Security and Scalability in AWS
AWS has changed the dynamics of cloud services , you no longer need to spend large sums of money on infrastructure , setting up your environment , storage ,integrating various plugins manually and downloading different software on your local machine .AWS has answers to all the above obstacles .
AWS is an Iaas service platform offering various features such as Amazon S3, EC2 ,Amazon Management Services , Amazon DynamoDB,RDMS,Elastic Load Balancer,Elastic File Storage etc. AWS is booming in the IT industry , with over 300 fortune companies leveraging their services toward AWS and accepting the services of the cloud.
Now the point to be asked is why the global world is adapting to the AWS cloud platform ,rather than investing in their individual resources . AWS is the leading cloud service provider believing in the principle of “Security is job zero”.Aws not only promises to deliver services on cloud but also keeps your data safe and secure .As the traffic expands , aws services restructure their scalability and ensures smooth and lag-free traffic .
How does AWS ensure security ?
Amazon provides its subscribers resources listed below that ensures safe and secure cloud services
VPC(Virtual Private Cloud)
The moment you launch your instance in VPC , aws creates an isolated network, disabling the user to communicate with his local machine and creating a site-to-site VPN connection .
Components of VPN :
- VPN connection: A secure and safe encrypted connection between your resources and your VPCs.
- VPN tunnel: An encrypted link where data can flow between the user network to aws cloud .
Each VPN connection includes two VPN tunnels which is used incase of high traffic and one tunnel fails , the second tunnel becomes active .
- Virtual private gateway: A virtual private gateway is a connector , collaborating the on premises to aws network
Security Groups act as firewall for your EC2 instance and control the incoming and outgoing traffic by established ports and protocols .We can alot upto 5 security groups per instance.
Identity and Access Management (IAM)
IAM is a web service on aws that lets the user decide who can access aws resource and manage identities .To implement customized usage of aws by different employees ,identity management practices can be implemented such as
- IAM user :It is an entity that represents a person that is used to interact with aws .
- IAM roles:An entity in aws account reserved with special permission
- IAM groups:IAM groups can be defined as a collection of IAM users ,enabling permission to multiple users in one go .
Amazon Shield is a managed Distributed Denial of Service (DDoS) protection service that provides defense and protection mechanism against unwanted malicious attacks attempted on the applications running on aws cloud ,.The automatic protection from DDoS attack saves the application from downtime response and latency issues.There are two kind of Amazon shield protection subscription namely Standard and Advance .
How does AWS ensure scalability ?
Aws builds the infrastructure of your application following the principle of
“Building today ,keeping tomorrow in mind”.They provide a solution stack not only on the current availability of resources but also anticipate the future requirements and scope of expansion . AWS allows you to increase the size of the resources based on the usage . When the traffic is more , more resources are allotted to the modules and when the traffic is decreased later , the extra resources are retrieved . Elastic Load Balancer is one such service of AWS that supports auto scaling .
Elastic Load Balancer
Elastic Load Balancer automatically diverts incoming traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, Lambda functions, and virtual appliances.
To avoid running out of CPU resource on your instance — which would lead to poor performance experienced by your end users — you would need to deploy another EC2 instance to load balance the demand and process the increased requests.
Auto scaling in Elastic Load Balancer
- With auto scaling, you can configure a metric to automatically launch a second instance when the CPU utilization gets to 75% of the first instance.
- By load balancing traffic evenly, it would reduce the demand put upon each instance and reduce the chance of the first web server failing or slowing due to high CPU usage.
- To use Elastic Load Balancing with your Auto Scaling group, attach the load balancer to your Auto Scaling group. This registers the group with the load balancer, which acts as a single point of contact for all incoming web traffic to your Auto Scaling group.