Scribd
Upload
246 views36 pages

Core AWS Services

Uploaded by

Bindu Prasad GS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
246 views36 pages

Core AWS Services

Uploaded by

Bindu Prasad GS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 36

Core AWS Services

• AWS EC2 ( Elastic Compute Cloud )

• AWS VPC ( Virtual Private Cloud )

• AWS IAM ( Identity and Access Management)

• AWS S3 ( Simple Storage Service)

• AWS RDS ( Relational Database Service )


AWS EC2 Service

• Introduction to EC2

• AMI ( Amazon Machine Image )

• Instance Type

• Key Pair

• Security Group

• VPC ( Virtual Private Cloud )


Introduction to EC2
• EC2 enables you to create and manage virtual servers (Virtual
Machine), known as instances, in a secure and reliable manner.

• Allows users to rent virtual computers on which to run (deploy) their


own computer applications.

• EC2 instances are widely used for a variety of purposes, including web
hosting, running applications, data processing, and deploying and
scaling infrastructure for software development projects.

• For EC2 creation, we do need : AMI (Amazon Machine Image)

Instance type

Security Group

VPC (Virtual Private Cloud)

Key Pair
AMI ( Amazon Machine Image )
• It is a template or snapshot of a virtual machine (an EC2 instance) that contains all the
information required to launch an instance.

• It includes the operating system, pre-installed software, configurations, and any


additional data associated with the instance, access permissions, volume information.

• AWS provides a variety of pre-configured AMIs with different operating systems (such
as Amazon Linux, Ubuntu, Windows Server, etc.) and software pre-installed (such as
databases, web servers, development environments, etc.).

• You can create your own custom AMIs based on existing instances.

• Why do we need AMI ?

Let us suppose that we want to launch 5 servers with the same configuration. One way of
doing that would be to launch a new EC2 instance every time and install the required
packages every time. While the other way of doing it would be to configure your EC2
instance once and then create an image of that instance. Using that image you can deploy
4 more EC2 servers.
Instance Type
• Amazon EC2 (Elastic Compute Cloud) offers a wide range of instance types to
cater to different compute, memory, storage, and networking requirements.
(hardware specifications)

• General Purpose instance -- Applications built on open-source software such as


application servers, micro services, gaming servers, midsize data stores, and
caching fleets. Eg : t2,t3,m5,a1,and etc.,

• Compute Optimized -- compute bound applications that benefit from high


performance processors. Eg : c5, c5n, c5a…

• Memory Optimized -- to deliver fast performance for workloads that process


large data sets in memory. Eg : r5n,r5…

• Accelerated computing -- Machine learning, high performance computing,


computational fluid dynamics, computational finance, seismic analysis, speech
recognition, autonomous vehicles, and drug discovery. Eg : p2,p3….

• Storage Optimized -- designed for workloads that require high, sequential read
and write. Eg : i3, d3 etc…
Key Pair
• A key pair, consisting of a private key and a public key, is a set of security
credentials that you use to prove your identity when connecting to an
instance.

• A key pair, consisting of a public key and a private key, Amazon EC2 stores the
public key on your instance, and you store the private key.

• Anyone who possesses your private key can connect to your instances, so it's
important that you store your private key in a secure place.
AWS VPC Service

• Introduction to VPC

• Subnets

• Routing Tables

• Internet Gateway

• Security Groups

• Network Access Control List (NACL)


Introduction to VPC
• Amazon VPC creates a virtual network topology for your Amazon EC2
resources.

• You have complete control over your virtual networking environment,


including selection of your own IP address range, creation of subnets, and
configuration of route tables and network gateways.

• All new AWS accounts have a default VPC .


Subnets
• Subnet is a range of IP addresses within a VPC.

• Public subnet – The subnet has a direct route to an internet gateway.


Resources in a public subnet can access the public internet.

• Private subnet – The subnet does not have a direct route to an internet
gateway. Resources in a private subnet require a NAT device to access the
public internet.
Routing Tables
• Routing tables that control the flow of traffic within the VPC.

• You can configure routes to direct traffic between subnets, to the internet via
the IGW, or to other network devices.
Internet Gateway (IGW)
• Allow resources (eg. EC2 instances) in a VPC connect to the
internet.

• Must be created separately from a VPC.

• One VPC can only be attached to one IGW and vice versa.

Security Group
• A security group is a virtual firewall that controls inbound and
outbound traffic for instances or resources within a Virtual Private
Cloud (VPC) or cloud network.

• It acts as a rule-based filter, allowing or denying network traffic based


on specified rules.
Network Access Control List
• NACL are like a firewall which control traffic from and to subnets.

• NACL are a great way of blocking a specific IP address at the


subnet level.
AWS IAM Service
• What is Access Control?

• Why do we need access management?

• What is IAM?

• Components of IAM

-- Users

-- Groups

-- Role

-- Policies

• Multi-factor Authentication (MFA)


What is Access Control?
Access Control is the selective restriction of access to a place or
other resource.
Why do we need access
management?
What is IAM?
• IAM is web service that helps you securely control access to AWS resources for your
users.

• We use IAM to control who can use your AWS resources (authentication) and what
resources they can use and in what ways (authorization).

• It safe guards accesses to AWS services and resources and to create and manage AWS
users and groups and use permissions to grant or deny access to AWS services.
Components of Click icon to add picture

IAM
 IAM user represents an entity
(person or an application) that
interacts with AWS resources
and services.

 Using IAM, we can create and


manage AWS users, and use
permissions to allow and deny
their access to AWS resources.

 The root user can grant


permissions to the IAM user.

 It is created without permissions


by default.
 IAM Policies are documents.
 They customize user access to AWS resources and services.
 They deny or allow permissions to AWS resources and services.

 A collection of IAM users is called an IAM group.


 IAM policy assigned to the IAM group grants permissions to all IAM users of
that group.
 IAM role is temporary access to services or resources.
Multi-factor Authentication (MFA)
• MFA stands for Multi-
Factor Authentication, and
it is a security measure
used to protect sensitive
information and enhance
the security of online
accounts and systems.

• WHY MFA ---- > Increased


security, Mitigation of
password related risks,
Protection against
phishing attacks,
Compliance with security
standards, and Enhanced
user trust.
AWS S3 Service

• Why S3?

• Introduction to S3

• Storage Classes

• Buckets

• Objects

• Key

• S3 Security
Why S3 ?

• Finding a way to store distribute and manage all of the data is a big challenge .

• Running applications, delivering content to the users, hosting high traffic websites or
backing up documents databases and email all require a lot of storage and need for
more storage space keeps growing everyday.

• Building or maintaining your own storage repository is expensive and time


consuming. First you have to buy racks and racks of dedicated hardware and software
then to get it all up and running you have to hire staff and set up complex processes
to make sure your storage is performing well and backed up in case something fails.

• Adding more capacity costs money and time to deploy more servers hard drives and
tape backup machines and guessing how much capacity you need in the future is
difficult.
Introduction to S3
Amazon S3 is a cloud-based storage service offered by Amazon
Web Services (AWS) .It allows you to store and retrieve any
amount of data at any time from the internet.
In Amazon S3, data is organized into containers called
“BUCKETS”. Think of a bucket as a directory or folder where you
can store your data . Each bucket must have a unique name
globally across all AWS.
Inside each bucket , you store individual files , which are referred
to as “OBJECTS”. These objects can be anything, such as
images,videos,documents,or backups.Object names must also be
unique within the bucket.
 It is object-level storage. Each object is made up of :
Data :: any type of file
Metadata :: information about what data is
Key :: unique identifier
 Max Object size = 5TB(5000 GB)
 If > 5000 GB , we do use multi-part upload.
 When we create a bucket ,
S3 Storage Classes
Buckets
 A bucket is a container used for storing the objects.

 Every object is incorporated in a bucket.

 For example, if the object named photos/tree.jpg is stored in the treeimage bucket,
then it can be addressed by using the URL
http://treeimage.s3.amazonaws.com/photos/tree.jpg.
 A bucket has no limit to the amount of objects that it can store. No bucket can exist
inside of other buckets.
 The AWS user that creates a bucket owns it, and no other AWS user cannot own it.
Therefore, we can say that the ownership of a bucket is not transferrable.
 The AWS account that creates a bucket can delete a bucket, but no other AWS user
can delete the bucket.
 100 buckets can be created in each of the AWS accounts.
Objects
Objects are the entities which are stored in an S3 bucket.

An object consists of object data and metadata where metadata


is a set of name-value pair that describes the data.
An object consists of some default metadata such as date last
modified, and standard HTTP metadata, such as Content type.
 It is uniquely identified within a bucket by key and version ID.
Key
A key is a unique identifier for an object.

Every object in a bucket is associated with one key.

An object can be uniquely identified by using a combination of


bucket name, the key, and optionally version ID.
S3 Security
 Access Control :: IAM Policies

Bucket Policies

Access Control Lists(ACLs)

S3 Block Public Access

 Encryption :: At Rest -- S3 Managed Keys(SSE-SE)

AWS Key Management Service Keys(SSE-KMS)

Client-Side Encryption

At Transit – SSL/TLS Secure Sockets Layer/Transport


Layer Security
AWS RDS Service

• What is Amazon RDS

• Features of RDS
What is Amazon RDS

• Amazon RDS (Relational Database Service) is a fully-managed


SQL database cloud service that allows to create and operate
relational databases.

• Using RDS you can access your files and database anywhere in a
cost-effective and highly scalable way.
Features of RDS

Common questions

Powered by AI

Multi-factor authentication (MFA) significantly enhances security by requiring users to provide two or more verification factors to access AWS resources, rather than relying solely on passwords. This reduces the risk of unauthorized access due to compromised passwords and protects against phishing attacks. MFA aids in meeting compliance requirements and increasing user trust by adding an additional security layer, thus fortifying the protection of sensitive data available through AWS resources .

When a new IAM user is created, it has no permissions by default, prioritizing security by preventing unintentional access to AWS resources. To grant necessary permissions, administrators apply IAM policies that define the allowed and denied actions for the user. These policies are crucial for tailoring user access according to role requirements, ensuring users can perform their tasks without having unnecessary permissions that could lead to potential misuse or security vulnerabilities .

AWS Identity and Access Management (IAM) facilitates controlled access to AWS resources by allowing administrators to define who can access what resources and how they can use them. The main components involved in managing permissions within IAM include users, groups, roles, and policies. Users represent a single user identity, groups allow the management of permissions for collections of users, roles enable temporary access to resources, and policies define the permissions assigned to users or groups, controlling their access and actions on AWS services .

Security groups act as virtual firewalls for EC2 instances in a VPC, controlling inbound and outbound traffic based on defined rules. Unlike Network Access Control Lists (NACLs), which operate at the subnet level and apply rules for all network traffic entering and leaving a subnet, security groups are instance-level, allowing more granular control of network traffic specific to individual instances. Security groups support stateful inspection, while NACLs are stateless, requiring explicit inbound and outbound rules for traffic management .

Key pairs are crucial in securing EC2 instances as they provide a means of secure authentication without transmitting passwords over the network. A key pair consists of a private key, which is kept secure by the user, and a public key, which is stored on the instance. The possession of the private key is essential for accessing the instance. Misuse or exposure of private keys can pose serious security risks, as anyone with access to the private key can gain unauthorized access to the instances, potentially leading to data breaches or manipulation of resources .

Amazon Machine Images (AMIs) improve deployment efficiency by allowing you to create a snapshot of a configured EC2 instance, including the operating system, installed software, and configurations. This snapshot can be used to launch multiple instances with the same configuration without setting up each one individually. By using AMIs, you save time because you avoid repeatedly installing necessary software and configuring settings for each new instance. This approach also reduces human error and ensures consistency across deployed instances .

Selecting the appropriate EC2 instance type is crucial as it directly impacts the application's performance and operational costs. Instance types are designed to meet specific requirements, such as general-purpose computing, memory optimization, compute optimization, storage optimization, or accelerated computing. Choosing an instance type that does not align with the application's demands can lead to insufficient capacity or resource wastage, increasing costs. Therefore, assessing the workload requirements and matching them with corresponding instance characteristics ensures optimal performance and cost-effectiveness .

Amazon S3 uses a flat structure with buckets and objects, where each bucket serves as a container for objects stored in a user's AWS account. This design contributes to scalability by allowing virtually limitless storage capacity for objects within a bucket, with the system managing the complexity of data distribution and retrieval. The object structure, where each object has a unique key within its bucket, facilitates easy access and retrieval while supporting a wide variety of data types and applications, enhancing S3's versatility for different storage needs .

The purpose of AWS Virtual Private Cloud (VPC) is to enable users to create a virtualized network dedicated to their AWS account. It provides complete control over the networking environment, including IP address ranges, subnets, route tables, and network gateways. VPC enhances the security of EC2 instances by allowing precise control over inbound and outbound traffic through security groups and network access control lists (NACLs), effectively acting as a virtual firewall .

In AWS VPC, public and private subnets manage network access with differing levels of connectivity to the internet. Public subnets have a direct route to the internet gateway, allowing resources within these subnets, like EC2 instances, to access and be accessed from the internet. In contrast, private subnets lack a direct route to the internet. To enable internet access, resources in private subnets require a NAT device, which allows them to connect to the internet without becoming directly exposed, providing an additional layer of security .

You might also like