Cloud Computing

• On-demand
• metered
• compute, networking, storage
• available over public internet
• Pay as you go
• OpEx
• Elastic, scalable, fault tolerant, High Availability

Advantages of Cloud computing as per AWS

• https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html
• Trade fixed expense for variable expense
• Benefit from massive economies of scale
• Stop guessing capacity
• Increase speed and agility
• Stop spending money running and maintaining data centers
• Go global in minute

Virtualization

Hypervisors

• type I
• type II

Cloud Computing Models

IaaS

• EC2, EBS, EFS, VM

PaaS

• Elastic Beanstalk, Azure Functions, App service, Dynamo DB

SaaS

• gmail, salesforce, Qualys

Cloud deployment models

• Public cloud (AWS, Azure, GPC)
• Private cloud
• Hybrid cloud

AWS

• Largest market share for public cloud
• nearly 200 services and growing
• Gartner Vendor Rating for AWS - https://www.gartner.com/doc/reprints?id=1-29YJX2Y2&ct=220505&st=sb
• Gartner Magic Quad: 2021 Magic Quadrant for Cloud Infrastructure & Platform Services

AWS Global Infrastructure

• The AWS Global Cloud Infrastructure is the most secure, extensive, and reliable cloud platform, offering over 200 fully featured services from data centers globally
• Visit: https://aws.amazon.com/about-aws/global-infrastructure/

Region:

• a physical location where AWS host a cluster of data centers
• Has a minimum of 2 AZ

Availability Zones:

• part of a region
• logically and physically separated within 60 miles
• has one or more data centers per one AZ
• Synchronous replication is possible between AZs
• AZs are connected by high-bandwidth, low latency metro fiber links.

Edge locations (AWS CloudFront)

• With edge locations, we can cache frequently accessed files on servers located closer to the users
• https://aws.amazon.com/cloudfront/features/?whats-new-cloudfront.sort-by=item.additionalFields.postDateTime&whats-new-cloudfront.sort-order=desc

Regional vs. Global Services vs. On-prem!

• Most AWS services are regional (EC2, RDS etc)
• Global service - IAM, CloudFront, Route 53
• On-prem:

1. Amazon Snow Family (SSDs, compute and neetworking)
2. Amazon storage GW
3. Amazon outposts (can scale from 1 rack to 96 racks)

Support plans

• https://aws.amazon.com/premiumsupport/plans/

• Basic
• Developer
• Business
• Enterprise support plan - $15,000 a month; dedicated TAM (Technical Account Manager)

Service Health Dashboards

• https://health.aws.amazon.com/health/status

Trusted Advisor

Personal Health Dashboard (PHD)

AWS AuP

• https://aws.amazon.com/aup/

AWS Account

• multiple account - dev, uat, prod etc

AWS Organizations

• free service
• similar accounts can be grouped under Organizational Units (OU)
• Service Control Policies (SCPs) can be applied to OU
• Consolidated billing (All features or just Consolidated Billing feature)

Consolidated Billing benefit

• single bill for all accounts
• simplified tracking
• volume discount
• consolidated billing is a free service

Core OU recommendations

AWS guide on OUs: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/recommended-ous.html separate into at least two OUs

1. Infrastructure service account
2. Security service account

AWS Landing Zones (old) >> AWS Control Tower (new)

1. Create AWS Org and multiple AWS accounts
2. SSO for IAM
3. Federation
4. Pre-configured AWS CloudTrail and AWS config
5. Pre-configured recommended guardrails and policies

FREE TIER Benefits

• up to 5 GB of S3 storage for 12 months
• EC2 free - 750 hours a month
• RDS - 750 hours a month
• completely free - always: CloudFormation

Amazon Workspace

• Virtual desktops - Linux or windows

Amazon Detective

• Analyze and visualize security issues

Redshift

• enterprise grade data warehouse

Billing

• https://us-east-1.console.aws.amazon.com/billing/home?region=us-east-1#

AWS Technologies

MFA for root account

• https://aws.amazon.com/iam/features/mfa/
• Add MFA for root user (Warning)

IAM password policies

• password polices can be used to enforce password complexities.
• can be configured from the account setting; you can update the default policy

IAM users

• roor user vs IAM user
• IAM user - username/password
• CLI access - access key ID / secret access key
• service accounts (IAM accounts)

IAM groups

IAM policies

• can be attached to a given IAM user or IAM group, or a IAM role
• enforce principle of least privilege

Types of polices

1. Identity based policies: attached to IAM user, group or roles. Identity policy can not be applied to an identity in a different AWS account. However, roles can be granted to identities in a different AWS account to access resources.

• Managed AWS polices
• Customer managed policies
• Inline policies - attached to a IAM identity directly

2. Resource based policies: attached to AWS resources
3. Permission boundaries: policy can be defined as a permission boundary
4. Organization Service Control Policies (SCPs):
5. Access Control Lists
6. Session polices

ARN - Amazon Resource Name

• arn:partition:service:region:account-id:resource-id

IAM Policy Simulator

• https://policysim.aws.amazon.com/home/index.jsp?