AWS

Posted by

Security group in ec2 instance is network firewall and not OS firewall

storage for running VM

to connect window port no 3389 nd RDP

connect via public ip address if wnat to connect from outside and also public ip address connect private ip address further for connection

Types of Storage

Amazon S3 (Simple Storage Service): Scalable object storage for storing and retrieving any amount of data at any time.

Amazon EBS (Elastic Block Store): Block storage for use with EC2 instances, offering persistent storage with high performance.

Amazon EFS (Elastic File System): Scalable file storage for use with EC2 instances, providing a simple, scalable, and fully managed NFS file system.

AWS Tutorial: How to Attach and Mount an EBS volume to EC2 Linux Instance?

Step 1 – Create a Volume

Step 2 – Attach a Volume to EC2 Instance

Step 3 – Verify if Volume is attached or not

Verify if Volume is attached or not by running linux command in Ec2-instance

$ lsblk

Step 4 – Check if the volume has any data using the following command.

If the above command output shows “/dev/xvdf: data“, it means your volume is empty.

$ sudo file -s /dev/xvdf

Step 5: Format the volume to the ext4 filesystem using the following command.

Alternatively, you can also use the xfs format. You have to use either ext4 or xfs.

$ sudo mkfs -t ext4 /dev/xvdf
$ sudo mkfs -t xfs /dev/xvdf

Step 6: Create a directory of your choice to mount our new ext4 volume. I am using the name “newvolume“. You can name it something meaningful to you.

$ sudo mkdir /newvolume

Step 7: Mount the volume to “newvolume” directory using the following command.

$ sudo mount /dev/xvdf /newvolume/

Step 8: cd into newvolume directory and check the disk space to validate the volume mount.

$ cd /newvolume
$ df -h .

The above command should show the free space in the newvolume directory.
To unmount the volume, use the unmount command as shown below..
umount /dev/xvdf

Attaching and mounting an S3 volume to an EC2

Attaching and mounting an S3 volume to an EC2 Linux instance involves creating an S3 bucket, installing necessary tools, and using s3fs to mount the S3 bucket as a filesystem

https://www.cloudopsnow.in/attaching-and-mounting-an-s3-volume-to-an-ec2-linux-instance/

Step 1: Create an S3 Bucket

Step 2: Launch an EC2 Instance

Step 3: Connect to Your EC2 Instance

Step 4: Install s3fs

sudo apt-get update -y
sudo apt-get install -y s3fs

Step 5: Configure s3fs

echo "ACCESS_KEY_ID:SECRET_ACCESS_KEY" > ~/.passwd-s3fs
chmod 600 ~/.passwd-s3fs

Step 6: Mount the S3 Bucket

mkdir ~/s3bucket

Mount the S3 bucket using s3fs.

s3fs your-bucket-name ~/s3bucket -o passwd_file=~/.passwd-s3fs

Step 7: Verify the Mount

ls ~/s3bucket

Q1. What is the difference between Network firewall & OS level firewall?

Network firewall protects entire networks, while OS level firewall protects individual devices.

Q2. What are the types of private key?

Types include RSA, DSA, Elliptic Curve, and EdDSA private keys.

Q3. What is the difference between public and private IP?

Public IPs are accessible over the internet, private IPs are used within local networks.

Q4. What is Region and Availability Zone?

Regions are geographical areas with multiple data centers, availability zones are distinct data centers within a region.

Q5. What are the types of Storage and use case of it?

Types include block storage (databases), file storage (shared files), object storage (unstructured data), and cold storage (archives).

Q6. What is Policy and Permission in IAM?

Policies are rules that define permissions, permissions control access to resources.

Q7. Write down an understanding of the concept of network, subnet, network firewall, internet gateway, route table.

A network is a collection of connected devices; a subnet is a segmented part of a network; a network firewall secures network traffic; an internet gateway connects a network to the internet; a route table directs network traffic.

Q8. Explain the top 5 DNS records and their use cases in DNS server.

A (maps domain to IP), CNAME (alias for domains), MX (mail exchange servers), TXT (text information), and NS (name servers) are commonly used DNS records.

VPC(virtual private cloud)

internate gateway – (provide internet to VPC) –>go to route table (it rules , say what types of service needed accordingly transfer to–>load balancer ->transfer request to available EC2 instance –> EC2 will internal send request to another route table –>send request to app server and app server talk to database server.

Private network doesnot have internet

route table is rule

nat gateway – to connect private network i.e connecting database (only from nat gateway can talk to database)

AWS Networking Components

VPC Network

  • Description: A Virtual Private Cloud (VPC) is an isolated network within the AWS cloud. It allows you to launch AWS resources into a virtual network that you have defined. VPCs offer control over your virtual networking environment, including selection of your IP address range, creation of subnets, and configuration of route tables and network gateways.

Subnet

  • Description: A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a specified subnet. A VPC can have multiple subnets, which can be either public (accessible from the internet) or private (not directly accessible from the internet). Subnets help to partition the VPC into smaller, more manageable segments.

Route Table

  • Description: A route table contains a set of rules, called routes, that are used to determine where network traffic is directed. Each subnet must be associated with a route table, which controls the routing for the subnet. You can have multiple route tables in a VPC.

Internet Gateway

  • Description: An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It serves as a target in your VPC route tables for internet-routable traffic.

NAT Gateway

  • Description: A Network Address Translation (NAT) gateway enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating connections with those instances. NAT gateways are used to provide internet access to private subnets without exposing them to direct inbound internet traffic.

Other Networking Components

Auto Scaling Group (ASG)

  • Description: An Auto Scaling Group (ASG) is a collection of Amazon EC2 instances treated as a logical grouping for the purposes of automatic scaling and management. ASGs ensure that you have the desired number of instances available to handle the load for your application.

Load Balancer (LB)

  • Description: A Load Balancer (LB) automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers, and IP addresses. This helps to ensure high availability and fault tolerance for your applications.

Security Groups (SG)

  • Description: Security groups act as virtual firewalls for your instances to control inbound and outbound traffic. They work at the instance level and are stateful, meaning that return traffic is automatically allowed, regardless of any rules.
  • VPC Network: An isolated network within AWS, allowing resource launches in a defined virtual network.
  • Subnet: A segment within a VPC, dividing the IP address range for organizing resources.
  • Route Table: Contains rules to determine where network traffic is directed within the VPC.
  • Internet Gateway: Allows communication between VPC instances and the internet.
  • NAT Gateway: Enables private subnet instances to access the internet while preventing inbound traffic from the internet.
  • Auto Scaling Group (ASG): Manages a group of EC2 instances to automatically scale based on load.
  • Load Balancer (LB): Distributes incoming traffic across multiple targets for high availability.
  • Security Groups (SG): Acts as a virtual firewall controlling inbound and outbound traffic at the instance level.
  • Application Load Balancer (ALB): Distributes HTTP and HTTPS traffic, providing advanced routing and flexible application management.
  • Network Load Balancer (NLB): Distributes TCP, UDP, and TLS traffic, offering high performance and low latency for handling millions of requests per second.
  • Gateway Load Balancer (GWLB): Manages third-party virtual appliances for security and network monitoring, supporting scalable and efficient deployment.
  • SQS (Simple Queue Service): A fully managed message queuing service that allows decoupling and scaling of microservices, distributed systems, and serverless applications.
  • SNS (Simple Notification Service): A fully managed pub/sub messaging service that enables you to decouple and scale microservices, distributed systems, and serverless applications by sending messages to multiple subscribers.
  • SES (Simple Email Service): A cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails.

Route 53: A scalable and highly available Domain Name System (DNS) web service designed to route end-user requests to internet applications, translating human-readable domain names into IP addresses.

Commonly used AWS services:

1. Amazon EC2 (Elastic Compute Cloud)

  • Description: Provides resizable compute capacity in the cloud. It allows users to rent virtual servers, called instances, to run applications and workloads.
  • Use Cases: Hosting web servers, databases, and other applications requiring compute power.
  • Example: Launching an instance to host a web application.

2. Amazon S3 (Simple Storage Service)

  • Description: An object storage service that offers scalability, data availability, security, and performance.
  • Use Cases: Backup and restore, archival, data lakes, and serving static content.
  • Example: Storing images, videos, and other large files for a website.

3. Amazon RDS (Relational Database Service)

  • Description: A managed relational database service that supports several database engines, including MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server.
  • Use Cases: Hosting relational databases without managing the underlying infrastructure.
  • Example: Running a MySQL database for a web application.

4. AWS Lambda

  • Description: A serverless compute service that runs code in response to events and automatically manages the compute resources.
  • Use Cases: Running backend processes, data processing, real-time file processing.
  • Example: Executing code in response to changes in an S3 bucket or updates in a DynamoDB table.

5. Amazon DynamoDB

  • Description: A fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale.
  • Use Cases: Managing sessions, storing user profiles, IoT applications.
  • Example: Storing and retrieving user data for a mobile app.

6. Amazon VPC (Virtual Private Cloud)

  • Description: Allows users to provision a logically isolated section of the AWS cloud where they can launch AWS resources in a virtual network.
  • Use Cases: Hosting web applications with enhanced security, creating hybrid cloud architectures.
  • Example: Creating a secure environment for running sensitive workloads.

7. Amazon CloudFront

  • Description: A fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds.
  • Use Cases: Distributing static and dynamic web content, streaming video.
  • Example: Accelerating the delivery of a website’s static assets like images and stylesheets.

8. Amazon SNS (Simple Notification Service)

  • Description: A fully managed pub/sub messaging service that enables message delivery to multiple subscribers.
  • Use Cases: Sending notifications, triggering Lambda functions, mobile push notifications.
  • Example: Sending notifications to users when an event occurs in an application.

9. Amazon SQS (Simple Queue Service)

  • Description: A fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
  • Use Cases: Decoupling components of a distributed application, buffering tasks.
  • Example: Queueing messages that are processed by backend servers.

10. AWS IAM (Identity and Access Management)

  • Description: Enables you to manage access to AWS services and resources securely. You can create and manage AWS users and groups and use permissions to allow or deny their access to AWS resources.
  • Use Cases: Managing user access, creating roles for services.
  • Example: Granting different levels of access to different users in an organization.

Examples and Use Cases

  1. Amazon EC2:
    • Scenario: Hosting a web application.
    • Steps:
      • Launch an EC2 instance.
      • Install a web server like Apache or Nginx.
      • Deploy the web application code.
  2. Amazon S3:
    • Scenario: Storing static files for a website.
    • Steps:
      • Create an S3 bucket.
      • Upload files to the bucket.
      • Configure bucket policies to allow public access.
  3. Amazon RDS:
    • Scenario: Running a MySQL database.
    • Steps:
      • Create an RDS instance with MySQL.
      • Configure database settings and security groups.
      • Connect the application to the RDS instance.
  4. AWS Lambda:
    • Scenario: Processing image uploads.
    • Steps:
      • Write a Lambda function to process images.
      • Trigger the Lambda function on S3 bucket events.
      • Deploy the Lambda function.
  5. Amazon DynamoDB:
    • Scenario: Storing user profile data.
    • Steps:
      • Create a DynamoDB table.
      • Configure the table schema and indexes.
      • Use AWS SDK to interact with the table from your application.
  6. Amazon VPC:
    • Scenario: Setting up a secure environment.
    • Steps:
      • Create a VPC.
      • Configure subnets, route tables, and security groups.
      • Launch resources within the VPC.
  7. Amazon CloudFront:
    • Scenario: Accelerating website content delivery.
    • Steps:
      • Create a CloudFront distribution.
      • Configure the origin to point to your S3 bucket or web server.
      • Update DNS settings to use the CloudFront distribution.
  8. Amazon SNS:
    • Scenario: Sending order confirmation notifications.
    • Steps:
      • Create an SNS topic.
      • Subscribe endpoints (e.g., email, SMS) to the topic.
      • Publish messages to the topic from your application.
  9. Amazon SQS:
    • Scenario: Decoupling order processing.
    • Steps:
      • Create an SQS queue.
      • Send messages to the queue from the front-end.
      • Process messages from the queue with a backend service.
  10. AWS IAM:
    • Scenario: Managing access for a development team.
    • Steps:
      • Create IAM users and groups.
      • Define and attach policies to groups.
      • Assign users to appropriate groups based on their roles.
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x