Skip to main content

AWS ESSENTIALS BASICS (theoretical) Part - 1

 What is AWS?


AWS, or Amazon Web Services, provides cloud computing services, which means you can access IT resources like compute, storage, and networking over the internet without having to manage your own hardware or data centers. It's a pay-as-you-go model, meaning you only pay for what you use.

Imagine if you need to test a new feature in a QA environment with the same setup as production. On-premises, you'd need to buy hardware, install it, connect cables, and set up systems, which takes time. In the cloud with AWS, you can replicate the environment in minutes, saving time and resources. AWS allows you to focus on what sets your business apart, while they handle repetitive tasks like managing servers and storing backups.

AWS makes everything faster, more cost-efficient, and scalable, allowing you to stop guessing capacity and deploy applications globally with a few clicks, ensuring your business is always ready to grow.

Global Infrastructure of AWS:

In AWS, the infrastructure is organized into Regions, which are large geographical areas. Within each Region, there are multiple Availability Zones (AZs), and under each AZ, there are Data Centers. When a user selects a Region, their data is automatically replicated across multiple Data Centers and AZs.

This design ensures that data remains available even in case of hardware failure or other issues. The data centers are connected with low-latency links, allowing for smooth data transfer and quick recovery in case of failure, minimizing data loss and ensuring high availability for applications. It’s also important to understand that some AWS services operate at the Global, Region, or AZ level, meaning some services are available across multiple AZs, while others may require you to specify an individual AZ for deployment.

When designing your infrastructure on AWS, there are four key factors to consider:

  1. Compliance: Your data might be subject to regulations that require it to stay within a specific Region. For example, government data might need to remain in government-approved regions to meet compliance needs.

  2. Latency: Choose a Region close to your users to reduce latency. For instance, if your users are in India, selecting a Region in North Virginia wouldn’t provide the best performance.

  3. Pricing: Different Regions have different pricing structures due to local tax regulations and resource availability. If cost is a priority, select the most cost-effective Region.

  4. Service Availability: Not all AWS services are available in every Region. Some services might be limited to specific Regions, so check whether your required services are offered in your chosen Region. In addition to checking for service availability, you should also design for resiliency by ensuring that workloads are replicated across multiple AZs to prevent downtime in case one AZ fails.

In addition to the four core factors for AWS infrastructure design, there's also the Global Edge Network. This network consists of Edge locations and regional Edge caches, which cache content closer to users, reducing latency.

Here’s how it works: Imagine you host a website in a North American Region, like Ohio, and users access it from around the world. Without caching, users far from Ohio experience higher latency. However, with Edge locations, a copy of your website’s content is cached closer to the users. So, when someone requests content, it’s retrieved from the nearest Edge location, significantly reducing latency. Services like Amazon CloudFront are used to cache content across these Edge locations, ensuring a faster, more efficient experience for users globally. This global reach and reduced latency are important for applications that need to deliver high performance and quick load times to users regardless of where they are located.

By taking into account these factors and leveraging AWS’s robust infrastructure, you can design an efficient, compliant, and cost-effective cloud architecture.

Usage:

When working with AWS, you interact with cloud resources through API calls. AWS offers three main ways to make these API calls: the AWS Management Console, the AWS Command Line Interface (CLI), and Software Development Kits (SDKs). Let’s take a look at each.

1. AWS Management Console

The AWS Management Console is a web interface where you can point, click, and manage AWS services. It's the easiest way to get started, as it doesn't require coding. For example, if you want to create a virtual machine (EC2 instance), you simply log in, select EC2, and follow the prompts.

Example:

  • Task: Launch a virtual machine
  • How: Click through the EC2 options in the console

However, using the Console repeatedly for tasks can be time-consuming and prone to human errors. This is where automation tools like CLI and SDKs come in.

2. AWS Command Line Interface (CLI)

The CLI allows you to execute AWS commands using text-based commands. It’s faster and more efficient for repetitive tasks because you can automate them with scripts.

Example:

  • Task: Create a daily backup of your virtual machines
  • How: Use a CLI command to automate this:

bash 
aws ec2 create-snapshot --volume-id vol-xxxxxxxx --description "Daily Backup"

By scripting these commands, you can reduce human errors and save time.

3. AWS Software Development Kits (SDKs)

SDKs let you interact with AWS services directly from your code. This is ideal for integrating AWS with your applications, especially if you need to automate tasks within your app's workflow.

Example:

  • Task: Automatically upload a user’s profile picture to an S3 bucket
  • How: Use Python's AWS SDK (Boto3) to upload the file in your application:

Python 
import boto3
s3 = boto3.client('s3')
s3.upload_file('profile.jpg', 'my-bucket', 'profile.jpg')

Security:

In order to work effectively with AWS, it’s important to understand security in the cloud. You’re no longer managing everything yourself, so how does security work when you’re relying on AWS to manage parts of your infrastructure? Who is responsible? Is it you or AWS? The answer is both! This is where the Shared Responsibility Model comes into play.

The Shared Responsibility Model

AWS and you, the customer, share the responsibility for security in the cloud. AWS manages certain aspects, and you manage others. Let’s break this down:

AWS is responsible for security of the cloud.

This means AWS takes care of the security of their data centers, infrastructure, and virtualization layers. For example, AWS manages the security of physical servers, networking, and the hypervisors (the software that runs virtual machines). AWS ensures that their buildings are secure, their networking is protected, and the virtualization is functioning correctly. They are in charge of making sure these foundational services are secure and available.

To put it simply, AWS takes care of the iron and concrete—the physical security and the underlying infrastructure.

You are responsible for security in the cloud.

You are responsible for configuring and securing the services you use within AWS. For example, if you launch a virtual machine using Amazon EC2, AWS handles the physical server, but you are in charge of tasks like:

  • Patching your operating system
  • Encrypting your data
  • Setting up firewalls and controlling user access to your resources

Think of it like this: AWS built the secure building (the cloud infrastructure), but it’s your job to lock the door (securing your application and data).

AWS and Customer Responsibilities

AWS services are divided into three main categories, each with different levels of responsibility:

  1. Infrastructure services:
    • Examples: Amazon EC2 (Elastic Compute Cloud)
    • AWS manages the infrastructure, but you control the operating system, applications, and data encryption.
  2. Container services:
    • Examples: Amazon RDS (Relational Database Service)
    • AWS manages the infrastructure and the platform, but you handle the data and firewalls.
  3. Abstracted services:
    • Examples: Amazon S3 (Simple Storage Service)
    • AWS manages almost everything, including the platform and encryption. Your job is to manage and protect the data.

Customer Responsibilities

In AWS, you always maintain complete control of your data. This means securing your content and access is your responsibility. Here are some specific tasks you are responsible for:

  • Choosing the right Region: Based on compliance regulations (like data sovereignty laws), ensure your resources are in the right geographical Region.
  • Encrypting and protecting data: Make sure your data is encrypted and backed up.
  • Controlling access: Limit access to sensitive data and services by using access control policies

Wrapping Up

The Shared Responsibility Model allows AWS to focus on securing the infrastructure, while you can concentrate on securing your applications and data. By understanding where your responsibilities lie, you can build more secure and compliant solutions in the cloud.

IAM USER:

When you create an AWS account, you start with something called the root user. This root user has complete access to all AWS services and resources within your account. It’s incredibly powerful, but with that power comes a huge responsibility to secure it. Why? Because if anyone gains access to your root user, they can control everything in your AWS account. They could delete your resources, launch expensive services, or worse. So, securing the root user with Multi-Factor Authentication (MFA) is a best practice to ensure that even if someone cracks your password, they can’t log in without that second layer of authentication.

Authentication vs Authorization

  • Authentication is about proving your identity. When you log in with your email and password, AWS checks if you are who you say you are.
  • Authorization is about what actions you can take once logged in. Even after you’re authenticated, authorization determines whether you’re allowed to create, delete, or manage AWS resources.

AWS Identity and Access Management (IAM)

Now, you don’t want to use the root user for your day-to-day tasks. This is where AWS Identity and Access Management (IAM) comes into play. With IAM, you can create individual IAM users for yourself and your team. Each user has their own login credentials, allowing you to easily manage who has access to what within your AWS account. IAM users are essential for security, as they allow each person to have a unique identity, which you can monitor and control.

For example:

  • You can create a developer user for someone working on your application code, and give them access to specific services like EC2 or S3.
  • You can create a network admin user who manages the AWS infrastructure, and they would have different permissions tailored to their role.

IAM Groups and Policies

Instead of managing permissions for every individual user, IAM Groups allow you to organize users by role, such as developers or admins. All users in the group inherit the same set of permissions. This makes scaling and managing permissions a lot easier. For example:

  • New developer? Just add them to the developer group, and they’ll have the permissions they need without configuring them manually.
  • Changing roles? Move the user from one group to another, and their permissions will update automatically.

To define what actions a user or group can take, you attach IAM Policies. These policies are written in JSON and specify which actions are allowed or denied, like creating an EC2 instance or deleting an S3 bucket.

Here’s an example of a policy:

{
  "Version": "2012-10-17",
  "Statement": [{
      "Effect": "Allow",
      "Action": "*",
      "Resource": "*"
  }]
}

In this policy:

  • Effect: “Allow” means the action is allowed.
  • Action: The wildcard * allows all actions.
  • Resource: The wildcard * allows actions on all resources.

This policy gives administrator access, allowing the user to do anything in the AWS account.

Granular Policies

You can get more specific with IAM policies. For example, you can limit users to only changing their password or accessing specific resources.

Example:

{
  "Version": "2012-10-17",
  "Statement": [{
      "Effect": "Allow",
      "Action": [
        "iam:ChangePassword",
        "iam:GetUser"
      ],
      "Resource": "arn:aws:iam::123456789012:user/${aws:username}"
  }]
}

In this case, the user can only change their password and get information about their own IAM user.

In AWS IAM policies, the Resource element specifies which AWS resources the policy applies to. This allows you to control permissions for specific resources (like an S3 bucket, an EC2 instance, or a DynamoDB table) rather than giving blanket access to all resources.

How to Use the Resource Element in a Policy

  1. Wildcards for All Resources: If you want to allow or deny access to all resources, you can use the * wildcard for the Resource field. This would apply the policy to every resource in your AWS account.

    Example:

    json
    {
  "Effect": "Allow",
  "Action": "*",
  "Resource": "*"
}

    This allows access to all actions on all resources.

  2. Specific Resources: If you want to limit access to a specific resource, you need to specify the Amazon Resource Name (ARN) of that resource in the Resource element. An ARN uniquely identifies each AWS resource.

    Example:

    json
    {
  "Effect": "Allow",
  "Action": "s3:PutObject",
  "Resource": "arn:aws:s3:::my-bucket/*"
}

    In this example:

    • Action: The user can only perform the PutObject operation (uploading files).
    • Resource: The policy applies only to the objects in the S3 bucket my-bucket.

  3. Multiple Resources: You can specify multiple resources by using an array in the Resource element.

    Example:

    json
    {
  "Effect": "Allow",
  "Action": "s3:ListBucket",
  "Resource": [
    "arn:aws:s3:::my-bucket",
    "arn:aws:s3:::my-other-bucket"
  ]
}

    This allows the user to list the contents of two different S3 buckets.

  4. Restricting Access by Resource: If you only want to allow certain operations on specific resources, you can combine Actions and Resources.

    Example:

    json
    {
  "Effect": "Deny",
  "Action": "ec2:TerminateInstances",
  "Resource": "arn:aws:ec2:us-west-1:123456789012:instance/i-0123456789abcdef0"
}

    This policy denies the ability to terminate a specific EC2 instance.

Example of Resource in IAM Policy:

Here’s a more complex example of using the Resource element in an IAM policy:

json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:DescribeInstances",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-bucket/*"
    },
    {
      "Effect": "Deny",
      "Action": "s3:DeleteObject",
      "Resource": "arn:aws:s3:::my-bucket/*"
    }
  ]
}
  • ec2
    allows the user to view information about all EC2 instances (Resource is *).
  • s3
    allows the user to download objects from the my-bucket S3 bucket.
  • s3
    denies the user the ability to delete objects in the my-bucket S3 bucket.

Conclusion:

The Resource element gives you the flexibility to specify exactly which AWS resources a policy applies to, providing fine-grained control over who can access specific resources and what actions they can take.

Understanding IAM Roles in AWS

IAM roles allow AWS services or external users to securely interact with AWS resources. Unlike IAM users, roles don’t have passwords or permanent credentials; instead, they provide temporary, auto-rotating credentials to sign requests to AWS services.

For example, imagine you have an EC2 instance that needs to upload employee images to S3. Instead of creating a long-term IAM user, the EC2 instance can assume an IAM role that provides it with the required temporary credentials to access S3 securely.

Why Use IAM Roles?

  • Temporary Access: Roles provide temporary credentials that expire, reducing security risks.
  • Programmatic Access: These credentials are automatically used by applications and services without manual input.
  • Role Flexibility: IAM roles can be assumed by AWS services like EC2, Lambda, or by external identity providers (federation).

Example: Assigning an IAM Role to an EC2 Instance

Follow these simple steps to create and assign a role:

  • Go to IAM > Roles > Create Role.
  • Choose EC2 as the trusted entity (since the EC2 instance will assume the role).
  • Select Permissions for the role (e.g., S3 Full Access or DynamoDB Full Access). (You can create your own custom permissions or use the permissions already defined by AWS.)
  • Give the role a name
  • Attach the role to your EC2 instance.

Now, the EC2 instance will be able to assume the role and gain temporary credentials to securely interact with S3 and DynamoDB.

Additional Use Case: Federated Access

If you have a large number of employees (e.g., 5,000), instead of creating individual IAM users, you can set up federated access. This allows your company’s existing identity provider (such as Active Directory) to authenticate users, and AWS assigns them temporary credentials through IAM roles.

Step-by-Step: Creating an IAM User

  1. Go to the IAM Dashboard in your AWS Console.
  2. Click on Users in the left-hand menu.
  3. Select Add User.
  4. Enter a Username (e.g., "AdminUser").
  5. Choose the type of access:
    • Programmatic access (for CLI/SDK/API access).
    • AWS Management Console access (for web-based access).
  6. Create a password or let AWS auto-generate one for console access.
  7. Assign permissions:
    • Attach policies directly (e.g., AmazonEC2FullAccess).
    • Or, Add to a group (recommended for easier management).
  8. Review your selections and click Create User.

Step-by-Step: Creating an IAM Role

  1. Go to the IAM Dashboard in your AWS Console.
  2. Click on Roles in the left-hand menu.
  3. Select Create Role.
  4. Choose the Trusted Entity:
    • For AWS services (like EC2 or Lambda), select AWS Service.
    • For external accounts or federated users, choose AWS Account or other relevant options.
  5. Select the permissions you want to assign (e.g., full access to S3, read-only access to DynamoDB).
  6. Review your selections and name the role (e.g., "AppAccessRole").
  7. Click Create Role.

Understanding Servers and AWS EC2

When it comes to hosting an application, the foundation of everything is a server. A server is essentially either a virtual machine or a physical machine that hosts applications and accepts requests from clients or users. It processes these requests and sends back responses, functioning as a critical component in the client-server model.

Servers often run specialized software to handle HTTP requests. For example:

  • On Windows, you might find Internet Information Services (IIS), a web server software created by Microsoft.
  • On Linux, common HTTP servers include the Apache HTTP Web Server, Nginx, and Apache Tomcat (the latter specifically for Java-based applications).

What Is the Difference Between a Virtual Machine and a Server?

A server can be either a physical machine or a virtual machine. A physical server is dedicated hardware that handles requests and runs applications, while a virtual machine (VM) is a software-based emulation of a physical server, created using a hypervisor that allows multiple VMs to share the same physical hardware. In essence, a VM provides the flexibility of running isolated environments on shared hardware, whereas a physical server is a standalone machine. Virtual machines offer greater scalability and ease of management, especially in cloud environments like AWS.

Virtual Machines (VMs) and Their Role in Hosting

A virtual machine (VM) is a software-based emulation of a physical server. It runs on a physical host machine but acts like a separate computer, complete with its own operating system (OS), CPU, RAM, and networking components. Virtual machines provide the flexibility to host multiple "servers" on a single piece of physical hardware, thanks to the hypervisor, which is a software layer that allows multiple virtual machines to share the host machine's physical resources.

The process of setting up a virtual machine typically involves:

  • Installing a hypervisor on the physical server.
  • Provisioning resources like CPU, memory, and storage for each virtual machine.
  • Choosing and installing an operating system for the virtual machine, such as Windows or Linux.

These virtual machines give users the same control and flexibility they would have with a physical machine, making it easier to manage infrastructure, especially in cloud environments.

Amazon EC2: Virtual Machines in the Cloud

When working with AWS (Amazon Web Services), you often need to set up and manage servers to run your applications. One of the most popular services for this is Amazon EC2 (Elastic Compute Cloud), which offers scalable virtual machines in the cloud. EC2 allows you to create instances (virtual machines) that run on top of AWS's infrastructure, removing the need for you to manage the physical servers and the hypervisor yourself.

Here’s how Amazon EC2 works:

  • AWS handles the physical hardware and the hypervisor layer for you. You don’t need to worry about maintaining the physical infrastructure; AWS takes care of that behind the scenes.
  • When you create an EC2 instance, you're essentially creating a virtual machine. During the setup, you’ll choose the specifications for your instance, such as the amount of CPU, RAM, storage, and networking capacity.
  • You’ll also choose the operating system (OS) for your virtual machine. This can be a Linux distribution (such as Ubuntu or Amazon Linux) or a version of Windows. The OS you select will run on top of the hypervisor, just like with any other virtual machine.

This flexibility makes EC2 an ideal compute service for a variety of use cases, from small websites to large-scale applications, allowing you to easily scale resources up or down based on your application's needs.

EC2 Instance Flexibility and Cost Management

EC2 instances provide significant flexibility and control in the cloud. You can configure them to meet your specific needs and easily provision one or many instances. At the end of the billing cycle, you only pay for what you use, either per second or per hour, depending on the type of instance. When you no longer need an instance, you can terminate or stop it, halting further charges.

AWS supports a range of operating systems, including Linux, macOS, Ubuntu, Windows, and more. To select the operating system for your server, you must choose an Amazon Machine Image (AMI). The AMI contains information about how you want your instance to be configured, including the operating system, any applications to be pre-installed upon launch, and other configurations.

You can launch one or many instances from a single AMI, creating multiple instances with the same configurations. Some AMIs are provided by AWS, while others come from the community and can be found using the AWS Marketplace. You can also build your own custom AMIs as needed.

What Is an AMI?

An AMI is a template that defines the configurations for your EC2 instance. This includes:

  • The operating system you want to use.
  • Any pre-installed applications or software needed.
  • Storage mappings and architecture types (e.g., 32-bit, 64-bit).
  • Network Setting and Firewall Configurations

In the AWS Cloud, the traditional process of installing an operating system is handled for you through the AMI.

Relationship Between AMIs and EC2 Instances

EC2 instances are live instantiations of what is defined in an AMI, much like a cake is a live instantiation of a cake recipe. The AMI serves as the blueprint, while the EC2 instance is the entity you interact with. When you launch a new instance, AWS allocates a virtual machine that runs on a hypervisor. The AMI you selected is copied to the root device volume, which contains the image used to boot the volume.

One advantage of using AMIs is that they are reusable. If you want to create a second EC2 instance with the same configurations, you can create an AMI from your running instance and use it to start a new instance, ensuring that it has all the same configurations as your current instance.

Where Can You Find AMIs?

You can select an AMI from the following categories:

  • Quick Start AMIs: Premade by AWS for quick setup.
  • AWS Marketplace AMIs: Provide popular open-source and commercial software from third-party vendors.
  • My AMIs: Created from your EC2 instances.
  • Community AMIs: Provided by the AWS user community.
  • Custom Images: Built using EC2 Image Builder.

Each AMI has a unique ID, prefixed by “ami-”, followed by a hash of numbers and letters, specific to each AWS region.

Conclusion

The flexible and low-cost nature of EC2 instances, along with the ease of provisioning servers, allows businesses to innovate quickly. They can spin up servers for short periods to run experiments and find optimal configurations for applications. The ability to adapt to changes and choose specific configurations for your virtual machines through simple API calls makes EC2 a powerful tool in the cloud computing landscape.

EC2 Pricing Options

Amazon EC2 provides various pricing models to help you balance cost and performance for different workload requirements:

  • On-Demand Instances:
    On-Demand instances allow you to pay only for the compute capacity you use, without requiring long-term commitments. They are perfect for short-term or unpredictable workloads, and you can scale up or down as needed.
    Example: Suppose you’re running a website for a limited-time event. You launch an On-Demand instance for the event, and once it's over, you terminate the instance. You’re only billed for the hours during which the instance was running.

  • Reserved Instances (RIs):
    Reserved Instances are suitable for long-term, predictable workloads. You commit to using an instance for 1 or 3 years in exchange for a significant discount (up to 72%) compared to On-Demand prices.
    Example: If you run a SaaS application with a stable workload, you could reserve an instance in a specific Availability Zone. With a 3-year All Upfront RI, you get a deep discount, knowing the instance will always be running, reducing your overall costs.

  • Spot Instances:
    Spot Instances allow you to purchase unused AWS capacity at a discounted price (up to 90% off), but the instances can be interrupted if AWS needs the capacity back.
    Example: If you’re running a machine learning training job that can handle interruptions, you could launch several Spot Instances. If AWS reclaims the capacity, the job will pause, but you would still save significantly on costs during its runtime.

EC2 Instance Lifecycle

EC2 instances go through various lifecycle stages, starting from launching to eventual termination:

  • Launch: When you launch an instance, AWS allocates resources, networking, and storage, and the instance enters the Pending state. After initialization, it transitions to the Running state.
  • Running: In this state, your instance is active and ready to use. Billing starts based on the instance type and pricing model (On-Demand, Reserved, or Spot).
  • Stop: You can stop the instance, and it halts, saving the instance configuration, but any data in memory (RAM) is lost. Stopping also pauses billing for the compute capacity.
  • Stop-Hibernate: This state saves the contents of memory to disk and stores the instance’s state, so when you restart, it resumes without needing a fresh reboot.
  • Terminate: Terminating an instance deletes it permanently, freeing the associated resources.

Stop vs. Stop-Hibernate

When stopping an EC2 instance, it shuts down, releasing its compute capacity, and is not billed for while in this state. However, any data in memory is lost, and when restarted, it will boot from scratch.

Example: Imagine you’re running a long-running simulation. If you stop the instance at the end of the workday, all data stored in memory will be lost, and the next day the simulation has to start from scratch after rebooting.

With Stop-Hibernate, the instance’s memory (RAM) contents are saved to disk, allowing the simulation to pick up exactly where it left off without having to reload large datasets into memory.

Example: For memory-intensive tasks like an in-memory database, you could use hibernation to save time and improve efficiency. If you stop the instance, the contents of memory will be saved to the EBS root volume, and when you restart, the instance resumes from its previous state.

Instance Types and Example Configurations

EC2 offers a variety of instance types optimized for different use cases:

  • General Purpose (e.g., m5.large):
    These instances provide a balanced set of compute, memory, and network resources, suitable for a wide range of workloads like web servers, development, and small databases.
    Configuration Example:
    m5.large – 2 vCPUs, 8 GiB memory.

  • Compute Optimized (e.g., c5.large):
    Compute Optimized instances are ideal for CPU-bound applications that require high-performance processors, such as high-performance computing (HPC), batch processing, and gaming servers.
    Configuration Example:
    c5.large – 2 vCPUs, 4 GiB memory.

  • Memory Optimized (e.g., r5.large):
    Memory Optimized instances are designed for memory-intensive applications, such as high-performance databases, in-memory caching, or big data processing.
    Configuration Example:
    r5.large – 2 vCPUs, 16 GiB memory.

  • Accelerated Computing (e.g., p3.2xlarge):
    These instances come with hardware accelerators like GPUs or FPGAs, making them perfect for machine learning, high-performance graphics rendering, or scientific simulations.
    Configuration Example:
    p3.2xlarge – 8 vCPUs, 61 GiB memory, and 1 NVIDIA V100 Tensor Core GPU.

  • Storage Optimized (e.g., i3.large):
    Storage Optimized instances are designed for workloads requiring high, sequential read and write access to large datasets on local storage, such as databases, data warehousing, and large-scale analytics.
    Configuration Example:
    i3.large – 2 vCPUs, 15.25 GiB memory, and 1.9 TB of NVMe SSD storage.

Architecting for High Availability

High availability is a crucial aspect of cloud-based architectures. It involves ensuring that an application or system is operational and accessible even in the event of failures. When architecting for high availability in AWS, using multiple EC2 instances spread across different Availability Zones (AZs) within a region is highly recommended. This design allows for redundancy, ensuring your application can continue running even if one AZ experiences an outage.

Example: For a web application with users across multiple regions, you could deploy two t3.medium instances in different Availability Zones. By distributing traffic between these instances, you can ensure that even if one instance or AZ goes down, the other will still handle requests, minimizing downtime.

By using smaller, distributed instances across multiple AZs, you ensure resilience while reducing the impact of a single instance failure, improving both uptime and performance.

Creating an EC2 Instance in AWS

In this guide, we will walk through the steps to launch an Amazon EC2 instance using the AWS Management Console. This process is applicable for various applications and use cases.

  1. Access the AWS Console:

    • Log in to your AWS Management Console.
    • Navigate to the EC2 Dashboard.

  2. Launch a New Instance:

    • Click on Launch Instance.
    • On the next page, click Launch Instance again to begin the configuration process.

  3. Configure Instance Details:

    • Name your instance: Give your instance a meaningful name.
    • Select an Amazon Machine Image (AMI):
      • AMIs are templates containing the software configuration for your instance, including the operating system and applications.
      • Choose the desired AMI (e.g., Amazon Linux, Ubuntu, Windows Server).
      • Optionally, browse the AWS Marketplace for third-party AMIs or create your own AMI.

  4. Choose Instance Type:

    • Select an instance type that fits your requirements based on CPU, memory, storage, and networking capacity.
    • For general purposes or free-tier usage, you might choose an instance like t2.micro.

  5. Configure Key Pair:

    • You can create a new key pair or use an existing one for SSH access.
    • If you plan to use the AWS console to connect, you might choose to proceed without a key pair.

  6. Configure Network Settings:

    • Choose the default VPC and a suitable subnet.
    • Ensure that Auto-assign Public IP is enabled for public internet access.

  7. Set Up Security Group:

    • Configure your instance’s firewall using a security group.
    • Define rules to allow or deny specific traffic:
      • Disable SSH (if not needed).
      • Allow HTTP (port 80) and HTTPS (port 443) traffic.

  8. Configure Storage:

    • Review the default root volume size and type.
    • Optionally, add more EBS volumes if necessary.

  9. Advanced Details:

    • Select an IAM instance profile if your application needs permissions to access AWS services (e.g., S3, DynamoDB).
    • Optionally, add user data (e.g., a Bash script) to run commands or scripts upon instance launch. This is useful for installing software or setting environment variables.

  10. Launch the Instance:

    • Review all configurations and click on Launch Instance.
    • The console will begin provisioning your instance along with associated resources like the security group.

  11. Check Instance Status:

    • After a few moments, navigate to the Instances section to see the status of your newly launched instance.
    • Wait until the instance status checks show that it is running and initialized.

  12. Access Your Application:

    • Copy the public IP address or public DNS name of your instance.
    • Open a web browser and paste the IP address or DNS name to access your application.

Conclusion

Following these steps allows you to successfully launch an EC2 instance on AWS. Depending on your application needs, you can further customize the instance configurations, security settings, and networking options.

Exploring Container Services on AWS

AWS offers a variety of compute options, including virtual machines (VMs), containers, and serverless computing. Choosing the right service depends on your specific requirements. In this blog, we’ll explore what containers are, the benefits of using them, how they compare to traditional EC2 instances, and when to choose each option.

What is a Container?

A container is a standardized unit that packages your application code along with all its dependencies, configurations, and libraries. This encapsulation ensures that the application runs consistently across different environments, whether it's on your local machine, in development, or in production. The key advantage of containers is their portability; since they include everything needed to run the application, you can expect them to behave the same way regardless of where they are deployed. This reliability simplifies moving workloads from development to production, or even from on-premises to the cloud.

The Role of Docker

Docker is a leading platform for developing, shipping, and running containers. It simplifies the management of the entire operating system stack required for container isolation. With Docker, you can easily create, package, deploy, and run containers, facilitating a smoother development workflow. Docker has played a significant role in the rise of containerization, making it accessible for developers to leverage the benefits of containers without dealing with the complexities of the underlying technologies.

Containers vs. Virtual Machines

The primary difference between containers and virtual machines lies in how they utilize system resources:

  • Containers share the same operating system and kernel as the host, which means they are lightweight and can start almost instantly. This efficiency allows developers to run multiple containers on a single host, maximizing resource usage and reducing overhead.

  • Virtual Machines (VMs), on the other hand, run their own operating systems. Each VM includes a full OS, which leads to higher resource consumption and longer boot times. While VMs provide robust isolation and the ability to run different operating systems on the same hardware, the trade-off is a higher demand for system resources.

Managing Containers with Amazon ECS

Amazon Elastic Container Service (ECS) is a fully managed container orchestration service that allows you to run and manage your containerized applications at scale. With ECS, you can deploy and manage your containers across a cluster of EC2 instances effortlessly.

Key Features of Amazon ECS:

  • ECS Container Agent: This open-source agent runs on your EC2 instances, enabling communication between your containers and the ECS service. It helps manage tasks such as launching and stopping containers, monitoring their health, and managing resource allocation.

  • Task Definitions: In ECS, you define how to run your containers using task definitions, which are JSON-formatted text files. A task definition serves as a blueprint for your application, specifying required resources like CPU and memory, networking configurations, and the container image to use.

Here’s an example of a simple task definition for a web server running on the Nginx image:

json
{
  "family": "webserver",
  "containerDefinitions": [
    {
      "name": "web",
      "image": "nginx",
      "memory": "100",
      "cpu": "99"
    }
  ],
  "requiresCompatibilities": ["FARGATE"],
  "networkMode": "awsvpc",
  "memory": "512",
  "cpu": "256"
}

In this example:

  • The task is named webserver.

  • It includes a single container named web that uses the nginx image.

  • The container is allocated 100 MiB of memory and 99 CPU units.

  • It specifies compatibility with AWS Fargate, allowing serverless container deployment.

  • The network mode is set to awsvpc, which provides each task its own elastic network interface.

  • Service Management: ECS enables you to maintain the desired number of container instances and automatically replace any failed containers. This ensures high availability and resilience for your applications.

  • Integration with AWS Services: ECS integrates seamlessly with other AWS services, enhancing your application architecture and providing features like logging, monitoring, and security.

Use Cases for Containers

1. Microservices Architecture

  • Example: A startup develops an application using a microservices architecture, where each microservice is responsible for a specific function (e.g., user authentication, data processing, notifications).
  • Why Choose Containers: Containers enable the startup to package each microservice with its dependencies, allowing for independent deployment and scaling. This modularity leads to faster deployment cycles, as developers can work on and release updates for individual services without affecting the entire application.

2. DevOps and CI/CD

  • Example: A software development team adopts DevOps practices to streamline their development and deployment process, implementing Continuous Integration/Continuous Deployment (CI/CD) pipelines.
  • Why Choose Containers: Containers facilitate consistent environments across development, testing, and production stages. They can be easily built, tested, and deployed, minimizing discrepancies that often lead to the "it works on my machine" problem. This consistency allows for faster iterations and smoother transitions through the deployment pipeline.

3. Dynamic Scaling

  • Example: An e-commerce platform experiences varying traffic levels, with peaks during sales events and holidays.
  • Why Choose Containers: Container orchestration tools like Amazon ECS allow the platform to dynamically scale its services up or down based on real-time demand. Containers can spin up quickly to handle increased traffic and shut down during low-traffic periods, optimizing resource utilization and reducing costs.

When to Choose EC2

While containers provide many advantages, there are scenarios where Amazon EC2 may be the better choice:

  1. Legacy Applications: If you are working with older applications that require specific operating systems or configurations, EC2 offers the necessary flexibility to run these applications in their native environment.

  2. Resource-Intensive Workloads: For tasks that demand significant compute power or memory, such as data analysis or high-performance computing, EC2 instances can be optimized to meet these needs. EC2 allows for extensive customization and resource allocation, making it suitable for heavy-duty applications.

  3. Custom Networking and Security: When your application requires specific network configurations, security setups, or compliance considerations, EC2 provides complete control over these aspects. You can set up custom Virtual Private Clouds (VPCs), security groups, and network access control lists (ACLs) to tailor your environment to your exact requirements.

What is Serverless?

Serverless computing is a cloud model where you don’t need to manage the infrastructure. Unlike traditional compute platforms like EC2, where you’re responsible for instance management tasks such as scaling, patching, and ensuring availability, serverless services automatically handle these aspects.

With EC2, while you have full control, it requires management of tasks like patching the OS and deploying instances across multiple Availability Zones for high availability. This control is useful in some cases but adds operational overhead.

In contrast, serverless abstracts infrastructure management, allowing AWS to handle provisioning, scaling, and maintenance. This lets you focus entirely on your application. For example, AWS Lambda lets you run code without the need to provision servers. It automatically scales based on demand, simplifying the overall operational process.

In the serverless model, the shared responsibility shifts. You’re still responsible for application-level concerns like data security, while AWS takes care of infrastructure-level tasks such as OS patching. The serverless approach strikes a balance between control and convenience, making it an appealing option for reducing operational complexity while maintaining focus on application development.

What is AWS Fargate?

AWS Fargate is a serverless compute engine designed to run containers without managing the underlying infrastructure. Unlike using EC2 instances as a computing platform, where you control every aspect of the instance, Fargate abstracts this layer, enabling you to focus on deploying and managing your containers without worrying about the underlying server operations like provisioning, patching, or scaling.

When using Fargate with Amazon ECS (Elastic Container Service) or Amazon EKS (Elastic Kubernetes Service), you only need to define the resources your containers will use, such as memory, vCPU, and storage. Once set up, Fargate automatically handles the underlying infrastructure, including scaling and fault tolerance. This reduces operational complexity and allows you to focus on application-level concerns.

Key Features of AWS Fargate:

  1. Serverless Compute for Containers: With Fargate, there's no need to manage or provision any servers. You focus on container orchestration through ECS or EKS, and Fargate handles the infrastructure.

  2. Cost Efficiency: You only pay for the vCPU, memory, and storage that your running containers use. Additionally, Fargate supports pricing options like spot instances and compute savings plans to optimize costs further.

  3. Flexible Scaling: Unlike traditional EC2 instances, Fargate scales containers dynamically based on demand. You no longer need to worry about provisioning extra capacity or maintaining the scaling infrastructure.

  4. Seamless Integration: Fargate integrates smoothly with Amazon Elastic Container Registry (ECR) for storing and deploying your container images. You can push your Docker images to ECR and deploy them effortlessly.

AWS Fargate Use Cases:

  1. Microservices Architectures: Ideal for applications built with microservices, Fargate simplifies the deployment and scaling of multiple independent services.

  2. Batch Processing: Run batch processing workloads with auto-scaling to handle large-scale data processing without worrying about the infrastructure.

  3. Machine Learning: Fargate can handle containerized machine learning workloads where rapid scaling and quick iteration are crucial.

  4. Cloud Migration: For organizations looking to move from on-premises environments, Fargate provides an easy way to migrate applications by eliminating the need to manage servers, reducing migration complexity.

Fargate is a prime example of how serverless computing can simplify operations for containerized applications, allowing developers and engineers to focus on their core applications while leaving infrastructure management to AWS.

AWS Lambda: Serverless Compute in Action

AWS Lambda is one of the key serverless compute options offered by AWS. It allows you to run code in response to events without provisioning or managing servers. With Lambda, you only need to worry about your code and how it responds to triggers, while AWS takes care of the infrastructure, scaling, and maintenance behind the scenes.

Lambda is ideal for tasks that are event-driven, such as responding to HTTP requests, handling uploads in Amazon S3, processing events from AWS services, or even performing background tasks like resizing images. Let's explore how AWS Lambda works and guide you through creating a Lambda function.

Lambda Function Handler

The AWS Lambda function handler is the main part of your code that processes events. When your function is triggered, Lambda runs the handler method. After the handler finishes processing or sends back a response, it becomes available to handle new events.

Here’s the basic syntax for a function handler in Python:

python
def handler_name(event, context):
    # Your code here
    return some_value

Naming

When you create a Lambda function, you specify the handler name based on two things: the name of the file containing the handler function and the name of the function itself. For example, if your handler function is called lambda_handler and it’s in a file named lambda_function.py, the default handler name will be lambda_function.lambda_handler. If you choose a different name for your handler in the Lambda console, you'll need to update it in the Runtime settings.

Billing Granularity

AWS Lambda allows you to run your code without worrying about server management, and you only pay for what you use. You’re billed based on the number of times your code is triggered (requests) and how long your code runs, measured in milliseconds. AWS rounds up execution time to the nearest millisecond with no minimum charge, making it cost-effective for short-running functions, like those that execute for less than 100 milliseconds or low-latency APIs.

Step-by-Step: Creating a Lambda Function in AWS

  1. Go to the AWS Management Console.

  2. In the search bar, type and select Lambda.

  3. Click on Create Function.

  4. Under Function Configuration, follow these steps:

    • Select Author from Scratch.
    • Enter a Function Name (e.g., "MyLambdaFunction").
    • Choose the Runtime (e.g., Python 3.8, Node.js, etc.).

  5. Click on Create Function.

  6. After the function is created, you'll be taken to the function's configuration page.

    • Scroll down to the Code Source section.
    • Write or paste your code in the code editor or upload a .zip file.

  7. Configure the Function’s Execution Role:

    • Scroll down to Execution Role and choose:
      • Create a new role with basic Lambda permissions.
      • Or choose an existing role with necessary permissions.

  8. Set up Triggers (if required):

    • Click on Add Trigger.
    • Choose the Service (e.g., S3, API Gateway) that will trigger the Lambda function.
    • Configure trigger settings based on your use case.

  9. Click Save.

  10. Test your Lambda Function:

  • Click on Test.
  • Create a test event by selecting an event template or writing a custom JSON event.
  • Click Test again to run the function.

Your Lambda function is now created, configured, and ready for use!

Use Case 1: Scheduled Data Processing for Reporting

You're responsible for generating weekly sales reports from large datasets stored in Amazon S3. These reports need to be processed, aggregated, and stored in an RDS database. The process doesn't require immediate execution and can run during off-peak hours once a week.

Solution: Use AWS Lambda with Amazon EventBridge (CloudWatch Events).

  • EventBridge can trigger Lambda on a weekly schedule to perform the report generation and data processing, pulling the necessary files from S3 and storing results in RDS.
  • Lambda is cost-efficient since it only runs during the scheduled event, reducing unnecessary compute costs.

Use Case 2: Real-time Data Stream Processing

You’re building a real-time data analytics platform for tracking user behavior across an e-commerce website. The platform needs to ingest clickstream data, process it in near real-time, and output summaries to a dashboard.

Solution: Use AWS Lambda with Amazon Kinesis Data Streams.

  • Lambda can be used to process data records in real-time from the Kinesis stream.
  • The serverless nature of Lambda allows you to scale quickly based on the number of data records, and you only pay for the time your code is executing.
  • If more advanced stream processing is needed, AWS Glue or Kinesis Data Analytics could also be added to the pipeline.

Use Case 3: Migrating a Legacy Windows Application

You have a Windows-based legacy application hosted on on-premises servers. You need to migrate this application to AWS without major changes to the underlying architecture, while ensuring it supports varying workloads based on user demand.

Solution: Use Amazon EC2 with Auto Scaling and Elastic Load Balancing (ELB).

  • EC2 instances can be launched with Windows Server AMIs to mirror your current setup.
  • Auto Scaling adjusts the number of instances running based on traffic, and ELB ensures the load is balanced across those instances.
  • This allows for minimal refactoring while taking advantage of the scalability AWS provides.

Use Case 4: Microservice Architecture for a New SaaS Application

You're developing a new SaaS platform using a microservice architecture. Each service should be independent, quickly scalable, and capable of frequent, low-risk updates without affecting other services.

Solution: Use Amazon ECS or Amazon EKS.

  • Both services allow you to containerize your microservices and orchestrate them at scale.
  • Containers boot up faster than EC2 instances, ensuring quick scaling.
  • Amazon ECS is simpler and integrates well with other AWS services, while Amazon EKS offers more flexibility if Kubernetes is your preferred orchestration tool.
  • This setup provides easy deployment, portability, and isolation between services, reducing risk during updates.

Use Case 5: Low-Latency Gaming Application Backend

You are developing a multiplayer online game and need a low-latency, highly scalable backend infrastructure to handle real-time game data processing, player matchmaking, and communication.

Solution: Use AWS Fargate with Amazon GameLift.

  • Fargate, part of the ECS/EKS family, allows you to run containers without managing the underlying servers. It provides the scalability required for handling game sessions and user management.
  • Amazon GameLift is tailored for game hosting and player matchmaking, ensuring low-latency player connections. It handles the scaling of game servers based on the number of active players, making it ideal for multiplayer online games.

Comments

Post a Comment