4. COMPUTING
• Web applications need computing power to run the application
• Amazon Elastic Computing Cloud (EC2) provides scalable
compute capacity
• Amazon Elastic Beanstalk provides developers to just upload
their application code and Amazon handles resource
provisioning, load balancing, auto-scaling and monitoring
5. CONTENT
• Any web application needs a mechanism to store and serve content
to the users
• Amazon Simple Storage Service (S3) serves static content to users
• Amazon Elastic Block Storage (EBS) provides auto-scalable, auto-
replicated, fault tolerant block storage and can run a multitude of
workloads
• Amazon CloudFront provides low latency, high-speed data transfer
managed service to deliver dynamic, static, streaming or interactive
content to the users
6. BACKEND SERVICES
• All web-applications require a database and Amazon provides both
SQL, NoSQL, and data warehouse managed services for databases
• Amazon RDS provides support for relational databases like Amazon
Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and
MariaDB
• Amazon provides similar support for NoSQL databases through
Amazon DynamoDB and Amazon Redshift for data warehouses
• Applications use caching to boost performance and reduce access
time of data from disk-based systems
• Amazon ElastiCache comes to the rescue by providing a fast,
managed in-memory cache based on Memcached and Redis caching
engines
7. USER MANAGEMENT AND PROVISIONING
• The first step of securing an application is through the authentication
and authorization process
• Granularity of this process is maintained through the usage of user-
groups
• Amazon Identity Access Management provides services for fully
managed user management and provisioning
• For on premise (or AWS hosted) LDAP consumers, Amazon Directory
Services can plug-in to Active Directory of organizations and provide
SSO, group policies, and workload deployment
8. APPLICATION SECURITY
• Any application level data needs to be encrypted using public-private
encryption keys
• We will use Amazon Key Management Service (KMS) to control
application encryption keys
• It uses Hardware Security Modules to secure keys
• In-flight data is when it is most vulnerable and applications use
SSL/TLS certificates to secure communications between client and the
server
• Amazon Certificate Manager provides a managed services to create,
deploy and renew such certificates
9. AVAILABILITY
• Application availability is still a major concerns for all
stakeholders
• Amazon provides the concept of Availability Zones (AZ) which
enable applications to be available in multiple, isolated
geographies for fault tolerance
• Making an application run on multiple AZs has to be enabled
explicitly
• Requests are served from the nearest AZ to reduce network
transient time
10. APPLICATION MONITORING
• Application monitoring gives better insight into resource
utilization, performance bottlenecks and operational health and
stability
• It enables stakeholders to react timely to factors that might
prevent the application from running smoothly
• Amazon CloudWatch comes handy under these conditions to
provide managed services to collect and track application
metrics, log files, and establish thresholds