# Introduction to AWS

## Web Service

- Any software service that makes itself available over the internet.
- Uses a standardized format: e**X**tensible **M**arkup **L**anguage or **JSON**, for the request and resposne through an **API**.

| **Category**            | **On-Premise**                                                                                         | **AWS Counterpart**                                                                                                                                                                            |
| ----------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Security**            | - Firewalls (e.g., Cisco ASA, Palo Alto)<br>- Physical security<br>- Antivirus/IDS/IPS systems         | - **AWS WAF** (Web Application Firewall)<br>- **AWS Shield** (DDoS protection)<br>- **AWS IAM** (Identity and Access Management)<br>- **AWS KMS** (Key Management Service)                     |
| **Networking**          | - Switches/Routers (Cisco, Juniper)<br>- VPN appliances<br>- Load balancers                            | - **Amazon VPC** (Virtual Private Cloud)<br>- **AWS Direct Connect**<br>- **AWS Transit Gateway**<br>- **Elastic Load Balancing (ELB)**                                                        |
| **Servers**             | - Physical servers (Dell, HP, IBM)<br>- Hypervisors (VMware, Hyper-V)<br>- Rack-mounted infrastructure | - **Amazon EC2** (Elastic Compute Cloud)<br>- **AWS Auto Scaling**<br>- **Amazon Lightsail**                                                                                                   |
| **Storage & Databases** | - NAS/SAN storage<br>- Physical hard drives<br>- Relational DBs (MySQL, Oracle, MSSQL)                 | - **Amazon S3** (Simple Storage Service)<br>- **Amazon EBS** (Elastic Block Store)<br>- **Amazon RDS** (Relational Database Service)<br>- **Amazon Aurora**, **DynamoDB**, **Amazon Redshift** |


## AWS Cloud Adoption Framework (AWS CAF)

- Guidelines for developing and deploying AWS environments.

- SDLC a modern IT service

- Connects business and IT teams together

## Core Perspectives


1. Business
2. People
3. Governance
4. Platform
6. Security
6. Operations

## **Activity**: AWS Documentation Scavenger Hunt



### What guides and references exist for the EC2 Service?

- Amazon EC2 User Guide** for configuration and use of Amazon EC2 Features
- **Amazon EC2 Instance types** for specifications of each instance type available
- **AWS Nitro Enclaves user guide** where an enclave is a virtual machine with its own kernel, memory, and CPUs.
- **AWS Windows AMI Reference** for publicly available Amazon Machine Images (AMI) for the Windows platform only.
- **Develop for Amazon EC2**
- **Migrate to Amazon EC2**
- **Workloads on Amazon EC2**
- **Best Practices**

### **[How to Create an S3 Bucket?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/GettingStartedS3CLI.html)**

1. Create a bucket using the `s3api create-bucket` command. Replace `amzn-s3-demo-bucket` with a unique bucket name and `us-east-1` with your desired Region:


2. Verify the bucket by listing all buckets

3. You can disable or enable ACLs and control ownership of objects uploaded to your bucket.

4. Verify Block Public Access

5. Enable versioning for your bucket

6. Optionally set-up an Object Lock 

7. Add tags to your bucket

8. Encrypt your buckets and new objects

### What is a one-sentence summary of the AWS CloudShell Service?

### What languages does the service API for AWS Lambda Support?

### What two AWS Services are Used to run A Serverless Hello World Application?

## AWS Infrastructure

- The first data center region created was **US East (North Virginia)**.
- There are **84** availability zones, in **26** geographic regions.

### Data Centers

- House physical servers that are **always online**
- Contains multi-original design manufacture (ODM) sourced hardware 
- Also has Amazon custom network protocol stack
- **50-80K** phsyical server per data center

### Characteristics of Cloud Services

- **Redundancy** designed to anticipate and tolerate failure while maintaining service levels

- Ensures **availability** by backing up critical components in *Availability Zones*

- For ensuring **Capacity**, AWS monitors deployed infrastructure to support requirements and availability commitments.

- **Privacy** is ensured by not disclosing the data centers.

- **Automated** processes move customer data traffic away from affected area.

### Availability Zones

- Designed for **fault isolation**
- **Interconnected** with other availability zones through *high-speed* data links
- Recommended to replicate across AZ for **resiliency**

- Connected to multiple **tier-1 transit** providers, as well as low-latency links.

### Regions

- Each region has **2+** availability zones
- Update the number of Regions through this [link](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/). 
- AWS never replicates your data outside of a region. It is the responsibility of the user to do so.

- use [CloudPing](https://www.cloudping.info/) to test your Region availability.

### Points of Presence

- The PoPs consist of **205** edge locations and **11** regional edge caches.
- PoPs are used with **Amazon CloudFront**, a global content delivery network that delivers content to end users with reduced latency.
- The DNS is done through **Amazon Route 53**
- The **regional edge cahces** are for content with infrequent access.

### AWS Infrastructure Features

- **Elastic** - Infrastructure dynamically adapts to capacity
- **Scalable** - Adjusts to accommodate growth
- **Fault-tolerant** - Continuously operates in the presence of a failure
- **Highly available** with reduced downtime

## AWS Pricing

### Common Pricing Based on Resources

#### Compute
- Calculated per time and varies by instance type

#### Storage 
- Calculated based on GB

#### Data transfer
- Charged per GB
- Outbound is aggregated and charged, but inbound has no charge.

### You are Not Charged For

- Inbound data transfer
- Data transfer between services in the **same AWS region**

### How to Pay for AWS

#### Pay for what you use

#### Bring Your Own License (BYOL)
- You can connect other services to your previous AWS Resource.

#### Pay less when your reserve
- Reserving instances results in larger discounts due to long-term use.
- **All Upfront Resrved Instance** provides largest discount
- **Partfial Upfront Reserved Instance**
- **No Upfornt Payments Reserved**

#### Pay less when you use more 
- Save more as usage increases
- **Tiered pricing** in storage services allows you to pay less for GB by using the services more

#### Pay less as AWS Grows
- AWS focuses on lowering the cost of doing business

See [this link](https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf) for more info.

### AWS Pricing Calculator

- Identify opportunities to reduce costs
- Estimate your costs for services

### Total Cost of Ownership

- Compare the costs of running an entier infrastructure environment or specific workload between on premises and cloud.
- Budget and build the business case from moving to the cloud.

## AWS Services and Service Categories

### Storage


#### **Simple Storage Service** (AWS S3)

- Store and protect data for websites and mobile apps
- Restore, archive enterprise applications, IoT devices, and big dta analytics

#### **Elastic Block Store** (Amazon EBS)

- Used with EC2 for throughput-intensive and transaction-intensive workloads

#### **Elastic File System** (AWS EFS)

- Scalable, fully-managed Network File System (NFS) for AWS cloud services and on-premises resources.

#### **Simple Storage Service Glacier** 

- Low-cost S3 for data archiving and long-term backup
- Deliver 11 9s (99.999999999%) of durability and provide security and compliance capabilities.

### Compute

#### **Elastic Compute Cloud** (EC2)

- Resizable compute capacity as **VMs**

#### **EC2 Auto Scaling**

- Automatically add/remove EC2 instances based on conditions

#### **Elastic Beanstalk**

- Deploy and scale web applications and services. Deploys on Apache HTTP Server and Microsoft Internet Information Services

#### **Lambda**

- Run code without provisioning or managing servers.
- Pay only for the consumed compute time.

### Containers

#### **Elastic Container Services** (ECS)

- Highly scalable, high-performance container orchestration supporting Docker containers

#### **Elastic Container Registry** (ECR)

- Fully managed Docker container registry facilitating storing, managing, and deploying images

#### **Elastic Kubernetes Service** (EKS)

- Deploy, manage, and scale containerized applications that use Kubernetes

#### **Fargate** 

- Compute engine for ECS that you can use to run containers without managing servers or clusters

### Database

#### Relational Database Service

- For setting up, operating, and scaling relational databases in the cloud.
- Provides resizable capacity while autoamting time-consuming administration taks (hardware provisioning, database setup, patching, backups).

#### Aurora

- Relational database compatible with MySQL and three times faster than PostgreSQL

#### Redshift

- Run analytic queries against petabytes of data sotred locally.
- Also analyzes exabytes of data in S3.

#### DynamoDB

- Key-value and document database delivering single-digit millisecond performance at any scale with built-in security, backup and restore, and in-memory caching.

### Networking and Content Delivery Storage

#### **Virtual Private Cloud**

- Logically isolated sections of the AWS Cloud

#### **Elastic Load balancing**

- Automatically distributes incoming application traffic across multiple targets.

#### **CloudFront**

- Fast Content Delivery Network (CDN) service that securely delivers data, videos, applications, and APIs to customers globaslly.
- Low-latency and high transfer speeds.

#### **Transit Gateway**

- Customers can use to connect their VPCs to on-premises networks.

#### **Route 53**

- DNS web service for routing end users to internet applications

#### **Direct Connect**

- Establish dedicated private network connection from your data center to AWS.
- Reduce ntworks costs and increase bandwidth throughput.

#### **Client VPN**

- Secure private tunnel from your device to the AWS global network.

### Security, Identity, and Compliance

#### AWS **Identity and Access Management**

- Manage access to AWS services and resources securely.
- Use IAM permissions to allow/deny user and group access to AWS resources

#### AWS **Organizations**

- Restrict what services and actions are allowed in your accounts

#### AWS **Cognito**

- Add user sign-up, sign-in, and access control to web and mobile apps.

#### AWS **Artifact**

- On-demand access to AWS security and compliance reports and select online agreements.

#### AWS **Key Management Service**

- Create and manage keys
- Control the use of encryption across a wide range of AWS services

#### AWS **Shield**

- Managed distributed DDoS protection

### Cost Management Service

#### **Cost and Usage Report**

- Most comprehensive set of AWS cost and usage data available
- Metadata of AWS services, pricing, and reservations

#### **Budgets**

- Set custom budgets that alert when costs or usage exceeds your budgeted amount

#### **Cost Explorer**

- Easy-to-use interface to manage your AWS costs


### Management and Governance

#### **AWS Management Console**

- Web-based user interface for management of AWS

#### **AWS Config**

- Track resource inventory and changes

#### **AWS CloudWatch**

- Monitor resource and applications

#### **AWS Auto Scaling**

- Provide features to cale multiple reousrces to meet demand

#### **AWS CLI**

- Unified tool to manage on terminal

#### **AWS Trusted Advisor**

- Optimize performance and security

#### **AWS Well-Architected Tool**

- Help in revieweing asnd improving workloads

#### **AWS CloudTrail**

- Track user activity and API usage.


## AWS Shared Responsibility Model

#### What is AWS responsible for?

- Global infrastructure and the foundational services.
- Securing Physical infrastructure

#### What is the Customer Responsible for?

- Allocating, provisioning, and setup of the resources or services as well as configurations.

#### Who is responsible for configuring security group rules in EC2?

- The customer

#### What is the customer responsible for in a managed service like Amazon RDS?

- Configuring access control

![image.png](attachment:image.png)

### AWS: Security of the Cloud

- Physical security of data centers

- Hardware and software infrastructure

- Network infrastructure

- Virtualization infrastructure

### Customer: Security in the Cloud

- Patching and maintenance of EC2 instance
- Applications passwords, role-based access, and etc.
- Security group configuration
- OS-based and host-based firewalls; including IDS and IPS
- Network configurations
- Account management
