UNIT IV

Amazon Web Services

By
Prof. Mahesh Bhandari
VIIT, Pune
 Introduction
• Different IT service offered by Amazon as Web
Services, to the Public are known as “Cloud
Computing “
• By using Cloud Computing, it becomes
possible to invest low for heavy infrastructure,
• which in other cases requires lot more
investment and that too before time i.e. also
known as “on-demand low cost pay as you go
model”
Important Cloud Services provided by AWS

• Following are the various categorical services

offered by AWS:
1. Compute
2. Networking
3. Storage
4. Databases
 Compute
Amazon EC2:
– Amazon Elastic Compute Cloud (Amazon EC2) is a
web service that provides secure, resizable
compute capacity in the cloud.
– It allows organizations to obtain and configure
virtual compute capacity in the cloud.
– We can able to select from a variety of operating
systems and resource configurations like memory,
CPU, and storage that are required for your
application.
• Amazon EC2 enables you to increase or decrease
capacity within minutes.
• We can use one or hundreds or even thousands of
server instances simultaneously.
• Because this is all controlled with web service APIs,
any application can automatically scale itself up
and down depending on its needs.
• Amazon EC2 is an example of Infrastructure as a
Service(IaaS).
• EC2 delivers secure, reliable, cost-effective
compute and high-performance compute
infrastructure so as to meet the needs of
demanding businesses.
AWS Lambda:
– AWS Lambda is a server-less, event-driven
compute service that allows you to run code
without managing servers.
– We pay only for the compute time we consume
and there is no charge when code is not running
AWS Elastic Beanstalk:
– AWS Elastic Beanstalk is a Platform as a Service
that facilitates quick deployment of applications
by providing all the application services that we
need for an application.
– Beanstalk is a plug-and-play platform that allows
working with multiple programming languages
and environments.
– The main aim to use AWS Elastic Beanstalk is to
allow you to focus on the deployment and
management of your applications.
• We need to simply upload the code and AWS
Elastic Beanstalk automatically handles the
deployment, from capacity provisioning, load
balancing, and auto-scaling to application
health monitoring.
 Networking
• Amazon VPC:
– Amazon VPC is simply networking environment in the
cloud.
– It allows us to create a private network within the AWS
cloud that uses many of the same concepts and
constructs as an on-premises network.
– Amazon VPC also gives us complete control of the
network configuration.
– Customers can define normal networking
configuration items such as IP address ranges, subnet
creation, route table creation, network gateways, and
security settings.
• Amazon Route 53:
– Amazon Route 53 is a highly available and scalable
cloud Domain Name System (DNS) web service.
– It is designed to give developers and businesses an
extremely reliable and cost-effective way to route
end users to Internet applications by translating
human-readable names, such as
www.geeksforgeeks.com, into the numeric IP
addresses that computers use to connect to each
other.
 Storage
• Amazon S3 (Simple Storage Service):
– Amazon Simple Storage Service (Amazon S3) is
“object storage” with a simple web service
interface to store and retrieve any amount of data
from anywhere on the web.
– It offers industry-leading scalability, data
availability, security, and performance.
– It’s simple to move large volumes of data into or
out of Amazon S3 with Amazon’s cloud data
migration options.
• Amazon Glacier:
– Amazon Glacier is a secure, durable, and
extremely low-cost storage service for data
archiving and long-term backup.
– Data stored in Amazon Glacier takes several hours
to retrieve, which is why it’s ideal for archiving.
– The fastest access to your archive data is via
Amazon Glacier.
 Databases
• Amazon RDS (Relational Database Service):
– Amazon Relational Database Service (Amazon
RDS) makes it easy to set up, operate, and scale a
relational database in the cloud.
– It provides cost-efficient and resizable capacity
while managing time-consuming database
administration tasks, freeing us to focus on our
applications and business.
• Amazon DynamoDB (Non-Relational
Database):
– Amazon DynamoDB is a fast and flexible NoSQL
database service for all applications that need
consistent, single-digit millisecond latency at any
scale.
– It is a fully managed database and supports both
document and key-value data models.
– When you create a database table that can store
and retrieve any amount of data you can simply use
Amazon DynamoDB that will serve any level of
requested traffic.
• Its flexible data model and reliable
performance make it a great fit for mobile,
web, gaming, Internet of Things (IoT), and
many other applications.
• DynamoDB provides many features like
– built-in security
– backups
– automated multi-region replication
– in-memory caching
– data export tools.
 Amazon EC2
Configuring a Server
Amazon Elastic Compute Cloud (EC2)
• Amazon Machine Images (AMIs) are the basic
building blocks of Amazon EC2
• An AMI is a template that contains a software
configuration (operating system, application
server and applications) that can run on
Amazon’s computing environment
• AMIs can be used to launch an instance, which
is a copy of the AMI running as a virtual server
in the cloud.
 Getting Started with Amazon EC2

• Step 1: Sign up for Amazon EC2

• Step 2: Create a key pair
• Step 3: Launch an Amazon EC2 instance
• Step 4: Connect to the instance
• Step 5: Customize the instance
• Step 6: Terminate instance and delete the
volume created
 Creating a key pair
• AWS uses public-key cryptography to encrypt
and decrypt login information.
• AWS only stores the public key, and the user
stores the private key.
• There are two options for creating a key pair:
– Have Amazon EC2 generate it for you
– Generate it yourself using a third-party tool such
as OpenSSH, then import the public key to
Amazon EC2
Generating a key pair with Amazon EC2

1. Open the Amazon EC2 console

at
http://console.aws.amazon.co
m/ec2/
2. On the navigation bar select
region for the key pair
3. Click Key Pairs in the
navigation pane to display the
list of key pairs associated
with the account
 Generating a key pair with EC2 (cont.)

4. Click Create Key Pair

5. Enter a name for the key pair in the Key Pair
Name field of the dialog box and click Create
6. The private key file, with .pem extension, will
automatically be downloaded by the browser.
 Launching an Amazon EC2 instance
1. Sign in to AWS Management Console and
open the Amazon EC2 console at
http://console.aws.amazon.com/ec2/
2. From the navigation bar select the region for
the instance
Launching an Amazon EC2 instance (cont.)
3. From the Amazon EC2 console dashboard, click
Launch Instance
Launching an Amazon EC2 instance (cont.)
4. On the Create a New Instance page, click Quick
Launch Wizard
5. In Name Your Instance, enter a name for the
instance
6. In Choose a Key Pair, choose an existing key pair,
or create a new one
7. In Choose a Launch Configuration, a list of basic
machine configurations are displayed, from which
an instance can be launched
8. Click continue to view and customize the settings
for the instance
Launching an Amazon EC2 instance (cont.)
9. Select a security group for the instance. A
Security Group defines the firewall rules
specifying the incoming network traffic delivered
to the instance. Security groups can be defined
on the Amazon EC2 console, in Security Groups
under Network and Security
Launching an Amazon EC2 instance (cont.)
10.Review settings and click Launch to launch the
instance
11.Close the confirmation page to return to EC2
console
12.Click Instances in the navigation pane to view
the status of the instance. The status is pending
while the instance is launching

After the instance is launched, its status changes to

running
Connecting to an Amazon EC2 instance
• There are several ways to connect to an EC2
instance once it’s launched.

• Remote Desktop Connection is the standard

way to connect to Windows instances.

• An SSH client (standalone or web-based) is

used to connect to Linux instances.
 Connecting to Linux/UNIX Instances from
Linux/UNIX with SSH
Prerequisites:
- Most Linux/UNIX computers include an SSH client by
default, if not it can be downloaded from openssh.org
- Enable SSH traffic on the instance (using security groups)
- Get the path the private key used when launching the
instance
1. In a command line shell, change directory to the path
of the private key file
2. Use the chmod command to make sure the private key
file isn’t publicly viewable
Connecting to Linux/UNIX Instances(cont.)
3. Right click on the instance to connect to on the
AWS console, and click Connect.
4. Click Connect using a standalone SSH client.
5. Enter the example command provided in the
Amazon EC2 console at the command line shell
 Transfering files to Linux/UNIX instances
from Linux/UNIX with SCP
Prerequisites:
- Enable SSH traffic on the instance
- Install an SCP client (included by default mostly)
- Get the ID of the Amazon EC2 instance, public DNS
of the instance, and the path to the private key
If the key file is My_Keypair.pem, the file to transfer is
samplefile.txt, and the instance’s DNS name is ec2-
184-72-204-112.compute-1.amazonaws.com, the
command below copies the file to the ec2-user home
 Terminating Instances
- If the instance launched is not in the free
usage tier, as soon as the instance starts to
boot, the user is billed for each hour the
instance keeps running.
- A terminated instance cannot be restarted.
- To terminate an instance:
1. Open the Amazon EC2 console
2. In the navigation pane, click Instances
3. Right-click the instance, then click Terminate
4. Click Yes, Terminate when prompted for
confirmation
 AMAZON VPC
 Subnets
 Route tables
 Internet gateways
 Dynamic Host Configuration protocol option sets
 Elastic IP addresses
 Endpoints
 Peering
 Security groups
 Network access control list
 Nat and Nat gateways
 Introduction

• The Amazon Virtual Private Cloud (Amazon VPC) is a custom-defined

virtual network within the AWS Cloud.
• We can provision our own logically isolated section of AWS
• Designing and implementing a separate independent network
• Operating in an on premises data center.
• We can launch our AWS resources such as Amazon EC2 instances into your
VPC.
• This Slide mainly explore
• the core components of Amazon VPC
• building your own Amazon VPC in the cloud.
 All about VPC
 A virtual private cloud (VPC) is a hybrid model of cloud
computing in which a private cloud solution is provided within
a public cloud provider’s infrastructure.
 Private cloud: Amazon VPC, private cloud provider: Amazon web
service.
 The Various aspects of a VPC are under your control:
 IP address range, by choosing a CIDR blocks.
 Your own subnets.
 Configuring your own route tables
 Network gateways
 Security settings
 EC2-classic and EC2 – VPC: Versions of Vpc.
 The assigned CIDR block of the VPC will be 172.31.0.0/16.
VPC, subnets, and a route table
 Subnets
 A subnet is a segment of an Amazon VPC’s IP address range
where you can launch Amazon EC2 instances, Amazon Relational
Database Service (Amazon RDS) databases, and other AWS
resources.

 The is a practice of dividing a network into 2 or more networks

and is called subnetting.

 The smallest subnet that you can create is a /28 (16 IP addresses).
 AWS reserves the first four IP addresses and the last IP
address of every subnet for internal networking
purposes.
 For ex: a subnet defined as a /28 has 16 available IP addresses,
subtract the 5 IPs needed by AWS to yield 11 IP addresses for
your use within the subnet.
 Continued.
 Subnets can be classified as public, private, or VPN-only.
 A public subnet is one in which the associated route table
directs the subnet’s traffic to the Amazon VPC’s IGW
 A private subnet is one in which the associated route table does
not direct the subnet’s traffic to the Amazon VPC’s IGW.
 A VPN-only subnet is one in which the associated route table
directs the subnet’s traffic to the Amazon VPC’s VPG. and does
not have a route to the IGW. Regardless of the type of subnet,
the internal IP address range of the subnet is always private
(that is, non- routable on the Internet).
 Route Tables
 A route table is a logical construct within an Amazon VPC that contains a
set of rules (called routes) that are applied to the subnet and used to
determine where network traffic is directed.

 Route tables initiate communication between instances with different

subnets in a VPC.
 Each route table contains a default route called the local route, which
enables communication within the Amazon VPC, and this route cannot
be modified or removed.

 Additional routes can be added.

 Continued….
 The following should be considered about route tables:
 VPC has an implicit router.
 VPC automatically comes with a main route table that you can modify.

 Can create additional custom route tables for your VPC.

 Each subnet must be associated with a route table, which controls the routing for the

subnet. If you don’t explicitly associate a subnet with a particular route table, the subnet

uses the main route table.

 Can Replace the main route table with a custom table that you’ve created so that each

new subnet is automatically associated with it.

 Each route in a table specifies a destination CIDR and a target; for ex: traffic destined

for 172.16.0.0/12 is targeted for the VPG. AWS uses the most specific route that

matches the traffic to determine how to route the traffic.

 Internet Gateways
 An Internet Gateway (IGW) is a horizontally scaled, redundant, and
highly available Amazon VPC component that allows communication
between instances in your Amazon VPC and the Internet.
 An IGW provides a target in your Amazon VPC route tables for Internet-
routable traffic
 Performs network address translation for instances that have been
assigned public IP addresses.
 You must do the following to create a public subnet with Internet access:
 Attach an IGW to your Amazon VPC.
 Create a subnet route table rule to send all non-local traffic
(0.0.0.0/0) to the IGW.
 Configure your network ACLs and security group rules to allow
relevant traffic to flow to and from your instance.
 You must do the following to enable an Amazon EC2 instance to
send and receive traffic from the Internet: Assign a public IP address
or EIP address, scope the route to all destinations not explicitly
known to the route table (0.0.0.0/0).
Internet Gateway
AMAZON ELASTIC BLOCK STORE
 Amazon EBS
• Amazon Elastic Block Store (Amazon EBS)
– provides scalable,
– high-performance block storage resources
– that can be used with Amazon Elastic Compute Cloud (Amazon EC2)
instances.
• With Amazon Elastic Block Store, we can create and manage
the following block storage resources:
– Amazon EBS volumes —
• These are storage volumes that are attach to Amazon EC2 instances.
• After you attach a volume to an instance, you can use it in the same way
you would use a local hard drive attached to a computer, for example to
store files or to install applications.
– Amazon EBS snapshots —
• These are point-in-time backups of Amazon EBS volumes that persist
independently from the volume itself.
• We can create snapshots to back up the data on your Amazon EBS volumes.
• We can then restore new volumes from those snapshots at any time.
 Features of Amazon EBS
• Amazon EBS provides the following features
and benefits:
1. Multiple volume types
2. Scalability
3. Backup and recovery
4. Data protection
5. Data availability and durability
6. Data archiving
 Multiple Volume Types
• Amazon EBS provides multiple volume types
that allow you to optimize storage performance
and cost for a broad range of applications.
• Volume types are divided into two major
categories:
– SSD-backed storage for transactional workloads, and
– HDD-backed storage for throughput intensive
workloads.
 Scalability
• We can create Amazon EBS volumes with
capacity and performance specifications that
meet our needs.
• As our needs changes, we can use Elastic
Volumes operations to dynamically increase
capacity or tune performance, with no
downtime.
 Backup and Recovery
• Use Amazon EBS snapshots to back up the
data stored on our volumes
• We can then use those snapshots to instantly
restore volumes or to migrate data across
AWS accounts, AWS Regions, or Availability
Zones.
 Data Protection
• Use Amazon EBS encryption to encrypt your
Amazon EBS volumes and Amazon EBS
snapshots.
• Encryption operations occur on the servers
that host Amazon EC2 instances, ensuring the
security of both data-at-rest and data-in-
transit between an instance and its attached
volume and subsequent snapshots.
 Data availability and durability
• io2 Block Express volumes provide 99.999%
durability with an annual failure rate of 0.001%.
• Other volume types provide 99.8% to 99.9%
durability with an annual failure rate of 0.1% to
0.2%.
• Additionally, volume data is automatically
replicated across multiple servers in an
Availability Zone to prevent the loss of data
from the failure of any single component.
 Data archiving
• EBS Snapshots Archive provides a low-cost
storage tier to archive full, point-in-time
copies of EBS Snapshots that we must retain
for 90 days or more for regulatory and
compliance reasons, or for future project
releases.
 Creating EBS Volume
• We will create a new EBS volume and attach to the
EC2 instance.
• Creating an EBS volume is the foundational step
in configuring storage for your AWS resources.
• It allows us to allocate the required storage capacity
and type to meet the specific needs of applications.
• Whether we are setting up a database, hosting a web
server, or managing application files, creating an EBS
volume is the starting point for ensuring your
resources have the necessary storage space.
• On the AWS Management Console, in
the Search bar, enter and choose EC2 to open
the EC2 Management Console.
• Step 1:
– An EC2 instance is already created for this
activity. If not available, you can launch a new
EC2 new instance from the console and get ready
with a working instance.
 – 2. Note the Availability Zone for the instance is us-
west-2a.
• Tip: You might have to scroll to the right to see
the Availability Zone column.
– 3. In the left navigation pane, for Elastic Block
Store, choose Volumes.
• 4. Choose Create volume, and configure the
following options:
– Volume type: Choose General Purpose SSD (gp2).
– Size (GiB): Enter 1 GiB
– Availability Zone: Choose the same Availability
Zone as your EC2 instance (which is us-west-2a in
this case).
• 5. In the Tags -optional section, choose Add
Tag, and configure the following options:
– Key: Enter Name
– Value: Enter My Volume
• 6. Choose Create volume.
 Attaching the volume to an EC2 instance

• You now attach your new volume to an EC2

instance.
• Why to attach the volume to an EC2 instance ?
– Attaching and mounting an EBS volume to an EC2
instance is crucial for enabling direct access to the
allocated storage.
– This process establishes a vital link between the EC2
instance and the EBS volume, enabling applications
to read and write data.
12. Select My Volume.
13. From the Actions menu, choose Attach volume.

14. From the Instance dropdown list, choose the My_Instance instance.
The Device name field is set to /dev/sdf.
15. Choose Attach volume.
• The Volume state of your new volume is
now In-use.
 Connecting to the EC2 instance
• We may have a doubt that we have attached the volume to
EC2 then why we need to perform the below steps by
connecting to the instance. The answer is:
– The OS needs to recognize the new attached volume.(command:
lsblk)
– We need to format the EBS volume with a file system (command
mkfs) so that it creates a file system structure on the volume and
gets ready to store files.
– Creating a mount point (command: /mnt/data).The mount point is
a directory where the file system of the attached volume will be
attached.
– Mounting the volume (command: mount), establishes a connection
between file system on EBS volume and specified mount point.
• Use EC2 Instance Connect to connect to the
EC2 instance.
– 16. On the AWS Management Console, Choose
EC2.
– 17. In the navigation pane, choose Instances.
– 18. From the list of instances, select
the My_Instance instance.
– 19. Choose Connect.
20. On the EC2 Instance Connect tab,
choose Connect.
 Creating and configuring the file system
• In this, we add the new volume to a Linux instance as an ext3
file system under the /mnt/data-store mount point.
• 21. To view the storage that is available on your instance, in
the EC2 Instance Connect terminal, run the following
command:
– df -h
• You should see output similar to the following:
• These results show the original 8 GB disk
volume. The new volume is not yet shown.
– 22. To create an ext3 file system on the new
volume, run the following command:
• sudo mkfs -t ext3 /dev/sdf
• 22. To create an ext3 file system on the new
volume, run the following command:
– sudo mkfs -t ext3 /dev/sdf
• 23. To create a directory to mount the new
storage volume, run the following command:
– sudo mkdir /mnt/data-store
• 24. To mount the new volume, run the
following command:
– sudo mount /dev/sdf /mnt/data-store
– echo "/dev/sdf /mnt/data-store ext3
defaults,noatime 1 2" | sudo tee -a /etc/fstab
– The last line in this command ensures that the
volume is mounted even after the instance is
restarted.
• 25. To view the configuration file to see the
setting on the last line, run the following
command:
– cat /etc/fstab
• 26. To view the available storage again, run
the following command:
– df -h
• The output now contains an additional line
similar to the following: /dev/xvdf. Here it
shows /dev/nvme1n1
• 27. To create a file and add some text on the
mounted volume, run the following command:
– sudo sh -c "echo Sample text in a file >
/mnt/data-store/file.txt"
• 28. To verify that the text has been written to
your volume, run the following command:
– cat /mnt/data-store/file.txt
• The output displays the text that this
command copies to the file.