07/04/2021
AWS architecture overview
AWS is an online platform that provides scalable and cost-effective cloud solutions.
Servers are placed across the whole world inside 25 AWS regions, and 215 availability zones for disaster recovery purposes.
It is a pay-as-you-go pricing system, which means that you pay for the amount of usage.
Scalability (horizontal and vertical), high availability, performance, security, reliability are some of the features that AWS provides.
Widely used AWS services groups:
- Compute AWS services
- Storage AWS services
- Networking AWS services
- Security & Identity AWS services etc…
Compute services:
- EC2
- Elastic Beanstalk
- Lambda
- Others
EC2
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the AWS Cloud. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage.
When you reserve an instance you need to choose an instance type that consists of instance family and instance size.
Each family is optimized for some workflow, and based on your setup you should choose the appropriate one.
When choosing storage for your EC2 you have 3 options:
- Amazon EFS – shared file system for multiple instances
- Amazon EBS – detached block storage from your instances, snapshots are saved in S3
- Instance store – removed when an instance is terminated
For scaling purposes, AWS provides Auto Scaling Groups(ASG) and Load Balancers.
When defining ASG, you define the minimum, desired and maximum number of instances, AWS will add or remove instances based on your configuration example when the CPU reaches over 80%.
A load balancer is used for intelligent routing or requests, it can be internet-facing ( public ) or internal ( between private instances)
Storage AWS services:
- S3
- EBS
- EFS
- S3 Glacier
- Others
S3 general information:
- Object-based storage
- Objects are stored in buckets
- Data is stored across multiple devices
- 99.999999999% durability
- 99.99% availability
S3 Features:
- Static Website Hosting
- Cross-Region Replication
- Data encryption
- Security
- Versioning
- Emit event
Networking services
VPC is the main representative of this group. In the example above we defined a simple VPC with a private and public subnet. Internet-facing servers are configured in a public subnet, and private servers are not exposed to the internet, and so put inside a private subnet.
Nat gateway is one of the possibilities to provide internet to private servers without exposing them to the internet.
Route tables are used for request redirection inside VPC.
In this example, it is demonstrated how security inside VPC is handled. Before each subnet, we have Access Control Lists ( ACL) where we define inbound and outbound rules for accessing the subnet. The second level of security is Security groups, which are checked before reaching concrete instances or instances.
Security and identity services
IAM is the main representative of this group.
It is defined by Users, Groups, and Roles, each one of them can have attached permissions to it, and you can assign users to groups or add them roles.
To do some action on AWS, you need to have permission for it. It is defined by “least privilege” which means that by default users don’t have rights to anything and you need to specify and add one that you want to provide them with.
Examples:
A typical architecture for serverless development:
Mock example of Facebook architecture on AWS:
photo source: www.youtube.com