You are here

Understanding AWS Services.

Overview

Amazon Web Services provides computing and infrastructure resources which are designed to serve virtually every computing need imaginable. The list of services grows continually and the list is understandably daunting to beginners or those who understand hosting in "traditional" means. Burris Builder aims to simplify the process of taking advantage of elastic infrastructure Amazon Web Services provides. To wit, this section intends to provide a crash course in the services which are applicable to common needs when building a website host.

IAM

IAM handles permissions allocated to each resource available to AWS. These permissions are handled by policies, which are assigned to two primary categories: users and roles.

Users may either be people with access to the AWS console, for instance, or only used by scripts which provide credentials in order to verify permission to run certain tasks. A user may be granted or denied access from broad or granular levels. For instance, admin access may be granted for complete control over multiple services, or only given access to Ec2 services. Further specific permissions for each service exist to allow creation, but prevent deletion, for instance.

Roles are created in order to be assigned to an Ec2 service. Once a role is created, it is assigned directly to an Ec2 instance upon launch, which allows that instance to perform tasks allowed by the role's policy. This is generally the preferred way for an instance to obtain permissions.

Policies

Route 53

Route 53 is the name server service for AWS. It's how example.com gets pointed to your particular server. Route 53 resolves name records, mail records or any other records associated with a domain. In traditional hosting, this is ns1.example.com and ns2.example.com provided by your hosting company. In the case of AWS, you are provided with 4 name servers, which are in geographically diverse locations. After initial setup, this service is manipulated for you by Burris Builder when building websites.

Ec2: Web Server

Ec2 is a general compute service; the core service of AWS. When you launch an Ec2 instance, you are creating a computer on demand, which you may serve any purpose you like. In the case of Burris Builder, we're using an AWS Linux operating system to build a LEMP stack to serve websites, but you may create any flavor of Linux or Windows you like. Ec2 instances are created with an AMI or Amazon Machine Image which is an entirely complete and exact image of a computer. These images may be captured by you in order to save and re-launch any customizations you have made, they may be provided by AWS, or you may choose from an entire marketplace of options in the AWS Marketplace.

RDS

RDS is a compute service run exclusively as a relational database. Burris Builder uses MySQL databases, but you may also choose from Oracle Microsoft or PostgreSQL Databases (and soon Aurora). Running a service dedicated as a database allows for extra functionality for efficient management. You can easily create read replicas for increased performance or a Multi-AZ database, which creates a failover database in a physically separate zone in case of maintenance, updates or failure.

CloudFront: CDN

A Content Distribution Network (CDN) is a series of server clusters, called "points-of-presence" located in a variety of locations across the globe, designed to quickly deliver your assets or pages This method of delivery also dramatically reduces load on your central web server as assets are no longer delivered from your web server, but from a cached location which is closer to your customer, from a server which is optimized for rapid delivery. .

The CloudFront CDN has the additional advantage of having a Persistent TCP connection to each origin within AWS, reducing time for the "handshake" to take place while an origin connects with its point of presence.

Finally, like every AWS service, you pay only for what you use. If an origin sites idle you are not charged for it. You only for what you use, even if that amount is well under a single dollar.

SES: Bulk Email Service

How do you know if your email will land in an in-box instead of a junk email folder? If your business scales and hundreds of thousands of emails are being sent out for confirmations, password resets or other interactions, this takes considerable resources from a server resource standpoint, and creates considerable management to make sure your mailing IP addresses are cleared. Amazon SES simplifies this by providing a high capacity, managed STMP endpoint for you to send emails, and simple ways to create DKIM verification records in Route 53 to help ensure you messages go where they're supposed to.

Additionally, SES provides reports on deliveries, bounces, complaints and rejects and allows alerts based these reports.

S3: Storage Buckets

S3 is for storing things. It is a hard drive which stores items in "buckets" which you create, but unlike EBS, it does not need a server to accept or deliver files and is only as big as it needs to be. You are charged only per gigabyte of information stored and you can store as much as you want without having to pre-emptively allocate that space.

Files stored inside of an S3 bucket may optionally be given web address to publicly access files over the Internet, or they may only be open to IAM users with enough permission. Finally, files inside of S3 may be versioned, so you may refer to previous versions of files.

SNS: Alerts

SNS or Simple Notification Service, sends out notifications to other services or to the people maintaining the infrastructure. Under more traditional communication methods, SNS will send out emails or text messages according to events you create. You may decide what constitutes an event, in the infrastructure ranging from errors discovered, log patterns encountered or changes within the infrastructure.

VPC: Network Structure

This is commonly one of the more challenging topics for those arriving from traditional hosting. A VPC is a logical grouping of servers and services. Along with security groups, this allows you to dictate what servers are allowed to communicate with, such as public access to the Internet or access to other servers.

If your account was created before September 2013, you still have access to a "classic" account and may build resources outside of a VPC. If your account was created after September 2013 a VPC, along with assorted setting and defaults are automatically created for you. Every service you build will automatically be built inside of a VPC.