Introduction to AWS
0 likes326 views
The document is a presentation by Angel Borroy introducing Amazon Web Services (AWS), covering its core concepts, various cloud computing models, and comparisons with alternatives like Microsoft Azure and Google Cloud. It details AWS services such as EC2, S3, RDS, and Lambda, and explains identity management, security, and deployment practices. Additionally, it provides hands-on tutorial examples for building web applications and using AWS resources effectively.
Introduction to AWS
- 1. Angel Borroy 10th March 2021 AWS Introduction XXI NEOCOM Organizer:
- 2. 2 2 AWS Introduction What is AWS Alternatives Open Source Core Concepts Hands on Cost Calculator Training & Certifications XXI NEOCOM
- 3. 3 Speaker :: Angel Borroy • Computer Engineer by the University of Zaragoza (EINA, 1999) • Working as Senior Software Engineer for Alfresco in Hyland • 20+ years developing software • Open-Source enthusiast!
- 5. 5 What is AWS Amazon Web Services (AWS) provides cloud-based products with a pay-as-you-go pricing. A Cloud Services Platform, like AWS, owns and maintains the network-connected hardware required for the cloud products while the customer provision and use required resources via an application. Types of Cloud Computing Cloud Computing Models • IaaS • PaaS • SaaS Cloud Computing Deployment Models • Cloud • Hybrid • On-premises
- 8. 8 Using AWS • Web Console using a browser: https://aws.amazon.com • Command line client (AWS Command Line Interface): https://aws.amazon.com/cli/ • SDKs: JavaScript, Python, PHP, .NET, Ruby, Java, Go, Node.js, C++ https://aws.amazon.com/getting-started/tools- sdks/ AWS Service Endpoints (REST API) protocol://service-code.region-code.amazonaws.com • protocol: http or https • service-code: ec2, s3, vpc, lambda, route53, rds, apigateway, amplify… • region-code: us-east-1, ap-south-1, eu-west-1… >> Europe (Ireland) is eu-west-1, so to use EC2 service: https://ec2.eu-west-1.amazonaws.com
- 9. 9 Amazon Resource Names (ARN) Amazon Resource Names (ARNs) uniquely identify AWS resources. Used to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls. Format arn:partition:service:region:account-id:resource-id • partition: aws, aws-cn or aws-us-gov (group of AWS Regions) • service: ec2, s3, vpc, lambda, route53, rds, apigateway, amplify… • region: us-east-1, ap-south-1, eu-west-1… • account-id: 123456789012 (ID of the AWS account owner of the resource) • resource-id: instance/i-1234567890abcdef0 (ID of the resource) >> Europe (Ireland) is eu-west-1, so the ARN of an EC2 instance: arn:aws:ec2:eu-west-1:123456789012:instance/i-1234567890abcdef0
- 11. 11 Alternatives Leaders Microsoft Azure: https://azure.microsoft.com/en-us/ Google Cloud: https://cloud.google.com Other Alibaba Cloud: https://eu.alibabacloud.com Oracle Cloud: https://www.oracle.com/cloud/ IBM Cloud: https://www.ibm.com/cloud Tencent Cloud: https://intl.cloud.tencent.com
- 12. 12 Free Tier AWS Free Tier • 750 hours of Linux or Windows micro instances • 1GB of memory, 15GB of bandwidth, a load balancer, and access to a database, caching, and other tools • Free resources will renew for 12 months Microsoft Azure Free Tier • 750 hours of Linux or Windows machines • Ample storage, SQL database, 15GB of bandwidth • Several other popular services are free for at least 12 months, and new customers also receive a $200 credit to try any other service for 30 days Google Cloud Platform Free Tier • One month of a micro instance • 30GB of storage, plus a 12-month free trial with $300 credit to try any service • Limited access to many common tools is provided for free, always
- 14. 14 Open Source at AWS https://github.com/aws
- 15. 15 Managed Services: Deployment at Scale
- 16. 16 Amazon forked Elasticsearch and Kibana! Amazon Why Open Distro for Elasticsearch • Elasticsearch development has shifted to non-open source licenses • Open Distro for Elasticsearch provides an open source, community- driven distribution • We are maintaining forks based on Elasticsearch and Kibana 7.10 while continuing to build functionality into plugins and tools Elastic Why we had to change Elastic licensing • There is only one Elastic Cloud • Software from the source • Support from the creators • Engaged Community • Exclusive capabilities “The Amazon Elasticsearch Service offers a subset of the functionality, choice and support capabilities of Elastic. Rest easy knowing Elastic, the company behind Elasticsearch, is backing your mission-critical deployments with our experts, solutions, support and roadmap”
- 18. 18 Core Concepts • IAM Identity and Access Management: Manage accounts and permissions • VPC Virtual Private Cloud: Networking layer with Security Groups • S3 Simple Storage Service: Cloud storage placed into Buckets • EC2 Elastic Compute Cloud: Named as instance, is a virtual private server • AMI Amazon Machine Image: Immutable image used to launch a preconfigured EC2 instance • Elastic IPs: Assigned IP addresses • Load Balancers: Single point of contact for clients • RDS Relational Database Service: Managed service (PostgreSQL, MariaDB, MySQL, Oracle, SQLServer and Aurora) • Lambda allows to define functions invoked via triggers (SNS notification, API invocation…) • API Gateway allows to create RESTful APIs or WEBSOCKET APIs • Route 53 is AWS DNS Service, and it allows to register domain names • Amplify is a set of tools to connect a backend with the UI components • CloudFormation provides templatized configuration of collections of AWS Resources • Containers are supported by EC2, ECS and EKS services
- 19. 19 IAM • IAM identities • Users: people or services using AWS • Groups: sets of users • Roles: permissions assigned to AWS Service instances • IAM permissions are named policies • Identity-based • Resource-based • Permissions boundaries • Organizations Service Control Policies (SCPs) • Access Control Lists (ACLs) • Session policies • IAM authentication • Passwords • Access keys • Multi-factor authentication (MFA) Policy https://aws.amazon.com/iam
- 20. 20 VPC • For basic AWS use, one default VPC may be enough • Security groups • Access policy is “deny by default” • Open selected ports (SSH 22, HTTP 80, HTTPs 443) using CIDRs (Classless Inter-Domain Routing) • Consider using a Load Balancer • Other components • Subnet: segment of VPC IP address range • Internet Gateway: connection to public Internet • NAT Gateway: NAT service in a private subnet to access Internet https://aws.amazon.com/vpc
- 21. 21 S3 • Despite EC2 Instances mount local volumes for storage (EBS or EFS), S3 is the service for Cloud Storage • Objects are placed into named buckets stored with names called keys. The main content is the value. • It’s a common practice to write S3 locations as S3 URIs s3://bucket-name/path/to/key • S3 Capacity can be considered unlimited • Permissions for a bucket can be specified as IAM Policies for operations, Bucket Policies for the access to the bucket and ACLs for every object inside the bucket • S3 buckets are always outside the VPC, so bucket policies are required • Other types of AWS Storage • EBS Elastic Block Secure (performance) • Glacier Storage for archiving and backup • EFS Elastic File System (scalability) https://aws.amazon.com/s3
- 22. 22 EC2 • An EC2 Instance can run Linux, Windows and Mac OS operating systems • An Amazon Machine Image AMI is a template that contains a software configuration (for example, an operating system, an application server, and applications) • From an AMI, you launch an Instance, which is a copy of the AMI running as a virtual server in the cloud • Several Instance Types to run your instances • General Purpose: Mac, T4, T3, T2, M6, M5, M4, A1 • Compute Optimized: C6, C5, C4 • Memory Optimized: R6, R5, R4, X1, z1 • Accelerated Computing: P4, P3, P2, G4, G3, F1 • Storage Optimized: i3, i2, D2, D3, H1 • Virtualization or Bare Metal instances are available • For every new instance at least one SSH key pair needs to be set up • An instance can be stopped (reusable) or terminated (deleted) https://aws.amazon.com/ec2
- 23. 23 RDS • Managed relational database service, allowing you to deploy and scale databases more easily • As when using EC2, there are several Instance Types to run your instances • Common deployment scenario includes 1 VPC with 2 Subnets https://aws.amazon.com/rds
- 24. 24 Lambda https://aws.amazon.com/lambda • Serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you • The code you run on AWS Lambda is called a Lambda function • After you upload your code to AWS Lambda, you can associate your function with specific AWS resources • Lambda function code can be written in Python, .NET, Ruby, Java, Go and Node.js https://github.com/srcecde/aws-lambda-cheatsheet SERVERLESS
- 25. 25 API Gateway • Scalable, secured front-end for service APIs • Common scenario working with Lambda and EC2 instances to provide serverless deployment • This service only supports HTTPs endpoints • API Types • RESTful APIs • REST APIs • HTTP APIs: RESTful APIs with lower latency and lower cost than REST APIs • WebSocket APIs • Bidirectional • Client send messages to a service • Service can independently send messages to clients https://aws.amazon.com/api-gateway MICROSERVICES
- 26. 26 Route 53 • Supports all the standard DNS record types • Limitations • It’s not available over VPC • It doesn’t provide forwarding options for domains used on premise • It doesn’t support private zone transfer • example.com >> cloud.example.com • Supported services • EC2 Instance • S3 Bucket • Load Balancer • CloudFront • API Gateway https://aws.amazon.com/route53 HYBRID CLOUD
- 27. 27 Amplify • Set of tools and services used to build full stack applications: • Configure backends • Connect frontend applications to backends • Deploy static web applications • Support for popular web frameworks: JavaScript, React, Angular, Vue, Next.js, Android, iOS, Ionic https://aws.amazon.com/amplify
- 28. 28 Cloud Formation • Manage sets of resources from AWS Services grouped in Stacks • Stacks are defined in JSON or YAML • Provides a Cloud Formation Designer interface https://aws.amazon.com/cloudformation INFRASTRUCTURE AS CODE
- 29. 29 Containers • Docker and the containerization changed deployment methods • AMIs and boot scripts are replaced by Docker Images • Amazon ECR (Elastic Container Registry) provides a private Docker Image Registry • Amazon ECS (EC2 Container Service) allows to manager cluster of services deployed via Docker. • However currently many users are using raw EC2 Instances to deploy Docker Images • Amazon EKS (Elastic Kubernetes Service) provides managed Kubernetes Cluster to deploy K8s services and Pods using EC2 Instances https://aws.amazon.com/containers CONTAINERIZATION
- 30. 30 30 Hands on
- 31. 31 Hands on • Build a Basic Web Application • Step by step tutorial • Covering Amplify, Lambda, API Gateway, IAM and DynamoDB • Cloud Formation • Analyzing a real use case • Scaling up • Additional use cases
- 32. 32 32 Sample Use Case Build a Basic Web Application
- 33. 33 Sample use case: Build a Basic Web Application Sample available in AWS web site: https://aws.amazon.com/getting-started/hands-on/build-web-app-s3-lambda-api-gateway-dynamodb/
- 34. 34 Sample use case: Create Web App Deploy static resources for your web application using the AWS Amplify Console Create a simple HTML file named index.html and compress it with ZIP (index.html.zip) <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Hello World</title> </head> <body> Hello World </body> </html> Access to Amplify Console in Ireland zone: https://eu-west-1.console.aws.amazon.com/amplify/home?region=eu-west-1#/ Deploy the web application without Git provider.
- 35. 35 Sample use case: Build a Serverless Function Create a Lambda function from scratch using the AWS Console in JavaScript Access to Lambda Console in Ireland zone and Create Function HelloWorldFunction https://eu-west-1.console.aws.amazon.com/lambda/home?region=eu-west-1#/functions Replace default index.js code with the following one: // Define handler function, the entry point to our code for the Lambda service // We receive the object that triggers the function as a parameter exports.handler = async (event) => { // Extract values from event and format as strings let name = JSON.stringify(`Hello from Lambda, ${event.firstName} ${event.lastName}`); // Create a JSON object with our response and store it in a constant const response = { statusCode: 200, body: name }; // Return the response constant return response; };
- 36. 36 Sample use case: Build a Serverless Function Test the Lambda function using the AWS Console in JavaScript Use Test tab to create a new Event named HelloWorldTestEvent with the following body: { "firstName": "Ada", "lastName": "Lovelace" } Click Invoke button to execute the Lambda function
- 37. 37 Sample use case: Link a Serverless Function to App Deploy a serverless function using the AWS Console Access to API Gateway Console in Ireland zone and Create API HelloWorldAPI https://eu-west-1.console.aws.amazon.com/apigateway/main/apis?region=eu-west-1 Create a POST method associated to the Lambda function Actions • Enable CORS • Deploy API in stage dev
- 38. 38 Sample use case: Link a Serverless Function to App Deploy a serverless function using the AWS Console Test the REST API in Resources option using a default Request Body
- 39. 39 Sample use case: Create a Data Table Create a DynamoDB table using the AWS Console Access to DynamoDB Console in Ireland zone and Create table HelloWorldDatabase with Primary key ID https://eu-west-1.console.aws.amazon.com/dynamodb/home?region=eu-west-1# Access to Lambda Console in Ireland zone and Add IAM Policy https://eu-west-1.console.aws.amazon.com/lambda/home?region=eu-west-1#/functions
- 40. 40 Sample use case: Create a Data Table Access to Lambda Console in Ireland zone and Modify Lambda function https://eu-west-1.console.aws.amazon.com/lambda/home?region=eu-west-1#/functions const AWS = require('aws-sdk'); let dynamodb = new AWS.DynamoDB.DocumentClient(); let date = new Date(); let now = date.toISOString(); exports.handler = async (event) => { let name = JSON.stringify(`Hello from Lambda, ${event.firstName} ${event.lastName}`); let params = { TableName:'HelloWorldDatabase', Item: { 'ID': name, 'LatestGreetingTime': now } }; await dynamodb.put(params).promise(); const response = { statusCode: 200, body: name }; // Return the response constant return response; };
- 41. 41 Sample use case: Create a Data Table Create a DynamoDB table using the AWS Console Invoke Test again from Lambda Console Verify the new row has been inserted from DynamoDB Console
- 42. 42 Sample use case: Update Web App Deploy static resources for your web application using the AWS Amplify Console Modify the HTML file named index.html and compress it with ZIP (index.html.zip) fetch("https://v75gajngfa.execute-api.eu-west-1.amazonaws.com/dev/", requestOptions) Access to Amplify Console in Ireland zone: https://eu-west-1.console.aws.amazon.com/amplify/home?region=eu-west-1#/ Update deployment and test it: https://aws.amazon.com/getting-started/hands-on/build-web-app-s3-lambda-api-gateway-dynamodb/module-five/?e=gs2020&p=build-a-web-app-intro
- 43. 43 43 Cloud Formation Analyzing a Real Use Case
- 44. 44 Cloud Formation Template Performance test environment for Alfresco
- 50. 50 Training & Certifications Certifications Training for certifications Training is offered by AWS themselves (mainly instructor-led and on-site) and various third-party companies (usually as video- based training) such as A Cloud Guru, CloudAcademy and Linux Academy.
- 51. 51 References Official AWS Documentation https://docs.aws.amazon.com Short Open Guide for AWS https://github.com/open-guides/og-aws Source Code https://github.com/aws https://github.com/awslabs https://github.com/aws-samples Book ”Amazon Web Services for Dummies” https://www.amazon.com/Amazon-Services-Dummies-Bernard-Golden/dp/1118571835 Book “Effective DevOps with AWS” https://www.amazon.com/Effective-DevOps-AWS-incredible-productivity/dp/1786466813/