Module – 1

Cloud Computing: The on-demand delivery of compute power, database,

storage, applications, and other IT resources via the internet with pay-as-you-go
pricing.

Cloud service models vary on how much control you have over IT resources.
 Infrastructure as a Service (IaaS) - Most control
 Platform as a Service (PaaS)
 Software as a Service (SaaS) - Least control

Cloud computing deployment models

 Cloud
 Hybrid
 On-premse (Private Cloud)

Advantages of Cloud Computing:

 Pay only for the resources you consume (variable cost vs upfront
capital expenditure)
 Economies of scale achieved by aggregate of all users
 Scaling on demand
 Speed and flexibility - changes are software level, not hardware
like traditional computing
 Lower overhead due to not maintaining hardware and data centers
 Data centers are global, like a company's customer base

AWS Cloud Adoption Framework provides guidance and best practices to help
organizations build a comprehensive approach to cloud computing across the
organization and throughout the IT lifecycle to accelerate successful cloud
adoption.

It has 6 perspectives: Business, People, Governance, Platform, Security,

Operation
 Module – 2

Cost Drivers of AWS:

1. Compute - charged by use time, varies by instance
2. Storage - charged per GB
3. Data Transfer - outbound transfers are aggregated and charged per GB,
inbound transfers and data transfers between services in the same AWS
Region typically have no charge

All Upfront Reserved Instance (AURI) -> Large Discount

Partial Upfront Reserved Instance (PURI) -> Lower Discount
No Upfront Payments Reserved Instance (NURI) -> Smallest Discount

Total Cost of Ownership (TCO): The financial estimate to help identify direct
and indirect costs of a system.
1. Server Costs
2. Storage Costs
3. Network Costs
4. IT Labor Costs
 Module – 3

The AWS Global Infrastructure is designed and built to deliver a flexible,

reliable, scalable, and secure cloud computing environment with high-quality
global network performance.

An AWS Region is a geographical area. When selecting a region consider the

following:
 Laws - Data governance and legal requirements
 Proximity - Select regions close to your customers for reduced latency
 Availability - Some services are region locked
 Cost - Cost varies by region

AWS data centers are designed for security. Each data center has redundant
power, networking, and connectivity, and is housed in a separate facility.

Amazon CloudFront - a fast content delivery network (CDN) service that

securely delivers data, videos, applications, and APIs to customers globally with
low latency, high transfer speeds, all within a developer-friendly environment.

AWS Infrastructure Features:

1. Elasticity and scalability - dynamically adapts to capacity and growth
needs
2. Fault-tolerance - Continues operating properly in the presence of a failure
due to built-in redundancy of components
3. High availability - High operational performance with minimized
downtime and no human intervention

AWS Storage Services:

 Amazon Simple Storage Services (S3)
 Amazon Elastic Block Storage (EBS)
 Amazon Elastic File System (EFS)
 Amazon Simple Storage Service Glacier

AWS Compute Services:

 Amazon EC2
 Amazon Elastic Container Services (ECS)
 AWS Elastic Beanstalk
 AWS Lambda
AWS Database Services:
 Amazon Relational Database Service (RDS)
  Amazon DynamoDB

AWS Network and Content Delivery Services:

 Amazon VPC
 Elastic Load Balancing
 Amazon CloudFront
 AWS VPN

AWS Security, Identity and Compliance Services:

 AWS Identity and Access Management (IAM)
 AWS Organizations
 AWS Shield

Module – 4
AWS security is shared between the Customer and Amazon itself.

Customer Security:

 Amazon Elastic Compute Cloud (Amazon EC2) instance operating

system - Including patching, maintenance
 Applications - Passwords, role-based access, etc.
 Security group configuration
 OS or host-based firewalls - Including intrusion detection or prevention
systems
 Network configurations
 Account management - Login and permission settings for each user

AWS Security:
 Physical security of data centers - Controlled, need-based access
 Hardware and software infrastructure - Storage decommissioning, host
operating system (OS) access logging, and auditing
 Network infrastructure - Intrusion detection
 Virtualization infrastructure - Instance isolation

Infrastructure as a service (IaaS)

 Customer has more flexibility over configuring networking and storage
settings
 Customer is responsible for managing more aspects of the security
 Customer configures the access controls

Platform as a service (PaaS)

 Customer does not need to manage the underlying infrastructure
 AWS handles the operating system, database patching, firewall
configuration, and disaster recovery
 Customer can focus on managing code or data

Software as a service (SaaS)

 Software is centrally hosted
 Licensed on a subscription model or pay-as-you-go basis.
 Services are typically accessed via web browser, mobile app, or
application programming interface (API)
 Customers do not need to manage the infrastructure that supports the
service

AWS Identity and Access Management (IAM) is a web service that enables
Amazon Web Services (AWS) customers to manage users and user permissions
in AWS. With IAM, you can centrally manage users, security credentials such
as access keys, and permissions that control which AWS resources users can
access.

Security features of AWS Organizations:

1. Service Control Policies
2. Key Management Service (Enables you to create and manage encryption
keys)
3. Cognito (Adds user sign-up, sign-in, and access control to your web and
mobile applications)
4. Shield (Is a managed distributed denial of service (DDoS) protection
service)

Data at rest = Data stored physically (on disk or on tape)

Data in transit = Data moving across a network

Module – 5

Amazon Route 53:

 A highly available and scalable Domain Name System (DNS) web
service
  Used to route end users to internet applications by translating names
(like www.example.com) into numeric IP addresses (like 192.0.2.1) that
computers use to connect to each other

Amazon CloudFront:
 Fast, global, and secure CDN service
 Global network of edge locations and Regional edge caches
 Self-service model
 Pay-as-you-go pricing

Module – 6

Amazon Elastic Compute Cloud (EC2):

 Provides virtual machines — referred to as EC2 instances — in the cloud
  Gives you full control over the guest operating system (Windows or
Linux) on each instance
 You can launch instances of any size into an Availability Zone anywhere
in the world with just a few clicks or a line of code, and they are ready in
minutes
 Resizable compute capacity
 You can launch instances from Amazon Machine Images (AMIs)
 You can control traffic to and from instances
 Provides tools to build failure resilient applications and isolate them from
common failure scenarios

EC2 Cost Model:

 Pay by the hour
 No long-term commitments.
 Eligible for the AWS Free Tier.

AWS Lambda
 Serverless computing enables you to build and run applications and
services without provisioning or managing servers.
 Supports multiple programming languages.
 Provides built-in fault tolerance and automatic scaling.
 An event source is an AWS service or developer-created application that
triggers a Lambda function to run.
 Pay-per-use pricing
 The maximum memory allocation for a single Lambda function is 3,008
MB.
 The maximum execution time for a Lambda function is 15 minutes
 Deployment package size = 250 MB unzipped, including layers

Introduction to Elastic Beanstalk

 An easy way to get web applications up and running
 A managed service that automatically handles
o Infrastructure provisioning and configuration
o Deployment
o Load balancing
o Automatic scaling
o Health monitoring
o Analysis and debugging
o Logging
 No additional charge for Elastic Beanstalk, pay only for the underlying
resources that are used
 It supports web applications written for common platforms
  You upload your code and Elastic Beanstalk automatically handles the
deployment

Module – 7

Amazon Elastic Block Store (EBS) is an easy to use, high performance block
storage service designed for use with Amazon Elastic Compute Cloud (EC2) for
both throughput and transaction intensive workloads at any scale.
With block storage, files are split into evenly sized blocks of data, each with its
own address but with no additional information (metadata) to provide more
context for what that block of data is. Object storage, by contrast, doesn’t split
files up into raw blocks of data. Instead, entire clumps of data are stored in, yes,
an object that contains the data, metadata, and the unique identifier. With block
storage you can update a single block without having to update the entire file
like in object storage.

Amazon Simple Storage Service (Amazon S3) is an object storage service that
offers scalability, data availability, security, and performance. Amazon S3
offers a range of object-level storage classes that are designed for different use
cases.

 Data is stored as objects in buckets

 Virtually unlimited storage but a single object is limited to 5 TB
 Designed for 11 9s of durability
 Granular access to bucket and objects
 Data is redundantly stored in the Region

Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully
managed elastic NFS file system for use with AWS Cloud services and on-
premises resources. It is built to scale on demand to petabytes without
disrupting applications, growing and shrinking automatically as you add and
remove files, eliminating the need to provision and manage capacity to
accommodate growth.

Amazon S3 Glacier is a data archiving service that is designed for security,

durability, and an extremely low cost.

Module – 8

Amazon Relational Database Service (Amazon RDS) makes it easy to set up,
operate, and scale a relational database in the cloud. It provides cost-efficient
and resizable capacity while automating time-consuming administration tasks
such as hardware provisioning, database setup, patching and backups. RDS
provides you with six familiar database engines to choose from: Amazon
Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB.
Amazon DynamoDB
 Fast and flexible NoSQL database service for any scale.
 NoSQL database tables with no limits
 Virtually unlimited storage
 Items can have differing attributes
 Scalable read/write throughput with no limits
 Supports document and key-value store models.
 Replicates your tables automatically across your choice of AWS Regions
 Works well for mobile, web, gaming, adtech, and Internet of Things (IoT)
applications
 Provides consistent, single-digit millisecond latency at any scale

Amazon Redshift is a fully managed, petabyte-scale data warehouse service in

the cloud. The Redshift service manages all of the work of setting up, operating,
and scaling a data warehouse. These tasks include provisioning capacity,
monitoring and backing up the cluster, and applying patches and upgrades to the
Amazon Redshift engine.
 Columnar storage and parallel processing architectures
 Automatically and continuously monitors cluster
 Encryption is built in

Amazon Aurora is a MySQL and PostgreSQL-compatible relational database

built for the cloud, that combines the performance and availability of traditional
enterprise databases with the simplicity and cost-effectiveness of open source
databases. Aurora features a distributed, fault-tolerant, self-healing storage
system that auto-scales up to 64TB per database instance. It delivers high
performance and availability with up to 15 low-latency read replicas, point-in-
time recovery, continuous backup to Amazon S3, and replication across three
Availability Zones (AZs). It also automates time-consuming tasks such as
provisioning, patching, backup, recovery, failure detection, and repair.
Module – 9

Reliability
 A measure of your system’s ability to provide functionality when desired
by the user
 System includes all system components: hardware, firmware, and
software
 Probability that your entire system will function as intended for a
specified period
 Mean time between failures (MTBF) = total time in service/number of
failures
Metrics
 Mean Time to Failure (MTTF)
 Mean Time to Repair (MTTR)
 Mean Time Between Failures (MTBF) = MTTF + MTTR

Fault tolerance: The built-in redundancy of an application's components and its

ability to remain operational.
Scalability: The ability of an application to accommodate increases in capacity
needs without changing design.
Recoverability: The process, policies, and procedures that are related to
restoring service after a catastrophic event.

AWS Trusted Advisor is an online tool that provides real-time guidance to

help you provision your resources following AWS best practices. It looks at
your entire AWS environment and gives you real-time recommendations in five
categories: Cost Optimization, Performance, Security, Fault Tolerance, Service
Limits. You can use AWS Trusted Advisor to help you optimize your AWS
environment as soon as you start implementing your architecture designs.

Module – 10

Elastic Load Balancing distributes incoming application or network traffic

across multiple targets in a single Availability Zone or across multiple
Availability Zones. It also scales your load balancer as traffic to your
application changes over time. Monitoring is done via Amazon CloudWatch,
access logs, and AWS CloudTrail logs.

Amazon CloudWatch

 Monitors: AWS resources and applications that run on AWS

 Collects and tracks: Standard and custom metrics
 Alarms: Send notifications to an Amazon SNS topic and perform
Amazon EC2 Auto Scaling or Amazon EC2 action
Amazon EC2 Auto Scaling
 Monitors your applications and automatically adjusts capacity to maintain
steady, predictable performance at the lowest possible cost
 Provides a simple, powerful user interface that enables you to build
scaling plans for resources
 Helps you maintain application availability
 Enables you to automatically add or remove EC2 instances according to
conditions that you define
 Detects impaired EC2 instances and unhealthy applications, and replaces
the instances without your intervention
 Provides several scaling options: Manual, scheduled, dynamic or on-
demand, and predictive
 An Auto Scaling group is a collection of EC2 instances that are treated as
a logical grouping for the purposes of automatic scaling and management.
 Scale out (launch instances), Scale in (terminate instances)