☁️ "Cloud Computing" is the need-based provision of IT resources via the Internet at usage-based prices. Instead of purchasing, owning, and maintaining physical data centers and servers, you can access technology services such as compute, storage, and databases on-demand through a cloud provider like Amazon Web Services (AWS).
Key advantages:
Agility
Elasticity
Cost savings
Go-global in minutes (Worldwide deployments in mins)
Metered billings (Pay-as-you-go)
Types of Cloud computing:
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
It’s very good feel that if you are going to learn leading cloud provider AWS. They are the leader in Cloud computing because of:
Largest community of customers and partners
Greatest functionality
Highest level of security
Shortest innovation cycles
Proven operational expertise
Gartner Research positions AWS in the Leaders quadrant in the new 2021 Magic Quadrant for Cloud Infrastructure & Platform Services (CIPS) report. CIPS are defined in the context of this "Magic Quadrant" as "standardized, highly automated offerings in which infrastructure resources (e.g. compute, network and storage resources) are supplemented with integrated platform services".
Global Infrastructure AWS
The AWS Global Cloud Infrastructure is the most secure, extensive, and reliable cloud platform, offering over 200 fully featured services from data centers globally. Whether you need to deploy your application workloads across the globe in a single click, or you want to build and deploy specific applications closer to your end-users with single-digit millisecond latency, AWS provides you the cloud infrastructure where and when you need it.
AWS has the most extensive global cloud infrastructure. No other cloud provider offers so many regions and Availability Zones, all characterized by low latency, high throughput and a highly redundant network. AWS is available in 84 Availability Zones within 26 geographic regions worldwide. In addition, 24 additional Availability Zones and 8 additional AWS regions in Australia, Canada, India, Israel, New Zealand, Spain, Switzerland and the United Arab Emirates (UAE) are planned. The AWS Regions and Availability Zones model is recommended by Gartner as a best practice for running enterprise applications that require high availability.
Key benefits of using AWS:
Security
Availability
Performance
Global footprint
Scalability
Flexibility
Cost savings
Improved Disaster recovery
Flexibility in Subscription options
AWS Accounts
First step in your AWS hands on should start from here. I assume you already created a personal account using your email address.
Account created using email address is called as root user, by default this user has full access to all AWS resources (No restrictions)
Important considerations for AWS account:
An AWS account is a container for identities(users) and resources
Using an email address, you can sign up for AWS account
Personal use of creating AWS account by default it created as free-tier account and some of the services free for 12 months. Check this link for complete details (https://aws.amazon.com/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc&awsf.Free%20Tier%20Types=tier%2312monthsfree&awsf.Free%20Tier%20Categories=*all)
Create AWS account by simple registration process and anyone who is having valid credit card and check this link for more details (https://aws.amazon.com/premiumsupport/knowledge-center/accepted-payment-methods/)
By linking your credit card AWS account is created and by default root user has full access for all AWS services
Single credit card can be used for many AWS account creation process
AWS account creation process can be the same for all environments (Development, testing, production & DR) using different email addresses
It’s not recommended to use root user for day-to-day operations of using AWS services
Using root account user create new Admin users (with proper roles/policy attached) with Full administrator access (and Billing module access)
With root user login, “Enable IAM User & Role access to billing”
If you didn’t assign any policy/roles to new user creation, by default user is no access to any of the AWS resources
After Admin user is created, then we can create multiple users based on the role/policy (Developers, testers, DBA’s etc.,,)
Best security policy is to enable MFA (Multi Factor Authentication) for all the users including root user
Recommended best practice is create groups and attach policies/roles to it and users should be mapped to groups (this process makes easier on managing roles/policies for all users)
Pay-as-you-go model is whatever the services you are using it will be charged per min/requests and charges is deducted from your payment method (Credit card)
If the user doesn’t belongs to any group/role/policy by default no access to any of AWS resources
As a best security practice, set password rotation policy for the users
AWS Account IAM user can be assigned always with only one username & one password
An IAM user can have TWO access keys (Active) o Access Key ID: SYAWLASKCORSWAACCESS o Secret Access Key: SYAWLASKCORaws/5SE5CR5ET5ACC3ESS5kEY
Single account we can easily manage on IAM by creating users and groups but when it comes for larger accounts (Dev, UAT, PROD & DR) how can we handle that ?
Answer is AWS Organization
Centrally manage and govern your environments as you scale your AWS resources. It is mainly used to manage many AWS account in a larger enterprise. Before using service, enterprises managed separate billing & payment methods for each account. Now with this service single account (Management or Master) managing the other account(member) related activities on this organization account and another important benefit is single consolidated billings for AWS organization.
Using management account, we can invite other accounts to join under this and member account should accept the invitation to be part of AWS organization. Also, from management account can create new account as well. With the login of management account we can switch to other accounts using “Switch role” option in AWS console.
Benefits:
Quickly scale your workloads
Provide custom environments for different workloads
Centrally secure and audit your environment across accounts
Simplify permission management and access control
Efficiently provision resources across accounts
Manage costs and optimize usage
Use Cases:
Automate the creation of AWS accounts and categorize workloads using groups
Implement and enforce audit and compliance policies
Provide tools and access for your security teams while encouraging development
Share common resources across accounts
With AWS Organizations you can perform account management activities at scale by consolidating multiple AWS accounts into a single organization. Consolidating accounts simplifies how you use other AWS services. You can leverage the multi-account management services available in AWS Organizations with select AWS services to perform tasks on all accounts that are members of your organization.
Trusted Access – You can enable a compatible AWS service to perform operations across all of the AWS accounts in your organization. For more information, see Using AWS Organizations with other AWS services.
Delegated Administrator – A compatible AWS service can register an AWS member account in the organization as an administrator for the organization's accounts in that service.
AWS Organizations is available in all AWS commercial regions, AWS GovCloud (US) regions, and China regions The service endpoints for AWS Organizations are located in US East (N. Virginia) for commercial organizations and AWS GovCloud (US-West) for AWS GovCloud (US) organizations, and AWS China (Ningxia) region, operated by NWCD.
Best Practices:
Use OUs to manage member accounts
Separate the management account and member accounts
Move accounts between OUs when needed
Restrict the root user in member accounts
A well-architected multi-account strategy helps you innovate faster in AWS, while helping you meet your security and scalability needs. The framework described in this blog post represents AWS best practices that you should use as a starting point for your AWS journey.
Creating an organization is simple.
Select (or create) an account to manage your organization (we recommend using an account that does not run existing workloads). This will be the management (formerly known as master) account for your organization
Visit the AWS Organizations page on the console
Choose “Create Organization.” Your organization is now created
Verify the email address of the management account
Once you’ve created the organization and verified your email, you can create or invite other accounts into your organization, categorize the accounts into Organizational Units (OUs), create service control policies (SCPs), and take advantage of the Organizations features from supported AWS services. You can also create an organization via CLI or API.
Check my personal AWS Blogsite here.
💡 How to start cloud career : https://lnkd.in/dmYiynp7
All the very best Cloud babies and you can reach me on LinkedIn if you need any assistance.
Top comments (0)