Well-Architected Framework (WAF) - AWS

 The Well-Architected Framework (WAF) is a set of best practices and guidelines developed by AWS to help customers build and operate reliable, secure, efficient, and cost-effective systems in the cloud. The WAF provides a structured approach for customers to evaluate their workloads against established best practices, identify areas for improvement, and make informed decisions about how to implement changes.

The WAF consists of five pillars:

👉Operational Excellence: This pillar focuses on improving the ability to run and monitor systems, and to continually improve processes and procedures.

👉Security: This pillar focuses on protecting information and systems, and ensuring compliance with relevant regulations and standards.

👉Reliability: This pillar focuses on ensuring that systems are resilient, can recover from failures, and can meet business requirements for availability and performance.

👉Performance Efficiency: This pillar focuses on optimizing resource utilization and ensuring that systems can scale to meet demand.

👉Cost Optimization: This pillar focuses on minimizing costs and maximizing the value of resources.

Explanation

Operational Excellence: This pillar is focused on enabling an organization to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. It involves defining and automating processes, establishing procedures for change management, and monitoring the overall health of systems. Operational excellence also requires setting goals and metrics to measure progress, creating and maintaining runbooks, and establishing mechanisms for learning and continuous improvement.

Security: This pillar is focused on protecting assets and systems while delivering business value through risk assessments and mitigation strategies. It involves identifying and prioritizing security risks, implementing security controls to mitigate those risks, and monitoring for security events. Security best practices also include employing identity and access management controls, implementing network security controls, encrypting data, and establishing incident response procedures.

Reliability: This pillar is focused on ensuring that systems can recover from failures and can meet business requirements for availability and performance. It involves building systems that can automatically recover from failures, setting service level objectives (SLOs) and service level agreements (SLAs), and implementing continuous testing and validation. Reliability also requires monitoring and logging systems to identify issues before they affect customers, and designing systems with a clear understanding of dependencies and their impact on overall system reliability.

Performance Efficiency: This pillar is focused on optimizing the use of computing resources to meet business needs in a cost-effective way. It involves understanding the performance characteristics of systems and identifying areas for optimization, such as by choosing the right instance types, configuring auto-scaling, and implementing load balancing. Performance efficiency also involves monitoring resource utilization and identifying opportunities to optimize workloads and minimize costs.

Cost Optimization: This pillar is focused on managing costs while delivering business value. It involves understanding the cost of different AWS services and making informed decisions about resource allocation, such as by choosing the right storage types, optimizing network usage, and implementing serverless architectures. Cost optimization also involves identifying and mitigating inefficiencies and waste, such as by removing unused resources, rightsizing instances, and leveraging AWS cost management tools.

AWS services with a brief description !!

Amazon Elastic Compute Cloud (EC2): Provides scalable compute capacity in the cloud, allowing users to launch virtual machines (VMs) with different configurations.

Amazon Elastic Block Store (EBS): Provides persistent block-level storage volumes for use with EC2 instances.

Amazon Simple Storage Service (S3): Provides scalable object storage for any type of data, with built-in security and data protection features.

Amazon Relational Database Service (RDS): Provides managed relational database services for MySQL, PostgreSQL, Oracle, SQL Server, and others.

Amazon DynamoDB: A NoSQL database service that provides fast and predictable performance with seamless scalability.

Amazon Elastic Kubernetes Service (EKS): Provides managed Kubernetes clusters that can be easily deployed, managed, and scaled on AWS.

Amazon Elastic Container Service (ECS): Provides a highly scalable, high-performance container orchestration service that supports Docker containers.

Amazon Virtual Private Cloud (VPC): Provides a private and isolated network environment within the AWS cloud.

AWS Lambda: A serverless compute service that allows developers to run code without provisioning or managing servers.

Amazon CloudFront: A global content delivery network (CDN) that accelerates the delivery of static and dynamic web content.

Amazon Route 53: A scalable and highly available DNS service that can be used to route traffic to AWS resources or external resources.

Amazon Simple Queue Service (SQS): Provides a message queuing service that enables decoupling and scaling of microservices.

Amazon Simple Notification Service (SNS): A fully managed messaging service that enables the publication and delivery of messages to subscribers.

Amazon Elastic File System (EFS): A fully managed file storage service that provides scalable and highly available file storage for use with EC2 instances.

Amazon Simple Workflow Service (SWF): Provides a fully managed workflow service that enables developers to build applications with coordinated, distributed tasks.

Amazon Glacier: A secure, durable, and low-cost storage service for data archiving and backup.

Amazon Simple Email Service (SES): A cost-effective email service that enables developers to send and receive email using their own email addresses and domains.

Amazon Kinesis: A fully managed service for real-time processing of streaming data.

AWS Elastic Beanstalk: A fully managed service that makes it easy to deploy and scale web applications and services.

Amazon Redshift: A fast, fully managed, petabyte-scale data warehouse service that makes it simple and cost-effective to analyze data.

Amazon WorkSpaces: A fully managed, secure, and scalable desktop as a service (DaaS) solution.

Amazon Elastic MapReduce (EMR): A fully managed service that makes it easy to process large amounts of data using open-source data processing frameworks such as Hadoop and Spark.

AWS Snowball: A petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of AWS.

AWS IoT Core: A fully managed service that enables secure and reliable communication between devices and the cloud.

Amazon QuickSight: A fast, cloud-powered business analytics service that makes it easy to build visualizations, perform ad hoc analysis, and quickly get insights from data.

Amazon Connect: A cloud-based contact center service that enables businesses to deliver superior customer service experiences.

Amazon Neptune: A fast, reliable, and fully managed graph database service that makes it easy to build and run applications that work with highly connected datasets.

AWS Batch: A fully managed service that enables developers to run batch computing workloads on the AWS Cloud.

Amazon AppStream: A fully managed, secure application streaming service that allows users to stream desktop applications to any device.

Amazon Elastic Inference: A service that allows users to attach low-cost GPU-powered acceleration to EC2 instances to reduce the cost of running deep learning inference.

Amazon Transcribe: A fully managed automatic speech recognition (ASR) service that makes it easy to add speech-to-text capabilities to applications.

Amazon Translate: A fully managed neural machine translation service that enables businesses to easily translate text between languages.

Amazon Polly: A text-to-speech service that uses advanced deep learning technologies to synthesize speech that sounds like a human voice.

Amazon Comprehend: A natural language processing (NLP) service that makes it easy to extract insights and relationships from text.

AWS Glue: A fully managed extract, transform, and load (ETL) service that makes it easy to move data between data stores.

AWS CloudFormation: A service that allows users to create and manage AWS resources with templates.

AWS CloudTrail: A service that enables governance, compliance, operational auditing, and risk auditing of AWS accounts.

AWS Identity and Access Management (IAM): A service that enables users to manage access to AWS services and resources securely.

AWS Certificate Manager: A service that makes it easy to provision, manage, and deploy SSL/TLS certificates for use with AWS services.

AWS Key Management Service (KMS): A service that allows users to create and control the encryption keys used to encrypt data.

AWS Artifact: A service that provides on-demand access to AWS compliance reports and certifications.

Amazon Macie: A fully managed service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS.

AWS Security Hub: A service that provides a comprehensive view of security alerts and compliance status across AWS accounts.

AWS Shield: A managed DDoS protection service that safeguards applications running on AWS.

Amazon GuardDuty: A threat detection service that continuously monitors for malicious activity and unauthorized behavior.

AWS WAF: A web application firewall that helps protect web applications from common web exploits.

AWS IoT Analytics: A fully managed service that makes it easy to run sophisticated analytics on IoT data.

AWS IoT Greengrass: A software that allows local devices to run AWS Lambda functions, process device data locally, and sync with the cloud.

AWS IoT Things Graph: A service that allows users to easily create and deploy IoT applications that integrate multiple devices and services.

AWS IoT Device Defender: A fully managed service that audits the security and compliance of IoT devices connected to AWS.

How did I clear my AWS Solution Architect - Associate exam !!

In this blog post, I'll be sharing my personal journey on how I prepared for the AWS Solution Architect - Associate exam. I'll discuss the resources and tools that I used, as well as the strategies that helped me to pass the exam on my first attempt.

Firstly, I started with the official AWS training materials, which provided a solid foundation of knowledge on the AWS services and concepts covered in the exam. I also used online courses (Udemy: trainer: Stephane Maarek), workshops (Company provided Training), and whitepapers (AWS website), which were incredibly helpful in building my understanding of the various AWS services and how they work together.

Next, I gained hands-on experience with AWS by creating a free-tier account and practicing with the services covered on the exam. I created EC2 instances, configured VPCs, and practiced connecting different AWS services, which helped me to gain practical experience and better understand the services in a real-world scenario.

To further solidify my knowledge, I used practice exams that simulated the actual AWS Solution Architect - Associate exam. These practice exams helped me to identify areas where I needed to improve and get familiar with the types of questions that I could expect to see on the exam.

I had gone through various AWS re:Invent Youtube videos on various AWS services. (Good to view, but not an essential to clear the exam)

Lastly, I had gone through AWS FAQs for each topic, where I got more clarification on different AWS services. This helped me to gain new insights and perspectives on different AWS topics and concepts, as well as build my confidence.

In conclusion, preparing for the AWS Solution Architect - Associate exam requires a combination of theory, practice, and collaboration. By following these strategies and using the resources and tools available, I was able to pass the exam and achieve my certification.

How HTTPs (ssl) works!

A very nice description of the the same is given in the Stackoverflow. Please refer the below link:

https://stackoverflow.com/questions/6241991/how-exactly-https-ssl-works

Design Document for Hotel Search in Microservice based Architecture

Hello everyone, I just created a small design document for Hotel Searching sites (e.g. like Trivago).

• Vacation Aggregator system is very popular internet-related services and products in the hotel solution.
• While designing this solution many challenges were encountered like segregating the services into microservices as per the business logic, design relationship between entity, identifying key attribute, operations to be performed by user, user hotel search and reservation.
• Following are the components identified in this solution

 Actors :- User, Hotel service provider, Administrator

 Benefits of Solution:- Reusable, extendable, maintainable

Design decisions /patterns Used

1. Layered architecture is used to simplify the user interface. 
• Service layer which provides Centralizes external access abstracts internal implementation.
• Business layer handles the business rules of each microservices services
• Data access layer simplified access of the database.
2. Design pattern used 
• Facade design pattern is used to help client applications to easily interact with the system and provide an interface to a set of interfaces in a subsystem
• Singleton design pattern ensures a class has only one instance and provides a global point of access to it.
• Adapter design pattern is used to convert the interface of a class into another interface the application expects.
• Microservices Orchestration Pattern that acts as the “orchestrator” of the overall service interaction.

Diagrams

Use Case

Component Diagram

Class Diagram

Sequence Diagram

ER Diagram


Let me know if you have a better suggestion. Thanks. ✌

OpenALM

OpenALM is a centralization of Authentications.

• It gives SSO features.
• OpenALM is a User Repository where User information are created.

Policy Agent has a cache so if one request contains 25 pages link to bee opened then it will not request 25 times in OpenAM instead cache for 25 is created inside "Policy Agent".

Below is the description