As a Beginner, we usually start to learn with create website/web application as our first application since both of them are common in the industry.
The second step for learn is how to deploy so everybody can see/use our website. As a developer usually we done deploy our application in local using tools like tomcat, XAMPP, etc for debugging/testing purpose. If you want to step up your game, The next step you can deploy your application using public services such as AWS.
Deploying with AWS, we can learn many things since we need to setup all things by our self. I will try to make it as similar as other services since it will make us learn more easily. Yes, I know AWS already has some default setup that makes our live easier but for our development, let's learn all the component that makes our application can be access from around the world and how to defend, and cost efficient.
AWS Free tier
When you create a new AWS account, you have many free type of offer from AWS. For maximize your cost, You need to know/learn about that before you start to build/deploy your application on top of AWS.
I already discuss about AWS Free tier before, you can read about that here
Server
The first thing we need to deploy our Application, we need the device that will run and serve our application. For simplicity and familiarity, we can use EC2 or we known as server/VPS.
For EC2, you need to choose AMI(Image) that you will use for your server. Thing AMI like you choose your OS for the server but it's already ready to use. In AWS, you already has set of Image that ready from many OS and Linux Distro. AWS has official distro that officialy maintain by them, It's called Amazon Linux
In this server, we can do anything that we usually do with our server or local. Thing this server as our computer that already have remove capability. We can install all dependency for our application in this server. When you already more advanced, you can configure your server with configuration management. For more information can read here
Security
As a World class public cloud services, AWS also has a services that we can setup/config the security by ourself. They have more advanced services for security like Guard Duty, KMS, etc but for now, you only need to know about this two services that will help to allow and deny access to your server.
Security Group
Thing security group as your firewall. It has set of rules that control the traffic base on protocols and port number. For example, after you associate a security group with an EC2 instance, it controls the inbound and outbound traffic for the instance.
There are separate sets of rules for inbound traffic and outbound traffic for allowed to reach and leave the resources that it is associated with.
security group work as stateful. It means the rules will work in two-way once you allow the request part, the response also will be allowed.
When you create a VPC, it comes with a default security group that will allow you to access your service internally. You can create additional security groups for each VPC. You can associate a security group only with resources in the VPC for which it is created.
For more information, you can read here
NACL
A network access control list (NACL) allows or denies specific inbound or outbound traffic at the subnet level.
It difference with security group that has stateful type, NACL is stateless. It means when you allow or block traffic, it will not automatic allow/block the response. NACL can also use for deny a traffic. The capability that security group cannot do. NACL suitable for handle DDOS Attack.
For beginning, You can use the default network ACL for your VPC, or you can create a custom network ACL for your VPC with rules that are similar to the rules for your security groups in order to add an additional layer of security to your VPC.
For more information, you can read here
Network
This is where your traffic from and coming will flow for your application. Thing, this is like a traditional network that you'd operate in your own data center but you operate on top of the scalable infrastructure of AWS.
Some basic service inside VPC that help your application can be access through network is subnet, internet gateway, route table.
There are more advanced service that you can utilize for strengthen your network configuration like Gateways and endpoints, Peering connections, Transit gateways, VPC Flow Logs, etc.
But as a beginner, I think it's enough if you know about the basic service and aware about the advance one.
For more information, you can read here
Bonus: Load Balancer & Database
This two is two different animals compared the others. If we also discuss both, it will add more complexity in term of content of this article and in your beginner architecture.
What you need to know for now is AWS also has a services for load balance the traffic that will handle by our application. It's called ELB. AWS also has services for handle database that called RDS.
So, if you follow this article into the end, you will find your first architecture will looks like this
Conclusion
As a AWS beginner, It's important to know the basic hence you can start to build your application on top of AWS and try to gain more knowledge from there. You can always learn the basic with something you already know and start the journey.
I think that's it for now for this article comparison. Leave a comment below. So, I know about your thoughts! Thanks.
Top comments (0)