What’s Fundamental to know in AWS

 

What’s Fundamental to know in AWS

Author: Donatien MBADI OUM, Oracle | AWS | Azure

 

1.     Building blocks

AWS Global Infrastructure Map 

The AWS Cloud spans around 99 Availability Zones within 31 regions geographic regions around the word, with announced plans for 15 mores Availability Zones and 5 more Regions in Canada, Israel, Malaysia, New Zealand and Thailand.

-          A Region is a physical location in the world that consists of 3 or more isolated and physically separate Availability zones (AZs).

-          An Availability Zone is one or more discrete data center; each with redundant powers, networking and connectivity, housed in separate facilities in Region.

-          Edge Locations are endpoints that are used for caching content; typically this consists for Cloud Front, Amazon Content Delivery Network (CDN).

-          Services are a set of global cloud-based products including compute, storage, database, analytics, networking, machine learning and artificial Intelligence, mobile, developer tools, IoT, security, enterprise applications and much more.

-          Local Zones place services closer to end-users. With Local Zones, you can easily run highly-demanding applications that requires single-digit millisecond latencies to your end-users.

-          Wavelength enables developers to build applications that deliver single-digit millisecond latencies to mobile devices and end-users.

-          Outposts bring native AWS services, infrastructure and operating models to virtually any databa center, co-location space or on-premises facility.

2.    How to choose a Region

 

-          Compliance with data governance and legal requirements: Data never leaves a region without your explicit permission

-          Proximity to customer: reduced latency

-          Availability services within a Region: New services and new features aren’t available in every Region

-          Pricing: varies region to region and is transparent in the service pricing page.

 

3.     Six pillars of the Well-Architected Framework

The six pillars of the framework

Creating a software is like constructing a building. If the foundation is not solid, structural problems can undetermined the integrity and function of the building.

When building technology solutions on AWS, if you neglect the six pillars of operational excellence, security, reliability, performance efficiency, cost optimization and sustainability, it can become challenging to build a system that delivers on your expectations and requirements.

-          Operational Excellence: It includes the ability to support development and run workloads effectively, gain insight into their operation, and continuously improve supporting processes and procedures to deliver the business value. Operations teams need to understand their business and customer needs so they can support business outcomes. There are five design principles for operational excellence in the cloud:

o   Perform operation as code

o   Make frequent, small, reversible changes

o   Refine operations procedures frequently

o   Anticipate failure

o   Learn from all operational failures

-          Security: it includes the ability to protect data, systems and assets to take advantage of cloud technologies to improve your security. Before you architect any workload, you need to put in place practices that influence security. You’ll want to control who can do what. There are seven design principles for security in the cloud:

o   Implement a strong identity foundation

o   Enable traceability

o   Apply security at all layers

o   Automate security best practices

o   Protect data in transit and at rest

o   Keep people away from data

o   Prepare for security events

-          Reliability: this pillars encompasses the ability of workload to perform its intended function correctly and consistency when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle. There are five design principles for reliability in the cloud:

o   Automatically recover from failure

o   Test recovery procedures

o   Scale horizontally to increase aggregate workload availability

o   Stop guessing capacity

o   Manage change in automation

-          Performance efficiency: it includes the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiently as demand changes and technologies evolve. Take a data-driven approach to building a high-performance architecture. There are five principles for performance efficiency in the cloud:

o   Democratize advanced technologies

o   Go to global in minutes

o   Use serverless architectures

o   Experiment more often

o   Consider mechanical sympathy

-          Cost optimization: it includes the ability to run systems to deliver business value at the lowest price point. Using the appropriate services, resources and configurations for your workloads is key to cost savings. The re five principles for cost optimization in the cloud:

o   Implement cloud financial management

o   Adopt a consumption model

o   Measure overall efficiency

o   Stop spending money on undifferentiated heavy lifting

o   Analyze and attribute expenditure

-          Sustainability: this pillar addresses the long-term environmental, economic and societal impact of your business activities. Choose Regions where you will implement workloads based on your business requirement and sustainability goals. There are six design principles for sustainability in the cloud:

o   Understand your impact

o   Establish sustainability goals

o   Maximize utilization

o   Anticipate and adopt new, more efficient hardware and software offerings

o   Use managed services

o   Reduce the downstream impact of your cloud workloads.

4 Shared Responsibility Model

A Shared Responsibility Model

Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operates.

AWS is responsible to the “Security of the Cloud”: AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking and facilities that run AWS Cloud services.

Customer is responsible of the “Security in the Cloud”: Customer is responsible will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities.