Cloud Foundations Review - Journey on AWS Cloud Practitioner Course
Catatan Review Cloud Computing
Three models of cloud computing
Infrastructure as a service (IaaS): The cloud provider runs the hardware and virtualization software. You provision and manage your virtual servers, and all the software that's installed on them.
Platform as a service (PaaS): The cloud provider runs and manages the hardware, virtualization software, and virtual servers. You only need to deploy your application and data.
Software as a service (SaaS): The cloud provider runs and manages everything from the hardware to the application. You only need to subscribe to the application to use it.
Three cloud deployment models
All-in cloud: All of your applications are fully deployed in the cloud.
Hybrid: Some of your applications are deployed in the cloud, but others remain on premises. The applications can still connect to each other.
Private (on-premises) cloud: All of your applications are fully deployed in a cloud infrastructure that runs in your own data center.
Advantages of cloud computing
Capital expense to variable expense - No need to pay upfront for the physical assets that you need. Instead, you pay as you go for the resources that you use.
Economies of scale - Get a lower variable cost for resources than you can get on your own. For example, as a cloud services provider, AWS passes savings to you as it grows.
Capacity planning - Reduce guessing about your capacity needs.
Speed and agility - Provision resources quickly and on demand.
Spend strategically - Spend money on your business projects instead of on running data centers
Ease of deployment - Go global in minutes.
3 Ways to Access services
AWS Management Console - A web-based or mobile-based application for managing your AWS services
AWS Command Line Interface (AWS CLI) - A command-line tool for managing yourAWS
Software development kits (SDKs) - A set of software tools (such as libraries, resources, and samples) that a developer can use in a program to access AWS services
AWS infrastructure key terms
Region - A geographical area that's made up of two or more Availability Zones
Availability Zone - One or more discrete data centers that are designed for fault isolation
Edge location - Where end users can access AWS services
AWS Compute Categories
- Amazon Elastic Compute Cloud (Amazon EC2) - Provides virtual servers (instances)
- AWS Lambda - Runs code without maintaining a server
- Amazon EC2 Auto Scaling - Dynamically increases and decreases the number of EC2 instances
- Elastic Load Balancing - Balances network traffic between EC2 instances
Amazon EC2
Amazon EC2 provides virtual servers, which are also called instances, that can do almost anything that an on-premises server can do. When you launch an EC2 instance, two parameters that you must specify are: Amazon EC2 provides virtual servers Amazon EC2 provides virtual servers An instance type - This parameter specifies the CPU, memory, storage, and network performance characteristics of the instance. The instance type is often called the size of the instance. An Amazon Machine Image (AMI) - This parameter defines the initial software and operating system (OS) for the instance. Many options are available for operating systems and preinstalled software.
An EC2 instance can be purchased in four ways:
- On Demand Instances - Pay for only what you use, with no commitments.
- Spot Instances - Bid on unused EC2 instances, with no commitments. You can save up to 90 percent on costs versus On Demand Instances.
- Reserved Instances: Reserve an EC2 instance for 1 year or 3 years, with various levels of savings. (Note: If you are planning to use a server for a long timeâthat is, more than 1 yearâthis purchase type is the best option.)
- Dedicated Host - Run EC2 instances on hardware that's dedicated to a single customer.
Amazon S3
Amazon Simple Storage Service (Amazon S3) is a storage service designed for 11 9s (99.999999999 percent) of durability for data that's stored in the service. Amazon S3 can be used for many purposes, including: Backup locations Data lakes Static websites
Amazon S3 offers four main storage classes
- Amazon S3 Standard (S3 Standard) - For frequently accessed data with replication between multiple Availability Zones.
- Amazon S3 Standard-Infrequent Access (S3 Standard-IA): For less frequently accessed data. Offers a lower cost than S3-Standard.
- Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA): Like S3 Standard-IA, but data is replicated in only a single Availability Zone.
- Amazon Simple Storage Service Glacier: Long-term, low-cost storage for very infrequently accessed data.
Amazon S3 Glacier
AmazonS3 Glacier is used for the long-term archival storage of data. The process of moving data from Amazon S3 to Amazon S3 Glacier can be automated by using Amazon S3 Lifecycle policies. These policies can move data from S3 Standard or S3 Standard-IA into Amazon S3 Glacier.
Security note: Amazon S3, Amazon Elastic File Store (Amazon EFS), and Amazon S3 Glacier can all be quickly and easily encrypted. Encrypt whenever possible.
AWS shared responsibility
- AWS is responsible for the security of the cloud. This aspect of security entails protecting the infrastructure that runs all the services in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
- The customers is responsible for the security in the cloud. The extent of this responsibility will vary, depending on the AWS Cloud service that the customer uses. For example, when a customer uses Amazon EC2, they are responsible for performing all the necessary security configuration and management tasks on the guest OS and any installed applications. Customers are also responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions. In contrast, for a managed service (such as Amazon DynamoDB), AWS operates the infrastructure layer, the OS, and the platforms. Thus, AWS is responsible for their security of these managed service resources.
AWS security services
- AWS Identity and Access Management (IAM) - Allows you to centrally manage authentication and access to AWS resources, such as creating users, groups, and roles
- AWS Trusted Advisor - Monitors your AWS resources. It also provides customized recommendations in five categories: cost optimization, performance, security, fault tolerance, and service limits.
- AWS CloudTrail - Records the details of all requests (API calls) that are made to AWS resources. This information includes who performed the request, the date and time of the request, the source Internet Protocol (IP) address, and the action performed.
- AWS Config - Enables you to assess, audit, and evaluate the configuration of your AWS resources. It tracks changes to resources and helps to enforce compliance rules when changes are made. For example, you can define and enforce a rule that requires an Amazon Elastic Block Store (Amazon EBS) volume to be encrypted before it's mounted to an EC2 instance.