AWS TEchnical Essentials Workshop

AWS Technical
Essentials Workshop
By: Engr. Muhammad Usman Khan

About The Instructor
+ Graduate from Iqra University in the field of Telecom & Networks, 2012
+ Microsoft Certified Trainer Since 2014 till now
+ Vendor Neutral & Product trainer of ITIL, CIsco,CompTIA, Microsoft,
Vmware, CWNA & Cloud Computing like Amazon, Azure etc..
+ Founder of Sherdil Tech Solutions & Services
+ Completed more than 30+ minor & major projects in my 4years professional
tenure, 5 on AWS Cloud.

About AWS Workshop
Course Overview:
● The AWS Technical Essentials Instructor-Led Training course introduces
AWS products, services, and common solutions with demos, knowledge
checks, and hands-on lab activities. It provides learners with the basic
fundamentals to become more proficient in AWS and empowers them to
make informed decisions about IT solutions based on business requirements.

About AWS Workshop
Course Outline
This course will cover the following concepts:
● Introduction and History of AWS with Services
● AWS Infrastructure: Compute, Storage, and Networking (EC2, S3, VPC)
● AWS Security, Identity, and Access Management (IAM)
● AWS Databases (RDS)
● AWS Elasticity and Management Tools (ELB & CloudWatch)

Hands-on Labs:
Course Hands-on Lab
This course will also have Hands-on Lab:
● Configure & Implement VPC, Subnet,Route Table,Route, IGW
● Create & configure EC2, SG,Snapshots,EBS,AMI
● Create & Configure RDS (Outside Configuration)
● Create & Configure ELB
● Create S3 Buckets, Folders, S3 objects with ACL
● Create 1 Alarm on Cloud Watch

History of AWS Cloud:
● In late 2003, Chris Pinkham and Benjamin Black presented a paper describing a vision
for Amazon's retail computing infrastructure that was completely standardized,
completely automated, and would rely extensively on web services for services such as
storage, drawing on internal work already underway.
● In 2006, Amazon Web Services (AWS) began offering IT infrastructure services to
businesses in the form of web services
● AWS is located in 13 geographical "regions": US East (Northern Virginia), where the
majority of AWS servers are based, US West (northern California), US West (Oregon),
Brazil (São Paulo), Europe (Ireland and Germany), South Asia (Mumbai), Southeast
Asia (Singapore), East Asia (Tokyo, Seoul, Beijing) and Australia (Sydney)

Cloud Basics
What is Hypervisor?
● A hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware or
hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or
more virtual machines is called a host machine, and each virtual machine is called a guest machine.

Cloud Basics
What is Virtualization?
● In computing, virtualization refers to the act of creating a virtual (rather than actual)
version of something, including virtual computer hardware platforms, operating
systems, storage devices, and computer network resources.

Cloud Basics
What is Cloud Computing?
● The using of Computation power over the internet is called Cloud.
● Dedicated hosted server is not a cloud server.
● Cloud computing build on elastic mechanism that can increase/decrease computation
as per requirement

History of AWS Cloud Cont…..
● In June 2007, Amazon claimed that more than 180,000 developers had signed up to
use Amazon Web Services
● In November 2010, it was reported that all of Amazon.com retail web services had
been moved to AWS
● On April 20, 2011, some parts of Amazon Web Services suffered a major outage. A
portion of volumes using the Elastic Block Store (EBS) service became "stuck" and
were unable to fulfill read/write requests.
● In November 2012, AWS hosted its first customer event in Las Vegas.[24]
On April 30,
2013, AWS began offering a certification program for computer engineers with
expertise in cloud computing.

Topic#1
AWS Services
(At a Glance)

AWS Terminologies
EC2: Elastic Compute Cloud (Just Like Virtual Machine)
VPC: Virtual Private Cloud (Just like Private DataCenter)
ELB: Elastic Load Balancing (Just Like Network Load Balancing)
RDS: Relational Database Server (Just like MS SQL Server)
IAM: Identity & Access Management (Just Like Active Directory)
S3: Simple Storage Service (Just Like Google Drive, DropBox)

AWS Services
VPC: A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is
logically isolated from other virtual networks in the AWS cloud.
EC2: Amazon Elastic Compute Cloud (Amazon EC2) is a Computation service that provides
resizable compute capacity in the cloud. It is designed to make web-scale cloud computing
easier for developers.
S3: highly-scalable, reliable, and low-latency data storage infrastructure at very low costs.
RDS: Amazon Relational Database Service ( RDS) is a web service that makes it easier to
set up, operate, and scale a relational database in the cloud.

AWS Services
EBS: An EBS volume behaves like a raw, unformatted, external block device that you can
attach to a single instance and are not physically attached to the Instance host computer
AS: Auto Scaling helps to automatically increase the number of EC2 instances when the
user demand goes up, and decrease the number of EC2 instances when demand goes down
ELB: ELB service helps to distribute the incoming web traffic (called the load) automatically
among all the running EC2 instances
IAM: AWS Identity and Access Management (IAM) is a web service that helps you securely
control access to AWS resources for your users

Virtual Private Cloud (VPC)
● A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is
logically isolated from other virtual networks in the AWS cloud.
● VPC allows you to select its IP address range, create subnets, and configure route
tables, network gateways, and security settings.
● When you create a VPC, you specify the set of IP addresses for the VPC in the form of
a Classless Inter-Domain Routing (CIDR) block. For e.g, 10.0.0.0/16, which allows
2^16 (65536) IP address available within the VPC
● It’s possible to specify a range of publicly routable IP addresses; direct access to the
Internet is not currently supported from publicly routable CIDR blocks in a VPC

Difference Between Region & Availability Zone
● Amazon EC2 is hosted in multiple locations world-wide.
● These locations are composed of regions and Availability Zones.
● Each region is a separate geographic area.
● Each region has multiple, isolated locations known as Availability Zones.
● Amazon EC2 provides you the ability to place resources, such as instances, and data in
multiple locations. Resources aren't replicated across regions unless you do so
specifically.

● CIDR block from private (non-publicly routable) IP address can be assigned to an VPC
10.0.0.0 – 10.255.255.255 (10/8 prefix)
172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
192.168.0.0 – 192.168.255.255 (192.168/16 prefix)

● It’s possible to specify a range of publicly routable IP addresses; direct access to the
Internet is not currently supported from publicly routable CIDR blocks in a VPC
● CIDR block once assigned to the VPC cannot be modified
● Each VPC is separate from any other VPC created with the same CIDR block even if it
resides within the same AWS account
● VPC allows VPC Peering connections with other VPC within the same or different VPC
accounts

VPC Deletion:
● Deletion of the VPC, possible only after terminating all instances within the VPC,
deletes all the components with the VPC for e.g. subnets, security groups, network
ACLs, route tables, Internet gateways, VPC peering connections, and DHCP options

Private IP Addresses
● Private IP addresses are not reachable over the Internet, and can be used for
communication between the instances in your VPC
● All instances are assigned a private IP address, within the IP address range of the
subnet, to the default network interface
● Primary IP address is associated with the network interface for its lifetime, even when
the instance is stopped and restarted and is released only when the instance is
terminated
● Additional Private IP addresses, known as secondary private IP address, can be
assigned to the instances and these can be reassigned from one network interface to
another

Public IP address (Associated IP Address)
● Public IP addresses are reachable over the Internet, and can be used for
communication between your instances and the Internet, or with other AWS services
that have public endpoints
● Public IP address assignment to the Instance depends if the Public IP Addressing is
enabled for the Subnet.
● Public IP address can also be assigned to the Instance by enabling the Public IP
addressing during the creation of the instance, which overrides the subnet’s public IP
addressing attribute
● Public IP address is assigned from AWS pool of IP addresses and it not associated with
the AWS account and hence released when the instance is stopped and restarted

Elastic IP address
●Elastic IP addresses are static, persistent public IP addresses which can be associated and
disassociated with the instance, as required
● Elastic IP address is allocated at an VPC and owned by the account unless released
● A Network Interface can be assigned either a Public IP or an Elastic IP. If you assign an
instance with Public IP an Elastic IP, the public IP is released
● Elastic IP addresses can be moved from one instance to another and the instance can
be within the same VPC or different VPC within the same account
● Elastic IP are charged for non usage i.e. if it is not associated or associated with a
stopped instance or an unattached Network Interface

Elastic Network Interface (ENI)
● Each Instance is attached with default elastic network interface (Primary Network
Interface eth0) and cannot be detached from the instance
● ENI has the following attributes
○ Primary private IP address
○ One or more secondary private IP addresses
○ One Elastic IP address per private IP address
○ One public IP address, which can be auto-assigned to the netw
for eth0 when you launch an instance, but only when you creat
interface for eth0 instead of using an existing network interface
○ One or more security groups, A MAC address
○ A source/destination check flag

Internet Gateways
● An Internet gateway is a horizontally scaled, redundant, and highly available VPC
component that allows communication between instances in your VPC and the Internet.
It therefore imposes no availability risks or bandwidth constraints on your network
traffic.
● An Internet gateway serves two purposes:
○ To provide a target in your VPC route tables for Internet-routable traffic,
○ To perform network address translation (NAT) for instances that have been
assigned public IP addresses.

Enable Internet Access through Internet GW
● Attaching Internet gateway to the VPC
● Subnet should have Route tables associated with the Route pointing to the Internet
gateway
● Instances should have a Public IP or Elastic IP address assigned
● Security groups and NACLs associated with the Instance should allow relevant traffic

VPC Security
Security within a VPC is provided through
● Security groups – Act as a firewall for associated Amazon EC2 instances, controlling
both inbound and outbound traffic at the instance level
● Network access control lists (ACLs) – Act as a firewall for associated subnets,
controlling both inbound and outbound traffic at the subnet level
● Flow logs – Capture information about the IP traffic going to and from network
interfaces in your VPC

Subnets
● Subnet spans a Single Availability Zone, distinct locations that are engineered to be
isolated from failures in other Availability Zones, and cannot span across AZs
● Subnet can be Public or Private and it depends on where it has the Internet
connectivity i.e. is able to route traffic to the Internet through the Internet gateway
● Instances within the Public Subnet should be assigned a Public IP or Elastic IP
address to be able to communicate with the Internet
● For Subnets not connected to the Internet, but has traffic routed through Virtual
Private Gateway only is termed as VPN-only subnet

NAT Overview
● Network Address Translation (NAT) devices, launched in the public subnet, enables
instances in a private subnet to connect to the Internet, but prevent the Internet from
initiating connections with the instances.
● Instances in private subnets would need internet connection for performing software
updates or trying to access external services
● NAT device prevents instances to be directly exposed to the Internet and having to be
launched in Public subnet and assignment of the Elastic IP address to all.
● NAT device performs the function of both address translation and port address
translation (PAT)

Bastion Host Overview
● Bastion means a structure for Fortification to protect things behind it
● In AWS, a Bastion host (also referred to as a Jump server) can be used to securely
access instances in the private subnets.
● Bastion host launched in the Public subnets would act as a primary access point from
the Internet and acts as a proxy to other instances.

Bastion Host

VPC Peering Overview
● A VPC peering connection is a networking connection between two VPCs that enables you to
route traffic between them using private IP addresses.
● Instances in either VPC can communicate with each other as if they are within the same
network
● VPC peering connection can be established between your own VPCs, or with a VPC in
another AWS account within a single region.
● AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is
neither a gateway nor a VPN connection, and does not rely on a separate piece of physical
hardware. There is no single point of failure for communication or a bandwidth bottleneck.

VPC Peering Rules & Limitations
● VPC peering connection cannot be created between VPCs that have matching or overlapping
CIDR blocks.
● VPC peering connection cannot be created between VPCs in different regions.
● VPC peering connection are limited on the number active and pending VPC peering
connections that you can have per VPC.
● VPC peering does not support transitive peering relationships
● VPC peering does not support Edge to Edge Routing Through a Gateway or Private Connection

Hands-On Lab:
● Create VPC with Public Subnet
● Create Internet Gateway
● Attached IGW
● Create Route on Route table
● Create Subnet
● Add IGW Route on route Table
● Test Internet Connectivity (By creating EC2 Instance)

Elastic Compute Cloud (EC2)
Items to discuss:
● EC2 Instance Type (T2, C2,M2)
● EC2 AMI Machine types: On Demand, Spot & Reserved Instances
● EBS VS Instance Store
● AMI, Snapshot, Volumes

EC2 Instance Types :
Instance are divided based on;
● General Purpose (T2,M2 etc...)
● Computation Optimized (C4)
● Extreme Memory (X1 series)
● Optimized memory (R3)
● General purpose GPU (P2)
● High GPU (G2)
● Storage optimized (i2)
● Dense Storage (D2)
Refer Link: https://aws.amazon.com/ec2/instance-types/

T2 Instances (General Purpose)
● T2 instances are well suited for
○ general purpose workloads, such as web servers, developer environments, and
small databases
● Requirements
○ can be launched only with HVM AMI
○ can be launched into a VPC only, and not supported on the EC2-Classic platform
○ are available as Amazon EBS-backed instances only
○ are available as On-Demand or Reserved instances, but do not allow spot
instances
○ By default, you can run up to 20 (soft limit) T2 instances simultaneously.
○ cannot be launched as a Dedicated instance

EC2 AMI Machine Types :
On Demand instance:
● With On-Demand instances, you pay for compute capacity by the hour with no long-term commitments
or upfront payments. You can increase or decrease your compute capacity depending on the demands of
your application and only pay the specified hourly rate for the instances you use.
Spot Instances:
● Amazon EC2 Spot instances allow you to bid on spare Amazon EC2 computing capacity
Reserved Instances:
● Amazon EC2 Reserved Instances provide a significant discount (up to 75%) compared to On-Demand
pricing and provide a capacity reservation when used in a specific Availability Zone.

EBS vs Instance Store:
EBS:
● Amazon Elastic Block Store (Amazon EBS) provides persistent block level storage volumes
for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is
automatically replicated within its Availability Zone to protect you from component failure,
offering high availability and durability
Instance Store:
● An instance store provides temporary block-level storage for your instance. This storage is
located on disks that are physically attached to the host computer. Instance store is ideal
for temporary storage of information that changes frequently, such as buffers, caches,
scratch data, and other temporary content, or for data that is replicated across a fleet of
instances, such as a load-balanced pool of web servers.

AMI, Volume & Snapshots
AMI:
An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual
server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances
from the AMI as you need. You can also launch instances from as many different AMIs as you need.
Volume:
Volumes are EBS OR Instance Store
Snapshots:
Snapshots are the copy of Volume tnat can be use to create a Backup of EBS/Instance Store ,& to create a new
instance

Hand-On Labs:
1. Create Windows Based EC2 Instance
2. Create Security Group
3. Open Ports In Security Group
4. Create GP2 Based EBS Volume
5. Create Key Pair to Login on an Instance
6. Establish RDP Session for Newly created Instance

Simple Storage Service (S3)
Features:
● S3 is Simple Storage Service
● Amazon S3 provides unlimited storage space and works on the pay as you use model.
Service rates gets cheaper as the usage volume increases
● Amazon S3 is an Object level storage (not a Block level storage) and cannot be used to
host OS or dynamic websites
● Amazon S3 resources (for example buckets and objects) are private by default
●

Buckets
● A bucket is a container for objects stored in Amazon S3 and help organize the Amazon
S3 namespace.
● A bucket is owned by the AWS account that create it and helps identify the account
responsible for storage and data transfer charges
● Amazon S3 bucket names are globally unique, regardless of the AWS region in which
you create the bucket
● Even though S3 is a global service, Amazon S3 buckets are created within a region
specified during the creation of the bucket
● Every object is contained in a bucket and there is no limit on the number of objects
that a bucket can have

Objects:
● Objects are the fundamental entities stored in Amazon S3.
● Object is uniquely identified within a bucket by a key (name) and a version ID.
● Objects consist of object data, metadata and others
○ Value is Data portion is opaque to Amazon S3.
○ Metadata is the data about the data and is a set of name-value pairs that
describe the object for e.g. content-type, size, last modified. You can also
specify custom metadata at the time the object is stored.
○ Key is object name
○ Version ID is the version id for the object and in combination with the key helps
to unique identify an object within a bucket
○ Subresources helps provide additional information for an object
○ Access Control Information helps control access to the objects stored in S3

Hands On Lab:
● Create S3 Bucket
● Create S3 Folder
● Upload an object on S3 Bucket or Folder
● Apply ACL on Object

Relational DataBase Server
Features:
● Amazon Relational Database Service ( RDS) is a web service that makes it easier to set up, operate, and
scale a relational database in the cloud.
● RDS provides cost-efficient, resizeable capacity for an industry-standard relational database and manages
common database administration tasks.
● RDS features & benefits
○ CPU, memory, storage, and IOPS can be scaled independently.
○ manages backups, software patching, automatic failure detection, and recovery.
○ automated backups can be performed as needed, or manual backups can be triggered as well.
Backups can be used to restore a database, and the Amazon RDS restore process works reliably
and efficiently.
○ provides high availability with a primary instance and a synchronous secondary instance that
you can failover seamlessly when a problem occurs.

Relational DataBase Server
Hand-On Lab:
● Create DB Subnet group
● C reate RDS
● Check AZ

Auto Scaling With ELB
Features:
● Auto Scaling helps to automatically increase the number of EC2 instances when the user demand goes up,
and decrease the number of EC2 instances when demand goes down
● ELB service helps to distribute the incoming web traffic (called the load) automatically among all the
running EC2 instances
● ELB uses load balancers to monitor traffic and handle requests that come through the Internet.
● Auto Scaling dynamically adds and removes EC2 instances, while Elastic Load Balancing manages
incoming requests by optimally routing traffic so that no one instance is overwhelmed
● Using ELB & Auto Scaling
○ makes it easy to route traffic across a dynamically changing fleet of EC2 instances
○ load balancer acts as a single point of contact for all incoming traffic to the instances in an Auto
Scaling group.

Identity & Access Management
Features:
● AWS Identity and Access Management (IAM) is a web service that helps you securely control access to
AWS resources for your users.
● IAM is used to control
○ Identity – who can use your AWS resources (authentication)
○ Access – what resources they can use and in what ways (authorization).
● IAM can also keep your account credentials private.
● With IAM, you can create multiple IAM users under the umbrella of your AWS account or enable
temporary access through identity federation with your corporate directory.
● IAM also enables access to resources across AWS accounts.

End of the Workshop
Thanks for join us.
For Details, Contact:
Name: Engr Muhammad Usman Khan
PH: 92 332 2278144
Email: usman@sherdil.org

AWS TEchnical Essentials Workshop

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Destacado

Destacado (17)

Similar a AWS TEchnical Essentials Workshop

Similar a AWS TEchnical Essentials Workshop (20)

Más de Muhammad Usman Khan

Más de Muhammad Usman Khan (6)

AWS TEchnical Essentials Workshop