UNIT III AWS CLOUD PLATFORM

- IAAS
Amazon Web Services: AWS Infrastructure- AWS API- AWS Management Console - Setting up
AWS Storage - Stretching out with Elastic Compute Cloud - Elastic Container Service for
Kubernetes- AWS Developer Tools: AWS Code Commit, AWS Code Build, AWS Code Deploy,
AWS Code Pipeline, AWS code Star - AWS Management Tools: Cloud Watch, AWS Auto
Scaling, AWS control Tower, Cloud Formation, Cloud Trail, AWS License Manager

AWS Infrastructure:
 AWS global infrastructure is the most secure, reliable, and extensive cloud, providing diverse
infrastructure solutions for running your applications anywhere.
 With three Availability Zones (AZs) per Region and optimized data centers, AWS global
infrastructure maximizes resilience, performance, and innovation.
 Amazon Web Services provides the most extensive global footprint compared to any other
cloud providers in the market, opening up new regions faster than others.
 AWS maintains numerous global geographic regions, from North America, South America,
Europe, Asia Pacific, and the Middle East. AWS serves a million active customers in more than
190 countries.
 AWS can support this massive workload, Global Cloud Infrastructure which consists of
Availability Zones, Regions, and Edge Networks.
1. AWS provides us an infrastructure with data centers which are available globally all over the
world.
2. AWS provides us a facility of multiple availability zone also if in case one availability zone
fails another availability zone carry the workload and continue our work this is the main
benefit of global infrastructure of AWS.

Components Of AWS Global Infrastructure

1. Data Center
 A data center is a physical facility that hosts servers, networking equipment, and storage
systems.
 Running applications across multiple data centers improves availability and fault tolerance.
 If one data center fails, workloads can continue running in another location.
 Data centers can also cache content to improve response times for global users.

2. Availability Zone (AZ)

 AWS Availability Zones (AZs) are physically separate data centers within an AWS Region.
  Each AZ includes one or more data centers with independent power, networking, and
connectivity.
 AZs are connected through low-latency, high-throughput networks with encrypted traffic.
 A Region contains multiple AZs to ensure high availability and fault tolerance.
 Many AWS services replicate data across AZs to protect against failures and outages.
 123Availability Zones, 43Local Zones & 33 Wavelength Zones for low latency
applications

3. Point-of-Presence
 AWS Global Infrastructure includes a globally distributed network of Points of Presence
(PoPs), which consist of Edge Locations and Regional Edge Caches.
 750+ CloudFront POPs and 15 Regional edge caches

 Primary Function: PoPs serve as the "front door" for AWS edge services like Amazon
CloudFront (CDN), AWS Global Accelerator, and Amazon Route 53 (DNS).
 Edge Caching: They deliver content with ultra-low latency by caching data closer to end
users. If a requested file is in the Edge Location, it is served immediately without hitting the
origin server.
 Regional Edge Caches: These sit between Edge Locations and your origin server. They have
larger caches to hold content that isn't popular enough for every Edge Location but still needs
to stay close to users to reduce origin load.
 Security at the Edge: PoPs also provide a first line of defense, hosting services like AWS
Shield (DDoS protection) and AWS WAF, which filter malicious traffic before it ever
reaches your VPC.
4. Region
 A Region is a physical location in the world where AWS has multiple Availability Zones.
When managing resources, you must understand the "Context" of the tool you are using.
 39launched Regions each with multiple Availability Zones.

Management Context:
 In the Console, CLI, or SDK, you typically specify a Target Region (e.g., us-east-1).
 For Global services (like IAM), the Region selector will automatically switch to
"Global."

Selection Criteria:
 Proximity: Minimize latency by choosing Regions closest to your user base.
 Compliance: Meet data residency laws (e.g., GDPR or GovCloud for sensitive US
government data).
 Service Availability: Not all services are available in every Region (e.g., new AI services
often land in us-east-1 first).
 Cost Optimization: Pricing varies by Region. For example, us-east-1 is often cheaper than
ap-south-1 (Mumbai).
5. Edge Locations
 Edge locations are part of the AWS Content Delivery Network and are designed for low-
latency, high-throughput content delivery.
 They are globally distributed and use Amazon’s high-speed network to cache content close to
end users.
 Services that use edge locations include Amazon CloudFront and Lambda@Edge for content
caching and edge computing.
 AWS follows a pay-as-you-go model, with free data transfer from AWS origins (such as S3,
EC2, and ELB) to edge locations, and charges only for data transferred out to users.
 Cached content is served from the nearest edge location, reducing latency and cost compared
to delivering content directly from the origin server.

6. Regional Edge Cache

 A Regional Edge Cache sits between AWS edge locations and origin servers in the
CloudFront CDN.
 It caches larger or less frequently accessed objects that may not be stored at edge locations.
 When content isn’t in an edge cache, it is retrieved from the regional edge cache, improving
delivery efficiency and reducing latency.

Benefits Of AWS Infrastructure

Availability:
 AWS regions are isolated and consist of multiple Availability Zones (AZs), enabling high
network availability.
Performance:
 AWS infrastructure is optimized for high performance, offering low latency, minimal packet
loss, and high-quality networking through a redundant 400 GbE fiber backbone.
Flexibility:
 AWS infrastructure allows flexible workload deployment across regions, AZs, Local Zones,
and Wavelength.
Scalability:
 AWS enables businesses to leverage scalable cloud infrastructure for high adaptability.

AWS Infrastructure as A Service

 Infrastructure as a Service (IaaS) is a cloud computing model that provides IT infrastructure,
including computing power, storage, and networking resources, on a pay-per-use basis via the
internet.
 With IaaS, you can provision and configure the necessary resources to run your applications and
systems.
 While you handle the deployment, management, and maintenance of your applications, the IaaS
provider takes care of the underlying physical infrastructure.
 This model offers flexibility and control over your IT resources, allowing for efficient cost
management.

Importance Of Infrastructure As A Service

 IaaS lets businesses scale computing resources while reducing IT costs.
  Instead of buying and maintaining physical servers, companies can rent flexible infrastructure
from cloud providers like AWS.
 This approach handles fluctuating demand and leverages global data centers for scalable, reliable
computing.

Infrastructure As a Service Working

Here's how IaaS works and why AWS infrastructure is significant:
1. Virtualization:
IaaS providers create virtual versions of physical hardware (e.g., servers, storage) that function like
actual devices but are managed in the cloud.

2. Flexible and Scalable:

 IaaS enables dynamic scaling based on current demand. During high-traffic periods like
holidays, businesses can easily scale up their resources without investing in additional
hardware.
 When traffic subsides, they can scale back down to minimize costs.

3. Managed Services: Beyond providing infrastructure, IaaS providers offer various management
services such as:
 Monitoring & Logging: Ensures system performance is tracked, and any anomalies are
flagged.
 Security Management: Applies consistent security policies across all components to protect
data and systems.
 Automation: Includes automated policies for backups, disaster recovery, and load balancing
to enhance reliability.

AWS API
 Amazon API Gateway is a fully managed service that makes it easy for developers to create,
publish, maintain, monitor, and secure APIs at any scale.
 It acts as the "front door" for applications to access data, business logic, or functionality from
your backend services, such as code running on AWS Lambda, applications on Amazon EC2, or
data stored in databases.
 In modern cloud architecture, API Gateway is the glue that holds microservices together,
handling the heavy lifting of accepting and processing up to hundreds of thousands of concurrent
API calls.

API Gateway Working

 At its core, API Gateway sits between your client applications (mobile apps, websites, IoT
devices) and your backend services.
 1. Client Request: A user sends a request (e.g., GET /users/123) to your API Gateway
endpoint.
2. Gateway Processing: API Gateway handles traffic management, authorization, access
control, monitoring, and API version management.
3. Backend Routing: It routes the request to the appropriate backend service (e.g., triggers a
Lambda function or calls an EC2 instance).
4. Response: The backend processes the request and returns a response to API Gateway, which
then forwards it back to the client.
The Three Types of API Gateways
 Choosing the right API type is the first and most important decision you will make. AWS offers
three distinct types:

Feature HTTP API REST API WebSocket API

Serverless Enterprise applications,

Real-time apps (chat,
Best For workloads, simple complex features, public
live dashboards).
microservices. monetization.

Protocol HTTP/1.1 HTTP/1.1 WebSocket

Lowest Latency
Higher latency (due to Persistent, bidirectional
Performance (optimized for
feature overhead). connection.
speed).

Cheapest
More Expensive Metered by connection
Cost (~$1.00/million
(~$3.50/million requests). minutes + messages.
requests).

API Keys, Usage Plans, Push notifications,

Key Native OIDC/OAuth,
WAF integration, real-time 2-way
Features CORS, auto-deploy.
Caching, Private APIs. communication.

Key Features & Benefits

 1. Traffic Management: API Gateway handles traffic spikes for you. You can set throttling
rules to limit the number of requests a user can make per second to protect your backend from
being overwhelmed.
2. Authentication: Easily integrate with AWS Cognito, Lambda Authorizers, or IAM roles to
control who can access your API.
3. Validation: Validate incoming requests parameters (e.g., ensure userId is a number) before
they even hit your backend.
4. Monitoring: Seamlessly integrates with Amazon CloudWatch to provide detailed metrics on
latency, error rates, and data transfer.
5. Versioning: You can run multiple versions of the same API simultaneously (e.g., v1 and v2),
allowing you to safely migrate clients to new features.
6. Serverless Integration: It is the standard way to expose AWS Lambda functions as HTTP
endpoints.
Amazon API Management Components
Following are some Amazon API Management Components that you need to be familiar with to get a
better understanding.
 HTTP (Hyper Text Transfer Protocol) API is an application layer protocol that helps to
communicate over the World Wide Web to get the data.
 REST (Representational State Transfer) API takes the HTTP standards to perform
operations of GET, POST, PUT, PATCH, and DELETE on the data.
 WebSocket is a device communication protocol that provides point-to-point system
communication channels over a single TCP.
 It enables stateful, full-duplex communication between client and server.
Features of Amazon API Gateway
1. API creation and deployment: Creating different types of APIs and managing them will be
very easy.
2. Authorization and access control: With the help of IAM roles, IAM policies, and custom
authorizers you can achieve authorization and control mechanisms that API Gateway offers
for your APIs.
3. Traffic management: Load balancing, throttling and caching are the some of the services
offered by the API Gateway to manage the traffic.
4. API versioning: Based on the request you API Gateway will route the traffic to the and to
route traffic to the appropriate version based on the client's request.
Amazon API Gateway Architecture
 The below diagram shows how the APIs built-in Amazon API Gateway provides customers with
an integrated and consistent developer experience for building AWS serverless applications.
 It acts as a gateway for applications to access data from your backend services such as code
running on Amazon Elastic Compute Cloud (Amazon EC2), AWS Lambda, any web
applications, etc.
Working With Amazon API Gateway
You can access Amazon API Gateway through the following tools:
 AWS Management Console
 AWS SDKs, including API Gateway V1 and V2 APIs
 AWS Command Line Interface (CLI)
 AWS Tools for Windows PowerShell

Creation of HTTP API Gateway

 Step 1: Choose API Type
 Step 2: Select Integration
 Step 3: Define Routes and Methods
 Step 4: Deploy the API
 Step 5: Review and Create

Security Best Practices

 Least Privilege
 Enable Throttling:
 Use HTTPS
 Validate Input

AWS Management Console

 The AWS Management Console is a centralized platform designed for accessing and managing
AWS cloud services.
 It offers a graphical user interface (GUI) that simplifies the management of various AWS
resources, such as compute power (EC2), storage (S3), databases (RDS), and more.
Accessing AWS Management Console
AWS provides several methods to access the AWS Management Console:

Method 1: Sign in as the AWS account root user

This is the main account used when you first set up AWS.

Method 2: Sign in with an IAM user

An IAM (Identity and Access Management) user has specific permissions assigned by the account owner.

Method 3: Sign in as an IAM role

An IAM role is used based on your organization's settings to grant temporary access to specific services
or resources.

AWS Management Console: Overview and Navigation

 Whether you are a beginner or have experience, the AWS Management Console provides an
easy-to-use interface that helps you navigate AWS services and efficiently manage your cloud
infrastructure.

1. Console Home

 Once logged in, the first screen you will see is the Console Home.
  This page contains various components that allow you to manage your AWS services and
resources.
 The layout of Console Home provides easy access to key areas for managing your cloud
infrastructure.

2. Account Information

On top right corner there is option with username. Clicking on username gives various option related to
AWS user account. User settings can be managed from these various options.
 Account : Account option provides information about user account.
 Organization: This option shows collection of multiple AWS accounts.
 Service Quotas : This option shows maximum limits of services and resources in AWS
account.
 Billing and Cost management: Billing dashboard gives overview of billing for AWS
account.
 Security Credentials: This menu shows IAM menu where various security related stuff can
be managed.
3. AWS Regions

 Next to the username, you’ll see the AWS Region indicator. Clicking it shows the current
region and provides a list of all available AWS regions.

 You can select the region that best suits your needs for deploying resources.

4. AWS Settings

 The small gear icon represents AWS Settings, where you can manage general settings for the
AWS console:

 Default Language: Select your preferred language.

 Visual Appearance: Switch between different modes (e.g., dark mode or light mode).
 More User Settings: Navigate to a full settings dashboard to manage all other console
settings.

5. AWS Support

The support option shows all the support related menus.

This option can be used in case of failure or issues with AWS service .
 Support Center : This menu will take you to support dashboard where you can find support
related services.

 Expert Help : This will connect you to the any AWS expert available.

 Post : this option provides access to AWS documentation and resources.

 Various documentation and other related links are also present in support.
[Link] Notifications

The bell icon provides AWS Notifications, displaying alerts related to your AWS services,
including any health events that may affect your resources.

7. AWS Cloud Shell

 AWS Cloud Shell is a browser-based shell that comes pre-authenticated with your console
credentials.

 You can use it to run AWS CLI commands or scripts directly from your browser.

8. AWS Search

The Search option allows you to search across AWS for specific services, features, blogs,
documentation, tutorials, and other resources. It helps you quickly locate relevant information:
 Services: List of AWS services
 Features: List of features of AWS services
 Blogs: Posts from the AWS blog
 Documentation: AWS Documentation
 Knowledge Articles: AWS Premium Support Knowledge Center
 Tutorials: Guides from the AWS Getting Started Resource Center
 Events: AWS hosted events that are upcoming, or available on-demand
 Marketplace: AWS Marketplace offerings that you can deploy in your AWS account

9. AWS Service Selector

The Service Selector is located next to the search bar.

It lists various AWS services and groups them for easy navigation. It also displays recently visited
services, making it easier to return to services you've used before.

10. AWS Dashboard Widgets

 This contains number of widgets for various purposes. It helps user for easy navigation and
overview of their services and resources in AWS.
 The widgets can be added or removed as per user preference. Add widget button can be used to
add new widget.
 AWS Health: information on events that might affect your AWS infrastructure and account.
 Cost and usage: an overview of service costs, with a breakdown by AWS service
 Favourites: a list of your favourite AWS services
 Recently visited: a list of top recently visited services.
 Trusted Advisor: recommendations to follow AWS best practices
Setting up AWS Storage

 Amazon Simple Storage Service (S3) is an object storage service that offers industry-leading
scalability, data availability, security, and performance.
 It is the backbone of the AWS ecosystem, used by everyone from tiny startups to massive
enterprises like Netflix and Airbnb to store petabytes of data. Core Architecture: Buckets and
Objects

1. Bucket: A container for objects.

 Global Namespace: Bucket names must be unique across all AWS accounts worldwide
(like a DNS name).
 Region Specific: You create a bucket in a specific region (e.g., us-east-1), and your data
never leaves that region unless you explicitly move it.

2. Object: The fundamental entity stored in S3.

 Key: The name of the object (e.g., photos/[Link]).
 Value: The data itself (bytes).
 Metadata: Name-value pairs describing the object (e.g., Content-Type: image/jpeg).
 Size: Objects can be from 0 bytes up to 5 Terabytes.

S3 Storage Classes
 S3 offers a range of storage classes designed for different access patterns and costs.

Availability
Storage Class Access Frequency Zones Use Case

General-purpose storage, static

S3 Standard Frequent >= 3
websites, cloud apps.

Data with unpredictable access

S3 Intelligent-
Unknown/Changing >= 3 patterns. Automatically moves data
Tiering
between tiers to save costs.

S3 Standard- Long-lived data accessed less than

Infrequent >= 3
IA once a month (e.g., backups, DR).

Non-critical, reproducible data

S3 One Zone-
Infrequent 1 (e.g., secondary backups). Cheaper
IA
but less durable.

S3 Glacier Archives that need millisecond

Rare (Quarterly) >= 3
Instant access (e.g., medical records).

S3 Glacier Rare (Yearly) >= 3 Archives where retrieval time of

 Availability
Storage Class Access Frequency Zones Use Case

Flexible minutes/hours is acceptable.

S3 Glacier Long-term retention (7-10 years)

Very Rare >= 3
Deep Archive for compliance. Lowest cost.

Amazon S3 Usage
Amazon S3 is used for various purposes in the Cloud because of its robust features with scaling and
Securing of data.
It helps people with all kinds of use cases from fields such as Mobile/Web applications, Big
data, Machine Learning and many more. The following are a few Wide Usage of Amazon S3 service.

 Data Storage: Amazon s3 acts as the best option for scaling both small and large storage
applications.
 Backup and Recovery: Many Organizations are using Amazon S3 to backup their critical
data and maintain the data durability and availability for recovery needs.
 Hosting Static Websites: Amazon S3 facilitates in storing HTML, CSS and other web
content from Users/developers allowing them for hosting Static Websites.
 Data Archiving: Amazon S3 Glacier service integration helps as a cost-effective solution
for long-term data storing which are less frequently accessed applications.
 Big Data Analytics: Amazon S3 is often considered as data lake because of its capacity to
store large amounts of both structured and unstructured data.

Use an Amazon S3 Bucket

 You can use the Amazon S3 buckets by following the simple steps which are mentioned below.
 To know more how to configure about Amazon S3 refer to the Amazon S3 – Creating a S3
Bucket.

Step 1: Login into the Amazon account with your credentials and search form S3 and click on the S3.
Now click on the option which is "Create bucket" and configure all the options which are shown
while configuring.
Step 2: After configuring the AWS bucket now upload the objects into the buckets based upon your
requirement. By using the AWS console or by using AWS CLI following is the command to upload
the object into the AWS S3 bucket.
aws s3 cp <local-file-path> s3://<bucket-name>/
Step 3: You can control the permissions of the objects which was uploaded into the S3 buckets and
also who can access the bucket. You can make the bucket public or private by default the S3 buckets
will be in private mode.
Step 4: You can manage the S3 bucket lifecycle management by transitioning. Based upon the rules
that you defined S3 bucket will be transitioning into different storage classes based on the age of the
object which is uploaded into the S3 bucket.
Step 5: You need to turn to enable the services to monitor and analyze S3. You need to enable the S3
access logging to record who was requesting the objects which are in the S3 buckets.
Upload and Manage Files on Amazon S3
 Create an Amazon S3 bucket to upload and manage files.
  Upload files using AWS SDKs, AWS CLI, or the Amazon S3 Management Console.
 Organize files into folders and apply access controls to secure data access.
 Use features like Versioning and Lifecycle policies to manage data efficiently and optimize
storage costs.

Access Amazon S3 Bucket

You can work and access the Amazon S3 bucket by using any one of the following methods
1. AWS Management Console
2. AWS CLI Commands
3. Programming Scripts ( Using boto3 library of Python )

1. AWS Management Console

 You can access the AWS S3 bucket using the AWS management console which is a web-based
user interface.
 Firstly you need to create an AWS account and login to the Web console and from there you can
choose the S3 bucket option from Amazon S3 service. ( AWS Console >> Amazon S3 >> S3
Buckets )

2. AWS CLI Commands

 In this methods firstly you have to install the aws cli software in the terminal and try on
configuring the aws account with access key, secret key and the default region.
 Then on taking the aws --help, you can figure out the s3 service usage.

3. Programming scripts

 You can configure the Amazon S3 bucket by using a scripting programing languages like Python
and with using libraries such as boto3 library you can perform the AWS S3 tasks.
 To know more about refer this article - How to access Amazon S3 using python script.

AWS S3 Bucket Permissions

You can manage the permission of S3 buckets by using several methods following are a few of them.
1. Bucket Policies: Bucket policies can be attached directly to the S3 bucket and they are in
JSON format which can perform the bucket level operations. With the help of bucket
policies, you can grant permissions to the users who can access the objects present in the
bucket. If you grant permissions to any user he can download, and upload the objects to the
bucket. You can create the bucket policy by using Python.

2. Access Control Lists (ACLs): ACLs are legacy access control mechanisms for S3 buckets
instead of ACLs we are using the bucket policies to control the permissions of the S3 bucket.
By using ACL you can grant the read, and access to the S3 bucket or you can make the
objects public based on the requirements.
 3. IAM Policies: IAM policies are mostly used to manage the permissions to the users and
groups and resources available in the AWS by using the IAM roles options. You can attach
an IAM policy to an IAM entity (user, group, or role) granting them access to specific S3
buckets and operations.
Use Cases
1. Static Website Hosting: Host HTML, CSS, and JS files directly from S3 without a web
server.
2. Data Lakes: Store structured and unstructured data at scale to run analytics using Athena,
Redshift, or EMR.
3. Backup & Archive: Replace tape drives with Glacier Deep Archive for secure, compliant
long-term storage.
4. Application Hosting: Store user uploads (images, videos) for mobile and web apps.

Stretching out with Elastic Compute Cloud

Elastic Compute Cloud (EC2)

1. EC2 stands for Elastic Compute Cloud is a service from Amazon Web Services (AWS). EC2 is
an on-demand computing service on the AWS cloud platform called instances.
2. It lets you rent virtual computers to run your applications. You pay only for what you use.
3. The name itself explains its core value:

 Elastic: You can easily increase or decrease the number of instances or their size as your
needs change.
 Compute: It provides the processing power, memory, and storage for your workloads.
 Cloud: It runs on AWS's massive, global data center infrastructure.

The Core Components of an EC2 Instance

Before launching an instance, you need to understand its five fundamental building blocks.

1. Amazon Machine Image (AMI)

 Provides thousands of AMIs from AWS, the community, and AWS Marketplace
 Allows users to create custom AMIs for reuse and consistency
 Acts as a software blueprint containing the operating system, patches, and required software
2. Instance Types
Instance types are the hardware profiles of your virtual server. AWS offers a vast array of instance types
optimized for different tasks, grouped into families:
 t family (e.g., [Link], [Link]): General Purpose, burstable instances. Perfect for web
servers, development environments, and small databases.
 m family (e.g., [Link]): General Purpose, balanced instances with a good mix of CPU,
memory, and networking.
 c family (e.g., [Link]): Compute Optimized, with a high ratio of CPU power to memory.
Ideal for CPU-intensive tasks like batch processing, media transcoding, and scientific
modeling.
 r family (e.g., [Link]): Memory Optimized, with a high ratio of memory to CPU. Used for
memory-intensive applications like large databases or in-memory caches.
. Elastic Block Store (EBS) Volumes
 Provides durable, block-level storage attached to EC2 instances
 Acts as a virtual hard drive for storing data
 Persists data independently and can be detached and reattached to different instances
4. Security Groups
 A Security Group acts as a virtual firewall for your EC2 instance, controlling all inbound and
outbound traffic.

5. Key Pairs
 A Key Pair, consisting of a public key and a private key, is the set of security credentials used to
prove your identity when connecting to a Linux EC2 instance.
 AWS stores the public key, and you are responsible for securely storing the private key file
(.pem). You will use this private key to SSH into your instance.

Amazon EC2 (Elastic Compute Cloud) Linux Instances

Step 1: First login into your AWS account. Once you are directed to the management console. From the
left click on "Services" and from the listed options click on EC2.

Step 2: Afterward, you will be redirected to the EC2 console. Here is the image attached to refer to
various features in EC2. Working of AWS EC2

Instead of buying and managing your own servers, EC2 gives you a virtual machine, where you can run
websites, apps, or even big data tasks.
 Choose the memory, storage, and CPU you need, and stop the instance when done.
 EC2 offers secure, reliable, high-performance, and cost-effective infrastructure.
 Deploy applications without managing physical hardware.
 Secure your instance using VPC, Subnets, and Security Groups.
 Attach Auto Scaling to scale EC2 based on demand.
 Automatically scale up or down based on traffic.

Features of AWS EC2 (Elastic Compute Cloud)

The following are the features of AWS EC2:

1. AWS EC2 Functionality

 Provides a virtual computing platform to run operations, launch instances, and fully
customize the environment
 Enhances security and allows configuration changes at any time
 Offers default AMIs and supports custom AMIs to reuse preferred configurations without
reconfiguration
2. AWS EC2 Operating Systems
 Provides a wide selection of operating systems when choosing an AMI
 Allows users to upload and use their own operating systems
 Offers commonly preferred operating systems directly in the EC2 console

 Amazon Linux
 Windows Server
 Ubuntu Server
 SUSE Linux
 Red Hat Linux
3. AWS EC2 Software
 Leads the cloud computing market with diverse EC2 options
 Allows users to choose from a wide range of software for EC2 instances
 Provides access to software like SAP, LAMP, and Drupal through AWS Marketplace

4. AWS EC2 Scalability and Reliability

 Handles dynamic traffic scenarios efficiently
 Provides reliable performance through flexible volumes and snapshots
 Allows scaling up or down based on changing workload requirements

Elastic Container Service for Kubernetes

 Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a fully managed service that
makes it easy for you to use Kubernetes on AWS without having to be an expert in managing
Kubernetes clusters.

 There are few things that we think developers will really like about this service. First, Amazon
EKS runs the upstream version of the open-source Kubernetes software, so you can use all the
existing plugins and tooling from the Kubernetes community.

 Applications running on Amazon EKS are fully compatible with applications running on any
standard Kubernetes environment, whether running in on-premises datacenters or public clouds.

 This means that you can easily migrate your Kubernetes application to Amazon EKS with zero
code changes.

 Second, Amazon EKS automatically runs K8s with three masters across three AZs to protect
against a single point of failure.
  This multi-AZ architecture delivers resiliency against the loss of an AWS Availability Zone.

How it Works


Now, let’s see how some of this works. Amazon EKS integrates IAM authentication with
Kubernetes RBAC (the native role based access control system for Kubernetes) through a
collaboration with Heptio.

 You can assign RBAC roles directly to each IAM entity allowing you to granularly control access
permissions to your Kubernetes masters.
 This allows you to easily manage your Kubernetes clusters using standard Kubernetes tools, such
as kubectl.
 You can also use Private Link if you want to access your Kubernetes masters directly from your
own Amazon VPC.
 With Private Link, your Kubernetes masters and the Amazon EKS service endpoint appear as an
elastic network interface with private IP addresses in your Amazon VPC.

 This allows you to access the Kubernetes masters and the Amazon EKS service directly from
within your own Amazon VPC, without using public IP addresses or requiring the traffic to
traverse the internet.
  Finally, we also built an open source CNI plugin that anyone can use with their Kubernetes
clusters on AWS. This allows you to natively use Amazon VPC networking with your
Kubernetes pods.

 With Amazon EKS, launching a Kubernetes cluster is as easy as a few clicks in the AWS
Management Console. Amazon EKS handles the rest, the upgrades, patching, and high
availability.

Key Features of Amazon EKS

 Fully Managed: AWS handles control plane upgrades, patching, and unhealthy node
replacement.
 Upstream Compatibility: EKS runs certified Kubernetes conformant applications, allowing easy
migration from on-premises or other clouds.
 Security & Networking: Integrates with IAM for RBAC, VPC for network isolation, and AWS
PrivateLink.
 Deployment Options: Supports AWS Fargate for serverless computing, or Amazon EC2 nodes
for more control.
 EKS Auto Mode: Automates the management of nodes and underlying infrastructure for a fully
managed experience.

AWS Developer Tools: AWS Code Commit

 AWS Code Commit is a source control service that is provided by Amazon Web Service which
is fully managed. It is a version code service.
 It helps to manage and store assets such as codes or documents or any other type of file such as
binary file etc.
 It allows the team to work collaboratively in a secure and highly scalable environment. It
eliminates the need for third-party version control and also eliminates the need for your own
source control system
Git Vs AWS Code Commit
Differences:
 AWS Code Commit is more secure than the git as AWS uses IAM roles for securing
techniques which allows users to share their repositories to the limited person and in highly
secure environment.
 Git interface comes out to be more interactive than the AWS Code Commit.
  Git is basically connected to the git hub whereas AWS Code Commit is managed and hosted
by the AWS which is more reliable platform.

 Both can integrate with AWS cloud build that can import your git hub and other Google
cloud storage to your specifications and produce containers.
 Both uses git repositories.
 Both supports code review.
Benefits of using AWS Code Commit

1. Highly Scalable: It scales up or scales down according to your data and can handle large
repositories and the number of branches with ease.
2. Fully Manageable: As a developer you need to focus more on the development rather than
the management or maintaining the hardware or the software. This service provide you to
focus more on production and it manages all the underlying needs and make it highly
available and durable.
3. Work collaboratively: It allows multiple users to work upon the single source code at
different section at a same time with ease. The changes and the updates are later merged and
pushed in the repository.
4. Security: It provides a secure environment to store your source code, documents, binary files
and many more. It uses the encryption technique to secure your stored data. AWS uses IAM
roles to secure your data which allows you to share your data to specific people.
5. Migration- Its most advantageous feature that allow user to migrate its git repository to the
Code Commit easily.

Steps for creating a repository in Code Commit :

 Step 1: Login to your AWS account and navigate to the Amazon Management console. In the
search bar search for the AWS Code Commit .
 A Code Commit service window will appear.
 Step 2: Click on create repository to create the repository in aws Code Commit. Type a name
and add a description of it and then click on create.
 Step 3: A success message will appear on the screen showing successful creation of repository.
 Step 4: There are two ways to connect your repository HTTP and SSH. In this we are using
HTTP. Click on create file to add your file.
 Step 5: In this we are typing a text file. you can store your source code or any other binary files.
 Step 6: Add Filename, Author name, Email ID, Commit message and click on Commit Changes.
 Step 7: This is how you can create your repository easily within few clicks.

Integrating AWS Code Commit with other tools and services:

 AWS Code Commit can be integrated with a variety of tools and services to facilitate a seamless
workflow for developers.
 For example, AWS Code Commit can be integrated with AWS Code Pipeline to automate the
build, test, and deploy process for code changes.
 This can help to reduce the time and effort required to release new features and updates to your
applications.
  AWS Code Commit can also be integrated with other version control systems such as Git.
 This can be useful if you have an existing codebase that you want to migrate to AWS Code
Commit, or if you want to continue using your existing Git tools while taking advantage of the
security and scalability of AWS Code Commit.

AWS Code Build

 AWS Code Build is a fully managed build service in the cloud.
 Code Build compiles your source code, runs unit tests, and produces artifacts that are ready to
deploy. Code Build eliminates the need to provision, manage, and scale your own build servers. It
provides prepackaged build environments for popular programming languages and build tools
such as Apache Maven, Gradle, and more

Code Build provides these benefits:

 Fully managed – Code Build eliminates the need to set up, patch, update, and manage your own
build servers.
 On demand – Code Build scales on demand to meet your build needs. You pay only for the
number of build minutes you consume.
 Out of the box – Code Build provides preconfigured build environments for the most popular
programming languages. All you need to do is point to your build script to start your first build.

How to run Code Build

 You can use the AWS Code Build or AWS Code Pipeline console to run Code Build.
 You can also automate the running of Code Build by using the AWS Command Line Interface
(AWS CLI) or the AWS SDKs.

 As the following diagram shows, you can add Code Build as a build or test action to the build or
test stage of a pipeline in AWS Code Pipeline.
 AWS Code Pipeline is a continuous delivery service that you can use to model, visualize, and
automate the steps required to release your code. This includes building your code. A pipeline is a
workflow construct that describes how code changes go through a release process.

How do I get started with Code Build?

We recommend that you complete the following steps:

1. Learn more about Code Build by reading the information in Concepts.

2. Experiment with Code Build in an example scenario by following the instructions in Getting
started using the console.
3. Use Code Build in your own scenarios by following the instructions in Plan a build.

AWS Code Deploy

What is AWS Code Deploy?
AWS Code Deploy automates software deployments to EC2 instances, AWS Fargate, Lambda functions,
and on-premises servers. It minimizes downtime, prevents deployment errors, and supports rolling
updates.

Deployment Strategies in AWS Code Deploy

AWS Code Deploy supports multiple deployment strategies:

 In-Place Deployment (Rolling Updates) – Updates instances one by one.

 Blue/Green Deployment – Deploys to a new environment before switching traffic, reducing
downtime.
 Canary Deployment – Gradually shifts traffic to the new version to monitor performance.
Steps to Deploy an Application with AWS Code Deploy
1. Create an Application – Choose EC2, Lambda, or on-premises as the deployment environment.
2. Define a Deployment Group – Select target instances and deployment configurations.
3. Prepare an AppSpec File ([Link]) – Define lifecycle hooks for installation, validation, and
rollback.
1. Start Deployment – CodeDeploy will roll out the changes based on the selected strategy.
2. Monitor Deployment – Track progress and logs via the AWS Console or CloudWatch.
Benefits of Using AWS CI/CD Services
 Automation – Eliminates manual deployment steps and reduces human errors.
 Scalability – Dynamically scales to handle large codebases and multiple environments.
 Integration – Works with AWS services and third-party tools like Jenkins and GitHub.
 Security – Enforces IAM-based access control and encrypts build artefacts.
 Cost-Effectiveness – Only pays for the resources used during builds and deployments.
Best Practices for Implementing CI/CD on AWS
To maximize efficiency and security, follow these best practices:

 Use Infrastructure as Code (IaC) – Define pipelines using AWS CloudFormation or Terraform.
 Automate Testing – Implement unit, integration, and end-to-end tests to catch issues early.
 Implement Canary Deployments – Reduce risk by gradually shifting traffic to new versions.
 Enable Logging and Monitoring – Use CloudWatch, AWS X-Ray, and AWS Config for
visibility.
 Secure Code Repositories – Use IAM policies, AWS Secrets Manager, and encryption.
AWS Code Pipeline
 AWS Code Pipeline is a fully managed continuous delivery service that automates the build, test,
and deployment phases.
 It integrates with various AWS services and third-party tools like GitHub, Bitbucket, Jenkins, and
AWS Code Commit.

How does AWS Code Pipeline work?

A Code Pipeline workflow consists of stages, each representing a step in the release process. A typical
pipeline includes:

1. Source Stage – Fetches the latest code from repositories like GitHub, Code Commit, or S3.
2. Build Stage – Uses AWS Code Build to compile, test, and package the application.
3. Test Stage – Run automated tests to validate functionality.
4. Deploy Stage – Uses AWS Code Deploy to release the application to various environments.
Setting Up a Simple AWS Code Pipeline
1. Navigate to the AWS Code Pipeline console and click Create Pipeline.
2. Select a Source Provider (AWS Code Commit, GitHub, S3).
3. Configure AWS Code Build as the build provider.
4. Choose AWS Code Deploy or another deployment method.
5. Define the deployment environment (e.g., EC2, Lambda, or ECS).
6. Review and create the pipeline.
Once set up, Code Pipeline automatically triggers the build and deployment process when new code is
pushed.

AWS code Star

 AWS Code Star was a cloud-based service designed to help developers quickly develop, build,
and deploy applications on AWS.
 It provided a unified user interface to manage software development activities and automated the
setup of a continuous delivery toolchain using other AWS services.
Status and Transition
 Deprecation: AWS ended support for Code Star projects on July 31, 2024.
 Availability: New projects can no longer be created via the old Code Star flow.
 Legacy Resources: While the console is being discontinued, the underlying resources created by
Code Star (such as Code Pipeline, Code Build, and Code Commit) continue to function.
 Recommended Alternative: AWS suggests transitioning to Amazon Code Catalyst for a similar
integrated development experience.
Key Components and Related Services
 Despite the main project service's deprecation, several related components remain active or have
been rebranded:
 AWS Code Connections (formerly Code Star Connections): Rebranded in March 2024, this
service allows AWS to connect to third-party source providers like GitHub, GitLab, and
Bitbucket.
  AWS Code Star Notifications: A standalone feature used to create notification rules for events in
your repository, build, and deployment projects.
 Core Toolchain: Code Star acted as an orchestrator for several core services that are still standard
in AWS DevOps:
o AWS Code Commit: Source control service.
o AWS Code Build: Managed build service.
o AWS Code Deploy: Automated deployment service.
o AWS Code Pipeline: Continuous delivery orchestrationSummary of Features (Legacy)
 Project Templates: Provided blueprints for various programming languages (Java, JavaScript,
Python, etc.) and compute platforms (EC2, Lambda, Elastic Beanstalk).
 Unified Dashboard: Offered a single view for tracking application activity, code commits, and
deployment status.
 Collaboration: Used AWS IAM to manage project team roles such as Owners, Contributors, and
Viewers.

AWS Management Tools: Cloud Watch, AWS Auto Scaling, AWS control
Tower, Cloud Formation, Cloud Trail, AWS License Manager

Cloud Watch
 Amazon CloudWatch is a monitoring and management service built for developers, system
operators, site reliability engineers (SRE), and IT managers.
 CloudWatch provides you with data and actionable insights to monitor your applications,
understand and respond to system-wide performance changes, optimize resource utilization, and
get a unified view of operational health.
 CloudWatch collects monitoring and operational data in the form of logs, metrics, and events,
providing you with a unified view of AWS resources, applications and services that run on AWS,
and on-premises servers.
 You can use CloudWatch to set high resolution alarms, visualize logs and metrics side by side,
take automated actions, troubleshoot issues, and discover insights to optimize your applications,
and ensure they are running smoothly.

AWS Auto Scaling

 AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain
steady, predictable performance at the lowest possible cost.
 Using AWS Auto Scaling, it’s easy to setup application scaling for multiple resources across
multiple services in minutes.
 The service provides a simple, powerful user interface that lets you build scaling plans for
resources including Amazon EC2 instances and Spot Fleets, Amazon ECS tasks, Amazon
DynamoDB tables and indexes, and Amazon Aurora Replicas.
 AWS Auto Scaling makes scaling simple with recommendations that allow you to optimize
performance, costs, or balance between them.
 If you’re already using Amazon EC2 Auto Scaling to dynamically scale your Amazon EC2
instances, you can now combine it with AWS Auto Scaling to scale additional resources for other
AWS services. With AWS Auto Scaling, your applications always have the right resources at the
right time.
AWS Control Tower
 Automates the set-up of a baseline environment, or landing zone, that is a secure, well-architected
multi-account AWS environment.
 The configuration of the landing zone is based on best practices that have been established by
working with thousands of enterprise customers to create a secure environment that makes it
easier to govern AWS workloads with rules for security, operations, and compliance.

 As enterprises migrate to AWS, they typically have a large number of applications and distributed
teams. They often want to create multiple accounts to allow their teams to work independently,
while still maintaining a consistent level of security and compliance.
 In addition, they use AWS management and security services, such as AWS Organizations,
Service Catalog and AWS Config, that provide very granular controls over their workloads.
 They want to maintain this control, but they also want a way to centrally govern and enforce the
best use of AWS services across all the accounts in their environment.
 AWS Control Tower automates the set-up of their landing zone and configures AWS
management and security services based on established best practices in a secure, compliant,
multi-account environment. Distributed teams are able to provision new AWS accounts quickly,
while central teams have the peace of mind knowing that new accounts are aligned with centrally
established, company-wide compliance policies.
 This gives you control over your environment, without sacrificing the speed and agility AWS
provides your development teams.

Cloud Formation

 AWS CloudFormation gives developers and systems administrators an easy way to create and
manage a collection of related AWS resources, provisioning and updating them in an orderly and
predictable fashion.
 You can use the AWS CloudFormation sample templates or create your own templates to
describe your AWS resources, and any associated dependencies or runtime parameters, required
to run your application. You don’t need to figure out the order for provisioning AWS services or
the subtleties of making those dependencies work. CloudFormation takes care of this for you.
 After the AWS resources are deployed, you can modify and update them in a controlled and
predictable way, in effect applying version control to your AWS infrastructure the same way you
do with your software.
 You can also visualize your templates as diagrams and edit them using a drag-and-drop interface
with AWS Infrastructure Composer.

Cloud Trail

 AWS CloudTrail is a web service that records AWS API calls for your account and delivers log
files to you.
 The recorded information includes the identity of the API caller, the time of the API call, the
source IP address of the API caller, the request parameters, and the response elements returned by
the AWS service.
  With CloudTrail, you can get a history of AWS API calls for your account, including API calls
made using the AWS Management Console, AWS SDKs, command line tools, and higher-level
AWS services (such as CloudFormation).
 The AWS API call history produced by CloudTrail enables security analysis, resource change
tracking, and compliance auditing.

AWS License Manager

 AWS License Manager makes it easier to manage licenses in AWS and on-premises servers from
software vendors such as Microsoft, SAP, Oracle, and IBM.
 AWS License Manager lets administrators create customized licensing rules that emulate the
terms of their licensing agreements, and then enforces these rules when an instance of Amazon
EC2 gets launched. Administrators can use these rules to limit licensing violations, such as using
more licenses than an agreement stipulates or reassigning licenses to different servers on a short-
term basis.
 The rules in AWS License Manager enable you to limit a licensing breach by physically stopping
the instance from launching or by notifying administrators about the infringement.
 Administrators gain control and visibility of all their licenses with the AWS License Manager
dashboard and reduce the risk of non-compliance, misreporting, and additional costs due to
licensing overages.
 AWS License Manager integrates with AWS services to simplify the management of licenses
across multiple AWS accounts, IT catalogs, and on-premises, through a single AWS account.
 License administrators can add rules in Service Catalog, which allows them to create and manage
catalogs of IT services that are approved for use on all their AWS accounts.
 Through seamless integration with AWS Systems Manager and AWS Organizations,
administrators can manage licenses across all the AWS accounts in an organization and on-
premises environments.
 AWS Marketplace buyers can also use AWS License Manager to track bring your own license
(BYOL) software obtained from the Marketplace and keep a consolidated view of all their
licenses.