1

AWS cloud terminology

AWS Cloud terminology

Understand AWS cloud terminology of 71 services! Get acquainted with terms used in AWS

world to start with your AWS cloud career!

AWS i.e. Amazon Web Services is cloud platform providing list of web services on pay per

use basis. Its one of the famous cloud platform to date. Due to flexibility, availability,

elasticity, scalability and no-maintenance many corporate are moving to cloud. Since many

companies using these services its become necessary that sysadmin or devOps should be

aware of AWS.

This article aims at listing services provided by AWS and explaining terminology used in

AWS world.

As of today, AWS offers total of 71 services which are grouped together in 17 groups as

below :

Compute

Its a cloud computing means virtual server provisioning. This group provides below services.

1. EC2 : EC2 stands for Elastic Compute Cloud. This service provides you scalable

virtual machines per your requirement.

2. EC2 container service : Its high performance, high scalable which allows running

services on EC2 clustered environment

3. Lightsail : This service enables user to launch and manage virtual servers (EC2) very

easily.

4. Elastic Beanstalk : This service manages capacity provisioning, load balancing,

scaling, health monitoring of your application automatically thus reducing your

management load.

5. Lambda : It allows to run your code only when needed without managing servers for

it.

2

6. Batch : It enables users to run computing workloads (batches) in customized managed

way.

Storage

Its a cloud storage i.e. cloud storage facility provided by Amazon. This group includes :

1. S3 : S3 stands for Simple Storage Service (3 times S). This provides you online

storage to store/retrive any data at any time, from anywhere.

2. EFS : EFS stands for Elastic File System. Its a online storage which can be used with

EC2 servers.

3. Glacier : Its a low cost/slow performance data storage solution mainly aimed at

archives or long term backups.

4. Storage Gateway : Its interface which connects your on-premise applications (hosted

outside AWS) with AWS storage.

Database

AWS also offers to host databases on their Infra so that client can benefit with cutting edge

tech Amazon have for faster/efficient/secured data processing. This group includes :

1. RDS : RDS stands for Relational Database Service. Helps to setup, operate, manage

relational database on cloud.

2. DynamoDB : Its noSQL database providing fast processing and high scalability.

3. ElastiCache : Its a way to manage in-memory cache for your web application to run

them faster!

4. Redshift : Its a huge (petabyte-size) fully scalable, data warehouse service in cloud.

Networking & Content Delivery

As AWS provides cloud EC2 server, its corollary that networking will be in picture too.

Content delivery is used to serve files to users from their geographically nearest location. This

is pretty much famous for speeding up websites now a days.

1. VPC : VPC stands for Virtual Private Cloud. Its your very own virtual network

dedicated to your AWS account.

2. CloudFront : Its content delivery network by AWS.

3. Direct Connect : Its a network way of connecting your datacenter/premises with AWS

to increase throughput, reduce network cost and avoid connectivity issues which may

arise due to internet-based connectivity.

4. Route 53 : Its a cloud domain name system DNS web service.

3

Migration

Its a set of services to help you migrate from on-premises services to AWS. It includes :

1. Application Discovery Service : A service dedicated to analyse your servers, network,

application to help/speed up migration.

2. DMS : DMS stands for Database Migration Service. It is used to migrate your data

from on-premises DB to RDS or DB hosted on EC2.

3. Server Migration : Also called as SMS (Server Migration Service) is a agentless

service which moves your workloads from on-premises to AWS.

4. Snowball : Intended to use when you want to transfer huge amount of data in/out of

AWS using physical storage appliances (rather than internet/network based transfers)

Developer Tools

As name suggest, its a group of services helping developers to code easy/better way on cloud.

1. CodeCommit : Its a secure, scalable, managed source control service to host code

repositories.

2. CodeBuild : Code builder on cloud. Executes, tests codes and build software packages

for deployments.

3. CodeDeploy : Deployment service to automate application deployments on AWS

servers or on-premises.

4. CodePipeline : This deployment service enables coders to visualize their application

before release.

5. X-Ray : Analyse applications with event calls.

Management Tools

Group of services which helps you manage your web services in AWS cloud.

1. CloudWatch : Monitoring service to monitor your AWS resources or applications.

2. CloudFormation : Infrastructure as a code! Its way of managing AWS relative infra in

collective and orderly manner.

3. CloudTrail : Audit & compliance tool for AWS account.

4. Config : AWS resource inventory, configuration history, and configuration change

notifications to enable security and governance.

5. OpsWorks : Automation to configure, deploy EC2 or on-premises compute

6. Service Catalog : Create and manage IT service catalogs which are approved to use in

your/company account

7. Trusted Advisor : Its AWS AI helping you to have better, money saving AWS infra by

inspecting your AWS Infra.

8. Managed Service : Provides ongoing infra management

4

Security, Identity & compliance

Important group of AWS services helping you secure your AWS space.

1. IAM : IAM stands for Identity and Access Management. Controls user access to your

AWS resources and services.

2. Inspector : Automated security assessment helping you to secure and compliance your

apps on AWS.

3. Certificate Manager : Provision, manage and deploy SSL/TLS certificates for AWS

applications.

4. Directory Service : Its Microsoft Active Directory for AWS.

5. WAF & Shield : WAF stands for Web Application Firewall. Monitors and controls

access to your content on CloudFront or Load balancer.

6. Compliance Reports : Compliance reporting of your AWS infra space to make sure

your apps an dinfra are compliant to your policies.

Analytics

Data analytics of your AWS space to help you see, plan, act on happenings in your account.

1. Athena : Its a SQL based query service to analyse S3 stored data.

2. EMR : EMR stands for Elastic Map Reduce. Service for big data processing and

analysis.

3. CloudSearch : Search capability of AWS within application and services.

4. Elasticsearch Service : To create a domain and deploy, operate, and scale

Elasticsearch clusters in the AWS Cloud

5. Kinesis : Streams large amount of data in real time.

6. Data Pipeline : Helps to move data between different AWS services.

7. QuickSight : Collect, analyse and present insight of business data on AWS.

Artificial Intelligence

AI in AWS!

1. Lex : Helps to build conversational interfaces in application using voice and text.

2. Polly : Its a text to speech service.

3. Rekognition : Gives you ability to add image analysis to applications

4. Machine Learning : It has algorithms to learn patterns in your data.

Internet of Things

This service enables AWS highly available on different devices.

1. AWS IoT : It lets connected hardware devices to interact with AWS applications.

5

Game Development

As name suggest this services aims at Game Development.

1. Amazon GameLift : This service aims for deplyoing, managing dedicated gaming

servers for session based multiplayer games.

Mobile Services

Group of services mainly aimed at handheld devices

1. Mobile Hub : Helps you to create mobile app backend features and integrate them to

mobile apps.

2. Cognito : Controls mobile user’s authentication and access to AWS on internet

connected devices.

3. Device Farm : Mobile app testing service enables you to test apps across android, iOS

on real phones hosted by AWS.

4. Mobile Analytics : Measure, track and analyze mobile app data on AWS.

5. Pinpoint : Targeted push notification and mobile engagements.

Application Services

Its a group of services which can be used with your applications in AWS.

1. Step Functions : Define and use various functions in your applications

2. SWF : SWF stands for Simple Workflow Service. Its cloud workflow management

helps developers to co-ordinate and contribute at different stages of application life

cycle.

3. API Gateway : Helps developers to create, manage, host APIs

4. Elastic Transcoder : Helps developers to converts media files to play of various

devices.

Messaging

Notification and messaging services in AWS

1. SQS : SQS stands for Simple Queue Service. Fully managed messaging queue service

to communicate between services and apps in AWS.

2. SNS : SNS stands for Simple Notification Service. Push notification service for AWS

users to alert them about their services in AWS space.

3. SES : SES stands for Simple Email Service. Its cost effective email service from AWS

for its own customers.

6

Business Productivity

Group of services to help boost your business productivity.

1. WorkDocs : Collaborative file sharing, storing and editing service.

2. WorkMail : Secured business mail, calendar service

3. Amazon Chime : Online business meetings!

Desktop & App Streaming

Its desktop app streaming over cloud.

1. WorkSpaces : Fully managed, secured desktop computing service on cloud

2. AppStream 2.0 : Stream desktop applications from cloud.

7

AWS EC2, S3, RDS revision before CSA

exam

EC2, S3, RDS revision!

Quick revision on topics AWS EC2, S3, RDS before appearing AWS Certified Solutions

Architect – Associate level exam.

This article notes down few important points about AWS (Amazon Web Services) EC2, S3

and RDS. This can be helpful in last minute revision before appearing for AWS Certified

Solutions Architect – Associate level certification exam.

This is first part of AWS CSA revision series. Rest of the series listed below :

AWS CSA revision part II (VPC, Route53, IAM) AWS CSA revision part III (Cloudfront, SNS, SQS) AWS CSA revision part IV (SWF,Beanstalk, EMR, Cloudfomation)

In this article we are checking out key points about EC2 (Elastic Compute Cloud), S3 (Simple

Storage Service) and RDS (Relational Database Service).

Recommended read : AWS CSA exam preparation guide

Lets get started :

EC2 (Elastic Compute Cloud)

Its a AWS service which provides scalable virtual servers in cloud. Pricing models are Reserved instance, On demand instances and spot instances. Reserved are less costly since you reserve in advance by paying partial or full. On demand ones are costliest. But their launching depends on current available capacity in

that zone

8

Spot instance are bidding unused instances in amazon marketplace (cheapest of all). They are allocated and withdrawn according to your bid price.

Max 20 running and 20 shut-down instance can exist per account. AMI is Amazon Machine Image used to deploy/install pre-configured OS on EC2 instances. Instance store backed volumes are ephemeral storage and lost their data once instance is off EBS (Elastic Block Store) volumes holds data permanently regardless of instance state. EBS volume size : Min 1 GiB, Max 16384 GiB (16 Tib) EBS volume can be attached to 1 instance at a time. Can not be attached to instance in

different availability zone. EBS : 3 IOPS per GiB with a minimum of 100 IOPS, burstable to 3000 IOPS EBS Provisioned IOPS. 50:1 ratio to be maintained. RAID 5 and RAID 6 are not recommended for EBS by AWS. IOPS are measures in chucks of 256KB or smaller. EC2-classic is deprecated service. Exist in accounts before 24 Dec 2013. Default session timeout for ELB is 60 sec. 5 Elastic IPs per region only. Key pairs are used by EC2 and cloudfront only. SAML URL https://signin.aws.amazon.com/saml Maximum 2 key pairs can be kept per user. Elastic Load Balancer ELB modes :

o Idle connection timeout o Cross zone load balancing o Connection draining o Proxy protocol o Sticky session o Health checks

Auto Scaling plans : o Current instant levels o Manual scaling o Dynamic scaling o Scheduled scaling

ELB session timeout is 60 sec. Timeout for connection draining in ELB is 1 sec to 3600 sec. Default is 300 sec.

S3 (Simple Storage Service)

objects (files) are stored in backets. All root folders are buckets and must have unique name across all AWS infra

Unlimited storage and high available by default 99.999999999% (Eleven 9’s) durability and 99.99% availability for data stored on S3 User can enable AES-256 encryption for data at rest Versioning can be enabled but can not be disabled. It can only be suspended then. Life cycle policies can be defined for deletion or archival. Glacier is low cost storage option for archiving data. Data in and out of Glacier takes hours

or days. Glacier cost 1 cent / 1 GB for a year. Object size : min 0 bytes, max 5 TB Object more than 100MB must use multi part upload function All regions supports read after write consistency for PUTS (new object) and eventual

consistency for PUTS (overwite) & DELETE.

9

Object always stays within region and synced across all availability zones. The S3 infrequent access (S3-IA) storage class has object durability of 99.999999999% and

availability of 99.90% Max object size in single put is 5GB.

RDS (Relation Database Service)

Its fully managed database service in cloud. Supported databases : Oracle, MySQL, PostgreSQL, MS SQL, Aurora (Amazon home grown

SQL DB) Scale underlying hardware automatically Support read replicas of SQL based DB Disk space : min 5GB, max 3TB Default database port : 3306 RDS backup retention policy : 0 days min (no backup) to 35 days max.

DynamoDB

Dynamodb supports in-place atomic updates Dynamodb defaults in US west Oregon region. Max 1MB of data can be retrieved in single query operation.

10

AWS VPC, Route53, IAM revision before

CSA exam

VPC, Route53, IAM revision!

Quick revision on topics AWS VPC, Route53, IAM before appearing AWS Certified Solutions

Architect – Associate level exam.

This article notes down few important points about AWS (Amazon Web Services) VPC,

Route53 and IAM. This can be helpful in last minute revision before appearing for AWS

Certified Solutions Architect – Associate level certification exam.

This is second part of AWS CSA revision series. Rest of the series listed below :

AWS CSA revision part I (EC2, S3, RDS) AWS CSA revision part III (Cloudfront, SNS, SQS) AWS CSA revision part IV (SWF,Beanstalk, EMR, Cloudfomation)

In this article we are checking out key points about VPC (Virtual Private Cloud), Route53

(DNS Service) and IAM (Identity and Access Management).

Recommended read : AWS CSA exam preparation guide

Lets get started :

VPC (Virtual Private Cloud)

NACL (Network Access Control List) controls traffic security at subnet level Security groups controls traffic security at instance level NACL are stateless (i.e. all traffic need to exclusively allow) while Security groups are stateful

(i.e. response traffic is automatically allowed) Only 1 Internet gateway per VPC is allowed. VPC peering can be done between two AWS accounts or other VPS within same region.

11

VPC peering is direct network route between two VPC enabling sharing resources in different subnets.

Limits : o 5 VPC per region o 50 customer gateways per region o 200 route table per region o 50 entries per route table o 5 elastic IP o 5 security group per network interface o 500 security groups per VPC o 50 rules per security group

First 4 and last 1 IP of each subnet is reserved by AWS as below : o x.x.x.0 : Network IP o x.x.x.1 : VPC router IP o x.x.x.2 : For VPC DNS o x.x.x.3 : For future use o x.x.x.255 : Broadcast IP

Route 53

Can register domain, act as DNS, Check health of resources. Port 53 used to serve request by DNS hence the name route 53! Primarily TCP used to serve DNS request but if response is more than 512 bytes it will use

TCP. Currently supported records :

o A (address record) o AAAA (IPv6 address record) o CNAME (canonical name record) o MX (mail exchange record) o NAPTR (name authority pointer record) o NS (name server record) o PTR (pointer record) o SOA (start of authority record) o SPF (sender policy framework) o SRV (service locator) o TXT (text record)

Routing policies : o Simple routing : Single resource serving traffic o Weighted routing : Divert proportion wise traffic to multiple resources o Latency routing : Returns result with lowest latency to requestor origin o Failover routing : Active-passive. One resource takes traffic when other one is failed o Geolocation routing : Returns DNS queries based on geo location of user

Limits : o 500 hosted zones per AWS account o 50 domains per AWS account

Ideal TTL values for CNAME to existing domain is 24 hours and CNAM to S3 or ELB is 1 hour. There is no default TTL for any record type in Route 53. You have to specify TTL for your

records.

12

Weights can be assigned as integer 0 to 255. 0 means no weight i.e. dont route to that record. Probability of routing to be done to particular record is equals to weight of that record/Sum of all record weights.

IAM (Identity and Access Management)

Never use root account for login. Create admin user and use it for administrative tasks Created users, groups and roles are global and available across all regions in same AWS

account Prebuilt policy for :

o Administrator – All access o Power user – Everything administrator has except IAM management access o Read only – Only view access (accounting purpose)

By default, newly created user has normal deny on all AWS resources. Explicit allow will override normal deny.

Cross account roles can be defined. It assumes access of other user granted to another user. Public key can be viewed in account setting anytime. Private key visible only at time of

creation. If lost can not be retrieved and need to create fresh key pair to use.

13

AWS CloudFront, SNS, SQS revision before

CSA exam

CloudFront, SNS, SQS revision!

Quick revision on topics AWS CloudFront, SNS, SQS before appearing AWS Certified

Solutions Architect – Associate level exam.

This article notes down few important points about AWS (Amazon Web

Services) CloudFront, SNS and SQS. This can be helpful in last minute revision before

appearing for AWS Certified Solutions Architect – Associate level certification exam.

This is third part of AWS CSA revision series. Rest of the series listed below :

AWS CSA revision part I (EC2, S3, RDS) AWS CSA revision part II (VPC, Route53, IAM) AWS CSA revision part IV (SWF,Beanstalk, EMR, Cloudfomation)

In this article we are checking out key points about CloudFront(CDN Content Delivery

Network), SNS (Simple Notification Service) and SQS (Simple Queue Service).

Recommended read : AWS CSA exam preparation guide

Lets get started :

AWS Cloudfront

Origin can be S3 bucket or cname of Elastic Load Balancer ELB S3 bucket as origin. URL will be bucket_name.s3-reagion.cloudfront.net Private content sharing with signed URL with expiration time limit To serve new object version, create new distribution or create invalidation of old object.

Since invalidation costs, creating new distribution always helps. Limits :

14

o 1,00,000 Requests per second per distribution o 200 distributions per account o 40Gbps speed per distribution o 25 origins per distribution o 20 GB max file size to serve

By default object expiration is 24 hours. Minimum TTL is 0.

Amazon SNS

Latest addition to SNS is Lambda SNS has two clients : Publishers and subscribers Publishers communicate to subscribers by sending message to topic. Protocol supported :

o HTTP o HTTPS o SMS o email o email-JSON o Amazon SQS o AWS Lambda

SNS Topic of same name can be created after 30-60 seconds previous topic deleted.

Amazon SQS

Default visibility timeout is 30 secs. Maximum is 12 hours. Mainly used to decouple your application Default period message stays in queue is 4 days. Min-Max periods are 1 min to 2 weeks. Maximum SQS message size is 256KB. Supports unlimited number of queues and unlimited messages per queue. Long polling can be done from 1 to 20 secs.

15

AWS SWF,Beanstalk, EMR, Cloudfomation

revision before CSA exam

Quick revision on topics AWS SWF,Beanstalk, EMR, Cloudfomation

before appearing AWS Certified Solutions Architect – Associate level exam.

This article notes down few important points about AWS (Amazon Web Services)

SWF,Beanstalk, EMR, Cloudfomation. This can be helpful in last minute revision before

appearing for AWS Certified Solutions Architect – Associate level certification exam.

This is forth part of AWS CSA revision series. Rest of the series listed below :

AWS CSA revision part I (EC2, S3, RDS) AWS CSA revision part II (VPC, Route53, IAM) AWS CSA revision part III (Cloudfront, SNS, SQS)

In this article we are checking out key points about SWF (Simple Work Flow), Beanstalk

(App deployment Service), EMR (Elastic MAp Reduce), Cloudfomation (Infrastructure as

code).

Recommended read : AWS CSA exam preparation guide

Lets get started :

SWF

Max simultaneous workflows executions 1,00,000 C++ is not supported in SWF There are three actors :

o activity workers o workflow starters o deciders

Each workflows runs in domain which is collection of tasks.

16

Workflows in different domains can not interact

Beanstalk

Scala, websphere is not available in Beanstalk Its free service. You will be charged for resources it provisions for your application Supported platforms :

o Java o Ruby o Python o PHP o Node.js o .net o Go o Docker

Cloudfront

One AWS account can have 100 CF origin access identities at max. Key pairs are only used for EC2 and cloudfront. All cloudfront URL ends with cloudfront.net Cloudfront origins can be S3 bucket, EC2, webserver in on-premise datacenter It can serve private content by S3 origin access identifiers, signed URLs and signed cookies. Limits :

o Req per sec per distribution : 1,00,000 o Transfer rate per distribution : 40 Gbps o Origins per distribution : 25 o web distributions per account : 200

AWS Infra

Total availability zones currently are 42. Total regions are 16. First 3 services launched by AWS are SQS (2004), S3 (2006), EC2 (later in 2006)