Mastering the Cloud: Module 3-AWS Global Infrastructure Overview
An Aws global infrastructure is designed to provide and deliver a flexible, reliable, scalable, and secure cloud computing environment via the Internet with high-quality global network performance.
An Aws region is a geographical area having more than one Availability zone where each zone has multiple data centers that are isolated from each other so that data stored in one specific zone will not get replicated in the other (Each Aws Region should contain a min of 3 Availability zones).
Data replication across the region is controlled by ourselves and communication between ‘regions’ uses the Aws backbone network infrastructure like the Aws Management Console to enable or disable the region (Each available zone contains one or more discrete data centers).
Each region provides full redundancy and Connectivity to the network. And recommends, that we manage resources at multiple availability zones.
while selecting a particular region to move our workloads to the cloud and for Services, applications, and data it should be based on these factors:
1. Data governance and legal requirements (compliance or data sovereignty)
2. Proximity to the customers (Latency)
3. Services available within the region.
4. costs (May vary by region).
‘69’ available zones worldwide that are designed for ‘fault isolation’ and are interconnected using high-speed private networking, and low latency links.
Aws data centers within the Availability zones are designed for security, mitigate damage, and protect from failure. And these are the Centers where data resides and gets processed.
Each data center has redundant power, networking, and also Connectivity that is housed in a separate facility with up to 50,000–80,000 physical servers and a data center cannot be used for more than one Availability zone.
Aws uses custom networking equipment Sources, from multiple ODM’s (Original device manufacturers) that are designed and manufactured products based on specifications.
Amazon Cloud Front is a content delivery network used to distribute content to end users to reduce latency.
Specifically regional edge caches are used for content with infrequent access (AWS edge locations), and they need not be located in the same general area as the AWS regions.
Aws Infrastructure Features
1. Elasticity and Scalability:
->Elastic infrastructure and dynamic adaption of capacity.
-> Scalable infrastructure and adapts to accommodate growth.
2. Fault Tolerance:
-> continues operating properly in the presence of a failure.
-> Built-in redundancy of components.
3. High availability:
-> High level of operational performance
-> Minimized downtime and no human intervention
Aws Foundational Services
1. Applications:
-> virtual desktops
-> Collaboration and sharing
2. Platform Services
-> Databases
-> Analytics
-> Application Services
-> Deployment and management
-> Mobile Services
3. Foundation Services
-> Compute
-> Networking
-> Storage.
4. Infrastructure
-> Regions
-> Availability zones
-> Edge locations.
Aws Storage Services
‘Amazon S3’, an object storage service that offers Scalability, data availability, Security, and Performance.
‘Amazon EBS’, a high-performance block storage designed for use with Amazon EC2 for throughput & transaction-intensive workloads
‘Amazon EFS’, provides a scalable fully managed elastic network file system
‘Amazon S3 Glacier’, a cloud storage class for data archiving and long-term backup.
Amazon Compute Services
‘Amazon EC2’, provides resizable compute capacity as virtual machines in the cloud.
‘Amazon EC2 auto Scaling’, enables us to automatically add or remove EC2 instances according to the conditions
‘Amazon ECS’, a high-performance container orchestration Service that supports Docker Containers
‘Amazon ECR’, is a fully managed Docker container registry that makes it easy for developers to store manage, and deploy Docker container images.
‘Elastic Beanstalk’, a Service for deploying and Scaling web applications and Services like Apache & IIS. (using programming languages like Java & .NET)
‘Amazon Lambda’, enables us to run code without provisioning (manage Servers)
‘Amazon EKS’, makes it easy to deploy, manage and scale Containerized applications.
‘Amazon Fargate’, a compute engine for Amazon ECS that allows us to run containers without having to manage Servers or clusters.
Aws Database Services
‘Amazon RDS’, is an easy to set up, operate, and Scalable relational database in the cloud. It provides resizable capacity while automating time-consuming administration. (note RDS mostly works in coordination with EC2)
‘Amazon Aurora’, is a MySQL & PostgreSQL Compatible relational database.
Amazon Redshift’, enables you to run analytic queries against petabytes of data.
‘Amazon Dynamo DB’, a fully managed Key value & document NOSQL database that delivers single-digit millisecond Performance at any Scale.
Network and content delivery Services
‘Amazon VPC’, enables you to manage logically isolated Sections of Aws cloud to launch Aws resources in a virtual network
‘Aws Elastic Load balancing’, it automatically distributes the Incoming application traffic, across multiple targets like EC2.
‘Amazon Cloud Front’, is a fast content delivery network (CDN) that securely delivers data, videos, and applications and also application programming with low latency & high transmission speeds and it uses AWS edge locations.
‘Aws Transit gateway’, Service enables customers to connect their Amazon vpc’s and their on-premises networks to a Single centrally managed gateway.
‘Amazon Route 53’, is a scalable cloud domain name System web Service designed to give you a reliable way to route end Users to the internet application and it will translate URL into IP address.
‘Aws Direct connect’, provides a way to establish a dedicated Private network from the data center to AWS that reduces costs and Increase bandwidth throughput.
‘AWS VPN’, provides a secure private tunnel for our network to aws global network.
Aws Security, Identity, and Compliance Services
‘AWS IAM’, which enables you to manage access to AWS services and resources Securely.
‘Aws organizations’, allows us to restrict the services and actions we choose are allowed in our Aws accounts.
‘Aws cognito’’, that lets you add user authentication and access control to your web and mobile apps.
‘Aws Artifact’, this service provides on-demand access to Aws security and compliance reports.
‘Aws Key management service(KMS)’, enables us to create and manage the encryption of keys and we can control the usage of encryption across a wide range of Aws Services in our application.
‘Aws Shield’, is a managed distributed denial of Service Protection Service that Safeguards applications running on Aws.
Aws Cost Management Services
‘Aws cost and usage report’, contains the most comprehensive set of aws cost and usage data available, including additional metadata about AWS services (it can even indicate the billing activity of any service that took place 3 months ago or more)
‘Aws Budgets’, through which we can set custom budgets that alert you when your Aws costs or usage exceeds or is forecasted to exceed one’s own budgeted amount
‘Aws cost explorer’, has an easy-to-use interface that enables us to visualize understand, and even manage your AWS cost and usage over time (like it displays the distribution of AWS spending)
Deploying resources across multiple availability zones can be used to increase the fault tolerance of an application.
Aws Management and Governance Services
‘Aws management console’, is a web-based user interface for accessing our Aws account and managing Aws services.
‘Aws config’, is a Service that helps us track resource Inventory and changes
‘Aws cloud watch’, service allows us to monitor resources and applications. It allows the collection and tracking of metrics.
‘Aws auto Scaling’, this service provides features that allow you to scale multiple resources to meet demand.
‘Aws command line interface’, provides a unified tool to manage aws services.
‘Aws Trusted Advisor’, is an online tool that helps us to Optimize performance and Security using Aws best practices and it also provides infrastructure security, optimization best recommendations.
‘Aws well- Architecture tool’, that provides help in reviewing and improving your workloads.
‘Aws cloud Trail, this service tracks user activity and API usage across your Aws accounts. (It mainly contains access logs that provide detailed information).
WAF (web application firewall):
-> A Service that filters incoming HTTP traffic between your application and the internet.
-> A disaster recovery strategy on Aws Should be launching infrastructure In a separate Aus region.
-> Similar to Aws shield, AWS cloud front also helps in DDOS protection.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Congratulations! You’ve gained a comprehensive understanding of the robust network that underpins AWS. This knowledge will empower you to make informed decisions about deployment strategies and service selection.
In the next module, Module 4: AWS Cloud Security, we’ll delve into the world of AWS security best practices. Get ready to explore the tools and services that ensure the confidentiality, integrity, and availability of your cloud resources!
Episode 4: https://medium.com/@harshithavineni81/mastering-the-cloud-module-4-aws-cloud-security-7bb5d40793bd
