5.1 AWS - Basic - All

AWS Architecture for Super Beginners
A course for IT beginners to learn AWS and infrastructure construction

step by step.
Introduction
Goal of this course
Learn to build fundamental architecture on AWS!
This course is suitable even for those without AWS,

infrastructure, and IT knowledge.
Concept of this course
Not just for learning the features of AWS services and
conducting hands-on AWS creation, but also for learning
the associated IT fundamentals step-by-step.
Hands-on
Gain Fundamental Gain understanding
creation of a web
IT knowledge of AWS Services
system
Building our Real-world Architecture
Route53
CloudFront
10.0.0.0/16
AZ AZ
Public subnet 10.0.0.0/24 ELB Public subnet

10.0.2.0/24
S3
Auto Scaling
EC2 EC2
Private subnet Private subnet

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous replication.
Automatic failover.
MySQL DB server
Contents of the course
Section What you will learn in the sections
Learn the basic concepts of cloud computing

Overview of the Cloud
and AWS. See the scope of the service and how
and AWS
they work.
You will learn about the prerequisite information

AWS Preparation and tools required to use AWS, and conduct first
settings through hands-on demonstrations.
You will learn about VPCs and subnets, which

Network and VPC are services that create network areas where
AWS services are deployed.
While understanding the role of servers, you will

Server and EC2 learn how to configure servers using EC2
instances.
You will learn about domains and the role of

Domain configuration
URLs and DNS servers, and actually register a
and Route53
domain using Route53.
Contents of the course
Section What you will learn in the sections
Learn the basics of databases and SQL and set

Configure RDS
up RDS as our database for WORDPRESS.
You will implement configurations to efficiently

Using S3
store and distribute content on WORDPRESS.
Redundant Using ELB and Auto Scaling, you will improve

configuration with ELB the WORDPRESS configuration to be a
and Auto Scaling redundant configuration.
While setting up content delivery using

CloudFront and ACM CloudFront, configure SSL/TLS certificates using
ACM for HTTPS communication.
Check the services used to manage the

Operational
operation of AWS services and configure
management
CloudWatch and billing management tools.
About AWS usage fees
Very small AWS usage fees will be incurred when
implementing the practical part of this course, but we will
keep the costs as low as possible.
Basic functions such as EC2, S3, and VPC

will be lectured using the free framework.
Use of free tier EC2 and S3 will be paid for if you use
them for a long time, but you can delete
them in a timely manner and use them
for free within the free duration.
RDS has hands-on using the paid version,

Depends on lowest but we will proceed to implement the
cost configuration build in a moment and make it almost
free.
Section Contents
lecture Lecture Description
What is AWS? First, let's briefly review the features of AWS.
What is the As a prerequisite for building infrastructure on AWS, we

infrastructure? will look at the definition of infrastructure.
Why should we use AWS? Find out why you should

Significance of AWS learn AWS and why you should use it.
Overview of AWS Get a complete picture of the 200+ services offered by

services AWS.
Section Contents
To understand how AWS works, this course provides a

Understanding
concise understanding of the virtualization technologies
Virtualization that are prerequisites for using AWS.
To understand how AWS works, you will understand

Cloud Basics how cloud services are provided from virtualization
technology.
AWS Global
Understand the global infrastructure configuration of
Infrastructure AWS.
configuration
Review the billing structure of AWS services and the

AWS Fee Structure basic elements that generate billing.
What is AWS?
What is AWS?
A service that gives you instant access to the functions
you need for infrastructure and app development anytime,
anywhere.
on- EC2
premise (Server)
Server
What is AWS?
AWS provides instant access to infrastructure such as
servers, storage, and databases
on- EC2
premise (Server)
Server
S3
Storage (Storage)
What is AWS?
A great advantage is that it only takes a few minutes to
set up a server and it's free and ready to use immediately.
on- EC2
premise (Server)
Server
✓ Time consuming ✓ Up and running in a

few minutes.
✓ Expensive
✓ Free or paid options
From physical devices to online services
Efficient system management is possible by renting
infrastructure equipment via the Internet.
Data Center
From physical devices to online services
Data Center
Cloud Space
(Internet)
EC2 RDS
Wide range of services
AWS provides the complete set of services necessary for
system construction and operation
Computing Storage Networking Database Security
◼ EC2 ◼ S3 ◼ VPC ◼ RDS ◼ IAM

◼ Lambda ◼ EBS ◼ Route53 ◼ Aurora ◼ GuardDuty
◼ Lightsail ◼ EFS ◼ CloudFront ◼ DynamoDB ◼ Inspector
◼ Fargate ◼ Glacier ◼ Direct Connect ◼ ElastiCache ◼ KMS
◼ Amazon FSx ◼ API Gateway ◼ Redshift ◼ CloudHSM
for windows ◼ AWS Storage ◼ Neptune ◼ WAF
Management ◼ Amazon FSx Gateway ◼ ElasticSearch ◼ Shield
for Lustre ◼ CloudSearch ◼ Artifact
◼ CloudWatch
◼ CloudTrail
◼ Config App Integration Migration and AWS Cost Other
◼ Organizations Relocation Management
◼ AWS Personal ◼ SNS ◼ CodeCommit
Health Dashboard ◼ SQS ◼ AWS ADS ◼ Cost Explorer ◼ CodeBuild
◼ Service Catalog ◼ SNS ◼ AWS DMS ◼ AWS Cost and ◼ CodeDeploy
◼ Well Architected ◼ MQ ◼ AWS SMS Usage Reports ◼ CodePipeline
tool ◼ AWS Snow ◼ AWS Budgets ◼ ElasticBeansStalk
◼ AWS Systems Family ◼ Price Calculation ◼ OpsWorks
Manager Tools ◼ Amazon ECS
◼ AWS Support ◼ Cost Categories ◼ Kinesis
◼ Trusted Advisor ◼ CloudFormation
Cutting-edge technology
Cutting-edge technologies such as AI, blockchain,
quantum computing, AR, VR, etc. are available in the
cloud and can be used immediately.
Block-
IoT AI Robotics Satellites
chain
Quantum Media Virtual

GameTech VR/AR
computing Services desktop
Global expansion
Since AWS haｓ a global infrastructure, we can build
infrastructure and systems around the world
Summary
 AWS is a cloud service provided by Amazon.

 The tool required for infrastructure and application
development are instantly available anytime, anywhere.
 With more than 200 services, AWS provides a
comprehensive set of functions required for application
development and operation.
 Cutting-edge technologies such as AI and blockchain are
also available in AWS.
 Can easily deploy infrastructure globally.
What is Infrastructure?
Cloud
Data Center
Cloud Space
(Internet)
EC2 RDS
What is infrastructure?
The network equipment, servers, and databases that
make up a network are what we call infrastructure.
Data Center
Components of IT (hardware)
The network technologies and computers that make up IT
are our typical hardware.
Components of IT (software)
An operating system is the system software that controls
computer operations.
What is infrastructure?
Infrastructure is composed of both hardware and
software.
What is the cloud?
A system in which infrastructure owned by other
companies is used via the Internet.
We would use the cloud if:
✓ We need a temporary server for a short-term campaign.

✓ We want to to be able to increase the number of servers in response to
increased demand and reduce them in response to decreased demand.
✓ We need a database right now, but don't have time to procure it.
Internet (Cloud)
HW owned by
others Temporarily use parts
of their HW
Summary
 Infrastructure refers to the equipment and software

that provides a specific function, such as servers and
databases.
 Server equipment isn’t just hardware, but also
software can be configured to have functions as a
Server.
 Cloud computing is a system in which infrastructure
owned by other companies is used via the Internet.
Significance of AWS
Significance of AWS
By using the AWS cloud, you can build an infrastructure
immediately.
Datacenter
Cloud
EC2 RDS
Why AWS?
AWS is the overwhelming top leader.

Global Cloud Share
AWS is an overwhelming presence with a cloud share of
over 30% for many years.
2020
Reference：Synergy Research Group

Global Cloud Share
It is also positioned as the top cloud leader in Gartner's
research.
参照： https://japan.zdnet.com/article/35140211/
Why AWS is at the top?
AWS carries out overwhelming R & D.

2019 World R & D Expense Ranking
1st place Amazon 28.8 billion dollars

2nd place Alphabet 26 billion
3rd place Samsung 16.73 billion
4th place Huawei 15.30 billion
5th place Microsoft 14.7% billion
6th place Volkswagen 14.3 billion
7th place Apple 1.58 14.2 billion
Source: https://spendmenot.com/blog/rd-spenders/
Become a Cloud Leader
By releasing the latest services including AI with
overwhelming investment, it is no longer possible for
latecomers to catch up
Latest technology presentation
AWS releases dozens of latest

features and services at re:
Invent
⁃ AWS held "re: Invent 201 ○"
⁃ Microsoft holds "Microsoft Build 201 ○"
⁃ Google holds "Google I / O 201 ○"
⁃ IBM holds "Inter Connect 201 ○" ⇒ It is no longer possible for
⇒In order to check technology trends, it is latecomers to catch up with
essential to track service releases led by AWS
cloud services
参照：https://aws.amazon.com/jp/new/reinvent/
AWS First
When considering IT infrastructure,

you have to be AWS first
AWS First
AWS knowledge is essential for those engaged in IT-
related work
infrastructure
Programmer SE IT Consultant
engineers
AWS skills are a must for all IT professionals

Summary
 AWS is a very important cloud service because it is the

leader in cloud computing.
 The reason why AWS is at the top of the list is that
AWS has been spending many billions of dollars in
R&D to develop new technologies for several years
 The AWS services and features announced at re:Invent
have practically become the world's de facto standard.
Overview of AWS services
How AWS works
It’s a system that allows you to combine
infrastructure/system functions online like blocks to create
the configuration you want.
EC2
(Server)
How AWS works
ELB
(Load
balancer)
EC2 EC2
(Server) (Server)
How AWS works
ELB
(Load
balancer)
EC2 EC2
(Server) (Server)
RDS
(Database)
How AWS works
VPC
(Network)
ELB
(Load
balancer)
EC2 EC2
(Server) (Server)
RDS
(Database)
How AWS works
VPC
(Network)
ELB Route53
(Load balancer) (DNS)
Internet
EC2 EC2
(Server) (Server)
RDS
(Database)
How AWS works
VPC
(Network)
ELB Route53
(Load balancer) (DNS)
Internet
EC2 EC2
(Server) (Server)
S3 RDS
(Storage) (Database)
Key Infrastructure Services
All the services you need to build an infrastructure are on
offer.
Computing
(Server)
Computing
Related services to launch and run servers and other
computing when building applications.
Amazon EC2 Service to set up a virtual server using AWS
Load balancer service that implements traffic control for

ELB EC2 instances
A service that automatically increases, decreases, or

Auto Scaling adjusts EC2 instances (this is called scaling).
A service that allows you to store and execute only

AWS Lambda programming code without a server (called serverless).
VPS （Virtual Private Server） service that provides a

Amazon Lightsail cohesive configuration of virtual servers, storage,
databases, and networking at a low price.
offer.
Computing
(Server)
Storage
Storage
Various types of storage used to store data in AWS
Amazon Simple Storage Object-based storage service for storing large amounts of
Service (S3) frequently used data in the medium to long term.
Amazon Elastic Block Block-type storage dedicated to EC2 instances that can be
Store (EBS) attached to EC2 via the network.
Block-type storage physically attached to EC2

Instance Store Storage for temporary storage of data
Amazon Elastic File A service that provides an NFS file system that is suitable
System (EFS) for storing file data in a directory structure.
A storage service that has the same availability and

Amazon S3 Glacier durability as S3, but at a lower price. Used for data
archiving and long-term backup.
offer.
Computing
(Server)
Database Storage
Database
AWS provides various types of database services as
managed services.
Relational database services compatible with MySQL,

Amazon RDS PostgreSQL, Oracle, SQL Server, and MariaDB
Distributed, accelerated, high-performance relational

Amazon Aurora database compatible with MySQL and PostgreSQL
Key-value and document-based NoSQL databases that

Amazon DynamoDB deliver performance in the millisecond range, regardless of
size
Fully managed in-memory data store compatible with Redis

Amazon ElastiCache or Memcached
A data warehouse that provides a business data analysis

Amazon Redshift platform on AWS
offer.
Networking and content distribution
Computing
(Server)
Database Storage
Service used to set up network and content distribution
and connection to AWS environment
A service to build a virtual networking environment by
Amazon VPC selecting IP address ranges, creating subnets, and
configuring route tables and network gateways.
A content delivery network (CDN) service that delivers
Amazon CloudFront content worldwide through low-latency, high-speed
transmission.
A service that provides DNS server functions for domain

Amazon Route 53 registration and routing.
offer.
Computing
(Server)
Network
office
Database Storage
Service used to set up network and content distribution
and connection to AWS environment
Leased line service that establishes a private connection
AWS Direct Connect between AWS and your data center or office
A service that connects AWS and on-premises

AWS VPN environments via site-to-site VPN using the Internet
Hybrid storage service that extends the storage of on-

AWS Storage Gateway premises environments to Amazon S3
offer.
Identity
Network
Computing
(Server)
Network
office
Database Storage
Identity (user management)
Services that contribute to security and compliance in
AWS
AWS Identity & Access A service to create and manage users who use AWS
Management (IAM) services.
A service that performs consolidated billing and centralized

AWS Organizations management of multiple AWS accounts when using
multiple AWS accounts.
A service that provides an authentication mechanism linked
AWS Directory Service to Active Directory, a typical authentication system for on-
premise environments.
AWS Single Sign-On AWS service that provides users with single sign-on access
(SSO) between on-premises and AWS environments.
A service that provides user authentication functions for

Amazon Cognito web applications built on AWS.
offer.
Identity
Network
Computing
(Server)
Network
office
Database Storage
Security
Security and Compliance
Services that contribute to security and compliance in
AWS
A service to create and manage encryption keys. It can be
AWS KMS
used to control the encryption of a wide range of AWS
(Key Management Service)services and applications.
A service for creating and managing SSL/TLS certificates,
AWS ACM
which encrypts communications by setting up certificates
(Certificate Manager) for CloudFront or ELB.
Firewall services to protect web applications or APIs from

AWS WAF common web vulnerabilities
A service that protects AWS resources from distributed

AWS Shield denial of service (DDoS) attacks.
A threat detection service that continuously monitors for

Amazon GuardDuty malicious operations. Automatic detection using machine
learning is possible.
offer.
Governance and Management
Identity
Network
Computing
(Server)
Network
office
Database Storage
Security
Management and governance (monitoring)
Support tools and services for operation, maintenance,
and support
A monitoring service that can be automatically applied to
Amazon CloudWatch most AWS resources to retrieve metrics values and set
alarms, etc.
Logging and monitoring service to track user activity and

AWS CloudTrail API usage
AWS Personal Monitoring service that displays the status of AWS services
Health Dashboard as abnormal or normal and healthy.
An operational support service that enables integrated

AWS Systems Manager management of monitoring data from AWS and on-premise
environments and automates operational tasks
Management and governance (Support)
and support
A tool that checks whether AWS resources are being used
AWS Well-Architected
in accordance with the five design principles of the AWS
Tool architecture, and provides suggestions for improvement.
A service that automatically evaluates applications on AWS
Amazon Inspector in seven categories, including security, compliance, and
cost optimization.
A configuration management service that evaluates the
AWS Config configuration status of AWS resources and manages the
change history.
Support services for users by AWS staff.

AWS Support Four plans: Basic, Developer, Business, and Enterprise.
Service that provides AWS compliance reports and

AWS Artifact manages contracts with users.
offer.
Identity Cost
management
Network
Computing
(Server)
Network office
Database Storage
Security
AWS Cost Management
and support
Tools to calculate AWS costs, such as a TCO calculation tool,
Price Calculation Tools and a pricing calculator.
Visualization tool to perform AWS cost analysis to

AWS Cost Explorer understand AWS costs and usage and economic efficiency
AWS costs and

Reports to see details of AWS costs and usage
Usage reports
Budget monitoring tool that allows you to set alerts when

AWS Budgets budget thresholds are exceeded for each AWS service.
offer.
Identity Cost
management
Network
Migration and
Computing Relocation
(Server)
office
Database Storage
Network
Security
Migration service
Services used for infrastructure migration and data
migration to the AWS cloud
A service that collects configuration data and usage data of
AWS Application
servers in on-premise environments to help prepare
Discovery Service migration plans.
AWS Database Migration This service is used to migrate databases to AWS in a short
period of time and safely, and is also used to migrate
Service between AWS databases.
Migration support tool that can migrate virtual server
AWS Server Migration
configurations running thousands of on-premise workloads
Service to AWS.
A data migration device that can be carried on-premises to

AWS Snow Family directly retrieve migrated data and carry it to AWS
Application Development Support Services
offer.
Applications Development
Data Analysis
combination Support Services
Application Integration
Services used to control communication between
applications, create flows, and link data.
A Pub/Sub type messaging service. It is used for push-type
Amazon SNS message notifications and alert notifications between
components.
A polling-type message queuing service. Enables

Amazon SQS distributed parallel processing of process operations.
A service that provides the ability to send and receive e-

Amazon SES mail. Email notification functions can be implemented on
applications.
A service to create and manage RESTful APIs and
Amazon API Gateway WebSocket APIs for real-time interactive communication
applications.
Data Analysis
A streaming data processing service that collects,

Kinesis processes, and analyzes streaming data in real time.
An SQL-type data analysis service that allows you to easily

Amazon Athena analyze data in Amazon S3 using standard SQL.
A service that uses distributed data processing tools such

Amazon EMR as Apache Spark to perform petabyte-scale big data
processing at high speed.
Development Support Services
A coding tool for writing and managing code on AWS.
AWS Cloud9 Implement code management in conjunction with Github
and CodeCommit.
Infrastructure as Code service that automates the
AWS CloudFormation provisioning of AWS resources by creating templates for
infrastructure configuration.
NET, PHP, Node.js, Python, Ruby, Go and Docker to deploy
AWS Elastic BeanStalk web applications to AWS resource environments and
automate version control.
A workflow creation and management service that allows
AWS Step Functions you to create execution processes by linking multiple AWS
services such as Lambda functions on a workflow.
A container orchestration service that provides a
Amazon ECS development environment based on Docker containers and
supports application development and deployment.
All the services you need to build an infrastructure are
available.
IoT AI Robotics Satellite Block

chain
AWS IoT Core Amazon SageMaker AWS RoboMaker AWS Ground Station Amazon Managed
AWS IoT Analytics Amazon Polly Blockchain
AWS IoT Greengrass Amazon Lex Amazon QLDB
AWS IoT Events Amazon Lekognition
AWS IoT Button
Quantum GameTech Media VR/AR Work

computing Services environment
Amazon GameLift Elastic Transcoder Amazon Sumerian
Amazon Braket Amazon Lumberyard Elemental MediaConnect Amazon WorkSpaces
Interactive Video Service Amazon WorkLink
Elemental MediaLive Amazon WorkDocs
Summary
 AWS offers more than 200 services and covers almost

all the necessary IT-related functions.
 Among these, it is important to understand the key
services required for IT infrastructure and application
development.
 The latest technologies such as AI, blockchain, and
quantum computing can also be used via the cloud.
Understanding Virtualization
Cloud and virtualization
Cloud is a technological service made with virtualization
technology
Cloud
Virtualized infrastructure
What is virtualization?
Technology to hide the physical infrastructure configuration,
to then divide or intergrate it into virtualized units.
Server
Virtualization Virtualization Virtualization Virtualization

server server server server
A B C D
Server
Virtual storage C
Storage A Storage B
Virtualization mechanism
It is possible to set virtualization software in one physical
server, divide that area, and then use it as an individual
server.
“I bought one physical

server, but it is a waste
because the capacity is too
large to be used in one
system.”
Physical server
server.
• Host type such

Virtualization software as VMware
• Hypervisor type
Physical server
server.
• Each user can use it like

an individual server.
Used as Used as Used as Used as
Individual Individual Individual Individual
Server Server Server Server
• Flexibly to divide the
server area and use it.
Virtualization software
Physical server
Virtualization type
There are three types of virtualization: division,
aggregation, and imitation
Dividing Aggregation Imitation

Divide one physical Aggregate multiple physical Make one physical resource
resource into multiple resources into one look like another
Virtualization Virtualization Virtualization Virtual JAVA

server server server Virtual storage C environment
A B C
Storage A Storage B
Server Server
Target of virtualization
You can virtualize the following resources
• A technique to run multiple OS on one

Server virtualization physical server
• Hypervisor type/VMware type/Container type
• Technology that virtually integrates multiple
Storage virtualization storages to form one large storage pool
• Block level and file level virtualization
• Technology that dynamically builds and
Network virtualization controls a new virtual network using software
• SDN/VLAN
• Technology that transfers PC settings on a
Desktop virtualization server to a remote terminal
• Virtual PC method/Blade PC method
Advantages of Virtualization
Virtualization improves efficiency and flexibility for using
infrastructure
• Server space reduction/data center cost reduction
• Cost reduction through efficient server usage
• Accelerate server set up time
• Flexibility for configuring changes and maintenance
• Improved security
Container
The container is a virtualization method that uses the
kernel of the host machine to isolate processes and users.
EC2 instance EC2 instance Container Container
App App App App
Middleware Middleware Middleware Middleware
Docker manages middleware installation and

Guest OS Guest OS various environment settings by code
Docker engine
(Hypervisor, etc.)
Host OS Host OS
Physical machine Physical machine

Docker
Docker is a platform for creating, distributing, and
running container-type virtual environments.
✓The container uses the kernel of the
Container Container host machine to isolate processes,
users, etc.
App App
✓Docker manages middleware
Middleware Middleware installation and various environment
settings with code
1. Since the coded files are shared,

Virtualization software anyone can easily build the same
(Hypervisor, etc.) environment.
2. Easy distribution and sharing of IT

Host OS environments
3. CI/CD development is possible

Physical machine because it is easy to build and delete
the environment immediately
SDI
SDI (Software-Defined Infrastructure) is a function that
creates a infrastructure configuration with code
SDI
SDI
The infrastructure construction method outlines
configuration by the code such as JSON/YAML, and a
virtual infrastructure can be constructed based on this.
AWSTemplateFormatVersion: '2010-09-09’
Description:
Metadata:
Parameters:
Mappings:
Conditions:
Transform:
Resources:
FirstVPC:
Type: AWS::EC2::VPC
Properties:
Builds Virtual
CidrBlock: 10.0.0.0/16
Tags:
infrastructure
- Key: Name
Value: FirstVPC
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
DependOn：
VpcId: !Ref FirstVPC
InternetGatewayId: !Ref InternetGateway
Outputs:
SDI
Software-Defined Infrastructure (SDI) enhances business
responsiveness
SDI
We can quickly and
flexibly respond to
business changes!
summary
 The cloud is based on virtualization technology.

 Virtualization is a technology that hides the physical
infrastructure configuration and creates a virtual
environment.
 A single server can be divided into multiple servers, or
conversely, multiple servers can be integrated and
used to appear as one.
Cloud Basics
What is the Cloud？
A form of system usage that utilizes hardware/software
etc. owned by other companies via network as necessary
We use the cloud when we:
✓ Want a temporary server for short term campaigns.
✓ Want to increase the number of servers in response to increasing

demand and reduce demand to reduce demand.
✓ Need a database right now, but we don't have time to procure one.
Borrow hardware
through the Internet
(cloud).
Many Servers Temporarily borrow
Owned by
another
hardware etc.
Cloud-based infrastructure services are provided as
services by virtualizing infrastructure.
Practical Practical Practical Practical

Function Function Function Function
Provided Provided Provided Provided
Physical Server
Practical Practical Practical Practical

Function Function Function Function
Provided Provided Provided Provided
Physical Server
AWS data center

Cloud components
The system components provided in the cloud are three
layers: infrastructure, middleware, and applications.
System Architecture
application • Programming developed
(Programming software) application
Application • Packaged software with
Business package software Framework business functions
implemented
System
Security
Operation • Middleware is software
cooperation management that summarizes
Middleware Web/application server commonly used
functions.
/OS The database • Basic software such as
Windows (OS:
OS (Operating system)
operating system)
Server equipment Client terminal • Physical device

Infrastructure (hardware)
Network equipment
• Network line
Five basic features of the cloud
The cloud has five basic features, three services, and
Three provision forms.
5 basic characteristics Overview
✓ Users can install, expand, and configure
servers, networks, and storage as
needed without human intervention
✓ Can be used from various devices such as

PC, smartphones and tablets through the
network
✓ Resources are shared by multiple users and

are dynamically allocated according to the
demand of users.
✓ Resources such as hardware can be

increased or decreased automatically
according to need.
✓ The operating status is constantly measured,

and the usage status can be controlled and
optimized.
✓ Pay-as-you-go according to the measurement
results
Three cloud service types
There are mainly three services, SaaS, PaaS, and IaaS.
Conventional system
Application Application
To rent
(ERP, etc.)
Middleware SaaS
(File system etc.)
OS PaaS Hardware and
(such as Windows) Middleware OS
Hardware To rent
(Server equipment etc.)
IaaS
Application Cloud operator Cloud provider
Procuring all provides
provided by provides hardware Hardware
resources in-house middleware
cloud operator To rent
to develop Purchase
applications In-house ready In-house middleware/OS in-
to use dedicated to house and develop
applications application application
development
Low degree of High degree of

freedom in freedom in
development development
Three provision forms.
There are private clouds and public clouds. In addition, a
hybrid type provision form that uses both in combination
Owned Owned by another company
On-premise (owned) Private cloud Public cloud
A
A A
Owning system X Division Own cloud External cloud
B B
Owning system Y Division
[Form of ownership] [Form of ownership] [Form of ownership]
Owned Owned Owned by another company
【Feature】【Feature】【Feature】
Purchase hardware/software and build Build an in-house cloud platform and share Flexible construction/cancellation by jointly using
system in-house hardware and software between business hardware/software with other companies
units and subsidiaries
Advantages: You can freely control the Advantage: Operation management can be
hardware in-house Advantages: Efficiency of own assets. Free delegated to other companies. Flexible system
control compared to public procurement and construction
Disadvantage: It takes much time to
procure and build. Human resources and Disadvantages: Difficulty in cloud operation Disadvantage: Limited scope of in-house control
costs are required for operation management, reducing the benefits of cloud
management
Flexible use of AWS
No need to purchase physical equipment, so it can be
used quickly and flexibly. Hence, pay-as-you-go and pay
only for what you use.
EC2
✓ Time consuming ✓ Can be up and running in

a few minutes.
✓ Expensive.
✓ Pay-as-you-go
Managed by AWS
There are two types of AWS services: unmanaged and
managed.
Unmanaged Managed
Software configuration Software configuration
scaling (e.g. in scaling (e.g. in

computer graphics) computer graphics)
Backup Backup
Maintenance Maintenance
OS Settings OS Settings
Physical Server Physical Server

Management Management
Managed by AWS
managed.
Unmanaged Managed
 Scaling/ fault tolerance/  Scaling/ fault tolerance/

availability needs to be availability is built into the
configured and managed by the service and managed by AWS
user
[Advantage ] [Advantage]
Flexible configuration Easy to manage
[Disadvantage] [Disadvantage]
Cumbersome to manage Limited settings.
Summary
 AWS data center contains a large number of servers

running virtualization.
 When a user launches a resource such as an EC2
instance, the host server will launch a new virtualized
EC2 instance and provide it to the user via the Internet.
 Based on the scope of management of AWS services,
there are two types: managed and unmanaged.
AWS Global
Infrastructure configuration
How AWS works
You can combine your infrastructure and system functions
with AWS to achieve your desired configuration.
EC2
(server)
How AWS works
ELB
(Load
balancer-)
EC2 EC2
(server) (server)
How AWS works
ELB
(Load
balancer-)
EC2 EC2
(server) (server)
RDS
(Database)
How AWS works
VPC
(network)
ELB
(Load
balancer-)
EC2 EC2
(server) (server)
RDS
(Database)
How AWS works
VPC
(network)
ELB
Route53
(Load
（DNS）
balancer-)
EC2 EC2
(server) (server)
RDS
(Database)
How AWS works
VPC
(network)
ELB
Route53
(Load
（DNS）
balancer-)
EC2 EC2
(server) (server)
S3 RDS
（Storage） (Database)
How AWS works
The AWS service has unmanaged type and managed type
Unmanaged type Managed type
 It is necessary to set and  Scaling, fault tolerance, and

manage scaling, fault tolerance availability is built into the
and availability on the user side service and managed by AWS
【merit】【merit】
Flexible settings Easy to manage
【Demerit】【Demerit】
Management is troublesome Limited settings
How AWS works
AWS service has unmanaged type and managed type
Unmanaged type Managed type
EC2 RDS
(server) （DB）
Global infrastructure of AWS
There are there locations on AWS: Regions, Availability
Zones (AZ), and Edge
Region AZ
Edge location
(twenty four) (76)
(Above 205)
As of 2020 As of 2020
Region
“Regions” are geographically isolated AWS locations in a
country or region
Region
Japan has two regions, Tokyo and Osaka
Osaka local
Tokyo region
region
Region
Each region has physically independent infrastructure
locations
Osaka local
Tokyo region
region
Region
However, the adjacent regions are connected by a
broadband network.
Osaka local
Tokyo region
region
Region
Available services and prices vary depending on the
region.
Eastern US
Seoul region
(Northern Virginia)
You can't use the You can use the latest

latest features functions
Availability Zone (AZ)
The Availability Zone is an independent infrastructure that
constitutes a region.
Tokyo region
AZ
AZ AZ
Two or more AZs in one

region
Each AZ is a separate data center, but the AZs are
connected by low latency links
Tokyo region
AZ
AZ AZ
AZ consists of multiple physical data centers
Tokyo region
Thousands of servers in one data center

AZ
AZ AZ
Virtualizing physical infrastructure in AZ to provide users
with infrastructure functions through internet.
AZ
EC2 instance
For Mr .A
Virtualization EC2 instance

For Mr. B
Therefore, if the AWS service is used only within one AZ,
your service may stop due to the issues with that data
center.
Northern Virginia
AZ
AZ AZ
System using
AWS
infrastructure
Therefore, if the AWS service is used only within one AZ,
your service may stop due to the issues with that data
center.
Northern Virginia
AZ
AZ AZ
System using
AWS
infrastructure
The basic AWS architecture is to divide infrustructure into
multiple AZs to create a highly reliable system configuration.
Northern Virginia
【Recommendation】
Start with two AZs in one region
AZ
AZ AZ
System using
AWS
infrastructure
If you use Multi-AZ, the physical durability will be
improved, but it may limit the linkage and sharing
between systems.
Northern Virginia
AZ
AZ AZ
✓ Some settings are shared only within a
single AZ
✓ Many require settings to link between AZs
Region selection
While considering existing laws and internal regulations,
select a geographically close Region to build an AWS
system
Northern Virginia Region Sydney Region
AZ AZ
AZ AZ AZ AZ
Region selection
Consider the possibility of being affected by the law of the
country in which the region is located
Hong Kong Region
AZ
✓ China can require the

AZ AZ submission of data
according to the request of
the Chinese government
✓ There are restrictions on

exporting data in China
Region selection
Use another region to backup your system for measures
such as Business Continuity Plan (BCP)
Tokyo region East America Region
AZ AZ
AZ AZ AZ AZ
Connection between regions
Dedicated line connection and replica creation are
available between regions
[Collaboration between regions]
✓ Connect via AWS Direct Connect Gateway

✓ Connect with Inter-Region VPC Peering
✓ AMI copy between EC2 regions
✓ Replication between S3 regions
✓ Read replicas between RDS regions
✓ Replica library across DynamoDB regions
✓ Route53 DNS failover
Edge location
Edge locations are a base that is a smaller endpoint and
use cached data
✓CloudFront
✓Lambda Edge
Summary
 AWS has three global locations: Regions, Availability

zones, and Edge locations.
 A region is set up for country or geographical region,
and two or more AZs are set up in a region.
 An AZ consists of one or more data centers, where the
AZ is where the main AWS services are located.
 Edge locations are used to distribute content globally.
AWS’s Pricing Structure
Pay-as-you-go
The advantage of cloud computing is that you only pay for
what you use.
on-premise server
You have to buy from $1,000 (USD)

per unit to over a $100,000.
https://aws.amazon.com/jp/s3/pricing/
Pay-as-you-go
what you use.
on-premise server Cloud EC2 Instance
EC2
You have to buy from $1,000 (USD) Available even for free!
per unit to over a $100,000. Pay-as-you-go billing
Cost factors
what you use.
Region ✓ Regions: Prices vary by region.
✓ Data capacity: Charged according to the amount of

Data capacity data and storage period.
(Per GB)
✓ Charges are based on requests for data.

Request and data (per 1000 requests)
retrieval ✓ Charged based on the amount of data retrieved
(per GB)
✓ Data transfer in: Free

Data transfer ✓ Data transfer out to the Internet (per GB)
✓ Data transfer out from S3 within AWS (per GB)
Volume discount
S3 has a volume discounted price range.
Charged for the time used
Be aware that some services that charge based on the
time you spend using them and charge as soon as you
launch the service!
Free tier
Some functions are available free of charge for 12 months
using the free usage quota.
https://aws.amazon.com/jp/free/?all-free-tier.sort-
by=item.additionalFields.SortRank&all-free-tier.sort-order=asc
Free tier
This is applied by selecting and using the functions
covered by the free usage quota.
Summary
 AWS is a pay-as-you-go system where you are only

charged for what you use.
 You will be charged based on the amount of data, data
transfer out, number of requests, execution time, etc.
 Volume discounts are available for certain services
such as S3.
Section Contents
Check your account settings and operation tools for

AWS Tools AWS operations.
You will learn the basic functions of IAM, which is a

IAM Basics service for managing IAM users who perform AWS
operations.
Increase
Set up MFA authentication, which is recommended to
Authentication increase AWS security, and change the password policy.
security
Create an IAM user Create an IAM user with administrative privileges.

Section Contents
Set up CloudTrail Set up CloudTrail to acquire user access logs
Set up a billing alarm so that you are notified when

Set up a billing alarm your AWS usage exceeds a certain amount.
AWS tools
AWS account
You need to register for an AWS account for AWS
operations.
AWS Account
 An account that serves as the root

user who enters into a direct
contract with AWS.
(called a root account)
 Information required to register
for an AWS account:
-Your email address
-Password
-Contact information
(address and mobile number)
-Credit card information
AWS account
Within a single AWS account, you can add more users by
creating IAM users to be workers.
AWS Account IAM User
 An account that serves as the root  A user that you can create within
user who enters into a direct your AWS account.
contract with AWS.
(called a root account)  IAM users are used for the actual
AWS work.
 Information required to register
for an AWS account:  You share an AWS account for
-Your email address people you will be working with as
-Password IAM users.
-Contact information
(address and mobile number)
-Credit card information
AWS tools
Use the following three types of AWS operation tools
Use specific open-

AWS Management
source Software AWS CLI
console
(SSH software)
AWS Management Console
AWS Management Console is a GUI tool that allows you to
configure AWS from a web screen.
Tools for operate EC2 instances
Operate the installed instance (server) using specific
software for Windows servers, Linux servers, etc.
Operation GUI for Windows servers SSH software for Linux server operation
SSH Software
A communication method and software that executes
internal settings of EC2 instance
Basic operation
The first step is to set up instances in the management
console and manage them with SSH software
AWS Management Console SSH Software

AWS CLI
AWS CLI allows you to control and manage multiple AWS
services from the command line
Summary
 An AWS account is a contractual account, called a root

account; within one AWS account, you can add IAM
users, and use the IAM users for operational work.
 AWS operations are mainly done using the AWS
Management Console and AWS CLI. On top of that,
depending on the resources, SSH software and other
tools are used.
IAM Basics
What is IAM?
AWS Identity and Access Management (IAM) is an
authentication / authorization tool for AWS operation
security.
 Implementation of AWS user authentication

 Access policy settings
 Set individual or group permissions
What is IAM?
IAM is an authentication / authorization tool performing
AWS operation security.
User AWS Service

IAM
User
EC2：○
S3：×
Group EC2
Group
EC2：○
S3：○
S3
What is IAM?
User AWS Service

IAM
User
EC2：○
S3：×
Group EC2
Group
EC2：○
S3：○
S3
What is IAM?
User AWS Service

IAM
User
EC2：○
S3：×
Group EC2
Group
EC2：○
S3：○
S3
Key Topics
Users, groups, policies, and roles are key elements of IAM
Users Groups
Policies Roles
IAM Policy
A configuration document to grant access rights to users
and groups (JSON format document).
Individual ⇒ IAM user AWS Services

IAM
A Policy
EC2: ○
S3: X
Group ⇒ IAM Group EC2
B Policy
EC2: ○
S3: ○.
S3
IAM Policy
IAM policy is set in JSON format
"Allow".
Effect "Deny.
Target AWS services

Action Example: "s3:Get"
Target AWS resources

Resource Written in ARN
Target entity of this policy

Condition (IAM User, group, role)
IAM User
Users can use AWS services allowed by the IAM policy.

IAM
personal
EC2: ○
S3: X
group
EC2: ○
S3: ○.
S3
IAM User
Users on AWS are set up as authorized entities called IAM
users.
• The very first account created when creating an AWS

account
Root account
• Permission to use all AWS services and resources
(Root user) • It is strongly recommended that you do not use the
root user for daily tasks.
• An IAM user who has been granted administrative
Administrative privileges.
authority • This user can have the IAM admin roles.
(IAM user) • However, no permissions will be granted that only the
root account can do.
• Power users are IAM users with full access to all AWS
Power user
services except IAM admin rights
(IAM user) • No permission to operate the IAM
IAM Group
A unit of authority that is set up collectively as a group. A
group is usually made up of multiple IAM users.

IAM
personal
EC2: ○
S3: X
group
EC2: ○
S3: ○.
S3
IAM Role
You can grant access rights to AWS resources as a role

IAM
A Policy
EC2:○
S3: X
B Policy
EC2:○
S3: ○.
C Policy
S3
IAM Role EC2: x
S3: ○.
AWS EC2
service Beanstalk
Data Pipeline, etc.
Recording user activity
A variety of tools can be used to obtain activity records
Analyze S3 buckets, IAM roles, etc., shared with external
IAM Access
entities to identify unintentional access to resources and
Analyzer data that are security risks
Access Advisor
It displays the date and time when an IAM entity (user,
Service Last
group, role) last accessed an AWS service
Accessed Data
IAM authentication information report file with date and

Credential Report
time of use
AWS Config is a service that manages IAM users, groups,

AWS Config
roles, policy change history, and configuration changes.
AWS AWS CloudTrail is a service that logs and monitors

CloudTrail various account activities and API calls.
Best Practices for IAM Authority
Follow best practices when using IAM.
✓ Lock the access keys of the AWS root user and do not use the root
account unnecessarily.
✓ Create individual IAM users and manage them with IAM users.
✓ Use the IAM group to assign permissions to IAM users.
✓ Set only minimum privileges for IAM users and IAM groups.
✓ Instead of creating a new policy, use AWS management policies.
✓ Use a customer management policy, not an inline policy.
✓ Use access levels to verify IAM permissions
✓ Set a strong password policy for your users.
✓ Enable MFA.
✓ Use IAM roles for applications running on Amazon EC2 instances
✓ Use IAM roles to transfer permissions when granting temporary
authentication to a third party
✓ Don't share the access key
✓ Rotate authentication information on a regular basis.
✓ Remove unnecessary credentials.
✓ Monitor the activity of your AWS account.
Summary
 IAM is a tool for user management in AWS.

 The first AWS account you register is called the root
user (root account). It is the only account that can
perform fundamental operations such as contract
management.
 IAM policies are applied to IAM users and IAM roles to
give them permissions to operation AWS resources
Increase Authentication
security
Day 1 settings
You need to take following four actions after registering
for an AWS account
Enable multi-factor authentication

(MFA)
Create an IAM user for the

administrator.
Enable AWS CloudTrail
Enable AWS billing alerts

Increase security on authentication
As a security standard for AWS, it is recommended to
enable multi-factor authentication (MFA).

(MFA)

administrator.

Hands-on content
 Enable multi-factor authentication in the IAM console

screen.
 Install Google Authenticator and set it up as a tool for
MFA.
 Change the password policy in the IAM console screen.
Create an IAM user
Create an IAM user
Normal operation of AWS requires the use of an IAM user,
not a root account.

(MFA)

administrator.

Hands-on content
 Go to the IAM screen in the AWS Management Console.

 Create a new IAM user and set the administrative
privileges through IAM policy.
 Login to the IAM user.
Enable CloudTrail
Setting up CloudTrail
User access logs can be acquired and monitored by
CloudTrail.

(MFA)

administrator.

AWS CloudTrail
A service for logging AWS user operations (API calls and
user sign-in activity)
 Service to track and log root account/IAM user operations

and API calls
 CloudTrail log files are encrypted and stored in S3
 Support for encryption by KMS
 By default, logs are stored for 90 days.
 Free
AWS CloudTrail
User access and API call logs are stored in S3 buckets and
can be analyzed on CloudWatch.
User access EC2
Lambda
API call
RDS
Hands-on content
 Enable CloudTrail trails.

 Configure the S3 bucket where the CloudTrail log files
will be saved.
S3 usage is free under a certain amount data. If the free quota is
exceeded, a fee will be charged.
Set up a Billing alarm
Billing alarm
By setting a billing alarm, you will be notified when your
AWS usage exceeds a certain amount.

(MFA)

administrator.

Hands-on content
 Enable billing alarｍ settings on the billing dashboard

 Set alerts on CloudWatch.
Section Contents
Review the system configuration that we will create

System configuration through each section.
You will learn the basics of networking before learning

Network basics about VPC.
You will learn a basic knowledge of IP addresses, which

IP Address basics is necessary to have a firm grasp of network settings.
Subnet mask You will learn the knowledge required to configure VPC
and subnet subnetting.
You will learn the basics of VPC functions and

VPC Basics configuration methods for setting up a network area on
AWS.
Section Contents
Go to the VPC console screen and use the VPC wizard

Building a VPC to configure the VPC.
Creating a Create a public subnet and set up a route to the

Public Subnet Internet gateway.
Creating a Create a private subnet and route it to the NAT

Private Subnet gateway.
Communication
You will learn about the protocols used to control
Protocol and OSI network communication.
models
You will learn about security groups, which control

Security groups and
instance communication, and network ACLs, which
network ACLs control subnet communication.
Section Contents
Configure network Configure the network ACL settings that control subnet
ACLs communication.
System configuration
Route53
CloudFront
10.0.0.0/16
AZ AZ

10.0.2.0/24
S3
Auto Scaling
EC2 EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Automatic failover.
MySQL DB server
10.0.0.0/16
AZ AZ
Public subnet public subnet

10.0.0.0/24 10.0.2.0/24
Private subnet private subnet

10.0.1.0/24 10.0.3.0/24
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
OS: Linux
EC2 Server: Apache

10.0.1.0/24 10.0.3.0/24
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
OS: Linux
EC2 Server: Apache

10.0.1.0/24 10.0.3.0/24
OS: Linux
EC2 Server: MySQL
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
Apache WEB Server
EC2
MySQL DB server

10.0.1.0/24 10.0.3.0/24
Route53
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
Apache WEB Server
EC2
MySQL DB server

10.0.1.0/24 10.0.3.0/24
Route53
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
Apache WEB Server
EC2

10.0.1.0/24 10.0.3.0/24
RDS
MySQL DB server
Route53
S3
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
S3 Apache WEB Server
EC2

10.0.1.0/24 10.0.3.0/24
RDS
MySQL DB server
Route53
S3
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
MySQL DB server Automatic failover
Route53
10.0.0.0/16
AZ AZ

10.0.2.0/24
S3
Auto Scaling
EC2 EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Automatic failover.
MySQL DB server
Route53
10.0.0.0/16
AZ AZ

10.0.2.0/24
S3
Auto Scaling
EC2 EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Automatic failover.
MySQL DB server
Route53
CloudFront
10.0.0.0/16
AZ AZ

10.0.2.0/24
S3
Auto Scaling
EC2 EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Automatic failover.
MySQL DB server
Network basics
Network for communication
The network enables communication between a client and
a server
② Click on the desired product to purchase

③ A purchase Amazon.com server
request is sent.
Network
⑤ The purchase
completion
screen is
④ The server
returned to the
executes the
client as a server
①Access Amzcon.com URL. purchase
response.
process.
How to send a request
How can you send a request using the Internet to the
server?
request
Your request will not arrive without knowing the server
address.
You must know the address
request
The URL is the address to which the request is delivered
The address is the URL
https://www.amazon.com/
request
How to receive the response
The destination is the URL, but what is the address for
returning a response to the client (the sender)?
Can't identify the client

side because they have The address is the URL
no URL, right?
request
response
How to receive the response
An IP address is used as the address to identify the
sender
IP address is used as a
client side address The address is the URL
172.194.63.15 https://www.amazon.com/
request
response
IP address and URL
The IP address identifies the recipient, and the URL
corresponds to an IP address.
134.128.24.16
IP address and URL
The address of the server to which the request is sent
originally uses the IP address.
134.128.24.16
IP address and URL
originally uses an IP address.
134.128.24.16
https://134.128.24.16
IP address and URL
originally uses an IP address.
It's very hard to

remember if you want to
sent your request to these
IP address every time.
134.128.24.16
https://134.128.24.16
IP address and URL
URL is used as an address by converting IP into a URL so
that you can easily understand and remember it.
134.128.24.16
https://134.128.24.16
Delivery order
Think about what happens when a request is split and
sent several times
I Buy three products
A set of one request

Delivery order
When divided and sent, a request does not always arrive
in the order in which it was sent originally
I Buy three products Buy three I products
Order when sending requests Order when receiving requests
request
Delivery order
If you write the rules that order it when sending, your
request will be received In the correct order
① ② ③ ④
I Buy three products Buy three I products
Order when sending requests Order when receiving requests
request
Delivery order
If rules are set, you can communicate without problems
even if you send data in pieces
① ② ③ ④
Separate data units

Rules, like the sending the
Called a “packet”.
orders, are called
“protocols”.
Delivery order
Separate data transmission enables a large amount of
data transmission, high-speed data transmission, and
real-time data transmission.
① ② ③ ④
Separate data units

Rules, like the sending the
Called a “packet”.
orders, are called
“protocols”.
Data Communication Protocol
A protocol is a procedure or standard for communication
between computers.
Proctol decides the following roles

✓ Sender destination address
✓ Data transmission order
✓ Message ID
Data Communication Protocol
HTTP (Hyper Text Transfer Protocol) is a protocol used
when exchanging information such as documents written
in HTML (Hyper Text Markup Language).
Proctol decides the following roles

✓ Sender destination address
✓ Message ID
Website communication protocol = HTTP

Summary
 A network, such as the Internet, is essential to

facilitate the interaction between clients and servers.
 To communicate over a network, an IP address is used
as the mailing address.
 URLs have their IP addresses converted to a more
usable format.
 Sending and receiving requests is done based on a set
of rules called a protocol.
IP Address basics
Architecture you will build
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24

10.0.1.0/24 10.0.3.0/24
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24

10.0.1.0/24 10.0.3.0/24
IP address
IP addresses are used to identify the location of network
devices and websites.
Request
Communication using
TCP/IP protocol
IP address
172.16.0.10
IP address
IP addresses are unique 32-bit data that cannot be
duplicated.
 They are managed by a non-profit organization called ICANN

 Duplicate IP addresses are not allowed.
 IP addresses are 32-bit numeric data.
 IP address usage range is from 0.0.0.0~255.255.255.255
IP address
The IP address is assigned to the network interface card
(NIC) and attached to the host.
NIC
172.16.0.10
IP address
An IP address consists of a binary 32-bit value, but for
ease of reading, it is written in decimal format.
Decimal 172 16 0 10
notation
Binary 10101100 10000 0 1010

notation
IP address
An IP address consists of a binary 32-bit value, but for
ease of reading, it is written in decimal format.
Decimal 172 16 0 10
notation
Binary 10101100 10000 0 1010

notation
32 bits 10101100 00010000 00000000 00001010

Lack of IP address
IPv4, the most widely used global IP address, is running
out, so there is a shortage of IP addresses.
IP address in IPv4
format
134.128.24.16
Lack of IP address
by using IPv6, near unlimited amounts of IP addresses
can be used.
IP address in IPv4
format
134.128.24.16
To an IP address in IPv6 format

2001:268:c05f:c20e:e0f5:fd5c:9c4f:d7d
Global and private IP addresses
Global IP addresses can be used worldwide, while private
IP addresses can be used only within a limited area.
Global IP address Private IP address
Unique, non-duplicated IP address in Addresses that are used only in one's

the world own place, such as in the office or at
home.
✓ An IP address used for
communication on the Internet. ✓ Limited area of use.
✓ Managed by ICANN. ✓ No duplication within that limited
✓ Must be unique worldwide, cannot area, but duplication is possible
be duplicated globally.
✓ The following IP address ranges
can be set
10.0.0.0 ~ 10.255.255.255
172.16.0.0 ~ 172.32.255.255
192.168.0.0 ～ 192.168.255.255
Global IP addresses can be used worldwide, while private
IP addresses can be used only within a limited area.
Global IP address Private IP address
Unique, non-duplicated IP address in Addresses that are used only in one's

the world own place, such as in the office or at
home.
✓ An IP address used for
communication on the Internet. ✓ Only a limited area of use.
✓ Managed by ICANN. ✓ No duplication within limited area,
✓ Must be unique worldwide, cannot but duplication is possible globally.
be duplicated ✓ The following IP address ranges
can be set
10.0.0.0 ~ 10.255.255.255
172.16.0.0 ~ 172.32.255.255
192.168.0.0 ～ 192.168.255.255
Used to freely assign IP

addresses within a private network
The scope of IP addresses is divided into two main areas
Global IP address
Internet world
Private IP address
The scope of IP addresses is divided into two main areas
Global IP address
Internet world
Need globally assigned IP

it should be unique
Private IP address
Local area administrator

Gives you an IP address
The DHCP server assigns an IP address to the local
terminal and allows you to connect to the network.
Global IP address
Internet world
DHCP
server
Private IP address
The DHCP server assigns an IP address to the local
terminal and allows you to connect to the network.
Global IP address
Internet world
A function called subnet

mask that determines the
range of uses for an IP
address
DHCP
server
Private IP address
Summary
 An IP address consists of a binary 32bit value.

 As IPv4 is running out, so IPv6 is also being used.
 There are two types of IP addresses: global IP
addresses that can be used on the Internet and private
IP addresses that can be used only within a private
network.
Subnet mask and subnet
Subnet and subnet masks
Network range
How to create a private network?
Internet
Global IP Address
134.128.24.16
IP
masquerade
Private IP Address Private IP Address Private IP Address

10.0.0.122 10.0.0.123 10.0.0.124
Network range
It is necessary to define the range of the private network.
Internet
Global IP Address
134.128.24.16
IP
masquerade
Private IP Address Private IP Address Private IP Address

10.0.0.122 10.0.0.123 10.0.0.124
Network range
It is necessary to define the range of the private network.
Network range = range of available IP addresses
Internet
Global IP Address
134.128.24.16
IP
masquerade
[Notation method]
10.0.1.0/16
Network range
The IP address (10.0.1.0) + subnet mask (/16)
determines the IP range. In other words, it determines
the range in which private IP can be used.
Internet
Global IP Address
134.128.24.16
IP
masquerade
[Notation method]
10.0.1.0/16
IP address + subnet mask = IP range
Network range
An IP address range is assigned to the network, which
determines the network range.
AZ
10.0.1.0/16
Public Subnet Private Subnet

10.0.1.0/24 10.0.2.0/24
EC2 EC2
IP address and subnet mask
An IP address is a combination of four 3-digit numbers (0
to 255), each digit represents a set of eight binary values.
[Notation method]
10.0.0.255
8 digits in binary 8 digits in binary 8 digits in binary
００００１０１０００００００００１１１１１１１１１
IP address and subnet mask
The subnet mask is set after the IP address notation. It is
written with slashes and numbers.
[Notation method]
10.0.0.255/24
CIDR（Classless Inter-Domain Routing）
CIDR is a setting method that adjusts the usage range of
IP addresses handled as the same network by subnet
mask.
【 Notation method 】
196.51.XXX.XXX/16
Subnet
The 16th digit from the left indicates
the fixed network range.
The left binary number specified by the subnet is locked
so that it cannot be used, and the others can be used as
IP addresses.
10.0.0.255/8
００００１０１０
⇒Locked！！！
IP addresses.
10.0.0.255/16
００００１０１０００００００００
⇒Locked！！！ ⇒Locked！！！
IP addresses.
10.0.0.255/24
００００１０１０００００００００００００００００
⇒Locked！！！ ⇒Locked！！！ ⇒Locked！！！
You can utilize the remaining numbers that are not locked
by the subnet as valid IP addresses
10.0.0.255/16
００００００００１１１１１１１１１
Network and host sections
The range fixed by the subnet mask is called the network
part, and the available range is called the host part.
10.0.0.0/16
10 0 0 0
10 0 ~ 255 255
Network coverage
10.0.0.0/16
10 0 0 0
10 0 ~ 255 255
Host section
Network coverage
10.0.0.0/16
10 0 0 0
10 0 ~ 255 255
Network section Host section

Network coverage
10.0.0.0/16
00001010 00000000 00000000 00000000
00001010 00000000 ~ 11111111 11111111

Network coverage
The network part is specified by a subnet mask, and the
IP address range is fixed.
00001010 00000000 00000000 00000000
/16
00001010 00000000 ~ 11111111 11111111

You can utilize the remaining numbers that are not locked
by the subnet as valid IP addresses
【 Minimum value 】
10.0.0.0
【 Maximum value 】
10.0.255.255
CIDR
Set a range of IP addresses that is not too large, but with
room for future expansion
10.0.0.255/16
Recommended range (65,534 addresses)

CIDR
The list show combination of IP addresses that can be set
when /XX is set in CIDR
Number of IP
sub-net mask
addresses per subnet
/18 16384
/20 4096
/22 1025
/24 256
/26 64
/28 16
Grouping by subnet
It is difficult to find a specific terminal if many devices are
connected to the local network
I want to send the data to 10.0.0.234!
Local Network
I'm here!
10.0.0.234
Grouping by subnet
Group address ranges by subnet mask to make them
easier to find.
I want to send the data to 10.0.0.234 !
It is in the 10.0.0 subnet, so
Deliver to the network range of 10.0.0 !
Local Network
10.0.0.1 10.0.0.2 10.0.1.1 10.0.1.2 10.0.2.1 10.0.2.2
I'm here!
10.0.0.3 10.0.0.234 10.0.1.3 10.0.1.234 10.0.2.3 10.0.2.234
10.0.0.4 10.0.0.6 10.0.1.4 10.0.1.6 10.0.2.4 10.0.2.6

Grouping by subnet
The range of addresses grouped by this subnet mask is
called a subnet.
Local Network
Blue subnet Green subnet Red subnet
10.0.0.1 10.0.0.2 10.0.1.1 10.0.1.2 10.0.2.1 10.0.2.2
I'm here!
10.0.0.3 10.0.0.234 10.0.1.3 10.0.1.234 10.0.2.3 10.0.2.234
10.0.0.4 10.0.0.6 10.0.1.4 10.0.1.6 10.0.2.4 10.0.2.6

Grouping by subnet
The range of addresses grouped by this subnet mask is
called a subnet.
Local Network
Blue subnet Green subnet Red subnet
10.0.0.1 10.0.0.2 10.0.1.1 10.0.1.2 10.0.2.1 10.0.2.2
I'm here!
10.0.0.3 10.0.0.234 10.0.1.3 10.0.1.234 10.0.2.3 10.0.2.234
10.0.0.4 10.0.0.6 10.0.1.4 10.0.1.6 10.0.2.4 10.0.2.6
10.0.0.0/24 10.0.１.0/24 10.0.2.0/24

Summary
 By setting the subnet mask, you can specify the range

of IP addresses that will be treated as the same
network.
 This IP address range is called CIDR.
 A CIDR can be set to divide a private network into
subnets.
VPC Basics
What is VPC?
VPC is a virtual network service that allows users to carve
out a dedicated area from the AWS cloud network
The AWS Cloud Network Space

What is VPC?
VPC is a virtual network service that allows users to carve
out a dedicated area from the AWS cloud network
The AWS Cloud Network Space
Your Network Space

Virtual Private Cloud (VPC)
VPC is a service that creates a logically separate section
within the AWS cloud to create a user-defined virtual
network
✓ Build a virtual network by selecting a desired IP address range

✓ You can take full control of your virtual networking environment
by creating subnets, setting up route tables and network
gateways, etc.
✓ Networks inside and outside the cloud can be connected to each
other as needed
✓ Multiple connection options available
-Internet based VPN
-Leased line (Direct Connect)
A VPC can be set to a single AZ
AZ
VPC can include resources in multiple AZs within the
same region
AZ①
AZ (2)
Subnets and VPCs
A combination of VPCs and subnets create a network
space. VPC must be set up with at least one subnet.
AZ
subnet
10.0.1.0/24
EC2
VPC Settings (Default VPC)
When you create an AWS account, a default VPC and
default subnet are automatically generated for each region
✓ Automatically creates a default VPC of size /16 IPv4 CIDR blocks

(172.31.0.0/16). This provides up to 65,536 private IPv4 addresses.
✓ A default subnet of size /20 is created for each availability zone. In this
case, up to 4,096 addresses are created per subnet, some of which are
reserved for use by Amazon.
✓ Create an Internet gateway and connect to the default VPC.
✓ Create a default security group and associate it with the default VPC.
✓ Create a default network access control list (ACL) and associate it with the
default VPC.
✓ Associate an AWS account with a default DHCP option set for an AWS
account with a default VPC
✓ Public and private DNS hostnames are given.
VPC Configuration (VPC Wizard)
The VPC Wizard allows you to instantly select commonly
used VPC configurations.
VPC settings: normal settings
If you don‘t use the VPC wizard, you must create a VPC,
create a subnet, etc. in sequence.
Setting traffic
Create a VPC Create a Set internet route permissions to
(CIDR setting) subnet Configure the Gateway. your VPC
(Network ACL)
Subnet
A subnet is a network segment divided by a CIDR range

10.0.1.0/24 10.0.2.0/24
EC2 EC2
Subnets through which Subnets with no route to

traffic is routed to the the Internet gateway
Internet gateway
Subnet
Multiple subnets can be placed in a VPC but they are each
limited to only one AZ.
AZ

10.0.1.0/24 10.0.2.0/24
EC2 EC2
The default maximum number of subnets created per VPC is 200

Granting of CIDR
VPCs and subnets are assigned a CIDR (IP address range)
to determine their network range.
10.0.0.0/16 AZ

10.0.1.0/24 10.0.2.0/24
EC2 EC2
Subnet
The type of subnet is separated by the presence or
absence of routing to the Internet gateway.

10.0.1.0/24 10.0.2.0/24
EC2 EC2
Subnets through which Subnets with no route to

traffic is routed to the the Internet gateway
Internet gateway
Subnet
The type of subnet is separated by the presence or
absence of routing to the Internet gateway.
Building a VPC
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24

10.0.1.0/24 10.0.3.0/24
Internet Gateways
10.0.0.0/16
AZ
Public subnet
10.0.0.0/24
Route
table
Private subnet
10.0.1.0/24
Internet Gateways
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
Route Route
table table
Private subnet
10.0.1.0/24
Internet Gateways
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
Route Route
table table

10.0.1.0/24 10.0.3.0/24
Internet Gateways
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24 NAT
gateway
Route Route
table table

10.0.1.0/24 10.0.3.0/24
Route
table
Creating a Public Subnet
Routing Configuration
An Internet gateway is required to connect to the Internet
from a public subnet.
Internet
Internet Gateways
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
Route Route
table table
Private subnet
10.0.1.0/24
Routing Configuration
public subnet Internet Internet

subnet Existing router gateway
10.0.0.0/24
EC2 Route Route

table table
Role of the route table
public subnet Internet Internet

subnet Existing router gateway
10.0.0.0/24
EC2 Route Route

table table
I've got 10.0.0.0/24 right here!
I'll connect 10.0.0.0/24 to IGW!

Configure the route table
It becomes a public subnet by setting a route to the
Internet gateway in the subnet's route table.
Creating a Private Subnet
NAT Gateway
A Bastion server is needed to connect to instances in the
private subnet. Need a NAT gateway for return traffic.
10.0.1.0/16
AZ AZ
Public subnet private subnet

10.0.4.0/24 10.0.5.0/24
Internet
gateway
Bastion
Server EC2
NAT Gateway
A Bastion server is needed to connect to instances in the
private subnet. A NAT gateway is required for return
traffic to interact with the outside world.
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.1.0/24
Internet
gateway
Bastion
Server EC2
NAT
gateway
Internet Gateways
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
NAT
Route Route
gateway table table

10.0.1.0/24 10.0.3.0/24
Route
table
Summary
 The NAT gateway performs address translation, which

associates global the IP addresses with private IP
addresses.
 The reply traffic from the private subnet can be
converted through the NAT gateway and sent to the
Internet gateway, allowing it to reply to the Internet.
Communication Protocol
and OSI models
Communication rules
Even if you know the delivery address from the IP
address, you must know who to send it to, right?
Communication rules
Communication methods vary depending on the purpose
such as email or WEB access
Sending email.
Browsing a
website.
Communication rules
When you were asked to make mail settings, did you ever
set an IP address for POP and SMTP?
Your email address is oliver.smith@udemy.com.
The outgoing mail server (SMTP server) is: 172.16.80.1

Incoming mail server (POP/IMAP server) is: 172.168．10.2
To your email software.

Communication rules
When you were asked to make mail settings, did you ever
set an IP address for POP and SMTP?
SMTP (Simple Mail Transfer Protocol) is a mail transmission protocol

POP (Post Office Protocol) is a mail reception protocol
Communication rules
Communication methods vary depending on the purpose
e.g email or WEB access
Transmission Communication Receiving method

method path
email
email email
Receive
Send port protocol
port
WEB WEB WEB

browser protocol browser
Communication protocol
HTTP (Hyper Text Transfer Protocol) is a protocol used
when exchanging information , like documents written in
HTML (Hyper Text Markup Language).
✓ Sender/destination address
✓ Message id
Website communication protocol = HTTP

The OSI reference model
The standard roles, called the OSI reference model,
divides this communication protocol into seven layers
according to the purpose and the transmission target.
Application layer Mandatory to understand

networks but difficult to
actually memorize
Presentation layer
Session layer
Transport layer
Network layer
Data link layer
Physical layer
OSI reference model
Depending on the content of communication, the network
device carries out communication according to the rules
established in each layer.
Application layer
Presentation layer
Session layer
Transport layer
Network layer
Data link layer
Physical layer
OSI reference model
Depending on the content of communication, the network
device carries out communication according to the rules
established in each layer.
Application layer
Presentation layer
Session layer
Transport layer
Network layer
MAC address
Between nodes by Data link layer
Communication
Physical layer
Application layer
Defines the communication method used for communication
services on the Internet, like e-mail.
✓ Defined specific rules for implementing

Application layer
web application communication services
✓ The protocol is subdivided for each
Presentation layer application.
✓ Email software protocol → POP/SMTP
Session layer ✓ WEB browser protocol → HTTP/HTTPS
Transport layer
Network layer
Data link layer
Physical layer
Presentation layer
It defines the character codes and ciphers used when
sending and receiving characters.
✓ Decide how to send characters, character code,

Application layer
compression, data encryption and decryption
method
Presentation layer ✓ This makes it possible to display websites around
the world even if the language and expression
Session layer format used on the sending and receiving
computers are different.
Transport layer
Network layer
Data link layer
Physical layer
Session layer
Specifies the continuation method (a session) of a series
of communication processes on the application.
✓ List of procedures for establishing,

Application layer
maintaining, and terminating sessions
between applications
Presentation layer ✓ A session is a series of continuous
processes and connections when
Session layer communicating with an application.
Transport layer
Go to Find a
Network layer Buy
EC site product
Data link layer
Physical layer
Session layer
Specifies the continuation method (a session) of a series
of communication processes on the application.
✓ List of procedures for establishing,

Application layer
maintaining, and terminating sessions
between applications
Presentation layer ✓ A session is a series of continuous
processes and connections when
Session layer communicating with an application.
Transport layer Go to Find a

buy
EC site product
Network layer
Data link layer Go to Find a Please

EC site product login
Physical layer
“I have to log in again!?”

Transport layer
Establish trust and arriving order when initiating a session.
✓ It defines the allocation of port numbers

Application layer
for establishing connections and starting
sessions for data transmission.
Presentation layer ✓ Use TCP to confirm arrival order and
arrival confirmation.
Session layer
✓ Connection: A logical line for
Transport layer transferring data in a session
✓ Session: A unit that manages
Network layer communication from start to finish.
Data link layer Can I connect to you?
Physical layer
OK! Let’s connect

Network layers
Defines the routing method using an IP address.
✓ Defines communication from the start

Application layer
point to the end point between nodes
Presentation layer ✓ Assigns a route using the IP address.
Session layer ✓ Selects the optimum path to the

destination computer by the router and
Transport layer executes data transmission.
Network layer
Data link layer
Physical layer
Data link layer
Defines the method of inter-node communication using
MAC address.
✓ Defines communication between directly

Application layer
connected nodes on one network line
Presentation layer ✓ Based on Ethernet in LAN, communication
between nodes in the same network
Session layer segment. Is performed by MAC address
Transport layer
Network layer
Data link layer
Physical layer
Physical layer
Defines the physical data transmission format between
computers in “bits”
✓ It defines the physical connections and

Application layer
transmission methods of the network.
Presentation layer ✓ It defines the method of converting a bit
string into an electrical signal and
Session layer transmitting it to the network.
Transport layer
Network layer
Sync
Preamble PHY header Physical layer data payload FCS
word
Data link layer
Physical layer
The OSI reference model
It is necessary to comply with the protocol and method of
the appropriate layer according to the specific content.
Application layer HTTP
Presentation layer SSL
Session layer
TCP
Transport layer
IP
Network layer
Data link layer

Ethernet priority cable
Physical layer (Use MAC address)
TCP/IP model
The TCP/IP model is a set of protocols that are further
organized into practical processes.
OSI reference model TCP/IP model
Application layer
HTTP, SSH, DNS

Presentation layer Application layer
SMTP, POP3, FTP, etc.
Session layer
Transport layer Transport layer TCP, UDP, etc.
Network layer Network layer IP, ICMP, ARP, BGP,

etc.
Data link layer
Physical layer Ethernet, PPP, etc.
Physical layer
Implementation of network communication
https://www.mercari.com/jp/
Request
Response
◼ Send messages using the HTTP protocol.

Application layer
Transport layer
Network layer
Physical layer
Application layer
Transport layer ◼ Build mutual trust and establish connections.
Network layer
Physical layer
Application layer
Transport layer
Network layer ◼ Send packets to the destination.
Physical layer
Application layer
Transport layer
Network layer
◼ Deliver a telegraph for transmission between

Physical layer
physical devices.
Application layer
Transport layer
Network layer
Physical layer Request

Application layer
Transport layer
Network layer
Physical layer Request

Port number
The port for communication is the port number, which
acts like a mailbox.
Port number
The port for communication is the port number, which
acts like a mailbox.
✓ A port is an endpoint for operating data

communication.
✓ It is the gate number for enabling the

communication protocol on the Internet.
Port number
The port number to used is differentiate each protocol.
✓ HTTP communication: 80
✓ HTTPS communication (encryption): 443
✓ LINE: 5000/5552
✓ SSH communication 22
✓ Email communication (SMTP): 25
✓ Email reception (POP): 110, 143
Summary
 Different communication protocols are used for

different purposes such as e-mail and web access
during Internet communication.
 The rules for communication control using
communication protocols are specified by the OSI
reference model and the TCP/IP model.
 The protocol is assigned a specific port number, and
the communication destination is determined according
to the port number.
Security Group
and Network ACLs
Security Group
Security group provides firewall function to set
accessibility of traffic to instance
HTTP Access Security Group
■Allow Port 22
SSH Access （SSH）
EC2
Network ACL
Access control for subnets by network ACL
Route
Table
10.0.0.0/16
AZ Network ACL AZ
Public Subnet Private subnet
10.0.5.0/24 10.0.10.0/24
Security Group
Security Group
EC2 EC2
WEB Server DB Server
Differences between network ACLs and SGs
Security groups or network ACLs have different
permission settings
Security Group Settings Network ACLs Settings
◼ Apply on a server-by-server basis. ◼ Applies to VPC / subnet

◼ Stateful: Outbound is allowed if ◼ Stateless: Outbound setting is
only inbound is set. absolutely necessary because
◼ Only allow can be specified as outbound is not allowed only by
inbound and / outbound (denial inbound setting.
cannot be set) ◼ Allow and deny can be set
◼ The default SG is set to allow only inbound and outbound
communication within the same ◼ The default ACL allows all
security group. communication.
◼ Apply all rules. ◼ Apply rules in numerical order
Network ACL Screens
Set the network ACL on the screen below.
Summary
 The security group provides the firewall function to

control the instance traffic.
 Network ACLs provide a firewall function to control
traffic in a subnet.
Configuration of Network ACL
Hands-on content
 Check the settings of the existing network ACL.

 Create a new network ACL and configure it to allow
appropriate protocol communication.
Section Contents
lecture What you will learn in the lecture
You will learn about basic knowledge of servers

Server basics
and related software that provide web services.
You will learn about the basic functions and

EC2 Basics
features of EC2.
Launching EC2 Launch an EC2 instance that provides server

Instance functions in AWS.
You will learn about the public key

Public key
authentication method, which is an
authentication
authentication method for EC2 instances.
Connect to the EC2 instance using the PEM key,

Connecting to
which is the private key for the public key
EC2 Instance
authentication method.
Section Contents
You will learn about the SSH mechanism used to

SSH basics
access EC2 instances.
Install the Apache software on the EC2 instance

Apache server Set up
and configure it as a web server.
Launch an EC2 instance on a private subnet and

MySQL server Set up
configure it as a MySQL server.
WORDPRESS Set up Install WORDPRESS on your web server.
MySQL for
Set up MySQL as the database for WORDPRESS.
WORDPRESS Set up
Server basics
What is a server?
A server is a computer device that acts as a server and
runs a specific kind of server software within.
＋
server software
Server software
Server software provides server roles and functionality
Server hardware
Server hardware is typically thought of as huge
computers installed in data centers.
Server hardware
Server software can be installed on a PC to allow function
as a server
Server role
The server handles the request and response processing,
and the server executes the application service.
Amazon.com server
request
response
It is necessary to operate for
24 hours!
Server role
There are various servers kinds with different roles.
✓ WEB server
✓ Application server
✓ Batch server
✓ Database server
✓ API server
✓ DNS server
✓ mail server
WEB server
Web server is a server that supports HTTP and displays
WEB pages
✓ A server to which software for building websites and

web applications is applied
✓ Create a WEB page and display it in the internet.
✓ Returns a web page as a response to a request from a
client such as a PC or a Smartphone
Database server
A server that manages a database operations such as
create, read, update, delete
✓ A server run by the software that manages database

operations
✓ Perform data processing such as create a data table,
reading data, updating data, deletion of data
✓ Performs management processing such as database
backup
Server in a web application
Let’s look at the basic configuration of the servers in the
application.
WEB application
This application uses two servers, WEB server and
database server.
WEB application
database
WEB server
server
Requesting a database operation to this application from a
local terminal.
WEB application
database
WEB server
server
Local terminal
(PC/smartphone etc.)
DB processing is requested from the WEB server to the
database server.
WEB application
database
WEB server
server
Local terminal
The database server executes the transaction process in
response to the request and returns the execution result
to the WEB server.
WEB application
database
WEB server
server
Local terminal
The WEB server returns the processing result of the
application including the data processing result to the
local terminal.
WEB application
database
WEB server
server
Local terminal
Summary
 A server is a computer that provides some service by

configuring server software on hardware that provides
computing functions.
 There are a variety of servers depending on their role,
such as web servers and database servers.
EC2 Basics
What is EC2?
Instantly create a server on the Internet that has the same
performance as a server in an on-premises environment.
Data center
Cloud
(Internet)
EC2 RDS
EC2 Features
A virtual server available on a pay-as-you-go basis (hours
or seconds base) that can be launched in minutes
◼ Start up, add or remove nodes and change machine specifications in

minutes.
◼ EC2 uses Generic Intel architecture
◼ Available with administrative privileges
◼ Support for most operating systems, including Windows and Linux
◼ Automatic configuration up to the operating system by selecting the
provided types, with layers above the operating system at your disposal
◼ Create, save, and reuse OS settings in your own Amazon Machine Image
EC2 Features
The unit used by EC2 is called an instance, and an
instance is set up in an arbitrary AZ and used as a server.
Tokyo Region
AZ
AZ AZ
EC2
instance
Select AMI (OS Settings)
You can select the OS setting through AMI
AMI: OS image for instance launching
AMI
(Courtesy
of AWS)
AMI
(3rd party)
Save to S3
EC2
Custom Instance
AMI
(your own)
Select AMI (OS Settings)
You can select the OS setting through AMI
Instance type
Family and Generation
t2.nano
Instance capacity
Instance Type
Select the instance type according to the case purpose.
Family: A1, M5, T3, etc.
Provides balanced computing, memory, and network resources for a variety of workloads.
General Purpose This instances that are ideal for applications that use the same percentage of an instance's
resources, such as web servers and code repositories.
Family: C5, C6g, etc.

Computing Used for computing-bound applications that require high performance processors. Use
cases include batch processing workloads, media transcoding, high performance web
optimization servers, high performance computing (HPC), scientific modeling, dedicated game servers
and advertising server engines, machine learning inference.
Family: X1, R5, high memory, z1d, etc.

Memory optimization This instances are optimized for fast performance needed ffor workloads that process large
data sets in memory
Family: H1, D2, I3, I3en, etc.
Storage Optimization This instances are suitable For workloads that require high sequential read and write
access to large data sets in local storage. Storage optimized instances are ideal for low-
latency random I/O operations with tens of thousands of IOPS
Family: P3, Inf1, G4 (GPU), F1 (FPGA), etc.
High speed computing High-speed computing instances are ideal for software that uses hardware accelerators
(co-processors) to perform functions such as floating-point computation, graphics
processing, and data pattern matching on the CPU.
Storage choices
There are two types of storage used directly in EC2:
indivisible instance stores and self-configured EBS
✓ Block-level physical storage inseparable from EC2 on a

disk embedded in the host computer
Instance
✓ Temporary EC2 data is retained, and the data is
store deleted when the EC2 is stopped or terminated.
✓ For Free
✓ Networked block-level storage connected to the

network and managed independently of EC2
Elastic Block Store
✓ If you terminate EC2, EBS can retain data and store
(EBS) Snapshot in S3.
✓ Additional EBS fee is required.
Summary
 EC2 is a service that provides virtual servers available

on a pay-as-you-go basis that can be used within
minutes.
 Choose various types of EC2 instances and purchase
options based on your use case.
 When using EC2, it is necessary to set up storage,
either a physically attached instance store for
temporary data storage or a network-attached EBS.
Launch EC2 Instance
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
Apache WEB Server
EC2

10.0.1.0/24 10.0.3.0/24
EC2
MySQL DB server
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
OS: Linux
EC2

10.0.1.0/24 10.0.3.0/24
Hands-on content
 Using AWS Management Console, go to the EC2

instance screen and check the EC2 console screen.
 From the EC2 console, select Linux and launch a new
EC2 instance.
Public Key Authentication
Creating a key pair
When you have created the EC2 instance, You create a
key pair and download the PEM file.
EC2 instance authentication
Use the key PEM to prove that the created EC2 instance is
yours.
Because it is a key pair, there is also one key on the EC2
instance side.
Key pair
This authentication method uses a basic encryption
method called public key authentication.
Key pair
Key pair
Private key Public key

Public key authentication
Private key Public key
A key that only you The public key is a

have. This is the key key intended to be
asserting that certain shared with the
data or areas belong target who uses the
to you private key.
How Public key authentication works
For example, suppose Mr. A has both a private key and a
public key.
A
Give Mr. B the public key and the private file will be locked
Secret file
A B
Only Mr. A has the private key, so he can open this private
file.
Secret file
A B
Even if the public key is released to multiple people, only
Mr. A has the private key, so it can be used many times
for encryption.
Secret file
Secret file
B
A
Secret file
D
When a public key set is created in the EC2 instance, the
PEM key, (your private key), is necessary to specify and
authenticate that it is yours.
EC2 management method
Similarly, one PEM key can be used as a key for multiple
EC2 instances.
Summary
 When you launch an EC2 instance, you will download a

PEM file. By using this file as an authentication key pair,
you can access the EC2 instance.
 The authentication method to the EC2 instance is
called the public key authentication method. The
downloaded PEM is the private key, and the public key
is set in the EC2 instance.
SSH basics
SSH connection
Implement a secure connection to the EC2 instance using
the SSH protocol.
Conduct SSH connection.

SSH connection
the SSH protocol.
SSH SSH
Software Server
SSH connection
the SSH protocol.
SSH SSH
Software Server
Port 22: SSH

Port 80: HTTP
Port 430: HTTPS
What is SSH?
Remote machine manipulation tools familiar to Linux
engineers
SSH A protocol for encrypting communications

(Secure Shell) between a client and a remote machine.
A command that executes actions on a

SSH
remote machine using the SSH method.
commands
Mainly used to operate Linux servers.
SSH Command prompt type software to support

Client remote machine operation via SSH
What is SSH?
AWS uses a command prompt type configuration tool as
standard
Basic format
ssh [option] hostname [command]

Example of SSH operation commands
Login command to EC2
$ ssh -i ~/. ssh/udemysample.pem ec2-user@xxx.xxx.xxx.xxx]
Commands Specify the Specify your private key +

for ssh private key file login user name @ public IP
connection (identity file). address to access
Summary
 Use the SSH protocol to connect to a Linux EC2

instance.
 To do this, SSH software must be prepared on the
client terminal.
Connecting to
an EC2 instance
Hands-on content
 Access the EC2 instance from TeraTerm using the PEM

key (private key). (for Windows)
 Access the EC2 instance from the terminal using the
PEM key (private key). (for MAC)
Setting up Apache server
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
OS: Linux
EC2 Server: Apache

10.0.1.0/24 10.0.3.0/24
Hands-on content
 Connect to your EC2 instance and perform the

necessary software updates.
 Install the Apache server.
 Create and display a website using Apache.
Setting up a MySQL server
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
OS: Linux
EC2 Server: Apache

10.0.1.0/24 10.0.3.0/24
OS: Linux
EC2 Server: MySQL
Access from a web server
Access an EC2 instance in a private subnet from a web
server.
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.1.0/24
Internet
gateway
WEB EC2
Server
Installing NAT gateways
A bastion server is required to connect to instances in the
private subnet. Need a NAT gateway for traffic to the
Internet (e.g. software updates)
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.1.0/24
Internet
gateway
WEB EC2
Server
NAT
gateway
Hands-on content
 Launch an EC2 instance on a private subnet.

 Place the NAT gateway in the public subnet and set the
route to the NAT gateway in the route table of the
private subnet.
 Access the EC2 instance on the private subnet from
the web server.
 Configure the MySQL server on the new EC2 instance.
Setting up a LAMP
environment
Architecture Patterns
Installing WORDPRESS has the following three typical
configuration patterns
AZ AZ AZ
Public subnet Public subnet Public subnet
10.0.0.0/24 10.0.0.0/24 10.0.0.0/24
Apache WEB Server Apache WEB Server Apache WEB Server
EC2 EC2 EC2

10.0.1.0/24 10.0.1.0/24
EC2 RDS
MySQL server in EC2 MySQL in RDS

AZ AZ AZ
10.0.0.0/24 10.0.0.0/24 10.0.0.0/24
EC2 EC2 EC2

10.0.1.0/24 10.0.1.0/24
EC2 RDS
two-tier architecture
AZ AZ AZ
10.0.0.0/24 10.0.0.0/24 10.0.0.0/24
EC2 EC2 EC2

10.0.1.0/24 10.0.1.0/24
EC2 RDS
Unmanaged Managed
Managed by AWS
managed.
Unmanaged Managed
Scaling (e.g. in Scaling (e.g. in

Backup Backup

EC2 RDS

AZ AZ AZ
10.0.0.0/24 10.0.0.0/24 10.0.0.0/24
EC2 EC2 EC2

10.0.1.0/24 10.0.1.0/24
EC2 RDS

Installing Software
The software required for WORDPRESS configuration is as
follows
AZ
Public subnet • Display WORDPRESS as a
Apache
10.0.0.0/24 web site.
Apache WEB Server
• Programming Language for
EC2 php
operating WORDPRESS
MySQL
• To operate MySQL database
Installation
MySQL DB • Create a database for

creation WORDPRESS
• Software used to create and

WORDPRESS
manage web sites.
Installing Software
follows
• Display WORDPRESS as a
Apache
web site.
AZ
Public subnet • Programming Language for
10.0.0.0/24 php
operating WORDPRESS
Apache WEB Server
MySQL
EC2 • To operate MySQL database
Installation
• Software to create and

WORDPRESS
manage web sites.
Private subnet
10.0.1.0/24
php
operating WORDPRESS
EC2
MySQL server in EC2
creation WORDPRESS
Installing Software
follows
• Display WORDPRESS as a
Apache
web site.
AZ
Public subnet • Programming Language for
10.0.0.0/24 php
operating WORDPRESS
Apache WEB Server
MySQL
EC2 • To operate MySQL database
Installation

WORDPRESS
manage web sites.
Private subnet
10.0.1.0/24
RDS
MySQL in RDS
Installing Software
follows
AZ
Apache
10.0.0.0/24 web site.
Apache WEB Server
EC2 php
operating WORDPRESS
MySQL
Installation

creation WORDPRESS

WORDPRESS
manage web sites.
Configure Apache server
Configure Apache server with the following steps
• rm is the delete command.

rm index.html
• Delete the index.html that you initially created (not needed)
• The command that controls "systemctl (formerly service),

systemctl start httpd
which starts the Apache server.
• Configure the Apache server to start automatically when

systemctl enable httpd
the instance starts.
Configure the php server
Configure the php server by the following steps
amazon-linux-extras • Get the php7.2 file locally using Amazon specific

install php7.2 commands.
yum install -y php • Install php.

Configure the MySQL server
Configure the MySQL server by the following steps
yum localinstall
https://dev.mysql.com/get/mys • Save the MySQL 8.0 version repository locally and
ql80-community-release-el7- prepare for installation.
1.noarch.rpm -y
yum install -y mysql-community-

• Install the community edition of mysql.
server
systemctl start mysqld • Start the mysql server.
• Configure the MySQL server to start automatically

systemctl enable mysqld
when the instance starts.
Creating a MySQL DB
Installing Software
follows
AZ
Apache
10.0.0.0/24 web site.
Apache WEB Server
EC2 php
operating WORDPRESS
MySQL
Installation

creation WORDPRESS

WORDPRESS
manage web sites.
Create a MySQL server database
cat /var/log/mysqld.log | grep • Get the initial password for logging in from the local
localhost host of the installed MySQL.
• Specifying root user access with "-u root" in mysql

mysql -u root -p • Use "-p" to specify that you want to use a password,
and then enter the password.
ALTER USER root@localhost

• Change the root user's password.
IDENTIFIED BY 'password';
create database udemy; • Create a database called Udemy in the MySQL server.
show databases; • Check the database that has been created.

create user udemy@localhost
identified with • Create a new user to be used when logging in from
mysql_native_password by 'パス WORDPRESS.
ワード';
grant all privileges on udemy.* • Grant the newly created user "udemy" all
to udemy@localhost; permissions to use the udemy database.
flush privileges; • Confirm the permissions you have set.

WORDPRESS installation
Installing Software
follows
AZ
Apache
10.0.0.0/24 web site.
Apache WEB Server
EC2 php
operating WORDPRESS
MySQL
Installation

creation WORDPRESS

WORDPRESS
manage web sites.
Installing WORDPRESS
Install and set up WORDPRESS by the following steps
wget
https://wordpress.org/latest.tar • Download the WORDPRESS file.
.gz
tar -xzvf latest.tar.gz • Unzip the WORDPRESS file that you downloaded.
cp -r wordpress/* • Navigate to the apache directory where you want the

/var/www/html/ html file to appear.
• chown command sets the user ownership of the

chown apache:apache specified file or directory.
/var/www/html/ -R • Give the Apache server permission to read
WORDPRESS files stored under /var/www/html/.
• Restart the Apache server for the changes to take

systemctl restart httpd.service
effect.
WORDPRESS Settings
WORDPRESS Settings
Register the database in the WORDPRESS settings page.
WORDPRESS Settings
Register the database in the WORDPRESS settings page.
WORDPRESS Settings
Create a user and password for WORDPRESS and
complete the settings.
Section Contents
You will learn learn about the relationship

URLs and Domains
between URLs and domains.
You will learn how to purchase a domain on

Register your domain AWS and how to purchase a domain from an
external vendor.
You will learn about the name resolution

DNS Name Resolution
process, the basic function of a DNS server.
You will learn about the basic features of

Route53 Basics
Route53, which provides DNS servers for AWS.
Register domain You will learn how to register your purchased

to Route53 domain with Route53.
URLs and Domains
IP Address and URL
A URL is used as an address, converting IP into a URL, so
that you can easily understand and remember it.
https://134.128.24.16 https://www.mercari.com/jp/
IP address and URL
Domain Name System server manages and translates the
correspondence between URL and IP addresses
https://134.128.24.16 https://www.mercari.com/jp/
The DNS server

IP address and URL
Requests and responses are the basic communication
between a client and a web application
Amazon.com server
request
response
IP address and URL
When sending a request, the client terminal confirms the
location of the URL and the IP address within a DNS
server which identifies the destination address.
Please tell me the IP address of

https://www.amazon.com
IP address is 134.128.24.16
DNS server
https://134.128.24.16
URL and Domain
One of the elements that make up a URL is a domain
The whole string is called a URL
https://www.Amazon.co.jp /blog/index
Domain
URL and Domain
The domain is a set of strings that makes the IP address
easy to understand, and it is specified in a hierarchical
structure.
Second level
domain
Third level Top level

domain domain
URL and Domain
a hostname is a label that is assigned to a device
connected to a computer network
hostname Second level

domain
Third level Top level

domain domain
World Wide Web (abbreviation: WWW) is a hypertext

system provided on the Internet.
URL and Domain
The top string is protocol which defines the
communication protocol used when accessing. (Typical
example is ftp, http, and https)
hostname Second level

domain
protocol Third level Top level

domain domain
URL and Domain
When protocol includes “://”, it is called a scheme and it is
a frame that communicates by HTTPS.
scheme hostname Second level

domain

domain domain
URL and Domain
The directory represents the folder name on the server
and its location. This is the hierarchy within the WEB page.
scheme hostname Second level directory

domain

domain domain
URL and Domain
The file name is the smallest unit placed at the end of the
URL and indicates the file used for the WEB page.
scheme hostname Second level directory

domain
protocol Third level Top level file name

domain domain
How DNS works
Domains have a hierarchical structure, so you have to
repeatedly ask DNS for each location.
root
jp com
co ne facebook
Amazon google
mail www maps

How DNS works
Where is jp?
root
jp com
co ne facebook
Amazon google
mail www maps

How DNS works
Where is jp?
root
where is “co”?
jp com
co ne facebook
Amazon google
mail www maps

URL and Domain
Where is jp?
root
where is “co”?
jp com
Where is “Amazon”?
co ne facebook
Amazon google
mail www maps

Summary
 The Domain Name System server manages and

translates the correspondence between URLs and IP
addresses.
 Domains are the building blocks of URLs. A domain is a
string of characters that makes an IP address easy to
understand, and there can be only one identical
domain. It is further specified in a hierarchical
structure.
Registering your domain
URLs and Domains
By purchasing the domain section from the ISP vendor,
you will be able to set up the URL.
scheme host name second level directory

Domain
https://www. amazon.co. jp /blog/index
protocol third level top-level file-name

Domain Domain
ISPs and DNS
Internet Service Provider (ISP) provides the Internet
connection and domain registration and DNS servers.
ISP
Domain
DNS server
Registration
Network of ISPs around the world
ISPs around the world provide Internet access and
connect the networks through DNS.
ISP ISP
ISP ISP
Hands-on content
 Learn how to purchase domains on AWS in Route53.

 On the site FREENOM, select and purchase a domain
that is available for free.
DNS Name Resolution
Hierarchy of domains
Domains are hierarchical, so you need to ask DNS
multiple times for each location.
root
jp com
co ne facebook
yahoo google
The
mail maps
World
The Role of DNS
The DNS is responsible for translating domain names into
IP addresses, and is composed of name servers and
resolvers.
 A server that resolves names to link a domain to a

name-server
web server or mail server on the Internet.
 A server that performs name resolution by specifying

the name server associated with a domain name
resolver
when asked for the IP address associated with the
domain name.
DNS Name Resolution
The resolver will query the IP address associated with the
domain to the name server.
Domain Name System Route
(Resolver) name-server
(1) What is the IP address of
www.amazon.com?
COM name server
Amazon.
name-server
Amazon.
WEB Server
DNS Name Resolution
(1) What is the IP address of (2) What is the IP address of
www.amazon.com? www.amazon.com?
COM name server
Amazon.
name-server
Amazon.
WEB Server
DNS Name Resolution
(3) Please ask COM name server.
COM name server
Amazon.
name-server
Amazon.
WEB Server
DNS Name Resolution
COM name server

(4) What is the IP address
of www.amazon.com?
Amazon.
name-server
Amazon.
WEB Server
DNS Name Resolution
COM name server

of www.amazon.com?
(5) Please ask Amazon Name

Server
Amazon.
name-server
Amazon.
WEB Server
DNS Name Resolution
COM name server

of www.amazon.com?

Server
Amazon.
(6) What is the IP address name-server
of www.amazon.com?
Amazon.
WEB Server
DNS Name Resolution
COM name server

of www.amazon.com?

Server
Amazon.
of www.amazon.com?
(7) It is 168.209.56.10.
Amazon.
WEB Server
DNS Name Resolution

(8) It is 168.209.56.10.
COM name server

of www.amazon.com?

Server
Amazon.
of www.amazon.com?
(7) It is 168.209.56.10.
Amazon.
WEB Server
DNS Name Resolution

(8) It is 168.209.56.10.
COM name server

of www.amazon.com?
(9)Request for accessing
Amazon.com (5) Please ask Amazon Name
Server
Amazon.
of www.amazon.com?
(7) It is 168.209.56.10.
Amazon.
WEB Server
DNS Name Resolution

(8) It is 168.209.56.10.
COM name server

of www.amazon.com?
(10)Site Response (9)Request for accessing
Server
Amazon.
of www.amazon.com?
(7) It is 168.209.56.10.
Amazon.
WEB Server
Summary
 The DNS is responsible for translating domain names

into IP addresses, and is composed of both name
servers and resolvers.
 When a resolver queries a name server for the IP
address associated with a domain, the IP address can
be ascertained. This process is called name resolution.
Route53 Basics
What is Route 53?
Provides the role of a DNS server that converts IP
addresses into readable URLs and makes them available
as addresses
DNS
https://www.yahoo.co.jp/ https://196.10.0.1
What is Route 53?
DNS is a mechanism for converting a easy-to-use URL to
an IP address for the system on the Internet
DNS
What is Route 53?
Route53 is an authoritative DNS server provided by AWS,
called Route53 because it works on port 53
DNS
Route 53
What is Route 53?
Check the DNS records, a table that links IP addresses to
URLs, and route them.
DNS
Route 53 DNS record

Route 53
Route53 is a service that makes it easy to use the
features of an authoritative DNS server in a managed
form
 Three main functions: domain registration, DNS routing, and

health checks
 Policy-based routing settings
Configurable routing conditions based on traffic
routing/failover/traffic flow
 SLAs that guarantee 100% availability on the AWS side
 It is offered as a managed service, so there is no need for users
to consider things like redundancy
How to use Route 53
When you start using Route53 and register a domain, it
automatically generates a host zone automatically and
sets up routing there.
Create the
Set up a
same host Create a Set Routing
domain on
zone as the record Policy
Route 53
domain name
Host zone
A container that holds information about how to route
traffic for a domain (example.com) and its subdomain
(sub.example.com).
Public host zone Private Host Zone
 A container to manage DNS

domain records in a private
network closed to VPCs
 A container for managing DNS
 Define how to route traffic to DNS
domain records published on the
domains in the VPC
Internet
 Support for multiple VPCs in one
 Define how to route traffic to the
private host zone
Internet's DNS domains
 VPCs from multiple regions can
use the same host zone as long as
the VPCs are mutually accessible
Record type
Create DNS records and set various records to configure
the routing method
Maintains the domain's DNS server/domain

administrator's email address/serial number, etc., and
SOA
uses it to determine if the information has been
updated during a zone transfer.
A record that defines the association between a host

A
name and an IPv4 address
A record that defines the host name of the mail

MX
delivery address (mail server)
A record that defines an alias for a legitimate hostname.

CNAME It is used when transferring a specific host name to
another domain name.
Other record types can be found at:

https://docs.aws.amazon.com/ja_jp/Route53/latest/DeveloperGuide/ResourceRecordTypes.html
Alias record
Use AWS-specific alias records when associating AWS
resources such as CloudFront and ELB with a domain.
 An alias record can set up a domain name for an AWS resource by

returning the IP address of the AWS service endpoint to a DNS query.
 Used for the following services:
• S3 bucket configured as a static website
• CloudFront
• ELB
• AWS Elastic Beanstalk Environment
 Type according to the IP address version:
• A record (IPv4 address) with the IP address of the aliases target
• Change the IP address of the aliases target to a AAAA record (IPv6
address)
Select a Routing policy.
Various routing methods can be selected and configured.
 A routing method that responds to DNS queries based solely

Simple routing policy on pre-set values in the record set
 Routing is determined by static mapping.
 A routing method that sets weights on multiple endpoints

Weighted routing policy and responds to DNS queries according to the weights
 Routes more to highly weighted endpoints.
 A routing scheme that responds to DNS queries for available

Failover routing Policy resources based on health checks
 Routed to available resources.
 A routing method that sets IP addresses to up to eight

separate records chosen at random and returns multiple
Multivalue answer values
routing policy  It does not replace ELB, but the ability to check for success
and return multiple IP addresses allows for improved
availability and load balancing using DNS.
Select a Routing policy.
Various routing methods can be selected and configured.
 A routing scheme that responds to DNS queries depending

on the latency of the region. It is often the user's nearest
Latency routing policy region.
 It is routed to the one with lower latency between regions.
 A routing system that returns different records for each

region by identifying the user's location based on their IP
Geolocation routing address.
policy
 It enables highly accurate classification of record responses
without relying on the network structure.
 A method for routing traffic by creating geographic proximity

rules based on user and resource locations
-If you are using an AWS resource, the location is the AWS
region where the resource was created.
Geoproximity routing -If you are using a non-AWS resource, the location is the
policy location by the latitude and longitude of the resource.
 The amount of traffic to be routed to a particular resource
can be changed by setting the bias as needed.
 You need to use traffic flow to create this type of policy.
summary
 Route53 is a service that provides DNS server

functions on AWS, and functions as a name server by
registering domains.
 Perform name resolution as a resolver in the AWS
network.
 By configuring routing policies, various routing
patterns can be executed.
Register your domain
with Route53
DNS Name Resolution

(8) It is 168.209.56.10.
COM name server

of www.amazon.com?
(10)Site Response (9)Request for accessing
Server
Amazon.
of www.amazon.com?
(7) It is 168.209.56.10.
Amazon.
WEB Server
Hands-on content
 Create a new host zone in Route53.

 Set the AWS name servers registered in the host zone
to the target domain on the FEEENOM page.
 Configure the settings to associate the IP address of
the web server with the domain in the record set in the
Route53 host zone.
Section Contents
AWS Architecture Review the basic architectural structure of AWS

Design Principles based on the AWS Well Architected Framework.
Database Basics You will learn about the basics of databases.
Relational Understand the characteristics of relational

Database Overview databases.
Understand the basic functions and mechanisms

RDS Basics of RDS, a relational database service provided
by AWS.
Actually build RDS, a database service on AWS,

Build RDS MySQL
and configure it for WORDPRESS.
Section Contents
Security Group Set the security group for the DB instance of

setting in RDS RDS.
Setting RDS to Change the database settings of WORDPRESS to

WordPress. RDS.
AWS Architecture
Design Principles
Five Design Principles
The Well-Architected Framework consists of the following
five principles.
Five Design Principles
Design an architecture that is
highly available and resilient. Reliability
Design a refined and efficient
architecture. Performance Efficiency
Design secure applications and
architectures Security
Design a cost-optimized
architecture Cost Optimization
Design a performance-rich
architecture. Operational Excellence
Single AZ (single instance) configuration
The single instance configuration has very low availability,
which opposes the principle of reliability.
One region
AZ AZ
Subnet Subnet
10.0.0.0/24 10.0.2.0/24
EC2
Multi-AZ configuration
Designing an architecture with two AZs in one region
improves reliability (especially availability)
One region
AZ AZ
Subnet Subnet
10.0.0.0/24 10.0.2.0/24
EC2 EC2
Configure Auto Scaling to further improve availability.
One region
AZ AZ
Subnet Subnet
10.0.0.0/24 10.0.2.0/24
Auto
Scaling
EC2 EC2
Separate data layers to make it easier to implement
redundant configurations.
One region
AZ AZ
Subnet Subnet
10.0.0.0/24 10.0.2.0/24
Auto
Scaling
EC2 EC2
DB DB
Use a private subnet to improve security.
One region
AZ AZ
public subnet public subnet
10.0.0.0/24 10.0.2.0/24
Auto
Scaling
EC2 EC2
private subnet
private subnet
10.0.3.0/24
10.0.1.0/24
DB DB
Improving delivery performance
Image files are placed in S3 to improve availability and
performance.
One region
S3
AZ AZ
10.0.0.0/24 10.0.2.0/24
Auto
Scaling
EC2 EC2
private subnet
private subnet
10.0.3.0/24
10.0.1.0/24
DB DB
Improving delivery performance
CloudFront can improve contents delivery performance
One region
CloudFront
S3
AZ AZ
10.0.0.0/24 10.0.2.0/24
Auto
Scaling
EC2 EC2
private subnet
private subnet
10.0.3.0/24
10.0.1.0/24
DB DB
Summary
 AWS has a Well-Architected Framework with five

principles: reliability, performance efficiency, security,
cost optimization, and operational excellence. The
architecture must be configured according to these
principles.
 In AWS, the basic idea is to implement a redundant
configuration for multiple resources across multiple
AZs.
Database Basics
Database
A database is a system that collects and organizes data in
the same format and performs operations like searches
and data management.
Save new data Extract data

Database
The system that performs this function is called a
“database management system”, or DBMS
Save new data Extract data

DBMS
Relational Database
A basic relational database stores data in the form of
tables.
Employee list table
ID Name Department Birthday
1001 Oliver Sales 19870621
1002 Noah development 19830821
1003 James accounting 19820524

Database Operations
A database is integrated with software and data models
that easily perform data operations like creating, reading,
updating, and deleting
 Create : I want to organize and save the data.

 Read : I want to reference or extract the necessary data.
 Update : I want to update it when the data changes.
 Delete : I want to delete unnecessary data.
Database Operations - CRUD
Create, Read, Update and Delete are collectively called
CRUD. The database perferoms this CRUD operation.
 Create : I want to organize and save the data.

 Read : I want to reference or extract the necessary data.
 Update : I want to update it when the data changes.
 Delete : I want to delete unnecessary data.
Database and storage
The storage plays the important role of a storage device
within the database.
Storage Database
◼ The device that stores the data in the

database is the storage, but this is
not the database itself.
◼ One of the main components of a
computer, a device that stores data
◼ Database also needs software that
permanently
manages and operates data in the
storage
Database’s role
The database is able to perform data operations to deal
with data issues, provide a mechanism that allows data to
be stored and operated while protecting the data safely.
【 Various issues related to data manipulation 】

 Will data be lost when the system crashes?
 What if I accidentally delete my data?
 Is there any error in data extraction?
 What to do if two people access the same data at the same time?
 Can you search a large amount of data well?
Database role
Transactions and data models are important as a database
mechanism.
A group of operations that change a database from one

transaction
consistent state to another
A model for defining a set of data in the real world in a

Data model
format that can be used on a DBMS
Transaction
A bundle of operations that changes a database from one
consistent state to another.
 Handles well when accessed simultaneously.
 If it fails to process the data, it will roll it back.
 Protect your data if your system crashes.

Transaction: ACID
ACID is a set of properties that a reliable transaction
system should have.
◼ Atomicity is a property in which a transaction is considered either "executed"

or "not executed".
◼ Consistency is a property in which the integrity of the data is maintained

before and after a transaction and a consistent state is maintained.
◼ Isolation is a property that means an active execution of a transaction is

hidden from the outside and does not affect other processes.
◼ Durability is a property that means upon completion of a transaction, the

result is recorded and cannot be lost in the event of a crash.
Commit and Rollback
Reflecting the transaction processing result in the actual
database is called Commit. Undoing is called rollback.
Conduct a COMMIT.
Perform the transaction "Update data"
COMMIT the transaction result.
The transaction result is reflected in the database.

Transaction: Durability
When updating the data, the update is finalized with a
“COMMIT”, Without “COMMIT”, the data rolls back and is
protected.
Data update Data update

(COMMIT is implemented) (COMMIT was not implemented)
Name data: Update Brian to Mark. Name data: Update Brian to Mark.
Roll Name data
back to Brian
Update of name data is COMMIT.
The database crashes. The database crashes.
Name data: Mark

Transaction: Consistency
It is necessary to maintain data integrity when multiple
people access at the same time.
Mr A Mr B
Updating the department Viewing the department
name of Noah name of Noah
Sales -> development
Consistency model
There are models such as “eventual consistency model”,
“strong consistency model”, for maintaining the data
integrity when multiple people access at the same time.
Mr A Mr B
With eventual consistency model, Mr.
B will see the old data (sales) while the
data being changed is not completed.
Consistency model
There are models such as “eventual consistency model”,
“strong consistency model”, for maintaining the data
integrity when multiple people access at the same time.
Mr A Mr B
With strong consistency model, Mr. B cannot refer to
the data until the change is completed while the data
being changed is not completed.
Data models
A data model is a logical representation of data that
determines how data is stored and processed in the
database.
Transaction function according to data model
Data model
Data models
There are various data models in the database, and you
need to use different models according to the purpose of
use.
 Relational model
 Graph model
 Key value store
 object
 document
 Wide column
 Hierarchical
Summary
 A database is a system that collects and organizes

related data in an assortment of formats, and executes
operations such as searching and data management,
and is called a DBMS.
 A DBMS consists of a database engine installed on a
server and storage for data storage.
 There are various data models for databases, such as
relational databases or KVS, and they are used
according to the purpose of use.
Relational
Database Overview
Relational model
The relational model of database is the most basic model.
Relational database (RDB)
A database based on the relational model is called a
relational database (RDB)
RDB is a collection of tables to form data.
Employee list Attendance

table table
Salary table Grade

evaluation table
In RDB, tables are aggregated to form a database, and the
tables are structured by relations with keydata, (e.g ID).
Salary table
A table is represented by rows and columns, and data is
identified by specifying rows and columns.
Column
Row
RDB is called a row-oriented database because it adds or
updates data in row units.
How RDB works
The mechanism of the RDB consists of a table, a database
engine, and SQL.
Table structure Database engine SQL

Database engine
Database engine software manages operations such as
insert, extract, update and delete in the DB
Disk
Database
Engine
Software
Database engine type
There are various database engines in RDB. The following
six database engines can be used with AWS RDS.
 Oracle Database
 SQL Server
 DB2
 MySQL
 MariaDB
 PostgreSQL
Summary
 A database based on a relational model is called a

relational database (RDB).
 This RDB system is made up of tables, a database
engine, and SQL. There are various relational database
software available.
RDS Basics
RDS
RDS can create a relational databases on the AWS cloud
Database server
＋ Database engine
Artdata database
Users table
ID name age
1 Takahashi 33
RDS
RDS is a fully managed relational database compatible with
various database software.
You can build a database using the following

standard software:
- MySQL
- ORACLE
- Microsoft SQL Server
- PostgreSQL
- MariaDB
- Amazon Aurora
AWS database construction
There are two ways to build a database on AWS:
- Install database software on EC2
- Use a dedicated DB service.
EC2 RDS
DB DB
EC2 RDS
DB DB
• Advantage: Freely use DB

configuration and functions
• Disadvantage:
Construction and operation
is troublesome
EC2 RDS
DB DB
• Advantage: Freely use DB • Advantages: Easy to build and

configuration and functions manage (managed by AWS)
• Disadvantage: • Disadvantage: Limitation of
Construction and operation usage within the range provided
is troublesome by AWS
RDS restrictions
While RDS is easy to manage, AWS imposes certain usage
restrictions.
limitations of RDS
• Not all versions of DB are available.

• There is an upper limit on capacity
• A user cannot log into the OS
• A user cannot access the file system
• IP address cannot be fixed
• A user cannot use some functions
• A user cannot apply individual patch
Characteristics of RDS
In addition to the managed type and high availability of
RDS itself, RDS allows you to easily construct a
Master/Slave configuration.
AZ Synchronous replication
AZ
Automatic failover
RDS RDS
master slave
Up to 5 read replicas (15 for Aurora) can be installed and
DB read processing can be scaled out.
AZ
Automatic failover
RDS RDS
master slave
Asynchronous replication
Read Read Read Read

replica replica replica replica
In addition to the managed type of RDS itself, it is possible
to easily build a Master / Slave configuration of multiple
AZs (using multiple AWS data center locations).
AZ AZ
（Data center）（ Data center ）
Synchronous replication
Automatic failover
RDS RDS
Master Slave
The master is the DB A slave is a standby

used as primarily database that can be used
in case of emergency.
A replicated copy database is called a replica. A read
replica is a copy of the database for reading only.
AZ AZ
（Data center）（ Data center ）
Synchronous replication
Automatic failover
RDS RDS
Master Slave
Read
replica
Automatically acquires snapshots, and then stores and
manages them to ensure fault tolerance
AZ
Automatic failover
RDS RDS
master slave
Asynchronous replication
Read Read Read Read

replica replica replica replica
S3
snap shot Transaction log
Scaling
You can easily scale the RDS out from management
console or API
 You can change the instance type to improve or lower

performance.
 Read replica and master-slave configurations can be
easily implemented from the command line (AWS CLI),
API, or console
 You can temporarily “scale out” and then “scale in”
 Storage size can be expanded but not reduced
DB Instance Encryption
Instances and snapshots can be encrypted, as well as data
communication and stored data.
Encryption target Encryption method
• DB instances • Utilizes AES-256 encryption

• Automatic backups • Key management by AWS
• Read replicas KMS is available
• Snapshots • Encryption can be set when
creating an instance
• Encrypted snapshot copy is
also possible
Summary
 RDS is a service that allows you to create a relational

database in the cloud in AWS.
 RDS is provided as a managed service, and AWS will
operate it on your behalf.
 RDS makes it easy to build a Master/Slave
configuration with multiple AZs
Build RDS MySQL
WORDPRESS has the following three typical configuration
patterns
AZ AZ AZ
10.0.0.0/24 10.0.0.0/24 10.0.0.0/24
EC2 EC2 EC2
MySQL server

10.0.1.0/24 10.0.1.0/24
EC2 RDS
Unmanaged Managed
Change from an EC2 instance-only architecture to a two-
tier architecture with RDS
AZ AZ
Public subnet Public subnet
10.0.0.0/24 10.0.0.0/24
Apache WEB Server Apache WEB Server
EC2 EC2
MySQL server
Private subnet
10.0.1.0/24
RDS
MySQL in RDS
Unmanaged Managed
Managed by AWS
managed.
Unmanaged Managed

backup backup

EC2 RDS

Hands-on content
 Create our subnet group to be used for RDS

configuration.
 Start a new RDS.
 Switch the WORDPRESS database settings from our
EC2 instance to RDS.
Security Group Setting
for RDS
Security Group
Provides a firewall function to set accessibility of traffic to
the instance.
HTTP access security

Group
SSH access
Allow port 22
(SSH)
EC2
instance
For a single-tier architecture
Since the web server and DB server are configured on the
same EC2 instance, the security group is not applied.
AZ
Public subnet
10.0.0.0/24
Apache WEB Server
EC2 EC2
MySQL Server
For a two-tier architecture
In the case of two-tier architecture, security groups are
applied to control traffic between instances.
AZ AZ
10.0.0.0/24 10.0.0.0/24
EC2 EC2
MySQL Server security

Group
Private subnet
10.0.1.0/24
security
Group
RDS
MySQL in RDS
Increase security by limiting access to RDS only from the
web server
AZ
Public subnet
10.0.0.0/24
Apache WEB Server
EC2 EC2
security
Group
Private subnet
10.0.1.0/24
security
Group
RDS
MySQL in RDS
Increase security by limiting access to RDS only from the
web server
AZ
Public subnet
10.0.0.0/24
Apache WEB Server
EC2 EC2
security
Group
Private subnet
10.0.1.0/24
security
Group
RDS
MySQL in RDS
A Bastion server is required to connect to instances in the
private subnet. We needed a NAT gateway for traffic to
the Internet
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.1.0/24
Internet
gateway
WEB
WEB EC2
Server
NAT
gateway
RDS software configuration and other services are
provided on a managed basis, and so NAT gateways are
not required.
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.1.0/24
Internet
gateway
WEB
RDS
WEB
Server
Setting RDS to
WordPress
Change from an EC2 instance-only architecture to a two-
tier architecture using RDS
AZ AZ
10.0.0.0/24 10.0.0.0/24
EC2 EC2
MySQL Server
Private subnet
10.0.1.0/24
RDS
MySQL in RDS
Unmanaged Managed
WORDPRESS Settings
When you register a database in the WORDPRESS
configuration screen, a wp-config.php file is created.
WORDPRESS Settings
Change the database destination by deleting the existing
wp-config.php file and setting it up again.
Delete the existing

configuration file.
Configure the MySQL server as follows
mysql -h RDS endpoint -u admin

• Connect/log in to RDS using the RDS endpoint.
-p
create database udemy; • Create a database called Udemy in the MySQL server.
show databases; • Check the database that has been created.

Configure the MySQL server as follows
create user udemy@'％' identified

• Create a new user to be used when logging in from
with mysql_native_password by
WORDPRESS.
‘Password';
grant all privileges on udemy.* • Grant the newly created user "udemy" all
to udemy@'%'; permissions to use the udemy database.
flush privileges; • Confirm the permissions you have set.

Section Contents
Review the architectural configuration to

Images delivery
improve the delivery performance that we will
through S3
configure.
S3 Basics Learn the basic features of S3.
Creating an S3 bucket Create a new S3 bucket for storing images.
Setting S3 to Set up the created S3 bucket as the

WORDPRESS WORDPRESS storage for storing images.
Image delivery
through S3
Route53
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
Apache WEB Server
EC2

10.0.1.0/24 10.0.3.0/24
RDS
MySQL DB server
Route53
S3
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
EC2

10.0.1.0/24 10.0.3.0/24
RDS
MySQL DB server
S3 Basics
What is S3?
S3 is a very durable and highly available storage solution
for medium-long term data storage.
②
①
What is S3?
S3 is a very durable and highly available storage solution
for medium-long term data storage.
③
④
S3 use cases
Image data for content delivery are stored in S3 and
distributed using CloudFront.
Client S3
Images
CMS
S3 Storage Features
AWS offers three forms of storage services
✓ A disk service that attaches to EC2

✓ Save data in block format
Block storage
✓ High Speed & Wide Bandwidth
✓ Example: EBS, instance store
✓ Inexpensive and Durable Online Storage

✓ Storing Data in Object Format
Object storage
✓ It is redundant to multiple AZs by default.
✓ Example: S3, Glacier
✓ Shared storage service that can be attached from

multiple EC2 instances simultaneously
File storage ✓ Save data in file format
✓ Example: EFS
S3 Storage Features
S3 stores data as objects. An object consists of the
following elements:
Key
The name of an object, and the objects in the bucket to be uniquely
identified
Value
It is the data itself, consisting of byte values
Version ID
ID for version control
Metadata
Information about the attributes associated with the object
Sub-resources
Provides support for storing and managing bucket configuration
information Example: access control list (ACL)
S3 Storage Features
S3 divides storage space into bucket units and stores data
in objects
S3
Bucket Bucket
(contents-buckets) (website-buckets)
Object Object Object Object

(mp3) (jpeg) (html) (csv)
S3 data capacity limit
S3 has unlimited storage capacity and can store data from
0KB - 5TB
Data Capacity limit
Bucket
Bucket is the space in which the object is stored. The name should be global
and unique as it will be located in the region. The data storage capacity is
unlimited and the storage capacity is automatically expanded.
Object.
This is a file format that is stored in S3 and has a URL assigned to the object.
The number of objects that can be stored in the bucket is unlimited.
Limitations on the size of objects that can be saved

Data size per object can be stored from 0 KB - 5 TB
Storage class selection
Choose a storage type according to your S3 usage
Type Explanation Performance
✓ Durability is very high because the data is ■ Durability

duplicated in multiple places. 99.999999999%
STANDARD ■ Availability
✓ It is suitable for storing a large amount of
frequently used data. 99.99%
✓ IA stands for In frequency Access and is storage for

infrequent access data. Unlike One Zone-IA, this ■ Durability
type is storage for important master data. 99.999999999%
STANDARD-IA ■ Availability
✓ Cheaper than Standard, but more expensive than 99.9%
One Zone-IA.
✓ It's storage for infrequent access, but for low ■ Durability

availability and non-essential data because it's not 99.999999999%
One Zone-IA multi-AZ distributed. ■Availability
✓ Even cheaper than Standard IA 99.5%
✓ Reduced Redundancy Storage

Low redundancy storage. It is used for data ■ Durability
placement etc. taken out from Glacier. 99.99%
RRS ■ Availability
✓ Currently deprecated storage and will not be used. 99.99%
Now more expensive than Standard
Storage class selection
Choose a storage type according to your S3 usage
Type Explanation Performance

✓ Inexpensive archival storage
■ Durability
✓ Extraction of data takes cost and time (3 to 5 h)
99.999999999%
Amazon Glacier ✓ Quick removal (2 to 5 minutes)
■ Availability
✓ Designation in Life Cycle Management
NA
✓ Vault lock feature to retain data
✓ Cheapest archival storage ■ Durability

Amazon Glacier ✓ For data that is accessed once or twice a year 99.999999999%
Deep Archive ✓ Cost and time for data extraction (less than 12 h) ■ Availability
✓ Specify in life cycle management NA
✓ It uses two storage types hierarchies, high

frequency and low frequency, and keeps files that ■ Durability
S3 Intelligent are accessed at high frequency (standard class) 99.999999999%
Tiering while files that are not accessed are automatically ■ Availability
moved to low frequency (standard IA class).
99.99%
✓ Use it in case of you don't know the access pattern.
Summary
 S3 is an object-based storage provided in a managed

manner that allows users to store data without
capacity limitations. S3 stores data as objects.
 Image data and other data for content distribution can
be stored in S3 and distributed using CloudFront.
 You can select the best storage type for your S3 use
case.
Create an S3 bucket
Route53
S3
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
Apache WEB Server
EC2

10.0.1.0/24 10.0.3.0/24
RDS
MySQL DB server
Hands-on content
S3 setting IAM Setting WORDPRESS EC2 setting

Setting
Create an S3 Create an IAM Configure the Configure
bucket. user for necessary required
Wordpress. plug-ins. software for
S3
Hands-on content
Setting S3 to
WORDPRESS
Route53
S3
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
Apache WEB Server IAM User
S3Access
EC2

10.0.1.0/24 10.0.3.0/24
RDS
MySQL DB server
Hands-on content
S3 setting IAM Setting WORDPRESS EC2 setting

Setting
Create an S3 Create an IAM Configure the Configure
bucket. user for necessary required
Wordpress. plug-ins. software for
S3
Operation commands in EC2
yum install php-xml -y • Install the libraries necessary to use Offload media.
• You may get an error when installing the software

yum remove libwebp -y required for S3 configuration.
• Remove libwebp once to prevent that error.
yum install libwebp -y • Reinstall libwebp.
yum install php-gd -y • Install the libraries required to upload images to S3.
yum install php-devel.x86_64 • Install the libraries required to upload images to S3.
Section Contents
RDS Multi AZ Set RDS to a multi-AZ configuration and check

Configuration the settings that allow failover to take place.
ELB Basics Learn the basic functions and features of an ELB.
Create an AMI for the existing EC2 instance and

ELB Set up duplicate it in another AZ; configure the EC2
instance as an ELB target and create the ELB.
Learn the basic functions and features of Auto

Auto Scaling Basics
Scaling.
Create a launch configuration for Auto Scaling.

Auto Scaling Set up
Configure the Auto Scaling group.
RDS Multi-AZ
Configuration
Route53
S3
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
EC2

10.0.1.0/24 10.0.3.0/24
RDS
MySQL DB server
Route53
S3
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Route53
10.0.0.0/16
AZ ELB AZ

10.0.0.0/24 10.0.2.0/24
S3
EC2 EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Route53
10.0.0.0/16
AZ ELB AZ

10.0.0.0/24 10.0.2.0/24
S3 Auto
Scaling
EC2 EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
DB layer redundancy
Route53
S3
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
ELB Basics
What is ELB?
ELB is a service that provides a load balancer that enables
processing by multiple EC2 instances
Distribute traffic to
multiple instances
ELB
EC2 EC2
What is ELB?
You can also check the health of your EC2 instances and
use only normal instances.
Distribute traffic to
multiple instances
ELB Concentrate traffic to this one.
EC2 EC2
ELB Features
ELB promotes Scalability through load balancing and high
availability through health checks
Ensuring Scalability High availability
Load balancing accross multiple Distribute traffic only to active

EC2 instances/ECS Services targets from multiple EC2
instances in multiple availability
zones
traffic load traffic load Focus on

Distributed: 30 Distributed: 70 active target.
ELB ELB
EC2 EC2 EC2 EC2

ELB Features
A managed load balancing service that is commonly used
to distribute processing of EC2 instances
 A service that distributes the load between instances. Load

balancing can be done by targeting IP addresses as well as
instances.
 Health check recognizes abnormal instances and distributes traffic
to only active instances.
 Can be used for both public and private subnets
 Scaling, which automatically increases or decreases capacity based
on load, is done on the AWS side as a managed service.
 Charged by load balancer capacity unit (LCU) usage based on time
(CLBs only)
 Integrate with Auto Scaling, Route 53, Cloud Formation, etc.
Select the ELB type
There are three types of load balancers available, and
they can be used for different purposes
• Layer 4 and 7 are supported, using TCP, SSL, HTTP and HTTPS
listeners
• Since it's an older type, you should prioritry use ALB or NLB.
CLB
• It is charged based on data transfer (in GB).
• Since IP addresses are variable, only DNS is available when
specified
• Layer 7 support and HTTP/HTTPS listener support

• Path routing is available
• Charged by load balancer capacity unit (LCU) usage based on time.
ALB
• Since IP addresses are variable, only DNS is available when
specified
• Cross-zone load balancing is enabled by default
• L4 NAT load balancer to support TCP listeners (return traffic does

not go through the NLB)
• It is charged by the amount of LCUs used, based on time.
NLB • Subnet expansion support for NLB (subnets can be added)
• Fixed IP, so both DNS and IP can be used
• Higher performance processing than ALB and CLB
• Cross-zone load balancing is disabled by default
Summary
 ELB is a service that provides a load balancer that

enables processing on multiple EC2 instances. It
distributes the traffic across multiple instances.
 Perform health checks on EC2 instances and sends
traffic only to normal instances.
ELB set up
Route53
S3
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Route53
S3
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
EC2 AMI

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Route53
S3
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
EC2 AMI EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Route53
S3
10.0.0.0/16
AZ AZ

10.0.0.0/24 10.0.2.0/24
EC2 EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Route53
10.0.0.0/16
AZ ELB AZ

10.0.0.0/24 10.0.2.0/24
S3
EC2 EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Auto-Scaling Basics
What is Auto Scaling?
The ability to add new instances to improve performance
when access to the instance has increased
When traffic exceeds the processing

volume of two EC2 instances
ELB
EC2 EC2
What is Auto Scaling?
The ability to add new instances to improve performance
when access to the instance has increased
When traffic exceeds the processing

volume of two EC2 instances
ELB
New EC2 EC2 EC2

Scaling type
There are two types of scaling: vertical scaling and
horizontal scaling. Auto-scaling is horizontal scaling
Vertical Scaling Horizontal Scaling
[Expansion] [Expansion]
Scale-up: adding or increasing Scale-out: Increase the number of
memory and CPU devices/servers to be processed
[Reduction] [Reduction]
Scale-down: Reduce memory and Scale-in: Reduce the number of
CPU and lower performance devices/servers to be processed
The Auto-Scaling configuration process
Auto Scaling configuration requires advance preparation
of the ELB and startup template
(1) Creating an
ELB target group.
(2) Create launch

configurations
(3) Create Auto-Scaling group

Setting Threshold
Setting Scaling policy
Setting termination policy
Collaboration with ELB
Instances launched by Auto-Scaling can be placed in the
target group of the ELB
Settings of Auto-Scaling
After preparing launch configurations or launch templates,
configure the Auto Scaling group.
Create Launch Create

configurations Auto Scaling group
✓ Configure settings such as the

instance types to be started by
✓ Setting the group size (number
Auto Scaling
of instances to be launched) of
✓ Use launch configurations or Auto Scaling
launch template.
✓ Setting the Execution Threshold
✓ launch configurations are
✓ Select a scaling policy and set
dedicated to Auto Scaling.
the scale-out and scale-in
✓ launch templates are available methods
for all instance launches, with
✓ Set up a Termination Policy
enhanced features such as
versioning
Creating launch templates
A launch template is a mechanism that uses the startup
settings described in EC2 as a template for automatic
startup.
A launch template
Auto Scaling
✓ Currently, it is recommended to use a launch

template rather than a launch configuration.
✓ If the AMI is updated, it needs to be recreated.
✓ Select and start the instance as configured in the
launch template.
✓ The startup configuration is dedicated to Auto
Scaling.
✓ Launch templates are widely used to launch E2
instances
Auto Scaling Configuration
Configure Auto-Scaling with ELB configuration for
redundancy and auto-scaling for heavy traffic
Region
AZ AZ
Subnet Subnet
10.0.1.0/24 10.0.2.0/24
ELB
EC2 Auto-Scaling EC2

Setting the Group Size
In setting the group size, you can set the increase or
decrease values of the instance.
✓ Set the number of instances in a state where

Auto Scaling is not running.
Desired Capacity
✓ You can manually perform scaling by
increasing this number.
✓ Set the lower limit of the number of instances

to be reduced when scaling in.
Minimum Capacity
✓ You cannot set a value larger than your
desired capacity.
✓ The maximum capacity sets the maximum

number of instances to launched on scale-out.
Maximum Capacity
✓ You cannot set a value less than the desired
capacity.
Setting a scaling policy
Set a scaling policy and implement scaling.
This is the normal Settings for Target Tracking

Simple Scaling Policy
scaling
One-step scaling based on alarm settings
Dynamic
scaling Multi-step scaling with two or more step
adjustment values that dynamically scale the
Step scaling
number of instances based on the size of the
alarm exceedance
Adjust the desired capacity and perform the

Manual scaling
scaling manually.
Specify the date and time to execute the scaling

Scheduled scaling
and execute the scaling.
Setting a scaling policy
Multiple scaling policy settings can be used in combination
Perform dynamic
Set up a Scheduled scaling when the
Scaling schedule is exceeded.
Health check
Use either EC2 status information or ELB health checks to
check the health of EC2 under Auto-Scaling
If the status of the instance is not running, it is

EC2 Status
considered abnormal.
ELB Take advantage of ELB's health check feature

Health check
ELB health checks and CloudWatch alerts can be used as
triggers
ELB CloudWatch
Auto-Scaling Auto-Scaling
Summary
 Auto Scaling is a feature of EC2 instances that

improves performance by adding new instances when
access to an instance greatly increases.
 Configure the Auto Scaling group with the startup
configuration or startup template.
 Set up a scaling policy, and scaling will be performed
by triggering the CloudWatch alert function.
 It uses ELB health checks to stop abnormal instances
and replace them with normal ones.
Auto-Scaling Set up
Route53
10.0.0.0/16
AZ ELB AZ

10.0.0.0/24 10.0.2.0/24
S3
EC2 EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Route53
10.0.0.0/16
AZ ELB AZ

10.0.0.0/24 10.0.2.0/24
S3 Auto
Scaling
EC2 EC2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Hands-on content
(1) Create ELB target group ✔
(2) Create Launch

configuration
(3) Create Auto-Scaling group

Set threshold
Set scaling value
Set scaling method
Section Contents
Review the architectural configuration to

Image distribution
improve the delivery performance using
by CloudFront
CloudFront.
ACM Certificates
Use ACM to issue SSL/TLS certificates.
setting
CloudFront Basics Learn the basic functions and uses of CloudFront.
CloudFront set up Configure CloudFront for S3.

Image Distribution
by Cloudfront
Route53
10.0.0.0/16
AZ ELB AZ

10.0.0.0/24 10.0.2.0/24
S3 Auto
Scaling
EC2
EC
2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Route53
CloudFront
10.0.0.0/16
AZ ELB AZ

10.0.0.0/24 10.0.2.0/24
S3 Auto
Scaling
EC EC
2 2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Route53
CloudFront
HTTPS
ACM Certificate
10.0.0.0/16
AZ ELB AZ

10.0.0.0/24 10.0.2.0/24
S3 Auto
Scaling
EC EC
2 2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Alternative architectural configurations
CloudFront Route53
S3
10.0.0.0/16
AZ ELB AZ

10.0.0.0/24 10.0.2.0/24
Auto
Scaling
EC EC
2 2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Automatic failover
Internet
HTTPS Route53
S3 CloudFront
10.0.0.0/16 HTTPS
AZ ELB AZ

10.0.0.0/24 10.0.2.0/24
Auto
Scaling
EC EC
2 2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Automatic failover
Internet
HTTPS Route53
S3 CloudFront
10.0.0.0/16 HTTPS
AZ ELB AZ

10.0.0.0/24 10.0.2.0/24
Auto
Scaling
HTTPS
EC EC
2 2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Automatic failover
ACM Certificate settings
AWS Certificate Manager
ACM provides provisioning, management, and
deployment of Secure Sockets Layer/Transport Layer
Security (SSL/TLS) certificates.
https://aws.amazon.com/jp/blogs/security/how-to-help-achieve-mobile-app-transport-
security-compliance-by-using-amazon-cloudfront-and-aws-certificate-manager/
Route53
CloudFront
HTTPS
ACM Certificate
10.0.0.0/16
AZ ELB AZ

10.0.0.0/24 10.0.2.0/24
S3 Auto
Scaling
EC EC
2 2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
CloudFront Basics
What is CloudFront?
CloudFront is a CND service that uses global locations to
efficiently deliver content
CloudFront
EC2
content
server
See: https://aws.amazon.com/jp/cloudfront/features/?nc=sn&loc=2
What is CloudFront?
CloudFront is a CDN (Content Delivery Network) service
provided by AWS
CloudFront
What is CloudFront?
CDN is a service to speed up the process of web content
delivery
America Asia Europe
EC2
Web server
What is CloudFront?
delivery
America Asia Europe
EC2
Web server
Cloud Cloud Cloud

Front Front Front
What is CloudFront?
delivery
America Asia Europe
EC2
Web server Offloaded from
origin server
Cache Speeding up
delivery on edge
Cloud Cloud Cloud servers
Front Front Front
CloudFront features
Large-scale accesses to edge locations around the world
allow for the efficient and rapid delivery of content.
 High-performance distributed distribution with over 210 edge

locations
 High performance contents delivery
 Security features through integration with AWS WAF, AWS
Certificate Manager and AWS Shield DDoS protection
 Dynamic page delivery is possible by forwarding the origin with
headers, cookies, and Query Strings.
CloudFront configuration
CloudFront delivery contents using edge locations closer
to the user
Origin
Edge Edge Edge

location location location
One of the basic configurations is to configure CloudFront
delivery to S3 static web hosting.
CloudFront CloudFront CloudFront CloudFront

@EdgeLocation @EdgeLocation @EdgeLocation @EdgeLocation
S3 Bucket
(Static Web Hosting)
origin server
Configuration with an EC2 instance of the web application
as the origin server is also a common configuration.
CloudFront CloudFront CloudFront CloudFront

@EdgeLocation @EdgeLocation @EdgeLocation @EdgeLocation
Web application
EC2
Origin Server
Set the Cache Retention Period
After deciding what to cache, it is important to predict the
frequency of cache usage and set the cache retention
period.
• Specifies the minimum period of time (in seconds)

that an object should be kept in the CloudFront cache
Minimum TTL before CloudFront sends another request to the origin.
• The default value is 0 (seconds).
• Specifies the maximum period of time (in seconds)

that an object should be kept in the CloudFront cache
Maximum TTL before CloudFront queries the origin to see if the
object was updated.
• The default value is 31,536,000 (seconds), or 1 year
• Specifies the default period of time (in seconds) that

an object should be kept in the CloudFront cache until
Default TTL CloudFront sends another request to the origin.
• The default value is 86,400 (seconds), or one day.
Set the Cache Retention Period
You can use TTL, Cache-Control and Expires headers to
control how long objects are kept in the cache
Cache Analyze content usage data and set target URLs for the
Target Setting caching of static and dynamic content.
TTL Cache retention period set for CloudFront delivery
The Expires header on the Cache-Control header

Expires
Setting the cache expiration date
Cache header
Example: Expires: Thu, 01 Dec 1994 16:00:00 GMT
Expiration
Date
You can specify how long (in seconds) CloudFront will
Cache- keep the object in the cache before retrieving it from
Control the origin server again.
max-age The minimum expiration time is 0 seconds for web
headers distribution and 3600 seconds for RTMP distribution.
Maximum value is 100 (years).
Summary
 CloudFront is a service that efficiently delivers content

using global locations.
 You can use edge locations around the world to deliver
content efficiently and quickly.
 CloudFront is often used when delivering content
within S3.
CloudFront set up
Route53
CloudFront
HTTPS
ACM Certificate
10.0.0.0/16
AZ ELB AZ

10.0.0.0/24 10.0.2.0/24
S3 Auto
Scaling
EC EC
2 2

10.0.1.0/24 10.0.3.0/24
RDS RDS
Synchronous
replication
Hands-on content
 Configure CloudFront with S3 as the origin.

 Set up Route53 to connect the domain we use to
CloudFront DNS.
 Configure WORDPRESS to CloudFront so that it can be
delivered from CloudFront.
Operational Management
AWS shared Based on AWS shared responsibility model,

responsibility model identify the issues that users need to address
AWS operations and Learn about the services related to AWS

management Services operations and management.
Learn the basic functions and features of

CloudWatch Basics
CloudWatch.
CloudWatch Set up CloudWatch to obtain and visualize

Metrics settings metrics.
AWS security related Understand the services related to AWS security

services enhancement.
Operational management
AWS Cost
Identify services related to AWS cost
Management
management.
Services
Learn the AWS Support plans and understand

AWS Support System what they can do for you. Explore AWS support
ourselves.
How to migrate Understand the key points and considerations

to AWS? when you migrate to AWS.
AWS Design pattern Learn about basic AWS design patterns.
Understand the hybrid cloud and how to

Hybrid Cloud
implement it using AWS.
Operational management
Discover the importance of tools like AWS to

Promoting DX
promote digital transformation (DX).
AWS’s shared
responsibility model
Managed cloud-based services
As AWS has both unmanaged and managed services,
administrative and security task sharing is essential.
Unmanaged Managed

backup backup

EC2 RDS

AWS shared responsibility model
AWS shared responsibility model divides the responsibility
for security between AWS and the user.
User-installed software
Applications developed by the user
USER User access Role-based access
AWS services used by users
AWS Infrastructure
Hardware (esp.
Software Network
computer)
AWS
AWS Data Center

AWS shared responsibility model
AWS shared responsibility model divides the responsibility
for security between AWS and the user.
User-installed software
Applications developed by the user
USER User access Role-based access
AWS services used by users
 Account management with IAM

 Setting up a security group
 Role-based access settings for applications
 Configuration of network/instance operation system (batch), etc.
 OS/host-based firewall installation
AWS operations and
management Services
Governance and Management Cost

Identity management
Network
Migration and
Computing Relocation
(Server)
Office
Database Storage
Network
Security
CloudWatch
A monitoring service for AWS resources and applications
running on AWS monitoring a variety of logs and metrics.
CloudWatch A system monitoring service running on AWS that

(Metric performs health check, performance and capacity
monitoring) monitoring.
CloudWatch Logs can perform monitoring, recording,

CloudWatch
and access of your log files from EC2 instances,
Logs
AWS CloudTrail, Route 53, and other sources.
CloudWatch Events delivers a near real-time stream

CloudWatch of system events that describe changes in AWS
Events resources. You can match events and route them to
one or more target functions or streams by rules.
AWS CloudTrail
A service that logs AWS user operations (API operations
and user sign-in activities)
 Track root account / IAM user operations

 CloudTrail log files are stored in S3.
 Encryption using KMS is possible
AWS Config
A service that manages resource change history and
configuration changes from AWS resource repository
information.
 Periodically save snapshots of resource configuration

to S3
 Evaluate whether the system configuration conforms
to a set of standards and rules.
 Standard and rules are AWS’ own or custom user
rules.
AWS Config
AWS Config has streams to manage configuration
changes and snapshots to store history and components
to manage a timeline
Configuration Configuration Configuration
Stream History Snapshot
 Record components
at a certain point in
 A record of changes  Record the changing time
when a resource is components of each
created / modified / resource over a  Snapshots are
deleted. custom period. created on a regular
basis or triggered by
 SNS notifications can  History is stored in changes.
be set to alert users S3 bucket
 Snapshots are stored
in S3 buckets.
AWS Service Catalog
A support service that creates and manages a catalog of
approved AWS services
For IT operations
For General Users
Administrators
It provides the ability to

Based on the catalog created
define other approved IT
by the IT operations
resources you can use.
administrator, general users
Allows IT admin to centrally
can use the approved IT
manage the usage authority
resources set in the catalog
of AWS-approved resources
without needing approval
as catalog.
AWS Artifact
A service that centrally manages contract information
with AWS and compliance-related reports
AWS Artifact
AWS Artifact Reports
Agreements
Provides a compliance report

that confirms AWS's compliance Manage your contract between
with standards and regulations your AWS account and AWS
set by auditing bodies around the themselves.
world.
AWS Systems Manager
A service that automates operational tasks by monitoring
AWS services and resources in use
View operational data for each resource group

Reduce problem
such as EC2. Identify problems that may affect
detection time
the application.
Automate operational tasks such as EC2

Operation automation patching, updating, configuration changes /
deletions / stops and deployments
Visualization and Easily visualize and control the latest state of

control each resource group
Manage AWS servers and on-premises servers

Hybrid management
with a single interface
Summary
 The first step in managing AWS operations is to set up

a system to implement monitoring and visualization
using CloudWatch and CloudTrail.
 You need to understand and use different operations-
related services like AWS Config and AWS Systems
Manager.
CloudWatch Basics
CloudWatch
running on AWS that can monitor a variety of logs and
metrics.
Centralized Trouble
Monitoring
management shooting
Confirmation of
Log analysis Automatic action
operational status
CloudWatch
running on AWS that can monitor a variety of logs and
metrics.
CloudWatch A system monitoring service running on AWS that

(Metric performs health check,performance and capacity
monitoring) monitoring.
CloudWatch Logs can perform monitor, store, and

CloudWatch access your log files from Amazon Elastic Compute
Logs Cloud (Amazon EC2) instances, AWS CloudTrail,
Route 53, and other sources.
CloudWatch Events delivers a near real-time stream

CloudWatch of system events that describe changes in AWS
Events resources. You can match events and route them to
one or more target functions or streams by rules.
CloudWatch
CloudWatch metrics is used to get helpful metric data
Standard Metrics Custom Metrics
• You can publish your own

• CloudWatch can obtain CPU metrics to CloudWatch using the
Utilization, disk utilization, read AWS CLI or an API.
IOPS, and many other common
metrics for free • Each metric is one of the
following:
• Basic Monitoring Metrics (at 5-
minute frequency) – Standard resolution: monitor
data at the one-minute scale
• Detailed Monitoring Metrics (at
1-minute frequency) – High resolution: monitor data
at the one-second scale
CloudWatch Dashboard
Select the RDS metrics you need and visualize them in the
dashboard
Conduct enhanced monitoring
Real-time metrics of the operating system (OS) on which
the DB instance is running can be obtained.
✓ Over 50 different OS metrics types available

✓ Metrics can be acquired at intervals of 1 to 60 seconds
(standard for free-tier is 5 minutes)
✓ The acquired metrics will be stored in CloudWatch Logs.
✓ Charges are only incurred for enhanced monitoring beyond
the free usage quota indicated in Amazon CloudWatch Logs
✓ Enhanced monitoring can be used for all DB instance classes
except db.m1.small.
✓ Measures against throttling during API calls
CloudWatch Alarm
CloudWatch alarms allow for alert notifications and
automated actions based on specific metrics data
A set of time-series data points published to

Metrics CloudWatch.
Allows metrics for each region
CloudWatch metrics containers which keeps

Namespace Metrics in different namespaces, isolated from each
other and mixing the wrong data.
A name/value pair that is part of the identity of a

Dimension metric.
(Example: Instancedid=i-123948576)
Summary
 CloudWatch is a monitoring service for AWS resources

and applications running on AWS, allowing you to
monitor different logs and metrics.
 You can use CloudWatch metrics to get a lot of custom
metrics and visualize them in your dashboard.
 CloudWatch alarms allow you to perform alarm
notifications and automatic actions based on the
thresholds you choose.
CloudWatch Metrics
Settings
Hands-on contents
1. Checking the CloudWatch Console

We will check the many functions and settings in the
CloudWatch console.
2. Configuring CloudWatch Metrics

Select the RDS metrics in CloudWatch and configure the
settings to visualize and display the metrics in the dashboard.
AWS security-related
services
AWS Resource Encryption
AWS needs to use two types of encryption: communication
encryption and stored data encryption.
Communication ✓ Encrypt communication using SSL /

encryption TLS certificates.
Stored data ✓ Encrypt data stored in databases

encryption and storage.
AWS Resource Encryption
AWS needs to use two types of encryption: communication
encryption and stored data encryption.
Stored data
Communication encryption
encryption
✓ Encrypt your data by default

using an AWS key.
✓ Issue and manage SSL / TLS
certificates using AWS
✓ Manage data encryption and
Certificate Manager (ACM).
your created keys using KMS
✓ SSL / TLS communication is
✓ Meet strict security standards
enabled by linking the certificate
by using a hardware key
issued by ACM with CloudFront
management service
and ELB.
(CloudHSM) that complies with
global security standards
CloudHSM
CloudHSM is a service that protects encryption keys with
a dedicated HW module (HSM), which is protected against
unauthorized use
CloudHSM
Security threat detection
Increase security by continuously monitoring
Monitor governance, compliance, operations and risk with

CloudTrail user behavior logs.
A monitoring service that collects and tracks metrics and logs

CloudWatch for AWS resources and applications running on AWS.
AWS Threat detection service that continuously monitors for

GuardDuty malicious operations on AWS
A service that automatically verifies applications, identifies

Amazon
the presence of vulnerabilities and deviations from best
Inspector practices, and conducts security evaluations.
IAM Access Analyzer
IAM Access Analyzer is a function to verify whether there
are vulnerabilities in your IAM policies or S3 bucket
policies.
https://aws.amazon.com/jp/blogs/news/identify-unintended-resource-access-with-aws-identity-and-access-management-iam-access-
analyzer/
AWS GuardDuty
A service that uses machine learning to automatically
detect security threats to AWS infrastructure and apps
Threat
assessment
VPC Flow
Logs
High
Malicious access
DNS Logs
Medium
Low
CloudTrail
Amazon Inspector
Hosted diagnostic service that checks Amazon EC2 and
diagnoses platform vulnerabilities
◼ Automatically analyze system settings and behavior on

demand for AWS resources.
◼ Evaluates EC2 based on 4 rule packages :
- Network Reachability
- CIS (Center for Internet Security)
- Security best practices
- CVE (Common Vulnerabilities & Exposures)
◼ Detailed report including recommended response steps
◼ API integration with development process

AWS Shield
A free service that automatically applies an automatic
mitigation system for DDoS attacks on L3 / L4 with
CloudFront and Route53
✓ Automatic mitigation system applied to L3 / L4
✓ Integrated with CloudFront and Route53.
✓ It is located at the edge location and inspects all incoming packets.
✓ Automatically mitigates 96% of DDoS attacks
✓ Free for Standard version / Paid for Advanced version
Edge Location
Automatic
DDoS Attack Protection
System
AWS Shield
By using AWS Shield Advanced, it is possible to carry out
strong defense from large-scale attacks in cooperation
with WAF.
Standard Advanced
✓ Supports DDoS attacks on L3 / ✓ Defend against DDoS attacks at

L4 layer 7 in cooperation with WAF
✓ Free and usable for all users ✓ Protect from even larger attacks
✓ Defend SYN / UDP floods and than Standard
replay attacks ✓ Access the AWS DDoS Response
✓ Performs automatic detection Team (DRT) 24/7
and protection ✓ Protect users from increased
✓ It is integrated with CloudFront costs due to resource usage
and Route53 and runs spikes.
automatically. ✓ Reporting function available
AWS WAF
Firewall service that inspects traffic communication of
WEB applications and blocks attacks through
vulnerabilities and blocks unauthorized access
✓ Block malicious requests such as SQL injection and cross-site scripts.
✓ Users can set custom rules. (Rate-based rule / IP-based filter /
regular expression pattern / size limit / action allow / deny setting)
✓ Monitoring in conjunction with CloudWatch
Region
WEB
Unauthorized access
WAF application
(EC2)
Summary
 There are two types of encryption in AWS : encryption

of communications using ACM and encryption of stored
data using KMS.
 It is also important to use CloudTrail, GuardDuty, etc.
to increase security through continuous monitoring and
surveillance.
 WEB access protection using AWS WAF or AWS Shield
should be implemented at all times.
AWS Cost Management
Related Services
AWS Cost Management
Support tools and services related to operations,
maintenance and support
Visualization tools for understanding, analyzing and

AWS Cost Explorer managing AWS costs and usage and its economics
The cost of AWS and

It is a Report to see the cost and usage details of AWS
Usage Report
It can set custom budgets to send out alerts when budget

AWS Budgets thresholds are exceeded
Tools to Help with AWS Costing

Pricing Tools Quick Estimator/TCO Calculator/Pricing Calculator
It can categorize costs by your own organization and

AWS Cost Categories project structure
Services that provide advice on cost optimization and

Trusted Advisor security and improving performance vs.
Utilizing the Pricing Tool
Use the official AWS tools for quotes and price
comparisons
You can compare the price with AWS and on-premises

TCO Calculator
or colocation environments.
Pricing You can conduct an individualized forecasted cost

Calculator estimate in line with your business and personal needs.
AWS Pricing Calculator
New service to conduct individualized forecast cost
estimates in line with business and personal needs
See: https://calculator.aws/#/
CloudWatch Billing Alarms
CloudWatch's billing feature allows you to set alarms on
billing amounts
AWS Budgets
Custom budgets can be set up and fine-tuned to set
alarms for when costs or usage exceed the budgeted
amount or budgeted amount.
https://aws.amazon.com/jp/aws-cost-management/aws-budgets/
Cost Explorer
Visualize changes in AWS costs and usage over time and
create custom reports to analyze cost and usage data.
AWS Cost and Usage Report
Provides the most comprehensive data on AWS costs and
usage
Lists AWS usage for each service category used by account/IAM

users as an hourly or daily statement item.
https://aws.amazon.com/jp/aws-cost-management/aws-cost-and-usage-reporting/
AWS Cost Categories
The ability to categorize costs by your own organization
and project structure
AWS Trusted Advisor
Services that provide advice on cost optimization and
security and improving performance vs.
Summary
 You need to understand the AWS billing structure and

purchase options in order to achieve cost optimization.
 For this purpose, it is important to implement optimal
pricing and budget management by using the different
tools and services like AWS Cost Explorer and price
calculation tools.
Hands-on content
 Review and understand each function of the billing

dashboard so that you can manage costs on your own.
 Estimate costs of AWS service using the AWS Pricing
Calculator.
AWS Support System
AWS Support
AWS support is human operated service on AWS
Basic Developer Business Enterprise
Customer
Supported for All plans
Services
Support Forum Supported for All plans
Document Use Supported for All plans
Only access to 6 security checks and

Trusted Advisor Access to all check and report features.
limit checks for 50 services
E-mail support Technology support

Technical Support Phone/chat/email (TAM)
Health Check (weekdays 9:00 concierge support/
(24/7), live
Access to Support a.m. to 6:00
sharing screen lab usage/well-
p.m.) architected support
Numbers of Users 1 unlimited unlimited

Technical support
Respond to
Urgency/ Minimum of 12
Minimum of 1 emergencies in
hours for failure
Initial hour for outage around 15
or urgent
in progress minutes /
response time inquiries
top priority
Hands-on content
 Go to AWS Support from the AWS Management

Console to find out how we can use AWS Support.
How to migrate
to AWS?
Small start for AWS
It is better to perform a small start on AWS by
implementing one new application first.
Set up a small team of several people. Build a web application using the
basic configuration.
Migrate to AWS
When migrating to AWS from on-premise, it is important
to consider AWS from the perspective of the overall
business and system operation system.
◼ Make decisions to utilize AWS at the management level.
◼ Formulate policies to promote your digital business with AWS.
◼ Create system development plans and operation system policies.
◼ Add AWS experts to the IT team and help your IT personnel learn AWS.
◼ Share an internal culture based on the use of AWS.

Points to consider
It is best to consider AWS implementation from the
perspective of the overall business and system operation.
◼ Cost: Calculation and comparison of the cost of AWS with other options
◼ Services: Identify the services and functions you can use
if you were to switch to AWS.
◼ Migration feasibility: Understand the reality of migrating your
existing applications and infrastructure
◼ Human resources: Identify personnel who should develop and
operate AWS.
AWS implementation support
You need to carefully develop a migration plan
Plan Transition Operation
• Calculate and compare • Use the many • Develop a post-

the total cost of AWS migration migration
ownership when using services to migrate operation system
AWS. data and using AWS
• Create a migration plan infrastructure operation services.
from on-premises settings to AWS.
environments or other
cloud platform
• Confirm the migration
procedures and methods.
Migration tools and services
You need to utilize mervices used for infrastructure
migration and data migration to the AWS cloud
Plan Transition Operation
Suppor
t
TCO Calculator
TCO Calculator lets you to compare the costs of using
AWS and on-premises environments, etc. . You can now
estimate the cost savings.
See: https://aws.amazon.com/jp/tco-calculator/
AWS Application Discovery Service
A service that provides information necessary for migration,
such as server usage data and dependency mapping
✓ Know what will be migrated

to the cloud.
✓ Understand information
Discovery
Agent about the target devices
(VMware/Windows/Linux
environment)
✓ Understanding the current
dependencies of devices and
software
✓ Eliminate the manual labors
for migration tasks
Summary
 When implementing AWS, it is advisable to start small

and develop one new application.
 When implementing AWS on a company-wide basis, it
is necessary to implement managerial decisions that
take into account everything from the business to the
organizational structure and culture.
 Create a well-designed plan for AWS migration and
using AWS migration services.
Design Patterns
E-Commerce site design
AWS Cloud
CloudFront Route53
Availability Zone Availability Zone
VPC
ELB
S3
NAT gateway
Auto Scaling group

Amazon EC2 Amazon EC2

Master RDS Slave RDS
Synchronous
replication
Automatic failover
E-Commerce site design (v.2)
AWS Cloud
CloudFront Route53
VPC
ELB
S3
NAT gateway
Auto Scaling group


Master RDS Slave RDS
Synchronous
replication
ElastiCache Automatic failover ElastiCache
(Replica)
Business Application Design
AWS Site-to-Site VPN
AWS Cloud
AWS Direct Connect
VPC
Private subnet ELB Private subnet
NAT gateway
Auto Scaling group

Synchronous
replication
Master RDS Automatic failover Slave RDS
Serverless Design
AWS Cloud
Storing images By S3 event Store image

in S3 buckets Execution of metadata in
Storing Images Lambda function DynamoDB
Image files
S3 AWS Lambda Amazon DynamoDB
IoT Design
AWS Cloud
Collecting data Lambda function Firehose

From IOT devices processes IOT data. stores the data in S3
AWS IoT AWS Lambda Amazon Kinesis S3

Core Data Firehose
SnapDish
SnapDish, a food photo sharing application built on AWS.
Reference: https://snapdish.co/
SnapDish
AWS Cloud
CloudFront Route53
VPC
ELB
S3
Auto Scaling group


Amazon SQS MongoDB MongoDB
replication
ElastiCache
ElastiCache
Amazon backup (Replica)
CloudSearch
MongoDB Hidden
Hybrid Cloud
Cloud usage
The use of cloud computing has become commonplace, and
most companies are planning to use multi-cloud computing.
84% plan to go multi-cloud
Reference: IDG Cloud Insignts survery 2018

What is a hybrid cloud?
There are three types of hybrid clouds
on-premise on-premise
Advantages of Hybrid Cloud
Take advantage of the benefits of the cloud while still using
existing IT assets. Also, enjoy the benefits of multiple clouds
at the same time.
◼ Start using the cloud while still retaining existing IT assets
◼ Leverage the flexibility and attention to detail of on-premise
while gaining the agility and availability of the cloud in key areas
◼ Leverage the benefits of multiple cloud services to achieve cost and
and functional optimization.

Disadvantages of Hybrid Cloud
It becomes complicated to operate multiple cloud and on-
premise environments.
◼ Personnel will be needed to operate each cloud platform.
◼ The operation and management system will be complicated.
◼ As a result, operational costs will increase.

Hybrid Cloud in AWS
Connect with on-premise environment to create a hybrid
cloud environment
Direct Connect
AWS VPN
AWS Storage Gateway
AWS Directory Service
on-premise
Hybrid Cloud in AWS
AWS Outposts can be used to deploy AWS services such as
RDS and EC2 instances to on-premises environments.
AWS Outposts
on-premise
Hybrid Cloud in AWS
On-premise environments and virtual servers can be easily
deployed and migrated to AWS
VMware Cloud on AWS
on-premise
AWS Hybrid Cloud
AWS's main usage is a hybrid cloud with on-premise
environments
AWS alone can't handle the rest of the

hybrid cloud setup
on-premise on-premise
Utilize cloud-to-cloud collaboration services
Hybrid cloud combing cloud platforms requires the use of a
third party hybrid tool
On-premise and edge AWS and others
Reference: https://www.topgate.co.jp/google-cloud-day-1-anthos
Promote DX by AWS
Response to Technology Evolution
Flexible and rapid service development is required to
respond to modern technology and business evolution
Response to Response to
Technology evolution diverse customer needs
① The speed of technological ① Diversified customer needs
evolution is fast
② The speed of business ② Understanding customer needs

development utilizing this through design thinking/lean
technology is fast startup
③ System development that is ③ Need to respond quickly to

short-term and resistant to customer needs
change is required
Introducing development methods that

can respond immediately to business and customer needs
- 722 -
UBER Case Study (1/2)
Founder of Uber experienced not being able catch a cab in
San Francisco, which inspired the idea for Uber
Experience
“I tried to get a cab in San Francisco, but I
couldn't find one.”
Issues found
“Wouldn't it be convenient if we could arrange
for a cab to be closest to the customer when
they need it?”
Solution by using Data x IoT and AI

“We can solve the problem by using machine
learning to match the user's smartphone GPS
data with the cab's location information.”
723.
UBER Case Study (2/2)
Use GPS data from smartphones and cab driving data to
optimize vehicle dispatch through machine learning.
Achieve optimal vehicle dispatch by using

machine learning
✓ GPS information of customers

✓ City Size
✓ Peripheral map data
✓ Weekday and holiday data
✓ Time zone data
✓ Acceptable wait-time for each user
✓ Average mileage/average fare for each
driver
✓ Number of potential lost orders, etc.
724-
Design Thinking
In design thinking, a problem is discovered by observing
the user, and the idea is created through a repeating
prototype-test cycle.
Empathy Define Ideate Prototype Test
Discover insights Breakdown and Create many Prototype the Trial with users, get
from observations, investigate the solutions and get main ideas. feedback, and keep
interviews, and insights to narrow creative with the improving
experiences down to core issues ideas.
- 725 -
Lean Startup
Build a business model from ideas, verify MVP, and repeat.
Learn to refine the business model
idea
Learning Building
Data Products
Testing
Lean Startup
Build a business model by creating a lean campus and
brushing it up each time.
Issue Solution (esp. Provide unique Overwhelming Customer

to a problem) value advantage Segment
Three main
issues Three main A single, clear, How we prevent Target
good functions and compelling being imitated or Customers
message that purchased
explains the
KPI differentiators channel
and noteworthy
Key indicators value of the Sales channels
for achieving service or to customers
business product
Cost structure Sales Structure
Fixed and variable costs of business, Revenue model, customer lifetime value, etc.
customer acquisition costs such as marketing
and sales, etc.
Agile type Development
Agile development (especially Scrum) enables flexible
acceptance of customer requirements and rapid development
Waterfall Agile
A method in which all requirements are Development method to grow the system
first determined and then the phases are little by little, repeating the iteration for
completed in stages of development about 3 to 4 weeks
Iteration 1
Release
Iteration 2
Release
Iteration 3
Release
DevOps
DevOps is an organizational structure and process that
links Development and Operation.
Traditional development and operation DevOps
Development and operation are in different Share human resources and culture with
teams, with different working culture and development and operations teams, and
way of working. This leads to many use modern tools to facilitate this
conflicts and issues
Development Operation Design Deploy

Team Team Plan
Operation
Coding
I want to add I want to Dev Release Ops
functions continue stable
immediately! operation!
Test Monitoring
Shared Shared
Culture Tools and Info
Inevitable conflict
Customer-centered Thinking
Utilize design thinking, lean startup, agile
development/DevOps for customer-driven innovation
[Creation phase] Method to find issues focused on

customers and solving them Idea
Design thinking
Method to create the minimum

[Planning phase]
viable product (MVP), repeat the
Lean startup verification cycle, and build a
business model
Development method that repeats

[Development phase]
design, implementation, and testing
Agile development in a short period of time
The concept of seamlessly linking

[Operation phase]
system operation and additional Develop
DevOps development
Digital Transformation
Adopt a flexible and fast-paced

organizational culture
Moving toward a Cloud-First Era
Cloud computing is essential to promote flexible and rapid
development.
Changes by the cloud
Internet Physical
◼ Our lives are changing through
cloud.
Cloud ⁃ Amazon/G-mail/DropBox and
various other services are cloud
wearable services
IoT Infrastructure
Platforms Platform ⁃ We are already using a variety of
services from the cloud.
◼ Cloud computing brings together
the Internet and the real world.
Mobile
Blockchain AI ⁃ IoT/wearable/mobile will bring real-
Platform Platform world behavioral data and device
data to the cloud.
⁃ Control various devices from the
Some web services use the cloud. PC cloud
◼ Business is changing through cloud.
WEB ⁃ Cloud computing makes system
construction faster and more
flexible.
social WEB Service IoT devices ⁃ AI/IoT/Blockchain are also provided
by icloud
Toward a Cloud-First Era
Transformation to cloud-first is essential to drive DX
Applicable technology frame Development method Operation procedures
Fast and
Cloud Agile DevOps dynamic
development
DX world
◼ IaaS ◼ Use of agile methods ◼ Integrate operations
⁃ Speed up environment ⁃ Apply agile and development
construction using pre- development methods ⁃ Promote collaboration
made infrastructure in between operations
the cloud and development
◼ Use of CI/CD
◼ PaaS teams
⁃ Agile and DevOps are based
⁃ Speed up development ⁃ Eliminate
on the use of Continuous
by using a pre-made communication
Integration and Continuous
development discrepancies between
Delivery
environment in the operations and
⁃ Use automation tools to development teams
cloud
speed up development,
◼ SaaS ⁃ Form one efficient unit.
testing, and implementation
⁃ Speed up the use of
services by using pre-
made application
services in the cloud

5.1 AWS - Basic - All

Uploaded by

Copyright:

Available Formats

5.1 AWS - Basic - All

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

5.1 AWS - Basic - All

Uploaded by

Copyright:

Available Formats

AWS Architecture for Super Beginners

A course for IT beginners to learn AWS and infrastructure construction

Learn to build fundamental architecture on AWS!

This course is suitable even for those without AWS,

Public subnet 10.0.0.0/24 ELB Public subnet

Private subnet Private subnet

Learn the basic concepts of cloud computing

You will learn about the prerequisite information

You will learn about VPCs and subnets, which

While understanding the role of servers, you will

You will learn about domains and the role of

Learn the basics of databases and SQL and set

You will implement configurations to efficiently

Redundant Using ELB and Auto Scaling, you will improve

While setting up content delivery using

Check the services used to manage the

Basic functions such as EC2, S3, and VPC

RDS has hands-on using the paid version,

lecture Lecture Description

What is AWS? First, let's briefly review the features of AWS.

What is the As a prerequisite for building infrastructure on AWS, we

Why should we use AWS? Find out why you should

Overview of AWS Get a complete picture of the 200+ services offered by

lecture Lecture Description

To understand how AWS works, this course provides a

To understand how AWS works, you will understand

Review the billing structure of AWS services and the

✓ Time consuming ✓ Up and running in a

◼ EC2 ◼ S3 ◼ VPC ◼ RDS ◼ IAM

Quantum Media Virtual

 AWS is a cloud service provided by Amazon.

We would use the cloud if:

✓ We need a temporary server for a short-term campaign.

 Infrastructure refers to the equipment and software

AWS is the overwhelming top leader.

Reference：Synergy Research Group

AWS carries out overwhelming R & D.

1st place Amazon 28.8 billion dollars

AWS releases dozens of latest

When considering IT infrastructure,

AWS skills are a must for all IT professionals

 AWS is a very important cloud service because it is the

Amazon EC2 Service to set up a virtual server using AWS

Load balancer service that implements traffic control for

A service that automatically increases, decreases, or

A service that allows you to store and execute only

VPS （Virtual Private Server） service that provides a

Block-type storage physically attached to EC2

A storage service that has the same availability and

Relational database services compatible with MySQL,

Distributed, accelerated, high-performance relational

Key-value and document-based NoSQL databases that

Fully managed in-memory data store compatible with Redis

A data warehouse that provides a business data analysis

Networking and content distribution

A service that provides DNS server functions for domain

Networking and content distribution

A service that connects AWS and on-premises

Hybrid storage service that extends the storage of on-