Popular about Amazon Web Services

Introduction

This report will be considered by the AWS, that uses our platform and with which I am familiar not by hearsay. I'm working on a project that utilizes almost all the possible services, and we aim in the near future to cover even more possibilities offered to us by Amazon.

Management of AWS is how to use the web interface (AWS console), and use Command Line Tools. The console contains all the AWS services, but the functionality of multiple cropped. At the command prompt also allows you more flexibility to configure a particular service, are also available in closed console functions.

Amazon Elastic Compute Cloud (EC2)

Description

EC2 is a cloud — based service that provides virtual servers (Amazon EC2 Instance), 2 types of data stores, as well as a load balancer (Load Balancer).

Many of you are familiar with VPS — Virtual Private Server. Now, EC2 is not that other, as a service that provides VPS in the present cloud where the server can easily migrate between nodes and storage can be easily expanded to almost dimensionless. Because something in the title and the word sounds Elastic — Elastic.br>

Functionality

EC2 allows you to launch pre-configured servers with pre-installed OS: Amazon Linux, Red Hat EL, Suse ES, Windows 2008, Oracle EL, the Choice of operating systems looks like this:


It is also possible to create your own images (AMI — Amazon Machine Image) and use any Linux. Our platform uses Debian Squeez as the main system, but of course we can run and work on almost any Linux distribution such as CentOS or Ubuntu. We also support RHEL and Suse ES.

There is a possibility to set up security access to the servers. EC2 instances are combined into security groups (Security Groups) with the ability to restrict access by ports or IP subnets.
Configuring security groups, as follows:


Load balancing and auto-scaling are very important features of EC2. You can create rules under which it will be possible to automatically increase the number of servers, for example, if one or more servers can not handle the load. Monitoring the health of servers is another AWS — Amazon Cloud Watch. With the help of this service you can create all sorts of checks — checks — which are controlled by the most important indicators of OS.

Adding an almost infinite number of disks with nearly infinite storage capacity. EBS (Elastic Block Storage) is one of the types of storage in EC2. The peculiarity of it is that the disks created by this technology is not dependent on our VPS nodes and are located on a special Storage servers, unlike Instance storage, which is located directly on the virtualization servers.
Using EBS to the running servers, you are “cashing” add disks of any size.
Disc creation:


Disk management:


Elastic IP addresses allow you to quickly change the server address, for example, in order to avoid DNS propagation — time updates of DNS zones worldwide.

Create instant images (Snapshot) allows you to create a copy of the disk and use it as the source for the AMI (Amazon Machine Image), as well as for easy a backup of the OS.

server Types

The EC2 instances can be described by the following table:

* EC2 compute unit — a unit of measure processor performance comparable to c performance 1.0-1.2 GHz Opteron or Xeon processors.

Billing

Payment EC2 is hourly, some ipodservice such as EBS have monthly billing. For each pedservice have their own separate billing for knowingly approved price per hour or per month.
Also, my EC2 instance has a so-called reservation (Reservation) — payable from 3-4 months of the server, after which hour the server is ~1.5 times cheaper. The RES is useful if EC2 is used on a regular basis — to save face.

Amazon Simple Storage (S3)

Abstracts

the

Amazon S3 is a service to store data in files. Provided that the dimensionless storage space for files of size between 1 byte to 5 Terabytes. the

• Files are stored in a separate battah (bucket) where you can create directories and subdirectories.
the
• Buckets are stored in different regions (Region). Available in the following regions: US Standard, US West (Oregon), US West (Northern California), EU (Ireland) Asia Pacific (Singapore), Asia Pacific (Tokyo), South America (Sao Paulo), and GovCloud (US).
the
• To baketu you can apply different kinds of security policies: making them private, public, as well as to share rights between users. For example, you can open the website:
  bucketname.s3-website-us-east-1.amazonaws.com and store static content.
the
• S3 can log the requests and put the records in a separate bucket. This is useful for investigation when a lot of users/applications have access to the service.
the
• upload, delete and other operations are available via REST or SOAP, it is also possible to encrypt the data channel with S3.
the
• an Interesting detail is that you can embed the BitTorrent Protocol replacement for http as the main Protocol to download files.
the
• Is 99.999999999% guarantee of the integrity and 99.99% uptime guarantee files a year.
the
• S3 also involves a versioning of files. You can always restore the previous version of the file, i.e. restore to the correct state.

UPD: the Namespace of the names of the buckets are one for all users, on the names of the buckets must be unique

Interfaces

S3 can be controlled with the help of this console:


Also, there are official and unofficial command line tools. There are plenty of libraries for various programming languages to connect applications with S3.

Billing

S3 is payable monthly in the amount of stored data for queries and for outgoing traffic. There is also a Free Tier 5GB space, 20,000 queries racing, 2,000 queries download 15 gigabytes of bandwidth per month for free.

Amazon Relational Database Service (RDS)

Description

RDS is the database service, which is submitted on a separate machine. Simply put, it's a private VPS servers that are optimized to work with databases.
Amazon RDS provides the following Database Management System:
the

the
• MySQL community edition
the
• Oracle Database Standard Edition One
the
• Oracle Database Standard Edition
the
• Oracle Database Enterprise Edition

The choice looks like this:


Disk space RDS instance as ordered by the client. The minimum size storage — 5 GB.

There is the flexibility to configure access to the database server by using security groups. Access is possible to give separate addresses/subnets or EC2 security groups and all the servers that it contains. This is useful e.g. when autoscaling when all application instances are raised in the same group and have access to the database server.

It is also possible to configure replication between the database servers through the console or command line utility.

RDS supports instant casts (Snapshot) and AutoBackup, allowing you to quickly and accurately restore data.

If problems occur with the hardware, RDS will automatically transfer your host to a healthy node.

When updates, the DBMS can be automatically patched and rebooted. The customers are informed in advance.

It is worth noting that root access to DBMS no. Storage capacity built-in procedures and fine tuning are done through API and command line utilities.

All RDS instances are running on the 64 bit platform.

RDS instance Types

Billing

Like EC2, RDS is paying for each hour of use of working instance, it storage, extra fee is taken for storage, backups and snapshots. So is the number of I/O operations.

Route 53

Description

Route53 is a cloud — based DNS service from Amazon. Practically the most common tools of high performance and price. It's actually cheap service. Having a rather big area with small TTL? we just don't much go for Free Tier free usage limit and pay a mere pittance for DNS.

One of the distinguishing features Route53 is its integration with other AWS services such as EC2 and load balancer, S3, CloudFront.

The load balancer has a static address, but has publicae DNS name. Using third-party services, we would have had to use a CNAME record to refer to the name, but in Route53 has a special record type — ALIAS for the load balancer. This allows propagate to use the full functionality of the load balancer.
Also great that you can use WRR (Weighted Round Robin) and records that allow you to do load balancing at the DNS level.

The Route53 management through the console or through the command line tools. There are also several third-party services that, say, more clearly than the console show the status of zones and provide a more comfortable setting. Konda in a console was the capability to manage Route53, third parties were very popular, for example, I often used https://interstate53.com for these purposes.

Billing

Payment is made for requests that are considered to be millions of units.

Simple Queue Service (SQS)

Description

SQS — service for the build queues of events. It is required, for example when the split application creating the email and sending it. Then creates a queue item c the body of the email, headers, etc, and the application sends mail, reads items from the queue and sends them.

We use the SQS queue to create and send Push messages to Apple, WP7 and Android. And to send email.

Limits on number of queues and the number of elements in the queue, Amazon does not provide.

Billing

In the invoice the number of items in the queue, published for the Free Tier. At the moment it is 100,000. Paid for every 10,000 items. Also charged for the traffic that generated the service for the month.

Simple Email Service (SES)

Description

SES is used to send mail, but rather mail. High reputation IP addresses, high performance servers, allowing you to send tens or hundreds of thousands of letters a day gives you the ability to send communications from small to large size corporate enterprises.

A feature can be considered an automatic increase of the limit of emails sent per day. From 10 thousand to one million limit is raised automatically, depending on your needs package. Also increases the limit of number of emails sent per second. At the beginning of the “flow” of account this limit is 5 pieces per second.

Functions

SES allows you to send letters via API directly from the app. There are dozens of libraries, plugins giving the ability to send emails bypassing the SMTP methods. For those applications that cannot be integrated with SES via the API there is an option to enable SMTP server authentication bundle login and password.
Billing
Payable to the SES for every 10,000 emails sent per month. The same fee is charged for the traffic that is generated when sending mail.

Amazon Cloud Watch

Description

Cloud Watch is used for monitoring the health/status mainly all AWS services, including standard server monitoring, the availability of certain ports, storadzh, work DBMS, S3 and a lot of other checks.

In Cloud Watch, there are 3 types of conditions — OK, ALARM and UNSUFFICIENT DATA. The names speak for themselves: check status of OK, an error condition or alarm, and in an unknown state. In all States, you can configure the triggers to be triggered during a change of the counter in this state.
Autoscale, for example, is built on the performance counters to CloudWatch. Policies CloudWatch can fire triggers that start a new copy of servers to increase power application, and also by reducing the load to extinguish unneeded servers.

Looks like the management console is Cloud Watch.


The console provides almost all the functionality of the Cloud Watch settings, but still using command-line utilities setting can be performed much faster and more accurate than using the web interface.

Billing

In charge of the Cloud Watch includes the number of checks beyond the Free Tier. Basic monitoring the limit to set is quite possible.

AWS Identity and Access Management (IAM)

Description

IAM allows you to control access rights to all the other AWS services. Having staff on all the rules you need to delimit access to administrators, developers, astromical and so on. Within one account can be created up to 80 user accounts, groups, which, in turn, apply security policy.

Each IAM user can be assigned:
the

the
• key pair
the
• username and password
the
• a couple of certificates

With keys and certificates, users can have access to APIs and utilities komandnoj line. With a login and password to the console, which is available only to members of the organization. Address on the login screen so the console looks like this: https://company.signin.aws.amazon.com/console. Each holder of AWS account the right to create your own corporate sign-in screen.

Rules to restrict access to AWS services are generated in JSON format:
the

{
"Sid": "Stmt1327249403354",
"Action": [
"ses:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}

For example, team members fully opened service SES and allowed all actions related to SES.

IAM also easy to use for the transfer of rights for a short time to third parties, such as freelancers to configure services. Keys, certificates and passwords easily quickly retract, thereby discontinuing access to AWS.

Billing

Using the IAM absolutely free. The fee is charged only for resources consumed by users.

PostScript

This article made a brief and hopefully clear description of the Amazon Web Sevices. Unfortunately, services such as Dynamo DB, Simple DB, Cloud Front and Cloud Formation, this description is not affected. It happened only because the author has no experience with these services, but hopes that soon this experience will appear and he will be able to design and scale infrastructure to enterprise size based on your great experience.

Article based on information from habrahabr.ru