## AWS Regions

* An AWS Region, defined in the simplest terms, is several data centers located in a specific geographic region
* Problems in one region are isolated from other regions
* Northern Virginia has best pricing and availability in the cloud. 
* You don't know the real locations on services but neither do bad agents




![image.png](attachment:image.png)

## Region Considerations 
* Generally a large consideration should be local regulations surrounding data privacy
* If using an application hosted @ AWS from a mobile device, you will need to connect to your hosted application, most likely across internet. Route 53 (DNS) can help with this.
* If planning on moving applications from corporate data centers to AWS Cloud, location of your place of business might influence the AWS region that you want to utilize if you are planning to operate a hybrid model.
* Unless otherwise specified, if you data is stored in a single AWS Region it will never be stored in another region
* This allows for region isolation, 

![image.png](attachment:image.png)

### Availability Zones


* An availability zone is defined by one or more data centers inside a region. Each region is sliced up into multiple availability zones. 
* Each availability zone is linked to other AZ in the same region via high speed low latency fiber connections
* Internal AWS private network speeds are in the 40 gbps range. All AZ's within a region are linked together via private network links AWS owns
* Primary usage for availability zones is application failover and database replication
* Ec2, ELB, VPC can all operate over multiple availabilty zones providing you the customer with the abilty to design your applications for scale, resiliency and high availabilty. 
* If your AZ (availability zone) goes down and you don't have failover to another AZ you are going to have problems. (see below diagram)
![image.png](attachment:image.png)
* Not designing your application for multi-zone failover negates your Amazon SLAs
* An availability zone is a single point of failure. 


### AWS SLAs (Service Level Agreements)

* Cloud SLAs have been described by many technical people over the years as less than adequate. However, this is typically the conclusion made when comparing a cloud SLA with an on-prem SLA.


#### SLAs (Service Level Agreements) in general 

Very common in computer and service industry
* what type of support? (on prem, help desk, offshore helpdesk, etc.)
* time to support? (hours of support, response times)
* What type of services will be rendered? 
* In every SLA the guarentee of service availability is the focus of the agreement. 
* Common SLA defines quality of services, customer experience, availability, dispute resolution and indemnification clause.

#### Amazon SLAs (Service Level Agreements) at Amazon
Each service might have their own SLAs, but some services don't have a specific SLA at all. 
Certainly the building blocks of any applicaiton (compute,storage,CDN,DNS services) have defined SLAs.


* Changes : Basically Amazon can change or discontinue a services. can be changes to the individual service SLA
* Security and Data Privacy: Each customer specifies regions where content is stored. Understand that Amazon wil normally move your data within a region. 
* Responsibility: Accounts,content, security settings, backup, credentials, keys and end user actions are customers responsibility
* Termination of account: if you terminate your content has 30 days to live
* Indemnification: You, the customer, will hold amazon harmless for any actions performed by end user.


#### Everything fails! 
* Failures will happen and it's best accept that (How poetic...)
* Generally failures are compute instance fails that is powering an applicaiton server, web server, database server

| AWS Service             | Potential Solution                                                            |   |   |   |
|-------------------------|-------------------------------------------------------------------------------|---|---|---|
| instance                | Load Balance across AZ in a single region                                     |   |   |   |
| database                | Synchronize replication across AZs within a single region                     |   |   |   |
| s3 Bucket               | Automatic replication to bucket in a different region                         |   |   |   |
| EBS Volumes             | Automatic copying of snapshots to different region                            |   |   |   |
| 100% application uptime | geo-load balancing utilizing route 53 domain name system (DNS) across regions |   |   |   |

##### Global Edge Services


* An edge location is where end users access services located at AWS. They are located in most of the major cities around the world and are specifically used by CloudFront (CDN)
* three types of data highway connections possible: Internet connections, Direct connect private connections, AWS private backbone network


Available at Edge Locations: 

| AWS Service             | Potential Solution                                                            |   |   |   |
|-------------------------|-------------------------------------------------------------------------------|---|---|---|
| instance                | Load Balance across AZ in a single region                                     |   |   |   |
| database                | Synchronize replication across AZs within a single region                     |   |   |   |
| s3 Bucket               | Automatic replication to bucket in a different region                         |   |   |   |
| EBS Volumes             | Automatic copying of snapshots to different region                            |   |   |   |
| 100% application uptime | geo-load balancing utilizing route 53 domain name system (DNS) across regions |   |   |   |

### AWS Route 53


* To access AWS from any device you will need to make an application query
* You will obviously either need an Internet connection or a private network connection for your device to reach AWS
* What service needs to be working to make the initial query? (hint: it's a DNS )
* DNS has changed from local DNS services to more of a globalized DNS service
* this global DNS service knows about where the Amazon regions are and each requested service resides
* Route 53 is Amazons hosted DNS service (stands for standard dns port 53)
* Route 53 has a public side pointed to the public edge locations that accepts incoming customer requests and then resolves each query to the appropriate AWS resource located on Route 53 private side. The key takeway here is that there is one public side, one private. The public side accepts incoming requests.
![image.png](attachment:image.png)


## AWS Sheild
#### note: Probably should better learn the OSI Models and their associated layers: https://en.wikipedia.org/wiki/OSI_model

* What if a request that enters an AWS edge location is a malicious request like a DDoS attack, or a bot attack? 
* At each edge location is a service running 24/7 called AWS Shield. 
* Basic job is to prevent Level 3 and Level 4 (see OSI Model) attacks with a very low level of response latency. 


### AWS Shield Advanced

* real-time custom protection. AWS Shield is not protecting individual customers but the Infrastructure as a whole @ the edge locations. 



## Web Application Firewall (WAF)

* For wanting to craft your own protection at the edge. 
* Allows for custom filtering of incoming (ingress) requests at Layer 7 for HTTP and HTTP(s) requests. 
* Customers define their own rules 


Big Features Include 

1) Blocking a specific attacker or attacks - Block specific IPs, Countries, etc.
2) Server restricted content to specific users - For example: Restricting content for a specific IP Range
3) Monitor incoming requests properties for analysis - After analysis, conditions and rules can be created for additional protection



Can be Applied to the follow ... 

1) Load Balancers
2) Cloud Front Distributions



### CloudFront

* CloudFront is AWS content delivery network service located at the edge with it's own points of presence (POPs). 

Can be thought of as a fast doorway to AWS. CloudFront sits in front of the origin of the request, which could be an EC2 instance, a s3 bucket, or a custom origin location such as a resource running in your own datacenter. Essentially it is a caching service. Located at each edge location within each region:


* If the requested content is already in the cache it is quickly delivered.
* IF not in the cache it will request it from the original location.


![image.png](attachment:image.png)

### AWS Lambda at the Edge

* Lambda is a managed AWS Service that allows you to craft custom functions to carry out any task written in a variety of programming languages
* Lambda is available at each edge location which means that you can craft lambda functions to control CloudFront content requests from end users. 
* Lambda sits in the middle of the eggress/ingress communication and can completely control traffic flow. 
![image.png](attachment:image.png)







### Latency Concerns

How is Network latency measured?
- Typically in the amount of time it takes for a packet to get from source to destination. In AWS context: How much time it takes for AWS to reach your location


Latency occurs in these scenarios

* Physical location - Connecting to an application hosted in another geographic location
* Replicating data records across multiple regions - If you're copying files between regions - there will be some latency.
* Updating read replicas - Read replicas are read only copies of a read/write database instance. Each read replica can be geographically located in any other AWS Region.


What causes latency?

* Where you are (which region)
* Where the application is hosted (which region)
* Level of security neogiations (are you pinging port 80 or port 443) (for more information: https://www.ssl2buy.com/wiki/port-80-http-vs-port-443-https#:~:text=The%20main%20difference%20between%20Port,data%20transmission%20in%20plain%20text.&text=The%20security%20over%20port%20443,protocol%20(secure%20socket%20layer).)

#### (Latency over different geographic regions)

![image-2.png](attachment:image-2.png)



## Pricing

* Some of the most common services don't have an associated price (for example: standing up a VPC, creating subnets)
* there is a price to pay for resilency and failover. It's a price worth paying. After all, we want our applications to remain available and our data records to be stored in multiple locations
* Costs are dependent on the region you select. There are huge variations in pricing across regions. You have no alternative if compliance dictates you have to be in a certain region

### Infrastrucure as a Service (IaaS)

* Most services at AWS fall under IaaS
* Virtualized servers and storage arrays are hosted on a software defined network with each customers infrastructure completely isolated as a private resource. 
* IaaS cloud services at AWS are bundeled with managed services. A managed service is built on the trio of compute, storage and networking services and customized sotware providing something you want Amazon to manage rather than you having to do all the work. 
* Cloudformation - A managed service that allows for building, updating and destroying infrastructure in an automated fashion.
* CloudTrail let's you track all API calls that are carried out in each AWS account for 90 days. 

![image.png](attachment:image.png)




### Platform as Service (PaaS)

* PaaS cloud providers enable your develoeprs to create custom applications on a variety of dev platforms such as Java, PHP and python
* PaaS cloud provider will host and scale the hosted applicaiton based on demand. As more users use the application, the infrastructure resources will scale out as required.
* PaaS environments are installed on the IaaS infrastructure resources of the PaaS provider. 
* Amazon has a PaaS solution called Elastic Beanstalk that automates the deployment of applications developed in Java/ Python / Rub and other dev platforms on the required infrastructure compoennts of ech application including E2 instances or Docker Containers, with load-balancing, auto-scaling and monitoring services.

![image.png](attachment:image.png)


## Essential Charachteristics of AWS Cloud Computing

### 1. On demand self-service
* We expect and demand that cloud services are delivered quickly


### 2. Resource Pooling
* Infrastructure resources for public cloud providers are pooled together in many data centers across the different regions of the world and are dynamically assigned. 
* AWS has clusters of Data Centers called Availability Zones (AZ) and each AZ has over 80k bare metal servers available and online allowing customers to access their applications with a high level of availability. 
* having a massive resource pool is a necessary pre-requisite for all public cloud providers. Customers do not expect to run out of resources (for example: S3 is unlimited)

### 3. Rapid elasticity 
* Elasticity == scaling
* key featured required by all hosted cloud applications
* Because most services and appliations are built on compute and storage , applications in the AWS cloud have the capability to automatically scale. 
* Elasticity is only helpful if the scaling is automated
* Real Time monitoring in AWS allow us to immediately react before performance degredation
* EC2 Auto Scaling in the background, additional compute resources are automatically ordered and delivered to the application server's cluster. 
* Rapid elasticity is really only possible with real time monitoring to drive the change
![image.png](attachment:image.png)

### 4. Measured Service
* a measured service in the cloud you are billed for what you use. 
* Cloud providers make money by charging for everything that you use in their data centers, including transfer costs. Packet flow inbound to the public cloud is usually free. outbound packet flow or traffic between subnets hosted in data cetners is usually charged an outbound data fee.
* the measure can be time or usage based: For example: gigabytes used in s3 or per minute with compute services (like Ec2) 
* AWS charges can be broken down into compute, storage and data transfer charges.
* If an AWS service is on the meter is running. 
* COST MANAGEMENT IS SUPER IMPORTANT
* Tools at your disposal : AWS simple pricing calculator




# Operational Benefits of AWS


### Servers

* underutilized servers in your data center are expensive to run and maintain. Moving applications to the public cloud will reduce the size of your on premise data center. 
* You may not host as many servers! 
* Won't have to spend for licensing on the hypervisor level (see below for a note on what a hypervisor is) 




Note on hypervisors: 

source: https://www.vmware.com/topics/glossary/content/hypervisor

What is a hypervisor?

- Also known as a virtual machine monitor 
- Hypervisors make it possible to use more of a systems available resources and provide greater IT mobility since the guest VMs are independent of the host hardware. 
- Two types of Hypervisors (type 1: bare metal, type2: hosted)
- Type 1 hypervisor acts like a lightweight operating system and runs directly on the hosts hardware, while a type 2 hypervisor runs as a sotware layer on an operating system - like other computer programs. 
- Most common deployed type of hypervisor is the type 1 or bare-metal hypervisor, where virtualization software is installed directly on the hardware where the operating system is normally installed. They are extremely secure
![image-2.png](attachment:image-2.png)


### Storage
* Using cloud storage has huge benefits due to the unlimited amount of storage promised by the cloud providers. Amazon has many options for storae that are similar. But not exactly the same as your on-premise solutions
* For storage area network solutions, Amazon has shareable file solutions: EFS for linux workloads and FSx, a shared file service specifically for Windows File Server workloads. Virtual Hard disks are available using EBS. 


