AWS : Amazon Web Services is a Cloud Service Provider, AKA – Infrastructure as a Service (IaaS).
\n– Storage, Computing Power, Databases, Networking, Analytics, Developer Tools, Virtualization, Security.<\/p>\n
Major Terminology\/Reason\/Advantages:
\n####################################
\n– High Availibility
\n– Fault Tolerance
\n– Scalability (automatically grow Dynamically)
\n– Elasticity (automatically srink Dtynamically)<\/p>\n
– Instance (Server)<\/p>\n
Services:
\n########<\/p>\n
VPCs: Virtual Private Cloud
\n*****************************
\nIt is your private section of AWS, where you can place AWS Resources, and allow\/restrict access to them.<\/p>\n
EC2 (compute power): Elastic Cloud Compute
\n*******************************************
\nIt is a virtual instance;\/sever\/computer that you can use for whatever you like.
\nex: common use, web host<\/p>\n
EC2- Part#2:
\n************
\nIt is good for any type of “processing” activity.
\nex: in netflix – video stream encoding and transacoding happens on the EC2 instance (stream loaded from S3)<\/p>\n
Amazon RDS:
\n***********
\nIt is AWS provisioned database service. Comonly used for things like storing customer account information and cataloging inventory.<\/p>\n
AWS S3:
\n*******
\nIt is massive\/long-term storage bucket<\/p>\n
<\/p>\n
AWS – Essentials:<\/p>\n
<\/p>\n
IAM: Identity & Access Management
\n**********************************
\nIt is where you manage your AWS users and their access to AWS account and services.<\/p>\n
Common use:
\nUsers
\nGroup
\nIAM Access policies
\nRoles<\/p>\n
The user created when you created the AWS account is called the “root” user.<\/p>\n
By default, root user has FULL administrative rights and access to every part of AWS<\/p>\n
By default, any newly created user will have no access to any AWS service (except ability to login). permission must be given to grant the access.<\/p>\n
Best Practice: Security Status should be green for all configurations.
\n***********************************************************************<\/p>\n
Activate MFA: Multi Factor Authentication – Same as RSA Token (available virtual and hard fob)
\n***************************************************************************************<\/p>\n
Create individual IAM users:
\n*****************************
\n– As per best practice, we should be not using the root user in day to day job, including administrator<\/p>\n
User groups to assign permission:
\n*********************************
\n– Create custom group (we have admin)<\/p>\n
VPC – Virtual Private Clouds
\n****************************<\/p>\n
Global Infrastructure:
\n*********************
\nAWS Regions:
\nAvailibility Zones – Physical Data Centers (Multiple availibility zone – multiple backup – Redundency – HA Fault Tolerance)<\/p>\n
VPC Basics: when you create account with AWS by default VPC have been created, and includes following standard component:
\n************************************************************************************************************************
\n(1) Internet Gateway – VPC can have only one IGW, Once active AWS resource would be there then IGW can’t be detached.
\n– it is horizontally scaled, redundent and highly available VPC component
\n– Allow communication between instances in your VPC and the internet<\/p>\n
Rules\/Details for Interner Gateway:
\n– Only 1 IGW can be attached to a VPC at a time
\n– IGW can not be detached from VPC while there are active AWS resources in the VPC (such as EC2 instansaces, RDS databases, etc..)<\/p>\n
(2) A Route Table (with predefined routes to the default subnets)
\n– It contains set of rules, called routes, that are used to determine where network traffic is directed.
\n– Defulat VPC already has a ‘main’ route table.<\/p>\n
Rules\/Details for Route Tables:
\n– Unlike an IGW, you can have multiple route tables in a VPC
\n– You can not delete a route table if it has dependencies (associate subnets)<\/p>\n
(3) A network access control list (NACL) (with predefined rules for access)
\n– it is an optional layer of security for VPC that act as firewall for controlling traffic in and out of one or more subnets.<\/p>\n
– Defulat VPC already has a NACL in place and associated with the default subnets.<\/p>\n
Rules\/Details for NACL:
\n– Rules are evaluated lowest to highest based on rule number.
\n– The first rule found that applies to the traffic type immediatly applied, regardless of any highest number of rule come after
\n– Default NACL allows all the traffic to the default subnets
\n– Any newly created NACL, deny all traffic by default
\n– A subnet can be only associated with ONE NACL at a time.<\/p>\n
(4) Subnet to provision AWS resources in (such as EC2 instances)
\n– it is like subnetworks, is sub-section of the network.<\/p>\n
Rules\/Details for subnets:
\n– it must be associated with Route table
\n– Public subnet has route to the internet
\n– Private subnet does not have a route to the internet
\n– A subnet is located in specific availibility zone.<\/p>\n
Simple Storage Service (S3)
\n***************************
\n– An online, bulk storage service that you can access from almost any device<\/p>\n
– It has simple webservice interface that you can use to store and retrive any amount of data, at any time, from anywhere on the web.
\nit gives any user access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that amazon uses to run
\nits own globle network of websites. the service aim to maximize benefits of scale and to pass those benefis to users.<\/p>\n
– Default 5 GB of storage free<\/p>\n
(1) S3 Storage Classes:
\nThese classes are defined based on object\/file availability ( and the durability (corrupt\/lost)<\/p>\n
Standard: Default Storage Options
\n– General all purpose storage
\n– 99.999999999999% Object durability (“eleven nines”)
\n– 99.99% Object availability
\n– Most expensive<\/p>\n
Reduce Redundancy Storage (RSS) – Backup
\n– Designed for non-critical, reproducible objects
\n– 99.99% object durability
\n– 99.99% object availability
\n– less expensive than Standard<\/p>\n
Infrequent Access (S3-IA) – Not accessed day to day base – May be weekly or monthly
\n– Designed for objects that you do not access frequently but must be immediately available when accessed
\n– 99.999999999999% Object durability (“eleven nines”)
\n– 99.90% Object livability
\n– less expensive than Standard\/RSS<\/p>\n
Glacier
\n– Designed for long-term archival storage
\n– May take several hours for objects stored in Glacier to be retrieved
\n– 99.999999999999% Object durability (“eleven nines”)
\n– cheapest S3 Storage (very low cost)<\/p>\n
(2) Object Lifecycle:<\/p>\n
– It is located on the bucket level<\/p>\n
– However, it can be applied to
\n– The entire bucket (applied all the objects in the Bucket)
\n– One specific folder within a bucket (applied all the objects in that folder)
\n– one specified object within a bucket<\/p>\n
– you can always delete lifecycle policy or manually change the storage class back to whatever you like<\/p>\n
(3) Permissions:<\/p>\n
– It can be found on\u00a0 bucket or object level<\/p>\n
– On bucket level you can control
\nList: who can see the backet name
\nUpload\/Delete: Objects to (upload) or in the bucket (delete)
\nView Permission
\nEdit Permission<\/p>\n
Bucket level permission are generally used for “internal” access control<\/p>\n
– On the object level, you can control (for each object individually)
\nOpen\/download
\nView permissions
\nEdit Permissions<\/p>\n
You can share specific objects via a link with the anyone in the world.<\/p>\n
(4) Object Versioning<\/p>\n
– S3 Versioning is a feature that keeps track of and stores all old\/new versions of an object so that you can access and use an older version you like<\/p>\n
– Versioning is either ON or OFF
\n– Once it is turned ON, you can only “suspend” versioning. It can not be fully turned OFF.
\n– Suspending versioning only prevents versioning going forward. All previous object with versions will still maintain their older versions.
\n– Versioning can only be set on the bucket level and applies to ALL objects in the bucket<\/p>\n
Elastic Compute Cloud (EC2)
\n***************************<\/p>\n
– Think of EC2 as your basic computer (which has OS, cpu, hard drive, network card, firewall, ram)<\/p>\n
– EC2 provides scalable computing capacity in AWS Cloud
\n– It can be used to launch as many or as few virtual servers as you need, configure security and networking, and manage storage<\/p>\n
(1) AMI’s – Amazon Machine Images
\n– A preconfigured package required to launch an EC2 instance
\nincludes OS, software packages and other required settings.<\/p>\n
– you specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need.
\nyou can also launch instances from as many different AMIs as you need.<\/p>\n
(2) Instance Types:
\n– it is the CPU\/Core
\n– Each instance offers different compute, memory and storage capabilities<\/p>\n
(3) Elastic Block Store (EBS)
\n– Storage volume for an EC2 instance (like hard drive)<\/p>\n
– IOPS – input\/output operations per second – More IOPS means better volume performance<\/p>\n
(4) Security Groups
\n– are similar to NACLs in that they allow\/deny traffic.
\n– security groups are found on the instance level (as opposed to subnet level)<\/p>\n
– Virtual firewall that controls the traffic for one or more instances
\n– when you launch instances, you associate one or more security groups with the instance<\/p>\n
(5) IP Addressing:
\n– Private IP addressing for EC2 instance
\n– By default all EC2 instances created with private IP address,
\n– It allow for instances to communicate with each other as long as they are located in the same VPC<\/p>\n
Public IP addressing for EC2 instance
\n– Instances can be launched with or without a public IP Address (by default) depending on VPC\/Subnet settings.
\n– Public IP Address REQUIRED for the instance to communicate with the internet.<\/p>\n
RDS and DynamoDB
\n******************<\/p>\n
RDS – Relational SQL databases (Amazon Aurora, SQL Server, ORACLE, PostgreSQL, MySQL)
\nDynamoDB – Non-Relational, No-SQL Database (DynamoDB only available, we can install\/download the mongoDB, Cassandra, Oracle noSQL<\/p>\n
Simple Notification Service (SNS): In other word it is alert service
\n***********************************<\/p>\n
AWS service that allows you to automate the sending of email or text message notification based on events that happens in your AWS account
\nTopic – Like EC2 crashed
\nSubscriber – Person\/Group who gets the notification
\nPublisher – Cloudwatch\/human\/alarm<\/p>\n
AWS CloudWatch: in Other word it is monitoring service..
\n****************<\/p>\n
It is service that allows you to monitor various elements of your AWS account.<\/p>\n
This alerts will be distribution using SNS service…<\/p>\n
example…
\n– setup the alerts for the mothly billing exceeding certain amounts.
\n– setup the alerts for the EC2 instance CPU utilizations..<\/p>\n
Elastic Load Balancer (ELB) (Classic) :
\n*************************************
\nAn ELB evenly distributes traffic between EC2 instances that are associated with it.<\/p>\n
AutoScalling:
\n**************
\n– Auto Scalling is the process of adding (scalling up) OR removing (scalling down) EC2 instances based on traffic demand for you application.<\/p>\n
– Handle the load for your application and Auto Scalling Groups<\/p>\n
– It is a service and not the physical part of the infrastructure<\/p>\n
Lambda – Serverless Computing
\n******************************<\/p>\n
<\/p>\n
AWS – Cloud Computing<\/p>\n
<\/p>\n
AWS Cloud Platform Devided into following categories:<\/p>\n
– Compute and Networking (ex: virtual server and vpc)
\nEC2 – RHEL, CentOS, Ubuntu, Debian, Fedora, Amazon Linux, Oracle Linux, Microsoft Windows Server
\nRoute53 – DNS system which we configure on AWS
\nVPC – Virtual Private Cloud
\n– Storage and CDN (ex: various storage services, also content which leaves in network)
\nAmazon S3 (store your images, contents and even static websites)
\nAmazon Glacier (Archival system – economical compare to S3)
\nAmazon CloudFront
\n– Databases
\nAmazon RDS:
\n– MySQL
\n– MS SQL Server
\n– Oracle
\n– Application Services (notification services, emial services.. etc)
\n– Amazon SES (mass emailing as e-advertisement)
\n– Amazon SNS (Monitoring email).
\n– Deployment and Management (CI-CD)
\n– Amazon CloudWatch (monitoring service for resources such as servers, storage, even billings, DNS, RDS Database)
\n– Amazone IAM (Manage Users and Groups using Identity and Access management)<\/p>\n","protected":false},"excerpt":{"rendered":"
AWS : Amazon Web Services is a Cloud Service Provider, AKA – Infrastructure as a Service (IaaS). – Storage, Computing Power, Databases, Networking, Analytics, Developer Tools, Virtualization, Security.<\/p>\n
Major Terminology\/Reason\/Advantages: #################################### – High Availibility – Fault Tolerance – Scalability (automatically grow Dynamically) – Elasticity (automatically srink Dtynamically)<\/p>\n
– Instance (Server)<\/p>\n
Services: ########<\/p>\n
VPCs: Virtual Private […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7500"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7500"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7500\/revisions"}],"predecessor-version":[{"id":7501,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7500\/revisions\/7501"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7500"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7500"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7500"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}