In our previous blog post, we briefly reviewed the history of Amazon, and discussed the various attributions for compute, network and storage.
Now let us dig in to the most interesting components AWS has to offer, as well as the complex versions. Here. We. Go.
Recently AWS included a new service used to create serverless deployments: LAMBDA. With AWS Lambda you can create microservices by just uploading your code (python, nodejs, etc.) and creating a Lambda function that will be called when a specific event happens. This event can be a SNS/SQS interaction, but also can be a specific REST call. Amazon provides a way to serve the Lambda functions using REST with another of its services: Amazon API Gateway.
You can deploy your decoupled application without a single EC2 instance, just using Lambda, SNS, SQS, Amazon API Gateway and S3. If you require a database, you can also use another service from the AWS cloud that we’ll mention next.
Relational Databases: RDS
If you don’t want to create a server and install a database engine, nor worry about backups and redundancy, you can use the relational database service (RDS) offered by the Amazon cloud. RDS can provision the most used database engines in the industry (mysql, mariadb, postgresql, oracle, SQL server and amazon aurora) and also provide automatic failover services (multi-az) and automated backups.
RDS will provide you a DB endpoint (DNS-based) and will do all the internal administration part. You only need to worry about using your data in your applications.
If you decide to use RDS in a multi-az deployment, Amazon will ensure that “no matter what” your DB endpoint will be always available for your applications. You can fine-tune configuration aspects of your database engine, and set restriction rules (ACL’s) on which elements of your cloud deployment can interact with your databases.
Note: In a technical perspective, RDS is based on EC2 instances with specific configurations performed by the Amazon cloud in order to include the database software. How they do all the magic is a trade secret of course!
Advanced Networking Services: Cloudfront and Route53
Remember what we mentioned about S3 ability to stream videos and serve web contents? Amazon can help you to cache those contents with edge locations around the world with its AWS Cloudfront service. Cloudfront can cache your S3 objects in the places nearest to your customers in order to accelerate the access to your web contents.
Route53 is the DNS Service from the Amazon cloud. Route53 is really a DNS Hosting service with steroids. It can do some smart things over the DNS resource records, allowing a degree of balancing based on specific constrains defined by you (regional, load distribution, resources availability). Also, it transparently integrates with all AWS services too. In general terms, if your deployment needs a custom DNS, the use of Route53 is almost mandatory.
The next screen combines serverless with cloudfront and rds, along some other AWS services:
You can fully automate your Cloud infrastructure by the use of Cloudformation. Cloudformation is a way to instruct the cloud how to create all resources in a programmatic way. Those resources include all that can be created in AWS: EC2 instances, EBS block storage, S3 object storage, network elements, sns/sqs elements, etc. Cloudformation is the Amazon application of the Infrastructure as Code paradigm. All the infrastructure elements can be defined on template files (json/yaml) and feed to the cloud. This allow to use DevOps techniques (like continuous integration) to maintain a complete cloud infra.
Next, an extract from a CFN template:
Security Services: IAM
The core of the entire cloud security model is AWS IAM (Identity and Access Management). IAM controls what access what in the cloud, not only at user level, but also at resource level. IAM is RBAC based (Role-based access control) and allows implementing security access based on roles between resources. A very used way is to allow a specific EC2 instances (or instances) to access specific S3 private resources, without adding any authentication information (user/password) inside the Instance operating system. This way completely negates any possibility of your user/password information falling on the wrong hands. Because there is no user/pass info inside the instance, any hacker managing to get access to an instance will just have no way to obtain your AWS account information.
IAM is based on policies (specifically policy documents) using a json-formatted language that basically controls the way resources can be accessed in your cloud deployment.
Next: A typical json-formatted policy document:
Are those all the services AWS provides?
The answer is NO: AWS includes a lot more. We just reviewed the most common services, but there are a lot more stuff oriented to all kind of applications.
AWS includes developer services (like codedeploy, codepipeline, xray), big-data and analytic services (elastic map reduce, elasticsearch, datapipeline, cloudsearch), non-relational databse services (dynamodb), security assessment services (inspector, cloudhsm) and many others. The list of services tends to grow from time to time too.
As a final and short conclusion we can say this about AWS: Whoever strikes first, strikes twice. They had the vision to go further than a simple online store, and now they are the cloud number one in terms of available services and total mass. They understood that the traditional way to do things on IT is not enough, and implemented a way, an elastic one, that had been copied and implemented by others and it´s the base of modern cloud computing applications today.
And this is what AWS services is shown on the AWS Web user interface- with so many more tools and solution on top of them to support the AWS cloud. We're curious to hear more about the upcoming product announcementsin the upcloming @AWS re:invent 2017, so come meet our team to talk more about cloud application monitoring solutions!
Loom Systems delivers an AIOps-powered log analytics solution, Sophie,
to predict and prevent problems in the digital business. Loom collects logs and metrics from the entire IT stack, continually monitors them, and gives a heads-up when something is likely to deviate from the norm. When it does, Loom sends out an alert and
recommended resolution so DevOps and IT managers can proactively attend to the issue before anything goes down.
Get Started with AIOps Today!