Chapter 1: The AWS Cloud Defined

According to NIST, cloud computing is

“a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rap idly provisioned and released with minimal management effort or service provider interaction.”

the five essential cloud characteristics that truly define the technology:

on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service.

On-demand self-service

allows users to provision resources automatically without requiring human intervention from the service provider.

Broad network access

means that cloud services are available over the network and accessed through standard mechanisms, enabling usage across various devices.

Resource pooling

refers to the provider's ability to serve multiple customers with dynamic allocation of resources, sharing them among a large number of users.

Rapid elasticity

is the capability of a cloud system to automatically scale resources up or down as needed to accommodate varying demand.

Measured service

is a feature that allows cloud services to be monitored, controlled, and reported, providing transparency for both the provider and the consumer.

The “as a ser vice” technologies

refers to service delivery models such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS), where resources are provided over the internet and billed on usage.

Software as a Service (SaaS)

A cloud model where customers access provider-hosted applications via a web browser or interface

SaaS customer control

Limited to user-specific application settings; no control over infrastructure.

SaaS benefit for IT

Enables IT departments to offer high-performance apps without infrastructure management.

Platform as a Service (PaaS)

A model that provides a cloud environment for developing and deploying customer-created applications.

PaaS customer control

Control over deployed applications and some hosting settings

Infrastructure as a Service (IaaS)

r to provision processing, storage, networks, and other fundamental computing resources. The customer is then able to deploy and run arbitrary software, which can include operating systems and applications. The customer does not manage or control the underlying physical infrastructure but has con trol over operating systems, storage, and deployed applications. The customer might also have limited control of select networking components such as host firewalls. Notice that this level of control is much greater than is found with PaaS and SaaS models

IaaS customer control

Control over OS

Private cloud

Cloud infrastructure used exclusively by one organization; can be on- or off-premises.

Community cloud

Cloud shared by several organizations with common concerns (e.g.

Public cloud

Infrastructure available to the general public

Hybrid cloud

A mix of two or more cloud types (e.g.

Amazon EC2 (Elastic Compute Cloud)

A service providing resizable virtual machines with quick provisioning and full control over compute resources.

Elasticity in EC2

The ability to scale resources vertically and horizontally to meet changing demands.

AWS Lambda

A serverless compute service where code runs without provisioning or managing servers.

How Lambda works

You upload code

AWS Elastic Beanstalk

A service that simplifies deploying and scaling web apps using popular languages; handles provisioning

What control does the customer have in SaaS

The customer has limited control

Why is SaaS revolutionary for IT departments

It allows them to offer high-performance applications without maintaining the infrastructure.

What infrastructure control does a PaaS customer have

The customer controls deployed applications and some hosting settings

What makes IaaS different from SaaS and PaaS

It offers more control over operating systems

What is Amazon ECS?

A scalable container management service that supports Docker containers and runs applications on a managed EC2 cluster.

What does ECS eliminate the need for?

Installing

What is Amazon EKS?

A managed Kubernetes service for running Docker containers at scale with orchestration options.

What is AWS Fargate?

A serverless compute engine for containers that removes the need to manage infrastructure.What is AWS S3?

What are common uses of S3?

Primary storage for cloud-native apps and bulk storage for analytics (data lakes).

What is Amazon EBS?

A block storage service for EC2

How is EBS billed?

You pay a low price for only what you provision

What is Amazon Glacier?

A low-cost storage service for data archiving and long-term backup

Why is planning important with Glacier?

Retrieval speed depends on the pricing tier you choose.

What is Amazon EFS?

A scalable file storage service for EC2 instances that also supports on-premises servers and uses the NFS protocol.

What is AWS VPC?

A virtual network that lets you define and control your networking environment in the AWS Cloud.

What features can you configure in a VPC?

IP ranges

What is AWS Route 53?

A scalable and highly available DNS web service used for routing users to AWS or external infrastructure.

What extra features does Route 53 provide?

DNS health checks

What is AWS CloudFront?

A global CDN that delivers content with low latency by routing requests to the nearest edge location.

How does CloudFront secure S3-hosted websites?

Through HTTPS and global availability.

What is AWS API Gateway?

A fully managed service to create

What is AWS Direct Connect?

A dedicated network connection from your premises to AWS for improved speed

What is Amazon RDS?

A managed relational database service that supports engines like PostgreSQL

What is Amazon DynamoDB?

A NoSQL database service offering single-digit millisecond latency at any scale

What is Amazon ElastiCache?

A service for deploying and scaling in-memory caches using Redis or Memcached to improve app performance.

What is Amazon Redshift?

is a fast, fully managed, petabyte-scale data warehouse that makes it simple and cost-effective to analyze all your data using your existing business intelligence tools.

What is AWS IAM?

A service to securely manage access to AWS resources by creating users

What are security groups?

Virtual firewalls associated with EC2 instances that control inbound and outbound traffic by protocol and port.

What are network ACLs?

Rules-based firewalls at the subnet level that control traffic between VPC components.

Difference between security groups and NACLs?

Security groups apply to EC2 VNICs; NACLs operate between subnets.

What is AWS CodeDeploy?

A managed deployment service that automates software deployments to EC2

What is AWS CloudFormation?

A tool for provisioning AWS resources using templates

What is AWS OpsWorks?

A configuration management service that uses Chef or Puppet to automate server setup and deployment.

AWS Service Catalog

Allows organizations to create and manage catalogs of approved IT services on AWS

AWS Systems Manager

Provides visibility and control over AWS infrastructure with a unified interface to view operational data and automate tasks across resources.

Systems Manager grouping capability

Allows grouping of resources like EC2 instances

AWS Trusted Advisor

An online tool that offers real-time guidance to optimize AWS environment for cost

Amazon CloudWatch

A monitoring service that collects metrics

AWS CloudTrail

Records AWS API calls and delivers log files with detailed information such as API caller identity