Lecture 2

Cloud Computing
 Topics of Lecture
• Amazon Services
– Identity and Access Management (IAM)
• Users
• Groups
• Roles
– Elastic Compute Cloud (EC2)
• Instance Types
– General Purpose
– Compute Optimized
– Memory Optimized
– Storage Optimized
• Security Groups
• EC2 User Data
• Elastic Block Storage (EBS)
• Elastic Load Balancers (ELB)
• Auto Scaling Group (ASG)
– Relational Database Service (RDS)
– Simple Storage Service (S3)
Identity and Access Management (IAM)
Service
 IAM: Users and Groups
• IAM = Identity and Access Management, Global
service
• Root account created by default, shouldn’t be
used or shared.
• Users are people within your organization and can
be grouped.
• Groups only contain users, not other groups.
• Users don’t have to belong to a group, and user
can belong to multiple groups.
 IAM Permissions
• Users or Groups can
be assigned JSON
documents called
policies.
• These policies define
the permissions of
the users
• In AWS you apply the
least privilege principle:
don’t give more
permissions than a user
needs.
 How can users access AWS?
• To access AWS, you have three options:
• AWS Management Console (protected by password + MFA)
• AWS Command Line Interface (CLI): protected by access keys
• AWS Software Developer Kit (SDK) - for code: protected by
access keys
• Access Keys are generated through the AWS Console.
• Users manage their own access keys.
• Access Keys are secret, just like a password. Don’t
share them
• Access Key ID ~= username
• Secret Access Key ~= password
 IAM Roles for Services
• Some AWS service will need to
perform actions on your behalf.
• To do so, we will assign
permissions to AWS services
with IAM Roles.
• Common roles:
• EC2 Instance Roles
• Lambda Function Roles
• Roles for CloudFormation
 IAM Section - Summary
• Users: mapped to a physical user, has a password
for AWS Console.
• Groups: contains users only.
• Policies: JSON document that outlines permissions
for users or groups.
• Roles: for EC2 instances or AWS services.
• Security: MFA + Password Policy.
• AWS CLI: manage your AWS services using the
command-line.
• AWS SDK: manage your AWS services using a
programming language.
• Access Keys: access AWS using the CLI or SDK.
Elastic Computer Cloud
(EC2)
Service
 Amazon EC2
• EC2 is one of the most popular of AWS’ offering.
• EC2 = Elastic Compute Cloud = Infrastructure as a
Service
• It mainly consists in the capability of :
• Renting virtual machines (EC2)
• Storing data on virtual drives (EBS)
• Distributing load across machines (ELB)
• Scaling the services using an auto-scaling group (ASG)

• Knowing EC2 is fundamental to understand how the

Cloud works.
 EC2 sizing & configuration options
• Operating System (OS): Linux, Windows or Mac OS.
• How much compute power & cores (CPU).
• How much random-access memory (RAM).
• How much storage space:
• Network-attached (EBS).
• Hardware (EC2 Instance Store).
• Network card: speed of the card, public/private IP
address.
• Firewall rules: security group.
• Bootstrap script (configure at first launch): EC2 User
Data.
 EC2 User Data
• It is possible to bootstrap our instances using an EC2
User data script.
• Bootstrapping means launching commands when a
machine starts.
• That script is only run once at the instance first start.
• EC2 user data is used to automate boot tasks such as:
• Installing updates.
• Installing software.
• Downloading common files from the internet.
• The EC2 User Data Script runs with the root user.
 Hands-On:
Launching an EC2 Instance running Linux
• We’ll be launching our first virtual server using the AWS
Console.
• We’ll get a first high-level approach to the various
parameters.
• We’ll see that our web server is launched using EC2
user data.
• We’ll learn how to start / stop / terminate our instance.
 EC2 Instance Types - Overview
• You can use different types of EC2 instances that are
optimised for different use cases.
(https://aws.amazon.com/ec2/instance-types/)
• AWS has the following naming convention:

• t2.micro

• t: instance class
• 2: generation (AWS improves them over time)
• micro: size within the instance class
 EC2 Instance Types – General Purpose
• Great for a diversity of workloads such as web
servers or code repositories.
• Balance between:
• Compute
• Memory
• Storage
• In the course, we will be using the t2.micro which
is a General Purpose EC2 instance
 EC2 Instance Types – Compute Optimized
• Great for compute-intensive tasks that require
high performance processors:
• Batch processing workloads
• Media transcoding
• High performance web servers
• High performance computing (HPC)
• Scientific modeling & machine learning
• Dedicated gaming servers
 EC2 Instance Types – Memory Optimized
• Fast performance for workloads that process large data
sets in memory
• Use cases:
• In-memory databases optimized for BI (business
intelligence)
• Applications performing real-time processing of big
unstructured data
EC2 Instance Types – Storage Optimized
• Great for storage-intensive tasks that require high,
sequential read and write access to large data sets
on local storage
• Use cases:
• Relational & NoSQL databases
• Data warehousing applications
 EC2 Instance Types: Example

• https://www.apptio.com/blog/aws-ebs-performance-confused/#:~:text=Network%
20bandwidth%20limits&text=EBS%2Doptimized%20instances%20offer%20dedicate
d,%E2%80%93%20storage%20and%20non%2Dstorage
.
 Introduction to Security Groups
• Security Groups are the fundamental of network
security in AWS.
• They control how traffic is allowed into or out of our
EC2 Instances.
• Security groups only contain allow rules.
• Security groups rules can reference by IP or by
security group.
 Security Groups - Deeper Dive
• Security groups are acting as a “firewall” on EC2
instances.
• They regulate:
• Access to Ports.
• Authorised IP ranges – IPv4 and IPv6.
• Control of inbound network (from other to the
instance).
• Control of outbound network (from the instance to
other).
 Security Groups - Good to know

• Can be attached to multiple instances.

• Does live “outside” the EC2 – if traffic is
blocked the EC2 instance won’t see it.
• If your application is not accessible (time
out), then it’s a security group issue.
• Only SSH traffic is authorized by default.
• All outbound traffic is authorised by
default.
 Shared Responsibility Model for EC2

• Security Groups rules

• Infrastructure
• Operating-system patches and
(global network
updates
security)
• Software and utilities
• Isolation on physical
installed on the EC2 instance
hosts
• IAM Roles assigned to EC2 &
• Replacing faulty IAM user access management
hardware
• Compliance
validation
 EC2 Section – Summary
• EC2 Instance: AMI (OS) + Instance Size (CPU + RAM)
+ Storage + security groups + EC2 User Data
• Security Groups: Firewall attached to the EC2 instance
• EC2 User Data: Script launched at the first start of an
instance
• SSH: start a terminal into our EC2 Instances (port 22)
• EC2 Instance Role: link to IAM roles
• Purchasing Options: On-Demand, Spot, Reserved
(Standard + Convertible + Scheduled),
Dedicated Host, Dedicated Instance
 What is EBS Volume?
• An EBS (Elastic Block Store) volume is a
network drive you can attach to your instances.
• It allows your instances to persist data.
• They can only be mounted to one instance at a
time.
• They are bound to a specific availability zone.
• Analogy: Think of them as a “network USB
stick”.
• Free tier: 30 GB of free EBS storage of type
General Purpose (SSD).
 EBS Volume
• It’s a network drive (i.e. not a physical drive)
• It uses the network to communicate the instance, which
means there might be a bit of latency.
• It can be detached from an EC2 instance and attached to
another one quickly.

• It’s locked to an Availability Zone (AZ)

• An EBS Volume in us-east-1a cannot be attached to us-east-
1b
• To move a volume across, you first need to snapshot it.

• Have a provisioned capacity (size in GBs, and IOPS)

• You get billed for all the provisioned capacity
• You can increase the capacity of the drive over time
EBS Volume - Example
 EBS Snapshot
• Make a backup (snapshot) of your EBS volume at a
point in time.
• Not necessary to detach volume to do snapshot but
recommended.
• Can copy snapshots across AZ or Region.
 Scalability
• Scalability means that an application / system can
handle greater loads by adapting to the changes in the
load.
• There are two kinds of scalability:
• Vertical Scalability
• Horizontal Scalability (= elasticity)
 Vertical Scalability
• Vertical Scalability means increasing the size of the
instance
• For example, your application runs on a t2.micro
• Scaling that application vertically means running it
on a t2.large
• Vertical scalability is very common for non-distributed
systems.
• There’s usually a limit to how much you can vertically
scale (hardware limit)
 Horizontal Scalability
• Horizontal Scalability means increasing the
number of instances / systems for your
application.

• Horizontal scaling implies distributed systems.

• This is very common for web applications /
modern applications.

• It’s easy to horizontally scale thanks the cloud

offerings such as Amazon EC2.
 Amazon EC2 Scalability
• Vertical Scaling: Increase instance size (=
scale up / down)
• From: t2.nano - 0.5G of RAM, 1 vCPU
• To: u-12tb1.metal – 12.3 TB of RAM, 448
vCPUs

• Horizontal Scaling: Increase number of

instances (= scale out / in)
• Auto Scaling Group
• Load Balancer
 What is Load Balancing?
• Load balancers are servers that forward internet traffic to
multiple servers (EC2 Instances) downstream.
 Why use Load Balancer?
• Spread load across multiple downstream instances.
• Expose a single point of access (DNS) to your application.
• Seamlessly handle failures of downstream instances.
• Do regular health checks to your instances.
• High availability across zones.
• Separate public traffic from private traffic.
Amazon Elastic Load Balancer (ELB)
• An ELB (Elastic Load Balancer) is a managed load
balancer:
• AWS guarantees that it will be working.
• AWS takes care of upgrades, maintenance, high
availability.
• AWS provides only a few configuration knobs.
• It costs less to setup your own load balancer, but it
will be a lot more effort on your end (maintenance,
integrations)
 What is Auto Scaling Group
• In real-life, the load on your websites and application can
change.
• In the cloud, you can create and get rid of servers very
quickly.
• The goal of an Auto Scaling Group (ASG) is to:
• Scale out (add EC2 instances) to match an increased load.
• Scale in (remove EC2 instances) to match a decreased load.
• Ensure we have a minimum and a maximum number of machines
running.
• Automatically register new instances to a load balancer.
• Replace unhealthy instances.

• ASG are free (you only pay for the underlying EC2 instances) .
AWS Auto Scaling Group
ASG with ELB
 ASG Attributes
• A Launch Template (older “Launch Configurations” are
deprecated)
• AMI + Instance Type
• EC2 User Data
• EBS Volumes
• Security Groups
• SSH Key Pair
• IAM Roles for your EC2 Instances
• Network + Subnets Information
• Load Balancer Information
• Min Size / Max Size / Initial Capacity
• Scaling Policies
 ELB & ASG - Summary
• Scalability (vertical and horizontal) vs Elasticity in the
Cloud
• Elastic Load Balancers (ELB)
• Distribute traffic across backend EC2 instances,
can be Multi-AZ
• Supports health checks
• Auto Scaling Groups (ASG)
• Implement Elasticity for your application, across
multiple AZ
• Scale EC2 instances based on the demand on your
system, replace unhealthy nodes.
• Integrated with the ELB
Relational Database Service
(RDS)
Service
 AWS RDS Overview
• RDS stands for Relational Database Service.
• It’s a managed DB service for DB use SQL as a query
language.
• It allows you to create databases in the cloud that are
managed by AWS.
• Postgres
• MySQL
• MariaDB
• Oracle
• Microsoft SQL Server
• Aurora (AWS Proprietary database)
RDS Solution Architecture
Advantage over using RDS versus deploying
DB on EC2
• RDS is a managed service:
• Continuous backups and restore to specific timestamp (Point in
Time Restore)!
• Monitoring dashboards
• Multi AZ setup for DR (Disaster Recovery)
• Maintenance windows for upgrades
• Scaling capability (vertical and horizontal)
• Storage backed by EBS (gp2 or io1)
Simple Storage Service
(S3)
Service
 Amazon S3 Overview - Buckets
• Amazon S3 allows people to store objects (files) in
“buckets” (directories).
• Buckets must have a globally unique name (across all
regions all accounts).
• Buckets are defined at the region level.
• S3 looks like a global service but buckets are created in a
region.
• Naming convention
• No uppercase
• No underscore
• 3-63 characters long
• Not an IP
• Must start with lowercase letter or number
 S3 Use cases
• Backup and storage
• Disaster Recovery
• Archiving
• Hybrid Cloud storage
• Host Static website
• Media hosting
• Data lakes & big data analytics
Example: Public Access - Use Bucket Policy
Example: User Access to S3 – IAM
permissions
Example: EC2 instance access - Use IAM
Roles
 Topics of Lecture
• Amazon Services
– Identity and Access Management (IAM)
• Users
• Groups
• Roles
– Elastic Compute Cloud (EC2)
• Instance Types
– General Purpose
– Compute Optimized
– Memory Optimized
– Storage Optimized
• Security Groups
• EC2 User Data
• Elastic Block Storage (EBS)
• Elastic Load Balancers (ELB)
• Auto Scaling Group (ASG)
– Relational Database Service (RDS)
– Simple Storage Service (S3)
 References
• https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP
_GettingStarted.html
• https://aws.amazon.com/rds/
• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.
html
• https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating
-bucket.html