Cloud computing and understanding of multiple cloud services is an extremely crucial skill in today’s cloud-based world of software systems if one aims at becoming a software architect and system designer.

AWS Cloud. Source: TI Info Tech Team

Article Outline

AWS services can be categorized in the following 5 most-famous categories. In each category, we mention the most-used services.

Compute Services

• EC2
• Lambda
• Auto Scaling

Storage Services

• S3
• EBS
• EFS

Database Services

• DynamoDB
• ElastiCache (Redis + Memcached)
• MemoryDB
• RDS
• Aurora

Networking Services

• ELB
• VPC
• TransitGateway
• CloudFront
• Route 53

Deployment Services

• ElasticBeanstalk

Monitoring Services

• CloudWatch

Other than that, AWS has services for IoT, robotis, AI, data analytics, etc. as well. By no means is the aforementioned list of just 05 categories an exhaustive one.

Intro & General Concepts of Cloud Computing

General Benefits of Using AWS / the Cloud

Before we start diving deeper into AWS cloud computing, we must remember that there are some general benefits of using the cloud. These usage benefits are so consistent that we can reap them off of almost all the AWS services, irrespective of the category that they might belong to. So, let us have a look at those benefits:

• Replication: Because of the cloud being a distributed system, cloud services are replicable across multiple data centers and regions. Hence, cloud services can easily give us durability — no data loss, scalability — easily add more read / write capacity to the system, availability — no down time, able to read from other replicas
• Security: AWS allows us to create a VPC (Virtual Private Network). Through this service: VPC. We can easily set up private IP addresses and access our storage / database services securely from our compute services.
• Continuous Monitoring: AWS allows us to attach their CloudWatch monitoring service with many other services. Because of this, we can get notifications, alarms, usage statistics, past logs and records of transactions and much, much more for our database / storage etc. services.
• Cheap Pricing: Cloud providers charge us only for what we use. Hence, we: don’t have to manage our own hardware; don’t pay for idle resources in times of low resource requirements, as AWS allows us to attach their AS (Auto Scaling) compute service with many other services. Hence, using the cloud is cheaper than having our own dedicated infrastructure, IT teams, security teams, support teams, real estate, etc..
• Configuration: AWS automatically manages the underlying infrastructure for all their services. They call it the “fully managed” services. Here, the security upgrades, software patches, hardware migrations etc. all happen automatically, without software developers having to do any of that.

Saas Vs. PaaS Vs. IaaS

• SaaS (Online Software): Focused on customers. They get software in the cloud, i.e., they don’t have to install it locally.
• PaaS: Focused on engineers. It becomes easy for them to carry out several deployment operations. Example: ElasticBeanstalk
• IaaS (Cloud Platform): Focused on management of the institutions. It becomes easier for the administration of the organization to manage their data in the cloud without investing in hardware (or hiring staff for the entire IST department). Example: AWS, GCP, Azure

Regions Vs. Availability Zones Vs. Edge Locations

• Regions, in AWS, refer to the geo locations where there are at least 2 available zones.
• Availability Zone, however, refers to the actual data center that hosts around 50, 000 — 80, 000 individual servers. Edge location is an AWS forward cache. The largest region in AWS is US-EAST (North Virginia). Almost all the features are released for this region at first, and then they are released afterwards for other regions.
  The naming convention for regions and AZs goes as follows: us-east-1a, for example. Here, us-east-1 is the 1st region in the US-East. Within this region, “a” is the first AWS AZ (data center).
• Edge locations are Amazon’s CNDs (forward caching mechanism). There is a whole networking service dedicated to running Amazon’s edge locations, called CloudFront. More on this later, in the AWS Networking Services section.

Root Vs. IAM Users

IAM stands for “Identity & Access Management.” Root users have access to everything in the entire management console. You should not give root access to everybody in your organization. Therefore, we create IAM users that are “sub-accounts” representing “sub-users” for the main account with limited access. Each of the IAM accounts will have different access available to them as described by the root user.

AWS Compute Services

1. EC2 — Elastic Compute Cloud

EC2 is an in-cloud server that you can fully customize by specifying its CPU, RAM, storage, VM configurations (OS type, for example), etc. EC2s support AMIs that run Windows, Linux as well as Mac. They even support Apple-based hardware too.

• Terminating an instance deletes it and the instance cannot be restarted later. Stopping it is the right thing to do if you plan on restarting it later.
• Auto scaling allows for adding more EC2 instances to the fleet in order to meet demand. Auto scaling either happens predictively (using ML) or dynamically (pre-deterministically) based on user-defined lower and upper bounds.

EC2 Types by Resource Optimization

EC2s can be optimized according to compute, memory, storage and network performance.

• For compute-optimized EC2 instances, AWS gives you several options. Some of them — at the lower end — have ARM CPUs. As you move to the higher end, Intel and AMD CPUs are also present. MMORPG often require compute-optimized EC2 instances. Hardware acceleration is also available (via GPUs, for example) for compute-intensive tasks, like ML.
• Memory-optimized EC2 instances are good for large datasets that have to be kept in RAM.
• Storage-optimized EC2 instances are good for large datasets that have to be kept in storage, and some of that data has to be brought into memory in batches to be processed.
• For network-optimized EC2 instances, AWS can give your EC2 a stronger network connection, faster inter-instance communication with Elastic Fabric Adapter (EFA), more secure intra-AWS network communication and Elastic IPs.

Pricing Strategy

• On-demand pricing charges you by the second or the hour, depending upon what type of EC2 instances you are using.
• Spot EC2 instances refer to a “spare” instance that is put aside for you. It can be requested for usage in case your app needs a short, quick burst of additional compute capacity. Given that spot instances can be reserved for up to 90% lesser expense, it can be way cheaper than scaling up your primary, on-demand EC2 for keeping up with the compute capacity.
• Dedicated hosts are physical servers that can be assigned to your account. You can run multiple instances (depending upon the size of the server) on this host.

2. Lambda

AWS Lambda is an in-cloud, highly available (fault-tolerant), highly scalable, event-driven, stateless and serverless PaaS.
The apps that don’t have a dedicated server running at the back-end are called serverless apps. Such apps implement their back-end in the form of isolated functions that reside inside their local frameworks (like Next.js) or in-cloud servers (like AWS Lambda).

Major Use Cases

Lambda’s event-driven nature makes it very suitable for real-time tasks. Lambda functions perform great when we are looking for real-time, event-driven interactive apps, ML tasks, real-time IoT (smart device) performance tracking and faults / crash monitoring, massive at-scale processing, social media real-time posts notifications etc.

Working Mechanism

• Upload Code, Set Parameters: First, you create your function by uploading your code (or building it right in the Lambda console, which is an IDE) and choosing the memory, timeout period, and the IAM role. The maximum execution time of the Lambda function is called its “timeout.” After this, it stops executing. You can customize timeouts to save cost in case something goes wrong and the function gets stuck. The memory of the Lambda functions can also be customized according to costing and performance considerations.
• Set the Trigger Resource: Secondly, you specify the AWS resource to trigger the function, which can be a particular Amazon S3 bucket, Amazon DynamoDB table. When the resource changes, Lambda will run your function in response to the change event. Usually, Lambda functions are triggered in response to the following events: REST API requests through AWS API Gateway, S3 storage update and DynamoDB table update.
• Auto Infrastructure Provision, Management & Metrics Logging: Thirdly, and finally, AWS Lambda seamlessly deploys your code, handles all the administration, maintenance, scaling and security patches, and provides built-in logging and monitoring through Amazon CloudWatch — that’s why it is called a PaaS. Lambda scales up the server infrastructure underneath automatically based on the app’s usage. For example, we may set up a Lambda function to make PUT requests to the DB for our social media posts. If a lot of likes and loves are being received by the post, our local server may crash, but not the Lambda servers! The hardware will scale up automatically, taking care of all the PUT requests. You can look at logs and performance measurements which are also recorded by AWS as the Lambda function runs.

Pricing Overview

• AWS automatically manages costing, scaling and security of the resources that it uses to run the Lambda functions.
• You are charged in the bursts of one millisecond when the Lambda function runs.
• Duration cost depends on the amount of memory you allocate to your function.

3. Auto Scaling

AWS auto scaling scales up or down the hardware infrastructure required to run several of the AWS compute and database services on the go, dynamically, based on the rising or falling demand from the internet.

Types of Auto Scaling

• Predictive: Predictive Scaling predicts future traffic — including regularly-occurring spikes — and provisions the right number of EC2 instances in advance of predicted changes. Predictive Scaling’s machine learning algorithms detect changes in daily and weekly patterns, automatically adjusting their forecasts. Predictive Scaling needs up to two weeks of historical data but can generate a predictive scaling schedule with as little as a day’s worth of data. Every 24 hours, Predictive Scaling forecasts traffic 48 hours into the future and schedules capacity changes for those 48 hours. By predicting traffic changes, Predictive Scaling provisions EC2 instances in advance of changing traffic, making Auto Scaling faster and more accurate.
• Non-Predictive: Here, the user defines an upper and a lower limit for scaling. During scaling the hardware resources up, the user-defined upper limit will never be crossed. While scaling it down, the user-defined lower limit will not be crossed too.

Major Use Cases

• You can set auto scaling for the database services. For example, one can enable a DynamoDB table or a global secondary index to increase its provisioned read and write capacity to handle sudden increases in traffic without throttling. Also, you can dynamically adjust the number of Aurora read replicas provisioned for an AuroraDB cluster to handle sudden increases in active connections or workload.
• You can set auto scaling for the AWS compute services as well. For EC2, more instances (hardware infrastructure) can be added to your fleet with auto scaling.

AWS Storage Services

Before we go into the actual services AWS offers, we must cover the basics of those services, i.e., understanding what types of storages are there.

The 3 Storage Types

Let us take a look at the types of storages at first. There are 3 kinds of storages, as described below:

01. File / Hierarchical Storage

Operating systems (Windows and Linux) use this system. Here files are stored in generic / general tree data structures.

02. Block Storage

This storage type is used by SSDs / HDDs / databases. Here, files are broken into equal chunks (blocks) and spread across the disk.

• Advantages: Updating block storage is very easy, as we have to update only one, single block which contains the updated part of the file. Therefore, block storage should be used in cases where a lot of update requests (PUT / PATCH requests) are also required in addition to reading.
• Disadvantages: Block storage maintains next to no metadata. It is also not very scalable.

03. Object Storage

It is mostly used in the cases:

• When we have a lot of metadata (like file permissions for security and privacy reasons).
• When we have to perform no or very few updates on the data (static data, like a search engine’s photos and Netflix videos), as changing just the tiniest part of the data results in the whole object being altered.
• When we have really huge amounts of data.

Objects have three parts: ID (identifier of the object), metadata (information about the data like usernames with file access) and data (actual data, like photos, videos, etc.).

1. S3 — Simple Storage Service

S3 is an object-based, infinitely-scalable (distributed), partition-tolerant, highly-available in-cloud persistent storage solution by Amazon that implements the eventual consistency model (~15 minutes are required for object replication).

Object Storage Via Hash Rings

A consistent hash ring with replication

The image above shows how data is broken down by a “hash ring” and distributed across multiple servers in a distributed system in an object-based storage system. The hash ring breaks the file into several chunks and computes the hash for each chunk. According to its hash value, the chunk is stored on a specific server on the ring. If you change the file, the whole file will be remapped to the servers all over again — which is a very expensive operation.

The red boxes show how replication works, as all red boxes are the exact same replica of each other.

After storing the data, we can define multiple “access points” for the bucket (the container with the objects inside). Access points are network endpoints that allow us to set different access rules and regulations (for data privacy, security, etc.). This is useful when we are using the same bucket to keep the objects for multiple applications, and each of the apps have different permissions for the bucket data.

The WORM Data Model: WORM stands for “Write-Once-Read-Many” model. In S3, we have the option to lock our objects and make sure that for a specific amount of time — called the retention period — nobody can delete / modify the object copy.

Types of S3 Storages

01. Standard Storage

S3 offers 3 kinds of storage (mainly). In standard storage, S3 does not apply any data monitoring / analysis / ML etc. to create an effective cost-saving plan for customers. You just upload your data to S3, and you get all the benefits and performance results of Amazon’s object-based storage, but nothing beyond that.

Other than standard storage class, AWS also offers half-a-dozen other storage classes, out the of which the following two have been listed:

02. S3 Intelligent-Tiering

Here, S3 uses ML to classify your objects into three categories based on access / reading patterns to take cost-effective steps and moving data from one tier to the other.

S3 Intelligent Tiering is divided into three tiers. All three of them have the same high-throughput and ms-level low latency performance. Objects have to be at least 128 KB in size to be eligible for it.

03. S3 Glacier Storage

S3 Glacier is Amazon’s object-based data archiving feature. It is further divided into three tiers.

Pricing Overview

S3 charges you mainly at the following occasions:

• Storage Amount: The amount of data you store is proportional to the charges incurred
• Storage Class: Different charges are incurred for different types of storage, like standard, IT, Glacier, etc.
• Read Requests: Whenever we perform operations on the data (read, put, list, etc.), we incur charges proportional to the expensiveness of the operation
• Intelligent Computing: In S3 IT, data is monitored regularly for detecting access patterns, so that it can be shifted at the right time to the right tier for cost optimization. Customers incur charges for monitoring (but not for moving data to and from the tier).
• Replication: Both for intra-region and inter-region replication, charges are incurred.
• Object Lambda: You can attach Lambda functions with your S3 objects. If a Lambda function is invoked while reading the object — say, to modify it dynamically on the server before returning — you are charged for that as well.

2. EBS — Elastic Block Store

EBS is Amazon’s in-cloud, scalable and durable (back up) block-level persistent storage solution based on Hard Disk Drive (HDD) or the Solid-State Drive (SSD) technology.

Volume Types

A “volume” is a logical storage instance that behaves like a physical one. Mainly, they are classified based on two performance metrics:

• Bandwidth: It is the amount of data that a storage device can bring out or take in per second. In other words, how many IOPS (input / output operations per second) a disk can perform is its bandwidth. A certain number of IOPS are free with EBS. Going beyond that limit causes additional charges to be incurred by the users.
• Latency: It is the time that the storage device takes to complete one operation of read or write. In other words, how long a single IOP takes is the disk’s latency.

Main Feature — Snaps

The main feature that EBS offers is that of taking snapshots of the disk at a given point in time. These snaps are of two types:

• Standard: These are non-compressed snaps. If you replace the snap later with a newer one, only the block / s that have been changed will be affected. You will be billed only for that without any additional charges.
• Archived: These snaps are compressed and then archived in object-level S3 storage. If you take another snapshot, the entire snapshot will be replaced (as archived snaps are compressed according to partners in the data), and you will be billed accordingly for the whole thing as well.

Snaps Lifecycle Management

Amazon allows you to automate the lifecycle of the snaps. When you do, AWS automatically takes the snap, stores it (for the “retention period” defined by you) and then deletes it finally. Also, AWS allows you to attach CloudWatch, which further allows you to monitor the whole process and also create event-based snaps in real-time.

Pricing

AWS charges you at the following instances:

• The amount of storage
• The type of storage (SSD Vs. HDD)
• The amount of snaps
• The type of snaps (standard Vs. archived)
• Going over the IOPS limit
• Retrieving snaps from archive
• Bandwidth- and latency-based performance charges
• EBS snaps in the recycle bin are also billed

3. EFS — Elastic File Store

EFS is Amazon’s elastic (scalable) and distributed (supports replication) file system.
There is primarily only one main feature: Intelligent Tiering within two storage classes:

• Standard
• Infrequent Access

AWS allows you to set policies for moving files from standard tier to infrequent-access tier after 7, 14, 30 or 90 days of no access. On first access in the IA tier, the file is brought back to the standard tier. This entire process can be automated, and AWS will monitor and implement the solution on its own. Remember, monitoring charges apply.

AWS Database & Caching Services

1. DynamoDB

DynamoDB is Amazon’s elastic, highly available, eventually consistent, fault-tolerant, replicable and serverless NoSQL database solution.

S3 Vs. DynamoDB

• S3 is a storage, though an object-level too. It is an isolated and a standalone system on which we store that can be accessed by many, many users at the same time, as the data is not personal to them. DynamoDB has to be attached with some EC2 instance because it is not a standalone service and it has data in it that is private to a specific user profile (gaming profile, shopping history, etc.).
• S3 is not an optimal choice for writing / updating the data, DynamoDB is, as it performs well for transactional queries.
• S3 takes around 15 minutes to replicate data to make it eventually consistent, whereas DynamoDB takes around 1 second to replicate data within the global table (replication across multiple regions).

Essentially, Dynamo is a DB and S3 is a persistent storage service.

Main Features

S3 has the following features:

• DAX (The In-Memory Cache): DAX is an in-RAM cache. It remarkably increases DB’s performance from the order of milliseconds to microseconds. DAX is designed to run within a VPC environment and not outside of it for security reasons. Amazon VPC defines a virtual network that closely resembles a traditional data center. The DAX cache sits inside the VPC alongside the EC2, whereas the DAX client (used to write to / read from the DAX) sits inside the EC2 operating system.

AWS DAX working with DynamoDB from inside EC2.

• S3 Compatibility: You can import data from or export data to S3, as both of them are compatible because of having an object-level nature.
• Infrequent Access Tier: DynamoDB allows you to move the infrequently accessed collections to an archive where one can save up to 60% of the fees
• PITR (Database Backups): DynamoDB enables you to back up your table data continuously by using point-in-time recovery (PITR). When you enable PITR, DynamoDB backs up your table data automatically with per-second granularity so that you can restore to any given second in the preceding 35 days.
• Global Tables (Multi-Region Replication): You can replicate DynamoDB collections across several regions. You can write to any replica, and AWS will automatically replicate it (eventually, with a latency value of ~1s). If only one replica is up, the system will be available, as there is a very high emphasis on availability at the expense of the consistency (ref. to the CAP theorem).

Pricing Strategies

There are two pricing strategies one can follow:

• On-Demand Pricing: On-demand pricing means that AWS uses their Auto Scale compute services to add more servers to the DynamoDB instance in case the number of read / write requests exceed a certain limit and the current number of servers is proving to be insufficient.
• Provisioned Pricing: Here, beyond a certain, user-defined threshold for the total number of requests per second, the system does not respond. If your application's read or write requests exceed the provisioned throughput for a table, DynamoDB might throttle that request. When this happens, the request fails with an HTTP 400 status code, accompanied by a ProvisionedThroughputExceeded exception.

2. ElastiCache

To understand AWS EC, we need to understand Redis and Memcached at first. Because ElastiCache is fully configurable with two open-source utilities that AWS has built on top of:

• Redis — a single-threaded in-memory cache, DB, message queue, pub/sub system and a lot more with rich data structure available
• Memcached — a multi-threaded in-memory cache that even Facebook built up on for their internal usage as well.

3. MemoryDB

MemoryDB is Amazon’s solution for an in-memory database. MemoryDB runs on top of open-source Redis.

In addition to the built-in Redis data structures, AWS has added full JSON support to MemoryDB.

4. RDS & Aurora — Relational DB & DBMS

RDS is Amazon’s solution for relational databases. RDS supports the following DBMSs:

• Aurora — Amazon’s custom cross-regional and serverless DBMS. It is distributed and supports 15 local (in the same region) read replicas. It is fully compatible with MySQL and PostgreSQL and promises x5 the performance of stock MySQL and x3 the performance of stock PostgreSQL.
• MySQL
• PostgreSQL
• MariaDB
• Microsoft SQL Server
• Oracle DB

Blue-Green Deployments: One thing that stands out in RDS is the “blue / green deployment” feature. A blue/green deployment creates a staging environment that copies the production environment. In a blue/green deployment, the blue environment is the current production environment. The green environment is the staging environment. The staging environment stays in sync with the current production environment using logical replication.
Hence, without touching the production environment (blue), we can make changes, perform upgrades, do experiments etc. with the staging environment (green).

AWS Networking Services

1. ELB — Elastic Load Balancer

Before studying ELBs, let us go over some fundamentals required for understanding ELBs.

• TCP / IP Connections: Connection refers to the three-way TCP / IP handshake (SYN, ACK, SYN-ACK).
• Keep-Alive Connections: Sometimes, we don’t close the connection with the servers immediately after receiving data (HTTP response) from them. We keep it alive for a while, so that the next request can be served without the overhead of TCP / IP connection and the TLS connection all over again.
• Handshakes Sequence: Whenever we are trying to talk to any remote server – Netflix, Facebook, LinkedIn etc., the handshake happens in the following order, ALWAYS: 3-way TCP / IP handshake, 4-way TLS handshake HTTP data transfer (file, image, video, etc.)

Load Balancers — A General Overview

A load balancer sits very close to the server — next to the server, actually, acting as a reverse proxy — and has access to all the incoming connections and HTTP requests. Depending upon which algo the load balancer uses, it forwards the client’s requests to one of the several available servers. Mostly, the algo determines how saturated / busy / overloaded a server is. Based on that, it redirects the client to some server that can easily handle the incoming workload.
When the load balancer does redirect you to some other server, you can never know which server you are being redirected to. In other words, ELB also acts as a server-side NAT Box. It changes the destination IP address in the incoming request, silently, without letting us know anything.

ELBs — AWS-Specific Features

AWS has picked up the concept of layer 4 and layer 7 load balancers and added to them their own optimizations and distributed computing features. For example:

• Not a Single Point-of-Failure: ELBs are not a single point of failure. They are distributed, scalable, durable computer systems themselves.
• Auto Scaling Features: ELBs work in conjunction with the AS service by AWS. Here, the load balancers are automatically increased in number to handle the incoming request surge. Also, AS adds a new, for example, EC2 to the existing fleet of machines, but it is the ELBs that route requests to them.
• EC2 Health Checks: ELBs check the health status of the EC2 instances, and then route requests only to those EC2s that are healthy.

Load Balancer Types

Elastic Load Balancers are of two main types:

• Application Load Balancer — Layer 07 / Request-based balancer
• Network Load Balancer — Layer 04 / Network-based / Connection-based balancer

Application Load Balancers (ALBs)

An ALB sits at Layer-07 of the OSI model. It has access to everything in the incoming client request which is accessible by the application itself. It terminates TLS encryption of the incoming HTTP request, and based on the data, it takes routing decisions.

ALBs can take decisions based on the following data: Request host (abc.com), path (abc.com/about), query params, (abc.com/blogs/blog_ID=43) as well as based on the data passed in the body. After reading this data, it checks the predefined rules in the AWS ALB console which match the current incoming request and forwards the request accordingly.

ALB Pros

Alongside managing the load on the servers, ALBs can also perform a ton of other tasks, allowing those tasks to be performed at the ALB and freeing the actual server to do just the back-end logic handling.

ALBs are great with:

• Microservices: For example, one microservice may serve pictures and the other one may serve videos, both of them being hosted on two different EC2s. If the ALB sees that the incoming request is for /images path in the URL, it will forward it to the standalone pictures’ microservice, based on the hardcoded, predefined redirection rule in the AWS console, created by the cloud / DevOps department.
• Fixed Error Responses: ALBs can also provide fixed responses, say, in case there is an issue with one of our microservices. ALB will respond with 500: Internal Server Error (or any other predefined error) to let the user know that there is some issue with the server or even with their own request, like 403: Forbidden.
• Caching: Given that ALBs can see what data is flowing to and from the user, they can cache frequently-used images, for example, that correspond to a certain request URL.
• User Authentication & Authorization: They can authenticate and offer JWT tokens / cookies to the users if given access to the DB. They have access to the incoming cookies as well, always. Hence, they can authorize the user for certain routes, or block their access to the resources.
• Sticky Sessions: ALBs remember which server served you last time. Hence, the next time, your request will be forwarded exactly to that server over the same (sticky) session, which means no new TLS handshake will be required but only when the time limit for the sticky session has expired.

ALB Cons

• ALBs look at the data. Therefore, if they are under attack, the data will be leaked.
• They look at the data and then process. Hence, they are slow, as they have to perform a large amount of processing.
• It opens up two TCP connections — one with the client and the other one with the server. Hence, it has to keep a TCP connection table or something, which will allow it to remember which user’s data has to be forwarded to which server over what TCP connection. Also, it will have to establish two TLS connections as well, decrypt the response coming from the EC2, re-encrypt it with the symmetric session key of the user’s session and then send the response to the user. An improvement upon this model is based on the “socket programming” technique, where web sockets communication protocol is used. Here, the ALB keeps a socket open with all the servers, so that it does not have to establish a TCP / IP connection with a TLS handshake with the EC2s for every incoming client TCP connection request. Also, it sends a “keep alive” signal to the client, allowing multiple HTTP requests to be sent over the same TCP and TLS connection from the front-end.

Network Load Balancers (NLBs)

A network load balancer sits at the connection level. It has access to the TCP port we want to connect with, an IP address of the source and destination – only. They usually implement the “Round-Robin Algo” for alternating between servers, and giving them connections of the users. However, for load balancing, they may employ some other smart techniques as well to gauge server saturation. They have the following pros and cons:

• They are more secure — they don’t have to access the user data or the symmetric session keys; therefore, they don’t and cannot terminate TLS encryption. In case they are compromised, the adversaries will still have nothing (only IP and port).
• They are very, very fast, because they don’t have to look at a lot of data or do any processing.
• They only open up zero TCP connection, i.e., the client does not “connect” with them, rather the same TCP connection gets forwarded to the appropriate EC2 server.

2. VPCs & TransitGateways

VPC stands for “Virtual Private Cloud.”

A TransitGateway is a service that acts as a central hub for routing traffic between multiple VPCs, helping them connect and communicate with one another.

Prerequisites

Private Vs. Virtual Private Clouds: A private cloud is a data center managed by a company with their own hardware resources, looked after by their own IT department. A virtual private cloud is a public cloud infrastructure that merely behaves like a private cloud and is only logically isolated from other machines in the same public cloud, not physically. AWS VPC enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Subnets: A subnet is a range of IP addresses in your VPC. A subnet must reside in a single Availability Zone. After you add subnets, you can deploy AWS resources in your VPC.

IP Addressing: You can assign IPv4 addresses and IPv6 addresses to your VPCs and subnets. You can also bring your public IPv4 and IPv6 GUA addresses to AWS and allocate them to resources in your VPC, such as EC2 instances, NAT gateways, and Network Load Balancers.

Security Groups: Act as a firewall for associated Amazon EC2 instances, controlling inbound and outbound traffic at the instance level.

Purpose & Use Cases

A VPC allows you to isolate your networking environment. This can greatly improve the security of many of the compute, storage or DB resources.

For instance, you can create an internet-facing security group in which your EC2 resides. Users of the internet can connect with it anytime they want. Secondly, you should create another non-internet-facing security group with a range of private IPs (private subnet) in which your RDS database resides. Now, you can define a custom rule in the second security group that only the IPs in the first security group are allowed to query this DB. Everybody else, — including the general public — will find their requests blocked (forbidden). Take a look at the diagram below to understand it better.

VPC Peering

The case above describes a situation in which both the security groups and compute resources reside in the same VPC. What if they reside in a different VPC which is either in the same data center or a different data center of the same region or a different region altogether? Well, in that case, we can use VPC Peering service to connect between them. Look at the image below.

When performing VPC peering, network traffic has to be routed between multiple VPCs. Well, that happens through a central routing hub called the “Transit Gateway.”

Transit Gateway

AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. This connection simplifies your network and puts an end to complex peering relationships. Transit Gateway acts as a highly scalable cloud router.

Take a look at the image below to understand it more clearly.

VPC Features

AWS allows you to monitor traffic coming into and going out of the private cloud. This is greatly helpful if you want to monitor and analyze your traffic with the help of CloudWatch.