AWS is a secure cloud service platform that offers its customers a wide range of services like compute power, database storage, content delivery and other functionality to help in growing a business.
But before directly moving to AWS we must first get familiar with the basic concepts of Cloud Computing.
Cloud Computing :-
When a network of remote servers hosted on the internet to store, access, manage and process the databases, networking, software, analytics and intelligence over the CLOUD (“internet”) rather than the local server or PC is generally termed as Cloud Computing.
Types of Cloud Computing :-
On the basis of services it is broadly categorize into 3 types -
- IaaS :-
It is termed as Infrastructure as a Service. It is a cloud computing service where enterprises rent or lease servers for compute and storage in the cloud. It can be more efficient for an enterprise than owning and managing its own infrastructure. New applications can be tested with an IaaS provider instead of acquiring the infrastructure for the test.
- PaaS :-
It is termed as Platform as a Service. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.
- SaaS :-
It is termed as Software as a Service. It is a software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet.
On the basis of deployment it is broadly categorize into 4 types :-
- Public Cloud :-
In public cloud, the computing services offered by third-party providers over the public Internet, making them available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume.
- Private Cloud :-
In private cloud, the computing services are only accessible to the organization or the user of that data and is not for the usage of general public.
- Hybrid Cloud :-
It combines a private cloud with one or more public cloud services, with proprietary software enabling communication between each distinct service. A hybrid cloud strategy provides businesses with greater flexibility by moving workloads between cloud solutions as needs and costs fluctuate.
- Community Cloud :-
It is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally.
Ok so now we have gathered enough knowledge on Cloud Computing then lets move to the concepts of AWS.
What is AWS?
Amazon Web Services is a cloud platform that allows fast and cheap provisioning of environments. This gives businesses the opportunity to build environments, scale them when their requirements change and test at a low cost, all with a few clicks.
The idea here is that instead of going to an external hardware infrastructure supplier, working out sizing and cost and having fixed contracts — you simply go to AWS and provision all this yourself, with no fixed contract, scaling up and down based on demand.
When AWS starts?
2006, from when the term cloud computing was coined.
Who are the main AWS customers?
Enterprises like NETFLIX, DISCOVERY CHANNEL;
Startups like SPOTIFY, PINTEREST;
Public sectors like NASA, THE UNIVERSITY OF WESTERNS AUSTRALIA.
Regions and Availability Zones
Amazon currently has 16 regions, and this number is increasing. These regions relate to geographic locations of data centers.
When building an AWS instance for reducing latency you want to make sure that the Region you selected is the one closest to you. Like I have to choose which one is best suitable for India.
As you can imagine, if you are accessing a service that is hosted in a particular Region, let’s say from the US, however are actually based in the UK like me. Then your latency will obviously increase as the data must be transferred across a larger physical distance.
To resolve this, AWS has the concept of Edge Locations. Edge Locations are just data centres that hold cached data that would have at some point in time, been transferred from the origin server. Now when someone wants to access that content, they have a much lower latency as they are accessing a cached copy that is local to them, rather than pulling it from another region.
Edge locations tend to be hosted within highly populated areas and naturally there are more edge locations that regions.
Route 53 — DNS
Route 53 is the AWS Domain Name System (DNS) web service. It’s goal is to translate domain names to IP addresses so web content can be served to users.
It gets its name from using the iconic Route 66 in America as a metaphor. The reason the number 53 was used as this is the port used for DNS Server requests.
IAM stands for Identity and Access Management. IAM allows you to secure how people access resources and services within AWS. You can create Roles and Groups and assign them to users.
You can use IAM for other tasks such as enabling Multi Factor Authentication and enforcing a password policy for your users.
Groups, Users, Roles and Policies
A Group in AWS is just as you would expect. It refers to a cluster of Users. This allows you to apply roles and policies to a group, and every user within that group will automatically have these roles and policies.
A User relates to an account that in most cases is for a single individual. As stated before, User’s can be added to groups to obtain their roles and policies. You can also add further roles and policies to an individual user if they have a special requirement that falls outside of their assigned Group.
A Role is a way to provide delegate access to AWS services or resources. There are a set of policies attached to a role similar to a standard User, however a role is intended to be used by whoever requires access to a particular service or resource within AWS, that wouldn’t usually have access to it.
For example, you want to grant a mobile application access to a service without embedding access keys directly into the app. Or you want to provide access to an AWS resource to someone in another AWS account. The idea is that you delegate access via Roles.
Policies specify a set of permissions. These permissions then allow users or Roles to perform certain activities. Policies are a great way to specify exactly what activities can and cannot be carried out. These policies can the be assigned to Users or Roles essentially defining what they can do.
API Calls and Authentication
If you have a service that needs to continually connect to AWS, you don’t want to store access keys within the application in order to connect each time. This could allow people to extract them and therefore have access to your AWS instance.
To get around this, for web applications, AWS uses Web Identity Federation. Here a user authenticates with the origin application first, this application then gives the user a token that they can then use to call AWS using the AssumeRoleWithIdentity API. This will then grant the user temporary security credentials.
The same process flow applies when using Active Directory to authenticate against AWS. You log in to AD using Single Sign On (SSO) for example, the browser receives a SAML assertion from the AD server. The browser then posts this SAML assertion to the AWS SAML end point using the AssumeRoleWithSAML API to request temporary security credentials. The user can then access the AWS console.
I hope this article helps you.
I also want to give credentials to my friend Aman Chopra who introduced me to Cloud Computing and AWS and special thanks for this blog also.
If you have any doubt feel free to connect with me: