AWS Core Services Flashcards
Elastic Compute Cloud (EC2)
- A web service that provides secure, resizable compute capacity in the cloud
- Designed to make cloud computing easier for developers as it provides complete control of your computing resources
What does ‘elastic’ refer to within EC2?
The fact that if your servers (EC2 instances) are configured properly, you can increase or decrease the amount of servers required by an application automatically
What does ‘compute’ refer to within EC2?
The server (EC2 instances) that resources are being presented from
What does ‘cloud’ refer to within EC2?
The fact that the resources are cloud-hosted compute resources
Benefits of EC2 instances
- Pay as you go — you only pay for running instances
- Broad selection of hardware/software and selection of where to host your instances
Steps to build and configure an EC2 instance
- Choose the region where the instance will be hosted
- Launch the EC2 wizard
- Select the Amazon Machine Image (AMI) — which provides a software platform for the instance
- Select the instance type — which refers to the hardware capabilities
- Configure the network, storage, and key pairs
- Launch & connect
Amazon Elastic Block Store (Amazon EBS)
An easy to use, high performance block storage service designed for use with Amazon EC2 for both throughput and transaction intensive workloads at any scale
Benefits of Amazon EBS volumes
- Can be used as a storage device for Amazon EC2 instances
- Gives you the ability to create point-in-time snapshots of your volumes and recreate a new volume from a snapshot at any time in order to provide an even higher level of data durability
- Have the ability to increase capacity and change to different types — such as a hard disk to an SSD disk (and vice versa)
Amazon Simple Storage Service (Amazon S3)
- A fully managed storage service that provides a simple API for storing and retrieving data
- Ability to place unlimited objects in the service as it holds trillions of objects and regularly peaks at millions of requests per second
- Provides low-latency access to data over the internet by HTTP or HTTPS — that way you can retrieve data anytime and from anywhere
- Ability to create buckets to store data
- Can access this service via the AWS Management Console, AWS CLI, AWS SDK, or in your bucket directly via the rest endpoints
What is a “key”?
- A string that can be used to retrieve the object later (Example– media.welcome.mp4)
- Common practice is to set these strings in a way that resembles a file path
Amazon S3 common use cases:
- Storing application assets
- Static Web Hosting
- Backup & disaster recovery
- Staging area for Big Data
AWS Global Infrastructure includes:
- AWS Regions
- Availability Zones
- Edge locations
AWS Regions
Geographic areas that host two or more Availability Zones and are the organizing level for AWS services
Details about AWS Regions:
- Picking the right region is important to optimize latency while minimizing costs and adhering to regulatory requirements
- Ability to deploy resources in multiple regions
- Regions are separate from one another — resources and services are not automatically replicated in other regions
Availability Zones
Collection of data centers within a specific region
Details about Availability Zones:
- Each zone is physically isolated from other data centers, but connected by a fast, low-latency network
- They are physically distinct, independent infrastructures
- Have their own discrete, uninterruptable power supply; onsite backup generators; cooling equipment; and networking and connectivity
- Supplied by different grids; from independent utility companies for power
- Isolating the zones means they are protected from failures in other zones — which ensures high availability
- AWS recommends provisioning your data across multiple zones as a best practice
Data redundancy
If one Availability Zone goes down, the other zones can still handle requests
Edge locations
They host a cloud delivery network (CDN) called Amazon CloudFront — which delivers content to your customers
Details about edge locations:
- Requests for content are automatically routed to the nearest edge location so that content is delivered faster to end users
- Edge locations are typically located in highly populated areas
Amazon Virtual Private Cloud (VPC)
The networking AWS service that meets your networking requirements
Details about Amazon VPC:
- Allows you to create a private, virtual network in the AWS cloud
- Allows complete control of network configuration
- Ability to control what you expose to the Internet and what you isolate within the VPC in a way to layer security controls within the network
Features of Amazon VPC:
- Builds upon the high availability of AWS Regions and Availability Zones since these live within regions and can span across multiple zones
- Subnets
- Route tables
- Internet Gateway (IGW)
- Network Address Translation (NAT) Gateway
- Network Access Control List (NACL)
Subnets
Used to divide VPC’s and allow VPC’s to span across multiple availability zones
Details about subnets:
- Ability to create multiple subnets — but the fewer created, the better as it creates complexity of the network topology if more subnets are created
- Subnets are classified as either public or private
Public subnet
A subnet that has direct access to the Internet
Private subnet
A subnet that does not have direct access to the Internet
Route tables
Contains sets of rules (called routes) that are used to determine where network traffic from your subnet or gateway is directed
Internet Gateway (IGW)
Allows access to the Internet from Amazon VPC
Network Address Translation (NAT) Gateway
Allows private subnet resources to access the Internet and other AWS services, but prevent the internet from initiating a connection with those resources
Network Access Control Lists (NACL)
An optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of your subnets
AWS Security Groups
- Act like a built-in firewall for your virtual servers
- Have full control of accessibility of your instances
- Web Tier only accepts traffic from the Internet, the Application Tier only accepts traffic from the Web Tier, and the Database Tier only accepts traffic from the Application Tier (Internet —> Web —> Application —> Database)
- By default, all inbound traffic is DENIED and all outbound traffic is ALLOWED; but you can edit this
- 0.0.0.0/0 is the source that allows for all web traffic
