Compsortia

Define methods of deploying and operating in the AWS Cloud

How to use the technologies and services in AWS

Deploying and operating in AWS – access methods

  1. Programmatic access
  2. Command Line Interface (CLI)
  3. Management console
  4. Infrastructure as code

Deployment models

  1. Cloud native
  2. Hybrid
  3. On-premises

Different clouds

  1. Public – the public can access this
  2. Private – a local cloud by the definitions of the cloud – elastic, networked, etc
  3. Multi – more than one cloud provider
  4. Hybrid – mix of public and private through a dedicates connection

Architecture of cloud – it’s tricky

Public and Private networks

Public internet – publicly available internet resources: documents, webpages, videos etc all available through public names and addresses

Private networks – networks that are not connected to the internet so only those in the network can use and see resources on it

Public Cloud – a business that provides access to a network that is accessible via the internet to computer resources that are made private via security measures

Private Zone – an area of the cloud providers network that is separated from the publicly available Zone

Public Zone – an area that is separate from the private zone. This doesn’t mean the general public can access it by default but that it’s a shared area on the cloud network that is connected to the public internet. The private zone is not connected to the Internet. AWS has services that are located in the Public Zone.

Zones are often called sub-nets

Subnets – dedicated networks restricted to an Availability Zone (an AZ is set of connected physical machines via an internet network. A subnet is a sub division of the whole network where the whole network is called the virtual private cloud (VPC). The VPC is defined by a set of IPs or an IP range. The IP range is divided into subnets so the services in that subnet can talk to each other (again – I’m not completely sure on this)

To talk between AZs you have to set rules. These rules are set in security groups. As security groups are controlling access to a network they are a type of firewall.

For the VPC to talk to the public internet then rules are set to allow traffic into and out of via the Internet gateway that is provided for each VPC.

It’s all very complicated.

eThe

AWS has these two zones in it’s network – private and public

Network connectivity

This gets more complicated

AWS has a global network and within it local regions. Regions have Availability zones between 2 and 3 and within the AZ there are multiple data warehouses and within the data warehouses there are lots of physical computers.

When you get an AWS account it will be situated in a region ideally within the compliance and customer location (Edge locations reduce redundancy even further).

To filter the traffic from the public internet to the public