Introduction to AWS
What is AWS
Amazon Web Services provides different storage and computing cloud services on an on-demand, pay-by-minute/pay-by-request fashion. Combined with the free 12-month offering (with limitations) and free-forever tier(for some services) AWS is a cost-effective solution to learn, play and host applications and websites.
Services range from simple virtual machines and file hosting to sophisticated machine learning, voice recognition and big data handling offerings.
Lots of services in AWS have a distinguished, custom name. There is a page “AWS In Plain English” which aims to explain AWS in common terms.
Alternatives to AWS
Amazon is not a single company offering cloud services. There are Google Cloud Platform, Azure Cloud Sevices, Alibaba Cloud, and others.
Also, another option is to host services in private infrastructure, using virtual machines, private clouds and container engines such as Kubernetes.
Why AWS?
Amazon Web Services provides one of the most comprehensive sets of cloud services on the market. Granted, AWS web application (called console) is far from ideal, but there is a lot of command line tools and various integrations so for complex infrastructure there is no need to do everything from AWS console.
Should I choose AWS?
While taking into account that some of the offerings have free tiers, improper, invalid and over usage of resources can result in a significant cost of running things in Amazon. Here is a short QA.
Why should I choose AWS?
I am looking for AWS to learn, improve my cloud knowledge and experiment with things
Yes! Be careful with costs though. Be sure to read Free tier limits (see below) and Enable budgets alerting (see below)
My company uses AWS
Yes! Ask your company to create you an account or create an account using company billing credentials to avoid paying for AWS services.
My customer or my company`s customer uses AWS
Ask the customer to create you an account.
I am in the startup which trying to build a high performance, scalable application
Yes! Use modern tools like DynamoDB, Lambda, AppSync, and others to offer low cost, the pay-as-you-scale model of running apps.
I have millions of visitors per day, highly busy website with terabytes of traffic.
No! Build a team of brilliant engineers by your side. Trust them to use privately hosted services such as Kubernetes to build your own private cloud for hosting.
I am interested in AWS but I don`t have time to figure out all the details of free tiers and billing.
No! If you will not be careful with AWS services you can easily incur the costs of hundreds of dollars per month!
Free Tier
During the first 12 months from registration, new accounts receive for free storage space, traffic, and requests (depending on the service).
Check out the following link for more information:
Registering
Register for AWS using your email address. During registration, you also must enter your card details. It will not be billed but will be used at the start of the next month to pay for the monthly bill.
After registration, keep “Basic Support plan”. There is a plenty of information about AWS services (on forums, stack-overflow and internet so you probably will not need AWS assistance.
After registration, you will be presented with the AWS console. In some cases, before you can access AWS services you might need to wait for verification for up to 24 hours.
Congratulations!
You can now access various services on Amazon!
Important AWS console services
- My Account. Contains details of your account. Copy information from this page to a file on your computer in order to be able to access without logging in to the account and when using command line tools.
- My Billing Dashboard. Contains the bill for the current month, previous bills, and budget control. Be sure to check regularly (every day for the initial time, if you have any services running on AWS or actively trying things).
- Find a service by name. Also available if you press Services ▼. Just type a service you want, for example, “S3” and ENTER and you will go to this service straight away.
Enable budgets
It is very important to control how much money it will cost to host your services on AWS. It can be free (if you are using only free-tier services and stay within limit), very small amount or easy hundreds of dollars if you deploy multiple services with large demands for CPU, memory or disk.
Go to My Billing Dashboard and select Budgets.
Enter the desired monthly budget, maybe a little bit higher than you expect. Create alert for tracking when 10% of the budget is spent. This will allow you to control everyday spending of money. Also, create alert for the forecasted amount. The forecasted amount is when already spent money are projected into the full month. If you delete all your services before the month runs out, the forecasted amount will never be met by the proportional number of days in the month left.
Choose a region
Another important concept of AWS is a region. Basically, the region is a specific datacenter which is used to host your services. Some services don`t need the region to be selected or always select some fixed region for you.
BE SURE TO SELECT CLOSEST REGION TO YOU AND REMEMBER IT!
Example regions: us-east-1 (N. Virginia), eu-west-1 (Ireland)
For simplicity, we will call this region as your region and will default to eu-west-1.
Here is a short overview on region selection for different services.
- Console ➡ Selects default region per session
- IAM (Users, Groups, roles, and policies) ➡ Global (does not require region selection)
- Route 53 (DNS zones and records) ➡ Global (does not require region selection)
- Certificate Manager (SSL certificates) ➡ N. Virginia for CloudFront certificates, your region for ALB/ELB certificates
- Cloudfront (Content distribution network and SSL for services, sites, and APIs) ➡ Global (does not require region selection)
- WAF (firewalls and resource protection rules) ➡ Global. WARNING: Region is selected INSIDE WAF during resource creation. Select Global for WAF resources for CloudFront or your region for ALB/ELB resources.
Creating a special user for access to services
Your main email and password are called a root account. AWS recommends creating a separate user to access all services, both through AWS console and from the command line.
IAM stands for Identity and Access Management. It allows creating groups and users which can access your root account. This way you can give other users access and terminate it any time.
When creating user be sure to allow [x] Programmatic access and [x] AWS Management Console access. When new user will be created, you will relogin with new username and password.
When creating user be sure to allow [x] Programmatic access and [x] AWS Management Console access. When new user will be created, you will relogin with new username and password.
IMPORTANT!!! Copy the following details from this screen
- Sign-in URL. This URL must be used to log in with this user.
- User. Username to log in.
- Password. Temporary, first-time password.
- Access key ID. ACCESS_KEY_ID for using in command line tools and various services. DO NOT SHARE THIS INFORMATION!
- Secret access key. SECRET_ACCESS_KEY for using in command line tools and various services. DO NOT SHARE THIS INFORMATION! It gives access to all your account features and allows others to create services on your behalf! Write it down now, you will not able to access it again!
Enable IAM users to access billing dashboard
As will be explained below, after that you will access AWS using special IAM user. In order to see your current costs, you should allow IAM users to access billing information.
For that, go to My Billing Dashboard -> Preferences and set the checkbox here:
Relogin to AWS using new user credentials
Creating S3 bucket
In AWS terminology, S3 is Simple Storage Service, i.e. a place to save and download different files. Bucket means some unique named resource created by you which you can use to create directories and host files.
Select Services ▼ and enter S3. Press Create bucket and enter the unique name for the bucket. S3 bucket name must be unique across all Internet!
When creating the bucket, choose Grant public read access to this bucket. This will allow accessing this bucket over the Internet to host a public website.
After your bucket created, go into it and select Static website hosting in properties.
Add index.html and error.html into respective fields to enable proper response from the bucket. Bucket created, now we can go to command line tools and actually upload a file to this bucket. Write down your bucket name as you will need it later.
Command line access
Go to AWS website and download CLI tools for your platform. After installation, aws command will be available on your system. Configure AWS command line tools by executing > aws configure in the command line:
Enter your ACCESS_KEY_ID and SECRET_ACCESS_KEY which was generated during Creating a special user for access to services. Enter your region code so it will be used by default for all operations which require region.
Accessing AWS S3 via command line
Now you have configured AWS command line tools and can access S3 bucket and upload files to it. Execute > aws s3 ls to list all available buckets:
Create some sample HTML file to upload to S3 bucket. For example, use Hello, world! page Bootstrap CSS framework.
Save this file as index.html to your local computer. Execute
> aws s3 cp — acl public-read index.html s3://your-bucket-name/
to upload file to the bucket. Do not forget to substitute your-bucket-name for your bucket name.
Opening static S3 files in the browser
As we have created a publically accessible bucket we can actually open this newly uploaded file in the browser.
Go to AWS console, select Services ▼ and enter S3. Select your bucket and newly uploaded file index.html.
Copy the link to file at the bottom and open it in the browser. Voila! You created your first AWS served web-page!
Next steps
Explore different services of AWS!
To host real websites — create domain zone in Route 53 in AWS and host S3 buckets as domains! See the next sections below for more information.
Create and host a Domain
Now we will use Route53 service to host DNS records domain on AWS. DNS is used to associated web addresses (i.e. amazon.com) with real resources, or in case of AWS, with resources hosted in Amazon Cloud. By using Route53 you can host your domain and serve your S3 bucket as a real website.
Go to AWS console, select Services ▼ and select Route 53.
Hosted zones is AWS name for domains in DNS
First, you need to go to domain name resellers and purchase your own domain. There is a lot of resellers, some of them international, some only sell regional domains. For example, GoDaddy, Namecheap, and others. Once you obtained a domain, create a hosted zone for this domain in AWS Route 53.
After creating the hosted zone, write down a list of nameservers for this zone. It is a Value for a record of your domain name, type: NS. Your list of nameservers will be different!
Go to your domain reseller control panel and enter DNS servers for the domain.
Once this change propagates on all DNS servers in the world, like 48 hours, you can start adding records to the domain.
To test everything work create a temporary record like youdomain.com, type A with IP address like 1.1.1.1 and check it using some DNS resolving tool, for example, https://intodns.com/.
Create SSL certificate for your domain
For CloudFront (see below) you need to create SSL certificates using Certificate Manager in region = us-east-1 (N.Virginia).
Open Certificate manager and start creating the certificate. Add both root/apex domain and *.yourdomain.com (wildcard domain) to the list of domains:
Select DNS validation as a method. For domains created on AWS Route 53, this means that you will get certificate done in 5 minutes because it will create records for you.
Press Create record in Route 53 for every certificate you requested and Continue and return back in a couple of minutes to see your certificate was created!
Now you can associate this certificate in CloudFront distribution and have your static site fully protected and accelerated by CDN.
Create CloudFront distribution
AWS CloudFront is a system for accelerating delivering content to customers all around the world. It achieves this by serving content closer to the customer, regardless of the region you are using. Also, it enables caching and SSL for domains which is very important nowadays as browsers emphasize having a secure channel between user and website.
Select Web distribution
When creating CloudFront distribution be sure to select CNAME (aliases) for your domain: yourdomain.com, www.yourdomain.com and select SSL certificate you have created.
All important options (leave default all the rest)
Creating CloudFront distribution takes up to 40 minutes, but usually, in 10 minutes you will be available to access it everywhere and in Route 53.
After creating CloudFront distribution you need to associate it with DNS records. Go to AWS Route 53 and press Create recordset in your domain. Select yourdomain.com A record, select alias and choose CloudFront distribution you created. Do the same for www.yourdomain.com A record.
After you have created those records, wait up to 5 minutes and your website will be accessible over the internet.
Conclusion
By following these series of articles you have done modern, high performance, production ready setup to host static websites and client-side applications.
The only one thing which was not covered by this articles is how to host APIs. These will be covered in the future. Stay tuned!
Further reading and links
- AWS Free Tier description — https://aws.amazon.com/free/
- AWS pricing — https://aws.amazon.com/pricing/
- AWS services & simple explanation — https://www.expeditedssl.com/aws-in-plain-english
- All AWS data center — choose closest one — http://turnkeylinux.github.io/aws-datacenters/
