Please read this disclaimer before

proceeding:
This document is confidential and intended solely for the educational purpose of
RMK Group of Educational Institutions. If you have received this document through
email in error, please notify the system manager. This document contains
proprietary information and is intended only to the respective group / learning
community as intended. If you are not the addressee you should not disseminate,
distribute or copy through e-mail. Please notify the sender immediately by e-mail
if you have received this document by mistake and delete this document from your
system. If you are not the intended recipient you are notified that disclosing,
copying, distributing or taking any action in reliance on the contents of this
information is strictly prohibited.
 22CS908

CLOUD ARCHITECTING

Department : CSE

Batch/Year : 2022-2026 / III Year

Created by:

Ms. A. Jasmine Gilda, Assistant Professor / CSE

Date : 15.07.2024
 1. CONTENTS

S. No. Contents

1 Contents

2 Course Objectives

3 Pre-Requisites

4 Syllabus

5 Course outcomes

6 CO- PO/PSO Mapping

7 Lecture Plan

8 Activity based learning

9 Lecture Notes

10 Assignments

11 Part A Questions & Answers

12 Part B Questions

13 Online Certifications

14 Real Time Applications

15 Assessment Schedule

16 Text Books & Reference Books

17 Mini Project suggestions

 2. COURSE OBJECTIVES
▪ To make architectural decisions based on AWS architectural principles
and best practices.
▪ To describe the features and benefits of Amazon EC2 instances, and
compare and contrast managed and unmanaged database services.
▪ To create a secure and scalable AWS network environment with VPC,
and configure IAM for improved security and efficiency.
▪ To use AWS services to make infrastructure scalable, reliable, and
highly available.
▪ To use AWS managed services to enable greater flexibility and
resiliency in an infrastructure.
 3. PRE REQUISITES

• Pre-requisite Chart

20CS908 – CLOUD ARCHITECTING

20CS907 – CLOUD FOUNDATIONS

 4. SYLLABUS
CLOUD ARCHITECTING L T P C
22CS908
2 0 2 3
UNIT I INTRODUCING CLOUD ARCHITECTING AND STORAGE LAYER 6 + 6
Cloud architecting - The AWS Well-Architected Framework - AWS global infrastructure -
Amazon S3 - Amazon S3 Versioning - Storing data in Amazon S3 - Moving data to and from
Amazon S3 - Amazon S3 Transfer Acceleration - Choosing Regions for your architecture.
List of Exercise/Experiments:
1. Creating a Static Website for the Café.
2. Configure an S3 bucket to automatically encrypt all uploaded objects.
3. Set up a cross-region replication configuration for an S3 bucket.
UNIT II COMPUTE LAYER AND DATABASE LAYER 6+6
Adding compute with Amazon EC2 - Choosing an Amazon Machine Image (AMI) to launch
an Amazon EC2 instance - Selecting an Amazon EC2 instance type - Using user data to
configure an EC2 instance - Adding storage to an Amazon EC2 instance - Amazon EC2 pricing
options - Amazon EC2 considerations - Database layer considerations - Amazon Relational
Database Service (Amazon RDS) - Amazon DynamoDB - Database security controls -
Migrating data into AWS databases.
List of Exercise/Experiments:
1. Creating a Dynamic Website for the Café.
2. Creating an Amazon RDS database.
3. Migrating a Database to Amazon RDS.
4. Create a web application that stores data in a managed database using EC2 instances
and Amazon RDS.
UNIT III CREATING AND CONNECTING NETWORKS 6+6
Creating an AWS networking environment - Connecting your AWS networking environment
to the internet - Securing your AWS networking environment - Connecting your remote
network with AWS Site-to-Site VPN - Connecting your remote network with AWS Direct
Connect - Connecting virtual private clouds (VPCs) in AWS with VPC peering - Scaling your
VPC network with AWS Transit Gateway - AWS Transit Gateway - Connecting your VPC to
supported AWS services. Securing User and Application Access: Account users and AWS
Identity and Access Management (IAM) - Organizing users - Federating users - Multiple
accounts.
List of Exercise/Experiments:
1. Creating a Virtual Private Cloud.
2. Creating a VPC Networking Environment for the Café.
3. Creating a VPC Peering Connection.
4. Configure a VPC with subnets, an internet gateway, route tables, and a
security group, and connect an on-premises network to the VPC.
UNIT IV RESILIENT CLOUD ARCHITECTURE 6+6
Scaling your compute resources - Scaling your databases - Designing an environment that’s
highly available – Monitoring - Reasons to automate - Automating your infrastructure -
Automating deployments - AWS Elastic Beanstalk - Overview of caching - Edge caching -
Caching web sessions - Caching databases.

List of Exercise/Experiments:
1. Controlling Account Access by Using IAM.
2. Creating Scaling Policies for Amazon EC2 Auto Scaling.
3. Creating a Highly Available Web Application.
4. Creating a Scalable and Highly Available Environment for the Café.
5. Streaming Dynamic Content Using Amazon CloudFront.

UNIT V BUILDING DECOUPLED ARCHITECTURES, MICROSERVICES 6 + 6

AND SERVERLESS ARCHITECTURE
Decoupling your architecture - Decoupling with Amazon Simple Queue Service (Amazon SQS)
- Decoupling with Amazon Simple Notification Service (Amazon SNS) - Sending messages
between cloud applications and on-premises with Amazon MQ. Introducing microservices -
Building microservice applications with AWS container services - Introducing serverless
architectures - Building serverless architectures with AWS Lambda - Extending serverless
architectures with Amazon API Gateway - Orchestrating microservices with AWS Step
Functions - Disaster planning strategies - Disaster recover patterns.

List of Exercise/Experiments:
1. Breaking a Monolithic Node.js Application into Microservices.
2. Implementing a Serverless Architecture on AWS.
3. Implementing a Serverless Architecture for the Café.
4. Creating an AWS Lambda Function and explore using AWS Lambda with Amazon S3.

TOTAL: 60 PERIODS
 5. COURSE OUTCOME

At the end of this course, the students will be able to:

CO1: Explain cloud architecture principles and AWS storage solutions.

CO2: Deploy and manage AWS compute and database resources

securely.
CO3: Design and configure secure AWS networks using VPC and IAM.

CO4: Implement scalable and resilient AWS architectures with high

availability.
CO5: Build decoupled and serverless applications using AWS services

like Lambda.
CO6: Develop disaster recovery strategies for AWS environments.
 6. CO - PO / PSO MAPPING

PROGRAM OUTCOMES PSO

PSO-1

PSO-2

PSO-3
PO-10

PO-11

PO-12
PO-2

PO-4
PO-1

PO-3

PO-5

PO-6

PO-7

PO-8

PO-9
CO HKL

CO1 K3 2 1 - - 2 - - 3 - 2 - 2 3 2 2

CO2 K3 2 2 - - 2 - - 2 2 2 - 2 3 2 2

CO3 K3 2 2 - - 2 - - 2 2 2 - 2 3 2 2

CO4 K3 2 2 3 - 2 - - 2 2 2 - 2 3 3 2

CO5 K3 2 2 3 - 2 - - - 2 2 - 2 3 3 3

C06 K3 2 2 3 - 2 - - - 2 2 - 2 3 3 3

Correlation Level:
1. Slight (Low)
2. Moderate (Medium)
3. Substantial (High)
If there is no correlation, put “-“.
 7. LECTURE PLAN

Number Actual
Sl. Proposed Taxonomy Mode of
Topic of Lecture CO
No. Date Level Delivery
Periods Date

Adding compute
with Amazon EC2
- Choosing an
1 Amazon Machine 1 CO2 K2 PPT/
Image (AMI) to Demo
launch an Amazon
EC2 instance
Selecting an
Amazon EC2
instance type - PPT/
2 1 CO2 K3
Using user data to Demo
configure an EC2
instance
Adding storage to
an Amazon EC2
PPT/
3 instance - Amazon 1 CO2 K3
Demo
EC2 pricing
options
Amazon EC2
considerations - PPT/
4 1 CO2 K3
Database layer Demo
considerations
Amazon
Relational
Database Service
5 1 CO2 K3 PPT/
(Amazon RDS) -
Demo
Amazon
DynamoDB -
Database security
controls -
6 Migrating data 1 CO2 K2 PPT/
into AWS Demo
databases.
 8. ACTIVITY BASED LEARNING

AWS Cloud Infrastructure Design and Implementation

Objective:

To provide hands-on experience in designing and implementing a cloud infrastructure using Amazon EC2
and AWS database services, including configuration, storage, pricing options, and security controls.

Requirements:

• AWS account (with appropriate permissions)

• Access to AWS Management Console
• Sample application requirements document
• Worksheet for documentation
Instructions:

1. Group Formation: Divide participants into small groups of 3-4. Each group will work on designing
and implementing a cloud solution for a sample application.

2. Task Overview: Each group will design and implement a cloud infrastructure solution that includes
compute resources, storage, database services, and security controls. The groups will then present their
solutions and rationale.

3. Presentation and Discussion:

• Group Presentation:

o Each group will present their cloud infrastructure design, including the chosen AMIs,
instance types, storage solutions, database service, security controls, and migration
strategy.
o Discuss the rationale behind their choices and any challenges encountered.
 9. UNIT I - LECTURE NOTES

AWS COMPUTE SERVICES

AWS compute services are designed to meet the varied demands of modern applications, from small-
scale projects to enterprise-grade solutions. These services provide scalable computing power that helps
you to build, deploy, and manage applications. AWS compute services provide secure and resizable
compute capacity in the cloud.

AWS offers a range of compute services to meet various application requirements.

▪ Amazon EC2 services

▪ Container services
▪ Serverless compute
▪ On-premises and edge compute
▪ Cost optimization
▪ Elastic Load Balancing
Amazon EC2 Services:

Amazon EC2 offers various instance types for different workloads, with configurations for CPU, memory,
storage, and networking capacity. These options include general purpose, compute optimized, memory
optimized, storage optimized, accelerated computing, and high-performance computing.

• Amazon EC2: Provides on-demand, scalable computing capacity in the AWS Cloud.

• Amazon EC2 Auto Scaling: Maintains application availability by automatically adding or

removing EC2 instances based on your defined scaling policies.

• EC2 Image Builder: Automates the creation, management, and deployment of customized,
secure, and up-to-date server images.

• Amazon Lightsail: Simplifies building web applications with instances, container services,
managed databases, content delivery network distributions, load balancers, SSD-based storage,
and DNS management.
Container Services:

AWS provides various options to efficiently deploy, manage, and scale containerized applications:

• Amazon ECS: Fully managed container orchestration service for deploying, managing, and
scaling Docker containers.

• Amazon ECS Anywhere: Allows external instances, like on-premises servers or VMs, to be part
of your Amazon ECS cluster.

• Amazon EKS: Managed Kubernetes service that simplifies deploying, managing, and scaling
containerized applications using Kubernetes on AWS.

• Amazon EKS Anywhere: Software to run and manage Kubernetes clusters on-premises and at
the edge.

• Amazon ECR: Fully managed, secure, scalable, and reliable Docker container image registry.

• AWS Batch: Fully managed service for planning, scheduling, and running containerized batch
workloads, including machine learning, simulations, and analytics.

Serverless Compute:

AWS provides serverless compute options, such as AWS Lambda and AWS Fargate, allowing workloads
to run without managing servers. This lets developers focus on writing code while AWS handles the
infrastructure.

• AWS Fargate: A technology for running containers with Amazon ECS without managing servers
or EC2 instances.

• AWS Lambda: Runs your code on high-availability compute infrastructure, handling server and
OS maintenance, capacity provisioning, automatic scaling, and logging.

On-Premises and Edge Compute:

AWS offers hybrid and edge compute options to extend AWS infrastructure and services to your premises
and the edge, providing flexibility and scalability for various use cases.

• AWS Local Zones: Places compute, storage, database, and other AWS resources close to large
population and industry centers for low-latency access to applications.
 • AWS Dedicated Local Zones: Fully managed by AWS, these are exclusive to a customer or
community and placed in a specified location or data center to meet regulatory requirements.

• AWS Outposts: Extends AWS infrastructure, services, APIs, and tools to customer premises, fully
managed by AWS.

• AWS Wavelength: Deploys AWS compute and storage services to the edge of 5G networks for
ultra-low latency applications to mobile devices and end users.

Cost Optimization:

AWS offers services to help reduce costs by committing to a usage level and generating recommendations
to lower the cost of workloads.

• Savings Plans: Flexible pricing model that reduces your bill compared to On-Demand prices with
a one- or three-year hourly spend commitment.

• AWS Compute Optimizer: Uses AI and machine learning to help right-size workloads, reduce
costs, and improve performance.

• Amazon EC2 Spot Instances: Allows you to use unused EC2 capacity at a significant discount,
lowering your EC2 costs.

Elastic Load Balancing (ELB):

Elastic Load Balancing (ELB) automatically distributes incoming traffic across multiple targets, such as
EC2 instances, containers, and IP addresses, across one or more Availability Zones.

• Application Load Balancer: Operates at the application layer (Layer 7 of the OSI model). It
evaluates listener rules in priority order to select a target from the target group.

• Network Load Balancer: Operates at the transport layer (Layer 4 of the OSI model). It can
handle millions of requests per second and selects a target from the target group based on the
default rule.

• Gateway Load Balancer: Helps deploy, scale, and manage virtual appliances like firewalls,
intrusion detection systems, and deep packet inspection systems.
ADDING COMPUTE WITH AMAZON EC2

Amazon Elastic Compute Cloud (Amazon EC2) provides on-demand, scalable computing capacity in the
Amazon Web Services (AWS) Cloud. Using Amazon EC2 reduces hardware costs, allowing applications to
be developed and deployed faster. An EC2 instance is a virtual server in the AWS Cloud.

Features of Amazon EC2:

Amazon EC2 provides the following high-level features:

• Instances: Virtual servers.

• Amazon Machine Images (AMIs): Preconfigured templates for instances, including the
operating system and additional software.

• Instance Types: Various configurations of CPU, memory, storage, networking capacity, and
graphics hardware.

• Amazon EBS Volumes: Persistent storage volumes for data using Amazon Elastic Block Store
(Amazon EBS).

• Instance Store Volumes: Storage for temporary data, deleted when the instance is stopped,
hibernated, or terminated.

• Key Pairs: Secure login information; AWS stores the public key, and the private key is stored
securely by the user.

• Security Groups: A virtual firewall to specify protocols, ports, and source IP ranges that can
reach instances, and destination IP ranges to which instances can connect.
Amazon EC2 virtualization:

Amazon EC2 instances are virtual machines hosted on AWS servers, running operating systems like
Amazon Linux or Microsoft Windows. These VMs can handle applications and enterprise systems, even
across multiple instances.

The underlying hypervisor layer, managed by AWS, provides the VMs with access to the physical
hardware resources such as processors, memory, and storage.

There are two main types of storage for EC2 instances:

1. Instance Store: This is temporary storage physically attached to the host computer. It provides
fast, temporary storage that’s wiped when the instance is stopped or terminated.

2. Amazon Elastic Block Store (EBS): This offers persistent storage that remains even when the
instance is stopped. EBS-optimized instances enhance performance by reducing I/O contention
between the storage and other instance traffic.

EC2 instances also have network connectivity options, allowing them to interact with other resources,
AWS services, and the internet. You can adjust network settings to balance access and security, with
various instance types offering different network performance levels.
Amazon EC2 use cases:

Use Amazon EC2 when you need:

1. Complete Control of Your Computing Resources: With EC2, you have full control over your
virtual machines. You can configure the operating system, choose between x86 or ARM processor
architectures, and even use processor accelerators for specialized tasks like machine learning.

2. Options for Optimizing Your Compute Costs: EC2 provides flexible payment options to suit
different needs:

o On-Demand Instances: Pay for compute capacity by the hour or second with no long-
term commitment.

o Reserved Instances: Commit to a one- or three-year term to save up to 75% over On-
Demand pricing.

o Spot Instances: Bid on unused EC2 capacity at a discount, which can be cost-effective
for flexible or interruptible workloads.

o Savings Plans: Flexible pricing model offering significant savings over On-Demand prices
in exchange for a commitment to a consistent amount of usage.
 o Dedicated Hosts: Physical servers dedicated solely to your use for compliance and control
over server placement.

3. Ability to Run Any Type of Workload: EC2 supports a diverse range of applications:

o Simple Websites: Host basic web applications with minimal resources.

o Enterprise Applications: Manage complex and resource-intensive business applications.

o Generative AI Applications: Utilize high-performance instances with specialized

hardware for tasks like machine learning and AI.

Steps to Provision an EC2 Instance:

1. Select an Amazon Machine Image (AMI):

o An AMI is a template used to launch an instance.
o AWS provides various AMIs, and you can also find third-party AMIs in the AWS Marketplace
or create your own from an existing instance.
2. Choose an Instance Type:
o EC2 offers a range of instance types optimized for different use cases.
o Instance types vary in combinations of CPU, memory, storage, and networking capacity.
3. Specify a Key Pair:
o A key pair consists of a public and private key used for secure access via SSH or RDP.
o This is essential for proving your identity when connecting to the instance.
4. Configure Network Settings:
 o Decide on network placement and addressing for security and access.
o Instances are deployed within a Virtual Private Cloud (VPC).
o Choose whether to assign a public IP or DNS address to the instance.
5. Assign a Security Group:
o A security group sets firewall rules controlling traffic to and from the instance.
o It specifies which network ports can be used for traffic.
6. Specify Storage Options:
o Choose the storage type for the instance's OS boot disk: either an instance store (ephemeral
storage) or an EBS volume.
o Additional block storage volumes can also be attached as needed.
7. Attach an IAM Role (Optional):
o If your application needs to make API calls to AWS services, attach an IAM role.
o Use an instance profile to pass the IAM role to the EC2 instance.
8. Specify User Data (Optional):
o Provide user data to automate installations and configurations upon instance launch.

CHOOSING AN AMAZON MACHINE IMAGE (AMI) TO LAUNCH AN AMAZON EC2 INSTANCE

Amazon Machine Image (AMI):

An Amazon Machine Image (AMI) contains all the necessary information to launch an EC2 instance. This
includes:

1. Template for the Root Volume:

o The root volume template includes the guest operating system (OS) and may also have
additional pre-installed software.
o This template serves as the foundation for your instance, determining the initial software
environment.
2. Launch Permissions:
o These permissions dictate who can use the AMI to launch instances.
o You can control access to the AMI, making it private or sharing it with specific AWS
accounts.
3. Block Device Mappings:
 o Specifies which storage volumes will be attached to the instance upon launch.
o This mapping includes the root volume and any additional storage volumes required for the
instance.
Benefits of Using an AMI:

Using an Amazon Machine Image (AMI) offers several key benefits, including repeatability, reusability,
and recoverability:

1. Repeatability:
o An AMI packages the full configuration and content of an EC2 instance.
o It allows you to consistently and accurately launch multiple instances with the same
configuration, ensuring efficiency and precision.
2. Reusability:
o Instances launched from the same AMI are exact replicas of each other.
o This uniformity simplifies the creation of clusters of similar instances or the recreation of
compute environments, promoting efficient resource management.
3. Recoverability:
o If an instance fails, you can quickly launch a new instance from the same AMI, restoring
the original configuration.
o AMIs also serve as a backup of your EC2 instance configuration. If you make additional
changes or install new software, it’s best to save those updates by creating a new AMI.
This ensures you have the latest configuration for recovery in case of an instance failure.
o Without a new AMI capturing these changes, any unsaved software additions or
configurations will be lost if the instance fails.
Choosing an AMI:
When selecting an Amazon Machine Image (AMI) to launch an EC2 instance, consider the following five
key characteristics:
1. Region:
o AMIs are specific to a region, so you need to choose an AMI located in the region where
you want your instance to run.
o If necessary, you can copy an AMI from one region to another.
2. Operating System:
 o AWS provides AMIs with different operating systems, including Microsoft Windows and
various Linux distributions.
o Select an operating system that fits your application's requirements.
3. Storage for the Root Device:
o AMIs are categorized as either Amazon EBS-backed or instance store-backed.
o Instance store-backed AMIs provide temporary storage that persists only during the
instance's lifetime.
o EBS-backed AMIs offer persistent storage that remains even after the instance is stopped
or terminated.
4. Architecture:
o Choose an AMI with a processor architecture that matches your workload requirements.
o Options include 32-bit or 64-bit architectures and either x86 or Advanced RISC Machine
(ARM) instruction sets.
5. Virtualization Type:
o AMIs use either paravirtual (PV) or Hardware Virtual Machine (HVM) virtualization.
o HVM AMIs generally offer better performance because they can utilize special hardware
extensions.
o For optimal performance, select an HVM AMI.

Sources for Obtaining an AMI:

Amazon Machine Image (AMI) can be obtained from one of four sources:
1. Quick Start AMIs:
o Built by AWS, these AMIs provide a choice of Microsoft Windows or various Linux
distributions.
o Linux options include: Amazon Linux, Ubuntu, Red Hat Enterprise Linux, SUSE Linux
Enterprise Server, Fedora, Debian, CentOS, Gentoo Linux, Oracle Linux, and FreeBSD.
2. My AMIs:
o AWS allows you to create your own AMIs.
o You can generate an AMI from an existing EC2 instance, capturing its configuration and
data.
3. AWS Marketplace AMIs:
 o The AWS Marketplace offers a digital catalog of thousands of software solutions, including
AMIs.
o These AMIs are provided by software vendors for specific use cases and come pre-
configured for various applications.
4. Community AMIs:
o Created by users worldwide, community-built AMIs address a wide range of needs.
o However, they are not assessed by AWS, so use them at your own risk and avoid using
them in production or corporate environments.
Instance store-backed versus Amazon EBS-backed AMI

Instance Store-Backed
Characteristic Amazon EBS-Backed Instance
Instance

Boot time for the Takes longer to boot. L ess

Boots faster. Less than 1 minute.
instance than 5 minutes.

Maximum size of
64 TiB 10 GiB
root device

Cannot be in a stopped state;

Ability to stop the
Can stop the instance instances are running or
instance
terminated
The instance type, kernel, RAM disk,
Ability to change Instance attributes are fixed
and user data can be changed while the
the instance type for the life of an instance.
instance is stopped.
You are charged for instance usage, EBS You are charged for instance
Instance charges volume usage, and storing your AMI as usage and storing your AMI in
an EBS snapshot Amazon S3

Use case Persistent storage Temporary storage

Amazon EC2 instance lifecycle:

This diagram outlines the lifecycle of an Amazon EBS-backed instance, detailing the states and actions
possible.

1. Launching an Instance:

o When you launch an instance, it enters the pending state, where it's being provisioned and
booted on a host computer.
o Once ready, it moves to the running state, where you can connect and use the instance.
2. Running State Actions:
o Reboot: You can reboot the instance, moving it to a rebooting state and back to running.
It remains on the same host with the same public DNS name and IP address, retaining any
instance store data.
o Terminate: Terminating an instance transitions it to a shutting down state, then to a
terminated state. Once terminated, the instance cannot be recovered or connected to.
o Stop: Stopping an instance puts it in a stopping state and then a stopped state. Stopped
instances incur no running costs and can be started again, returning to the pending state.
This typically results in the instance moving to a new host and receiving a new public IPv4
address.
3. Hibernate:
 o You can hibernate an EBS-backed instance, saving in-memory storage, private IP address,
and Elastic IP address.
o Upon starting a hibernated instance, it usually moves to a new host computer, although it
may stay on the same host if there are no issues.
o Hibernate mode also incurs no running costs, similar to the stopped state.

Creating a new AMI:

The diagram illustrates the process of creating and modifying an AMI, then using it to launch new
instances.
1. Starting with a Source AMI:
o Begin with an existing AMI, such as a Quick Start AMI provided by AWS, or an AMI you’ve
built from a VM.
o You can use the VM Import/Export service to import virtual machine images from your
environment to EC2 instances.
2. Launching an Instance:
o Launch an EC2 instance from the source AMI (Step 1). This is your unmodified instance.
3. Creating a Golden Instance:
o Configure the unmodified instance with the desired OS and application settings (Step 2),
making it a golden instance.
4. Capturing a New AMI:
 o For EBS-backed instances, create a new image, and AWS will automatically register it as a
new AMI (Step 3).
o For instance-backed instances, use Amazon EC2 AMI tools to create and upload a bundle
to an S3 bucket, then manually register the AMI.
5. Using the New Starter AMI:
o Once registered, this new AMI can be used to launch new instances within the same AWS
Region.
o Optionally, you can copy the AMI to other Regions (Step 4) to launch instances in different
locations.
EC2 Image Builder:

Another way to create an AMI is to use EC2 Image Builder.

EC2 Image Builder is a powerful AWS service that automates the entire lifecycle of creating, managing,
and deploying compliant and up-to-date VM images.

▪ Automatically creates, manages, and deploys up-to-date and compliant VM images.

▪ Provides an easy graphical interface to set up image-building pipelines.

▪ Creates and maintains both Amazon EC2 AMIs and on-premises VM images.

▪ Produces secure and validated images, allowing you to test them before use.

▪ Keeps track of image versions, ensuring consistency and easy management of updates.

SELECTING AN AMAZON EC2 INSTANCE TYPE

Instance:

An instance is a virtual server in the cloud, created from an AMI.

An Amazon Machine Image (AMI) is a template that includes a software configuration, such as an
operating system, application server, and applications.

When you launch an instance, you create a virtual server in the cloud that runs a copy of the AMI. Several
instances can be launched from a single AMI, with each acting as a separate virtual server. The
configuration of an instance at launch is based on the AMI specified during the launch. Different types of
instances can be chosen from a single AMI. The hardware used for the instance is determined by the
instance type, which defines the compute and memory capabilities. The instance type should be selected
based on the required memory and computing power for the application or software intended to run.

Instance Types:

Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance
types comprise varying combinations of CPU, memory, storage, and networking capacity and give you
the flexibility to choose the appropriate mix of resources for your applications.

Instance Network
vCPU Memory Storage
type performance

m5d.large 2 4 GiB 1 x 50 NVMe SSD Up to 10 Gbps

m5d.xlarge 4 8 GiB 1 x 100 NVMe SSD Up to 10 Gbps

m5d.8xlarge 32 128 GiB 2 x 600 NVMe SSD 10 Gbps

Instance type naming conventions:

Instance type names follow a standard convention. An instance type name consists of multiple parts that
describe the different characteristics of the instance type.
Instance types are named based on their family, generation, processor family, additional capabilities, and
size. The first position of the instance type name indicates the instance family, for example c. The second
position indicates the instance generation, for example 7. The third position indicates the processor
family, for example g. The remaining letters before the period indicate additional capabilities, such as
instance store volumes. After the period (.) is the instance size, such as small or 4xlarge, or metal for
bare metal instances.

Suitability of instance types for workloads:

Instance types can be categorized as general purpose, compute optimized, storage optimized, memory
optimized, accelerated computing, or High Performance Computing (HPC) optimized.

General Purpose Instances

• Balance: Compute, memory, and networking resources.
 • Use Cases: Web or application servers, enterprise applications, gaming servers, caching fleets,
analytics, and development/test environments.
• Examples: M5, T3, and A1 instances.
Compute Optimized Instances
• Focus: High-performance processors.
• Use Cases: Batch processing, distributed analytics, high performance computing (HPC), ad server
engines, multiplayer gaming, and video encoding.
• Examples: C5 and C5n instances.
Storage Optimized Instances
• Focus: High, sequential read/write access to large datasets on local storage.
• Use Cases: High-performance databases, NoSQL databases, real-time analytics, transactional
workloads, big data, data warehouses, and log processing.
• Examples: I3, D2, and H1 instances.
Memory Optimized Instances
• Focus: Fast performance for large datasets in memory.
• Use Cases: In-memory caches, high-performance databases, and big data analytics.
• Examples: R5, X1, and HMI instances.
Accelerated Computing Instances
• Focus: Hardware accelerators for specific functions.
• Use Cases: Machine learning, artificial intelligence, HPC, and graphics workloads.
• Examples: P3, G4, and F1 instances.
High Performance Computing (HPC) Instances
• Focus: Best price performance for HPC workloads.
• Use Cases: Large, complex simulations and deep learning workloads.
• Examples: Hpc7g, Hpc7a, and Hpc6id instances.

Type Workload examples Instance type examples

• Web or application servers

• Enterprise applications
General purpose M7, Mac, M6, M5, M4, T4, T3, T2
• Gaming servers
instance types
• Development or test
environments
 • Batch processing
Compute optimized • Distributed analytics
C7, C6, C5, C4
instance types • High performance
computing (HPC)
• High-performance
Storage optimized databases
I4, Im4, Is4, I3, D2, D3, H1
instance types • Real-time analytics
• Transactional workloads
• In-memory caches
Memory optimized • High-performance
R7, R6, R5, R4, X2, X1, Z1
instance types databases
• Big data analytics
• Machine learning, artificial
Accelerated computing P5, P4, P3, P2, DL1, Trn1, Inf2,
intelligence (AI)
instance types Inf1, G5, G4, G3, F1, VT1
• HPC
High performance
• Deep learning workloads
computing (HPC)
• Compute-intensive HPC Hpc7, Hpc6
optimized instance
workloads
types

Current generation instances:

• General purpose: M5 | M5a | M5ad | M5d | M5dn | M5n | M5zn | M6a | M6g | M6gd | M6i |
M6id | M6idn | M6in | M7a | M7g | M7gd | M7i | M7i-flex | Mac1 | Mac2 | Mac2-m1ultra | Mac2-
m2 | Mac2-m2pro | T2 | T3 | T3a | T4g

• Compute optimized: C5 | C5a | C5ad | C5d | C5n | C6a | C6g | C6gd | C6gn | C6i | C6id | C6in
| C7a | C7g | C7gd | C7gn | C7i | C7i-flex

• Memory optimized: R5 | R5a | R5ad | R5b | R5d | R5dn | R5n | R6a | R6g | R6gd | R6i | R6idn
| R6in | R6id | R7a | R7g | R7gd | R7i | R7iz | R8g | U-3tb1 | U-6tb1 | U-9tb1 | U-12tb1 | U-18tb1
| U-24tb1 | U7i-12tb | U7in-16tb | U7in-24tb | U7in-32tb | X1 | X2gd | X2idn | X2iedn | X2iezn |
X1e | z1d

• Storage optimized: D2 | D3 | D3en | H1 | I3 | I3en | I4g | I4i | Im4gn | Is4gen

• Accelerated computing: DL1 | DL2q | F1 | G4ad | G4dn | G5 | G5g | G6 | Gr6 | Inf1 | Inf2 |
P2 | P3 | P3dn | P4d | P4de | P5 | Trn1 | Trn1n | VT1
 • High-performance computing: Hpc6a | Hpc6id | Hpc7a | Hpc7g

Previous generation instances:

• General purpose: A1 | M1 | M2 | M3 | M4 | T1
• Compute optimized: C1 | C3 | C4
• Memory optimized: R3 | R4
• Storage optimized: I2
• Accelerated computing: G3
AWS Compute Optimizer:

AWS Compute Optimizer is a service that helps you optimize the cost and performance of your EC2
instances and Auto Scaling groups. Here’s how it works:

• It reviews the configuration and usage data of your EC2 instances and Auto Scaling groups.
• Provides suggestions for moving to different instance types to reduce costs and improve
performance.
• Uses Amazon Machine Learning (Amazon ML) to generate these recommendations, currently
covering M, C, R, T, and X instance families.
• Once enabled, Compute Optimizer will analyze your running AWS resources and start offering
recommendations.
Classifications:
• Under-provisioned: The instance is not meeting performance needs.

• Over-provisioned: The instance has more resources than needed.

• Optimized: The instance is well-suited to its workload.
• None: No recommendation is available, possibly due to insufficient data or unsupported instance
types.
USING USER DATA TO CONFIGURE AN EC2 INSTANCE

EC2 Instance User Data:

When launching an EC2 instance, you can provide user data to the instance's operating system. User
data allows you to specify a script that initializes the instance. For example, user data can be used to
update and patch software, fetch and install software license keys, or install additional software.
User data is implemented as a script containing shell commands or cloud-init directives. It runs with root
or Administrator privileges after the instance starts but before it's accessible on the network. A typical
user data script might:

• Update all packages installed on the instance.

• Start the Apache HTTP web server.

• Configure the HTTP web server to start automatically when the instance boots.

Cloud-init is an open-source application used to bootstrap Linux instances in cloud environments like
Amazon EC2. Amazon Linux and many other Linux distributions (such as Ubuntu) include cloud-init. It
configures specific aspects of a new instance, such as setting up the .ssh/authorized_keys file for the
ec2-user. You can also add your own cloud-init directives as user data. More details and examples can
be found in the "Running Commands on Your Linux Instance at Launch" documentation.

When the user data script runs, it logs messages in a file located at /var/log/cloud-init-output.log on
Linux instances. On Microsoft Windows instances, the log file is located at C:\ProgramData\Amazon\EC2-
Windows\Launch\Log\UserdataExecution.log.

For Microsoft Windows instances, user data is processed by EC2Config or EC2Launch tools, which include
Windows PowerShell scripts. EC2Launch is included in Windows 2016 and later versions, while older
versions use EC2Config.

Retrieving Instance Metadata:

• What It Is: Instance metadata includes information about your EC2 instance, such as its instance
ID, IP address, and more.
 • Accessing Metadata: This information is accessible directly from the instance at the URL:
http://169.254.169.254/latest/meta-data/.

• Usage in Scripts: Instance metadata can also be retrieved and used within a user data script to
make dynamic configurations based on the instance's properties.

ADDING STORAGE TO AN AMAZON EC2 INSTANCE

Amazon EC2 storage overview:

Amazon EC2 offers various storage options:
• Block Storage

o Amazon EBS (Elastic Block Store): Provides durable, block-level storage that can be attached
and detached from instances. EBS volumes persist independently from their instances, support
encryption, and allow you to create backups with snapshots stored in Amazon S3.

o Instance Store: Offers temporary block-level storage directly attached to the host. Data on an
instance store is lost if the instance is stopped, hibernated, or terminated.

• Object Storage

o Amazon S3 (Simple Storage Service): Reliable and scalable object storage for storing and
retrieving any amount of data from anywhere. Common uses include backups and storing
snapshots and AMIs.

• File Storage
 o Amazon EFS (Elastic File System): Scalable file storage for Linux instances, enabling multiple
instances to access a shared file system.
o Amazon FSx: Managed file systems with options like Lustre, NetApp ONTAP, OpenZFS, and
Windows File Server, designed for high-performance and diverse workloads.
• File Caching

o Amazon File Cache: Provides high-performance, temporary caching for file data with low
latency and high throughput for EC2 workloads.

Instance store:
An instance store provides temporary storage for an instance, keeping the data on the same physical
server as the instance.
Characteristics:
• It offers block-level storage for short-term use.
• Uses either HDDs or SSDs.
• Data is lost if the instance is stopped or terminated.
Example use cases:
• Buffers
• Cache
• Scratch data
Amazon EBS:

Amazon EBS volumes offer persistent storage that is attached to an EC2 instance via a network.
Characteristics:
• Amazon EBS provides block-level storage that remains even after an instance is stopped or
terminated.
• These volumes can be attached to any instance within the same Availability Zone.
• Both HDDs and SSDs are supported for different performance needs.
• Data on EBS volumes can be encrypted for security.
• Snapshots of EBS volumes can be taken and stored in Amazon S3 for backup or replication
purposes.
• The data on EBS volumes persists independently of the instance's lifecycle.

Example use cases:

• Amazon EBS is ideal for storing data for standalone databases.
• It can also be used for general application data storage, ensuring data durability and availability.

Amazon EBS SSD-backed volume types:

Amazon EBS SSD-backed volumes are suited for use cases where the
performance focus is on IOPS.

Volume type Description Use Cases

• Recommended for most

General Purpose Balances price and performance
workloads
SSD (gp2) for a wide variety of workloads
• Can be a boot volume
• Critical business applications
• Highest-performance SSD that
volume require sustained IOPS
Provisioned IOPS
• Good for mission-critical, low- performance
SSD (io1)
latency, or high-throughput • Large database workloads
workloads • Transactional workloads
• Can be a boot volume
Amazon EBS HDD-backed volume types:

Amazon EBS HDD-backed volumes work well when the focus is on throughput.

Volume type Description Use Cases

• Streaming workloads
Throughput • Low-cost volume type
• Big data
Optimized HDD • Designed for frequently
• Data warehouses
(st1) accessed, throughput-
• Log processing
Description intensive workloads
• Can’t be a boot volume
• Throughput-oriented storage for
large volumes of infrequently
• Lowest-cost HDD volume
accessed data
Cold HDD (sc1) • Designed for less frequently
• Use cases where the lowest
accessed workloads
storage cost is important
• Can’t be a boot volume

Amazon EBS-optimized instances:

Certain EC2 instance types can be optimized so that I/O access to an EBS volume is increased. These
instances are called Amazon EBS-optimized instances.

Benefits:

▪ It provides a dedicated network connection to attached EBS volumes.

▪ It increases I/O performance.
▪ Additional performance is achieved if using an Amazon EC2 Nitro System-based instance type.
If an EC2 instance type supports EBS optimization, it’s automatically enabled when the instance type is
categorized as EBS-optimized. Otherwise, you must manually enable the optimization when you launch
the instance by setting its Amazon EBS-optimized attribute.
Amazon Elastic File System (Amazon EFS):

▪ Amazon EFS offers file system storage specifically designed for Linux-based workloads.
▪ EFS is a fully managed, elastic file system that automatically scales up or down as files are added
or removed.
▪ It provides petabytes of capacity, ensuring ample storage for extensive data needs.
▪ EFS supports the Network File System (NFS) protocols, enabling seamless integration with existing
applications and workflows.
▪ The file system can be mounted directly to EC2 instances, allowing easy access and management.
▪ EFS is compatible with all Linux-based AMIs for Amazon EC2, providing flexibility and ease of use
across various Linux distributions.
Amazon EFS use cases:

The main use cases for Amazon EFS include the following:

• Home directories: Provides storage for organizations that have many users who must access and
share common datasets
• File system for enterprise applications: Provides the scalability, elasticity, availability, and durability
to be the file store for enterprise applications and for applications that are delivered as a service
• Application testing and development: Provides a common storage repository that helps you to
share code and other files in a secure and organized way
 • Database backups: Can be mounted with NFSv4 from database servers
• Web serving and content management: Provides a durable, high-throughput file system for
content management systems that store and serve information for a range of applications (such
as websites, online publications, and archives)
• Big data analytics: Provides the scale and performance for big data applications that need high
throughput to compute nodes, along with read-after-write consistency and low-latency file
operations.
• Media workflows: Provides the strong data consistency model, high throughput, and shared-file
access that can reduce the time it takes to perform video editing, studio production, broadcast
processing, sound design, and rendering jobs. At the same time, it consolidates multiple local file
repositories into a single location for all users.
Amazon FSx for Windows File Server:

▪ Amazon FSx for Windows File Server offers fully managed shared file system storage tailored for
Microsoft Windows EC2 instances.
• Amazon FSx provides native Microsoft Windows compatibility, ensuring seamless integration with
Windows-based applications and environments.
• It uses the New Technology File System (NTFS), which is a robust and secure file system used
widely in Windows environments.
• The service leverages the Native Server Message Block (SMB) protocol, supporting versions 2.0 to
3.1.1, which facilitates reliable and efficient file sharing.
• FSx includes Distributed File System (DFS) Namespaces and DFS Replication, enhancing data
availability and redundancy.
• Integration with Microsoft Active Directory allows for streamlined user authentication and
management, while support for Windows access control lists (ACLs) ensures granular permission
control.
• Amazon FSx is backed by high-performance SSD storage, delivering fast and reliable data access.

Amazon FSx for Windows File Server use cases:

▪ Home Directories: Create a file system accessible to hundreds of thousands of users with file or
folder-level permissions.
 ▪ Lift-and-Shift Applications: Offers fully managed native Windows file shares, including Microsoft
Active Directory integration and automatic backups.
▪ Media and Entertainment Workflows: Supports media transcoding, processing, and streaming with
high throughput and low latency shared Windows file storage.
▪ Data Analytics: Provides scalable file systems with high throughput and low latency for data-
intensive analytics workloads.
▪ Web Serving and Content Management: Allows multiple web or content servers to access the same
files simultaneously.
▪ Software Development Environments: Enables in-cloud development without changes to
workflows by providing shared file storage for developers.
AMAZON EC2 PRICING OPTIONS:

Amazon EC2 offers various purchasing strategies to help you optimize costs based on your specific needs.
These strategies are grouped into three main categories: purchase models, capacity reserved models,
and dedicated models.

Purchase Models:
1. On-Demand Instances:

o Most flexible option with no long-term contract.

o Pay for compute capacity by the hour or second.
o Suitable for short-term, spiky, or unpredictable workloads, as well as for developing and
testing applications on Amazon EC2 for the first time.
2. Savings Plans:

o Flexible pricing model that offers low prices in exchange for a commitment to a consistent
amount of usage over 1 or 3 years.

o Two types:

▪ Compute Savings Plans: Provide flexibility and can reduce costs by up to 66%.
Apply to any EC2 instance usage regardless of family, size, AZ, region, OS, or
tenancy.
 ▪ EC2 Instance Savings Plans: Less flexible but offer larger discounts (up to 72%).
Apply to specific instance families in specific regions.

3. Spot Instances:

o Bid on unused EC2 instances at substantial savings.

o Suitable for fault-tolerant, flexible, and stateless workloads.
o Instances can be interrupted by EC2 with a 2-minute notification if capacity is needed
elsewhere.
o Spot Blocks: Ensure instances run continuously for a set duration (1-6 hours) without
interruption.
Capacity Reserved Models:
1. Reserved Instances (RIs):
o Reserve capacity for 1 or 3 years at lower hourly costs.
o Ideal for predictable, steady-state workloads.
2. On-Demand Capacity Reservations:
o Reserve capacity in a specific Availability Zone for any duration.
o Mitigate the risk of capacity constraints and ensure capacity availability when needed.
o Recommended for business-critical events, workloads with regulatory high availability
requirements, and disaster recovery strategies.
3. EC2 Capacity Blocks for ML:
o Reserve GPU instances for future machine learning workloads.
o Pay only for the required compute time, with no long-term commitment.
o Ideal for training ML models, running experiments, and preparing for future demand surges.
Dedicated Models:
1. Dedicated Instances:
o Run on hardware dedicated to a single customer.
o Physically isolated from instances belonging to other accounts, even if linked to a single
payer account.
o Billed per instance with an hourly usage fee and a dedicated per-region fee.
2. Dedicated Hosts:
o Physical servers fully dedicated to a single customer.
 o Enable the use of existing server-bound software licenses.
o Provide visibility and control over instance placement on physical servers.
o Billing models include On-Demand, Reservation Pricing, and Savings Plans.
o Ideal for saving on licensing costs, workloads requiring dedicated physical servers, and
maintaining control over host maintenance schedules.

AMAZON EC2 CONSIDERATIONS:

Amazon EC2 Placement Groups:

Placement groups in Amazon EC2 allow you to control where instances run within an Availability Zone.
They influence the placement of interdependent instances to achieve higher network performance and
reduce the risk of correlated or simultaneous failures. There are three placement strategies: Cluster,
Partition, and Spread.

Placement Strategies

1. Cluster Placement Group:

o Purpose: Provides low-latency and high packet-per-second network performance between

instances in the same Availability Zone.

o Details: Instances are placed close together in the same high-bisection bandwidth
segment of the network, offering up to 10 Gbps per-flow throughput for TCP/IP traffic.

o Use Case: Ideal for applications needing low network latency and high network
throughput.

o Best Practice: Launch all instances in a single request to ensure they are placed close
together.

2. Partition Placement Group:

o Purpose: Reduces the likelihood of correlated hardware failures by spreading instances

across logical partitions.

o Details: Each partition has its own set of racks with separate network and power sources.
Partitions can span multiple Availability Zones.
 o Use Case: Suitable for large distributed and replicated workloads.

3. Spread Placement Group:

o Purpose: Minimizes correlated hardware failures by placing instances across distinct

physical racks.

o Details: Each rack has its own network and power source, and the group can span multiple
Availability Zones.

o Use Case: Recommended for applications with a small number of critical instances that
need to be kept separate from each other.

Considerations for Using Placement Groups

• Network Performance: Placement groups can increase network performance between your
instances.

• Fault Tolerance: Placement groups help reduce correlated or simultaneous failure.

• Instance Limits: An instance can be launched in only one placement group at a time. Instances
with a tenancy of host cannot be launched in a placement group.

By default, Amazon EC2 spreads new instances across underlying hardware to minimize correlated
failures. However, you can use placement groups to influence the placement of a group of interdependent
instances to better meet the needs of your workload.

DATABASE LAYER CONSIDERATIONS

Database Considerations:

When choosing a database for a specific workload, you need to consider several key factors to ensure it
meets your needs effectively.

Scalability:

Scalability refers to how well a database can handle increased workloads. If your database can't scale
properly, you might face performance issues or unnecessary costs:
 • Throughput Needs: Understand the amount of data your database must handle. Choose a
solution that can meet these needs initially and scale up as needed without downtime.

• Resource Provisioning: Avoid underprovisioning, which can cause application failures, and
overprovisioning, which leads to unnecessary costs.

Storage Requirements:

Evaluate how much data your database will need to store:

• Data Size: Determine if you need to store gigabytes, terabytes, or even petabytes of data.

• Database Type: Different databases support various data capacities. Choose one that aligns with
your application's storage needs.

Data Characteristics:

Understand the nature of your data and how you will access it:

• Data Model: Identify if your data is relational, structured, semi-structured, highly connected, or
time-series.

• Access Patterns: Consider how you need to access your data. Do you require low-latency
responses or have specific data record sizes?

• Usage: Determine if the database is for traditional applications, caching, or session management.

Durability:

Durability ensures your data is not lost and is always accessible:

• Data Availability: Decide how critical data availability is for your business. If the data is crucial,
choose a solution that stores multiple copies across different locations to prevent loss.

• Regulatory Compliance: Check if there are legal or regulatory requirements for your data, such
as data residency laws. Ensure the database solution can support compliance with these
regulations.
Relational and Non-Relational Databases:

The traditional approach of using relational databases for every application is no longer sufficient.
Although relational databases remain important, various purpose-built databases have been developed
to address the specific requirements of modern applications, such as social media, mobile, Internet of
Things (IoT), and global access.

Relational Databases:

Relational databases store data in tables with rows and columns and use SQL for querying. They are
ideal for use cases with strict schema rules that don't change often. They work well for on-premises
workloads or online transactional processing. However, for applications requiring extreme read/write
capacity, a relational database might not be the best choice.

Relational databases are ACID-compliant, ensuring data integrity with transactions that are:

• Atomic: Treated as a single logical operation.

• Consistent: Behave the same way every time.

• Isolated: Carried out concurrently without affecting each other.

• Durable: Changes are permanent even after a system failure.

Non-Relational Databases:

Non-relational (or NoSQL) databases are designed for a variety of data models, including key-value,
graph, document, in-memory, and search. They can handle structured, semi-structured, and unstructured
data with flexible schemas, meaning each object can have a different structure. They are ideal for:

• Caching layers to improve read performance

• Storing JSON documents

• Applications needing single-digit millisecond data retrieval

Non-relational databases are optimized for specific data models and access patterns, offering higher
performance for those use cases.
Scalability:
Both relational and non-relational databases can scale horizontally and vertically:

• Relational: Amazon RDS can scale horizontally with read replicas.

• Non-Relational: Redis can scale vertically by using larger instance types.

Amazon Database Options

Various database options available from AWS:

Relational Database Service (Amazon RDS):

• A managed service for setting up, operating, and scaling relational databases in the cloud.

• Options:

o Amazon Aurora (MySQL-compatible)

o Amazon Aurora (PostgreSQL-compatible)
o Amazon RDS for MySQL
o Amazon RDS for MariaDB
o Amazon RDS for PostgreSQL
o Amazon RDS for Oracle
o Amazon RDS for SQL Server
• Use Cases: Suitable for transactional applications such as enterprise resource planning (ERP),
customer relationship management (CRM), and ecommerce applications, where structured data
storage is required.

Non-Relational Database Services:

• Amazon DynamoDB:
o Type: Key-value database.
o Use Cases: High-performance applications, mobile backends, and IoT applications.
• Amazon Neptune:
o Type: Graph database.
o Use Cases: Social networking, recommendation engines, and fraud detection.
• Amazon ElastiCache:
o Type: In-memory database.
 o Supports: Redis and Memcached.
o Use Cases: Caching, real-time analytics, and session management.
AMAZON RELATIONAL DATABASE SERVICE (AMAZON RDS)

Amazon RDS is a fully managed service designed to deploy, operate, and scale relational databases in
the cloud. It supports multiple database engines and uses Amazon Elastic Block Store (Amazon EBS)
volumes for database and log storage.

Key Features:

• Fully Managed: Amazon RDS automates routine database tasks such as provisioning, patching,
backup, recovery, failure detection, and repair. This eliminates the need for manual database
administration and infrastructure maintenance.

• Database Engine Options: You can choose from various database engines, including:

o Amazon Aurora (MySQL-compatible)

o Amazon Aurora (PostgreSQL-compatible)
o Amazon RDS for MySQL
o Amazon RDS for MariaDB
o Amazon RDS for PostgreSQL
o Amazon RDS for Oracle
o Amazon RDS for SQL Server
• Storage: Amazon RDS uses Amazon EBS volumes for database and log storage. You can easily
scale the storage capacity allocated to your database instance as your needs grow.

Benefits of Amazon RDS:

Amazon RDS offers several key benefits:

Lower Administrative Burden:
• No need to provision infrastructure or install and maintain database software.
• Provides a single console and API for managing all your relational databases.
• Built-in security and monitoring features.
Highly Scalable:
• Easily scale compute and storage resources with a few clicks or an API call.
 • Offers a variety of instance types optimized for different relational database use cases.
• Instance types provide flexible combinations of CPU, memory, storage, and networking.
Available and Durable:
• Enhance availability and reliability with replication.
• Multi-AZ deployment for high availability and automated failover to a secondary database.
• Use read replicas to scale out for read-heavy workloads.
Secure and Compliant:
• Run database instances in Amazon VPC for isolation and secure connections.
• Configure firewall settings and control network access.
• Support for encryption at rest and in transit.
• Wide range of compliance readiness, including HIPAA eligibility.

Amazon RDS Database Architecture:

Amazon RDS simplifies the deployment and management of relational databases in the cloud. It supports
a range of managed database engines, including Amazon Aurora, MySQL, PostgreSQL, MariaDB, Oracle,
and SQL Server.

Architecture Overview:

• Managed Instances: Amazon RDS provides isolated environments for your databases, each
capable of hosting multiple databases.

• Compute and Storage: RDS uses specialized EC2 instances to provide computing power and
relies on Amazon EBS volumes for flexible and scalable storage.

• Database Engine: The database engine manages how data is stored, sorted, and retrieved,
ensuring efficient handling of your organization's data.
 Fig: Amazon RDS Database Architecture

Fig: Architecture diagram of a database layer

This architecture diagram shows the EC2 instance and the Amazon RDS instance inside an Amazon
Virtual Private Cloud (Amazon VPC).

Aurora:

Aurora is a MySQL and PostgreSQL-compatible RDBMS built for the cloud:

• Aurora is up to five times faster than standard MySQL databases and three times faster than
standard PostgreSQL databases.
 • It provides the security, availability, and reliability of commercial databases at approximately one-
tenth the cost.
• Aurora is fully managed by Amazon RDS, which automates time-consuming administration tasks
such as hardware provisioning, database setup, patching, and backups.
• Aurora features a distributed, fault-tolerant, self-healing storage system that auto scales up to 64
TB per database instance.
• It delivers high performance and availability with up to 15 low-latency read replicas, point-in-time
recovery, continuous backup to Amazon Simple Storage Service (Amazon S3), and replication
across three Availability Zones.

Aurora database clusters:

An Aurora database cluster consists of one or more database (DB) instances and a cluster volume that
manages the data for those database instances. An Aurora cluster volume is a virtual database storage
volume that spans multiple Availability Zones, and each Availability Zone has a copy of the database
cluster data. Two types of database instances make up an Aurora database cluster:

• A primary database instance supports read and write operations and performs all of the data
modifications to the cluster volume. Each Aurora DB cluster has one primary DB instance.

• An Aurora replica connects to the same storage volume as the primary DB instance and supports
only read operations. Each Aurora database cluster can have up to 15 Aurora replicas in addition
to the primary DB instance. Maintain high availability by locating Aurora replicas in separate
Availability Zones. Aurora automatically fails over to an Aurora replica in case the primary DB
instance becomes unavailable. You can specify the failover priority for Aurora replicas. Aurora
replicas can also offload read workloads from the primary DB instance.
An Amazon Aurora database cluster showing a Primary instance in Availability Zone 1, and one replica
instance in both Availability Zone 2 and 3. Each instance connects to a set of EBS volumes in the same
Availability zone. The Primary instance copies its database to its EBS volumes and those are copied to
EBS volumes for each of the database replicas. The EBS volumes are in the Aurora Cluster volume which
spans across all three Availability Zones.

Aurora Serverless:

Amazon Aurora Serverless is a flexible, on-demand configuration for Aurora databases that automatically
adjusts capacity based on your application's needs.

Key Features:

• Auto Scaling: Aurora Serverless automatically starts, stops, and scales database capacity up or
down, eliminating the need for manual management.
• Granular Scaling: Aurora Serverless v2 allows for precise scaling, matching capacity closely to
your workload requirements.
Ideal Use Cases:

• Variable Workloads: Automatically handle sudden or unpredictable spikes in activity by scaling

up during peak loads and scaling down when activity decreases.
 • New Applications: Easily start new applications without needing to estimate database instance
sizes. Aurora Serverless v2 adjusts capacity as needed based on the application's demands.
• Development and Testing: Run development and testing environments with minimal capacity
and scale up as needed, avoiding unnecessary costs when the database isn't in use.
• Capacity Planning: Simplify capacity management by letting Aurora Serverless v2 handle scaling
automatically, reducing the need for manual adjustments and allowing for easy transitions
between provisioned and serverless configurations.

AMAZON DYNAMODB

Amazon DynamoDB is a fully managed, serverless NoSQL database that supports both key-value and
document data models. It features a flexible schema, allowing you to easily adapt to changing business
needs without altering the table schema as required in relational databases.

Key attributes of DynamoDB include:

• Performance: Provides consistent response times in the single-digit millisecond range.
• Scalability: Automatically scales tables to meet capacity requirements with no manual
intervention needed.
• Security and Backup: Ensures data security with encryption and offers continuous backups for
data protection.

DynamoDB is ideal for applications and mission-critical workloads that require high speed, scalability, and
data durability.

DynamoDB use cases:

The following are some use cases in which DynamoDB would be suitable:
• Developing software applications: Build internet-scale applications that support user-content
metadata and caches that require high concurrency and connections for millions of users and
millions of requests per second.
• Creating media metadata stores: Scale throughput and concurrency for media and
entertainment workloads, such as real-time video streaming and interactive content, and deliver
lower latency with multi-Region replication across AWS Regions.
 • Scaling gaming platforms: Focus on driving innovation with no operational overhead. Build out
your game platform with player data, session history, and leaderboards for millions of concurrent
users.

DynamoDB features:

Serverless Performance with Limitless Scalability:

Serverless performance with limitless scalability

• Secondary indexes provide flexibility on how to access your data.
• Amazon DynamoDB Streams is ideal for an event-driven architecture.
• Multi-Region, multi-active data replication with global tables
Built-in security and reliability
• DynamoDB encrypts all customer data at rest by default.
• Point-in-time recovery protects data from accidental operations.
• DynamoDB allows fine-grained access control.

Amazon DynamoDB Data Structure:

• Table: A collection of data unique to an account and region. Each table contains multiple items.
• Item: The core unit of data, similar to a row in a traditional database. Each item is identified by
a unique combination of attributes.
• Attributes: Key-value pairs (e.g., Key = Name, Value = Sam). Attributes are like fields or columns
in other databases and represent fundamental data elements.
• Primary Key:
o Partition Key: Every item must have a partition key, also known as a hash key. It is the
main attribute used to uniquely identify items.
o Sort Key (Optional): Used to sort items that share the same partition key. Examples
include timestamps or version numbers. If used, the combination of the partition key and
sort key forms a composite primary key.
• Composite Primary Key: A combination of the partition key and sort key, which uniquely
identifies an item and supports rich query capabilities.
• Additional Attributes: Items can have zero or more extra attributes beyond the primary key.
DATABASE SECURITY CONTROLS

Amazon RDS security best practices:

Security with Amazon RDS is a shared responsibility between AWS and you. AWS manages the security
of the cloud infrastructure, while you manage security within the cloud.

Best Practices:

1. Use a Custom VPC: Deploy your RDS instances in a custom, private VPC for enhanced network
control and security.

2. IAM Policies: Use AWS Identity and Access Management (IAM) to set permissions for managing
RDS resources. This allows you to control who can create, modify, or delete DB instances and
manage security groups.

3. Security Groups: Configure security groups to control which IP addresses or EC2 instances can
access your RDS instances. By default, your RDS instance is isolated until you specify access rules.

4. Use SSL/TLS: Enable SSL or TLS to encrypt connections to your RDS instances, protecting data
in transit for MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server.

5. Encryption at Rest: Use Amazon RDS encryption to secure your data at rest. Data, including
logs, backups, and snapshots, is encrypted using AES-256, and AWS Key Management Service
(KMS) manages the encryption keys.
 6. Database Engine Security: Utilize the built-in security features of your database engine to
control user access, just as you would with a database on your local network.

DynamoDB Security Best Practices:

DynamoDB encrypts all data at rest (including tables, indexes, streams, and backups) using AWS KMS
keys, ensuring data protection from unauthorized access.

Preventive Measures:

• IAM Roles for Authentication: Use IAM roles to control who can access DynamoDB by requiring
valid AWS credentials in API requests.
• IAM Policies for Authorization: Grant permissions based on IAM policies to control who can
perform actions on DynamoDB resources. Apply the principle of least privilege to minimize risks.
• Fine-Grained Access Control: Use IAM policy conditions to specify how permissions are applied,
allowing detailed control over access.
• VPC Endpoints: For access only within a VPC, use VPC endpoints to keep traffic from traversing
the open internet, enhancing security.
Detection Measures:

• AWS CloudTrail: Monitor usage of AWS KMS keys and DynamoDB operations through CloudTrail
logs to track user activity and identify potential issues.

• AWS Config: Continuously monitor and record configuration changes and compliance of
DynamoDB resources. AWS Config helps track compliance with internal and regulatory guidelines
by flagging any rule violations.

MIGRATING DATA INTO AWS DATABASES.

AWS Database Migration Service (DMS):

• Overview: AWS DMS is a managed service that helps you migrate and replicate databases and
analytics workloads to and within AWS.
• Functionality:
 o Migration Types: Supports both homogenous migrations (same database engine) and
heterogeneous migrations (different database engines). One endpoint must be an AWS
service.
o Replication: Can replicate data on demand or on a schedule, keeping your source
database operational during the migration.
• Supported Databases: Works with various databases, including Oracle, SQL Server, MySQL,
MariaDB, PostgreSQL, MongoDB, and others.
• Use Cases:
o Data Lakes: Replicate data to Amazon S3 to build scalable data lakes.
o Data Warehousing: Stream data to Amazon Redshift for a large-scale data warehouse.
• Limitations: Cannot migrate between on-premises databases.
AWS DMS Homogeneous Migration:

AWS DMS simplifies migrating databases between similar database engines. For example, you can move
data from an on-premises PostgreSQL database to Amazon RDS for PostgreSQL or Aurora PostgreSQL.

How It Works:

• AWS DMS handles migrations serverlessly, automatically adjusting resources to match the needs
of the migration.
• It uses built-in database tools to ensure the process is efficient and high-performing.
• The service operates through a combination of instance profiles, data providers, and replication
projects to manage the migration.
This example shows that the database engine is the same for the source database (on-premises MySQL)
and the target database (Amazon RDS database running MySQL).

1. An instance profile specifies network and security settings for the managed environment where
your migration project runs. When you create a migration project with the compatible source and
target data providers of the same type, AWS DMS deploys a managed environment where your
data migration runs.
2. Next, AWS DMS connects to the source data endpoint, reads the source data, dumps the files on
the disk, and restores the data by using native database tools.
AWS DMS Heterogeneous Migration:

Heterogeneous migration involves moving data between databases with different engines. AWS
provides several solutions to streamline this process by automating schema analysis, recommendations,
and conversion.

• Database Discovery Tool: AWS DMS Fleet Advisor automatically inventories and assesses your
on-premises database and analytics servers, recommending migration paths and AWS database
options.
• Schema Conversion Tools:
o AWS Schema Conversion Tool (AWS SCT): Download and use locally to assess and
convert your database schema and code objects.

o AWS DMS Schema Conversion: Initiate through the AWS DMS console for a fully
managed schema conversion experience.
 Fig: AWS DMS heterogeneous migration with AWS SCT

This example illustrates an AWS DMS heterogenous migration by using AWS Schema Conversion Tool
(SCT):
1. Convert: The AWS SCT works in conjunction with AWS DMS when you are moving your source
database to a different target database to convert all schema and code objects to the target
engine. The AWS SCT automatically converts your source database schemas and most of the
database code objects to a format compatible with the target database. The AWS SCT is a
standalone application that you need to download to your local drive. Alternatively the AWS DMS
replication task can use the AWS DMS Schema conversion feature instead of AWS SCT.

2. Migrate schema and code: You create an AWS DMS migration by creating the necessary replication
instance, endpoints, and tasks in an AWS Region. An AWS DMS replication instance is a managed
EC2 instance that hosts one or more replication tasks. One or more migration tasks are created to
migrate data between the source and target data stores.

.
 10. ASSIGNMENT

Assignment 1: Setting Up and Configuring Amazon EC2 Instances

Difficulty Level: Beginner
Question 1: Launching and Configuring an Amazon EC2 Instance
Task: Set up and configure an Amazon EC2 instance with a specific application installed using user
data.
Instructions:
1. Choose an Amazon Machine Image (AMI) suitable for running a web server (e.g., Amazon Linux
2).
2. Select an appropriate EC2 instance type for a small web application.
3. Write a user data script to install Apache web server on the instance.
4. Launch the instance and ensure the web server is running.
5. Document each step of the process with screenshots and a brief explanation.
Expected Output: A step-by-step guide with screenshots showing the selection of AMI, instance type,
user data script, and the successful launch of the instance with the Apache web server running.

Assignment 2: Analyzing Amazon EC2 Pricing Options

Difficulty Level: Intermediate
Question 2: Evaluating Amazon EC2 Pricing Models
Task: Analyze the cost implications of different Amazon EC2 pricing models for a 3-month project.
Instructions:
1. Compare On-Demand, Reserved, and Spot Instances for an m5.large instance type.
2. Use the AWS Pricing Calculator to estimate the costs for each pricing model.
3. Consider a workload requiring 24/7 operation over the 3-month period.
4. Write a report comparing the costs and discussing the best pricing model for this project.
Expected Output: A comparative report detailing the costs of On-Demand, Reserved, and Spot
Instances for an m5.large instance over 3 months, and a recommendation for the best pricing model.

Assignment 3: Configuring Storage for an Amazon EC2 Instance

Difficulty Level: Intermediate
Question 3: Adding and Configuring EBS Storage for an EC2 Instance
Task: Add and configure additional storage for an existing Amazon EC2 instance using Elastic Block
Store (EBS).
Instructions:
1. Launch an Amazon EC2 instance with a basic AMI.
2. Attach an additional EBS volume to the instance.
3. Format and mount the EBS volume for use by the instance.
4. Demonstrate how to back up the EBS volume using snapshots.
5. Document the process with screenshots and explanations.
Expected Output: A detailed guide with screenshots showing the steps to attach, format, mount, and
back up an EBS volume.

Assignment 4: Implementing Database Security Controls

Difficulty Level: Advanced
Question 4: Securing an Amazon RDS Instance
Task: Implement and document security controls for an Amazon RDS database instance.
Instructions:
1. Launch an Amazon RDS instance with MySQL.
2. Configure security groups to allow access only from specific IP addresses.
3. Enable encryption at rest and in transit for the RDS instance.
4. Set up IAM roles and policies to control access to the database.
5. Write a report detailing the security measures implemented and their importance.
Expected Output: A comprehensive report with configurations, screenshots, and explanations of the
security controls applied to the RDS instance.

Assignment 5: Migrating Data into AWS Databases

Difficulty Level: Expert
Question 5: Data Migration to Amazon DynamoDB
Task: Plan and execute the migration of a dataset from a local database to Amazon DynamoDB.
Instructions:
1. Choose a sample dataset (e.g., a CSV file) to migrate.
2. Set up an Amazon DynamoDB table with appropriate key schema and throughput settings.
3. Use AWS Database Migration Service (DMS) or other tools to migrate the data.
4. Verify the data integrity and consistency after migration.
5. Document the migration process, challenges faced, and solutions implemented.
Expected Output: A detailed report with the migration plan, step-by-step process, screenshots, data
verification results, and a discussion of challenges and solutions during the migration.
 11. PART A QUESTIONS AND ANSWERS

1. Describe the purpose of Amazon EC2 Auto Scaling in managing EC2 instances. K2
Amazon EC2 Auto Scaling helps maintain application availability and allows you to
automatically adjust the number of EC2 instances in response to changes in demand
based on defined scaling policies.
2. Explain the role of Elastic Load Balancing (ELB) in managing incoming traffic to AWS K2
resources.
Elastic Load Balancing (ELB) automatically distributes incoming traffic across multiple
targets, such as EC2 instances, containers, and IP addresses, across one or more
Availability Zones to ensure high availability and fault tolerance.
3. What is the primary function of AWS Lambda in the context of serverless computing? K2
AWS Lambda runs your code in response to events without provisioning or managing
servers. It handles the underlying infrastructure, including capacity provisioning,
scaling, and maintenance, allowing you to focus on writing code.
4. How would you configure an EC2 instance to automatically scale based on CPU K3
utilization?
To configure automatic scaling, set up an EC2 Auto Scaling group with a defined launch
configuration or template. Create scaling policies that use CloudWatch metrics, such as
CPU utilization, to trigger the addition or removal of instances based on predefined
thresholds.
5. Compare and contrast Amazon EC2 Spot Instances and Reserved Instances in terms of K4
cost optimization.
Amazon EC2 Spot Instances allow you to bid on unused EC2 capacity at a significant
discount, suitable for flexible and interruptible workloads. Reserved Instances offer a
discount for committing to a one- or three-year term, which is ideal for predictable,
long-term workloads. Spot Instances can be up to 90% cheaper but are less reliable,
whereas Reserved Instances offer cost savings with guaranteed availability.
6. Describe the difference between Amazon EBS-backed AMIs and instance store-backed K2
AMIs.
Amazon EBS-backed AMIs offer persistent storage that remains even after the instance
is stopped or terminated, with faster boot times and the ability to stop and start
instances. Instance store-backed AMIs provide temporary storage that is lost when the
instance is stopped or terminated and generally have longer boot times.
7. Why is it important to select an AMI with the appropriate operating system for your K2
application?
Selecting the correct operating system for your AMI ensures compatibility with your
application’s requirements. The operating system influences software installation,
performance, and security, making it essential to choose one that aligns with your
application's needs.
8. If you need to launch a new EC2 instance with a custom configuration, what steps K3
would you take to create a new AMI from an existing instance?
Launch an EC2 instance from a source AMI, configure it with the desired settings and
applications, then create a new AMI from this instance using the AWS Management
Console or EC2 AMI tools. This new AMI can then be used to launch instances with the
custom configuration.
9. Compare the benefits and limitations of using EC2 Image Builder versus manually K4
creating an AMI.
EC2 Image Builder automates the creation and management of AMIs, ensuring
compliance and up-to-date images with a graphical interface for easy pipeline setup.
Manually creating an AMI requires more hands-on management, but offers complete
control over the process. EC2 Image Builder is beneficial for ongoing updates and
automation, while manual creation provides flexibility for one-time or highly customized
images.
10. Evaluate the advantages of using a Quick Start AMI versus a Community AMI for K5
launching a new EC2 instance in a production environment.
 Quick Start AMIs are built by AWS and provide reliable, well-supported configurations
with security and performance guarantees, making them suitable for production
environments. Community AMIs, created by users, may offer specific configurations but
lack formal assessment and support, potentially introducing risks. For production, Quick
Start AMIs are generally preferred due to their reliability and AWS support.
11. What are the primary characteristics used to differentiate between EC2 instance types? K2
EC2 instance types are differentiated based on their CPU, memory, storage, and
network performance characteristics. These attributes define the capabilities and
suitability of the instances for various workloads.
12. Explain the significance of instance type families in Amazon EC2 instance naming K2
conventions.
Instance type families in Amazon EC2 naming conventions indicate the general category
of the instance, such as compute-optimized or memory-optimized. The family
designation helps users quickly identify the type of resources and performance
characteristics the instance provides.
13. Given that you are running a high-performance database with significant read/write K3
requirements, which EC2 instance type category would be most suitable, and why?
For a high-performance database with significant read/write requirements, a Storage
Optimized instance type, such as I3 or I4g, would be most suitable. These instances
are designed for high, sequential read/write access to large datasets on local storage.
14. Analyze the differences between the m5d.xlarge and m5d.8xlarge instance types K4
and discuss their suitability for different workloads.
The m5d.xlarge instance type offers 4 vCPUs and 8 GiB of memory with 1 x 100 NVMe
SSD, while the m5d.8xlarge instance type provides 32 vCPUs and 128 GiB of memory
with 2 x 600 NVMe SSDs. The m5d.8xlarge is better suited for more demanding
workloads that require higher CPU, memory, and storage capacity, such as large-scale
data processing or enterprise applications.
15. Evaluate the effectiveness of using AWS Compute Optimizer recommendations for K5
selecting EC2 instance types in terms of cost and performance optimization.
 AWS Compute Optimizer is effective in optimizing cost and performance by analyzing
instance configurations and usage data. It provides recommendations for instance
types that may reduce costs and improve performance based on actual usage patterns.
This helps in ensuring that resources are neither under-provisioned nor over-
provisioned, thereby enhancing cost efficiency and performance.
16. What is the primary difference between Amazon EBS and instance store storage in K2
Amazon EC2?
The primary difference is that Amazon EBS provides persistent block-level storage that
remains even after the instance is stopped or terminated, whereas instance store offers
temporary block-level storage that is lost when the instance is stopped or terminated.
17. If you need to store data that should persist independently from the EC2 instance and K3
be available even after the instance is terminated, which storage option would you
choose and why?
You should choose Amazon EBS because it provides persistent block-level storage that
remains even if the instance is stopped or terminated, ensuring data durability and
availability.
18. Compare the use cases of General Purpose SSD (gp2) and Provisioned IOPS SSD (io1) K4
volumes. Which volume type would you recommend for a mission-critical database
application and why?
General Purpose SSD (gp2) is suitable for a wide variety of workloads with balanced
price and performance, while Provisioned IOPS SSD (io1) is designed for high-
performance applications requiring sustained IOPS. For a mission-critical database
application, I would recommend Provisioned IOPS SSD (io1) because it offers higher
performance and is optimized for low-latency and high-throughput requirements.
19. How does Amazon EFS ensure that files are accessible by multiple EC2 instances K2
simultaneously?
Amazon EFS uses the Network File System (NFS) protocol, which allows multiple EC2
instances to mount and access the same file system concurrently. This provides a
 shared file system that is accessible from all instances, enabling seamless integration
and data sharing.
20. What is a key difference between Cluster and Spread Placement Groups in terms of K2
network performance?
Cluster Placement Groups provide low-latency and high packet-per-second network
performance between instances by placing them close together in the same network
segment. Spread Placement Groups, on the other hand, place instances across distinct
physical racks to minimize correlated hardware failures, which can lead to higher
latency and reduced network performance compared to Cluster Placement Groups.
21. What is the difference between relational and non-relational databases in terms of data K2
models?
Relational databases use structured tables with rows and columns, and they employ
SQL for querying. Non-relational databases, on the other hand, support various data
models like key-value, document, graph, and in-memory, allowing for flexible schemas
and handling of structured, semi-structured, and unstructured data.
22. What are the two types of database instances in an Amazon Aurora database cluster, K2
and what are their roles?
In an Amazon Aurora database cluster, there is a primary database instance, which
supports both read and write operations, and Aurora replicas, which support only read
operations. The primary instance handles all data modifications, while Aurora replicas
help with read scalability and can provide high availability in case of a failure.
23. If you have a workload with unpredictable spikes in database activity, which Amazon K3
Aurora configuration would be most suitable and why?
Amazon Aurora Serverless would be most suitable for a workload with unpredictable
spikes in database activity. Aurora Serverless automatically adjusts capacity based on
application needs, scaling up during peak loads and scaling down when activity
decreases, which helps handle variable workloads efficiently.
24. How would you use Amazon RDS to scale out a read-heavy workload, and what feature K3
of Amazon RDS would you utilize?
 To scale out a read-heavy workload using Amazon RDS, you would utilize read replicas.
Read replicas can handle read requests, thus distributing the read load and improving
performance. This approach helps manage high read traffic without impacting the
primary instance's performance.
25. Analyze the potential benefits and drawbacks of using Amazon Aurora Serverless K4
compared to a provisioned Aurora instance.
The benefits of using Amazon Aurora Serverless include automatic scaling of capacity
based on demand, which is ideal for variable workloads and reduces the need for
manual capacity planning. It is also cost-effective for development and testing
environments. However, the drawbacks include potential latency during scaling
operations and less control over instance size compared to a provisioned Aurora
instance. Provisioned Aurora instances offer more predictable performance and are
suitable for applications with consistent and well-defined workload requirements.
26. What is the role of a partition key in an Amazon DynamoDB table? K2
The partition key is used to uniquely identify items in an Amazon DynamoDB table. It
is the main attribute that determines the partition in which the item is stored and
ensures that each item has a unique identifier within the table.
27. Explain the purpose of DynamoDB Streams and how it can be used in an event-driven K2
architecture.
DynamoDB Streams capture changes to items in a DynamoDB table and provide a time-
ordered sequence of these changes. This feature is useful in an event-driven
architecture as it allows applications to react to changes, trigger workflows, or
synchronize with other systems by processing these change records.
28. How would you configure Amazon DynamoDB to restrict access to your data only from K3
within a specific Virtual Private Cloud (VPC)?
You would use VPC endpoints for DynamoDB. By configuring a VPC endpoint, you
ensure that traffic to DynamoDB remains within the AWS network and does not traverse
the open internet, thereby enhancing security and restricting access to your DynamoDB
data from within the specified VPC.
29. Analyze the benefits and limitations of using Amazon RDS encryption at rest for K4
securing your database.
The benefits of using Amazon RDS encryption at rest include protecting data from
unauthorized access and ensuring data security in case of physical storage theft. It also
integrates with AWS Key Management Service (KMS) for managing encryption keys.
However, limitations include potential performance overhead and the need to manage
encryption keys effectively. Also, while encryption protects data at rest, it does not
secure data in transit, which requires additional measures like SSL/TLS.
30. Analyze why DynamoDB's ability to scale automatically without manual intervention is K4
advantageous for high-traffic applications.
DynamoDB's automatic scaling capability is advantageous because it ensures that the
database can handle varying workloads without requiring manual adjustments. This is
particularly useful for high-traffic applications, as it provides consistent performance
and avoids downtime or slowdowns due to sudden spikes in traffic. The ability to scale
seamlessly helps maintain application performance and user experience without
operational overhead.
31. Evaluate the effectiveness of using AWS Schema Conversion Tool (AWS SCT) versus K5
AWS DMS Schema Conversion in a heterogeneous database migration scenario.
AWS SCT is effective for assessing and converting database schemas and code objects
from one engine to another, offering a detailed analysis and conversion capabilities for
complex schema and code. It provides a standalone application for schema conversion.
In contrast, AWS DMS Schema Conversion integrates directly with the DMS replication
tasks, offering a more streamlined and managed approach for schema conversion
within the migration workflow. The choice depends on the complexity of the schema
and the preferred level of control and automation in the migration process. AWS SCT
may be preferred for detailed schema conversion, while AWS DMS Schema Conversion
offers convenience within the overall migration process.
 12. PART B QUESTIONS

1. Explain the process of selecting an Amazon Machine Image (AMI) for launching an K2
Amazon EC2 instance. How does choosing the correct AMI impact the configuration
and performance of your EC2 instance?
2. You are tasked with launching an EC2 instance for a web application that requires K3
high-performance computing. Using the Amazon EC2 Management Console,
demonstrate how you would select an appropriate instance type and configure user
data to set up the instance. Include considerations for performance and initial
configuration.
3. Compare and contrast the advantages and disadvantages of the different Amazon K4
EC2 instance pricing options (On-Demand, Reserved, Spot Instances). How would
you analyze which pricing model is most cost-effective for a long-term, high-volume
application deployment?
4. Evaluate the factors that should be considered when choosing the storage options K5
for an Amazon EC2 instance. How would you determine the optimal storage
configuration for a database-intensive application?
5. Describe the key differences between Amazon EC2 instance types (e.g., General K2
Purpose, Compute Optimized, Memory Optimized). How does understanding these
differences help in selecting the right instance type for your application?
6. Design a comprehensive strategy for managing Amazon EC2 instances in a multi- K6
region deployment. Your strategy should address the selection of AMIs, instance
types, storage solutions, and pricing options. Include considerations for high
availability, fault tolerance, and cost optimization.
7. Describe Amazon Relational Database Service (Amazon RDS) and list its main K2
features.
8. Explain what Amazon DynamoDB is and identify its main use cases. K2
9. Analyze the security controls available for Amazon RDS and Amazon DynamoDB. K4
Compare the built-in security features of both services, such as encryption, access
control, and network security, and assess how they meet the needs of a highly
regulated industry.
10. You need to migrate a critical application’s data from an on-premises MYSQL Server K3
database to Amazon DynamoDB. Outline the steps you would take to prepare for the
migration. Explain the types of migration.
 13. ONLINE CERTIFICATIONS

1. AWS Certified Cloud Practitioner

AWS Certified Cloud Practitioner Certification | AWS Certification | AWS (amazon.com)

2. AWS Certified Solutions Architect – Associate

https://aws.amazon.com/certification/certified-solutions-architect-associate/
 14. REAL TIME APPLICATIONS

Burberry Digitizes Luxury Retail with evergreen SAP and Serverless Ecommerce on AWS

Burberry is a luxury fashion brand founded in 1856. The company transformed its SAP systems with AWS
and AWS Premier Tier Services Partner Capgemini, reducing operational costs by 30 percent and
increasing agility for maximum uptime during sales peaks. Separately, its digital team overhauled
Burberry’s global ecommerce platform and rebuilt it on AWS with AWS Premier Tier Services Partner
EPAM. The new estate is a holistic, omnichannel customer experience that can be localized to best serve
its customers’ needs in Europe, the Americas, and Asia.
AWS Services Used

• AWS Lambda

• Amazon CloudWatch

Burberry, Capgemini & EPAM – Amazon Web Services (AWS)

 15. ASSESSMENT SCHEDULE

Tentative schedule for the Assessment During 2024-2025 Odd semester

Name of the
S.NO Start Date End Date Portion
Assessment

1 IAT 1 22.08.2024 30.08.2024 UNIT 1 & 2

2 IAT 2 30.09.2024 08.10.2024 UNIT 3 & 4

3 REVISION - - UNIT 5, 1 & 2

4 MODEL 26.10.2024 08.09.2024 ALL 5 UNITS

 16. PRESCRIBED TEXT BOOKS AND REFERENCES

REFERENCES:

1. AWS Certified Solutions Architect Official Study Guide by Joe Baron, Hisham Baz, Tim Bixler
2. Architecting the Cloud by Michael Kavis.
3. AWS Documentation (amazon.com) - https://docs.aws.amazon.com/
4. AWS Skill Builder -
https://explore.skillbuilder.aws/learn/public/learning_plan/view/82/cloud-foundations-
learning-plan?la=sec&sec=lp
5. AWS Academy Cloud Architecting Course -
https://www.awsacademy.com/vforcesite/LMS_Login
 17. MINI PROJECT

Miniproject 1: Launch and Configure a Web Server on Amazon EC2

Objective: Launch an EC2 instance, configure it to serve a web application, and ensure basic security
and performance.
Tasks:
1. Choose an appropriate Amazon Machine Image (AMI) for a Linux-based web server.
2. Select a suitable instance type based on the expected web traffic.
3. Use user data to configure the instance to automatically install a web server (e.g., Apache or
Nginx) and deploy a sample HTML page.
4. Add and configure EBS storage for the instance.
5. Set up security groups to allow HTTP and SSH access.
6. Evaluate the cost using different EC2 pricing options and choose the most cost-effective one.
Difficulty Level: Beginner

Miniproject 2: High Availability and Scalability with Amazon RDS

Objective: Set up a highly available and scalable relational database using Amazon RDS, and configure
backup and monitoring.
Tasks:
1. Create an Amazon RDS instance with Multi-AZ deployment for high availability.
2. Select the appropriate database engine and instance type.
3. Configure automated backups and snapshots for data protection.
4. Set up read replicas for improved read performance and scalability.
5. Enable CloudWatch monitoring for the RDS instance.
6. Implement security measures such as encryption at rest and in transit.
Difficulty Level: Intermediate

Miniproject 3: NoSQL Database Design with Amazon DynamoDB

Objective: Design and implement a NoSQL database using Amazon DynamoDB, focusing on
performance and cost optimization.
Tasks:
1. Create a DynamoDB table with the appropriate partition key and sort key based on the data access
patterns.
2. Populate the table with sample data.
3. Configure read and write capacity units to match the application's requirements.
4. Implement DynamoDB Streams to trigger an AWS Lambda function for data processing.
5. Set up CloudWatch alarms to monitor the table's performance and cost.
6. Evaluate the cost and performance implications of using On-Demand vs. Provisioned capacity
modes.
Difficulty Level: Intermediate

Miniproject 4: Secure Data Migration to Amazon RDS

Objective: Migrate an on-premises database to Amazon RDS securely and ensure data integrity and
minimal downtime.
Tasks:
1. Set up an Amazon RDS instance with the appropriate database engine and instance type.
2. Use AWS Database Migration Service (DMS) to migrate data from the on-premises database to
RDS.
3. Configure VPC and security groups to secure the data migration process.
4. Perform a schema conversion if necessary.
5. Validate the data integrity post-migration.
6. Implement IAM roles and policies to secure access to the RDS instance.
Difficulty Level: Advanced

Miniproject 5: Comprehensive Cloud Infrastructure Design with EC2 and Database Services
Objective: Design and deploy a complete cloud infrastructure using Amazon EC2 and AWS database
services, focusing on scalability, availability, and security.
Tasks:
1. Launch multiple EC2 instances in different availability zones for high availability.
2. Configure a load balancer to distribute traffic across the EC2 instances.
 3. Set up an Auto Scaling Group to handle varying traffic loads.
4. Implement Amazon RDS with read replicas for the database layer.
5. Use Amazon DynamoDB for a specific use case within the application (e.g., user sessions or
caching).
6. Ensure comprehensive security controls, including VPC, security groups, IAM roles, and data
encryption.
7. Evaluate the infrastructure costs and optimize for cost-efficiency.
Difficulty Level: Expert
 Thank you

Disclaimer:

This document is confidential and intended solely for the educational purpose of RMK Group of
Educational Institutions. If you have received this document through email in error, please notify the
system manager. This document contains proprietary information and is intended only to the
respective group / learning community as intended. If you are not the addressee you should not
disseminate, distribute or copy through e-mail. Please notify the sender immediately by e-mail if you
have received this document by mistake and delete this document from your system. If you are not
the intended recipient you are notified that disclosing, copying, distributing or taking any action in
reliance on the contents of this information is strictly prohibited.