AWS
Overview
Amazon was the first company to offer cloud infrastructure to developers at other companies. This head start allowed Amazon to have the largest share of the cloud computing market as of 2020 according to Gartner research.
The company offers a complete range of IaaS and PaaS services. Among the most popular are its Elastic Beanstalk, Elastic Block Store (EBS), Glacier storage, Relational Database Service (RDS), and DynamoDB NoSQL database. It also offers cloud services related to networking, analytics and machine learning, the Internet of Things (IoT), mobile services, development, cloud management, cloud security and more.
Two of the earliest AWS offerings are still among their most well-known, Amazon Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2).
S3 is like a developer's version of Dropbox that can automatically scale across millions of gigabytes.
EC2 allows teams to rent machine instances that are analogous to setting up physical machines, but without the physical effort or up-front hardware purchases.
AWS Lambda is an event-driven, serverless computing platform service that runs code in response to events. Lambda costs less to maintain and operate than EC2, but the former is not suitable for code that runs longer than a few minutes, and migrating on-premises applications to Lambda will likely require significant code rewrites and testing.
Over the years, Amazon has developed an ecosystem around their cloud offerings. Plus, Amazon launches new cloud features and changes at a fast pace, so there's always something new to consider.
Architecture principles
Design principles
Scalability (horizontal, vertical)
Disposable Resources Instead of Fixed Servers (Instantiating Compute Resources, infrastructure as a code)
Automation (Serverless Management and Deployment, Infrastructure Management and Deployment, Alarms and Events)
Loose Coupling (Well-Defined Interfaces, Service Discovery, Asynchronous Integration, Distributed Systems Best Practices)
Services, Not Servers (Managed Services, Serverless Architectures)
Databases (Relational Databases, NoSQL Databases, Data Warehouses, Graph Databases)
Managing Increasing Volumes of Data (Data Lake)
Removing Single Points of Failure (Introducing Redundancy, Detect Failure, Durable Data Storage, Automated Multi-Data Center Resilience, Fault Isolation and Traditional Horizontal Scaling)
Optimize for Cost (Right Sizing, Elasticity, Take Advantage of the Variety of Purchasing Options)
Caching (Application Data Caching, Edge Caching)
Security (Use AWS Features for Defense in Depth, Share Security Responsibility with AWS, Reduce Privileged Access, Security as Code, Real-Time Auditing)
Cloud Architecture Best Practices (Decoulpe your components, Think parallel, Implement elasticity, design for failure)
Infrastructure
AWS is able to support this massive workload thanks to its Global Cloud Infrastructure, which consists of the following:
Availability Zones - offer highly availability, fault tolerance, and scalability. It consists of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities.
Regions - provide multiple, physically separated, and isolated Availability Zones which are connected with low latency, high throughput, and highly redundant networking.
Edge Networks - are locations that CloudFront uses to cache copies of your content for faster delivery to users at any location.
Pricing
There are three fundamental drivers of cost with AWS:
Compute
Storage
Outbound data transfer
For certain services like Amazon EC2, Amazon EMR, and Amazon RDS, you can invest in reserved capacity. There are also volume-based discounts for services such as Amazon S3. For new accounts, AWS Free Tier is available. You can estimate your monthly AWS bill using AWS Pricing Calculator.
Disaster recovery
Backup and Restore – storing backup data on S3 and recover data quickly and reliably.
Pilot Light for Quick Recovery into AWS – quicker recovery time than backup and restore because core pieces of the system are already running and are continually kept up to date.
Warm Standby Solution – a scaled-down version of a fully functional environment is always running in the cloud.
Multi-Site Solution – run your infrastructure on another site, in an active-active configuration.
AWS Support Plans
Basic
Developer
Business
Enterprise On-Ramp
Enterprise
Shared responsibility
In a nutshell, AWS is responsible for securing the physical infrastructure that runs all of the services in the AWS Cloud, while the customer is responsible for the security of their own data processed and stored within the AWS infrastructure.
Security “of” the Cloud – AWS manages, operates, and controls the host operating system, virtualization layer, as well as the physical security of its data centers. These data centers are physical facilities that house all the resources, and they require security measures to protect the IT assets inside, as customer data is stored in the storage volumes within the data center or across multiple availability zones. Additionally, AWS is responsible for maintaining the physical servers, including tasks such as applying OS patches, installing firmware updates, and implementing physical and environmental controls for its data centers to guarantee the availability, reliability, and scalability of its cloud service.
Security “in” the Cloud – the customer is responsible for configuring the AWS-provided security group and virtual firewall, as well as managing the guest OS and related applications. Take note that the level of responsibility for cloud security and maintenance varies depending on the type of service used by the customer, such as Infrastructure as a Service (IaaS) or abstracted services. For example, Amazon EC2 is classified as IaaS, which means you must perform all the necessary security configuration and management tasks. However, for abstracted services such as Amazon S3 and DynamoDB, AWS handles almost everything from the infrastructure layer, and you are only responsible for managing the data, classifying their assets, and applying the fine-grained permissions using IAM tools to meet the compliance requirements.
Last updated
Was this helpful?