In this article, we will try to understand AWS Global Infrastructure. We will start by learning how users would actually interact with an AWS account along with the concept of AWS Regions, Edge Locations, and Availability Zones and how they are related.
In this write-up, let’s first understand the Accounts and Service layer.
Accounts and Service layer
This layer is all about the account. It represents how to create, access, and manage an AWS account and its services, i.e., from how to interact with AWS account and managing user rights, to how to access and use various AWS services and features.
There are varieties of ways in which we could interact with AWS as developers. It could be AWS Console, AWS CLI, and AWS SDK’s for a variety of different programming languages, like Python, .NET, or Java, etc.
Now, for all the above tools, we need some sort of authentication to interact with AWS. For this, we need to have an account on AWS.
This can have three types of users, as described below.
- AWS Root Account Holder
- AWS Production Account Holder
- AWS Developer Account Holder
Let’s discuss them in detail.
AWS Root Account Holder
This user gets created when you first create an AWS account. So, it is called as “root” user. Its credentials are the email address and password used when signing up for your AWS account. By default, the root user has full administrative rights and has access to every part of the account.
Now, there are some of best practices to use the root account.
- You should not use the root user for daily works and AWS administration.
- You should create another user that has administrative rights for daily works.
- You should always protect your root account with MFA, i.e., Multi-Factor Authentication, like Google Authenticator App or Hardware token that generates MFA token that would be required while signing in, instead of a password.
AWS Production Developer Account Holder
These are the users that can be created (in IAM) with different degrees of access to the “production” AWS account.
These users will interact with AWS Connection Tools which may interact with AWS Infrastructure “Container”, i.e., Production account or development account or they may have cross-account access.
Now, let’s understand how to connect to AWS,
AWS Account Connection Tools
Below are the details for the same.
- AWS Console Management Console
- AWS Command Line Interface
- AWS SDKs
AWS Console Management Console
AWS Management Console (Generally termed as “console”) is the primary means from which we can access and interact with AWS. All the actions done in the console are done through API calls to different AWS services.
AWS Command Line Interface
This is generally termed as “CLI” and is a text-based interface for accessing and administrating the AWS resources. All commands executed using the CLI are API calls.
For using CLI, we require an API key configured.
AWS SDK
AWS provides sever SDK’s for interacting with AWS by using different programming languages, like Python, .NET, and Java, etc. It works similar to the CLI, i.e., by using API keys to interact with AWS environment.
Now, let’s understand AWS Infrastructure model.
AWS Infrastructure Container
This essentially represents the boundaries of AWS. Everything inside this container is part of AWS’s infrastructure including all of its physical networking compounds and services. Everything outside this container represents the items that are external to AWS - that are either connected to AWS or belong to you or your company, i.e., on- premises servers or your personal computer.
Now, let us dive deep into layers.
Physical and Networking Layers
This layer is all about how AWS is organized and how the internal and external communication works with AWS. This layer represents the global infrastructure of AWS in terms of where resources are physically located around the world and how data flows through the AWS network to interact with those resources.
Now, let’s understand two high-level concepts that you should understand in order to work with AWS.
- AWS Edge Location
- AWS Region
AWS Edge Location
It is an AWS data center which does not contain any AWS service; instead of that, it is used to deliver the content to various parts of the world. Example - CloudFront.
CloudFront is a CDN, i.e., Cached items as PDF file can be cached on edge location which reduces the amount of “space/ time/ latency” required for a request from that part of the world.
These Edge locations can be located at different parts of the world for caching requests like CloudFront. And they do not contain any other AWS services like EC2.
AWS Region
This will contain many of the primary infrastructure components and services. AWS Region has built-in codes, like us-east1 which belongs to a region name like US East N.Verginia.
You can switch between regions by selecting the desired region for creating different services and applications.
Note - It is not necessary that you find all AWS services in every region. Some AWS services are present globally, i.e., these services will be available for all the regions like IAM, as shown in the below picture.
AWS Regions are geographically separated spaces. AWS is made of regions which are the grouping of independently separated data centers in a specific geographical region known as “Availability Zone”.
An AWS Availability Zone provides the foundation for things like High-Availability and Fault-Tolerance for our application. Availability of regions allows the architect to design applications to conform to specific laws and regulations for a specific part of the world.
A service available to a region will be available to all Availability Zones of that region.
Availability Zone
Availability Zones which are termed as AZs, work together in the region to make up a collection of your AWS resources.
AZs help properly designed applications to utilize multiple availability zones for fault tolerance and failover, i.e., if any AZ is facing some issue or data center within AZ is having some problem, they will be able to rely on other AZs to maintain the availability of your application.
These AZs have direct low latency connectors between each AZ in region. Each AZ is isolated from another AZ to ensure the fault tolerance.