IAM, S3, CloudWatch

In this section, we'll learn about IAM and using it to access other AWS services from an EC2 instance.

We'll have the instance access S3 for file storage and CloudWatch for monitoring logs.

Up until now, we've been building everyting on a single EC2 instance. Absolutely everything we need is running on a single instance.

/iam-s3-cw/assets/ec2.svg

In reality, we will need to use seperate instance or cloud services for different parts of our infrastructure. This is a more realistic diagram of what a basic web application might look like in the cloud.

/iam-s3-cw/assets/scaled/light.svg /iam-s3-cw/assets/scaled/dark.svg

This allows us to handle each part of our infrastructure seperately. We can scale each service as needed and handle failures more gracefully. There's a lot to discuss with this, and we'll look more into each peice in later sections. But here's a few things to consider:

Application Server

An application server needs to be able to horizontally scale on demand. This means spinning up and tearning down instances on the fly without any reprocussions. There's also potential to run this kind of infrastructure using containers, or serverless functions.

This only works if the server is only running code and not persisting any data.

Database

The database is the most important part of any web application, if your data, you lose your application

A database needs to be highly available, scalable, and backed up multiple times in multiple ways. Databases are also complicated because they need a large amount of storage and require some amount of computing power to run queries.

Static Files

Static files like images and videos can be stored cheaper in S3, and distributed globally through CloudFront.

Monitoring

Monitoring a single instance is as easy as logging in with ssh and checking the logs or running htop. Monitoring multiple instances and multiple services is challenging without the right tools.

Show timestamps
00:00
So far, we've been building an application within a single EC2 instance, which means we have
00:05
something like this where the load balancer or reverse proxy, the application, the database file
00:11
system, and application logs, they all exist in one place on one single EC2 instance. But in reality,
00:18
as our applications start to scale, or just if we want to utilize other AWS services,
00:22
we will have something that looks more like this, where we have our applications running on EC2,
00:29
or maybe even on Lambda or ECS or something. And then for our database, we'll use a database
00:33
service like RDS. For logs, we can use CloudWatch log. For file storage, we can store files in S3.
00:39
And we can use a load balancer service to distribute traffic and scale our application
00:45
and our infrastructure. So when we start integrating with multiple AWS services,
00:50
they need to be able to communicate with each other, and they need permission to do that,
00:54
permission to access other services. And that is all managed with IAM,
00:59
which is Amazon's identity and access management service. So in this section,
01:03
we're going to be learning about how to use IAM. And we're going to look at examples of how to
01:08
connect an EC2 instance to an S3 bucket so that it can use the bucket for file storage. And we'll
01:14
also connect it to CloudWatch so that we can push our logs from the instance to this logging service.
01:21
And then we can view all of our logs in the same place and aggregate them and query them
01:25
all from this CloudWatch service. But let's start by learning about what
01:29
IAM actually is.