Amazon
Web Services (AWS)
Table of Contents
2.1.1 Instance are
Controlled by two dimension:-
2.1.2 AMI (Amazon
Machine Images)
2.3 Elastic
Container Service (ECS)
3.1 S3
(Simple Storage Service)
Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow.
AWS Compute is a model which enables on-demand access to a
pool of configurable Computing resources. Ex: - Servers, Network, Storage,
Application and Services.
AWS offers multiple compute products
allowing you to deploy, run and scale your applications as Virtual Server,
Containers or Code.
Compute Services:-
·
EC2
·
Lightsail
·
Elastic
Container Service
·
EKS
·
Lambda
·
Batch
·
Elastic
Beanstalk
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable
computing capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2
eliminates your need to invest in hardware up front, so you can develop and
deploy applications faster. You can use Amazon EC2 to launch as many or as few
virtual servers as you need, configure security and networking, and manage
storage. Amazon EC2 enables you to scale up or down to handle changes in
requirements or spikes in popularity, reducing your need to forecast traffic.
·
Instance
Type
·
AMI
(Amazon Machine Images)
Instance
Type
|
Family |
Speciality |
Use case |
|
D2 |
Dense Storage |
Fileservers/Data
Warehousing/Hadoop |
|
R4 |
Memory Optimized |
Memory Intensive
Apps/DBs |
|
M4 |
General Purpose |
Application Servers |
|
C4 |
Compute Optimized |
CPU Intensive
Apps/DBs |
|
G2 |
Graphics Intensive |
Video Encoding/ 3D
Application Streaming |
|
I2 |
High Speed Storage |
NoSQL DBs, Date
Warehousing etc |
|
F1 |
Field Programable
Gate Array |
Hardware acceleration
of your code. |
|
T2 |
Lowest Cost, General
Purpose |
Web Servers/Small DBs |
|
P2 |
Graphics/General
Purpose GPU |
Machine Learning, Bit
Coin Mining etc |
|
X1 |
Memory Optimized |
SAP HANA/Apache Spark
etc |
An AMI is a template that contains the software configuration (operating
system, appliation server, and applications) required to launch your Instance.
1.
Published by AWS – It is published by AWS with various
version of Operating System.
2.
AWS marketplace – It is online store where we can find and
buy Instances with software and License.
3.
Generated from existing instances – AMI can we created from
existing EC2 Instance.
4.
Uploaded Virtual Servers – We can create Instances from
various virtulization format. Eg:- VMDK, OVF etc.
7.
Go to EC2 under Compute
8.
Click on Launch
Instance
9.
Choose an Amazon
Machine Image (AMI)
10. Choose an Instance Type
11. Configure Instance Details
12. Add Storage
13. Add Tags
14. Enter the Name and Value
15. Configure Security Group either in Create a new security group or Select an existing security group.
16. Review Instance Launch
17. Configure a Key Pair
18. Click on Launch Instances
19. Click on View Instances.
20. To connect Instance Open SSH Client like MobaXterm and
go to directory where key pair is downloaded.
21. Now Go to Instance and Select the Instance then Right
Click on Instance.
22. Copy the instance address.
23. Paste the address in the MobaXterml (ssh client).
24. For root previlege run sudo command.
Amazon Lightsail is designed to be the easiest way to launch and manage a Virtual Private Server with AWS. It has preconfigured OS and application images.
1.
Go
to Lightsail
under Compute.
2.
Select
your nearest Instance Location
3.
Select
Operating System Platform
4.
Select
your blueprint that which type of server you want either with APP + OS or OS only.
5.
Choose
your instance plan.
6.
Enter
the name of your Instance and Select Create
button.
7.
Click
on Instance name
8.
Click
on Account page
9.
Download
the key pair.
10.
Open MobaXterm
11.
Go
to the directory where key is downloaded.
12.
Connect
to the instance using below command.
Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster. You can host your cluster on a serverless infrastructure that is managed by Amazon ECS by launching your services or tasks using the Fargate launch type. For more control you can host your tasks on a cluster of Amazon Elastic Compute Cloud (Amazon EC2) instances that you manage by using the EC2 launch type.
Steps to deploy Elastic Container
Service (ECS)
25. Open Elastic Container Service from AWS services
26. Click on Get started
27. Enter your task definition data
28. Click on Next
29. Configure the service and press Next step
30. Configure Cluster
31. Click on Review launch
32. Review your ECS Configuration
33. If everything ok then Launch instance & run service
34. Wait
35. When all task completed Click on View Service
36. Here sample-webapp services created in cluster
37. To view instances click on
38. Select Container Instance and copy the public IP
39. Open the IP in browser.
AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time you consume - there is no charge when your code is not running. With AWS Lambda, you can run code for virtually any type of application or backend service - all with zero administration. AWS Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging. All you need to do is supply your code in one of the languages that AWS Lambda supports (currently Node.js, Java, C#, Go and Python).
Steps to deploy code in Lambda
1.
Open S3
from storage
2.
Click
on + Create bucket
3.
Enter
the Bucket Name and Region and press Next
4.
Click
on your bucket name and go to Properties
and click on Static website hosting
5.
Select
Use this bucket to host a website and
enter the Index document and error document.
6.
Open
Lamda
Service from AWS services
7.
Click
on Create Function button
8.
Enter
the details and click Create Function.
9.
Enter
the Lamda function code and Click on Save
10.
Add
API Gateway as a Trigger
11.
Scroll
down and configure the Trigger and press Add
button
12.
Click
on Save button.
13.
Open
API Gateway
14.
Here
I am deleting the existing method and creating own method
15.
Create
new method
16.
Configure
Get setup
17.
Deploy
your API application by Click on Action
and select Deploy API
18.
Select
your deployment stage and enter the description of the application
19.
Now
select Get and open Invoke URL
Now API
Gateway Triggering our Lambda Function
20.
Now
copy the URL and open S3 bucket.
21.
Open
your S3 bucket.
22.
Modify
your code as per your API Gateway
23.
Click
on upload button
24.
Click
on Upload button and select your web
pages press Open button
25.
Press
Upload button
26.
Now
select your all pages and make your pages public
27.
Click
on Make Public button
AWS Batch enables developers, scientist and engineers to easily and efficiently run thousands if batch programming job on AWS
AWS Batch dynamically provisions the optimal quantity and type of compute resource (CPU, memory optimized instances) based on the volume and specific resource requirements of the batch job submitted.
A
critical components of cloud computing is cloud storage that holds the
information used by applications.
AWS
offers a complete range of cloud Storage Services to support both application
and archival compliance requirements.
Storage Services:-
·
S3
·
EFS
·
Glacier
·
Storage
Gateway
S3 is an internet storage where we can store any amount of data and retrieved at any time. Eg:- Dropbox.
40. Open S3 storage
41. Click on +Create bucket
42. Enter the bucket name and select your nearest region and press Create button
1. In the Bucket name list, choose the name of the bucket that you want to upload your object to.
2. Choose Upload
3. Click on Add Files and select your files and press Open button
4. Press Upload button
1.
In
the Bucket name list, choose the
name of the bucket that you created.
2.
In
the Name list, select the check box next to the object that you uploaded, and
then choose Download on the object
overview panel.
1.
In
the Bucket name list, choose the
name of the bucket that you created.
2.
Choose
+ Create Folder, type my-pics for
the folder name, and then choose Save.
3.
Click
on Save button
4.
Now
select your picture select More and
select Copy
5.
Select
the folder in which you want to copy your object.
6.
Select
More and select Paste
7.
Select
Paste button
·
Amazon
Elastic File System (Amazon EFS) is a file storage service for Amazon Elastic
Compute Cloud (Amazon EC2) instances. Amazon EFS is easy to use and provides a
simple interface that allows you to crate and configure file systems quickly
and easily. With Amazon EFS, storage capacity is elastic, growing and shrinking
automatically as you ad and remove files, so your
applications have the storage they need, when the need it.
·
Support
the Network File System version 4 (NFSv4) protocol
·
You
only pay for the storage you use (no pre-provisionling
required)
·
Can
scale up to the petabytes
·
Can
support thousands of concurrent NFS connections
·
Data
is stored across multiple AZ's within a region
Steps to configure Elastic File
System (EFS)
1.
Open
EFS service from Storage.
2.
Press
Create file System
3.
Select
the VPC and availability zone
4.
Add
key value and press Next Step.
5.
Review
the configuration below before proceeding to create your file system
6.
Now
your EFS has been created.
7.
Now
create two instances with different availability zone.
8.
Here
two Instances created with two different availability zone.
9.
Now
create Load Balancer and configure both instances with them.
10.
Open
Load Balancer
11.
Press
Create Load Balancer
12.
Choose
your Load Balancer type as per your application needs.
13.
Define
the Load Balancer name and type and press Next:
Assign Security Groups
14.
Select
your Security Group and press Next:
Configure Security Settings
15.
Now
press Next: Configure Health Check
16.
Configure
Health Check and Press Next: Add EC2
Instances
17.
Select
your Instances and press Next: Add Tags
18.
Click
on Review and Create
19.
Now
press Create button
20.
Press
Close button
21.
Now
Load Balancer has been created
22.
Now
take console of both Instances.
23.
Install
apache service on both nodes
24.
Open
EFS service from Storage.
25.
Select
your EFS and click on Amazon EC2 mount instructions
26.
Copy
the mount point address
27.
Mount
the EFS on both server
In Amazon Glacier, a vault is a container for storing
archives, and an archive is any object, such as a photo, video, or document
that you store in a vault. An archive is the base unit of storage in Amazon
Glacier. Provides durable, secure and flexible storage for data archiving and
online backup
·
Archive
- We can archive data up to 40 TB.
·
Vault
- We can create up to 1000 Vaults with Vault lock policy.
·
Job
- Retrieving an archive and vault inventory are asynchronous operations in
Amazon Glacier in which you initiate a job, and then download the job output
after Amazon Glacier complete the job.
·
Notification
Configuration - Amazon Glacier supports a notification mechanism to notify you
when a jon is complete
1.
Open
Glacier service from Storage.
2.
Press
Create Vault
3.
Select
your region and enter vault name and press Next Step
4.
Set
Event Notifications and go to Next Step
5.
Review
the Vault status and press Submit
button.
6.
Now
your Vault is created.
7. Open S3 storage
8. Click on +Create bucket
9. Enter bucket name and select the region and press Next
10. Click on Versioning select Enable versioning and press Save
5. Press Next
6. Press Next
7. Press Create bucket
8. Open the newly created bucket
9. Go to management and click on Lifecycle button
10. Click on + Add lifecycle rule and Enter a rule name and
11. Select Current version and click on +Add transition and press Next
12. Select Transition to One Zone-IA after
13. Add another transition and select
14. Select Previous versions and press +Add transition
15. Select Transition to One Zone-IA after
16. Click on + Add transition select Transition to Amazon Glacier after and press Next
17. Select Configure expiration
18. Review the configuration and press Save
AWS Storage Gateway is a service that connects as on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization's on -premises IT environment and AWS's storage infrastructure. The service enables you to securely store data to the AWS cloud for scalable and cost-effective storage.
AWS Storage Gateway's software applicance is available for downloaded as a virtual machine (VM) image that you install on a host in your datacenter.
Storage Gateway supports either VMware ESXi or Microsoft Hyper-V.
Once you've installed your gateway and associated it with your AWS account through the activation process, you can use the AWS Management Console to create the storage gateway option that is right for you.
Type of Storage Gateways
· File Gateway (NFS)
· Volumes Gateway (iSCSI)
o Stored Volumes
o Cached Volumes
· Tape Gateway (VTL)
Files are stored as objects in your S3 buckets, accessed through a Network File System (NFS) mount point. Ownership, permissions, and timestamps are durably stored in S3 in the user-metadata of the object associated with the file. Once objects are transfered to S3, they can be managed as native S3 objects and bucket policies such as versioning, lifecycle management, and cross-region replication apply directly to objects stored in your bucket.
The volume interface presents your applications with disk volumes using the iSCSI block protocol.
Data written to these volumes can be asynchronously backed up as point-in-time snapshots of your volumes, and stored in the cloud as Amazon EBS snapshots.
Snapshots are incremental backups that capture only changed blocks. All snapshot storage is also compressed to minimize your storage charges.
·
Stored Volumes - Stored volumes let you store your
primary data locally, while asynchronously backing up that to AWS. Stored
volumes provide your on-premises applications with low-latency access to their
entire datasets, while providing durable, off-site backups. You can create
storage volumes and mount them as iSCSI devices from your on-premises
application servers. Data written to your stored volumes is stored on your
on-premises storage hardware. This data is asynchronously backed up to Amazon
Simple Storage Service (Amazon S3) in the form of Amazon Elastic Block Store
(Amazon EBS) snapshots. 1 GB - 16 TB in size for Stored Volumes.
·
Cached Volumes - Cached volumes let you use Amazon
Simple Storage Service (Amazon S3) as your primary data storage gateway. Cached
volumes minimize the need to scale your on-premises storage infrastructure,
while still providing your applications with low-latency access to their
frequently accessed data. You can create storage volumes up to 32 TiB in size and attach to them as iSCSI devices from your
write to these volumes in Amazon S3 and retains recently read data in your
on-premises storage gateway's cache and upload buffer storage. 1 GB - 32 TB in
size for Cached Volumes.
Tape
Gateway offers a durable, cost-effective solution to archive your data in the
AWS Cloud. The VTL interface provides your existing tape-based backup
application infrastructure to store data on virtual tape cartridges that you create
on your tape gateway. Each tape gateway is pre-configured with a media changes
and tape drives, which are available to your existing client backup
applications as iSCSI devices. You add tape cartridges as you need to achieve
data. Supported by NetBackup, Backup Exec, Veem etc.
Features
· Centralized control of your AWS account
· Shared Access to your AWS account
· Granular Permission
· Identity Federation (including Active Directory, Facebook, Linkdin etc)
· Multifactor Authentication
· Provide temporary access for users/devices and services where necessary
· Allows you to set up your own password rotation policy
· Integrates with many different AWS services
1.
Open
IAM service from Security, Identity
& Compliance.
2.
Click
on Customize to create IAM alias
3.
Enter
the alias name and press Yes, Create
4.
Open
Activate MFA on your root account.
5.
Click
on Manage MFA button
6.
Select
A virtual MFA device and
press Next Step
7.
Click
on Next Step
8.
Install
Google Authenticator on your mobile device (android)
For more detail about visit https://aws.amazon.com/iam/details/mfa/
9.
Open
Google Authenticator app on mobile device and press on BEGIN button.
10.
Select
Scan a barcode
11.
Get
the key
12.
Enter
the key on the MFA profile. Again scan the code and
enter the code on second box.
13.
Click
on
14.
Click
on Create individual IAM users and
click on Manage Users button.
15.
Click
on Add User
16.
Enter
the username then select Access type
and Console password select Next Permission.
17.
Press
Create group button
18.
Enter
group name, select Policy type and press Create group button.
19.
Click
on Next: Review button
20.
Press
Create User button
21.
Click
on show button on password column and copy the password and press Close button.
22.
After copying password press Close button.
23.
Now
go back to Dashboard
24.
Click
on Apply an IAM password policy and
click on Manage Password Policy
25.
Configure
your policy as per your requirements and press Apply password policy
26.
Go
to Dashboard and copy the login URL and visit the URL.
27.
Enter
the credentials and Sign In
AWS
networking products enable user to isolate cloud infrastructure, scaling
request handling capacity, and connecting physical network to private virtual
network.
A
content delivery network (CDN) is a system of distrubuted
servers (network) that deliver webpages and other web content to a user based
on the geographic locations of the user, the origin of the webpage and a
content delivery server.
Amazon
Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated
section of the Amazon Web Services (AWS) Cloud where you can launch AWS
resources in a virtual network that you define. You have complete control over
your virtual networking environment, including selection of your own IP address
range, creation of subnets, and configuration of route tables and network
gateways.
You
can easily customize the network configuration for your Amazon Virtual Private
Cloud. For Example, you can create a public-facing subnet for your webservers
that has access to the Internet, and place your
backend systems such as databases or application servers in a private facing
subnet with no Internet access. You can leverage multiple layers of security,
including security groups and network access control lists, to help control
access to Amazon EC2 instances in each subnet.
1. Open VPC from Networking & Content Delivery
2. Go to Your VPCs
3. Click on Create PVC button.
4. Enter the detail and press Yes, Create button.
5. Click on Subnets then press Create subnet button.
6. Enter the subnet name, select the VPC, select Availability Zone, enter subnet IP in CIDR and press Create button
7. Press Close button
8. Create another subnet with different availability zone
9. Go to Internet Gateway and press Create Internet Gateway button.
10. Enter the gateway name and press Create button.
11. Select your gateway and press action button and select Attach to VPC
12. Select your VPC and press Attach button.
13. Go to Route Tables, select your Route Table and select Routes
14. Press Edit Button
15. Click on Add another route
16. Enter the destination address, select your gateway and press Save button.
17. Go to Subnet Associations and press Edit button.
18. Select your subnet and press Save button.
19. Go to Subnets, select your subnet, Press Action button and select Modify auto-assign IP settings.
20. Select Enable auto-assign public IPv4 address and press Save button.
21. Create an Instances with testVPC and 10.0.1.0-ap-south-1a subnet.
22. Create an Instances with testVPC and 10.0.2.0-ap-south-1b subnet.
23. Login to 1st instance
24. Login to 2nd instance from 1st instance.
Amazon CloudFront can be used to deliver your
entire website, including dynamic, static, streaming, and interactive content
using a global network of edge locations. Requests for your content are
automatically routed to the nearest edge loation, so
content is delivered with the best possible performance.
Amazon CloudFront is optimized to work with
other Amazon Web Services, like Amazon Simple Storage Service (Amazon EC2),
Amazon Elastic Load Balancing, and Amazon Route 53.
Key Terminology of CloudFront
·
Edge Location - This is the loation where content will be cached. This is seprate to an AWS Region/AZ
·
Origin - This is the origin
of all the files that the CDN will distribute. This can be either an S# Bucket,
an EC2 Instance, an Elastic Load Balancer or Route53.
·
Distributon - This is the name
given the CDN which consists of a collection of Edge Locations.
1. Open S3 storage
2. Click on +Create bucket
3.
Enter the bucket name and select the region and
press Create button
4.
Now upload files in the bucket
5.
Give access permission to everyone.
6.
Open
7.
Open the bucket and give the public access
permission
8.
Now open CloudFront
from Networking & Content Delivery.
9. Press Create Distrubution button
10. Select your delivery method as Web
11. Enter
the origin Domain Name, Origin path (for particular directory)
12. Click
on Distributions button and copy the
Doman name
13. Visit
the domain name from your browser after status changed to Deployed