Révision Cloud Computing

● What is the virtualization ? it’s the concept of using multiple services

without having access to the hardware
● What are the types of virtualization in the cloud ? compute service ( EC2,
ECS, Lambda … etc) / storage service (S3) / database service (
RDS,Dynamodb, elasticache ..) / networking service (VPC) / analytic service
(sagemaker, quicksight, lex …) … etc
● What are the problems with traditional IT approach?
° expensive rent for the data center
° hardware requirements : space , maintaining , staff, time, capex, investment,
planning.. etc
° dealing with disasters
° adding physical resources takes time = long hardware procurement cycle =
scaling is limited … etc
● What is the main reason for using the cloud?
° trade capex (Capitan expenses) for opex (operational expenses)
° to minimize the cost of running and maintaining data centers
° Stop guessing capacity
° not dealing with disasters ( network latency , earthquake, power supply,
incident .. etc)
° increase speed and agility
° Go global in minute ( to launch a service in few minutes)
° pay-as-you-go
° on-demand delivery
° Cost-effectiveness
● What are the 3 types (models) of the cloud?
° Public Cloud : owned and operated by a third party (Cloud provider) , and
delivered via the internet ( accessible for all users)
° Private Cloud : owned and operated by a single enterprise ( organization),
and not exposed to the internet (public)
° Hybrid Cloud : keep some applications ( data ) locally and extend the other
to a public provider
● What are the 3 types of CLOUD SERVICES?
° Infrastructure As A Service (IAAS) : you can control the hardware ( choose
the operating system , update and maintain your system, configure your
firewalls, control the applications … etc) , ex : Elastic Compute Cloud ( EC2)/
Microsoft azure VM
° Plateforme As A Service (PAAS) : Run, Build and Deploy Applications
without having managing the infrastructure ( hardware ) , ex: Elastic Beanstalk
° Software As A Service (SAAS) : End-user application that the service
provider runs and manages , ex: GMAIL/ in AWS : S3 , RDS, DynamoDB …
ect

1
● Scalability : increase/decrease the components of my infrastructure to
handle my workload
● Elasticity: once a system is scalable , elasticity means the automatic
capability to adapt resources based on the real-time demand = autoscaling
● Agility: the ability to respond quickly to changes or new requirements
● High availability: maintaining consistent system with the minimum latency in
the normal condition
● Fault tolerance ( La tolérance aux pannes) : in case of system failure (
disaster), your application must stay available and with the minimum latence /
your system must recover from failure
● The Global Infrastructure on AWS:
° Regions : it’s a geographic zone where the data centerS are located
° Availability zone: a single data center , separated from the other data
centers by its own networking , supply power … etc
° Point of presence = Edge Location : to access a part of my application
without the need of the internet ( to insure the concept of going global in
minute)

● How to choose a region in AWS?

°Compliance!!!!
°Available services
°proximity
°Pricing
● What are the risks of the cloud? when you don’t respect the compliance ,
you risk to have legal problems / security risks ( when you don’t
miss-configure the security aspect of your cloud) / cost risks ( when you
overuse your cloud resources)

2
 ● What is the root account? it’s the first account created when the AWS
account is established / it has all the permissions by default , and it has a
higher privilege than the administrator ( because the administrator is an IAM
user)

Compute service : EC2

● Elastic Compute Cloud = Infrastructure as a service

● = Server
● it’s a virtual server
● in the cloud, we don’t say server , we say INSTANCE
● What is the user data? it’s command lines or a script that i passed to
my EC2 instance and it will be executed during its launch =
bootstrapping
● What are the types of instances?

On-demand Reserved(RI) Spot Dedicated Dedicated

hots instance

● Pay what you use ● reserve for a ● up to 90% ● you ● you have
● higher cost than specific period ( discount have the
reserved and spot 1 or 3 years) ● you can “lose” the access to
instance ● Up to 72% of ● the instance acces the
● used for short discount ( No at any time s to server ,
and predictable Upfront + , ● used for the but
workload and Partial Upfront short, physic shared
un-interrupted ++, All Upfront unpredictabl al with
+++) e and servic other
● used for long interrupted e dedicate
and predictable workload d
workload , and instance
un-interrupted)
● Convertible RI:
I can change
the EC2 type,
family , os .. etc

1- Using On-Demand and Reserved Instance : E-commerce site that have a

constant workload during the business days (MONDAY-FRIDAY), and the traffic
increase in the weekend ⇒ Solution : use Reserved instance in business days , and
add on-demand instances in the weekend

2- Using Reserved Instance and Spot instance : an application that have a

constant and predictable workload during the whole year , and once a year the tech
teams wants to run a machine learning job ⇒ Solution : use Reserved instance the

3
whole year , and Spot instance for the machine learning job ( because in case you
lose it, it will not affect your business , it’s a cost-effective solution)

● What is the security Group? it’s a virtual firewall that control the inbound
and the outbound traffic to your instance ( inbound by default blocked , and
the outbound by default allowed) / inbound = le traffic qui entre à l’instance ;
outbound = le traffic qui sort de l’instance / ex : allow/deny connection from
port HTTP : 80
● What are the classes of the EC2 instance?
° General purpose : it’s a balanced class between memory , compute and
storage
° Compute Optimized : it’s a class that we use for the applications that needs
a high performance ( ex : for machine learning purpose )
° Memory Optimized : it’s a class that we use for the applications that needs a
high memory ( ex : hosting a database)
● Shared Responsibility Model for the EC2 :
⇒ IN THE CLOUD : it’s the customer responsibility
⇒ OF THE CLOUD : it’s the AWS responsibility

AWS CUSTOMER

● maintaining the infrastructure ● configuring the instance

● Isolation of the hardware ● configuring the security group
● using the user data

Elastic Loadbalancer (ELB) and autoscaling group

● what is the Elastic loadbalancer?(ELB) it’s a service that distribute

effectively the workload between EC2 instances/ it insure the concept of the
high-availabilty
● what are the types of ELB? Application Loadbalancer , Network
Loadbalancer , and Gateway loadbalancer
( the classic loadbalancer is retired !!!!!!)
● What is the horizontal scalability? adding/removing ec2 instances to your
applications ( Scale in = add / Scale out = remove )
● What is the vertical scalability? adding/removing resources to your instance
( scale up = add / scale = down) = increasing/decreasing the size of the
instance
● What is the autoscaling group? to adjust dynamically ( automatically)
resources in your infrastructure based on the traffic / when creating an
autoscaling group, we configure the max capacity ( the maximum number of
ec2 instance to launch) , the min capacity ( the minimum number of ec2
instance to launch) and the desired capacity ( the number of instance that i

4
 want to have with a normal traffic ) / we configure the launch template ( type ,
os , cpu , ram … etc) , it’s a template where the autoscaling group use to
create new instance

Identity And Access Management (IAM)

● it’s an AWS service

● it’s a service to manage authorization and authentication
● with the IAM , i can create users and groups
● it’s global service
● a group can have multiple users
● i can attach a permission to a user or a group
● if a permission is attached to a group , all the users of this group inherit
it
● What is the least privilege principle? don’t give more permissions
than a user needs
● IAM Policies is a JSON File
● What are the best practices? to use a strong password / to use
multi-factor authentication ( google authenticator/ /yubikey)
● What is authentication? it’s the login with your password
● What is authorization? it’s the action that you can do or not on your
account

Types of storage in cloud:

BLOCK FILE OBJECT

EBS : Elastic Block Store EFS : Elastic File System S3 : Simple Storage
Service

EC2 Instance Storage

● EBS: Elastic Block Storage : it’s a network drive attached to your EC2
instance / we can only attach EBS volumes to an EC2 instance IN THE SAME
AVAILABILITY ZONE (AZ) / we can’t attach ONE EBS TO MULTIPLE
INSTANCE IN THE SAME TIME, but we can attach multiple EBS to a single
EC2 / to move an EBS from an AZ to another , we create a snapshot ( Copy)
( EBS Volume = SSD disk on-prem)
● EFS: Elastic File System: it’s a managed file system for EC2 instance , very
scalable, elastic and with a high capacity / it can be attached to multiple EC2
in the same time and in multiple AZ’s

5
 ● Instance Store: it will be directly related to the EC2 instance in the same
hardware to minimize the latency

SIMPLE STORAGE SERVICE (S3)

● it’s a storage service

● use cases : backup , disaster recovery , archive, data lake, for static website
● S3 bucket : it’s a “folder” ( équivalent d’un dossier)
● S3 Object : it’s a “file” ( équivalent d’un fichier)
⇒ i create a bucket ( folder) , and on this bucket i store an object (file)
● What is the bucket policy? it’s a JSON file , and it’s a mechanism for
controlling the access to the objects in my bucket based on rules
● What is the versioning? it’s an option of creating multiple versions of one
object , to insure traceability , and to have a rollback when needed ⇒ use
case : when you have multiple users that access to your s3 and you want to
recover your data when it’s overwritten or deleted , use versioning
● What is the lifecycle policy? it’s a pre-configured rule to control transitioning
objects between classes or deleting them
● we can configure my bucket policy to be a static website

Database Section
All the databases are managed by AWS ( SAAS )

RDS AURORA DYNAMODB ELASTICACHE

● it’s a ● it’s a ● it’s a ● it’s an
relational relational non-relational in-memory
database database database database
● used with ● used only ● use DAX ( ● for caching use
mysql, with mysql DynamoDB ● to increase
postgres, and postgres Accelerator) speeding and
oracle, ● 3x = in-memory performance of
microsoft performance database the application
server . sql with postgres ● Key-value
server .. ect ● 5x
performance
with mysql
● cost+++
● what is an RDS Read replica: it’s a copy from the main RDS database that
we use ONLY FOR READ REQUESTS ( we can’t write on a read replica) / it’s
used to increase the speed and performance of the application

6
 ERROR SECTION

● Reasons of 403 error within an s3 static website: public access is blocked

/ bucket policy is not configured
● Reasons of 504 error within an EC2 instance: a security a group is
blocking the traffic
● Reasons of 503 error within an EC2 instance: the ec2 instance is stopped