In this presentation I discuss variety of services provided by AWS. I choose services which are in my opinion most commonly used and which may benefit our Payment Platform project which is fully deployed on AWS. In the second part of presentation I show how AWS infrastructure is localized globally and what are differences between region, availability zone and edge location.
3. Agenda
1. Very quick introduction to AWS
■ Demo of AWS console
■ Most important services – subjective list
■ On-Premises infrastructure mapped to AWS
■ Shared responsibility model
2. AWS global infrastructure
■ Regions
■ Availability Zones
■ Single-AZ vs. Multi-AZ deployment
■ Edge Locations
3
4. ■ Who is this presentation for?
■ Prerequisites
■ You know what AWS is in general
4
Quick introduction to AWS
5. ■ My subjective list
■ Chosen by potential gain it may provide in our project
5
Most commonly used services
18. ■ What is Region?
■ How to decide which region to choose?
■ Latency
■ Legal compliance
■ Cost
■ Features
■ https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/
■ Currently 11 regions
■ AWS GovCloud (US) Region
18
AWS Global Infrastructure - Regions
19. ■ Consists of multiple Availability Zones (AZs)
■ Each AZ is physically isolated from each other
■ AZs are connected through low-latency private links
■ Around 25Tbps bandwidth and a latency of 2ms to 1ms
■ AZ is designed as an independent failure zone
19
AWS Global Infrastructure - Regions
21. 21
AWS Global Infrastructure
■ AZ Services, Regional Services and Global
Services
■Regional Services – examples
■ Auto Scaling Group
■ Elastic Load Balancer
■ S3
■ DynamoDB
■ CloudSearch
■ SQS
■Global services – examples
■ IAM
■ Route 53
■ Cloud Front
■AZ Services – examples
■ EC2
■ RDS
■ ElastiCache
22. ■ EC2 (or RDS) instances deployed in:
22
Multi AZ vs. Single AZ
Single AZ Multi AZ
Not highly available HA and DR
Lower price (RDS) Higher price
Limited scalability Better scalability
24. ■ Suitable for large enterprises
■ Allows maintain extremely high SLAs
■ Costs much more
■ Technically complex to setup correctly
24
Multi-region architecture
25. ■ Get closer to your customers
■ Few dozens of edge locations worldwide
■ Services that use edge locations
■ CloudFront
■ Route 53
25
Edge locations
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.
AWS Lambda is a compute service where you can upload your code to AWS Lambda and the service can run the code on your behalf using AWS infrastructure. After you upload your code and create what we call a Lambda function, AWS Lambda takes care of provisioning and managing the servers that you use to run the code.
https://aws.amazon.com/lambda/pricing/
Amazon Elastic Block Store (Amazon EBS) provides persistent block level storage volumes for use with Amazon EC2 instances in the AWS Cloud
Amazon Redshift is a fast, fully managed, petabyte-scale data warehouse that makes it simple and cost-effective to analyze all your data using your existing business intelligence tools
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, fully managed message queuing service
Amazon Simple Notification Service (Amazon SNS) is a web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients. In Amazon SNS, there are two types of clients—publishers and subscribers—also referred to as producers and consumers. Publishers communicate asynchronously with subscribers by producing and sending a message to a topic, which is a logical access point and communication channel
Amazon Simple Email Service (Amazon SES) is a cost-effective email service built on the reliable and scalable infrastructure that Amazon.com developed to serve its own customer base.
Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application.
Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS.
When evaluating the security of a cloud solution, it is important for customers to understand and distinguish between:
Security measures that the cloud service provider (AWS) implements and operates – "security of the cloud"
Security measures that the customer implements and operates, related to the security of customer content and applications that make use of AWS services – "security in the cloud"
AWS Responsibilities
AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure consists of the hardware, software, networking, and facilities that run Amazon Web Services.
Customer Responsibilities
The security configuration options you choose to use depend on the sensitivity of your workload and which services you are using.For AWS infrastructure services, like Amazon Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (S3) you have more choice around what security controls you deploy. For EC2, you have full control of when patchs are applied as well as any software you install so you can ensure that your systems are validated and managed in the same way you manage your existing machines today.
Region is designed to be completely isolated from the other Amazon EC2 regions. This achieves the greatest possible fault tolerance and stability.
Amazon EC2 is hosted in multiple locations all over the world.
It’s quite straightforward that resources geographically close to the client are served faster, so you can immediately get the rationale of creating so many regions all over the world: getting resources closer to who asks them. Right now, AWS has about 10 regions available, three of them in US and the others spread over Europe, Asia, Pacific and South America, but stay assured that more of them will be opened in the future.
For many of the AWS services, you will be asked in which region you want to deploy your resources. For example, if you launch an EC2 instance, you will be asked in which region to host it. Each region is totally isolated from the others, and they can talk only via the Internet. Actually, Regions are so isolated that when you view your resources, you’ll only see the resources tied to the region you’ve specified: AWS doesn’t replicate resources across regions automatically.
Each Availability Zone is isolated, but the Availability Zones in a region are connected through low-latency links
To ensure that resources are distributed across the Availability Zones for a region, we independently map Availability Zones to identifiers for each account. For example, your Availability Zone us-east-1a might not be the same location as us-east-1a for another account. Note that there's no way for you to coordinate Availability Zones between accounts.
As Availability Zones grow over time, our ability to expand them can become constrained. If this happens, we might restrict you from launching an instance in a constrained Availability Zone unless you already have an instance in that Availability Zone. Eventually, we might also remove the constrained Availability Zone from the list of Availability Zones for new customers. Therefore, your account might have a different number of available Availability Zones in a region than another account.
An edge location is where end users access services located at AWS. They are located in most of the major cities around the world and are specifically used by CloudFront (CDN) to distribute content to end user to reduce latency. It is like frontend for the service we access which are located in AWS cloud.