances
NATinstancesare managed by you. Used to enable private subnetinstancestoaccessthe Internet.
WhencreatingNATinstancesalwaysdisable the source/destinationcheckonthe instance. NAT
instancesmustbe ina single publicsubnet. NATinstancesneedtobe assignedtosecuritygroups.
NAT Gateways
NATgatewaysare managed foryou byAWS. NATgatewaysare highlyavailableineachAZinto
whichtheyare deployed. Theyare preferredbyenterprises. Canscale automaticallyupto45Gbps.
No needtopatch. Not associatedwithanysecuritygroups.
43. The table belowdescribessome differencesbetweenNATinstancesandNATgateways:
Direct Connect
AWS DirectConnectisa networkservice thatprovidesanalternativetousingthe Internetto
connecta customer’sonpremise sitestoAWS.
Data is transmitted throughaprivate networkconnectionbetweenAWSandacustomer’s
datacenteror corporate network.
Benefits:
Reduce costwhenusinglarge volumesof traffic.
Increase reliability (predictable performance).
Increase bandwidth(predictable bandwidth).
Decrease latency.
Each AWS DirectConnectconnectioncanbe configuredwithone ormore virtual interfaces(VIFs).
44. PublicVIFsallowaccesstopublicservices suchasS3, EC2, and DynamoDB. Private VIFsallow
access to yourVPC. FromDirect Connectyoucan connectto all AZs withinthe Region.
You can establishIPSecconnectionsover publicVIFstoremote regions. DirectConnectischarged
by porthours and data transfer. Available in1Gbpsand10Gbps.
Speedsof 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, and 500Mbps can be purchased
throughAWS DirectConnectPartners.
Each connectionconsistsof a single dedicatedconnectionbetweenportsonthe customerrouter
and an Amazonrouter. forHA you musthave 2 DX connections –can be active/activeor
active/standby.
Route tablesneedtobe updatedtopointto a Direct Connectconnection.
AWSGlobal Accelerator
AWS Global Acceleratorisaservice thatimprovesthe availabilityand performance of applications
withlocal or global users.
It providesstaticIPaddressesthatact as a fixedentrypointtoapplicationendpointsinasingle or
multiple AWSRegions,suchasApplicationLoadBalancers,NetworkLoadBalancersorEC2
instances.
45. Uses the AWSglobal networktooptimize the pathfromuserstoapplications,improvingthe
performance of TCPand UDP traffic.
AWS Global Acceleratorcontinuallymonitorsthe healthof applicationendpointsandwilldetectan
unhealthyendpointandredirecttraffictohealthyendpointsinlessthan1minute.
Detailsand Benefits
Uses redundant(two) staticanycastIPaddressesindifferentnetworkzones(A andB). The
redundantpairare globallyadvertized.
Uses AWSEdge Locations – addressesare announcedfrommultiple edgelocationsatthe same
time. Addressesare associatedtoregional AWSresourcesorendpoints.
AWS Global Accelerator’sIPaddressesserve asthe frontendinterface of applications.
Intelligenttrafficdistribution:Routesconnectionstothe closestpointof presence forapplications.
Targetscan be AmazonEC2 instancesorElasticLoad Balancers(ALBand NLB).
By usingthe staticIP addresses,youdon’tneedtomake anyclient-facingchangesorupdate DNS
recordsas you modifyorreplace endpoints.
The addressesare assignedtoyouracceleratorfor as longas itexists,evenif youdisable the
acceleratorandit no longeracceptsor routestraffic.
AWSOutposts
AWS Outpostsisa fullymanagedservicethatoffersthe same AWSinfrastructure,AWSservices,
APIs,andtoolsto virtuallyanydatacenter,co-locationspace,oron-premisesfacilityforatruly
consistenthybridexperience.
AWS Outpostsisideal forworkloadsthatrequire low latencyaccesstoon-premisessystems,local
data processing,dataresidency,andmigrationof applicationswithlocal system
interdependencies.
AWS compute,storage,database,andotherservicesrunlocallyonOutposts,andyoucan access
the full range of AWS servicesavailable inthe Regiontobuild, manage,andscale youron-premises
applicationsusingfamiliarAWSservicesandtools.
Outpostsisavailable asa42U rack that can scale from1 rack to 96 racks to create poolsof
compute andstorage capacity.
Servicesyoucanrun on AWS Outpostsinclude:
AmazonEC2, Amazon EBS, AmazonS3, AmazonVPC,AmazonECS/EKS,AmazonRDS and
AmazonEMR.
46. AWS Databases
Use Cases For Different Database Types
The table belowprovidesguidance onthe typical use casesforseveral AWSdatabase/datastore
services:
We’ll nowcoverseveral of these database typesthatmaycome upon the exam.
47. Amazon Relational Database Services (RDS)
AmazonRelational Database Service (AmazonRDS) isa managedservice thatmakesiteasytoset
up,operate,andscale a relational database inthe cloud.
Relational databasesare knownasStructuredQueryLanguage (SQL) databases.
Non-relational databasesare knownasNoSQLdatabases.
RDS isan Online TransactionProcessing(OLTP) typeof database.
RDS featuresandbenefits:
SQL type of database.
Can be usedto performcomplex queriesandjoins.
Easy to setup,highlyavailable,faulttolerant,andscalable.
Usedwhendata isclearlydefined.
Commonuse casesinclude onlinestoresandbankingsystems.
AmazonRDS supportsthe following database engines:
SQL Server.
Oracle.
MySQL Server.
PostgreSQL.
Aurora.
MariaDB.
Aurora isAmazon’sproprietarydatabase.
RDS isa fullymanagedserviceandyoudonot have access to the underlyingEC2instance (noroot
access).
The RDS service includesthe following:
Securityandpatchingof the DB instances.
Automatedbackupforthe DB instances.
Software updatesforthe DB engine.
Easy scalingforstorage and compute.
Multi-AZoptionwithsynchronousreplication.
AutomaticfailoverforMulti-AZoption.
48. Readreplicasoptionforreadheavyworkloads.
A DB instance isa database environmentinthe cloudwiththe compute andstorage resourcesyou
specify.
Encryption:
You can encryptyour AmazonRDSinstancesandsnapshotsat restby enablingthe
encryptionoptionforyourAmazonRDSDB instance.
Encryptionat restis supportedforall DB typesandusesAWSKMS.
You cannot encryptan existingDB,youneedtocreate a snapshot,copyit,encryptthe
copy,thenbuildanencryptedDB fromthe snapshot.
DB SubnetGroups:
A DB subnetgroupisa collectionof subnets(typicallyprivate) thatyoucreate ina VPCand
that youthendesignate foryourDB instances.
Each DB subnetgroupshouldhave subnetsinatleasttwoAvailabilityZonesinagiven
region.
It isrecommendedtoconfigure asubnetgroupwithsubnetsineachAZ(evenfor
standalone instances).
AWS Charge for:
DB instance hours(partial hoursare charged as full hours).
Storage GB/month.
I/Orequests/month –formagneticstorage.
ProvisionedIOPS/month–forRDS provisionedIOPSSSD.
Egressdata transfer.
Backup storage (DBbackups andmanual snapshots).
Scalability:
You can onlyscale RDS up (compute andstorage).
You cannot decrease the allocatedstorage foranRDS instance.
You can scale storage and change the storage type for all DB enginesexceptMSSQL.
RDS providesmulti-AZfordisasterrecoverywhichprovidesfaulttoleranceacrossavailability
zones:
Multi-AZRDScreatesa replicainanotherAZ andsynchronouslyreplicatestoit(DRonly).
There isan optionto choose multi-AZduringthe launchwizard.
49. AWS recommendsthe use of provisionedIOPSstorage formulti-AZRDSDB instances.
Each AZ runs onits ownphysicallydistinct,independentinfrastructure,andisengineered
to be highlyreliable.
You cannot choose whichAZinthe regionwill be chosentocreate the standbyDB
instance.
ReadReplicas – provide improvedperformance forreads:
Readreplicasare usedfor readheavyDBs and replicationisasynchronous.
Readreplicasare for workloadsharingandoffloading.
Readreplicasprovide read-onlyDR.
Readreplicasare createdfrom a snapshotof the masterinstance.
Must have automatedbackupsenabledonthe primary(retentionperiod>0).
Amazon DynamoDB
AmazonDynamoDBisa fullymanagedNoSQLdatabase servicethatprovidesfastandpredictable
performance withseamlessscalability.
DynamoDB featuresandbenefits:
50. NoSQLtype of database (non-relational).
Fast,highlyavailable,andfullymanaged.
Usedwhendata isfluidandcan change.
Commonuse casesinclude social networksandwebanalytics.
Pushbuttonscalingmeansthatyou can scale the DB at any time withoutincurringdowntime.
SSD basedanduseslimitedindexingonattributesforperformance.
DynamoDBis a Webservice thatusesHTTP overSSL (HTTPS) as a transportand JSON as a message
serialisationformat.
AmazonDynamoDBstoresthree geographicallydistributedreplicasof eachtable toenable high
availabilityanddatadurability.
Data is synchronouslyreplicatedacross3 facilities(AZs) inaregion.
Cross-regionreplicationallowsyoutoreplicate acrossregions:
AmazonDynamoDBglobal tables providesafullymanagedsolutionfordeployingamulti-
region,multi-masterdatabase.
Whenyoucreate a global table, youspecifythe AWSregionswhere youwantthe table to
be available.
DynamoDBperformsall of the necessarytasksto create identical tablesintheseregions,
and propagate ongoingdatachangesto all of them.
Provideslowreadandwrite latency.
Scale storage and throughputupor downas neededwithoutcode changesordowntime.
DynamoDBis schema-less.
DynamoDBcan be usedforstoringsessionstate.
Providestworeadmodels.
Eventuallyconsistentreads(Default):
The eventual consistencyoptionmaximises yourreadthroughput(bestreadperformance).
An eventuallyconsistentreadmightnotreflectthe resultsof arecentlycompletedwrite.
Consistencyacrossall copiesreachedwithin1second.
Stronglyconsistentreads:
A stronglyconsistentreadreturnsa resultthatreflectsall writesthatreceivedasuccessful
response priortothe read (fasterconsistency).
51. AmazonDynamoDBAccelerator(DAX) isafullymanaged,highlyavailable,in-memorycache for
DynamoDBthat deliversuptoa 10x performance improvement–frommillisecondsto
microseconds –evenat millionsof requestspersecond.
Amazon RedShift
AmazonRedshiftisafast,fullymanageddatawarehouse thatmakesitsimple andcost-effectiveto
analyze all yourdata usingstandardSQL and existingBusinessIntelligence (BI) tools.
RedShiftisaSQL baseddata warehouse usedfor analyticsapplications.
RedShiftisarelational database thatisusedforOnline AnalyticsProcessing(OLAP) use cases.
RedShiftisusedforrunningcomplex analyticqueriesagainstpetabytesof structureddata,using
sophisticatedqueryoptimization,columnarstorage onhigh-performance local disks,andmassively
parallel queryexecution.
RedShiftisideal forprocessinglarge amountsof datafor businessintelligence.
RedShiftis10x fasterthan a traditional SQLDB.
RedShiftusescolumnardatastorage:
Data is storedsequentiallyincolumnsinsteadof rows.
ColumnarbasedDB isideal fordata warehousingandanalytics.
RequiresfewerI/Oswhichgreatlyenhancesperformance.
RedShiftprovidesadvancedcompression:
Data is storedsequentiallyincolumnswhichallowsformuchbetterperformanceandless
storage space.
RedShiftautomaticallyselectsthe compressionscheme.
RedShiftusesreplicationandcontinuousbackupstoenhance availabilityandimprovedurability
and can automaticallyrecoverfromcomponentandnode failures.
RedShiftalwayskeepsthree copiesof yourdata:
The original.
A replicaoncompute nodes(withinthe cluster).
A backupcopy on S3.
RedShiftprovidescontinuous/incrementalbackups:
Multiple copieswithinacluster.
ContinuousandincrementalbackupstoS3.
52. Continuousandincrementalbackupsacrossregions.
Streamingrestore.
RedShiftprovidesfaulttolerance forthe followingfailures:
Diskfailures.
Nodesfailures.
Networkfailures.
AZ/regionlevel disasters.
Amazon ElastiCache
ElastiCache isa webservice thatmakesiteasyto deployandrunMemcachedor Redisprotocol-
compliantservernodesin the cloud.
The in-memorycachingprovidedbyElastiCachecanbe usedto significantlyimprove latencyand
throughputformany read-heavyapplicationworkloadsorcompute-intensiveworkloads.
Bestfor scenarioswhere the DBloadis basedonOnline AnalyticsProcessing(OLAP)transactions.
The followingtable describesafewtypical use casesforElastiCache:
Elasticache EC2 nodescannotbe accessedfromthe Internet,norcan theybe accessedbyEC2
instancesinotherVPCs. Canbe on-demandorreservedinstancestoo(butnotSpotinstances).
Elasticache can be usedforstoringsessionstate.
53. There are twotypesof ElastiCache engine:
Memcached – simplestmodel,canrunlarge nodeswithmultiple cores/threads,canbe
scaledinand out,can cache objectssuchas DBs.
Redis– complex model,supportsencryption,master/slave replication,crossAZ(HA),
automaticfailoverandbackup/restore.
Amazon EMR
AmazonEMR isa webservice thatenablesbusinesses,researchers,dataanalysts,anddevelopers
to easilyandcost-effectivelyprocessvastamountsof data.
EMR utilizesahostedHadoopframeworkrunningonAmazonEC2 and AmazonS3.
Managed Hadoop frameworkforprocessinghuge amountsof data.
AlsosupportApache Spark,HBase,PrestoandFlink.
Most commonlyusedforloganalysis,financialanalysis,orextract,translate andloading(ETL)
activities.
54. Amazon EC2 Auto Scaling
AmazonEC2 AutoScalingautomatesthe processof launching(scalingout) andterminating
(scalingin) AmazonEC2instancesbasedonthe trafficdemandforyour application. AutoScaling
helpstoensure thatyou have the correct numberof EC2 instancesavailable tohandle the
applicationload. AmazonEC2AutoScalingprovideselasticityandscalability. Youcreate collections
of EC2 instances,calledanAutoScalinggroup(ASG).
You can specifythe minimumnumberof instancesineachASG,andAWS AutoScalingwill
ensure the groupnevergoesbeneaththissize. Youcanalsospecifythe maximumnumberof
instancesineachASG and the groupwill nevergoabove thissize. A desiredcapacitycanbe
configuredandAWSAutoScalingwill ensure the grouphasthisnumberof instances. Youcanalso
specifyscalingpoliciesthatcontrol whenAutoScalinglaunchesorterminatesinstances.
Scalingpoliciesdetermine when,if,andhow the ASGscalesandshrinks(on-
demand/dynamicscaling,cyclic/scheduledscaling). ScalingPlansdefine the triggersandwhen
instancesshouldbe provisioned/de-provisioned. A launchconfigurationisthe templateusedto
create newEC2 instancesandincludesparameterssuchasinstance family,instance type,AMI,key
pair andsecuritygroups.
55. Amazon Elastic Load Balancing (ELB)
ELB automaticallydistributesincomingapplicationtrafficacrossmultiple targets,suchasAmazon
EC2 instances,containers,andIPaddresses. sssELBcanhandle the varyingloadof yourapplication
trafficina single AvailabilityZone oracrossmultiple AvailabilityZones.
ELB featureshighavailability,automaticscaling,androbustsecuritynecessarytomake your
applicationsfaulttolerant.
There are fourtypesof ElasticLoad Balancer(ELB) on AWS:
ApplicationLoadBalancer(ALB) –layer7 loadbalancerthat routesconnectionsbasedon
the contentof the request.
NetworkLoadBalancer(NLB) – layer4 loadbalancerthat routesconnectionsbasedonIP
protocol data.
ClassicLoad Balancer(CLB) – thisis the oldestof the three andprovidesbasicload
balancingat bothlayer4 andlayer7 (noton the examanymore).
GatewayLoad Balancer(GLB) – distributesconnectionstovirtual appliancesandscales
themup or down(noton the exam).
Application Load Balancer (ALB)
ALB isbestsuitedforloadbalancingof HTTP and HTTPS trafficand providesadvancedrequest
routingtargetedat the deliveryof modernapplicationarchitectures,includingmicroservicesand
containers.
Operatingatthe individual requestlevel(Layer7), ApplicationLoadBalancerroutestrafficto
targetswithinAmazonVirtual PrivateCloud(AmazonVPC) basedonthe contentof the request.
Network Load Balancer (NLB)
NLB isbestsuitedforloadbalancingof TCP trafficwhere extremeperformance isrequired.
Operatingatthe connectionlevel (Layer4),NetworkLoadBalancerroutestraffictotargets within
AmazonVirtual Private Cloud(AmazonVPC) andiscapable of handlingmillionsof requestsper
secondwhile maintainingultra-lowlatencies.
NetworkLoad Balancerisalso optimizedtohandle suddenandvolatile trafficpatterns.
56. Content Delivery and DNS Services
Amazon Route 53
Route 53 is the AWSDomainName Service.
Route 53 performsthree mainfunctions:
Domainregistration –Route 53 allowsyou to registerdomainnames.
DomainName Service (DNS) –Route 53 translatesname toIP addressesusingaglobal
networkof authoritative DNSservers.
Healthchecking– Route 53 sendsautomatedrequeststoyourapplicationtoverifythatit’s
reachable,available andfunctional.
You can use any combinationof these functions.
Route 53 benefits:
57. Domainregistration.
DNS service.
TrafficFlow(senduserstothe bestendpoint).
Healthchecking.
DNS failover(automaticallychange domainendpointif systemfails).
IntegrateswithELB,S3, and CloudFrontasendpoints.
Routingpoliciesdetermine how Route 53DNSrespondsto queries.
The followingtable highlightsthe keyfunctionof eachtype of routingpolicy:
Amazon CloudFront
CloudFrontisa contentdeliverynetwork(CDN) thatallowsyoutostore (cache) yourcontentat
“edge locations”locatedaroundthe world.
Thisallowscustomerstoaccesscontentmore quicklyandprovidessecurityagainstDDoSattacks.
CloudFrontcanbe usedfor data, videos,applications,andAPIs.
CloudFrontbenefits:
Cache contentat Edge Locationfor fastdistributiontocustomers.
Built-inDistributedDenial of Service (DDoS) attackprotection.
58. IntegrateswithmanyAWSservices(S3,EC2,ELB, Route 53, Lambda).
OriginsandDistributions:
An originisthe originof the filesthatthe CDN will distribute.
Originscan be eitheranS3 bucket,an EC2 instance,anElasticLoad Balancer,or Route 53 –
can alsobe external (non-AWS).
To distribute contentwithCloudFrontyouneedtocreate adistribution.
There are twotypesof distribution:WebDistributionandRTMP Distribution.
CloudFrontusesEdge LocationsandRegional Edge Caches:
An edge locationisthe locationwhere contentiscached(separate toAWSregions/AZs).
Requestsare automaticallyroutedtothe nearestedge location.
Regional Edge Cachesare locatedbetweenoriginwebserversandglobal edge locations
and have a largercache.
Regional Edge cachesaimto getcontentcloserto users.
The diagram belowshowswhere RegionalEdge CachesandEdge Locationsare placedinrelationto
endusers:
59. Monitoring and Logging Services
Amazon CloudWatch
AmazonCloudWatchisa monitoringservice forAWScloudresourcesandthe applicationsyourun
on AWS.
CloudWatch isfor performance monitoring(CloudTrail isforauditing).
Usedto collectand track metrics,collectandmonitorlogfiles,andsetalarms.
Automaticallyreacttochangesinyour AWSresources.
Monitorresourcessuchas:
EC2 instances.
DynamoDBtables.
RDS DB instances.
Custommetricsgeneratedbyapplicationsandservices.
Anylogfilesgeneratedbyyourapplications.
Gain system-widevisibilityintoresource utilization.
CloudWatchmonitoringincludesapplicationperformance.
Monitoroperational health.
CloudWatchisaccessedviaAPI,command-line interface,AWSSDKs,andthe AWS Management
Console.
CloudWatchintegrateswithIAM.
AmazonCloudWatchLogsletsyoumonitorand troubleshootyoursystemsandapplicationsusing
your existingsystem, applicationandcustomlogfiles.
CloudWatchLogscan be usedforreal time applicationandsystemmonitoringaswell aslongterm
logretention.
CloudWatchLogskeepslogsindefinitelybydefault.
CloudTrail logscanbe sentto CloudWatchLogs forreal-time monitoring.
CloudWatchLogsmetricfilterscanevaluate CloudTrail logsforspecificterms,phrasesorvalues.
CloudWatchretainsmetricdataas follows:
Data pointswitha periodof lessthan60 secondsare available for3 hours.These data
pointsare high-resolutioncustommetrics.
60. Data pointswitha periodof 60 seconds(1 minute) are available for15 days.
Data pointswitha periodof 300 seconds(5 minute) are availablefor63 days.
Data pointswitha periodof 3600 seconds(1hour) are available for455 days(15 months).
Dashboards allowyouto create,customize,interactwith,andsave graphsof AWS resourcesand
custommetrics.
Alarmscan be usedto monitoranyAmazonCloudWatchmetricinyour account.
Eventsare a streamof systemeventsdescribingchangesinyourAWSresources.
Logs helpyouto aggregate,monitorandstore logs.
Basic monitoring=5 mins(free forEC2 Instances,EBSvolumes,ELBsandRDS DBs).
Detailedmonitoring=1 min(chargeable).
Metrics are providedautomaticallyforanumberof AWS productsand services.
There isno standardmetricfor memoryusage onEC2 instances.
A custommetricis anymetricyou provide toAmazonCloudWatch(e.g.time toloadawebpage or
applicationperformance).
Optionsforstoringlogs:
CloudWatchLogs.
Centralizedloggingsystem(e.g.Splunk).
Customscriptand store on S3.
Do not store logson non-persistentdisks:
Bestpractice is to store logsinCloudWatchLogs or S3.
CloudWatchLogssubscriptioncanbe usedacross multiple AWSaccounts(usingcrossaccount
access).
AmazonCloudWatchusesAmazonSNStosendemail.
AWS CloudTrail
AWS CloudTrail isawebservice thatrecordsactivitymade onyour account anddeliverslogfilesto
an AmazonS3 bucket.
CloudTrail isforauditing(CloudWatch isforperformance monitoring).
CloudTrail isaboutlogging andsavesa historyof APIcallsforyour AWS account.
Providesvisibilityintouseractivitybyrecordingactionstakenonyouraccount.
61. APIhistoryenablessecurityanalysis,resource change tracking,andcompliance auditing.
Logs APIcallsmade via:
AWS ManagementConsole.
AWS SDKs.
Commandline tools.
Higher-levelAWSservices(suchasCloudFormation).
CloudTrail recordsaccountactivityandservice eventsfrommostAWSservicesandlogsthe
followingrecords:
The identityof the APIcaller.
The time of the APIcall.
The source IPaddressof the APIcaller.
The requestparameters.
The response elementsreturnedbythe AWSservice.
CloudTrail isenabledbydefault.
CloudTrail isperAWSaccount.
You can consolidate logsfrommultiple accountsusinganS3bucket:
1. Turn on CloudTrail inthe payingaccount.
2. Create a bucketpolicythatallowscross-accountaccess.
3. Turn on CloudTrail inthe otheraccountsand use the bucketinthe payingaccount.
You can integrate CloudTrail withCloudWatchLogstodeliverdataeventscapturedbyCloudTrailto
a CloudWatchLogs logstream.
CloudTrail logfile integrityvalidationfeature allowsyoutodetermine whetheraCloudTrail logfile
was unchanged,deleted,ormodifiedsince CloudTraildeliveredittothe specifiedAmazonS3
bucket.
63. CloselyintegratedwithotherAWSservicessuchasCloudWatchsothat alarms,events,and
actionsinyour AWS accountcan triggernotifications.
Uses simple APIsandeasyintegrationwithapplications.
Flexible message deliveryisprovidedover multiple transportprotocols.
Offeredunderaninexpensive,pay-as-you-gomodel withnoup-frontcosts.
The web-basedAWSManagementConsole offersthe simplicityof apoint-and-clickinterface.
Data type is JSON.
SNSsupportsa wide varietyof needsincludingeventnotification,monitoringapplications,
workflowsystems,time-sensitiveinformationupdates,mobileapplications,andanyother
applicationthatgeneratesorconsumesnotifications.
SNSSubscribers:
HTTP.
HTTPS.
Email.
Email-JSON.
SQS.
Application.
Lambda.
SNSsupportsnotificationsovermultipletransportprotocols:
HTTP/HTTPS – subscribersspecifyaURL as part of the subscriptionregistration.
Email/Email-JSON–messagesare sentto registeredaddressesasemail (text-basedor
JSON-object).
SQS – userscan specifyanSQS standardqueue asthe endpoint.
SMS – messagesare senttoregisteredphone numbersasSMS textmessages.
Topicnamesare limitedto256 characters.
SNSsupportsCloudTrail auditingforauthenticatedcalls.
SNSprovidesdurable storage of all messagesthatitreceives(acrossmultiple AZs).
64. AWS Billing and Pricing
General Pricing Information
AWS BillingandPricingisone of the keysubjectsonthe CloudPractitionerexam.
AWS worksona payas yougo model inwhichyou onlypayfor whatyou use,whenyouare using
it.If youturn off resources,youdon’tpayfor them(youmaypay for consumedstorage).
There are noupfrontchargesand you stoppayingfora service whenyoustopusingit. Aside from
EC2 reservedinstances youare notlockedintolongtermcontracts and can terminate whenever
youchoose to.
Volume discountsare available sothe more youuse a service the cheaperitgets(perunitused).
There are noterminationfees. The three fundamental driversof costwithAWSare:compute,
storage and outbounddatatransfer. Inmost cases,there isno charge for inbounddatatransferor
for data transferbetweenotherAWSserviceswithinthe same region(there are some exceptions).
Outbounddatatransferisaggregatedacross servicesandthenchargedat the outbounddata
transferrate. Free tierallowsyoutorun certainresourcesforfree. Free tierincludesoffersthat
expire after12 monthsandoffersthatneverexpire.
Pricingpoliciesinclude:
Pay as yougo.
Pay less whenyoureserve.
Pay evenlessperunitwhenusingmore.
Pay evenlessasAWSgrows.
Custompricing(enterprise customersonly).
Free servicesinclude:
AmazonVPC.
ElasticBeanstalk(butnotthe resourcescreated).
CloudFormation(butnotthe resourcescreated).
IdentityAccessManagement(IAM).
AutoScaling(butnot the resourcescreated).
OpsWorks.
ConsolidatedBilling.
65. Fundamentallychargesinclude:
1. Compute,Storage and Data out.
Amazon EC2 pricing
EC2 pricingisbasedon:
Clockhoursof serveruptime.
Instance configuration.
Instance type.
Numberof instances.
Load balancing.
Detailedmonitoring.
AutoScaling(resourcescreated).
ElasticIP addresses(chargedif allocatedbutnotused).
Operatingsystemsandsoftware packages.
There are several pricingmodelforAWSservices,theseinclude:
On Demand:
Means youpay forcompute or database capacitywithno long-termcommitmentsof
upfrontpayments.
You pay forthe computercapacityperhour or persecond(Linux only,andappliestoOn-
Demand,ReservedandSpotinstances).
Recommendedforuserswhopreferlow costandflexibilitywithoutupfrontpaymentor
long-termcommitments.
Good forapplicationswithshort-term, spiky,orunpredictable workloadsthatcannotbe
interrupted.
DedicatedHosts:
A dedicatedhostisanEC2 serversdedicatedtoasingle customer.
Runsin yourVPC.
Good forwhenyouwant to leverage existingserver-boundsoftware licencessuchas
WindowsServer,SQLServer,andSUSE Linux Enterprise Server.
Alsogoodfor meetingcompliance requirements.
66. DedicatedInstances:
DedicatedInstancesare AmazonEC2 instancesthatrunin a VPCon hardware that’s
dedicatedtoa single customer.
Dedicatedinstancesare physicallyisolatedatthe hosthardware level frominstancesthat
belongtootherAWS accounts.
Dedicatedinstancesmayshare hardware withotherinstancesfromthe same AWSaccount
that are notDedicatedinstances.
SpotInstances:
Purchase spare computingcapacitywithnoupfrontcommitmentatdiscountedhourly
rates.
Providesup to90% off the On-Demandprice.
Recommendedforapplicationsthathave flexible startandendtimes,applicationsthatare
onlyfeasibleatverylowcompute prices,anduserswithurgentcomputingneedsforalot
of additional capacity.
In the oldmodel Spotinstanceswere terminatedbecause of highercompetingbids,inthe
newmodel thisdoesnothappenbutinstancesstill maybe terminated(witha2 minute
warning) whenEC2needsthe capacityback – note:the exammaynot be updatedto
reflectthisyet.
67. SavingsPlans:
Commitmenttoa consistentamountof usage (EC2+ Fargate + Lambda);Payby $/hour; 1
or 3-year commitment.
Reservations:
Reservedinstancesprovidesignificantdiscounts,upto75% comparedtoOn-Demand
pricing,bypayingforcapacity aheadof time.
Provide acapacity reservationwhenappliedtoaspecificAvailabilityZone.
Good forapplicationsthathave predictable usage,thatneedreservedcapacity,andfor
customerswhocan committo a 1 or 3-year term.
Reservationsapplytovariousservices,including:
AmazonEC2 ReservedInstances.
AmazonDynamoDBReservedCapacity.
AmazonElastiCache ReservedNodes.
AmazonRDS ReservedInstances.
AmazonRedShiftReservedInstances.
Reservationoptionsinclude noupfront,partial upfrontandall upfront.
Reservationtermsare 1 or 3 years.
Amazon Simple Storage Service (S3) Pricing
Storage pricingisdeterminedby:
Storage class – e.g.Standardor IA.
Storage quantity – data volume storedinyourbucketsona perGB basis.
Numberof requests – the numberandtype of requests,e.g.GET,PUT, POST,LIST, COPY.
Lifecycle transitionsrequests – movingdata betweenstorage classes.
Data transfer – data transferredoutof an S3 regionischarged.
Amazon Glacier pricing
Extremelylowcostandyoupay only forwhat youneedwithnocommitmentsof upfront
fees.
Chargedfor requestsanddatatransferredoutof Glacier.
68. “AmazonGlacierSelect”pricingallowsqueriestorundirectlyondata storedon Glacier
withouthavingtoretrieve the archive.Pricedonamountof data scanned,returned,and
numberof requestsinitiated.
Three optionsforaccessto archives,listedinthe table below:
AWS SnowballPricing
Pay a service fee perdatatransferjobandthe cost of shippingthe appliance.
Each job allowsuse of Snowball appliance for10days onsite forfree.
Data transferinto AWS isfree and outboundischarged(perregionpricing).
Amazon Relational Database Service (RDS) Pricing
RDS pricingisdeterminedby:
Clock hours of serveruptime – amountof time the DB instance isrunning.
Database characteristics – e.g.database engine,size andmemoryclass.
Database purchase type – e.g.On-Demand,Reserved.
Numberof database instances.
Provisionedstorage – backupis includedupto100% of the size of the DB. Afterthe DB is
terminatedbackupstorage ischargedperGB permonth.
Additional storage – the amountof storage in additiontothe provisionedstorage is
chargedper GB per month.
69. Requests– the numberof inputandoutputrequeststothe DB.
Deploymenttype – single AZormulti-AZ.
Data transfer – inboundisfree,outbounddatatransfercostsare tiered.
ReservedInstances– RDS RIs can be purchasedwithNoUpfront,Partial Upfront,or All
Upfrontterms.Available forAurora,MySQL,MariaDB, Oracle andSQL Server.
Amazon CloudFront Pricing
CloudFrontpricingisdeterminedby:
Traffic distribution– data transferand requestpricing,variesacrossregions,andisbased
on the edge locationfromwhichthe contentisserved.
Requests– the numberandtype of requests(HTTPorHTTPS) and the geographicregionin
whichtheyare made.
Data transfer out – quantityof data transferredoutof CloudFrontedge locations.
There are additional chargeable itemssuchasinvalidationrequests,field-level encryption
requests,andcustomSSL certificates.
AWS Lambda Pricing
Pay onlyforwhatyou use and chargedbasedon the numberof requestsforfunctionsandthe time
it takesto execute the code.
Price isdependentonthe amountof memoryallocatedtothe function.
Amazon Elastic Block Store (EBS) Pricing
Pricingisbasedon three factors:
Volumes –volume storage forall EBS volumestype ischargedbythe amountof GB
provisionedpermonth.
Snapshots – basedon the amountof space consumedbysnapshotsinS3. Copying
snapshotsischargedon the amountof data copiedacrossregions.
Data transfer– inbounddatatransferisfree,outbounddatatransferchargesare tiered.
Amazon DynamoDB Pricing
Chargedbasedon:
70. Provisionedthroughput(write).
Provisionedthroughput(read).
Indexeddata storage.
Data transfer – nocharge for data transferbetweenDynamoDBandotherAWSservices
withinthe same region,acrossregionsischargedonbothsidesof the transfer.
Global tables– chargedbasedon the resourcesassociatedwitheachreplicaof the table
(replicatedwritecapacityunits,orrWCUs).
ReservedCapacity – optionavailable foraone-time upfrontfee andcommitmentto
payinga minimumusage level atspecifichourlyratesforthe durationof the term.
Additional throughputischargedatstandardrates.
On-demandcapacity mode:
Chargedfor readsand writes
No needtospecifyhowmuchcapacityisrequired
Good forunpredictable workloads
Provisionedcapacity mode:
Specifynumberof readsandwritespersecond
Can use Auto Scaling
Good forpredictable workloads
Consistenttrafficorgradual changes
AWS Support Plans
There are fourAWS supportplansavailable:
Basic – billingandaccountsupportonly(accessto forumsonly).
Developer–businesshourssupportviaemail.
Business–24×7 email,chatand phone support.
Enterprise –24×7 email,chatand phone support.
Enterprise supportcomeswithaTechnical AccountManager(TAM).
Developerallowsone persontoopenunlimitedcases.
BusinessandEnterprise allowunlimitedcontactstoopenunlimitedcases.
71. Resource Groups and Tagging
Tags are key/ value pairsthatcan be attachedto AWS resources.
Tags containmetadata(data aboutdata).
Tags can sometimesbe inherited –e.g.resourcescreatedbyAutoScaling,CloudFormation or
ElasticBeanstalk.
Resource groupsmake iteasyto group resourcesusingthe tagsthat are assignedtothem.Youcan
groupresourcesthat share one or more tags.
Resource groupscontaingeneral information,suchas:
Region.
72. Name.
HealthChecks.
Andalsospecificinformation,suchas:
Public& private IPaddresses(forEC2).
Port configurations(forELB).
Database engine (forRDS).
AWS Organizationsand ConsolidatedBilling
AWS organizationsallowsyoutoconsolidate multipleAWSaccountsintoan organizationthatyou
create and centrallymanage.
Available intwofeature sets:
ConsolidatedBilling.
All features.
Includesrootaccountsand organizational units.
Policiesare appliedtorootaccounts or OUs.
Consolidatedbillingincludes:
PayingAccount– independentandcannotaccessresourcesof otheraccounts.
LinkedAccounts – all linkedaccountsare independent.
Consolidatedbillinghasthe followingbenefits:
One bill – You getone bill formultiple accounts.
Easy tracking – You can track the charges across multipleaccountsanddownloadthe
combinedcostandusage data.
Combinedusage – You can combine the usage acrossall accounts inthe organizationto
share the volume pricingdiscountsandReservedInstance discounts.Thiscanresultina
lowercharge for yourproject,department,orcompanythanwithindividual standalone
accounts.
No extra fee – Consolidatedbillingisofferedatnoadditional cost.
Limitof 20 linkedaccounts(bydefault).
One bill formultiple AWSaccounts.
Easy to track chargesand allocate costs.
73. Volume pricingdiscountscanbe appliedtoresources.
Billingalertsenabledonthe Payingaccountinclude dataforall Linkedaccounts(orcan be created
perLinkedaccount).
Consolidatedbillingallowsyoutogetvolume discounts onall of youraccounts.
Unusedreservedinstances(RIs) forEC2are appliedacrossthe group.
CloudTrail isona per account basisandper regionbasisbutcan be aggregatedintoa single bucket
inthe payingaccount.
Bestpractices:
Alwaysenable multi-factorauthentication(MFA) onthe rootaccount.
Alwaysuse astrong and complex passwordonthe rootaccount.
The Payingaccount shouldbe usedforbillingpurposesonly.Donotdeployresourcesinto
the Payingaccount.
AWS Quick Starts
QuickStarts are builtby AWSarchitects and partnersto helpyoudeploypopularsolutionson
AWS,basedon AWSbestpracticesfor securityandhighavailability.
These reference deploymentsimplementkeytechnologiesautomaticallyonthe AWSCloud,often
witha single clickandinlessthanan hour.
LeveragesCloudFormation.
AWS Cost Calculators and Tools
AWSCost Explorer – enablesyoutovisualize yourusage patterns overtime andtoidentify
your underlyingcostdrivers.
AWSPricing Calculator – create cost estimatestosuityourAWSuse cases.
AWS Cost Explorer
The AWS Cost Explorerisa free tool thatallowsyoutoview charts of your costs.
You can viewcostdata for the past 13 monthsand forecasthow muchyou are likelytospendover
the nextthree months.
Cost Explorercanbe usedto discoverpatternsinhow muchyou spendonAWS resourcesover
time andto identifycostproblemareas.
74. Cost Explorercanhelpyouto identifyservice usage statisticssuchas:
Whichservicesyouuse the most.
ViewmetricsforwhichAZhasthe mosttraffic.
Whichlinkedaccountisusedthe most.
AWS Pricing Calculator
AWS PricingCalculatorisa webbasedservice thatyoucan use to create cost estimatestosuityour
AWS use cases.
AWS PricingCalculatorisuseful bothforpeoplewhohave neverusedAWSandfor those whowant
to reorganize orexpandtheirusage.
AWS PricingCalculatorallowsyoutoexploreAWSservicesbasedonyour use casesandcreate a
cost estimate.
AWS Cost & Usage Report
PublishAWSbillingreportstoanAmazonS3 bucket.
Reportsbreakdowncosts by:
Hour, day,month,product,productresource,tags.
Can update the reportup to three timesaday.
Create,retrieve,anddeleteyourreportsusingthe AWSCUR APIReference.
AWS Price List API
Querythe pricesof AWS services.
Price ListService API(AKA the QueryAPI) –querywithJSON.
AWS Price ListAPI(AKA the BulkAPI) – querywithHTML.
AlertsviaAmazonSNS whenpriceschange.
AWS Budgets
Usedto track cost,usage,or coverage andutilizationforyourReservedInstancesandSavings
Plans,acrossmultiple dimensions,suchasservice,orCostCategories.
Alertingthroughevent-drivenalertnotificationsforwhenactual orforecastedcostor usage
exceedsyourbudgetlimit,orwhenyourRIand SavingsPlans’coverage orutilizationdropsbelow
your threshold.
Create annual,quarterly,monthly,orevendailybudgetsdependingonyourbusinessneeds.
75. AWS Shared Responsibility Model
The AWS SRM defines what you (as an AWS accountholder/user) and AWS areresponsiblefor when it
comes to security and compliance.
Security and Complianceis a shared responsibility between AWS and the customer. This shared model can
help relievecustomer’s operational burdens as AWS operates, manages and controls the components from
the host operatingsystem and virtualization layer down to the physical security of the facilities in which the
serviceoperates.
The customer assumes responsibility and management of the guest operatingsystem (includingupdates and
security patches),other associated application softwareas well as the configuration of the AWS provided
security group firewall.
AWS are responsible for “Security of the Cloud” .
AWS is responsiblefor protecting the infrastructurethatruns all of the services offered in the AWS
Cloud.
This infrastructureis composed of the hardware,software, networking, and facilities thatrun AWS
Cloud services.
Customers are responsible for “Security in the Cloud”.
For EC2 this includes network level security (NACLs, security groups),operating system patches and
updates, IAM user access management, and clientand server sidedata encryption.
The following diagram shows the split of responsibilities between AWS and the customer:
76. InheritedControls –ControlswhichacustomerfullyinheritsfromAWS.
Physical andEnvironmental controls.
SharedControls – Controlswhichapplytoboththe infrastructure layerandcustomerlayers,butin
completelyseparate contextsorperspectives.
In the AWS sharedsecuritymodel,asharedcontrol,AWSprovidesthe requirementsforthe
infrastructure andthe customermustprovide theirowncontrol implementationwithintheiruse of
AWS services..
Examples of sharedcontrolsinclude:
Patch Management – AWS isresponsibleforpatchingandfixingflawswithinthe
infrastructure,butcustomersare responsibleforpatchingtheirguestOSandapplications.
ConfigurationManagement– AWSmaintainsthe configurationof itsinfrastructure
devices,butacustomerisresponsible forconfiguringtheirownguestoperatingsystems,
databases,andapplications.
Awareness& Training – AWS trainsAWS employees,butacustomermust traintheirown
employees.
CustomerSpecific–Controlswhichare solelythe responsibilityof the customerbasedonthe
applicationtheyare deployingwithinAWSservices..
Examplesof customerspecificcontrolsinclude:
Service andCommunicationsProtectionorZone Securitywhichmay require acustomerto
route or zone data withinspecificsecurityenvironments.