EXPLORING THE

COMPONENTS OF
AMAZON WEB SERVICE
Unit 6 – AWS cloud computing Platform
AWS SERVICES
AWS
AWS
EC2
A web service that provides secure, resizable compute
capacity in the cloud.
 Simple web service interface allows you to obtain and
configure capacity with minimal friction.
 Reduces the time required to obtain and boot new
server instances to minutes, allowing you to quickly scale
capacity, both up and down, as your computing
requirements change.

EC2 – ELASTIC COMPUTE CLOUD – BASICS

INSTANCE TYPE
3
  Burstable performance Instance - T instances’ baseline performance and ability to
burst are governed by CPU Credits. Each T instance receives CPU Credits
continuously, the rate of which depends on the instance size. T instances accrue
CPU Credits when they are idle, and use CPU credits when they are active. A CPU
Credit provides the performance of a full CPU core for one minute.
 Multiple storage options - Amazon EC2 allows you to choose between multiple
storage options based on your requirements. Amazon EBS is a durable, block-level
storage volume that you can attach to a single, running Amazon EC2 instance. You
can use Amazon EBS as a primary storage device for data that requires frequent
and granular updates
 ESBS Optimized Instances -. Select EC2 instances support cluster networking when
launched into a common cluster placement group. A cluster placement group
provides low-latency networking between all instances in the cluster
 Cluster Network - Select EC2 instances support cluster networking when launched
into a common cluster placement group. A cluster placement group provides low-
latency networking between all instances in the cluster

INSTANCES FEATURES
LIFE CYCLE OF INSTANCE
Instance state Description Instance usage billing

pending The instance is preparing to enter the runningstate. An instance Not billed
enters the pending state when it launches for the first time, or
when it is restarted after being in the stopped state.

running The instance is running and ready for use. Billed

stopping The instance is preparing to be stopped or stop-hibernated. Not billed if preparing to stop
Billed if preparing to hibernate

stopped The instance is shut down and cannot be used. The instance Not billed
can be restarted at any time.

shutting-down The instance is preparing to be terminated. Not billed

terminated The instance has been permanently deleted and cannot be Not billed
restarted.
 An object storage service that offers industry-leading scalability, data
availability, security, and performance.
 This means customers of all sizes and industries can use it to store and protect
any amount of data for a range of use cases, such as websites, mobile
applications, backup and restore, archive, enterprise applications, IoT
devices, and big data analytics.
 Amazon S3 provides easy-to-use management features so you can organize
your data and configure finely-tuned access controls to meet your specific
business, organizational, and compliance requirements.
 Amazon S3 is designed for 99.999999999% (11 9's) of durability, and stores
data for millions of applications for companies all around the world.

SIMPLE STORAGE SERVICE – S3



BENEFITS
Basics

Industry lead performance , scalability , availability,

durability
Wide range of cost effective storage class
Unmatched security, compliance and audits
Management tool for granular data control
Query in place for analytics

BASICS
AWS S3
PROCESS OF PUT /GET
  Operation on the service - GET Service
 Operation n AWS account –
 Block Public Access(GET,PUT,DELETE)
 Batch Operations(CREATE,LIST,UPDATE,DESCRIBE)jobs
 Operation on the Bucket -
 DELETE Bucket.(analytics, encryption,inventory,lifecycle,AccessBlock,metrics,policy,eplication,tagging,website)
 GET Bucket (List Objects, accelerate, acl, analytics, encryption, Inventory , lifecycle, location, AccessBlock logging,
metrics notification, object lock configuration, PolicyStatus, Object versions, policy, replication, requestPayment,
tagging, GET Bucket versioning, website)
 PUT Bucket( accelerate, acl, analytics, cors, encryption, inventory, lifecycle, PublicAccessBlock, logging, metrics,
notification, object lock ,onfiguration, policy, replication, requestPayment, tagging, versioning, website)
 Operation on the Object -
 Delete (Multiple Objects, Object, tagging,ACL)
 GET (Object legal hold, retention, tagging)
 POST Object(restore)
 PUT Object(legal hold, retention, Copy, acl, tagging,)

OPERATIONS
 Storage Classes
 Amazon S3 STANDARD for general-purpose storage of frequently accessed data, Amazon S3 STANDARD_IA for
long-lived, but less frequently accessed data and GLACIER for long-term archive.
 Bucket Policies:
 Accounts have the power to grant bucket policy permissions and assign employees permissions based on a
variety of conditions. F
 CREATE ,DELETE bucket, PUT,GET object
 AWS Identity and Access Management
 S3 to control the type of access a user or group of users has to specific parts of an bucket your AWS account
owns.
 Versioning
 Object Versioning protects you from the consequences of unintended overwrites and deletions.
 Operations
 Create a Bucket – Create and name your own bucket in which to store your objects.
 Write an Object – Store data by creating or overwriting an object. When you write an object, you specify a
unique key in the namespace of your bucket.
 Read an Object – Read data back. You can download the data via HTTP or BitTorrent.
 Deleting an Object – Delete some of your data.
 Listing Keys – List the keys contained in one of your buckets. You can filter the key list based on a prefix.

FEATURES
 Storage mgmt. & monitoring - flat, non-hierarchical structure, batch operations, replication,
object lock
 Storage classes - S3 Standard, S3 Intelligent-Tiering, S3 Standard-Infrequent Access (S3
Standard-IA), S3 one Zone-Infrequent Access (S3 One Zone-IA), Amazon S3 Glacier (S3
Glacier) and Amazon S3 Glacier Deep Archive, Access / cost
 Access mgmt. & security - AWS Identity and Access Management , Access Control
Lists (ACLs) to make individual objects acessible to authorized users; bucket policies to
configure permissions for all objects
 Query in place - increase query performance by 400%, and reduce cost by 80%. by
retrieving a subset of an object’s metadata instead of the entire object, which can be up to
5 terabytes in size
 Transferring large amount of data - designed to maximize transfer speeds to S3 buckets. For
very large data transfers, consider using AWS Snowball, AWS Snowball Edge, and AWS
Snowmobile to move PB ,XB to the AWS C

FEATURES
  Amazon Glacier is an online file storage web service that provides storage for data
archiving and backup.
 Archives
 An archive can be any data such as photos, videos, or documents. You can upload a single file
as an archive or aggregate multiple files into a TAR or ZIP file and upload as one archive.
 A single archive can be as large as 40 terabytes. You can store an unlimited number of archives.
 Each archive is assigned a unique archive ID at the time of creation, and the content of the
archive is immutable, meaning that after an archive is created it cannot be updated.

 Vaults
 Amazon S3 Glacier uses "vaults" as containers to store archives.
 use the AWS SDKs to perform a variety of vault operations such as create vault, delete vault, lock
vault, list vault metadata, retrieve vault inventory, tag vaults for filtering and configure vault
notifications.
 You can also set access policies for each vault to grant or deny specific activities to users. Under
a single AWS account, you can have up to 1000 vaults.

AMAZON GLACIER
 Data retrieval feature-3 features – Expedited (1-5min), Standard(3-5 hr)& Bulk – cost effective (PB)
 Glacier select – allow queries to run on data store without having to retrieve entire archive
 Snowball & direct integration –
 accelerate moment of Large data in /out of aws using portable storage device .
 snowball is faster than internet & cost effective .
 Direct has dedicated network bandwidth(1-10GPS)
 Vault lock - easy deployment and enforce compliance using lockable policy (WORM),immutable.
 Tagging- tagging Gvault , label to associate ,add filtering capability ,eg tagging S3 Glacier Cost and using Dept
 ACL– Identity Access MGMT(IAM),security credentials( passwd, multi fact authentication) +vault =>grant
 Audit logs – helps to implement compliance , governance objective for achieve system
 Vault access policies - grant access to users & business groups internal to org or Ext Business partners
 Vault inventory – inventory of all archives for disaster recovery or occasional reconciliation ,updated once/day
 Data retrieve policy – maximum retrieve rate
 low level API / High Level API - implement glacier operation /abstraction
 AWS – mgmt. console & SDKs – create configure vault

FEATURES
GLACIER VS S3
  provides persistent block storage volumes for use with Amazon EC2 instances in the
AWS Cloud.
 Each Amazon EBS volume is automatically replicated within its Availability Zone
 Amazon EBS volumes offer the consistent and low-latency performance
 With Amazon EBS, you can scale your usage up or down within minutes – all while
paying a low price
 Amazon EBS is designed for application workloads that benefit from fine tuning for
performance, cost and capacity.
 Typical use cases include Big Data analytics engines (like the Hadoop/HDFS
ecosystem and Amazon EMR clusters), relational and NoSQL databases (like
Microsoft SQL Server and MySQL or Cassandra and MongoDB), stream and log
processing applications (like Kafka and Splunk), and data warehousing
applications (like Vertica and Teradata).

EBS- ELASTIC BLOCK STORAGE –BASICS

 General Purpose SSD (gp2) Volumes
 ideal for a broad range of workloads.
 These values deliver single-digit millisecond latencies and the ability to burst to 3,000 IOPS for
extended periods of time.
 Between a minimum of 100 IOPS (at 33.33 GiB and below) and a maximum of 16,000 IOPS (at 5,334
GiB and above), baseline performance scales linearly at 3 IOPS per GiB of volume size.
 AWS designs gp2 volumes to deliver 90% of the provisioned performance 99% of the time.
 A gp2 volume can range in size from 1 GiB to 16 TiB.

Provisioned IOPS SSD (io1) Volumes

 Designed for needs of I/O-intensive workloads, particularly database workloads, that are sensitive
to storage
 performance and consistency.
 An io1 volume can range in size from 4 GiB to 16 TiB.
 You can provision from 100 IOPS up to 64,000 IOPS per volume.
 The maximum ratio of provisioned IOPS to requested volume size (in GiB) is 50:1.

TYPES OF ESB VOLUMES

 Throughput Optimized HDD (st1) Volumes
 low-cost magnetic storage that defines performance in terms of throughput rather than IOPS.
 This volume type is a good fit for large, sequential workloads such as Amazon EMR, ETL, data warehouses, and log processing.
 Bootable st1 volumes are not supported.
 For a 1-TiB st1 volume, burst throughput is limited to 250 MiB/s, the bucket fills with credits at 40 MiB/s

Cold HDD (sc1)

 volumes provide low-cost magnetic storage that defines performance in terms of throughput rather than IOPS.
designed to support infrequently accessed data

Magnetic (standard)
 Magnetic volumes are backed by magnetic drives and are suited for workloads where data is accessed infrequently
 scenarios where low-cost storage for small volume sizes is important. These volumes deliver approximately 100 IOPS on average,
with burst capability of up to hundreds of IOPS,
 They can range in size from 1 GiB to 1 TiB.

TYPES OF ESB VOLUMES

VPC
 VPC enables you to launch AWS resources into a virtual network ,with the benefits of
using the scalable infrastructure of AWS.
 A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is
logically isolated from other virtual networks in the AWS Cloud.
 You can launch your AWS resources, such as Amazon EC2 instances, into your VPC.
 You can specify an IP address range for the VPC, add subnets, associate security
groups, and configure route tables.

AMAZON VIRTUAL PRIVATE CLOUD –

AMAZON VPC
 A subnet is a range of IP addresses in your VPC.
 You can launch AWS resources into a specified subnet.
 Use a public subnet for resources that must be connected to the internet and a private
subnet for resources that won't be connected to the virtual private internet.
 If a subnet's traffic is routed to an internet gateway, the subnet is known as a public
subnet. If you want your instance in a public subnet to communicate with the internet
over IPv4, it must have a public IPv4 address or an Elastic IP address (IPv4)
 If you want your instance in the public subnet to communicate with the internet over
IPv6, it must have an IPv6 address.
 If a subnet doesn't have a route to the internet gateway, the subnet is known as a private
subnet.
 If a subnet doesn't have a route to the internet gateway, but has its traffic routed to a
virtual private gateway for a Site-to-Site VPN connection, the subnet is known as a VPN-
only subnet.

SUBNET
 Each subnet must be associated with a route table, which specifies the allowed routes for
outbound traffic leaving the subnet.
 Every subnet that you create is automatically associated with the main route table for
the VPC.
 You can change the association, and you can change the contents of the main route
table.

SUBNET ROUTING
 Your VPC has an implicit router, Your VPC automatically comes with a main route table that you can
modify.
 You can create additional custom route tables for your VPC.
 Each subnet must be associated with a route table, which controls the routing for the subnet. If you don't
explicitly associate a subnet with a particular route table, the subnet is implicitly associated with the main
route table.
 You cannot delete the main route table, but you can replace the main route table with a custom
 Each route in a table specifies a destination CIDR and a target (for example, traffic destined for the
external corporate network 172.16.0.0/12 is targeted for the virtual private gateway).
 CIDR blocks for IPv4 and IPv6 are treated separately. For example, a route with a destination CIDR of
0.0.0.0/0 (all IPv4 addresses) does not automatically include all IPv6 addresses.
 Every route table contains a local route for communication within the VPC over IPv4. If your VPC has more
than one IPv4 CIDR block, your route tables contain a local route for each IPv4 CIDR block. If you've
associated an IPv6 CIDR block with your VPC, your route tables contain a local route for the IPv6 CIDR
block. You cannot modify or delete these routes.
 When you add an Internet gateway, an egress-only Internet gateway, a virtual private gateway, a NAT
device, a peering connection, or a VPC endpoint in your VPC, you must update the route table for any
subnet that uses these gateways or connections.
 There is a limit on the number of route tables you can create per VPC, and the number of routes you can
add per route table.

ROUTE TABLE BASICS

 AWS provides two features that you can use to increase security
in your VPC: security groups and network ACLs.
 Security groups control inbound and outbound traffic for your
instances
 network ACLs control inbound and outbound traffic for your
subnets.

SUBNET SECURITY
 Amazon Elastic Container Service (Amazon ECS) is a
highly scalable, fast, container management service that
makes it easy to run, stop, and manage Docker containers
on a cluster.
 You can host your cluster on a serverless infrastructure that
is managed by Amazon ECS by launching your services or
tasks using the Fargate launch type
 Amazon ECS lets you launch and stop container-based
applications with simple API calls, allows you to get the
state of your cluster from a centralized service, and gives
you access to many familiar Amazon EC2 features.

ECS
 Elastic Load Balancing automatically distributes incoming
application traffic across the tasks in your Amazon ECS
service.
 It enables you to achieve greater levels of fault tolerance in
your applications, seamlessly providing the required amount
of load balancing capacity needed to distribute
application traffic.
 You can use Elastic Load Balancing to create an endpoint
that balances traffic across services in a cluster.

ELASTIC LOAD BALANCE .. TO BE

CONTINUED
  An Elastic IP address is a static, public IPv4 address designed
for dynamic cloud computing.
 You can associate an Elastic IP address with any instance or
network interface for any VPC in your account.
 With an Elastic IP address, you can mask the failure of an
instance by rapidly remapping the address to another
instance in your VPC.

ELASTIC IP ADDRESS
 You first allocate an Elastic IP address that associate an instance in your VPC.
 If you associate an Elastic IP address with the eth0 network interface of your instance, its current public IPv4
address (if it had one) is released to the EC2-VPC public IP address pool.
 If you disassociate the Elastic IP address, the eth0 network interface is automatically assigned a new public
IPv4 address within a few minutes.
 You can move an Elastic IP address from one instance to another. The instance can be in the same VPC or
another VPC, but not in EC2-Classic.
 Your Elastic IP addresses remain associated with your AWS account until you explicitly release them.
 To ensure efficient use of Elastic IP addresses, we impose a small hourly charge when they aren't associated
with a running instance, or when they are associated with a stopped instance or an unattached network
interface.
 While your instance is running, you aren't charged for one Elastic IP address associated with the instance, but
you are charged for any additional Elastic IP addresses associated with the instance. For more information
 You're limited to five Elastic IP addresses; to help conserve them, you can use a NAT device .
 An Elastic IP address is accessed through the Internet gateway of a VPC. If you have set up a AWS Site-to-Site
VPN connection between your VPC and your network, the VPN traffic traverses a virtual private gateway, not
an Internet gateway, and therefore cannot access the Elastic IP address.
 You can tag an Elastic IP address that's allocated for use in a VPC; however, cost allocation tags are not
supported. If you recover an Elastic IP address, tags are not recovered.

ELASTIC IP BASICS
 Is a logical networking component in a VPC that represent Virtual network card
 Attributes :
 Primary private IPV4 address from iPV4 address range of your VPC
 One or more secondary private IPV4 address
 One elastics IP address
 One public IPV4 address
 One or more IPV6 address
 One or more security group
 a source destination check flag

ELASTIC NETWORK INTERFORCE(ENI)

 Act as virtual firewall for your instance to control inbound and outbound traffic.
 When you launch an instance in a VPC, you can assign up to five security groups to the
instance.
 Security groups act at the instance level, not the subnet level. Therefore, each instance in a
subnet in your VPC could be assigned to a different set of security groups.
 If you don't specify a particular group at launch time, the instance is automatically assigned
to the default security group for the VPC.
 For each security group, you add rules that control the inbound traffic to instances, and a
separate set of rules that control the outbound traffic
 You might set up network ACLs with rules similar to your security groups in order to add an
additional layer of security to your VPC

SECURITY GROUPS & ACL

 You have limits on the number of security groups that you can create per VPC, You can specify
allow rules, but not deny rules.
 You can specify separate rules for inbound and outbound traffic.
 When you create a security group, it has no inbound rules. Therefore, no inbound traffic originating
from another host to your instance is allowed until you add inbound rules to the security group vice
verse
 Security groups are stateful — if you send a request from your instance, the response traffic for that
request is allowed to flow in regardless of inbound security group rules. Responses to allowed
inbound traffic are allowed to flow out, regardless of outbound rules.
 Some types of traffic are tracked differently to others.
 Default rule Instances associated with a security group can't talk to each other unless you add rules
allowing it
 After you launch an instance, you can change the security groups associated with the instance,
which changes the security groups associated with the primary network interface (eth0). You can
also change the security groups associated with any other network interface.
 When you create a security group, you must provide it with a name and a description. The
following rules apply like nomemculture.

SECURITY GROUPS BASICS

 Your Amazon ECS service can optionally be configured to use Elastic Load
Balancing to distribute traffic evenly across the tasks in your service.
 Application Load Balancers offer several features for use with Amazon ECS services:
 allow containers to use dynamic host port mapping (so that multiple tasks from the same
service are allowed per container instance).
 support path-based routing and priority rules (so that multiple services can use the same
listener port on a single Application Load Balancer).

EXPLORING ELASTIC LOAD BLALACE

 Amazon ECS service can optionally be configured to use Elastic Load Balancing to
distribute traffic evenly across the tasks in your service.
 Elastic Load Balancing supports 4 types of load balancers: Application Load Balancers,
Network Load Balancers, and Classic Load Balancers, and Amazon ECS services can use
either type of load balancer.
 All of the containers that are launched in a single task definition are always placed on the
same container instance.
 For Classic Load Balancers, you may choose to put multiple containers (in the same task
definition) behind the same load balancer by defining multiple host ports in the service
definition and adding those listener ports to the load balancer
 Application Load Balancers are used to route HTTP/HTTPS (or Layer 7) traffic. Network Load
Balancers and Classic Load Balancers are used to route TCP (or Layer 4) traffic. Application
Load Balancers offer several features that make them attractive for use with Amazon ECS
services:
 Application Load Balancers allow containers to use dynamic host port mapping (so that
multiple tasks from the same service are allowed per container instance).
 Application Load Balancers support path-based routing and priority rules (so that multiple
services can use the same listener port on a single Application Load Balancer).

BASICS
 Load Balancing configuration
 We do not recommend connecting multiple services to the same Classic Load Balancer. Because entire container instances
are registered and deregistered with Classic Load Balancers (and not host and port combinations), this configuration can
cause issues if a task from one service stops, causing the entire container instance to be deregistered from the Classic Load
Balancer while another task from a different service on the same container instance is still using it. If you want to connect
multiple services to a single load balancer (for example, to save costs), we recommend using an Application Load Balancer.
 There is a limit of one load balancer or target group per service.
 Services with tasks that use the aws vpc network mode (for example, those with the Fargate launch type) only support
Application Load Balancers and Network Load Balancers. Classic Load Balancers are not supported. Also, when you create
any target groups for these services, you must choose ip as the target type, not instance.
 If your service using an Application Load Balancer requires access to multiple load balanced Container health checks are
not supported for tasks that are part of a service that is configured to use a Classic Load Balancer.
 Your load balancer subnet configuration must include all Availability Zones that your container instances reside in.
 After you create a service, the target group ARN or load balancer name, container name, and container port specified in
the service definition are immutable. You cannot add, remove, or change the load balancer configuration of an existing
service. If you update the task definition for the service, the container name and container port that were specified when the
service was created must remain in the task definition.
 If a service's task fails the load balancer health check criteria, the task is killed and restarted. This process continues until your
service reaches the number of desired running tasks.
 If you configure your Application Load Balancer to use slow start mode, you must configure your task health check to return
an UNHEALTHY status until after the slow start period is over. For more information about slow start mode, see Target Groups
for Your Application Load Balancers.
 If you are experiencing problems with your load balancer-enabled services, see Troubleshooting Service Load Balancers.
 Application Load Balancer: routing decisions at the application layer
(HTTP/HTTPS), supports path-based routing, and can route requests to
one or more ports on each container instance in your cluster.
 Network Load Balancer :makes routing decisions at the transport
layer (TCP/SSL). It can handle millions of requests per second. After
the load balancer receives a connection, it selects a target from the
target group for the default rule using a flow hash routing algorithm
 Classic Load Balancer:routing decisions at either the transport layer
(TCP/SSL) or the application layer (HTTP/HTTPS). Classic Load
Balancers currently require a fixed relationship between the load
balancer port and the container instance port.

TYPES OF LOAD BALANCE

CONFIGURING ELASTIC LOAD
BALANCE
 Cloud Watch
 gain system-wide visibility into resource utilization, application performance, and operational
health.
 The CloudWatch home page automatically displays metrics about every AWS service you use.
You can additionally create custom dashboards to display metrics about your custom
applications
 You can create alarms which watch metrics and send notifications or automatically make
changes to the resources you are monitoring when a threshold is breached

 Autoscaling
 we

BASICS OF CLOUD WATCH

 Amazon CloudWatch enables you to retrieve statistics as an
ordered set of time-series data, known as metrics
 Auto Scaling groups can send metrics to CloudWatch that
describe the group itself. You must enable these metrics.

AUTOSCALING
 Metric Description
GroupMinSize The minimum size of the Auto Scaling group.
GroupMaxSize The maximum size of the Auto Scaling group.
GroupDesiredCa The number of instances that the Auto Scaling group attempts
to maintain.
pacity
GroupInServiceIThe number of instances that are running as part of the Auto
Scaling group. This metric does not include instances that are
nstances pending or terminating.
GroupPendingIn The number of instances that are pending. A pending instance is
not yet in service. This metric does not include instances that are
stances in service or terminating.
GroupStandbyIn The number of instances that are in a Standby state. Instances in
this state are still running but are not actively in service.
stances
GroupTerminatin The number of instances that are in the process of terminating.
This metric does not include instances that are in service or
gInstances pending.
GroupTotalInstan The total number of instances in the Auto Scaling group. This
metric identifies the number of instances that are in service,
ces pending, and terminating.

AUTOSCALING
 https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-
lifecycle.html
 https://www.slideshare.net/AmazonWebServices/introduction-to-amazon-ec2-
32781330
 https://www.slideshare.net/AmazonWebServices/introduction-to-amazon-ec2-
76030632
 https://aws.amazon.com/s3/?sc_channel=PS&sc_campaign=acquisition_IN&sc_p
ublisher=google&sc_medium=s3_b&sc_content=s3_e&sc_detail=amazon%20aws
%20s3&sc_category=s3&sc_segment=78960224341&sc_matchtype=e&sc_country
=IN&s_kwcid=AL!4422!3!78960224341!e!!g!!amazon%20aws%20s3&ef_id=EAIaIQob
ChMI1f2Mwonr4AIV0oyPCh3HQQh_EAAYASAAEgInmvD_BwE:G:s
 https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectOps.html
 https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html