AWS Overview

Technology Overview

AWS Organizations and Accounts

Organizations allow us to centrally manage billing, control access, compliance, security and share resources across AWS accounts.

Root User Account is a single sign-in identity that has complete access to all AWS services and resources in an account. Each account has a Root User account.

Organization Units are a group of AWS accounts within an organization which can also contain other organizational units - creating a hierarchy

Service Control Policies give central control over the allowed permissions for all accounts in your organization, helping to ensure our accounts stay within our organization guidelines.

In Services menu, search Organization and click AWS Organizations. Next page, click Create organization. After email confirmation, our root account will be starred as Master account.

In IAM console menu, click Organization activity. We will be able to see our Master account.

In Organizations console, click Organize accounts tab, click Create organizational unit. We can now create an account under the newly created organizational unit. Now we will create a new Policy. Click Create Policy. Now we can attach this policy to that newly created Organizational Unit. If any account is not used anymore, we can only close it and cannot delete it.

AWS Networking

Region: The geographical location of our network

VPC - Virtual Private Cloud: A logically isolated section of the AWS Cloud where we can launch AWS resources

AZ-Availability Zone: The data center of our AWS resources

Internet Gateway: Enables access to the Internet

Route Tables: determine where network traffic from our subnets are directed

NACLs-Network Access Control Lists: Acts as firewalls at the subnet level (Layer 2)

Security Groups: Acts as firewall at the instance level

Subnets: A logical partition of an IT network into multiple, smaller network segments

NAT-Network Address Translation: Maps Public IP (layer 3) and Ports (Layer 4-TCP/UDP etc) to Private IP and ports.

Database Services

DynamoDB - NoSQL key/value database. Like Cassandra

DocumentDB - NoSQL Document database that is MongoDB compatible.

RDS - Relational Database Service that supports multiple engines.

Engines: MySQL, Postgres, Maria DB, Oracle, Microsoft SQL server, Aurora

Aurora: MySQL (5x faster) and PSQL (3x faster) database fully managed

Aurora Serverless - only runs when we need it, like AWS Lambda

Neptune - Manged Graph Database

Redshift - Coulumnar database, petabyte warehouse 1000TB = 1PB

ElastiCache - Redis or Memcached database

Provisioning Services

The allocation or creation of resources and services to a customer

Elastic Beanstalk: Service for deploying and scaling web applications and services developed with Java, .Net, PHP, Node.js, Python, Ruby, Go and Docker

OpsWorks: Configuration management service that helps managing instances using Chef and Puppet.

CloudFormation: Infrastructure as code, make a template in JSON or YAML and use to deploy and configure our cloud resources and services

AWS QuickStart: pre-made templates / packages that can launch and configure AWS compute, network, storage and other services required to deploy a workload on AWS

AWS marketplace: a digital catalog of thousands of software listings from independent software vendors we can use to find, buy, test and deploy software.

Computing Services

EC2: Elastic Compute Cloud, highly configurable servers eg. CPU, Memory, Network, OS (Infrastructure as a Service - IaaS)

ECS: Elastic Container Service (Docker as a Service). Highly scalable, high-performance container orchestration service that supports docker container, pay for EC2 instances.

Fargate: Microservices where we do not think about the infrastructure. Pay per task.

EKS: Kubernetes as a Service. Easy to deploy, manage and scale containerized applications using Kubernetes.

Lambda: Serverless functions. Run code without provisioning or managing servers. Only pay for the compute time

Elastic Beanstalk: Orchestrates various AWS services, including EC2, S3, Simple Notification Service (SNS), CloudWatch, Autoscaling, and Elastic Load Balancers

AWS Batch: Plans, schedules and executes batch computing workloads across the full range of AWS compute services and features such as Amazon EC2 and Spot Instances.

Storage Services

S3 - Simple Storage Service - Object storage

S3 Glacier - low cost storage for archiving and long-term backup

Storage Gateway - hybrid cloud storage with local caching. File Gateway, Volume Gateway, Tape Gateway

EBS - Elastic Block Storage - hard drive in the cloud attached to EC2 instances (SSD, IOPS SSD, Throughput HHD, Cold HHD)

EFS - Elastic File Storage - file storage mountable to multiple EC2 instances at the same time

Snowball - Physically migrate lots of data via a computer suitcase 50-80 TB

Snowball Edge - A better version of Snowball - 100 TB

Snowmobile - Shipping container, pulled by a semi-trailer truck - 100 PB

Business Centric Services

Amazon Connect - Call Center - Cloud based call center service we can setup in just a few clicks - based on the same proven system used by the Amazon customer service teams.

WorkSpaces - Virtual Remote Desktop - Secure Managed service for provisioning either Windows or Linux desktops in just a few minutes which quickly scales up to thousands of desktops

WorkDocs - A content creation and collaboration service - easily create, edit and share contend saved centrally in AWS (AWS version of Sharepoint)

Chime - AWS Platform for online meetings, video conferencing and business calling which elastically scales to meet our capacity needs.

WorkMail - Managed business email, contacts and calendar service with support for existing desktop and mobile email client applications. IMAP

PinPoint - Marketing campaign management system we can use for sending targeted email, SMS, push notifications and voice messages

SES - Simple Email Service - A cloud based email sending service designed for marketers and application developers to send marketing, notification and emails.

QuickSight - A Business Intelligence (BI) service. Connect multiple data sources and quickly visualize data in the form of graphs with little to no programming knowledge.

Enterprise Integration

Direct Connect - Dedicated gigabit network connection from our premises to AWS. Imagine having a direct fibre optic cable running straight to AWS.

VPN: Establish a secure connection to our AWS network. Site to Site VPN - connecting on-premise to our AWS network and resources. Client VPN - Connecting a Client (laptop) to our AWS network and resources.

Storage Gateway - A hybrid storage service that enables our on-premise applications to use AWS cloud storage. We can use this for backup and archiving, disaster recovery, cloud data processing, storage tiering and migration.

Active Directory - The AWS Directory Service for Microsoft Active Directory also known as AWS Manged Microsoft AD - enables directory aware workloads adn AWS resources to use manged Active Directory in the AWS Cloud.

Logging Services

CloudTrail - Logs all API calls (SDK, CLI between AWS services. Detect developer misconfiguration. detect malicious actors, Automate responses

CloudWatch - is a collection of multiple services including

CW Logs - Performance data about AWS Services eg. CPU Utilization, Memory, Network In Application Logs eg. Rails, Nginx. Lambda logs

CW Metrics - Represents a time-ordered set of data points.

CW Events - Trigger an event based on a condition eg. every hour take snapshot of server

CW Alarms - triggers notifications based on metrics

CW Dashboard - create visualizations based on metrics

Know thy Initials

Next: Security