AWS fundamentals Flashcards
Public and Private services
Public service or Private service has no permissions by default except the root user
2 components:
1. connectivity to the service
2. permission to access the service
public internet service
service that runs on the public internet example:netflix
AWS public service –> not on the public internet zone but it is adjacent to it
AWS public service can connected to anywhere you have internet connection
AWS public zone is present inside the aws network zone which is directly attched to public internet
AWS public and Private service summary
- AWS is a public cloud that can be connected over public internet
- AWS services are not on the public internet
- AWS has a zone called AWS public zone which is where public services run from. This zone is connected to the public internet and can be accessed from
- AWS private zone can be subdivided using VPC(virtual private cloud). this zone is isolated from th epublic zone and from public internet. but private services that are running from this zone can be allowed outgoing access andthey can also be configured to be public which means part of them example IP address is projected into the public zone and it is accessed just like a public service from the public internet. By default private service can be accessed only from the same private network or any on premises services connected to them
AWS Region
Region –> Region code
Region name
ap-southeast-2 (region code for aws location in sydney)
Region is divided into availability zones (az)
ap-southeast -2a/2b/2c
way of building resilience–> 6 servers we can place 2 in each AZ. so that if 1 AZ fails we will have 4 to run
AWS Resilience service
Globally Resilient: Service operates globally with a single database and its data is replicated across multiple regions inside the AWS.
It takes the world to fail to experience full outage- service is global.
Example: IAM and Route53 - can tolerate failure across multiple regions
Region Resilient: Operate as a separate service in each region and the data is replicated across the availability zones. Therefore if the region whole fails the service will fail
AZ resilient service: They are more prone to failure
service that run from single AZ
VPC
VPC = Virtual network inside the AWS
VPC is within 1 account and 1 region
it is private and isolated from other VPC ,public zone and public internet
Region can have multiple custom VPC
unless configured VPC cannot access outside their private network
VPC CIDR defines the start and end range of IP’s that VPC can use
Default VPC cidr range 172.31.0.0/16 - always same
Types of VPC
Default and Private
- Default VPC is 1 per region. It is created once per region when the aws account is first created****
- It can be removed an recreated
- MAX # of default VPC = 1, region can exist with out default VPC by theory but recommended to leave them open and active
- Default VPC cidr range 172.31.0.0/16
- /20 subnet is created within every AZ inside the region
- Internet gateway (IGW),security group (SG) and NACL is set up
- Subnets assign IPv4 addresses
Many custom VPC’s per region
EC2*
- Default compute service within AWS. it is the dafult staring point of any compute requirement in AWS
- EC2 provides access to the virtual machines known as “instances”
- Any time of compute that needs OS, run time env, DB dependency, application and application interface then EC2 is the service we need
Keys and Features of EC2
- EC2 is IAAS - Infrastructure as a service - provides virtual machines known as EC2 instances
- Because this is IAAS the unit of consumption is “instance”
- EC2 is a private service” - means it runs in aws private zone uses VPC networking
- Because an instance is launched in a subnet and subnet is available within AZ. If the AZ fails the instanc e will fail.
- Different instant sizes and capabilities
- User manages the OS and upward of the Infrastructure stack
- AWS maintains - Virtualization, servers, Infrastructure and facilities
- On demand billing - per second
- Local on host storage and EBS (elastic block storage)
States of the Instance
Running –> Stopped–> terminated
Stopped (Reversible action)
Non - reversible action : Running/Stopped –> terminated
CPU/Memory/Disks/Networking
CPU –> How much the instance can process $
Memory –>Super fast area where the data that being currently worked on is stored $
Disks–>provided by EBS $
Networking–> how the instance communicates with other entities in AWS $
Instance stopped–> CPU/Memory/Networking no charges but charged for Disks (storage)
Terminate the instance–> No charge–> No CPU/Memory/Disks/Networking storage is deleted
AMI
Amazon Machine image
AMI –> EC2
EC2–> AMI
AMI contains
1. Attached permissions- controls which accounts can/can’t use the AMI
2.Public -permissions can be set as public AMI in which everyone is allowed to launch the EC2 from the AMI
3. Implicit -Owner of AMI is allowed to create EC2 instance from the AMI
4. Explicit owner can grant access specific accounts
AMI Contains the root/boot volume - drive that boots OS. It also contains other volumes as well. But will have atleast 1
ex: C:\ in windows or linux
Block device mapping –> config thats maps which links the volumes the AMI has and how is presented to the OS
Connecting to EC2
Remote desktop protocol - port 3389 which is used in windows instance
SSH protocol - port 22 for linux
Connect to EC2 instance using PUTTY/RDP connect using key pair
While creating SSH key pair it creates 2 part of the same key.
Private part can be downloaded only once
Public part , AWS place the public part on the instance
S3 Simple storage
S3 is a global storage platform ( runs in all of the aws region) - its a public service and available in AWS public zone- Regional based / Resilient
data is replicated across the AZ in that region
Multi _ user
Useful for storing large amount of data like movies,photos..or big data sets
Economical and can be accessed via GUI/HTTP/CLI/API
Objects and Buckets
object–> version id,metadata, access control and subresources
object–> key and value:
key –> name of the object : kola.jpg: if we know the name and bucket then we can uniquely identify the object
value–> content of the object and the size ranges from 0 to 5 TB
S3 is highly scalable
Buckets:
- Bucket names are globally unique
- it can store infinite # of objects
- objects scale between 0 to 5TB of data
- All objects are stored as “ flat structure” within the bucket at the same level
- Never leaves the region unless its configured
Exam power up
S3 buckets are globally unique across all region and across all accounts
Names must be between 3-63 characters, no underscores, all lower case
starts with lower case letter or number
It cannot be IP formatted
Buckets - soft limit 100 per account/ hard limit 1000 per account
exam question: how to structure a system > 1000 users
We can divide the single and divide bucket into prefixes like folders in that way we can have mutiple users using 1 bucket ex: /old/koal1.jpg
We can have unlimited objects in a bucket
each object can range 0bytes to 5 TB
object has key = name and value = data
By default S3 objects and buckets are private and there is no public access to it unless it is authorized
S3 patterns and anti patterns
S3 is an object store. its not an file storage or block storage. we cannot browse file like file explorer
You cannot mount an S3 bucket
we cannot use S3 for windows server (NTFS)/ Linux (mount)
we can use where we need to deal with objects like photos,images,audio and video - flat structure
EC2 has EBS- elastic block storage which is limited to accessing one thing at a time
S3 is great for large scale data storage and distribution
Great for offloading
S3 will be input and or output to many aws products
* S3 will be the ideal storage*
