CLOUD CONCEPTS
1. cloud computing
2. Cloud computing model
3. Cloud deployment model
4. AWS Identity and Access Management (IAM)
5. Amazon machine image (AMI)
6. Amazon connect
7. Amazon route 53
8. AWS cloudwatch
9. AWS cloudtrial
10.AWS Trusted advisor
11. AWS artifact
12.AWS Directory Services
13. Service quotas
1. cloud computing
On demand delivery of IT resources, over the internet with pay as you go Pricing.
Benefits of Cloud computing
- Trade capital expense over variable expense
- Stop guessing capacity
- Stop spending money running and maintain data Centre
- Increase speed and agility
- Go global in minutes
- Benefit from economies of scale
__________________________________________________________________________
2. Cloud computing model
Infrastructure as a service (IaaS). EXAMPLE - Cloud Formation
Platform as a service (PaaS) EXAMPLE - Elastic bean stalk and RDS
Software as a service (SaaS).
__________________________________________________________________________
3. Cloud deployment model
Public Cloud – e.g. AWS, Microsoft Azure, Google Cloud Platform (GCP).
Hybrid Cloud – a mixture of public and private clouds.
Private Cloud (on-premises) – a cloud managed in your own data center
__________________________________________________________________________
4. AWS Identity and Access Management (IAM)
is a web service that helps you securely control access to AWS resources
You use IAM to control who is authenticated (signed in) and
authorized (has permissions) to use resources.
AWS Management Console – user name, password, and authentication code.
AWS API or CLI - access key, secret key
__________________________________________________________________________
5. Amazon Machine Image (AMI)
is a special type of virtual appliance that is used to create a
virtual machine within the Amazon Elastic Compute Cloud (“EC2”).
One or more Amazon Elastic Block Store (Amazon EBS) snapshots, or, for
instance-store-backed AMIs, a template for the root volume of the instance
Types of Ami:
Community AMIs – free to use, you just select the operating system you want.
AWS Marketplace AMIs – pay to use, come packaged with additional, licensed software.
My AMIs – AMIs that you create yourself.
__________________________________________________________________________
6. Amazon Connect (Like customer care)
enables you to create an omnichannel contact center: a contact center that provides a unified experience across multiple channels, such as voice, chat, and tasks.
You use the same routing profiles, queues, contact flows, metrics, and reports for all channels. Managers monitor all channels from one dashboard.
Agents handle all customers from just one interface. If a customer interaction starts with chat and moves to voice, the agent handling the voice call has the complete chat transcript so context is preserved.
__________________________________________________________________________
7.Amazon Route 53
Amazon Route 53 is the AWS Domain Name Service.
Domain registration – Route 53 allows you to register domain names.
Domain Name Service (DNS) – Route 53 translates name to IP addresses
Health checking – Route 53 sends automated requests to your application
to verify that it’s reachable, available, and functional.
Route 53 benefits:
-Domain registration
-DNS service
-Traffic flow (send user to best endpoint)
-Health checking of instance
-DNS fail over (automatically change domain endpoint if system fail)
-Integrates with ELB,S3 and cloud front as endpoints
__________________________________________________________________________
8.AWS cloud watch
Used for performance monitoring.
It is used to gain system-wide visibility into "resource utilization".
It monitors the resources and applications we run on AWS in real time.
used to monitor and collect metrics and logs and also to set ALARMS.
Custom metrics are generated, we can also customize the metrics.
Default is every 5mins free. for "1 min metric Pay extra".
There is no standard metric for "memory usage" on EC2 instances.
CloudWatch Dashboard - create, customize and interact with
Alarm - Trigger alarm to alert
Events - system events describing change in aws resource
Logs - can be stored on s3
It can be accessed via API, command-line interface, AWS SDKs,
and the AWS Management Console
__________________________________________________________________________
9.AWS CloudTrail (Used for Auditing)
AWS CloudTrail is a web service that records API activity made
on your account and delivers log files to an Amazon S3 bucket.
Like who made request, what request they made, when they made
Identity of api caller, time of call, source ip address of caller,
cloud trail is enabled by default. CloudTrail is per AWS account.
You can consolidate logs from multiple accounts using an S3 bucket:
CloudTrail log "file integrity validation feature"
allows you to determine whether a CloudTrail log file was unchanged, deleted,
or modified since CloudTrail delivered it to the specified Amazon S3 bucket.
__________________________________________________________________________
10. AWS trusted advisor
Trusted Advisor provides real time guidance to help you provision
your resources following best practices. Advisor will advise you on
Trusted Advisor scans your AWS infrastructure and compares
is to AWS best practices in five categories:
Cost optimization, Performance, Security, Fault tolerance and service limits
*Cost Optimization - These checks highlight unused resources
and opportunities to reduce your bill
*Performance - Recommendations that can improve the speed and
responsiveness of your applications.
*Security - Recommendations for security settings that
can make your AWS solution more secure.
*Fault Tolerance - Recommendations that help increase the resiliency of your AWS solution. These checks highlight redundancy shortfalls, current service limits (also known as quotas), and overused resources.
*Service limits - Checks the usage for your account and whether your
account approaches or exceeds the limit (quotas)
for AWS services and resources.
Four Best Practices are available to all customers at no cost:
-Service Limits Check
-Security Groups – Specific Ports Unrestricted Check
-IAM Use Check
-MFA on Root Account Check
Customers can access the remaining checks by upgrading to Business/Enterprise-level
AWS Basic Support and AWS Developer Support - customers get access to 6 security checks
-service limit checks
-Security Groups – Specific Ports Unrestricted
-IAM Use check
-MFA on Root Account
-S3 Bucket Permissions
-EBS Public Snapshots
-RDS Public Snapshots
AWS Business Support and AWS Enterprise Support customers get access to all
115 Trusted Advisor checks (14 cost optimization, 17 securities, 24 fault
tolerance, 10 performances, and 50 service limits) and recommendations.
__________________________________________________________________________
11.AWS Artifact
AWS Artifact is a web service that enables you to download AWS security and compliance documents such as ISO certifications and SOC reports.
AWS Artifact Reports
AWS Artifact Reports provides several compliance reports from third-party auditors who have tested and verified our compliance with a variety of global, regional, and industry specific security standards and regulations.
AWS Artifact Agreements
enables you to review, accept, and manage agreements with AWS for an individual account, and for all accounts that are part of your organization in AWS Organizations. You can also use AWS Artifact to terminate agreements you have previously accepted if they are no longer required.
__________________________________________________________________________
12.AWS Directory Services
Active Directory (AD) is a database and set of services that connect
users with the network resources they need to get their work done.
AWS Managed Microsoft AD -
Microsoft AD is a Active Directory hosted on the AWS Cloud.
It integrates most Active Directory features with AWS applications.
AD Connector -
AD Connector uses your existing on-premises Microsoft Active Directory to
access AWS applications and services.
Simple AD -
Use Simple AD if you need a low-scale, low-cost directory with basic Active
Directory with LDAP compatibility and supports Samba 4–compatible applications
__________________________________________________________________________
Service Quotas:
Your AWS account has default quotas, formerly referred to as limits, for each AWS service. Unless otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other quotas cannot be increased.
Service Quotas is an AWS service that helps you manage your quotas for many AWS services, from one location. Along with looking up the quota values, you can also request a quota increase from the Service Quotas console.
No comments:
Post a Comment