# Developing on AWS --- ### ########################### ### Developing on AWS [Class Notes] ### ########################### --- **Important Links** :::success [AWS Builder Labs](https://classrooms.aws.training/) [Ebooks / Student Guide](http://online.vitalsource.com) [Training&Feedback](https://aws.training) [Online Course Supplement](https://explore.skillbuilder.aws/learn/course/8319/play/38904/online-course-supplement-architecting-on-aws) [AWS SkillBuilder](https://explore.skillbuilder.aws/learn/signin) [AWS Ramp Up Guides](https://aws.amazon.com/training/ramp-up-guides/) ::: --- ### Keywords --- :::info - Containers - Serverless - Monolithic vs Microservices Architecture - Infrastructure Management - Synchronous vs Asynchronous Communication - Least Required Access - RBAC (Role-Based Access Control) - APIs - DAS / SAN / NAS - Ansible vs Terraform → often used together - Amazon API Gateway - Service Accounts - Dual Stack (IPv4 + IPv6) - Stateful vs Stateless Applications - DevOps Nomenclature: - **Amazon** → DevOps Engineers - **Google** → SREs (Site Reliability Engineers) - **Facebook** → Platform Engineers - 2-Pizza Team Concept 🍕 ::: --- ## AWS General Concepts --- #### ☁️ Cloud Types | Cloud Type | Description | |-------------|-------------| | **Private Cloud** | Managed internally within an organization. | | **Public Cloud** | AWS, Azure, GCP, Snowflake, OCI, IBM, Rackspace. | | **Hybrid Cloud** | Combination of public cloud and on-premises infrastructure. | | **Multi-Cloud** | Multiple public clouds used together (e.g., AWS + Azure). | --- #### 🧱 Software Stack --- | Category | Components | |-----------|-------------| | **Compute** | EC2, Lambda, Fargate | | **Storage** | S3, EBS, EFS | | **Networking** | VPC, Route 53, ELB | | **Database** | RDS, DynamoDB, Redshift | --- #### 🌐 AWS Global Infrastructure --- | Component | Description | |------------|--------------| | **Region** | A geographic area containing multiple **Availability Zones (AZs)** for high availability and fault tolerance. | | **Availability Zone (AZ)** | One or more isolated data centers within a Region, interconnected with low-latency links. | | **Edge Location** | Part of the **AWS CloudFront CDN**, used for content caching and accelerating web delivery closer to users. | | **AWS Outposts** | Extends AWS infrastructure and services to **on-premises** environments for a consistent hybrid experience. | | **AWS Local Zones** | Brings compute, storage, and database services **closer to end users** for ultra-low latency applications. | | **AWS Backbone Network** | AWS’s **high-speed, low-latency private fiber network** connecting all global data centers and regions. | --- 🧠 **Tip for Developers:** *Use the [AWS Global Infrastructure Map](https://aws.amazon.com/about-aws/global-infrastructure/) to explore active regions, upcoming regions, and edge locations.* --- #### ⚖️ Quick Comparison Table --- | Infrastructure Type | Typical Use Case | Managed By | Latency Range | Example Scenario | |----------------------|------------------|-------------|----------------|------------------| | **Region** | Deploying applications with multi-AZ redundancy and disaster recovery. | AWS | 20–100 ms (global) | Deploy app across `us-east-1` and `us-west-2` for DR. | | **Availability Zone (AZ)** | High availability within a region; fault isolation. | AWS | 1–2 ms (intra-region) | Distribute EC2 instances across multiple AZs. | | **Local Zone** | Running compute closer to metropolitan end users. | AWS | <10 ms | Gaming, video rendering, financial trading. | | **Outposts** | Hybrid workloads that require AWS on-prem. | Customer + AWS | <5 ms (local) | Running latency-critical workloads in own data center. | | **Edge Location** | Content delivery via CloudFront CDN. | AWS | <1–5 ms | Accelerating static content delivery for global users. | --- #### 🧠 **Tip for Architects & Developers:** --- - Choose **Regions** for global redundancy. - Use multiple **AZs** within a region for high availability. - Add **Local Zones** for sub-10 ms latency near users. - Deploy **Outposts** when workloads must stay on-prem but use AWS APIs. - Distribute static assets through **Edge Locations** using CloudFront. 🔗 **Reference:** [AWS Global Infrastructure Map](https://aws.amazon.com/about-aws/global-infrastructure/) --- #### 🧭 Accessing AWS --- | Method | Interface | Authentication | |---------|------------|----------------| | **Console** | GUI | Username + Password | | **CLI** | Command Line | Access Key + Secret Key | | **SDK** | Programmatic Access | Access Key + Secret Key | | **API** | RESTful Calls | Access Key + Secret Key | --- #### 🧩 Managed vs Unmanaged Services --- | Category | Examples | |-----------|-----------| | **Managed** | S3, DynamoDB | | **Unmanaged** | EC2, EBS | --- #### AWS service scope --- | Category | Examples | |-----------|-----------| | **Global** | Route53, IAM | | **Regional** | VPC, DynamoDB, | | **AZ specific** | EBS, EC2 | --- #### ⚙️ Service Quotas and Limits --- :::success - **Hard Limits** - S3: Max object size 5 TB - Lambda: Max execution time 15 minutes - Lambda: Max memory 10 GB - **Soft Limits** - Lambda: 1000 concurrent executions - S3: 100 buckets per account (default) - VPC: 5 VPCs per region (default) ::: ➡️ Check **Service Quotas** in AWS Console to view and request limit increases. --- ## 👥 Access Management on AWS --- **3 A's of Security** :::info - A - Authentication (2FA/MFA) - What you know --> Credentials - What you have --> OTP, Soft/hard tokens - What you are --> Biometrics - A - Authorization - A - Accountability or Accounting ::: **Identity and Access Management** :::info - IAM - Users - Groups - Policies - Roles - Temporary elevated priviliges - Federated access - Services/applications trying to access a AWS resource ::: --- ## 🔐 Identity and Access Management (IAM) IAM enables secure access control across AWS resources. ### Core Components - **Users** → Individual accounts for people - **Groups** → Logical collections of users - **Policies** → JSON-based documents defining permissions - **Roles** → Temporary access for services or federated users ### Policy Types - **Identity-Based Policies** - **Resource-Based Policies** - **AWS Managed Policies** - **Customer Managed Policies** ### 3 A’s of Security | Principle | Description | |------------|-------------| | **Authentication** [MFA / 2FA] | credentials | | tokens | | biometrics | | **Authorization** | Access based on IAM policies | | **Accounting** | Auditing via AWS CloudTrail | **IAM Policy Example** ```json { "Effect": "Allow", "Action": ["dynamodb:GetItem"], "Resource": "arn:aws:dynamodb:region:account-id:table/MyTable" } ``` ### Compute on AWS --- #### Compute Types :::warning - Virtual Machines - EC2 - Containers - ECS - EKS - Serverless - Lambda ::: --- #### EC2 Nomenclature :::warning m5.xlarge m --> Family 5 --> Generation xlarge --> Size (vCPU / Memory / Network Bandwidth) ::: --- --- ### AWS Storage Portfolio :::success - Object Storage - S3 | Internet accessible Object storage (Pay for what you use) - Storage classes - 99.999999999% durability (replication in >= AZs) - Versioning - Unlimited storage (only limit of 5TB for individual file size) - Cross-region replication - Access control on S3 - Bucket Policies - IAM policies - Bucket ACL (Legacy way) - Block Storage | Attach the volumes - Elastic Block Store (EBS) | Persistent block Storage | SAN (Pay for what you provision) - SSD Based - Provisioned IOPS SSD (io2 Block Express, io2 and io1) - General Purpose SSD (gp2 and gp3) - HDD Based - Throughput Optimized HDD (st1) - Cold HDD (sc1) - Instance Store | Ephemeral Storage | DAS (Complimentary) - File/Network Storage | Mount the file systems (Pay for what you use) - EFS | NFS 4.0 and 4.1 | Linux workloads - FSx | NTFS, CIFS, SMB | Windows workloads ::: --- ### Databases on AWS --- #### Relational :::info - RDS DB Engines - MySQL - MS SQL - Oracle - PosgreSQL - Maria DB - Amazon Aurora - RDS Features - Multi-AZ (Synchronous Replication) --> High Availablity - Read replicas (Asynchronous Replication) --> Performance Benefit - Automated backups (Upto 35 Days retention) - Database Sharding (For Performance benefits) ::: #### Non Relational :::info - DynamoDB - Fully Managed non-relational DB service - Global Tables - Eventually and Strongly consistency models - Extreme horizontal scaling capacity - DocumentDB [MongoDB_compatible] - Keyspaces [Managed_Apache_Cassandra] ::: #### Other Purpose-Built Databases :::info - Elasticache [Database_Caching] - Redis - Memcached - Neptune [Graph_Database] - Amazon QLDB [Ledger/Blockchain] - Amazon Timestream [Time_Series] - Redshift [OLAP] [Data_Warehousing] ::: #### DB Migration :::info MySQL (on Prem) ----> AWS DMS ----> AWS RDS MySQL MySQL (on Prem) ----> AWS DMS + AWS SCT ----> AWS RDS Aurora ::: --- ### Monitoring on AWS --- :::warning - CloudWatch - Basic Monitoring (Default with 5 minutes granularity) - Detailed Monitoring (Additional Charges, 1 minute granularity) - CloudTrail - VPC Flow logs - VPC - Subnet - ENI (EC2) ::: --- ### Automation on AWS --- :::warning - Infrastructure-as-Code (Provisioning) - Cloudformation - Terraform - CDK - HEAT template - Configuration Management (Maintenance of the State) - AWS Systems Manager - Chef - Puppet - Ansible - AWS OpsWorks ::: --- ### Containerization --- #### Docker Architecture :::warning - Docker Host - Docker Daemon - Docker Images (~~ AMIs) - Docker Containers (~~ EC2 Instances) - Docker Registry - Public --> https://hub.docker.com/ - Private --> ECR ::: #### Container Runtime (VM) :::warning - Docker - rkt - runc - containerd - podman ::: #### Container Orchestration Engines (CoE) :::warning **On-Prem** - Kubernetes - Docker Swarm - Apache Mesos - RedHat Open Shift **CloudBased** - ECS - EKS - AKS - GKE ::: #### Container Services on AWS :::warning - ECS (Amazon's Proprietory Software) - EC2 mode - Fargate mode - EKS (AWS managed Kubernetes service) - EC2 Mode - Fargate Mode - ECR (Elastic Container Registry) ::: --- ### Decoupling on AWS --- :::success - SQS **Queue Types** - Standard queues - At-least once delivery - Unlimited TPS - Order not guaranteed - FIFO queues - Exactly Once delivery - Order maintained - upto 300 messages per second (can be increased with Batching) **Features** - Dead letter queue support - Visibility Timeout - Long polling - Polling Mechanism - Producer/Consumer model - SNS - Publisher/subscriber model - Supported subscribers - Email - http/https - SMS - SQS queus - Lambda functions - One to Many - Push mechanism - Amazon MQ - based on Apache ActiveMQ and RabbitMQ - Active/Standby model for High Availability - Supports industry standard protocols such as JMS, NMS, AMQP etc. ::: --- ### Serverless Architecture on AWS --- :::info - AWS Lambda - Amazon API Gateway - AWS Step Functions ::: --- ### Edge Services (Caching) on AWS --- :::success - AWS Route 53 --> DNS on AWS - Amazon CloudFront --> CDN service on AWS - DDoS Protection - WAF - Shield - Standard - Free - enabled by default - Adavnced - USD 3000/Month - 24x7 Access to SRT (Shield Response Team) - Needs to be subscribed ::: --- ### Additional Services --- :::info - Macie --> Discover and protect your sensitive data using ML - Guardduty --> Automated Intelligent Threat detection using ML - Inspector --> Automated Vulnarability detection and Management - Kinesis --> Collect, process, and analyze video and data streams in real time ::: --- ### References --- - https://aws.amazon.com/architecture/well-architected/ - https://www.finops.org/introduction/what-is-finops/ - https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_examples.html - https://aws.amazon.com/s3/transfer-acceleration/ - https://aws.amazon.com/quickstart/ - https://wellarchitectedlabs.com/ - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html - https://aws.amazon.com/ec2/instance-types/ - https://instances.vantage.sh/ - https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf - https://docs.aws.amazon.com/vpc/latest/tgw/TGW_Scenarios.html - https://d1.awsstatic.com/whitepapers/Security/DDoS_White_Paper.pdf - https://aws.amazon.com/fis/ - https://www.12factor.net/ - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/mappings-section-structure.html - https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf - https://docs.aws.amazon.com/whitepapers/latest/how-aws-pricing-works/key-principles.html - https://aws.amazon.com/certification/certification-prep/ **Docker Beginner** - https://docs.docker.com/get-started/overview/ - https://docker-curriculum.com - https://www.docker.com/play-with-docker **Docker Intermediate** - https://ecsworkshop.com/ - https://eksworkshop.com/ :::danger :warning: *Disclaimer: The content provided here is for informational purposes only and is based purely on my own understanding, knowledge and experience. This is **not** an official AWS documentation.* :::