Scribd
Upload
39 views

Cloud Computing - 1

The document provides an overview of cloud computing and Amazon Web Services (AWS). It discusses key cloud concepts like deployment models, service models, and characteristics of cloud computing. It then describes AWS in more detail, covering AWS global infrastructure including regions, availability zones, and edge locations. The document also discusses core AWS services like Identity and Access Management (IAM), EC2, S3, and networking. IAM controls user access and permissions, while EC2, S3, and networking provide fundamental cloud infrastructure and storage capabilities.

Uploaded by

Tanya Kaushi
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
39 views

Cloud Computing - 1

The document provides an overview of cloud computing and Amazon Web Services (AWS). It discusses key cloud concepts like deployment models, service models, and characteristics of cloud computing. It then describes AWS in more detail, covering AWS global infrastructure including regions, availability zones, and edge locations. The document also discusses core AWS services like Identity and Access Management (IAM), EC2, S3, and networking. IAM controls user access and permissions, while EC2, S3, and networking provide fundamental cloud infrastructure and storage capabilities.

Uploaded by

Tanya Kaushi
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 44

SE4010 - Current

Trends in Software CLOUD COMPUTING


Engineering
Keshawa Yaddehikandage
About Me
▪ I’m Keshawa Yaddehikanda
▪ Team Lead SysOps at Circles.life
▪linkedin.com/in/keshawa-yaddehikanda-a7b07b14b
Lecture Objective
1.To Provide an Understanding to Cloud
Computing
2.?
Lecture Content
▪Introduction to Cloud Computing - Week 1
▪ What is Cloud Computing ?
▪ History and Origins
▪ Characteristics of Cloud Computing
▪ CapEX vs OpEx
▪ Vertical Scalability
▪ Horizontal Scalability
▪Types of Cloud Deployment Methods
▪ Private
▪ Hybrid
▪ Public
▪ Types of Cloud Computing Services
▪ SAAS
▪ PAAS
▪ IAAS
Lecture Content Cont.
▪ introduction Amazon Web Services – Week 1
▪ AWS Cloud History
▪ AWS Global Infrastructure
▪ AWS Regions
▪ Choosing an AWS Region
▪ AWS Availability Zones
▪ Edge Locations
▪ Global Services vs Regional Services

▪Identity and Access Management – IAM


▪ Users & Groups
▪ Permissions & Policies
▪ Password Policy & MFA
▪ Access Methods of AWS
Lecture Content Cont.
▪ EC2 – Week 2
▪ EC2 sizing & configuration options
▪ EC2 Instance Storage Section
▪ Security Groups
▪ AMI Overview
▪ Simple Storage Service – S3
▪ S3 Storage Classes
▪ S3 Buckets and Objects
▪ S3 Security
▪ S3 Web Site – Demo
▪ S3 Consistency Model
▪ Networking – VPC - Week 3
▪ Database – RDS Week 3
▪ Costing Management
Introduction CLOUD COMPUTING
What is cloud computing?
• Cloud Computing Is The Delivery of Computing Services
including Servers, Storage, Databases, Networking,
Software, Analytics, and Intelligence over The Internet

• Typically pay only for cloud services you use, helping to


lower the operating costs

• Run the infrastructure more efficiently, and scale as your


business needs change
History and Origins

https://www.bcs.org/media/2416/cloud-timeline-1960-2005.jpg
History and Origins

https://www.bcs.org/media/2417/cloud-timeline-2005-2020.jpg
Characteristics of Cloud Computing
• Resources Pooling
• On-Demand Self-Service
• Easy Maintenance
• Scalability And Rapid Elasticity
• Economical
• Measured And Reporting Service
• Security
• Automation
• Resiliency And Availability
• Large Network Access
• Work From Any Location
• Multi-Tenancy
• Flexibility
• Service Excellence
• Comfortable Payment Structure
CapX vs Opex (Cloud Compute Context)
CapX vs Opex (Cloud Compute Context) Cont.
CapX OpeX
Up front Cost Significant None
Ongoing Cost Low Based on Usage
Value Over Time Lowers No Change
Early Termination No Anytime
Maintenance Significant Low
Vertical & Horizontal Scalability
• Scalability means that an application / system can handle greater loads by adapting.
• Vertical Scalability - Vertically scalability means increasing the size of the instance
• Horizontal Scalability -Horizontal Scalability means increasing the number of instances / systems for your application
Types of Cloud Deployment Models
• Private Cloud
• Hybrid Cloud
• Public Cloud
Private Cloud
• Private cloud is a type of cloud computing that delivers similar advantages to public cloud,
including scalability and self-service, but through a proprietary architecture.

• A private cloud, also known as internal or corporate cloud, is dedicated to the needs and
goals of a single organization whereas public clouds deliver services to multiple
organizations.
Private Cloud Architecture
Hybrid Cloud
• Hybrid cloud refers to a mixed computing, storage, and services environment made up of on-
premises infrastructure, private cloud services, and a public cloud—such as Amazon Web
Services (AWS) or Microsoft Azure—with orchestration among the various platforms.

• Using a combination of public clouds, on-premises computing, and private clouds in your
data center means that you have a hybrid cloud infrastructure.
Hybrid Cloud Architecture
Public Cloud
• A public cloud is a platform that uses the standard cloud computing model to make resources -- such as
virtual machines, applications or storage -- available to users remotely. Public cloud services may be
free or offered through a variety of subscription or on-demand pricing schemes, including a pay-per-
usage model.
Types of Cloud Computing Services
Introduction AMAZON WEB
SERVICES
AWS Cloud History
AWS Global Reach
• In 2019, AWS had $35.02 billion in annual revenue.
• AWS accounts for 47% of the market in 2019 (Microsoft is
2nd with 22%)
• Pioneer and Leader of the AWS Cloud Market for the 9th
consecutive year
• Over 1,000,000 active users
AWS Global Reach
• In 2019, AWS had $35.02 billion in annual revenue.
• AWS accounts for 47% of the market in 2019 (Microsoft is
2nd with 22%)
• Pioneer and Leader of the AWS Cloud Market for the 9th
consecutive year
• Over 1,000,000 active users
AWS Global Infrastructure
• AWS Regions
• AWS Availability Zones [AWS
Data Centers]
• AWS Edge Locations
AWS Regions
• AWS has Regions all around the
world
• Names can be ap-southeast-1, eu-
west-3
• A region is a cluster of data centers
AWS Availability Zones
• Each region has many availability zones (usually 3, min is
2, max is 6)
• The AZ are named based on their region
• Example: • ap-southeast-2a • ap-southeast-2b

• Each availability zone (AZ) is one or more discrete data


centers with redundant power, networking, and
connectivity

• They’re separate from each other, so that they’re


isolated from disasters • They’re connected with high
bandwidth, ultra-low latency networking
Edge Locations
• Amazon has 216 Points of Presence (205
Edge Locations & 11 Regional Caches) in
84 cities across 42 countries.
• Content is delivered to end users with
lower latency.
Choose an AWS Region
• Compliance with Data Governance and Legal Requirements: data never leaves a
region without your explicit permission.
• Proximity to customers reduced latency.
• Available services within a Region: new services and new features aren’t available
in every Region.
• Pricing: pricing varies region to region and is transparent in the service pricing
page.

• AWS Regional Services (amazon.com)


AWS Shared Responsibility Model
AWS Console
AWS has Global Services
• Identity and Access Management (IAM)
• Route 53 (DNS service)
• CloudFront (Content Delivery Network)
• WAF (Web Application Firewall)
Most AWS services are Region-scoped
• Amazon EC2 (Infrastructure as a Service)
• Elastic Beanstalk (Platform as a Service)
• Lambda (Function as a Service)
IAM AMAZON WEB
SERVICES
IAM: Users & Groups
• IAM = Identity and Access Management, Global service.

• Root account created by default, shouldn’t be used or shared Users are people within your
organization, and can be grouped.

• Groups only contain users, not other groups.

• Users don’t have to belong to a group, and user can belong to multiple groups.
IAM: Permissions
• Users or Groups can be assigned JSON
documents called policies.

• These policies define the permissions of the


users.

• In AWS you apply the least privilege principle:


don’t give more permissions than a user
needs.
IAM Policies Structure
• Consists of • Version: policy language version, always include “2012 -10
- 17”

• Id: an identifier for the policy (optional)

• Statement: one or more individual statements (required)

• Statements consists of

• Sid: an identifier for the statement (optional)

• Effect: whether the statement allows or denies access (Allow, Deny)

• Principal: account/user/role to which this policy applied to

• Action: list of actions this policy allows or denies.

• Resource: list of resources to which the actions applied to

• Condition: conditions for when this policy is in effect (optional)


IAM Policies Inheritance
IAM – Password Policy
• Strong passwords = higher security for your account
• In AWS, you can setup a password policy:
• Set a minimum password length
• Require specific character types:
• including uppercase letters
• lowercase letters
• Numbers
• non-alphanumeric characters
• Allow all IAM users to change their own passwords
• Require users to change their password after some time (password expiration)
• Prevent password re-use
Multi Factor Authentication - MFA
• Users have access to your account and can possibly change configurations or delete resources I
your AWS account

• You want to protect your Root Accounts and IAM users

• MFA = password you know + security device you own


MFA devices options in AWS
How can users access AWS ?
• To access AWS, you have three options:
• AWS Management Console (protected by password + MFA)
• AWS Command Line Interface (CLI): protected by access keys
• AWS Software Developer Kit (SDK) - for code: protected by access keys
• Access Keys are generated through the AWS Console
• Users manage their own access keys
• Access Keys are secret, just like a password. Don’t share them
• Access Key ID ~= username
• Secret Access Key ~= password
What’s the AWS SDK?
• AWS Software Development Kit (AWS SDK)
• Language-specific APIs (set of libraries)
• Enables you to access and manage AWS services programmatically
• Embedded within your application
• Supports
• SDKs (JavaScript, Python, PHP, .NET, Ruby, Java, Go, Node.js, C++) • Mobile SDKs (Android,
iOS, …)
• IoT Device SDKs (Embedded C, Arduino, …) • Example: AWS CLI is built on AWS SDK for Python
IAM Guidelines & Best Practices
• Don’t use the root account except for AWS account setup
• One physical user = One AWS user
• Assign users to groups and assign permissions to groups
• Create a strong password policy
• Use and enforce the use of Multi Factor Authentication (MFA)
• Create and use Roles for giving permissions to AWS services
• Use Access Keys for Programmatic Access (CLI / SDK)
• Audit permissions of your account with the IAM Credentials Report
• Never share IAM users & Access Keys
2 ? AWS Certifications

You might also like