Professional Documents
Culture Documents
Web server
Database
Web Server
Nginx/Apache
network
Load balancer
Virtualization software
security
Compute CPU,
RAM,
DIsk
App Server
AC
Java on
Security
100000 customers
Tomcat/Jboss
Routers Challenges -
Switches 1. Cost
Internet connect ISP
2. Power failure
Network cables 3. Unplanned outage
Physical servers
4. scalability
Server Racks disaster recovery
Infrastruture
Database
DNS name
SSL certificate
AWS
Google Cloud
Linux
Oracle
(ubuntu)
Benefits
IBM
Challenges -
1. Cost - pay for what you use
Alibaba
1.Overhead
2. Speed -Provision in minutes and start using
X customer
Adobe Base Machine
2. Cost
3. Scale
5X customer (windows)
3. Capcity Planning
4. Performance
4. Time to production
5. Security -
5. Reliability
6. Reliability
Linux
6. Presence
7. Time
(Centos)
7. Security
8. Reduces manpower
8. Manpower is needed
RDS
Ready to useApplication
EC2 Gmail
AWS Lambda
responsibity decreases
Hybrid Cloud
Dropbox
NASA
2002
2007
2004
Airbnb
Internally Launched
SQS Mcdonalds
launched in Europe
2003
idea of 2006
selling Publicly
Region -
25 regions
Zone-1 Zone-2
AZ -
Availability
Zones
Mumbai Region
82
Zone-3
How to choose a region
1. Latency
2. Compliance
3. Available Services
4. Pricing
1. Root Account - It can create other IAM accounts, All Owner (root-account)
permissions
2. IAM Account - Have permissions to the service that root
user will assign to it
Account - 309390439193
Dev-1 QA
EBS
2. CPU
ELB 3. RAM
Spot Instances
Batch jobs
Image procssing
Laptop
VM
Dedicated host
Dedicated instances
3 year reservation
#!/bin/bash
yum -y update
EC2 instance in US
VM outside AWS
Pool of Public IPs
Elastic ip -54.205.208.65 EC2 instance in US
172.31.24.135
port 80
Stop instance
terminate instance
Elastic IP
5 such IPs
Partition2
Placement
Groups
us-east-1a
Partition
Bigdata
Partiotion1
Apache kafka
Partiotion3
us-east-1b
10 minutes
Custom AMI
Centos 7
VM wth additonal nov 2021
VM
Configurations
user-data
1. Web server
AMI index.html
(172.31.94.98) 2. xyz package (172.31.94.98)
3. configution Centos 7
Security patch
Dec 2021
Private
VM
AMI
index.html
( ami-with-
(172.31.94.98)
httpd-setup)
New VM
(private IP - fixed
Pool of public IPs
Public IP ) 3.84.149.11
54.152.61.162
54.157.215.209
Outside VM/Server 52.204.125.68
10000 of other IPs
AWS Network
Elastic IP
EBS Volume
Huge Disk storage
Boot volume (ami)
50GB
VM
CPU
EBS Volume
RAM Blank
2000 GB
Physical Machine
VM
ESB Volume
EBS Volume
CPU
50GB
RAM
1. Network drive, not
a physical drive
2. Locked to a Zone
1:00 PM
2:00 PM
Snapshots 3 PM
4 PM
5PM Newkart.com
13:22
5:30 PM
EBS volume
EBS Volume
50 GB
us-east1-a us-east1-a
Snapshot Snapshot
EBS volume EBS Volume
data security
1. Data in transit
2. Data at rest
Copy
Snapshot Snapshot (encrypted)
(Unencrypted)
VM-1
/dev_files_from_EFS/readme.txt
EFS
50 GB
/dev_files/email_templates/
VM-2
/dev_files_from_EFS/readme.txt
VM-3
- Used NFS protocal
- Encrypted by default
5. Stickiness
6. HA across Zones
7. SSL termination
VM1
Database
port 80
HTTP Load
Load balancer
User ABC
VM2
Port 8080
port 80
Username,
VM-11
VM3
Port-8080
Managed Load balancer
port 80
1. It will be up and running
UDP/TCP
IP Protocol
Scaling
1. Horizontal
HTTP, HTTPS
TCP, UDP
IP Protocol
VM1
VM2
BIG IP - F5
Netscalar - CISCO
VM3
ASG
VM4
VM5
VM -1
Public-IP 3.110.215.238
172.31.35.5
CLB
Actor
VM-2
3.6.41.14
172.31.43.13
Application Load balancers
newcart.com/shopping , newkart.com/admin
3. hostname based routing
newkart.com, shopping.newkart.com
counttry=india
Target-group-1
/
ALB
Actor
Target-group-2 172.31.15.245
/testing.html
SNI - Solves the problem for loading multiple ssl certificates onto one web server
NLB
NLB NLB
1. Works on Layer 3
target group of
VM
3rd Party
security software
StickySessions /
Session affinity
vm-2
coockie - kjjkdjkks - app2
Cross-zone load Balancing
SSL Certificate
NLB - Disabled by default
ASG
Auto-scaling Groups
3. Maximum Size
SG
3. Netowrk config
4. Scaling Policy
Subnet
192.168.1.7 192.168.2.7
Building
NAT Gateway
Gateway
202.173.124.52
google.com
VPC -
Virtual private Cloud
us-east1 Region
65536
VPC
Zone -a
Route Table
Subnet-2
ap-south-1 Region 10.0.0.0/16
Subnet-1
(public)
Subnet-3
65536 (Private) Internet Gateway
Route table
(Public Route)
NAT
Instance
Internet Gateway
10.0.0.0/8
192.168.0.0/16
172.16.0.0/12
Server
50.60.70.80
Private Subnet /
Public subnet
Dest = 50.60.70.80
DEST = 12.13.14.15
SRC = 12.13.14.15
SRC = 50.60.70.80
NAT INSTANCE
Bastion Host
Public Subnet
12.13.14.15
ssh-keys
ssh-keys
Vivek
Dest = 50.60.70.80
DEST = 10.0.0.28
SRC = 10.0.0.28
SRC = 50.60.70.80
EC2 INSTANCE
EC2 INSTANCE
Internet
google.com
IGW
Public
Bastion host
Subnet (Jump Server)
SSH
NAT GW
ssh
Actor
AWS network
EC2-Instance,
Private
EC2-Instance,
NAT Gateway
- No administration
- No SG to manage
- AWS network
Private
NACL Subnet
Incoming Traffic
EC2 Instance
EC2 Instance
SG
Outgoing traffic Private, Publc IP Private IP
Vivek
default VPC
default VPC
de au t C
de au t C
EC2
For us-east-1
for Mumbai
172.31.1.194
192.168.1.0/16 172.72.1.0/16
VPC Peering
10.0.0.0/16 10.0.1.42
VPC B
VPC Peering
VPC Peering
VPC C
Hybrid Connectivity
On-Premises
Customer
Subnet VM
network
Customer
gateway
AWS network
Customer
VPN Gateway
gateway Internet
VPN -
data is encrypted
DIRECT CONNECT - DX
customer
On-Premises
Customer
VPC AWS
network
AWS DIrect
Partner Connect
Router Endpoint
PARTNER
CAGE AWS CAGE
S network
Request is made to AWS Direct connect
partners
1,2,5,10 GBPS lines
EC2
AWS Direct Connect
VPC-1
On-Premises
Customer
Direct Connect
network Gateway
AWS DIrect
Partner Connect
AWS
VM Router Endpoint
AWS Direct
Connect
PARTNER
CAGE AWS CAGE
EC2
VPC-2
location-1
On-Premises
Customer
network
AWS network
VM
Location -2
google.com
Actor
Network interface
IP is assigned
network
- ENI Has a private IP address
- MAC Address
EC2 instance -1
AWS network
- Bound to a specific AZ
ENI172.31.4
App
AWS PrivateLink
VPC-1
- Helps to securely expose an application to 1000 of VPCs Service/
NLB
within or across accounts and regions
Application AWS network
- Does not need any VPC Peering/IG/NAT Routing tables
VPC-2 VPC-2
VPC-2 VPC-2
Transit Gateway
- supports IP Multicast
Transit Gateway
43.205
k
VPC-2
10.10.1.5
AWS network
On-Premises VPC-2
Customer
network
Direct Connect Transit Gateway
VPC-2
VPC-2
AMAZON S3
serverless offering
Regional resource
naming Concention -
no uppercase
no underscore
2G
Maximum object size is 5TB
Data
Data in transit
Encrypted Daya
Encryption
username - salman
jhsgkjnlkcx-=jbcshbcksk
1G 12-dec-2021
s3-linux.iso- 12344232
2G
s3-linux.iso
2. SSE-KMS
+
Key Management System
3. SSE-C
Key is supplied by the customer.
MS
AWS network