Cloud Giant
A quick look at Amazon Web Service
It has been an overwhelming months of us developing a serverless app in AWS. In the beginning, all of us know nothing about this kinds of architecture. We were never formally introduced to this environment or cloud computing in general. For me personally, it has been an awesome experience working with AWS. The knowledge I gathered has opened many possibilities of stuff that I can create. So now, I’ll try giving you all a quick look at AWS environment and maybe some code snippet of implementation.
Why AWS
AWS was launched in 2006, 2 years earlier than Google Cloud Platform and 4 years earlier than Microsoft Azure. Being the oldest one has a couple of advantages. Community support is strong with AWS, being the biggest provider over all of the other and also the oldest means that you can find support to your needs easily. Communities are already built and maintained.
Among all of the cloud provider available, AWS has the most services of them all. In total, AWS has 175 services, from computing power, storage, and database to new-gen technology like machine learning, VR, and IoT. Availability also is a strong point of AWS, there are 69 availability zones across 22 region. 13 more zones are also being planned and one of them will be in Jakarta.
Let’s dive in
In order to use AWS services you need to register an account. Note that in order to finish the registration, you will need to include your credit card information.
Console
Dashboard for all of your services. Here you can easily access all the services available and also the recently visited one. You can also quickly search services you are trying to access. There are extra resources on the side also.
IAM
Stands for Identity Access Management, IAM is a service that allow you to manage a user or a service access to AWS resources. Personally, I think IAM is the first thing to learn before developing in Cloud.
You can create a user to allow other developer to join on your development. Granularly tuning their privileges to resources. This way, we can limit a developer’s access to some services that either they are not interacting with or to sensitive resources like database or payment bills.
The way you can fine-grain access right is by attaching a policy to the user or to a service. There are many pre-built policies to bootstrap your management. If you want more granular control, you can create your own policy. By the way, it is a best practice to never use a root account in your daily activities, instead create an IAM user.
For fine tuning services access to other services, there are also roles. Similar to user, you can attach policies to those roles. Roles also can be attached to another user that are from a different root account and also to user who are federated.
Compute Services
One of the most basic forms of cloud services is the compute services groups. AWS has many offerings depending on your needs. From a barebone virtual machine which you can manage entirely like EC2, to managed hosting service like Lightsail, to a serverless function.
Our project is a serverless web application, so in this group, we only use Lambda as the middleware to some of the other services.
Lambda is a service where you can host your code to run without managing the resources. It can run code built in Python, Node, Go, Ruby, Java, and .Net environment. Some common use of a serverless function service like Lambda is to act as a middleware to the database for a frontend application. Since connecting to database straight from the frontend app is dangerous, we can call the function via http request to safely access the database.
Here is an example of a Lambda function. This function will move a user to a default “member” group after the user successfully confirm their user via OTP or email. This function will get triggered after an event created by other services. Speaking of trigger, there are a couple other trigger that can call a Lambda function such as http request or an event.
Storage and Database Services
On each of the service group, there are many offering for different needs. On the storage side, we in our project use Simple Storage Service or S3 for short. It allow us to store files easily and access them. Our app has an upload feature where the user can upload a document, either in an image form or document.
In the database side of things, there is solution for every kind of database needs. The most common ones are Relational Database System where you can fire up a database instance using any popular DBMS. There is service for NoSQL database such as document based and key-value based. We of course use one of these services which is DynamoDB, a key-value database service. We use DynamoDB to store all of the application data.
Other services
Here are a few more services that we use.
- Cognito, a user management service. In our project we use Cognito to host our user pool, we also use this service to authorize access to other AWS resources.
- Amplify Console. A hosting and continuous delivery service. You can host your front-end serverless application in Amplify. This service works well in a serverless environment together with AppSync. The way we deploy our app is by setting up a git hook so that Amplify know when we push new changes to the repository.
- AppSync. A GraphQL endpoint act as the aggregator for all of our datasources. By using AppSync, we can easily call an API using GraphQL to structure our request.
Here we are
It has been a blast working with AWS. I really hope in the future, I can work in cloud environment again albeit in GCP or even maybe on Azure. Cool tech, 10/10 would go cloud again.
