Things I Learned while exploring AWS for the 1st time!
I finally had a summer break from college and decided to explore something new!
AWS aka Amazon Web services is one of the leading cloud computing platforms, providing cost-effective and scalable cloud computing solutions.
Accounts
AWS provides us with 2 accounts, accounts are basically a container for your resources-
1. Root Account - you have complete access to all the resources in the account.
2. IAM(Identity and Access Management) User Account - you only have the resources that are specified to you by the root account. The best way to share your account with anyone is to create an IAM user for every user. AWS suggests giving the Least privilege to an IAM user.
AWS recommends users set up MFA(Multi Factor Authentication) keys to secure the user identification process, instead of just username and password.
Physical MFAs are recommneded for the root account and Virtual MFAs for the IAM accounts.
Cloud Services
AWS Storage Services exists on-premises storage infrastructure
Infrastructure as a service(Iaas)
In simple terms, a virtual infrastructure from the cloud provider can be rented and you can pay on basis of how much you use.
Platform as a service(PaaS)
Is an on-demand cloud-hosted platform for deployment and managing applications.
Software as a service(SaaS)
Is an on-demand,cloud-hosted application software.
Serverless
Is a cloud-native development model that allows developers to build and run applications without having to manage servers.
EC2 (Elastic Compute Cloud)
It represents a virtual machine that provides a physical server to deploy your applications. Thus, instead of buying hardware and connecting it to a network, you can switch to the thousands of virtual machines that AWS provides!
S3(Simple Storage Service)
You don't always need servers to store data! The main goal of s3 is for online backup and archiving of data with CloudFront.
S3 glacier is used to store log data or infrequently used data as it charges a fraction of the normal S3 storage classes. But it takes a little time to retrieve the data from the S3 glacier!
EC2 setup involves creating an Amazon Machine Image (read below!), which includes an operating system, apps, and configurations. That AMI is loaded to the Amazon Simple Storage Service (S3), and it’s registered with EC2, at which point users can launch virtual machines as needed.
Next step, PaaS!
EBS (Elastic BeanStalk)
It provides block-level storage volumes to be used with various EC2 instances, with the ability to contain various sizes of data. EBS volumes behave like raw unformatted block devices. EBS can host the web application server for a WordPress site!
AWS Lambda is a FaaS(Function as a service) service from AWS. It is a serverless, event-driven compute service that runs code for any type of application or backend service without provisioning or managing servers.
Cognito
It is a cost-effective and managing solution for user authentication. IAM administrators control who can be authenticated and authorized to use Cognito resources.
Amplify
It is a set of multi-purpose tools that allows frontend and mobile developers to easily build full-stack applications on AWS.
AppSync
This synchronizes and manages mobile app data in real-time across various devices!
Sagemaker
It provides to build and deploy machine learning for predictive analytics applications. The platform automates the tedious work of building a production-ready artificial intelligence pipeline.
Security
Web Application Firewall (WAF)
is a web application firewall that helps protect web applications or APIs from outside exploits that can affect the security of the potential security information. Web Application Firewall (WAF) deploys on top of Application Load Balancer(ALB), which eventually supports AWS Outposts that extend AWS architecture.
Gaurd Duty v/s Inspector
Inspector checks what happens when you actually get an attack while GaurdDuty analyzes the actual logs to check if a threat exists.
With Cloud Trial, you can continuously log, monitor, and retain account activity across your AWS architecture!
Security hub is a cloud security posture management service that performs best practices, aggregates alerts, and enables automated remediation.
Cloud Watch helps to monitor your complete stack and uses alarms and logs to take automated action and reduce mean time to resolution. However, we cannot monitor the internal application performance and response times
Additional Terms
AMI(Amazon Machine Image)
When a user tries to create a new server instance in AWS, AWS creates a virtual machine, which is a software abstraction that divides the physical server’s instance. Thus, these virtual machines are called AMI.
Vertical v/s Horizontal Scaling
Vertical scaling means increasing the physical hardware of a single server.
Horizontal Scaling spreads traffic across several identical servers.
Security Groups
When connected to our network interface with any proper firewall or a software firewall on the server, any external internet traffic can be exposed to attack. Thus, security groups allow to exposure of only those parts of the server that are configured for public traffic.
CloudFront
CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, and applications.
Amazon API Gateways
provides tools for creating and documenting web APIs that route HTTP requests to Lambda functions.
You can integrate any device with IoT Core if you can communicate with it using HTTP, WebSockets, or MQTT.
In the near future, I would like to explore and learn more about AWS!
Connect with Me!
Feel free to get in touch with me or email me at vidhik2002@gmail.com!
