A Brief Background of AWS
A Brief Background of AWS
A Brief Background of AWS
- Amazon-Route-53
- Amazon provides its own ‘highly available and scalable’ domain
name system (DNS) web service called ‘Amazon-Route-53’, to
handle the registration of domains hosted on AWS and for directing
internet traffic to the website.
AWS Architecture – cont’d
- Static and cached content (S3, CloudFront)
- A new element for this solution is the option to store static content in
Amazon’s Simple Storage Service (S3), which is durable and scalable
object storage. Content can be served directly from S3 because each
object (e.g. a file or an image) has a unique HTTP URL.
- The AWS CloudFront service provides edge caching for websites; content
is delivered from the edge of the AWS network (rather than from the deep)
with a single VPC. When new static content is requested from the S3
store, it is moved out to the edge in order to reduce the response time to
deliver future requests
- The S3 service is part of the VPC so that it can be managed by the tenant.
However, the service itself is located in the Region outside the VPC (as
shown in the diagram), but a gateway can be configured inside the VPC
(called a VPC endpoint) which allows you to connect the VPC privately to
the AWS S3 service
AWS Architecture – cont’d
- Elastic load balancing (ELB)
- The elastic load balancing (ELB) service is responsible for
distributing requests within and across availability zones. As
for a traditional network, it is the ELB that receives the internet
traffic, which it then distributes
- ELB monitors the health of the web servers and can dispose
of underutilised servers, or create new servers as required. It
also monitors its own usage so that the service can expand to
meet demand
AWS Architecture – cont’d
- Servers (Hosted on EC2)
- All servers in the example are hosted on Elastic Compute
Cloud (EC2) instances, the equivalent of a virtual machine
(VM). An EC2 instance is created within an availability zone
and connected to the ELB service
- AWS uses its own image format, Amazon Machine Image
(AMI), and offers a wide choice of configured servers based
on the Linux and Windows operating systems. Alternatively,
the tenant can configure their own server and save that as an
AMI
- The example deployment uses an auto-scaling group to
automatically scale out as demand increases and scale down
when the demand falls
AWS Architecture – cont’d
- Database
- The database for the website is provided by Amazon’s
Relational Database Service (RDS), which consists of a
database instance running one of several popular database
engines (e.g. MySQL, PostgreSQL, MariaDB, Oracle and MS
SQL Server)
- The configuration shown offers high availability through the
use of multiple availability zones. Using this deployment
Amazon automatically provisions and maintains a standby
replica of the database instance in a different availability zone.
The data from the master database is synchronously
replicated to the secondary database
AWS Security
- Security
- AWS offers a range of security tools to define, enforce and manage access policies for the VPC.
- Identity and access management (IAM) is used to establish user accounts and set privileges to control
access to the different parts of a VPC.
- Console access to the VMs is managed with private / public keys and SSH
- By default, EC2 instances are locked down and cannot be accessed from outside the VPC.
- Software firewalls, in combination with routing tables, must be configured to enable data to flow across the
subnets and to the internet.
- A VPN option is available to connect a VPC to a corporate network
- Data encryption services are available to cover data in transit and at rest.
- Network traffic uses TLS and public / private key encryption for RDS and S3 data.
TM352
AWS Management
- Management
- AWS offers two modes of control:
- a web-based interface and
- a set of application programming interfaces (APIs) for use with RESTful web services and
program codes.
- Using these tools, a tenant can launch new, and review existing, instances, build auto-scaling plans,
manage all aspects of security, manage storage and monitor usage
TM352
AWS: Website
https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/
https://portal.aws.amazon.com/billing/signup?redir
ect_url=https%3A%2F%2Faws.amazon.com%2Fregis
tration-confirmation#/start
https://portal.aws.amazon.com/billing/signup?nc2=h_ct&src=header_signup&redirect_url=https%3A%2F%2Faws.amazon.c
om%2Fregistration-confirmation#/start