My Cloud Journey — Week 6 | Advanced AWS Part 1

Week 6 at the academy lasted 8 weeks literally! This was partly due to the extensive AWS material, which exceeded a week’s workload. I also dedicated significant time to additional studies on DevOps, CloudFormation and Terraform.

We explored IAM, S3, RDS, EC2, Load Balancers, and Auto Scaling extensively, diving into a range of AWS services. I gained insights into resource management, security, and performance optimization. Not only did we create these resources via the AWS console, but we also created them using AWS CloudFormation. In this piece, I will discuss the essential aspects that influenced my grasp of cloud computing.

Caution! This article will be theoretical, but the following one will feature some of the exercises done for week 6.

Identity and Access Management (IAM)

IAM Users, Groups, Policies and Roles

AWS Identity and Access Management (IAM) forms the foundation of secure access control. Here are some essential concepts:

1. IAM Users: An IAM user represents either a person or a service that interacts with AWS resources. When you create an IAM user, you define their credentials and permissions within your AWS account.
2. IAM Groups: An IAM group is a collection of users who share access control policies. These groups allow you to specify permissions for multiple users, making it easier to manage their permissions.
3. IAM Roles: An IAM role is an identity with specific permissions. Unlike an IAM user, a role isn’t uniquely associated with one person; it’s intended to be assumable by anyone who needs it.
4. IAM Policies: An IAM policy is a document attached to a resource (such as an AWS user, group, or role) that defines what actions a principal (user or service) can perform on that resource. When a request is made, AWS evaluates the attached policies to determine whether the request is allowed or denied. These policies are typically written in JSON format and grant specific permissions for actions like accessing Amazon DynamoDB, managing S3 buckets, launching EC2 instances, invoking Lambda functions, and more.

IAM best practices

1. Adopt a Zero Trust Approach: Assume no implicit trust. Always verify and authenticate users, even within your organization.
2. Identify and Protect High-Value Data: Understand which data is critical and ensure strict access controls for it.
3. Enforce Strong Password Policies: Require complex passwords and regular updates.
4. Use Multi-Factor Authentication (MFA): Add an extra layer of security by combining passwords with a second form of authentication.
5. Automate Workflows: Use IAM roles and policies to automate access management and reduce manual intervention.
6. Apply the Principle of Least Privilege: Grant only necessary permissions to users, minimizing potential risks.
7. Enforce Just-in-Time Access: Provide access only when needed, reducing exposure.
8. Leverage Role-Based and Attribute-Based Access Control: Combine these approaches for fine-grained

Elastic Compute Cloud (EC2) Storage

EC2 Storage Options

1. Instance Store: For temporary storage (akin to RAM), I explored instance store volumes. These provide high-speed, ephemeral storage but don’t persist data beyond instance termination.
2. Elastic Block Store (EBS): EBS volumes offer permanent storage (similar to hard disks). Types include:

• General Purpose SSD
• Provisioned IOPS
• Throughput Optimized
• Cold HDD

Load Balancing and Auto Scaling

Elastic Load Balancing (ELB)

1. Application Load Balancer (ALB): Ideal for HTTP/HTTPS traffic, ALB handles containers, microservices, and complex content management systems.
2. Network Load Balancer (NLB): For TCP, UDP, and TLS traffic, NLB operates at layer 4, serving high-performance web servers and caching systems.
3. Classic Load Balancer: Although older, it still serves specific use cases.

Auto Scaling Groups

An Auto Scaling group is a logical collection of Amazon EC2 instances used for automatic scaling and management.

Benefits of Auto Scaling Groups:

Fault Tolerance:

• Auto Scaling detects unhealthy instances and replaces them automatically.
• Configuring multiple Availability Zones ensures resilience even if one zone becomes unavailable.

Availability:

• Auto Scaling maintains the right capacity to handle current traffic demand.
• Scales up or down dynamically based on load, ensuring optimal performance.

Cost Management:

• Dynamically adjusts capacity, saving costs by launching instances only when needed.
• Terminates instances when demand decreases, avoiding unnecessary expenses.

Components of an Auto Scaling Group:

1. Instances
2. Health Checks
3. Launch Configurations
4. Minimum and Maximum Instances
5. Scaling Policies

Amazon S3 (Simple Storage Service)

Amazon S3 is a powerful object storage service offered by Amazon Web Services (AWS). Here are the key points:

1. Scalability: S3 can store virtually any amount of data, from small files to exabytes, with unmatched performance. It automatically grows and shrinks as you add or remove data, and you pay only for what you use.
2. Durability and Availability: S3 provides industry-leading data durability (99.999999999% or 11 nines) and availability (99.99%) by default. It’s designed to be highly reliable, and backed by strong SLAs.
3. Versioning: leveraged versioning for protection against accidental deletions and compliance requirements.
4. Security and Data Protection:

• Secure: S3 encrypts data by default and supports various access controls.
• Auditing: Monitor access requests to your S3 resources.
• Compliance: Meet regulatory requirements.

4. Storage Classes: Standard, Intelligent Tiering, Infrequent Access, One Zone IA, Glacier and Glacier Deep Archive.

5. Use Cases: Static website hosting, big data analytics, backup and restore

Relational Database Service (RDS)

Amazon Relational Database Service (RDS) is a fully managed cloud database service provided by Amazon Web Services (AWS). Here’s what you need to know:

1. Purpose: RDS simplifies database management by automating tasks like provisioning, backups, and patching. It allows you to focus on your application rather than database administration.
2. Choice of Engines: You can deploy and scale various relational database engines, including:

• Amazon Aurora (compatible with PostgreSQL and MySQL)
• PostgreSQL
• MySQL
• MariaDB
• SQL Server
• Oracle
• Db2

3. High Availability: RDS offers Multi-AZ deployments for high availability and failover.

4. Use Cases:

• Web and Mobile Applications: Support growing apps with scalability and flexible pay-per-use pricing.
• Managed Databases: Innovate without the complexity of self-managing databases.
• Migrate from Legacy Systems: Consider migrating to Amazon Aurora for cost savings and improved performance.

Benefits:

• Multi-AZ deployments for high availability
• Read replicas for read scaling and disaster recovery
• Automatic backups

Conclusion

Week 6, or perhaps I ought to say weeks 6 to 13 of my exploration of the AWS cloud, has offered me a fascinating comprehension of AWS offerings. From understanding IAM principles to exploring load balancing and storage choices, I have acquired valuable knowledge. As I progress, I am eager to delve deeper into more cloud technologies and play a part in creating innovative solutions.

Feel free to contact me to discuss Agile, cloud adoption, or anything tech-related. 🚀
You can also connect with me on LinkedIn.