AWS Concepts

What is Cloud Computing?

• On-demand delivery of compute power, database storage, applications, and other IT resources through a cloud services platform via the Internet with pay-as-you-go pricing.
• A cloud services platform provides simple and rapid access to flexible and low-cost IT resources.
• No upfront investments and no heavy lifting of managing the hardware, you can provision exactly the right type and size of computing resources.
• AWS owns and maintains the network connected hardware, while organization provision and use what they need via a web application.

Six Advantages of Cloud Computing

1. Trade Capital Expense Vs Variable Expense – Pay only when and how much consume the computing resources, instead of upfront heavy capital expenditure.
2. Massive economies of scale – Because large # of customers is aggregated in the cloud, AWS can achieve cost-effective economies by scale.
3. Stop guessing capacity – Eliminate guessing on your infrastructure capacity needs. You can scale up and down as required.
4. Increase speed and agility – You reduce the time to make resources available to your developers from weeks to just minutes.
5. Stop spending money running and maintaining data centers – Focus on projects that differentiate your business, not the infrastructure. 
6. Go global in minutes – Deploy application in multiple regions around the world with lower latency and a better experience for customers.

Types of Cloud Computing

Cloud Computing Models

1. Infrastructure as a Service (IaaS) contains the basic building blocks for cloud IT and typically provide access to networking features, computers (virtual or on dedicated hardware), and data storage space.
2. Platform as a Service (PaaS) removes the need for organization to manage the underlying infrastructure (usually hardware and operating systems) and allows to focus on the deployment and management of applications. No resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running application.
3. Software as a Service (SaaS) provides with a completed product that is run and managed by the service provider. In most cases, people referring to Software as a Service are referring to end-user applications. With a SaaS offering you do not have to think about how the service is maintained or how the underlying infrastructure is managed; you only need to think about how you will use that particular piece of software.

Cloud Deployment Models

1. Cloud – A cloud-based application is fully deployed in the cloud and all parts of the application run in the cloud.
2. Hybrid – A hybrid deployment is a way to connect infrastructure and applications between cloud-based resources and existing resources in on-premise.
3. On-premises – The deployment of resources on-premises, using virtualization and resource management tools, is sometimes called the “private cloud.” On-premises deployment doesn’t provide many of the benefits of cloud computing but is sometimes sought for its ability to provide dedicated resources. In most cases this deployment model is the same as legacy IT infrastructure while using application management and virtualization technologies to try and increase resource utilization.

Global Infrastructure

• Global infrastructure helps customers to achieve lower latency and higher throughput, and ensures their data resides only in the AWS Region they specify.
• The AWS Cloud infrastructure is built around:
  • AWS Regions is a physical location in the world where we have multiple Availability Zones.
  • Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities.
• Both Regions and Zones are designed to have important cloud principles such as high availability, fault-tolerant, scalability, and elasticity.
• High availability and Fault-tolerant (reliable and durable) are met with redundancy.
• Scalability and Elasticity are met with managed increase/ decrease capacity.
• AWS Cloud operates 20 Regions and 60 Availability Zones.
• Each Availability Zone is isolated, but the AZ in a Region are connected through low-latency links.
  •  Sync replication – backup thru read replica.
  • Async replication – backup for disaster recovery.
• AWS provides flexibility to place instances and store data within multiple regions as well as across multiple AZ within each AWS Region.
• Each Availability Zone is designed as an independent failure zone. This means that Availability Zones are physically separated within a typical metropolitan region and are located in lower risk flood plains (specific flood zone categorization varies by AWS Region). In addition to discrete un-interruptable power supply (UPS) and onsite backup generation facilities, they are each fed via different grids from independent utilities to further reduce single points of failure.
• Availability Zones are all redundantly connected to multiple tier-1 transit providers. (for sync replication).

Security and Compliance

Security

• Customer don’t manage physical servers or storage devices, but they required to use software-based security tools to monitor and protect cloud resources.
• As an AWS customer you inherit all the best practices of policies, architecture, and operational processes built to satisfy the requirements of customers.
• The AWS Cloud enables a shared responsibility model. While AWS manages security of the cloud, customer responsible for security in the cloud.
• AWS provides you with guidance and expertise through online resources, personnel, and partners. AWS provides you with advisories for current issues.
• AWS provides security-specific tools and features across network security, configuration management, access control, and data encryption.
• Finally, AWS environments are continuously audited, with certifications from accreditation bodies across geographies and verticals. Take advantage of automated tools for asset inventory and privileged access reporting.

Benefits of AWS Security

• Keep Your Data Safe: The AWS infrastructure puts strong safeguards in place to help protect your privacy. All data is stored in highly secure AWS data centers.
• Meet Compliance Requirements: AWS manages dozens of compliance programs in its infrastructure. This means that segments of your compliance have already been completed.
• Save Money: Cut costs by using AWS data centers. Maintain the highest standard of security without having to manage your own facility
• Scale Quickly: Security scales with your AWS Cloud usage. No matter the size of your business, the AWS infrastructure is designed to keep your data safe.
• 7 design principles: 
  • Implement a strong identity foundation:
    • Implement the principle of least privilege and separation of duties with appropriate authorization for each interaction with your AWS resources. Centralize privilege management and reduce or even eliminate reliance on long-term credentials.
  • Enable traceability:
    • Monitor, alert, and audit actions and changes to your environment in real time. Integrate logs and metrics with systems to automatically respond and take action.
  • Apply security at all layers:
    • Rather than just focusing on protection of a single outer layer, apply a defense-in-depth approach with other security controls. Apply to all layers (e.g., edge network, VPC, subnet, load balancer, every instance, operating system, and application).
  • Automate security best practices:
    • Automated software-based security mechanisms improve your ability to securely scale more rapidly and cost effectively. Create secure architectures, including the implementation of controls that are defined and managed as code in version-controlled templates.
  • Protect data in transit and at rest:
    • Classify your data into sensitivity levels and use mechanisms, such as encryption, tokenization, and access control where appropriate.
  • Keep people away from data:
    • Create mechanisms and tools to reduce or eliminate the need for direct access or manual processing of data. This reduces the risk of loss or modification and human error when handling sensitive data.
  • Prepare for security events:
    • Prepare for an incident by having an incident management process that aligns to your organizational requirements. Run incident response simulations and use tools with automation to increase your speed for detection, investigation, and recovery.

Compliance

• Compliance responsibilities will be shared and by tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, AWS Compliance enablers build on traditional programs.
• The following is a partial list of assurance programs with which AWS complies:
  • SOC 1/ISAE 3402, SOC 2, SOC 3
  • FISMA, DIACAP, and FedRAMP
  • PCI DSS Level 1
  • ISO 9001, ISO 27001, ISO 27017, ISO 27018.
• 3 Components:
  • Risk Management (identify, manage and control risks)
  • Control Environment (policy, process, steps to secure resources)
  • InfoSecurity (CIA of customer data)

AWS Well-Architected

• Developed best-practices through lessons learned by working with customers.
• Well-Architected Framework has been developed to help cloud architects build secure, high-performing, resilient, and efficient infrastructure for their apps.
• Framework: 5 design pillars of cloud:
  • Operational Excellence: Focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.
    • Key topics: managing and automating changes, responding to events, and defining standards to successfully manage daily operations.
    • Automate
    • Respond to events
    • Define standards
  • Security: Focuses on protecting information & systems.
    • Key topics: CIA, privilege management, protecting systems, and establishing controls to detect security events.
    • IAM
    • Detective controls
    • Infrastructure protection
    • Data protection
    • Incident response
    • Design Principles
      • Strong ID foundations
      • Implement security at all layers
      • Enable traceability
      • Apply principle of least privilege
      • Focus of securing your system
      • Automate
  • Reliability: Focuses on the ability to prevent, and quickly recover from failures to meet business and customer demand.
    • Key topics: foundational elements around setup, cross project requirements, recovery planning, and how we handle change.
    • Recover from failures and meet demand
    • Apply best practices in: Foundations, Change and failure management
    • Anticipate, respond and prevent failures
    • Design Principles
      • Test recovery procedure
      • Automate recover
      • Scale horizontally
      • Stop guessing capacity
      • Manage change in automation
  • Performance Efficiency: Focuses on using IT and computing resources efficiently.
    • Key topics: selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.
    • Select customizable solutions
    • Continuously innovations
    • Monitor
    • Consider trade-offs
    • Design Principles
      • Democratize advance techs (build vs buy service)
      • Go global
      • Use serverless architecture
      • Experiment often
      • Have mechanical sympathy
  • Cost Optimization: Focuses on avoiding un-needed costs.
    • Key topics: understanding and controlling where money is being spent, selecting the most appropriate and right number of resource types, analyzing spend over time, and scaling to meet business needs without overspending.
    • Use cost-effective resource
    • Match supply with demand
    • Increase expenditure awareness
    • Optimize over time
    • Design Principles
      • Adopt consumption model
      • Measure overall efficiency
      • Stop spending DC ops
      • Check expenditures
      • Use managed services

Design principles:

1. Stop guessing your capacity needs: scale up and down automatically.
2. Test systems at production scale: simulate prod-scale test env on demand.
3. Automate to make architectural experimentation easier: replicate systems at low cost and avoid the expense of manual effort.
4. Allow for evolutionary architectures: allows systems to evolve over time so that businesses can take advantage of innovations as a standard practice.
5. Drive architectures using data: collect data on how your architectural choices affect the behavior of your workload. Helps fact-based decisions on data. 
6. Improve through game days:  Simulate events in production. Help to  understand where improvements can be made and can help develop organizational experience in dealing with events.