• To solve the problem of Amazon's complicated web architecture, Amazon created AWS

  • Applications were built without proper planning
  • It was difficult to separate services from each other

Cloud architecture applies characteristics of the cloud to develop a solution using cloud services to meet an organization's demands, like a blueprint or achitect in real life.

AWS services can easily create highly available, scalable, and reliable cloud architectures.

• Protection of information, systems, and assets
• Risk assessments
• Mitigation strategies

• Run amd monitor systems
• Continuously improve supporting process and procedures

• Quick and effortless mitigation and recovery from service disruption
• Automatic scaling of computing resources to meet demand

• Maintain efficient resources to enable easier scaling as demands change
• Employ mechanical sympathy

• Measure efficiency
• Eliminate unneeded expense
• Using the appropriate service for the situation

This service allows you to review the state of your workloads and compare them to AWS architectural best practices.

• Evaluate tradeoffs so you can select the most optimal approach

  • e.g. trade durability and space for time and latency
• Design your decisions based on empirical data

• Ensure scalability is implemented at every layer of your infrastructure
• Reduce the need for manual intervention

• Monitoring solutions

  • Amazon CloudWatch

Example of bad scalability: when servers reach full capacity, users are prevented from accessing the application. Administrators them manually launch one or more new instances to manage the load. It then takes a few minutes for an instance to become available to your users. Thus this significantly increases the time that users can't access the application.

Take advantage of the dynamically provisioned nature of cloud computing.

• Automate deployment and configuration
• Terminate resources that are not in use

• Test updates on new resources, and replace old resources with newer, updated versions

  • Rolling release/development servers that update instantly

What NOT to do:

• Manage servers with different configurations
• Leave resources idle
• Hardcode IP addresses in applications and configurations

The Unix philosophy emphasizes simple, compact, modular, extensible programs/applications that can be easily maintained and repurposed. It is loosely coupled compared to monolithic design.

With AWS, deisgn architectures with independent components that are not reliant on each other and can easily be switched out or replaced.

Instead of having web servers directly access different application servers, set up an Elastic Load Balancer to direct traffic from an arbitrary web server to an arbitrary application server.

Don't limit your infrastructure to servers. This means to run the appropriate solution or service rather than manually configuring them in a simple compute server.

• When appropriate, use serverless solutions or containers
• Use message queues to handle communication
• Use AWS managed services to simplify implementation

When a service fails, it will prevent other parts of your architecture from communicating with each other. Bottlenecking your system to a single point can bring down the entire system if one component fails rather than shifting traffic to another point.

An application should continue to function even if a single instance is unavailable. Always assume everything fails. Then design backwards.

• Create a standby service in case the main service fails
• Automatically launch components when needed
• Use AWS-managed services to reduce the need for manual intervention

Take advantage of the flexibility of AWS to increase your cost efficiency. Consider the following:

• Are my resources the right size and type for the job?
• What metrics should I monitor?
• How do I make sure to turn off resources that are not in use?
• How often will I need to use this resource?
• Can I replace any of my services with managed services?

Bulid security into every layer of your infrastructure.

• Isolate parts of your infrastructure
• Encrypt data in transit and at rest
• Principle of least privilege
• Use MFA
• Use managed services
• Log access of resources
• Automate deployments to keep security consistent

Regions span across the world that are made up of at least two isolated locations known as availability zones. Each availability zone is made up of at least one data center that is abstracted from the AWS customer.

• Run latency-sensitive portions of applications closer to end users
• Managed by AWS

• Standard - frequently accessed data
• Standard IA - infrequently accessed data; must be readily available
• One Zone IA - infrequently accessed, non-critical data
• Intelligent-Tiering - constantly changing data access patterns
• Glacier/Deep Archive - rarely accessed data archive

• Charged

  • by storage class and region
  • per GB per month and region
  • PUT, COPY, POST, LIST, GET, SELECT, lifecycle transition, data retrieval requests

• Not charged for:

  • Inbound traffic
  • Data between buckets and services in the same region
  • S3 to CloudFront
  • DELETE and CANCEL requests

• Strict schema rules
• Data integrity

• Relational database services

  • RDS

    • Complex joins of data (multiple tables)
  • Redshift
  • Aurora

• Scale horizontally
• Provide higher scalability
• Best for semistructured/unstructured data

• Non-relational DB services

  • DynamoDB
  • ElastiCache
  • Neptune

• Complex joins of data (multiple tables)

• Servers

  • Security groups
  • IAM policies
  • Isolated in VPC

• Serverless

  • IAM policies
• DynamoDB Transactions
• JSON

• Non-relational
• Key-value
• NoSQL

• Serverless
• Extreme horizontal scaling
• Low latency

• Data is replicated to multiple AWS regions
• Read replicas

• Eventual consistency

  • Fully consistent for reads 1 second after write

• Strong consistency

  • More consistent
  • Less effective in power outages
  • Higher resource consumption

• Mutli account vs one account VPC

  • Easier to separate accounts than creating multiple VPCs
• Tagging standards for billing purposes
• Enable CloudTrail on all accounts and send logs to a central logging account's S3 bucket

• IAM policies applied to every organizational unit

• Does not apply to the root OU

  • Root OU will forever have full administrative power
• Must have explicit allow