AWS Basics: Services Every DevOps Guy Must Know ☁️ - Part 1

Sahil NaikSahil Naik
10 min read

Table of contents

Traditional IT Service

To know why we need Cloud Computing, we need to first understand Traditional IT service vs. Cloud Computing.

A few years ago, you started working on your portfolio website. You were excited to get your projects online but quickly realized that launching a website the traditional way wasn’t as simple as you thought. Here's what happened:

You first needed a server to host your website. So, you bought a physical server, which cost you a lot of money. You had to set it up in your apartment, and since you aren’t a hardware expert, it took you a lot of time and effort to figure out. You even had to install cooling systems to make sure the server didn’t overheat.

Once the server was ready, you had to deal with maintenance. You had to update the software regularly, handle security issues, and ensure the server stayed up 24/7. This took a lot of your time—time you could have spent coding or improving your projects.

One day, your website got a lot of attention when one of your blog posts went viral. Your server couldn’t handle the traffic spike, and the website crashed! You were panicking, trying to get your site back online, but it took hours because your server just wasn’t built for this kind of load. You wished you had bought a bigger server, but that would have been even more expensive, and most of the time, you didn’t need all that extra power.

Enters the Cloud 🚪

Frustrated with all the server management and downtime, you heard about cloud computing. That’s when you decided to switch your website to a cloud provider, like AWS. Here’s what changed:

  1. No More Buying Hardware: Instead of maintaining a physical server in your apartment, you started renting space on AWS’s cloud servers. You no longer had to worry about the upfront cost of buying and setting up a server.

  2. Automatic Scaling: The next time one of your blog posts went viral, the cloud server automatically handled the traffic spike. AWS scaled up the resources to support all the visitors without any downtime. And when traffic returned to normal, AWS scaled things back down, so you didn’t have to overpay for unused capacity.

  3. No More Maintenance: AWS took care of all the backend maintenance—updating the software, managing security patches, and ensuring the servers stayed up and running. You didn’t have to worry about these tasks anymore, giving you more time to work on your code and creative projects.

  4. Pay Only for What You Use: You loved that with AWS, you only paid for the resources you actually used. When your site had low traffic, the cost was minimal, and during traffic spikes, you paid a bit more, but it was always proportional to what you used. This saved you a lot of money compared to buying and maintaining your own server.

  5. Global Reach: As your website grew, you started attracting visitors from around the world. AWS’s global infrastructure meant your site loaded quickly no matter where your users were located. You didn’t need to set up servers in different countries—AWS did that for you.

The Problems that Cloud Solved

  • Server Crashes: Before, your site would crash with high traffic. AWS solved this with automatic scaling.

  • Costly Maintenance: Managing a physical server was expensive and time-consuming. The cloud took that off your hands.

  • Slow Response Times: AWS’s global network ensured your website was fast for users all around the world.

  • Wasted Resources: You no longer had to pay for a big server that sat idle most of the time. The cloud gave you exactly what you needed, when you needed it.

AWS provides services across different categories, ranging from compute to databases, storage, and security, and they are as follows:

  1. IAM (Identity and Access Management)

    AWS IAM (Identity and Access Management) is a service that helps you control who can access your AWS resources and what they can do with them. In AWS, there are two types of users: the root user and IAM users. They have different roles and levels of access.

    • Root user:

      1. The root user is the account you create when you first sign up for AWS. It's tied to the email address and password you use during registration.

      2. The root user has unrestricted access to everything in the AWS account. It can do anything—from creating and deleting resources to managing billing and account settings.

      3. Since the root user has full control, it's recommended that you use it only for initial setup or very critical tasks (like closing the account). For daily operations, it's best to avoid using the root user to reduce security risks.

  • IAM user:

    1. An IAM user is a user account you create within AWS using the Identity and Access Management (IAM) service. Each IAM user is given specific permissions that control what they can and cannot do.

    2. IAM users do not have full access by default. You have to specify the permissions for each user based on their role (e.g., a developer might need access to EC2 and S3, but not billing).

    3. It’s a good idea to create IAM users for each person or system that needs to access AWS resources, rather than using the root account. You can manage and track the actions of each IAM user more securely.

  • IAM user permissions:

    Permissions in AWS define what actions an IAM user can perform on AWS resources. These permissions are given through policies, which are essentially sets of rules that allow or deny specific actions.

    We have three ways to assign permissions to the IAM user.

    1. Directly to Users: You can attach policies directly to an individual user. This is less common for managing large environments, but useful for one-off cases.

  1. Using Groups: You can assign permissions to groups of users. Users in the group inherit the group's permissions (e.g., you might have a "Developers" group with access to EC2 and S3).

    Always remember, if we attach permissions directly to a user, we can only attach up to 10 permissions. If we need to assign more than 10 permissions, say 25, we can create a group with the list of permissions and add the user to that group. This way, the user will receive all the permissions assigned to the group.

Here, we have created a group called interns and given it several read-only access permissions. When we create an IAM user and add them to this group, the IAM user will be able to perform actions according to the permissions granted.

  1. Using Roles: Instead of giving permissions to a user directly, you can assign them a role that they can assume when needed. This is helpful for temporary or task-based permissions. Imagine a family where parents go to work during the day, and their elder son temporarily takes on their responsibilities—like helping with homework and keeping the house in order. When the parents return, he gives up those duties and goes back to his usual role.

Here, we have given our IAM user intern1 temporary full access to S3.

  1. S3 (Simple Storage Service)

    1. AWS S3 (Simple Storage Service) is a highly scalable and secure object storage service that allows you to store and retrieve any amount of data at any time, from anywhere. It’s designed for durability, meaning your data is safe even if something goes wrong.

Key Concepts of S3:

  1. Buckets: A bucket is like a folder where you store your files. Each bucket has a unique name and is where your data (called objects) lives. For example, if you want to store photos for your website, you might create a bucket called website-photos.

  2. Bucket name: It is the unique name for each bucket and it should be unique globally.

    The reason behind it is AWS creates a domain for the bucket hence we need to use a globally unique name for each bucket

  3. Objects: The actual files you store in S3 are called objects. Each object can be any kind of data: images, text files, videos, etc. Every object has a key (its name) and is stored inside a bucket.

  4. Storage Classes: S3 offers different storage classes depending on how frequently you need to access your data and how quickly you need to retrieve it. These include:

    • Standard: For frequently accessed data.

    • Intelligent-Tiering: Automatically moves data to the most cost-efficient storage class based on usage.

    • Glacier: For long-term archival storage, where retrieval is infrequent.

PreSigned URLs:

A presigned URL in Amazon S3 is a temporary, secure link that allows users to access or upload objects in an S3 bucket without needing permanent AWS credentials or direct bucket permissions.

Let's say you are running an online business and want to share a report (a PDF file) with your accountant. The file is stored in your S3 bucket called business-reports. You don’t want to give the accountant full access to your S3 bucket, so you decide to create a presigned URL to allow temporary access to just that file.

Why Presigned URLs are Useful:

  • Security:You didn't have to give your accountant access to your entire S3 bucket or even an AWS account. The URL provides access to just one file for a limited time.

  • Flexibility: The URL can be set to expire at any time (e.g., 5 minutes or 1 week), making it useful for time-sensitive sharing.

  • No Extra Permissions: You can share specific files without needing to change permissions on the S3 bucket itself.

How does AWS charge for S3 buckets?

AWS charges for S3 buckets based on several factors:

  1. Storage Size: You pay for the amount of data stored in the bucket, calculated in GB per month.

  2. Data Transfer: Uploads to S3 are free, but data transfers out to the internet or between regions incur fees.

  3. Requests and API Calls: You pay for operations like GET, PUT, and DELETE requests.

  4. Storage Class: Different storage classes (Standard, Glacier, etc.) have varying prices based on access frequency and retrieval times.

  5. Data Retrieval: For infrequent or archived data (like in Glacier), you pay extra when retrieving files.

  1. EC2 (Elastic Cloud Compute)

Imagine you need a computer to run a website, an app, or any other task, but instead of buying and maintaining a physical machine, you rent a virtual computer from Amazon called an EC2 instance. You can choose how powerful you want this computer to be (based on the task you need it for) and only pay for the time you actually use it.

Amazon EC2 is a web service that provides resizable virtual servers in the cloud. These virtual servers, called instances, allow you to run applications and workloads without the need to manage physical hardware. With EC2, you can quickly scale your computing resources up or down as needed, paying only for the resources you use.

Key Features of EC2:

  1. Virtual Servers: EC2 provides virtual machines (instances) that can run different operating systems like Linux, Windows, MacOS etc.

  2. Instance Types: EC2 offers various instance types, optimized for different tasks such as general computing, memory-intensive applications, or graphics processing (GPU).

  3. Scalability: You can launch or stop instances quickly, allowing you to handle fluctuating workloads.

Connecting to instance:

After launching an EC2 instance, you can connect to it to start using it like a normal computer.

  1. EC2 instance connect:

    Allows you to securely connect to your EC2 instances directly from the AWS Management Console using a browser-based terminal.

  2. SSH Client:

    Connecting using an SSH client means using a software application that allows you to establish a secure connection to a remote server (like an EC2 instance) via the Secure Shell (SSH) protocol.

By following these steps, we can connect our local machine to remote server via SSH.

Resources:

Kodekloud [Paid] : https://learn.kodekloud.com/user/courses/aws-cloud-practitioner-clf-c02

Piyush Garg [Free] : https://youtube.com/playlist?list=PLinedj3B30sDZ17Fpe3xGUDRBkutaGyUp&feature=shared

Summary:

This article explores the differences between traditional IT services and cloud computing, highlighting the challenges faced with physical servers like high costs, maintenance, and scalability issues. Cloud computing, specifically through AWS, offers solutions such as automatic scaling, pay-as-you-go pricing, and global reach, solving problems like server crashes, costly maintenance, and slow response times. It delves into key AWS services like IAM for access management, S3 for secure and scalable storage, and EC2 for resizable virtual servers, detailing their functionalities, advantages, and cost structures.

Keep an eye out for more blogs on AWS services and DevOps tools! Subscribe to my newsletter so you never miss an update or new post.

10
Subscribe to my newsletter

Read articles from Sahil Naik directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSEC2 instanceS3-bucketiam role in awsIAM

Written by

Sahil Naik
Sahil Naik

💻 Sahil learns, codes, and automates, documenting his journey every step of the way. 🚀