AWS has Global Services:
- Identity and Access Management (IAM)
- Route 53 (DNS service)
- CloudFront (Content Delivery Network)
- WAF (Web Application Firewall)
Most AWS services are Region-scoped:
- Amazon EC2 (Infrastructure as a Service)
- Elastic Beanstalk (Platform as a Service)
- Lambda (Function as a Service)
- Rekognition (Software as a Service)
Consists of
- Version: policy language version, always include “2012-10-17”
- id: an identifier for the policy (optional)
- Statement: one or more individual statements (required)
Statements consists of
- Sid: an identifier for the statement (optional)
- Effect: whether the statement allows or denies access (Allow, Deny)
- Principal: account/user/role to which this policy applied to
- Action: list of actions this policy allows or denies
- Resource: list of resources to which the actions applied to
- Condition: conditions for when this policy is in effect (optional)
Example:
- 22 = SSH (Secure Shell) - log into a Linux instance
- 21 = FTP (File Transfer Protocol) - upload files into a file share
- 22 = SFTP (Secure File Transfer Protocol) - upload files using SSH
- 80 = HTTP - access unsecured websites
- 443 = HTTPS - access secured websites
- 3389 = RDP (Remote Desktop Protocol) - log into a Windows instance.
- Lock away your AWS account root user access keys!
- Actions that can be performed only by the root user:
- Change account settings (account name, email address, root user password, root user access keys).
- Close your AWS account.
- Change or cancel your AWS Support plan Register as a seller in the Reserved Instance Marketplace.
- TCO (Total Cost of Ownership) represents the total cost of using and maintaining a system over its entire lifecycle.
- It includes direct costs (hardware, software, operational) and indirect costs (training, downtime, inefficiencies).
- Infrastructure costs:
- Servers, storage, networking equipment.
- Software licenses:
- Operating systems, databases, middleware.
- Operational costs:
- Power, cooling, physical space.
- Maintenance and support:
- Updates, patching, vendor support contracts.
- Downtime costs:
- Loss of productivity or revenue due to outages.
- Training and staffing:
- Onboarding and upskilling IT teams.
AWS provides several benefits that lower TCO compared to traditional on-premises IT:
- No upfront capital expenses.
- Pay only for what you use (compute, storage, etc.).
- No need to buy physical servers, storage, or networking equipment.
- AWS handles maintenance and updates.
- Scale up or down based on demand, reducing wasted capacity.
- Avoid overprovisioning.
- AWS services (like RDS, Lambda, or DynamoDB) reduce operational overhead.
- Focus on applications, not infrastructure.
AWS provides tools to estimate TCO and compare costs with on-premises setups:
- AWS TCO Calculator:
- Compares AWS costs with on-premises infrastructure.
- Consider storage, compute, network, and labor costs.
- AWS Pricing Calculator:
- Estimates the costs of AWS services for specific workloads.
- Right-sizing resources:
- Match resource types and sizes to workload needs.
- Use Reserved Instances or Savings Plans:
- Commit to a 1- or 3-year term to get discounted rates.
- Leverage Spot Instances:
- Use spare capacity for non-critical or flexible workloads.
- Enable Auto Scaling:
- Automatically adjust resources based on demand.
- Migrate to Managed Services:
- Use services like Amazon RDS or Lambda to reduce operational costs.
- Focus on how AWS reduces TCO compared to traditional on-premises environments.
- Be familiar with AWS services and their cost-saving features (e.g., Auto Scaling, Spot Instances).
- Know how to use the AWS TCO Calculator for comparison.