Skip to content

My AWS Journey

I currently work for Hyland Software, Inc. Our flagship product OnBase, is an on-prem ECM that can also be hosted in our Hyland cloud environment. We are however, moving towards a more cloud native design with OnBase, as we learn what cloud native means from an architecture perspective with our new acquisitions Nuxeo and Alfresco. It behooves me to get AWS savvy.

My dad told me, when I was a kid…learn about databases. Everything will be about databases. Now I am telling my nerd kid, learn AWS. Everything will be AWS.

As I begin this journey, I figured I would document what I find, as I go. I am a big #CollectiveWisdom guy, so when I learn new information, I enjoy documenting and sharing it. I have never had strong job preservation instincts, so if you can benefit from these notes…all the power to you. I am not greedy. I hope this helps.

Some quick Googling seems to indicate, that I should start with the AWS Cloud Practitioner specialization. I checked out some videos on YouTube.com, but it seems like a lot of the initial content I am finding is centered around “how to pass the test”. I don’t want that. I want to know the content.

I took her to a supermarket
I don’t know why
But I had to start it somewhere
So it started there

-Pulp, The Common People

Getting Started

To the supermarket…starting at the AWS site and learning about the Cloud Practitioner certification.

https://aws.amazon.com/certification/certified-cloud-practitioner/

There is a lot of great information on this page. I started with the Exam Guide in Column 1 to get a feel for what this entailed and then moved straight on to column 2, AWS Cloud Practitioner Essentials. You will need to enroll, but it’s free.

Content provided by: Blaine Sundrud, Morgan Willis, and Rudy Chetty.

Disclaimer: I am grabbing notes, images, and other content from this training and including it in my notes below. My intent is for my notes to be useful in preparation for the Exam. This feels like reasonable acceptable use.

Module 1 – Introduction

How is cloud computing defined by AWS: On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing.

  • Cloud resources scale with needs, remember the coffee shop analogy. You hire 100 baristas, but you only have a few on shift as needed. You have a huge customer rush, you can call in another Barista to help with the additional customers.
  • “Undifferentiated heavy lifting of IT”…being able to install MySQL does not differentiate me. Being able to properly design a DB, and having valuable data…s valuable. The MySQL install…is a black box thing.
  • On-Prem is sometimes referred to as Private Cloud

Module 2 – EC2 Instances

Everything in AWS is built around EC2 Instances. A core concept around EC2 instances, is that you only pay for what you use. Your EC2 instances can be stood up and taken down as needed. In an on-prem implementation, you do not have this ability to scale up and scale down quickly.

This is a Compute as a Service (CaaS) model.

Each EC2 instance is a secure, protected, isolated host or virtual machine that is running on a physical piece of hardware with other EC2 instances. Instances do not have inherent access to each other.

  • Elastic Compute Cloud 2 (EC2)
  • Before you “rack and stack” your on-prem services, you need to purchase hardware, rent a data-center, install, configure, secure, etc. Provisioning is expensive and time consuming. EC2 instances puts all of this in a “black box” for you.
  • Multitenancy – multiple machines running in concert to provide shared resources to customers above.
  • All EC2 instances are secure and separate from each other, even on a single physical host.
  • OS Support – Windows & Linux
  • Vertical Scaling – adding resources to an instance
  • Virtualization is not new. EC2 simply makes it easier and cheaper.

Instance Types

A business will have different SME’s with different expertise areas. In the coffee shop example, you have order takers, baristas, etc. Instance Types are the analog to your SME’s.

  • General Purpose instances – balanced resources
  • Compute Optimized instances – computer intensive, gaming servers, scientific modeling, etc.
  • Memory Optimized instances – accelerated processing for large datasets IN memory
  • Accelerated Computing instances – use hardware accelerators, graphics processing, data pattern matching, streaming, etc.
  • Storage Optimized instances – larger storage needs, high sequential read/write operations

More details: https://aws.amazon.com/ec2/instance-types/

Pricing

  • On-Demand – good for “getting started”, no contracts, lower cost, good for experimentation
  • Savings Plans – commitment to amount of usage over a term
  • Reserved Instances – you know what you need, terms are 1 year or 3 years
  • Spot Instances – can be taken back by Amazon at any time, with only a 2-minute warning. Good for batch workloads.
  • Dedicated Hosts – usually used for compliance reasons, no shared tenants.

Scaling

Using the coffee shop analogy, what happens if our order taker “instance” goes down? We can’t take orders, so we need to spin up another order taker. What if we have a rush because of pumpkin latte’s? We can spin up other order takers as needed, using the original order taker as our template.

  • Scale Up (vertical)- add more power to the machines already running
  • Scale Out (horizontal)- add more instances of order takers

Instances can be created as part of an Auto Scaling Group that has a defined minimum and a defined maximum. When the group is started, the minimum # of instances is started. The remaining delta of instances is activated, as needed by the instance group.

  • Minimum – the default number of instances that start when a group is started
  • Desired – the desired number of instances for your needs. This defaults to the Minimum, if desired is not set.
  • Maximum – the max number of instances that will auto-start up, as needed.

Elastic Load Balancing (ELB)

This is a regional construct. Because this runs at a regional level, the service is highly available with no interaction by you, and with no change in cost to you. The ELB is used to distribute work across your instances or your instance groups.

  • Automatic load balancing across servers/regions
  • This is just one method of load balancing

Message Queuing

Think of this as buffering, or like BizTalk messaging. The order taker in the coffee shop doesn’t talk to the barista directly, they put the order into the queue and the barista works from the queue. This ensures that messages do not get lost between the order taker and the barista.

Application architecture is key. Monolithic apps do not scale in this model. You need to rethink your designs, and break monolithic apps into micro-services.

  • Amazon Simple Queue Service (Amazon SQS) – basic messaging queue to buffer requests between applications. This is the BizTalk analog.
  • Amazon Simple Notification Service (Amazon SNS) – publish and subscribe service. In Amazon SNS, subscribers can be web servers, email addresses, AWS Lambda functions, or several other options. When a message is published, it is sent to ALL subscribers.

Additional Compute services

These services are beyond the standard instance implementations.

  • Elastic Container Services (ECS)
  • Elastic Kubernetes Services (EKS)
  • AWS Fargate – allows running a container on a serverless platform
  • AWS Lambda – upload code, only run when a trigger executes your code

Module 3 – Global Infrastructure and Reliability

Global Infrastructure

  • You can’t run your application in a single a data center with full reliability. Even a second data center may not be redundant enough.
  • Leasing and/or owning a data center or two…is expensive and difficult to manage
  • AWS builds their datacenters in large groups called Regions.

Choosing a Region

  • Regulatory Compliance – governmental limits on data sharing, etc.
  • Proximity – how close you are to your customers, physically
  • Feature Availability – not all regions have all of the same feature sets, so you may operate in a region that is missing a feature you need or want. In that case, you may need to choose a region that provides that feature.
  • Pricing – some regions are more expensive to operate in. Sao Paulo, as an example, has higher taxes and therefore operating in this region may be more expensive than operating in the Oregon region.

Availability Zones (AZ)

  • Each AZ represents a collection of one or more data centers
  • A Region consists of three or more AZ’s
  • Recommendation – Always run across TWO availability zones

Edge Locations

  • Amazon Cloudfront – Content Delivery Network (CDN)
  • Edge Locations are different from Regions
  • Amazon Route 53 – internal, proprietary DNS can also be used to purchase domain names

Outposts

  • An AWS owned and operated Region that physically resides in YOUR building

Provisioning

  • Everything in AWS is an API
  • AWS Management Console, Command Line Interface, SDKs, and other tools
  • AWS MC is manual
  • CLI allows you to script the provisioning operations, in order for them to be repeatable and consistent
  • AWS Elastic Beanstalk – provide app code and configs to Beanstalk. Beanstalk then creates the provisioning for you
  • AWS CloudFormation – you can treat your infrastructure as code. This means that you can build an environment by writing lines of code instead of using the AWS Management Console to individually provision resources.

Module 4 – Networking

Virtual Private Cloud

VPC’s are subnets. Subnets allow you to control access to network resources allowing you to have private (internal applications, backend DB, etc.) and public facing resources (web sites)

You can create a subnet to allow Internet traffic to hit your instances or resources

You can create a subnet to allow only specific users to hit specific instances or resources

You can create a Direct Connect connection, which allows you to setup a VPN between your own datacenter and AWS.

Subnets, VPC’s, and ACL’s

Subnets and VPC’s are perimeter tools for your applications. There are many other aspects of security within the context of all AWS services.

  • Subnets can control traffic permissions
  • Every packet that crosses the boundary, is compared against a network ACL.
  • Traffic is monitored in both directions. Just because you can get in, doesn’t mean you can get out. The inverse is also true.
  • Every Instance comes with a single Security Group that has all addresses blocked, all ports blocked, all traffic denied.
  • Analog: EC2 instance is the building, the Security Groups are the bouncers outside of the building, checking the list to see who is allowed in
  • Security groups are stateful – has memory for who to let in, and who to let out
  • ACL’s are stateless – checks all packets, stateless and allows all inbound and outbound traffic.
  • All outbound traffic is allowed by Security Groups.
  • ACL’s use different criteria than Security Groups

Module 5 – Storage

Learning objectives

In this module, you will learn how to:

  • Summarize the basic concept of storage and databases.
  • Describe the benefits of Amazon Elastic Block Store (Amazon EBS).
  • Describe the benefits of Amazon Simple Storage Service (Amazon S3).
  • Describe the benefits of Amazon Elastic File System (Amazon EFS).
  • Summarize various storage solutions.
  • Describe the benefits of Amazon Relational Database Service (Amazon RDS).
  • Describe the benefits of Amazon DynamoDB.
  • Summarize various database services.

Tags:

Leave a Reply