Unit 5

Cloud Security
Cloud Security :
Risks,

Security,

privacy,

Trust.

Security of OS,

VM,

VMM,

shared image,

management OS.

Cloud Application Development:

Amazon Web services,

EC2 Instances,

connecting clouds,

Security rules,

Launch and EC2

Linux instances.

Cloud Security
Cloud Security is the set of policies, technologies, controls, and procedures used to protect data,
applications, and infrastructure in cloud computing environments from cyber threats, data breaches,
and unauthorized access.It ensures confidentiality, integrity, and availability (CIA) of data and
services hosted in the cloud.

Cloud Security refers to the combination of practices and technologies designed to safeguard cloud-
based systems, data, and infrastructure. It involves protecting cloud environments against data theft,
malware attacks, insider threats, and service disruptions.

Cloud Security is essential to maintain trust, protect sensitive data, and ensure business continuity
in cloud environments. As cloud usage grows, robust cloud security strategies become vital to
counter evolving cyber threats.

1
2
Objectives of Cloud Security

1. Confidentiality – Protect data from unauthorized access.

2. Integrity – Ensure data is accurate and not tampered with.

3. Availability – Keep cloud resources accessible at all times.

4. Compliance – Follow standards like ISO 27001, GDPR, HIPAA.

5. Privacy – Secure personal and sensitive information.

Components of Cloud Security

1. Data Protection

o Encryption (data at rest & in transit)

o Backup and recovery

o Tokenization and masking

2. Identity and Access Management (IAM)

o Multi-factor authentication (MFA)

o Role-based access control (RBAC)

o Single Sign-On (SSO)

3. Network Security

o Firewalls and VPNs

o Intrusion Detection and Prevention Systems (IDS/IPS)

o Secure API gateways

4. Application Security

o Secure development practices

o Vulnerability scanning

o Web Application Firewalls (WAF)

5. Security Monitoring and Incident Response

o Continuous monitoring (SIEM tools)

o Threat detection and response plans

o Log analysis

Cloud Security Models

1. Public Cloud Security – Managed by the cloud provider (e.g., AWS, Azure, GCP).

2. Private Cloud Security – Managed by the organization internally.

3. Hybrid Cloud Security – Combination of public and private cloud controls.

3
Shared Responsibility Model

• Cloud Provider is responsible for security of the cloud (hardware, network, infrastructure).

• Customer is responsible for security in the cloud (data, access, applications).

Common Cloud Security Threats

• Data breaches and data loss

• Insecure APIs

• Account hijacking

• Insider threats

• Denial of Service (DoS) attacks

• Misconfiguration of cloud services

Best Practices for Cloud Security

1. Use strong authentication & encryption.

2. Regularly update and patch cloud systems.

3. Monitor user activity and network traffic.

4. Apply least privilege access principle.

5. Use automated compliance and monitoring tools.

6. Conduct regular security audits and penetration testing.

Popular Cloud Security Tools

• AWS Security Hub

• Microsoft Defender for Cloud

• Google Cloud Security Command Center

• Palo Alto Prisma Cloud

• McAfee Cloud Security

Cloud Security Risks

CLOUD SECURITY RISKS

Cloud computing offers flexible and scalable computing resources via the internet. However, moving
data and applications to the cloud introduces security risks that differ from traditional systems.
These risks arise due to shared environments, third-party control, and complex architectures.

Cloud computing provides powerful resources but introduces complex security challenges.
The main threats arise from:

• Shared multi-tenant environments,

• Lack of control over data,

4
 • And potential abuse of scalable infrastructure.

Therefore, security, availability, and trust must be top priorities for both cloud providers and users.

1. Understanding the Problem

Many organizations start using cloud services without fully understanding the security implications
or implementing ethical and secure practices.
There are two key questions we must ask:

1. What are the main security risks faced by cloud users?

2. How can malicious use of cloud resources be prevented?

2. Three Broad Classes of Cloud Security Risks

According to research, cloud risks fall into three main categories:

5
(a) Traditional Security Threats

These are old, well-known threats that existed before cloud computing — but now they have a
greater impact because of:

• The large number of users sharing the same cloud infrastructure.

• Shared responsibility between the cloud provider and the customer.

• Difficulty in identifying the source of attacks or failures.

Examples:

• DDoS attacks (Distributed Denial-of-Service) – Overload the server to make cloud services
unavailable.

• Phishing attacks – Tricking users to reveal sensitive info like passwords or credit card
numbers.

• SQL Injection – Malicious SQL code inserted into input fields to steal or modify data.

• Cross-site scripting (XSS) – Injecting harmful scripts into websites to steal session data or
impersonate users.

Special Concerns:

• Authentication & Authorization: Enterprises must assign proper user privileges; mismatched
policies can cause security holes.

• User-side security: Devices connecting to the cloud are often outside the corporate firewall,
increasing vulnerability.

(b) Availability-Related Threats

Cloud service availability means that systems and data should always be accessible.
Threats include:

• System failures (hardware/software crashes)

• Power outages or natural disasters

• Network interruptions

If downtime occurs:

• Users may face data lock-in (unable to access their own data).

• Critical business processes can halt entirely.

• Applications might return incorrect or incomplete results.

(c) Third-Party Control Threats

Since cloud providers often outsource infrastructure or storage to third parties, users lose direct
control over their data.

6
Concerns include:

• Lack of transparency: Users don’t know where data is stored or who manages it.

• Subcontractor risks: Third parties may fail to protect data.

• Provider espionage: The provider itself might access sensitive data.

• Poor hardware quality leading to data loss.

Example:
Amazon Web Services (AWS) explicitly states in its agreement that it is not responsible for data loss,
damage, or unauthorized access, placing the burden entirely on the user.

Auditing difficulty:
Because of limited transparency, it’s hard to perform proper security audits or prove data deletion.

Affected Models:

• IaaS: Affected by all threats.

• PaaS: Affected by all except shared technology.

• SaaS: Affected by all except abuse and shared technology.

4. Attack Surfaces in Cloud Computing

In a cloud environment, there are three main entities:

• User

• Service

• Cloud Infrastructure

Six Possible Attack Directions:

1. User → Service – Example: SQL Injection, buffer overflow, privilege escalation.

2. Service → User – Example: Phishing, fake SSL certificates, browser cache attacks.

3. User → Cloud – Example: Overloading or exploiting cloud control systems.

4. Cloud → User – Example: Spoofed responses or malicious virtual machines.

5. Service → Cloud – Example: Requesting excessive resources to cause exhaustion.

6. Cloud → Service – Example: Resource access limits, privilege manipulation, or data

distortion.

These interactions create multiple points of vulnerability, making it crucial to secure every layer.

6. Preventive Measures (High-Level Overview)

To reduce risks:

• Use multi-factor authentication (MFA).

7
 • Encrypt data in transit and at rest.

• Maintain backup copies outside the cloud.

• Implement role-based access control (RBAC).

• Monitor API security and VM vulnerabilities.

• Use CSA and NIST guidelines for compliance and auditing.

Privacy and Trust in Cloud Security

Privacy in Cloud Security

Privacy in cloud security refers to protecting users’ personal and sensitive data stored, processed, or
transmitted through cloud services. It ensures that data is accessed and used only by authorized
entities and according to user consent.

1. Data Confidentiality: Ensuring that only authorized users can access the data.

2. Data Ownership: Clarifying who owns the data stored in the cloud—the user or the provider.

3. Data Location: Knowing where the data is physically stored (different countries have
different privacy laws).

4. Data Retention: Understanding how long data is stored and when it is deleted.

5. Unauthorized Access: Preventing exposure of sensitive data to outsiders, employees, or

attackers.

6. Compliance Issues: Meeting regulations like GDPR, HIPAA, or ISO/IEC 27018.

Privacy Protection Mechanisms

• Encryption: Data is encrypted both at rest and in transit.

• Access Control: Role-based or identity-based access management.

• Data Masking & Anonymization: Hiding or removing identifiable details.

• Auditing and Monitoring: Regular logs to detect misuse or data leaks.

• Data Minimization: Collecting only the data necessary for specific operations.

Trust in Cloud Security

Trust in cloud computing means the confidence that cloud providers will protect data, ensure
service availability, and act ethically according to agreed terms and policies.

1. Transparency: The provider should clearly communicate how data is managed and
protected.

2. Reliability: Ensuring uptime, data integrity, and availability of services.

3. Security Assurance: Providers must follow strong security standards and certifications.

4. Compliance and Legal Trust: Providers must comply with laws and allow audits.

5. Accountability: Providers must take responsibility for breaches or failures.

8
 6. Reputation: Providers with a strong track record (like AWS, Azure, Google Cloud) gain user
trust.

How Trust is Built

• Service-Level Agreements (SLAs): Define reliability, performance, and data protection terms.

• Certifications: ISO 27001, SOC 2, CSA STAR build provider credibility.

• Regular Security Audits: Prove that systems follow best practices.

• User Control: Allow customers to manage their own security settings and keys.

Example

A company trusting Amazon Web Services (AWS) does so because AWS provides encryption,
compliance certifications, and strong SLAs ensuring 99.9% uptime and data protection.

Relationship Between Privacy and Trust

• Privacy protects user data.

• Trust ensures users believe the cloud provider will maintain privacy and security.

• Without privacy, users cannot trust the cloud.

• Without trust, users won’t adopt cloud services.

Security of Operating System in Cloud Security

In cloud computing, the Operating System (OS) is the core software that manages hardware
resources and enables applications to run.
Since cloud servers host multiple virtual machines and applications, securing the OS becomes critical
to protect cloud infrastructure and user data.

Operating System Security in the context of cloud computing refers to the implementation of
mechanisms, policies, and controls that protect the OS and its resources (processes, memory, files,
network connections) from unauthorized access, attacks, and vulnerabilities.

OS security forms the foundation of cloud infrastructure protection.

A compromised OS can expose entire cloud environments to cyber threats.
Hence, continuous monitoring, updating, and enforcing security policies are vital to maintaining
trust and reliability in cloud services.

3. Importance in Cloud Security

• Cloud servers often run multi-tenant environments (many users sharing the same physical
server).

• An insecure OS can lead to:

o Privilege escalation

o Data breaches

o Service downtime

o Malware or ransomware attacks

9
 • Hence, maintaining OS integrity, availability, and confidentiality is essential for overall cloud
security.

5. Key Security Mechanisms

(a) Access Control

• Restricts who can access which files or processes.

• Uses mechanisms like:

o Role-Based Access Control (RBAC)

o Mandatory Access Control (MAC)

o Discretionary Access Control (DAC)

(b) Authentication & Authorization

• Uses strong passwords, SSH keys, or multi-factor authentication (MFA).

• Prevents unauthorized logins to cloud servers.

(c) Patch and Update Management

• Regular OS updates fix vulnerabilities exploited by attackers.

(d) System Hardening

• Disabling unnecessary services.

• Closing unused ports.

• Removing default accounts.

(e) Virtualization Security

• Protects hypervisor and guest OSs from cross-VM attacks (like side-channel or VM escape).

(f) Logging and Monitoring

• OS logs (syslog, event viewer) help identify abnormal behavior.

• Cloud providers use tools like AWS CloudWatch, Azure Monitor.

(g) Anti-Malware and Intrusion Detection

• Detects and removes viruses or malicious code that could compromise the OS.

7. Best Practices for Securing OS in Cloud

1. Use updated OS versions with long-term support (LTS).

2. Encrypt data stored or processed by the OS.

3. Enable firewalls (e.g., iptables, Windows Defender).

4. Use secure boot to ensure OS integrity.

10
 5. Implement least privilege principle for all users.

6. Schedule regular vulnerability scans.

7. Use cloud provider security tools (e.g., AWS Inspector, Azure Security Center).

9. Example

• In AWS EC2, the base OS (e.g., Ubuntu, Windows Server) must be hardened by:

o Disabling root login via SSH.

o Installing regular security patches.

o Using firewalls and IAM roles.

VM and VMM in Cloud Security

A Virtual Machine (VM) is a software-based emulation of a physical computer. It runs an operating

system and applications just like a physical machine, but it is isolated from the hardware and other
VMs through a virtualization layer.

Features of VM:

• Isolation: Each VM is separated from others, improving security by preventing one VM’s
compromise from affecting others.

• Resource Sharing: VMs share CPU, memory, and storage resources of a physical host
efficiently.

• Portability: VMs can be easily moved, backed up, or cloned across servers.

• Multi-tenancy: Enables multiple users (tenants) to securely share the same hardware
resources in the cloud.

11
Role of VM in Cloud Security:

1. Isolation & Containment:

Each VM operates in a sandbox environment. If one VM is attacked, it doesn’t affect others.
→ Example: In AWS EC2, each user’s instance runs in isolation from others.

2. Security Patching & Monitoring:

Virtual machines can be regularly updated and monitored for malicious behavior.

3. Snapshot and Rollback:

Cloud providers can take snapshots to restore compromised systems quickly.

4. Access Control:
VMs enforce user-level and process-level access permissions.

5. Intrusion Detection:
Security tools can run inside VMs to detect abnormal activities or malware.

Security Risks in VMs:

• VM Escape: When malware breaks out from a VM to access the host system.

• VM Sprawl: Uncontrolled growth of VMs makes it difficult to manage security updates.

• Data Leakage: Improper isolation may lead to sensitive data exposure between VMs.

Virtual Machine Monitor (VMM) / Hypervisor in Cloud Security

A Virtual Machine Monitor (VMM), also known as a Hypervisor, is a software layer that creates,
manages, and monitors multiple VMs on a single physical machine.
It acts as a bridge between hardware and virtual machines.

12
Types of Hypervisors:

Type Description Example

Type 1 (Bare-metal) Runs directly on physical hardware VMware ESXi, Microsoft Hyper-V, Xen

Type 2 (Hosted) Runs on top of a host operating system VirtualBox, VMware Workstation

Functions of VMM in Cloud Security:

1. Resource Management:
Allocates CPU, memory, and I/O to VMs securely.

2. Isolation:
Ensures each VM runs independently without data leakage.

3. Monitoring:
Tracks VM activities and prevents unauthorized access.

4. Security Enforcement:
Implements access controls, firewall rules, and virtual network segmentation.

5. Fault Tolerance:
Detects VM failures and restarts them automatically.

Security Concerns in VMM:

• Hypervisor Attacks:
If the VMM is compromised, all hosted VMs are at risk.

• Malicious VM Creation:
Attackers may deploy rogue VMs to perform unauthorized actions.

• Side-channel Attacks:
Exploiting shared CPU caches or memory to steal data between VMs.

Security Mechanisms for VMM:

• Strong access control and authentication for administrators.

• Regular patching and updates to fix vulnerabilities.

• Hardware-assisted virtualization (Intel VT-x, AMD-V) to improve isolation.

• Monitoring and auditing VM operations.

13
Component Function Security Role

Virtual instance running OS and Isolation, Access Control, Secure

VM
applications Execution

VMM Enforces isolation, resource control,

Manages multiple VMs on host
(Hypervisor) monitoring

Example in Cloud Platforms:

• AWS EC2: Uses Xen or Nitro Hypervisors for VM management.

• Microsoft Azure: Uses Hyper-V for secure virtualization.

• Google Cloud: Uses KVM for strong isolation between VMs.

Shared Image in Cloud Security

In cloud computing, a shared image refers to a virtual machine (VM) image or system image that is
made available for use by multiple users, projects, or organizations within a cloud environment. It
contains the operating system, configurations, applications, and data required to deploy virtual
machines quickly and consistently.

In cloud security, shared images are powerful tools for efficient resource deployment but must be
handled with strict security controls. Ensuring sanitization, access restriction, encryption, and
regular auditing prevents image-based threats and protects the cloud ecosystem.

A shared image is a pre-configured virtual machine template that can be reused to create multiple
instances of identical systems in the cloud.
In cloud security, the management and sharing of such images must be handled carefully to prevent
data leaks, unauthorized access, or malware distribution.

Shared images are essential for efficient, scalable, and standardized deployments in cloud
computing.
However, without proper security controls, sanitization, and monitoring, they can become a vector
for attacks or data leaks.
Implementing access control, encryption, digital signatures, and regular audits ensures that shared
images remain trustworthy and secure across cloud environments.

Importance of Shared Images

• Helps in rapid deployment of virtual machines.

• Ensures consistency in configurations across multiple instances.

• Reduces setup time and cost.

• Facilitates collaboration by allowing organizations to share standardized environments

securely.

14
Purpose of Shared Images

• To standardize VM deployments across teams or organizations.

• To reduce setup time by reusing a pre-configured environment.

• To simplify software distribution in secure, managed formats.

• To enhance collaboration between teams using the same cloud infrastructure.

3. Security Concerns with Shared Images

Threat/Issue Description

Sensitive information (like credentials, API keys) may be left inside the image
Data Leakage
before sharing.

Malicious Code
Attackers may insert malware or backdoors into shared images.
Injection

Improper access control can let unauthorized users download or modify

Unauthorized Access
images.

Version Control Issues Outdated or unpatched shared images can have vulnerabilities.

Image metadata might reveal internal IPs, configuration details, or

Metadata Exposure
usernames.

4. Best Security Practices for Shared Images

Sanitize Images Before Sharing

Remove temporary files, credentials, logs, and SSH keys.

Use Image Scanning Tools

Automatically check images for malware and vulnerabilities (e.g., AWS Inspector, Azure Security
Center).

Apply Access Controls

Restrict who can share, modify, or use the image through IAM roles or RBAC policies.

Digitally Sign Images

Use cryptographic signatures to verify image authenticity and integrity.

Keep Images Updated

Regularly patch and update shared images to remove known vulnerabilities.

Use Encrypted Storage

Store shared images in encrypted repositories to protect them from unauthorized access.

15
5. Examples in Cloud Platforms

• AWS (Amazon Web Services):

→ Uses Amazon Machine Images (AMIs).
→ Can share AMIs privately with specific AWS accounts or publicly.

• Microsoft Azure:
→ Uses Shared Image Gallery for managing and distributing VM images.
→ Provides versioning and replication across regions.

• Google Cloud Platform (GCP):

→ Uses Custom Images that can be shared across projects using IAM permissions.

Management OS.
In cloud computing, the Operating System (OS) is a critical layer that manages hardware resources
and provides services for applications. In cloud environments, OS security is vital because multiple
tenants may share physical resources (multi-tenancy), increasing the attack surface.

Cloud OS management ensures the confidentiality, integrity, and availability (CIA) of the OS and all
hosted workloads.

OS management in cloud security is about proactively securing the operating system to prevent
attacks that exploit vulnerabilities, misconfigurations, or weak access controls. It’s the foundation of
secure cloud operations.

Responsibilities of OS in Cloud

1. Resource Management:

o CPU, memory, storage, and network management.

o Ensures fair resource allocation among multiple virtual machines (VMs).

2. Process Management:

o Controls execution of processes from different users/tenants.

o Prevents one VM or application from affecting others.

3. Security Enforcement:

o User authentication and authorization.

o Access control and file system security.

o Network traffic filtering and logging.

4. Virtualization Support:

o Works with hypervisors to isolate VMs.

o Manages guest OS interactions with physical hardware.

16
3. Security Challenges for Cloud OS

1. Multi-Tenancy Risks:

o Co-resident VMs may attempt side-channel attacks.

2. VM Escape:

o Malicious software in a VM could break isolation and affect the host OS or other
VMs.

3. Patch Management:

o Delays in OS updates or patches can leave vulnerabilities exploitable by attackers.

4. Unauthorized Access:

o Poor authentication or privilege management may allow intrusions.

5. Resource Exploitation:

o DOS (Denial of Service) attacks can consume excessive CPU, memory, or I/O
resources.

4. Best Practices for OS Management in Cloud Security

1. Regular Updates & Patching:

o Keep OS and kernel updated to fix vulnerabilities.

2. Hardening the OS:

o Disable unnecessary services and ports.

o Remove default accounts and passwords.

3. Access Control & Authentication:

o Use multi-factor authentication (MFA).

o Implement strict role-based access controls (RBAC).

4. Monitoring & Logging:

o Continuously monitor system logs, network activity, and user actions.

o Use SIEM (Security Information and Event Management) tools.

5. VM Isolation & Sandboxing:

o Ensure proper virtualization boundaries.

o Use containerization with security policies (like SELinux or AppArmor).

6. Backup & Recovery:

o Maintain secure backups of OS images and configurations.

o Have disaster recovery plans for OS compromise.

17
5. OS Security Tools in Cloud

• Firewalls: iptables, Windows Firewall

• Intrusion Detection Systems (IDS): Snort, OSSEC

• Anti-malware/Antivirus: ClamAV, Windows Defender

• Configuration Management: Ansible, Chef, Puppet

• Security Auditing Tools: Lynis, OpenSCAP

6. Summary Table

Aspect Cloud OS Security Action

Multi-tenancy Strong VM isolation, resource quotas

Patch management Regular updates, automated patching

Access control MFA, RBAC, least privilege principle

Monitoring & logging Real-time monitoring, audit logs

Backup & recovery Secure, versioned backups and disaster recovery plans

Hardening Disable unnecessary services, enforce security policies

Cloud Application Development:

1. Amazon Web Services (AWS)

Amazon Web Services (AWS) is a comprehensive and widely adopted cloud computing platform
offered by Amazon. It provides a combination of Infrastructure as a Service (IaaS), Platform as a
Service (PaaS), and Software as a Service (SaaS) offerings to individuals, companies, and
governments, allowing them to store data, host applications, deploy virtual servers, manage

18
databases, perform analytics, and leverage artificial intelligence capabilities without owning
physical hardware. AWS eliminates the need for organizations to invest heavily in on-premises
infrastructure, offering scalable, flexible, and pay-as-you-go services.

AWS launched in 2006, and it has grown into one of the largest cloud platforms in the world, with
services spanning compute, storage, networking, databases, analytics, security, IoT, machine
learning, and application development.

Services AWS Provides:

1. Compute Services:

o EC2 (Elastic Compute Cloud): Virtual servers for running applications.

o Lambda: Serverless computing to run code without provisioning servers.

o Elastic Beanstalk: PaaS service for deploying and managing applications.

2. Storage Services:

o S3 (Simple Storage Service): Object storage for any type of data.

o EBS (Elastic Block Store): Persistent block storage for EC2 instances.

o Glacier: Archival storage for long-term backup.

3. Database Services:

o RDS (Relational Database Service): Managed relational databases.

o DynamoDB: Fully managed NoSQL database.

o Aurora: High-performance cloud relational database.

4. Networking & Content Delivery:

o VPC (Virtual Private Cloud): Isolated cloud networks.

o CloudFront: Content Delivery Network (CDN) for fast content delivery.

o Route 53: DNS management service.

5. Security & Identity:

o IAM (Identity and Access Management): Controls user permissions.

o KMS (Key Management Service): Encryption key management.

o Shield & WAF: Protection from DDoS and web attacks.

6. Analytics & Machine Learning:

o Redshift: Data warehousing service.

o SageMaker: Build, train, and deploy ML models.

o Athena: Query data stored in S3 using SQL.

19
 7. Management & Monitoring:

o CloudWatch: Monitoring resources and logs.

o CloudTrail: Tracks user activity and API calls.

o Config: Tracks configuration changes in AWS resources.

Types of AWS Services:

1. Infrastructure as a Service (IaaS): EC2, EBS, S3, VPC.

2. Platform as a Service (PaaS): Elastic Beanstalk, Lambda.

3. Software as a Service (SaaS): Amazon WorkMail, Chime, Connect.

Advantages of AWS:

1. Scalability: AWS allows automatic scaling of applications based on traffic demand.

2. Pay-as-you-go: Users pay only for the services they consume.

3. Global Reach: Data centers across the world ensure low latency and high availability.

4. Security: Advanced encryption, access control, and compliance certifications.

5. Flexibility: Supports multiple programming languages, operating systems, and architectures.

6. Integration: Easily integrates with existing on-premises systems.

Real-Time Examples:

• Netflix uses AWS for video streaming and scalability during high demand periods.

• Airbnb leverages AWS for its cloud storage, database, and analytics services.

• NASA’s Jet Propulsion Laboratory uses AWS for big data storage and processing.

• Spotify uses AWS for hosting backend services and analytics.

2. EC2 Instances (Elastic Compute Cloud)

Amazon EC2 (Elastic Compute Cloud) is a web service that provides resizable virtual servers in the
cloud, allowing users to run applications on virtual machines (VMs) called instances. EC2 is a core
compute service in AWS that enables developers and organizations to deploy applications without
investing in physical hardware.

EC2 provides complete control over instances, including operating system choice, storage,
networking, and security. Users can scale compute capacity up or down automatically based on
requirements.

Services EC2 Provides:

• Launch virtual servers quickly.

• Select instance types optimized for CPU, memory, storage, or GPU.

• Attach elastic IP addresses and configure firewalls using security groups.

• Automatically scale using Auto Scaling Groups.

20
 • Integrate with AWS services like RDS, S3, CloudWatch.

Types of EC2 Instances:

1. General Purpose: Balanced CPU, memory, and networking. Example: t3, t4g.

2. Compute Optimized: High CPU for compute-intensive tasks. Example: c6g, c7g.

3. Memory Optimized: High memory for large-scale databases. Example: r6g, x2gd.

4. Storage Optimized: High disk throughput. Example: i3, d2.

5. Accelerated Computing: GPU instances for AI, ML, and graphics. Example: p3, g4.

Advantages of EC2:

1. Flexibility: Multiple OS choices (Linux, Windows, Ubuntu).

2. Scalability: Auto Scaling to handle variable workloads.

3. Cost-Effective: Pay-per-use and spot instance options.

4. High Availability: Deploy instances across multiple Availability Zones (AZs).

5. Customizable: Configure CPU, memory, storage, and networking according to needs.

Real-Time Examples:

• Spotify uses EC2 instances for backend services that process millions of music requests.

• Dropbox uses EC2 for cloud storage and data synchronization.

• NASA deploys EC2 for high-performance computing tasks like satellite data processing.

3. Connecting Clouds

Connecting clouds refers to integrating multiple cloud environments—public, private, or hybrid—to

work seamlessly as a unified system. Organizations often use multi-cloud or hybrid cloud strategies
to optimize workloads, reduce costs, and ensure business continuity. Connecting clouds allows data,
applications, and workloads to move across different cloud providers or between cloud and on-
premises infrastructure.

Ways to Connect Clouds:

1. Hybrid Cloud: Combines private and public clouds using secure connectivity.

2. Multi-Cloud: Uses services from multiple cloud providers to avoid vendor lock-in.

3. VPN (Virtual Private Network): Secure connection between on-premises and cloud.

4. Direct Connect (AWS): Dedicated network connection to AWS for high-speed access.

5. Cloud Interconnect Services: Tools like Google Cloud Interconnect or Azure ExpressRoute.

21
Advantages:

1. Flexibility: Deploy workloads on the most appropriate cloud.

2. Reliability: Reduces downtime with multi-cloud redundancy.

3. Cost Optimization: Use lower-cost clouds for non-critical workloads.

4. Scalability: Seamlessly scale applications across clouds.

5. Improved Performance: Connect clouds closer to end-users.

Real-Time Examples:

• Netflix connects multiple cloud providers to handle peak streaming loads.

• Adobe uses hybrid cloud to run SaaS services for different geographies.

• NASA uses cloud interconnection for collaborative projects across institutions.

4. Security Rules in AWS

Definition:

AWS security rules are policies and configurations that control access to cloud resources. Security is
crucial because cloud resources are accessible over the internet. AWS provides multi-layered
security, combining network-level, user-level, and application-level protections. Security rules are
primarily managed through IAM policies, security groups, and network ACLs (Access Control Lists).

Key Security Components:

1. IAM (Identity and Access Management):

o Controls user access to AWS resources.

o Supports roles, groups, and fine-grained permissions.

2. Security Groups:

o Acts as a virtual firewall for EC2 instances.

o Allows inbound and outbound rules based on IP addresses and ports.

3. Network ACLs:

o Adds additional layer of network security at subnet level.

o Allows or denies traffic at the VPC subnet level.

4. Encryption:

o Encrypts data at rest (S3, EBS) and in transit (SSL/TLS).

5. Monitoring & Auditing:

o CloudTrail tracks API calls.

o GuardDuty detects threats and unusual activity.

22
Advantages of AWS Security Rules:

1. Granular Access Control: Specify exactly who can access resources.

2. Automatic Updates: AWS patches underlying infrastructure.

3. Compliance: Meets regulatory requirements (HIPAA, GDPR, ISO).

4. Scalable Security: Apply rules to thousands of instances automatically.

5. Real-Time Monitoring: Alerts on suspicious activity.

Real-Time Examples:

• Capital One uses AWS security services to manage access and encrypt customer data.

• Netflix applies strict IAM roles and security groups for EC2 instances.

• Pfizer uses encryption for sensitive healthcare data on AWS.

5. Launching EC2 Linux Instances

Definition:

Launching an EC2 Linux instance means creating a virtual machine running Linux OS on AWS. Linux
is preferred due to its stability, cost-efficiency, and open-source ecosystem. Users can launch EC2
Linux instances for web servers, databases, application servers, and batch processing tasks.

Steps to Launch EC2 Linux Instance:

1. Sign in to AWS Management Console.

2. Select EC2 service.

3. Choose “Launch Instance” and select a Linux AMI (Amazon Machine Image).

4. Select instance type (e.g., t2.micro for free tier).

5. Configure instance details: network, IAM role, monitoring, and storage.

6. Add storage: EBS volumes for persistent storage.

7. Configure security groups: Open necessary ports (SSH:22, HTTP:80).

8. Review and launch instance.

9. Access instance via SSH using private key.

Advantages of EC2 Linux Instances:

1. Cost-Effective: Free-tier Linux instances for testing.

2. Secure: SSH access, security groups, and updates.

3. Flexible: Supports multiple distributions (Ubuntu, RedHat, Amazon Linux).

4. Reliable: Runs in AWS data centers with high uptime.

5. Integration: Compatible with AWS services like S3, RDS, Lambda.

23
Real-Time Examples:

• Reddit uses EC2 Linux instances to host scalable web servers.

• Airbnb deploys microservices on EC2 Linux for cost-effective backend processing.

• Spotify uses Linux EC2 instances for server-side applications.

Cloud Application Development using AWS is a powerful and flexible approach to building scalable,
reliable, and secure applications. AWS provides a wide range of services including EC2 instances,
storage, networking, and analytics tools. EC2 allows developers to deploy customizable virtual
machines, and connecting clouds ensures multi-cloud and hybrid strategies. AWS security rules
safeguard sensitive data while launching Linux EC2 instances is a practical choice for stable, cost-
effective applications. Real-world implementations by companies like Netflix, Spotify, NASA, Airbnb,
and Reddit demonstrate the effectiveness and global adoption of AWS cloud solutions.

24