The Data Center

Every company has a "data center" where the company's data is stored and managed. These on-premise data centers are facilities where computer equipment is installed to store, process, and transmit data. Data centers are maintained by a team of professionals who manage access, recovery in case of a failure, backup, encryption, and operational maintenance (MCO).

The MCO is a data replication system that includes several concepts such as the geographical location of the center, physical security and access control, power and environment, network components, computing components, storage components, and service continuity.

The geographical location of the center is important to ensure data security and availability. Physical security and access control are essential to prevent intrusions and data losses. Power and environment are also important to ensure data availability and security.

Network, computing, and storage components are necessary to process and store data. Service continuity is important to ensure data availability in case of failure or natural disaster.

It is also important to have backup facilities in case of a failure or major incident to ensure data security and continuity.

The Cloud ?

The cloud is characterized by:

• On-demand self-service, where resources are provisioned as needed (self-service)
• Broad network access, with servers located around the world and interconnected by fiber optics
• Resource pooling, where instead of having a centralized server, servers are rationalized and a portion of those servers is taken. This results in cost savings through economies of scale.
• Rapid elasticity, which allows for quick scaling up or down of resources without the need to purchase additional hardware
• Measured service, where metrics and analytics are used to monitor resource utilization.

It includes several types of services:

• Software as a Service (SaaS): Accounting software through a cloud-based provider, such as Office 365.
• Platform as a Service (PaaS): Pre-installed platforms available with just a few clicks, such as AWS with pre-installed systems.
• Infrastructure as a Service (IaaS): Provisioning of servers directly.

The cloud has deployment models:

• Private cloud: The same infrastructure as others, but in a private data center.
• Community cloud: For companies with the same software, security standards, etc.
• Public cloud: AWS, Google Cloud, etc.
• Hybrid cloud: A combination of different clouds, such as using AWS for public resources and a private cloud for sensitive data.

What are the advantages? Let's take a look at the following graph:

This graph represents the relationship between the costs of IT resources and their utilization over an extended period. We estimate the cost over time, and as demand grows, so do the budgets. We estimate the cost, and if our estimations are correct, we will have an infrastructure that perfectly meets customer demand.

However, the problem, as seen in blue, is that we have resources that are not being utilized. We have spent money that is not necessary at the moment. Therefore, this is an estimation, and as time passes, we adjust the graph with the reality:

We see that growth is no longer linear, and we have exceeded our budget, often spending more than what we use. This is where the first advantage of Cloud comes in! Cloud allows us to measure consumption and adapt it in real-time rather than on an annual basis. We can, therefore, achieve dynamic scalability, as shown in the following graph:

Cloud enables an adaptive system that adjusts to the purchase of necessary resources in real-time, thus avoiding spending more than what is being used.

Cloud use cases are varied and include development environments, proof of concept demonstrations (POC), website hosting, service continuity and business recovery plans, self-managed backup and archiving, Big Data data warehouses, traffic scaling, machine learning, and migration. Cloud provides a flexible and scalable solution for companies that want to optimize their IT infrastructure while reducing costs and improving productivity.

AWS

Jeff Bezos and his CTO Werner Vogels created Amazon's cloud in 2006, investing billions of dollars in resources and data centers distributed worldwide. Initially used exclusively by Amazon, AWS is now available to everyone.

The AWS consumption model involves providing resources on demand and securing them by distributing them to multiple locations for fault tolerance. You can start based on your needs without any commitment and benefit from simplified maintenance and administration, requiring only one person to maintain what you need. AWS represents secure and flexible computing resources that are available worldwide.

How to Control and Manage Resources

In AWS resource management, there are three methods:

1. The AWS Console, available on the web, provides a user-friendly interface for using AWS services.

2. The AWS CLI allows you to perform actions that are not available in the console.

3. The AWS SDK is an application component that enables applications to authenticate and use AWS resources. The commands are directly integrated into the application code.

Regarding certification, here are some useful information:

• The console is accessible via a website and requires a username and password to log in. This information is permanent.

• The command line requires the use of an access key and a secret key that are provided by the administrator during initial configuration. This information is permanent.

• The SDK uses an IAM role to manage access and credentials, which provides a temporary token. A role is provided for each user to access resources, and this information is temporary.

AWS Console

Here are the different options available when logging into the AWS Console:

1. List of all services that can be used by category
2. Live solution creation through menus that allow you to quickly configure resources in a service
3. Tutorials to better understand the console and its services
4. Ability to pin favorite services directly in the "services" (favorites) tab
5. The console is available by phone and can be installed
6. Alert management system in the navigation bar (interventions on resources, etc.)
7. Analysis of quotas (limits) by service. This limit can be increased, which allows customers to be identified.
8. Management of billing and costs by service
9. Location of current services, so if you want to provision in a particular region, just change this location in the navigation bar.
10. Tip: the North Virginia region includes all available AWS services, while some regions are more limited.
11. Support (documentation, support center, forums, etc.)
12. AWS CloudShell, which provides an instance to store scripts for our developer or system administrator work, at no additional cost.

When we create a group, this allows us to group our resources for a particular account. Thus, when we assign resources for the marketing service, for example, we add tags that allow us to quickly find resources and act on them in a centralized manner.

Regarding AWS credits, if we encounter incidents, Amazon may provide us with credits. If we take training, we can also earn credits, which allows us to obtain free credits for our services. All of this is directly available in the console.

The console provides a unified source for managing our cloud and hybrid resources in web mode.

Command Line Interface

The Command Line Interface (CLI) is an open-source tool that works on Linux, Windows, and macOS. All AWS services are accessible via the command line, with a granularity that is much higher than that of the console. The CLI is very useful for automating deployments and for debugging. It is a tool that you will often use in your projects.

Software Development Kit

It allows:

• Management of infrastructure as code (IaC): this allows provisioning of resources directly from programs (code) hosted in applications.
• Use of the reference API for major programming languages.
• Direct call of AWS services and resources via the CLI.
• Access to numerous documentation, guides, forums, and blogs to facilitate usage and problem resolution.

AWS Services and Root Account

This section will cover the concepts, and we will go deeper into other sections. Here are the lists of present services with their color codes:

We will only list them, and we will go deeper into different sections:

Basic Services:

• AWS Identity and Access Management (IAM): allows identification and creation of authentication rules for AWS services.
• Amazon Virtual Private Cloud (VPC): allows creating a virtual private network to provision resources.
• Amazon Elastic Compute Cloud (EC2): allows provisioning of virtual machine instances.
• Amazon Elastic Block Store (EBS): provides blocking storage for EC2 instances.
• Amazon Simple Storage Service (S3): allows storing objects not attached to EC2 instances.

AWS Integrated Services:

• Elastic Load Balancer (ELB): dynamically distributes incoming traffic to machines waiting for this traffic.
• Auto Scaling: defines dynamic load balancing strategies.
• Amazon Route 53: DNS service that links domain names to IP addresses.
• Amazon Relational Database Service (RDS): relational database service.
• AWS Lambda: serverless service that executes code based on triggers such as actions on services.
• AWS Elastic Beanstalk: allows provisioning a complete platform based on code or application functionality.
• Amazon Simple Notification Service (SNS): allows notifying users by sending SMS and emails.
• Amazon CloudWatch: service for monitoring and measuring services.
• Amazon CloudFront: high-speed content delivery service for resources such as videos and images.
• AWS CloudFormation: infrastructure as code service that allows hosting infrastructure configuration scripts to create environments in a consistent and reproducible way.

Billing

To access your billing, go to the "My Billing Dashboard" accessible from the navbar. You will find a centralized overview of your expenses. To be vigilant, it is recommended to regularly check this section or create alerts to help you track your consumption.

It is important to note that if you use the free version of AWS, some features may not be unlimited. You can check the limits in the console.

To create alerts, access the sidebar of your dashboard, click on "Budgets," and select "Create a budget."

The four options mentioned above allow you to set spending limits to monitor teams and avoid errors that can lead to budget overruns. To illustrate this, let's take the example of the cost budget:

We can then easily define alerts based on:

• The period
• Actual and forecast costs based on a percentage or an absolute value

We can add multiple alerts on this screen based on several conditions. It is important to pay attention to this section to avoid unpleasant surprises!

Note that by default, only the root account has access to billing. However, it is important to note that IAM allows delegation of billing to another member. To do this, go to the Navbar -> My account -> User and IAM role access to billing data -> Edit -> Enable IAM user/role access -> Update.

Now, we can add the IAM role to allow other users to access billing. We will see this in the IAM section.

Cost explorer

It happens that during tests or demos, you forget to delete a service. Don't panic, "Cost explorer" (bookmark it, it's worth it) allows you to retrieve cost reports:

In the graph, when we have a linear expense, it doesn't necessarily give us the information of the region that needs to be decommissioned. To do this, we can click on "Explore costs" and above the graph you can see: regions. Click on it, then we will have a color code per region:

And by adding by service, we can see the service that generates an unwanted expense.