Cloud Computing

Cloud Computing Models

Infrastructure as a Service (IaaS) : It provides only a base
infrastructure (Virtual machine, Software Define Network, Storage attached). End user
have to configure and manage platform and environment, deploy applications on it.

AWS (EC2), Google Cloud GCP (CE), Microsoft Azure (VM) are examples of Iaas.
Platform as a Service (PaaS): It provides a platform allowing end
user to develop, run, and manage applications without the complexity of building
and maintaining the infrastructure.

Google App Engine, Cloud Foundry, Heroku, AWS (Beanstalk) are some
examples of PaaS.
Software as a Service (SaaS) : It is sometimes called to as
“on-demand software”. Typically accessed by users using a thin client via a
web browser. In SaaS everything can be managed by vendors: applications,
runtime, data, middleware, OS, virtualization, servers, storage and
networking, End users have to use it.

GMAIL is Best example of SaaS. Google team managing everything just we

have to use the application through any of client or in browsers. Other
examples SAP, Salesforce .
Cloud Providers
 Certified Cloud Practitioner

Easy
Certified Solution Architect
Associate

SysOps Admin Associate

Developer Associate

Security Speciality
Medium

Big Data Speciality

Advanced Networking
Speciality

Machine Learning

DevOps

Solution Architect
Hard

Professional
AW S E x a m B l u e P r i n t
History Of AWS
 In 2003 Chris Pinkham & Benjamin Black present a paper on what Amazon’s own internal
infrastructure should look like. They suggested selling it as a service and prepared a business
case
 In 2004 first service Amazon Simple Queue Service (SQS) is a fully managed message
queuing service.
 In 2006 AWS officially launched (Business)
 In 2007 over 180,000 developers came on one platform to develop new services
 In 2010 all of Amazon.com services moved over to AWS
 In 2012 first Reinvent conference
 In 2013 AWS launches Certification programme globally
 In 2014 committed to achieve 100% renewable energy usage for its global footprint
 In 2015 AWS breaks out its revenue $6 billion USD per annum and growing close to 90% year
by year
 In 2016 run rate of $ 13 billion USD
 In 2017 AWS Reinvent releases a host of AI services. Run rate hits $27 billion USD
 In 2018 AWS launches Machine-Learning Speciality Certificate, with full focus on
Automation AI & ML
 In 2019 Alexa speciality Beta Certificate launched, total 10 certifications are available
 AWS high level services

IOT Game Development

Customer Engagement Desktop App Streaming

AR & VR Application Integration AWS Cost Management

Security & Identity &

Analytics Complains
Mobile
Management & Machine Learning
Governance
Media Services

Robotics Block Chain Satellite

Network & Content
Migration & Transfer Delivery
Developer Tools

Compute Storage Database

AWS Global Infrastructure

AWS Global Infrastructure

 A v a i l a b i l i t y Z o n e : An Availability is one or more discrete data centres, each

with redundant power, Networking and Connectivity, housed in a separate facilities.

 R e g i o n : A region is a physical location in the world which consists of two or more

Availability zones.

 E d g e L o c a t i o n s : Edge locations are endpoints for AWS which are used for
caching content. Typically this consists of Cloud-Front, Amazon’s CDN.
There are many more Edge Locations than Regions, Currently there are over 150 Edge
Edge locations.
AWS Availability Zones
AWS Regions

AZ-1 AZ-2

AZ-3
Region
Edge Locations
AWS Foundation Services
Compute Services:
 AWS EC2
 Elastic Compute Cloud enables On-demand, Scalable
computing capacity in the AWS cloud, (Creating raw
Servers, Ram, Processers. Volumes etc.) multiple EC2
Instances we can launch.
 After Installation of instance to connect remotely LINUX
(SSH) and for WINDOWS (RDP)
 Can increase the configuration of instances
 AWS Beanstalk:
 AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web
applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and
Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.
 You can simply upload your code and Elastic Beanstalk automatically handles the
deployment, from capacity provisioning, load balancing, auto-scaling to application health
monitoring.
 There is no additional charge for Elastic Beanstalk - you pay only for the AWS resources
needed to store and run your applications.
 AWS Lambda

 With Lambda, you can run code for virtually any type of application or backend
service - all with zero administration.
 Just upload your code and Lambda takes care of everything required to run and
scale your code with high availability.
 You can set up your code to automatically trigger from other AWS services or call it
directly from any web or mobile app.
 It is a Compute service that lets you run code without provisioning (or) managing
servers. You pay only for the compute time you consume - there is no charge when
your code is not running.
 AWS Auto-Scaling

 AWS Auto Scaling monitors your applications and automatically adjusts capacity
to maintain steady, predictable performance at the lowest possible cost.
 When the instance cpu goes up to 80% usage then launches other Instances and
load-balance routed the traffic to new Instances
 Same when the Instance usage goes down to 40% usage then decrease the size
of servers
 AWS ECR & ECS

 Amazon Elastic Container Registry (ECR) is a fully-managed Docker container

registry that makes it easy for developers to store, manage, and deploy Docker
container images.
 Amazon ECR is integrated with Amazon Elastic Container Service (ECS),
simplifying your development to production workflow.
Storage Services:
AWS S3 (Simple Storage Service)

 Amazon S3 is an object storage service that offers industry-

leading scalability, data availability, security, and performance.
 Amazon S3 is designed for 99.999999999% (11 9's) of
durability, and stores data for millions of applications for
companies all around the world.
AWS EBS (Elastic Block Storage)

 Amazon EBS provides persistent block storage volumes for use with
Amazon EC2 instances in the AWS Cloud.
 Each Amazon EBS volume is automatically replicated within its
Availability Zone to protect you from component failure, offering high
availability and durability.
AWS Efs (Elastic File System)

 Amazon EFS provides a simple, scalable, elastic file system for Linux-based
workloads for use with AWS Cloud services and on-premises resources.
 It is built to scale on demand to petabytes without disrupting applications,
growing and shrinking automatically as you add and remove files, so your
applications have the storage they need – when they need it.
 AWS S3 Glacier

 Amazon S3 Glacier is a secure, durable, and extremely low-cost storage

service for data archiving and long-term backup.
 It is designed to deliver 99.999999999% durability, and provides comprehensive
security and compliance capabilities that can help meet even the most stringent
regulatory requirements.
 You can store data for as little as $0.004 per gigabyte per month, a significant
savings compared to on-premises solutions.
AWS Data Base Services Data-Base

Structure Data Format Un-Structure Data Format

Amazon Relational Database Service (RDS)

 Amazon RDS makes it easy to set up, operate, and scale a relational database in the cloud.

 Amazon RDS is available on several database instance types - optimized for memory,
performance or I/O - and provides you with six familiar database engines to choose from,
including Amazon Aurora, PostgreSQL, MySQL, Maria DB, Oracle Database, and SQL
Server
Amazon Dynamo DB
 Amazon Dynamo DB is a key-value and document database that delivers single-digit
millisecond performance at any scale. It's a fully managed, multiregional, multitasker
database with built-in security, backup and restore, and in-memory caching for internet-scale
applications.

 Many of the world's fastest growing businesses such as Lyft, Airbnb, and Red fin as well as
enterprises such as Samsung, Toyota, and Capital One depend on the scale and
performance of Dynamo DB to support their mission-critical workloads.
Amazon Neptune

 Amazon Neptune is a fast, reliable, fully-managed graph database service that makes it
easy to build and run applications that work with highly connected datasets.
 Amazon Neptune supports popular graph models Property Graph and W3C's RDF, and
their respective query languages Apache Tinker Pop Gremlin and SPARQL, allowing you
to easily build queries that efficiently navigate highly connected datasets.
Amazon QLDB (Quantum Ledger Database)
 Amazon QLDB is a fully managed ledger database that provides a transparent, immutable,
and cryptographically verifiable transaction log owned by a central trusted authority.
 Amazon QLDB tracks each and every application data change and maintains a complete
and verifiable history of changes over time.
 Identity Access Management IAM

 IAM allows you to manage users and their level of access to the AWS console.
 IAM offers the following features :
 Centralised control of your AWS Account
 Shared access to your AWS account
 Granular permissions = filter permissions, Authorized access to a specific user
 Identity Federation (including ADDS, Facebook, LinkedIn etc.)
 Multifactor Authentication = Login to AWS console using Username, Password, & Special Pin.
 Provide temporary access for users/devices and services using Mobile, giving temporary access
 Allows to set up own password rotational policy
 Integrate with many different AWS services
 Supports PCI DSS ( Payment Card Industry Data Security Standards) compliance frame work
Four Key Terminology for IAM

 Users : End users such as people, employees of an Organization etc.

 Groups : A collection of users. End users in the group will inherit the permissions of the group.
 Policies : Policies are made up of documents called policy documents. These documents are in
a format called JSON (Java Script Object Notation). And they give permissions as to what a
user/Group/Role is able to do.
 Roles : we create roles and assign them to AWS resources.

LAB: Creating Billing Alarm using Cloud watch

S3 (Simple Storage Service)

 S3 Provides developers and IT teams with secure, durable, highly-scalable

object storage.
 Amazon S3 is easy to use with a simple web service interface to store and
retrieve any amount of data from any where on the web
 S3 is a safe place to store our files
 The data is spared across multiple devices and facilities.
Basics of S3 :
 S3 is Object –based storage, allows to upload files
 Files can be from 0 bytes to 5 T.B
 There is unlimited storage
 Files are stored in buckets
 S3 is a universal namespace, that’s why name should be unique
ex: https://s3-eu-west-1.amazonaws.com/test
S3 Objects: Objects consists of
 Key (name of the Object)
 Value (the data and is made up of a sequence of bytes)
 Version ID (Important for versioning )
 Metadata (data about data our storage)
 Sub resources ( Access Control List, Torrent)

Bucket Creation Lab

Data Consistency in S3:
 Read after write consistency for puts of new objects
 Eventual Consistency for overwrite puts and deletes ( when we update the object, overwrite,
delete its called Eventual consistency)

S3 has the following features:

 Tiered Storage Available
 Life Cycle Management
 Versioning
 Encryption
 MFA Delete
 Secure Data using Access-Control List and Bucket policies
 S3 Storage classes

 S3 Standard : 99.99% availability, 99.99999999999 % durability, Stored redundantly across, multiple

devices in multiple facilities and is designed to sustain the loss of 2 facilities concurrently.
 S3 IA (Infrequently Accessed) : for data that is accessed less frequently, but requires rapid access
when needed. Lower fees than S3, but charged on retrieval bases
 S3 One Zone IA : for where you want lower cost option for infrequently access data, but not require
the multiple AZ data resilience.
 S3 Intelligent Tiring : Designed to Optimize costs by automatically moving data to the most cost
effective access tier, without performance impact or operational overhead
 S3 Glacier : S3 Glacier is secure, durable, and low cost storage class for data archiving. Retrieval
time configurable from minutes to hours. (no more know)
 S3 Glacier Deep Archive : S3 Glacier Deep Archive is Amazon’s lowest-cost storage class where a
retrieval time of 12 hours is acceptable.
S3 Comparison chart:
 You will be charged for S3 in the following ways
 Storage
 Request
 Storage Management pricing
 Data Transfer pricing
 Transfer Acceleration
 Cross Region Replication Pricing

S3 Transfer Acceleration Path:

 Amazon S3 Transfer Acceleration enables fast, easy and secure transfer of files
over a long distance between your end user and an S3 bucket.
 Transfer Acceleration takes advantages of Amazon cloud Fronts globally distributed
Edge locations.
 As the data arrives at an Edge locations, data is routed to Amazon S3 over an
optimized network path
S3 Security & Encryption :
 By default all newly created buckets are private.
 We can setup access control to buckets using Bucket policies (for Bucket) and Access control list
(for Objects)
 S3 buckets can be configured to create access logs which log all requests made to the S3 bucket.
 This can be sent to another bucket and even another bucket in another account.
Encryption keys in S3 :
 SSL/TCL (Secure Socket Layer & Transport layer security) : In server side AWS will
do the encryption and in client side client will encrypt the objects.
 SSE-S3 (Server side Encryption) : AWS server managed encryption
 SSE-KMS (Server side encryption & Key Management service) : user and Aws
managed Encryption.
 SSE-C (Server side encryption with customer provided keys)
Versioning with S3
 Stores all versions of Objects (including all writes and even deleted objects)
 Great backup tool
 Once versioning enabled cannot be disabled, only suspend. (to remove bucket has to delete).
 Integration with life cycle rules
 Versioning MFA delete capability which can be used to provide an additional layer of security
(prevent accidental deletion) Versioning Lab
Life Cycle Management wit S3:
 Automates moving your objects between the different storage tiers
 Can be used in conjunction with versioning
 Can be applied to current version and previous versions.
 Life cycle Lab
Cross Region Replication in S3
 S3 bucket can be replicate from one region to another by enabling
 Files in existing bucket will not be replicate automatically
 Versioning must be enabled
 Regions must be unique
 AWS disabled accidental deletion of cross region objects ( Cross Region Replication Lab)
S3 Transfer Acceleration
 S3 Transfer Acceleration utilises the cloud front Edge network at accelerate your uploads to S3.
 Instead of uploading directly to your S3 bucket you can use distinct URL to upload directly to an
Edge location which will than transfer that files to S3
 You will get distinct URL to upload to Abdul.S3-accelerate.amazonaws.com.
 Amazon has built a tool that allows to test it. URL: http://S3transferaccelerationtool
 S3 transfer acceleration.
 Cloud Front (CDN) CDN (content delivery network) is a system of distributed servers that
deliver web-pages and other web-content to a user based on the
geographic locations of the user the Origin of the web-page and content
delivery server.
Cloud Front Key terminology:
 Edge Locations : this is the location where content will be cached. This is separate to an AWS Region/AZ.
 Origin : this is the origin of all the files that the CDN will distribute. This can be S3 bucket, EC2 instance,
ELB or route 53.
 Distribution : this is the name given the CDN which consists of a collection of Edge locations
 Edge locations are not just read only we can write.
 Objects are cached for the life of the TTL.
 We can clear cached objects but it will be charged.
 Cloud Front is not free tier
 Snowball
 Snow ball is a petabyte, scale data transport solution that uses secure appliances to transfer large
amount of data into and out of AWS.
 Snow ball comes in two types 1) 50 TB 2) 80 TB size.
 Snow ball uses multiple layers of security designed to protect data, including tamper-resistant,
enclosures, 256 bit encryption, An industry level standard Trusted Platform Module (TPM)
 EC2 (Elastic Compute Cloud)
Amazon EC2 is a web service that provides resizable compute capacity
in the cloud.
EC2 Pricing Models:
(1) On-Demand : Allows you to pay a fixed rate by the hour (or by the second) With no commitment.
Users that want the low cost and flexibility of amazon EC2 without any up-front payment or long-term
commitment.
(2). Reserved: Provides you with a capacity reservation and offer a significant discount on the hourly
charges for an instance. Contract terms are 1 year or 3 years term.
(3). Spot-Instances: Enables you to bid whatever price you want for instance capacity, providing for
even greater savings if your applications have flexible start and end times.
(4). Dedicated hosts: Physical EC2 server dedicated for your use. Dedicated host can help you reduce
cost by allowing you to use your existing server-bound software licenses.
Reserved Pricing Types:
(1) Standard Reserved Instances: these offers up to 75% off on demand instances. The more you pay
up-front and longer the contract, the greater the discount.
(2) Convertible Reserved Instances: These offers up to 54% off on demand capability to change the
attributes of the RI as long as the exchange results in the creation of reserved instances of equal
or greater value.
(3) Scheduled Reserved Instance: These are available to launch with in the time windows you
reserve. This option allows you to match your capacity reservation to predictable recurring
scheduled that only requires a fraction of a day, a week, or a month.
(4) Note: If the spot instance is terminated by Amazon EC2, you will not be charged for a partial hour
of usage. However if you terminate the instance your self you will be charged for any hour in which
the instance run.
EC2-Instance-lab
EBS (Elastic Block Store)

 Its Virtual H.D

 EBS provides persistence block storage volumes for use with Amazon EC2 instances in the AWS
cloud
 Each Amazon EBS Volume is automatically replicated within its Availability Zone to protect you from
component failure offering high availability and durability.
 5 types of EBS Storage: (1). General Purpose (SSD) (2).Provisioned IOPS (SSD)
(3) Throughput Optimised Hard Disk Drive (4) Cold Hard Disk Drive (5) Magnetic
• Average read seek time: 3.4 ms
• Average write seek time: 3.9 ms
• Average latency: 2.0 ms
• Seek time = (Average read seek time + Average write seek time) / 2
= (3.4 + 3.9) / 2 = 3.65 ms
• IOPS Estimated = 1 / ((seek time / 1000) + (latency / 1000))
= 1 / ((3.65/1000) + (2.0 / 1000)
= 176.9911 ~ 175 IOPS
 Volumes Exits on EBS, EBS as a virtual Hard disk
 Snap shots exit on S3. Snap shots as a photograph of the disk
 Snap shots are point in time copies of volume
 Snap shots are incremental : It means that only the blocks that have changed since your last snap shot
are moved to S3.
 If this is your first snapshot, it may take some time to create
 To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the
instance before taking the snapshots.
 However you can take a snap while the instance is running
 You can create AMI’s form both volumes and snapshots.
 You can change EBS volume sizes on the fly including changing the size and storage type
 Volumes will always be in the same AZ as the EC2 instance
 To move an EC2 volume from one AZ to another take a snapshot of it create an AMI from the snapshot
and then use the AMI to launch the EC2 instance in new AZ.
 To move an EC2 volume from one region to another take a snapshot of it create an AMI from snapshot
and then copy the AMI from one region to the other. Then use the capital AMI to launch the new EC2
instance in the new region.
AMI Types (EBS vs Instance Store):
• We can select AMI based on (1). Region (2). O.S (3) Architecture (32 bit or 64 bit)
• (4) Launch Permissions (5) Storage for the Root Device (Root Device Volume)
• (a) Instance store (EPHEMERAL storage) (b) EBS Backed Volumes.
• All AMI’s are cauterized as either backed by Amazon EBS or backed by Instance Store.
• For EBS volumes: the root device for an instance launched from the AMI is an Amazon EBS volume
created from an Amazon EBS snapshot.
• For instance store Volume : the root device for an instance launched from the AMI is an instance store
volume created from a template stored in Amazon S3.
• Instance store volumes are some times called Ephemeral storage
• Instance store volumes cannot be stopped. If underlying host fails you will lose your data
• EBS backed instances can be stopped, you will not loss the data on this instance if it is stopped
• You can reboot both you will not lose your data
• By default both Root volumes will be deleted on termination. However with EBS Volumes you can tell
AWS to keep the root device volume. EBS Labs
 Cloud Watch :
• Amazon Cloud watch is a monitoring service to monitor your AWS recourses, as well as the applications that
you run on AWS.
• Cloud Watch can monitor this like :
• Compute Storage & Content Delivery
Cloud Watch at EC2 (host level)
EC2 Instance EBS Volumes
CPU
Auto Scaling group Storage Gateway
Network
Elastic Load Balancers Cloud Front
Disk
Route 53 health checks
Status Check (virtualization)
What is AWS cloud trail ?
 Aws Cloud trail increase visibility into your user and resource activity by recording AWS management
 Cloud watch is used for monitoring performance
 Cloud watch can monitor most of AWS as well as your applications that run on AWS
 Cloud watch with EC2 will monitor events every 5 minutes by default
 You can have 1 minute intervals by turning on detailed monitoring
 You can create cloud watch alarms which trigger notifications
 Cloud watch is all about performance
 And cloud trail is all about auditing

LABS:
Cloud watch Lab: Setting up alert of CPU usage of instance
AWS CLI Lab
Applying IAM Role to EC2 Instance
Using Bootstrap Scripts Lab:
EC2 Instance Metadata
 EFS (Elastic File System)
 Amazon EFS provides a simple, scalable, elastic file system for Linux-based workloads for use with
AWS Cloud services and on-premises resources.
 It is built to scale on demand to petabytes without disrupting applications, growing and shrinking
automatically as you add and remove files, so your applications have the storage they need – when
they need it.
 Supports the Network File System version 4(NFSv4) protocol
 You only pay for the storage you use (no pre-provisioning required)
 Can scale up to the petabytes
 Can support thousands of concurrent NFS connections
 Data is stored across multiple AZ’s with in a region
 Read after write consistency
EFS Lab
 EC2 Placement Groups
A way of placing instances in a group. There are 3 types of instance placement groups.
1) Clustered Placement Group: A cluster placement group is grouping of instances with in a single AZ. Placement
groups are recommended for applications that need low network latency, high network throughput or both. Only certain
instances can be launched in to a clustered placement group.
2) A Spared Placement Group: It is group of instances that are each placed on distinct underlying hardware. Spared
placement group are recommended for applications that have a small number of critical instances that should be kept
separate from each other.
3) Partitioned Placement Group: When using partition placement groups AWS EC2 divides each group into logical
segments called partition. Amazon EC2 ensures that each partition within a placement group has its own set of racks.
Each rack has its own network and power source. No two partitions with in a placement group share the same racks,
allowing you to isolate the import of hardware failure within your applications
Amazon Relational Database Service (RDS)
 Amazon RDS makes it easy to set up, operate, and scale a relational database in the cloud.
 Amazon RDS is available on several database instance types - optimized for memory,
performance or I/O - and provides you with six familiar database engines to choose from,
including Amazon Aurora, PostgreSQL, MySQL, Maria DB, Oracle Database, and SQL
Server
Example: OLTP (online Transaction processing)
Order number 2120121, then pulls up a row of data such as
Name
Date
Address to Deliver to
Delivery status etc.
RDS has 2 key features: (1) Multi Availability Zones = For disaster recovery (2) Read Replicas = for performance

Myexampledb.Abdul.us-west-2.rds.amazonaws.com

Primary Database Secondary Database

Availability Zone - 1 Availability Zone - 2
Read Replica: Myexampledb.Abdul.us-west-2.rds.amazonaws.com

Myexampledb2.Abdul.us-west-
2.rds.amazonaws.com

Primary Database Read Replica

Availability Zone - 1 Availability Zone - 2
Amazon Dynamo DB
 Amazon Dynamo DB is a key-value and document database that delivers single-digit
millisecond performance at any scale. It's a fully managed, multiregional, multitasker
database with built-in security, backup and restore, and in-memory caching for internet-scale
applications.

 Many of the world's fastest growing businesses such as Lyft, Airbnb, and Red fin as well as
enterprises such as Samsung, Toyota, and Capital One depend on the scale and
performance of Dynamo DB to support their mission-critical workloads.

Collection = Table
Documents = Row

Key value pair = fields (columns)

What is Data Ware Housing
 Used for Business intelligence, tools like IBM Cognos, Jaspersoft, SQL Server Reporting Service, Oracle
Hyperion, SAP Netware.
 Used to pull in very large and complex data sets. Usually used by management to do queries on data (such
as current performance vs targets)
 OLAP (Online Analytics Processing) for example, Net profit for Europe Middle East Asia and pacific for Digital
Radio product. Pulls in large numbers of records, Sum of Radio sold in EMEA, Sum of Radios sold in pacific,
Unit cost of Radio in each region, Sales price of each Radio etc.
 Data ware housing database use different types of architecture both from a database perspective and
infrastructure layer.
 Amazon’s Data ware house solution is called Red Shift
What is Elastic Cache
Multi-Availability Zone
Multi-AZ is Available for the following database
SQL Server, Oracle, My SQL Server, Postgree SQL, Maria DB
Read-Replica