AWS Technical Essentials Workshop By: Engr. Muhammad Usman Khan
AWS Technical Essentials Workshop By: Engr. Muhammad Usman Khan
About The Instructor
+ Graduate from Iqra University in the field of Telecom & Networks, 2012+ Microsoft Certified Trainer Since 2014 till now+ Vendor Neutral & Product trainer of ITIL, CIsco,CompTIA, Microsoft,
Vmware, CWNA & Cloud Computing like Amazon, Azure etc.. + Founder of Sherdil Tech Solutions & Services+ Completed more than 30+ minor & major projects in my 4years professional
tenure, 5 on AWS Cloud.
About AWS Workshop
Course Overview:
● The AWS Technical Essentials Instructor-Led Training course introduces AWS products, services, and common solutions with demos, knowledge checks, and hands-on lab activities. It provides learners with the basic fundamentals to become more proficient in AWS and empowers them to make informed decisions about IT solutions based on business requirements.
About AWS Workshop
Course OutlineThis course will cover the following concepts:
● Introduction and History of AWS with Services● AWS Infrastructure: Compute, Storage, and Networking (EC2, S3, VPC)● AWS Security, Identity, and Access Management (IAM)● AWS Databases (RDS)● AWS Elasticity and Management Tools (ELB & CloudWatch)
Hands-on Labs:
Course Hands-on LabThis course will also have Hands-on Lab:
● Configure & Implement VPC, Subnet,Route Table,Route, IGW● Create & configure EC2, SG,Snapshots,EBS,AMI● Create & Configure RDS (Outside Configuration)● Create & Configure ELB ● Create S3 Buckets, Folders, S3 objects with ACL● Create 1 Alarm on Cloud Watch
History of AWS Cloud:
● In late 2003, Chris Pinkham and Benjamin Black presented a paper describing a vision for Amazon's retail computing infrastructure that was completely standardized, completely automated, and would rely extensively on web services for services such as storage, drawing on internal work already underway.
● In 2006, Amazon Web Services (AWS) began offering IT infrastructure services to businesses in the form of web services
● AWS is located in 13 geographical "regions": US East (Northern Virginia), where the majority of AWS servers are based, US West (northern California), US West (Oregon), Brazil (São Paulo), Europe (Ireland and Germany), South Asia (Mumbai), Southeast Asia (Singapore), East Asia (Tokyo, Seoul, Beijing) and Australia (Sydney)
Cloud Basics
What is Hypervisor?
● A hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine.
Cloud Basics
What is Virtualization?
● In computing, virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms, operating systems, storage devices, and computer network resources.
Cloud Basics
What is Cloud Computing?
● The using of Computation power over the internet is called Cloud.● Dedicated hosted server is not a cloud server.● Cloud computing build on elastic mechanism that can increase/decrease computation
as per requirement
History of AWS Cloud Cont…..
● In June 2007, Amazon claimed that more than 180,000 developers had signed up to use Amazon Web Services
● In November 2010, it was reported that all of Amazon.com retail web services had been moved to AWS
● On April 20, 2011, some parts of Amazon Web Services suffered a major outage. A portion of volumes using the Elastic Block Store (EBS) service became "stuck" and were unable to fulfill read/write requests.
● In November 2012, AWS hosted its first customer event in Las Vegas.[24] On April 30, 2013, AWS began offering a certification program for computer engineers with expertise in cloud computing.
AWS Certification Path
Topic#1
AWS Services (At a Glance)
AWS Console Overview
AWS Terminologies
EC2: Elastic Compute Cloud (Just Like Virtual Machine)
VPC: Virtual Private Cloud (Just like Private DataCenter)
ELB: Elastic Load Balancing (Just Like Network Load Balancing)
RDS: Relational Database Server (Just like MS SQL Server)
IAM: Identity & Access Management (Just Like Active Directory)
S3: Simple Storage Service (Just Like Google Drive, DropBox)
AWS Services
VPC: A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS cloud.
EC2: Amazon Elastic Compute Cloud (Amazon EC2) is a Computation service that provides resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.
S3: highly-scalable, reliable, and low-latency data storage infrastructure at very low costs.
RDS: Amazon Relational Database Service ( RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the cloud.
AWS Services
EBS: An EBS volume behaves like a raw, unformatted, external block device that you can attach to a single instance and are not physically attached to the Instance host computer
AS: Auto Scaling helps to automatically increase the number of EC2 instances when the user demand goes up, and decrease the number of EC2 instances when demand goes down
ELB: ELB service helps to distribute the incoming web traffic (called the load) automatically among all the running EC2 instances
IAM: AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources for your users
AWS Service: VPC
Virtual Private Cloud (VPC)
● A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS cloud.
● VPC allows you to select its IP address range, create subnets, and configure route tables, network gateways, and security settings.
● When you create a VPC, you specify the set of IP addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block. For e.g, 10.0.0.0/16, which allows 2^16 (65536) IP address available within the VPC
● It’s possible to specify a range of publicly routable IP addresses; direct access to the Internet is not currently supported from publicly routable CIDR blocks in a VPC
Virtual Private Cloud (VPC)
Difference Between Region & Availability Zone
● Amazon EC2 is hosted in multiple locations world-wide. ● These locations are composed of regions and Availability Zones. ● Each region is a separate geographic area. ● Each region has multiple, isolated locations known as Availability Zones. ● Amazon EC2 provides you the ability to place resources, such as instances, and data in
multiple locations. Resources aren't replicated across regions unless you do so specifically.
Virtual Private Cloud (VPC)
● CIDR block from private (non-publicly routable) IP address can be assigned to an VPC
10.0.0.0 – 10.255.255.255 (10/8 prefix)
172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
192.168.0.0 – 192.168.255.255 (192.168/16 prefix)
Virtual Private Cloud (VPC)
● It’s possible to specify a range of publicly routable IP addresses; direct access to the Internet is not currently supported from publicly routable CIDR blocks in a VPC
● CIDR block once assigned to the VPC cannot be modified● Each VPC is separate from any other VPC created with the same CIDR block even if it
resides within the same AWS account● VPC allows VPC Peering connections with other VPC within the same or different VPC
accounts
Virtual Private Cloud (VPC)
VPC Deletion:
● Deletion of the VPC, possible only after terminating all instances within the VPC, deletes all the components with the VPC for e.g. subnets, security groups, network ACLs, route tables, Internet gateways, VPC peering connections, and DHCP options
Virtual Private Cloud (VPC) Private IP Addresses
● Private IP addresses are not reachable over the Internet, and can be used for communication between the instances in your VPC
● All instances are assigned a private IP address, within the IP address range of the subnet, to the default network interface
● Primary IP address is associated with the network interface for its lifetime, even when the instance is stopped and restarted and is released only when the instance is terminated
● Additional Private IP addresses, known as secondary private IP address, can be assigned to the instances and these can be reassigned from one network interface to another
Virtual Private Cloud (VPC)
Public IP address (Associated IP Address)
● Public IP addresses are reachable over the Internet, and can be used for communication between your instances and the Internet, or with other AWS services that have public endpoints
● Public IP address assignment to the Instance depends if the Public IP Addressing is enabled for the Subnet.
● Public IP address can also be assigned to the Instance by enabling the Public IP addressing during the creation of the instance, which overrides the subnet’s public IP addressing attribute
● Public IP address is assigned from AWS pool of IP addresses and it not associated with the AWS account and hence released when the instance is stopped and restarted
Virtual Private Cloud (VPC)
Elastic IP address
●Elastic IP addresses are static, persistent public IP addresses which can be associated and disassociated with the instance, as required
● Elastic IP address is allocated at an VPC and owned by the account unless released● A Network Interface can be assigned either a Public IP or an Elastic IP. If you assign an
instance with Public IP an Elastic IP, the public IP is released● Elastic IP addresses can be moved from one instance to another and the instance can
be within the same VPC or different VPC within the same account● Elastic IP are charged for non usage i.e. if it is not associated or associated with a
stopped instance or an unattached Network Interface
Virtual Private Cloud (VPC)
Elastic Network Interface (ENI)
● Each Instance is attached with default elastic network interface (Primary Network Interface eth0) and cannot be detached from the instance
● ENI has the following attributes○ Primary private IP address○ One or more secondary private IP addresses○ One Elastic IP address per private IP address○ One public IP address, which can be auto-assigned to the network interface
for eth0 when you launch an instance, but only when you create a network interface for eth0 instead of using an existing network interface
○ One or more security groups, A MAC address○ A source/destination check flag
Virtual Private Cloud (VPC)
Internet Gateways
● An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic.
● An Internet gateway serves two purposes:○ To provide a target in your VPC route tables for Internet-routable traffic,○ To perform network address translation (NAT) for instances that have been
assigned public IP addresses.
Virtual Private Cloud (VPC)
Enable Internet Access through Internet GW
● Attaching Internet gateway to the VPC● Subnet should have Route tables associated with the Route pointing to the Internet
gateway● Instances should have a Public IP or Elastic IP address assigned● Security groups and NACLs associated with the Instance should allow relevant traffic
Virtual Private Cloud (VPC)
VPC Security
Security within a VPC is provided through
● Security groups – Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level
● Network access control lists (ACLs) – Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level
● Flow logs – Capture information about the IP traffic going to and from network interfaces in your VPC
Virtual Private Cloud (VPC)
Subnets
● Subnet spans a Single Availability Zone, distinct locations that are engineered to be isolated from failures in other Availability Zones, and cannot span across AZs
● Subnet can be Public or Private and it depends on where it has the Internet connectivity i.e. is able to route traffic to the Internet through the Internet gateway
● Instances within the Public Subnet should be assigned a Public IP or Elastic IP address to be able to communicate with the Internet
● For Subnets not connected to the Internet, but has traffic routed through Virtual Private Gateway only is termed as VPN-only subnet
Virtual Private Cloud (VPC)
NAT Overview
● Network Address Translation (NAT) devices, launched in the public subnet, enables instances in a private subnet to connect to the Internet, but prevent the Internet from initiating connections with the instances.
● Instances in private subnets would need internet connection for performing software updates or trying to access external services
● NAT device prevents instances to be directly exposed to the Internet and having to be launched in Public subnet and assignment of the Elastic IP address to all.
● NAT device performs the function of both address translation and port address translation (PAT)
Virtual Private Cloud (VPC)
Bastion Host Overview
● Bastion means a structure for Fortification to protect things behind it● In AWS, a Bastion host (also referred to as a Jump server) can be used to securely
access instances in the private subnets.● Bastion host launched in the Public subnets would act as a primary access point from
the Internet and acts as a proxy to other instances.
Virtual Private Cloud (VPC)
Bastion Host
Virtual Private Cloud (VPC)
VPC Peering Overview
● A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses.
● Instances in either VPC can communicate with each other as if they are within the same network
● VPC peering connection can be established between your own VPCs, or with a VPC in another AWS account within a single region.
● AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck.
Virtual Private Cloud (VPC)
VPC Peering Rules & Limitations
● VPC peering connection cannot be created between VPCs that have matching or overlapping CIDR blocks.
● VPC peering connection cannot be created between VPCs in different regions.● VPC peering connection are limited on the number active and pending VPC peering
connections that you can have per VPC.● VPC peering does not support transitive peering relationships ● VPC peering does not support Edge to Edge Routing Through a Gateway or Private Connection
Virtual Private Cloud (VPC)
Hands-On Lab:
● Create VPC with Public Subnet● Create Internet Gateway● Attached IGW● Create Route on Route table● Create Subnet● Add IGW Route on route Table● Test Internet Connectivity (By creating EC2 Instance)
AWS Service: EC2
Elastic Compute Cloud (EC2)
Items to discuss:
● EC2 Instance Type (T2, C2,M2)● EC2 AMI Machine types: On Demand, Spot & Reserved Instances● EBS VS Instance Store● AMI, Snapshot, Volumes
Elastic Compute Cloud (EC2)
EC2 Instance Types :
Instance are divided based on;● General Purpose (T2,M2 etc...)● Computation Optimized (C4)● Extreme Memory (X1 series)● Optimized memory (R3)● General purpose GPU (P2)● High GPU (G2)● Storage optimized (i2)● Dense Storage (D2)
Refer Link: https://aws.amazon.com/ec2/instance-types/
Elastic Compute Cloud (EC2)
Elastic Compute Cloud (EC2)
T2 Instances (General Purpose)
● T2 instances are well suited for○ general purpose workloads, such as web servers, developer environments, and
small databases● Requirements
○ can be launched only with HVM AMI○ can be launched into a VPC only, and not supported on the EC2-Classic platform○ are available as Amazon EBS-backed instances only○ are available as On-Demand or Reserved instances, but do not allow spot
instances○ By default, you can run up to 20 (soft limit) T2 instances simultaneously.○ cannot be launched as a Dedicated instance
Elastic Compute Cloud (EC2)
EC2 AMI Machine Types :
On Demand instance:● With On-Demand instances, you pay for compute capacity by the hour with no long-term commitments
or upfront payments. You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified hourly rate for the instances you use.
Spot Instances:● Amazon EC2 Spot instances allow you to bid on spare Amazon EC2 computing capacity
Reserved Instances:● Amazon EC2 Reserved Instances provide a significant discount (up to 75%) compared to On-Demand
pricing and provide a capacity reservation when used in a specific Availability Zone.
Elastic Compute Cloud (EC2)
EBS vs Instance Store:
EBS:● Amazon Elastic Block Store (Amazon EBS) provides persistent block level storage volumes
for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability
Instance Store:● An instance store provides temporary block-level storage for your instance. This storage is
located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.
Elastic Compute Cloud (EC2)
AMI, Volume & Snapshots
AMI:An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.
Volume:Volumes are EBS OR Instance Store
Snapshots:Snapshots are the copy of Volume tnat can be use to create a Backup of EBS/Instance Store ,& to create a new instance
Elastic Compute Cloud (EC2)
Hand-On Labs:
1. Create Windows Based EC2 Instance2. Create Security Group3. Open Ports In Security Group4. Create GP2 Based EBS Volume5. Create Key Pair to Login on an Instance6. Establish RDP Session for Newly created Instance
AWS Service: EC2
Simple Storage Service (S3)
Features:
● S3 is Simple Storage Service● Amazon S3 provides unlimited storage space and works on the pay as you use model.
Service rates gets cheaper as the usage volume increases● Amazon S3 is an Object level storage (not a Block level storage) and cannot be used to
host OS or dynamic websites● Amazon S3 resources (for example buckets and objects) are private by default●
Simple Storage Service (S3)
Buckets
● A bucket is a container for objects stored in Amazon S3 and help organize the Amazon S3 namespace.
● A bucket is owned by the AWS account that create it and helps identify the account responsible for storage and data transfer charges
● Amazon S3 bucket names are globally unique, regardless of the AWS region in which you create the bucket
● Even though S3 is a global service, Amazon S3 buckets are created within a region specified during the creation of the bucket
● Every object is contained in a bucket and there is no limit on the number of objects that a bucket can have
Simple Storage Service (S3)Objects:
● Objects are the fundamental entities stored in Amazon S3.● Object is uniquely identified within a bucket by a key (name) and a version ID.● Objects consist of object data, metadata and others
○ Value is Data portion is opaque to Amazon S3.○ Metadata is the data about the data and is a set of name-value pairs that
describe the object for e.g. content-type, size, last modified. You can also specify custom metadata at the time the object is stored.
○ Key is object name○ Version ID is the version id for the object and in combination with the key helps
to unique identify an object within a bucket○ Subresources helps provide additional information for an object○ Access Control Information helps control access to the objects stored in S3
Simple Storage Service (S3)
Hands On Lab:
● Create S3 Bucket● Create S3 Folder● Upload an object on S3 Bucket or Folder● Apply ACL on Object
AWS Service: EC2
Relational DataBase ServerFeatures:
● Amazon Relational Database Service ( RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the cloud.
● RDS provides cost-efficient, resizeable capacity for an industry-standard relational database and manages common database administration tasks.
● RDS features & benefits○ CPU, memory, storage, and IOPS can be scaled independently.○ manages backups, software patching, automatic failure detection, and recovery.○ automated backups can be performed as needed, or manual backups can be triggered as well.
Backups can be used to restore a database, and the Amazon RDS restore process works reliably and efficiently.
○ provides high availability with a primary instance and a synchronous secondary instance that you can failover seamlessly when a problem occurs.
Relational DataBase Server
Hand-On Lab:
● Create DB Subnet group● C reate RDS● Check AZ
AWS Service: EC2
Auto Scaling With ELB
Features:
● Auto Scaling helps to automatically increase the number of EC2 instances when the user demand goes up, and decrease the number of EC2 instances when demand goes down
● ELB service helps to distribute the incoming web traffic (called the load) automatically among all the running EC2 instances
● ELB uses load balancers to monitor traffic and handle requests that come through the Internet.● Auto Scaling dynamically adds and removes EC2 instances, while Elastic Load Balancing manages
incoming requests by optimally routing traffic so that no one instance is overwhelmed● Using ELB & Auto Scaling
○ makes it easy to route traffic across a dynamically changing fleet of EC2 instances○ load balancer acts as a single point of contact for all incoming traffic to the instances in an Auto
Scaling group.
AWS Service: EC2
Identity & Access Management
Features:
● AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources for your users.
● IAM is used to control○ Identity – who can use your AWS resources (authentication)○ Access – what resources they can use and in what ways (authorization).
● IAM can also keep your account credentials private.● With IAM, you can create multiple IAM users under the umbrella of your AWS account or enable
temporary access through identity federation with your corporate directory.● IAM also enables access to resources across AWS accounts.
Q & A Sessions
Any Questions
End of the Workshop
Thanks for join us.
For Details, Contact:
Name: Engr Muhammad Usman KhanPH: 92 332 2278144Email: [email protected]