AWS and its complexity
Cloud architecting is a complicated endeavour. As a cloud architect you responsible to implement best pratices, within time, resource, system, legacy and budgetary constraints. The entire OSI stack is at issue, and everything from networking to operating systems, APIs, security and application builds, data management and operational runbooks within your purview. Within the AWS cloud platform there are some 200+ services. The number of deployment methods and services is quite complex. There are many ways to stitch together an architecture to satisfy business and technical requirements. Without a set of core and easy to understand principles, the architect will lose his way and build a system that contravenes basic concepts around simplicity, cost effectiveness, security, availability, business continuity, manageability, transparency, control and extensibility to name just a few.
AWS cloud resources: Global VS regional VS zonal availability of resources
In AWS, global services such as Amazon S3, DynamoDB, and Route 53 are available anywhere globally. However, if you are using a regional service such as Amazon RedShift, CloudFront, or Elastic Map Reduce, then you must pick which region you would like to host those services. Areas can span several countries and use multiple availability zones within a part.
The last category of services is zonal. A zonal service runs in a single availability zone. An availability zone, or AZ, is an isolated location with electricity, networking connectivity, and cooling provided by Amazon. Examples are EC2 instances and EBS volumes.
Generally, if you choose an instance store as your storage option and then select availability zones as the replication method in your storage class definition, you can achieve high availability by running multiple instances of your Auto Scaling group across AZS.
AWS cloud hosting cost
Automation, IaC, PaaS, tagging, policy control, landing zones, and other techniques will reduce costs. While most products are priced per hour or minute, some products are charged by storage consumed or bytes transferred. ⚠️ Prices vary in each region.
Your traffic is charged in two ways — transactions and requests.
Transactions measure how much data you sent to AWS, like an API call or a PUT request to S3. Recommendations estimate how much data AWS sent back to you, for example, a GET request for an image from S3 or the size of an API response like that delivered by the Device Farm.
Cloud compliance: SOC 2 compliance & ISO
The AWS Cloud is SOC 1, 2, and SSAE 16/ISAE 3402 compliant, so you can rest assured that your business-critical applications are secure. AWS provides a SOC 2 questionnaire on each AWS service, which allows you and your auditors to confirm that the services meet the high standards of compliance, security, availability, and other controls concerning the service.
For example, ElastiCache for Memcached is not in scope and the regions in China. The latest SOC update includes 133 services (out of over 200) and 23 regions (out of 25).
Cloud Costs
To protect the AWS billing system and its infrastructure, AWS enforces limits (quotas) on some features that affect your cloud bill. These limits are necessary to maintain reliability and optimize cost.
By default, you are not allowed to launch 100 EC2 instances or create 100 VPCs. Some cloud quotas can be increased, while others can’t.
The default VPC quota determines the maximum number of VPCs you can create in each AWS Region. If your application architecture relies on creating many VPCs, please ensure that you have a sufficient quota for your needs.
Limitations of using AWS
Every service offered by AWS has its limitations. An example is the network throughput of EC2 instances. If your EC2 instance has guaranteed 10 Gbit/s connectivity, you only get 5 Gbit/s to and from the Internet.
EC2 blocks outbound traffic on port 25 by default. This might be a problem if you want to connect to an external MySQL instance. Alternatively, you can use an instance endpoint or set up port forwarding with the AWS Management Console.
SLAs
Amazon EC2 Auto Scaling Group (ASG) can be configured to automatically scale several EC2 instances up or down based on user-defined conditions. If you use the 99.5% AZ assessment rule and assume that your instances are deployed to different AZs in the same region, you can expect at least 99.5% availability for each EC2 example in an ASG.
A Service Level Agreement financially backs the EC2 services. Credit is provided to your account when an SLO is not met. There’s no additional credit if you have multiple EC2 instances and all miss the SLO. If AWS misses the SLO badly, AWS provides up to 100% in credits.
⚠️ Other services provide different or no SLAs.
Summary
A cloud architect is really a mix of hands-on specialist with someone who has a very good understanding of each service included in the designing and implementation of an architecture. It is a difficult role.