Database Services
There are many different approaches to databases these days, as our data needs have grown more varied and complex. AWS does a great job of keeping up with the advancements in a variety of services:
Relational Database Service (RDS): AWS RDS makes it easy to set up, operate, and scale a relational database in the cloud. RDS allows you to choose from many database engines, including Db2, Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server. Figure 1-6 shows the RDS service GUI.
DynamoDB: Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a great fit for mobile, web, gaming, ad tech, Internet of Things (IoT), and many other applications. The popular language learning app Duolingo took part in an AWS case study about just how much the company relied on the powerful DynamoDB service of AWS.
Figure 1-6 The AWS RDS Service
ElastiCache: ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches instead of relying entirely on slower disk-based databases. Interestingly, ElastiCache is not an AWS proprietary solution; it runs the standardized Redis or Memcached solutions.
Redshift: Redshift is a fast, fully managed, petabyte-scale data warehouse that makes it simple and cost-effective to analyze all your data using your existing business intelligence tools. Many believe the name Redshift was selected to tease the rival database company Oracle, whose corporate color scheme is red.
Security Services
If you do it correctly, you can be more secure with the cloud than with any approach you could take by yourself in your own data center. Here are the major technologies in the security area that you should be aware of:
Identity and Access Management (IAM): AWS IAM enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and you can use permissions to allow and deny their access to AWS resources. Figure 1-7 shows IAM in the GUI of AWS.
Figure 1-7 IAM in AWS
Security groups: AWS security groups, which are associated with EC2 instances (specifically their virtual network interface cards [VNICs]), provide security at the protocol and port access levels. Each security group contains a set of rules that filter traffic coming into and going out of an EC2 instance. Think of a security group as a simple virtual firewall that protects your virtual machine. If there is no rule that explicitly permits a particular data packet, it will be dropped. Security groups also can be applied to many other services within VPC, including ELB, RDS, Redshift, and ElastiCache.
Network ACLs: Network access control lists (NACLs) are used to control traffic moving between your AWS VPC subnets. They function like traditional ACLs and are made up of permit and deny entries for various addresses and ports.
Note
Do not confuse network ACLs with security groups. Remember that security groups are assigned to EC2 instances using VNICs, while network ACLs exist between subnets that are typically populated with VMs and other virtual network infrastructure components.