Salty Blogs

[Pre-W6] AWS

YC Tech Academy Backend Career Project

Taehyun Han's photo
Taehyun Han
·

7 min read

Overview

Today, we will be looking at AWS Certified Cloud Practitioner Program. While this is a very short, and concise version, we will be looking at how AWS works, and how infrastructures for web apps are formed.

AWS

AWS provides many functionalities for users to deploy web applications and servers fast and safe. Today, we will be looking at these specific features and functionalities in AWS.

Security

Because AWS holds very sensitive informations, it has provided multiple ways and steps to protect your web application and servers.

IAM

IAM stands for Identity and Access Management. IAM allows users to not risk losing their whole server by providing accounts with limited access. To understand this system, there are three terms to learn:

  • Root User: THE AWS account. The main account with full access to all systems in AWS

  • User: The accounts (users) created by the root user. These users have limited access to the system, providing more security

  • Policy: Document with permissions to certain actions or systems of the AWS server.

    • Policy is defined by three parts: Actions, Effect, and Resource

      • Actions: the name of the action an authorized user can perform

      • Effect: Allow or Deny

      • Resource: Specific resource to apply the policy

IAM User, User group, and Roles

There are many ways to define IAM.

  • User: A specific account associated with a root user. It can be specified specific policies to each account and protect the system.

  • User Group: Allows root user (or allowed user) to assign policies to a group of users with similar role or tasks.

  • User Role: Give temporary access to policies, allowing short instances to do tasks for testing, short-term project, etc.

Multi-Factor Authentication (MFA)

MFA provides extra steps to protect the account from being terrorized. Some of the options provided are:

  • Mobile Authenticators (Google, Microsoft)

  • Security Key

  • Hardware Keys

Password Policy

It is possible for user to specify certain methods of password creations. For example, it is possible to set settings like: password length, password pattern limit, frequency of resetting password etc.

EC2

EC2 is an acronym for Elastic Compute Cloud. It is the main computing service provided by AWS. It provides a virtual computing infrastructure for servers and applications. It also provides options for dedicated servers as well. It is on-demand, possible for scale-ups, and provide ways to expand globally.

EC2 is like a building block. This means that other services in AWS use EC2 a lot.

EC2 Instance

One EC2 instance represents one computer. It provides basic computer resources like CPU, Memory, Storage, Networking, Firewall, OS, Package, Middleware, Application, etc.

Amazon Machine Image (AMI)

AMI is a virtual environment image. It is like a virtual machines. In AMI, it has many selectable OS, and it has setups for specific uses, such as database, deep learning, etc.

AWS also provides AWS Market Place, which provides a place for users to select AMIs with third-party applications, such as wordpress.

Community AMIs are also available. However, because this is not created by authorized users or organizations, there are possible dangers when using these softwares.

Instance Types

Depending on the usage of the instance, it is possible to set different specifications for your instance. The instance types can be divided by categories:

  • General Purpose Instances

  • Compute Optimized Instances

  • Memory-Optimized Instances

  • Storage Optimized Instances

  • Accelerated Computing Instances

AWS instance types are described as such: C5.xlarge

  • First letter (C) represents instance family. C here represents compute optimized instance.

  • Number (5) represents generation. Higher number means newer instance.

  • last phrase (xlarge) represents the size of the instance. Bigger instance means better performance and more resources.

Key Pair and Security Group

These instance would also need specific security options. For that, AWS provides Key Pair options. When EC2 instance is created, a public key saved within the instance. A user then saves a private key, which is used when they access the instance.

*Quick explanation about IP and Port

  • IP: address for accessing specific Host

  • Port: addess for accessing process within the computer

Security group acts as a firewall for EC2 instances. It has inbound and outbound rules, which controls the traffic that comes in and goes out of the instance. By setting the protocal, port, source, etc., it is possible write rules for access. (Source sets where the instance can be accessed (IP restriction, location restriction,etc)) All networks are restricted by default, and there must a rule created to allow the network to access the instance.

Elastic Block Storage (EBS)

EBS is a block storage that can be connected to EC2 Instance. The advantage of EBS is that after the instance is closed, the data in EBS is saved. EBS can be connected to multiple instances at once. EBS and instances are sorted by availability zones. Instances and EBS can only interact if they are in the same AZ. The types of EBS volumes are SSD and HDD, which is more specified to:

  • General Purpose SSD volumes

  • Provisioned IOPS SSD volumes

  • Throughput Optimized HDD volumes

  • Cold HDD volumes

There is also option for delete on quit. EBS takes money, so if not needed, it is wise to delete the data. However, if needed this option can be disabled.

User Data

User data is script that is executed when shell script is activated. User data is when there is a global setting that can be automated, such as setting up java or nodejs packages, setting server or database settings, installing middlewares, etc. This can be applied to both Linux and Windows.

Connecting to EC2 Instance

When connecting to EC2 Instance, there are multiple ways to access it:

  • Management Console - directly from AWS

  • SSH Client - Linux based

    • PuTTYU, KiTTY, MobaXTerm, WinSCP, etc.

    • Free or paid SSH clients

  • RDP Client - Windows based remote desktop

EC2 Instance has specific usernames for each OS

  • Amazon Linux: ec2-user

  • Ubuntu: ubuntu

  • Windows: Administrator

  • etc.

Instance Properties

There are several instance properties that can be checked:

  • Public/Private IP Address

  • Platform type (OS)

  • AMI ID

  • Key Pair

  • Owner

Other than these basic information, AWS also provides 6 categories of information:

  • Security

  • Networking

  • Storage

  • Status Check

  • Monitering

  • Tag

EC2 Instance Life Cycle

The following is the Instance Life Cycle

Instance creation -> Pending -> Running <--> Rebooting

Shutting-down --> Terminated (Deleted)

Stopping --> Stopped --> Pending or Shutting down

Terminating means instance is deleted, and the instance cannot be activated again.

S3

S3 is an acronym for Simple Storage Service. It is an object storage service, and it is one of the core services provided by AWS. It saves data like EBS Snapshots. One object has a maximum size of 5 TB, and it can be used for web service, big data storage, archiving etc.

S3 Object

S3 has a basic unit of files. Each object has files and metadata for each file. These store information such as version, encryption information, storage class, ACL, etc.

S3 Bucket

S3 bucket is a container that stores S3 objects. Containers are created before creating objects, and specifications can be set for each container. Bucket names must be globally unique, and it is created within one region. While it is possible to duplicate objects across regions, objects would usually stay inside one region.

S3 Pricing

Because S3 has so many features and parts to it, its pricing is a combination of these parts, thus it is quite complex to estimate the price. The price is a combination of:

  • Storage price

  • Data requests and retrieves price

  • Data transfer price

  • Duplication price

RDS

RDS is an acronym for Relational Database Service. It provides a relational database for users. It is a full management service, and it provides provisioning, backup, monitoring, patching, etc. However, it cannot be accessed through the shell.

RDS provides many DB engines such as MySQL, MariaDB, Oracle, PostgreSQL, MS SQL Server, etc. It also provides Amazon Aurora, which is compatible with MySQL and PostgreSQL.

The great advantage of RDS is that it provides functions that help manage a database with a click of a few buttons. Usually, one RDS is accessed by multiple instances, which is sent to an elastic load balancer for further actions.

Amazon Aurora

Aurora is a relational database designed by Amazon. It is compatible with two types of DB, MySQL and PostgreSQL, but it is x5 faster than MySQL and x3 faster than PostgreSQL at maximum. However, it is about 20% more expensive than normal RDS.

RDS Usage Architecture

RDS allows users to create up to 5 replica sets. This means that the user just needs to edit the main DB, and other DBs can just be accessed for read-only. This architecture can be varied to be applied in different situations.

Conclusion

Today, we looked at the systems and features provided by AWS. While this only covered the surface of the AWS technology, we have dived deep enough for us to host web applications for production.

AWS