Introduction to Cloud Computing and AWS

PART I
The Core AWS Services

The cloud is where much of the serious technology innovation and growth happens these days, and Amazon Web Services (AWS), more than any other, is the platform of choice for business and institutional workloads. If you want to be successful as an AWS solutions architect, you’ll first need to make sure you understand what the cloud really is and how Amazon’s end of it works.

To make sure you’ve got the big picture, this chapter will explore the basics:

• What makes cloud computing different from other applications and client-server models
• How the AWS platform provides secure and flexible virtual networked environments for your resources
• How AWS provides such a high level of service reliability
• How to access and manage your AWS-based resources
• Where you can go for documentation and help with your AWS deployments

Cloud Computing and Virtualization

The technology that lies at the core of all cloud operations is virtualization. As illustrated in Figure 1.1, virtualization lets you divide the hardware resources of a single physical server into smaller units. That physical server could therefore host multiple virtual machines running their own complete operating systems, each with its own memory, storage, and network access.

Figure 1.1 A virtual machine host

Virtualization’s flexibility makes it possible to provision a virtual server in a matter of seconds, run it for exactly the time your project requires, and then shut it down. The resources released will become instantly available to other workloads. The usage density you can achieve lets you squeeze the greatest value from your hardware and makes it easy to generate experimental and sandboxed environments.

Cloud Computing Architecture

Major cloud providers like AWS have enormous server farms where hundreds of thousands of servers and data drives are maintained along with the network cabling necessary to connect them. A well-built virtualized environment could provide a virtual server using storage, memory, compute cycles, and network bandwidth collected from the most efficient mix of available sources it can find.

A cloud computing platform offers on-demand, self-service access to pooled compute resources where your usage is metered and billed according to the volume you consume. Cloud computing systems allow for precise billing models, sometimes involving fractions of a penny for an hour of consumption.

Cloud Computing Optimization

The cloud is a great choice for so many serious workloads because it’s scalable, elastic, and, often, a lot cheaper than traditional alternatives. Effective deployment provisioning will require some insight into those three features.

Scalability

A scalable infrastructure can efficiently meet unexpected increases in demand for your application by automatically adding resources. As Figure 1.2 shows, this most often means dynamically increasing the number of virtual machines (or instances as AWS calls them) you’ve got running.

Figure 1.2 Copies of a machine image are added to new VMs as they’re launched.

AWS offers its autoscaling service through which you define a machine image that can be instantly and automatically replicated and launched into multiple instances to meet demand.

Elasticity

The principle of elasticity covers some of the same ground as scalability—both address managing changing demand. However, while the images used in a scalable environment let you ramp up capacity to meet rising demand, an elastic infrastructure will automatically reduce capacity when demand drops. This makes it possible to control costs, since you’ll run resources only when they’re needed.

Cost Management

Besides the ability to control expenses by closely managing the resources you use, cloud computing transitions your IT spending from a capital expenditure (capex) framework into something closer to operational expenditure (opex).

In practical terms, this means you no longer have to spend $10,000 up front for every new server you deploy—along with associated electricity, cooling, security, and rack space costs. Instead, you’re billed much smaller incremental amounts for as long as your application runs.

That doesn’t necessarily mean your long-term cloud-based opex costs will always be less than you’d pay over the lifetime of a comparable data center deployment. But it does mean you won’t have to expose yourself to risky speculation about your long-term needs. If, sometime in the future, changing demand calls for new hardware, AWS will be able to deliver it within a minute or two.

To help you understand the full implications of cloud compute spending, AWS provides a free Total Cost of Ownership (TCO) Calculator at https://aws.amazon.com/tco-calculator/. This calculator helps you perform proper “apples-to-apples” comparisons between your current data center costs and what an identical operation would cost you on AWS.

The AWS Cloud

Keeping up with the steady stream of innovative new services showing up on the AWS Console can be frustrating. But as a solutions architect, your main focus should be on the core service categories. This section briefly summarizes each of the core categories (as shown in Table 1.1) and then does the same for key individual services. You’ll learn much more about all of these (and more) services through the rest of the book, but it’s worth focusing on these short definitions, as they lie at the foundation of everything else you’re going to learn.

Table 1.1AWS service categories

Table 1.2 describes the functions of some core AWS services, organized by category.

Table 1.2Core AWS services (by category)

AWS Platform Architecture

AWS maintains data centers for its physical servers around the world. Because the centers are so widely distributed, you can reduce your own services’ network transfer latency by hosting your workloads geographically close to your users. It can also help you manage compliance with regulations requiring you to keep data within a particular legal jurisdiction.

Data centers exist within AWS regions, of which there are currently 17—not including private U.S. government AWS GovCloud regions—although this number is constantly growing. It’s important to always be conscious of the particular region you have selected when you launch new AWS resources, as pricing and service availability can vary from one to the next. Table 1.3 shows a list of all 17 (nongovernment) regions along with each region’s name and core endpoint addresses.

Table 1.3A list of publicly accessible AWS regions

Because low-latency access is so important, certain AWS services are offered from designated edge network locations. These services include Amazon CloudFront, Amazon Route 53, AWS Firewall Manager, AWS Shield, and AWS WAF. For a complete and up-to-date list of available locations, see https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/.

Physical AWS data centers are exposed within your AWS account as availability zones. There might be half a dozen availability zones within a region, identified using names like us-east-1a.

You organize your resources from a particular region within one or more virtual private clouds (VPCs). A VPC is effectively a network address space within which you can create network subnets and associate them with particular availability zones. When configured properly, this architecture can provide effective resource isolation and durable replication.

AWS Reliability and Compliance

AWS has a lot of the basic regulatory, legal, and security groundwork covered before you even launch your first service.

AWS has invested significant planning and funds into resources and expertise relating to infrastructure administration. Its heavily protected and secretive data centers, layers of redundancy, and carefully developed best-practice protocols would be difficult or even impossible for a regular enterprise to replicate.

Where applicable, resources on the AWS platform are compliant with dozens of national and international standards, frameworks, and certifications, including ISO 9001, FedRAMP, NIST, and GDPR. (See https://aws.amazon.com/compliance/programs/ for more information.)

The AWS Shared Responsibility Model

Of course, those guarantees cover only the underlying AWS platform. The way you decide to use AWS resources is your business—and therefore your responsibility. So, it’s important to be familiar with the AWS Shared Responsibility Model.

AWS guarantees the secure and uninterrupted operation of its “cloud.” That means its physical servers, storage devices, networking infrastructure, and managed services. AWS customers, as illustrated in Figure 1.3, are responsible for whatever happens within that cloud. This covers the security and operation of installed operating systems, client-side data, the movement of data across networks, end-user authentication and access, and customer data.

Figure 1.3 The AWS Shared Responsibility Model

The AWS Service Level Agreement

By “guarantee,” AWS doesn’t mean that service disruptions or security breaches will never occur. Drives may stop spinning, major electricity systems may fail, and natural disasters may happen. But when something does go wrong, AWS will provide service credits to reimburse customers for their direct losses whenever uptimes fall below a defined threshold. Of course, that won’t help you recover customer confidence or lost business.

The exact percentage of the guarantee will differ according to service. The service level agreement (SLA) rate for AWS EC2, for instance, is set to 99.99 percent—meaning that you can expect your EC2 instances, ECS containers, and EBS storage devices to be available for all but around four minutes of each month.

The important thing to remember is that it’s not if things will fail but when. Build your applications to be geographically dispersed and fault tolerant so that when things do break, your users will barely notice.

Working with AWS

Whatever AWS services you choose to run, you’ll need a way to manage them all. The browser-based management console is an excellent way to introduce yourself to a service’s features and to how it will perform in the real world. There are few AWS administration tasks that you can’t do from the console, which provides plenty of useful visualizations and helpful documentation. But as you become more familiar with the way things work, and especially as your AWS deployments become more complex, you’ll probably find yourself getting more of your serious work done away from the console.

The AWS CLI

The AWS Command Line Interface (CLI) lets you run complex AWS operations from your local command line. Once you get the hang of how it works, you’ll discover that it can make things much simpler and more efficient.

As an example, suppose you need to launch a half-dozen EC2 instances to make up a microservices environment. Each instance is meant to play a separate role and therefore will require a subtly different provisioning process. Clicking through window after window to launch the instances from the console can quickly become tedious and time-consuming, especially if you find yourself repeating the task every few days. But the whole process can alternatively be incorporated into a simple script that you can run from your local terminal shell or PowerShell interface using the AWS CLI.

Installing and configuring the AWS CLI on Linux, Windows, or macOS machines is not hard at all, but the details might change depending on your platform. For the most up-to-date instructions, see https://docs.aws.amazon.com/cli/latest/userguide/installing.html.

AWS SDKs

If you want to incorporate access to your AWS resources into your application code, you’ll need to use an AWS software development kit (SDK) for the language you’re working with. AWS currently offers SDKs for nine languages including Java, .NET, and Python, and a number of mobile SDKs that include Android and iOS. There are also toolkits available for Eclipse, Visual Studio, and VSTS.

You can see a full overview of AWS developer tools at https://aws.amazon.com/tools/.

Technical Support and Online Resources

Things won’t always go smoothly for you—on AWS just as everywhere else in your life. Sooner or later, you’ll need some kind of technical or account support. There’s a variety of types of support, and you should understand what’s available.

One of the first things you’ll be asked to decide when you create a new AWS account is which support plan you’d like. Your business needs and budget will determine the way you answer this question.

Support Plans

The Basic plan is free with every account and gives you access to customer service, along with documentation, white papers, and the support forum. Customer service covers billing and account support issues.

The Developer plan starts at $29/month and adds access for one account holder to a Cloud Support associate along with limited general guidance and “system impaired” response.

For $100/month (and up), the Business plan will deliver faster guaranteed response times to unlimited users for help with “impaired” systems, personal guidance and troubleshooting, and a support API.

Finally, Enterprise support plans cover all of the other features, plus direct access to AWS solutions architects for operational and design reviews, your own technical account manager, and something called a support concierge. For complex, mission-critical deployments, those benefits can make a big difference. But they’ll cost you at least $15,000 each month.

You can read more about AWS support plans at https://aws.amazon.com/premiumsupport/compare-plans/.

Other Support Resources

There’s plenty of self-serve support available outside of the official support plans.

• AWS community help forums are open to anyone with a valid AWS account (https://forums.aws.amazon.com).
• Extensive and well-maintained AWS documentation is available at https://aws.amazon.com/documentation/.
• The AWS Well-Architected page (https://aws.amazon.com/architecture/well-architected/) is a hub that links to some valuable white papers and documentation addressing best practices for cloud deployment design.

Summary

Cloud computing is built on the ability to efficiently divide physical resources into smaller but flexible virtual units. Those units can be “rented” by businesses on a pay-as-you-go basis and used to satisfy just about any networked application and/or workflow’s needs in an affordable, scalable, and elastic way.

Amazon Web Services provides reliable and secure resources that are replicated and globally distributed across a growing number of regions and availability zones. AWS infrastructure is designed to be compliant with best-practice and regulatory standards—although the Shared Responsibility Model leaves you in charge of what you place within the cloud.

The growing family of AWS services covers just about any digital needs you can imagine, with core services addressing compute, networking, database, storage, security, and application management and integration needs.

You manage your AWS resources from the management console, with the AWS CLI, or through code generated using an AWS SDK.

Technical and account support is available through support plans and through documentation and help forums. AWS also makes white papers and user and developer guides available for free as Kindle books. You can access them at this address:

https://www.amazon.com/default/e/B007R6MVQ6/ref=dp_byline_cont_ebooks_1?redirectedFromKindleDbs=true

Exam Essentials

Understand AWS platform architecture. AWS divides its servers and storage devices into globally distributed regions and, within regions, into availability zones. These divisions permit replication to enhance availability but also permit process and resource isolation for security and compliance purposes. You should design your own deployments in ways that take advantage of those features.

Understand how to use AWS administration tools. While you will use your browser to access the AWS administration console at least from time to time, most of your serious work will probably happen through the AWS CLI and, from within your application code, through an AWS SDK.

Understand how to choose a support plan. Understanding which support plan level is right for a particular customer is an important element in building a successful deployment. Become familiar with the various options.

Review Questions

1. Your developers want to run fully provisioned EC2 instances to support their application code deployments but prefer not to have to worry about manually configuring and launching the necessary infrastructure. Which of the following should they use?

   1. AWS Lambda
   2. AWS Elastic Beanstalk
   3. Amazon EC2 Auto Scaling
   4. Amazon Route 53

2. Which service would you use to most effectively reduce the latency your end users experience when accessing your application resources over the Internet?

   1. Amazon CloudFront
   2. Amazon Route 53
   3. Elastic Load Balancing
   4. Amazon Glacier

3. Which of the following is the best use-case scenario for Elastic Block Store?

   1. You need a cheap and reliable place to store files your application can access.
   2. You need a safe place to store backup archives from your local servers.
   3. You need a source for on-demand compute cycles to meet fluctuating demand for your application.
   4. You need persistent storage for the file system run by your EC2 instance.

4. Which of the following is the best tool to control access to your AWS services and administration console?

   1. AWS Identity and Access Management (IAM)
   2. Key Management Service (KMS)
   3. AWS Directory Service
   4. Simple WorkFlow (SWF)

5. For data workloads requiring more speed and flexibility than a closely defined structure offers, which service should you choose?

   1. Relational Database Service (RDS)
   2. Amazon Aurora
   3. Amazon DynamoDB
   4. Key Management Service (KMS)

6. Which of the following is the correct endpoint address for an EC2 instance running in the AWS Ireland region?

   1. compute.eu-central-1.amazonaws.com
   2. ec2.eu-central-1.amazonaws.com
   3. elasticcomputecloud.eu-west-2.amazonaws.com
   4. ec2.eu-west-1.amazonaws.com

7. What does the term availability zone refer to in AWS documentation?

   1. One or more isolated physical data centers within an AWS region
   2. All the hardware resources within a single region
   3. A single network subnet used by resources within a single region
   4. A single isolated server room within a data center

8. Which AWS tool lets you organize your EC2 instances and configure their network connectivity and access control?

   1. Load Balancing
   2. Amazon Virtual Private Cloud (VPC)
   3. Amazon CloudFront
   4. AWS endpoints

9. You want to be sure that the application you’re building using EC2 and S3 resources will be reliable enough to meet the regulatory standards required within your industry. What should you check?

   1. Historical uptime log records
   2. The AWS Program Compliance Tool
   3. The AWS service level agreement (SLA)
   4. The AWS Shared Responsibility Model

10. Which of the following would you use to administrate your AWS infrastructure via your local command line or shell scripts?

    1. AWS Config
    2. AWS CLI
    3. AWS SDK
    4. The AWS Console

11. Your company needs direct access to AWS support for both development and IT team leaders. Which support plan should you purchase?

    1. Business
    2. Developer
    3. Basic
    4. Enterprise