Cloud Config

Amazon offers a comprehensive portfolio of public cloud services. The options cover the spectrum from IaaS, to PaaS, to SaaS to managed services. Due to the impressive usability, even small companies without available cloud experts find it easy to get started. In all, Amazon Web Services (AWS) [1] offers well over 50 cloud services, roughly divided into categories such as data processing and storage, database, and migration [2]. Amazon's services are similar to Lego bricks; you can combine them using a simple management console GUI to build virtual networks with different properties. You can also churn up Amazon services through a command-line interface or trigger them programmatically using the provided APIs. This article describes how to implement a web server with a high-availability back-end database in the Amazon cloud . The configuration is similar to the scenario depicted in Figure 1. A NAT server will provide connectivity with the Internet. The database is via Amazon's Relation Database Service (RDS).

Figure 1: Web server with a back-end, high-availability database: The scenario described in this article.

Terms and Concepts

Amazon's data centers are subdivided into regions, with the USA traditionally best connected. Europe is represented by Dublin (eu-west-1), London (eu-west-2), and Frankfurt (eu-central-1), with each location offering redundancy via a regional mirror. The concept of Availability Zones (AZs) lets you design individual services with high availability if desired. The AZ can be found in the dashboard for the service under Service Health | Availability Zone Status . The scope and availability of the individual services varies according to region, AZ, and subnetwork. Your piece of the AWS cloud's total cloud cake is referred to as a Virtual Private Cloud (VPC). In addition to actual virtual machines (instances), which are generated from templates (Amazon Machine Images, or AMI), elements such as subnets, firewalls (security groups), routers, gateways, load balancers, and so on are also included.

Price Structure of AWS

The pricing structure of AWS [3] is complex because almost every service is based on a different billing model. The scenario described in this article includes the pricing structures of Amazon Elastic Compute Cloud (EC2), Amazon VPC, and Amazon RDS. Roughly speaking, compute services such as EC2 are calculated by usage time. Compute alone offers three ways of booking EC2 instances: on-demand, reserved instances, and spot-instances. Reserved (purchase of capacity in advance) can save up to 50 percent, and spot instances (a kind of instance exchange) up to 70 percent compared to on-demand costs. As long as you are in the IaaS environment, you are responsible for setting up your virtual machine (VM), integrating it into existing virtual networks, connecting to storage, and ensuring high availability – just as you would be in a local data center. However, a virtual server is much faster and easier to provision than a conventional server. In addition, creating, (re)configuring, and using networks (SDN) and storage (SDS) is much more easier than if you were working with real hardware.

Access Gate AWS Account

You need an AWS account to get started. Press Create a Free Account on the AWS home page to set up an account quickly – in principle, you do not need more than an email address and a credit card. You can use the AWS Free Tier [4] free of charge for 750 hours EC2, 750 hours RDS, and 5GB S3 storage. If you decide to continue, you'll need to choose a plan from one of the individual cost models; however, the Free Tier is a good option for testing. Log on to the AWS Management Console [5] with a root account and password. An AWS account and password is sufficient for the examples in this article. If you also want to manage tenants in your AWS account or use AWS resources via an API, click on your own username in the upper right-hand corner and switch to the AWS Security Credentials page [6]. Create access key pairs for the required tenants/users. An AWS access key always has a key ID in the form of AKIAJ4 PMEXHFYUHIXG2A and a secret access key such as :/ONT0HapjmLw7xni 6FPscmvPZJ Sc75hUXAQI+N3W. In addition to password and access key pairs, AWS also supports multi-factor authentication (MFA), CloudFront key pairs, and X.509 certificates. If you wish to access AWS from your own applications programmatically, you may also need the AWS Account ID and the Canonical User ID. Additionally, you can and should set up and use Identity and Access Management (IAM) users [7]. When you access the security credentials page, AWS asks if you want to work with security credentials or the role-based IAM model. IAM is excellently documented on the AWS side and experienced admins will easily find their way through it.