DEV Community

Mritunjay Singh
Mritunjay Singh

Posted on

Exploring AWS

#devops #aws #beginners #learning

AWS (Amazon Web Services)

AWS (Amazon Web Services) is one of the leading cloud service providers, offering a broad range of tools to build, deploy, and manage applications and infrastructure.

Table of Contents

  1. Public Cloud vs. Private Cloud: Pros and Cons
  2. IAM (Identity and Access Management)
  3. EC2 Instances
  4. Regions and Availability Zones
  5. EC2 Free Tier and Pricing
  6. Logging into EC2 Instances
  7. Deploying a Project on EC2
  8. Virtual Private Cloud (VPC)

Public Cloud vs. Private Cloud

Public Cloud:

A public cloud is a type of cloud computing infrastructure that is owned, operated, and managed by third-party service providers such as AWS, Microsoft Azure, or Google Cloud. In a public cloud, resources like storage, computing power, and networking are provided over the internet and shared among multiple customers

Private Cloud:

A private cloud is a cloud computing model where an organization uses cloud services and infrastructure exclusively for itself. While it offers dedicated resources and more control, it comes with higher costs and less flexibility. Private clouds require significant overhead, such as maintaining servers, managing data center conditions, and hiring dedicated staff for operations—tasks that may not align with the organization's core business.

Feature Public Cloud Private Cloud
Definition A cloud service where infrastructure is shared among multiple users. A cloud service dedicated to a single organization.
Example AWS, Google Cloud, Microsoft Azure Hosting your own servers, on-premise data centers
Cost Pay-as-you-go, generally lower cost Higher upfront costs, more expensive
Scalability Easily scalable, resources can be increased/decreased on demand Limited scalability, depending on available resources
Control Limited control over infrastructure Full control over infrastructure and resources
Security Shared environment, may have security concerns Higher security, isolated environment
Maintenance Handled by the cloud provider Managed by your team
Best for General-purpose applications, startups, and projects with variable usage Enterprises with specific security, control, or performance needs

IAM (Identity and Access Management)

Handles Authentication and Authorization

Key Concepts:

  • Users: Represent individual people or applications.
  • Groups: Collections of users with shared permissions.
  • Policies: JSON documents that define permissions.
  • Roles: Assignable entities allowing temporary access with specific permissions.

IAM User vs Root Account:

Root Account:
  • Created during AWS account setup.
  • Full administrative access.
  • Should only be used for initial setup or rare administrative tasks.
IAM User:
  • Limited and defined permissions.
  • Best practice: Use IAM users for daily operations.

EC2 Instances:

Elastic Compute Cloud (EC2) is a service provided by AWS (Amazon Web Services) that allows you to rent virtual servers in the cloud. These virtual servers are called instances, and you can run applications or websites on them.

What is Elastic Compute Cloud?

  • Elastic: You can easily increase or decrease your server’s capacity (power) as needed. If you need more power, you can scale it up, and if you need less, you can scale it down.
  • Compute Cloud (C2): Refers to the computing power provided in the cloud. Instead of relying on your own physical server, you can rent virtual servers in AWS's data centers.

Types of EC2 Instances (Choose Based on Your Application's Needs)

AWS provides different types of EC2 instances

  1. General Purpose:

    • Best for: A variety of workloads.
    • Example: Small websites, web apps.
    • Why use: These instances are balanced for everyday applications, offering a good mix of CPU, memory, and networking resources.

  2. Memory Optimized:

    • Best for: Applications that require more memory (RAM).
    • Example: Databases like MySQL or MongoDB.
    • Why use: If your application requires large amounts of memory to handle data, such as a database.

  3. Storage Optimized:

    • Best for: Applications that need fast and high-capacity storage.
    • Example: Data warehouses, big data processing.
    • Why use: Ideal for large datasets or applications that need very fast access to storage.

  4. Accelerated Computing:

    • Best for: Tasks like machine learning, AI, or image processing.
    • Example: Running deep learning models or video rendering.
    • Why use: These instances have special hardware for high-speed computing, making them suitable for advanced computing tasks like AI.

  5. Compute Optimized:

    • Best for: High-performance computing tasks that need more CPU power.
    • Example: Gaming servers, scientific simulations.
    • Why use: When your application needs lots of CPU for processing, like gaming or complex calculations.

EC2 Pricing Schemes

AWS offers different pricing options

  1. On-Demand Instances:

    • What it is: You pay for the instances you use on an hourly basis.
    • When to use: If your usage is unpredictable or if you want flexibility.
    • Example: Running a website that doesn’t have constant traffic, or a short-term project.

  2. Spot Instances:

    • What it is: You can purchase unused AWS capacity at a much lower price.
    • When to use: When you can tolerate interruptions in your service.
    • Example: Running a data processing job that doesn’t need to be completed immediately.

  3. Reserved Instances:

    • What it is: You pay upfront for a specific instance type and get a discount.
    • When to use: If you need a predictable, long-term server for a year or more.
    • Example: Running a web app that has steady traffic for the long term.

  4. Savings Plans:

    • What it is: A flexible option that allows you to commit to a certain level of usage and receive discounts.
    • When to use: For long-term savings without being tied to a specific instance type.
    • Example: If you need flexibility but still want to save money for a long-term project.

Regions and Availability Zones (AZs)

AWS is organized into Regions and Availability Zones (AZs). This structure helps improve the performance and reliability of your applications.

  • Region: A physical location where AWS has data centers.
    • Example: us-west-1 (California).
  • Availability Zone (AZ): A group of one or more data centers within a region. Each AZ is isolated, so if one AZ fails, others continue working.

Why are AZs Needed?

  • Low Latency: Keeps your application close to users for faster performance.
  • Fault Tolerance: If one AZ goes down, another can take over, ensuring your application stays up.

EC2 Free Tier and Pricing

If you're new to AWS, you can take advantage of the Free Tier, which lets you experiment with EC2 without worrying about costs.

  • Free Tier: You get 750 hours per month of t2.micro instances for one year.
    • This is great for beginners to try out EC2 without incurring costs.
    • After one year, you'll be charged based on usage.

Deploying a Project on EC2

Let’s take a look at how to deploy Jenkins (a popular tool for automating software development processes) on your EC2 instance.

Step-by-Step:

  1. Install Java (Jenkins requires Java to run):

    • Run these commands to install Java: 
    sudo apt update
sudo apt install openjdk-11-jdk

- **Reason**: Jenkins is written in Java, so it needs a Java environment to run properly.
Enter fullscreen mode Exit fullscreen mode

  1. Install Jenkins:

    • Follow the official Jenkins installation guide for your Linux distribution.

  2. Open Port 8080 in the Security Group:

    • Go to your EC2 Security Group settings and add an inbound rule for Custom TCP:
    • Port: 8080
    • Source: Anywhere (IPv4)
    • Reason: Jenkins runs on port 8080, and you need this port open to access the Jenkins dashboard in your browser.

  3. Access Jenkins:

    • Open your browser: 
    http://<your-public-ip>:8080

Logging into EC2 Instances

For Windows (using PuTTY):

  1. Convert your .pem file (private key) to a .ppk file using PuTTYgen.
  2. Open PuTTY and enter your instance’s Public IP.
  3. Under SSH > Auth, browse for your .ppk file.
  4. Click Open to connect.

For Linux/Mac (using SSH):

  1. Open a terminal and run the following command:

    ssh -i "your-key.pem" ec2-user@<your-public-ip>

  2. Reason: SSH (Secure Shell) is the standard method to securely access Linux-based servers.

Virtual Private Cloud (VPC):

Introduction

A Virtual Private Cloud (VPC) is like having your own private network in the cloud. It allows you to isolate and secure your AWS resources, making sure they are only accessible in the way you want.

Think of it like setting up your own private office in the cloud, where you can decide who can come in and what should remain hidden.

Example Use Case:

  • Public Subnet: Place your frontend (public-facing) resources, such as a website, in a public subnet.
  • Private Subnet: Place your database, which you want to keep secure, in a private subnet.

Steps to Create a VPC

Step 1: Create a VPC

  1. In the AWS Management Console, go to VPC -> Your VPCs -> Create VPC.
  2. Enter the following details:
    • VPC Name: vpc_xyz
    • IP Range: Use CIDR notation like 10.0.0.0/16.
  3. Click Create VPC.

Step 2: Create an Internet Gateway (IGW)

  1. Go to Internet Gateways and click Create Internet Gateway.
  2. Name it, e.g., igw_xyz, then create and attach it to your VPC.
  3. Select the IGW, go to Actions -> Attach to VPC, and choose vpc_xyz.

Step 3: Create Subnets

Public Subnet

  1. Go to Subnets -> Create Subnet.
  2. Name it, e.g., PublicSubnet.
  3. Choose an Availability Zone (e.g., us-east-1a).
  4. Enter the IP Range: 10.0.1.0/24.
  5. Click Create Subnet.

Private Subnet

  1. Repeat the steps above for a private subnet:
    • Name: PrivateSubnet_xyz
    • IP Range: 10.0.2.0/24
  2. Click Create Subnet.

Step 4: Create Route Tables

Public Subnet Route Table

  1. Go to Route Tables -> Create Route Table.
  2. Name it PublicRouteTable_xyz, and select vpc_xyz.
  3. Create a route for internet access:
    • Destination: 0.0.0.0/0
    • Target: igw_xyz
  4. Save and associate it with PublicSubnet_xyz.
Private Subnet Route Table
  1. Create PrivateRouteTable (no internet route needed).
  2. Associate it with PrivateSubnet.

Step 5: Launch Resources

Launch EC2 instances or other resources in either the Public or Private Subnet by selecting the respective subnet during setup.

Security Groups vs. Network ACLs

Security Groups (SGs)

  • Level: Operates at the EC2 instance level.
  • Default Behavior:
    • Inbound: Denies all traffic (except SSH on port 22).
    • Outbound: Allows all traffic (except SMTP on port 25).
  • Rules: Only allow rules can be set.
  • Statefulness: Stateful—If inbound traffic is allowed, the corresponding outbound traffic is automatically allowed.
  • Common Use: Controls traffic to specific EC2 instances, e.g., allowing SSH access (port 22).

Network Access Control Lists (NACLs)

  • Level: Operates at the subnet level.
  • Default Behavior:
    • Default NACL allows all inbound and outbound traffic.
    • Custom NACLs block all traffic unless rules are added.
  • Rules: Can have both allow and deny rules.
  • Stateless: Both inbound and outbound traffic must be explicitly defined.
  • Common Use: Controls traffic to/from an entire subnet, useful for broad network controls.

Key Differences Between Security Groups and NACLs

Feature Security Group (SG) Network ACL (NACL)
Level EC2 Instance Level Subnet Level
Default Behavior Inbound: Denied, Outbound: Allowed Default allows all traffic
Rules Only Allow Rules Both Allow and Deny Rules
Statefulness Stateful: Auto-allows return traffic Stateless: Requires explicit return rules

Best Practices for Using VPC

1. Keep Public and Private Subnets Separate
  • Reason: This ensures that resources that require internet access (like a web server) are in the public subnet, while resources that don’t need internet access (like a database) are isolated in the private subnet.
2. Use Security Groups
  • Reason: Security Groups act like a firewall for your instances. You can control which resources in your VPC can communicate with each other.
    • Example: Allow the web server (public subnet) to communicate with the database (private subnet), but not vice versa.
3. Use Network ACLs (Access Control Lists)
  • Reason: Network ACLs add another layer of security. They control traffic at the subnet level, ensuring only approved traffic can enter or exit.
    • Example: Block all traffic from certain IPs or restrict traffic between subnets.
4. Enable VPC Flow Logs
  • Reason: VPC Flow Logs help you monitor traffic within your VPC, allowing you to track data flow between your resources.
    • Example: Identify unauthorized access attempts or troubleshoot network issues.

Top comments (0)

Read next

lovestaco profile image

Understanding Webhooks: A Humble Guide for Developers

Athreya aka Maneshwar -

suheldevs profile image

How to Optimize Your React Web App: 7 Essential Steps

Mohd Suhel -

lcsm0n profile image

Rails transactional callbacks beyond models

Lucas M. -

kasundsilva profile image

Speak the Command, Execute the Lambda

Kasun de Silva -