AWS (amazon web services)

They provide you with servers and services that you can use on demand and
scale easily.

AWS GLOBAL INFRASTRUCTURE

AWS REGION
AWS regions are all around the world e.g. us-east1, ap-south1
[A region is cluster of data centers]

** Most AWS services are region scoped

HOW TO CHOOSE AN AWS REGION?

1. Compliance with government
2. Proximity to customers
3. Available services within a region
4. Pricing

AWS AVAILABILITY ZONES

Each region has many availability zones ( usually 3, min 3, max 6) e.g
apsouth1-a, apsouth1-b, apsouth1-c

AWS GLOBAL SERVICES

IAM root 53 cloudfront

AWS REGION SCOPED SERVICES

EC2, elastic bean stalk (EBS), Lambda

IAM (IDENTITY AND ACCESS MANAGEMENT) - GLOBAL SERVICE

User: mapped to a physical user has a password for aws console
Groups : contains users only it cannot contains another groups
Policies: JSON document that gives permission to users or groups
Roles : attached to ec2 instances or aws services
MFA : a password you that you know and security device that you owned
CLI : command line interface
SDK : manage aws service using programming language

EC2 (elastic compute cloud) [ infrastructure as a service ]

1. Renting virutal machines (EC2)
2. Storing data on virtual drives (EBS)
3. Distributing load across machines (ELB)
4. Scaling the services using the autoscaling group (ASG)

EC2 USER DATA

* It is only run at ones at the first start of the instance

EC2 INSTACE TYPES

m5.2x large
m ---> instance class
5 ----> generation
large -----> size

COMPUTE
MEMORY OPTIMIZE
STORAGE OPTIMIZE
ACCELERATED COMPUTING

SECURITY GROUPS
 By default all inbound traffic is blocked and all outbound traffic is allowed
SSH --> secured shell ( port 22 )
FTP ---> file transfer protocol (port 21)
HTTP ---->port 80
HTTPS ----> port 443
RDP -----> port 3389

EC2 INSTANCE PURCHASING OPTIONS

1. ON DEMAND INSTANCES
2. RESERVED
3. SAVINGS PLAN
4. SPOT INSTANCES
5. DEDICATED HOST
6. DEDICATED INSTANCES
7. CAPACITY RESERVATION

NOTE: ELASTIC IP --> When you stop and start ec2 instances it changes it public IP,
to have a fix public IP you need an elastic IP
you can have 5 elastic ip in your account
( you can increase that)

EBS VOLUME
An ebs volume is a network drive you can attach to an instance while run.

*** They are bount to an specific AZ

They can only be mounted to one instance at a time (except IO1 and IO2
family).

EBS SNAPSHOTS
1. Backup of you ebs vol at a point in time.
2. Can copy snapshot across availability zones or regions.

AMI OVERVIEW (amazon machine image)

AMI are customization of ec2 instances
You can add your software config. , operation system and monitoring
You can lauch instances from other AMIs

HIGH AVAILABILITY AND SCALABILITY

1. Scalability means that an application can handle greater work load by
adapting
2. They are two types : vertical scalability and horizontal scalibility

Vertical : incrase instance size ( scale up / scale down)

Horizontal : increase number of instances ( scale out / scale in)

High availability vs Horizontal scaling

running instances for the same app. for same AZ

LOAD BALANCING

ELB
An elb is an manage load balancer.
Can be many integrated with many aws services
Health checks : They enable load balancer to know if the instances are
available to accept requests or not (200)
ALB, NLB, CLASSIC , GLB
AUTO SCALING GROUPS
Goal of auto scaling is :
1. Scale out
2. Scale in
3. Ensure we have have a min. and max. number of instances
4. Automatically register new instances to load balancer
5. Recreate new instances if found unhealthy
6. Maintain the minimum, maximum and desired state

DATABASES IN AWS

RDBMS ( SQL, OLTP ) : RDS, AURORA (great for joints),

NO SQL DATABASE : Dynamo DB, Document DB (Mongo DB)
OBJECT STORE : S3-GLACIER
DATAWARE HOUSING : SQL analytics, business intelligence
OLAP (red shift), athena
TIME SERIES : Amazon time stream

AMAZON RDS :
Managed service
Autoscaling capability for storage
Support read replicas and multi AZ
Security through IAM, SG, Encryption, SSL (secured socket layer)
Automated backup with point in time recovery
Managed and scheduled maintainance
Support for IAM Authentication , Integration

DYNAMO DB:
Managed serverless NoSQL database, milliseconds latency
Capacity with option autoscaling or ondemand capacity
Highly available , Multi AZ by default, read and writes are
decoupled
Security, authentication, authorization are done by IAM
Automated backups upto 35 days , on demand backups
Export and import through S3
Great to rapidly evolve schema

AMAZON S3 (Simple Storage Service) :

S3 is a key value store for object
Serverless, scale infinitely and max object size is 5TB
Features:
Versioning, replication, logging, lifecycle management, hosting
static website, MFA
Batch operation
Tiers/Storage classes : S3 / Glacier

During replication the permission to replicate existing objects or to replicate

objects after enabling replication, this process is known as batch

DOCUMENT DB:
Document DB is the same as mongodb( no sql )
Fully managed and highly available with replication across 3 AZ
Document db storage automatically grows in increments of 10 GB
Automatically scales to work load of millions of requests per
second

AMAZON TIME STREAM :

Time series database
Stores and analysis trillions of request per day
1000 time faster and 1/10 the cost of relational database
Automatically scales up and down to adjust capacity
Built in time series and analytical functions
Data storage tearing recent data is kept in memory and
historical data is kept in cost optimize storage

AMAZON VPC ( virtual private cloud )

UNDERSTANDING CIDR : Classless interdomain routing : a method for locating ip
addresses. Used in sg rules and aws networking
/8 ----> 255.0.0.0
/16 ----> 255.255.0.0
/25 -----> 255.255.255.0
/32 ------> 255.255.255.255

PUBLIC VS PRIVATE IP :

DEFAULT VPC : all new aws account have default vpc

new ec2 instances are launched in default vpc if no
subnet is specified
default vpc has internet connectivity
we also get private and public v4 address for our
instances

VPC IN AWS : You can have multiple vpc in a region (max. 5 in per region (soft
per limit))
Your vpc cidr should not overlap with your other networks

VPC SUBNET: AWS reserves 5 ip address in each subnet :

10.0.0.0 ----> network address
10.0.0.1 ----> vpc router,
10.0.0.2 ----> amazon provided dns,
10.0.0.3 ----> reserved for future
use ,
10.0.0.255 --> network broadcast

INTERNET GATEWAY : Allows all resources in a vpc to connect to the internet. It

scales horizontally and is highly availaible and reduntant
Must be created separately from vpc
One vpc can only be attach to one internet
gateway (ig) and vice-versa.
** Internet gateway own do not allow internet
access route tables must be edited

BASTION HOST : We can use a bastion host to SSH into a private instance.
It is in the public subnet which is connected to all
private subnets.
BH SG must all inbound from the internet on port 22
for restricted CIDR.
SG on ec2 instance (private) must allow the sg of
BH.

NAT INSTANCE : Network address translation

Allows ec2 instance in private subnet to connect to
the internet.
Must be launched in a public subnet.
Must have elastic ip attached to it.
Route tables must be configured to route traffic from
private subnet to NAT instance.

NAT GATEWAY : AWS manage NAT , higher bandwidth, high availaibility, no

adminstration
Pay per hour for usage and bandwidth
NAT GW is created in specific az , use an elastic ip
Can't be used by ec2 instance in same subnet, uses an
elastic ip
Automatic scaling, no sg required.

NETWORK ACCESS CONTROL LIST (NACL) :

NACL are like a firewall which control traffic from and
to subnets.
one NACL per subnet, new subnets are assign to default
NACL.
NACL is a great way of blocking specific ip address at
subnet level
** default NACL accepts everything inbound/outbound
with the subnet it is associated with.

VPC PEERING : Privately connect two vpc's using aws network.

Make them behave as if they are in the same network.
Must not have overlapping CIDR's.
You must update route table in each vpc subnet to ensure
ec2 instances can communicate with each other.

AMAZON ROUTE 53 :
Domain name system which translates human family host
name into machine ip addresses.
DNS is the backbone of internet.

DNS TERMINOLOGIES :
Domain registrar : amazon route 53
DNS records : A, AAAA, CNAME, NS, ....
Top level domain : .com, .us, .in, .org
Second level domain : amazon.com , google.com
A highly available , scalable, fully managed and
authoratize DNS.
Route 53 is also a domain registrar , the only aws
service which provides 100% availability SLA ( service level agreement )

ROUTE 53 RECORD TYPES :

A : maps host names into ipv4.
AAAA : maps host name into ipv6.
CNAME : maps host name into another host name.
NS : name server for hosted zones.

ROUTE 53 HOSTED ZONES :

Public hosted zones : contains records that specify how
to route traffic on the internet (public domain names)
Private hosted zones : contains records that specify
how traffic is routed within one or more VPC (private hosted zones)
Except for alias records TTL is mandatory for each DNS
record.
CLOUD FRONT : content delivery network (CDN).
improves read performance.
content is cached at the edged location.
400+ edge locations.

CLOUD FRONT ORIGINS : S3, ALB, EC2 instance, any http backend you
want.

RED SHIFT : red shift is based on postgreSQL but its not use for OLTP (online
transaction process )
it is OLAP used for online anaylitics and data ware housing.
10 times better performance than other data ware houses ,
columnar storage of data.
Pay as you go based on the instances provision.
Has a sql interface for performing queries.
Can be integrated with business intelligence tools like
Tablu.