ByteCraft

AWS part-2

Networking, Storage and Database Inside AWS

Amardeep yadav's photo
Amardeep yadav
·

9 min read

Virtual Private Cloud (VPC):

A virtual private cloud is essentially a service provided by AWS, from which you can decide the that which traffic can go and come out in your web application or mobile application. It is a type of VPN that you would most probably associate with your EC2 Instances.

Suppose you are have a E-commerce website that has the Frontend, Backend and a Database associated, then you would want the customers to only interact with the frontend and not with backend or the database. So you would create A VPC Network for you environment such that only the Frontend is public and backend and the database are in private mode.

Internet Gateway is a doorway that attaches to your VPC and enables it to receive the internet traffic over to your resources inside it.

The VPC includes elements like Network ACLs. Network ACLs consist of Subnets, and Subnets consist of Security Groups.

Network access Control List (ACL's) is the virtual firewall that allows/denies the inbound and outbound traffic at the level of subnets. By default, your account’s default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules. For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic to allow. Additionally, all network ACLs have an explicit deny rule. This rule ensures that if a packet doesn’t match any of the other rules on the list, the packet is denied. These are the Stateless, which means they don't remember who goes in or out, but whenever they comes inside next time, they must filters out from the Firewall Policies.

Subnets are basically the sets of defined and identified IP addresses that are allowed to get inside the resources and get the requested content or deliver the message. There are two kinds of Subnets: Private and Public as the name suggest one can be accessed by public and other Cannot. But inside the resources can communicate with each other such as frontend talking to private database as to access and deliver the information to requested customer. Not directly giving customer access to the database.

Security Groups are the traffic filters such a virtual firewall which allow/deny the inbound (incoming) and outbound (outgoing) requests or data at the level of Amazon EC2 instance. You can yourself add the rules to which IP address can query data and get the access and which port is open to them. By default all the inbound traffic is denied by AWS rules, which you can change after creating the VPC Network inside the security groups. These are stateful sets of checking methods which means that they remember which traffic is gone out and gone in so that next time when they enters, there is no checking for them.

DNS (Domain Name System):

Domain name system is a kind of phonebook that resolves the website link into the IP address of the web server. When you enter the domain name into your browser, this request is sent to a customer DNS resolver. The customer DNS resolver asks the company DNS server for the IP address that corresponds to XYZ.com's website. The company DNS server responds by providing the IP address for XYZ.com's website, 192.0.2.0. So ultimately, you are requesting the IP Address not the Domain Name.

Amazon Route53: It is a DNS web service provided by the AWS, to route your web traffic to the Amazon EC2 instance directly. Route 53 also provides the domain name registration that you can purchase for your website. AWS uses the combination of Route53 and Amazon CloudFront to deliver the content with lowest latency possible from the following sequential flow of data:

  1. A customer requests data from the application by going to XYZ.com's website.

  2. Amazon Route 53 uses DNS resolution to identify XYZ.com's corresponding IP address, 192.0.2.0. This information is sent back to the customer.

  3. The customer’s request is sent to the nearest edge location through Amazon CloudFront.

  4. Amazon CloudFront connects to the Application Load Balancer, which sends the incoming packet to an Amazon EC2 instance.

AWS Storage Options:

AWS has quiet a few options in terms of Storing the data for different purposes and there different types with many pricing options. Some of them are Instance Store, Amazon Elastic Block Storage (EBS), Amazon Elastic File System (EFS), Amazon Simple Storage Service (S3).

Instance Stores:

An instance store is a temporary block-level storage that is provided to the Amazon EC2 instance. Its called temporary storage because, If you have started an EC2 instance with instance store attached to it physically and as soon as you stop it. It will lose all of its data that has been written, After starting. As this is only a virtual machine when you start it again it might run on another physical hardware, with same configuration. It's good if you want to test into some environment, or doesn't care if the data has gone after stopping the VM.

Amazon Elastic Block Store:

It is a service that provides block-level storage volumes that you can use with Amazon EC2 instances. If you stop or terminate an Amazon EC2 instance, all the data on the attached EBS volume remains available. It is similar to that of you used inside you Laptop or PC storage.

To create an EBS volume, you define the configuration (such as volume size and type) and provision it. After you create an EBS volume, it can attach to an Amazon EC2 instance.

Because the EBS are used to persist the data, It needs to be backed-up you can take incremental backup of the EBS volume by creating Amazon EBS snapshots. This means that the first backup taken of a volume copies all the data. For subsequent backups, only the blocks of data that have changed since the most recent snapshot are saved.

Amazon Simple Storage Service (S3):

Amazon S3 is a type of Storage which supports object type of storage which is stored in Buckets you can think of bucket as file Directories, Each Object contains of Data (Main file), Metadata (Type of data), Key (Identification of data). You can store any kind of data such as images, videos, documents, zip archive, etc., . You may use it for Media backup, or data storage for content delivering website. You can control the accessibility of each object or group of them, who can have access for them.

You can also host a Static website, which contains HTML and CSS pages for the rendering of website, you just configure them to be accessed through the link to the internet.

With Amazon S3, you pay only for what you use. You can choose from a range of storage classes(opens in a new tab) to select a fit for your business and cost needs. The factors you need to consider are:

  1. Data retrieve time, who often you retrieve your data.

  2. How available you need your data to be.

Many Storage options that are available are:

  • S3 Standard : This class of storage is designed to be highly available and stored in at-least 3 availability zones, in your region. This makes it a good choice for a wide range of use cases, such as websites, content distribution, and data analytics. Amazon S3 Standard has a higher cost than other storage and other storage classes intended for infrequently accessed data and archival storage.

  • S3 Standard Infrequent-Access : This class of storage is similar to Standard, but different in terms of availability, These are not highly available. Other things are just same these are also backup in 3 availability zones in your preferred region it has a lower storage price and a higher retrieval price.

  • S3 One-zone Infrequent-Access: This class of storage has its data stored in one zone of the region only, and best for infrequent access of the data. It has a lower storage price and lower retrieval price.

  • S3 Intelligent-Tiering : This is better for the for data with unknown or changing access patterns. S3 intelligent-tiering service automatically monitors the frequency of the objects, for a month and adapt according to that. It requires a small monthly monitoring and automation fee per object.

  • S3 Glacier Instant retrieval : This class of storage is intended to retrieve the data in milliseconds or seconds, When you decide between the options for archival storage, consider how quickly you must retrieve the archived objects. You can retrieve objects stored in the S3 Glacier Instant Retrieval storage class within milliseconds, with the same performance as S3 Standard.

  • S3 Glacier Flexible retrieval :This class of storage is intended to retrieve the data in few minutes to few hours. Low-cost storage designed for data archiving. For example, you might use this storage class to store archived customer records or older photos and video files.

  • S3 Deep Archive : supports long-term retention and digital preservation for data that might be accessed once or twice in a year. This storage class is the lowest-cost storage in the AWS Cloud, with data retrieval from 12 to 48 hours. All objects from this storage class are replicated and stored across at least three geographically dispersed Availability Zones.

Amazon Elastic File System (EFS):

In file storage, multiple clients (such as users, applications, servers, and so on) can access data that is stored in shared file folders. In this approach, a storage server uses block storage with a local file system to organize files. Clients access data through file paths.

Compared to block storage and object storage, file storage is ideal for use cases in which a large number of services and resources need to access the same data at the same time.

Amazon Elastic File System (Amazon EFS) is a scalable file system used with AWS Cloud services and on-premises resources. As you add and remove files, Amazon EFS grows and shrinks automatically. It can scale on demand to petabytes without disrupting applications.

Amazon Relational Database Service (RDS):

In a relational database, data is stored in a way that relates it to other pieces of data. An example of a relational database might be the coffee shop’s inventory management system. Each record in the database would include data for a single item, such as product name, size, price, and so on.

Amazon Relational Database Service (Amazon RDS)is a service that enables you to run relational databases in the AWS Cloud.

Amazon RDS is a managed service that automates tasks such as hardware provisioning, database setup, patching, and backups. With these capabilities, you can spend less time completing administrative tasks and more time using data to innovate your applications. You can integrate Amazon RDS with other services to fulfill your business and operational needs, such as using AWS Lambda to query your database from a serverless application.

Amazon DynamoDB:

In a nonrelational database, you create tables. A table is a place where you can store and query data. Nonrelational databases are sometimes referred to as “NoSQL databases” because they use structures other than rows and columns to organize data. One type of structural approach for nonrelational databases is key-value pairs. With key-value pairs, data is organized into items (keys), and items have attributes (values). You can think of attributes as being different features of your data. Amazon DynamoDB is a key-value database service. It delivers single-digit millisecond performance at any scale.

Amazon Redshift:

Amazon Redshift(opens in a new tab) is a data warehousing service that you can use for big data analytics. It offers the ability to collect data from many sources and helps you to understand relationships and trends across your data.

DynamoDBvpcebsAmazon EFSAWS RDS