Unit-3

Enriching the Cloud Security with Computing Technology

• IAAS
• PAAS
• SAAS
• Understanding Compute Services
• Deploying and Scaling Services using AWS
Elastic Beanstalk
• Shared Responsibility Model
• Securing Accounts and Ensuring Compliance
• Scale and Load Balance your Data Architecture
• Server Monitoring using Cloud Logs
 Cloud Service Model
.
 IAAS
• Iaas is also known as Hardware as a Service (HaaS). It is one of the layers of the cloud
computing platform. IaaS providers manage their customers’ data on physical servers across the
world. The IaaS platform is a type of server, but you don’t have to manage a physical server,
because the IaaS cloud service provider hosts it for you on virtual machines. As the user,
however, you are responsible for the operating system and any data, applications, middleware,
and runtimes
• IaaS is offered in three models: public, private, and hybrid cloud. The private cloud implies that
the infrastructure resides at the customer-premise. In the case of public cloud, it is located at
the cloud computing platform vendor's data center, and the hybrid cloud is a combination of
the two in which the customer selects the best of both public cloud or private cloud.
 IAAS - Services
• IaaS provider provides the following services -
• Compute: Computing as a Service includes virtual central processing units and virtual main memory for the
Vms that is provisioned to the end- users.
• Storage: IaaS provider provides back-end storage for storing files.
• Network: Network as a Service (NaaS) provides networking components such as routers, switches, and
bridges for the Vms.
• Load balancers: It provides load balancing capability at the infrastructure layer.
 IAAS – Pros N Cons
.

Advantage Disadvantage
Shared infrastructure Security

Web access to the resources Maintenance & Upgrade

Pay-as-per-use model Interoperability issues

Focus on the core business Training

On-demand scalability Legacy systems

 IAAS Example
• Amazon Web Services (AWS): AWS is overseen by Amazon and is used for on-demand cloud
computing and purchased for on a recurring subscription basis.

• Microsoft Azure: Microsoft Azure is a cloud computing model that allows for building,
testing, and managing applications through a network of Microsoft data centers.

• Google Cloud: Google Cloud is an IaaS platform that businesses can use to natively run
Windows, Oracle, and SAP, as well as AI solutions to increase operational efficiency.

• IBM Cloud: IBM Cloud allows businesses to “allocate your computer, network, storage and
security resources on demand”, so businesses only use resources when needed.
 IAAS Providers
.
 PAAS
• PaaS is also referred to as cloud platform services, and provides developers with a framework,
software and tools needed to build apps and software which are all accessible through the
internet.
• Platform as a Service (PaaS) provides a runtime environment. It allows programmers to easily
create, test, run, and deploy web applications. You can purchase these applications from a
cloud service provider on a pay-as-per use basis and access them using the Internet connection.
In PaaS, back end scalability is managed by the cloud service provider, so end- users do not
need to worry about managing the infrastructure.
 PAAS
PaaS providers provide the Programming languages, Application frameworks, Databases, and Other tools:
1. Programming languages: PaaS providers provide various programming languages for the developers to
develop the applications. Some popular programming languages provided by PaaS providers are Java, PHP,
Ruby, Perl, and Go.
2. Application frameworks: PaaS providers provide application frameworks to easily understand the application
development. Some popular application frameworks provided by PaaS providers are Node.js, Drupal, Joomla,
WordPress, Spring, Play, Rack, and Zend.
3. Databases: PaaS providers provide various databases such as ClearDB, PostgreSQL, MongoDB, and Redis to
communicate with the applications.
4. Other tools: PaaS providers provide various other tools that are required to develop, test, and deploy the
applications.
 PAAS – Pros N Cons
.

Advantage Disadvantage
Simplified Development Vendor lock-in

Lower risk Data Privacy

Integration with the rest of the systems

Prebuilt business functionality
applications

Instant community Operational limitations

Scalability Runtime
 PAAS Example
• Google App Engine: Google App Engine allows developers to build and host web applications
in cloud-based data centers that Google manages.

• Red Hat OpenShift: Red Hat OpenShift is an on-premises containerization PaaS software.

• Heroku: Developers can use this PaaS tool to build, manage, and grow consumer-facing apps.

• Apprenda: Apprenda is a PaaS product that allows developers and businesses to host an
entire application portfolio. Build and deploy applications of all types on this platform.
 PAAS Providers
.
 SAAS
• SaaS is also known as "On-Demand Software". It is a software distribution model
in which services are hosted by a cloud service provider.
• The SaaS service model is sometimes referred to as cloud application services.
SaaS solutions are the most commonly used services within the cloud market.
SaaS platforms make software available to users over the internet, usually for a
monthly subscription fee.
 SAAS - Services
• There are the following services provided by SaaS providers -
• Business Services - SaaS Provider provides various business services to start-up the business. The SaaS business
services include ERP (Enterprise Resource Planning), CRM (Customer Relationship Management), billing, and sales.
• Document Management - SaaS document management is a software application offered by a third party (SaaS
providers) to create, manage, and track electronic documents. Example: Slack, Samepage, Box, and Zoho Forms.
• Social Networks - As we all know, social networking sites are used by the general public, so social networking
service providers use SaaS for their convenience and handle the general public's information.
• Mail Services - To handle the unpredictable number of users and load on e-mail services, many e-mail providers
offering their services using SaaS.
 SAAS – Pros N Cons
.
Advantage Disadvantage
SaaS is easy to buy Security

One to Many Lack of control

Less hardware required for SaaS Total Dependency on Internet

Switching between SaaS vendors is

Low maintenance required for SaaS
difficult
No special software or hardware versions
Interoperability
required

Multidevice support Customization

 SAAS Example
• Dropbox: Dropbox is a file-sharing SaaS tool that allows multiple users within a group or
organization to upload and download different files.
• Hubspot: HubSpot is a CRM, marketing, sales, and service SaaS platform that businesses use to
connect with and retain customers.
• Shopify: A subscription-based program that lets anyone build an online store easily. Clients can
also sell in physical locations with the company’s POS app and extra hardware.

• Adobe Creative Cloud: Offers the full suite of Adobe Inc.’s software that allows for video and
photo editing and manipulation, graphic design, etc.
 SAAS Providers
.
 IAAS, PAAS, SAAS - Examples
.
 Understanding Compute Services
• Compute services are also known as Infrastructure-as-a-Service (IaaS).

• Compute platforms, such as AWS Compute, supply a virtual server

instance and storage and APIs that let users migrate workloads to a
virtual machine.

• Users have allocated compute power and can start, stop, access, and
configure their computer resources as desired.
 Compute Services Types
.
Configure Capacity based on Requirements

Use Standard Compute Resources with

Predefined Capacity

Server less Compute

 Compute Services Benefits
. Auto Scaling

Web Based and Command line Control

Secure Resizable Compute Capacity on Cloud

Replace Impaired Instance Automatically

Improve Fault Tolerance

Increase Application Availability

Lower Cost
 Terminology
• Instance = One running virtual machine.
• Instance Type = hardware configuration: cores, memory, disk.
• Instance Store Volume = Temporary disk associated with instance.
• Image (AMI) = Stored bits which can be turned into instances.
• Key Pair = Credentials used to access VM from command line.
• Region = Geographic location, price, laws, network locality.
• Availability Zone = Subdivision of region the is fault-independent.
 AWS – Compute Services
.
 AWS – Compute Services
.
 AWS – Compute Services
• Amazon Web Services (AWS) offers many compute services. This module will
discuss the highlighted services.
Amazon EC2 (Instance)

ECR/EKS/ECS (Container)

AWS Lambda (Server less)

AWS Outposts (Edge & Hybrid)

AWS Elastic Beanstalk (Cost & Capacity Management)

 Amazon EC2
• Amazon EC2 is a web service that provides sizable compute capacity in the cloud.
• Access reliable, scalable infrastructure on demand. Scale capacity within minutes
with SLA commitment of 99.99% availability.
• Amazon Machine Images (AMIs) are the basic building blocks of Amazon EC2
• An AMI is a template that contains a software configuration (operating system,
application server and applications) that can run on Amazon’s computing
environment
• AMIs can be used to launch an instance, which is a copy of the AMI running as a
virtual server in the cloud.
 Getting Started with Amazon EC2
Step 1: Sign up for Amazon EC2
Step 2: Create a key pair
Step 3: Launch an Amazon EC2 instance
Step 4: Connect to the instance
Step 5: Customize the instance
Step 6: Terminate instance and delete the volume created
 EC2 Instance Types
.

General Compute Memory Accelerated

Purpose Optimized Optimized Computing

Storage HPC Instance

Optimized Optimized Features
 EC2 Instance Pricing Model
.
 Elastic Kubernetes Service - EKS
• Amazon Elastic Kubernetes Service (Amazon EKS) is a fully-managed, certified
Kubernetes conformant service that simplifies the process of building, securing,
operating, and maintaining Kubernetes clusters on AWS.
• Kubernetes is an open-source platform for managing containerized workloads and
services.
• Kubernetes takes care of scaling and failover for your application running on the
container.
• Kubernetes cluster is used to deploy containerized applications on the cloud.
Kubernetes uses the same underlying infrastructure, OS, and container.
 EKS
• Amazon EKS is a managed service that is used to run Kubernetes on AWS. Using
EKS users don’t have to maintain a Kubernetes control plan on their own. It is
used to automate the deployment, scaling, and maintenance of the containerized
application. It works with most operating systems.
 AWS Lambda
Run code without thinking about servers or clusters
Run code without provisioning or managing servers, creating workload-aware
cluster scaling logic, maintaining event integrations, or managing runtimes.
Run code for virtually any type of application or backend service. Just upload your
code as a ZIP file or container image, and Lambda automatically allocates
compute execution power and runs your code based on the incoming request or
event, for any scale of traffic.
AWS Lambda is a compute service that runs your code in response to events and
automatically manages the compute resources, making it the fastest way to turn
an idea into a modern, production, serverless applications.
 AWS Lambda
• AWS Lambda is a serverless computing service provided by Amazon Web Services
(AWS). Users of AWS Lambda create functions, self-contained applications written
in one of the supported languages and runtimes, and upload them to AWS
Lambda, which executes those functions in an efficient and flexible manner.

• The concept of “serverless” computing refers to not needing to maintain your

own servers to run these functions. AWS Lambda is a fully managed service that
takes care of all the infrastructure for you. And so “serverless” doesn’t mean that
there are no servers involved: it just means that the servers, the operating
systems, the network layer and the rest of the infrastructure have already been
taken care of, so that you can focus on writing application code.
AWS Lambda
.
 AWS Lambda
• Benefits
• Serverless Architecture
• Focus on Code
• No VM Needs to be Created
• Pay as you go
• Monitor your Performance
• Limitation
• Maximum Disk Provided is 512MB. (Runtime Environment)
• Memory values varies between 128 to 3008MB.
• Function timeout set to only 900 Seconds.
• Only available Lang. in the Lambda editor can be used.
 AWS Outposts
• AWS Outposts is a fully managed service that extends AWS infrastructure, AWS
services, APIs, and tools to virtually any datacenter, co-location space, or on-
premises facility for a consistent hybrid experience.
• AWS Outposts is good for workloads that require low latency access to on-
premises systems, local data processing, or local data storage.
• AWS Outposts is an on-premises IT as a service (ITaaS) platform from Amazon
Web Services (AWS). Outposts, which acts as a hybrid cloud, allows users to host
an environment similar to a public cloud on premises.
 AWS Outposts
• It allows you to run Amazon EC2, Amazon EBS, Amazon S3, container-based
services like Amazon EKS, database services like Amazon RDS, and analytics
services like Amazon EMR on-premises. You can run, manage, and secure your
applications on-premises and in the cloud using the same AWS APIs, tools, and
security controls.
 AWS Elastic Beanstalk
• With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud
without having to learn about the infrastructure that runs those applications.
• Elastic Beanstalk reduces management complexity without restricting choice or control. You
simply upload your application, and Elastic Beanstalk automatically handles the details of
capacity provisioning, load balancing, scaling, and application health monitoring.
• Elastic Beanstalk supports applications developed in Go, Java, .NET, Node.js, PHP, Python, and
Ruby. When you deploy your application, Elastic Beanstalk builds the selected supported
platform version and provisions one or more AWS resources, such as Amazon EC2 instances, to
run your application.
• You can interact with Elastic Beanstalk by using the Elastic Beanstalk console, the AWS
Command Line Interface (AWS CLI), or eb, a high-level CLI designed specifically for Elastic
Beanstalk.
 AWS Elastic Beanstalk
• Upload and deploy web applications in a simplified, fast way.
• Focus on writing code instead of provisioning and managing infrastructure.
• Select and retain full control of the optimal AWS resources for powering your applications.
• Use adjustable settings to scale your application for handling peaks in traffic, while minimizing
costs.
 AWS Elastic Beanstalk
.
Platforms for Programming Languages Provided By Elastic Beanstalk are
GO
Java
Node.js
PHP
Python
Ruby
Platforms for Application Servers Provided by Elastic Beanstalk are
Tomcat
Docker
 AWS Elastic Beanstalk - Components
• Application: Elastic Beanstalk directly takes in our project code. So Elastic Beanstalk application is named the same as your project home directory.
• Application Environments: Users may want their application to run on different environments like DEV, UAT, and PROD. You can create and configure different
environments to run applications on different stages.
• Environment Health: AWS runs automatic health checks on all EC-2 deployments (Elastic Beanstalk is a managed EC-2 service) which can be monitored from the
AWS console. For example, in the case of web applications AWS will regularly, as scheduled by the developers, ping the application to check if the response is status
code 200 and if the application is running as expected. Health check responses:
• Red: The application failed all health tests.
• Yellow: The application failed some of the health tests.
• Grey: The application is updating.
• Green: The application passed the health check successfully.
• Scalability: Using Auto-Scaling within Elastic Beanstalk makes the application dynamically scalable.
• Elastic Load Balancing: All the web requests to the application are not directly relayed to application instances. They first hit the Elastic Load Balancer (ELB), which,
as the name suggests, balances the load across all the application instances.
• Language support: Elastic Beanstalk supports the applications developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as
Apache, Nginx, Passenger, and IIS.
• Pricing: There is no extra charge for using Elastic Beanstalk. Users are only required to pay for the services and resources provisioned by Elastic Beanstalk Service.
• Impossible to Outgrow: AWS claims that since Elastic Beanstalk uses the Auto Scaling feature it can, in theory, handle any amount of internet traffic.
 Deploying and Scaling Services using AWS
Elastic Beanstalk
• AWS Elastic Beanstalk is a cloud deployment and provisioning service that
automates the process of getting applications set up on the Amazon Web Services
(AWS) infrastructure.
• Deploying and scaling services using AWS Elastic Beanstalk is a straightforward
process that allows you to quickly deploy, manage, and scale applications in the
AWS cloud.
• Elastic Beanstalk abstracts the underlying infrastructure, automates deployment,
and provides a platform for deploying various types of applications, including web
applications, APIs, and worker services.
 How to Deploy an Application Using Elastic
Beanstalk
Step 1: Visit the AWS Console and type “Elastic Beanstalk” into the search bar. After selecting Elastic Beanstalk from
the drop-down menu below, you will be taken to the Elastic Beanstalk page where you can click “Create application”
to launch a sample application using Elastic Beanstalk. As shown in the screenshots.
 How to Deploy an Application Using Elastic
Beanstalk
.
 How to Deploy an Application Using Elastic
Beanstalk
Step 2: In this step, we are going to configure the necessary Application information
like Name, and key-value pairs and select the platform in which the language the
application is developed has to be deployed, the platform branch, platform version,
and Application code.
If you want to deploy your own application code then select the option “Upload
your code” It needs to be in form of a ZIP or WAR file which is compulsory and
needs to be in your local computer or S3 bucket and a version label which your
going to provide must be unique.
 How to Deploy an Application Using Elastic
Beanstalk
.
 How to Deploy an Application Using Elastic
Beanstalk
.
 How to Deploy an Application Using Elastic
Beanstalk
Step 3: Step 4: In this step, We do not need to do anything AWS Elastic Beanstalk
will take care of the resource required to deploy the web application like
EC2 instance
Security Group
S3 bucket
Environment
Load Balancer Listener
CloudWatch Alarms
Auto Scaling Group
Elastic load balancer (ELB)
 How to Deploy an Application Using Elastic
Beanstalk
Step 4: In the screenshot below, under “Gfgapplication-env,” we can see the URL of the application, which can be
accessed through the internet. We can also see that the health is marked in “green color, OK,” indicating that our
application has been successfully deployed and has not encountered any difficulties. The resources or full
architecture developed by AWS Beanstalk to deploy our application are visible in the Recent Events section.
 How to Deploy an Application Using Elastic
Beanstalk
Step 6: The very last and most important step requires us to use the URL provided by the Elastic Beanstalk to visit our
Jave web application. as seen in the image below.
 Auto Scaling an Application Using Elastic
Beanstalk
.
 Steps
Here's an overview of the steps involved in deploying and scaling services using AWS Elastic Beanstalk:
• Step1: Create an Elastic Beanstalk Environment: Start by creating an Elastic Beanstalk environment for your
application. The environment represents the infrastructure and resources that will host your application. You
can choose the application platform, such as Node.js, Python, Java, or .NET, based on your application's
requirements.
• Step2: Package and Upload Your Application: Package your application code, configurations, and
dependencies into a ZIP file or a Docker container image. You can use tools like AWS CLI or AWS Management
Console to upload your application to Elastic Beanstalk.
• Step3: Configure Environment Settings: Configure various environment settings, such as the instance type,
auto-scaling settings, security groups, environment variables, and database connections. These settings
define how your application will be deployed and scaled.
• Step 4: Deploy Your Application: Once the environment is configured, initiate the deployment process to
deploy your application. Elastic Beanstalk will automatically provision the necessary resources, such as EC2
instances, load balancers, and databases, based on your configuration.
 Steps
• Step 5: Monitor and Test Your Application: Elastic Beanstalk provides built-in monitoring and logging capabilities. You can use
AWS CloudWatch to monitor application health, performance metrics, and logs. It's essential to regularly monitor and test your
application to ensure it's running correctly and meeting your performance requirements.
• Step 6: Scaling Your Application: Elastic Beanstalk simplifies the scaling process by automatically handling load changes. You can
configure auto-scaling settings based on metrics like CPU utilization or request count. Elastic Beanstalk will automatically scale
the number of instances up or down to handle the load efficiently.
• Step 7: Application Updates: As you make changes or release new versions of your application, Elastic Beanstalk allows you to
perform rolling updates to minimize downtime. You can either manually trigger the update or configure automatic deployments
when new versions are available.
• Step 8: Monitoring and Optimizing Costs: Continuously monitor and optimize your environment to control costs. Analyze your
application's resource usage, adjust instance types, and optimize auto-scaling settings to match the actual workload. Utilize
AWS Cost Explorer and other cost management tools to gain insights into your expenses and identify potential cost-saving
opportunities.
By following these steps, you can effectively deploy, manage, and scale your applications using AWS Elastic Beanstalk. Elastic
Beanstalk abstracts the underlying infrastructure complexities, allowing you to focus on your application's development and
functionality while taking advantage of AWS's scalable and reliable infrastructure.
 Shared Responsibility Model
• The shared responsibility model is a security framework that outlines the division of security responsibilities
between AWS (the cloud service provider) and its customers.
• It clarifies which security aspects are the responsibility of AWS and which aspects the customers are responsible
for.
 Shared Responsibility Model
AWS's Responsibilities:
a. Infrastructure Security: AWS is responsible for the security of the underlying cloud
infrastructure, including the physical security of data centers, networking, and hardware.
b. Managed Services: AWS manages the security of its managed services such as Amazon
RDS, Amazon S3, and Amazon DynamoDB, including patching, availability, and data
durability.
c. Compliance and Auditing: AWS ensures that its infrastructure and services comply with
various industry-specific and global security standards and undergoes regular audits to
validate security controls.
d. Global Security Architecture: AWS designs and maintains a secure global infrastructure,
implementing security best practices to protect customer data.
 Shared Responsibility Model
Customer's Responsibilities:
a. Application Security: Customers are responsible for securing their applications, including
the operating system, network, and application-level security.
b. Data Security: Customers are responsible for classifying and protecting their data, including
encryption, access controls, and data lifecycle management.
c. Identity and Access Management: Customers are responsible for managing user access,
credentials, and permissions for their AWS accounts and services.
d. Network Security: Customers are responsible for configuring and managing security groups,
network access control lists (ACLs), and other network security measures.
e. Patch Management: Customers are responsible for maintaining the security of their
operating systems, databases, and applications by applying patches and updates.
 Securing Accounts & Ensuring Compliance
• Securing accounts and ensuring compliance in cloud computing is of utmost importance to
protect data, maintain privacy, and meet regulatory requirements. Here are key practices for
securing accounts and achieving compliance in cloud computing:
1. Strong Identity and Access Management (IAM):
a. Implement robust authentication mechanisms, such as multi-factor authentication (MFA), to ensure only
authorized individuals can access accounts and resources.
b. Apply the principle of least privilege, granting users the minimum required permissions to perform their
tasks.
c. Regularly review and update IAM policies and user access to maintain the principle of least privilege.
2. Data Encryption:
a. Encrypt sensitive data both at rest and in transit using encryption mechanisms provided by the cloud service
provider (CSP) or third-party encryption solutions.
b. Manage encryption keys securely and separately from the encrypted data.
 Securing Accounts & Ensuring Compliance
3. Network Security:
a. Utilize virtual private cloud (VPC) or similar network isolation mechanisms to create private network
segments and control inbound and outbound traffic.
b. Set up network access control lists (ACLs) and security groups to control and monitor network traffic.
c. Employ secure protocols (e.g., SSL/TLS) for communication and secure APIs using authentication and
authorization mechanisms.

4. Security Monitoring and Incident Response:

a. Implement robust logging and monitoring mechanisms to detect and respond to security incidents
promptly.
b. Utilize cloud-native security tools and services, such as AWS CloudTrail and AWS Config, to monitor and
track user activities and changes to resources.
c. Establish an incident response plan to handle security incidents effectively and minimize their impact.
 Securing Accounts & Ensuring Compliance
5. Compliance and Governance:
a. Understand the specific compliance requirements applicable to your industry (e.g., GDPR, HIPAA, PCI DSS)
and ensure your cloud environment adheres to these standards.
b. Regularly assess and audit your cloud infrastructure and applications to ensure compliance with security
and privacy regulations.
c. Leverage CSP-provided compliance certifications and reports to demonstrate adherence to industry
standards and regulations.

6. Security Education and Awareness:

a. Train employees on secure cloud usage practices, such as password hygiene, phishing awareness, and secure
data handling.
b. Promote a culture of security and encourage employees to report any security incidents or potential
vulnerabilities.
 Securing Accounts & Ensuring Compliance
7. Regular Security Assessments:
a. Perform regular vulnerability assessments and penetration testing to identify and address potential security
weaknesses.
b. Engage third-party security experts to conduct independent audits and assessments of your cloud
environment's security posture.

8. Vendor Management:
a. Establish clear security requirements and responsibilities in contracts and service level agreements (SLAs)
with CSPs.
b. Regularly review the security practices and compliance certifications of your CSP to ensure they align with
your requirements.
 AWS Identity and Access Management (IAM)

• Identity and Access Management (IAM) manages Amazon Web Services (AWS) users and their
access to AWS accounts and services. It controls the level of access a user can have over an AWS
account & set users, grant permission, and allows a user to use different features of an AWS
account.

• Identity and access management is mainly used to manage users, groups, roles, and Access
policies The account we created to sign in to Amazon web services is known as the root account
and it holds all the administrative rights and has access to all parts of the account.
 How IAM Works?
• IAM verifies that a user or service has the necessary authorization to access a particular service
in the AWS cloud. We can also use IAM to grant the right level of access to specific users,
groups, or services. For example, we can use IAM to enable an EC2 instance to access S3
buckets by requesting fine-grained permissions.
 What Does IAM Do?
• IAM Identities
• IAM Identities assists us in controlling which users can access which services and resources in the AWS
Console and also we can assign policies to the users, groups, and roles. The IAM Identities can be created by
using the Root user.
• IAM Identities Classified As
• IAM Users
• IAM Groups
• IAM Roles
 What Does IAM Do?
• IAM Users
• We can utilize IAM users to access the AWS Console and their administrative permissions differ from
those of the Root user and if we can keep track of their login information.
• IAM Groups
• A group is a collection of users, and a single person can be a member of several groups. With the aid
of groups, we can manage permissions for many users quickly and efficiently.
• IAM Roles
• While policies cannot be directly given to any of the services accessible through the Amazon
dashboard, IAM roles are similar to IAM users in that they may be assumed by anybody who requires
them. By using roles, we can provide AWS Services access rights to other AWS Services.
• IAM Policies
• IAM Policies can manage access for AWS by attaching them to the IAM Identities or resources. An IAM
policy is a document that defines permissions. AWS policies are stored in the form of Jason format the
number of policies to be attached to particular IAM identities depends upon no. of permissions
required for one IAM identity. IAM identity can have multiple policies attached to them.
 IAM Features
• Shared Access to your Account: A team working on a project can easily share resources
with the help of the shared access feature.
• Free of cost: IAM feature of the Aws account is free to use & charges are added only
when you access other Amazon web services using IAM users.
• Have Centralized control over your Aws account: Any new creation of users, groups, or
any form of cancellation that takes place in the Aws account is controlled by you, and
you have control over what & how data can be accessed by the user.
• Grant permission to the user: As the root account holds administrative rights, the user
will be granted permission to access certain services by IAM.
• Multifactor Authentication: Additional layer of security is implemented on your account
by a third party, a six-digit number that you have to put along with your password when
you log into your accounts.
 IAM
.
 IAM
.
 Securing Accounts
• AWS KEY MANAGEMENT SERVICE (AWS KMS)
• Enables you to create and manage encryption keys
• Enables you to control the use of encryption across AWS services and in your applications.

• AMAZON COGNITO
• Adds user sign-up, sign-in, and access control to your web and mobile applications.
• Supports sign-in with social identity providers, such as Facebook, Google, and Amazon.

• AWS SHIELD
• Is a managed distributed denial of service (DDoS) protection service
• Safeguards applications running on AWS
 Securing Data
.
 Scale and Load Balance your Data Architecture
SCALABILITY
• Scaling in cloud computing refers to the ability to adjust the resources, such as
compute, storage, or network capacity, to meet the changing demands of an
application or workload. Cloud computing provides flexible and scalable
infrastructure that allows organizations to scale their resources up or down as
needed. There are two primary types of scaling in cloud computing:
• Vertical Scaling (Scaling Up)
• Horizontal Scaling (Scaling Out)
 Scalability
.
 Types of Scalability
• Vertical Scaling (Scaling Up):
• Vertical scaling involves increasing the capacity of individual resources, such as upgrading to
a higher-capacity server or adding more memory to a virtual machine.
• In this approach, the size or capacity of a single resource is increased to handle higher
workloads or to meet performance requirements.
• Vertical scaling is suitable for workloads that can be managed by a single, more powerful
resource.
• Cloud providers typically offer options for vertical scaling, allowing users to resize their
instances, virtual machines, or databases to accommodate increased demand.
• This can be done manually or automatically through auto-scaling policies based on
predefined metrics like CPU utilization or memory usage.
 Types of Scalability
• Horizontal Scaling (Scaling Down):
• Horizontal scaling involves adding more instances, nodes, or servers to distribute the
workload across multiple resources.
• Instead of increasing the capacity of a single resource, horizontal scaling adds additional
resources to handle increased demand.
• This approach is suitable for workloads that can be divided into smaller, independent units
or can be processed in parallel.
• Cloud providers offer services and features that support horizontal scaling, such as auto-
scaling groups or managed database services that can automatically provision and distribute
resources based on workload patterns and predefined rules.
• Load balancing mechanisms are often used to distribute incoming traffic or workload across
multiple instances or containers, ensuring efficient resource utilization and high availability.
 Scale and Load Balance your Data Architecture
LOAD BALANCING
• Load balancing in cloud computing is a technique used to distribute incoming
network traffic or workload across multiple resources to ensure optimal
performance, high availability, and efficient resource utilization.
• It helps evenly distribute the workload and prevents any single resource from
being overwhelmed.
 Load Balancing
• Load balancing can be implemented at various levels, including network load balancing,
load balancing across virtual machines, or load balancing for application services.
• Load balancing distributes incoming traffic or workload across multiple resources to ensure
optimal performance, scalability, and fault tolerance.
• Cloud providers offer load balancing services, such as AWS Elastic Load Balancer, Google
Cloud Load Balancer, or Azure Load Balancer, that automatically distribute traffic across
instances or containers based on various algorithms (e.g., round-robin, least connections).
• Load balancers can be configured to perform health checks on instances and route traffic
only to healthy resources.
• By evenly distributing workload across resources, load balancing ensures efficient resource
utilization, minimizes response times, and enhances the overall user experience.
 Load Balancing
.
 Server Monitoring using Cloud Logs
• Server monitoring using cloud logs involves tracking, reviewing, and managing the
health and security of cloud-based systems and applications. Cloud monitoring
allows organizations to identify and diagnose problems in real time, ensuring that
critical systems are always up and running.
 Server Monitoring using Cloud Logs
.
 steps you can use cloud logs for server
monitoring
Step 1: Log Collection
• Configure your server instances to send logs to a centralized log management system provided by the
cloud platform. For example, AWS offers Amazon CloudWatch Logs, Google Cloud provides Cloud
Logging, and Azure offers Azure Monitor Logs. You can also use third-party log management tools that
integrate with cloud platforms.
Step 2: Log Aggregation
• Set up log aggregation to consolidate logs from multiple servers into a central repository. This simplifies
log analysis and troubleshooting by providing a unified view of logs across your server infrastructure.
Aggregated logs can include system logs, application logs, security logs, and custom logs.
Step 3: Log Storage and Retention
• Cloud log management services offer scalable storage and retention options for logs. Determine the
appropriate retention period based on compliance requirements and the need for historical analysis.
Cloud platforms typically provide options to archive logs for long-term storage and compliance purposes.
 steps you can use cloud logs for server
monitoring
Step 4: Log Search and Analysis
• Use log query languages or search capabilities provided by the log management service to search, filter,
and analyze logs. This allows you to identify patterns, anomalies, errors, or performance issues. You can
define custom log metrics, create alerts based on log events, and build dashboards for visualization.
Step 5: Real-time Monitoring and Alerting
• Set up real-time monitoring and alerting based on predefined log-based metrics or conditions. Configure
alerts to notify you when specific log events or patterns occur. This helps you proactively identify and
respond to critical server issues, security breaches, or performance bottlenecks.
Step 6: Log-based Troubleshooting
• When troubleshooting server issues, use log data to analyze events leading up to the problem. Correlate
logs from different servers or components to understand the root cause of an issue. Log data provides
valuable insights into system behavior, errors, and interactions between server components.
 steps you can use cloud logs for server
monitoring
Step 7: Security Monitoring
• Monitor server logs for security-related events, such as authentication failures,
unauthorized access attempts, or suspicious activities. Use log analysis techniques,
including anomaly detection and pattern matching, to identify potential security breaches
and respond in a timely manner.
Step 8: Compliance and Auditing
• Log management is crucial for meeting compliance requirements and facilitating audits. Use
log data to demonstrate adherence to security policies, regulations, and industry standards.
Log retention, access controls, and audit trails help maintain a secure and auditable server
environment.