Chapter 7 S3: cheap, fast system backups

The previous chapter showed how S3 storage is a relatively cheap option for storing application data, this chapter highlights that it is also a very suitable choice for backups.

There’s a short discussion on why backups are necessary, even when AWS provides fault tolerance and replication of data/resources. Some potential causes of data loss are outlined (e.g. hackers, and administrator errors).

Next, a step-by-step walkthrough is provided of the backup/restore process, namely: 

• back up your EC2 instance to an S3 snapshot (i.e. a replica)

• create an Amazon Machine Image (AMI) from the snapshot

• restore your instance from the AMI 

This chapter provides a good overview of why you should back up your instance, together with details on how to backup and restore it. Notably, it makes the exceedingly valid point that taking backups is all very well, but they must to be tested regularly (i.e. restore it), to ensure they are valid.

Chapter 8 AWS security: working with IAM users, groups, and roles

Security runs through the core of AWS, and this chapter discusses giving various types of user adequate access to resources, together with security best practices (e.g. grant minimum privileges).  

AWS’s security is controlled via Identity and Access Management (IAM), the chapter discusses its various components, namely: 

• Policies – controls who can access what

• Users - an account

• Groups – a group of users

• Roles – assigned permission to access various resources

• Best practices 

The chapter discusses some useful detail on protecting the root user account (which has full control over all resources). Additionally, other best practices are given on the Security Status list within the IAM page (e.g. multi-factor authentication). Next, there are practical step-by-step walkthroughs of creating a user, locking down the root account, and creating a group.

This chapter provides a useful discussion of various security components, which you really should implement if you want to feel confident in your system’s security.

I note the acronym IAM is not defined before being used (but it is defined in chapter 11). I also note the index entry for IAM is Identify and Access Management.

Chapter 9 Managing growth

Using AWS means you don’t need to purchase in-house hardware, however there is still a cost associated with using AWS. You don’t pay for capital expenses (capex) but you do pay for operating expenses (opex), for example rental costs. AWS provides some tools for estimating your usage costs.

The chapter first looks at how you can estimate the true cost of your AWS project, using the Simple Monthly Calculator. The estimate is based on the resources you think you need, together with their expected usage - all presented in a visually pleasing way. The tool is especially useful for considering various what-if scenarios, additionally some template usage examples are given (e.g. Large Web Application). You can see it for yourself here: http://calculator.s3.amazonaws.com/index.html

The other tool discussed is the Total Cost of Ownership (TCO) Calculator. This tool makes a cost comparison between using infrastructure on-premises and on AWS. Based on your current on-premises infrastructure, a similar AWS offering is used for comparison. A useful (and long) report is output – which might be useful for discussions with stakeholders. Again, you can see it for yourself here: https://awstcocalculator.com/

This chapter introduces some very useful tools for cost estimation. I can see these tools being used to tempt shops away from on-premises infrastructure to using the cloud.

Chapter 10 Pushing back against the chaos: using resource tags

Tags are key/value pairs that can be linked to AWS resources, allowing you to quickly identify a resource’s identity and purpose – this can be especially useful as the number of resources increases.

The author shows how security groups, which often increase quickly, can be tagged with more meaningful names than, for example, “launch-wizard-5”. The Tag Editor allows easy searching/filtering of tags – and thus resources.

The chapter ends with a look at how Resource Groups can be created, based on tags, to group resources across your account, allowing easier understanding of your resources. A common usage is in tracking costs.

This chapter provides a useful overview of tags and resource groups, which allow resources to be identified better and facilitates improved system understanding.

Chapter 11 CloudWatch: monitoring AWS resources for fun and profit

Since your AWS system can have a great many components, and these are charged at an hourly-rate, it makes sense to get to know about resource monitoring.  

The first tool discussed is AWS Budgets. There’s a helpful walkthrough on how to create a budget, where you can set a limit on the cost for a given period, and if the limit is breached an alert can be triggered. The cost can be defined in terms of money or resource usage – this can be particularly useful when you want to automatically increase your resource usage as users increase. And of course, tagging resources is a great way to get a clearer picture of resource usage/costs.

Next, CloudWatch is discussed. It underlies AWS Budgets, and in addition to giving greater detail, it is also used for comprehensive understanding of system health and resource usage.

This chapter provides practical detail on how to use the common monitoring tools, which should give you some confidence in the control of your money.

Chapter 12 Another way to play: the command-line interface

Everything that’s been done so far, via the AWS GUI, can also be done via the AWS command line interface (CLI). The CLI is often faster and more efficient, however, the GUI is more intuitive, especially for casual users.

It is argued that in a cloud environment, companies often have many resources, and manipulating these is easier via the CLI. Additionally, the CLI lends itself to scripting (with its many advantages).

The author provides step-by-step instructions on how to install the CLI on various operating systems. Examples on how to use the CLI are given, including: creating new security credentials and choosing an output format. Using multiple AWS profiles, for different types of work, is discussed.

Next, the help system is highlighted. Obviously essential when first getting started, and a useful reference resource subsequently.

The chapter ends with some step-by-step examples of real-life administration tasks (e.g. launching a new EC2 instance).

If you spend a lot of time administering AWS, then learning the CLI is a must. It’s telling that the author much prefers to use the command line rather than the menus of the GUI.