AWS Global Infrastructure, Availability Zone, Region, Data Center ,Local Zone & Edge Locations

 

In the last post, I discussed Cloud Basic concepts and Services model, for today before starting with AWS Global infrastructure,

 

Keep in mind & be passionate that to become an expert & good engineer in future cloud technologies as top skill in the market, first, we need to learn some terminologies & Basic topics that are Building blocks to achieve the main purpose of migrations from on-premises to Cloud & Secure the Network.

For This Today Our Target

·   AWS Global infrastructure?

·   What is Datacenter (DC), Availability Zone (AZ), Region, local zone & Edge Location?

·   Identity & access management (IAM), Alias, user, group & permission, etc.

·   What is virtualization? Hyper visor & its type?

·   Create first EC2 & access

 

AWS Global infrastructure means How AWS Resources (Compute, storage, Network) & Infrastructure are distributed Globally.

 

What is Data Center (DC)?

Building or room contains servers that can be computing, storage or Networking Devices i-e switches, Routers, firewalls, IPS/IDS & Load balancers. It can be owned of any organization or in the cloud service provider. The main purpose is to provide services to end-user customers.

 

Note: In the AWS Cloud there is no Data center terminology used.AWS using AZ, Region, local zone & edge location concepts.

 

What is Availability Zone (AZ)?

Availability zone contains one, two or three Data centers or in other words, multiple Data centers but close to each other like in the same city make Availability zone.

 

Datacenter Inside View

Datacenter Outside View

What is Region in AWS?

·   The region consists of a minimum of three & maximum of six Availability Zones. (The first region was North Virginia launched in 2006).

 

 

To check how many Availabilities zone & Region in AWS globally the latest update will be find in below link

https://aws.amazon.com/about-aws/global-infrastructure/

 

As of today, I am writing this article below are the counts, maybe you are reading later can check the above link for the latest & updated information.

 

In the Below screenshot, there are total 31 Launched regions & 99 Availability zones all over the globe in AWS.Below screenshot for reference.

Click on the green dot actually, this is region will show you the name of the region & number of AZ, etc.

As there are multiple services running in each region to Check services availability region wise click on AWS regional services red highlighted in the below screenshot.

Note that every region has different prices for the same services. It depends on local labor costs, policy & other factors of the country.to check the prices of the service price calculator in AWS, Below the screenshot for reference.

What is Local Zone?

For understanding consider that the local zone is a mini AZ & Extension of AZ to reach nearest location to the end user customer. Actually, in some locations, AZ is very far from the customer then to avoid delay & performance issue AWS launch Local zone to cover more area & near to user. The local Zone is connected with main AZ.

 

What is Edge Location in AWS?

 

Also called point of presence (POP), edge location is used for caching same like the cache server in every country i-e google, Facebook etc. cache server. If someone searches one website for the first time then it fetch data from the main server but for the 2nd time if searching the same website then fetching will be done from the nearest cache, not main server to avoid delay & get fast browsing.

 

Factor impacting region selection

1.    Governance (government/public sector rule in that country, like not leaking/migrate data to another AZ is located in another country)

2.    Latency

3.    Service availability

4.    Cost (every region has different costs for the same services it depends on local labor cost, policy & other factors)

 

Why Global Infrastructure is important?

Let me explain this with an example,

If Customer A had a query that he wants to migrate legacy on promise Data Center to Cloud & asking for Performance & Cost-effective proposal. Then in this case the technical engineer must know all parameters we discussed above to select Best performance & Less cost Region to migrate servers. The technical team should know below points

·   Services availability in nearest region AZ

·   Governance policy

·   Cost

If no strict governance policy, then can choose a far region with less cost but compromise on performance.

 

 

Now let's discuss Identity & access management (IAM).

 

Identity & access management (IAM)

 

Identity & access name show that to identify/verify user & provide access. Actually, IAM is used to create user, groups & assign permission to access the different services.

 

In first post, I explained to you that for practice create a free tier account, if you create an account first time that is root account having administrator full access of all services in AWS.

 

Root user can create IAM users account & assign permission as per their requirements.

 

If there is one migration project one team lead & multiple team members working on different tasks. Like one engineer want to access services A & other required access to service B, then team lead creates user & assigns permission of services accordingly.

 

Normally first create group i-e Developer, Finance. then create users & assign the same department user in the same group.

 

Note: IAM user is not a customer end user but an IAM user is an engineer to develop/migrate applications & build an infrastructure of the organization to cloud.

 

How to Create an IAM user & group?

 

Now let's create one user name New-User1 & create group name New-Group-1 this user is part of this new group & assign administrative access.

Below are the step-by-step process with the screenshot to create a user & group.

Search IAM in the AWS management console & click on IAM

IAM service is a global service.

 

Below On the left side click on users

On right side click on add users

Give username

Below are different options choosing as per your requirement i-e custom password, set new password during first login then next simple steps need to follow.

Now Create group click on Create group as I already created one group name goup1 before.

Write the group name & assign administrative rights from the permissions policies tab, there are total of 853 policies till now search your required one. In our case is administrative.

 

Please note that permission can be assign on both user & group level.

Save the password in your notepad or download One-time showing password recommended to download.

Now login with new user created above,in first portion write the account ID or account alias(will explain in next step just keep reading)

After logging you can verify from right top corner shown in below screenshot. New-User1@clouddc111

You had noted that what's meaning of @clouddc111. this is called an alias.

What is Alias in AWS Cloud?

Alias is a representation of your account number as I have created the alias name clouddc111 against my account number for privacy.

 

How to create Alias, login with root account & click on account

Check below screenshot click on edit green highlighted below account alias.

Now I log in with New-User1 though alias not account number, check below @ sign is showing that login with IAM user not root user.

How to assign permission to a User or group in AWS?

Click on user groups left side then click on permission & assign or search rights/permission as per your requirement & it will automatically apply to all users in that group.

We can change the permission as well like read only etc. With root user

How to access AWS services:

 

·   Console management same we login above with username & password.

·   AWS CLI (need to install AWS cli first, required access key & secret access key for login)

·   AWS Software Developer Kit (SDK)

 

Download & install AWS cli client.

How to create & download access key & secret access key Below are steps.

Go-to user then the security credentials tab & click on Create access key

Download the CSV file.

In the next post we will explain about virtualization, EC2 & how to access these services in detail.

Keep Learning, Keep Reading, Keep Growing. IT & IP is the future.

Interview Questions:

·       What is Datacenter, Availability Zone & Region?

·       Difference between AZ & Region?

·       What is AWS Global infrastructure?

·       What is Identity & access management (IAM)?

·       Root user vs IAM user?

·       IAM User & Group?

·       What is an account alias?

·       How many methods to access AWS services?

·       Which factors impact region selection in AWS?