Basics of Amazon Web Services
These are my notes on Amazon Web Services.
Cloud Computing books on Amazon
Table of Contents
Getting Started With Amazon Web Services
Cloud terminology is everywhere these days. It means a lot of different things. Cloudcan be used in a generic way or a specific app. Cloud computing is the purchase of services that include various degrees of automation and support depending on the needs of the customer.
A cloud application is one that does not reside or run on a user’s device. It is accessed through a network. Cloud application portability is the ability to migrate a cloud application from one cloud to another.
Cloud computing is a network-accessible platform that delivers services from a large and scalable pool of systems. Cloud data portability is the ability to move data between cloud providers. The cloud deployment model is how cloud computing is delivered through a set of configurations and features of virtual resources.
The cloud deployment models are public, private, and hybrid. Data portability is the ability to move data from one system to another without having to re-enter it.
Infrastructure as a service is a cloud service category where infrastructure level services are provided by a cloud service provider. Measured services are delivered and billed for in a metered way.
Multitenancy is having multiple customers and applications running within the same environment but in a way that they are isolated from each other and not visible to each other but share the same resources.
On-demand self service is where a customer can provision services in an automatic manner with minimal involvement from the provider. Platform as a service is a cloud service category where platform services are provided to the cloud customer and the cloud provider is responsible for the system up to the level of the actual application. Resource pooling is the aggregation of resources allocated to cloud customers by the cloud provider.
Reversibility is the ability of a cloud customer to remove all data and applications from a cloud provider and completely remove all data from their environment. Software as a service is a cloud service category in which a full application is provided to the cloud customer and the cloud service provider maintains responsibility for the entire infrastructure, platform, and application. A tenant is one or more cloud customers sharing access to a pool of resources.
Cloud Roles
A cloud auditor is someone that is specifically responsible for conducting audits of cloud systems and cloud applications. A cloud service broker is a partner that serves as an intermediary between a cloud service customer and cloud service provider. A cloud service customer is one that holds a business relationship for services with a cloud service provider.
A cloud service partner is one that holds a relationship with either a cloud service provider or a cloud service customer to assist with cloud services and their delivery. A cloud service provider is one that offers cloud services to cloud service customers. A cloud service user is one that interacts with and consumes services offered by a cloud services customer.
Cloud Computing Characteristics
Cloud computing has a few attributes that are common to every system. The following are key to be considered a cloud environment.
- On-demand self service
- Broad network access
- Resource pooling
- Rapid elasticity
- Metered service
- Multitenancy
On-demand self service is where cloud services can be put into use by the customer through an automation system. They can be requested and provisioned as needed. They should be able to do all of this without interacting with another person. Of course, you will need to have the technical skills to do these tasks. This is usually done through a web portal because that is the easiest way.
Broad network access is when all cloud services are accessed over a network. Services can be accessed through thick or thin clients. You can use mobile devices, laptops, or desktops.
Resource pooling is one of the most important concepts in cloud computing. In systems like these, you always have a mix of applications being used by different customers. Resources are dynamically allocated depending on the customer’s needs. Customers can request additional resources and pay for them as needed.
Some organizations have computing needs that vary through the year. They can increase or decrease their resource allocation through a few buttons. This is a great benefit and saves organizations a ton of money.
Rapid elasticity is when new resources can be rapidly expanded at any time. It is also usually done through a web portal.
Metered service is the type of service where resources are logged for billing and reporting. Services that can be included with a metered service include storage, networking, memory, and processing.
Multitenancy is where everything has a physical separation between customers. Providers often use separate network gear for this. There is often virtual separation too depending on the resource.
Virtualization
Virtualization is a key component of cloud computing. It models a traditional data center. A data center includes a bunch of racks and servers in them. These servers and their software allow for many different customers and subsequent resource pooling. Virtualization allows providers to virtually or logically allocate resources to customers when they need it instead of physically adding a new data drive.
Different virtualization environments are what makes this happen. There are many companies that offer virtualization products and it is a great service. It is the underlying technology of cloud computing.
Cloud Categories
There are three main types of cloud service categories. They are:
- Infrastructure as a service
- Platform as a service
- Software as a service
Infrastructure as a service is the base service. It allows the most control over the environment. Basically, you handle just about everything. You can customize almost everything in this model. You just have to know how to do it. You can scale this very quickly to whatever limits you can afford.
You do not have to own any physical hardware. You will have high availability and easily be able to meet any security requirements. Pricing is controlled by metered usage so you can use as much or as little as you want. There is usually a choice of hardware if you prefer it.
Platform as a service is the next model. It offers slightly less control so the customer can focus on their business instead of having to worry about hardware and other configurations. This model will auto-scale as you need it and provision resources. The platform still allows a lot of control and customization. You can choose whatever software and operating system that benefits you the most.
You can easily upgrade any of the software yourself. This allows a lot of cost savings for your environment. Another advantage is licensing. The cloud provider is responsible for this. This takes a massive off the customer as this can become quite the headache if you are using software that requires licenses.
Software as a service is the last model we will talk about. This model allows the least control but the customer can just focus on the application itself that they need access to. They do not have to worry about anything else and do not need a system administrator to manage all of the other functions as they do in PaaS and IaaS models.
The customer can typically do everything themselves in SaaS models. SaaS is the most popular and widely known. We use them every day. Examples are Gmail and Drive. This model is generally the cheapest way to use an application. You will only have support costs if you ask for it. Therefore, you are only paying for the licensing costs of the software. They do not need to have a system administrator or physical access to any hardware. Licensing will be the main cost and you can choose what you need.
Cloud Models
There are three main types of cloud deployment models. These are public, private, and hybrid models.
A public cloud is one that provides services to the general public. Examples of this are AWS, Digital Ocean, and Rackspace. Anyone can pay for services and use them. Setup is very easy and inexpensive. The provider handles all of the hardware and virtualization needed to provide resources. Customers pay for only what they need and they can have as many resources as they are willing to pay for.
A private cloud is different in that it is usually run by an organization and restricted to its own members. It is owned and managed by this single organization. The organization has complete control over this private cloud. This includes all hardware and software.
A hybrid cloud is a mix of these together. This is done sometimes to meet the needs of the organization. There can be any combination of the previous models put together. You can manage certain parts by yourself and contract other parts of the model to someone else.
Anything critical can be maintained locally while non-critical parts can be outsourced. This type of model is a good way to handle disaster recovery. Since you can split your operations into multiple physical areas, recovering from a hurricane, for instance, is much easier. As in the other systems, scalability is always there as the organization is in complete control of it.
Universal Concepts
There are several concepts that are common to most cloud models. These include interoperability, scalability, focus on security, your privacy, auditability, governance, maintenance, and reversability.
Interoperability is the ease with which one can move or reuse components of an application. The underlying platform, opersting system, location, API structure, or cloud provider should not be an impediment to moving services easily and efficiently to an alternative solution.An organization that has a high degree of interoperability with its systems is not bound to one cloud provider and can easily move to another if the level of service or price is not suitable.
Elasticity and scalability are similar concepts in terms of the changing of resources allocated to a system or application to meet current demands. The difference between the two concepts related to the manner in which the level of resources is altered. With scalability, the allocated resources are changed statistically to meet anticipated demands or new deployments in services. Elasticity adds the ability for the dynamic modification of resources to meet demands as they evolve.
The concepts of performance, availability, and resiliency shoudl be considered in any cloud environment due to the nature of cloud infrastructures and models. Given the size and scale of most cloud implementations, performance should always be second nature to a cloud. Resiliency and high availability are also important in a cloud environment. If any of these areas fall short, customers will not stay long with a cloud provider and will quickly move to other providers.
The easiest way to remember the difference between availability and resiliency is the extent to which a system is affected by outages. Availability pertains to the overall status if a system is up or down, whereas resiliency pertains to the ability of a system to continue to function when some aspect experiences an outage.
Portability is the key feature that allows systems to easily and seamlessly move betweenb different cloud providers. An organizsation that has its systems optimized for portability opens up enormous flexibility to move between different providers and hosting models and can be leveraged in a variety of ways. From a cost perspective, portability allows an organization to continually shop for cloud hosting services.
Whereas a contract will spell out the general terms and costs for services, the SLA, or service level agreements, is where the real meat of the business relationship and concrete requirements come into play. The SLA spells out in clear terms the minimum requirements for uptime, availability, processes, customer service and support, security controls and requirements, auditing and reporting, and potentially many other areas that will define the business relationship and the success of it.
Regulatory requirements are those imposed upon a business and its operations either by law, regulation, policy, or standards and guidelines. These requirements are specific to the locality in which the company or application is based or specific to the nature of the data and transactions conducted. These requirements can carry financial, legal, or even crminal penalties for failure to comply. Sanctions and penalties can apply to the company itself or even in some cases the individuals working for the company and on its behalf, depending on the locality and the nature of the violation.
Security is always a paramount concern for any system or application. Within a cloud environment, there can be a lot of management with using a newer technology, and many will be uncomfortable with the idea of having corporate and sensitive data not under direct control of internal IT staff and hardware housed in proprietary data centers. Depending on company policy, different applications and systems will have their own specific security requirements and controls. Within a cloud environment, this becomes of particular interest because many customers are tenants within the same framwork and the cloud provider needs to ensure each customer that their controls are being met, and done so in a way that the cloud provider can support, with varying requirements.
Privacy in the cloud environment requires particular care due to the large number of regulatory and legal requirements that can differ greatly by use and location. Adding even more complexity is the fact that laws and regulations may differ based on where the data is stored and where the data is exposed and consumed.
Cloud providers will very often have in place mechanisms to keep systems housed in geographic locations based on a customer's requirements and regulations, but it is incumbent on the cloud security professional to verify and ensure that these mechanisms are functioning properly.
Most leading cloud providers supply their customers with a good deal of auditing, including reports and evidence that show user activity, compliance with controls and regulations, systems and processes that runs, and an explanation of what they all do, as well as information, data access, ande modification records. Auditability of a cloud environment is an area where the cloud security professional needs to pay particular attention because the customer does not have full control over the environment like they would in a proprietary and traditional data center model.
Governance at its core involves assigning jobs, tasks, roles, and responsibilities and ensuring they are satisfactorily performed. Whether in a traditional data center or a cloud model, governance is mostly the same and undertaken by the same approach, with a bit of added complexity in a cloud environment due to data protection requirements and the role of the cloud provider. Although the cloud environment adds complexity to governance and oversight, it also brings some benefits as well.
With the different types of cloud services, it is important for the contract and SLA to clearly spell out maintenance responsibilities for all upgrades, patching, and maintenance, whereas with PaaS and certainly IaaS, some duties belong to the cloud customer while the rest are retained by the cloud provider. Outlining maintenance and testing practices and timelines with the SLA is particularly important for applications that may not always work correctly because of new versions or changes to the underlying system.
Reversability is the ability of a cloud customer to take all their systems and data out of a cloud provider and have assurances from the cloud provider that all of the data has been securely and completely removed within an aggred-upon timeline. In most cases, this will be done by the cloud customer by first retrieving all of their data and processes from the cloud provider, serving notice that all active and available files and systems should be deleted, and then removing all traces from long-term storage archives or storage at an agreed-upon point in time.