Technologies#
Compute#
EC2#
- AMI - Amazon Machine Image - This is a template for the OS to install on an EC2
- 750 compute hours on the "Free Tier" plan
- can be accessed over:
- management console - Through a webshell
- ssh - With ssh keys
- EC2 Instance Connect (EIC) - Uses IAM policies to control ssh access
- AWS Systems Manager - Through a webshell
- pricing options:
- On-Demand - Fixed price based on instance type, no contract, you pay only for what you use
- Spot - Your request will only be fulfilled if capacity is available, cheap, usefull if we don't care when you jobs run
- Reserved Instances - Commit for 1 or 3 year term
- Dedicated Hosts - Pay for a dedicated physical server, e.g. not shared with other apps and users
- Savings Plans - Commit to compute usage (measured per hours) for 1 or 3 years
- EC2 Elastic Load Balancing - Distributes your incoming app traffic across multiple EC2
- Classic load balancers
- Application load balancers
- Gateway load balancers
- Network load balancers
- EC2 - Auto Scaling - Adds or replaces EC2 instances automatically across AZs, based on need and changing demand
- Horizontal scaling (add servers)
- Scaling out (remove servers)
Lambda#
- Lambda is a serverless compute service that lets you run code without managing servers
- in the lambda vernacular app code is called functions
- scales automatically
- lambda functions have a 15 min timeout.
- supports - java, go, powershell, node.js, C#, python, ruby
- pricing model
- you are charged based on the duration and number of requests
- 1 Compute Time
- 2 Request count
- 3 Always free - 1 million requests for free each month even after the free tier is expired
node.js code to try as a lambda function
const https = require('https')
let url = "https://www.amazon.com"
exports.handler = function(event, context, callback) {
https.get(url, (res) => {
callback(null, res.statusCode)
}).on('error', (e) => {
callback(Error(e))
})
}
python code to try as a lambda function
import json
def lambda_handler(event, context):
message = 'Hello {} {}! Keep being awesome!'.format(event['first_name'], event['last_name'])
#print to CloudWatch logs
print(message)
return {
'message' : message
}
Fargate#
- Serverless compute engine for containers
- Scales automatically
Lightsail#
- Allows to quickly launch all the resources you need for small projects
- Deploy preconfigured apps like WordPress at the click of a button
- Simple screens for beginners
- Low predictable monthly fee as low as 3.50$
- Includes:
- a VM
- SSD based storage
- data transfer
- DNS management
- static IP
AWS Outpost#
- Supports workloads that need to remain on-premises
- AWS delivers and installs servers in your datacenter
- Used for a hybrid experience
- give access to the cloud services and APIs of AWS on premises
AWS Batch#
- Allows you to process large workloads in smaller chunks (or batches)
- runs hundreds of smaller batch processing jobs
- Dynamically provisions instances based on volume
Storage#
S3#
- Access can be secured by ACLs, Bucket policies, access point policies or all 3
- Versionning can be enabled
- S3 access logs
- S3 is a regional service but bucket names must be globally unique
- 1. S3 Standard - For frequently accessed data
- 2. S3 Intelligent-Tiering - For unknown or changing access pattern
- 3. S3 Standard-Infrequent Access (IA) - Infrequent access
- 4. S3 One Zone-Infrequent Access (IA) - Infrequent access one zone
- 5. S3 Glacier - Long term backup - cheap - slow access times (minutes to hours)
- 6. S3 Glacier Deep Dive - Long term backup - cheaper - slower access times (hours to days)
- 7. S3 Outposts - On prem
- Use cases:
- Static Websites
- Data archive
- Mobile apps
- Anaylytics systems
EBS - Elastic Block Store#
- You can think about it like a flash drive or a virtual disk
- Data persists when the instance is not running
- Tied to one AZ
- Can only be attached to one instance in the same AZ
EFS - Elastic File System#
- serverless network file system for sharing files
- only supports linux
- more expensive than EBS
- Accessible across multiple AZ in the same region
- Recommended for main app dir
- Recommended for Lift-and-shift enterprise apps
EC2 Instance Store#
- storage on a disk physically attached to the instance
- very fast i/o
- does not persist after the instance is stopped or reboot
- only good for temporary storage
Storage Gateway#
- hybrid data storage service
- Connect on-premises and cloud data
- Recommended to - Move backups to the cloud
- Recommended for - Reducing costs for hybrid cloud
- Recommended for - Low latency access to data
AWS Backup#
- helps manage data backups across multiple AWS Services
- integrates with EC2, EBS, EFS and more
- create a backup plan that includes frequency and retention
Edge Networking#
Cloudfront#
- Makes content available globally or restricts it based on location
- Speeds up delivery of static and dynamic web content
- Uses edge locations to cachecontent
- CloudFront is often used with S3 to deploy content globally.
- CloudFront can stop certain web attacks, like DDoS. We'll talk more about DDoS in the security lesson.
- Geo-restriction prevents users in certain countries from accessing content.
Global Accelerator#
- Improves latency and availability of single-Region applications
- Sends traffic through the AWS global network infrastructure
- 60% performance boost
- Automatically re-routes traffic to healthy available regional endpoints
S3 Transfer Acceleration#
- improves content uploads and downloads to and from S3 buckets
- Fast transfer of files over long distances
- Uses CloudFront’s globally distributed edge locations
- Customers around the world can upload to a central bucket
Networking#
VPC - Virtual Private Cloud#
- Private virtual network
- launch resources like EC2 inside a VPC
- VPCs can span accross multiple AZ
- inside VPC your can setup Private Subnets & Public Subnets
- NACL - Network Access Control List - ensure proper traffic is allowed into the subnet
- Router / Route Table
- Internet gateway
- VPC Peering Connections - allow to connect 2 VPCs
Route 53#
- Essentially AWS DNS service
- Performs health cheks on AWS resources
- Supports hybrid cloud architectures
Direct Connect#
- Dedicated physical network connection from on-prem to an AWS DC
- Data travels over a private network
- Suports hybrid cloud architecturs
AWS VPN#
- Similar to Direct Connect but data travels over the public internet
- Virtual Private Gateway supports the VPN tunel on AWS side
- Customer Gateway supports the VPN tunel on the customer's DC side
API Gateway#
- integrates with services like AWS Lambda
Databases#
RDS - Relational Database Service#
- Relational Database
- Supported DB engines:
- Amazon Aurora
- PostgreSQL
- MySQL
- MariaDB
- Oracle
- Microsoft SQL Server
- HA and fault tolerance using multi AZ Deployment options
- Serverless - Auto DB patching, os patching, backups and more
- read replicas accross regions for improved performance and durability
Aurora#
Relational Database
- supports MySQL and PostgreSQL database engines
- 5x faster than MySQL
- Auto Scaling
- Managed by RDS
DynamoDB#
- NoSQL - key-value pair db
- Serverless
- Non relational
- Auto Scaling
DocumentDB#
- Document DB
- MongoDB compatible
- Serverless
- Non relational
ElastiCache#
- In-Memory datastore
- Compatible with Redis and Memcached
- Data can be lost as this is in memory
- low latency
Neptune#
- Graph DB
- Support highly connected datasets like social media networks
- Serverless
- Fast and reliable
Migration and transfer#
DMS - Database Migration Service#
- Migrate on-premises databases to AWS
- Continuous data replication
- Supports homogeneous and heterogeneous migrations
- Virtually no downtime
SMS Server Migration Service#
- Migrates on-premises servers to AWS
- Server saved as a new Amazon Machine Image (AMI)
- Use AMI to launch servers as EC2 instances
Snow Family#
- Snow Cone - 8 terabytes physical device
- Snow Ball - Petabyte-scale data transport solution
- Snow Ball Edge - Petabyte-scale data transport solution - supports EC2 and Lambda
- Snowmobile - Multi-petabyte or exabyte scale - Securely transported
DataSync#
- DataSync allows for online data transfer from on-premises to AWS storage services like S3 or EFS
- Migrates data from on-premises to AWS
- Copy data over Direct Connect or the internet
- Replicate data
- cross-Region or cross-account
- Copy data between AWS storage services
Analytics#
Redshift#
- Data warehousing solution
- Improves speed and efficiency
- Handles exabyte-scale data
Athena#
- Query service for S3
- Analyze S3 data using SQL
- Pay per query
- Considered serverless
Glue#
- Extract, transform, load (ETL) service
- Glue prepares your data for analytics.
Kinesis#
- Kinesis allows you to analyze data and video streams in real time
- Analyze real-time, streaming data
- Supports video, audio, application logs, website clickstreams, and IoT
EMR - Elastic MapReduce#
- helps you process large amounts of data
- Analyze data using Hadoop
- Works with big data frameworks
Data Pipeline#
- Data Pipeline helps you move data between compute and storage services running either on AWS or on-premises
- Moves data at specific intervals
- Sends notifications on success or failure
- Moves data based on conditions
QuickSight#
- helps you visualize your data
- Build interactive dashboards
- Embed dashboards in your applications
Machine Learning#
Rekognition#
- image recognition
- facial analysis
- text recognition
Comprehend#
- NLP - Natural Language Processing service
- finds insights and relationships in text
Polly#
- turns text into speach
SageMaker#
- Flagship machine learning service on AWS
- Prepare data for models
- Train and deploy models
- provide deep learning AMIs
Translate#
- provides real time and batch language translation
Lex#
- helps you build chatbots
- this is what powers Alexa
Developer Tools#
Cloud9#
- IDE in the web browser
CodeCommit#
- Source control system for private it repos
Code Deploy#
- build and test framework
Code Pipeline#
- allows you to implement a CI/CD pipeline
X-Ray#
- Helps you debug production apps
CodeStar#
- Helps devs collaboratively work on development projects
- Track bugs and issues
Deployment & Infrastructure Management#
CloudFormation#
- IaC - Infrastructure as Code service
- allows to provision AWS resources using yaml or json definitions
Elastic Beanstalk#
- deploy your web apps & services to AWS
- cannot be used to deploy on prem
Ops Works#
- allows to use Chef or Puppet to automate the configuration of your servers
- deploy code on prem
Messaging & Integration#
SQS - Simple Queue Service#
- message queues support loose coupling
- messages in queues are processed in FIFO order
- Messages are processed in an asynchronous manner
- Allows component-to-component communication using messages
- Multiple components (or producers) can add messages to the queue
SNS - Simple Notification Service#
- Allows to send raw formated email
- Allows to send text messages
- Subscribers receive messages
- Publish messages to a topic
SES - Simple Email Service#
- Allows to send rich format emails like HTML
- Ideal for things like marketing campaigns
Auditing, Monitoring & Logging#
Cloudwatch#
- A collection of services
- CloudWatch Alarms
- CloudWatch Logs
- CloudWatch Metrics
- CloudWatch Events
Cloudtrail#
- Log and retain account activity
- Track activity through the console, SDKs, and CLI
- Identify which user made changes
- Detect unusual activity in your account
Additional Services#
Amazon Workspaces#
- Provides virtualized desktops
- Linux or Windows
Amazon Connect#
- Contact center service
- Provides customer service functionality