AWS CLOUD COMPUTING UNIT_4

AWS & Networking:

--------------------------

Introduction to Amazon Web Services (AWS):

AWS is a cloud computing platform provided by Amazon that offers a wide range
of on-demand services, such as computing power, storage, databases, machine
learning, and more, through a pay-as-you-go pricing model.

It is designed to help individuals, businesses, and organizations scale their

operations without the need to invest heavily in physical infrastructure.
Key Features of AWSScalability:AWS allows users to scale resources up or down
based on their needs.Flexibility:Supports multiple programming languages,
operating systems, and frameworks.Global Reach:AWS has a global network of
data centers in various regions, ensuring low latency and reliability.Cost-
Effective:No upfront costs or long-term commitments. Users only pay for what
they use.Security:AWS provides advanced security features, including encryption,
compliance certifications, and network protection.

AWS Global Infrastructure:

AWS Global Infrastructure is a comprehensive network of data centers and

supporting systems that enable Amazon Web Services to provide reliable, scalable,
and secure cloud services to users worldwide.

It is designed to deliver high performance, low latency, fault tolerance, and

resilience to meet the needs of businesses of all sizes.Components of AWS Global
InfrastructureRegions:A Region is a physical location in the world where AWS has
multiple data centers.Each Region is geographically isolated and designed for fault
tolerance.Key Features:Each Region consists of multiple Availability Zones.Data
within a Region does not leave unless explicitly moved by the user.Examples of
Regions:US East (N. Virginia)Europe (Frankfurt)Asia Pacific
(Mumbai)Availability Zones (AZs):An Availability Zone is one or more discrete
data centers with independent power, networking, and cooling.Each Region
consists of multiple Availability Zones, usually 3 or more.AZs are connected
through low-latency, high-throughput, and redundant networking.Purpose:To
provide high availability and fault tolerance.Applications can be architected to
failover between AZs.Edge Locations:These are endpoints for AWS services used
for content delivery via Amazon CloudFront.Edge locations cache data closer to
end-users, improving performance and reducing latency.Use Cases:Static content
delivery.Media streaming.DNS resolution using Amazon Route 53.Local
Zones:Local Zones extend AWS services closer to large population centers or
industries that require low-latency access.They are ideal for latency-sensitive use
cases like gaming, live video streaming, and machine learning
inference.Wavelength Zones:Wavelength Zones are designed to bring AWS
services to the edge of 5G networks.These zones enable ultra-low latency
applications like augmented/virtual reality (AR/VR), real-time gaming, and
IoT.AWS Outposts:AWS Outposts bring AWS infrastructure and services on-
premises for a consistent hybrid experience.Ideal for workloads that require low
latency or need to remain on-premises for compliance or operational reasons.
Introduction to Google Cloud Platform (GCP)

Google Cloud Platform (GCP) is a suite of cloud computing services provided by

Google. It offers a wide range of infrastructure, platform, and software services
designed to help businesses build, deploy, and scale applications, websites, and
services.

GCP leverages Google's extensive global infrastructure and cutting-edge

technologies to deliver secure, reliable, and scalable solutions.Key Features of
GCPScalability and Performance:Built on Google’s private global network,
ensuring low latency and high-speed performance.Dynamic scalability to handle
workloads of any size.Open Source and Hybrid-Friendly:Strong support for open-
source technologies and hybrid cloud setups.Integration with Kubernetes, Apache
Spark, TensorFlow, and more.AI and Machine Learning:State-of-the-art AI/ML
tools powered by Google’s research.Pre-trained and customizable machine
learning APIs.Big Data and Analytics:World-class tools for managing and
analyzing large datasets.Advanced integration with BigQuery for real-time
analytics.Security:Industry-leading security features like data encryption at rest and
in transit, DDoS protection, and compliance with global standards.Core Services of
GCP1. Compute ServicesCompute Engine: Virtual machines for any
workload.Google Kubernetes Engine (GKE): Managed Kubernetes service for
containerized applications.Cloud Functions: Serverless execution of event-driven
code.Cloud Run: Fully managed container-based platform for stateless apps.2.
Storage and DatabasesCloud Storage: Scalable object storage for unstructured
data.Persistent Disks: Block storage for virtual machines.Cloud SQL: Fully
managed relational database (MySQL, PostgreSQL, and SQL Server).Firestore:
Serverless NoSQL document database for real-time data.Bigtable: NoSQL
database for high-throughput analytical workloads.3. NetworkingCloud Load
Balancing: Distributes traffic across instances and regions.Cloud CDN (Content
Delivery Network): Reduces latency by delivering content from edge
locations.Cloud Interconnect: High-speed connectivity to on-premises
infrastructure.4. Big Data and AnalyticsBigQuery: Serverless, highly scalable data
warehouse for analytics.Dataflow: Stream and batch data processing.Pub/Sub:
Real-time messaging for data streaming.Dataproc: Managed Apache Hadoop and
Spark for big data processing.5. AI and Machine LearningVertex AI: Unified AI
platform for building, deploying, and scaling machine learning models.Vision AI:
Image recognition and analysis.Natural Language AI: NLP tools for sentiment
analysis and language processing.AutoML: Custom machine learning models
without deep technical expertise.6. Developer and DevOps ToolsCloud Build:
Continuous integration and delivery.Artifact Registry: Secure repository for
container images and packages.Cloud Deployment Manager: Infrastructure as code
for resource deployment.7. Management and MonitoringOperations Suite
(formerly Stackdriver): Monitoring, logging, and diagnostics.Cloud Identity:
Manage user accounts and authentication.Global Infrastructure of GCPRegions and
Zones:GCP has 38+ regions and 100+ zones globally (and growing).Each region
has multiple zones for high availability.Users can deploy workloads in specific
regions to meet latency, availability, or compliance needs.Edge Locations:Used for
content delivery and caching, enabling fast response times for end-users.Integrated
with Google’s global fiber optic network for high-speed connectivity.Global
Network:Built on Google's private global backbone network, ensuring fast and
secure data transfers.Benefits of GCPHigh Performance:Powered by Google's
infrastructure, GCP offers exceptional speed and low latency.Cost Efficiency:GCP
offers flexible pricing models, including sustained-use discounts and per-second
billing.Integrated AI/ML:Simplifies access to Google’s advanced machine learning
and artificial intelligence capabilities.Hybrid and Multi-cloud Support:GCP’s
Anthos enables seamless application management across hybrid and multi-cloud
environments.Sustainability:GCP is committed to renewable energy and carbon-
neutral cloud operations.
Network Switches & Virtual Private Cloud (VPC):
Network switches and Virtual Private Clouds (VPC) are essential concepts in networking and
cloud infrastructure.
Comparison: Network Switches vs. VPC
AspectNet
work
Switches
Virtual
Private
Cloud
(VPC)Typ
ePhysical/
Hardware
deviceLog
ical/Virtu
al
NetworkS
copeOper
ates
within a
local
network
(LAN)Op
erates in
cloud
environm
entsContr
olManage
s data
flow
between
devicesM
anages
cloud
resources
and
connectivi
tyUse
CaseLAN
communic
ation,
VLAN
creationH
osting
cloud
applicatio
ns,
databases
Scalabilit
yLimited
to
hardware
capability
Scales
dynamical
ly with
cloud
resources
SecurityLi
mited to
VLANs
and
hardware
capabilitie
sAdvance
d features
like
Security
Groups,
ACLs

VPC and Subnets

1. Network Switches
A network switch is a hardware device that connects devices within a Local Area
Network (LAN) and facilitates communication between them.
Switches operate at the data link layer (Layer 2) or network layer (Layer 3) of the
OSI model.
Types of SwitchesUnmanaged Switches:Plug-and-play devices with no
configuration options.Suitable for small networks or home use.Managed
Switches:Offer advanced configuration, monitoring, and management
options.Suitable for enterprise networks.Layer 2 Switches:Operate at the data link
layer.Handle MAC addresses and frame switching.Layer 3 Switches:Operate at the
network layer.Can perform routing functions using IP addresses.PoE (Power over
Ethernet) Switches:Supply power and data to devices like IP cameras, phones, and
wireless access points through Ethernet cables.

2. Virtual Private Cloud (VPC)

A Virtual Private Cloud (VPC) is a logically isolated section of a public cloud that
allows users to launch resources in a virtual network they define.

It provides the flexibility and control of traditional network infrastructure with the
scalability of the cloud.
How a VPC Works
Create the VPC: Define the IP address range for the virtual network.
Set up Subnets: Divide the VPC into smaller subnets for better
organization.Configure Gateways and Routing:
Attach an Internet Gateway for public internet access.
Use NAT Gateways for private subnet internet access.
Set Security Controls: Apply Security Groups and Network ACLs to enforce
access rules.
Connect Resources: Launch and connect instances, databases, and services within
the VPC.Comparison: Network Switches vs. VPC
AspectNet
work
Switches
Virtual
Private
Cloud
(VPC)Typ
ePhysical/
Hardware
deviceLog
ical/Virtu
al
NetworkS
copeOper
ates
within a
local
network
(LAN)Op
erates in
cloud
environm
entsContr
olManage
s data
flow
between
devicesM
anages
cloud
resources
and
connectivi
tyUse
CaseLAN
communic
ation,
VLAN
creationH
osting
cloud
applicatio
ns,
databases
Scalabilit
yLimited
to
hardware
capability
Scales
dynamical
ly with
cloud
resources
SecurityLi
mited to
VLANs
and
hardware
capabilitie
sAdvance
d features
like
Security
Groups,
ACLs

IP addressing in AWS

IP Addressing in AWSAWS uses IP addresses to identify and communicate

between resources in its Virtual Private Cloud (VPC) and beyond.

IP addressing in AWS includes both public and private IP addresses, along with a
range of features to customize and manage IPs within your cloud network.Types of
IP Addresses in AWS
1. Private IP Addresses
Scope: Used for communication within a VPC (internal communication).
Assigned to: Instances in private or public subnets.
Characteristics:
Assigned from the CIDR range of the VPC.
Remains associated with the instance for its lifetime in the VPC.
Cannot be directly accessed from the internet.
Use Case: Communication between resources like databases, application servers,
or other services within the VPC.
2. Public IP Addresses
Scope: Used for communication over the internet.
Assigned to: Instances in public subnets (with an internet gateway attached).
Characteristics:
Automatically assigned to instances launched in a public subnet (if enabled).
Reassigned when the instance is stopped and started unless an Elastic IP is used.
Use Case: Allow public-facing resources, like web servers, to interact with external
systems or users.
3. Elastic IP Addresses (EIP)
Scope: Static, public IPv4 addresses that can be attached to or detached from
instances.
Characteristics:
Retain the same IP address even if the associated instance is stopped and
started.Limited to 5 EIPs per account per region by default (can request an
increase).
Use Case: Ensures consistent public IP addresses for applications requiring fixed
endpoints.

4. IPv6 Addresses
Scope: Globally unique addresses used for internet or inter-region communication.
Characteristics:
Supports CIDR blocks with IPv6 addressing in VPCs.
IPv6 addresses are automatically public, but security controls can restrict their use.
Use Case: Applications requiring modern, large-scale, and globally unique IPs.
Subnet IP Addressing
A VPC CIDR block defines the range of IP addresses available for the entire VPC.

Subnets divide the VPC into smaller IP ranges.VPC CIDR Block:Specified during
VPC creation (e.g., 10.0.0.0/16).
Must be within the private IP address ranges as defined by RFC 1918:
10.0.0.0 – 10.255.255.255 (/8)172.16.0.0 – 172.31.255.255 (/12)192.168.0.0 –
192.168.255.255 (/16)
You can associate additional CIDR blocks with the VPC (up to 5) for
expansion.Subnet CIDR Blocks:Each subnet is assigned a portion of the VPC
CIDR range.
Example: If the VPC CIDR is 10.0.0.0/16, subnets could be:

10.0.1.0/24 (Public Subnet)10.0.2.0/24 (Private Subnet)

Subnets can either be public (with a route to an internet gateway) or private (no
internet access).Reserved IPs in Subnets: AWS reserves the following IP addresses
in each subnet for internal purposes:.0: Network address..1: Reserved by AWS for
the VPC router..2: Reserved for AWS DNS..3: Reserved for future use..255:
Broadcast address.Routing with IP AddressesRoute Tables:Control where network
traffic is directed within a VPC.
Example rules:
Route traffic within a VPC (local route).
Direct traffic to the internet via an Internet Gateway (e.g., 0.0.0.0/0).
Send private traffic to a VPN or Direct Connect gateway.NAT Gateway/IP:Allows
private instances to access the internet without exposing their private IP addresses.
Assigned a public IP, which is used for outbound communication.
IPv6 in AWS
AWS supports IPv6 for VPCs, subnets, and instances:
IPv6 CIDR blocks are assigned in addition to the IPv4 block.
IPv6 addresses are public by default, but security controls (Security Groups and
Network ACLs) restrict their access.Security for IP AddressingSecurity
Groups:Virtual firewalls that control inbound and outbound traffic at the instance
level.Rules can allow/deny traffic based on IP ranges.
Example: Allow traffic from 10.0.0.0/16 (VPC range).Network Access Control
Lists (NACLs):Subnet-level rules to allow/deny traffic based on IP ranges.
Useful for additional security layers.VPC Peering and Transit Gateway:Enable
private communication between VPCs using private IPs.
No public IPs are required for inter-VPC communication.

AWS Security Groups

A Security Group in AWS acts as a virtual firewall that controls inbound and
outbound traffic for Amazon EC2 instances or other resources.

It provides fine-grained control over which types of traffic are allowed to and from
a resource based on protocols, ports, and IP addresses.Key Features of Security
GroupsInstance-Level Security:
Security Groups are attached to individual EC2 instances or other AWS resources
(e.g., RDS, Lambda with VPC integration).Stateful Rules:Inbound rules
automatically allow responses to outbound traffic, and vice versa.No need to define
separate rules for return traffic.Default Deny:By default, all inbound and outbound
traffic is denied. You must explicitly allow traffic using rules.Multiple
Attachments:An EC2 instance or resource can have multiple Security Groups
attached.Dynamic Rule Updates:Changes to Security Group rules are applied
immediately, without requiring resource restarts.Components of a Security
GroupInbound Rules:
Define which incoming traffic is allowed.
Example: Allow HTTP (port 80) traffic from any IP address.Outbound Rules:
Define which outgoing traffic is allowed.
Example: Allow all outbound traffic by default.Protocol and Port:Protocols
supported: TCP, UDP, ICMP, or custom.
Specify port ranges (e.g., 22 for SSH, 80 for HTTP).Source or Destination:Source:
For inbound rules, define the traffic origin.
Destination: For outbound rules, define the traffic target.
Can specify IP ranges (0.0.0.0/0 for all IPv4, ::/0 for all IPv6) or other Security
Groups.Default Security Group
Every VPC includes a default Security Group.
Default behavior:
Allows all inbound traffic from resources within the same Security Group.Allows
all outbound traffic.Denies all other inbound traffic.Creating a Security
GroupDefine Name and Description:Provide a meaningful name and description
for easy identification.Assign to a VPC:Security Groups are specific to a VPC.
Ensure it's created in the appropriate VPC.Add Rules:Define inbound and
outbound rules based on your application's requirements.
EC2 instance types?

Amazon EC2 Instance Types

Amazon Elastic Compute Cloud (EC2) provides virtual servers (instances) to meet
a wide range of workloads.

Instances are categorized into different families based on their performance

characteristics and intended use cases.1. General Purpose Instances
Use Case:
Balanced compute, memory, and networking for diverse workloads like web
servers, app servers, small databases, and development environments.
Instance Types:t-Series (Burstable Performance):Examples: t4g, t3, t2
Features: Burstable CPU performance for spiky workloads. Economical for low-
usage scenarios.
Use Cases: Development/test environments, microservices, low-traffic websites.m-
Series (Balanced):Examples: m6g, m5, m4
Features: Balanced compute, memory, and storage.
Use Cases: Medium-sized databases, web applications, backend servers.2.
Compute-Optimized Instances
Use Case:
High-performance compute applications requiring significant CPU
resources.Instance Types:
c-Series:
Examples: c7g, c6g, c5, c4
Features: High CPU-to-memory ratio.
Use Cases: Batch processing, gaming, media transcoding, high-performance
computing (HPC), machine learning inference.3. Memory-Optimized Instances
Use Case:
Applications requiring large amounts of memory for high performance, such as in-
memory databases or big data processing.
Instance Types:r-Series (High Memory):Examples: r6g, r5, r4
Features: High memory-to-CPU ratio.
Use Cases: In-memory databases, caching, real-time big data analytics.x-Series
(Extreme Memory):Examples: x2idn, x1e
Features: Massive memory capacity.
Use Cases: SAP HANA, high-performance databases.z-Series (High
Frequency):Examples: z1d
Features: High memory with high CPU frequency.
Use Cases: Electronic design automation (EDA), relational databases.4. Storage-
Optimized Instances
Use Case:
Applications requiring high, low-latency, and sequential read/write access to local
storage.
Instance Types:i-Series (High IOPS SSD Storage):Examples: i3, i4i
Features: High random I/O performance.
Use Cases: NoSQL databases, file systems, OLTP databases.d-Series (Dense
Storage):Examples: d3, d2
Features: High storage capacity with HDDs.
Use Cases: Data warehousing, distributed file systems.h-Series (High-Density
HDDs):Examples: h1
Features: Low-cost, high-capacity HDD storage.
Use Cases: Data lakes, backup storage.5. Accelerated Computing Instances
Use Case:
Applications that require GPUs or FPGAs for parallel computations, AI/ML
training, or 3D rendering.
Instance Types:p-Series (GPU for Machine Learning/Deep Learning):Examples:
p4, p3
Features: High-performance GPUs.
Use Cases: AI/ML training, HPC, financial modeling.g-Series (GPU for
Graphics/Inference):Examples: g5, g4
Features: GPUs optimized for graphics and machine learning inference.Use Cases:
Video rendering, game streaming, ML inference.
f-Series (FPGA-Optimized):Examples: f1
Features: Field Programmable Gate Arrays (FPGAs).
Use Cases: Custom hardware acceleration, genomics research.6. High-
Performance Computing (HPC) Instances
Use Case:
Workloads requiring extremely high compute performance, including complex
simulations and large-scale data analysis.
Instance Types:
hpc-Series:
Examples: hpc6a
Features: Optimized for HPC with high network bandwidth.
Use Cases: Weather modeling, seismic analysis, computational fluid dynamics.7.
Instance Pricing Models
AWS EC2 instances offer different pricing models to match various use cases and
budgets:
On-Demand: Pay for compute capacity by the hour/second.
Ideal for short-term workloads.
Reserved Instances: Commit to 1 or 3 years for cost savings.
Suitable for predictable workloads.
Spot Instances: Use unused EC2 capacity at reduced prices.Best for fault-tolerant,
flexible applications.
Savings Plans: Commitment-based pricing for consistent workloads.Dedicated
Hosts: Physical servers for compliance or licensing needs.
Amazon EC2 Pricing Models
Amazon EC2 offers several pricing models to give flexibility and cost-efficiency
for running workloads.

Each pricing model is tailored to specific use cases, helping you optimize costs
based on workload duration, predictability, and flexibility.1. On-Demand Instances
What it is:
Pay for compute capacity by the second or hour, with no long-term
commitments.Charged based on the type and size of the instance, and the region.
Use Cases:Short-term, spiky, or unpredictable workloads that cannot be
interrupted.
Development and testing environments.
Applications with uncertain or fluctuating demand.

Advantages:
No upfront payments or long-term contracts.
Ideal for flexibility and ease of use.
Best for workloads that start and stop frequently.
Disadvantages:
Highest cost per hour compared to other models.2. Reserved Instances (RIs)
What it is:
Commit to a 1-year or 3-year term to receive significant discounts (up to 72%)
compared to On-Demand pricing.
Options:
Standard RIs: Largest savings, less flexibility to change instance types.
Convertible RIs: Moderate savings with flexibility to change instance types or
families.
Scheduled RIs: Set instances to run on a defined schedule (e.g., 9 AM to 5 PM,
Monday to Friday).
Use Cases:
Steady-state or predictable workloads (e.g., always-on databases or web servers).
Applications with known usage patterns.Advantages:
Significant cost savings for predictable workloads.Reserved capacity in your
selected region.
Disadvantages:
Less flexibility due to upfront commitment.
May not be ideal for applications with fluctuating demand.3. Spot Instances
What it is:
Purchase unused EC2 capacity at up to 90% discount compared to On-Demand
pricing.
Spot prices fluctuate based on supply and demand.
Use Cases:
Fault-tolerant, flexible, and stateless applications.
Batch jobs, big data analytics, CI/CD pipelines, and rendering.
Machine learning model training.
Advantages:
Extremely cost-effective for interruptible workloads.
Great for scaling applications affordably.
Disadvantages:
Instances can be interrupted by AWS with 2 minutes' notice if capacity is needed.
Not suitable for critical or stateful applications unless properly managed.4. Savings
Plans
What it is:
Flexible pricing model offering lower costs in exchange for a commitment to a
consistent amount of compute usage (e.g., $10/hour) over a 1-year or 3-year term.
Types:Compute Savings Plan: Discounts apply to any instance type, size, or
region, including Fargate and Lambda.
EC2 Instance Savings Plan: Discounts apply only to the specific instance type and
region.
Use Cases:
Workloads that run consistently but require some flexibility in instance types or
regions.
Applications migrating from Reserved Instances.
Advantages:
Lower costs compared to On-Demand instances.
More flexibility than Reserved Instances.
Disadvantages:
Requires a usage commitment.5. Dedicated Hosts
What it is:
Physical servers dedicated to your use, providing visibility and control over
hardware.Useful for meeting compliance, regulatory, or software licensing
requirements.
Use Cases:
Applications requiring dedicated physical hardware.
Workloads with BYOL (Bring Your Own License) requirements.
Advantages:
Full control of hardware allocation.
Helps meet strict compliance or licensing rules.
Disadvantages:
Higher costs compared to shared infrastructure.6. Dedicated Instances
What it is:
Instances run on single-tenant hardware (isolated physical servers).
Unlike Dedicated Hosts, you don’t get control over the underlying host.
Use Cases:
Applications needing single-tenant isolation without requiring full host control.
Some compliance-sensitive workloads.
Advantages:
Physical isolation from other AWS customers.
Easier setup compared to Dedicated Hosts.Disadvantages:
Higher costs than shared instances.7. Spot Fleet
What it is:
Combines multiple Spot Instances with On-Demand instances to maintain a certain
capacity.
AWS automatically manages the fleet based on cost and availability.Use Cases:
Applications requiring a mix of cost efficiency and availability.Scalable workloads
like data processing and machine learning.
Advantages:
Optimized cost-efficiency with automatic scaling.
Mixes Spot and On-Demand instances for reliability.8. Free Tier
What it is:
New AWS customers can access free EC2 resources for 12 months:
750 hours per month of t2.micro or t3.micro instances (Linux/Windows).Includes
storage and networking.
Use Cases:
Testing and experimenting with AWS services.
Small-scale, low-traffic applications.Advantages:
No cost for eligible workloads under limits.
Helps users explore AWS offerings risk-free.
Disadvantages:
Limited to specific instance types and durations.
End of Unit-4