Scribd Logo
Upload

Welcome to Scribd!

  • Aws Fundamental and Beyond

    Uploaded by

    Amarendra Pradhan
    9 views58 pages
    This document provides an overview of AWS fundamentals and services including IAM, EC2, security groups, load balancing, auto scaling, VPC, S3, and more. It begins with definitions of cloud models like SaaS, PaaS, and IaaS. Then it covers setting up and securing EC2 instances, attaching them to security groups and load balancers for scalability and high availability. It discusses VPC networking components like subnets, route tables, and NAT gateways. Finally it introduces S3 object storage including buckets, versioning, and security.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides an overview of AWS fundamentals and services including IAM, EC2, security groups, load balancing, auto scaling, VPC, S3, and more. It begins with definitions of cloud models like SaaS, PaaS, and IaaS. Then it covers setting up and securing EC2 instances, attaching them to security groups and load balancers for scalability and high availability. It discusses VPC networking components like subnets, route tables, and NAT gateways. Finally it introduces S3 object storage including buckets, versioning, and security.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views58 pages

    Aws Fundamental and Beyond

    Uploaded by

    Amarendra Pradhan
    This document provides an overview of AWS fundamentals and services including IAM, EC2, security groups, load balancing, auto scaling, VPC, S3, and more. It begins with definitions of cloud models like SaaS, PaaS, and IaaS. Then it covers setting up and securing EC2 instances, attaching them to security groups and load balancers for scalability and high availability. It discusses VPC networking components like subnets, route tables, and NAT gateways. Finally it introduces S3 object storage including buckets, versioning, and security.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 58

    AWS

    Fundamentals and Beyond


    “Imagination is more Important then
    Knowledge”

    – Sir Albert Einstein


    What is Cloud ?
    Different Cloud
    models

    • SaaS
    • PaaS
    • IaaS
    • SAAS
    • CAAS
    • NAAS
    • etc…
    Confused ???
    SaaS vs PaaS vs IaaS

    Abstraction Ease of usage


    Agenda

    AWS Console
    IAM EC2
    Route 53
    Overview Overview

    Regions Vs R53 Routing


    Availability Scalability RDS S3
    Policies
    Centres
    High Security
    EBS Aroura VPC
    Availability Groups(SG)

    What is Load
    EFS ELB AMI SubNets
    Balancing ?

    Placement Encryption on
    Elastic Cache ASG And More ….
    Groups* AWS
    Elastic Compute Cloud - EC2
    Security Group - SG
    Identity Access Management - IAM
    Section 1
    Section Agenda
    • IAM Introduction
    • What is EC2 ?
    • Hands On : EC2, User Data, SG
    • EC2 Launch Types • EC2 Instance Types
    • On Demand • R - Ram Optimised
    • Reserved Instance • C - CPU Optimised
    • M - Balanced (Medium)
    • Convertible Reserved Instance
    • I - I/O Optimised
    • Scheduled Reserved Instance
    • G - GPU Optimised
    • Spot Instance
    • Dedicated Instance
    • Dedicated Hosts
    IAM Introduction
    • IAM (Identity Access Management)
    • Divided into :
    • Users
    • Roles
    • Groups
    • Root Account should never be used
    • Users must be created with proper permissions
    • IAM has a global view - not Region scoped, is at the
    centre of AWS
    • Policies are written in JSON
    IAM Introduction

    Users Groups Roles


    Internal usage
    A physical user Functions, Teams,
    inside AWS
    Task

    POLICIES (JSON Docs)


    Defines what all above can do
    What is EC2 ?

    • One of the most Important AWS offering.


    • Flavours or Capabilities of EC2
    • Renting VMs ie EC2
    • Storing on on Virtual Drives i.e EBS
    • Distributing Load Across VMs i.e ELB
    • Scaling the services with ASG
    Demo - Launching an EC2
    instance, SSH and installing
    apache server.
    How to secure this EC2
    instance ?
    Introduction to Security
    Group (SG)
    • Fundamental block of security unit in AWS
    • Controls traffic to/from EC2 instance(s)
    • Monitors inbound/outbound traffics and allows,denies
    based on rules.

    Outbound

    SG

    Inbound
    Internet
    SG - Continued
    • Controls • By default ALL Inbound traffic is
    • Ports access blocked.
    • Authorised IP ranges • By default ALL Outbound traffic
    • Controls Inbound traffic is allowed.
    • Controls Outbound traffic • SG are stateful, NACL is stateless.
    • Acts as FIREWALL
    Demo - SG rules affects on
    EC2
    Boot Strapping EC2:
    User Data

    • Bootstrapping ? Executing commands when machine


    is launched first time only !
    • Different tasks which can be automated at boot time
    • Package updates
    • Installing Softwares
    • Downloading files
    • Etc ….
    • Permission against which script runs ? Root User !
    Demo - User Data, Let’s
    automate the world.
    EC2 Launch Types : Which one I should use ?

    • EC2 - On Demand
    • Pay for what you use
    • Billing starts after 1st minute of VMs Instantiation.
    • Costliest but not commitment and no upfront
    payment.
    • Will not be interrupted ?
    EC2 Launch Type 2
    • EC2 Reserved Instance
    • 75% cheeper then On-Demand.
    • But upfront payment with Commitment.
    • Can be blocked for 1 to 3 years.
    • Reservation is done against a particular instance
    type ! ? What is instance type now ??
    • Good for predictable scenarios.

    • Sub Categories
    • Convertible Reserved Instances
    • Scheduled Reserved Instances - Day, Time, Week
    EC2 Launch Types 3
    • EC2 Spot Instances
    • Have to bid for the instance
    • Distributed on price and availability ratio.
    • Can be as cheap as 90% of On-Demand.
    • Could be reclaimed any time as price of the instance
    goes above bidding price with 2 mins of warming.
    • Once reclaimed, you won’t be able to get the data
    back which was stored in the instance.
    • Good for Data processing and big data queries, not
    good for important or critical applications.
    EC2 Launch Types 4
    • EC2 Dedicated Hosts
    • Expensive
    • Companies or Scenarios which have strong
    Compliance or Data regulations.
    • Gets Physical Dedicated EC2 servers
    • Access to Different connections and sockets of the
    server.
    Elastic Load Balancer (ELB)
    Section Agenda
    • Scalability
    • Vertical
    • Horizontal
    • High Availability
    • Taking EC2 into consideration
    • Scalability
    • ASG
    • Load Balancer
    • High Availability
    • LB multi AZ
    • ASG multi AZ
    Load Balancer
    • Single point for DNS
    • Handles failure
    • Health checks
    • SSL termination over https
    • Stickiness over cookies
    • High availability across zones
    • Spreads load across zones
    Kinds of ELBs
    • AWS offers 3 kinds of ELBs
    • Application Load Balancer
    • Network Load balancer
    • Classic Load Balancer

    • Classic Load balancer is deprecated and its use is


    discouraged.
    ALB
    • Layer 7 Load balancer
    • Load balancing to multiple HTTP endpoints
    • Containers load balancing
    • LB based on route eg. /home,/newhome,/oldhome
    • LB based on hostname
    • Best for Docker based application and ECS

    • Port mapping can be used to redirect to Dynamic port


    • Supports HTTPS/HTTP and web sockets protocol as
    well
    • Stickiness
    • Consider User 1 has items in his shopping cart and
    shopping cart is persisted on EC2-A, next time when
    it request comes It goes to EC2-B where we don’t
    have any info about shopping cart of User 1.
    DEMO - ELB/ALB + SG
    Auto Scaling Group - ASG
    • What will you do if Load increases on your
    Application?
    • Will you create instances of the application by yourself
    ?
    • Or Schedule a job to do so ?
    • What If application scales all by itself ?
    • Magic ?
    Demo - ASG
    Virtual Private Cloud - VPC
    The cloud enabler
    A Picture worth thousand words !
    VPC
    • Subnets
    • Public
    • Private
    • IGW
    • Route Tables
    • NACL
    • SG - Revisite
    • NAT Gateways
    • Bastion Host
    IP
    • Public IP - Unique across over the whole internet.
    • Private IP - Not the case with them.
    • CIDR Representation
    • Default VPC
    • Create one VPC from ground up.
    Classless Inter-Domain Representation -
    CIDR
    123.234.567.012/32
    • Base IP - an IP from the range, mostly the first one
    • Subnet Mask - the bits which can change in the IP
    • x.x.x.x/32 = 2^0 = 1 IP
    • x.x.x.x/30 = 2^2 = 4 IP
    • x.x.x.x/26 = 2^6 = 64 IP
    • x.x.x.x/20 = 2^12 = …
    • Available Private IP Ranges
    • 10.0.0.0 to 10.255.255.255 -> 10.0.0.0/8
    • 172.16.0.0 to 172.31.255.255 -> 172.16.0.0/12
    • 192.168.0.0 to 192.168.255.255 -> 192.168.0.0/16
    Subnets
    • AWS reserves 5 IPs in each subnet (1st 4 and last one).
    • Reserved IPs are not available for use in the subnet
    • CIDR - 192.168.0.0/16
    • Reserved IPs would be:
    • 192.168.0.0 - network address
    • 192.168.0.1 - VPC router
    • 192.168.0.2 - DNS resolution
    • 192.168.0.3 - for later use
    • 192.168.255.255 - broadcast, although its not
    supported on AWS VPC network
    IG
    • Provides Internet connectivity to the Subnet instances/
    resources.
    • Its highly available and scales automatically(AWS
    managed).
    • Not created on VPC creation.
    • 1 VPC <=> 1 IG
    Route Table
    NAT Gateway
    NACL + SG
    Incoming Request
    Outgoing Request
    • NACL Are subnet level.
    • 1 NACL 1 Subnet.
    • Default NACL - ALL TRAFFIC ALLOWED.
    • When NEWLY created NO traffic allowed.
    • Uses rules to allow/deny traffic.
    • Rules have a number associated with them.
    • The lower the number associated the higher the
    precedence.
    • Fall back/Last rule is * which denies everything when
    nothing matches the above rule.
    NACL vs SG
    Simple Storage Service - S3
    S3

    • Buckets & Objects


    • Versioning
    • Security and Encryption
    • Consistency models
    • Lets build our website
    • CORS
    • S3 is an object based storage.
    • OS can’t be installed !
    • Objects live inside Buckets !
    • Buckets name are Unique in the whole AWS universe
    • Buckets are defined as region level
    • Naming Convention
    • NO UPPERCASE
    • NO _Score
    • Min 3 characters Max 63
    • Start with lowercase or number
    Demo - S3
    • It’s a Key and Value store
    • There are no directories !!! Yeah no folders
    • Whats Max size of Object ? 5TB but can be stored
    more then that using multipart upload
    • URL to the file name acts as the key
    Versioning

    • S3 objects can be versioned


    • Its enabled at bucket level
    • What is null version ?
    • What is delete marker ?
    • Versioning Protects against Unintended deletes
    Security-S3

    • Resource Based
    • Bucket Access Control List
    • Object Access Control List
    • Bucket Policy Document

    • IAM Rules
    S3 Bucket Policy

    • JSON based policy document contains


    • Recourse - buckets n objects
    • Actions - Set of API’s to Allow or deny
    • Effect - Allow/Deny
    • Principal - The account or user against which the policy
    be applied
    • Buckets policy be used for -
    • Public access to bucket
    • Force Encryption at upload time
    • Cross account access
    S3 - Static Website

    You might also like