Professional Documents
Culture Documents
AWS Sysops PDF
AWS Sysops PDF
OCB Academy
Overview of Amazon Web Services
AZ #1 AZ #2 AZ #1 AZ #2
Region Region
Each Region consists of multiple availability which are connected with low latency, high throughput, and
highly redundant networking.
AWS Platform
VPC Route 53
Direct Connect
Elastic
Beanstalk
Compute
AWS Platform
S3 EFS
Storage
AWS Platform
RDS Redshift
Dynamo DB Elasticache
Database
AWS Platform
Course Roadmap
• AWS Introduction
• EC2 (Compute) – Load Balancing – Autoscale
• EBS (Block Storage)
• EFS (File based Storage)
• S3 (Object Storage)
• Storage Gateway (Hybrid Environment)
• VPC (Networking)
• Cloud Watch (Monitoring)
• ECS (EC2 Container Service)
• IAM (Identity/Access Management)
• Cloud Formation (Infrastructure as code)
EC2
Elastic Compute Cloud
EC2 Essentials
Amazon EC2 reduces the time required to obtain and boot new
Server instances to minutes, allowing you to quickly scale capacity, both up
and down, as your computing requirements changes.
EC2 Instance Configuration
• Amazon Machine Image(AMI): The operating system (and other settings).
• Instance Type: The hardware (compute power, ram, network bandwidth, etc.).
CPUs
RAM
Storage
System Status checks
• Monitor the systems in which your instances run.
• Reasons for failure:
- Loss of network connectivity
- Loss of system power
- Software issues on physical host
- Hardware issues on the physical host that impact network reachability
Instance Status checks
• Monitor the network and software configuration on an instance
• You must intervene to fix
• Reasons for failure:
- Incorrect networking or startup configuration
- Exhausted memory
- Corrupted file system
- Incompatible kernel
• Solutions:
- Make instance configuration changes
- Reboot the instance
EC2 Types
Type Category Description Use Cases
T2 Burstable Shared CPUs, lowest cost Web Servers
M5 General Purpose Balance of compute, memory, Mid-size/small Databases,
Network resources Application Servers
C5 Compute Optimized Advanced CPUs Analytics, CPU intensive Apps
D2 Dense Storage Local and large storage capacity Fileservers, Data warehousing
R4 Memory Optimized More RAM Memory cashing
I3 IO Optimized Local SSD storage, High IOPS NoSQL databases
G3 GPU Graphics GPUs with video encoders 3D applications streaming
F1 Accelerated Computing Custom HW accelerations Genomics
Security Group Essentials
• Security Group is a virtual firewall that controls the traffic
for one or more instances.
• When you launch an instance, you associate one or more security groups
with the instance.
• Security group Rule can allow traffic to or from its associated instances.
• Security rule specifies the protocol - port range - source.
Elastic Load Balancer
• ELB distributes incoming application traffic across multiple
EC2 instances, in multiple Availability Zones to increase
the fault tolerance of the applications.
• A listener checks for connection requests from clients, using the protocol
and port that you configure, and forwards requests to one or more
registered instances
a single component.
EBS Volume Types
• Cold HDD (SC1): Lowest cost Storage for infrequently accessed workloads.
EBS Snapshots
Are point-in-time copies of EBS volumes that are stored in S3
Snapshot Properties:
• Snapshots are incremental in nature, as it stores only the changes since
the most recent snapshot.
• Spot - enable you to bid whatever price you want for instance capacity,
providing for even greater savings if your applications have flexible start
and end time.
A REST API is an application program interface (API) that uses HTTP requests to
GET, PUT, POST and DELETE data.
HTTP( Hypertext Transfer Protocol):
HTTP( Hypertext Transfer Protocol):
URL (Uniform Resource Locator)
Rest Requests:
Rest Requests:
AWS Rest API:
AWS provides an API Endpoint for each Cloud Service providing a library of all
available methods.
Endpoints Example:
https://ec2.amazonaws.com/
https://s3.amazonaws.com/
AWS Rest API:
• The AWS Command Line Interface (CLI) is a unified tool to manage your AWS
services.
• With just one tool to download and configure, you can control multiple AWS
services from the command line and automate them through scripts.
File System
File System
Object Interface
Storage component
Logical Block Interface
to store and retrieve any amount of data from anywhere from the web.
S3 Buckets
• Buckets are the main storage container (name space) of S3.
• Can create sub name spaces under the bucket for organizing.
• Bucket is regional, and its name must be globally unique.
S3 Objects
• Objects consists of the following:
• Key
• Value
• Version ID
• Metadata
S3 Essentials
• Bulk (unlimited) object storage
• Various storage classes to optimize cost.
• Object versioning
• Object management via lifecycle policies
• Hosting static files & websites
• Files shares and backup/archiving for hybrid networks (via AWS Storage
Gateway)
• Objects stay within an AWS region and are synced across all AZ’s for
extremely high available and durability.
S3 Storage tiers
EFS
Elastic File System (EFS)
• EFS is a shared filesystem option for EC2.
• EFS Supports the network File System 4.0 and 4.1 (NFSV4) protocols.
Elastic File System (EFS)
Benefits:
• As EFS can be accessed by many EC2 instances at the same time, then
Application that span multiple EC2 instances can access the same data.
Elastic File System (EFS)
Benefits:
• EFS file systems can be mounted to on-premises servers via AWS Direct
connect, so it allows to migrate data for on-premises servers to EFS
and/or use it as a backup solution.
• EFS can scale to petabytes in size, and you pay only for the amount
of storage you are using.
Storage Gateway
Hybrid Environment
Storage Gateway
• AWS Storage Gateway is a hybrid storage service that enables
• Disaster Recovery
• Data Migration
- The gateway will store the data written to this volume in Amazon
S3 as point-in time snapshot and will cache frequently accessed data on-
premises in the storage device.
Storage Gateway types (Cont’d)
• Tape Gateway
- A cloud virtual tape library that writes to Glacier.
• AWS provides a DNS server for your VPC so each instance has a hostname.
• Layered security:
• Instance level Security Groups (firewall on the instance level)
• Subnet level network ACLs (firewall on the subnet level)
VPC Routing Basics
Internet Gateway:
• Internet Gateway allows communication between instances and internet.
• Can make any subnet private or public by modifying routes in its associated
route table.
VPC Peering
• VPC peering to used to extend your private network.
• To peer VPCs, they must have separate (non overlapping) CIDR block ranges.
• You can configure the peering to connect the entire VPC, or just a specific
subnets.
VPC Peering
VPC Security Basics
• ACLs operate at the network/subnet level.
• They support allow AND deny rules for traffic travelling into or out of a subnet.
• They are stateless:so return traffic must be allowed through an outbound rule.
VPC Security Basics Cont’d
• Security groups are security for the instance level.
• Example:
The image can then be deployed to any Docker environment and executable
as a container.
Docker hub
• Docker Hub is the world's largest library and community
for container images.