1. Angel Borroy
10th March 2021
AWS
Introduction
XXI NEOCOM
Organizer:

2. 2
2
AWS Introduction
What is AWS
Alternatives
Open Source
Core Concepts
Hands on
Cost Calculator
Training & Certifications
XXI NEOCOM

3. 3
Speaker :: Angel Borroy
• Computer Engineer by the University of Zaragoza (EINA, 1999)
• Working as Senior Software Engineer for Alfresco in Hyland
• 20+ years developing software
• Open-Source enthusiast!

4. 4
4
What is AWS

5. 5
What is AWS
Amazon Web Services (AWS) provides cloud-based products with a pay-as-you-go pricing.
A Cloud Services Platform, like AWS, owns and maintains the network-connected hardware required for the cloud
products while the customer provision and use required resources via an application.
Types of Cloud Computing
Cloud Computing Models
• IaaS
• PaaS
• SaaS
Cloud Computing Deployment Models
• Cloud
• Hybrid
• On-premises

6. 6
Global Infrastructure
Zaragoza, Spain

7. 7
Services (175+)
S3
EC2
Route
53
RDS
VPC
Lambda
API
Gateway
Amplify

8. 8
Using AWS
• Web Console using a browser: https://aws.amazon.com
• Command line client (AWS Command Line Interface): https://aws.amazon.com/cli/
• SDKs: JavaScript, Python, PHP, .NET, Ruby, Java, Go, Node.js, C++ https://aws.amazon.com/getting-started/tools-
sdks/
AWS Service Endpoints (REST API)
protocol://service-code.region-code.amazonaws.com
• protocol: http or https
• service-code: ec2, s3, vpc, lambda, route53, rds, apigateway, amplify…
• region-code: us-east-1, ap-south-1, eu-west-1…
>> Europe (Ireland) is eu-west-1, so to use EC2 service:
https://ec2.eu-west-1.amazonaws.com

9. 9
Amazon Resource Names (ARN)
Amazon Resource Names (ARNs) uniquely identify AWS resources.
Used to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database
Service (Amazon RDS) tags, and API calls.
Format
arn:partition:service:region:account-id:resource-id
• partition: aws, aws-cn or aws-us-gov (group of AWS Regions)
• service: ec2, s3, vpc, lambda, route53, rds, apigateway, amplify…
• region: us-east-1, ap-south-1, eu-west-1…
• account-id: 123456789012 (ID of the AWS account owner of the resource)
• resource-id: instance/i-1234567890abcdef0 (ID of the resource)
>> Europe (Ireland) is eu-west-1, so the ARN of an EC2 instance:
arn:aws:ec2:eu-west-1:123456789012:instance/i-1234567890abcdef0

10. 10
10
Alternatives

11. 11
Alternatives
Leaders
Microsoft Azure: https://azure.microsoft.com/en-us/
Google Cloud: https://cloud.google.com
Other
Alibaba Cloud: https://eu.alibabacloud.com
Oracle Cloud: https://www.oracle.com/cloud/
IBM Cloud: https://www.ibm.com/cloud
Tencent Cloud: https://intl.cloud.tencent.com

12. 12
Free Tier
AWS Free Tier
• 750 hours of Linux or Windows micro instances
• 1GB of memory, 15GB of bandwidth, a load balancer, and access to a database, caching, and other tools
• Free resources will renew for 12 months
Microsoft Azure Free Tier
• 750 hours of Linux or Windows machines
• Ample storage, SQL database, 15GB of bandwidth
• Several other popular services are free for at least 12 months, and new customers also receive a $200 credit to try
any other service for 30 days
Google Cloud Platform Free Tier
• One month of a micro instance
• 30GB of storage, plus a 12-month free trial with $300 credit to try any service
• Limited access to many common tools is provided for free, always

13. 13
13
Open Source

14. 14
Open Source at AWS
https://github.com/aws

15. 15
Managed Services: Deployment at Scale

16. 16
Amazon forked Elasticsearch and Kibana!
Amazon Why Open Distro for Elasticsearch
• Elasticsearch development has shifted to non-open source licenses
• Open Distro for Elasticsearch provides an open source, community-
driven distribution
• We are maintaining forks based on Elasticsearch and Kibana 7.10 while
continuing to build functionality into plugins and tools
Elastic Why we had to change Elastic licensing
• There is only one Elastic Cloud
• Software from the source
• Support from the creators
• Engaged Community
• Exclusive capabilities
“The Amazon Elasticsearch Service offers a subset of the functionality, choice and support
capabilities of Elastic. Rest easy knowing Elastic, the company behind Elasticsearch, is backing
your mission-critical deployments with our experts, solutions, support and roadmap”

17. 17
17
Core Concepts

18. 18
Core Concepts
• IAM Identity and Access Management: Manage accounts and permissions
• VPC Virtual Private Cloud: Networking layer with Security Groups
• S3 Simple Storage Service: Cloud storage placed into Buckets
• EC2 Elastic Compute Cloud: Named as instance, is a virtual private server
• AMI Amazon Machine Image: Immutable image used to launch a preconfigured EC2 instance
• Elastic IPs: Assigned IP addresses
• Load Balancers: Single point of contact for clients
• RDS Relational Database Service: Managed service (PostgreSQL, MariaDB, MySQL, Oracle, SQLServer and Aurora)
• Lambda allows to define functions invoked via triggers (SNS notification, API invocation…)
• API Gateway allows to create RESTful APIs or WEBSOCKET APIs
• Route 53 is AWS DNS Service, and it allows to register domain names
• Amplify is a set of tools to connect a backend with the UI components
• CloudFormation provides templatized configuration of collections of AWS Resources
• Containers are supported by EC2, ECS and EKS services

19. 19
IAM
• IAM identities
• Users: people or services using AWS
• Groups: sets of users
• Roles: permissions assigned to AWS Service instances
• IAM permissions are named policies
• Identity-based
• Resource-based
• Permissions boundaries
• Organizations Service Control Policies (SCPs)
• Access Control Lists (ACLs)
• Session policies
• IAM authentication
• Passwords
• Access keys
• Multi-factor authentication (MFA)
Policy
https://aws.amazon.com/iam

20. 20
VPC
• For basic AWS use, one default VPC may be enough
• Security groups
• Access policy is “deny by default”
• Open selected ports (SSH 22, HTTP 80, HTTPs 443) using CIDRs (Classless Inter-Domain Routing)
• Consider using a Load Balancer
• Other components
• Subnet: segment of VPC IP address range
• Internet Gateway: connection to public Internet
• NAT Gateway: NAT service in a private subnet to access Internet
https://aws.amazon.com/vpc

21. 21
S3
• Despite EC2 Instances mount local volumes for storage (EBS or EFS), S3 is the service for Cloud Storage
• Objects are placed into named buckets stored with names called keys. The main content is the value.
• It’s a common practice to write S3 locations as S3 URIs
s3://bucket-name/path/to/key
• S3 Capacity can be considered unlimited
• Permissions for a bucket can be specified as IAM Policies for operations, Bucket Policies for the access to the bucket
and ACLs for every object inside the bucket
• S3 buckets are always outside the VPC, so bucket policies are required
• Other types of AWS Storage
• EBS Elastic Block Secure (performance)
• Glacier Storage for archiving and backup
• EFS Elastic File System (scalability)
https://aws.amazon.com/s3

22. 22
EC2
• An EC2 Instance can run Linux, Windows and Mac OS operating systems
• An Amazon Machine Image AMI is a template that contains a software configuration (for example, an operating
system, an application server, and applications)
• From an AMI, you launch an Instance, which is a copy of the AMI running as a virtual server in the cloud
• Several Instance Types to run your instances
• General Purpose: Mac, T4, T3, T2, M6, M5, M4, A1
• Compute Optimized: C6, C5, C4
• Memory Optimized: R6, R5, R4, X1, z1
• Accelerated Computing: P4, P3, P2, G4, G3, F1
• Storage Optimized: i3, i2, D2, D3, H1
• Virtualization or Bare Metal instances are available
• For every new instance at least one SSH key pair needs to be set up
• An instance can be stopped (reusable) or terminated (deleted)
https://aws.amazon.com/ec2

23. 23
RDS
• Managed relational database service, allowing you to deploy and scale databases more easily
• As when using EC2, there are several Instance Types to run your instances
• Common deployment scenario includes 1 VPC with 2 Subnets
https://aws.amazon.com/rds

24. 24
Lambda
https://aws.amazon.com/lambda
• Serverless compute service that runs your code in response to events and automatically manages the underlying
compute resources for you
• The code you run on AWS Lambda is called a Lambda function
• After you upload your code to AWS Lambda, you can associate your function with specific AWS resources
• Lambda function code can be written in Python, .NET, Ruby, Java, Go and Node.js
https://github.com/srcecde/aws-lambda-cheatsheet
SERVERLESS

25. 25
API Gateway
• Scalable, secured front-end for service APIs
• Common scenario working with Lambda and EC2 instances to provide serverless deployment
• This service only supports HTTPs endpoints
• API Types
• RESTful APIs
• REST APIs
• HTTP APIs: RESTful APIs with lower latency and lower cost than REST APIs
• WebSocket APIs
• Bidirectional
• Client send messages to a service
• Service can independently send messages to clients
https://aws.amazon.com/api-gateway
MICROSERVICES

26. 26
Route 53
• Supports all the standard DNS record types
• Limitations
• It’s not available over VPC
• It doesn’t provide forwarding options for domains used on premise
• It doesn’t support private zone transfer
• example.com >> cloud.example.com
• Supported services
• EC2 Instance
• S3 Bucket
• Load Balancer
• CloudFront
• API Gateway
https://aws.amazon.com/route53
HYBRID CLOUD

27. 27
Amplify
• Set of tools and services used to build full stack applications:
• Configure backends
• Connect frontend applications to backends
• Deploy static web applications
• Support for popular web frameworks: JavaScript, React, Angular, Vue, Next.js, Android, iOS, Ionic
https://aws.amazon.com/amplify

28. 28
Cloud Formation
• Manage sets of resources from AWS Services grouped in Stacks
• Stacks are defined in JSON or YAML
• Provides a Cloud Formation Designer interface
https://aws.amazon.com/cloudformation
INFRASTRUCTURE AS CODE

29. 29
Containers
• Docker and the containerization changed deployment methods
• AMIs and boot scripts are replaced by Docker Images
• Amazon ECR (Elastic Container Registry) provides a private Docker Image Registry
• Amazon ECS (EC2 Container Service) allows to manager cluster of services deployed via Docker.
• However currently many users are using raw EC2 Instances to deploy Docker Images
• Amazon EKS (Elastic Kubernetes Service) provides managed Kubernetes Cluster to deploy K8s services and Pods
using EC2 Instances
https://aws.amazon.com/containers
CONTAINERIZATION

30. 30
30
Hands on

31. 31
Hands on
• Build a Basic Web Application
• Step by step tutorial
• Covering Amplify, Lambda, API Gateway, IAM and DynamoDB
• Cloud Formation
• Analyzing a real use case
• Scaling up
• Additional use cases

32. 32
32
Sample Use Case
Build a Basic Web Application

33. 33
Sample use case: Build a Basic Web Application
Sample available in AWS web site:
https://aws.amazon.com/getting-started/hands-on/build-web-app-s3-lambda-api-gateway-dynamodb/

34. 34
Sample use case: Create Web App
Deploy static resources for your web application using the AWS Amplify Console
Create a simple HTML file named index.html and compress it with ZIP (index.html.zip)
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Hello World</title>
</head>
<body>
Hello World
</body>
</html>
Access to Amplify Console in Ireland zone:
https://eu-west-1.console.aws.amazon.com/amplify/home?region=eu-west-1#/
Deploy the web application without Git provider.

35. 35
Sample use case: Build a Serverless Function
Create a Lambda function from scratch using the AWS Console in JavaScript
Access to Lambda Console in Ireland zone and Create Function HelloWorldFunction
https://eu-west-1.console.aws.amazon.com/lambda/home?region=eu-west-1#/functions
Replace default index.js code with the following one:
// Define handler function, the entry point to our code for the Lambda service
// We receive the object that triggers the function as a parameter
exports.handler = async (event) => {
// Extract values from event and format as strings
let name = JSON.stringify(`Hello from Lambda, ${event.firstName} ${event.lastName}`);
// Create a JSON object with our response and store it in a constant
const response = {
statusCode: 200,
body: name
};
// Return the response constant
return response;
};

36. 36
Sample use case: Build a Serverless Function
Test the Lambda function using the AWS Console in JavaScript
Use Test tab to create a new Event named HelloWorldTestEvent with the following body:
{
"firstName": "Ada",
"lastName": "Lovelace"
}
Click Invoke button to execute the Lambda function

37. 37
Sample use case: Link a Serverless Function to App
Deploy a serverless function using the AWS Console
Access to API Gateway Console in Ireland zone and Create API HelloWorldAPI
https://eu-west-1.console.aws.amazon.com/apigateway/main/apis?region=eu-west-1
Create a POST method associated to the Lambda function
Actions
• Enable CORS
• Deploy API in stage dev

38. 38
Sample use case: Link a Serverless Function to App
Deploy a serverless function using the AWS Console
Test the REST API in Resources option using a default Request Body

39. 39
Sample use case: Create a Data Table
Create a DynamoDB table using the AWS Console
Access to DynamoDB Console in Ireland zone and Create table HelloWorldDatabase with Primary key ID
https://eu-west-1.console.aws.amazon.com/dynamodb/home?region=eu-west-1#
Access to Lambda Console in Ireland zone and Add IAM Policy
https://eu-west-1.console.aws.amazon.com/lambda/home?region=eu-west-1#/functions

40. 40
Sample use case: Create a Data Table
Access to Lambda Console in Ireland zone and Modify Lambda function
https://eu-west-1.console.aws.amazon.com/lambda/home?region=eu-west-1#/functions
const AWS = require('aws-sdk');
let dynamodb = new AWS.DynamoDB.DocumentClient();
let date = new Date();
let now = date.toISOString();
exports.handler = async (event) => {
let name = JSON.stringify(`Hello from Lambda, ${event.firstName} ${event.lastName}`);
let params = {
TableName:'HelloWorldDatabase',
Item: {
'ID': name,
'LatestGreetingTime': now
}
};
await dynamodb.put(params).promise();
const response = {
statusCode: 200,
body: name
};
// Return the response constant
return response;
};

41. 41
Sample use case: Create a Data Table
Create a DynamoDB table using the AWS Console
Invoke Test again from Lambda Console
Verify the new row has been inserted from DynamoDB Console

42. 42
Sample use case: Update Web App
Deploy static resources for your web application using the AWS Amplify Console
Modify the HTML file named index.html and compress it with ZIP (index.html.zip)
fetch("https://v75gajngfa.execute-api.eu-west-1.amazonaws.com/dev/", requestOptions)
Access to Amplify Console in Ireland zone:
https://eu-west-1.console.aws.amazon.com/amplify/home?region=eu-west-1#/
Update deployment and test it:
https://aws.amazon.com/getting-started/hands-on/build-web-app-s3-lambda-api-gateway-dynamodb/module-five/?e=gs2020&p=build-a-web-app-intro

43. 43
43
Cloud Formation
Analyzing a Real Use Case

44. 44
Cloud Formation Template
Performance test environment for Alfresco

45. 45
45
Additional Use Cases

46. 46
Additional Use Cases

47. 47
47
Cost Calculator

48. 48
AWS Pricing Calculator
https://calculator.aws/#/

49. 49
49
Training & Certifications

50. 50
Training & Certifications
Certifications
Training for certifications
Training is offered by AWS themselves (mainly instructor-led and on-site) and various third-party companies (usually as video-
based training) such as A Cloud Guru, CloudAcademy and Linux Academy.

51. 51
References
Official AWS Documentation
https://docs.aws.amazon.com
Short Open Guide for AWS
https://github.com/open-guides/og-aws
Source Code
https://github.com/aws
https://github.com/awslabs
https://github.com/aws-samples
Book ”Amazon Web Services for Dummies”
https://www.amazon.com/Amazon-Services-Dummies-Bernard-Golden/dp/1118571835
Book “Effective DevOps with AWS”
https://www.amazon.com/Effective-DevOps-AWS-incredible-productivity/dp/1786466813/

52. Thank you!
XXI NEOCOM
Organizer: