AWS Short notes

By -

 What is Amazon AWS ? Why Should learn ? – Part 1

AWS, Cloud 

AWS stands for Amazon web services which offers public cloud to their customers (Established in 2006). This project has been started to target small organization, startup companies, short term projects and  for companies who don’t want to invest money for IT infrastructure. AWS is one of the fastest growing public cloud in the world. Currently, AWS at their peak because more and more organizations are outsourcing their IT to amazon AWS (which includes many fortune 500 companies). Most of the industries are trying to reduce the IT cost and IT companies are forced to reduce the support cost by doing automation and IOT. As a result of this , system administrator might loose their job if they continue to work on legacy hardware and technologies . It’s a right time to look new opportunities in cloud and cloud related technologies.  Amazon AWS is the market leader in the public cloud and the AWS skilled engineers demand is growing rapidly.

These amazon AWS article series is going to provide simple tutorial to learn AWS quickly.

 

Quick history of AWS:

Chirs Pinman & Benjamin Black present a paper on what Amazon’s own internal infrastructure should look like in 2003. They have Suggested selling it as a service and prepared a business case

SQS launched in 2004.

AWS officially launched in 2006.

In 2010, all of amazon.com moved to AWS.

In 2013, AWS Certifications have been Launched

In 2015,  AWS ‘s revenue is 6$ billion dolor USD per annum and growing close to 90% year on year.

As per gartner report, 90% of public cloud is hosted on Amazon AWS and 5 % on Microsoft Azure and remaining 5% shared by other public cloud offering companies.

Amazon AWS has been named as a leader in IAAS for 5th consecutive year.

 

How Amazon is meeting tight SLA  of 99.87% ?

Amazon has setup multiple  data-centers on different geographic locations and these are called “Region” . In each region , they have setup multiple data-centers and these are called “Availability zone” in AWS world. In-case, if we have failure on one availability zone, the other datacenter will be available to take over. That’s the reason, less than 50 minutes per month or 9 hrs in a year downtime SLA is able to meet by amazon.

Region – Geographic location.

AZ  – Availability zone (Nothing but a Data-center )

Egde Location – users access services  (CloudFront CDN)

 

How to choose the region ?

It’s always to recommended to choose the region which is near to the customer location to avoid the latency. Lets have some look on the existing regions and availability zone on important locations. Here you can see that each region  has multiple availability zones and N-number of Edge location.

 north-america-dc-amazon 

 

 

 Europe-middle-east-Africa-amazon-dc 

 

 

 Asia-pacific-amazon-dc 

 

Amazon AWS offers:

Compute:

Amazon EC2

Amazon EC2 Container Registry

Amazon EC2 Container Service

AWS Elastic Beanstalk

AWS Lambda

Auto Scaling

Elastic Load Balancing

Amazon VPC

 

Storage & Content Delivery:

AWS offers a complete range of cloud storage services to support both application and archival compliance requirements. Select from object, file, and block storage services as well as cloud data migration options to start designing the foundation of your cloud IT environment.

Amazon S3

Amazon CloudFront

Amazon EBS

Amazon Elastic File System

Amazon Glacier

AWS Import/Export Snowball

AWS Storage Gateway

Database

AWS offers a wide range of database services to fit your application requirements. These database services are fully managed and can be launched in minutes with just a few clicks. AWS database services include Amazon Relational Database Service (Amazon RDS), with support for six commonly used database engines.

Amazon RDS

AWS Database Migration Service

Amazon DynamoDB

Amazon ElastiCache

Amazon Redshift

 

Networking

AWS networking products enable you to isolate your cloud infrastructure, scale your request handling capacity, and connect your physical network to your private virtual network. AWS networking products work together to meet the needs of your application. For example, Elastic Load Balancing works with Amazon Virtual Private Cloud (VPC) to provide robust networking and security features.

Amazon VPC

AWS Direct Connect

Elastic Load Balancing

Amazon Route 53

 

Analytics

AWS offers a comprehensive set of services to handle every step of the analytics process chain including data warehousing, business intelligence, batch processing, stream processing, machine learning, and data workflow orchestration. These services are powerful, flexible, and yet simple to use, enabling organizations to put their raw data to work quickly and easily.

Amazon EMR

AWS Data Pipeline

Amazon Elasticsearch Service

Amazon Kinesis

Amazon Machine Learning

Amazon Redshift

Amazon QuickSight

 

Enterprise Applications

AWS offers on-demand enterprise applications in few clicks.

Amazon WorkSpaces (Desktop computing service)

Amazon WorkDocs (Enterprise storage service)

Amazon WorkMail  (Email Service )

 

Internet of Things

AWS IoT allows you to easily connect devices to the cloud and to other devices. AWS IoT supports HTTP, WebSockets, and MQTT, a lightweight communication protocol specifically designed to tolerate intermittent connections, minimize the code footprint on devices, and reduce network bandwidth requirements.

AWS IoT

 

Mobile Services

AWS provides a range of services to help you develop mobile apps that can scale to hundreds of millions of users, and reach global audiences. With AWS, you can quickly and easily add mobile features to your app, including user authentication, data storage, content delivery, backend logic, analytics dashboards, and push notifications – all from a single, integrated console.

AWS Mobile Hub

Amazon API Gateway

Amazon Cognito

AWS Device Farm

Amazon Mobile Analytics

AWS Mobile SDK

Amazon SNS

 

Developer Tools

AWS CodeCommit

AWS CodeDeploy

AWS CodePipeline

AWS Command Line Tool

 

 

Management Tools

AWS provides a broad set of services that help IT administrators, systems administers, and developers more easily manage and monitor their AWS infrastructure. Using these fully-managed services, you can automatically provision, configure, and manage your AWS resources at scale. You can also monitor infrastructure logs and metrics using real-time dashboards and alarms. AWS also helps you monitor, track, and enforce compliance and security.

Amazon CloudWatch

AWS CloudFormation

AWS CloudTrail

AWS Command Line Tool

AWS Config

AWS Management Console

AWS OpsWorks

AWS Service Catalog

Trusted Advisor

 

Security and Identity

AWS Identity and Access Management (IAM)

AWS Certificate Manager

AWS CloudHSM

AWS Directory Service

Amazon Inspector

AWS Key Management Service

AWS WAF

 

Application Services

Amazon API Gateway

Amazon AppStream

Amazon CloudSearch

Amazon Elastic Transcoder

Amazon FPS

Amazon SES

Amazon SNS

Amazon SQS

Amazon SWF

 

Game Development

Amazon Lumberyard

 

Software

AWS Marketplace

 

How to learn AWS ? 

To learn Amazon AWS, you need the following.

An AWS free tier account .

Putty  & Putty keygen / Moba Xterm Home Edition.

 

Start Amazon AWS with IAM – Part 2

AWS 

Let’s start the amazon AWS journey with IAM service. IAM (Identity Access Management) is web service which provides the access to Amazon AWS console and helps you securely control access to AWS resources for your users. If you would like to start learning about AWS , IAM is the first component which is exposed at the beginning of AWS journey. Identity Access Management allows you to manage users and their level of access to the AWS console. It is important to understand IAM and how it works  for administrating a companies AWS account in real life. You use IAM to control who can use your AWS resources (authentication) and what resources they can use and in what ways (authorization).

 

 AWS – IAM 

 

IAM provides/supports:

Centralized Control of AWS account

Integrates with Many different AWS Services

Granular Permissions

Identity Fedraration which includes Active Directroy/ LDAP.

Multifactor Authentication

Provide temporary access for users/devices and services where necessary

Allows you to set up your own password rotation policy

Shared  Access to your AWS account

Supports PCI DSS compliance.

 

You need to understand few terms about IAM . This is not different from what we have seen in Unix account management/ Windows AD account management.

Users

An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS. A user in AWS consists of a name and credentials.

 aws-iam-users 

 

Groups:

An IAM group is a collection of IAM users. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. A Collection of users under one of permissions or access to specific set of up resources.

 IAM – Groups 

 

Roles:

An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.  You create roles and can then assign them to AWS resources.

 aws-iam-roles 

 

Polices:

To assign permissions to a user, group, role, or resource, you create a policy, which is a document that explicitly lists permissions.Policies are documents that are created using JSON. A policy consists of one or morestatements, each of which describes one set of permissions.

 IAM – Policy 

 

Hope you have basic idea about the Amazon AWS IAM . Off-course reading the theory will not give you any sort of confidence on AWS. In the upcoming article ,we will see that how to get access to free Amazon AWS account . You need to provide the credit card details in an order to get the AWS account even though single instance is free for one year.

Setup Amazon AWS – Free Tier Account – Part 3

AWS 

Amazon AWS offers free tier account to experience their services for one year without any charges . The customers who have doubt about amazon offerings , they can simply sign-up and start testing the capability of AWS. You could also test your applications using free tier account. But you needs to be very careful on the resource usage. When you elapse the free resource usage limit, amazon will simply charge you from credit card without giving any warning. You have to keep eye on resource usages and billing . There is a way to configure the billing alerts which we will see later part of AWS tutorial.

This article also guides you to create free tier amazon AWS account.

Here is the some of the important services which is available on AWS free tier account.

Compute

Storage & Content Delivery

Database

Analytics

Mobile Services

Internet of Things

Developer Tools

Management Tools

Security & Identity

Application Services

 

Limitation of AWS Free Tier account: 

There is a limitation with free tier account when it comes to resource utilization.

Compute:

 amazon-aws-free-tier-compute 

 

Only Cent OS, Debian & Ubuntu operating systems instances are eligible to run on Free tier account. All the Windows variants are not eligible for the free tier 

 

Storage:

 amazon-aws-free-tier-storage 

 

Database:

 amazon-aws-Free tier database 

 

 

Analytics:

 amazon-aws-free-tier-analytics 

 

The other free tier services also have some sort of restriction on free tier AWS account. You can find more information on Amazon AWS website.

 

Creating the Amazon AWS Free-Tier account: 

Creating Amazon AWS free tier account is very simple.

1. Sign up for an AWS account.

 sign-up-aws-account 

 

2. Create the account password.

 enter-name-account-password 

 

3.  Enter your billing address .

 enter-contact-information-and-create-account 

 

 

4. Enter your credit card information. You will not be charged unless your usage exceeds the free tier limits.

 enter-credit-card – info 

 

5. Enter PAN card details and continue.

 enter-pan-details 

 

6. Enter you mobile number for identity verification and click on call me now.

 identity-verification 

 

7. You will be getting automated voice call from Amazon webservices to enter the 4 digit PIN which you will get on the screen.  (Once you click on “Call Me Now button, it display 4 digit PIN)

 identity-verification 

 

8. Select the basic support plan which is free.

 Amazon Support Plans 

 

9. Your registration is completed successfully. You should be able to login to the AWS console now.

 AWS registration-complete 

 

In the upcoming article, we will launch free  EC2 Cloud instances after logging in to AWS console.

Hope this article is informative to you . Share it ! Comment it !! Be Sociable !!!

Amazon AWS Dashboard and Setup IAM – Part 4

AWS 

This article will walk you through the Amazon AWS dashboard along with setting up  IAM  (Identity Access Management ).  It has legacy and modern dashboards which can be set by users at their convenient. I will be using latest dashboard during this tutorial. Once you have signed in to AWS console , you need to setup IAM to enable more security features to your account. The root account is simply the account created when first setup your AWS account and it has complete Admin access. So its essential to enable security features like MFA (Multi-Factor-Authentication) and configuring additional root users on that account.  IAM consists users, groups , polices documents  and roles. This is similar to users management on any Unix or windows operating system.

Let’s walk you through the virtual LAB.

AWS – Web Console 

1.Login to Amazon AWS console using email account.

 sign-in-to-amazon-aws-console 

 

2. Once you have logged in , setup the near by AWS region for better performance. By default, AWS selects Oregon region and I have set it to “Asia Pacific (Mumbai)” which is near to my location.

 select-near-by-region 

 

3. Here is the AWS console Home Page. You could only see “solutions” are displaying in home console instead of AWS services when you compare to old console.

 amazon-console-home-page 

 

4. To see all the AWS services, click on “All services” which is below to the search bar. You could also click on “Services” from menu to see the available AWS services.

 amazon-aws-all-services-link 

 

5. Click on “IAM” from “Security & Identity” tab  to enable security features to the root account. The below video will help you understand how IAM works and why it’s so important in AWS .

 

Setup IAM (Identity Access Management)

Action items: 

Customize the direct Console URL.

Enhance Account  Security.

 

Customize the direct Console URL 

1. Here is the “IAM”  Management console for brand new AWS accounts. AWS offers the direct console access to access every account. You can set the preferred URL for your account.  Click on “customize”  to setup new URL for direct console.

 iam-console-link-customize 

 

2. Enter new custom URL part.

 New-direct-console-url 

 

3. Here is the new direct console URL for your AWS account.

 new-direct-console-url 

 

Enhance Account  Security:

Action items : 

Activate MFA on your root account

Create individual IAM users

Users group to assign permissions

Apply an IAM policy

 

Activate MFA on your root account:

 

1. Select “Activate MFA on your root account”  tab and Click on Manage MFA .

 manage-mfa-aws 

 

2. Select the MFA type as virtual. Hardware MFA device require physical RSA token or similar to that.

 select-virtual-mfa-device-aws 

 

3. Follow the link to see the supported devices for virtual MFA. Click  on Next to step to continue.

 manage-mfa-devices 

 

4. Here is your QR.

 qr-codes-AWS 

 

5. Here is the supported MFA applications for AWS.

 supported-virtual-mfa-applications 

 

5. Take your  smart phone and install “Google Authenticator” . If you have Android smart phone, download fro google play.

 

6. Choose SCAN QR in google authenticator  and scan the QR code which is displaying in your laptop. (Refer Step 4)

 

7. Enter the Authentication code 1 from Google Authenticator app.

 qr-code-and-enter-authentication-code-1-2 

 

You must enter code2 which is next available random codes from google authenticator. Once it’s done, Activate Virtual MFA.

 

8. On Successful activation, You will get message like below.

 mfa-device-successfully-setup 

 

9. Refresh the screen to see the latest security status.

 Security Status – IAM – AWS 

 

We will continue the following actions demonstrations on upcoming articles.

Create individual IAM users

Users group to assign permissions

Apply an IAM policy

AWS IAM – Users – Group – Policies- Management – Part 5

AWS 

AWS IAM (Identity Access Management) allows you to create the new users , groups and delegates the roles to users and groups using policy documents. AWS policy documents are written in simple JSON (JavaScript Object Notation) language and it’s easy to understand. The policies  are readily available and we are not expected to write JSON (JavaScript Object Notation) scripts. This article will walk you through creating the new users account , groups and attaching polcies to groups. It will also demonstrates that how to attach the policies to the individual users and groups. In the IAM setup part, the following actions needs to be completed to enable all 5 security features to the AWS account.

 

Delegate your root access keys (It will be marked as green as part of account setup)

Activate MFA on your root account  (Completed  – Refer part 4 )

Create individual IAM users (Part 5 )

Users group to assign permissions  (Part 5 )

Apply an IAM policy  (Part 5 )

 

Let’s begin the AWS LAB.

1. Login to AWS console and Navigate to IAM from security & identity tab. (Refer Part 4)

 Security Status – IAM – AWS 

Click on Manage users.

 

2.Click on Add user tab.

 add-user-console-aws 

 

3. Enter the user name . Click on “Add another user” link to add multiple users at same time.

 enter-the-iam-users-names 

 

4. Select the access type for users. You have option to auto-generate the account password and force to change at first login.

 select-the-access-type-for-new-users 

 

5. We shall create the group later. Just click on “Next” to review the accounts.

 click-next-to-review 

 

6. Review the accounts and click “Create Users” to create the account.

 review-the-accounts-and-create-users 

 

7.Download the CSV file which contains the user secret access keys and passwords. There is no way to fetch those keys and passwords once you close the wizard. You might need to re-generate it from root account  if you lost the credentials.

 download-users-credentials-and-secret-access-key 

 

8.Here is the list of users which we have created.

 users-list- AWS IAM 

We have successfully created users on AWS IAM.

 

9. Let’s begin to mange the groups.

 manage-groups-AWS IAM 

 

10.Click on Create New group tab .

 aws-iam-groups 

 

11. Enter the group name.

 enter-the-new-group-name-iam-aws 

 

12.We will attach the policies later if required.

 skip attach-policy 

 

13. Review and create the group.

 review-and-create-the-group-iam-aws 

 

14. Here is the newly created group.

 iam-aws-group-listing 

 

We have successfully created new group on AWS IAM.

 

Adding users to GROUP:

Let’s add the newly created users to group UASUPPORT.

1. Select the group and click on group action. Select “Add users to group”.

 add-users-to-group 

 

2. Select users which are need to be part of “UASUPPORT”  group and click on  “Add users”

 select-users-for-group 

 

3. Here you can see that all three users are added to the group.

 users-added-in-group 

 

 

Attach polices to group: 

Attaching policies to group is best practice instead of directly attaching to individual users. That’s the reason we have skipped attaching the policy while creating the users. Let’s see how we can attach the administrator policy to group UASUPPORT.

1.Click on Policies. Search for “AdminstratorAccess” policy  and select it. From the “Policy Actions” menu , click on Attach .

 attach-policy-administrator-access 

 

2.Select group and click on  “Attach policy”.

 attach-policy-to-group 

 

3.Here you can see that group “UASUPPORT”  has been successfully attached policy “Administrator Access” . Now all the users under that group will equivalent to root users.

 policies-listing 

 

Let’s have a closer look on policy documents.

1.Click on the policy name (AdministratorAccess).

 just-look-at-the-json-coding-policy 

 

2. Just click on Attached Entities to see where these policy is used.

 policy-attached-entities 

 

 

Apply IAM Password Policy:

Let’s configure the password policy.

 apply-an-IAM-password-policy 

 

Click on Manage password policy which will take you to the below screen.  You can configure according to your requirement. I have highlighted my changes in the password policy.

 iam-password-policy 

 

Just go back to IAM dashboard and look at the security status. You should see something like below.

 security-status-green 

 

We have successfully setup AWS IAM . You could test the user login credentials using direct URL which we have customized earlier . In the upcoming article, we will dig in to S3 (AWS Storage servcie).


Comments

Post a Comment

Popular posts from this blog

CCNA Router and Catalyst Switch IOS Command Reference

By -
CCNA Router and Catalyst Switch IOS Command Reference By Jamison Schmidt This reference guide provides router and switch commands to help you prepare for Cisco's CCNA certification exam. This guide covers IOS version 11 and higher. We will try to get VLSM and Supernetting commands added for the new 640-801 CCNA exam. Reference Quick Links Router Commands Show Commands Catalyst Commands Router Commands Terminal Controls: ·   Config# terminal editing - allows for enhanced editing commands ·   Config# terminal monitor - shows output on telnet session ·   Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks Host Name: ·   Config# hostname ROUTER_NAME Banner: ·   Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message Descriptions: ·   Config# description THIS IS THE SOUTH ROUTER - can be entered ...
Read more

Network Technologies

By -
Image
Common Networking Protocols TCP - TCP breaks data into manageable packets and tracks information such as source and destination of packets. It is able to reroute packets and is responsible for guaranteed delivery of the data. IP - This is a connectionless protocol, which means that a session is not created before sending data. IP is responsible for addressing and routing of packets between computers. It does not guarantee delivery and does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of higher layer protocols such as TCP. UDP - A connectionless, datagram service that provides an unreliable, best-effort delivery. ICMP - Internet Control Message Protocol enables systems on a TCP/IP network to share status and error information such as with the use of PING and TRACERT utilities. SMTP - Used to reliably send and receive mail over the Internet. FTP - ...
Read more

About myself

By -
With a track record of delivering innovative IT solutions and optimizing technology infrastructure, Prashant Shrivastava is the driving force behind the organization's digital transformation journey from 2007. Expertise in ERP Implementation: Prashant Shrivastava brings a wealth of experience in Enterprise Resource Planning (ERP) implementation, having successfully overseen multiple projects. ERP systems are vital for streamlining business processes, enhancing data visibility, and improving decision-making. He possesses a deep understanding of ERP modules, such as finance, human resources, supply chain, and customer relationship management, ensuring seamless integration across all departments. Infrastructure Administration and System Administration: As a Head of IT, Prashant Shrivastava has a strong foundation in both Infrastructure and System Administration. This expertise includes managing servers, networks, databases, and ensuring the overall stability and security of the IT env...
Read more