AWS Basics — and points that stood out

I recently took a course on Linked In Learning on Amazon Web Services for developers since I knew that one day I might be using it eventually when I plan on deploying the applications I build on the cloud.

Most of the concepts I learnt were similar to cloud computing concepts that I had previously learnt, but some key points here stood out more than others.

Do take note that these key points are more specific to AWS services and have been categorised according to concepts.

Key Points (categorised according to concepts covered) :

1. AWS Essential SetUp :

• You will be charged for using AWS for the first time but some services offer free usage under free tier, so do your research before you buy.
• Configuring AWS command line tools with your access key on your secured workstation is the most secure use case for your personal AWS access key.
• The best way to share your AWS account with your team is to create an IAM user for each team member.
• Only the AWS root user can delete the AWS account.

2. On Premise to AWS :

• An availability zone can contain several individual data centers.
• An availability region can contain several availability zones or an availability region is a geographical group of several availability zones.
• In the shared responsibility model, AWS will ensure that the physical server hardware is healthy as the maintenance task performed on your EC2 instance.
• When you create a new server instance, AWS creates a virtual machine which is a software abstraction that divides up the physical server’s resources.

3. IaaS Computing :

• Vertical scaling increases physical hardware to a single server.
• Horizontal scaling spreads traffic across several identical servers.
• All traffic is blocked by default to protect your cloud infrastructure, and a security group rule allows external traffic.
• When creating a new EC2 instance, auto-assign a new IP address to be able to access it from the public internet.
• The best EC2 instance type to install a database type that will consume large amounts of CPU resources continuously will be m5.xlarge.
• If you have to switch computers and lose your key pairs in the process, follow the AWS documentation and instruction to generate a new key pair and recover existing instances.

4. IaaS Storage :

• Serving web content with cloud front is a valid use case for public S3 bucket.
• S3 Standard storage class is best for storing the only copy of the latest backups for your database.
• IAM roles grants permissions without leaving a key on the server which could potentially be compromised, hence making IAM roles better security than access keys.
• AWS SDK doesn’t always require you to hard code it with an access key to access AWS services.
• ‘aws s3 ls’ is the CLI command that wilbl list all the S3 buckets you have access to.
• EBS is faster than EFS, while S3 is the slowest among these.
• If you are unable to mount an EFS volume, it is most likey a firewall or a security group blocking the network traffic to the EFS endpoint.
• EBS snapshot is only the backup of data volume.
• Amazon Machine Image or AMI includes everything needed to relaunch the instance.

5. IaaS Networking :

• If you want to use Route53, you only need to point your domain’s DNS servers to the Route53 servers.
• An Application Load Balancer (ALB) is used for http traffic.
• A Network Load Balancer (NLB) is used for services such as low-latency streaming services where traffic requires speed.
• You could place your database server within a private subnet within your VPC, but that would mean that you need a Client VPN connection, otherwise you cannot access your server with a database client tool.
• If you stop and start the EC2 instance, you could lose the public IP address associated with your instance.
• A NAT gateway will not allow public originating internet traffic to pass to a server.
• An Internet gateway will allow public originating internet traffic to pass to a server.
• You could create a private subnet within a VPC to isolate database and file servers frompublic internet traffic.

6. Database as a Service (DBaaS) :

• If 10,000 Internet of Things devices are sending in real-time telemetry on a certain situation at , let’s say 5/10-second intervals, the best service to capture this data would be Kinesis.
• Redshift is the best database choice if you need to store large streams of data coming from web and mobile application and generate aggregated reports on usage patterns.
• Elasticsearch, however, is not supported by ElastiCache.
• DynamoDB is a NoSQL database type that can quickly store and retrieve key value pairs.
• Aurora is the best choice for hosting a database for an application that uses MySQL database but you do not want to manage scaling or database administration tasks.
• Ingesting a large stream of data is a valid use case for a queue or a message broker that would sit in front of your relational database.

7. Platform as a Service (PaaS) :

• Step Functions are the best service for implementing multi-step workflow within AWS.
• You can create an entire web application using Lambda functions.
• For a WordPress site, such as this one, Elastic Beanstalk is the AWS service which can be used to host the web application.
• A Docker Container can be hosted by Elastic Compute Cloud (EC2), Elastic Beanstalk and Elastic Container Service (ECS).

8. Software as a Service (SaaS) :

• Never put sensitive data on an S3 Bucket.
• An IoT device need not be certified for use with IoT Core to use it for tracking state of IoT appliance.
• MediaConvert service can be used to transcode and splice together movie clips.
• Rekognition service can be used to identify things it finds in an image.
• API Gateway service can manage a REST API layer.
• Cognito service can handle user authentication for web and mobile applications.

9. DevOps with AWS :

• DevOps allows you to view your infrastructure as code.
• It allows monitoring response times and application health.
• Operations and Development teams share responsibilities.
• Internal application performance and response times is difficult to monitor with CloudWatch.
• CloudFormation tool is best for defining AWS services as code.
• CI automatically builds code and runs tests against it.
• CD automatically deploys working code.

10. Security on AWS :

• CloudTrail tool can be enabled to maintain an audit log of access and changes to your AWS infrastructure to comply with some of the auditioning requirements of some compliance standards.
• In case an EC2 instance running a WordPress site keeps getting hacked, even though you have restored the server several times and have patched WordPress, GuardDuty tool can be enabled to help you detect the next time the server becomes compromised.
• Web Application Firewall (WAF) deploys on top of Application Load Balancer (ALB) service.

However, when it comes to the security of AWS, it is also worth noting that in February 2020, AWS was targeted by the largest DDoS Attack to date with a peak traffic volume of an astounding 2.3 Tbps using Connectionless Lightweight Directory Access Protocol (CLDAP) Reflection technique which uses CLDAP servers to amplify the data traffic by nearly 70 times. This was reportedly mitigated by AWS Shield.

Note: This article is not sponsored and is purely based on the author’s opinions and personal experience on the journey of learning. None of the links provided here are affiliate links and are provided only for the purpose of learning.

The author is a student completing an Engineering Degree in Computer Science with Specialisation in Cloud Technology and Mobile Applications.

Check out this article on my blog : AWS Basics and points that stood out

Blog : JOTMOS

Follow my profile