Written By – Gaurav Gupta
(Reviewed by – Angelina Gokhale, Faculty for ITIE course Edited by – Adya Mishra)
[As part of the IT Infrastructure Essentials Course, PGPITBM programme, Batch 2016-2017, Semester – I]
Amazon.com, Inc. is one of the world’s largest e-commerce web portal which started with selling of Books online and later entered into e-commerce and cloud computing, headquartered at Seattle, Washington, USA.
Amazon Web Services (AWS), headed by Andy Jassy, is one of the most successful foresighted business divisions of Amazon which deals in Web services, commonly known as Cloud Computing. It is one of the leading service providers in its segment and started providing its services since 2006. It is a platform which makes any organization’s (whether a Start-Up or an MNC) IT Infrastructure Scalable and Reliable at a nominal fee or commonly called “Pay as you go”. It not only enables small companies like Start-Ups to grow their business without investing millions of money in the IT Infrastructure in their initial establishment but also at the same time, giving big organizations like MNCs to scale their IT Infrastructure as and when required and at what level.
AWS provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses around the world. With data center locations in the U.S., Brazil, Singapore, Japan, Australia, and recently 2 more in Mumbai, India. Customers across industries are benefitting from its features.
AWS is providing services to clients like, Netflix, Airbnb, Ola Cabs, Pfizer, Samsung, Zynga, Pintrest, Expedia, Lionsgate, Adobe, Comcast, NASA and many more around the globe.
As mentioned, AWS is a cloud computing service provider; Cloud Computing can be understood with the help of the following:
Cloud Computing is the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.
Cloud Computing operating models can broadly be categorized into:
- PUBLIC (services and resources available for all, as any individual or company requires a Pay-as-you-go cost model, low cost yet, reliable. Providers like AWS, Rackspace, Microsoft and IBM etc.)
- PRIVATE (services and resources are restricted to a particular organization i.e., within the organization, could be managed on-premise or off-premise)
- HYBRID (a combination of public and on-premises private cloud services i.e., private cloud for sensitive work/applications of an organization and public cloud for heavy outburst workloads.)
Cloud computing basically covers three service layers:
- SaaS (Software as a Service)
- Have the complete application for the given purpose which is used with/without customization
- CRM, ERP, Payrolls, Email etc.
- Vendors- Google Apps, Salesforce, NetSuite, etc.
- PaaS (Platform as a Service)
- A server along with software environment is provided, where environment is used to build the application and deployed to be used/managed by an organization.
- Vendors- Microsoft Azure, Google Apps, etc.
- IaaS (Infrastructure as a Service)
- Virtual environment is provided on which applications are deployed
- Includes storage as a service offering
- Vendors- Amazon, Rackspace, Gigaspaces etc.
Dig: – Cloud Computing Service Layers’ Functionality Distribution
 AWS provides variety of solutions for various services enabling end user to customize the package as per their business needs and budget as discussed below:
- For COMPUTING, solutions provided-
- EC2 (Elastic Compute Cloud)
- It is a virtual server in the cloud with Resizable Computing Capacity. It reduces time taken to obtain and boot new server instances to minutes.
- Auto Scaling
- Scale the organization infrastructure automatically. It adds or removes instances based on metrics and health checks. It basically minimizes the cost and maximizes performance
- Run codes in response to triggers/events such as S3 upload, DynamoDB updates, Kinesis streams and API Gateway requests
- EC2 Container Service
- A high performance container management service for running Docker containers on EC2 instances
- Integrates with other services like ELB (Elastic Load Balancing) and EBS (Elastic Block Storage)
- Elastic Beanstalk
- Ideal for developers that just want to upload their code and let the service manage the rest
- Supports Docker, JAVA, .Net, Node.js, PHP, Python, Ruby and Go
- Automatically handles deployment, load balancing, auto scaling and application health monitoring
- For STORAGE & CONTENT DELIVERY
- Simple Storage Service (S3)
- Store and retrieve any amount of data, anytime from anywhere on the web
- Supports encryption
- Used for low cost storage for archiving and backup with No limit to amount of data stored. It easily integrates with S3
- Elastic Block Store (EBS, Block storage for EC2)
- Provides persistent block level storage volumes for use with EC2 instances
- SSD or Magnetic Disk
- Encryption support
- Storage Gateway
- Integrates on-premise IT environments with cloud storage
- Delivered as a virtual machine installed in an on-premises data center
- Integration with S3, EBS and Glacier
- Secure data transmission between AWS and on-premise resources
- Import/Export options (provides large data volume transfer)
- Shipping of physical disks and petabytes of data with secure appliance to AWS
- For DATABASE
- RDS (Relation Database Service)
- Managed Relational Database with resizable capacity and automatic patching and backups
- Fast, durable and fully-managed NoSQL database service
- Durable and scalable Relational Database Engine built for the cloud. Upto 64TB database size and also compatible with MySQL
- Fast, simple, cost-effective, fully managed SQL based data warehouse. Online and functional in minutes with ODBC/JDBC compliant
- For NETWORKING
- Virtual Private Cloud (VPC)
- Create user defined Virtual Networks which allows control of the networking environment
- Can be connected to existing datacenters or can be peered with other AWS VPNs
- Route 53
- Used for Scalable DNS for answering DNS queries registering Domain names
- Elastic Load Balancing (ELB)
- Supports load balancing of HTTP, HTTPS and TCP traffic to EC2 instances by detecting and removing failing instances
- Direct Connect (for establishing a dedicated network connection from any organization’s premise to AWS)
- For APPLICATION SERVICES
- Simple Email Service (SES)
- For smooth bulk transaction of email sending services
- Cloud Search (for fast and highly scalable search functionality)
- Simple Notification Service (SNS)
- For setting up, operate and sending notifications
- Elastic Transcoder (for converting media files to different compatible format)
- API Gateway (for building, publishing and managing different APIs)
- Simple Workflow Service (for managing the workflow by ensuring tasks are executed reliably, in order and with no duplication)
- For ADMINISTRATION and SECURITY
- Directory Service
- Enable single sign-on and policy management for EC2 instances and applications
- Identity and Access Management (for providing role based access to users to access AWS)
- AWS Service Catalogue
- Create and manage catalogs of IT services that are allowed to be used on AWS
- Maintaining compliance and corporate standard requirements
- AWS CloudHSM
- Dedicated hardware security module in AWS with validated government standards for secure key management
- AWS Key Management Service
- Centralized management of organization’s encryption keys but encryption part is managed by a particular organization itself and not AWS
- There are further tools and solutions in AWS to manage ‘Deploy Codes, Performing Analytics and getting Enterprise Applications like Desktop Workspace, WorkEmail’.
With the above solutions to every need, AWS gives the advantage of the following benefits:
- Low Cost (offers pay-as-you-go pricing with no up-front expenses or long-term commitments)
- Agility and Instant Elasticity (allows to quickly innovate, experiment and iterate, i.e. not to wait weeks or months for hardware, instant deploy new applications, instant scale up as the workload grows, and instantly scale down based on demand)
- Open and Flexible (flexibility to choose the development platform or programming model that is apt as per the nature of any organization’s business)
- Secure (secure & durable technology platform with industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, FedRAMP, HIPAA, and SOC 1 and SOC 2 audit reports)
AWS cloud computing platform provides solutions to its customers:
- Application Hosting (hosting of internal applications through SaaS offerings)
- Backup and Storage
- Enterprise IT (hosting of internal- or external-facing IT applications in AWS’s secure environment)
- Content Delivery (quickly and easily distribution of content to end users worldwide, with low costs and high data transfer speeds)
- Databases (variety of scalable database solutions)
AWS CHALLENGES :-
- Since AWS is a cloud based service i.e. it is dependent on internet, hence the major requirement for maintaining this service is to have a reliable, secure and robust Network Communication. No internet means no AWS services will be accessible i.e. Outages. Organizations like Banking Institutions have a huge disadvantage in going for cloud based services.
- SECURITY and PRIVACY-
- Being a customer to cloud based service provider AWS, there is little less security in terms of managing sensitive data traversing through the Internet. An example is of a company named Code Space after its AWS EC2 console got hacked; its data was deleted and forced the company to shut down forever.
- Though Cloud service provider like AWS is managing and safeguarding the underlying hardware infrastructure of a deployment, but remote access is a particular organization’s responsibility.
But there is an underlying truth that, no system is perfectly secure. One has to carefully weigh all the risk scenarios.
- A few good practices for reducing security and privacy risks:
- The Individual who has access to each resource and service should be tracked and known.
- Data access should be limited based on user’s profile
- Risk-based approach should be taken for securing assets used in the cloud
- Intelligent network protection
- Develop the ability to see through the cloud
- In AWS, every component is accessible through internet and hence, nothing can be perfectly secure. Even the best secured internet based application comes across with certain breaches or incidents in their lifetime. One major flaw in providing AWS service is that no one checks the administration skills of customer organization as all it takes to get started is a valid credit card which in result invites a threat.
- A few good practices to help in minimizing cloud attacks:
- Identify threats by correlating real-time alerts with global security intelligence
- Protecting information proactively
- Automate security through IT compliance controls
- Data exfiltration should be prevented
- Prevention and response strategies should be integrated with security operations
- Rogue projects should be discovered by audits
- Identities should be authenticated
- PLATFORM DEPENDENCIES-
- Different vendor systems and configurations sometimes make it impossible to migrate from one cloud platform to another. Also called Vendor lock-in. This migration could also result in exposing the data to additional security and privacy vulnerabilities.
- A few good practices to minimize dependency:
- Lock-in problems in the cloud can be avoided if proper understanding is taken of what an organization’s vendor is selling.
-  AWS SERVICES RELY ON EBS-
- Few AWS value-added services are built on EBS, and they will fail when EBS fails. Services like Elastic Load Balancer, Relational Database Service, Elastic Beanstalk and others runs on EBS.
In the entire article, we have seen different benefits and challenges of AWS, providing Infrastructure-as-a-Service through cloud. No doubt that even after all of the above challenges, this has grown rapidly in the market as compared to its competitors. The AWS environment has immense potential for many business models. It has not only successfully established many Start-ups but also scales many big MNCs infrastructure and gave growth to their business. As platforms mature and the economies of scale continue to grow, costs will continue to fall and reliability and security standards will improve. AWS has evolved and kept on working towards the innovative solutions to its shortcomings and challenges.  Recently on 27th June, 2016, opening of 2 new data centers (Availability Zones) first in India has shown the focus of Amazon AWS towards the scaling of their global reach. Because of these 2 new zones, the communication and computation time has reduced to way low which was earlier taking too much as communication happening through Singapore zones for Indian based companies. These 2 zones are available with services as EC2, S3, RDS and many more.
At the end the AWS mission summarizes everything which is,
“Enable businesses and developers to use web services to build scalable, sophisticated applications.”