AWS Services and IAAS

Table Of Content

• Introduction to AWS Services
• Managing users and permissions (IAM)
• Regions and Availability zones
• Network configuration
• Creating virtual servers with EC2

INTRODUCTION TO AWS SERVICES

AWS is the most popular cloud platform. It is an Infrastructure as a Service (IaaS) platform that allows you to configure your infrastructure at a very detailed level.

AWS is a collection of many different services grouped into categories. Although you don't have to learn all the services because of how many and overwhelming they can be, there are still some core services to know based on your use case.

For your typical software development cycle, where you're developing an application, building it, and deploying it on a web server.some of the most valuable categories of services includes;

Compute

• Amazon EC2 (Elastic Compute Cloud): Provides virtual servers for running applications.
• AWS Lambda: Enables serverless computing, allowing users to run code without managing infrastructure.
• Amazon ECS/EKS: Supports containerized applications through Elastic Container Service and Elastic Kubernetes Service.

Storage

• Amazon S3 (Simple Storage Service): Object storage for storing and retrieving data at scale.
• Amazon EBS (Elastic Block Store): Block storage for use with EC2 instances.
• Amazon Glacier: Cost-effective cold storage for archival purposes.

Networking and Content Delivery

• Amazon VPC (Virtual Private Cloud): Isolated cloud resources for networking customization.
• Route 53: Scalable domain name system (DNS) services.
• AWS Direct Connect: Private network connections between on-premises data centers and AWS.

Database

• Amazon RDS (Relational Database Service)
• Amazon Aurora (AWS's high-performance, cloud-optimized database compatible with MySQL and PostgreSQL).

MANAGING USERS AND PERMISSIONS (IAM)

Create an account with AWS to get started
Create IAM Users

1. Navigate to the IAM Console → Users → Add User.
   Assign a username and choose the type of access:
   Programmatic Access: Access via AWS CLI, SDKs, or APIs.
   AWS Management Console Access: Access via a web browser.
   Set up initial permissions by attaching policies.

2. Organize Users into Groups
   Navigate to the IAM Console → User Groups → Create Group.
   Add users to the group and attach appropriate policies.
   Example: Create groups like “Admins,” “Developers,” and “Auditors.”

3. Use IAM Roles
   For EC2 Instances:
   Create a role with necessary permissions (e.g., S3 access).
   Attach the role to an EC2 instance.
   For Cross-Account Access:
   Create a role and configure trust relationships to allow access from another AWS account.
   For AWS Services:
   Assign roles to services like Lambda, ECS, or Glue for accessing other AWS resources.

4. Define Policies
   AWS Managed Policies: Predefined policies by AWS for common tasks (e.g., AdministratorAccess, ReadOnlyAccess).
   Custom Policies: Create policies tailored to specific requirements.
   Example of a custom policy granting S3 read-only access:

5. Implement Multi-Factor Authentication (MFA)
   Enable MFA for users to enhance security.
   MFA requires a second authentication factor, like a time-based one-time password (TOTP) application.

6. Use Access Advisor and Logging
   IAM Access Advisor: Shows service permissions granted and last accessed.
   AWS CloudTrail: Tracks user activity and API calls for auditing.
   IAM Credential Report: Lists the status of passwords, access keys, and MFA for all users.

7. Apply the Principle of Least Privilege
   Grant only the permissions necessary for the job.
   Regularly review and revoke unnecessary permissions.

REGIONS AND AVAILABILITY ZONES (AZ)

AWS Regions and Availability Zones are core components of AWS’s global infrastructure, providing redundancy, scalability, and high application availability.

A Region is a geographic area comprising several isolated locations called Availability Zones. AWS has many Regions worldwide, each designed for high availability, low latency, and strong data privacy. Each Region operates independently, with its own services and resources.

As of now, AWS has regions in many parts of the world, including:

North America: Virginia (us-east-1), Ohio (us-east-2), Oregon (us-west-2), California (us-west-1), and others.
Europe: Ireland (eu-west-1), Frankfurt (eu-central-1), London (eu-west-2), Paris (eu-west-3), and others.
Asia-Pacific: Tokyo (ap-northeast-1), Singapore (ap-southeast-1), Sydney (ap-southeast-2), Mumbai (ap-south-1), and others.
South America: São Paulo (sa-east-1).
Middle East: Bahrain (me-south-1).
Africa: Cape Town (af-south-1).

An Availability Zone (AZ) is a data center or a group of data centers located within a Region. Each Region has multiple AZs (usually two to six) designed to be independent from each other. This means if one AZ has an outage, the others can still operate, which helps ensure higher service availability.

NETWORK CONFIGURATION WITH VPC

Network Configuration in AWS (Amazon Web Services) involves setting up and managing virtual networks to enable secure and efficient communication between resources hosted on the AWS cloud.

It sets up and manages the hardware, software, and protocols that help devices communicate in a network. It defines how computers, servers, and routers interact to ensure secure, efficient, and reliable data exchange. AWS provides a range of services and features for network management.

Key Aspects of Network Configuration
IP Addressing: Assigning unique addresses to devices for identification.
Static IP: Manually set and unchanging.
Dynamic IP: Automatically assigned by a DHCP server.
Subnets: Dividing a network into smaller segments to improve efficiency and security. Subnets require a subnet mask to determine which portion of the address represents the network and the device.
Gateways and Routing: Configuring default gateways ensures devices can communicate outside their local network. Routing tables guide data packets to their destinations.
DNS Configuration: Domain Name System (DNS) settings map human-readable domain names (like example.com) to IP addresses.
Security: Tools like firewalls and encryption protocols (e.g., HTTPS, VPNs) protect data and prevent unauthorized access.

Tools for Network Configuration
Command-Line Utilities: Tools like ipconfig (Windows) or ifconfig/ip (Linux) allow you to view and modify settings.
Network Management Software: Applications such as Cisco Network Assistant or SolarWinds to monitor and manage complex networks.
Monitoring and Troubleshooting: Tools like Wireshark, Netstat, and Ping help diagnose issues and ensure performance.
Why Is Network Configuration Important?
Proper network configuration ensures:
Connectivity: Devices can communicate within and outside the network.
Security: Safeguards data against cyber threats.
Performance: Optimizes data flow, reducing delays and errors.
Scalability: Supports network growth and changes without disruption.

CREATING VIRTUAL SERVERS WITH EC2

Amazon EC2 (Elastic Compute Cloud) is one of AWS’s most powerful services, enabling you to launch and manage virtual servers in the cloud. With EC2, you can scale resources up or down to meet your needs, pay only for what you use, and deploy applications quickly. Here’s a step-by-step guide to getting started with EC2, complete with illustrations for better clarity.

---

Step 1: Log in to AWS Management Console

1. Go to AWS Management Console.
2. Log in with your credentials.
3. In the search bar, type EC2 and select it from the results.

---

Step 2: Launch an EC2 Instance

1. Click on the Launch Instances button in the EC2 Dashboard.
2. Name your instance (e.g., “MyFirstServer”).

---

Step 3: Choose an Amazon Machine Image (AMI)

An AMI is a pre-configured template for your virtual server.

1. Select an AMI that suits your needs, such as:
   • Amazon Linux 2: Lightweight and AWS-optimized.
   • Ubuntu: Popular open-source OS.
   • Windows Server: For applications requiring a Windows environment.

---

Step 4: Select an Instance Type

1. Choose the instance type based on your workload. For example:
   • t2.micro: Free tier eligible, good for small applications.
   • m5.large: For more compute-intensive applications.
2. Click Next to proceed.

---

Step 5: Configure Instance Details

1. Specify the number of instances to launch.
2. Set networking options (e.g., assign the instance to a VPC and subnet).
3. Enable or disable auto-assign public IP based on your requirements.

---

Step 6: Add Storage

1. Choose the root volume size (e.g., 8 GB for basic setups).
2. Add additional volumes if needed.

---

Step 7: Configure Security Groups

Security Groups act as virtual firewalls.

1. Create a new security group or use an existing one.
2. Define rules:
   • Allow SSH (port 22) for remote access.
   • Open HTTP (port 80) for web traffic, if hosting a website.

---

Step 8: Review and Launch

1. Review all the configurations.
2. Click Launch.
3. Select or create a key pair for secure access to your instance.
4. Download the key pair (it’s essential for logging in).

---

Step 9: Connect to Your EC2 Instance

1. Once the instance is running, click Connect on the EC2 dashboard.

2. Follow the instructions to connect:

   • SSH (Linux/Mac): Use the downloaded key pair.

   ssh -i "keypair.pem" ec2-user@

• Remote Desktop (Windows): Use RDP with the instance’s public IP.

Step 10: Deploy Your Application

You now have a fully functional server! Install your application or host your website using this EC2 instance. For example, on an Ubuntu instance:

sudo apt update
sudo apt install apache2 -y

Visit your instance’s public IP in a browser to see your application in action.