AWS Task2 :- static content delivery by using aws cloudfront service

Task 2 Description - aws

??Create High Availability Architecture with AWS CLI

??The architecture includes- 

? Webserver configured on EC2 Instance

?Document Root(/var/www/html) made persistent by mounting on EBS Block Device.

?Static objects used in code such as pictures stored in S3

?Setting up Content Delivery Network using CloudFront and using the origin domain as S3 bucket.

?Finally place the Cloud Front URL on the webapp code for security and low latency.

All the above steps must be performed using AWS CLI

?? STEP 1 :- Webserver configured on EC2 Instance

? launch amazon ec2 instance :Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Amazon EC2's simple web service interface allows you to obtain and configure capacity with minimal friction.

?What is Apache Web Server?

Apache HTTP Server is a free and open-source web server that delivers web content through the internet. It is commonly referred to as Apache and after development, it quickly became the most popular HTTP client on the web. It’s widely thought that Apache gets its name from its development history and process of improvement through applied patches and modules but that was corrected back in 2000. It was revealed that the name originated from the respect of the Native American tribe for its resiliency and durability.

Now, before we get too in depth on Apache, we should first go over what a web application is and the standard architecture usually found in web apps.

Server Run all the following cmd for configuring apche webserver in linux instance

??STEP 2:- Document Root(/var/www/html) made persistent by mounting on EBS Block Device.

On Linux instance, the Apache web server stores its documents in /var/www/html , which is typically located on the root filesystem with rest of the operating system. Sometimes, though, it's helpful to move the document root to another location, such as a separate mounted filesystem.

An Amazon EBS volume is a durable, block-level storage device that you can attach to your instances. After you attach a volume to an instance, you can use it as you would use a physical hard drive. EBS volumes are flexible.

* create EBS storage to store document root( apache webserver has one folder /var/www/html which store your critical data and website host on the server )data .In case you instance crushed due to some issue that you data also might loss.

* attach your EBS volume with your amazon ec2 instance where you have configure apache webserver.

* Run below cmd. To check your EBS volume attached with your instance or not.

* after your EBS volume successfully attached create their partition .

* format this partition using below cmd

* after partition formatted mount it with apache root folder.

?? STEP 3:-Amazon Simple Storage Service is storage for the Internet. It is designed to make web-scale computing easier for developers.

An Amazon s3 has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any developer access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of web sites. The service aims to maximize benefits of scale and to pass those benefits on to developers.

* create s3 bucket using following cmd

* upload your static content in s3 bucket .

* Static objects used in code such as pictures stored in S3

How to improve S3 latency by paying attention to regions and connectivity

The first takeaway from this is that regions and connectivity matter. Obviously, if you’re moving data within AWS via an EC2 instance or through various buckets, such as off of an EBS volume, you’re better off if your EC2 instance and S3 region correspond. More surprisingly, even when moving data within the same region, Oregon (a newer region) comes in faster than Virginia on some benchmarks.

If your servers are in a major data center but not in EC2, you might consider using DirectConnect ports to get significantly higher bandwidth (you pay per port). Alternately, you can use S3 Transfer Acceleration to get data into AWS faster simply by changing your API endpoints. You have to pay for that too, the equivalent of 1-2 months of storage cost for the transfer in either direction. For distributing content quickly to users worldwide, remember you can use BitTorrent support, CloudFront, or another CDN with S3 as its origin.

?? STEP:- Amazon CloudFront

Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. CloudFront works seamlessly with services including AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing or Amazon EC2 as origins for your applications, and Lambda@Edge to run custom code closer to customers’ users and to customize the user experience. Lastly, if you use AWS origins such as Amazon S3, Amazon EC2 or Elastic Load Balancing, you don’t pay for any data transferred between these services and CloudFront.

You can get started with the Content Delivery Network in minutes, using the same AWS tools that you're already familiar with: APIs, AWS Management Console, AWS CloudFormation, CLIs, and SDKs. Amazon's CDN offers a simple, pay-as-you-go pricing model with no upfront fees or required long-term contracts, and support for the CDN is included in your existing AWS Support subscription.

? Benefits

>> Fast & global

The Amazon CloudFront content delivery network (CDN) is massively scaled and globally distributed. The CloudFront network has 220+ points of presence (PoPs), and leverages the highly-resilient Amazon backbone network for superior performance and availability for your end users.

Amazon CloudFront Infrastructure

The Amazon CloudFront Global Edge Network

North America

Edge locations: Ashburn, VA (6); Atlanta, GA (6); Boston, MA (3); Chicago, IL (6); Dallas/Fort Worth, TX (6); Denver, CO (2); Hayward, CA; Hillsboro, OR (3); Houston, TX (4); Jacksonville, FL; Los Angeles, CA (5); Miami, FL (4); Minneapolis, MN; Montreal, QC; New York, NY (2); Newark, NJ (7); Palo Alto, CA; Philadelphia, PA (2); Phoenix, AZ (2); Salt Lake City, Utah; San Jose, CA (2); Seattle, WA (3); Toronto, ON (2); Vancouver, BC ; Querétaro, MX (2)

Regional Edge caches: Virginia; Ohio; Oregon

• Europe

Edge locations: Amsterdam, The Netherlands (2); Athens, Greece; Berlin, Germany (2); Brussels, Belgium; Bucharest, Romania; Budapest, Hungary; Copenhagen, Denmark; Dublin, Ireland; Dusseldorf, Germany; Frankfurt, Germany (10); Hamburg, Germany; Helsinki, Finland; Lisbon, Portugal; London, England (9); Madrid, Spain (2); Manchester, England (2); Marseille, France; Milan, Italy (3); Munich, Germany (2); Oslo, Norway; Palermo, Italy; Paris, France (5); Prague, Czech Republic; Rome, Italy; Sofia, Bulgaria; Stockholm, Sweden (3); Vienna, Austria; Warsaw, Poland; Zurich, Switzerland (2)

Regional Edge caches: Dublin, Ireland; Frankfurt, Germany; London, England

• Asia

Edge locations: Bangalore, India (3); Chennai, India (2); Hong Kong, China (3); Hyderabad, India (4); Kolkata, India; Kuala Lumpur, Malaysia (2); Mumbai, India (3); Manila, Philippines; New Delhi, India (4); Osaka, Japan; Seoul, South Korea (4); Singapore (4); Taipei, Taiwan(3); Tokyo, Japan (16)

Regional Edge caches: Mumbai, India; Singapore; Seoul, South Korea; Tokyo, Japan

• Australia & New Zealand

Edge locations: Auckland, NZ (2); Melbourne, AU (2); Perth, AU; Sydney, AU (4); 

Regional Edge caches: Sydney

• South America

Edge locations: Bogota, Colombia; Buenos Aires, Argentina; Rio de Janeiro, Brazil (2); Santiago, Chile; S?o Paulo, Brazil (2)

Regional Edge caches: S?o Paulo, Brazil

Middle East

Edge location: Dubai, United Arab Emirates; Fujairah, United Arab Emirates; Manama, Bahrain; Tel Aviv, Israel

• Africa

Edge locations: Cape Town, South Africa; Johannesburg, South Africa; Nairobi, Kenya

• China

Edge locations: Beijing; Shenzhen; Shanghai; Zhongwei

>> Security at the Edge

Amazon CloudFront is a highly-secure CDN that provides both network and application level protection. Your traffic and applications benefit through a variety of built-in protections such as AWS Shield Standard, at no additional cost. You can also use configurable features such as AWS Certificate Manager (ACM) to create and manage custom SSL certificates at no extra cost.

• Protection against Network and Application Layer Attacks

Amazon CloudFront, AWS Shield, AWS Web Application Firewall (WAF), and Amazon Route 53 work seamlessly together to create a flexible, layered security perimeter against multiple types of attacks including network and application layer DDoS attacks. All of these services are co-resident at the AWS edge and provide a scalable, reliable, and high-performance security perimeter for your applications and content. With CloudFront as the “front door” to your application and infrastructure, you are moving the primary attack surface away from your critical content, data, code and infrastructure. Learn more about AWS Best Practices for DDoS Resiliency.

• SSL/TLS Encryptions and HTTPS

With Amazon CloudFront, you can deliver your content, APIs or applications via SSL/TLS, and advanced SSL features are enabled automatically. You can use AWS Certificate Manager (ACM) to easily create a custom SSL certificate and deploy to your CloudFront distribution for free. ACM automatically handles certificate renewal, eliminating the overhead and costs of a manual renewal process. Additionally, CloudFront provides a number of SSL optimizations and advanced capabilities such as full/half bridge HTTPS connections, OCSP stapling, Session Tickets, Perfect Forward Secrecy, TLS Protocol Enforcements and Field-Level Encryption.

• Access Control

With Amazon CloudFront, you can restrict access to your content through a number of capabilities. With Signed URLs and Signed Cookies, you can support Token Authentication to restrict access to only authenticated viewers. Through geo-restriction capability, you can prevent users in specific geographic locations from accessing content that you're distributing through CloudFront. With Origin Access Identity (OAI) feature, you can restrict access to an Amazon S3 bucket to only be accessible from CloudFront. Learn more.

• Compliance

CloudFront infrastructure and processes are all compliant with PCI-DSS Level 1, HIPAA, and ISO 9001, ISO 27001, SOC (1, 2 and 3) to ensure secure delivery of your most sensitive data.

>> Highly programmable

Amazon CloudFront features can be customized for your specific application requirements. Lambda@Edge functions, triggered by CloudFront events, extend your custom code across AWS locations worldwide, allowing you to move even complex application logic closer to your end users to improve responsiveness. The CDN also supports integrations with other tools and automation interfaces for today's DevOps and CI/CD environments by using native APIs or AWS tools.

>> Deep integration with AWS

Amazon CloudFront is integrated with AWS services such as Amazon S3, Amazon EC2, Elastic Load Balancing, Amazon Route 53, and AWS Elemental Media Services . They are all accessible via the same console and all features in the CDN can be programmatically configured by using APIs or the AWS Management Console.

* Setting up Content Delivery Network using CloudFront and using the origin domain as S3 bucket.

* See detail about CloudFront service configuration

??Finally place the Cloud Front URL on the webapp code for security and low latency.

* paste this url on your chrom https://15.207.106.187/web.html and run

thank you for reading .I hope it might help you to understand aws EC2,EBS,S3 storage,and cloudfront services concept :)