AWS Fundamentals Flashcards
Public vs AWS Public vs Private Services Architecture
Public - accessible via public endpoint
AWS - public zone sits between public and private AWS public services sit here
Private - on-prem within a VPC (virtual private cloud). Nothing can connect to this unless explicitly allowed. To connect to public internet, the service in the VPC (ex. EC2) must have an IP address registered. When this happens, the service is wholly or partly projected through the AWS public internet, which talks to the public internet. We can also do an internet gateway to allow a private zone to access the public internet along with a connection to an AWS public service like S3.
AWS Global Infrastructure
Many infrastructure sites. Some services are globally available (IAM) and most are regional (EC2)
Regions - Have a name and a code. (AP-southeast-2, asia pacific (sydney)) Regions are not continental or country. AWS creation. Full deployment of AWS INFRA. Depends on customer requirements and size of customer base. Most AWS services are interacted with isolated in a region.
Edge location - smaller than regions. Mostly content delivery networks. Helps improve latency.
Availability zone - Lower level infrastructure inside regions. Multiple in each region. If isolated issue in a region that only impacts one availability zone, the others will be available still. Can distribute components across multiple AZ. Building in Resilience. AZs are logical and could have multiple physical locations per zone. VPCs can be spread across multiple AZs.
Benefits of Regions
Geographic separation - isolated fault domains - isolated blast radius for disaster Fault tolerance yay!
Geopolitical separation - different governance, regionally isolated data
Location control - tune architecture for performance. Duplication! Redundancy! Yay!
Resiliency:
Globally
Regionally
Zone
Each AWS service has different levels of resilience.
Global - Region can fail and the serive will keep running. IAM and Route53 are example. You cannot pick a region. World would need to fail for full outage.
Region - operate in a region with one set of data per region. RDS db in AUS and US while replicating data across. If AUS fails then US will still be available.
Availability Zone - Prone to failure if you have issues inside that zone.
VPC
Virtual private cloud. Create private networks inside AWS in a region in an account. REGIONALLY RESILIENT. VPC is assigned a range of IP addresses. CIDR only one for default.
Used to connect other private AWS services with on-prem networks to create a hybrid environment.
Private and isolated on creation. Cannot talk to other VPCs unless configured.
ONLY 1 default VPC in a region. Many Custom VPCs.
Custom VPCs basic
Can have many per region.
Configurable. You configure everything. 100% private by default.
Sizes, structured, linkages with other VPCs, comms with other services.
Can have multiple CIDR ranges for IPs.
Default VPC’s basic
Auto created by AWS. Less flexible. Only one CIDR range for Defualt. Preconfigured with one subnet in each AZ in a region. Splits the CIDR RANGE between them. Services inside those subnets. 1 subnet per availability zone. This makes a VPC REGIONALLY RESILIENT.
It can be deleted and recreated. Not normally used for production due to inflexibility. In order to get the default back again you cannot “create” it. You do an “action” to get a new default VPC
Default VPC CIDR 172.3.1.0.0/16
Come with an internet gateway, security group, and NACL
Anything in the subnets are assigned an ipv4 address. Anything deployed into the subnet is available on the public internet.
EC2 overview
Elastic compute cloud
Access to VMs known as instances. If you need to deploy compute OS, DB, Apps, Interfaces, etc you use EC2 service to manage those.
PRIVATE AWS SERVICE - private aws zone. Must configure public access. VPC that EC2 is running inside must support the connection of the EC2 to the internet.
EC2 is AZ resilient. Instance fails if AZ fails.
Features:
Infra as service (consumer manages OS and above)
Instances - VMs that have a few states. Running, stopped, terminated. Running -> Stopped, Stopped -> Running, TERMINATED means it is deleted! These states dictate charges. Running you are being charged for all pieces, memory, CPU, disk, network. Stopped - no charges except that storage is still allocated to the instance. The pictures, data, etc are still there! EBS storage $$$. No EC2 instance cost - terminated! Not reversible.
Unit of consumption - Instance
Choices of sizes and capabilities
Ondeamnd billing second or hour
Pay for what you use only. charge for amount, storage, commercial software
Storage is done via local or Elastic block storage
Amazon Machine Image
Image of an EC2 instance
Similar to server image (ezpz setup and config)
COntains the boot volume. Can contain other volumes. Block device mapping to config volumes that the image has and how they are presented to the OS. Which volume is boot, data, etc. OS expects to see volumes along with a device ID. ID linked to block.
AMI contains attached permissions. Which accounts can and cannot manage.
public - everyone allowed
owner - implicit allow
explicit - specific aws accounts allowed
Connecting to your EC2
Run different OS’s linux or windows.
Connect to windows using RDP port 3389. Remote desktop protocol.
Linux use SSH on port 22.
Login using ssh key pair. Creates the public and private key. Must download and keep the private portion safe. Public key is placed on instance. Private allows you to connect to the instance that has the public part of the pair. For windows you need the private key and the admin login for the EC2.
S3 Basics
Object storage! Global! Runs from all AWS regions. PUBLIC service. Regional based - never leaves that region unless you configure it to leave.
It can be replicated across AZs in the region.
Ran from AWS public zone.
Unlimited data, multi-user for that data.
Large data! Photo storage (Stock images).
Scales from nothing to near unlimited.
Accessible via GUI, CLi, API, HTTP.
Objects & buckets.
Objects are images, movies, data
Buckets hold multiple objects
Objects in S3
2 main components and metadata
Object key + bucket = access to value (data or image)
Can range from 0bytes to 5TB
Have version ID, metadata, access control, sub resources.
Bubckets
Created in a specific region. Options and config happen at this level!
Data inside bucket has primary home region. Won’t leave that region unless you configure otherwise. Data sovereignty. The contained blast radius is the region.
Buckets are ID’d by their name. Must be globally unique. COMPLETELY unique GLOBALLY ALWAYS. 3-63 characters, all lower case, no underscores. Start with lowercase letter or number. CANNOT be IP formatted. 100 bucket soft limit. 1000 bucket hard limit.
Divide up a single bucket via prefix names.
Can hold unlimited number of objects. 0 to unlimited bytes of data.
Bucket has not complex structure. All objects stored at the same level. NOT A FILE SYSTEM. If you list, you’ll see something you THINK are folders. But that’s not how it really works. Name of the file has no bearing on the value (content) contained in the object).
Can represent folders with prefix object names Koala.jpg /old/Koala.jpb
TEST POWER UP
Bucket names are globally unique
3-63 characters, lowercase, no underscores
Start with lowercae letter or number
cannot be IP formatted 1.1.1.1
Buckets have a 100 soft limit and 1000 hard limit per acct
Unlimited objects in a bucket
Objects can be 0 bytes to 5TB
Object key is the name and the value is the data contained in the object
S3 patterns and Anti patterns
Object store - NOT FILE OR BLOCK
Cannot mount it as a drive
Great for large scale data storage or distribution
Great for offloading posts, audio, movies
Can shrink EC2 instance by offloading to S3
Any input to/from AWS services - Where to store data? S3!
