VPC

-A VPC belongs to a single region. Multiple VPCs maybe in a single region.

-CIDR is a method for allocating IP addresses and IP routing.

-Subnet can only be a single AZ. Private and Public subnets.

-NAT gateway is an AWS managed NAT device. NAT instance is maintained by the customer.

-NAT gateway works at subnet level, Internet gateway works at the VPC level.

-Subnets has to be added the route table.

-security group are at instance level. Security group define which ports and protocols are allowed for
incoming and outgoing traffic for the instance. Only have allow rules.

-SGs are stateful; if a port in open for an inbound traffic, the outbound traffic on the same port is
allowed automatically.

-network ACLs works at subnet level. Has allow/deny rules.

-Inbound rules only = source of traffic (CIDR range) + destination (listener) port or port range

-Outbound rules only= destination for traffic (CIDR range) + destination port or port range

-VPC create = create route table + Network ACL + security group, By default

-VPC Flow logs = captures information about the IP traffic IN/OUT of the network interfaces in the VPC.

-Data base backup = automated (entire DB backup to point in time, retention period 7-35 days,) +
manual (first snapshot + Incremental, NOT deleted when the instance is deleted)

Cloud formation = IaaS + provision, configure, manage the stack of AWS resources (Infrastructures)
based on the user-given template. Used to quickly replicate the infrastructure. Stacks are created based
on the templates.

CloudWatch = monitor, CPU resources and memory utilization. You can also set CloudWatch alarms to
alert you when your containers or clusters need to scale up or down.

CloudTrail = log, API calls. CloudTrail provides you a history of API calls made from the AWS
Management Console, AWS SDKs, and AWS CLI. It enables security analysis, resource change tracking,
and compliance auditing.
56. public get internet through ELB or IGW
private get internet through NAT Instances/gateway

-CloudFront improves performance for both cacheable content (such as images and videos) and
dynamic content (such as API acceleration and dynamic site delivery).