2. 2
2
AWS Introduction
What is AWS
Alternatives
Open Source
Core Concepts
Hands on
Cost Calculator
Training & Certifications
XXI NEOCOM
3. 3
Speaker :: Angel Borroy
• Computer Engineer by the University of Zaragoza (EINA, 1999)
• Working as Senior Software Engineer for Alfresco in Hyland
• 20+ years developing software
• Open-Source enthusiast!
5. 5
What is AWS
Amazon Web Services (AWS) provides cloud-based products with a pay-as-you-go pricing.
A Cloud Services Platform, like AWS, owns and maintains the network-connected hardware required for the cloud
products while the customer provision and use required resources via an application.
Types of Cloud Computing
Cloud Computing Models
• IaaS
• PaaS
• SaaS
Cloud Computing Deployment Models
• Cloud
• Hybrid
• On-premises
8. 8
Using AWS
• Web Console using a browser: https://aws.amazon.com
• Command line client (AWS Command Line Interface): https://aws.amazon.com/cli/
• SDKs: JavaScript, Python, PHP, .NET, Ruby, Java, Go, Node.js, C++ https://aws.amazon.com/getting-started/tools-
sdks/
AWS Service Endpoints (REST API)
protocol://service-code.region-code.amazonaws.com
• protocol: http or https
• service-code: ec2, s3, vpc, lambda, route53, rds, apigateway, amplify…
• region-code: us-east-1, ap-south-1, eu-west-1…
>> Europe (Ireland) is eu-west-1, so to use EC2 service:
https://ec2.eu-west-1.amazonaws.com
9. 9
Amazon Resource Names (ARN)
Amazon Resource Names (ARNs) uniquely identify AWS resources.
Used to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database
Service (Amazon RDS) tags, and API calls.
Format
arn:partition:service:region:account-id:resource-id
• partition: aws, aws-cn or aws-us-gov (group of AWS Regions)
• service: ec2, s3, vpc, lambda, route53, rds, apigateway, amplify…
• region: us-east-1, ap-south-1, eu-west-1…
• account-id: 123456789012 (ID of the AWS account owner of the resource)
• resource-id: instance/i-1234567890abcdef0 (ID of the resource)
>> Europe (Ireland) is eu-west-1, so the ARN of an EC2 instance:
arn:aws:ec2:eu-west-1:123456789012:instance/i-1234567890abcdef0
12. 12
Free Tier
AWS Free Tier
• 750 hours of Linux or Windows micro instances
• 1GB of memory, 15GB of bandwidth, a load balancer, and access to a database, caching, and other tools
• Free resources will renew for 12 months
Microsoft Azure Free Tier
• 750 hours of Linux or Windows machines
• Ample storage, SQL database, 15GB of bandwidth
• Several other popular services are free for at least 12 months, and new customers also receive a $200 credit to try
any other service for 30 days
Google Cloud Platform Free Tier
• One month of a micro instance
• 30GB of storage, plus a 12-month free trial with $300 credit to try any service
• Limited access to many common tools is provided for free, always
16. 16
Amazon forked Elasticsearch and Kibana!
Amazon Why Open Distro for Elasticsearch
• Elasticsearch development has shifted to non-open source licenses
• Open Distro for Elasticsearch provides an open source, community-
driven distribution
• We are maintaining forks based on Elasticsearch and Kibana 7.10 while
continuing to build functionality into plugins and tools
Elastic Why we had to change Elastic licensing
• There is only one Elastic Cloud
• Software from the source
• Support from the creators
• Engaged Community
• Exclusive capabilities
“The Amazon Elasticsearch Service offers a subset of the functionality, choice and support
capabilities of Elastic. Rest easy knowing Elastic, the company behind Elasticsearch, is backing
your mission-critical deployments with our experts, solutions, support and roadmap”
18. 18
Core Concepts
• IAM Identity and Access Management: Manage accounts and permissions
• VPC Virtual Private Cloud: Networking layer with Security Groups
• S3 Simple Storage Service: Cloud storage placed into Buckets
• EC2 Elastic Compute Cloud: Named as instance, is a virtual private server
• AMI Amazon Machine Image: Immutable image used to launch a preconfigured EC2 instance
• Elastic IPs: Assigned IP addresses
• Load Balancers: Single point of contact for clients
• RDS Relational Database Service: Managed service (PostgreSQL, MariaDB, MySQL, Oracle, SQLServer and Aurora)
• Lambda allows to define functions invoked via triggers (SNS notification, API invocation…)
• API Gateway allows to create RESTful APIs or WEBSOCKET APIs
• Route 53 is AWS DNS Service, and it allows to register domain names
• Amplify is a set of tools to connect a backend with the UI components
• CloudFormation provides templatized configuration of collections of AWS Resources
• Containers are supported by EC2, ECS and EKS services
19. 19
IAM
• IAM identities
• Users: people or services using AWS
• Groups: sets of users
• Roles: permissions assigned to AWS Service instances
• IAM permissions are named policies
• Identity-based
• Resource-based
• Permissions boundaries
• Organizations Service Control Policies (SCPs)
• Access Control Lists (ACLs)
• Session policies
• IAM authentication
• Passwords
• Access keys
• Multi-factor authentication (MFA)
Policy
https://aws.amazon.com/iam
20. 20
VPC
• For basic AWS use, one default VPC may be enough
• Security groups
• Access policy is “deny by default”
• Open selected ports (SSH 22, HTTP 80, HTTPs 443) using CIDRs (Classless Inter-Domain Routing)
• Consider using a Load Balancer
• Other components
• Subnet: segment of VPC IP address range
• Internet Gateway: connection to public Internet
• NAT Gateway: NAT service in a private subnet to access Internet
https://aws.amazon.com/vpc
21. 21
S3
• Despite EC2 Instances mount local volumes for storage (EBS or EFS), S3 is the service for Cloud Storage
• Objects are placed into named buckets stored with names called keys. The main content is the value.
• It’s a common practice to write S3 locations as S3 URIs
s3://bucket-name/path/to/key
• S3 Capacity can be considered unlimited
• Permissions for a bucket can be specified as IAM Policies for operations, Bucket Policies for the access to the bucket
and ACLs for every object inside the bucket
• S3 buckets are always outside the VPC, so bucket policies are required
• Other types of AWS Storage
• EBS Elastic Block Secure (performance)
• Glacier Storage for archiving and backup
• EFS Elastic File System (scalability)
https://aws.amazon.com/s3
22. 22
EC2
• An EC2 Instance can run Linux, Windows and Mac OS operating systems
• An Amazon Machine Image AMI is a template that contains a software configuration (for example, an operating
system, an application server, and applications)
• From an AMI, you launch an Instance, which is a copy of the AMI running as a virtual server in the cloud
• Several Instance Types to run your instances
• General Purpose: Mac, T4, T3, T2, M6, M5, M4, A1
• Compute Optimized: C6, C5, C4
• Memory Optimized: R6, R5, R4, X1, z1
• Accelerated Computing: P4, P3, P2, G4, G3, F1
• Storage Optimized: i3, i2, D2, D3, H1
• Virtualization or Bare Metal instances are available
• For every new instance at least one SSH key pair needs to be set up
• An instance can be stopped (reusable) or terminated (deleted)
https://aws.amazon.com/ec2
23. 23
RDS
• Managed relational database service, allowing you to deploy and scale databases more easily
• As when using EC2, there are several Instance Types to run your instances
• Common deployment scenario includes 1 VPC with 2 Subnets
https://aws.amazon.com/rds
24. 24
Lambda
https://aws.amazon.com/lambda
• Serverless compute service that runs your code in response to events and automatically manages the underlying
compute resources for you
• The code you run on AWS Lambda is called a Lambda function
• After you upload your code to AWS Lambda, you can associate your function with specific AWS resources
• Lambda function code can be written in Python, .NET, Ruby, Java, Go and Node.js
https://github.com/srcecde/aws-lambda-cheatsheet
SERVERLESS
25. 25
API Gateway
• Scalable, secured front-end for service APIs
• Common scenario working with Lambda and EC2 instances to provide serverless deployment
• This service only supports HTTPs endpoints
• API Types
• RESTful APIs
• REST APIs
• HTTP APIs: RESTful APIs with lower latency and lower cost than REST APIs
• WebSocket APIs
• Bidirectional
• Client send messages to a service
• Service can independently send messages to clients
https://aws.amazon.com/api-gateway
MICROSERVICES
26. 26
Route 53
• Supports all the standard DNS record types
• Limitations
• It’s not available over VPC
• It doesn’t provide forwarding options for domains used on premise
• It doesn’t support private zone transfer
• example.com >> cloud.example.com
• Supported services
• EC2 Instance
• S3 Bucket
• Load Balancer
• CloudFront
• API Gateway
https://aws.amazon.com/route53
HYBRID CLOUD
27. 27
Amplify
• Set of tools and services used to build full stack applications:
• Configure backends
• Connect frontend applications to backends
• Deploy static web applications
• Support for popular web frameworks: JavaScript, React, Angular, Vue, Next.js, Android, iOS, Ionic
https://aws.amazon.com/amplify
28. 28
Cloud Formation
• Manage sets of resources from AWS Services grouped in Stacks
• Stacks are defined in JSON or YAML
• Provides a Cloud Formation Designer interface
https://aws.amazon.com/cloudformation
INFRASTRUCTURE AS CODE
29. 29
Containers
• Docker and the containerization changed deployment methods
• AMIs and boot scripts are replaced by Docker Images
• Amazon ECR (Elastic Container Registry) provides a private Docker Image Registry
• Amazon ECS (EC2 Container Service) allows to manager cluster of services deployed via Docker.
• However currently many users are using raw EC2 Instances to deploy Docker Images
• Amazon EKS (Elastic Kubernetes Service) provides managed Kubernetes Cluster to deploy K8s services and Pods
using EC2 Instances
https://aws.amazon.com/containers
CONTAINERIZATION
31. 31
Hands on
• Build a Basic Web Application
• Step by step tutorial
• Covering Amplify, Lambda, API Gateway, IAM and DynamoDB
• Cloud Formation
• Analyzing a real use case
• Scaling up
• Additional use cases
33. 33
Sample use case: Build a Basic Web Application
Sample available in AWS web site:
https://aws.amazon.com/getting-started/hands-on/build-web-app-s3-lambda-api-gateway-dynamodb/
34. 34
Sample use case: Create Web App
Deploy static resources for your web application using the AWS Amplify Console
Create a simple HTML file named index.html and compress it with ZIP (index.html.zip)
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Hello World</title>
</head>
<body>
Hello World
</body>
</html>
Access to Amplify Console in Ireland zone:
https://eu-west-1.console.aws.amazon.com/amplify/home?region=eu-west-1#/
Deploy the web application without Git provider.
35. 35
Sample use case: Build a Serverless Function
Create a Lambda function from scratch using the AWS Console in JavaScript
Access to Lambda Console in Ireland zone and Create Function HelloWorldFunction
https://eu-west-1.console.aws.amazon.com/lambda/home?region=eu-west-1#/functions
Replace default index.js code with the following one:
// Define handler function, the entry point to our code for the Lambda service
// We receive the object that triggers the function as a parameter
exports.handler = async (event) => {
// Extract values from event and format as strings
let name = JSON.stringify(`Hello from Lambda, ${event.firstName} ${event.lastName}`);
// Create a JSON object with our response and store it in a constant
const response = {
statusCode: 200,
body: name
};
// Return the response constant
return response;
};
36. 36
Sample use case: Build a Serverless Function
Test the Lambda function using the AWS Console in JavaScript
Use Test tab to create a new Event named HelloWorldTestEvent with the following body:
{
"firstName": "Ada",
"lastName": "Lovelace"
}
Click Invoke button to execute the Lambda function
37. 37
Sample use case: Link a Serverless Function to App
Deploy a serverless function using the AWS Console
Access to API Gateway Console in Ireland zone and Create API HelloWorldAPI
https://eu-west-1.console.aws.amazon.com/apigateway/main/apis?region=eu-west-1
Create a POST method associated to the Lambda function
Actions
• Enable CORS
• Deploy API in stage dev
38. 38
Sample use case: Link a Serverless Function to App
Deploy a serverless function using the AWS Console
Test the REST API in Resources option using a default Request Body
39. 39
Sample use case: Create a Data Table
Create a DynamoDB table using the AWS Console
Access to DynamoDB Console in Ireland zone and Create table HelloWorldDatabase with Primary key ID
https://eu-west-1.console.aws.amazon.com/dynamodb/home?region=eu-west-1#
Access to Lambda Console in Ireland zone and Add IAM Policy
https://eu-west-1.console.aws.amazon.com/lambda/home?region=eu-west-1#/functions
40. 40
Sample use case: Create a Data Table
Access to Lambda Console in Ireland zone and Modify Lambda function
https://eu-west-1.console.aws.amazon.com/lambda/home?region=eu-west-1#/functions
const AWS = require('aws-sdk');
let dynamodb = new AWS.DynamoDB.DocumentClient();
let date = new Date();
let now = date.toISOString();
exports.handler = async (event) => {
let name = JSON.stringify(`Hello from Lambda, ${event.firstName} ${event.lastName}`);
let params = {
TableName:'HelloWorldDatabase',
Item: {
'ID': name,
'LatestGreetingTime': now
}
};
await dynamodb.put(params).promise();
const response = {
statusCode: 200,
body: name
};
// Return the response constant
return response;
};
41. 41
Sample use case: Create a Data Table
Create a DynamoDB table using the AWS Console
Invoke Test again from Lambda Console
Verify the new row has been inserted from DynamoDB Console
42. 42
Sample use case: Update Web App
Deploy static resources for your web application using the AWS Amplify Console
Modify the HTML file named index.html and compress it with ZIP (index.html.zip)
fetch("https://v75gajngfa.execute-api.eu-west-1.amazonaws.com/dev/", requestOptions)
Access to Amplify Console in Ireland zone:
https://eu-west-1.console.aws.amazon.com/amplify/home?region=eu-west-1#/
Update deployment and test it:
https://aws.amazon.com/getting-started/hands-on/build-web-app-s3-lambda-api-gateway-dynamodb/module-five/?e=gs2020&p=build-a-web-app-intro
50. 50
Training & Certifications
Certifications
Training for certifications
Training is offered by AWS themselves (mainly instructor-led and on-site) and various third-party companies (usually as video-
based training) such as A Cloud Guru, CloudAcademy and Linux Academy.
51. 51
References
Official AWS Documentation
https://docs.aws.amazon.com
Short Open Guide for AWS
https://github.com/open-guides/og-aws
Source Code
https://github.com/aws
https://github.com/awslabs
https://github.com/aws-samples
Book ”Amazon Web Services for Dummies”
https://www.amazon.com/Amazon-Services-Dummies-Bernard-Golden/dp/1118571835
Book “Effective DevOps with AWS”
https://www.amazon.com/Effective-DevOps-AWS-incredible-productivity/dp/1786466813/