Why Cloud Computing? (Simple Explanation)
Cloud computing means renting IT resources (servers, storage, databases) over the internet instead of buying expensive hardware.
Benefits:
- Cost-Efficient – Pay only for what you use.
- Scalable – Increase or decrease resources anytime.
- Reliable – No need to worry about hardware failures.
- Secure – Cloud providers handle security.
- Accessible – Access from anywhere in the world.
AWS Pillars (5 Pillars of Well-Architected Framework) π
Operational Excellence π
- Automate tasks and monitor systems efficiently.
- Example: Using AWS CloudWatch for performance monitoring.
Security π
- Protect data and applications with encryption & access control.
- Example: Using IAM roles, MFA, and AWS Shield.
Reliability ⚙️
- Ensure systems recover quickly from failures.
- Example: Using Auto Scaling and Multi-AZ databases.
Performance Efficiency ⚡
- Optimize resources for fast and efficient performance.
- Example: Using Amazon EC2 instance types based on workload.
Cost Optimization π°
- Reduce costs by using only what you need.
- Example: Using AWS Reserved Instances for long-term savings.
Operational Excellence π
- Automate tasks and monitor systems efficiently.
- Example: Using AWS CloudWatch for performance monitoring.
Security π
- Protect data and applications with encryption & access control.
- Example: Using IAM roles, MFA, and AWS Shield.
Reliability ⚙️
- Ensure systems recover quickly from failures.
- Example: Using Auto Scaling and Multi-AZ databases.
Performance Efficiency ⚡
- Optimize resources for fast and efficient performance.
- Example: Using Amazon EC2 instance types based on workload.
Cost Optimization π°
- Reduce costs by using only what you need.
- Example: Using AWS Reserved Instances for long-term savings.
Summary:
AWS follows these 5 pillars to help businesses build secure, high-performing, and cost-effective cloud solutions. π
IaaS, PaaS, and SaaS
Infrastructure as a Service (IaaS) π️
- Provides virtual servers, storage, and networking over the cloud.
- Users manage the OS, applications, and security.
- Example: AWS EC2, Google Compute Engine, Azure Virtual Machines.
- Analogy: Renting an empty house where you bring your own furniture and appliances.
Platform as a Service (PaaS) π
- Provides a ready-to-use development environment.
- Users manage applications, while the provider handles the underlying infrastructure.
- Example: AWS Elastic Beanstalk, Google App Engine, Heroku.
- Analogy: Renting a furnished apartment—you just move in and live.
Software as a Service (SaaS) π
- Fully managed software applications accessible via a web browser.
- Users don’t manage infrastructure or development; they just use the software.
- Example: Google Drive, Gmail, Dropbox, Microsoft 365.
- Analogy: Staying in a hotel—everything is provided, and you just use the service.
Summary
- IaaS → Full control over infrastructure.
- PaaS → Focus on app development, no server management.
- SaaS → Ready-made software, just use it! π
AWS IAM Components
Root User π
- The first account created when you sign up for AWS.
- Has full access to all AWS services.
- Should not be used for daily tasks (too powerful).
- Secure it with Multi-Factor Authentication (MFA).
IAM User π€
- A regular user account created inside AWS.
- Has specific permissions based on assigned policies.
- Used for daily tasks instead of the root user.
- Each IAM user can have an access key for API use.
IAM Groups π’
- A collection of IAM users.
- Helps manage permissions for multiple users at once.
- Example: A "Developers" group with access to EC2, S3, etc.
IAM Policies π
- Defines what actions a user, group, or role can perform.
- Written in JSON format (Allow/Deny rules).
- Example: A policy that allows a user to read from an S3 bucket.
IAM Roles π
- Temporary permissions given to users or AWS services.
- Used by EC2, Lambda, or other AWS services to perform actions.
- Example: An EC2 instance assumes a role to access S3 without needing access keys.
Multi-Factor Authentication (MFA) π
- Adds extra security by requiring a second factor (e.g., OTP on a mobile app).
- Highly recommended for root and IAM users.
AMAZON EC2
Root User π
- The first account created when you sign up for AWS.
- Has full access to all AWS services.
- Should not be used for daily tasks (too powerful).
- Secure it with Multi-Factor Authentication (MFA).
IAM User π€
- A regular user account created inside AWS.
- Has specific permissions based on assigned policies.
- Used for daily tasks instead of the root user.
- Each IAM user can have an access key for API use.
IAM Groups π’
- A collection of IAM users.
- Helps manage permissions for multiple users at once.
- Example: A "Developers" group with access to EC2, S3, etc.
IAM Policies π
- Defines what actions a user, group, or role can perform.
- Written in JSON format (Allow/Deny rules).
- Example: A policy that allows a user to read from an S3 bucket.
IAM Roles π
- Temporary permissions given to users or AWS services.
- Used by EC2, Lambda, or other AWS services to perform actions.
- Example: An EC2 instance assumes a role to access S3 without needing access keys.
Multi-Factor Authentication (MFA) π
- Adds extra security by requiring a second factor (e.g., OTP on a mobile app).
- Highly recommended for root and IAM users.
EC2 Instance Types & Use Cases
EC2 instances come in different types based on compute, memory, and storage needs:
- T-Series (T3, T4g) → General-purpose, cost-effective, web apps, dev/test.
- M-Series (M5, M6g, M7i) → Balanced performance for apps, medium-sized databases.
- C-Series (C5, C6i, C7g) → High CPU, ideal for data analytics, gaming servers.
- R-Series (R5, R6g, R7i) → Memory-intensive, used for large databases, caching.
- X-Series (X2idn, X2gd) → Extreme memory workloads (SAP HANA, in-memory DBs).
- I-Series (I3, I4i) → High-speed NVMe storage for NoSQL DBs, data warehousing.
- P-Series (P4, P5) → AI/ML training, deep learning, GPU-based workloads.
- G-Series (G5, G6g) → Graphics-intensive tasks (video rendering, game streaming).
- HPC Optimized (Hpc6id, Hpc7g) → Scientific simulations, engineering, AI research.
2️⃣ EC2 Networking & Public IP
- Network Card (NIC) → Controls how fast data moves in/out of an EC2 instance.
- Speed varies: 1 Gbps (standard) → 100 Gbps (HPC & AI workloads).
- Public IP Address → The "home address" of your instance for internet access.
- Dynamic Public IP → Changes every time the instance starts.
- Elastic IP → Static IP that stays the same for reliability.
3️⃣ Security Groups (Firewall Rules)
- Security groups act as a firewall for EC2 instances.
- They control which traffic is allowed in (inbound) and allowed out (outbound).
- Example rules:
- Allow HTTP (port 80) → Anyone can visit the website.
- Allow HTTPS (port 443) → Secure website access.
- Allow SSH (port 22) → Only from a specific IP for secure admin access.
- By default, everything is blocked until you allow it.
4️⃣ EC2 User Data (Automated Setup)
- EC2 User Data is a script that runs when an instance starts.
- Automates tasks like software installation, updates, configurations.
- Example (Linux):
- Benefits:
- Saves time & manual work.
- Ensures consistent setup every time a new instance launches.
- Useful for scaling applications automatically.
πΉSummary
- Choose the right EC2 instance type based on workload needs (CPU, RAM, storage).
- Network settings & Public IPs define how instances communicate over the internet.
- Security groups protect your EC2 by allowing only necessary traffic.
- User Data automates instance setup, making deployment faster & more efficient.
VPC (Virtual Private Cloud)
Think of a VPC as your own private space on the internet inside a cloud provider (like AWS). It allows you to create and manage your own network, just like having a private Wi-Fi for your company inside the cloud.
Public Subnet
A public subnet is like a publicly accessible area of your network. It has a direct connection to the internet, so anything inside this subnet (like a web server) can send and receive data from the internet.
πΉ Example: A website server that needs to be accessible to users worldwide would be placed in a public subnet.
Private Subnet
A private subnet is like a restricted area inside your network. It does not have a direct internet connection and is only accessible from within your VPC.
πΉ Example: A database storing sensitive customer data should be placed in a private subnet so it’s protected from direct internet access.
Simple Analogy:
- VPC = A house with multiple rooms (your own private network).
- Public Subnet = The front yard (anyone can access it).
- Private Subnet = A locked room inside the house (only authorized people can enter).
Route 53 (Explained in Simple Terms)
Think of Route 53 as the phonebook of the internet provided by AWS.
πΉ What does it do?
When you type a website name (e.g., www.example.com
), your browser doesn't understand names—it only understands IP addresses (like 192.168.1.1
). Route 53 helps translate the website name into the correct IP address so your browser can load the site.
πΉ Why is it useful?
- Website Address Mapping → It connects your domain name (
example.com
) to your website's actual location. - Traffic Control → It can direct users to different servers based on location (e.g., sending U.S. users to a U.S. server for faster access).
- High Availability → If one server goes down, Route 53 can redirect users to a backup server automatically.
πΉ Simple Analogy:
Imagine you are calling a friend, but instead of memorizing their long phone number, you simply use their name in your phone contacts. Route 53 works the same way—when you enter a website name, it finds the correct "phone number" (IP address) and connects you.
Route 53 Health Check (Explained Simply)
Think of Route 53 Health Check like a doctor continuously checking if your website or server is healthy (working properly). If your website goes down, Route 53 can automatically redirect users to a backup server or show an error page.
πΉ How Does It Work?
1️⃣ Route 53 sends a request (like a "ping") to your website/server.
2️⃣ If the server responds correctly → ✅ Healthy.
3️⃣ If the server does NOT respond → ❌ Unhealthy.
4️⃣ Route 53 can then redirect traffic to a backup server or notify you.
πΉ Types of Health Checks
✅ HTTP/HTTPS Health Check → Checks if a webpage (e.g., example.com
) is reachable.
✅ TCP Health Check → Ensures a server is listening on a specific port (like a database).
✅ CloudWatch-Linked Health Check → Uses AWS CloudWatch metrics for monitoring.
Main Uses of Route 53
✅ 1. Domain Name Management (DNS Service)
- Converts domain names (e.g.,
example.com
) into IP addresses (e.g.,192.168.1.1
). - Lets you register and manage domain names directly in AWS.
✅ 2. Traffic Routing (Smart Load Balancing)
- Routes users to different servers based on location for better performance.
- Supports weighted routing, where traffic is split across multiple servers.
✅ 3. High Availability & Failover (Automatic Backup Switching)
- If your primary server goes down, Route 53 can automatically redirect traffic to a backup server.
- Uses Health Checks to monitor website uptime.
✅ 4. Latency-Based Routing (Faster Website Loading)
- Directs users to the nearest AWS data center to reduce website loading time.
✅ 5. Security & Compliance
- Works with AWS services like CloudFront (CDN) and WAF (Firewall) to protect against cyber threats.
- Supports DNSSEC (Domain Name System Security Extensions) for added security.
Where is AWS Route 53 Present?
AWS Route 53 is a global service, meaning it does not operate in a specific AWS region. Instead, it is available everywhere and can route traffic across AWS regions and on-premises data centers.
πΉ How Route 53 Works Across the World
1️⃣ Global DNS Service π
- Route 53 is a globally distributed DNS service, meaning it runs on AWS’s worldwide network.
- It does not reside in a single AWS region but is available globally to route traffic efficiently.
2️⃣ Edge Locations (Part of AWS Global Infrastructure) π
- Route 53 uses AWS Edge Locations (also used by AWS CloudFront).
- These locations are spread across the world to provide faster DNS resolution and low latency.
3️⃣ Integration with AWS Regions π’
- Even though Route 53 is global, it can route traffic to AWS regions where your applications or servers are hosted.
- You can configure latency-based routing to direct users to the nearest AWS region for better performance.
1. Amazon S3 (Simple Storage Service) - Object Storage
- object storage,
- block storage,
- file storage, and
- archival storage.
Amazon S3 stands for Amazon Simple Storage Service. The object storage service
- highly scalable, durable(99.999999999% durability, or "11 nines")., and secure way to store and retrieve data over the Internet.
- Users can store any type of data, such as
- Documents,
- images,
- videos, and
- application backups,
- S3 offers features like versioning,
- encryption
- cost-effective.
2. Amazon EBS (Elastic Block Store) - Block Storage
- Best for: Attaching to EC2 instances for databases, applications, and file systems.
- Features:
- Provides persistent storage for EC2 instances.
- Supports SSD (gp3, gp2, io2, io1) and HDD (st1, sc1) volumes.
- Can be backed up using EBS snapshots.
- Offers high performance and low-latency access.
3. Amazon EFS (Elastic File System) - File Storage
- Best for: Shared file storage for multiple EC2 instances.
- Features:
- Fully managed, scalable file storage.
- Supports NFS (Network File System) protocol.
- Automatically grows and shrinks based on data usage.
- Offers Standard and Infrequent Access tiers.
4. Amazon DynamoDB & Amazon RDS Storage
- DynamoDB: NoSQL database with automatic scaling.
- RDS: Managed relational database with automated backups.
Choosing the Right Storage
Use Case | AWS Storage Service |
---|---|
Object storage for unstructured data | Amazon S3 |
Persistent block storage for EC2 | Amazon EBS |
Shared file system for applications | Amazon EFS |
Long-term archival | S3 |
CloudWatch
Amazon CloudWatch is a monitoring and observability service provided by AWS. It helps users collect and analyze logs, metrics, and event data to monitor applications, optimize performance, and troubleshoot issues.
1. Metrics Monitoring
- Collects and stores metrics from AWS services (e.g., EC2, Lambda, RDS, S3).
- Provides real-time monitoring and alerts.
2. Logs Management (CloudWatch Logs)
- Collects logs from AWS services and applications.
- Allows searching, filtering, and analyzing logs.
- Supports integration with AWS Lambda for automated processing.
3. Alarms and Notifications
- CloudWatch Alarms trigger actions based on metric thresholds.
4. Dashboards and Insights
- CloudWatch Dashboards provide visual monitoring of metrics.
- CloudWatch Logs Insights allows log analysis using queries.
- Supports anomaly detection with machine learning.
5. Events and Automation
- CloudWatch Events helps respond to system events.
- Useful for automating responses to infrastructure changes.
6. ServiceLens for Application Monitoring
- Provides end-to-end visibility of applications.
- Integrates with AWS X-Ray for tracing application requests.
Common Use Cases
- Monitoring EC2 instance health and performance.
- Tracking Lambda function execution and errors.
- Setting up alarms for CPU utilization or failed API requests.
- Analyzing logs for security threats and debugging.
- Automating infrastructure scaling with Auto Scaling policies.
AWS CloudFront
- Websites, videos, images, and other content
- Faster and more securely
- Stores copies of your content in multiple locations worldwide (called Edge Locations).
- When a user requests content (like a website or video), CloudFront delivers it from the nearest Edge Location, reducing load time.
- If the content is updated, CloudFront fetches the latest version from the main server (origin) and updates the cache.
Common Use Cases
- Website Acceleration – Speed up websites and APIs.
- Streaming Videos – Deliver high-quality video content smoothly.
- Security & DDoS Protection – Protect against cyberattacks.
- Software & Game Distribution – Provide fast downloads for users worldwide.