Intro
A great calculator for the services used can be found at https://calculator.s3.amazonaws.com/index.html
Amazon is most famous with the virtual server it provides (EC2). However many more managed services are provided on top of it
Servers
Aws virtual servers are called instances – EC2. Computing unit EC2 needs storage utilized by EBS volumes. EBS volumes also come with snapshot capabilities. An EBS snapshot is a point-in-time copy of an EBS volume, meaning that it stores the exact image of an EBS volume at a certain point-in-time.
EBS snapshots are, in fact, stored by default in Amazon S3, but in a separate AWS infrastructure that is not a user-visible bucket. We’ll touch on this more a bit later. If you are already managing workloads on AWS, you certainly know that AWS storage bills can get quite high.
- The cost of EBS snapshots is $0.05 per GB per month.
- S3 storage is in average $0.022 per GB per month
Backups
There are two ways to implement backups of your EC2 instances on AWS:
- If your instance is EBS-backed, you can create the snapshots of the EBS volume.
- Or, you can create an AMI of your instances as a backup solution.
Both the EBS snapshot and the AMI are automatically stored on Amazon S3 which is known for being highly durable and reliable. That is already designed to use as little storage space as possible! Incrimental snapshots explained here.
In 2019 AWS introduced it’s own AWS Backup. It is set up and managed through an AWS Management Console through which users can configure and audit the AWS resources they backup, automate backup scheduling, set retention policies, and monitor recent backups and restores in one place.
Sample prices for the US East region are below:
AWS Service | Warm $/month (S3) | Cold $/month (Glacier) | |
Backup | EFS | 0.05 | 0.01/GB |
EBS | 0.05 | n/a | |
RDS Database | 0.095 | n/a | |
DynamoDB Table | 0.10 | n/a | |
Storage Gateway | 0.05 | n/a | |
Restore | EFS | 0.02/GB | 0.03/GB |
EBS | Free | n/a | |
RDS Database | Free | n/a | |
DynamoDB Table | 0.05/GB | n/a | |
Storage Gateway | Free | n/a |
S3 storage
Simple Storage Solution (S3) – Amazon S3 has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web. Works perfect for Cloud backup with enhanced permission scheme, making it a little more confusing than other cloud backup solutions. It has advanced IAM The cheaper , cold version of storage – Glacier has limits on retrieavel in standart mode (see below)
AWS Glacier
Glacier is AWS cold storage, few times cheaper than S3. There is no native way to move Snapshots to Glacier. EBS snapshots are stored in S3, but that is a “behind the scenes” implementation detail. The snapshots are not visible in an S3 bucket, not are they exposed via the S3 API. So you cannot move them to Glacier.
- Expedited — Expedited retrievals allow you to quickly access your data when occasional urgent requests for a subset of archives are required. Expedited retrievals are typically made available within 1–5 minutes. Provisioned Capacity ensures that retrieval capacity for Expedited retrievals is available when you need it. For more information, see Provisioned Capacity.
- Standard — Standard retrievals allow you to access any of your archives within several hours. Standard retrievals typically complete within 3–5 hours. This is the default option for retrieval requests.
- Bulk — Bulk retrievals are Glacier’s lowest-cost retrieval option, which you can use to retrieve large amounts, even petabytes, of data inexpensively in a day. Bulk retrievals typically complete within 5–12 hours.
S3 Glacier archives have a minimum 90 days of storage, and archives deleted before 90 days incur a pro-rated charge equal to the storage charge for the remaining days.
Free Tier Only Policy for Retrieval: You can set a data retrieval policy to Free Tier Only to ensure that your retrievals will always stay within your free tier allowance, so you don’t incur data retrieval charges. If a retrieval request is rejected, you will receive an error message stating that the request has been denied by the current data retrieval policy.
Max Retrieval Rate can be set to say 1GB/hr which will cost $0.01 per GB. That comes up to $7.20 per month or less (730hrs in a month)
If extended to say 10GB/hr, each GB per hr retrieved will be charged per that predefined charge per Gig.
With both Free Tier Only and Max Retrieval Rate policies, data retrieval requests that would exceed the retrieval limits you specified will not be accepted.
IAM – AWS Identity and Access Management
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. Offered as part of the service with no additional costs.
Best practices include the following:
- Lock Away Your AWS Account Root User Access Keys
- Create Individual IAM Users
- Use Groups to Assign Permissions to IAM Users
- Grant Least Privilege
- Get Started Using Permissions with AWS Managed Policies
- Use Customer Managed Policies Instead of Inline Policies
- Use Access Levels to Review IAM Permissions
- Configure a Strong Password Policy for Your Users
- Enable MFA
- Use Roles for Applications That Run on Amazon EC2 Instances
- Use Roles to Delegate Permissions
- Do Not Share Access Keys
- Rotate Credentials Regularly
- Remove Unnecessary Credentials
- Use Policy Conditions for Extra Security
- Monitor Activity in Your AWS Account
AWS VPC
Amazon VPC is the networking layer for Amazon EC2 . Complete details here
- VPCs are based on Subnets Private subnets with no Public IPs and Public subnets open to Internet via Elastic IP (EIP) or a Network Gateway
- Supported Platforms
- Default and Nondefault VPCs
- Accessing the Internet – Gateway (for whole subnet) or Public IP (per instance) is required for acces of external resources
- Accessing a Corporate or Home Network – IPSec vpn or DirectConnect
- Accessing Services Through AWS PrivateLink
- AWS Private Global Network Considerations
Route 53 – DNS
Advanced DNS with aliaces and internal redirect, too good. Uses CNAMEs and ANAMEs !!
RDS – MS SQL, PostgreSQL, MongoDB, Aurora
CloudWatch
alerting rules along with SNS – simple notification ans SES – simple email notifications
CloudFront – managed CDN
WorkSpaces – Workstations in the cloud
AWS support
help support plans – Developer/Business/Enterprise
AWS