Many cloud services offered by AWS are defined as IaaS services, and are defined in this book as foundational services that are used by every customer (see Figure 1-7). Virtualized servers (Amazon EC2), container services (Amazon ECS), and database services (Amazon RDS) are hosted on a fast private software-defined network (SDN). Each customer’s IaaS services are isolated from all other AWS customers by default. A robust security service named AWS Identity and Access Management (IAM) enables each customer to secure and control every ordered IaaS service as desired. A wide variety of supporting services, defined as Manage-ment and Governance services, also shown in Figure 1-7, provide monitoring (Amazon CloudWatch), audit services (AWS CloudTrail), scaling of compute resources (AWS Auto Scaling), governance (AWS Config), and event-driven automation (AWS Lambda).
Figure 1-7 Infrastructure as a Service at AWS
Hosting compute workloads at AWS requires the creation of a network environment called Amazon Virtual Private Cloud (VPC) hosting web, application, and database services on subnets. Customers have the flexibility to create whatever architectural stack is required at AWS, using the vast number of IaaS services and management services available. Many companies moving to AWS typically start with IaaS services, because the IaaS services at AWS closely mirror their current on-premises virtual environment.
Here are some examples of the essential cloud services at AWS:
- Compute services: The previously introduced Amazon EC2 is a cloud ser-vice that provides virtual servers (dedicated, multi-tenant, or bare-metal) in an ever-increasing variety of options. Amazon Elastic Container Service (Amazon ECS) supports Docker containers running at AWS, or on-premises using AWS Outpost deployments. Amazon Elastic Kubernetes Service (EKS) supports Kubernetes deployments at AWS or on-premises using AWS Outposts.
- Storage services: Amazon S3 is a cloud service that provides unlimited object storage in Amazon S3 buckets or archived storage in vaults. There are shared storage arrays: Amazon Elastic File System (Amazon EFS) for Linux, and Amazon FSx for Windows File Server for Microsoft Windows deployments, and virtual block storage volumes using the Amazon Elastic Block Store (Ama-zon EBS) service.
- Database services: AWS offers a fully managed database service called Amazon Relational Database Service (Amazon RDS). Choose from Amazon Aurora (with MySQL or PostgreSQL compatibility), MySQL, PostgreSQL, Oracle, and Microsoft SQL Server engines. Using Amazon RDS, AWS builds, hosts, maintains, backs up, and synchronizes HA pairs or clusters of primary/ standby database servers, leaving customers the single task of managing their data records. Many other managed database services are also available at AWS, including Amazon DynamoDB, a NoSQL database; and Amazon ElastiCache, a managed in-memory caching service that supports Memcached and Redis deployments.
- Automating AWS infrastructure: AWS CloudFormation enables customers to automate the process of modeling and provisioning infrastructure stacks, complete with the required compute, storage, networks, load balancers, and third-party resources required for each workload. Template files are created using either JSON or YAML declarative code.
- Auditing: AWS CloudTrail is enabled in every AWS account, tracking and recording all application programming interface (API) calls and authentication calls. Customers can also configure AWS CloudTrail to store audit informa-tion in Amazon S3 Glacier archive forever.
- Monitoring: AWS CloudWatch is a powerful monitoring service with met-rics for more than 70 AWS services that can be used to monitor resources and application operations using alarms to carry out automated actions when predetermined thresholds are breached.
- VMware Cloud on AWS: Many companies use VMware ESXi infrastructure for their on-premises application servers. Capital expenses and licensing costs are some of the biggest expenses incurred when running an ever-expanding on-premises private cloud. Virtualization was supposed to be the answer to con-trolling a company’s infrastructure costs; however, the cost of hosting, running, and maintaining virtualization services became extremely high as deployments expand in size and complexity. Replacing on-premises VMware deployments with AWS-hosted virtualized servers running on AWS’s hypervisor services removes a company’s need for hypervisor administration expertise. Many applications used by corporations are also now widely available in the public cloud as hosted applica-tions defined as a software as a service (SaaS) application. VMware ESXi is also available as VMware Cloud on AWS, using VMware’s software-defined data center architecture running on AWS infrastructure.
NOTE At AWS, infrastructure and platform services and resources are spread across the world in 31 different regions (2022), and additional regions are scheduled to be added. If you are in a large population center, the odds are that access to AWS cloud resources is close by. If AWS is not yet close by, you still might be able to connect using an edge location or a local point of presence connection. To review the current AWS infrastructure, visit https://aws. amazon. com/about-aws/global-infrastructure/ regions_az/.