Select Page

AWS provides a robust offering of compute and networking services. These services have different use case depending on your application type, build, and deployment method.

Compute and Networking

  • EC2 (Elastic Compute Cloud)
    • Auto Scaling
    • Elastic Load Balancer
    • EBS Volumes
  • Virtual Private Cloud
  • Amazon Route 53

Amazon (EC2) Elastic Compute Cloud

  • Amazon EC2 provides scalable virtual servers in the cloud. The virtual servers can run different operating systems but most commonly run a flavor of Linux or Windows.
  • An EC2 virtual server is known as an “instance” and can be made up of different types and sizes.
  • Pricing Models

    • Reserved Instances

      • Purchases reserved instances when you know the “amount of usage” you will be using for an instance. If an instance is needed 100% of the time purchasing reserved instances at a discount will reduce costs.
    • On-Demand Instances

      • Are used “on-demand” and are paid for by the hour. If you only need an instance for our only fire it up for that long!
    • Spot Instances

      • Bid on unused EC2 instances for “non-production applications”.
  • Auto Scaling

    • Auto Scaling is a service and method provided AWS in order to increase the number of instances on-demand based on certain metrics. If your application demand increased un-expectantly auto scaling can scale up to meet the demand and then stop instances as soon as the demand decreases. This is known as “elasticity” in the AWS environment.
  • Elastic Load Balancer

    • Load balancing is a common method for distributing traffic among servers in the IT environment. The Elastic Load Balancer is another service by AWS EC2 that allows you to add instances to the elastic load balancer and distribute traffic among those instances. The elastic load balancer can send traffic to different instances in different availability zones and should often be used with auto scaling and designing for fault tolerance.
  • Route 53

    • Route 53 is a domain management service by AWS. Route 53 will host the internal and external DNS for your application environment it is used commonly with ELB to direct traffic from the domain to the ELB.
  • AMI

    • Amazon Machine Image is a template that contains a pre-built software configuration. Amazon Machine Images are used with Auto Scaling and Disaster recovery.
  • Instance Store-Backed Instances (Ephemeral Storage)

    • Block level temporary storage over the life of an instance
    • Lives for as long as your instance is NOT turned off/shutdown
  • EBS Backed Instance (Elastic Block Store)

    • Network attached block storage
    • Eady to backup with snapshots stored on Amazon S3
    • Can provision additional IOPS to help with I/O or even use an EBS optimized instance to help network traffic between the instance and EBS volume
    • Can be a small as 1GB and 16,384GiB (16TiB)
    • Cannot be attached to instances in a different availability zone
    • Can only be attached to instance to one instance at a time
    • Allows for point in time snapshots
    • Up to the customer to manage the software level for security on instances

      • Security Groups
      • Firewalls (IP tables, Firewalld, etc)
      • EBS encryption provided by AWS
      • Snapshots can also use EBS encryption
      • AWS EBS encryption utilizes AWS key management service
      • Additional encryption can be to encrypt the entire file system using an encrypted file system.
      • EBS encryption is only available on larger instance types and it is suggested to use an encrypted file system on EBS if using an instance size smaller than M3
      • Apply SSL Cert to the ELB (Elastic Load Balancer)
    • AWS Manages the hypervisor and physical layer of security for EC2

      • DDOS protection
      • Port scanning protection (not allowed even in your own environment without permission from AWS)
      • Ingress network filtering
    • VPC

        • Virtual Private Cloud is one of the core components of AWS and no application should be designed without it. VPC allows for the isolation of AWS resources in the cloud. Resources fired up in a single VPC will be part of the same network and can communicate internally. However, if multiple VPCs are used to provision resources then resources in one VPC are completely isolated from the other VPC by default. Resources sharing between VPCs in the same region can be allowed with VPC peering.

      VPC does not cost only the resources within the VPC are what costs

Network Layer security with ACLs, Elastic Network Interfaces, use of internal elastic load balancer, and VPN connections

  • EC2-Classic

    • Classic is a deprecated service by AW. Some accounts that have been around for long periods of time are still using the service. However, EC2-Classic instances do not belong to a VPC (can be a security issue) and have certain limitations. If you account was created after Dec 2013 EC2-Classic is not part of your account.

Route 53

  • Route 53 is a DNS hosting solution provided by AWS. You can not only host the DNS for domains but can now also register and transfer domains to AWS as the domain authority.
  • Route 53 manages external DNS for domain routing to the proper AWS resources such as a CloudFront distribution, ELB, EC2 instance, or RDS server. (Not a comprehensive list)
  • Route 53 can also be used to manage internal DNS for custom internal hostnames within a VPC as long as the VPC is configured for it.
  • Latency, GEO, basic, and failover routing policies allow for region to region fault tolerant and architecture design.
  • Failover to S3 or CloudFront (if website bucket hosting is enabled)