Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses grow.
If you are responsible for running a web application, you face a variety of infrastructure and architecture issues for which AWS can give you easy, seamless, and cost-effective solutions. This section provides you with a list of Amazon Web Services and components, and it explains the value they add in meeting the challenges you’ll face in this example solution. We break this down into the following sections: computing resources, security, monitoring, networking, and fault-tolerance.
Web services are sometimes called cloud services or remote computing services.
Cloud computing is providing developers and IT departments with the ability to focus on what matters most and avoid undifferentiated work like procurement, maintenance, and capacity planning. As cloud computing has grown in popularity, several different models and deployment strategies have emerged to help meet specific needs of different users. Each type of cloud service, and deployment method, provides you with different levels of control, flexibility, and management.
When you deploy an on-premises solution, you need to buy a computer with an operating system, software, and hardware that match your needs. When you deploy your solution on Amazon Web Services, you select an Amazon Machine Image (AMI) and then use it to deploy a virtual server known as an Amazon Elastic Compute Cloud (EC2) instance. An AMI is a template that contains a software configuration (e.g., operating system, application server, and applications). For example, an AMI might contain all the software to act as a web server (e.g., Linux, Apache, and your website). A large selection of public AMIs is available from Amazon and the Amazon EC2 community. You can find an AMI that most closely matches your needs and then customize it. You can save this customized configuration to another AMI, which you can in turn use to launch new Amazon EC2 instances whenever you need them.
Storage can be an integral part of an Amazon EC2 instance, or it can be an independent component whose lifetime is managed separately from the lifetime of the instance. There are AMIs for each storage strategy, and you will need to decide which type you want to use. When you launch your Amazon EC2 instances, you can store your root device data on the Amazon Elastic Block Store (Amazon EBS) or the local instance store. Amazon Elastic Block Store (Amazon EBS) is a durable, block-level storage volume that you can attach to a single Amazon EC2 running instance. Amazon EBS volumes behave like raw, unformatted, external block devices you can attach. They persist independently from the running life of an Amazon EC2 instance. Alternatively, the local instance store is a temporary storage volume and persists only during the life of the instance. You might use Amazon EBS-backed instances for web or database servers that keep state locally, and require the data to be available even if the associated instance crashes. You might use Amazon instance-store backed instances to manage traffic on large web sites where each instance is a clone. This is an inexpensive way to launch instances where data is not stored on the root device. To summarize the two key differences between these AMIs:
For more information about the differences between instance store-backed and Amazon EBS-backed instances, go to the Basics of Amazon EBS-Backed AMIs and Instances in the Amazon Elastic Compute Cloud User Guide.
Cloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data center and network architecture which is built to meet the requirements of the most security-sensitive organizations.
An advantage of the AWS cloud is that it allows customers to scale and innovate, while maintaining a secure environment. Customers pay only for the services they use, meaning that you can have the security you need, but without the upfront expenses, and at a lower cost than in an on-premises environment.
When you buy a new computer, you create a user name and password, which you then use to log in. Similarly, in AWS, you use a public/ private key pair to sign into your Amazon EC2 instance. The public key is embedded in your instance, and you use the private key to sign in securely without a password. When connecting to Amazon Linux instances, you initially sign in with a username of “ec2-user” or “root,” depending on the AMI you are using.
When you deploy your application, you’ll want to secure your system. For an on-premises deployment, you would normally specify the ports and the protocols in which users can access your application. In AWS, you do the same thing. AWS has security groups that act like inbound network firewalls so you can decide who can connect to your Amazon EC2 instances over which ports.
You may find that your application traffic varies during the day. For example, from 9 a.m. to 5 p.m., you may experience peak traffic; for the rest of the day, traffic may be much slower. As traffic levels change, it would be useful to continually adjust the number of computers running your application according to changes in traffic.
Auto Scaling is a web service designed to launch or terminate Amazon EC2 instances automatically based on user-defined policies, schedules, and health checks.
Auto Scaling helps you maintain application availability and allows you to scale your Amazon EC2 capacity up or down automatically according to the conditions you define. You can use Auto Scaling to help ensure that you are running your desired number of Amazon EC2 instances. Auto Scaling can also automatically increase the number of Amazon EC2 instances during demand spikes to maintain performance and decrease capacity during lulls to reduce costs. Auto Scaling is well suited both to applications that have stable demand patterns or that experience hourly, daily, or weekly variability in usage.
Auto Scaling can automatically launch and terminate instances on your behalf according to the policies that you have set. If you have defined a baseline AMI, Auto Scaling launches new instances with the exact same configuration. Auto Scaling can also send you notifications when it adds or removes any instances.
Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files generated by your applications. You can use Amazon CloudWatch to gain system-wide visibility into resource utilization, application performance, and operational health. You can use these insights to react and keep your application running smoothly.
You need to stay aware of the current performance and state of your resources. If your resources are not in the appropriate state, or if they can’t handle the traffic load, or if they are sitting idle, you need to be alerted so that you appropriate action can be taken when necessary. Amazon CloudWatch monitors AWS cloud resources and the applications you run on AWS. You can collect and track metrics, analyze the data, and react immediately to keep your applications and businesses running smoothly. You can use information from Amazon CloudWatch to take action on the policies that you set using Auto Scaling. For example, you can create an alarm that notifies you if your CPU utilization exceeds 95%. If the threshold is exceeded, Amazon CloudWatch sends an alarm, and Auto Scaling takes action according to the policy that you set. In this example, Auto Scaling can launch a new instance to handle the increased load. Similarly, you could set an alarm to notify you if your CPU utilization falls below a certain threshold. In that case, Auto Scaling could terminate an instance, saving you money.
You can monitor the status of your instances by viewing status checks and scheduled events for your instances. Automated status checks performed by Amazon EC2 detect whether specific issues are affecting your instances. The status check information, together with the data provided by Amazon CloudWatch, gives you detailed operational visibility into each of your instances.
You can also see the status of specific events scheduled for your instances. Scheduled events provide information about upcoming activities, such as rebooting or terminating an instance, that are planned for your instances, along with the scheduled start and end times of each event. To learn more about instance status, go to Monitoring the Status of Your Instances in the Amazon Elastic Compute Cloud User Guide.
AWS provides networking services to meet the needs of your applications. You can provision virtual servers, set up a firewall, configure Internet access, allocate and route IP addresses, and scale your infrastructure to meet increasing demand.
You can use the networking services with the storage, database, and application services to provide a complete solution for computing, query processing, and storage across a wide range of applications.
If you require multiple computers to host your web application, you need to balance the traffic across those computers. Elastic Load Balancing provides this service in the same way that an on-premises load balancer does. You can associate a load balancer with an Auto Scaling group. As instances are launched and terminated, the load balancer automatically redirects traffic to the healthy instances.
AWS assigns a URL to your AWS resources, such as your Elastic Load Balancer and your Amazon EC2 instances; however, you may want a URL that is more specific and easier to remember, such as www.example.com. To do so, you need to purchase a domain name from a domain registrar. After you purchase your domain name, you can use Amazon Route 53 to map your domain name to your AWS deployment.
You may want to provision a private, isolated network. You can use Amazon Virtual Private Cloud (Amazon VPC) to provision a private, isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you define. For example, if you are hosting a multi tier web application, you may want to customize the network configuration so that your web servers are public-facing and your database and application servers are in a private-facing subnet with no Internet access. The application servers and databases can’t be directly accessed from the Internet, but they can still access the Internet over a NAT instance so they can, for example, download patches.
You can control access between the servers and subnets by using inbound and outbound packet filtering provided by network access control lists and security groups. Some other cases where you may want to use Amazon VPC includes:
For more information on how to get started for using Amazon VPC, go to “Get started with Amazon VPC” in the Amazon Virtual Private Cloud (Amazon VPC) Getting Started Guide.
To make your web application fault-tolerant, you need to consider deploying your computers in different physical locations. It can be expensive to maintain the hardware in different physical locations for an on-premises solution. AWS offers resources in different Availability Zones and regions. Availability Zones are analogous to data centers. You can have multiple instances running in different Availability Zones so that if one Availability Zone becomes unavailable (e.g., due to a natural disaster), then all the traffic would be routed to another Availability Zone. There are multiple Availability Zones in each region.
It’s even more advantageous to spread your instances across the regions. If a region, including all of its Availability Zones, becomes completely unavailable, your traffic is routed to another region.
The following table summarizes the key challenges we face while developing a simple web application and the AWS services that address these challenges.
|Challenge||Amazon Web Services||Benefit|
|Need computers to run your application.||Amazon elastic compute cloud (EC2)||Amazon EC2 runs the web server and application servers.|
|Incoming traffic needs to be evenly distributed across computers to maximize the performance.||Elastic Load Balancing||Elastic Load Balancing support health checks on hosts, distribution of traffic to Amazon EC2 instances across multiple Availability Zones, and dynamic addition and removal of Amazon EC2 hosts from the load-balancing rotation.|
|Servers need to be provisioned to handle the peak capacity, but the unused cycles are wasted at some other times.||Auto Scaling||Auto Scaling creates capacity groups of servers that can grow or shrink on demand.|
|Servers need to be monitored for performance and state||Amazon CloudWatch||Amazon CloudWatch reports, metrics data for Amazon EC2 instances, and its metrics gathers are used by Auto Scaling.|
|Applications may require persistent storage.||Amazon Elastic Block Store (Amazon EBS)||Amazon EBS provides a persistent file system for web and application servers.|
The following table summarizes additional the challenges while developing a simple web application and the AWS components that address these challenges.
|Need a secure mechanism to connect to the computer.||Amazon Key Pair||A key pair is a security credential, similar to a password, which you use to securely connect to your instance after the instance running.|
|Need to provide security to protect application servers from outside malicious users.||Amazon Security Group|
An Amazon Security Group gives you control over the protocols, ports, and source IP address ranges that are allowed to reach your Amazon EC2 instances. Need to design with failover in mind. Availability Zones are distinct locations engineered to be insulated from failures in other Availability Zones. Each Availability Zone provides inexpensive, low-latency network connectivity to other Availability Zones in the same region.
|AWS Certified SysOps Administrator||AWS Certified Solutions Architect / Professional|
|AWS Certified Developer||AWS Certified DevOps Engineer|
|AWS Technical Essentials||AWS Database Migration Service|
|AWS Lambda 2016||and many more...|
Free Demo for Corporate & Online Trainings.