Wednesday 7 August 2019

Components of AWS part-2

In this blog we are going to take a deeper dive into the components that make AWS instead of having a birds eye view of it.
You might be thinking of what could be the infrastructure of AWS which is providing infrastructure to millions of users and thousands of customers worldwide.

AWS Global Infrastructure

The following are the components that make up the AWS infrastructure:

  • Availability Zones - Availability Zones as a Data Center,  An availability zone is a facility that can be somewhere in a country or in a city. Inside this facility, i.e., Data Centre, we can have multiple servers, switches, load balancing, firewalls. The things which interact with the cloud sits inside the data centers.
  • Region - Region is a distinct geographical area & can have 2 or more AZ. A region is a collection of data centers which are completely isolated from other regions. Currently there are 22 regions across the globe.
  • Edge locations - Edge Locations are endpoints for AWS which are used for caching content. Typically consists of CloudFront, Amazon's Content Delivery Network (CDN). They are mainly located in most of the major cities to distribute the content to end users with reduced latency. Currently there are more than 150 edge locations.
  • Regional Edge Caches - Regional Edge cache lies between CloudFront Origin servers and the edge locations. A regional edge cache has a large cache than an individual edge location. Data is removed from the cache at the edge location while the data is retained at the Regional Edge Caches. When the user requests the data, then data is no longer available at the edge location. Therefore, the edge location retrieves the cached data from the Regional edge cache instead of the Origin servers that have high latency.
Below are the major services under various domains:

Networking and Content Delivery

  1. VPC - A Virtual Private Cloud is your private section of AWS, it provides a logically isolated area where you can launch AWS resources, and allow/restrict access to them. 
    • We can create Subnets (Private/Public) in a VPC and can assign custom IP address ranges in each subnet.
    • Max 5 VPCs allowed in each AWS Region by default.

  2. Route 53 - DNS Routing service (Manage DNS records of the domain) Routing of traffic to EC2 instances can be based on 
    • Weighted percentages
    • Latency based
    • Failover by creating health checks on each Record sets 
    • Geolocation based
    • MultiValue Answer policy is Simple Routing with health checks.

  3. API GatewayIt is a gateway which lets the incoming API calls communicates with a bunch of Lambda functions that create a serverless system and serve the users with response from those functions.

  4. CloudFront - Content Delivery Network is a system of distributed servers that deliver web pages and other web content to a user based on the geographic locations of the user, the origin of the webpage and a content delivery server. CDN comprises of following components:
    1. Edge Location: Edge location is the location where the content will be cached. It is a separate to an AWS Region or AWS availability zone.
    2. Origin: It defines the origin of all the files that CDN will distribute. Origin can be either an S3 bucket, an EC2 instance or an Elastic Load Balancer.
    3. Distribution: It is the name given to the CDN which consists of a collection of edge locations. When we create a new CDN in a network with AWS means that we are creating a Distribution. The distribution can be of two types:
      1. Web Distribution: It is typically used for websites. When a user requests for content, the request is automatically routed to the nearest edge location so that the content is delivered with the best possible performance.
      2. RTMP: It is used for Media Streaming.

Compute

  1. EC2 - EC2 stands for Amazon Elastic Compute Cloud.
    1. Amazon EC2 is a web service that provides resizable compute capacity in the cloud.
    2. Amazon EC2 reduces the time required to obtain and boot new user instances to minutes rather than in older day which was a very time-consuming process.
    3. You can scale the compute capacity up and down as per the computing requirement changes.
    4. Amazon EC2 has changed the economics of computing by allowing you to pay only for the resources that you actually use. Rather than previously we use to use physical servers on lease or purchase them, so we have to plan for 5 years in advance. This end up in spending a lot of capital in such investments.
    5. EC2 pricing options
      1. On Demand - On Demand is perfect for the users who want low cost and flexibility of Amazon EC2 without any up-front investment or long-term commitment. It is suitable for the applications with short term, spiky or unpredictable workloads that cannot be interrupted.
      2. Reserved - In a Reserved instance, you are making a contract means you are paying some upfront, so it gives you a significant discount on the hourly charge for an instance. It is used for those applications that require reserved capacity.
      3. Spot Instances - It allows you to bid for a price whatever price that you want for instance capacity, and providing better savings if your applications have flexible start and end times. It is useful for those applications that are feasible at very low compute prices.
      4. Dedicated Host - A dedicated host is a physical server with EC2 instance capacity which is fully dedicated to your use.

  2. Elastic Beanstalk - It is a PAAS (Platform as a Service) used for deploying and scaling web applications/services developed with Java, PHP,Node.js on familiar servers like Apache, Nginx, Tomcat, IIS.
    1. Elastic Beanstalk is one layer of abstraction away from the EC2 layer. Elastic Beanstalk will setup an "environment" for you that can contain a number of EC2 instances, an optional database, as well as a few other AWS components such as a Elastic Load Balancer, Auto-Scaling Group, Security Group. 
      1. Load Balancing
      2. Auto Scaling
      3. Health Monitoring
    2. EB offers two different Environment tiers:
      1. Web Server Environment: Handles HTTP requests from clients
      2. Worker Environment: Processes background tasks which are resource consuming and time intensive
    3. Each environment runs only a single application version at a time. But it is possible to run same or different versions of an application in many environments at the same time.
    4. After terminating an environment, You can restore it if terminated in the last six weeks.

  3. Lambda - It is a pay-as-you-go serverless compute service. It is known as a Function as a Service(FAAS)
    1. All lambda functions are stateless, meaning they cannot store persistent data.
    2. You deploy some code, it gets invoked, processes some input, and returns a value.
    3. It is always used in conjunction with API Gateways to create serverless model. Means it will always be invoked through an API gateway.
    4. Lambda is used to encapsulate Data centres, Hardware, Assembly code/Protocols, high-level languages, operating systems, AWS APIs.
    5. Lambda is a compute service where you can upload your code and create the Lambda function.
    6. Lambda takes care of provisioning and managing the servers used to run the code.
    7. While using Lambda, you don't have to worry about scaling, patching, operating systems, etc.


Storage

  1. EBS stands for Elastic Block Store.
    1. Amazon EBS allows you to create storage volumes and attach them to the EC2 instances.
    2. Once the storage volume is created, you can create a file system on the top of these volumes, and then you can run a database, store the files, applications or you can even use them as a block device in some other way.
    3. Amazon EBS volumes are placed in a specific availability zone, and they are automatically replicated to protect you from the failure of a single component.
    4. EBS volume attached to the EC2 instance where windows or Linux is installed known as Root device of volume.
    5. EBS Volume types fall into two parts:
      1. SSD-backed volumes
      2. HDD-backed volumes
    6. SSD is further classified into two parts:
      1. General Purpose SSD - General Purpose SSD is also referred as GP2. It is required where application uses less than 10,000 IOPS.
      2. Provisioned IOPS SSD - It is also referred to as IO1. It is mainly used for high-performance applications such as intense applications, relational databases. It is used when you require more than 10,000 IOPS.

  2. S3 stands for Simple Storage Service.
    1. It is an Object-based storage, i.e., you can store the images, word files, pdf files, etc.
    2. The files which are stored in S3 can be from 0 Bytes to 5 TB.
    3. It has unlimited storage means that you can store the data as much you want.
    4. Files are stored in Bucket. A bucket is like a folder available in S3 that stores the files. You can put the permissions individually on your files or on complete bucket.
    5. S3 is a universal namespace, i.e., the bucket names must be unique globally. Bucket contains a DNS address.
    6. If you create a bucket, URL look like: https://<bucket-name>.s3-<AWS-region>.amazonaws.com

  3. Snowball - These are physical devices that help migrate large amounts of data into and out of the cloud without depending on networks.
    1. Snowball is a suitcase-sized device, Snowball Edge is a rack mountable and clusterable suitcase sized device with compute capabilities, and Snowmobile is a shipping container moved with a tractor-trailer.
    2. With Snowball service we can migrate data in amount ranging between 100 TeraBytes to 10 PetaBytes.

  4. Storage Gateway - Storage Gateway is a service in AWS that connects an on-premises software appliance with the cloud-based storage to provide secure integration between an organization's on-premises IT environment and AWS storage infrastructure.
    1. File Gateway (NFS) - It is used to store the flat files in S3 such as word files, pdf files, pictures, videos, etc
      1. Files are directly stored as objects in S3 buckets, and they are accessed through a Network File System (NFS) mount point.
      2. Ownership, permissions, and timestamps are durably stored in S3 in the user metadata of the object associated with the file.
    2. Volume Gateway (iSCSI) - Volume Gateway is an interface that presents your applications with disk volumes using the Iscsi block protocol.
      1. The iSCSI block protocol is block-based storage that can store an operating system, applications and also can run the SQL Server, database.
      2. Data written to the hard disk can be asynchronously backed up as point-in-time snapshots in your hard disks and stored in the cloud as EBS snapshots 
    3. Tape Gateway (VTL) - It is mainly used for taking backups.
      1. Tape Gateway offers a durable, cost-effective solution to archive your data in AWS cloud.
      2. The VTL interface provides a tape-based backup application infrastructure to store data on virtual tape cartridges that you create on your tape Gateway.
      3. It is supported by NetBackup, Backup Exec, Veeam, etc. Instead of using physical tape, they are using virtual tape, and these virtual tapes are further stored in Amazon S3.


Database

  1. RDS - stands for Relational Database Service. It supports six commonly used database engines. The Amazon RDS Free Tier provides a single db.t2.micro instance as well as up to 20 GiB of storage.

  2. DynamoDB - It is a fast and flexible NoSQL database service.

  3. ElasticCache - It is a web service used to deploy, operate, and scale an in-memory cache in the cloud. It improves the performance of web applications by allowing you to retrieve information from fast, managed in-memory cache instead of relying entirely on slower disk-based databases. Caching improves application performance by storing critical pieces of data in memory for low latency access. There are two types of Elasticache:
    1. Memcached - Memcached keeps its data in memory by eliminating the need to access the disk.
      1. Memcached uses the in-memory key-value store service that avoids the seek time delays and can access the data in microseconds.
      2. It is a distributed service means that it can be scaled out by adding new nodes.
    2. Redis - Redis stands for Remote Dictionary Server.
      1. It is a fast, open-source, and in-memory key-value data store.
      2. Its response time is in a millisecond, and also serves the millions of requests per second for real-time applications such as Gaming, AdTech, Financial services, Health care, and IoT.

Security, Identity & Compliance

  1. IAM - Identity Access Management
    1. IAM Policies are made up of documents called Policy Documents. These docs are in JSON format. 
    2. Roles are made up of policies.
    3. Roles can be assigned to users or to a group. Best practice is to assign roles to the groups and add users to that group.
    4. SAML(Security Assertion Markup language) is a technique of achieving Single Sign-On (SSO) means that users have to log in once and can use the same credentials to log in to another service provider.
    5. SAML provides security by eliminating passwords for an app and replacing them with the security tokens.
    6. Two types of SAML providers: Service provider & Identity provider.

Management and Governance

  1. CloudFormationIt is a tool from AWS that allows you to spin up resources effortlessly. You define all the resources you want AWS to spin up in a blueprint document, click a button, and then AWS will creates all of the components. This blueprint is called a template.
    1. CloudFormation makes sure that dependent resources in your template are all created in the proper order. For example if DNS record points to an EC2 instance then the CF will provision the EC2 instance first, wait for it to be ready and then create the Route53 DNS record afterwards.
    2. CF declare the template as JSON format.

  2. CloudWatch - CloudWatch is a service used to monitor your AWS resources and applications that you run on AWS in real time. 
    1. CloudWatch is used to collect and track metrics that measure your resources and applications.
    2. Following are the terms associated with CloudWatch:
      1. Dashboards: CloudWatch is used to create dashboards to show what is happening with your AWS environment.
      2. Alarms: It allows you to set alarms to notify you whenever a particular threshold is hit.
      3. Logs: CloudWatch logs help you to aggregate, monitor, and store logs.
      4. Events: CloudWatch help you to respond to state changes to your AWS resources.

  3. Auto Scaling - Scale your EC2 instances capacity automatically. enabled by Amazon CloudWatch. Scale In/Scale Out EC2 instance to/from Auto Scaling groups as per the launch configuration, when scheduled event is met or Cloud Watch event is triggered. We have to create Launch Configuration first (choice of AMI and EC2 instance type) then Auto-Scaling group.

Application Integration

  1. SNS - SNS stands for Simple Notification Service.
    1. It is a way of sending messages. When you are using AutoScaling, it triggers an SNS service which will email you that "your EC2 instance is growing".
    2. SNS notifications can also trigger the Lambda function. When a message is published to an SNS topic that has a Lambda function associated with it, Lambda function is invoked with the payload of the message.
    3. Amazon SNS allows you to group multiple recipients using topics where the topic is a logical access point that sends the identical copies of the same message to the subscribe recipients.
    4. To prevent the loss of data, all messages published to SNS are stored redundantly across multiple availability zones.

  2. SQS - SQS stands for Simple Queue Service.
    1. Amazon SQS is a web service that gives you access to a message queue that can be used to store messages while waiting for a computer to process them.
    2. Amazon SQS is a distributed queue system that enables web service applications to quickly and reliably queue messages that one component in the application generates to be consumed by another component where a queue is a temporary repository for messages that are awaiting processing.
    3. Messages can contain up to 256 KB of text in any format such as json, xml, etc.
    4. Used if the producer is producing work faster than the consumer can process it, or if the producer or consumer is only intermittently connected to the network.
    5. The Default Visibility Timeout is 30 seconds. Visibility Timeout can be increased if your task takes more than 30 seconds. The maximum Visibility Timeout is 12 hours.
    6. There are two types of Queue:
      1. Standard Queues (default)
      2. FIFO Queues (First-In-First-Out)

  3. SWF - SWF stands for Simple Workflow Service.

So far we have covered all the major services that are useful for creating a high availability architecture in a cloud.
I have created a simple architecture for hosting a web app which I kept evolving while I was in the process of learning AWS. Now I have scaled it to a highly available, reliable and scalable architecture, which we will be covering in the next section : Designing HA Architecture in AWS part-3
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)