4101. AWS-OverviewAWS
Amazon AWS Tutorial
1. AWS Components
Some of the most popular components/services on AWS.
Name | Short Description | Usage |
---|---|---|
S3 | Object-based Storage | Object Storage(files, pictures, videos, etc) |
EC2 | Elastic Computing Service | Computing service for applications |
EBS | Elastic Block Store | Block storage for ec2 |
IAM | Identity and Access Management | Access control, user, role, group, permissions |
CloudWatch | logging serivce | For performance |
CloudTrail | logging service | For auditing |
Route53 | Domain Service | Domain, Routing Strategy(Simple, Weighted, Latency, Failover, Geolocation, etc) |
CloudFront | CDN Service | Improving access speed |
ELB | Elastic Load Balancer | Load balancing, Application, NetWork, Classic |
VPC | Virtual Private Cloud | Direct Connect, VPC Endpoint |
Aurora | Relational Database | Relational Database |
AWS RDS | Relational Database | PostgreSQL, MySQL, MariaDB, Oracle, SQL Server |
DynamoDB | No-SQL database | Key-value database |
Cassandra | No-SQL database | Wide column database |
SQS | Simple Queue Service | Message queuing service(Kafka), Standard Queue(deliver at least once); FIFO(guarantee once) |
SNS | Simple Notification Service | Notification, text, email. |
SWF | Simple Workflow Service | Media processing, web application back-ends, business process workflows, etc |
Elastic Beanstalk | Orchestration Service | For deploying applications |
Lambda | Serverless computing platform | Event-driven, manages the computing resources automatically |
2. Storage - S3
2.1 S3 Features
- S3 is Object-based
- Size of single file is from 0 byte to 5 TB.
- S3 name is unique globally.
- Using Bucket ACL or Bucket Policies to control access.
- Server Side Encryption: SSE-S3, SSE-KMS, SSE-C
- Versioning is supported, can’t disable once enabled.
- CloudFront - CDN
- Snowball for Petabyte-scale data transport.
- Storage Gateway: File Gateway, Volume Gateway, Tape Gateway
2.2 S3 Storage Class
- S3 Standard
- S3-IA
- S3 One Zone - IA
- S3 - Intelligent Tiering
- S3 Glacier
- S3 Glacier Deep Archive
2.3 Comparison
- S3 One Zone is not high available
- S3 One Zone is cheaper.
- Glacier is immutable.
2.4 S3 Summary
- S3 is Object-based.
- Files can be form 0 Bytes to 5TB.
- There is unlimited storage.
- Files are stored in Buckets.
- S3 is a universal namespace. That is, names must be unique globally.
- Example Bucket url: https://s3.console.aws.amazon.com/s3/buckets/johnnyawsguru-s3-01
- Not suitable to install an operating system on.
- Successful uploads will generate a HTTP 200 status code.
2.5 Key Fundamentals of S3
- Key(This is simply the name of the object)
- Value(This is simply the data and is made up of a sequence of bytes).
- Version ID(Important for versioning)
- Metadata(Data about data you are storing)
- Read after Write consistency for PUTS of new objects
- Eventual Consistency for overwrite PUTS and DELETES(can take some time to propagate)
2.6 Performance across the S3 Storage Classes
S3 Standard | S3 Intelligent-Tiering* | S3 Standard-IA | S3 One Zone-IA | S3 Glacier | S3 Glacier Deep Archive | |
---|---|---|---|---|---|---|
Designed for durability | 99.999999999% (11 9’s) | 99.999999999% (11 9’s) | 99.999999999% (11 9’s) | 99.999999999% (11 9’s) | 99.999999999% (11 9’s) | 99.999999999% (11 9’s) |
Designed for availability | 99.99% | 99.9% | 99.9% | 99.5% | 99.99% | 99.99% |
Availability SLA | 99.9% | 99% | 99% | 99% | 99.9% | 99.9% |
Availability Zones | ≥3 | ≥3 | ≥3 | 1 | ≥3 | ≥3 |
Minimum capacity charge per object | N/A | N/A | 128KB | 128KB | 40KB | 40KB |
Minimum storage duration charge | N/A | 30 days | 30 days | 30 days | 90 days | 180 days |
Retrieval fee | N/A | N/A | per GB retrieved | per GB retrieved | per GB retrieved | per GB retrieved |
First byte latency | milliseconds | millseconds | milliseconds | milliseconds | select minutes or hours | select hours |
Storage type | Object | Object | Object | Object | Object | Object |
Lifecycle transitions | Yes | Yes | Yes | Yes | Yes | Yes |
2.7 Identity Access Management(IAM)
- IAM is universal. It does not apply to regions at this time.
- The “root account” is simply the account created when first setup your AWS account. It has complete Admin access.
- New Users have NO permissions when first created.
- New Users are assigned Access Key ID & Secret Access Keys when first created.
- These are not the same as a password. You cannot use the Access key ID & Secret Access Key to Login in to the console. You can use this to access AWS via the APIs and Command Line, however.
- You only get to view these once. If you lose them, you have to regenerate them. So, save them in a secure location.
2.8 Others
- CloudWatch is all about performance, whereas CloudTrail is all about auditing.
- CloudTrail logs vs. VPC flow logs vs. S3 bucket logs vs. CloudWatch Logs
- SSE-S3 vs. SSE-KMS
3. Computing - EC2
3.1 EC2 Pricing Models
- On Demand
- Reserved
- Spot
- Dedicated Host
3.2 EBS
- General Purpose SSD
- Provisioned IOPS SSD
- Throughput Optimized HDD
- Cold HDD
- EBS Magnetic
3.3 EC2 Placement Groups
- Clustered Placement Group:
- Spread Placement Group
- Partitioned Placement Group
3.4 Key Concepts
- Security Group: Specify allow rules, but not deny rules.
- BootStrap Scripts.
- Instance MetaData & User Data
- EFS