Let’s get a quick overview of Managed Services - IAAS and PAAS - from an AWS certification perspective. We will look at important certification questions regarding Managed Services - IAAS and PAAS.
You will learn
- What is IAAS(Infrastructure as a Service) ?
- What is PAAS (Platform as a Service) ?
- What are the different Managed Services provided by AWS?
- What is Shared Responsibility Model?
IAAS (Infrastructure as a Service)
IAAS (Infrastructure as a Service) is all about using only infrastructure from cloud provider. It is also called “Lift and Shift”. Example: Using EC2 to deploy your applications or databases
With IAAS, you are responsible for:
- Application Code and Runtime
- Configuring load balancing
- Auto scaling
- OS upgrades and patches
- Availability
- etc.. ( and a lot of things!)
PAAS (Platform as a Service)
PAAS (Platform as a Service) is all about using a platform provided by cloud
Cloud provider is responsible for:
- OS (incl. upgrades and patches)
- Application Runtime
- Auto scaling, Availability & Load balancing etc..
You are responsible for:
- Application code
- Configuration
Examples of PAAS
- CAAS (Container as a Service): Containers instead of Applications
- FAAS (Function as a Service) or Serverless: Functions instead of Applications
AWS Managed Service Offerings
Here are some of the AWS Managed Service Offerings:
- Elastic Load Balancing - Distribute incoming traffic across multiple targets
- AWS Elastic Beanstalk - Run and Manage Web Apps
- Amazon Elastic Container Service (ECS) - Containers orchestration on AWS
- AWS Fargate - Serverless compute for containers
- Amazon Elastic Kubernetes Service (EKS) - Run Kubernetes on AWS
- Amazon RDS - Relational Databases - MySQL, Oracle, SQL Server etc
- And a lot more…
Shared Responsibility Model
Security & Compliance is shared responsibility between AWS and customer
Shared Responsibility Model - Amazon EC2
Amazon EC2 instances is Infrastructure as a Service (IaaS).
You are responsible for:
- Guest OS (incl. security patches)
- Application software installed
- Configuring Security Groups (or firewalls)
AWS is responsible for infrastructure layer only.
Shared Responsibility Model - Managed Services
Amazon S3 & DynamoDB are managed services.
AWS manages infrastructure layer, OS, and platform.
You are responsible for
- Managing your data
- Managing security of data at rest(encryption)
- Managing security of data in transit
- Mandating SSL/HTTPS
- Using the right network - AWS global network or dedicated private network when possible
- Managing access to the service
- Configure right permissions (IAM users/roles/user policies/resource policies)
- (FOR AWS RDS) Managing in database users
- Configuring the right security groups (control inbound and outbound traffic)
- Disabling external access (public vs private)