-
They are calssified into types as folows
-
Majorly classified into the following as
-
General Purpose (Starts with M) - eg M5a, M5ad, M6a
-
Memory Optimized (Starts with R(Signifies RAM)) - eg C5, C5a, C5ad
-
Compute Optimized (Starts with C(Signifies Compute)) - eg R5, R5a, R5ad
-
Further classified into
-
Storage Optimized
-
High Performance Computing
-
Accelarted Computing
- The t2, t3, t3a They provide best oprice for the performance ratio in the EC2 Instance Types.
- The t4g uses AMazons own processor
Gravitron
NO
, by default EC2 only gets Private IP Address
- Classless Inter-Domain Routing(Widely Used than Classful Routing)
- It is used to provider the IP Address Allocation
- eg
172.16.0.0/16
172.16.0.0 ==> It is the BASE IP
16 => Is the Subnet Mask
- eg
172.16.0.0/16
=> It is Divided into twor parts they areNetwork Address
andHost Address
Host Address
- Representst he No. of IP Address taht can be allocated- Calculated as Follows
1 Byte = 8 Bits
172.16.0.0/16 ==> It will be divided as 11111111.11111111.00000000.00000000
Masking is done form the right to left ; we have to cover 16 Bits.
Each Byte will contain about `256 Addresses` => From `0 to 255`
Host Addresses ==> Will cover upto 0.0
N/W Addresses ==> Will cover upto 172.16
=> For Host Addresses ==> 0.0 => 256 * 256 ==> 65536 Addresses - 2(As 2 IP;s are allocated for the Network Address and Broadcast Address)
No. of IP Addresses can also be derived from the Formula =>` [2 ^ (32 - (Subnet mask)) - 2]`
- No. of IP Addresses can also be derived from the Formula =>
[2 ^ (32 - (Subnet mask)) - 2]
eg 172.8.10.12/15 => Using [2 ^ (32 - (Subnet mask)) - 2] = [2 ^ (32 - (15)) - 2] = 131070 IP Addreses can be allocated
-
It is the Private Cloud within our cloud
-
It conist of the
Public
andPrivate
Subnet. -
The
Public Subnet
attaches to theInternet Gatway
; Generally theBastion Host(Jump Server)
orLoad Balancers
are kept inside the Public Subnet. -
The
Private Subnet
attaches to theNetwork Translation Gateway
; Generally the Applications are stored inside the Private Subnet (Least Privileage Access); The Internet can only get accessed with the help of NAT Gateway ==> NAT Gateway connects to the Internete Gatway and gets reply back from the outer world.
- Public Subnet attaches to the Internet gateway and Private Subnet to the NAT Gateway,
- Incoming Traffic ==>
Ingress traffic / Inbound Traffic
- Outgoing Traffic ==.
Egress Traffic / OutBound Traffic
-
NACL
they are the set of the Rules that are acting at theSubnet Level
-
In
NACL
theInbound Rules
can set to be Something else andOutBound Rules
can be set toBlocked
-
NACL
are set for theStateLess Routing
-
NACL the Rules ranges from the
[1 to 65535] [1 with the Highest Priority]
. -
SG
they are set of Rules that are acting at theInstance Level
-
IN
SG
once theInbound Traffic
isallowed
; then theOutBound Traffic
isallowed by Default
. -
SG
are set for theStateful Routing
.
HA
deals with thescalability of the application
and making it available for the users even if one instance goes down.- Fault Tolerance deals with adding the
Application in the Multiple Avalability Zones in the Region
; avoiding to become theSingle Point Failure
.
- Its relative whenever we are using the
HTTPS Traffic
- When serving the HTTPS Traffic we need to add the SSL Certifcates for proper encrypted communication.
Layer 7
-Application Layer
(ALB Operates at this level)
- Users can access thius layer; Can understand HTTP, HTTPS, PATH, Host Based RoutingsLayer 6
-Presentetion Layer
- Gives out the format in whihc the data can be represented eg zip, JPEG.Layer 5
-Session Layer
- Gives Sessions Created or Not and Valid Sessions or Not ?Layer 4
-Transport Layer
(NLB Operates as this Level)
- Takes care for managing the Packet using theTCP
orUDP
Layer 3
-Network Layer
- Finds Shortest Route to Transmit Data.Layer 2
-Data Link Layer
- Converts Data to FramesLayer 1
-Physical Layer
- Converst Frames to Bits and Transmission Wires
- They are nothing but the set of Instances clubbed together.
- Tagret Groups are used to perform
HealthChecks
on the Instances. - Based on some
Rules
the routes the traffic toTarget Groups
-
These are some of the most famous Algorithms used in the Load Balancers
-
Round Robin
-
Weighted
-
Sticky Sessions
=> When the request is routed form the EC2 instance and another request comes from the same user then the request is routed to the same EC2 Instance.[Preffered for Stateful Applications]
- DNS porvides mapping of the URL to the corresponding IP Address.
- Stopping the Ec2 instances will change the IP Addresses; but it will not be removed from the AWS Console
- Terminating the AWS Resources will delete the instance from the AWS Console also.
- YES, Attach Instance => Select Instance
Cloud Watch
=> used for monitoring and logging analysis purpose of the application;Cloud Trails
=> USed for the auditing the services and the Users for the Compliance Purpose; Trails allow to capture activity and deliver to cold storage.
Reserved Instances
they are used or the longterm purpose (1 to 3 Years); so they are provided at a discount; payment method can be all upfront, patial upfront or no upfront at all.On Demand Instances
they are used for shoreter interval of time; No Long Term Commitment; PAY AS YOU USE;
- Types are
Vertical
andHorizontal
Scaling - Vertical => When the Workload is moderate; there is predicatbility in workload pattern; requires modest performance then we can go for the vertical scaling (Increase the CPU and Memory)
- Horizontal => When the Worload are extereme; no predicatbility in the workload pattern; requires Concurrencyto achieve HA, Fault Tolerance and scalability use Horizontal Scaling (Increase the count of replicas)
- Maintainance window in RDS can be due to the S/W patching, Hardware Upgradation, Engine Upgrades other routine checks for the Hardware and health and relaibility.
- We can acess the RDS instances during the maintainance window if and only if they are Fault Tolerant i.e. they are replicated in the various Avalability Zones.
-
Classic LB(Deprecated)
-
Application Load Balancer (Widely used in MicroService Applications)
-
Network Load Balancers (Widely usd for the High Throughput Applications such as Gaming Applications)
-
Gatway Load Balancers (Used for Migrationg Onpremise to the AWS Cloud)
-
ALB
=> Operates at Layer 7 of OSI (Application Layer); Supports HTTP and HTTPS Traffic; USed for MS applications; It understandsPaths
andHost Headers
. -
NLB
=> Operates at Layer 4 of OSI (Transport layer); Supports the TCP and UDP Connections; Supports the High latecy applications such as Gaming Applications.
- Add the CIDR Range (To get the PRivate IP Ranges)
- Create
Subnets
with thePrivate
and thePublic
Subnet. - The Applications are put under the
Private Subnets
and they are connected to theNAT gateway
inturn connects to theInternet Gateway
; For Applications requring the Internet Connction. - The
LoadBalancers
,NAT Gateway
,Internet Gateway
and theJumpServers(Bastion Host)
they are put onto thePublic Subnets
- Setup the
NACLs
for securing the Access toSubnet Level
also adding theSecurity Group
for securing the Access to theInstance
. - Enable the monitoring => Enable the
VPC Flow Logs
and monirtor it using theCloudwatch
.
In the case of the AWS Pipeline how can we secure the API KEYS and the Secrets , other credentails ?
- In AWS CICD PIpeline we can use the
CodeBuild
,Codepipeline
,CodeCommit
. - TO secure the credential of the pipeline we can use the
AWS KMS
orAWS Secret manager
orAWS Parameter Store
. - These services can also be used to
Rotate the secrets
and give access to CICD Services. - Further we can enable the
CloudTrail
for auditing the user's interaction with the server.
AWS IAM
,AWS CloudFront
,AWS Route53
- When we want to run some servers(Web servers , db servers) then we can make use of the
EC2 instance.
- We want to run some process fro a very short amount of time consuming less resources and without managing the servers
Lambda
are event driven; short lived with automatic scaling.
Cloud Fromation has an error in template that you have committed; what could happen as tghe result of error; how would you correct it?
- If we have commited it but it has caused errors so it will not create the Infrastructure ; and will not run.
Stacks in AWS ~ Infrastruture Code in Terraform
Stacks can be managed as a Single unit
Template in Cloud Formation is same as Template Written in the `YAML or JSON`
- Disable the
Auto-assign Public IP:
I have an on prem data center and want private connectivity between AWS network to on premise Datacenter. How to configure it and which services
- It can use the
AWS Services
likeAWS Direct Connect
andAWS VPN
AWS Direct Connect
=> It establishes a Private Connection;NOT on the Internet Connections
.AWS VPN
=> It establishes a Private Connection;On the Internet Connections
.
-
SO what we need here to do is that
-
- Expand the
Subnet Size
: This might involve adjusting the CIDR (Classless Inter-Domain Routing) block associated with the subnet.
- Expand the
-
- Add
Additional Subnets
: If expanding the existing subnet is not feasible or if you need to segregate resources, create additional subnets within the VPC.
- Add
-
- Implement
Elastic IP Addresses
:Instead of statically assigning IPs from the subnet pool. EIPs can be associated and disassociated from instances as needed, allowing for more efficient IP address utilization.
- Implement
-
- Maybe consider using
IPV6
: If IPv6 is an option for your infrastructure, consider implementing it to significantly expand the available IP address space.
- Maybe consider using
- The purpose of a Virtual Private Cloud (VPC)'s route tables is to control the routing of network traffic within the VPC. Route tables determine where network traffic is directed based on its destination IP address. They essentially act as a set of rules that guide the traffic flow within the VPC.
What is a Virtual Private Network (VPN) connection in the context of AWS VPC? How does it differ from Direct Connect?
-
AWS VPC allows you to connect the
On Premise DataCenters
toAWS VPC
; It establishes an encrypted tunnel between your network and the VPC, allowing secure communication between resources in your VPC and your on-premises infrastructure. -
AWS VPN allows you to create a private connection;
with Internet Connection
. -
AWS Direct Connection you to create a private connection;
without Internet Connection
VPC FLOW LOGS
: They are IP traffic going to and from network interfaces in your VPC.- It can be better used with the monitoring tools such as
AWS Cloud Watch
and further interact with theAWS CloudTrail
- Prepare the target VPC with necessary resources.
- Prepare the EC2 instance for migration.
- Create an AMI of the EC2 instance.
- Copy the AMI to the target region if needed.
- Launch a new instance in the target VPC using the AMI.
- Update DNS records and application configurations if applicable.
- Test and validate the new instance's functionality.
- Monitor the new instance and decommission the source instance once migration is successful.
- Use
AWS Systems manager
==>Session Manager
: Session manager actually uses the IAM Permissions for conecting to EC2 insatnce. - Use
EC2 Snapshot Instance
==> If we have the EC2 snapshot instance of theRoot Rolume
; then create anew volume
from this and attach it to the new instance.
Feature | EBS (Elastic Block Store) | S3 (Simple Storage Service) | EFS (Elastic File System) |
---|---|---|---|
Storage Type | Block-level storage volumes | Object storage | File storage |
Protocol | N/A | N/A | NFS (Network File System) |
Accessibility | Attached to single EC2 instance at a time | Accessible via unique URLs | Accessible by multiple EC2 instances concurrently |
Durability | Replicated within an Availability Zone | Highly durable across multiple Availability Zones | Highly durable across multiple Availability Zones |
Scalability | Scales with instance type, can be manually resized | Infinitely scalable | Automatically scales based on demand |
Use Cases | Database storage, boot volumes, file systems | Static website hosting, data archiving, content distribution | Content management systems, development environments, analytics workloads |
Backup/Recovery | Snapshots | Versioning and Cross-Region Replication | Automated backups and point-in-time recovery |
Performance | Low-latency access, provisioned IOPS available | Designed for low-latency access at scale | Burstable performance with automatic scaling |
Pricing Model | Pay for provisioned storage, provisioned IOPS, and snapshots | Pay for storage used, requests, and data transfer | Pay for storage used |
Access Management | IAM roles and policies | Bucket policies and IAM policies | POSIX permissions and IAM policies |
You want to store temporary data on an EC2 instance. Which storage option is ideal for this purpose?
- The default storage for the EC2 instance is
EBS
- If we want to have the temporary usage then we can take care of it using the
instance local storage
typically provided byinstance store volumes.
; they are ephemeral storage directly attached to EC2 instance; didnt get persisted beyond the lifetime of the instance.
- Can enable the
AutoScaling Feature
in AWS for AWS RDS. - Further we can make the unused / unnsesasary data cleanup (old logs, temporary tables, or outdated records) it would free up more data in RDS
Manually increase the allocated storage
; do this through AWS Console , CLI or SDK.- Take a snapshot of your RDS instance and restore it to a new instance with
larger storage capacity.
import boto3
import datetime
def lambda_handler(event, context):
# Initialize AWS SDK clients
rds_client = boto3.client('rds')
ec2_client = boto3.client('ec2')
# Define the list of RDS instances and EC2 instances to backup
rds_instances = ['your-rds-instance-id']
ec2_instances = ['your-ec2-instance-id']
# Create RDS snapshots
for instance_id in rds_instances:
try:
snapshot_id = 'rds-snapshot-' + instance_id + '-' + datetime.datetime.now().strftime('%Y-%m-%d-%H-%M-%S')
rds_client.create_db_snapshot(DBSnapshotIdentifier=snapshot_id, DBInstanceIdentifier=instance_id)
print(f"Snapshot created for RDS instance {instance_id}: {snapshot_id}")
except Exception as e:
print(f"Error creating snapshot for RDS instance {instance_id}: {str(e)}")
# Create EBS snapshots
for instance_id in ec2_instances:
try:
volumes = ec2_client.describe_volumes(Filters=[{'Name': 'attachment.instance-id', 'Values': [instance_id]}])['Volumes']
for volume in volumes:
snapshot_id = 'ebs-snapshot-' + volume['VolumeId'] + '-' + datetime.datetime.now().strftime('%Y-%m-%d-%H-%M-%S')
ec2_client.create_snapshot(VolumeId=volume['VolumeId'], Description=snapshot_id)
print(f"Snapshot created for EBS volume {volume['VolumeId']}: {snapshot_id}")
except Exception as e:
print(f"Error creating snapshot for EC2 instance {instance_id}: {str(e)}")
return {
'statusCode': 200,
'body': 'Backup process completed successfully.'
}
- It is the network connection between the two VPC's it acts as the private Connection and VPCs can connect to each other as if they are part of the Same Network in the Same Region.
- VPC peering enables you to
connect VPCs belonging to the same AWS account or different AWS accounts
,as long as they are in the same region
- Overall, the aim of VPC peering is to enable
secure
andefficient
communication between resources in different VPCs within thesame AWS region
, thereby facilitating the building of complex, multi-tiered architectures and enabling collaboration between different applications and environments.