Introduction to AWS Cloud Infrastructure 

Welcome to our first blog post in an ongoing series titled Mastering AWS Cloud Infrastructure. We’re excited to take you on a journey through the world of AWS, where you’ll discover how this powerful platform can transform your business. 

 

Overview of AWS Cloud Infrastructure 

AWS started its journey back in 2006, offering just two services: Simple Storage Service (S3) and Elastic Compute Cloud (EC2). Fast forward to today, and AWS boasts over 200 services, each designed to help businesses innovate and grow. 

 

 

AWS’s global reach is impressive, with 36 geographical locations worldwide and more on the way. Let’s explore the key components of AWS’s Global Infrastructure: 

 

  • Regions: Physical locations around the world where AWS clusters its data centres. 
  • Availability Zones: Independent data centres within a region, each with fully redundant power, networking, and connectivity. 
  • Regional Edge Caches: Strategically placed locations with increased storage to serve CloudFront Edge locations. 
  • CloudFront Edge Locations: Points of presence for AWS’s Content Delivery Network, bringing your services closer to your users. 
  • Local Zones: AWS locations for hosting applications that require ultra-low latency or local data processing. 
  • Wave Length Locations: Multi-tenant services hosted in trusted telecommunication facilities. 

 

These infrastructure elements work together to provide a robust, flexible, and scalable environment for your applications. Whether you need fault-tolerant hosting, low-latency access, or specialised local processing, AWS has you covered. 

 

The Benefits of using AWS Cloud Infrastructure 

 

There are many benefits of using AWS Cloud Infrastructure. Let’s dive into some of these: 

 

Speed and Agility 

  • Rapid Provisioning – Imagine being able to launch your applications and services in no time. AWS Infrastructure allows for rapid provisioning and deployment, enabling faster go-to-market. 
  • Wide Range of Services – AWS offers a vast array of services, allowing businesses to experiment and innovate without the need for extensive infrastructure. 

 

Scalability 

 

  • Auto Scaling – Automatically adjusts compute capacity based on demand, helping businesses maintain performance while minimising costs. Scaling is not just limited to compute elements; services such as Internet Gateway and NAT Gateway scale in the background as your demand grows with no intervention required from you. 
  • Distribute the Load – AWS provides many services with inbuilt features to help share the load across your applications as your environment grows. Services such as Elastic Load Balancers, Global Accelerator, Route 53 DNS, and RDS Read Replicas are all elements that can help as you scale. 

 

Security 

 

  • Identity and Access – AWS provides layers of security policies to keep your environment safe and secure, from Security Control Policies (SCPs) to centrally govern permissions across all accounts, Identity Access Management (IAM) Users, Roles, and Policies defining who can carry out actions within the environment, to Resource Policies applied to services to add additional layers of protection. 
  • Comprehensive Security Monitoring – Services such as Guard Duty and Inspector carry out threat detection and vulnerability management across your entire AWS environments, allowing for centralised management and automated responses to incidents detected. 

 

Reliability 

 

  • High Availability – AWS’s infrastructure is designed to be highly available, with multiple data centres in each region to ensure redundancy and fault tolerance. To get the best service for your applications, AWS services have high availability built-in by default. When combined with AWS prescriptive guidance and high-quality design, these services can create highly available and fault-tolerant applications for your users and customers. 
  • Disaster Recovery Scenarios – With services such as AWS Backup and Elastic Disaster Recovery, AWS helps you recover whether it’s your services in AWS, recovering services from on-premises to AWS, recovering from another cloud, or recovering between AWS regions. These services work to meet your RPO/RTO targets and aid in your Business Continuity plans. 

 

Innovation 

 

  • Leading Edge Technologies – AWS is at the forefront of services involving leading-edge technologies, whether that’s ML/AI, IoT, Data Processing, or Edge Computing. They are always investing and bringing these services to their customers, and with on-demand pricing, customers can experiment to see if these services bring value to their business and customers. 
  • Continuous Development of Services – AWS is continually developing and improving their services based on feedback from customers and partners, allowing for a great user experience and ensuring services deliver for your business and customers. 

 

Cost Savings 

 

  • Push to Cloud Native – Cloud and cost savings can be a contentious subject when put together. While it is possible to make savings by moving to the cloud, many companies don’t realise this due to a lack of modernisation towards cloud-native services. While options such as Savings Plans and Right Sizing will yield some cost savings in the long run, there is far more optimisation needed to truly realise cost savings at their most effective. 
  • FinOps Culture – To truly be successful in ensuring you get the best ROI from your cloud spend, you need to adopt and embrace a FinOps culture across your organisation. Using the AWS Cost & Billing tools is a great start, and ensuring you have cost control as one of the foundations of your environment governance means you will not have spiralling cloud costs. As the environment grows, our recommendation would be to adopt a dedicated FinOps tool such as IBM’s Apptio Cloudability. 

 

Key Components of AWS Cloud Infrastructure 

 

Let’s have a look at what services make up the key components of AWS Cloud Infrastructure. 

 

Compute 

 

The AWS Compute services are made up of a few different services. The most known and loved is Amazon EC2. This is where you deploy VM-type servers hosting your applications and services. They come in a variety of different instance family types that offer various CPU and memory setups as well as other optimised features. For example, AWS HPC instance family are instances designed for High Performance Computing and will have both high CPU and memory allocations as well as access to high-speed network interfaces and bandwidth. 

 

Next is Elastic Container Service (ECS) and Elastic Kubernetes Service (EKS). If you want to operate containers and architect microservices, then these services will be well placed in your environment. These services both offer two modes of operation. The first is nodes and clusters built on EC2 instances. The services will operate on instances in your environment for customers who want to customise the underlying environment. The second is called Fargate. This is deemed a ‘serverless’ option, and the compute element is taken care of by AWS. You only pay for the resources required to run your containers. 

 

Last but not least is AWS Lambda. This is AWS’s serverless compute service where you can create functions with code from popular programming languages such as Python, Go, Ruby, etc. All of the compute elements are taken care of by AWS, so there is nothing for you to manage. Lambda does have limitations and is not recommended for every situation, but it does lend itself very well to event-driven architectures that require short (less than 15 minutes) processing events to occur. Lambda basic billing is relatively simple as it is based on the number of invocations of the function and its duration, which when used in the right circumstances can really provide cost savings over having an EC2 instance running 24/7. 

 

Storage 

 

AWS’s storage options are split into three main categories: Object Storage, Block Storage, and File Storage. Object Storage is provided through AWS’s oldest service, Amazon S3. Your objects are held in buckets and are stored across a minimum of three availability zones across multiple devices to ensure high durability and availability. 

 

Block Storage is provided by Elastic Block Storage (EBS). These are virtual disks you create to attach to your EC2 instances to hold O/S and local data drives. They come in multiple performance options, from standard general-purpose offerings through to high-performance provisioned throughput options depending on your needs. 

 

File Storage is provided by two services: Amazon Elastic File System (EFS) and Amazon FSx. Both of these services provide network file storage. Amazon EFS is only suitable for OS’s that support the NFS Protocol. EFS scales as you use it, and the data stored grows, meaning you only pay for what you use. Amazon FSx has some wider scope for use. FSx can support these four file systems: NetApp ONTAP, OpenZFS, Windows File Server, and Lustre, all for different use cases. 

 

Most of the services above (apart from EBS) have the ability to move your data into different storage classes depending on their requirements. For instance, if you are storing backups in an S3 bucket that are rarely accessed, you can transition them from standard storage classes to more long-term storage classes where the cost of storage is less. 

 

Databases 

 

AWS provides a number of Managed Database Services, covering Relational Databases, NoSQL Databases, Graph Databases, Document Databases, Time-Series Databases, and Data Warehouse Databases. The relational databases support the following engines: MySQL, PostgreSQL, MariaDB, SQL Server, and Oracle BYO. 

 

The services are fully managed by AWS, which means that they take care of all the patching and maintenance for you. High availability is available if your application requires it. 

 

Of course, if a managed database is not suitable for your application, you still have the option of running your database on EC2 instances as you would in a traditional environment. 

 

Networking 

 

The networking components are designed to provide secure, scalable, and high-performance connectivity for your applications. At the core of AWS networking is Amazon Virtual Private Cloud (VPC), which allows you to create isolated networks within the AWS cloud, complete with customisable IP address ranges, subnets, route tables, and network gateways. Connectivity between accounts can be accomplished in various ways, from traditional routing setups with services such as Transit Gateway, or if non-transitive, then VPC Peering. For service isolation, AWS PrivateLink could provide the ability to expose your application to other accounts and users without providing access directly to your infrastructure. 

 

AWS also offers Elastic Load Balancing (ELB) to distribute incoming traffic across multiple targets, ensuring optimal performance and availability. ELBs come in three flavours: Application Load Balancer, which is for web applications; Network Load Balancer, when you need ultimate speed and performance; and Gateway Load Balancers. However, Gateway Load Balancers are not used to load balance application traffic; they are used to send traffic to third-party appliances such as firewalls and proxies, etc. ALB and NLB can be configured as internal (non-Internet facing) and external (Internet facing). 

 

Connecting into AWS from external locations such as on-premises, you have the options of Direct Connect, which is a dedicated connection to AWS with enhanced bandwidth capabilities and reduced latency. Alternatively, for customers that don’t warrant a full dedicated connection to AWS, there is the option of AWS site-to-site VPN for connection back to your on-premises locations. Both options offer static and dynamic routing capabilities depending on the needs of your network requirements. 

 

Security 

 

The security component of AWS Cloud Infrastructure is designed to provide robust protection for your applications and data. AWS offers a comprehensive suite of security services, including KMS encryption, Identity and Access Management, and compliance with industry standards such as PCI-DSS. 

 

AWS Identity and Access Management (IAM) is split into two parts: User Management and Access Management. User Management is where you define your users that you want to grant access to AWS and user groups, the grouping of users into logical groups. As part of this, you also have IAM Roles. These are used to allow AWS services to access other AWS services. For example, you may attach an IAM Role to an EC2 instance to allow it to access the S3 service. Access Management is where you define the permissions policies that are applied to users, user groups, and roles, and define what services can be accessed and what actions can be taken against those services. 

 

Amazon GuardDuty is an intelligent threat detection service that continuously monitors your AWS accounts for unusual activities, such as malicious API calls or unauthorised access attempts. It leverages machine learning and threat intelligence to provide accurate and actionable findings. 

 

Amazon Inspector, on the other hand, is a vulnerability management service that assesses your EC2 instances and container images for potential security issues. It identifies vulnerabilities and provides recommendations for remediation, helping you maintain a secure environment. 

 

AWS Security Hub centralises and prioritises security findings from services like GuardDuty and Inspector, offering a unified view of your security posture. Together, these services enable centralised management and enhance the security of your AWS infrastructure, ensuring that your applications and data are protected against threats.