VPC (Virtual Private Cloud). VPC is a superb addition to the Amazon portfolio of services, one that may very well benefit your enterprise. VPC essentially allows you to dynamically scale your existing data center using Amazon resources. Connecting the Amazon cloud with your data center via VPN, VPC allows your existing network to route Amazon instances privately, as though they were physical machines in your data center. Get all the benefits of the cloud with none of the security headaches.
There are of course many other Amazon services available, including email sending, message queueing, workflow, search, NoSQL, MapReduce, and alternative authentication solutions. But the above are the main services to understand.
In addition to these core services, you're sure to encounter a number of Amazon vocabulary terms again and again. Before you get started, it will pay to be familiar with the following concepts.
EC2 Instance. An instance is a unit of computing power, with CPUs, memory, and attached storage.
Amazon Machine Images. An Amazon Machine Image (AMI) is essentially a snapshot of a root volume. It may initially be difficult to wrap your head around this idea, but imagine the Linux Logical Volume Manager. Like LVM, an AMI allows you to snapshot your root volume and create a block-by-block copy of everything stored on the disk. That includes the master boot record, the kernel image, and so forth. The hypervisor layer in EC2 allows you to boot from these images on generic commodity servers in the Amazon data centers.
EBS Volumes. Volumes are snapshots or backups of volumes you have mounted on your server instances. In other words, EBS volumes persist independently of the instances themselves.
Security Groups. Amazon doesn't go with traditional perimeter security unless you're using the Virtual Private Cloud services. That means each server is its own universe, governed by security roles enforced by the hypervisor layer. This is real security, though the new paradigm may take some getting used to. Think of putting servers in groups by role, such as a database tier group, a Web server tier group, and so forth. You might even spin up a t1.micro instance and use it as a jump box. Make this instance the only machine in your environment with SSH access allowed, then grant access to all your servers' port 22 (for SSH) only from this jump box.
Load balancers. A load balancer in AWS becomes another facility that you can configure in a completely virtual way. Here's where you start to see the real power of the AWS environment. You can associate your instances to the load balancer by instance ID even if they are in different availability zones. You can configure the listener and cookie stickiness policies as well.
Availability Zones. Availability Zones are distinct data centers in the Amazon environment, but deployment is nevertheless transparent. All resources can be deployed easily whether on the East Coast, the West Coast, or the other side of the world. Storing mission-critical resources in multiple Availability Zones is your hedge against the inevitable Amazon outage.
