AWS Strategies - For Enterprises

What is Cloud ?

Cloud computing is the delivery of various services, such as servers, storage, databases, networking, software, and analytics, over the internet ("the cloud"). It provides on-demand access to resources, enabling companies to scale their infrastructure based on their needs while reducing costs related to hardware and maintenance.

Public Cloud vs Private Cloud:

• In a public cloud, computing resources like servers and storage are owned and operated by third-party cloud service providers and delivered over the internet. Eg: AWS, Azure & GCP.

• A private cloud refers to cloud computing resources that are used exclusively by one organization. It can be hosted on-premises or by a third-party provider, but the infrastructure is dedicated solely to that organization.

• Public Cloud: Cost-effective, easily scalable, less control over the infrastructure.

• Private Cloud: Higher cost, customizable, full control over the infrastructure.

• Security: Public clouds are generally secure, but private clouds provide added control, making them suitable for sensitive data.

• Public Cloud: Ideal for startups, web hosting, or development/testing environments where cost savings and flexibility are essential.

• Private Cloud: Suitable for industries like banking, healthcare, or government organizations requiring strict data compliance and security.

Why Companies Are Moving to the Public Cloud ?

Companies move to the cloud to save costs, improve scalability, ensure reliability, boost performance, focus on their core business, accelerate innovation, and leverage strong security features.

=============================================================

What is IAM (Identity and Access Management) ?

It is a framework used to manage and control access to resources securely. In the context of cloud services like AWS, IAM enables you to manage users and permissions by controlling who is authenticated (signed in) and authorized (has permissions) to use resources.

Types of IAM Identities ?

IAM Users:

• A user is an individual account created for a person or service that needs to interact with AWS resources. Each user has a unique identity in AWS and can have a set of permissions assigned directly or through group membership.

• Example: A user named "John" who is a developer can have access to AWS CodeCommit and read-only access to S3 buckets.

  
  

IAM Groups:

• Groups are collections of IAM users. You can assign permissions to a group, which are inherited by all users within that group. This simplifies permission management for multiple users with similar roles.

• Example: You might create a group called "Developers" and give it permissions to access AWS CodeBuild and CodeDeploy. Any user added to this group will inherit these permissions.

  
  

IAM Roles:

• Roles are similar to users but are intended to be assumed by entities such as users, applications, or services. A role defines a set of permissions for making AWS service requests, but it does not have long-term credentials like an IAM user. Instead, temporary credentials are granted when assuming the role.

• Example: An EC2 instance needs permission to read data from an S3 bucket. You create a role with "read-only access" to the bucket and attach this role to the EC2 instance.

  
  

IAM Policies:

• Policies are documents written in JSON that define permissions and specify what actions are allowed or denied for a user, group, or role. These policies control access to resources.

• Example: A policy might grant a user permission to create new EC2 instances but deny permission to delete existing instances.

LAB Details:

• GitHub Page for LAB-1: IAM-LAB-1

• GitHub Page for Interview Questions: Interview-Qns

============================================================= EC2 (Elastic Cloud Compute):

(EC2) is a web service provided by AWS that offers scalable virtual servers to run applications. It provides resizable compute capacity in the cloud, which allows businesses to easily scale resources up or down based on demand, reducing the need for upfront hardware investment.

Why EC2?

• Scalability: Automatically adjust resources to handle traffic fluctuations.

• Cost-Effective: Pay only for what you use, with flexible pricing options.

• Customization: Choose from various instance types based on performance needs.

• Reliability: High availability with options for redundancy across regions.

• Availability Zones (AZs): EC2 instances are distributed across multiple AZs within a region, each consisting of one or more data centers.

• Data Centers: Physical facilities housing servers and storage. In case one data center fails, others within the same AZ or region ensure business continuity.

  

Example: Consider a global e-commerce company like Amazon.com, which uses EC2 to handle its website traffic. During high demand periods, such as Black Friday, EC2 allows them to scale up (use more virtual servers) to manage increased traffic and then scale down after the event. Data centers across different AZs ensure that even if one location experiences issues, the website remains operational.

=============================================================

VPC (Virtual Private Cloud):

(VPC) is a customizable network environment in AWS that allows companies to securely run their resources in an isolated section of the AWS cloud.

How Companies Configure VPC:

VPC Setup: Companies create a VPC to have control over their network configuration, including IP address ranges, subnets, and route tables.

Subnets: VPCs are divided into subnets, which can be either public (accessible from the internet) or private (restricted access).

• Public Subnets: For resources that need internet access, like web servers.

• Private Subnets: For databases or applications that shouldn’t be exposed to the internet.
  

Internet Gateway (IGW): Companies attach an Internet Gateway to the VPC to enable internet access for public-facing resources. This is like a bridge connecting the VPC to the internet.

Route Table: This directs traffic within the VPC and to external networks.

• For public subnets, the route table will have routes directing traffic to the IGW.

• Private subnets have routes that limit access to internal resources only.
  

Load Balancer: A load balancer distributes incoming traffic across multiple instances to ensure no single server gets overwhelmed. It sits in front of the target group (a set of EC2 instances or other services) and routes traffic efficiently.

Target Group: A collection of servers (like EC2 instances) registered to handle the load. Health checks monitor the status of instances in the target group to ensure only healthy ones receive traffic.

Network Access Control List (NACL): A security layer for controlling traffic in and out of subnets at the network level. Companies use NACLs to define rules for incoming and outgoing traffic, like allowing or denying traffic from specific IP ranges.

Security Groups: Another layer of security, but specific to individual resources like EC2 instances. Companies use security groups to control traffic at the instance level, allowing traffic only from trusted sources (e.g., allowing SSH or HTTP access).

TO BE CONTINUED ....