Cloud Computing is the delivery of IT resources over the Internet. The cloud is like a virtual data center accessible via the Internet that allows you to manage:
- Storage services likes databases
- Servers, compute power, networking
- Analytics, artificial intelligence, augmented reality
- Security services for data and applications
Characteristics of Cloud Computing
- Pay as you go - You pay only for what you use and only when your code runs.
- Autoscaling - The number of active servers can grow or shrink based on demand.
- Serverless - Allows you to write and deploy code without having to worry about the underlying infrastructure.
In a serverless environment, the developer doesn’t worry about the underlying infrastructure.
Cloud Based Products
Amazon Web Services offers a broad set of global cloud-based products.
- Quick Sight
- Simple Queue Service (SQS)
- Simple Notification Service (SNS)
- AWS Budgets
- Elastic Cloud Compute (EC2)
- Elastic Beanstalk
Database management services:
- Cloud 9
- Code Pipeline
- Key Management Service (KMS)
- Identity and Access Management (IAM)
- Machine Learning
- Computer Vision
- Internet of Things (IoT)
Regions, AZ, Edge Locations
Each dot represents a region. It is a geographic location that has availability zones or AZs. Typically, a minimum of two AZs exist in a region, and you typically select your region to reduce latency and cost. So, for example, if most of your customers are in China, then it doesn’t make sense for you to deploy your application to the West Coast region, because that introduces high-latency.
Regions are isolated and independent, and resources aren’t automatically replicated across them, you have to specifically set them up. For example, when you create your
Redshift cluster resource in
na-east-1, you won’t see it in other regions.
Region: A region is considered a geographic location or an area on a map.
An Availability Zone (AZ) is an isolated location within a geographic region. You can think of it as a physical data center within a specific region. So there are multiple data centers in a given region. So failure in one AZ, doesn’t impact another AZ. So, in other words, failures are independent.
Lastly, there is also this concept called Edge Locations, that is more related to a Content-Delivery Network (CDN). You can think of it as a mini data center and it is used soley to cache large data files closer to a user’s location.
Shared Responsiblity Model
AWS is responsible for security OF the cloud, we are responsible for security IN the cloud.
When developing applications and providing services to our users or customers, we are in a shared responsibility model with AWS, and that is what this diagram shows.
AWS is responsible for:
- Securing edge locations
- Monitoring physical device security
- Providing physical access control to hardware/software
- Database patching
- Discarding physical storage devices
You are responsible for:
- Managing AWS Identity and Access Management (IAM)
- Encrypting data
- Preventing or detecting when an AWS account has been compromised
- Restricting access to AWS services to only those users who need it
What are IAM Roles?
IAM roles are a secure way to grant permissions to entities that you trust. Examples of entities include the following:
- IAM user in another account
- Application code running on an EC2 instance that needs to perform actions on AWS resources
- An AWS service that needs to act on resources in your account to provide its features
- Users from a corporate directory who use identity federation with SAML
IAM roles issue keys that are valid for short durations, making them a more secure way to grant access.