3. “Cloud native computing uses an open source software stack to deploy applications
as microservices, packaging each part into its own container, and dynamically
orchestrating those containers to optimize resource utilization. Cloud native
technologies enable software developers to build great products faster”
- Clod Native Computing Foundation
What is Cloud Native Computing?
❖ Promotes Opensource
❖ Micro Services Architecture
❖ Containers and container orchestration tools
❖ Agility
4. “Cloud computing is shared pools of configurable computer system resources and
higher-level services that can be rapidly provisioned with minimal management effort,
often over the Internet. Cloud computing relies on sharing of resources to achieve
coherence and economies of scale, similar to a public utility”
- Wikipedia
What is Cloud Computing?
❖ On demand computing over internet
❖ Minimal management effort
❖ Cost efficiency through economies of scale
5. “Serverless computing is a cloud-computing execution model in which the cloud
provider acts as the server, dynamically managing the allocation of machine resources.
Pricing is based on the actual amount of resources consumed by an application, rather
than on pre-purchased units of capacity”
“Application designs that incorporate third-party “Backend as a Service” (BaaS)
services, and/or that include custom code run in managed, ephemeral containers on a
“Functions as a Service” (FaaS) platform. ”
What is Serverless Computing?
AWS Lamda
API Gateway
S3
Dynamo DB
RDS
❖ Reduced operational cost
❖ Reduced complexity
❖ Reduced engineering lead time
6. Part II – Public Cloud (AWS)
Presented by Linjith K Kunnon
20th Jan 2019
7. Part II – Public Cloud
Introduction to Cloud & AWS
Cloud Overview
AWS Global Infrastructure
AWS Service Offerings
Architecture Characteristics
Compute
EC2 Instance
Application Load balancer
Launch Configuration
AMI
Auto Scaling
Storage
S3
S3 Glacier
Elastic Block Storage
Elastic File Storage (EFS)
Security & Identity
IAM
User
Group
Role
Application Integration
Simple Queue Service
Simple Notification Service
Networking & Content Delivery
Network Essentials
VPC
Internet Gateway & NAT
Security Groups & NACL
Database
RDS
Read Replicas
Multi-AZ
Management & Governance
Cloud Watch
Cloud Trail
CloudFormation
Policy
8. ❖ 19 Regions
❖ 57 Availability Zones
❖ 139 Edge Locations (65 Cities, 25 Countries)
❖ 11 Regional Edge Caches
AWS Global Infrastructure
10. ❖ Single Page Application – UI
❖ Http APIs – Service Layer
❖ Relational Database – AWS RDS PostgreSQL
❖ Web Server – Tomcat
❖ UI Server – S3
Web ServiceUI Server
Serves Static Assets
DB
Sample Application
11. Architecture Characteristics
Scalability
Horizontal Scaling
VerticalScaling
Scale in
Scale out
Availability & Fault Tolerance
Zone A Zone B
M
S
❖ Scalability - Property of a system to handle bigger amounts of work, or to be easily expanded, in response to increased
demand for network, processing, database access or file system resources.
❖ High Availability - The concept of ensuring critical systems are always functioning. Eliminating single point of failures
and enabling automatic failover are key to guarantee high system uptime.
❖ Fault Tolerance - An application or technology infrastructure that is designed in such a way that when one component
fails (be it hardware or software), a backup component takes over operations immediately so that there is no loss of
service. Redundancy is a key requirement for fault tolerant systems.
12. Solution Architecture - AWS
Amazon Route 53
VPC NAT gateway
VPC NAT gateway
Public Subnet-10.0.1.0/24
Public Subnet - 10.0.0.0/24 Private Subnet-10.0.2.0/24
Private Subnet-10.0.3.0/24
sgDataLayersgPublic sgWebLayer
vpc-demo:us-east-1 -10.0.0.0/16
us-east-1a
us-east-1b
us-east-1a-public
us-east-1b-public
us-east-1a-private
us-east-1b-private
Web Server
Web Server
DB-Master
S3
Cloudfront
Route 53
13. ❖ User - Represent the person or service that uses it to interact with AWS. Consists of a
name and credentials.
❖ Role - A set of permissions that grant access to actions and resources in AWS. These
permissions are attached to the role, not to an IAM user or group.
❖ Groups - An IAM group is a collection of IAM users.
❖ Policy – Manage access in AWS by creating policies and attaching them to IAM
identities or AWS resources. A policy is an object in AWS that, when associated with an
entity or resource, defines their permissions.
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources.
You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
Sample Policy
Security & Identity
14. Compute – EC2 Instance
EC2 Instance Types
❖ General Purpose
❖ Compute Optimized
❖ Memory Optimized
❖ Accelerated Computing
❖ Storage Optimized
EC2 Instance Purchase Options
❖ On-Demand Instances
❖ Reserved Instances
❖ Scheduled Instances
❖ Spot Instances
❖ Dedicated Hosts
❖ Dedicated Instances
❖ Capacity Reservations
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud
Launch Attach
AMI EC2 Instance
EBS Volume
EC2 Instance Lifecycle
15. Compute – Application Load Balancer
❖ High availability
❖ Health checks
❖ Security features
❖ TLS termination
❖ Cross-zone load balancing
Target Group 2
(EC2/Containers/Private IPs)
Target Group 1
(EC2/Containers/Private IPs)
/admin
/pipeline
https
myapp.com
❖ Operational monitoring
❖ Path-Based Routing
❖ WebSocket Support
❖ HTTP & HTTPS protocol support
Elastic Load Balancing distributes incoming application or network traffic across multiple targets, such as Amazon EC2
instances, containers, and IP addresses, in multiple Availability Zones.
16. ❖ EBS - Persistent, durable, low-latency block-level storage volumes for EC2 instances
❖ EC2 Instance Store -Temporary block-level storage for EC2 instances
❖ EFS - Simple, scalable, shared file storage service for Amazon EC2 instances
❖ S3 - Secure, durable, and scalable object storage infrastructure
❖ Glacier - Long-term, secure, durable object storage
S3 Life Cycle
Storage
17. Database – RDS (Relational Database Service)
A web service that makes it easier to set up, operate, and scale a relational database in the cloud.
❖ Fine grained resource (compute/storage) scaling - CPU, IOPS, or storage.
❖ Manages backups, software patching, automatic failure detection, and
recovery.
❖ No shell access to DB instances. Restricts access to certain system
procedures and tables that require advanced privileges.
❖ Automated and manual backups.
❖ High availability with a primary instance and a synchronous secondary
instance that you can fail over.
❖ Read Replicas for an increased read scaling.
❖ Support for - MySQL, MariaDB, PostgreSQL, Oracle, Microsoft SQL Server.
❖ AWS Identity and Access Management (IAM) to define users & permissions.
❖ Deploy them in your VPC
18. Networking & Content Delivery - VPC
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that
you've defined. A networking layer for Amazon EC2.
❖ VPC - A virtual network dedicated to a given AWS account.
Logically isolated from other virtual networks in the AWS
Cloud. Launch AWS resources, such as Amazon EC2
instances, into a VPC. You can specify an IP address range for
the VPC, add subnets, associate security groups, and
configure route tables
❖ Subnet - A range of IP addresses in VPC. Launch AWS
resources into a specified subnet. Use a public subnet for
resources that must be connected to the internet, and a
private subnet for resources that won't be connected to the
internet.
❖ Regions & Availability Zones - Amazon EC2 is hosted in
multiple locations world-wide. These locations are composed
of regions and Availability Zones. Each region is a separate
geographic area. Each region has multiple, isolated locations
known as Availability Zones.
19. ❖ IP addresses: AWS provides private and public IP addresses. VPC CIDR block determines the number of private IP addresses.
❖ Route tables: Contains the routes that determine where your network traffic is routed. A subnet can be associated with only
one route table at a time.
❖ Internet gateways (IGW): Allows resources inside VPC and a public subnet to communicate with things on the Internet.
❖ NAT instances: Allows resources in a private subnet to communicate with resources or things on the Internet.
❖ Security groups: Act as stateful firewalls that operate at the instance level. You can define what ports are open and the
resources that can communicate with your resources over those ports.
❖ Network access control lists (NACLs): NACLs act as stateless firewalls that allow or block traffic at the subnet level. These can
be used in conjunction with your security groups to strengthen your security.
Networking & Content Delivery – VPC Continued…
21. A VPC endpoint enables you to create a private connection between your VPC and another AWS service without requiring
access over the Internet.
Connect via VPC endpointConnect via internet
Networking & Content Delivery – VPC Endpoints
22. Networking & Content Delivery – CloudFront
A web service that speeds up distribution of static and dynamic web content, such as .html, .css, .js, and image files.
Delivers content through a worldwide network of data centers called edge locations.
If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately.
If the content is not in that edge location, CloudFront retrieves it from an origin that you've defined—such as an Amazon S3
bucket.
▪ 139 Edge Locations (65 Cities, 25 Countries)
▪ 11 Regional Edge Caches
23. Application Integration
Simple Notification Service (SNS) - A web service that coordinates and manages the delivery or sending of messages to
subscribing endpoints or clients. In Amazon SNS, there are two types of clients—publishers and subscribers—also referred to
as producers and consumers.
Simple Queue Service (SQS) - Offers a secure, durable, and available hosted queue that lets you integrate and decouple
distributed software systems and components.
SNS allows applications to send time-critical messages to multiple subscribers through a “push” mechanism. SQS is a message
queue service used by distributed applications to exchange messages through a polling model.
24. Cloud Watch
A monitoring service for AWS cloud resources and the applications you run on AWS. Collect and track metrics, collect and
monitor log files, set alarms, and automatically react to changes in your AWS resources.
25. Cloud Trail
Helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user,
role, or an AWS service are recorded as events in CloudTrail.
26. AWS CloudFormation
YAML
JSON
❖ Simplify Infrastructure Management
❖ Quickly Replicate Your Infrastructure
❖ Easily Control and Track Changes to Your Infrastructure
AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources. You create a
template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and
AWS CloudFormation takes care of provisioning and configuring those resources for you.