An introduction to architecting the cloud with AWS services
First up in our three-part series of experts tips on cloud architecture with AWS, taken from Packt’s title on Mastering AWS Development: an introduction to key AWS concepts like the AWS global infrastructure, AWS EC2 and IAM and bootstrapping.
This introduction to AWS is taken from the Packt title Mastering AWS Development.
The AWS Cloud provides a highly-scalable and fault-tolerant infrastructure on which to deploy web-based solutions, with minimal cost and administration, and more flexibility than your in-house infrastructure or datacenter capabilities:
AWS offers a very good number of infrastructure services. The previous fundamental diagram shows you the AWS terminologies and how AWS services can interact with each other and your web-based apps, to provide solutions to build, maintain, and deploy your applications, needs, a wide range of various technological serviceswhich will help you to deploy and manage your applications. Clients and customers always ask: what demonstrates a fully managed and flexible technical infrastructure platform? To start from scratch, you can search for the AWS platform, which delivers an industry-leading infrastructure platform with all the required features that Cloud brings. Also, AWS provides knowledge about how AWS satisfies custom requirements and why users might need each service capability provided by AWS.
AWS started contributing to their highly available infrastructure platform in 2006, based on the pay-as-you-go model. After that, whatever they have garnered as services and customers till now is remarkable because they have thousands and thousands of customers across 191 countries who use AWS platform services for their initiatives, and the number is increasing in the AWS customer bucket. AWS provided around 160 features and services in 2012 and around 280 in 2013. In 2014, the number is increasing further.
The AWS global infrastructure
At present, AWS supports nine regions all over the world, which are the East Coast of the U.S., the West Coast of the U.S., Europe, Tokyo, Singapore, Sydney, Brazil, 26 redundant Availability Zones, and 56 Amazon CloudFront points-of-presence, and this number is increasing with time.
It is very crucial and important to have an option to place apps as close as possible to your customers and end users when you create and deploy apps, by ensuring the best possible lowest latency and user expected features and experience for performance. For this, AWS provides regions worldwide. Specific regions are as follows:
- US East (Northern Virginia) region
- US West (Oregon) region
- US West (Northern California) region
- EU (Ireland) region
- Asia Pacific (Singapore) region
- Asia Pacific (Sydney) region
- Asia Pacific (Tokyo) region
- South America (Sao Paulo) region
- US GovCloud
Apart from infrastructure-level highlights, AWS have plenty of managed services, which can be the cream of the AWS candy bar! The managed services bucket has the following services:
Security: For every organization, security is a very vital element. For that, AWS has several remarkable security features, which distinguish it from other Cloud provides. The security features of AWS are as follows:
- Certifications and accreditations
- Identity and Access Management
Global infrastructure: AWS provides a fully-functional, flexible technology infrastructure platform worldwide with managed services with certain characteristics, for example:
- Multiple global locations for deployment
- Low-latency CDN service
- Reliable, low-latency DNS service
Compute: AWS offers a huge range of various Cloud-based core computing services, including a variety of compute instances, which can be automatically scaled to justify the needs of your users and application; a fully managed elastic load balancing service; and more fully managed desktop resources on the pathway of AWS Cloud. Some of the common characteristics of computer services include the following:
- Broad choice of resizable compute instances
- Flexible pricing opportunities
- Great discounts for compute resources are always on
- Lower hourly rates for elastic workloads
- Wide-range of networking configuration selections
- A widespread choice of operating systems
- Virtual desktops
- One can save as one grows, with the tiered pricing model
Storage: AWS offers low cost with high durability and availability with their storage services. The pay-as-you-go pricing model with no commitment provides more flexibility and agility in services and processes for storage with a highly secure environment. AWS provides storage solutions and services for backup, archive, disaster recovery, and many more. They also support block, file, and object kind of storages with highly available and flexible infrastructures. A few major characteristics of storage are the following:
- Cost-effective, high-scale storage varieties
- Data protection and data management
- Storage gateway
- Choice of instance storage options
Content delivery and networking: AWS offers a wide set of networking services, which enable us to create a logical isolated network that network architects define and, creates a private network connection to the AWS infrastructure, with fault-tolerant, scalable and highly available DNS services. It also provides delivery services to your end users for content by very low latency and with high data transfer speed with the AWS CDN service. A few major characteristics of content delivery and networking include the following:
- Application and media files delivery
- Software and large file distribution
- Private content
- Device detection
Databases: AWS offers fully managed, distributed relational, and NoSQL types of database services. Moreover, database services are capable of in-memory caching, sharing, and scaling with/without data warehouse solutions. A few major characteristics for databases include the following:
- SimpleDB and DynamoDB
Application services: AWS provides a variety of managed application services with low cost application streaming and queuing, transcoding, push notifications, searching, and so on. A few major services for databases include the following:
SWF, SES, SNS, SQS
Deployment & management: AWS offers the management of credentials to explore AWS services such as monitor services, application services, and updating stacks of AWS resources. They also have deployment and security services alongside the AWS API activity. A few major characteristics of deployment and management services include the following:
- Elastic Beanstalk
- Data pipeline
- Cloud Trail
Additionally, there are a couple more additional important services from AWS such as support, integration with the existing infrastructure, Big Data, and ecosystem, which put them on the top of other infrastructure providers. As a Cloud architect, it is necessary to learn Cloud service offerings and their all-important functionalities. Let’s look at AWS start up fundamentals and core technical concepts.
Regions and Availability Zones
AWS is a wide-ranging Cloud service provider, which empowers enterprises to start all phases of their business, ranging from small enterprise portals to large transactional data projects, and from mobile applications to gaming.
Failure can happen at any point in time and can affect the availability of instances, which reside in the same geographical locations. Although rare, if you are hosting your application in the same geographical location, you may experience this kind of failure, and your whole environment may be down at some point in time.
What are AWS regions?
AWS EC2 can be hosted in different locations worldwide. These multiple locations are created as regions. Amazon EC2 offers you the flexibility and ability to use resources, such as instances and databases, in multiple regions or geographical locations. However, resources won’t be replicated specifically across multiple regions until and unless you do it externally.
In the following screenshot, you can see the eight currently available regions now over the globe, which can accessible from anywhere. However, as per geographical conditions, the pricing is different for particular regions among various services. AWS services are also subject to this, AWS regions as well AWS services are not supported in each and every region. To check whether a service is available in a specific region, you can go to http://aws.amazon.com/about-aws/globalinfrastructure/regional-product-services/. There is one more region called “GovCloud”, which is for the U.S. citizens only. So, apart from U.S. citizens, nobody else can access that region.
Each AWS region is intended to be completely insulated from other AWS regions by geographical location. So this will achieve the high availability and stability with fault-tolerance. In most appropriate situations, it is good to deploy your apps as close as possible to your end users. For example, if the majority of your users are from the UK, it would be best to go with the EU (Ireland) region because it is the nearest one. Other points you need to consider when choosing the regions are legal clauses and costs.
All major AWS services (with the exception of CloudFront and Route 53) allow you to choose a region that you would like to work with. The default region will be N. Virginia. You can select the region by using the drop-down menu, as shown in the following screenshot.
After launching the resources, one can only view those resources tied to specified regions over the globe. As regions are totally insulated from other regions, resources won’t replicate automatically between multiple regions.
While working with an instance using the command-line interface (CLI) or API actions, you have to declare the regional endpoint and, if you are launching an instance, you have to select an Amazon Machine Image (AMI), which resides in the same region. If your AMI is in another region, you have to first copy that AMI to your existing working region to launch it. For the AWS EC2 endpoint, please refer to the following table:
Table 1.0 – AWS EC2 region wise endpoints
You can copy both types of AMI, AWS EBS-backed AMIs and instance-store-backed AMIs. You can copy AMIs into multiple regions whenever you want them. You can also copy an AMI into the same region for custom use. However, each AMI has a unique AMI ID, so if you copy an AMI from one region to another, it will work as a new AMI with a new unique ID. If you are communicating between multiple regions, it will be over the Internet. That’s why administrators or developers have to be careful about the communication channel, and they need to use proper encryption methods to protect their data. Data transfer charges will be applicable on both ends, sending the data from an instance and receiving it at the instance end.
What are AWS Availability Zones?
With AWS EC2, you can place instances in several geographically distinct locations. Locations are combinations of regions and Availability Zones (AZ). AWS EC2 Availability Zone locations can be within regions that are designed to be isolated from other zones’ failures. You can get some very good advantages such as low latency and cheap network connectivity while using EC2 Availability Zones within the same region.
The biggest advantage of, deploying your apps across multiple AZs make your architecture ready and fault-tolerant for unexpected outages. So if a breakdown occurs in a single Availability Zone and you deployed your app in multiple AZs, your app will remain accessible from different AZs. At the time of writing this chapter, there are a total of 25 AZs that exist all over the globe.
Tip: Availability Zone count can vary with time in regions because with time it increases based on the demand and infrastructure.
How to use AWS AZs
Every AZ will be running on its own infrastructure environment, with self-governing cooling, network with security, and power. AZs are not affected by common failures such as generators or cooling equipment failure. The great advantage of AZs is that they are physically separated so that disasters such as fire, floods, and tornadoes won’t affect more than one AZ. Every AZ may have a single or multiple data centers internally as per the infrastructure availability. Each AWS Account has independently mapped AZs, which can vary between different accounts. To map an IP address with AZs, you can use the Elastic IP addresses.
To check AZ statistics with regions, you can sign in to the AWS Management Console and go to the EC2 console. In EC2, the navigation bar will show you the regions and from those regions, you can check the associated Availability Zones when an instance or Amazon Elastic Block Storage (Amazon EBS) volume is going to be launched. If you don’t specify the AZ at the time of the instance launching, it will take the default AZ based on the available capacity and system health. To select and get optimal output from the AZs, you can consider the following architecture points as per the requirement. Though you can change your architectural design at any time, based on the traffic and user’s behavior on the Cloud, you need to focus on the price, consistency, site downtime, and performance. The following architecture use cases may be the most suitable for you:
- Simple failover: The most reasonable failover preference contains a running deployment of your application in a primary AZ. Backup deployment is arranged for launch in a different AZ, in a situation where the primary zone fails. The expected downtime is nearly 8-10 minutes after launching the backup deployment.
- Intermediary failover: A slightly diversified deployment is set up across two AZs; this works best for production deployments that cannot afford a 10-minute downtime.
- Advanced failover: This is the best choice for a deployment strategy that needs reliability with around 99-100 percent uptime. However, of course, this is the most costly of the three. This give you a continuously running site not withstanding a deleted instance and no reaction for your application infrastructure.
In this section, you will learn some of the business and technical specifications of AWS services, such as EC2, IAM, and the architectural terms of Amazon regarding infrastructures. Let’s start with the core services of AWS: Elastic Compute Cloud (EC2) and Identity & Access Management (IAM).