AWS Overview

Today we will go over the structure of AWS, and some of the AWS services.

AWS provides building blocks for users to quickly assemble together.

AWS Documentation & All Services

Cloud Computing

Goal: Replace capital infrastructure expenses with low variable costs that scale with the business

Definition: On-demand delivery of computer power, database storage, applications, and other resources via a cloud service platform.

A Cloud Service Platform:

Provides rapid access to flexible & low-cost resources
Owns and maintains the network-connected hardware required for these application services, and users only need to provision and use the part they need.

Benefits:

Benefit from massive economies of scale
Stop guessing capacity
Increase speed & agility
Stop spending money running & maintaining data centers

Classification:

IaaS (Infrastrcture)
- Basic building blocks for cloud
- Provide access to networking features, data storage space, and computers (virtual / on dedicated hardwares)
- Highest level of flexibility & control over resources
PaaS (Platform)
- More efficient in development
- No need to worry about resource procurement, capacity planning, and software maintenance & patching
SaaS(Software)
- End-user applications

Deployment Models:

Cloud
- All parts of the application run in the cloud
Hybrid
- Connect infrastructure & application between cloud-based resources, and existing on-premise resources
- Use cloud to extend the existing infrastrtucture, connect cloud resources to the internal system
On-premises
- “Private cloud”, provide dedicated resources
- Use virtualization & resource management for business’ private environment

Security

Shared responsibility model
Users retain control of the security they choose to implement

Global Infrastructure

AWS Cloud infrastructure is built around Regions & Availability Zones (AZ).

A Region is a physical location to have multiple AZ
One AZ consists of multiple data centers, each is housed in separate facilities

AWS operates in 60+ AZs and 20+ Regions.

Fault tolerance & Stability: Each region is designed to be completely isolated from other regions
Each AZ is isolated, but AZs in the same region are connected through low-latency links
Each AZ is designed as independent failure zone, with discrete uninterrupted power supply, and onsite backup genertaion facilities
AZs are all redundantly connected to multiple tier-1 transit providers

AWS Services - C1

Manage Services

For Access

AWS Management Console (GUI)

AWS CLI (aws --version)

AWS SDKs

Cost Management

Cost Explorer

AWS Budgets

AWS Cost & Usage Report

Reserved Instance (RI) Reporting

Analytics

Athena

Interactive query service.

Analyze data in S3 using standard SQL.

Amazon ElasticSearch Service

AWS’s version of ElasticSearch

Redshift

Data warehouse

Lake Formation

Data lake

AWS Data Pipeline

Process & move data between different AWS compute & storage services, as well ass on-premise data sources.

Glue

Extract, transform, and load (ETL) service.

Prepare and load data for analytics.

Kinesis

AWS’s version of the Elastic Stack.

Collect, process, and analyze real-time, streaming data.

Used with Lambda & DynamoDB to format & store the data for business to query

Kinesis Data Firehouse

Load streaming data into data stores & analytics tools

Kinesis Data Analytics

Analyze streaming data in real time

Kinesis Data Streams (KDS)

Real time streaming services.

E.g. Financial transactions, social media feeds, location-tracking events

Kinesis Video Streams

Securely stream videos from connected devices to AWS

Managed Streaming for Kafka (MSK)

Use Apache Kafka to process streaming data.

Kafka is for building real-time streaming data pipelines & applications.

EMR

Managed Hadoop framework

CloudSearch

Set up & scale a search solution

QuickSight

Business Intelligence (BI) service

Application Integration

AWS Step Functions

Coordinate multiple AWS services into serverless workflows

Amazon MQ

Message broker service for Apache ActiveMQ

Simple Queue Service (SQS)

Message queuing service, decouple & scale microservices

Two Types:

Standard queues:
- Maximum throughput
- Best-effort ordering
- At-least-once delivery
FIFO queues:
- Guarantee that messages are processed exactly once, in the exact order they’re sent

Simple Notification Service (SNS)

Pub / sub messaging service, for decoupling microservices.

High throughput, push-based, many-to-many messaging.

Simple WorkFlow(SWF)

Build & scale background jobs that have parallel or sequential steps

Compute

Elastic Compute Cloud (EC2)

Linux Virtual Machine. Provide secure, resizable compute capacity.

Instance types:

On-Demand: pay per use
Reserved
Spot

EC2 Auto Scaling

Automatically add / remove EC2 instances

Elastic Beanstalk

PaaS for deploying & scaling web applications.

EB automatically handle the deployment after user upload the code.

Capacity provisioning
Load balancing
Auto scaling
Health monitoring

AWS Fargate

Compute engine for ECS, allow users to run containers without managing servers / clusters.

Focus on designing & building applications, no need to worry about managing the infrastructure.

Elastic Container Service (ECS)

AWS’s version of Kubernetes.

Container orchestration service, eliminate the need to operate your own container orchestration software.

Two modes:

Fargate launch type: Only need to package the application in containers
EC2 launch type:
- Server-level, more granular control
- Responsible for provisioning, patching, and scaling clusters of servers

Elastic Container Service for Kubernetes (EKS)

Integrates with K8S.

Application running on any standard K8S environment are fully compatible, and can be easily migrated to EKS.

AWS Lambda

Run code directly, used with serverless

Serverless Application Repository (SAR)

Quickly deploy code samples & complete application for common use cases. E.g. Mobile backend, Monitoring, etc.

Each application is packaged with AWS Serverless Application Model (SAM) template that defines the resources used.

To share the application, publish it to the AWS SAR.

Lightsail

Launch & manage Virtual Priavte Server (VPS)

AWS Batch

Do batch computing jobs

AWS Outposts

Bring AWS services to data centers. Two variants:

VMware Cloud on AWS Outposts (Same VMware control panel & APIs)
AWS native variant of AWS Outposts

Database

Relational Database Service (RDS)

Scale a relational database in the cloud.

Aurora
MySQL
SQL Server
PostgreSQL
MariaDB
Oracle Database

Use AWS Database Migration Service to migrate / replicate existing DBs to RDS.

Aurora

AWS’s version of a relational database engine, managed by RDS.

Aurora is MySQL & Postgres compatible, and it’s 5x faster than MySQL, 3x faster than Postgres.

Features:

Auto-scales up to 64TB per DB instance
Up to 15 low-latency read replicas
Replication across 3 AZs
Point-in-time recovery
Continuous backup to S3

DynamoDB

Key-value & document NoSQL database, delivers single-digit millisecond performance at any scale.

Multi-region, multi-master
Built-in security, backup & restore
In-memory caching
10 trillion+ requests per day, 20 million+ requests per second

ElastiCache

In-memory cache. Support:

Redis: In-memory data store & cache
Memcached: Memory object caching system

Timestream

Time series database

Amazon Neptune

Graph database

Quantum Ledger Database (QLDB)

Transparent, immutable, cryptographically verifiable transaction log, owned by a central trusted authority.

Developer Tools

Cloud9

AWS’s IDE. Write & debug the code in the browser.

CodeCommit

Source-control service that hosts secure Git-based repositories

CodeBuild

A build service.

Compile source code
Run tests
Produce software packages for deployment

CodeDeploy

Automates code deployment to any instance, including EC2 instances, and instances running on premise.

CodePipeline

Continuous Delivery service

CodeStar

Quickly develop, build & deploy applications.

Provide a unified user interface, manage all activities in one place.

Corretto

Multi-platform, production-ready distribution of the Open Java Development Kit (OpenJDK).

X-Ray

Analyze & debug distributed application in production / development, such as microservices.

Management & Governance

CloudWatch

Monitoring & management service.

Collects monitoring & operational data in the form of logs, metrics, and events

AWS Auto Scaling

Auto adjust capacity to maintain steady & predictable performance at lowest cost

CloudFormation

Create & manage a collection of related AWS resources

OpsWorks

Provides managed instances of Chef and Puppet

CloudTrail

Records AWS API calls for account, and delivers logs. Trace user / API caller identity, time, IP address, etc.

AWS Control Tower

Automates the set-up of baseline environment

AWS System Manager

Visibility & control of your infrastructure on AWS. It contains the following tools:

Resource groups
Insights Dashboard
Run Command
State Manager
Inventory
Maintenance Window
Patch Manager
Automation
Parameter Store
Distributor
Session Manager

AWS Config

Provides AWS resource inventory, config history, and config change notifications to enable security

Service Catalog

Manage service based on the catalogs they belong to

Trusted Advisor

Reduce cost, increase performance, and improve security by optimizing AWS environment

Personal Health Dashboard

Alerts & remediation guidance

AWS Managed Services

Ongoing management of AWS infrastructure

AWS Console Mobile Application

Lets customers view & manager a select set of resources to support incident response on-the-go

AWS License Manager

Manage software license

AWS Well-Architectured Tool

Review the state of your workloads, compares them to the latest AWS architectural best practices.

Migration & Transfer

AWS Migration Hub

Provides single location to track the progress of application migration across multiple AWS & partner tools

Application Discovery Service

Plan migration projects by gathering information about on-premise data centers

Database Migration Service

Migrate database to AWS

Server Migration Service (SMS)

Agentless service to migrate thousands of on-premise workloads to AWS

AWS Snowball

Transfer large amount of data in / out of AWS

AWS Snowball Edge

Data migration & edge computing device. Two options:

Snowball Edge Storage Optimized
Snowball Edge Compute Optimized

AWS Snowmobile

Data transfer service. Transfer up to 100PB per Snowmobile

AWS DataSync

Data transfer service. Automate moving data between on-premise storage & S3 / EFS (Elastic File System)

AWS Transfer for SFTP

Transfer files in / out of S3 directly using SFTP (Secure File Transfer Protocol)

Networking & Content Delivery

Amazon VPC

Let user provision a logically isolated section of the AWS Cloud

CloudFront

AWS’s CDN

Route 53

AWS’s DNS

PrivateLink

Simplifies security of data sharing, by eliminating the exposure of data to the public Internet.

Direct Connect

Establish a dedicated network connection from the premise to AWS

Global Accelerator

Networking service that improves the global availability & performance

API Gateway

Old version: use REST API

New version (starting from 2019): HTTP API

Transit Gateway

Enable customers to connect to Amazon VPC

App Mesh

Use App Mesh with ECS & EKS

App Mesh uses the Envoy proxy
Monitor & control microservices running on AWS
Standardize how the microservice communicate, give user end-to-end visibility, and help to ensure high availability
Allow each component to scale independently based on demand

Cloud Map

AWS’s version of Spring Cloud Eureka.

Cloud resource discovery service.

Elastic Load Balancing (ELB)

Three types:

Application LB (HTTP traffic, Layer 7)
Network LB (TCP traffic, Layer 4)
Classic LB (across multiple EC2)

Security & Identity

Security Hub

Comprehensive view of high-priority security alerts & compliance status across AWS accounts

Cloud Directory

Build cloud-native directories for organizing hierarchies of data

Identity & Access Management (IAM)

Securely control access to AWS services & resources for your users

Manage IAM users & their access
Manage IAM roles & their permissions
Manage federated users & their permissions

Amazon GuardDuty

Threat detection service, continuously monitors for malicious / unauthorized behavior to protect AWS accounts

Amazon Inspector

Automated security assessment service, improve security & compliance of application deployed on AWS

Amazon Macie

Security service. Uses machine learning to automatically discover, classify & protect sensitive data in AWS

AWS Artifact

Central resource for compliance-related information

Certification Manager

Provision, manage & deploy SSL / TLS certificates

AWS CloudHSM

HSM: Hardware Security Model

CloudHSM is a cloud-based HSM, allow users to generate & use your own encryption keys on the AWS cloud

AWS Directory Service

Also known as AWS Managed Microsoft AD. For Microsoft Active Directory.

AWS WAF

Used with Firewall Manager

AWS Firewall Manager

Manage AWS WAF (Web Application Firewalls) rules across accounts & applications

AWS Key Management Service (KMS)

Create & manage keys, control the use of encryption across a wide range of AWS service

AWS Organizations

Policy-based management for multiple AWS accounts

AWS Secrets Manager

Protect secrets needed to access your applications & services.

Rotate, manage & retrieve database credentials, API keys, and other secrets throughout their lifecycle
Offers secret rotation with built-in integration for Amazon RDS
Extend to other types of secrets, including API keys & OAuth tokens

AWS Shield

Distributed Denial of Service (DDoS) protection

AWS Single Sign-On (SSO)

单点登陆

Storage

Elastic Block Store (EBS)

Persistent block storage service

Simple Storage Service (S3)

Object storage service

S3 Glacier

For data archiving & long-term backup
Query-in-place functionality

Storage Gateway

Hybrid storage service, enables on-premise applications to use AWS cloud storage

Elastic File System(EFS)

Scalable & elastic file system for Linux-based workloads

FSx for Lustre

File system optimized for compute-intensive workloads

Amazon FSx for Windows File Server

For Windows file system

AWS Services - C2

Internet of Things (IoT)

AWS IoT Core

Lets connected devices interact with cloud applications & other devices

FreeRTOS

OS for microcontrollers

IoT Greengrass

Act locally on the data they generate

IoT 1-Click

Enable simple devices to trigger AWS Lambda functions that can execute an action

IoT Analytics

Analytics on massive volumes of IoT data

IoT Button

Programmable button based on Amazon Dash Button Hardware.

IoT Device Defender

IoT device security

IoT Device Management

Monitor, and remotely manage IoT devices at scale

IoT Events

Detect & respond to events from IoT sensors / applications

IoT SiteWise

Collect & organize data from industrial equipment

IoT Things Graph

Visually connect different devices & web services to build IoT applications

AWS Partner Device Catalog

Devices & hardware that works with AWS

Machine Learning

SageMaker

Build, train & deploy machine learning models at any scale

SageMaker Ground Truth

Build highly accurate training datasets for machine learning

Elastic Inference

Attach low-cost GPU-powered acceleration to EC2 & SageMake instances, to reduce cost of running deep learning inferences

Amazon Comprehend

Natural Language Processing (NLP) service

Amazon Lex

Build conversational interfaces into any application using voice & text

Amazon Polly

Turns text into lifelike speech

Amazon Rekognition

Add image analysis to your application

Amazon Translate

Neural machine translation service

Amazon Transcribe

Automatic Speech Recognition (ASR) service, easy for developers to add speech-to-text capability

Amazon Forecast

Use ML to deliver forecasts

Amazon Textact

AWS’s OCR (Optional Character Recognition).

Auto extract text & data from scanned documents.

Amazon Personalize

Personalized news feed.

Created individual recommendations for customers

Deep Learning AMIs

Provide infrastructure & tools to accelerate deep learning.

E.g. Build custom ensvironments & workflows with TensorFlow

AWS DeepLens

With fully programmable video camera, code & pre-trained models

AWS DeepRacer

1/18th scale race car, get started with Reinforcement Learning (RL)

Apache MXNet on AWS

Apache’s version of TensorFlow

Training & inference framework with easy APIs

TensorFlow on AWS

Use Google TensorFlow on AWS. Use with SageMaker & Deep Learning AMIs.

AWS Inferentia

ML inference chip

Mobile

Amplify

Easier to create, config & implement scalable mobile applications

Provision & manage mobile backend
Amplify Console will automatically manage S3 for you
Automates application release process
Manages:
- Offline data synchronization
- Storage
- Data sharing across multiple users

Amazon Cognito

Add user signup, login, and access control to your web / mobile application, even when it’s offline.

Multi-device: Synchronize data across users’ device, so the app experience remains consistent regardless of what device they use.

Allow third-party login via SAML identity solutions.

Amazon Pinpoint

Send targeted messages to your customers through multiple engagement channels

Amazon Device Farm

App testing service (mobile / web)

AWS AppSync

Serverless backend for mobile / web application

AppSync uses GraphQL (API Query language, build client apps by providing intuitive syntax for describing data requirement)