AWS 101

AWS global infrastructure:#

• Availability Zones: A single data center or a group of data centers within a Region. Availability Zones are located tens of miles apart from each other. Their data are isolated from each other.
• Region: One or a group of Availability Zones that located nearing each other.
• Edge locations: A site that Amazon CloudFront uses to store cached copies of your content closer to your customers for faster delivery. Can consider this as a fundamental for CDN of AWS.

Basic service:#

• EC2: Can be consider equivalent to a VPS.
• ELB: Distribute network traffic, ensure not a single EC2 have to carry all the work
• SQS(Amazon Simple Queue Service): An message queue service, consider an alternative to Kafka/RabbitMQ
• SNS(Amazon Simple Notification Service): Using to send message to other service (can be many things from application, SQS, HTTP, Webhooks,...). It just using to send message, not to queuing and storage like SQS.
• AWS Lambda: A serverless service.
• ECS: A container management system that enables you to run and scale containerized applications.
• EKS: A fully managed service that you can use to run Kubernetes.
• AWS Fargate: A serverless compute engine for containers. It works with both ECS and EKS.
• AWS Elastic Beanstalk: Infrastructure as code configuration service.
• Route 53: A DNS web service.
• Amazon CloudFront: Could be consider as CDN service that was built upon Edge locations.
• Amazon EBS: Block-level storage volumes behave like physical hard drives. The difference with instance storage is the data persist even if the EC2 instance stop. Availability Zones level resource
• Amazon EFS: Allow multiple instance to access data at the same time, automatically scale, true file system for Linux, Region level resouce
• Amazon S3: A service that provides object-level storage. Amazon S3 stores data as objects in buckets
• Amazon RDS: A service that enables you to run relational databases.
• Amazon Aurora: An enterprise-class relational database. It is compatible with MySQL and PostgreSQL relational databases
• Amazon DynamoDB: A key-value database service. It delivers single-digit millisecond performance at any scale.
• Amazon Redshift: A data warehousing service that you can use for big data analytics
• AWS Database Migration Service: enables you to migrate relational databases, nonrelational databases, and other types of data stores.
• Amazon Neptune: Graph database.
• Amazon managed blockchain or Amazone QLDB: Can be consider immutable database.
• Database accelerator or Amazon ElastiCache - Amazon DAX: Adding a caching layer upon database. It can help improve read time.
• Amazone WAF: Web application firewall that filter incoming traffic with signatures of bad actors. Has extension ML capabilities and can recognize the thread as they evolve
• Amazon Inspector: automated assessments.
  • Network configuration reachability piece.
  • Amazon agent
  • Security assessment
• Amazon GuardDuty: A service that provides intelligent threat detection for your AWS infrastructure and resources.
• Amazon CloudWatch: A web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics
• AWS CloudTrail: records API calls for your account. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, and more.
• AWS Trusted Advisor: A web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices

Networking:#

Amazon VPC enables you to provision an isolated section of the AWS Cloud. In this isolated section, you can launch resources in a virtual network that you define. Within a virtual private cloud (VPC), you can organize your resources into subnets. A subnet is a section of a VPC that can contain resources such as Amazon EC2 instances.

• For public traffic to get inside a VPC, we need to attach an Internet Gateway(like a doorway).
• For private traffic to get inside a VPC, we need to attach an Virtual private gateway.
• AWS Direct connect: A service that AWS would wire up a separate physical line from your place to aws managed resource (usually through a local network provider).

Inside a VPC, network can be organize as subnet. And usually useful for separate the request flow. For Ex: public subnet have access to Internet Gateway while private one do not.

However, It also could be useful for authorize request by using Network ACL(Access control list), which attach to subnet to accept or block request based on request origin, how they tried to communicate,... They are stateless.

For instance level security network level, Security group come into place(every EC2 instance established default coming with a Security group). They are stateful and default block all request.