AWS - Global Infrastructure¶
AWS is a cloud infrastructure provider, it's a pioneer in this field. Cloud and AWS have become synonyms, it would be difficult for a developer today to be unaware of AWS or cloud in general. This blog is an effort of mine to present this vast and ever expanding concept into very easy and fun method.
Learning new concepts in their 40's is very difficult, would try to make it as easy as possible for anyone want to embark on this journey.
AWS/Cloud has become an indispensable part of the Software industry due to a few of these important properties.
- Global Deployment
- Millisecond Latency
- Commission and decommission at will
- Pay as you use.
Even if core AWS services are not available in certain location, it still uses different non AWS services to enable developer to relax and focus on developing great software.
There are 2 types of AWS users.
- root user
- The user which is created when we first become an AWS consumer by signing in.
- This user has God like permission, and is not governed by IAM rules.
- It is not safe to use this user for day to day activity.
- Administrator user
- This is the user which is created though the IAM.
- This controls the management of other user.
- This is the user which should be used for daily activity.
- It has all the access just like root user.
- Always enable MFA for all users.
- Have an explicit password policy. i.e. expiry of password.
There are 3 ways to connect to AWS
- AWS Console
- The default mode, which we all use.
- This is the website for AWS, which can do pretty much all the stuff possible.
- AWS SDKs
- These are developers to make use of all the AWS resources while developing the application.
- Major programming languages are supported.
- AWS CLIs
- This use command line interface to control the AWS infrastructure.
AWS hosts its service in two types of location
- AWS Edge Location
- These does not host any specific AWS service.
- These hosts only CDN or CloudFront.
- AWS region
- These are the real AWS data centers, which host all AWS services.
- Each region is further divided into an Availability Zone (AZs).
- AZs are created to provide fault tolerance and high availability.
- Most services are region specific, which means all the AZs will have that service.
AWS - Shared Responsibility Model¶
AWS provides us with the bare metal infrastructure for running our application on their server. This does not imply that outside our application code, we can rely only on AWS.
AWS and us as a user work in a shared responsibility model, wherein, we have a certain responsibility and AWS has certain, and AWS is willing to shoulder certain responsibility with increased cost.
AWS's responsibility is broadly related to the physical server's like, physical security, personnel security, discarding the storage devices, DDoS protection, and hyper visor isolation.
User's responsibility is mostly towards their application like, proper security groups, IAM, MFA, OS patches and VPCs.
The major compute services provided by AWS are.
- Elastic Compute Cloud (EC2)
- Elastic Container service (ECS)
- AWS Lambda
- Elastic BeanStalk
In the above 4, the user has the maximum control of configuration on EC2 as its bare metal server, with some services running. Lambda and Beanstalk provide the minimum configuration user and most of them are managed by AWS.
Just like computer the major storage service provided by AWS are * RDS - SQL database. * DynamoDB - No SQL database * RedShift - Data Warehousing * ElastiCache - In memory Cache.
AWS is a global infrastructure, it has to serve both its developer and consumer with great efficiency and low latency. This is the reason the AWS has its core services spread across the globe called the AWS region. It also has its edge location spread across the globe to serve the consumer.
AWS region is subdivided into availability zones (AZs), which helps to provide high reliability and are connected to each other via a very low latency fiber optic. When an AWS service is mentioned to be region specific, it implies that it is available in all the AZs.
There are two types of an Administrator user of AWS service. The first is the root user which has infinite God like permission and is not controlled via the IAM. There is also a admin user which we create from IAM. The admin user have all the permission like the root user, its is just that it was created by IAM.
The user admin or root both should have MFA enabled and also have a password policy associated with it.
The AWS services can be accessed using 3 methods.
- AWS Console
- AWS SDKs
- AWS CLIs
All of the above will use the AWS APIs to connect with the core services. AWS Console is what every start using first and once becoming comfortable they rely on only SDKs or the CLIs.
AWS has a shared responsibility with the users, where AWS manages most of the physical security and the server management like DDoS protection and HyperVisor isolation, the user is entrusted with the responsibility of managing the software securities like IAM, MFA, OS Patches, Security groups etc.
What is the difference between the AWS Region and AWS Edge Location?¶
When explaining the AWS Global Infrastructure these 3 Keywords are often used.
- Availability Zone (AZs)
- Edge Location
Each of the above are key pieces of the AWS Infrastructure, but to understand the fundamental difference we have seen these with a different perspective.
The above are divided based on
- User of the content present on AWS (End User)
- User of the content provider to AWS (Developer)
Region and AZs as already explained are Developer focused, as a result, they are very few and have to adhere to the highest standard of scrutiny. Edge Location on the other hand, are User focused, Like CDN, Global Accelerator etc., their job is to make the content reach to and fro from the user faster, reduce the latency. As a result are far too many and spread across the world where it can serve its user better.