Domain 3: Technology

Deploying & Operating in the AWS Cloud

Ways to Provision and Operate in AWS

Programmatic Access:

• APIs: Set of routines and tools for building AWS software.

• SDKs: Collection of software tools and libraries specific to various programming languages.

AWS Management Console:

• Web-based interface for AWS management.

• Features drag-and-drop capabilities to deploy AWS resources.

CLI:

• Allows direct command line instructions for AWS resources.

• Ideal for scripting and automations.

Infrastructure as Code (IaC):

• Use scripts to provision and manage AWS resources.

• Tools like AWS CloudFormation and terraform allow for IaC.

Deployment Models	Description
All in with Cloud/Cloud Native	Fully utilizing cloud services without on-premises resources.
Hybrid	Mixture of on-premises resources with cloud services.
On-Premises	Traditional infrastructure without significant cloud interaction.

Connectivity Options

• VPN: Securely connect your on-premises network to the AWS cloud.

• AWS Direct Connect: Establish a dedicated network connection from your premises to AWS.

• Public Internet: General connectivity method but less secure.

---

AWS Global Infrastructure

Relationship Among Regions, Availability Zones, and Edge Locations

• Regions: Separate geographic areas to ensure data redundancy and compliance.

• Availability Zones: Physically isolated data centers within a region.

• Edge Locations: Multiple distributed locations globally, primarily used by CloudFront (CDN) to cache content close to end-users.

How many Availability Zones does a typical AWS Region have?

a) 1 b) 2-3 c) 5-6 d) 10

b) 2-3

Achieving High Availability

• Disaster Recovery/Business Continuity: A strategic advantage of utilizing multiple regions.

• Use of multiple Availability Zones to ensure fault tolerance and minimize downtime.

• Some countries or industries require data to be stored in specific geographies.

Benefits of Edge Locations

• Amazon CloudFront: A content delivery network to distribute content globally with low latency.

• AWS Global Accelerator: Boosts the availability and performance of applications.

---

Core AWS Services

Categories of Services on AWS

AWS services can be classified into different categories based on their function:

1. Compute: Services tailored for processing capabilities.

2. Storage: Services related to data storage and retrieval.

3. Network: Tools and services that relate to networking features.

4. Database: Services for structured and unstructured data storage and management.

Compute Services

AWS offers several compute families tailored for different needs:

• General Purpose (e.g., t2, m5): Balanced CPU, memory, and networking.

• Compute Optimized (e.g., c5): For CPU-intensive workloads.

• Memory Optimized (e.g., r5, x1): For memory-intensive applications.

• Accelerated Computing (e.g., p3, f1): Leveraging hardware accelerators, or co-processors.

Services Providing Compute:

• Amazon EC2 (Elastic Compute Cloud): Provides resizable compute capacity. It's like having a virtual machine but in the AWS cloud.

• AWS Lambda: A serverless compute service. You just provide the code and AWS runs it without you provisioning or managing servers.

• Amazon Elastic Container Service (ECS): A fully managed container orchestration service.

Elasticity through Auto Scaling:

• AWS Auto Scaling allows you to maintain application availability. It dynamically adjusts its capacity to maintain steady, predictable performance at the lowest possible cost.

Purpose of Load Balancers:

• AWS offers Elastic Load Balancing with three types: Application Load Balancer, Network Load Balancer, and Classic Load Balancer.

• Distributes incoming application traffic across multiple targets, like EC2 instances, containers, and IP addresses, in one or more Availability Zones.

Storage Services

• Amazon S3 (Simple Storage Service): Object storage service offering scalability, data availability, security, and performance.

• Amazon EBS (Elastic Block Store): Block storage service for EC2 instances. Allows persistent data storage.

• Amazon S3 Glacier & S3 Glacier Deep Archive: Storage services optimized for infrequently accessed data, and long-term archiving with cost-efficiency.

• AWS Snowball: A physical data transport solution, more secure and faster than internet-based transfer methods.

• Amazon EFS (Elastic File System): Managed file storage for use with AWS Cloud services and on-premises resources.

• AWS Storage Gateway: Hybrid cloud storage service that provides on-premises applications access to cloud storage.

Networking Services

• VPC (Virtual Private Cloud): Provides a private section of the AWS cloud where you can launch resources in a virtual network that you define.

• Security Groups: Act as a virtual firewall to control inbound and outbound traffic to networked EC2 instances.

• Amazon Route 53: A scalable domain name system (DNS) and domain name registration service.

• VPN (Virtual Private Network) & AWS Direct Connect: Allow secure connection from on-premises sites to AWS. Direct Connect does so over a dedicated line for higher speed and consistency.

Database Services

• Amazon EC2 vs. AWS Managed Databases: While you can manually set up databases on an EC2 instance, AWS managed database services, like RDS and DynamoDB, offer easier management, backups, and scalability.

• Amazon RDS (Relational Database Service): Managed relational database service with various database engines like MySQL, PostgreSQL, SQL Server, etc.

• Amazon DynamoDB: Managed NoSQL database service known for single-digit millisecond performance.

• Amazon Redshift: Fully managed petabyte-scale data warehouse service.

---

Resources for Technology Support

• Documentation: Comprehensive AWS documentation includes whitepapers, user guides, and reference material.

• Support Plans: AWS offers a variety of support plans, from Basic to Enterprise.

• AWS Partner Network: Extensive network of third-party vendors, solutions, and integrators.

• AWS Trusted Advisor: Offers insights to reduce cost, increase performance, and ensure a secure environment.