AWS provides a variety of computing and networking services to meet the needs of your applications.You can provision virtual servers, set up a firewall, configure Internet access, allocate and route IP addresses, and scale your infrastructure to meet increasing demand.
You can use the compute and networking services with the storage, database, and application services to provide a complete solution for computing, query processing, and storage across a wide range of applications.
Contents
- Key Services
- Key Concepts
- Architecture
Key Services
The following are the key compute and networking services:
Amazon EC2
Provides virtual servers in the AWS cloud.
Amazon VPC
Provides an isolated virtual network for your virtual servers.
Elastic Load Balancing
Distributes network traffic across your set of virtual servers.
Auto Scaling
Automatically scales your set of virtual servers based on changes in demand.
Amazon Route 53
Routes traffic to your domain name to a resource, such as a virtual server or a load balancer.
AWS Lambda
Runs your code on virtual servers from Amazon EC2 in response to events.
Amazon ECS
Provides Docker containers on virtual servers from Amazon EC2.
Key Concepts
The following are concepts that you should understand before using the compute and networking services.
Instances and AMIs
Amazon Elastic Compute Cloud (Amazon EC2) provides resizeable computing capacity—literally, servers in Amazon's data centers—that you use to build and host your software systems. An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). From an AMI, you launch an instance, which is a copy of the AMI running as a virtual server on a host computer in Amazon's data center. You can launch multiple instances from an AMI, as shown in the following figure.
When you launch an instance, you select an instance type, which determines the hardware capabilities (such as memory, CPU, and storage) of the host computer for the instance. You can access your instance using its assigned public DNS name or public IP address. The public DNS names for instances are as follows:
The US East (N. Virginia) region
ec2-public_ip.compute-1.amazonaws.com
Other regions
ec2-public_ip.region_code.compute.amazonaws.com
Your instances keep running until you stop or terminate them, or until they fail. If an instance fails, you can launch a new one from the AMI.
You start from an existing AMI that most closely meets your needs, log on to the instance, and then customize the instance with additional software and settings. You can save this customized configuration as a new AMI, which you can then use to launch new instances whenever you need them.
VPCs and Subnets
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS cloud, providing security and robust networking functionality for your compute resources. A VPC closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
A subnet is a segment of a VPC's IP address range that you can launch instances into. Subnets enable you to group instances based on your security and operational needs. To enable instances in a subnet to reach the Internet and AWS services, you must add an Internet gateway to the VPC and a route table with a route to the Internet to the subnet.
We recommend that you launch your EC2 instances into a VPC. Note that if you created your AWS account after 2013-12-04, you have a default VPC and you must launch EC2 instances into a default or a nondefault VPC.
Security Groups
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. You can specify one or more security groups when you launch your instance. When you create a security group, you add rules that control the inbound traffic that's allowed, and a separate set of rules that control the outbound traffic. All other traffic is discarded. You can modify the rules for a security group at any time and the new rules are automatically enforced.
No comments:
Post a Comment