AWS Core Services Overview

AWS network services

VPC

• VPC and Virtual Network is a logical isolation
• A VPC can only belong to one area, but may belong to a plurality of areas are available
• VPC main attributes: IP range, routing, gateway, security settings

Direct Connect

• User data center private network connections to AWS
• In the case of a high throughput can reduce network costs, increase bandwidth throughput

Route53

• Highly available and scalable DNS service

AWS computing services

EC2

• Customer complete control of computing resources, and can run in a mature computing environment in Amazon
• Amazon EC2 will get shorten the time needed to start a new server instances to minutes, when your computing requirements change, you can quickly scale up or down computing capacity. Amazon EC2 according to your actual usage charges.
• It supports most versions of Windows and Linux operating systems
• You can create, save and reuse mirror AMI
• May enable one or more instances of a mouse or API
• Demand start and stop instances
• Use security groups to control traffic in and out of instances
• Examples of selection factors to consider: the core, memory, storage size and type, and network performance CPU technology

EMR（Elastic MapReduce）

• It is based on Amazon EC2 Web-scale infrastructure technology and Amazon Simple Storage Service (Amazon S3) technologies, it is a hosted service that runs Hadoop architecture.
• Amazon EMR can immediately required flexibility to configure their own capacity size, perform data-intensive computing applications, complete Web indexing, data mining, log file analysis, data warehousing, machine learning, financial analysis, scientific simulation, and bioinformatics research tasks.

AWS Lambda

• Zero Administration computing platform suitable for back-end Web development
• AWS code directly in the rear end of the run, thereby providing high availability, safety, performance and scalability based infrastructure AWS

Auto Scaling

• So you can automatically expand Amazon EC2 capacity based on criteria you define.
• By using Auto Scaling, you can ensure that the number of Amazon EC2 instances used for seamless growth in peak demand period in order to maintain performance, but also automatically reduces the demand for flat period, the costs to a minimum.
• Auto Scaling is particularly suitable for hourly usage of all different applications daily or weekly.
• Auto Scaling is enabled by Amazon CloudWatch, in addition to the Amazon CloudWatch costs, without paying any other fees.

Elastic Load Balancing

• Automatically assign incoming traffic across multiple application instances Amazon EC2
• Elastic Load Balancing can detect inadequate example, and automatically changes the route to point to an instance of sound, it does not sound until the instance is restored

AWS Elastic Benstalk

• The quickest easiest way to deploy Web applications on AWS
• Direct upload their own code of conduct formulated by the AWS resources

AWS storage

Storage Type

• Block store: operating on a portion of the data can be quickly accessed and modified
• Object Store: this operation data

EBS storage

• To create and mount a separate data volume on EC2
• Data block storage
• EC2 apply to the boot volume and storage
• Data storage with the file system
• Data block and enterprise applications
• For block-level persistent storage volume of EC2
• EBS is automatically available in the region is automatically copied to increase availability
• It can be backed up to S3

S3

• Managed Object Storage Solution
• Stored redundantly, 11 storage availability 9
• Seamless any extended storage pool
• S3 can be accessed through the AWS console or third-party API
• Change object can trigger a notification, processes, scripts
• Dynamic data and static data may be encrypted automatically
• For the amount of GB, cross-domain copy, PUT / COPY and other payment requests, mainly for non-frequently accessed data
• Support including HTML, source code, and the encrypted image data format
• Support for backup and recovery, near-line archive, big data analysis, disaster recovery, cloud applications and content delivery provides cost-effective object storage

S3 Glacier

• Data archiving service for data is not accessed
• Safety, durability and very low cost
• It supports static and dynamic SSL / TLS Encryption
• Data retrieval usually takes several hours

AWS Storage Gateway

• In premise software and cloud-based memory device is connected to the service
• Users maintain cache frequently accessed data in the local data center, while providing low latency for all data stored in S3 or Glacier of access

CloudFront

• Web content delivery services to provide low-latency, high-speed and minimum usage commitment of the global CDN business
• Using the global network edge to provide access to the entire site, including dynamic, static, streaming and interactive content
• Files stored on AWS Lifecycle Policy

AWS database

RDS

• Relational database hosting services
• By AWS console, RDS command line and API call
• Scalable, supports redundancy and automatic backup
• Support for SQL, Oracle and other database
• Applicable scene: complex things and complex queries, 30K IOPS following high read and write, no more than one node slice, persistent high
• NA scenarios: Simple ultrahigh write request as 150K IOPS, can be achieved NoSQL

DynamoDB

• Fully managed NoSQL database
• Low-latency less than 10ms on any scale, fully operational in SSD
• Supporting documentation and key storage mode
• Ideal for mobile, web, games, advertising and IOT
• By AWS console, command line and API call
• The need for the user to want to read and write throughput capacity preset to ensure consistent low latency read typically 4KB / s as a unit, to write 1KB / s as a unit

Redshift

• Fast, comprehensive management of PB-level data warehousing services
• Standard SQL interface, by means of conventional tools simple and efficient BI structured data analysis
• Parallel query across multiple nodes to provide fast way to improve query performance
• Allowing organizations to voluntarily implement and configure, monitor, most of the administrative tasks cloud data warehouse

ElastiCache

• The use of Web services to simplify cloud memory cache deployment operations and expansion
• Support for Memcached and Redis cache engine

Management Tools

Amazon CloudWatch

• Cloud resources and cloud application monitoring service
• Collect tracking metrics to collect and monitor log files and set alarm
• Visibility Gets a system-wide resource utilization and application performance and operating conditions

AWS CloudFormation

• To configure and update the AWS resources in an orderly and predictable manner
• Define a template-based language of JSON and YAML

AWS CloudTrail

• Record Account API call and provide the log file for audit and review
• Information includes API caller identity, call time, source IP address, request parameters, and return the service response value

AWS Config

• AWS provides a list of resources, configuration history and configuration change notification
• Support compliance audits, security analysis, security and governance change tracking and troubleshooting

Security and Identity

IAM Identity and Access Management

• Effective security organization user access to AWS services and resources
• AWS to create and manage users, groups and roles, and permissions to allow or deny management

AWS Key Management Service KMS

• Creating and managing encrypted data encryption key
• HSM supports the use of hardware security module to protect the root key security

AWS Directory Service

• Allowed to set up and run MicroSoft AD or resources associated with the conventional AD in AWS
• Shared use AD user management, and create and apply Group Policy

AWS Certificate Manager

• Configure and manage and deploy SSL / TLS certificate for AWS cloud services
• Support rapid application

AWS WAF Web Application Firewall

• Help for Web applications common defense ***
• By customizing Web security rules for the organization or organizational flow control allows their Web applications

Application Services

AWS API Gateway

• Fully hosted service
• Create, publish, maintenance, monitoring and protection of all sizes API
• We can accept and process hundreds of thousands of concurrent maximum API calls
• Support includes traffic management, authorization and access control, monitoring and management API version

Amazon Elastic Transcoder elastic transcoder

• Cloud transcoding the media AWS
• The media files can be played on a smartphone, tablet and PC devices such as the source format to convert its format

Amazon SNS Simple Notification Service

• Management send messages or e-mail to the recipient Web service
• It supports two roles: Publishers and Subscribers
• Sent to subscribers by the publisher Message asynchronous communication

Amazon SES simple e-mail service

• Using the SES sends a transaction to the customer, e-mail marketing messages and other content
• An application scenario: SES by accepting the message, delivered to the S3, triggering Lambda, and then issued a notice to the SNS

Amazon Simple Workflow Service

• Construction, operation and scale background jobs sequentially or in parallel with the steps of
• Based on full management and status tracking task coordinator cloud
• The scene is the step of monitoring applications, tracking and processing status at any time is a task failure recovery and retry, increase application reliability

Amazon Simple Queue Service

• Fully managed, reliable and scalable message queue service
• Applies to any throughput levels, without losing any data transfer messages and other required services are always available

Amazon Workspaces 服务

• Managed desktop services, you can quickly configure cloud-based desktops

Code Service

AWS CodeBuild

• AWS CodeBuild is a fully hosted continuous integration service can compile the source code, run the test and generate packages for deployment.
• Use CodeBuild, you do not need presets, manage and expand their build server.
• CodeBuild can continue to expand and build to handle multiple tasks, so your build task does not wait in the queue.
• You can use pre-packaged build environment fast start, you can also create your own custom build tool build environment. Use CodeBuild, the number of minutes that you will use computing resources paid.

AWS CodeDeploy

• AWS CodeDeploy is a software that will automatically deploy to a variety of computing services (such as Amazon EC2, AWS Fargate, AWS Lambda and the local server) deployment of a fully managed service.
• With AWS CodeDeploy, you can make it easier to quickly release new features to avoid downtime in the application deployment, update and simplify the work of application.
• You can use the AWS CodeDeploy automate the software deployment, without the need to perform manual and error-prone. Extended service based on your deployment needs.

AWS core services deployment best practices

IAM user group management

• Create an IAM group and grant full administrator rights
• Stop using the root account, use the IAM user login credentials
• MFA is enabled IAM Account
• 软件MFA：AWS Virtual MFA、Google Authenticator、Authenticator、SMS
• Hardware MFA: Gemalto secret key cards

Open AWS CloudTrail

• Records of account all API requests
• API call record includes the identity of the time, the IP source, request parameters, like response element returns
• Mainly used for security analysis, change tracking resources, troubleshoot operational problems, compliance, collaboration, etc.
• To ensure that only licensed for CloudTrail of S3 to the specified user
• APN can be integrated with log analysis tools such as Splunk, SumoLogic, AlertLogic

Enabling AWS Config resource tracking configuration changes

• Fully managed service, AWS Config is a detailed configuration view of the AWS account resources
• Check the link between resources
• You can take a snapshot of the current allocation of resources
• History can retrieve configuration information related resources
• AWS provides a list of resources, configuration history and configuration change notification

Open bill report

• AWS resource usage and estimated costs
• Report to the designated S3 and updated once a day

EC2 Security

• Use federated identity, IAM and IAM Role user access to AWS resources and the API
• Establish certificate management policies and procedures for the creation, distribution, rotation and revoke access AWS credentials
• Security group to allow only specific examples of the range of IP access
• Regular repair and update the operating system and applications, and save the image in order to be reused

EC2 storage

• EC2 Instance can support native-instance storage and EBS,
• Different storage types in the data persistence, backup, recovery, and the total size is not the same.

EC2 resource management

• Example metadata and custom label easier identification and tracking Examples
• Examples of Metadata is data about the instance, including AMI ID, instance ID, and there are private IP, host address, MAC address, and IAM role instances and associated security group
• Use labels AWS classified in different ways, such as by use, owner, environmental, and optional tag value bond composition comprising

EC2 Backup and Recovery

• Examples of regular backups
• Copy the important data to multiple locations
• The key components deployed across multiple areas of application
• Examples of how to restart after considering an application designed to handle dynamic IP
• Monitor and respond to events, such as CloudWatch
• Make sure you can always handle failover
• Examples of periodic testing and recovery processes EBS

AWS service restrictions

• The number of service capped - can be sustained in the limits options
• Slightly different limits for each region
• There are some hard limits can not be modified
• You can make adjustments to the soft limit
• Use Trusted Advisor service checks the limiting case

Links: https://www.jianshu.com/p/205272f0c64d