Learnings

from
Module-3
B Y A N I R U D H G U P TA
 1.Cloud Basics : Aws And Azure
• Cloud computing is a technology model that provides on-demand access to a shared pool of computing resources over
the internet. Instead of owning and maintaining physical servers and infrastructure, businesses can leverage cloud
services to access computing power, storage, and applications as needed. These services are hosted and managed by
third-party providers in data centers, allowing businesses to focus on their core operations without the burden of
managing complex hardware and software. Some of the Cloud service provider are: AWS, Google Cloud, Microsoft Azure,
IBM Cloud, Icloud and many more.

• Amazon Web Services (AWS) and Microsoft Azure are two of the most widely used cloud computing platforms, providing
a variety of services to individuals, businesses, and organizations.

AWS (Amazon Web Services):

•Overview: AWS is a cloud computing platform provided by Amazon.com. Launched in 2006, AWS is one of the earliest and
most established cloud platforms.

•Global Infrastructure: AWS has a vast global network of data centers, called Availability Zones, located in different
geographic regions. These regions are further divided into Availability Zones to provide redundancy and high availability.

•Pricing Model: AWS operates on a pay-as-you-go pricing model, where users pay for the resources they consume.

•Identity and Access Management (IAM): IAM is a crucial service for managing user access and permissions within AWS.
 AWS Top Ten Services:

• Amazon EC2
• Amazon S3
• Amazon RDS
• Amazon Lambda
• Amazon VPC
• Amazon SNS
• Amazon DynamoDB
• Amazon CloudFront
• Amazon IAM
• Amazon SageMaker

•The growth in popularity of cloud infrastructure:

Enterprises increasingly depend on cloud service providers to manage their
workloads, data and applications. AWS is the most dominant cloud service
provider in the world today, representing 41.5% of all application
workloads that exist in the cloud and a 30% market share. AWS offers a
comprehensive suite of cloud-based solutions based on the internal
infrastructure model that Amazon used to launch its wildly successful
international retail and shipping operations. Designed for organizations of
all levels, AWS features a versatile range of Infrastructure-as-a-
Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-
Service (SaaS) product offerings.
Azure (Microsoft Azure):

Azure is Microsoft’s platform for both hybrid and fully cloud-based IT architectures. The Azure environment is affordable and
infinitely scalable, allowing organizations to invest in the infrastructure they need and pay only for the exact services they
utilize. Microsoft, Azure offers interoperability with the industry’s most popular tools and services.

•Overview: Azure is Microsoft's cloud computing platform, launched in 2010. It provides a wide range of services, similar to
AWS, and integrates well with Microsoft products.

• Global Infrastructure: Azure has a global presence with data centers across various regions and Availability Zones for high
availability.

•Pricing Model: Azure also follows a pay-as-you-go pricing model, allowing users to pay for the resources they consume.

•Identity and Access Management (Azure AD): Azure Active Directory (Azure AD) is used for identity and access
management.

Ecosystem: Azure has a strong integration with Microsoft's software and services, making it a preferred choice for
organizations using Microsoft technologies.

•Azure is like a giant virtual space where you can store your digital stuff and make it do things. Imagine it as a huge
playground of computers, storage spaces, and tools provided by Microsoft. Whether you want a place to keep your files, run
programs, or build websites, Azure has the space and tools you need.
•Azure is a powerful, organized playground in the cloud where you can store, build, and run your digital things with the help of
cool services and tools. It's like having a digital superhero sidekick to keep everything safe and sound.

Common Aspects:

•Hybrid Cloud: Both AWS and Azure offer solutions for hybrid cloud, allowing organizations to integrate on-premises
infrastructure with cloud services.

•Security and Compliance: Both platforms prioritize security and compliance, offering tools and services to help users meet
regulatory requirements.

•Certifications: Both AWS and Azure provide certification programs to validate the skills and knowledge of professionals
working with their platforms.

Which One is Better?

Microsoft Azure and Amazon Web Services (AWS) are

highly used and widely adopted cloud services. The
choice between Azure and AWS often depends on
specific business needs, existing technology stacks, and
individual preferences. Both platforms offer a
comprehensive suite of cloud services, and many
organizations use a combination of both in a multi-cloud
strategy.
 2.Introduction To Linux
•Linux is a family of open-source, Unix-like operating systems based on the Linux kernel. It is a freely distributable, cross-
platform operating system that has gained widespread popularity in both server and desktop environments.

•Linux has become a versatile and influential operating system, powering a vast array of devices and serving as the
foundation for many other open-source projects and software.
 3.Infrastructure as Code Basics
•Infrastructure as Code (IaC) is an approach to managing and provisioning computing infrastructure through machine-
readable script files, rather than through physical hardware configuration or interactive configuration tools. The goal is to
automate and streamline the process of setting up and managing infrastructure, making it more efficient, repeatable, and less
error-prone.

•Infrastructure as code is a mainstream pattern for managing infrastructure with configuration files rather than through a
graphical user interface or through manual command line script sequences. It allows you to build, change, and manage your
infrastructure in a safe, consistent, trackable, and repeatable way by defining resource configurations that you can version (in
a version control system like GitHub), reuse, and share.

Key Concepts:

•Declarative vs. Imperative: IaC can be declarative (specifying the desired end state) or imperative (specifying the steps to
achieve that state). Declarative IaC is more common and emphasizes what the infrastructure should look like rather than how
to get there.

•Idempotence: IaC scripts should be idempotent, meaning that applying the same script multiple times yields the same result
as applying it once. This ensures that the infrastructure remains consistent regardless of how many times the script is
executed.

•Version Control: IaC scripts are typically stored in version control systems (e.g., Git) to track changes, collaborate with a
team, and roll back to previous configurations if needed.
basics of Infrastructure as Code:
Advantages of Test Driven Development(TDD): Methodology of TDD:

•Since we are doing test first, reduction in bugs. •Test First – Code last.
You may not write production code unless you do not
•TDD is used to make the code cleaner, Simple and Bug free. first written a unit test case.
•Test More – Code More.
•Avoids duplication of code. You may not write more of a unit test than is sufficient to
fail.
•Refracting improves the code. •Test Again – Code Again

•TDD drives the code design and approach. You may not write more production code than is
sufficient to make the failing unit test pass.
•Unit test cases are covered early.

•Better code and less debug time.

•User requirements more easily understood.

Disadvantages of Test Driven Development:

•Early test cases created are heavy in maintenance,

•Requirement changing is paid in TDD
•Test Writing is time consuming.
•Programmers do not like testing.
 3. How cloud computing helps business ?
•Cloud computing is a technology model that provides on-demand access to a shared pool of computing resources over the
internet. Instead of owning and maintaining physical servers and infrastructure, businesses can leverage cloud services to
access computing power, storage, and applications as needed. These services are hosted and managed by third-party
providers in data centers, allowing businesses to focus on their core operations without the burden of managing complex
hardware and software. Some of the Cloud service provider are: AWS, Google Cloud, Microsoft Azure, IBM Cloud, Icloud and
many more.

•In simple Words, On Demand services provided through internet by cloud computing services.

Types of Cloud Computing:

•Infrastructure as a Service (IaaS): Provides virtualized computing resources, such as virtual machines, storage, and networks,
allowing users to build their own IT infrastructure in the cloud.

•Platform as a Service (PaaS): Offers a platform and tools for application development, deployment, and management, allowing
developers to focus on coding rather than infrastructure.

•Software as a Service (SaaS): Delivers ready-to-use software applications over the internet, eliminating the need for installation,
maintenance, and updates on individual devices.

•On-Premises: Refers to a setup where an organization manages its computing resources, like servers and data storage,
within its own physical location or data center.
Importance of cloud computing in Businesses :

•Cost Efficiency: Eliminates the need for significant upfront capital investment in hardware and infrastructure. Pay-as-you-go
models allow businesses to only pay for the resources they use, optimizing costs.

•Scalability: Easily scales resources up or down to meet changing demands without the need for significant upfront
investments.

•Flexibility and Accessibility: Enables remote access to data and applications, fostering collaboration and supporting a
mobile workforce.

•Reliability and Redundancy: Cloud providers offer robust infrastructure with built-in redundancy, reducing the risk of data
loss and downtime.

•Automatic Updates and Maintenance: Cloud providers handle maintenance, updates, and security patches, ensuring that
businesses always operate on the latest technologies.

•Improved Collaboration: Facilitates real-time collaboration through cloud-based applications, enhancing teamwork and
productivity.

•Data Security: Cloud providers implement advanced security measures, including encryption and access controls, to protect
sensitive business data.
•Disaster Recovery: Offers reliable backup and
recovery solutions, helping businesses recover quickly
from data loss or system failures.

•Innovation and Time-to-Market: Provides access to a

wide range of tools and services, accelerating the
development and deployment of new applications and
innovations.
How It really Benefits :

• These helps the businesses to -Grow faster, -Stay

protected and -Spark innovation.

• Cloud computing has transformed the way

businesses operate, offering unparalleled scalability,
cost efficiency, and flexibility.

• By embracing cloud services, organizations can

enhance collaboration, enable remote work, ensure
business continuity, and drive innovation.

• As technology continues to evolve, leveraging the

potential of cloud computing becomes increasingly
vital for businesses of all sizes.
 4. How analytics help businesses ?
Analytics has become a game-changer for businesses, enabling them to make data-driven decisions and gain a competitive
edge. Analytics empowers organizations to extract meaningful insights from vast amounts of data, leading to improved
operational efficiency, enhanced customer experiences, and strategic decision-making. Let's delve into how analytics helps
businesses thrive!

•Data-Driven Decision Making:

Analytics enables businesses to make informed decisions based on empirical evidence rather than intuition or guesswork.

•Customer Understanding and Personalization:

Analytics allows businesses to understand customer behaviors, preferences, and needs at a granular level.

•Operational Efficiency and Process Optimization:

Analytics provides insights into operational processes, allowing businesses to identify bottlenecks, inefficiencies, and areas for
improvement.

•Risk Mitigation and Fraud Detection:

•Analytics plays a crucial role in identifying and mitigating risks, including fraud, compliance violations, and security breaches.

•Strategic Planning and Forecasting:

Analytics provides valuable insights for strategic planning, market analysis, and forecasting.
Businesses can identify emerging trends, market opportunities, and potential risks through predictive modeling and scenario analysis.
Analytics empowers businesses to extract meaningful insights from data, facilitating better decision-making, operational
efficiency, and a competitive edge in the market. By leveraging analytics tools and technologies, organizations can transform
raw data into actionable intelligence, driving success and innovation.

Customer insights can help a company connect with potential customers and get feedback on its products. This can help
companies develop effective marketing and sales strategies.

• Analytics has become an indispensable tool

for businesses across industries.

• By leveraging the power of data, organizations

can gain valuable insights, optimize
operations, improve customer experiences,
and drive growth.

• Whether it's making informed decisions,

personalizing offerings, optimizing processes,
or staying ahead of the competition, analytics
provides the foundation for success.

• Embracing analytics empowers businesses to

make smarter, more strategic choices and
navigate the dynamic landscape of today's
markets.
 5.OWASP Top 10
• The OWASP Top 10 is a standard awareness document for
developers and web application security. It represents a broad
consensus about the most critical security risks to web
applications.

• Globally recognized by developers as the first step towards

more secure coding.

• Companies should adopt this document and start the process of

ensuring that their web applications minimize these risks. Using
the OWASP Top 10 is perhaps the most effective first step
towards changing the software development culture within your
organization into one that produces more secure code

• OWASP (Open Web Application Security Project) Top Ten, a

widely recognized list of the most critical web application
security risks.

• These vulnerabilities pose significant threats to the security and

integrity of web applications.

• By understanding and addressing these risks, developers and

security professionals can better protect their applications and
the sensitive data they handle.
 OWASP TOP 10

•Broken Access Control: Website security access controls should limit visitor access to only those pages or sections
needed by that type of user. For example, administrators of an ecommerce site need to be able to add new links or add
promotions. These functions should not be accessible for other types of visitors.

•Cryptographic failures: Data in transit and at rest — such as passwords, credit card numbers, health records, personal
information, and business secrets — require extra protection due to the potential for cryptographic failures (sensitive data
exposures).

•Injection: Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter
as part of a command or query. The attacker's malicious data can trick the interpreter into executing unintended commands or
accessing unauthorized data.

•Insecure Design: Insecure design is a wide term that encompasses a variety of flaws and is defined as "missing or poor
control design.“

•Security Misconfigurations: This involves security settings that are not securely configured, including default
configurations, unnecessary services, or incomplete security configurations.

•Vulnerable and Outdated Components: The most effective defense is continuous scanning of all code components for
known vulnerabilities and deploying a patch or other remedy as quickly as possible when a vulnerability is detected .
•Identification and Authentication Failures: When applications incorrectly
execute functions related to session management or user authentication,
intruders may be able to compromise passwords, security keys, or session
tokens and permanently or temporarily assume the identities and permissions
of other users.

•Software and Data Integrity Failures: Code and infrastructure that do not
guard against integrity violations are referred to as software and data integrity
failures. A program that uses plugins, libraries, or modules from untrusted
sources, repositories, or content delivery networks (CDNs) is an example of
this.

•Security Logging and Monitoring Failures: Inadequate logging and

monitoring can hinder an organization's ability to detect and respond to
security incidents effectively.

•Server-Side Request Forgery(SSRF):Server-side request forgery(also

termed as SSRF) is a web security flaw that allows an attacker to force a
server-side application to send HTTP requests to any domain the attacker
chooses.

In summary, the OWASP Top 10 serves as a valuable resource for promoting

a proactive and risk-aware approach to web application security. By leveraging
its guidance, organizations can strengthen their defenses, reduce the
likelihood of successful cyber attacks, and build more resilient applications.
 6.SQL Analysis Task

•The Sixth task of the assigned module was to run a set of SQL queries on a database using POSTGRESQL.

•For this ,firstly we need to install the latest version of PostgreSQL and do necessary setup.

•The SQL Assignment was divided into 3 different goals. In order to achieve them, I had to learn the basics of POSTGRESQL
so as to perform different functions in it.

•Firstly, I had to create a Database based on the 7 flat files provide.

• Then converted all the 7 Flat files into CSV file .

•Then I had to import this file data and put this in separate Tables designed according to the schema of the database.

•After the schema was created and data was imported into separate tables from each file, I had the ER diagram generated
based on this.

•All the create table SQL queries are saved in createtable.sql file .

• All the 12 SQL queries are saved in a queries.sql file.

ER Diagram of the database created
Create table SQL queries which is stored in createtable.sql file:

//Student Table Query //course table query //section

CREATE TABLE student( CREATE TABLE section (
sid int NOT NULL, CREATE TABLE course ( dname text,
sname text, cno int, cno int,
sex text, cname text, sectno int,
age int, dname text, pname text,
year int, PRIMARY KEY (cno), FOREIGN KEY (dname, cno)
gpa decimal(20,14), FOREIGN KEY (dname) REFERENCES course (dname, cno)
PRIMARY KEY (sid) REFERENCES dept (dname) );
); );
//enroll table query
//Dept table query //major table query CREATE TABLE enroll(
CREATE TABLE dept( sid int,
dname text, CREATE TABLE major( dname text,
numphds int, dname text, cno int,
PRIMARY KEY (dname) sid int, sectno int,
); FOREIGN KEY (dname) grade decimal(20,15),
//prof table query REFERENCES dept (dname), FOREIGN KEY (dname, cno)
CREATE TABLE prof( FOREIGN KEY (sid) REFERENCES course(dname, cno),
pname text, REFERENCES student (sid) FOREIGN KEY (sid)
dname text, ); REFERENCES student(sid)
PRIMARY KEY (pname)); );
 As shown in this image, I wrote multiple queries like these in
order to get the desired results from the database.

Here is the output generated by the Query Tool for the

above query
Table created after the import action

As shown in the screenshot, after the database was

created, the next action was to run queries as stated in
the assignment. For this, I used Query tool available in
the database section of PG Admin app.

As shown in this image, I wrote multiple queries like

these in order to get the desired results from the
database.
 7.The 12 Factor Apps: Building Modern, Scalable, and Agile Applications
In the modern era, software is commonly delivered as a service: called web apps, or software-as-a-service. The
twelve-factor app is a methodology for building software-as-a-service apps.
You can host your applications on AWS, GCS, and Azure etc. And that is known as Portability, it means it is able to run
same app on different environments without having any change in the source code of an application.
There are several conditions for a good application:
• Portability
• Continuous Deployment
• Scalability
• Modern Cloud platforms
So, Engineers from Heroku built 12 factors Known as 12 factors app.
• 12 Factors App, a methodology for building modern software-as-a-service (SaaS) applications.
• These twelve factors are key principles that guide the design, development, and deployment of cloud-native
applications.
• By adhering to these factors, developers can ensure their applications are scalable, maintainable, and easily
deployable in a variety of environments.
• Codebase: One codebase tracked in revision control, but multiple deployments. This emphasizes the importance of having
a single code repository for your application.

• Dependencies: Explicitly declare and isolate dependencies. Your application should clearly specify and manage its
dependencies, making it easier to reproduce the environment.

• Config: Store configuration in the environment. Configuration settings, such as database credentials or API keys, should be
stored as environment variables rather than hardcoded in the code.

• Backing Services: Treat backing services (databases, queues, etc.) as attached resources. The application should be
designed to connect to backing services through well-defined APIs.

• Build, release, run: Strictly separate the build and run stages of the application. This ensures consistency and
reproducibility across different environments.

• Processes: Execute the app as one or more stateless processes. Applications should be designed to be stateless and
share-nothing, enabling easy scaling and fault tolerance.

• Port Binding: Export services via port binding. The application should export services via a port, making it self-contained
and easily accessible.

• Concurrency: Scale out via the process model. Applications should be designed to scale horizontally by adding more
processes, ensuring better utilization of resources.
•Disposability: Maximize robustness with fast startup and graceful shutdown. Applications should be able to start and stop
quickly, allowing for easy scaling and efficient resource utilization.

•Dev/Prod Parity: Keep development, staging, and production as similar as possible. Minimize the differences between
environments to reduce potential bugs and deployment issues.

•Logs: Treat logs as event streams. Log information should be treated as event streams and pushed to a centralized log
management system for analysis.

• Admin Processes: Run admin/management tasks as one-off processes. Administrative tasks, such as database migrations
or data seeding, should be treated as separate processes and not part of the application code.

•Benefits of 12 Factor apps:

Reliability: The 12-factor app principles make it easier to build reliable applications. This is because the principles
decouple the different parts of the application, making it easier to identify and fix problems.

Scalability: The 12-factor app principles make it easier to scale applications. This is because the principles allow you to
easily add new instances of the application, without having to make changes to the codebase.

Deployability: The 12-factor app principles make it easier to deploy applications. This is because the principles decouple
the build, release, and run stages, making it easier to automate the deployment process.
 8.Agile Manifesto: Empowering Teams and Delivering Value
•The Agile Manifesto is a set of guiding values and principles for software development that prioritize flexibility, collaboration,
and customer satisfaction. It was created by a group of software developers who met at Snowbird, Utah, in February 2001.
The manifesto is often credited with sparking the widespread adoption of agile methodologies in the software development
industry. The Agile manifesto came with four key values and 12 principles to make software development process more agile.

Four Key Values :

•Individuals and interactions over processes and tools: Emphasizes the

importance of people and effective communication within a development
team.

•Working software over comprehensive documentation: Prioritizes the

delivery of functional software over extensive documentation, though
documentation is still valued.

• Customer collaboration over contract negotiation: Encourages close

collaboration with customers and stakeholders throughout the development
process, adapting to changes in requirements as necessary.

•Responding to change over following a plan: Acknowledges the dynamic

nature of software development and the need to be responsive to changing
requirements and priorities.
12 Agile Principles:

•Satisfy the customer through early and continuous delivery of valuable software.

•Welcome changing requirements, even late in development. Agile processes harness change for the customer's competitive
advantage.

•Deliver working software frequently, with a preference for shorter timescales.

•Collaborate with customers and stakeholders throughout the project.

•Build projects around motivated individuals. Give them the environment and support they need, and trust them to get the job
done.

•Use face-to-face communication whenever possible.

•Working software is the primary measure of progress.

•Agile processes promote sustainable development. The sponsors, developers, and users should be able to maintain a
constant pace indefinitely.

•Continuous attention to technical excellence and good design enhances agility.

•Simplicity—the art of maximizing the amount of work not done—is essential.

•The best architectures, requirements, and designs emerge from self-organizing teams.

•At regular intervals, the team reflects on how to become more effective, then tunes and adjusts its behavior accordingly.