AMAZON WEB SERVICES

(AWS)

Cloud Computing:
the on-demand delivery of IT Resources and apps via the internet, with pay-as-you-go
method.

Resources and Apps:

Types of server: Inflexible and Elastic.
INFLEXIBLE servers have large initial purchases, sys-admin, fixed capacity, procedurement and
setups, and limited geo-regions.
ELASTIC servers have no upfront investments, low on-going costs, focused on innovation,
flexible cap, speed and agility, and global reach on-demand.

Types of clouds available:

Private (local), public, and Hybrid cloud.

Why organizations use cloud instead of physical servers?

1. Speed & Agility, increase agility through experimentation (Reduce time to get
resources available, lower cost and time, increase agility throughout the organization)

2. Resource Optimization (with AWS, payment of using servers will be pay-as-you-go,

instead of the traditional way of buying servers (expensive) and setting it up which
takes a lot of time)

3. Operational Efficiency (more people buy cloud servers, it’ll get cheaper. Since 2006
until today, AWS has been reduced cloud price by +70%, never going up.)
HISTORY OF AMAZON.com

AMAZON started in 1994, going online in 1995, as a online bookstore.

since Amazon servers is so big and wide, they started to be a online-shop that sells almost
anything.

AWS started in 2006, in aws.amazon.com.

AWS enables businesses and devs to use web services to build scalable sophisticated
s.

AWS customers are governments, and certain corporations (enterprise, public sectors, and
startups)

THERE ARE DATA CENTRES AROUND THE WORLD (REGIONS).

at least 2 AZ minimum for AWS Regions.
each regions, can be 200km apart.

Inside Regions, there are Availability Zones.

Regions: Geographic locations, and at least minimum 2 AZ per regions.
High availability using Multi-AZ Deployments:
If there’s 1 data centre, then it’s only for users on the region.

Availability Zone:
Is a cluster of data centres, isolated from failure (fault tolerance) on other AZs.
Connection to each Availability Zone (AZ), is through an High Speed Internet connection/link,
with a speed of minimum 10Gbps and have very low latency.
AWS Regions in the world, has 20 regions.
AWS Availability Zone, has around 60 AZ around the world.
AWS Edge Locations, has 137 edge locs, 500 around the world.
AWS WAF, is a firewall app.
AWS CloudFront
Amazon Route 53
AWS Shield, is to protect data centres from DOS/DDOS attack. There’s about 53 of them.

AMAZON EC2 (ELASTIC COMPUTE CLOUD):

FACTS:
1. Use tags for labeling, ex: billing.
2. Flexible, easy to use.
3. Pay for the capacity that you use.
4. Now use AMD processors as well, (backnamehas-A)
TO LAUNCH EC2 INSTANCE:
1. Determine the AWS Region near you.
2. And use the procedure that has been remembered.
TO ACCESS INSTANCE METADATA
Go to this : 169.254.169.254/latest/metadata
TO ACCESS/RETREIVE USER DATA => Is for script initialization.
Go to this: 169.254.169.254/latest/user-data
EC2 PURCHASES OPTIONS:

1. On-Demand Instance (Pay by the hour).

2. Reserved Instance (Purchase at significant disc, always available, contract 1 or 3 years
terms).
3. Scheduled Instance (Purchase instance are always available on the specified recurring
schedule, contract for 1 year term).
4. Spot Instance (Bid on unused instance, which can run as long as they are available, and
your bid is above the spot price) => (Used for processing DATA ANALYTICS/BIG DATA).
5. Dedicated Instances (Pay by the hour for instances that run on single-tenant hardware).
 6. Dedicated Hosts (Pay for a physical host that is fully dedicated to running your
instances).

AMAZON MARKETPLACE:
Make applications by continuing a pre-made application template.

AMAZON VPC (VIRTUAL PRIVATE CLOUD):

FACTS:
1. Provision a private, isolated virtual network on the AWS cloud.
2. Have complete control over your virtual networking environment.
VPC & SUBNETS:
1. Subnet defines range of IP adresses in your VPC.
2. Launch AWS apps on subnet that you have selected.
SECURITY IN VPC:
1. Security Groups (VPC)
2. Network Access Control Lists (ACLs) (Subnet)
3. Key Pairs

AMAZON S3 (SIMPLE STORAGE SERVICE)

FACTS:
1. Unlimited objects in a bucket.
2. Objects can be up to 5TB, no bucket size limit.
3. Designed for 99,99999999999% durability and 99,99% availability of objects.
4. Can use HTTP/S endpoints to store and retrieve any amount of data.
5. Highly scalable, reliable, inexpensive, fast.
6. Can use optional server-side encryption using AWS or customer managed services.
CONCEPTS:
1. S3 stores data as objects within buckets.
2. An object is composed of a file and optionally any metadata that describes the file.
3. Each account can have 100 buckets.
4. You can control access to the bucket and it’s objects.
5. Object Lock blocks object version deletion.
SECURITIES:
1. You can control access to buckets and objects:
a. ACL (Access Control Lists).
b. Bucket policies.
c. Identity and Access Management (IAM) policies.

2. You can upload/download data to Amazon S3 via SSL encrypted endpoints.

VERSIONING:
1. Protects from accidential overwrites ad deletes with no performance penalty.
2. Generates new version everytime you upload.
3. Allows easy retrieval of deleted objects, or roll back to previous version.
4. Three states of S3 buckets:
a. Un-versioning (default on)
b. Versioning-enabled
c. Versioning-suspended
PRICING:
1. Pay only for what you can use.
2. No minimum fee.
3. Prices based on the location of S3 buckets.
4. Estimate monthly bill using AWS Simple Monthly Calculator.
5. Pricing available as:
a. Storage Pricing
b. Request Pricing
c. Data Transfer Pricing
STORAGE CLASSES:
1. S3 Standard
a. Durability of 99,99999999999%
b. Availability of 99,99%
2. S3 Standard Infrequent-Access (IA)
a. Durability of 99,99999999999%
b. Availability of 99,99%
c. Retrieval fee associated with objects
d. Most suitable for infrequent accessed data
3. Glacier
a. Not available for real-time access
b. Must restore objects before you can access.
c. Restoring objects can take from a minute to 12 hours.
AMAZON S3G (SIMPLE STORAGE SERVICE GLACIER)
FACTS:
1. Long-term low-cost archiving service.
2. Optimal for infrequently accessed data.
3. Designed for 99,99999999999% durability.
4. 3-5 hours retrieval time.
5. Less than $0,01 per GB/month (depending on region)

AMAZON EBS (ELASTIC BLOCK STORE)

There are 2 types of EBS:
1. SSD (Solid-State Drive)
a. Volume type:
i. General Purpose SSD (gp2)
ii. Provisioned iOPS SSD (io1)
b. Description:
i. Balances price and performance for a wide variety of transactional loads.
ii. Highest performance SSD volume designed for mission-critical
applications.
c. Volume size:
i. 1 GB -> 16TB
ii. 4 GB -> 16TB
d. Dominant Performance Attribute:
i. iOPS
ii. iOPS

2. HDD (Hard Drive)

a. Volume type:
i. Throughout Optimized
ii. Cold HDD (sc1)
b. Description:
i. Low cost HDD designed for frequently acquired throughput-intensive
workloads.
ii. Lowest cost HDD designed for less frequently accessed workloads.
c. Volume size:
i. 500 GB -> 16TB
ii. 500 GB -> 16TB
 d. Dominant Performance Attribute:
i. MiB/s
ii. MiB/s

AMAZON EC2 Instance Storage:

1. Very Fast, but temporary, and files inside will be auto-deleted when the EC2 stops, fails,
or terminated.
2. Local, complimentary direct attached block storage.
3. SSD or magnetic.
4. No persistance.

AMAZON EBS vs AMAZON EC2 INSTANCE STORE:

1. AMAZON EBS
a. Data stored on an EBS Volume can be saved.
2. AMAZON EC2
a. Data stored on EC2 Instance Store will be deleted after the EC2 is stopped.

AWS SHARED RESPONSIBILITY MODEL:

a. AWS responsible for the security of the cloud.
i. Such as network connection, and server machines.

b. Customers responsible for the security in the cloud.

i. Against hackers, bugs, errors.

AWS IAM Best Practices:

1. Delete AWS account access keys.
2. Create individual IAM users.
3. Use groups to assign permissions to IAM users.

AWS CloudTrail:
1. Records AWS API calls for accounts
2. Delivers
3. files with info to an Amazon S3 buckets.
4. Monitoring events in aws accounts
 5. Give API call if the EC2 instances is terminated

Amazon RDS (Relational Database Service):

1. Cost efficient and resizable capacity.
2. Manages time-consuming database administration task.
3. Access to the full capabilities of Amazon Aurora, MYSQL, MariaDB, Microsoft SQL Server,
Oracle, PostgreSQL databases.
4. Can be deployed on VMWare
RDS facts:
1. Simple, fast to deploy
2. Manages common database admin tasks.
3. Compatible with your apps.
4. Fast, predictable performance
5. Simple and fast to scale
6. Secure and cost effective
DB Instances:
1. Are basic building blocks of RDS (Configure by self)
2. Isolated database environment in the cloud.
3. Contain multiple user-created database
AMAZON RDS Backup:
1. Automatic Backups:
a. Restores your database to a point in time
b. Enabled by default
c. Let you choose a retention period 35 days+
d. Stored in Amazon S3 (Standard)
2. Manual Snapshots/Backup:
a. Let you build new database instance from a snapshot.
b. Initiated by the user.
c. Persist until the user deletes them.
d. Stored in Amazon S3 (Standard)

CROSS REGION SNAPSHOTS:

1. Copy of a database snapshots stored in a different AWS Rebgion.
2. Provide backup for disaster recovery.
 AMAZON RDS Security:
1. Run DB instance in Amazon VPC
2. Use IAM policies to grant access to RDS resources.
3. Use security groups.
4. Use SSL (Secure Socket Layer / HTTPS) connections with DB instances.
5. Use RDS encryption to secure instances and snapshots at rest.
6. Use network encryption and TDE (Transparent Data Encryption) with Oracle
DB, and Microsoft SQL Server instances.
7. Use security features of your DB engine to control access to the DB
instance.

//* RDS can be deployed on Multiple Available Zones (AZ) *\\

AMAZON DYNAMODB
1. Is a No-SQL database.
2. Extremely fast performance.
3. Low cost.
4. Seamless scalability and reliability.
5. Allocates the necessary speed for the usage of the database.
6. Allows you to store any data with no limits.
Operations available are QUERY and SCAN:
a. Query just get the data from the database, expectedly.
b. Scan will get the data, but with a process that it must search for the
searched data one by one, until the searched data has been found.

Data warehouse name is Amazon Redshift.

AWS Elasticity & Management Tools:

Triad of services:
a. Elastic Load Balancing
a. Works as a traffic divider.
b. If there’s a server broken, ELB will check out the error.
b. Amazon Cloudwatch
a. Works to monitor the CPU progress
b. Can give notifications if there’s something about the CPU.
c. Give news to Auto-scaling if there’s an overload server.
c. Auto Scaling
 a. Adds a new server (from received news from Cloudwatch)
b. Give news to Elastic Load Balancing if auto-scaling has add a new
server

AMAZON CLOUDWATCH:
1. Can monitor all OS that AWS supports.
2. By default, Cloudwatch can monitor hard disk, network, and CPU, but can’t monitor
RAM/Memory.
3. Alternatives for Cloudwatch, one of them is Nagios Core.
LAUNCH CONFIGURATION: Is a template that Auto-scaling group uses to launch EC2
instances.
AUTO-SCALING GROUPS: Contains a collection of EC2 instances that share similar
characteristics. Instances here are treated as a logical grouping for the purpose of
instance scaling and management.

CACHES IN AMAZON {

AMAZON CLOUDFRONT
AMAZON ElastiCache => Provides web apps with an in-memory data store in the cloud. }

AMAZON SQS (Simple Queue Service):

Is a fully managed message queuing service that enables you to decouple and scale
microservices, distributed systems, and serverless applications

AMAZON SNS (Simple Notification Service):

 Is a highly available, durable, secure, fully managed pub/sub messaging service that
enables you to decouple microservices, distributed systems, and serverless applications.

Cloud Formation
Tambahan :
AWS Service uses AWS Edge Location is CLOUDFRONT
Cloudtrail logs untuk melihat user yang resonsif untuk menterminate instances
AWS X-RAY Helps developers analyze and debug protection, distributed
applications such as those buold using a microservices infrastructures
AWS OPSWORKS Used to repicate and deploy spesific software automatically
Benefit of elactisity is create system that scale to the required capacity based on
changes in demand
AWS CODECOMMIT is to store bnary code and source codewhich is accessible
from the internet
AWS DIRECT CONNECT is a cloud service support REAL TIME SERVICE and support
high bandwith and low latency
AMAZON QUICKSIGHT is a service to publish interactive grapicaly reports
dashboard
In amazon redshift, the leader node’s role is to receive queries and manage client
conection
AWS Code Deploy is a servicee that allow the developers to automate the
installation on the host, EC2 Instances, amazon ECS, Lambda Serverless even on
premises server.
AWS PERSONAL HEALTH DASHBOARD untuk pemeriksaan detail dan prompt the
user with alert and notification
AWS ARTIFACTS is to provide dossier of security and compilance documentation
AURORA DB is an database that can increase the size by it own
AWS SDK is used to call aws services with programming language
AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web
applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go,
and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. You can
simply upload your code and Elastic ...
Amazon Simple Email Service (Amazon SES) adalah layanan pengiriman email berbasis cloud yang dirancang untuk membantu
pemasar digital dan pengembang aplikasi mengirim email pemasaran, pemberitahuan, dan transaksi.

AWS Snowball is a petabyte-scale data transport service that uses secure devices to
transfer large amounts of data into and out of the AWS cloud.
DATABASE : MULTI AZ DEPLOYMENT

DATABASE - MASTER - SLAVE

Normalnya cuma ada 1 yang bisa read - write(master) dan slave untuk backup aja, jika
master down maka slave bisa jalan tapi tidak bisa write.

Cloud9 - Lambda
Environtment untuk koding di web browser, untuk buat aplikasi, php, dan jadi di aws
tidak perlu dinaikkan., bisa untuk bekerja bersama dalam satu projek.
PCI Compliance
Standar aturan AWS seperti keamanan, enskirpsi, sumber daya serta aturan standar
server data centre, health care, financial.
- HIPA = standar internasional health care.
Security - SSL, KMS, dan HSM.
Stadar enskripsi AWS(KMS), Hardware Security Module untuk enskripsi key yang lebih
kompleks dan mahal(HSM).
IAM - User, Group, Roles
- Federation, adalah login menggunakan username dan passwor yg udah ada,
contohnya gmail, fb.
Direct Connect
Metode koneksi kabel langsung dari data center onpremises ke data center AWS.
AWS Organization
Berfungsi untuk mengurusi billng, management account.
AWS X-RAY
Tool yang dipakai di app development yang melihat problem, bug, kesalahan.
DeepRacer

Recognition
Service aws untuk Machine learning vision(berdasarkan peA security group acts as a
virtual firewall for your instance to control inbound and outbound traffic. nglihatan untuk
objek)