The customer’s infrastructure is running on AWS Cloud while leveraging multiple services of AWS like Amazon Elastic Compute Cloud to house the various VMs designated for different operations and applications of the customer and provide secure and resizable compute capacity in the cloud
Each EC2 instance is attached with the Amazon Elastic Block Store Volume which is a high-performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction intensive workloads at any scale. This duo of EC2 instances and EBS Volumes resides safely in the Amazon Virtual Private Cloud which provisions a logically isolated section of the AWS Cloud where the resources were launched in a virtual network defined. There were primarily 2 subnets created, a public and a private subnet which in turn included different subnets for various applications and grouped VMs.
The customer also used various other services like AWS CloudTrail which is a service that enables governance, compliance, operational auditing, and risk auditing along with a service for monitoring and observability named Amazon CloudWatch. Amazon Simple Storage Service (Amazon S3) was used which is an object storage service offering industry-leading scalability, data availability, security, and performance for the static contents of the application.
Apart from the above functional services, AWS Identity and Access Management (IAM) was used for the security purposed which enables the customer to manage access to Amazon services and resources securely. Using IAM, they can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources along with Amazon Virtual Private Network (Amazon VPN) to establish a secure and private encrypted tunnel from the customer network or device to the AWS global network.
For managing the AWS Account, we have used AWS IAM service. AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.
For Monitoring the provisioned resources and Auditing users we have used Amazon CloudWatch & AWS CloudTrail services. Amazon CloudWatch monitors your AWS Web Services (AWS) resources and the applications you run on AWS in real time. You can use CloudWatch to collect and track metrics, which are variables you can measure for your resources and applications. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.