03. AWS Fundamentals

Public vs Private Services

AWS Global Infrastructure

AWS Website: https://www.infrastructure.aws/

  • Region: AWS has the concept of a Region, which is a physical location around the world where they cluster data centers.

  • Edge Locations: A site that CloudFront uses to cache copies of your content for faster delivery to users at any location.

Global Services:

  • Route53, IAM

AWS Regions - Provides Resiliency:

  • Geographic Separation - Isolated Fault Domain

    • If anything terrible should happen such terrorist attack, natural disaster, it wouldn't affect another. This is one of the way AWS achieves fault tolerance and stability.

  • Geopolitical Separation - Different governance

    • By picking a reason you will be affected by the laws and regulations of the region your infrastructure is stored in.

    • AWS commits that if you pick one region, it will stay in that region. (However, there are nuances to that.)

  • Location Control - Performance

    • Get as close to your customer as possible for better customer experience

  • AWS Regions provides resiliency.

    • If Sydney region gets affected and is down for some reasons, it won't affect the infrastructure available in North. Virginia (if you have that placed there).

AWS Availability Zones (AZs)

  • Inside every Region, AWS provides multiple Availability Zones.

    • It could be 2,3,4,5, or even 6 AZs in a Region.

  • AZs are isolated compute, storage, network, power and facilities within a region. An AZ could be a data center but it could also be multiple data centers. It is a logical construct inside AWS. AWS doesn't give you the visibility what an AZ is.

  • As a solution architect, you should design solutions that are distributed among AZs and resilient.

Service Resilience

  • Globally Resilient:

    • When it takes the whole world to fail, it is a globally resilient service.

    • Example: IAM, Route53

  • Region Resilient:

    • If you create one RDS DB in Sydney and one in Mumbai, both are different.

    • When you distribute your infrastructure among Regions, so if one fails, it won't impact others.

  • AZ Resilient:

    • Services can be placed among multiple AZs to make them resilient.

    • If a service is provisioned in one AZ fails, the service will fail.

    • Virtual Private Cloud (VPC) is a way to create a private network and this can work across multiple AZs to provide resilience.

Virtual Private Cloud (VPC)

  • A VPC = A Virtual Network inside AWS

  • A VPC is within 1 account & 1 region

  • Regionally resilient

  • Private and Isolated unless you decide otherwise

  • Two types - Default VPC and Custom VPCs

    • You can have only one Default VPC per region.

    • But you can have many custom VPCs per region.

  • VPC is used to connect AWS private network to your on-premises network when creating a hybrid environment

  • This service is also used to connect to other cloud platforms when you are creating a multi-cloud deployment.

Default VPC

  • A default VPC is created once per region when an AWS account is first created.

  • There can only be one default VPC per region, and they can be deleted and recreated from the console UI.

  • They always have the same IP range and same '1 subnet per AZ' architecture.

  • The way VPCs provide resilient is they are sub-divided into subnets. Each subnet inside of VPC is located in one AZ in that region. This is set on creation and can never be changed.

Default VPC Facts

  • One per region - can be removed & recreated

  • Default VPC CIDR is always 172.31.0.0/16

  • /20 Subnet created in each AZ in the region

  • Internet Gateway (IGW), Security Group (SG) & NACL

  • Subnets assign public IPv4 addresses

Elastic Compute Cloud (EC2) Basics

  • IAAS - Provides Virtual Machines => Instances