There are a lots of services provided by Amazon Web Services(AWS). There are a mount of information such as security group, a lot of settings/configuration and so on. Those information can make a confuse and don’t know where to start to get familiar with AWS.
This topic maybe suitable for developer with some experience in development software, but less or no experience with AWS — and want to get start with it.
Let’s go one-by-one through three steps to get familiar with AWS:
- Infrastructure overview: is what I should know about AWS before doing anything else — it’s important to get familiar with whole ecosystem and clear about unknown little staff before jump into learn about core product we need to use
- AWS Services(e.g. EC2, Lambda, …): what AWS services should chose to fit with requirement, how to put my local application to run in AWS, how manage my server, how I monitor
- Hand-On: let’s build a simple micro service application
1/3 — Infrastructure overview
First thing to remember is AWS have data centers around the world that group to be few regions. Each region has few more available zone (typically 3). There are 2 groups of service including service that need to be inside available zone only and services under global(no network constraint between region/zone). Each region has constraint to connect each other. AWS provide way to connect service from one region to another directly without pass through internet (wifi internet provider) that is call Direct Connect Gateway. AWS has own private connect out side the internet for fast connecting.
Second: We should be know what AWS already provide and what our responsibility to do ourself — to prevent duplicate.
- AWS already handle for us already for most common concern including: security like DDoS attached call AWS Shield
- AWS use Shared Responsibility Model that is the responsibility between AWS and the ourselves. E.g. AWS is responsible for maintain data center/hardware for running EC2, customers are responsible for patching their guest OS and applications that install in EC2.
Third, imagine the traditional server, we need to design the network infrastructure first before we put the server. Same thing, when using AWS, we need to design Virtual Private Cloud(VPC) that is simulate as personal network in local that we can define subnet by ourselves. It is network design. Only one place that can access from public internet is Internet Gateway(IGW) — by default each region has default VPC already that include:
- DNS resolution ready(when launch new service it will auto create new DNS for that service)
- Internet Gateway
- Public Subnet
One region default can has up to 5 VPCs
- VPC belongs only to one region
- Many AZs belong to one VPC
- Subnet belongs only to one AZ
— Just know about this network layer, but when we launch new service all this network layer will attached with service already. We just care about what type of service, which region — and also configure load balancer(ELB).
Fourth, the common server is Elastic Compute Cloud(EC2) that we can define capacity e.g. Ram, CPU when created(EC2 type t2.small has ram 2GB with 1 vCPU). Beyond the EC2, AWS provide a lot service that specific solutions(Those service also run under EC2 — with software setup ready to use for any purpose). Example
- Lambda — ready to put code and run, not much set up, suitable for small task not whole application
- SNS — service for sending message via email, SMS or to another service. Can sent to many receiver(subscriber) at one time. It type of pub/sub service. NO data/message is store within this server, it just a delivery service
- SQS — queue service like Kafka
- DynamoDB — database service for NoSQL database server
- S3 — storage service for storing image, video, file, other media file or any type of files
Hope this is another one important thing to know, AWS provide root account that can do every thing, and best practices, we should login root account and create other account and attached permission(policies) to that account. Those account is call IAM account. IAM is portal for manage account. So IAM account can have different permission base on user group that account is under or assign to.
— so now we know about basic component of AWS including AWS available zone(AZ to locate our service to run) that can include up to 5 by default of VPC that is network infrastructure for our system that already come with default IGW, Public subnet, and DNS configure, that we can just launch new EC2 or Instance to run our app that’s it, our app is on cloud. Other concern about common security like DDoS attached AWS provide AWS Shield to protect already(AWS Shield Standard: free and default have, AWS WAF (Use Web ACL) protect layer 7 — http deploy on ALB API Gateway CloudFront)
2/3 — AWS Services
There are a lot of service that supporting any solutions such as web application, IoT, machine learning, big data and so on. So we no need to start by understanding from each service specifically in order to familiar with AWS.
Let start doing by choosing AWS services base on requirement. Let’s assume we want to do a web application.
Don’t Code Yet! Let’s brainstorm a bit about AWS services we maybe use?
Basically, without caring about technology using to develop application, at least it need a server to serve/run that application. So, EC2 is a service will be used as a server.
EC2 is infrastructure as a service. Meanwhile to the most similar service to EC2 and easy to use for beginner that we can use to run a web application is LightSail (Use pre-configured development stacks like LAMP, Nginx, MEAN, and Node.js. to get online quickly and easily).
If our website is just a static webpage to provide information, or some case like storing menu online for restaurant, we can consider using a static hosting instead. So we can use S3 — it is a global storage service that folder inside call bucket(each bucket is located under any region). We can make the bucket to be a hosting. By enable bucket as a hosting, it will be registered a domain for us in this format http://< bucket >.< region >.amazonaws.com.
In case of website we need to be delivery fast to customer. So, caching website to the nearest location to customer is good option to do. CloudFront is can help. We can configure the CloudFront to be a CDN of our website.
All above are about the services that using as hosting. How about the features:
- AWS Cognito can be used for authentication service with third-party
- For Database can use DynamoDB (NoSQL) or RDS(SQL), or install database application to our instance
3/3 — Hand On
Build a simple web application and using AWS S3 as hosting.
