AWS Notes
Manage AWS with:
- Web Console
- AWS CLI
- Terraform
AWS Terms and Services:
- AWS - Amazon Web Services
- EC2 - Elastic Compute Cloud
- ECS - Elastic Container Service
- IAM - Identity Access Management
- S3 - Simple Storage Service
- EBS - Elastic Block Store
- ELB - Elastic Load Balancing
- SG - Security group
- AMI - Amazon Machine Image
- VPC - Virtual Private Cloud
- EKS - Elastic Kubernetes Service
Haven’t touched:
- SAML
- SSO
- Route53 DNS
- AWS Fargate???
-
Scaling - haven’t touched this
- AZ - Availability Zones
Regions:
- us-east-1
- us-west-1
AZ:
- us-west-1a
- us-west-1b
- us-west-1c
EC2
- On Demand Instances - normal instance, start/stop/destroy when needed
- EC2 Savings Plan - save money by committing for a period of time
- Reserved Instances - reserved ( may cost less )
- Spot Instances - uses free capacity when available, much cheaper, can be interrupted
- Dedicated Hosts - actual metal host that is reserved and not shared
EC2 Types ( intel/AMD/Arm Gravitron )
- General Purpose
- Compute Optimized: C6/C7 ex: c6i.32xlarge, c6i.metal
- Memory Optimized
- Accelerated Computing
- Storage Optimized
Scaling - haven’t touched this
AMI
- Use existing AWS provided AMIs
- Create AMI from existing host, copy to needed regions ( with different IP )
ELB - Elastic Load Balancing
…
VPC / Network
- VPC Peering
Components
- VPC
- Subnet ( public and private )
- Network Interface
- ACL - subnet level, stateless ( need inbound and outbound ), allow/deny rules, eval in order and stop at match,
- SG - Security Group - assigned at instance level, statefull ( allowing inbound can allow outbound, deny by default, can create rules to allow, all rules evaluated
- Private IP # Internal communication within VPC, automatically assigned to each instance
- Public IP # Connects to the internet, can change when instance is stopped or started
- EIP # static, public IP, connects to internet, doesn’t change, bound to instance or NIC, can move to other instance, can keep reserved
| Feature | Security Group (SG) | Network ACL (NACL) |
| Level | Instance Level | Subnet Level |
| Stateful/Stateless | Stateful | Stateless |
| Allow/Deny Rules | Only Allow | Allow & Deny |
| Rule Evaluation | Evaluates all rules | Rules evaluated in order |
| Default Behavior | Deny inbound, allow outbound | Default allows all (custom NACL denies all) |
IAM
- IAM Users
- IAM Roles
- IAM Policies
S3 - Simple Storage Service
- Bucket - container for objects ( like a dir )
- Object - unit of data ( like a file )
- Key - id for object
S3 Storage Classes
- S3 Standard
- S3 Standard IA
- S3 one zone-infrequent access
- S3 Glacier