Cloud is renting someone another computer

Benefints:
Pay for only what you use.
Benefit from massive economies of scale
Stop guessing about capacity, scale your business needs no long term contracts.
Increase speed and agility
Stop spending money running and maintaining data centers
Go global in minutes

Three types of Cloud Computing:

IAAS(Infrastructure as a service) example EC2
PAAS(Platform as a service) example Elastic BeanStalk, LightSail
SAAS(Software as a service) example Gmail

Three types of Cloud Computing Deployments:

Public Cloud - AWS, Azure, GCP
Hybrid - Mixture of public and private(Route53 and Virtual Private Gateway)
Private Cloud on premise You manage it in your datacenter OpenStack or Vmware

Key Services for AWS:

AWS Global Infrastructure
Compute, Storage, Database
Security, Identity & Compliance
AWS Cost Management

---------Global Infrastructure-------------

Availability zone is basically data center:

One Zone—> Group of data center

A Region Geographic area, two or more availability zone

Edge Location are endpoints for AWS CloudFront Caching content. A distribution is
what we call a series of Edge Locations that make up CDN.

AWS Region:
Data Sovereignty Laws some kind of regulation because of customers
Latency to end users
AWS Services what they need

Difference support packages:

Basic - Free
Developer $23 a month
Business $100 a month
Enterprise $15000 a month TAM Technical Account Manager

SSH -> Secure Socket Shell

IAM Identity Access Management it’s Global.

Three ways to access AWS:

Vie Console
Programmatically using the Command Line
Using the Software Developers Kit

Root account is the email address you used to set up your account. Root has always full
administrator access.

S3-> Simple Storage Services

The most fundamental services

Provides developers and IT teams with secure, durable.

S3 place to store your files
Object based storage, allows to upload files/
Files can be from 0 to 5 TB
There is unlimited storage
Files are stored in Buckets.

S3 is a universal namespace that must be unique globally.

HTTP 200 if successfully uploaded

Key name of object

Value data
Version ID
Metadata
Subresources:
Access Control List
Torrent

Read and update S3 data:

If you write a new file and read it immediately, you will be able to view that data.
If you update or delete some file it takes some time to make a change.

Cross region replication:

You can replicate the contents of one bucket to another bucket automatically by using
cross region replication.

S3 Transfer Acceleration:
Doesn’t upload data directly to S3 first it uploads to edge location and then to S3.

S3 STORAGE CLASSES:

S3 Standard
99%,99 Availability and durability stored redundantly across multiple devices in multiple
facilities and is designed to sustain the loss of 2 facilities concurrently.

S3 IA
Infrequently Accessed:
For data that is accessed less frequently, but requires rapid access when needed.
Lower fee than s# but you are charged a retrieval fee.

S3 OneZOne-IA
For where you want a lower-cost option for infrequently accessed data, but do not
require the multiple Availability Zone data residence.

S3 Intelligent Tiering
Designed to optimize cost by automatically moving data to the most cost-effective
access tier, without performance impact or operational overhead.
S3 Glacier
Is a secure durable and low-cost storage class for data archiving. Retrieval times
configurable from minutes to hours.

S3 Glacier Deep Archive

Retrieval time of 12 hours is acceptable.
You are charged for S3 in the following ways:
Storage
Requests
Storage Management Pricing
Data Transfer Pricing
Transfer Acceleration
Cross Region Replication Pricing

CloudFront Content delivery network CDN

Edge Location This is a location where content will be cached. This is separate to an
AWS region.

Origin This is the origin of the all files that the CDN will distribute. This can be S3
Bucket, an EC2 Instance, An Elastic Load Balancer or Route53.

Distribution
Web Distribution
RTMP Used For Media Streaming

Objects are cached for the life to the TTL (Time to live)
You can clear cached objects, but you will be charged.

EC2 Elastic Compute Cloud

Virtual server on the cloud. Reduce the time required to obtain and boot new server
instances to minutes, allowing you to quickly scale capacity, both up and down. It is a
computer based service, it is not serverless it is a server. Use a private key to connect
EC2. Security Groups are virtual firewall in the cloud. Always design for failure.
Pricing:

On Demand allows you to pay a fixed rate by the hour.

Reserved Provides you with capacity reservation, and offers a significant discount on
the hourly charge for instance. Contract terms are 1year or 3 year terms.
Spot enables you to bid whatever price you want for instance capacity providing for
even greater savings if your applications have flexible start and end times.
Dedicated Hosts Physical EC2 server dedicated for your use.Dedicated Hosts can help
you reduce costs by allowing you to use your existing server-bound software licences.

Users that want the low cost and flexibility of Amazon EC2 without any up-front payment
or long-term commitment.
Applications with short term, spiky or unpredictable workloads that cannot be
interrupted.

Reserved Provides you with a capacity reservation and offers a significant discount.
1. Applications with steady state
2. Apps that require reserved capacity.
3. User able to make upfront payments

Under Compute:
EC2
LightSail
ECR
ECS
EKS
Lambda
Batch
ElasticBeanStalk

EBS(Elastic Block Store)

Virtual Hard Disc, Allows you to create storage volumes and attach them to Amazon
EC2 instances.

SSD General Purpose SSD GP2 balances price and performance for a wide variety
Provisioned IOPS SSD (IO1) Highest performance SSD volume for mission critical low
latency.

Magnetic
ST1 Throughput Optimized HHD - Low cost HDD volume designed for frequently
accessed throughput intensive workloads.

Cold HDD Lowest cost HDD volume designed for less frequently accessed workloads
File Servers.

Magnetic Previous Generation.

Linux SSH port 22

Windows RDP Remote Desktop Protocol 3389
HTTP = Port 80
HTTPS = Port 443

Always design for failure. Have one EC2 instance in each availability zone.

Three ways to interact with AWS : Console, Command Line CLI and SDK Software
Development Kit

Roles are universal, also you can apply roles on EC2 instances at any time.

Load Balancer
Application Load Balancer
When you need a flexible feature set for your web application with HTTP and HTTPs
traffic.Make intelligent Decisions.
Network LoadBalancer
When you need ultra high performance and static IP addresses for your application.
Classic Load Balancer
When you have an existing application running on EC2 Classic network. For test and
dev. Low cost.

Database on AWS- RDS:

SQL Server
Oracle
MySql Server
PostgresQL
Aurora
MariaDB

DynamoDB NoSQL non relational database

RedShift Amazon Data WareHouse Solution Online Analytical Processing OLAP

Two key feature(Pay attention):

Multi-AZ For Disaster Recovery
Read Replicas For Performance

Elasticache to speed up performance of existing database.

ElastiCache is a web service that makes it easy to deploy, operate and scale an in-
memory cache in the cloud. The service improves the performance of web applications
by allowing you to retrieve information from fast , in-memory caches instead of relying
entirely on slower disk based databases.

ElastiCache supports two open source in memory caching engines:

Memcached and Redis

DNS Domain Name System It is a process computers use to resolve domain names to
IP Address.

Amazon DNS service is called Route53. It’s global similar to IAM and S3.

Works on port 53

Route 53 used to register domain names.

S3 Bucket should have the same name as DNS.
With Elastic Beanstalk you can quickly deploy and manage applications in the AWS
Cloud Without worrying about the infrastructure that runs those application.You can
simply upload your application, and Elastic BeanStalk automatically handles the details
of capacity provisioning, load balancing, scaling and application health monitoring.

Opposite of Elastic Beanstalk, person who knows how to use AWS:

CloudFormation is a service that helps you to model and set up your Amazon
WebServices Resources so that you can spend less time managing those resources
and more time focusing on your applications that run in AWS. You create a template
that describes all the AWS resources that you want and AWS CloudFormation takes
care of provisioning and configuring those resources for you.

Elastic BeanStalk And CloudFormation are free. But services that provide are not.
For example EC2 Instance. Elastic BeanStalk is limited in what can provision and is not
programmable. CloudFormation can provision almost any AWS service and is
completely programmable.

Global AWS Services:

IAM
Route53
CloudFront
SNS available in all regions
SES is not available in all regions

Global Views(Some services give Global View but are regional):

S3

Which AWS Services Can be used On Premise?

Snowball
Snowball edge
Storage Gateway
CodeDeploy
Opsworks
IoT Greengrass

Which AWS Services Can be used to Deploy Applications On Premise?

CodeDeploy
Opsworks

Amazon Could Watch:

CloudWatch is used for monitoring performance.

Can monitor most of AWS as well as your applications that run on AWS
CloudWatch with EC2 will monitor events every 5 minutes by default.
You can have 1 minute intervals by turning on detailed monitoring.
You can create CloudWatch alarms which trigger notifications.
CloudWatch is all about performance.

AWS System Manager:

Can be used to manage fleets of EC2 instances & virtual Machines.

A piece of software is installed on each VM.
Can be both inside AWS and on premise.
Run Command is used to install, patch, uninstall software.
Integrates with CloutWatch to give you a dashboard of your entire estate.

Billing and Pricing

Capex Vs Opex:
Capex Stands for Capital Expenditure where you pay up front fixed cost like you buy
server.
Opex stands For Operational Expenditure pay for what you use.

Three fundamentals driver of pricing:

Compute
Storage
Data Outbound.
Free Services:
Amazon VPC Virtual Data Center in Cloud
Elastic BeanStalk is free resources is not free
CloudFormation free resources is not free
Identity Access Management IAM Free
Auto Scaling
Opsworks DevOps Product
Consolidated BIlling

What Determines Price:

Clock Hours of Server Time
Instance Type
Pricing Model
Number of Instances
Load Balancing
Detailed Monitoring
Auto Scaling
Elastic Ip Addresses
Operating System And Software Packages

EC2 Pricing Models:

On Demand Fixed rate by hour
Reserved capacity reservation and offer significant discount
Spot Enables you to bind whatever price you want for instance capacity
Dedicated Hosts Physical EC2 server dedicated for your use.

Lambda function Pricing:

Request pricing - Free Tier 1 million request per month
0.20$ per 1 million requests thereafter

Duration Pricing
400 000 GB Seconds per month free

If Lambda reads and write data to or from S3 you will be charged for that.

Read and write for S3 will be charged

Storage Class
Storage
Request GET PUT COPY
Data transfer

SnowBall it’s gigantic disk to move your data to AWS cloud from local machine.
Pricing depends from storage, daly charge Data Transfer first 15 days is free after that
15$ per day. Transfer to S3 is free. Transfer out is not free.

Price For RDS:

Clock Hours of Server Time(How long is run)
Database Characteristics(What type)
Database Purchase Type(How large is)
Number Of Databases Instances
Provisioned Storage(How big database is gonna be in GB)
Additional Storage
Requests
Deployment Type Data Transfer

Budget & Cost Explorer

AWS Budgets
Gives you the ability to set custom budgets that alert you when your costs or usage
exceed your budget amount.

Used to budget costs BEFORE they have been incurred.

Cost Explorer is used to explore cost AFTER they have been incurred.

AWS Support Plans

Basic
Developer
Business
Enterprise TAM Technical Account Manager

If your production goes down you need business or enterprise.

Tags
Key value pairs attached to AWS resources
Metadata
Tags can sometimes be inherited

Resource groups make it easy to group your resources using the tags that are assigned
to them. You can group resources that share one or more tags.

Region
Name
Health checks

Using Resource Groups you can apply automation to resources tagged with specific
tags. For example we stopped all EC2 instances in the one region.

Resource Groups in combination with AWS System manager allow you to control
and execute automation against entire fleets of EC2 instances, all at the push of a
button.

AWS Organizations:

Its global service

Is an account management service that enables you to consolidate multiple AWS

accounts into an organization that you create and centrally manage.

Available in two feature sets:

Consolidated billing
All features full access

Best practices:
Enable multi factor authentication on root account
Always use a strong and complex password on the root account.
Paying accounts should be used for billing purposes only. Do not deploy resources into
the paying account.

Linked Accounts:
20 linked accounts only

Billing Alerts:
When monitoring is enabled on the paying account the billing data for all linked
accounts will be included.
You can still create billing alerts per individual account.

CloudTrail:
Per AWS account and is enabled per region.
Can Consolidated logs using an S3 bucket:
Turn on CloudTrail in paying account.
Create a bucket policy that allows cross-origin account access.
Turn on CloudTrail in the other accounts and use the bucket in the paying account.

Consolidated billing allows you to get volume discounts on all your accounts.
Unused reserved instances for EC2 are applied across the group
CloudTrail is on a per account and per region basis, but can be aggregated into a single
belonging to the paying account.

AWS Quick Start is a way of deploying environments quickly, using CloudFormation

templates built by AWS Solutions Architects who are experts in that particular
technology.

AWS Landing Zone is a solution that helps customers more quickly set up a secure,
multi-account AWS environment based on AWS best practices.

AWS Calculators
AWS Simple Monthly Calculator is used to calculate your running costs on AWS on a
per month basis. It is not a comparison tool.

AWS Total Cost of Ownership TCO calculator is used to compare costs of running
your infrastructure on premise vs in the AWS Cloud. It will generate reports that you can
give to your C- level execs to make a business case to move to the cloud.
Security in The Cloud

AWS Shared Responsibility Model

While AWS manages security of the cloud, security in the cloud is the responsibility of
the customer. Customers retain control of what security they choose to implement to
protect their own content, platform, applications, system and networks, no differently
than they would in an on-site datacenter.

AWS responsibility:
Regions, Availability zones, Edge locations, Hardware, Compute, Storage, Database
Networking.

Customer responsibility:
Client Side Data encrypting data integrity authentication, Server side encryption,
Networking traffic, Operation system, Network, Firewall configuration, Platform,
Applications, Identity access management, Customer data.

AWS WAF & AWS SHIELD

WAF is a Web Application Firewall that helps you to protect your web application from
common web exploits that could affect application availability, compromise security, or
consume excessive resources. Protect from Cross side scripting attacks, Sql
injections. Goes to OSI layers 7

AWS Shield in a managed Distributed Denial of Service DDoS Protection service that
safeguards web applications running on AWS. AWS Shield provides always-on
detection and automatic inline mitigations that minimize application downtime and
latency, so there is no need to engage AWS Support to benefit from DDoS protection.
There are two tiers of AWS Shield- Standard and Advanced. Protect from DDoS
attacks.

Differences Between AWS Inspectors vs AWS Trusted Advisor vs CloudTrail

1. Amazon Inspector: is automated security assessment service that helps
improve the security and compliance of applications deployed on AWS. Amazon
Inspectors automatically assesses applications for vulnerabilities or deviations.
Relate Amazon Inspector with EC2 inspect environment for vulnerabilities.
2. AWS Trusted Advisor: An online resource to help you reduce cost, increase
performance and improve security by optimizing your AWS environment.
Provides real time guidance for best practices. Inspect your AWS account not
just EC2.
3. CloudTrail vs CloudWatch:
CloudWatch monitors performance
CloudTrail monitors API calls in the AWS platform. Record everything that
happens in the AWS environment, it's all saved into S3.

AWS Configuration
Is all about configuration. Provides a detailed view of the configuration of AWS
resources in your AWS account. This includes how the resources are related one to
another.

Athena vs Macie

Athena is an interactive query service which enables you to analyse and query data
located in S3 using standard SQL.

Serverless nothing to provision pay per query/ per TB scanned

Works directly with data stored in S3
Can be used to query log files stored in S3
Generate business reports on data stored in S3
Analyse AWS cost and Usage reports
Run queries on click-stream data

PII personally Identifiable information

Personal data used to establish an individual’s identity
This data could be exploited by criminals

Macie is security service that use machine learning and NLP Natural language
processing to discover classify and protect sensitive data stored in S3
Uses AI to recognise if your S3 objects contain sensitive information such as PII
Dashboard reporting and alerts
Works directly with data stored in S3
Can also analyze CloudTrail Logs