AWS Solutions Architect: Introduction

6 | Written on Sun 19 April 2020. Posted in Nuggets | Richard Walker

Cloud Computing and Virtualisation

At the core of all cloud operations is Virtualisation, which allows hardware resources be dived into smaller units. A physical server can host multiple virtual machines running their own complete operating systems. Virtualisation makes it possible to provision a virtual server in a matter of seconds, run it for required periods of time and shut them down, freeing up resources for other workloads.

Major cloud providers like AWS have enormous server farms. A cloud computing platform offers on-demand, self-service access to pooled compute resources where your usage is metered and billed according to the volume consumed.

The cloud is a great choice for so many serious workloads because it's scalable, elastic and often more cost effective.

Scalability

A scalable infrastructure can efficiently meet unexpected increases in demand for you applications by automatically adding resources. This often means dynamically increasing the number of AWS instances (Virtual Machines) .

Elasticity

The principle of elasticity covers some of the same ground as scalability, both addressing the change in demand. However, while the images used in a scalable environment let capacity to be ramped up, an elastic infrastructure will automatically reduces capacity when demand drops.

Cost Management

Besides the ability to control expenses by managing the resources you use, cloud computing transitions you IT spending from a capital expenditure (capex) framework into something closer to operational expenditure (opex).

AWS provides a free Total Cost of Ownership (TCO) Calculator at:

https://aws.amazon.com/tco-calculator/

The AWS Cloud

As a solutions architect, your main focus should be on the core service categories. The following summaries and short definitions lie at the foundation of everything else required to know for becoming an AWS Certified Solutions Architect.

AWS Service Categories

Category Function
Compute Services replicating the traditional role of local physical servers
Networking Application connectivity, access control and enhanced remote connections
Storage Various kinds of storage platforms designed to fit a range of both immediate accessibility and long-term backup needs
Database Managed data solutions for use cases requiring multiple data formats (relational, NoSQL or caching)
Application Management Monitoring, auditing and configuring AWS account services and running resources
Security and identity Services for managing authentication and authorization, data and connection encryption and integration with third-party authentication systems.
Application integration Tools for designing loosely coupled, integrated and API-friendly application development processes.

Compute

Key compute services include:

  • Elastic Compute Cloud (EC2)
  • Lambda
  • Auto Scaling
  • Elastic Load Balancing
  • Elastic Beanstalk

Networking

Key networking services include:

  • Virtual Private Cloud (VPC)
  • Direct Connect
  • Route 53
  • CloudFront

Storage

Key storage services include:

  • Simple Storage Service (S3)
  • Glacier
  • Elastic Block Store (EBS)
  • Storage Gateway

Database

Key database services include:

  • Relational Database Service (RDS)
  • DynamoDB

Application Management

Key application management service include:

  • CloudWatch
  • CloudFormation
  • CloudTrial
  • Config

Security and identity

Key security and identity services include:

  • Identity and Access Management (IAM)
  • Key Management Service (KMS)
  • Directory Service

Application Integration

Key application integration services include:

  • Simple Notification Service (SNS)
  • Simple WorkFlow (SWF)
  • Simple Queue Service (SQS)
  • API Gateway

AWS Platform Architecture

AWS maintain data centres for its physical servers around the world. Network transfer latency can be reduced by hosting workloads geographically close to your users. It can also help manage compliance with regulations, keeping data within a particular legal jurisdiction.

At the time of writing there are 17 (non-government) regions.

Region Name Region
US East (Ohio) us-east-2
US East (N. Virginia) us-east-1
US West (N. California) us-west-1
US West (Oregon) us-west-2
Asia Pacific (Mumbai) ap-south-1
Asia Pacific (Seoul) ap-northeast-2
Asia Pacific (Osaka-Local) ap-northeast-3
Asia Pacific (Singapore) ap-southeast-1
Asia Pacific (Sydney) ap-southeast-2
Asia Pacific (Tokyo) ap-northeast-1
Canada (Central) ca-central-1
China (Beijing) cn-north-1
EU (Frankfurt) eu-central-1
EU (Ireland) eu-west-1
EU (London) eu-west-2
EU (Paris) eu-west-3
South America (Sao Paulo) sa-east-1

Due to low-latency access being so important certain AWS services are offered from designated edge network locations. Services include Amazon CloudFront, Amazon Route 53, AWS Firewall Manager, AWS Shield and AWS WAF.

Physical AWS data centres are exposed within your AWS account as availability zones. There might be half dozen zones within a region., identified using names such as us-east-1a.

Resources from a region can be organized within one or more virtual private clouds (VPCs). A VPC is effectively a network address space with which subnets are created and associated with particular availability zones.

AWS Reliability and Compliance

AWS has a lot of basic regulatory, legal and security groundwork covered. Where applicable, resources on the AWS platform are compliant with standards, frameworks and certification including ISO 9001, DefRAMP, NIST and GDPR.

The AWS Shared Responsibility Model

Those AWS guarantees cover only the underlying AWS platform. The way you decide to use AWS resources is your business and therefore your responsibility. AWS customers are responsible for whatever happens within the AWS cloud.

The key thing to remember is that it's not if things will fail but when. Build applications to be geographically dispersed and fault tolerant.

Working with AWS

The browser-based management console is a good introduction to service features and seeing overviews. More serious work and all features are managed using the the AWS CLI.

The AWS CLI

The AWS Command Line Interface (CLI) lets you run complex AWS operations from a local command line. Installing and configuring the AWS CLI is supported on Linux, Windows or Mac.

AWS SDKs

AWS offers SDKs for nine languages including Java, .NET and Python.

Summary

Cloud computing is built on the ability to efficiently divide physical resources in to smaller but flexible virtual units. Those units can be "rented" on a pay-as-you-go basis in an affordable, scalable and elastic way.

AWS provides reliable and secure resources that are replicated and globally distributed. AWS infrastructure is designed to be compliant although the Shared Responsibility Model leave you in charge of what you place within the cloud.

The growing number of AWS service covers almost any digital need with core services addressing compute, networking, database, storage, security and application management and integration.

You can manage AWS resources from the management console, with the AWS CLI or through code with the AWS SDK.

Technical support is available through support plans.

Disclaimer

Information on this page was obtained from source: AWS Certified Solutions Architect Second Edition ISBN 978-1-119-50421-4

Notes taken are kept brief and for personal reference. I urge and highly recommend anyone using this page as a source of information to purchase the source material for the complete information. The original book is fantastic and includes exercises, practice questions, verbose explanations and extra learning resources.

COMMENTS