aws technical essentials workshop

60
AWS Technical Essentials Workshop By: Engr. Muhammad Usman Khan

Upload: muhammad-usman-khan

Post on 20-Jan-2017

49 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: AWS TEchnical Essentials Workshop

AWS Technical Essentials Workshop By: Engr. Muhammad Usman Khan

Page 2: AWS TEchnical Essentials Workshop

About The Instructor

+ Graduate from Iqra University in the field of Telecom & Networks, 2012+ Microsoft Certified Trainer Since 2014 till now+ Vendor Neutral & Product trainer of ITIL, CIsco,CompTIA, Microsoft,

Vmware, CWNA & Cloud Computing like Amazon, Azure etc.. + Founder of Sherdil Tech Solutions & Services+ Completed more than 30+ minor & major projects in my 4years professional

tenure, 5 on AWS Cloud.

Page 3: AWS TEchnical Essentials Workshop

About AWS Workshop

Course Overview:

● The AWS Technical Essentials Instructor-Led Training course introduces AWS products, services, and common solutions with demos, knowledge checks, and hands-on lab activities. It provides learners with the basic fundamentals to become more proficient in AWS and empowers them to make informed decisions about IT solutions based on business requirements.

Page 4: AWS TEchnical Essentials Workshop

About AWS Workshop

Course OutlineThis course will cover the following concepts:

● Introduction and History of AWS with Services● AWS Infrastructure: Compute, Storage, and Networking (EC2, S3, VPC)● AWS Security, Identity, and Access Management (IAM)● AWS Databases (RDS)● AWS Elasticity and Management Tools (ELB & CloudWatch)

Page 5: AWS TEchnical Essentials Workshop

Hands-on Labs:

Course Hands-on LabThis course will also have Hands-on Lab:

● Configure & Implement VPC, Subnet,Route Table,Route, IGW● Create & configure EC2, SG,Snapshots,EBS,AMI● Create & Configure RDS (Outside Configuration)● Create & Configure ELB ● Create S3 Buckets, Folders, S3 objects with ACL● Create 1 Alarm on Cloud Watch

Page 6: AWS TEchnical Essentials Workshop
Page 7: AWS TEchnical Essentials Workshop

History of AWS Cloud:

● In late 2003, Chris Pinkham and Benjamin Black presented a paper describing a vision for Amazon's retail computing infrastructure that was completely standardized, completely automated, and would rely extensively on web services for services such as storage, drawing on internal work already underway.

● In 2006, Amazon Web Services (AWS) began offering IT infrastructure services to businesses in the form of web services

● AWS is located in 13 geographical "regions": US East (Northern Virginia), where the majority of AWS servers are based, US West (northern California), US West (Oregon), Brazil (São Paulo), Europe (Ireland and Germany), South Asia (Mumbai), Southeast Asia (Singapore), East Asia (Tokyo, Seoul, Beijing) and Australia (Sydney)

Page 8: AWS TEchnical Essentials Workshop

Cloud Basics

What is Hypervisor?

● A hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine.

Page 9: AWS TEchnical Essentials Workshop

Cloud Basics

What is Virtualization?

● In computing, virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms, operating systems, storage devices, and computer network resources.

Page 10: AWS TEchnical Essentials Workshop

Cloud Basics

What is Cloud Computing?

● The using of Computation power over the internet is called Cloud.● Dedicated hosted server is not a cloud server.● Cloud computing build on elastic mechanism that can increase/decrease computation

as per requirement

Page 11: AWS TEchnical Essentials Workshop

History of AWS Cloud Cont…..

● In June 2007, Amazon claimed that more than 180,000 developers had signed up to use Amazon Web Services

● In November 2010, it was reported that all of Amazon.com retail web services had been moved to AWS

● On April 20, 2011, some parts of Amazon Web Services suffered a major outage. A portion of volumes using the Elastic Block Store (EBS) service became "stuck" and were unable to fulfill read/write requests.

● In November 2012, AWS hosted its first customer event in Las Vegas.[24] On April 30, 2013, AWS began offering a certification program for computer engineers with expertise in cloud computing.

Page 12: AWS TEchnical Essentials Workshop

AWS Certification Path

Page 13: AWS TEchnical Essentials Workshop

Topic#1

AWS Services (At a Glance)

Page 14: AWS TEchnical Essentials Workshop

AWS Console Overview

Page 15: AWS TEchnical Essentials Workshop

AWS Terminologies

EC2: Elastic Compute Cloud (Just Like Virtual Machine)

VPC: Virtual Private Cloud (Just like Private DataCenter)

ELB: Elastic Load Balancing (Just Like Network Load Balancing)

RDS: Relational Database Server (Just like MS SQL Server)

IAM: Identity & Access Management (Just Like Active Directory)

S3: Simple Storage Service (Just Like Google Drive, DropBox)

Page 16: AWS TEchnical Essentials Workshop

AWS Services

VPC: A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS cloud.

EC2: Amazon Elastic Compute Cloud (Amazon EC2) is a Computation service that provides resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

S3: highly-scalable, reliable, and low-latency data storage infrastructure at very low costs.

RDS: Amazon Relational Database Service ( RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the cloud.

Page 17: AWS TEchnical Essentials Workshop

AWS Services

EBS: An EBS volume behaves like a raw, unformatted, external block device that you can attach to a single instance and are not physically attached to the Instance host computer

AS: Auto Scaling helps to automatically increase the number of EC2 instances when the user demand goes up, and decrease the number of EC2 instances when demand goes down

ELB: ELB service helps to distribute the incoming web traffic (called the load) automatically among all the running EC2 instances

IAM: AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources for your users

Page 18: AWS TEchnical Essentials Workshop

AWS Service: VPC

Page 19: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

● A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS cloud.

● VPC allows you to select its IP address range, create subnets, and configure route tables, network gateways, and security settings.

● When you create a VPC, you specify the set of IP addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block. For e.g, 10.0.0.0/16, which allows 2^16 (65536) IP address available within the VPC

● It’s possible to specify a range of publicly routable IP addresses; direct access to the Internet is not currently supported from publicly routable CIDR blocks in a VPC

Page 20: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

Difference Between Region & Availability Zone

● Amazon EC2 is hosted in multiple locations world-wide. ● These locations are composed of regions and Availability Zones. ● Each region is a separate geographic area. ● Each region has multiple, isolated locations known as Availability Zones. ● Amazon EC2 provides you the ability to place resources, such as instances, and data in

multiple locations. Resources aren't replicated across regions unless you do so specifically.

Page 21: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

● CIDR block from private (non-publicly routable) IP address can be assigned to an VPC

10.0.0.0 – 10.255.255.255 (10/8 prefix)

172.16.0.0 – 172.31.255.255 (172.16/12 prefix)

192.168.0.0 – 192.168.255.255 (192.168/16 prefix)

Page 22: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

● It’s possible to specify a range of publicly routable IP addresses; direct access to the Internet is not currently supported from publicly routable CIDR blocks in a VPC

● CIDR block once assigned to the VPC cannot be modified● Each VPC is separate from any other VPC created with the same CIDR block even if it

resides within the same AWS account● VPC allows VPC Peering connections with other VPC within the same or different VPC

accounts

Page 23: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

VPC Deletion:

● Deletion of the VPC, possible only after terminating all instances within the VPC, deletes all the components with the VPC for e.g. subnets, security groups, network ACLs, route tables, Internet gateways, VPC peering connections, and DHCP options

Page 24: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC) Private IP Addresses

● Private IP addresses are not reachable over the Internet, and can be used for communication between the instances in your VPC

● All instances are assigned a private IP address, within the IP address range of the subnet, to the default network interface

● Primary IP address is associated with the network interface for its lifetime, even when the instance is stopped and restarted and is released only when the instance is terminated

● Additional Private IP addresses, known as secondary private IP address, can be assigned to the instances and these can be reassigned from one network interface to another

Page 25: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

Public IP address (Associated IP Address)

● Public IP addresses are reachable over the Internet, and can be used for communication between your instances and the Internet, or with other AWS services that have public endpoints

● Public IP address assignment to the Instance depends if the Public IP Addressing is enabled for the Subnet.

● Public IP address can also be assigned to the Instance by enabling the Public IP addressing during the creation of the instance, which overrides the subnet’s public IP addressing attribute

● Public IP address is assigned from AWS pool of IP addresses and it not associated with the AWS account and hence released when the instance is stopped and restarted

Page 26: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

Elastic IP address

●Elastic IP addresses are static, persistent public IP addresses which can be associated and disassociated with the instance, as required

● Elastic IP address is allocated at an VPC and owned by the account unless released● A Network Interface can be assigned either a Public IP or an Elastic IP. If you assign an

instance with Public IP an Elastic IP, the public IP is released● Elastic IP addresses can be moved from one instance to another and the instance can

be within the same VPC or different VPC within the same account● Elastic IP are charged for non usage i.e. if it is not associated or associated with a

stopped instance or an unattached Network Interface

Page 27: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

Elastic Network Interface (ENI)

● Each Instance is attached with default elastic network interface (Primary Network Interface eth0) and cannot be detached from the instance

● ENI has the following attributes○ Primary private IP address○ One or more secondary private IP addresses○ One Elastic IP address per private IP address○ One public IP address, which can be auto-assigned to the network interface

for eth0 when you launch an instance, but only when you create a network interface for eth0 instead of using an existing network interface

○ One or more security groups, A MAC address○ A source/destination check flag

Page 28: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

Internet Gateways

● An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic.

● An Internet gateway serves two purposes:○ To provide a target in your VPC route tables for Internet-routable traffic,○ To perform network address translation (NAT) for instances that have been

assigned public IP addresses.

Page 29: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

Enable Internet Access through Internet GW

● Attaching Internet gateway to the VPC● Subnet should have Route tables associated with the Route pointing to the Internet

gateway● Instances should have a Public IP or Elastic IP address assigned● Security groups and NACLs associated with the Instance should allow relevant traffic

Page 30: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

VPC Security

Security within a VPC is provided through

● Security groups – Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level

● Network access control lists (ACLs) – Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level

● Flow logs – Capture information about the IP traffic going to and from network interfaces in your VPC

Page 31: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

Subnets

● Subnet spans a Single Availability Zone, distinct locations that are engineered to be isolated from failures in other Availability Zones, and cannot span across AZs

● Subnet can be Public or Private and it depends on where it has the Internet connectivity i.e. is able to route traffic to the Internet through the Internet gateway

● Instances within the Public Subnet should be assigned a Public IP or Elastic IP address to be able to communicate with the Internet

● For Subnets not connected to the Internet, but has traffic routed through Virtual Private Gateway only is termed as VPN-only subnet

Page 32: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

NAT Overview

● Network Address Translation (NAT) devices, launched in the public subnet, enables instances in a private subnet to connect to the Internet, but prevent the Internet from initiating connections with the instances.

● Instances in private subnets would need internet connection for performing software updates or trying to access external services

● NAT device prevents instances to be directly exposed to the Internet and having to be launched in Public subnet and assignment of the Elastic IP address to all.

● NAT device performs the function of both address translation and port address translation (PAT)

Page 33: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

Bastion Host Overview

● Bastion means a structure for Fortification to protect things behind it● In AWS, a Bastion host (also referred to as a Jump server) can be used to securely

access instances in the private subnets.● Bastion host launched in the Public subnets would act as a primary access point from

the Internet and acts as a proxy to other instances.

Page 34: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

Bastion Host

Page 35: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

VPC Peering Overview

● A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses.

● Instances in either VPC can communicate with each other as if they are within the same network

● VPC peering connection can be established between your own VPCs, or with a VPC in another AWS account within a single region.

● AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck.

Page 36: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

VPC Peering Rules & Limitations

● VPC peering connection cannot be created between VPCs that have matching or overlapping CIDR blocks.

● VPC peering connection cannot be created between VPCs in different regions.● VPC peering connection are limited on the number active and pending VPC peering

connections that you can have per VPC.● VPC peering does not support transitive peering relationships ● VPC peering does not support Edge to Edge Routing Through a Gateway or Private Connection

Page 37: AWS TEchnical Essentials Workshop

Virtual Private Cloud (VPC)

Hands-On Lab:

● Create VPC with Public Subnet● Create Internet Gateway● Attached IGW● Create Route on Route table● Create Subnet● Add IGW Route on route Table● Test Internet Connectivity (By creating EC2 Instance)

Page 38: AWS TEchnical Essentials Workshop

AWS Service: EC2

Page 39: AWS TEchnical Essentials Workshop

Elastic Compute Cloud (EC2)

Items to discuss:

● EC2 Instance Type (T2, C2,M2)● EC2 AMI Machine types: On Demand, Spot & Reserved Instances● EBS VS Instance Store● AMI, Snapshot, Volumes

Page 40: AWS TEchnical Essentials Workshop

Elastic Compute Cloud (EC2)

EC2 Instance Types :

Instance are divided based on;● General Purpose (T2,M2 etc...)● Computation Optimized (C4)● Extreme Memory (X1 series)● Optimized memory (R3)● General purpose GPU (P2)● High GPU (G2)● Storage optimized (i2)● Dense Storage (D2)

Refer Link: https://aws.amazon.com/ec2/instance-types/

Page 41: AWS TEchnical Essentials Workshop

Elastic Compute Cloud (EC2)

Page 42: AWS TEchnical Essentials Workshop

Elastic Compute Cloud (EC2)

T2 Instances (General Purpose)

● T2 instances are well suited for○ general purpose workloads, such as web servers, developer environments, and

small databases● Requirements

○ can be launched only with HVM AMI○ can be launched into a VPC only, and not supported on the EC2-Classic platform○ are available as Amazon EBS-backed instances only○ are available as On-Demand or Reserved instances, but do not allow spot

instances○ By default, you can run up to 20 (soft limit) T2 instances simultaneously.○ cannot be launched as a Dedicated instance

Page 43: AWS TEchnical Essentials Workshop

Elastic Compute Cloud (EC2)

EC2 AMI Machine Types :

On Demand instance:● With On-Demand instances, you pay for compute capacity by the hour with no long-term commitments

or upfront payments. You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified hourly rate for the instances you use.

Spot Instances:● Amazon EC2 Spot instances allow you to bid on spare Amazon EC2 computing capacity

Reserved Instances:● Amazon EC2 Reserved Instances provide a significant discount (up to 75%) compared to On-Demand

pricing and provide a capacity reservation when used in a specific Availability Zone.

Page 44: AWS TEchnical Essentials Workshop

Elastic Compute Cloud (EC2)

EBS vs Instance Store:

EBS:● Amazon Elastic Block Store (Amazon EBS) provides persistent block level storage volumes

for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability

Instance Store:● An instance store provides temporary block-level storage for your instance. This storage is

located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.

Page 45: AWS TEchnical Essentials Workshop

Elastic Compute Cloud (EC2)

AMI, Volume & Snapshots

AMI:An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.

Volume:Volumes are EBS OR Instance Store

Snapshots:Snapshots are the copy of Volume tnat can be use to create a Backup of EBS/Instance Store ,& to create a new instance

Page 46: AWS TEchnical Essentials Workshop

Elastic Compute Cloud (EC2)

Hand-On Labs:

1. Create Windows Based EC2 Instance2. Create Security Group3. Open Ports In Security Group4. Create GP2 Based EBS Volume5. Create Key Pair to Login on an Instance6. Establish RDP Session for Newly created Instance

Page 47: AWS TEchnical Essentials Workshop

AWS Service: EC2

Page 48: AWS TEchnical Essentials Workshop

Simple Storage Service (S3)

Features:

● S3 is Simple Storage Service● Amazon S3 provides unlimited storage space and works on the pay as you use model.

Service rates gets cheaper as the usage volume increases● Amazon S3 is an Object level storage (not a Block level storage) and cannot be used to

host OS or dynamic websites● Amazon S3 resources (for example buckets and objects) are private by default●

Page 49: AWS TEchnical Essentials Workshop

Simple Storage Service (S3)

Buckets

● A bucket is a container for objects stored in Amazon S3 and help organize the Amazon S3 namespace.

● A bucket is owned by the AWS account that create it and helps identify the account responsible for storage and data transfer charges

● Amazon S3 bucket names are globally unique, regardless of the AWS region in which you create the bucket

● Even though S3 is a global service, Amazon S3 buckets are created within a region specified during the creation of the bucket

● Every object is contained in a bucket and there is no limit on the number of objects that a bucket can have

Page 50: AWS TEchnical Essentials Workshop

Simple Storage Service (S3)Objects:

● Objects are the fundamental entities stored in Amazon S3.● Object is uniquely identified within a bucket by a key (name) and a version ID.● Objects consist of object data, metadata and others

○ Value is Data portion is opaque to Amazon S3.○ Metadata is the data about the data and is a set of name-value pairs that

describe the object for e.g. content-type, size, last modified. You can also specify custom metadata at the time the object is stored.

○ Key is object name○ Version ID is the version id for the object and in combination with the key helps

to unique identify an object within a bucket○ Subresources helps provide additional information for an object○ Access Control Information helps control access to the objects stored in S3

Page 51: AWS TEchnical Essentials Workshop

Simple Storage Service (S3)

Hands On Lab:

● Create S3 Bucket● Create S3 Folder● Upload an object on S3 Bucket or Folder● Apply ACL on Object

Page 52: AWS TEchnical Essentials Workshop

AWS Service: EC2

Page 53: AWS TEchnical Essentials Workshop

Relational DataBase ServerFeatures:

● Amazon Relational Database Service ( RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the cloud.

● RDS provides cost-efficient, resizeable capacity for an industry-standard relational database and manages common database administration tasks.

● RDS features & benefits○ CPU, memory, storage, and IOPS can be scaled independently.○ manages backups, software patching, automatic failure detection, and recovery.○ automated backups can be performed as needed, or manual backups can be triggered as well.

Backups can be used to restore a database, and the Amazon RDS restore process works reliably and efficiently.

○ provides high availability with a primary instance and a synchronous secondary instance that you can failover seamlessly when a problem occurs.

Page 54: AWS TEchnical Essentials Workshop

Relational DataBase Server

Hand-On Lab:

● Create DB Subnet group● C reate RDS● Check AZ

Page 55: AWS TEchnical Essentials Workshop

AWS Service: EC2

Page 56: AWS TEchnical Essentials Workshop

Auto Scaling With ELB

Features:

● Auto Scaling helps to automatically increase the number of EC2 instances when the user demand goes up, and decrease the number of EC2 instances when demand goes down

● ELB service helps to distribute the incoming web traffic (called the load) automatically among all the running EC2 instances

● ELB uses load balancers to monitor traffic and handle requests that come through the Internet.● Auto Scaling dynamically adds and removes EC2 instances, while Elastic Load Balancing manages

incoming requests by optimally routing traffic so that no one instance is overwhelmed● Using ELB & Auto Scaling

○ makes it easy to route traffic across a dynamically changing fleet of EC2 instances○ load balancer acts as a single point of contact for all incoming traffic to the instances in an Auto

Scaling group.

Page 57: AWS TEchnical Essentials Workshop

AWS Service: EC2

Page 58: AWS TEchnical Essentials Workshop

Identity & Access Management

Features:

● AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources for your users.

● IAM is used to control○ Identity – who can use your AWS resources (authentication)○ Access – what resources they can use and in what ways (authorization).

● IAM can also keep your account credentials private.● With IAM, you can create multiple IAM users under the umbrella of your AWS account or enable

temporary access through identity federation with your corporate directory.● IAM also enables access to resources across AWS accounts.

Page 59: AWS TEchnical Essentials Workshop

Q & A Sessions

Any Questions

Page 60: AWS TEchnical Essentials Workshop

End of the Workshop

Thanks for join us.

For Details, Contact:

Name: Engr Muhammad Usman KhanPH: 92 332 2278144Email: [email protected]