Professional Documents
Culture Documents
AGENDA • IAM
• S3
• RDS
• Amazon ELB
• AWS Lambda
REGIONS,
AVAILABILITY ZONES,
AND LOCAL ZONES
AMAZON VIRTUAL • Amazon Virtual Private Cloud (Amazon VPC) enables you to
launch AWS resources into a virtual network that you've defined.
PRIVATE CLOUD • This virtual network closely resembles a traditional network that
you'd operate in your own data center, with the benefits of using
(VPC) the scalable infrastructure of AWS.
• Subnet — A range of IP addresses in your VPC.
• Route table — A set of rules, called routes, that are used to
determine where network traffic is directed.
• Internet gateway — A gateway that you attach to your VPC to
enable communication between resources in your VPC and the
internet.
• VPC endpoint — Enables you to privately connect your VPC to
AMAZON VPC supported AWS services and VPC endpoint services powered by
AWS PrivateLink without requiring an internet gateway, NAT
device, VPN connection, or AWS Direct Connect connection.
• Instances in your VPC do not require public IP addresses to
communicate with resources in the service.
• Traffic between your VPC and the other service does not leave
the Amazon network.
AMAZON
DEFAULT VPC
NETWORK ACLS
A network access control list (ACL) is an optional layer of security for your VPC
that acts as a firewall for controlling traffic in and out of one or more subnets.
• Inbound Rules.
• Outbound Rules.
• The default NACL allows all inbound and outbound traffic.
• You can create a custom network ACL and associate it with a subnet.
• Each subnet in your VPC must be associated with a network ACL. If you don't
explicitly associate a subnet with a network ACL, the subnet is automatically
associated with the default network ACL.
NETWORK ACLS • You can associate a network ACL with multiple subnets. However, a subnet can be
associated with only one network ACL at a time.
CONCEPTS • A network ACL contains a numbered list of rules. ACL evaluates the rules in order,
starting with the lowest numbered.
• A network ACL has separate inbound and outbound rules, and each rule can either
allow or deny traffic.
• Network ACLs are stateless, which means that responses to allowed inbound traffic
are subject to the rules for outbound traffic (and vice versa).
NETWORK ACLS
SECURITY GROUPS
A security group acts as a virtual firewall for your EC2 instances to control
incoming and outgoing traffic.
• Inbound Rules.
• Outbound Rules.
• By default, security groups allow all outbound traffic.
SECURITY GROUPS •
•
Security groups are stateful
You can assign multiple security groups to an instance.
CONCEPTS •
•
Security group rules are always permissive; you can't create rules that deny access.
When you associate multiple security groups with an instance, the rules from each
security group are effectively aggregated to create one set of rules. Amazon EC2
uses this set of rules to determine whether to allow access.
SECURITY
GROUPS
Security Group Network ACL
• IAM Users
• IAM Groups
• IAM Roles
An AWS IAM user is an IAM entity that you create in AWS to
IAM USERS represent the person or application that uses it to interact with
AWS. A user in AWS consists of a name and credentials.
You can access AWS in different ways depending on the user
credentials:
• Console password: A password that the user can type to sign in
to interactive sessions such as the AWS Management Console.
• Buckets
• Objects
• Keys
A bucket is a container for objects stored in Amazon S3.
Buckets serve several purposes:
• Organize the Amazon S3 namespace at the highest level.
S3 BUCKETS • Identify the account responsible for storage and data transfer
charges.
• Play a role in access control.
• Objects are the fundamental entities stored in Amazon S3.
• Objects consist of object data and metadata.
S3 OBJECTS • The metadata is a set of name-value pairs that describe the
object. These include some default metadata, such as the date
last modified.
S3 KEYS • A key is the unique identifier for an object within a bucket.
• Every object in a bucket has exactly one key.
• The combination of a bucket, key, and version ID uniquely
identify each object.
AMAZON RELATIONAL DATABASE SERVICE
(AMAZON RDS)
• Web service to set up, operate, and scale a relational database in the AWS Cloud.
• Provides cost-efficient, resizable capacity for an industry-standard relational database and manages common
database administration tasks.
• Useful in case of multi-server apps.
• The basic building block of Amazon RDS is the DB instance.
• A DB instance is an isolated database environment in the AWS
Cloud.
• You can create and modify a DB instance by using the AWS
Command Line Interface, the Amazon RDS API, or the AWS
Management Console.
RDS DB INSTANCES • Each DB instance runs a DB engine. Amazon RDS currently
supports the MySQL, MariaDB, PostgreSQL, Oracle, and
Microsoft SQL Server DB engines.
• You can run a DB instance on a virtual private cloud (VPC) using
the Amazon Virtual Private Cloud (Amazon VPC) service.
• Can use security groups to control the access to a DB instances.
• AWS Lambda is a serverless compute service that runs your code
in response to events and automatically manages the underlying
compute resources for you.
AWS LAMBDA • You can use AWS Lambda to extend other AWS services with
custom logic, or create your own back-end services that operate
at AWS scale, performance, and security.
AWS LAMBDA EXAMPLE
AMAZON ELASTIC LOAD BALANCING
(ELB)
• Elastic Load Balancing automatically distributes incoming application
traffic across multiple targets, such as Amazon EC2 instances, containers,
IP addresses, and Lambda functions.
• A load balancer distributes workloads across multiple compute resources,
such as virtual servers.
• Using a load balancer increases the availability and fault tolerance of your
applications.
CROSS-ZONE LOAD
BALANCING
DEMO
THANK YOU!
TEAM CUSTOM REPORT