Introduction To Cloud Computing On AWS
Introduction To Cloud Computing On AWS
Key Concepts
1. Cloud Computing Characteristics (NIST Model):
o On-demand self-service: Provision resources without human intervention.
o Broad network access: Accessible via standard protocols (HTTP, APIs).
o Resource pooling: Shared infrastructure with multi-tenant isolation.
o Rapid elasticity: Auto-scaling based on demand.
o Measured service: Pay-per-use billing.
2. Cloud Deployment Models:
o Private Cloud: Built and managed by organizations (high cost/complexity).
o Public Cloud (AWS, Azure, GCP): Subscription-based, globally scalable.
3. Service Models:
o IaaS (EC2): Manage OS, apps, data; AWS manages infrastructure.
o PaaS (AWS Elastic Beanstalk): Deploy code; AWS manages runtime.
o SaaS (Gmail, Salesforce): Fully managed by provider.
4. AWS Infrastructure:
o Regions: Geographically isolated locations (e.g., us-east-1).
o Availability Zones (AZs): Redundant data centers within a region.
o Global Network: Low-latency, high-bandwidth connectivity.
5. AWS Management Tools:
o Console (GUI): Web-based interface.
o CLI/SDKs: Programmatic control (e.g., aws s3 ls).
o CloudShell: Browser-based CLI with pre-configured credentials.
Best Practices
• Root User: Use only for critical tasks (e.g., account recovery).
• IAM: Assign least-privilege policies to users/groups.
• Cost Control: Terminate unused resources; leverage Free Tier.
Key Concepts
1. AWS Global Infrastructure:
o Regions: Geographically isolated locations (e.g., us-east-1). Each region has
multiple Availability Zones (AZs).
o Availability Zones (AZs): One or more redundant data centers within a region.
Designed for fault tolerance (e.g., power/networking redundancy).
o Edge Locations: Part of Amazon CloudFront (CDN) to cache content closer to users
for low latency.
o Specialized Zones:
▪ AWS Outposts: Run AWS services on-premises.
▪ Local Zones: Extend regions to metropolitan areas for latency-sensitive apps.
▪ Wavelength Zones: Embed AWS services in 5G networks for mobile/edge
computing.
2. Shared Responsibility Model:
o AWS Responsibility: Security of the cloud (physical infrastructure, hardware, global
network).
o Customer Responsibility: Security in the cloud (data encryption, IAM policies,
OS/application patches, network/firewall configurations).
3. APIs (Application Programming Interfaces):
o Definition: Rules/protocols for programmatic interaction with AWS services via HTTP
methods (GET, POST, PUT, DELETE).
o Examples:
▪ S3 API: GetObject (download files) or PutObject (upload files).
▪ EC2 API: RunInstances (launch virtual servers).
o Universal Use: Every AWS action (via Console, CLI, or SDK) translates to an API call.
4. AWS Pricing Models:
o Pay-as-You-Go: Default model; pay for compute (per second), storage (per GB), and
data transfer out of AWS.
o Save When You Reserve: Up to 75% discount for committing to 1- or 3-year terms (e.g.,
EC2 Reserved Instances).
o Volume-Based Discounts: Tiered pricing (e.g., S3 storage costs decrease with higher
usage).
5. Six Advantages of Cloud Computing (AWS):
o 1. Trade Capex for Opex: Shift from upfront costs to operational expenses.
o 2. Economies of Scale: Lower costs via AWS’s aggregated infrastructure.
o 3. Stop Guessing Capacity: Scale dynamically; avoid over-provisioning.
o 4. Speed & Agility: Rapid deployment of global resources.
o 5. No Data Center Management: Focus on innovation, not infrastructure.
o 6. Go Global in Minutes: Deploy apps worldwide with ease.
Diagrams/Visual Aids
1. AWS Global Network:
o Regions → Availability Zones → Subnets (public/private).
o Low-latency connections between AZs; high redundancy within regions.
2. Shared Responsibility Model:
o AWS (bottom layer: hardware, regions) vs. Customer (top layer: data, apps, access
controls).
Best Practices
• Infrastructure Design: Deploy resources across multiple AZs for high availability.
• Cost Control: Use Reserved Instances for predictable workloads; monitor data transfer costs.
• Security: Follow least privilege in IAM; encrypt data at rest/in transit.
Real-World Use Cases
• Netflix: Uses CloudFront for global video streaming.
• Startups: Leverage pay-as-you-go to avoid upfront infrastructure costs.
• Enterprises: Use Reserved Instances to reduce long-term compute expenses.
Key Concepts
1. IAM Fundamentals:
o Users: Individual accounts with permissions (e.g., User: Joe).
o Groups: Collections of users with shared permissions (e.g., Admin Group).
o Roles: Temporary permissions for users/apps (e.g., EC2-Role).
o Policies: JSON documents defining permissions (e.g., AdministratorAccess policy).
2. Authentication vs. Authorization:
o Authentication: Verifying identity (e.g., password, MFA).
o Authorization: Permissions granted via policies.
3. IAM Roles & STS:
o Security Token Service (STS): Generates temporary credentials for role assumption.
o Role Switching: Users assume roles for temporary permissions (e.g., sts:AssumeRole).
4. IAM Identity Center:
o Single Sign-On (SSO): Centralized access to AWS accounts and SaaS apps.
o Permission Sets: Predefined/custom permissions (e.g., ViewOnlyAccess).
o Integration: Works with AWS Organizations for multi-account management.
5. Shared Responsibility Model:
o AWS Responsibility: Infrastructure security.
o Customer Responsibility: User permissions, data encryption, MFA.
Best Practices
• Avoid Root User: Use IAM users/roles for daily tasks.
• Least Privilege: Grant minimal necessary permissions.
• MFA: Enable multi-factor authentication for all users.
• Use Roles: Temporary access reduces long-term security risks.
• Centralize with Identity Center: Simplify SSO for multi-account environments.
Key Concepts
1. Server Virtualization:
o Hypervisor: Software layer (e.g., KVM, Xen) enabling multiple virtual machines (VMs) to
run on a single physical server.
o Benefits: Resource efficiency, portability, rapid deployment, and scalability.
2. Scaling Strategies:
o Vertical Scaling (Scaling Up):
▪ Increase resources (CPU, RAM) of a single instance (e.g., upgrading
from t2.micro to c5.xlarge).
▪ Use cases: Databases (e.g., MySQL) needing more compute power.
o Horizontal Scaling (Scaling Out):
▪ Add more instances to distribute load (e.g., deploying
multiple t2.micro instances).
▪ Use cases: Stateless web servers (e.g., static websites).
3. High Availability (HA) vs. Fault Tolerance (FT):
o HA: Minimizes downtime by distributing workloads across AZs (e.g., using Auto
Scaling and ELB).
▪ Services: ELB, Route 53 (DNS failover).
o FT: Zero downtime via redundant components (e.g., RAID 1, synchronous replication).
▪ AWS handles underlying FT (e.g., redundant power/networking).
4. Durability vs. Availability:
o Durability: Protection against data loss (e.g., S3 offers 99.999999999% durability).
o Availability: Percentage of time data/services are accessible (e.g., 99.99% uptime).
Best Practices
• Security:
o Use IAM roles over access keys.
o Restrict security group rules (e.g., limit SSH/RDP to trusted IPs).
• Cost Optimization:
o Use Auto Scaling to terminate unused instances.
o Choose Spot Instances for non-critical workloads.
• High Availability:
o Deploy instances across multiple AZs.
o Use ELB to distribute traffic.
Key Concepts
1. IAM Roles vs. Access Keys:
o Access Keys: Long-term credentials stored on instances (security risk if compromised).
o IAM Roles: Temporary credentials via AWS STS (Security Token Service) for secure,
short-term access (best practice).
2. User Data Scripts:
o Automate instance initialization (e.g., install Apache, configure web pages).
o Executes once at launch.
o Example: Script to install a web server and display the instance’s availability zone.
3. Auto Scaling:
o Launch Template: Defines EC2 configurations (AMI, instance type, security groups,
user data).
o Auto Scaling Group (ASG): Manages instance count across AZs.
▪ Scaling Policies:
▪ Target Tracking: Adjusts capacity based on metrics (e.g., CPU utilization,
request count).
▪ Health Checks: Terminates unhealthy instances and launches
replacements.
o Use Cases: Maintain availability, handle demand spikes, replace failed instances.
4. Elastic Load Balancing (ELB):
o Application Load Balancer (ALB):
▪ Operates at Layer 7 (HTTP/HTTPS).
▪ Routes traffic based on URL paths or hostnames.
o Target Groups: Group instances/containers for traffic distribution.
o Health Checks: Ensure only healthy instances receive traffic.
Best Practices
• Security:
o Use IAM roles instead of access keys.
o Restrict security groups to necessary ports (e.g., HTTP:80, SSH:22).
• Cost Optimization:
o Use Spot Instances for non-critical workloads.
o Terminate unused instances.
• High Availability:
o Deploy instances across multiple AZs.
o Use ELB to distribute traffic and Auto Scaling to replace failed instances.
Detailed Notes
1. OSI Model & AWS Relevance
7 Layers:
1. Physical (Layer 1): Hardware (cables, NICs). Managed by AWS.
2. Data Link (Layer 2): MAC addresses/switches. Rarely configured in AWS.
3. Network (Layer 3): IP addresses/routing (VPC, route tables).
4. Transport (Layer 4): TCP/UDP ports (Security Groups, NACLs).
5. Session (Layer 5): Manages connections (handled by AWS services).
6. Presentation (Layer 6): Data encryption/compression (SSL/TLS).
7. Application (Layer 7): HTTP/HTTPS (Application Load Balancers).
AWS Focus:
• Layer 3: Configuring VPCs, subnets, and route tables.
• Layer 4: Managing security groups (TCP/UDP rules).
• Layer 7: Application Load Balancers (content-based routing).
2. Networking Devices
• Switches (Layer 2): Connect devices in the same subnet using MAC addresses.
• Routers (Layer 3): Route traffic between subnets/IP ranges.
• Firewalls:
o Stateful (Security Groups): Track connections (allow return traffic automatically).
o Stateless (NACLs): Require explicit inbound/outbound rules.
Example:
• Security Group: Allow SSH (port 22) from 0.0.0.0/0.
• NACL: Deny inbound traffic from a specific IP (192.168.1.1/32).
Detailed Notes
1. Block Storage: Amazon Elastic Block Store (EBS)
• Volume Types:
o GP3: General-purpose SSD (default).
o IO1/IO2: High-performance SSD for I/O-intensive workloads.
o Throughput Optimized HDD (st1): Low-cost HDD for big data.
• Features:
o Attached to EC2 instances within the same Availability Zone (AZ).
o Snapshots:
▪ Incremental backups stored in S3.
▪ Can create volumes/AMIs across AZs or regions.
• Hands-On:
o Create/Attach Volume:
# Create a 10GB GP3 volume in us-east-1a
aws ec2 create-volume --availability-zone us-east-1a --size 10 --volume-type gp3
o Mount Volume:
sudo mkfs -t ext4 /dev/xvdf # Format
sudo mount /dev/xvdf /data # Mount to /data
Use Case Boot volumes, databases Shared apps, CMS Static websites, backups
Best Practices
• EBS: Use snapshots for backups; enable encryption.
• EFS: Use IA storage classes for cost savings; mount in multiple AZs for HA.
• S3: Enable versioning and lifecycle policies; restrict public access.
Key Concepts
• Relational vs. Non-Relational Databases:
o Relational (RDS): Structured data with tables, rows, and rigid schemas (e.g., MySQL,
PostgreSQL). Scales vertically.
o Non-Relational (DynamoDB): Flexible schema, key-value/document stores. Scales
horizontally.
• OLTP vs. OLAP:
o OLTP (Operational): Real-time transaction processing (e.g., RDS, DynamoDB).
o OLAP (Analytical): Complex analytics (e.g., Redshift).
• Multi-AZ & Read Replicas:
o Multi-AZ: Automatic failover for disaster recovery.
o Read Replicas: Scale read traffic horizontally (asynchronous replication).
Detailed Notes
1. Amazon RDS (Relational Database Service)
• Features:
o Managed Service: Supports MySQL, PostgreSQL, Aurora, Oracle, SQL Server.
o Backups: Automated snapshots stored in S3.
o Scaling:
▪ Vertical: Upgrade instance size (requires downtime).
▪ Horizontal: Add read replicas (async replication).
o Multi-AZ Deployment: Sync replication to a standby instance in another AZ for failover.
• Use Cases: Transactional workloads (e.g., e-commerce, CRM).
Hands-On Setup:
1. Create RDS Instance:
o Choose engine (e.g., MySQL), enable Multi-AZ, configure security group (open port
3306).
o Set master username/password.
2. Create Read Replica:
o Replicate data to another AZ/region for read scaling.
3. Backup/Restore: Use snapshots for point-in-time recovery.
• Load Data:
aws dynamodb batch-write-item --request-items file://batch-write.json
• Query Data:
aws dynamodb query \
--table-name my_orders \
--key-condition-expression "ClientID = :id" \
--expression-attribute-values '{":id":{"S":"client1@example.com"}}'
AWS Services Covered
Best Practices
• RDS:
o Enable Multi-AZ for critical workloads.
o Use read replicas to offload read traffic.
o Encrypt data at rest (KMS) and enable automated backups.
• DynamoDB:
o Use partition keys for even data distribution.
o Enable auto-scaling for unpredictable workloads.
o Use global tables for multi-region redundancy.
1. AWS CloudFormation
Core Components:
• Templates: Define resources (EC2, VPC, S3) in JSON/YAML.
• Stacks: Deployments created from templates.
• Change Sets: Preview changes before applying updates.
• Stack Sets: Manage stacks across multiple accounts/regions.
Hands-On Workflow:
1. Create a Stack:
Resources:
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-0abcdef1234567890
InstanceType: t2.micro
2. Update Stack: Use change sets to add resources (e.g., EBS volume, S3 bucket).
3. Delete Stack: Removes all associated resources automatically.
Best Practices:
• Use parameters for dynamic values (e.g., AMI IDs, CIDR blocks).
• Enable termination protection for critical stacks.
2. Elastic Beanstalk
Features:
• Managed Environments: Auto-scaling, load balancing, and health monitoring.
• Platforms: Supports Node.js, Java, .NET, Python, Docker, etc.
• Deployment Options: Web server (HTTP) or worker (background tasks via SQS).
Hands-On Example:
1. Deploy a Node.js App:
o Upload code (ZIP file) → Elastic Beanstalk provisions EC2, ASG, and ELB.
o Access via auto-generated domain (e.g., myapp.elasticbeanstalk.com).
2. Environment Management:
o Rollback versions, adjust instance types, enable HTTPS.
3. Terminate Environment: Deletes all associated resources (EC2, ASG, ELB).
Use Cases: Rapid deployment of web apps without managing infrastructure.
3. AWS Developer Tools (CI/CD)
Services:
• CodeCommit: Git-based source control.
• CodeBuild: Compile, test, and package code.
• CodePipeline: Orchestrate CI/CD stages (Source → Build → Deploy).
• CodeDeploy: Deploy code to EC2, Lambda, or Elastic Beanstalk.
CI/CD Pipeline Workflow:
1. CodeCommit: Developer pushes code to a Git repository.
2. CodeBuild: Build and test code; generate artifacts.
3. CodeDeploy: Deploy artifacts to Elastic Beanstalk/EC2.
Hands-On Setup:
1. Create a Pipeline:
o Source: CodeCommit repository.
o Build: Skip or configure CodeBuild.
o Deploy: Elastic Beanstalk environment.
2. Automate Updates: Code changes trigger pipeline → auto-deploy to production.
Service Purpose
Best Practices
• CloudFormation: Use nested stacks for modular templates.
• Elastic Beanstalk: Enable enhanced health monitoring.
• CI/CD: Integrate testing in CodeBuild to catch errors early.
Key Takeaways:
• IaC ensures consistency and reduces manual errors.
• PaaS simplifies deployment but offers less control than IaC.
• CI/CD automates the path from code commit to production.
Section 9: DNS, Caching, and Performance Optimization
Overview
This section covers DNS management with Amazon Route 53, content delivery via Amazon
CloudFront, and performance optimization using AWS Global Accelerator. Focus areas include
reducing latency, improving bandwidth, and leveraging AWS’s global network infrastructure.
Key Concepts
1. Bandwidth vs. Latency
o Bandwidth: Data transfer rate (e.g., Gbps). Dictates how much data can be sent.
o Latency: Delay in data transmission (e.g., milliseconds). Primarily affected by distance
and network hops.
o Factors influencing latency: Propagation delay, transmission delay, queuing delay,
processing delay.
2. DNS Fundamentals
o Translates domain names (e.g., example.com) to IP addresses.
o Record Types:
▪ A: Maps domain to IPv4.
▪ CNAME: Alias for another domain.
▪ MX: Mail server records.
▪ NS: Authoritative name servers.
▪ TXT: Verification/security records.
3. Content Delivery Networks (CDNs)
o Amazon CloudFront: Caches content at edge locations globally.
▪ Reduces latency by serving content closer to users.
▪ Supports static/dynamic content, live streaming, and Lambda@Edge for
request/response manipulation.
4. Global Accelerator
o Uses anycast IPs to route traffic to the nearest AWS edge location.
o Operates at Layer 4 (TCP/UDP), ideal for non-HTTP(S) applications.
o Provides static IPs and automatic failover between regions.
Diagrams
1. DNS Resolution Flow:
User → Route 53 Query → DNS Server → IP Address → Web Server
2. CloudFront Architecture:
User → Edge Location (Cached Content)
│
└→ Origin (S3/EC2) if cache miss
3. Global Accelerator Traffic Flow:
User → Edge Location → AWS Backbone → Healthy Endpoint (e.g., ALB)
Key Takeaways
1. Route 53 is a managed DNS service with advanced routing policies.
2. CloudFront accelerates content delivery and integrates with AWS security services.
3. Global Accelerator improves performance for TCP/UDP apps using AWS’s global network.
4. Always test DNS changes and monitor CloudFront cache hit ratios for optimization.
Key Concepts
1. Containers vs. Virtual Machines
o Containers: Lightweight, share the host OS kernel, faster startup, and lower overhead.
o VMs: Include a full OS, slower to start, and consume more resources.
o Docker: Tool for packaging applications into portable images (e.g., stored in Amazon
ECR or Docker Hub).
2. Microservices Architecture
o Decoupled components (e.g., user authentication, payment processing) deployed
independently.
o Benefits: Scalability, fault isolation, flexible tech stack per service, and API-driven
communication.
3. Serverless Computing
o No infrastructure management (AWS handles scaling, patching, HA).
o Pay-per-use pricing (e.g., AWS Lambda charges per execution time/memory).
4. Event-Driven Architecture
o Services trigger actions based on events (e.g., S3 upload → Lambda → DynamoDB).
o Tools: SQS (message queues), SNS (pub/sub), EventBridge (event bus).
Key Takeaways
1. Containers (ECS/Fargate) simplify deploying scalable apps without managing servers.
2. Lambda enables event-driven workflows with pay-per-use pricing.
3. SQS/SNS/EventBridge decouple components for resilient architectures.
4. API Gateway exposes backend services securely via REST APIs.
5. Always clean up unused resources (e.g., delete Fargate tasks, Lambda functions).
Key Concepts
1. Generative AI as an Educational Tool
o Use Cases: Answering questions, generating code (e.g., Lambda functions), creating
AWS project ideas.
o Best Practices:
▪ Prompt Engineering: Be specific, include context, and iterate for refinement.
▪ Validation: Always test generated code and verify accuracy (AI can "hallucinate"
incorrect answers).
o Tools: ChatGPT (code generation, CLI commands, CloudFormation templates).
2. AWS Machine Learning Services
o Amazon Rekognition: Image/video analysis (objects, faces, text).
o Amazon Transcribe: Speech-to-text conversion.
o Amazon Translate: Real-time language translation.
o Amazon Comprehend: Natural language processing (sentiment analysis).
o Amazon Lex: Build conversational chatbots.
o Amazon CodeGuru: Automated code security and performance reviews.
AWS Services & Features
1. Generative AI Integration
• Code Generation: Use ChatGPT for Lambda functions, CLI commands, or CloudFormation
templates.
# Example: Lambda function code generated by ChatGPT
import boto3
def lambda_handler(event, context):
s3 = boto3.client('s3')
# Process S3 event
return {"statusCode": 200}
• Project Design: Generate end-to-end architectures (e.g., serverless apps with S3, Lambda,
DynamoDB).
2. Amazon Rekognition Workflow
1. Trigger: Image uploaded to S3 → S3 event notification.
2. Process: Lambda invokes Rekognition to analyze the image.
3. Store Results: Lambda writes metadata (e.g., detected objects) to DynamoDB.
Key Takeaways
1. Generative AI accelerates learning and prototyping but requires validation.
2. AWS ML Services simplify adding intelligence to apps (no ML expertise needed).
3. Event-Driven ML: Combine S3, Lambda, and Rekognition for scalable image analysis.
4. CodeGuru/DevOps Guru: Enhance code quality and operational performance.