In my previous post, I gave an overview of public cloud infrastructure. To summarize:
Regions- These are various places around the globe where AWS maintains data centers.
Availability Zones: Each region is made up of multiple availability zones. An availability zone consists of one or more data centers colocated in a region. No two availability zones can share the same data center. Hence, the failure of one AZ does not affect another. Datacenters/Availablity zones are made up of compute/network and storage resources.
VPC(Virtual Private Cloud): VPC is a logically isolated network made up of resources for a particular customer. A single availability zone would be made up of multiple VPCs. Each of these VPCs will belong to a different customer.
It is amazon's responsibility to maintain tenant isolation i.e resources/data from different VPCS are isolated from each other even though they might run in the same Availablity Zone and physical hardware. However, the customer is responsible for his slice of the public cloud i.e his VPC.
Note: Look at https://aws.amazon.com/compliance/shared-responsibility-model/ that gives a good overview of the shared responsibility model.
To understand VPC, let's look at a simple multitiered application the voting app, and try to understand what it would look like when it's deployed to the cloud.
The Voting App
The voting app is really simple- users vote for either "Cats" or "Dogs" on the voting app page.
The votes are saved to an in-memory Redis cache and periodically written to DB by the worker. There is another webpage "results"- which displays the results of the vote.
Cloudifying the voting app by deploying in VPC
For the sake of discussion let's assume that somehow this app has become immensely popular in a certain region (say India) and you have decided to cloudify it. Let's look at cloudifying this app step by step:
As most users of this app will be from India- we can run this app in ap-south-1 region (Mumbai). The ap-south-1 region is made up of 3 availability zones- AWS automatically chooses an Az.
2. Deploying cloud resources- The voting app requires the following resources:
a) Voting-App, Result-app: Each of these are separate EC2 instances (Linux) running an apache webserver on Linux.
b) Worker: Linux EC2 instance.
c) AWS RDS (Relational database service) for PostgreSQL.
d) AWS Elasticache with Redis.
Once the resources are deployed here is what it looks like logically.
3. Various components of the voting application need to be able to communicate with each other and hence an IP address is required for each of these components. Each VPC by default is associated with a CIDR block. Instances/Services running inside VPC are given an IP from the CIDR block and can communicate with each other. For sake of simplicity, we can assume the components in the above diagram belong to the same subnet. However, if desirable CIDR block can be subnetted and routes can be added to the VPC router.
4. In addition to being able to communicate with each other, some of these components might require connection to the internet for updates, allowing admins SSH access, etc. For this purpose, a software router runs in the VPC which contains a default route to the internet- in addition to routes for various subnets within VPC.
5. The voting-app and results-app instances require public IP addresses- an elastic IP can be mapped to each of these instances.
6. Finally, our super complex voting app requires a domain name so that voting-app and result-app can be accessed with the names "vote-app.supervote.com" and "result-app.supervote.com". AWS offers Route 53 that enables DNS registration and the addition of DNS records.
With this, our deployment of the voting app in AWS is complete. Of course, I haven't described any security aspects like creating web application filters or IAM policies as these are separate topics by themselves.
In the coming weeks, I will be writing about various cloud services with some practical examples. This article is first in the series. Do comment and let me know your feedback.
Thanks for your time and have a great week ahead.
Good one
Super...good