Popularly about Amazon Web Services

Introduction

This report will look at the AWS services that our platform uses and with which I am familiar not by hearsay. I am working on a project that uses almost all possible services, and we also aim to cover even more opportunities offered by Amazon in the near future.

AWS is managed both via the web interface (AWS console) and using the Command Line Tools. All AWS services are collected in the console, but the configuration functionality is somewhat trimmed. In the command line, you can configure one or another service more flexibly, as well as closed console functions.

Amazon Elastic Compute Cloud (EC2)

Description

EC2 is a cloud service that provides virtual servers (Amazon EC2 Instance), 2 types of data warehousing, as well as a load balancer (Load Balancer).

Many of you are familiar with VPS - Virtual Private Server. So, EC2 is nothing more than a service that provides VPS in a real cloud, where the server can easily migrate between nodes, and the storage can easily be expanded to almost dimensionless. That is why the name Elastic sounds in the name - Elastic.
')

Functionality

EC2 allows you to run pre-configured servers with pre-installed operating systems: Amazon Linux, Red Hat EL, Suse ES, Windows 2008, Oracle EL, The choice of operating systems looks like this:


It is also possible to create your own images (AMI - Amazon Machine Image) and use any Linux. Our platform uses Debian Squeez as the main system, but, of course, we can run and work on almost any Linux distribution, such as CentOS or Ubuntu. We also support RHEL and Suse ES.

It is possible to configure the protection of access to servers. EC2 instances are combined into security groups (Security Groups) with the ability to restrict access to ports from IP or subnets.
Setting up security groups is as follows:


Load balancing and autoscaling are very important features of EC2. You can create rules for which it will be possible to automatically increase the number of servers, for example, if one or more servers do not cope with the load. Monitoring server health is another AWS service - Amazon Cloud Watch. With this service, you can create all sorts of checks - checks - with which you can monitor the most important indicators of the OS.

Adding an almost infinite number of disks with an almost infinite storage capacity. EBS (Elastic Block Storage) is one type of storage in EC2. Its peculiarity is such that the disks created using this technology are independent of VPS nodes and are located on special Storage servers, unlike Instance storages, which are located directly on virtualization servers.
Using EBS, you can “profitably” add disks of any size to running servers.
Create disc:


Disk Management:


Elastic IP addresses make it possible to quickly change the server address, for example, in order to avoid DNS propagation - the time it takes to update a DNS zone worldwide.

Creating snapshots allows you to create a disk nugget and use it as a source for AMI (Amazon Machine Image), as well as for a simple OS backup.

Server types

EC2 servers can be described in the following table:

* EC2 compute unit - a unit of measure for processor performance, comparable to the performance of 1.0-1.2 GHz Opteron or Xeon processors.

Billing

EC2 is paid by the hour, some sub-services such as EBS have a monthly billing. For each sub-service, there is a separate billing at a knowingly approved price per hour or per month.
Also, EC2 instances have a so-called reservation (Reservation) - 3-4 months of server operation are paid immediately, after which, an hour of server operation costs about 1.5 times cheaper. Reservations are convenient to use if EC2 is used on an ongoing basis - savings on the face.

Amazon Simple Storage (S3)

Theses

• Amazon S3 is a service for storing data in files. It is indicated that dimensionless storage space is provided for files ranging in size from 1 byte to 5 Terabytes.
• Files are stored in separate buckets, in which you can create directories and subdirectories.
• Buckets are stored in different regions (Region). The following regions are available: US Standard, US West (Oregon), US West (Northern California), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), South America (Sao Paulo), and GovCloud (US).
• You can apply various security policies to baktas: make them private, public, and also share rights between users. For example, you can open a website:
  bucketname.s3-website-us-east-1.amazonaws.com and store static content there.
• S3 can log queries and add reports to a separate bakt. This is useful when investigating when many users / applications have access to the service.
• Loading, deleting and other operations are available via REST or SOAP, it is also possible to encrypt the data transmission channel from S3.
• An interesting detail is that you can embed the BitTorrent protocol by replacing http, as the main protocol for downloading files.
• Provides 99.999999999% guarantee of integrity and 99.99% guarantee of the availability of files per year.
• S3 also implies file versioning. You can always restore the file of the previous version, i.e. Roll back to the desired state.
• UPD: Names of bucket names are one for all users, so bucket names must be unique

Interfaces

S3 can be controlled using this console:


There are also official and unofficial command line tools. There are a huge number of libraries for all programming languages ​​to connect applications with S3.

Billing

S3 is paid monthly for the amount of stored data, for requests and for outgoing traffic. There is also a Free Tier - 5GB of space, 20,000 download requests, 2,000 download requests and 15 gigabytes of traffic per month for free.

Amazon Relational Database Service (RDS)

Description

RDS is a database service that is delivered to a separate machine. Simply put, these are separate VPS servers optimized for working with databases.
The following Database Management Systems are available at Amazon RDS:

• MySQL community edition
• Oracle Database Standard Edition One
• Oracle Database Standard Edition
• Oracle Database Enterprise Edition

The choice looks like this:


The disk space of the RDS instance is also ordered by the customer. The minimum size of storage is 5 GB.

It is possible to flexibly configure access to the database server using security groups. It is possible to give access to individual addresses / subnets or the EC2 security groups and all the servers that belong to it. This is useful, for example, when autoscaling, when all instances of the application rise in the same group and have access to the database server.

You can also configure replication between database servers via the console or command line utilities.

RDS supports instant snapshots and auto backup, giving you the ability to quickly and accurately recover data.

If there are problems with the hardware, RDS will automatically transfer your host to a healthy node.

When updates are released, the DBMS can be automatically patched and reloaded. Customers are notified well in advance.

It is worth noting that there is no root access to the database. The built-in procedures and tweaking capabilities are implemented through the API and command line utilities.

All RDS instances run on a 64 bit platform.

Types of RDS instances

Billing

Like EC2, the RDS payment is made for each hour of use of the working instance, its storage, a separate fee is charged for storing backups and snapshots. The number of I / O operations is also considered.
There are also Reservations - payment immediately for 3-4 months, after which for an year or 3 years the hourly rate for the work of the instance is significantly reduced. On average, one and a half times.

Route 53

Description

Route53 is a cloud based DNS service from Amazon. Almost the most common name service, characterized by high performance and price. This is actually a cheap service. Having rather big zones with small TTL? we just do not go much beyond the Free Tier - a free usage limit and pay nothing for DNS.

One of the distinctive features of Route53 is its integration with other AWS services, such as EC2 and load balancer, S3, CloudFront.

The load balancer does not have a static address, but has a public DNS name. Using third-party services, we would have to use CNAME records to refer to this name, but Route53 has a special type of records - ALIAS to the load balancer. This allows using the full balancer functionality without propagation.
It is also not interesting that you can use WRR (Weighted Round Robin) records that allow you to do load balancing at the DNS level.

Route53 is controlled via the console or through the command line tools. Also, there are several third-party services, which, say, more clearly than the console, show the status of zones and give a more convenient setting. Konda in the console did not have the ability to manage Route53, third-party services were very popular, for example, I often used https://interstate53.com for these purposes.

Billing

Payment is made for requests that are considered millions of pieces.

Simple Queue Service (SQS)

Description

SQS is a service for building event queues. Such a queue is required, for example, when the e-mail creation application and its sending are separated. Then a queue element is created with the letter body, headers, etc., and the sending mail application reads the elements from the queue and sends them.

We use SQS queues to create and send Apple, WP7 and Android Push messages. And also for sending email.

Amazon does not provide limits on the number of queues and the number of items in queues.

Billing

The number of queue elements issued for the Free Tier is billed. At the moment it is 100.000. Pay for every 10,000 items. Also, funds are collected for the traffic that generated the service for the month.

Simple Email Service (SES)

Description

SES is used to send mail, or rather, mailings. The high reputation of IP addresses, high server performance, allowing you to send tens to hundreds of thousands of letters a day, makes it possible to send messages from small to huge corporate size enterprises.

A special feature is the automatic increase in the limit of letters sent per day. From 10 thousand to a million, the limit rises automatically depending on your needs of the package. Also increases the limit on the number of letters sent per second. At the beginning of the “pumping” account, this limit is 5 pieces per second.

Functional

SES allows you to send letters via API - directly from the application. There are dozens of libraries, plug-ins that make it possible to send letters bypassing the SMTP methods. For those applications that can not be integrated with SES via API, there is an option to enable the SMTP server with login-password authentication.
Billing
Payable to SES for every 10,000 emails sent per month. Also, a fee is charged for the traffic that is generated when sending emails.

Amazon Cloud Watch

Description

Cloud Watch is used to monitor the health / state of predominantly all AWS services, including standard monitoring of server health, availability of certain ports, storage, database operation, space on S3, and a lot of other checks.

There are 3 types of states in Cloud Watch - OK, ALARM and UNSUFFICIENT DATA. The names speak for themselves: a check is OK, in a state of error or alarm, as well as in an unknown state. Triggers can be set up for all states, which will be triggered when the counter changes to this state.

Autoscaling, for example, is built on CloudWatch counters. According to CloudWatch policies, triggers can be triggered, which launch new copies of servers to increase application capacity, and also to extinguish unnecessary servers while reducing the load.

The Cloud Watch management console looks like this.


The console provides almost all the functionality of setting Cloud Watch, but still, through the command line utilities, tuning can be done much faster and more accurately than through the web interface.

Billing

Cloud Watch service payments include the number of checks beyond the Free Tier. Elementary monitoring in this limit can be configured.

AWS Identity and Access Management (IAM)

Description

The IAM service allows you to control access rights to all other AWS services. Having a staff of all the rules you need to distinguish between access administrators, developers, testers, and so on. Up to 80 user accounts can be created within a single account, united into groups, to which, in turn, security policies are applied.

Each IAM user can be assigned to:

• a pair of keys
• login and password
• a couple of certificates

With keys and certificates, users can access the API and command line utilities. With login and password - in the console, which is available only to members of the organization. The address on the login screen of such a console looks like this: https://company.signin.aws.amazon.com/console . Every AWS account owner has the right to create their own corporate login screen.

Rules for restricting access to AWS services are generated in JSON format, like:

  {
       "Sid": "Stmt1327249403354",
       "Action": [
         "ses: *"
       ],
       "Effect": "Allow",
       "Resource": [
         "*"
       ]
     } 

By the example of the group members, the SES service is fully open and all actions related to SES are allowed.

IAM is also easy to use for transferring rights for a short time to third parties, such as freelancers for setting up services. Keys, certificates, and passwords are easy to quickly revoke, thereby stopping access to AWS.

Billing

Using IAM is completely free. The fee is charged only for the resources consumed by users.

Afterword

This article is a brief and hopefully clear description of Amazon Web Sevices . Unfortunately, services such as Dynamo DB, Simple DB, Cloud Front and Cloud Formation have not affected this description. This happened only because the author does not have experience working with these services, but he very much hopes that this experience will soon appear and he will be able to design and scale the infrastructure of enterprise sizes based on his extensive experience.