Amazon Web Services (AWS) is a secure cloud services platform from Amazon. AWS offers compute power, database storage, content delivery and other functionality to help businesses scale and grow. AWS provides services in the form of building blocks which can be used to create and deploy sophisticated scalable applications which support any work load in the cloud without any upfront costs and commitments, we pay for only what we use.
AWS Global Infrastructure it the physical part of AWS, made up of Regions, availability zones and Edge locations.
Region is a place i.e. a geographical area where AWS resources exist. An AWS region consists of 2 or more availability zones. An availability zone (AZ) is the AWS Data center. An availability zone is isolated from another zone. Issues like natural calamity will not affect the other availability zone. Resources are not replicated across AWS Regions unless we specifically do so. Edge locations are points of presence and are used for content delivery network (CDN) endpoints for AWS Cloud-front. They are used for caching large multimedia content. For example, when a user downloads a video file from one region to another region, the file downloaded, it is cached and will be reused when someone else requests the same content next time.
The following table lists the regions provided by an AWS account.
AWS Region called AWS GovCloud are designed to allow US government agencies and customers to move more sensitive workloads into the cloud. AWS GovCloud addresses the US government’s specific regulatory and compliance requirements. (https://docs.aws.amazon.com/govcloud-us/latest/ug-west/whatis.html)
If we do not explicitly specify an endpoint, the US West (Oregon) endpoint is the default.
AWS services or building blocks are designed to work with each other and result in highly available applications which are sophisticated and scalable.
There are multiple services widely used as mentioned below:
- Network and Content Delivery
- Management Tools
- Security & Identity Compliance
The Compute part of AWS includes services related to compute workloads and has the following services
- Elastic Compute Cloud (EC2) – virtual machines in the AWS cloud e.g. like VM Ware
- EC2 Container Service (ECS) – highly scalable and high-performance container management supports docker containers.
- Elastic Beanstalk – used for intelligently deploying our applications.
- Lambda – Serverless computing, no direct usage of hosts or OS. Code is executed in response to events. E.g. Amazon Echo uses Lambda service.
- Amazon LightSail – out of the box web sites based on WordPress are automatically deployed.
The Storage domain includes services related data storage, it includes the following services
- S3 (Simple Storage Service) – virtual disk in the cloud and is used for storing documents and media stuff and are known as objects. E.g. Dropbox uses S3 for storing documents.
- Glacier – Archive files from S3 storage used for storing files which are no longer in use but must be retained for compliance requirements, it is a low-cost service
- EFS (Elastic file service) – file based storage and is used for sharing application and databases among multiple virtual machines.
- Storage gateway – used for connecting S3 to our on-premise data center
- EBS (Elastic Block Store) – is a virtual disk which can be attached to our EC2 instance.
The Database domain is used for database related workloads, it includes the following services
- RDS (Relation Database Service) – MySQL, Maria DB, PostgreSQL, SQL-Server, Oracle
- DynamoDB – Non-relational NoSQL Database, scalable and high-performance database
- RedShift – Amazon’s data warehouse solution, Big Data and used for running reports.
- Elasticache – Caching of frequently used data in the cloud, reduces load on the database.
The Migration domain is used for transferring data to or from the AWS Infrastructure, it includes the following services
- Snowball – used for import and export of data, supports huge amount of data transfer from physical disks.
- Database Migration Service (DMS) – Migrate on-premise database to AWS cloud or migrate from one region to another region.
- SMS (Server Migration Service) – used for migrating our virtual machines from on-premise to AWS cloud
The Networking and Content Delivery domain is used for isolating your network infrastructure, and content delivery is used for faster delivery of content. It includes the following services:
- Virtual Private Cloud (VPC) – is like a virtual data center where our assets would be deployed.
- Amazon Route 53 – is Amazon DNS Service which allows us to register domain names.
- AWS Cloud Front – moved from storage section to networking section, consists of Edge locations.
- Direct Connect – allows us to connect our office or physical data center to AWS Network over a dedicated telephone line due to security and reliable purpose.
The Management Tools domain consists of services which are used to manage other services in AWS, it includes the following services:
- CloudWatch used to monitor performance of our AWS environment., disk, Ram and CPU utilization.
- CloudFormation – converts infrastructure into code. Creates a document which describes our AWS environment. This acts like a template which can be used for deploying new servers.
- CloudTrail used for auditing our AWS resource. It records the user activity about the changes made to the environment. e.g. if a new user is created, such activity gets recorded.
The Security & Identity, Compliance domain consist of services which are used to manage to authenticate and provide security to your AWS resources. It consists of the following services:
- IAM (Identity Access Management) – fundamental to AWS. This service allows users to sign-in and authenticate users in AWS, setup new users, manage their permissions, group them (e.g. developer, administrator etc.)
- Inspector – is an agent which is installed in the virtual machines. Inspects and reports about their security
- Certificate Manager – Can provide SSL certificates for our domains
- Directory Service – Connect Microsoft Active Directory to AWS
- WAF (Web Application Firewall) – application level protection to our web applications, can prevent SQL injections, cross site scripting.
The Messaging domain consists of services which are used for queuing, notifying or emailing messages. It consists of the following domains:
- SNS (Simple Notification Services) – Notify via email, text messages, HTTP endpoints.
- SQS (Simple Queue Service) – allows us post jobs to a Queue which are processed asynchronously.
- SES (Simple Email service) – allows us to send and receive email from AWS environment.
To begin with, we should analyze as to what is our application about? Is it something that requires us to be worried about the underlying infrastructure? Is it something that requires a database? Is it something which would need monitoring?
After we know all the requirements about our application, you can pick the domain and hence choose a service.
Like for example, we want to deploy an application in AWS and in case our application does not require us to worry about the underlying architecture, which service will we choose from?
Well, in the compute section there is this service called Elastic Beanstalk. We just upload our application, and AWS does the rest for us. It is that simple!
Of course, you would not know about any of these services without using them, isn’t it? That is why AWS came up with an amazing free tier option.
Who is eligible for a free tier?
Every customer from the time he registers on AWS, receives the free tier option, and is eligible for the same till 1 year from the time of registration.
How shall this help?
We can try every service available in free tier of AWS and learn about such services. The more we practice, the more we learn about AWS.
So basically, we learn for free!
How do you sign up on AWS?
Step 1: Go to aws.amazon.com and click on Create an AWS Account.
How do you sign up on AWS?