AWS Technical Essentials Day

## AWS Technical Essentials Day ### Introduction: Course Overview ### Module 1: Introduction to Amazon Web Services The on demand delivery of IT resources, via the internet with a pay-as-you-go model. - They are programmable and accessed through the internet - With well-documented APIs and CLIs ![](https://i.imgur.com/T9wy2oV.png) Autoscaling Failover Pay-as-you-go pricing model Customer provisions resources - virtual servers () and manage with APIs You pay for what you use By the hour, the minute, and even the millisecond ![](https://i.imgur.com/H0OTumP.png) You rent what you need instead of having to own You don't have to make a huge capital investment You get to benefit from the scale of Amazon Makes it much easier to scale down when you need to. Speed to market and agility - no need for expensive hardware to be delivered - Minutes or seconds away through API calls. - This helps reach customers who are very impatient So you think about: Your web app, your data, your users getting data from your site ![](https://i.imgur.com/R9L6C8r.png) **200 Fully featured services!** AWS is traditionally responsible for *Infrastructure* and *Foundational Services* - But you build services up from there. Data centers are organized into *availability zones* - separate power and networking in case one goes down. AZs - 6 data centers in an availability zone - far enough away that they won't impact if one goes down. Amazon suggests that customers distribute across multiple availability zones. [Global Infrastructure](https://aws.amazon.com/about-aws/global-infrastructure/) Regions have 3 or more availability zones. ![](https://i.imgur.com/0ZxGE8w.png) >[!tip] Tip > Amazon is seeking to reach 100% renewable energy in their data centers. > How do you choose which region? - Latency - You want to be closer to customers - Pricing concerns - taxes, fees, etc. - Service availability differs by region - Data compliance ![[Pasted image 20220711082636.png]] ^ajiho1 Origin moves to edge location, and now users are getting videos faster from the edge location. - Distributed network ![](https://i.imgur.com/Q1aD6r6.png) You login to the AWS Management Console on the web You can also access it through the AWS CLI You can also use the AWS SDKs - you can use this in your own applications. Security - the AWS shared responsibility model ![[Pasted image 20220711083234.png]] AWS is responsible for the security OF the cloud. Examples of AWS responsibilities include: - Physical security of data centers - Network infrastructure - Hardware and software - Virtualization infrastructure infrastructure ![[Pasted image 20220711083549.png]] ![[Pasted image 20220711083702.png]] ![[Pasted image 20220711083839.png]] Tasks that [require a root user](https://docs.aws.amazon.com/accounts/latest/reference/root-user-tasks.html) - generally you would not use a root user, but have an IAM user who interacts with the root user. They don't have any permissions, but must be authorized them through *policy*. It's a JSON document that lists the permission for a user, group, role, or resource. ![[Pasted image 20220711084203.png]] Effect is either *Alow* or *Deny* Actions - everything you can do Resource - what that action can be used on In the case above, they are given access to take every action on every resource. Groups of IAM users have multiple roles. ![[Pasted image 20220711084517.png]] Roles and IAM are similar to being a police officer. You assume a role for a period of time, but at the end of the day you give up that role. - This allows a federation of different roles. Final level of security is multi-factor authentication ![[Pasted image 20220711084705.png]] ![[Pasted image 20220711085238.png]] ### Module 2: AWS Compute AMI is a packaged up environment - Think of it as a template for the boot volume of a new virtual machine. Copy in the template's content and then boot from it - it contains the OS and anything installed into that OS, for example, your applications. ![[Pasted image 20220711090738.png]] Amazon Machine Images: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html There are Windows, Linux, and Apple AMIs, and you can actually build your own. 400 types of EC2 instances, but they fit into 5 instance types. ![[Pasted image 20220711091002.png]] ![[Pasted image 20220711091138.png]] You may want one that's optimized for accellerated computing, or ones that have local storage attached (rather than over the network). ![[Pasted image 20220711091334.png]] You start to get billed at step 2, when it's running. Terminated is a permanent thing Amazon EC2 Instance Lifecycle: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html ![[Pasted image 20220711091619.png]] Pricing: Amazon EC2 Pricing Options: https://aws.amazon.com/ec2/pricing There is a free EC2 service through Amazon for one year. On-Demand Instances are what you launch through the console. Billed in one-hour increments. Spot instances can be terminated at any time, if the spot price goes above what you paid. Then you have 2 minutes before it's terminated. If your workload is designed for node failures, spot instances are a good option for you. But it has to be able to be saved somewhere before being terminated (like S3). Savings Plans - simple - compute savings plan (reduce costs on any EC2 instance) and other services. (Fargate?) Reserved is an old plan - you have to commit for 1-3 years. Dedicated instances - a piece of hardcare dedicated to a customer Dedicated hosts (most expensive option) - specific physical machine to launch EC2 instances - for the duration of your contract. - Some software binds to a specific CPU core AWS supports bare metal [Introducing Five New Amazon EC2 Bare Metal Instances](https://aws.amazon.com/about-aws/whats-new/2019/02/introducing-five-new-amazon-ec2-bare-metal-instances/) ![[Pasted image 20220711092537.png]] ![[Pasted image 20220711093612.png]] ![[Pasted image 20220711092629.png]] Amazon Elastic Container Service (ECS): https://aws.amazon.com/ecs/ AWS Fargate: https://aws.amazon.com/fargate/ --- Serverless allows you to focus on application without infrastructure. No software or runtimes to manage. ![[Pasted image 20220711092919.png]] Lambda is a "function as a service" - a piece of code that will be invoked by an event. ![[Pasted image 20220711093148.png]] : Is there any difference between ECS and EKS? A: ECS is AWS's own container management system. EKS is hosted Kubernetes (K8S), the very, very popular open source container management system. ECS is simple to use and delegates most routine management tasks to ECS automartions. EKS facilitates easy migrations - if it runs on K8S outside AWS, it will also run inside. Lambda is SaaS from AWS? A: Depends on how you define SaaS. Some would describe Lambda more as infrastruture-as-a-service or platform-as-a-service. The diff? SaaS provides ready to use software environment (think Salesforce). The other two are platforms on which you develop your own applications. ![[Pasted image 20220711093518.png]] ![[Pasted image 20220711093723.png]] ![[Pasted image 20220711093745.png]] ### Module 3: AWS Networking ![[Pasted image 20220711094640.png]] A VPC provides you with various regions for protectng your EC2s: Cloud, regions, availability zones, subnets. ![[Pasted image 20220711094715.png]] ![[Pasted image 20220711094948.png]] How many IP addresses you can alocate to that VPC. You have to use a specific IP range for your CIDR block. IP Address - used to uniquely identify a device on a network. - 4 different numbers separated by dots - can also be converted to a 32 bit binary - Subnet mask segments into network address portion and host portion - This leaves you with 8 bits on the last quadrant ![[Pasted image 20220711095448.png]] **Site-to-Site VPN Connection** - Good way to connect network traffic that's Main route table has a local route Each subnet must be associated with a route table. ![[Pasted image 20220711095936.png]] Nat gateway (purple arrows) is protectng you from attack once packets are being routed to the internet. ![[Pasted image 20220711100240.png]] While the initial direct connect might be expensive (because it's physical - requires digging up roads) in the long run it might save you money. ![[Pasted image 20220711100502.png]] [Amazon Web Services Documentation](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) ![[Pasted image 20220711100808.png]] Basically the mix between public/private networks and inbound and outbound traffic is what is making the packets so secure. ![[Pasted image 20220711101414.png]] ![[Pasted image 20220711101434.png]] More info: [Logging IP traffic using VPC Flow Logs - Amazon Virtual Private Cloud](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html) ### Module 4: AWS Storage ![[Pasted image 20220711102152.png]] ![[Pasted image 20220711102234.png]] Block storage is fast because it's only changing elements within a block that need to be changed. Instance store will vary in size and type Input/Output performance per second (IOPPs) Instance store is when an EC2 instance has physical access to block storage in a data center. An external HDD or SDD attached.. EBS is widely used by customers who use EC2 instances ![[Pasted image 20220711102949.png]] ![[Pasted image 20220711103310.png]] Key is the name of the file, metadata might tell you things like location or size, data is the actual information. ![[Pasted image 20220711103424.png]] S3 is the oldest part of AWS, it is object storage. Everything has to be loaded at once, unlike block level storage which can save just parts of something, and it's much faster. S3 is serverless, however. ![[Pasted image 20220711104425.png]] Different versions of the same object stored in the same place ![[Pasted image 20220711104540.png]] ![[Pasted image 20220711104947.png]] ### Module 5: Databases ![[Pasted image 20220711105845.png]] ### Module 6: Monitoring, Load Balancing, and Scaling ### Module 7: Course Summary ![](https://i.imgur.com/svXs8Vs.png)