AMAZON WEB SERVICES (AWS)

Benefits:
Location independent, Device Independent, Scaling, Pay as you use,
AWS
TCO(maintanance)
70 to 75% use AWS
EC2 is a virtual machine that you can use to deploy your own servers in the
cloud, giving you OS-level control. It helps you have control over the hardware
and updates.
Instance
Instance type ( Ram+no.of CPU's)
EBS volume
Snapshot
EC2 (Virtual server in cloud)
Security group
Key pair (.pem/.ppk). [ it is a set of security credentials that are used during
identity proof]
public ip
private ip
Elastic Ip
AMI (amazon machine image) = Operating sysytem
AMI stands for Amazon Machine Images. It includes the following:

1. Single or multiple Amazon Elastic Block Store (Amazon EBS) snapshots.

AMI Basically, templates for the root volume of the instance.
2. Launch permissions that let AWS accounts use AMI to launch instances.
3. A block device mapping to specify what volumes to be attached to the
instance during its launch.
1. Taking backup from volume (hard disk)
2. cannot be attached to instances
Snapshot (backup storage
3. based on snapshot, volume can be created and that volume can attach to
device)
instance

Isolated cloud resources

Virtual Private cloud - Own network, no.of unique IP addresses that network can
generate.
VPC
It allows you to launch AWS resources that can be defined by you and fully
customize the network configurations. Through VPC, you can define and take full
control of your virtual network environment. For example- you can have a
private address range, internet gateways, subnets, etc.
smaller parts of network, subnets make networks more efficient by controlling
traffic and maintain security.

1. Subnet belongs to only one Available zone.

Subnet 2. It associate with single route table. But one route table can connect to
multiple subnet.
3. Associate with single NACL.
4. From each subnets 5 ips are reserved by AWS

Classless Inter-domain router- method for allocating unique IP adresses to

CIDR
machines
Routetable determine traffic from one network to another
Act as a firewall to subnet, configured to allow all traffic to flow in and out of
NACL
the subnets.
Internet gateway It allows the instance in the VPC to communicate to the internet
Network address translation is a gateway used to connect instances in your
NAT
private subnet to the internet
Establish connection b/w two vpc's in same aws.
Peering Connection
Should have different CIDR's (non-overlapping CIDR's)
 A transit gateway enables you to attach VPCs and VPN connections in the same
Transit Gateway
Region and route traffic between them
Detect when server fails and replace with new machine. It continously do
healthchecks to server to know wether machine is working or not.
Frequency of checks:
Basic monitoring - checks every 5 minutes by default
Detail monitoring - checks every 1 minute which is chargeable.
ASG = Min <=Desire <=Max

Reasons for failure: Site failure, AZ failure, high load

Auto scaling Upgrading: server need to be on standbymode or stopped when autoscaling
Manual RE-BALNCING ACTIVITY
Schedule Scale-out -- Increase operation (servers)
Event Scale-In -- decrease operation (servers)
distributing network traffic equally across a pool of resources that support an
Elastic Load balancers (ELB) application
Classic load balancer It distributes traffic among instances and cannot support heavy load
It supports both path-based and host-based routing and hence helps in
enhancing the performance of the application structured as smaller services.
Application load balancer
Using application load balancer, the traffic can be routed based on the requests
made.
It can handle millions of requests per second. It is primarily used to balance TCP
Network load balancer
traffic

Launch Configuration It’s a configuration template that an autoscaling group uses to launch instances
configuration information including ID, AMI, instance type, keypair and other
parameters used to launch instances
Launch template

IAM Manage access to AWS resources

AWS Identity access Management - securely control access to AWS resources.
IAM User is an entity created in AWS that provides a way to interact with AWS
Users resources
IAM policy is a document with a set of rules. Each IAM policy grants a specific set
of permissions. Policies are attached to IAM identities like Users, Groups, and
Policies (Json) Roles
Managed file storage for Ec2
Elastic file storage (EFS) It’s a simple scalable storage elastic file storage. Can access or share data across
the regions
Scalable storage in the cloud
Object storage, cannot share through networks and cannot attach to instances.
However data lakes(big) can stores in this service.

Object always belong to standard class.

To reach the bucket without internet connection use VPC endpoint but both
S3 Bucket services need to be in same region.

VPC Endpoint:
Gateway Endpoint -- For only S3 & DYN (dynamo data base)
Interface Endpoint -- For remaining services
It gets various requests from applications, and it has to identify which requests
are to be allowed and which are to be denied. Amazon S3 REST API uses a
custom HTTP scheme based on a keyed HMAC for authentication of requests.
 Bucket Features:
Version controlling
Cross region replications (CRR)
Same region replications (CRR)
Static webhost
ACLS/Bucket policy (security)
Life cycle rules (till object upload & deletion)
Event management
Loging
Object Features:
ACLS (Access, permission/security)
S3 storage types:
Standard
standard 1A (infrequent access)
one zone 1A (infrequent access)
Glacier
Command line interface
enables to interact with AWS services using commands in your command-line
AWS CLI shell.
helps us access public resources like S3, dynamoDB etc. securely via AWS
VPC endpoint network, instead of going via internet
Monitor Resources and Applications
used for monitoring and managing data and getting actionable insights for AWS.
It helps you to monitor your entire task stack that includes the applications,
infrastructure, and services.

Cloud watch 1.CW to collect and track metrics which are variables you can measure for your
resources and application.
2.create alarms that watch metrics and send notifications
3. can gain system-wide visibility into resource utilization, application
performance, and operational health

Its a global content delivery network

CloudFront is a web service that speeds up distribution of static and dynamic
web content, such as .html, .css, .js, and image files, to the users.
Cloud Front
CloudFront will deliver the content directly from the origin server. It will also
store the content in the cache of the edge location where the content was
missing
Track user activity and API usage.
AWS CloudTrail can be used in this case as it is designed for logging and tracking
Cloud trail API calls, and it has also been made available for storage solutions.
It can provide logging information for load balancers or any other AWS
resources
Managed Relational database services
RDS Designed to simplify the setup, operation and scaling of a relational database
for use in applications.
Managed NoSQL database
Dynamo DB Designed to run high-performance applications at any scale. It can be fed any
type of unstructued data. (eg.. Collectiing data from e-commerce websites)
Fast, simple,cost-effective data warehousing
Ability to handle huge volumes of data, capable of processing structured and
Redshift
unstructured data in the range of exabytes(1018 bytes) (eg..large scale data
migrants)
Large scale data transport
Snowball is an application designed for transferring terabytes of data into and
Snowball outside of the AWS cloud. It uses secured physical storage to transfer the data.
Snowball is considered as a petabyte-scale data transport solution that helps in
cost and time-saving.
 Dedicated network connection to AWS.
Direct Connect Its an AWS networking service that acts as an alternative to using the Internet to
connect customers in on-premise sites with AWS.
In-memory cache services supporting flexible, real time use cases. It can use for
Elasticache
cache which accelarates application and database performance.
Easy-to-Use Scalable Media Transcoding
Elastic transcoder the Elastic Transcoder is used for converting media files into versions that can
be run/played on devices such as Tablets, PCs, Smartphones, etc.
SNS managed message topics for Pub/Sub
SNS (Simple notification
provides message delivery from producers to consumers through supported
service)
endpoint type http, email, sms, mobile push notifications, AWS lamba…
Scalable DNS and Domain name registration
Highly available and scalable DNS web service. Functions in any combination:
domain registration, DNS routing and health checking.
Route -53
DNS query
Domain registry
Domain hosting - in aws, hosted zones (creating name server)
DNS server - need to created in name server
Domain name system (act as a translator for Ip addresses) map id addresses in
DNS
to names
Dynamic host configuration protocal
Which runs a services to list IP adresses to server. The process to obtain IP server
DHCP
automatically from DHCP server is DORA process --- Discover, offer, request,
acknowledge