AWS Web Services Overview

 AWS Web Services  Overview

( Notes from https://d0.awsstatic.com/whitepapers/aws-overview.pdf  April 2017 v )

  Six Advantages of Cloud Computing:

1. Capital Expense Vs Variable Expense

2. Benefits of Economies of Scale

3. Stop guessing about Capacity

4. Increase speed and agility

5. No more money spend on Data Center operations.

6. Go Global in minutes.

Additionally, AWS facilitates an architecture which can keep on changing in line with Enterprise Architecture (EA) principles. 

Cloud Computing Models:

IaaS : Contains basic building blocks for Compute, Storage and Network either virtual or dedicated. Gives highest level of flexibility and management control just like in house IT.

PaaS : removes the need to manage the underlying infrastructure ( Hardware and OS ) and can focus on deployment and management of application. No need of software update or patching or capacity planning.

SaaS :  Even the application is managed by service provider. You only need to use it. Web based email is a classic example.

Cloud Deployment Models:

Cloud : A cloud based application is fully deployed in the cloud and all parts of the application is run in the cloud.

Hybrid : A way to connect infrastructure and applications between cloud based resources and existing resources that are not located in the cloud.

https://aws.amazon.com/enterprise/hybrid/

On-Premises: Deployment of resources on-premises, using virtualization and resource management tools is sometimes called "private cloud".

Global Infrastructure of AWS:

Regions

Availability Zones

Security and Compliance

Security:

Shared Security Model. AWS manages the security of  the cloud you manage the security in the cloud.This means customer retain control of the security they choose to implement to protect their own content , platform, applications, systems and network not differently than they would be in an on-site data center.

Compliance:  

SOC1,2,3  ISAE
FISMA, DIACAP, FedRAMP
PCI DSS Level1
ISO9001, ISO 27001, ISO27080

AWS Web Services Cloud Platform

AWS Management Console: 


AWS CLI: Programatically access AWS console resources and scripting instead of GUI. Installed on client. Automating through scripting. 

AWS SDKs: Simplify using AWS services in an application with an API tailored to match the programming language or  platform. 

Compute: 

Amazon EC2

 Secure resizable compute capacity in the cloud. An EC2 instance is the basic computing resource. 

Benefits : Elastic Web-Scale computing. Completely Controlled. Flexible Cloud Hosting Services. Well Integrated to S3,RDS,VPC and other AWS services. Reliable (SLA for EC2 is 99.95%). Secure ( works in conjunction with VPC for robust networking functionality).Security Groups and NACLs. VPC IP addressing control. Can connect VPC to existing IT using IPSec VPN.

Can provision EC2 instances as Dedicated Instances.( Hardware is dedicated )

Can provision EC2 instances on Dedicated Hosts.(Hardware is dedicated. Finer control to address vendor licensing and or compliance requirements)

Difference between Dedicated Instance and Dedicated Hosts : https://aws.amazon.com/ec2/dedicated-hosts/ 

Very cost effective. 

EC2 purchase Options

On-Demand. Buy by the hour.

Spot Instances.90% off on demand. Bidding. For flexible start stop apps.

Reserved.Predictable from 1 to 3 years. Up to 75% off on demand.Convertible Reserved Instances allows to change the families, OS and tenancy.

Dedicated. Can be purchased as hourly as well as reserved.

 EC2 Instance Types: 

T2,M4,M3,C4,C3,X1,R4,R3,P2,G2,F1,i3,D2,

Instance Type Matrix: https://aws.amazon.com/ec2/instance-types/

Amazon EC Container Service -ECS

Container management service that support Docker containers.Allows to easily run applications on managed cluster of EC2 instances. ECS eliminates the need to install,operate and scale your own cluster management infrastructure. 

https://aws.amazon.com/ecs/

 https://aws.amazon.com/docker/

Amazon EC Container Registry - ECR

Is a fully-managed Docker container registry that makes it easy for developers to store, manage and deploy Docker container images.

Amazon Light Sail 

Easiest way to launch a virtual private server with AWS. 

 

AWS Batch

Enables to easily and efficiently run hundreds of thousands of batch computing jobs. AWS Batch is capable of dynamically provision computing and other resources based on job.

AWS Elastic Beanstalk

Easy to use service to deploying and scaling web applications and services developed with Java, .Net,Python,PHP,Node.js,Ruby, Go and Docker. Simply upload the code and EB will handle the rest.   https://aws.amazon.com/elasticbeanstalk/  

AWS Lambda

Lets you run code without provisioning or managing servers.Pay only for the compute time when code is running. Call to code can be triggered by several events or direct call. https://aws.amazon.com/lambda/

Auto Scaling

Lets up or down EC2 capacity automatically based on predefined conditions.

Storage

Amazon S3

Object storage with simple web service interface to store and retrieve any amount of data.Eleven 9 durability.

Amazon Elastic Block Storage EBS

Provides persistent block storage volumes for use with Amazon EC2 instances in the cloud.Each EBS is replicated within AZ. EBS offers consistent and low-latency performance needed to run the work loads. Auto scaling possible. Choose between SSD backed or HD backed volumes. Supports encryption. Can snapshot volume to S3.

Amazon Elastic File System

A file system. Can be mounted on an EC2 instance. Multiple EC2 can be connected to one EFS acting as a common data source. When mounted gives standard file system interface and semantics. Can mount EFS to your on-premise data center servers when connected to VPC with AWS Direct Connect.

http://stackoverflow.com/questions/29575877/aws-efs-vs-ebs-vs-s3-differences-when-to-use 

Amazon Glacier

Extremely low-cost service for data archiving and long-term back up. Various prices options to read from Glacier ranging from minutes to hours.

Amazon Storage Gateway

Seamlessly enables hybrid storage between on premise storage and cloud.Combines multi protocol storage appliance with highly efficient network connectivity to Amazon cloud storage services delivering local performance with unlimited scale.

Database

Amazon Aurora

MySQL and PostgreSQL compatible RDBMS engine.Fully managed.6 copies of data replicated across 3AZ.

Amazon RDS

RDS makes it easy to set up , operate and scale RDBMS in the cloud. 6 Popular RDBMS supported.  Amazon Aurora, MySQL , PostgreSQL ,Oracle, Microsoft SQL Serve, Maria DB. 

Amazon DynamoDB

NoSQL DB. Fully managed.Supports document and key value data model.  

Amazon ElastiCache

In Memory cache in the cloud. The service improves web application performance. Supports two open source engines. Redis and Memcached.

Migration

AWS Application Discovery Service

This service helps system integrators  quickly and reliably plan application migration projects by automatically identifying applications running on-premises data centers , their associated dependencies and their performance profiles. These are early first steps in the migration process.

AWS Database Migration Service

Facilitates homogeneous(Oracle to Oracle) as well as heterogeneous (Oracle to MySql ) migration. Also allows stream data to Redshift. Allows continuous data replication. 

AWS Server Migration Service

Is an agent less service which makes it easier and faster for you to migrate thousands of on-premise workloads to AWS. AWS SMS allows you to automate, schedule, and track incremental replications of live server volumes , making it easier for you to coordinate large-scale server migration.  

AWS Snowball

Is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of AWS.Snowball appliance will be physically shipped.

AWS Snowball Edge

Is a 100TB data transfer device with on board storage and compute capabilities.

AWS Snowmobile

Is a Exabyte-scale data transfer service for moving extremely large amount of data to AWS. Up to 100PB on a 45foot long shipping container.

Networking and Content Delivery

Amazon VPC

Lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. You have compete control over your virtual networking environment , including selection of own address range , creation of subnets, and configuration of route tables, and network gateways. It is possible to create a public facing subnet for your webservers that has access to the internet , and place your backend systems such as database servers or application servers in a private subnet with no internet access. It is also possible to create a hardware VPN to VPC from premise data center.

Amazon CloudFront

Global CDN using a network of Edge locations. It also works with non AWS origin services. Pay only for the content delivered.

Amazon Route 53

Cloud DNS web service. 53 connects user requests to infrastructure(EC2, S3,ELB) running in AWS. Can also be used to route to outside of AWS. 53 facilitates various types of routing - Geo, latency based, weighted robin.Also possible to do domain name registration.Industry standard 802.1Q VLAN.

AWS Direct Connect

Makes it easier to make dedicated connection from premise to AWS. Private connectivity.

Elastic Load Balancing

Automatically distributes incoming application traffic across multiple EC2 instances. 1. Classic load balancing based on application or network level information. 2. Application load balancer based on advanced application level information that includes the content of the request.

Developer Tools

AWS CodeCommit

Fully managed source control service like Git. Works with existing Git tools.

AWS CodeBuild

Is  a fully managed build service that compiles code, runs tests and produces tests that are ready to deploy. 

AWS CodeDeploy

MIs a service that automates code deployments to any instance,including EC2 or instances running on premises.

AWS CodePipeline

Is a continuous integration and continuous delivery service for fast and relaibale application and infrastructure updates. CodePipeline builds, tests aand deploys your code every time there is a code change, based on the release process models you define.

AWS X-Ray

Helps developers analyze and debug distributed applications in production or under development. With X-ray , you can understand how your application and its underlying services are performing. X-ray provides an end to end view of requests as they travel through your application and shows a map of your application's underlying components.

AWS Management Tools

Amazon CloudWatch

Is  monitoring service for AWS cloud resources and the application you run on AWS. Fully managed source control service like Git. Works with existing Git tools. Custom metrics can be generated. Events can be triggered base on monitored values.

Amazon EC2 Systems Manager

Is  a management service which helps automatically collect software inventory, apply OS patches, create system images. Easy to set up from console. Allows manage both EC2 and on-premise resources. It contain the following tools : Run Command, State Manager, Inventory, Maintenance Window, Patch Manager, Automation, Parameter Store.

AWS Cloud Formation

Gives developers and system admins an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.

AWS CloudTrail

Is  a web service that records AWS API calls for the account and enables auditing.

AWS Config

Is a fully managed service that provides you with an AWS resource inventory. configuration history, and configurations change notifications to enable security and governance.

AWS OpsWorks

Is a configuration management service that uses Chef , an automation platform that treats server configuration as a code. Used to manage configuration, deployment and management of EC2 instances or on-premise compute environments.

AWS Service Catalog

Allows organisations to create and manage catalogs of IT services that ate approved for use on AWS. These IT services can include everything from virtual machines images, servers, software and databases to compelete multi-tier application architectures.

AWS Trusted Advisor

An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. TA provides real-time guidance to help you provision your resources following best AWS practices.

AWS Personal Health Dashboard

Provides alerts and remediation guidance when AWS is experiencing events that might affect you.  

AWS Managed Services

Provides ongoing management of your AWS resources so you can focus on your applications. 

AWS security, Identity and Compliance

Amazon Cloud Directory

Enables you to build flexible, cloud-native directories for organizing hierarchies of of data along multiple dimensions. Traditional directories like LDAP are single hierarchy. CD allows much more. CD can scale to hundreds of millions of objects.

Amazon IAM

Enables securely control access to AWS services and resources for your users.Groups, policies , roles, MFA.  It is possible to manage federated users from enterprise without creating them in the IAM.

Amazon Inspector

Automated security assessment service. Assesses applications for vulnerabilities or deviations from best practices. It produces a detailed report. It includes a knowledge base.

Amazon Certificate Manager

Is  service that lets you easily provision, manage and deploy SSL/TLS cirtificate with AWS services. NO more manual purchase and uploading of certificates.

Amazon Cloud HSM

HSM service helps to meet corporate, contractual and regulatory complaince requirements for data security by using dedicated Hardware Security Module appliances within AWS Cloud. AWS provides dedicated and exclusive (single tenant ) access to Cloud HSM instances, isolated from other AWS customers.

Amazon Directory Service

Is also known as AWS Microsoft Active Directory ( Enterprise Edition). Enterprise integration is easier.

AWS Key Management Service KMS

Is   service that makes it easy to create and control the encryption keys used to encrypt the data.

AWS Organizations

Allows to create groups of AWS accounts that can be used to more easily manage security and automation settings. With Organizations you van centrally manage multiple accounts to help you scale. You can control which AWS services are available to individual accounts, automate new account creation, and simplify billing.

AWS Shield

Is   managed DDoS protection service that safeguards web applications running on AWS.There are two tiers of protection. Standard and Advanced. All AWS customers are protected by Shield standard.

AWS WAF

Web Application Firewall that protects against common web exploits (SQL injection.CSS etc ). It allows which traffic to allow or block in to the application. Can prevent include patterns in the rule. 

Analytics

Amazon Athena

Is an interactive query service to analyze data in S3 using standard SQL. No server or infrastructure to maintain. It is serverless. Pay only for the queries you run. Simply point to S3 data set and run. No ETL steps.

Amazon EMR

Is Amazon Elastic Map Reduce for big data computing.Managed Hadoop framewrork .

Amazon Cloud Search

Is a managed search service for web site or application. It supports 34 languages and popular search features like highlighting, autocomplete and geospatial search.

Amazon Elasticsearch Service

Is mainly intended for log analytics. Is a fully managed service. Real time capable.Offers built in integration with Kibana, Logstash etc.

Amazon Kinesis

Is a platform for large amount of streaming data. 
Amazon Kinesis Firehose: is the easiest way to load streaming data in to AWS.
Amazon Kinesis Analytics : Is the easiest way to process streaming data in real time with standard SQL .
Amazon Kinesis Streams : Enables to build custom applications that process or analyze streaming data for specialized needs.

Amazon Redshift

Is a petabyte scale data warehouse that makes it simple and cost effetive to analyze data using existing BI tools. it uses columnar storage . It has a MPP architecture.

Amazon QuickSight

Is a fast business analytics solution which makes visualization , ad-hoc analysis easier and quicker.

AWS Data Pipeline

Is helps to process and move data between different AWS compute and storage services, as well as on-premises data sources , at specified intervals. It helps to create complex data processing workloads.

AWS Glue

Is a fully managed ETL service that makes it easy to move data between data stores. Glue is integrated with S3,RDS and Redshift and can connect to any JDBC compliant data store.

Artificial Intelligence

Amazon Lex

Is a service for building conversational interfaces in to any application using voice and text. Speech recognition and natural language understanding.

Amazon Polly

Is a service that turns text in to life like speech.

Amazon Rekognition

Is service for image analysis for the application.

Amazon Machine Learning

Service that makes it easy for developers of all skill levels to use machine learning technology. Based on ML technology. 

Mobile Services

AWS  Mobile Hub

Provides an integrated console experience that you can use to quickly create and configure powerful mobile app back end features and integrate them into your mobile app.

Amazon Cognito

Let you easily sign-up and sign-in to your mobile and web apps.With Cognito you have the option to authenticate users through social identity providers such as Facebook, Twitter, or Amazon with SAML identity solutions.

Amazon Pinpoint

Makes it easy to run targeted campaigns to drive user engagement in mobile apps. .

AWS Device Farm

This is a app testing service that lets you test and interact with different OS and devise types.

Amazon Mobile SDK

Helps you build high quality mobile apps quickly and easily.

Amazon Mobile Analytics

Can measure app usage and app revenue.

Application Services

AWS  Step Functions

Provides an integrated console experience that you can use to quickly create and configure powerful mobile app backend features and integrate them into your mobile app.

Amazon API Gateway

Is a fully managed service that makes it easy for developers to create, publish,maintain, monitor and secure APIs at any scale.

Amazon Elastic Transcoder

Is a media transcoder in the cloud. Converts media files from source format to many different formats to match different devices.

Amazon SWF

Amazon Simple Workflow helps developers build,run, and scale background jobs that have parallel or sequential steps. Fully managed state tracker and task coordinator in the cloud.

Messaging

Amazon SQS

Amazon Simple Queue Service is a fast, reliable, fully-manages message queuing service. It helps to decouple the components of a cloud application.

Amazon SNS

Is a fully managed Simple Notification Service. Can push notifications like emails, texts and other notifications to individuals, phones or even other distributed services.

Amazon SES

Amazon Simple Email service is a email service. Can send transnational email,marketing messages , or any other type of high quality content to customers.

Desktop & App Streaming

Amazon WorkSpaces

Fully managed , secure desktop computing service. Cloud based virtual desktops.

Amazon AppStream 2.0

Users want access to their applications from anywhere today using their preferred devices. Not just browser based applications, but desktop applications. AppStream 2.0 is a fully managed streaming service that allows you to stream desktop applications from AWS to any devise running a web browser without re writing them.

Internet of Things

AWS IoT Platform

Is a managed cloud platform that lets connected devices interact with applications and other devices .

AWS Greengrass

Is software that lets you run local compute,messaging,and data caching for connected devices in a secure way.

AWS IoT Button

Is a programmable button based on the Amazon Dash Button.

Game Development

Amazon GameLift

Is a managed service for deploying , operating , and scaling dedicated game servers for session-based multiplayer games.

Amazon Lumberyard

Is a free , cross-platform 3D game engine.

4/25/2017