{"id":21722776,"url":"https://github.com/vishwac09/aws-cloud-practitioner","last_synced_at":"2025-06-15T15:33:08.781Z","repository":{"id":195938214,"uuid":"556234605","full_name":"vishwac09/aws-cloud-practitioner","owner":"vishwac09","description":"Notes for the AWS Cloud Practitioner Exam","archived":false,"fork":false,"pushed_at":"2022-11-09T06:46:27.000Z","size":2340,"stargazers_count":6,"open_issues_count":0,"forks_count":5,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-12T21:53:07.545Z","etag":null,"topics":["aws","aws-cloud","cloud-practitioner","ec2"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vishwac09.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-23T11:36:29.000Z","updated_at":"2024-06-05T16:37:41.000Z","dependencies_parsed_at":"2023-12-14T15:15:10.824Z","dependency_job_id":null,"html_url":"https://github.com/vishwac09/aws-cloud-practitioner","commit_stats":null,"previous_names":["vishwac09/aws-cloud-practitioner"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/vishwac09/aws-cloud-practitioner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vishwac09%2Faws-cloud-practitioner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vishwac09%2Faws-cloud-practitioner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vishwac09%2Faws-cloud-practitioner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vishwac09%2Faws-cloud-practitioner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vishwac09","download_url":"https://codeload.github.com/vishwac09/aws-cloud-practitioner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vishwac09%2Faws-cloud-practitioner/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259997741,"owners_count":22943670,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-cloud","cloud-practitioner","ec2"],"created_at":"2024-11-26T02:32:53.820Z","updated_at":"2025-06-15T15:33:08.734Z","avatar_url":"https://github.com/vishwac09.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch4\u003eNotes for Exam\u003c/h4\u003e\n\n\u003ch5\u003eIndex\u003c/h5\u003e\n\u003col\u003e\n \u003cli\u003e\n \u003ca href=\"#cloud-computing\"\u003e\u003cins\u003eCloud Computing\u003c/ins\u003e\u003c/a\u003e\u003c/ins\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#iam---identity-and-access-management\"\u003e\u003cins\u003eIAM - Identity and Access management\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#ec2---elastic-compute-cloud-iaas\"\u003e\u003cins\u003eEC2 - Elastic Compute Cloud\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#ec2-instance-storage\"\u003e\u003cins\u003eEC2 Instance Storage\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#elastic-load-balancing--auto-scaling-groups\"\u003e\u003cins\u003eElastic load Balancing \u0026 Auto Scaling groups\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#s3---simple-storage-service\"\u003e\u003cins\u003eS3 - Simple Storage Service\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#databases--analytics\"\u003e\u003cins\u003eDatabase \u0026 Analytics\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#compute-services---ecs-lambda-batch-lightsail\"\u003e\u003cins\u003eCompute Services - ECS, Lambda, Batch, LightSail\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#deployments--managing-infrastructure-at-scale\"\u003e\u003cins\u003eDeployments \u0026 Managing Infrastructure at Scale\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#leveraging-the-aws-global-infrastructure\"\u003e\u003cins\u003eLeveraging the AWS global Infrastructure\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#cloud-integrations\"\u003e\u003cins\u003eCloud Integrations\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#cloud-monitoring\"\u003e\u003cins\u003eCloud Monitoring\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#vpc--networking\"\u003e\u003cins\u003eVPC \u0026 Networking\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#machine-learning\"\u003e\u003cins\u003eMachine Learning\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#other-services\"\u003e\u003cins\u003eOther Services\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#\"\u003e\u003cins\u003eAWS Architecting \u0026 Ecosystem (T.B.C)\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#\"\u003e\u003cins\u003eSecurity \u0026 Compliance (T.B.C)\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003ca href=\"#\"\u003e\u003cins\u003eAccount Management, Billing \u0026 Support (T.B.C)\u003c/ins\u003e\u003c/a\u003e\n \u003c/li\u003e\n\u003c/ol\u003e\n\n---\n\u003cdiv\u003e\n \u003cstrong\u003eWays to access the AWS Cloud\u003c/strong\u003e\n \u003col\u003e\n \u003cli\u003eManagement Console (UI).\u003c/li\u003e\n \u003cli\u003eAWS SDK - allow your code to access AWS resources.\u003c/li\u003e\n \u003cli\u003eAWS CLI - command line iterface tool.\u003c/li\u003e\n \u003c/ol\u003e\n\u003c/div\u003e\n\n---\n\n\u003ch2\u003eCloud Computing\u003c/h2\u003e\n\n\u003cstrong\u003eWhat is Cloud computing ? \u003c/strong\u003e\n\u003cp\u003e\n It is the on-demand delivery of IT Resources over the internet with pay-as-you-go-pricing. Instead of maintaining physical servers or data centers, you can leverage services such as storage, computing power, network, security and databases from any cloud provider as per the need.\n\u003c/p\u003e\n\u003cstrong\u003eDeployment Models of Cloud\u003c/strong\u003e\n\u003cul\u003e\n \u003cli\u003ePrivate Cloud e.g. (Rackspace, Digital Ocean, Go Daddy)\u003c/li\u003e\n \u003cli\u003ePublic Cloud e.g. (AWS, Azure, GCP, Oracle)\u003c/li\u003e\n \u003cli\u003eHybrid Cloud e.g. (AWS + Private Infra)\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\n \u003cstrong\u003eCharacteristics of Cloud Computing ?\u003c/strong\u003e\n \u003csub\u003e\u003ca href=\"https://www.jigsawacademy.com/blogs/cloud-computing/characteristics-of-cloud-computing/\"\u003einfo\u003c/a\u003e\u003c/sub\u003e\n\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003e\u003cins\u003eOn-demand self service\u003c/ins\u003e: Anyone can provision resource and use them without human interaction from the service provider.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eBroad network access\u003c/ins\u003e: Can be accessed by diverse client platforms.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eResource pooling\u003c/ins\u003e: Cloud Provider will share all the physical resources (servers, storage, network etc) among multiple clients, Multi-tenant architecture.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eRapid elasticity and scalability\u003c/ins\u003e : Scale based on demand, dispose resources when not needed.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eMeasured Service\u003c/ins\u003e: Pay for what you use.\u003c/li\u003e\n\u003c/ul\u003e \n\n\u003cp\u003e\n \u003cstrong\u003eSix Advantages of cloud computing ? \u003c/strong\u003e \u003csub\u003e\u003ca href=\"https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html\"\u003einfo\u003c/a\u003e\u003c/sub\u003e\n\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003e\u003cins\u003eTrade Capital Expense (CAPEX) for Variable expense\u003c/ins\u003e : Pay on-demand don't own any hardware which reduces the total cost of ownership. No need to maintain a seperate team to handle the infrastructure.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eBenefit from massive economies of scale\u003c/ins\u003e : If there are more number of customers which are using the AWS cloud, then lesser the price of using these services.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eStop guessing capacity\u003c/ins\u003e : Scale up/down based on the demand.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eIncrease speed and agility\u003c/ins\u003e : Add or Remove any new services anytime.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eStop spending money running and maintaining data centers\u003c/ins\u003e : Leverage the power of the cloud.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eGo global in minutes\u003c/ins\u003e : Easily deploy application in multiple regions around the world.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003e\n \u003cstrong\u003eTypes of Cloud Computing\u003c/strong\u003e \u003csub\u003e\u003ca href=\"https://docs.aws.amazon.com/whitepapers/latest/aws-overview/types-of-cloud-computing.html\" \u003einfo\u003c/a\u003e\u003c/sub\u003e\n\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003e\u003cins\u003eInfrastructure as a Service (IaaS)\u003c/ins\u003e : As an end user you need to maintain and configure the servers data storage, capcity, networking, db storage and connectivity, assess and security concerns of the resources.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003ePlatform as a Service (PaaS)\u003c/ins\u003e : As an end user you only need to manage application and its deployment. Underlying hardware, OS and its patches will be taken care by the Provider.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eSoftware as a Service (SaaS)\u003c/ins\u003e : As and end user your focus should be only on using the application. How it is built, is it scalable ? is not our concern.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" alt=\"Types of cloud computing\" src=\"assets/types-cloud-computing.jpg\" /\u003e\n \u003cp align=\"center\"\u003eCloud computing types responsibilities\u003c/p\u003e\n\u003c/p\u003e\n\n\u003cp\u003e\n \u003cstrong\u003ePricing of the Cloud \u003c/strong\u003e \u003ca href=\"https://aws.amazon.com/pricing/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cins\u003eCompute\u003c/ins\u003e : Pay for the compute time.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eStorage\u003c/ins\u003e : Pay for the data stored in the cloud.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eData transfer OUT of the cloud\u003c/ins\u003e : Data transfer in is free.\u003c/li\u003e\n\u003c/ul\u003e\n\n---\n\n\u003ch2\u003eIAM - Identity and Access management\u003c/h2\u003e\n\u003cstrong\u003eWhat is IAM ?\u003c/strong\u003e\n\u003cp\u003e\n AWS Identity and Access Management (IAM) provides fine-grained access control across all of AWS resources. With, IAM you can create users, groups and \n assign permissions to them.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" alt=\"IAM users and groups\" src=\"assets/iam-user-groups.jpg\" /\u003e\n \u003cp align=\"center\"\u003eIAM Users and Groups\u003c/p\u003e\n\u003c/p\u003e\n\n\u003cstrong\u003eIAM Identities\u003c/strong\u003e \u003ca href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n\n\u003cp\u003e\n IAM identity provides access to an AWS account. Each IAM identity can be associated with one or more policies. Different types of identities under IAM:\n\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003e\u003cins\u003eUsers\u003c/ins\u003e: Members/Employees of the organization with pre-defined privileges and having an account in the AWS cloud. ROOT user is the one who registered the account, rest are called as the IAM users invited or added by the ROOT.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eGroups\u003c/ins\u003e: Consists of only users added to it. A user can be a part of one or more group. Group cannot be added to another group.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003ePermissions\u003c/ins\u003e: Defines what privileges a user can have, in short which AWS resource an individual or a service can access or work with e.g. S3, EC2, Lambda, EBS etc\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eRole\u003c/ins\u003e: A Role is a logical entity inside AWS, which can be assigned to any user/service. Roles have policies/permissions assigned to it and should be undertaken by any service/user who needs it.\n \u003cdiv\u003e\n \u003cins\u003eScenarios when you need to create roles\u003c/ins\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cins\u003eLambda Role\u003c/ins\u003e : Lambda needs to access the S3 bucket to store or retrieve some files.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eEC2 Role\u003c/ins\u003e : EC2 services needs to access the S3 bucket to store or retrieve some files.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eSQS Role\u003c/ins\u003e : SQS services needs to send objects to lambda for further processing.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/div\u003e\n \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cstrong\u003eAccess Management - IAM Policy structure\u003c/strong\u003e \u003ca href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n\n\u003cp\u003e\n Policies are JSON documents that are associated with a group, role or user. Policies define the types of permissions that a user can have. You should only assign the permissions that are required by the users.\n\u003c/p\u003e\n\u003cp\u003e\n In the policy Version, ID, and a Statement are included. Because a statement is a list, it must contain at least one statement in order to be considered a valid policy. It manages the permissions required by the user or a service for various AWS resources.\n\u003c/p\u003e\n\n\u003cp\u003eExample policy allowing all resources to access the S3 getObject service in AWS.\u003c/p\u003e\n\n\u003cpre style=\"color:#FFF;background-color:#464646;\"\u003e\n {\n \"Id\": \"CustomS3ObjectAccessPolicy2072022\",\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"StmtForCustomS3ObjectAccessPolicy2072022\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": [\n \"s3:getObject\"\n ],\n \"Resource\": \"arn:aws:s3:::demo-learning-web-bucket/*\"\n }\n ]\n }\n\u003c/pre\u003e\n\n\u003cul\u003e\n \u003cli\u003e\u003cins\u003eId\u003c/ins\u003e: the identifier of the policy. AWS recommended to use UUID for uniqueness.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eVersion\u003c/ins\u003e: Specifies which syntax rules to be followed for the policy structure. Latest version is the \"2012-10-17\" older was \"2008-10-17\". Policy variables is introduced in the latest version.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eStatement\u003c/ins\u003e: contain a single statement or an array of individual statements. \u003c/li\u003e\n \u003cli\u003e\u003cins\u003eSid\u003c/ins\u003e: unique identifier for the statement.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eEffect\u003c/ins\u003e: possible values Allow/Deny.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003ePrincipal\u003c/ins\u003e: Who need to access, ARN of the user or the Service. Can specify a single value or a list.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eAction\u003c/ins\u003e: Possible actions that must be allowed to that resource. Inthe above example you are only allowing the getObject action from S3.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eResource\u003c/ins\u003e: Limit to individual resources created under a Service. In the above example you are allowing access to a single bucket \"demo-learning-web-bucket\" created under the AWS S3 service.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch4\u003eAdvanced\u003c/h4\u003e\n\u003col\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS Cloudshell\u003c/strong\u003e: This service is available only in few regions. It provides with an in browser terminal to interact with the AWS account and its services, alternative of using AWS-CLI.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eIAM Security Tool\u003c/strong\u003e\n \u003cdiv\u003e\n \u003col\u003e\n \u003cli\u003e\u003cins\u003eIAM Credential Report\u003c/ins\u003e : lists all users in the account and status of their credntials such as access keys, mfa status, password, last login etc\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eIAM Access Advisor\u003c/ins\u003e : Shows permission granted to the user and when those services were last accessed.\u003c/li\u003e\n \u003c/ol\u003e\n \u003c/div\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eS.T.S Security Token Service\u003c/strong\u003e: AWS provides AWS Security Token Service (AWS STS) as a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users you authenticate (federated users).\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eCognito\u003c/strong\u003e: Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eDirectory Service\u003c/strong\u003e: AWS Directory Service provides multiple ways to use Microsoft Active Directory (AD) with other AWS services. Directories store information about users, groups, and devices, and administrators use them to manage access to information and resources. AWS Directory Service provides multiple directory choices for customers who want to use existing Microsoft AD or Lightweight Directory Access Protocol (LDAP)–aware applications in the cloud. It also offers those same choices to developers who need a directory to manage users, groups, devices, and access.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS Identity Center\u003c/strong\u003e: AWS IAM Identity Center (successor to AWS Single Sign-On) helps you securely create or connect your workforce identities and manage their access centrally across AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization on AWS for organizations of any size and type. \n \u003c/li\u003e\n\u003c/ol\u003e\n\n---\n\n\u003ch2\u003eEC2 - Elastic Compute Cloud (IaaS)\u003c/h2\u003e\n\n\u003cp\u003e\n Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. It eliminates the need to invest in hardware up front, so you can develop and deploy applications faster. Amazon EC2 enables you to scale up or down; handle changes in requirements or spikes in popularity, reducing the need to forecast traffic.\n\u003c/p\u003e\n\n\u003cstrong\u003eInstance Start-up\u003c/strong\u003e\n\n\u003cp\u003eEC2 service allows user to select below configuration when starting up a new EC2 instance.\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003eOperting system : Window, Linux, Mac OS\u003c/li\u003e\n \u003cli\u003eCompute Power \u0026 CPU cores\u003c/li\u003e\n \u003cli\u003eSystem memory or RAM\u003c/li\u003e\n \u003cli\u003eStorage Space in G.B.\u003c/li\u003e\n \u003cli\u003eStatic IP addresses assigned to the machine\u003c/li\u003e\n \u003cli\u003eSecurity groups or the ports to allow and disallow the traffic\u003c/li\u003e\n \u003cli\u003eEC2 user data - set up shell script commands to install or update any package when creating a new virtual machine, the script is only executed once. Can be used to setup a lamp stack, git tools, os updates etc\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cstrong\u003eEC2 instance type\u003c/strong\u003e \u003ca href=\"https://aws.amazon.com/ec2/instance-types/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n\n\u003col\u003e\n \u003cli\u003e\u003cins\u003eGeneral Purpose\u003c/ins\u003e: General purpose instances provide a balance of compute, memory and networking resources, good to use as application web servers.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eCompute Optimised\u003c/ins\u003e: Applications which require high processing power. e.g. batch processing, machine learning etc\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eMemory Optimised\u003c/ins\u003e: Applications that process large data sets in memory. e.g. redis cache, non relation database, solr search cache etc This storage is best suitable for temporary storage data which be recreated anytime if there is a loss.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eAccelerated Computing\u003c/ins\u003e: Accelerated computing instances use hardware accelerators, or co-processors, to perform functions, such as floating point number calculations, graphics processing, or data pattern matching, more efficiently than is possible in software running on CPUs.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eStorage optimised\u003c/ins\u003e: Perform sequential read write operations on large datasets. These instances are fine tuned to deliver multiple low-latency, random I/O operaions per second for any application.\u003c/li\u003e\n\u003c/ol\u003e\n\n\u003cstrong\u003eEC2 Security groups\u003c/strong\u003e \u003ca href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n\n\u003cp\u003e\n Security group allow incorming and outgoing traffic from your ec2 instances by acting as a firewall. you can configure the ports and the type of traffic that must be allowed to your EC2 instance. Incoming traffic is configred via the inbound rules and Outgoing using the outbound rules. By default all outgoing traffic only is allowed on security groups, you can attach more than one security group to any EC2 instances.\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" alt=\"Security Groups\" src=\"assets/security-group.jpg\" /\u003e\n \u003cp align=\"center\"\u003eSecurity Groups overview\u003c/p\u003e\n\u003c/p\u003e\n\u003cstrong\u003eEC2 - Instance connect\u003c/strong\u003e\n\u003cp\u003e\n Allows to SSH into EC2 instance by starting a terminal session in the browser. Currently only works with linux AMI.\n\u003c/p\u003e\n\n\u003cstrong\u003eHow do roles work for EC2 instances ?\u003c/strong\u003e\n\u003cp\u003e\n Application running on the EC2 instances needs access to the S3 service. So instead of adding the access_id/secret on the EC2 instance which will be a bad idea (anyone can see it), you create an IAM role and attach it to the instance. The role would be having all the necessary policies attached to it so that it can access the S3 service, application then can use the role's temporary credentials to access the S3 service.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" style=\"width:95%;\" alt=\"Security Groups\" src=\"assets/ec2role.jpg\" /\u003e\n \u003cp align=\"center\"\u003eEC2 role representation\u003c/p\u003e\n\u003c/p\u003e\n\n\u003cstrong\u003eInstance purchasing options\u003c/strong\u003e \u003ca href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-reserved-instances.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n\n\u003cp\u003e\n Amazon EC2 provides the following purchasing options which enable cost optimazation as per the need -:\n\u003c/p\u003e\n\n\u003ctable\u003e\n \u003cthead\u003e\n \u003ctr\u003e\n \u003cth\u003eType\u003c/th\u003e\n \u003cth\u003eScope\u003c/th\u003e\n \u003cth\u003eDescription\u003c/th\u003e\n \u003c/tr\u003e\n \u003c/thead\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd\u003e\u003cstrong\u003eOn-Demand Instances\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003eRegional/Zonal\u003c/td\u003e\n \u003ctd\u003ePay, by the second, for the instances that you launch.\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\u003cstrong\u003eSavings Plans\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003eRegional/Zonal\u003c/td\u003e\n \u003ctd\u003eReduce your Amazon EC2 costs by making a commitment to a consistent amount of usage, in USD per hour, for a term of 1 or 3 years. Further usage is priced as per on-demand rates.\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\u003cstrong\u003eReserved Instances\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003eRegional/Zonal\u003c/td\u003e\n \u003ctd\u003eReduce your Amazon EC2 costs by making a commitment to a consistent instance configuration, including instance type and region, OS for a term of 1 or 3 years.\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\u003cstrong\u003eConvertible Reserved Instances\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003eRegional/Zonal\u003c/td\u003e\n \u003ctd\u003eAllows to change the EC2 instance typem instance family, OS, scope and memory.\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\u003cstrong\u003eSceduled Reserved Instances\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003eRegional/Zonal\u003c/td\u003e\n \u003ctd\u003eWith Scheduled Reserved Instances, you can reserve capacity that is scheduled to recur daily, weekly, or monthly, with a specified start time and duration, for a one-year term. After you complete your purchase, the instances are available to launch during the time windows that you specified.\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\u003cstrong\u003eSpot Instances\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003eRegional/Zonal\u003c/td\u003e\n \u003ctd\u003eRequest unused EC2 instances, which can reduce your Amazon EC2 costs significantly.\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\u003cstrong\u003eDedicated Hosts\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003eSpecific Region\u003c/td\u003e\n \u003ctd\u003ePay for a physical host that is fully dedicated to running your instances, and bring your existing per-socket, per-core, or per-VM software licenses to reduce costs. Most expensive option.\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\u003cstrong\u003eDedicated Instances\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003eRegional/Zonal\u003c/td\u003e\n \u003ctd\u003ePay, by the hour, for instances that run on single-tenant hardware.\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\u003cstrong\u003eCapacity Reservations\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003eZonal\u003c/td\u003e\n \u003ctd\u003eReserve capacity for your EC2 instances in a specific Availability Zone for any duration.\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n\u003c/table\u003e\n\n---\n\n\u003ch2\u003eEC2 Instance Storage\u003c/h2\u003e\n\u003cp\u003e\n Amazon EC2 provides with flexible, cost effective, and easy-to-use data storage options for your EC2 instances. Each option has a unique combination of performance and durability.\n\u003c/p\u003e\n\n\u003col\u003e\n \u003cli\u003e\u003cstrong\u003eEBS - Elastic block storage\u003c/strong\u003e\n \u003cp\u003e\n Amazon EBS is network storage drive that can be attached to any EC2 instance for storing data which requires frequent updates. EBS drive can be attached to only one EC2 instance, but you can attach multiple EBS to one EC2 instance. These drives are confined to a given avaialbility zone i.e you cannot attach drive in us-east-1a to and EC2 isntance running in us-east-1b. In order to create backups of the attached EBS volumes you create snapshots which can be attached to any EC2 in another region or AZ.\n \u003ca href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/p\u003e\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" src=\"assets/ebs.jpg\" /\u003e\n \u003cp align=\"center\"\u003eElastic block storage representation\u003c/p\u003e\n \u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n \u003cstrong\u003eEBS - Snapshot\u003c/strong\u003e\n \u003cp\u003e\n Backup of EBS volumes is called as Snapshots. Can be taken when the EBS volume is attached to the EC2 instance, good is to dettach before taking the snapshot. It cab be copied across regions and AZ to attach it to another EC2 instances.\u003ca href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/p\u003e\n \u003cins\u003eEBS Features\u003c/ins\u003e\n \u003cul\u003e\n \u003cli\u003eMove the snapshot to archive tier which can reduce the cost upto 75%. Restoring from archive tier can take upto 24-48 hours.\u003c/li\u003e\n \u003cli\u003eDeleted snapshots can be recovered by setting up a retention period.\u003c/li\u003e\n \u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n \u003cstrong\u003eAMI - Amazon Machine Images\u003c/strong\u003e\n \u003cp\u003e\n Are images which are created and maintained by the AWS team which helps in launching an EC2 instance, similar to an operating system image. you can launch multiple instance having the same AMI or different AMIs.\n \u003c/p\u003e\n \u003cp\u003e\n you can create our own AMI by launching an EC2 instance and then customizing it as per our own requirement to create an image from it. This created image is specific to a region and can be copied across multiple regions.\u003ca href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n \u003cstrong\u003eEC2 - Builder image\u003c/strong\u003e\n \u003cp\u003e\n Automate the create, update, test and distribute cycle of AMI or container images. This service can be run in a schedule daily, weekly, bi-weekly or on monthly basis. You pay only for the resources utilized for creating the image and the storage space required by the created image. Resources required for creating an image includes the EC2 instance as it takes the user supplied (bootstrap) commands to create the final image. Imagine this as creating a docker image in local using a Dockerfile, you need an environment to create it. As it is a regional service you can distribute it across any region.\u003ca href=\"https://docs.aws.amazon.com/imagebuilder/latest/userguide/what-is-image-builder.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/p\u003e\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" src=\"assets/imgbuilder.jpg\" /\u003e\n \u003cp align=\"center\"\u003eImage builder process\u003c/p\u003e\n \u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n \u003cstrong\u003eEC2 - Instance Store\u003c/strong\u003e\n \u003cp\u003e\n An instance store provides temporary block-level storage for our instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.\n \u003c/p\u003e\n \u003cp\u003e\n An instance store consists of one or more instance store volumes exposed as block devices. The size of an instance store as well as the number of devices available varies by instance type.\u003ca href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n \u003cstrong\u003eEFS - Elastic File Storage\u003c/strong\u003e\n \u003cp\u003e\n Amazon EFS provides scalable file storage for use with Amazon EC2. You can use an EFS file system as a common data source for workloads and applications running on multiple instances. EFS can only be attached to linux machines.\u003ca href=\"https://docs.aws.amazon.com/efs/latest/ug/whatisefs.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n \u003cstrong\u003eEFS-IA - Elastic File Storage Infrequent access\u003c/strong\u003e\n \u003cp\u003e\n Storage class optmized to redice cost of storage for file which are not accessed frequently. Cost are 92% lower than EFS standard class. Set a policy to move files to EFS-IA if they are not accessed in x days.\n \u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\n---\n\n\u003ch2\u003eElastic load Balancing \u0026 Auto Scaling groups\u003c/h2\u003e\n\n\u003col\u003e\n \u003cli\u003e\n \u003cstrong\u003eScalability \u0026 High Availability\u003c/strong\u003e\n \u003cp\u003e\n A measurement of a system's ability to grow to accommodate an increase in demand. High availability means running your system/application in multiple regions or availability zones to avoid failure or hardware loss. A System or an Infrastructure can be called as scalable in two ways.\n \u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cins\u003eVertical Scalability\u003c/ins\u003e: Increasing the size of the instance or resource attached to it viz. RAM, CPU, Storage etc\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eHorizontal Scalability\u003c/ins\u003e: Increase the number of instances running \u003ca href=\"https://docs.aws.amazon.com/whitepapers/latest/real-time-communication-on-aws/high-availability-and-scalability-on-aws.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eElasticity\u003c/strong\u003e\n \u003cp\u003e\n Any system which can scale up or down depending on the load. Elasticity is the ability to acquire resources as you need them and release resources when you no longer need them. In the cloud, you want to do this automatically. \n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAgility\u003c/strong\u003e\n \u003cp\u003e\n Ability to add new resources and hardware at ease.\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eLoad Balancers\u003c/strong\u003e\n \u003cp\u003e\n A load balancer distributes workloads across multiple compute resources, such as virtual servers. Using a load balancer increases the availability and fault tolerance of your applications.\n \u003c/p\u003e\n \u003cp\u003e\n Compute resources can be added or removed from the load balancer as the need change, without disrupting the overall flow of requests to the applications.\n \u003c/p\u003e\n \u003cp\u003e\n You can configure health checks, which monitor the health of the compute resources, so that the load balancer sends requests only to the healthy ones.\u003ca href=\"https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/what-is-load-balancing.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/p\u003e\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" src=\"assets/elb.jpg\"\u003e\n \u003cp align=\"center\"\u003eLoad Balancers\u003c/p\u003e\n \u003c/p\u003e\n \u003cstrong\u003eType of Load Balancers\u003c/strong\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cins\u003eApplication Load Balancer\u003c/ins\u003e: Application Load Balancer operates at the request level (layer 7), routing traffic to targets (EC2 instances, containers, IP addresses, and Lambda functions) based on the content of the request. Ideal for advanced load balancing of HTTP and HTTPS traffic, Application Load Balancer provides advanced request routing targeted at delivery of modern application architectures, including microservices and container-based applications. It simplifies and improves the security of our application, by ensuring that the latest SSL/TLS ciphers and protocols are used at all times.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eNetwork load Balancer\u003c/ins\u003e: Network Load Balancer operates at the connection level (Layer 4), routing connections to targets (Amazon EC2 instances, microservices, and containers) within Amazon VPC, based on IP protocol data. Ideal for load balancing of both TCP and UDP traffic, Network Load Balancer is capable of handling millions of requests per second while maintaining ultra-low latencies. Network Load Balancer is optimized to handle sudden and volatile traffic patterns while using a single static IP address per Availability Zone. It is integrated with other popular AWS services such as Auto Scaling, Amazon EC2 Container Service (ECS), Amazon CloudFormation, and AWS Certificate Manager (ACM).\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eGateway load Balancer\u003c/ins\u003e: Gateway Load Balancer helps us easily deploy, scale, and manage your third-party virtual appliances. It gives you one gateway for distributing traffic across multiple virtual appliances while scaling them up or down, based on demand. This decreases potential points of failure in your network and increases availability.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAttaching Load Balancer for EC2 instances\u003c/strong\u003e\n \u003cp\u003eSteps :\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eLaunch 2 EC2 instances with a single web page (index.html) which identifies the instance which is serving the current request.\u003c/li\u003e\n \u003cli\u003eCreate a Elastic Load Balancer of type application, attach a secutiry group to it which allows only HTTP traffic (port 80).\u003c/li\u003e\n \u003cli\u003eMake sure similar security group are also attached to the EC2 instances to allow HTTP traffic.\u003c/li\u003e\n \u003cli\u003eCreate a Target Group which registers the two EC2 servers as targets.\u003c/li\u003e\n \u003cli\u003eAssign this Target Group to the ALB.\u003c/li\u003e\n \u003cli\u003eCopy the DNS name attached to the ALB, open it in the browser and verify if the correct web pages are served.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAuto Scaling Group\u003c/strong\u003e\n \u003cp\u003e\n Traffic received by the application can increase at any time. Auto Scaling group contains a collection of EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. The main goal of an Auto Scaling Group is to Scale-out (add more instances) when the load on the application increases and scale-in (remove instances) when it decreases, it also ensures that the minimum number of EC2 instances are always running and to replaces the faulty instances with healthy ones.\u003ca href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-groups.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/p\u003e\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" src=\"assets/asg.jpg\"\u003e\n \u003cp align=\"center\"\u003eAuto Scaling Group\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eScaling Strategies\u003c/strong\u003e\n \u003col\u003e\n \u003cli\u003e\u003cins\u003eManual Scaling\u003c/ins\u003e: Change the ASG settings manually.\u003c/li\u003e\n \u003cli\u003e\n \u003cins\u003eDynamic Scaling\u003c/ins\u003e: Respond to changing demand.\n \u003cul\u003e\n \u003cli\u003e\u003cins\u003eSimple/Step Scaling\u003c/ins\u003e: With step scaling and simple scaling, you choose scaling metrics and threshold values for the CloudWatch alarms that invoke the scaling process.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eSimple/Step Scaling\u003c/ins\u003e: Specify an average value or metric of an application e.g. Scale to keep the CPU utilization at 60%.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003ePredictive Scaling\u003c/ins\u003e: Use predictive scaling to increase the number of EC2 instances in your Auto Scaling group in advance of daily and weekly patterns in traffic flows.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003c/ol\u003e\n \u003c/li\u003e\n\u003c/ol\u003e\n\n---\n\n\u003ch2\u003eS3 - Simple Storage Service\u003c/h2\u003e\n\n\u003cp\u003e\n Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. Called as the main backbone of AWS and is promoted as a \"infinitely scaling\" storage service. Many websites hosted on AWS use S3 for storage as well as many AWS services. \u003ca href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cstrong\u003eUse Cases\u003c/strong\u003e\n\n\u003cul\u003e\n \u003cli\u003eBackup and Storage\u003c/li\u003e\n \u003cli\u003eDisaster Recovery\u003c/li\u003e\n \u003cli\u003eApplication hosting\u003c/li\u003e\n \u003cli\u003eFiles\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cstrong\u003eOverview of S3 buckets\u003c/strong\u003e\n\n\u003cul\u003e\n \u003cli\u003eFiles stored in S3 are called as objects. Objects have a key associated with them which is the full path needed to retrieve that file from a given bucket.\u003cbr\u003eExample: s3://my_bucket/my_file.txt =\u003e key is my_file.txt\u003c/li\u003e\n \u003cli\u003eBuckets created in S3 must have unique name globally (across all regions).\u003c/li\u003e\n \u003cli\u003eBuckets are created at region level.\u003c/li\u003e\n \u003cli\u003eMaximum upload size is 5TB\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003col\u003e\n \u003cli\u003e\n \u003cstrong\u003eS3 Security\u003c/strong\u003e: Access Control on S3 buckets and the objects contained in it.\n \u003cul\u003e\n \u003cli\u003e\u003cins\u003eUser Based\u003c/ins\u003e: IAM Policies attached to a user confined to only specific S3 features.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eResource (Bucket Policies)\u003c/ins\u003e: Permissions attached to the bucket applies to all the objects in the bucket owned by the bucket owner. If ACL option is disabled all objects contained inside the bucket are owned by the account/bucket owner including those uploaded by other AWS accounts. \u003ca href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-policies.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eResource (Object ACL)\u003c/ins\u003e: Finer grain control on the objects uploaded in S3 bucket.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eResource (Bucket ACL)\u003c/ins\u003e: Finer grain control on the Bucket.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eS3 Public Bucket Policy\u003c/strong\u003e: To allow public access (able to access files in browser or through any service) to files inside any bucket follow the following points. When creating a new/existing S3 bucket uncheck the option which reads \"Block all public access\", add a new Bucket policy using the \u003ca href=\"https://awspolicygen.s3.amazonaws.com/policygen.html\"\u003ePolicy Generator\u003c/a\u003e which allows all Principals (services/users) to access S3 objects.\n \u003cpre style=\"color:#FFF;background-color:#464646;\"\u003e\n {\n \"Id\": \"Policy1661705525639\",\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Stmt1661705522813\",\n \"Action\": [\n \"s3:GetObject\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:s3:::demo-learning-web-bucket-replica\",\n \"Principal\": \"*\"\n }\n ]\n }\n \u003c/pre\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eS3 versioning\u003c/strong\u003e: Version S3 objects, it is enabled at bucket level. Over-writing the same object creates a new version. Versioning helps you to recover from accidental deletion or roll back to previous version. \u003cstrong\u003eImp notes\u003c/strong\u003e: versioning can be enabled/disabled at any time after a bucket is created or when creating a new. If enabled after bucket creation all objects will have default value as \"null\". Disabling versioning does not deletes the previous versions.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eS3 Access Logs\u003c/strong\u003e: Log all requests made to a S3 bucket from any service or account. The data is stored in another S3 bucket, used by data analysis tools to find access/usage patterns.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eS3 Replication\u003c/strong\u003e: Copy contents of S3 bucket to another S3 bucket. Versioning must be enabled to achieve replication. Copying happens asynchronously, buckets can be in diffetent accounts.\n \u003cul\u003e\n \u003cli\u003e\u003cins\u003eCross Region Replication\u003c/ins\u003e: Copy data to another bucket in different region.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eSame Region Replication\u003c/ins\u003e: Copy data to another bucket in same region.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eS3 Storage Classes\u003c/strong\u003e: Amazon S3 offers a range of storage classes that you can choose from, based on the data access, resiliency, and cost requirements of your workloads. S3 storage classes are purpose-built to provide the lowest cost storage for different access patterns. S3 storage classes are ideal for virtually any use case, including those with demanding performance needs, data residency requirements, unknown or changing access patterns, or archival storage. \u003ca href=\"https://aws.amazon.com/s3/storage-classes/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003cp style=\"color:red;\"\u003e\u003cem\u003eNote:: Check the official AWS docs (https://aws.amazon.com/s3/storage-classes/) for in depth understanding.\u003c/em\u003e\u003c/p\u003e\n \u003ctable\u003e\n \u003cthead\u003e\n \u003ctr\u003e\n \u003ctd\u003e\u003cstrong\u003eStorage Classes\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003e\u003cstrong\u003eAvailability\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003e\u003cstrong\u003eFeatures\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003e\u003cstrong\u003eUse cases\u003c/strong\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/thead\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd\u003eS3 Standard - General purpose\u003c/td\u003e\n \u003ctd\u003e99.99%\u003c/td\u003e\n \u003ctd\u003eUsed for frequently accessed data. Low latency and high throughput.\u003c/td\u003e\n \u003ctd\u003eWeb applications, dynamic applications, big data analytics\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eS3 Standard - Infrequent access\u003c/td\u003e\n \u003ctd\u003e99.99%\u003c/td\u003e\n \u003ctd\u003eUsed for less frequently accessed data, but requires rapid retrieval when needed.Minimum storage duration is 30 days.\u003c/td\u003e\n \u003ctd\u003eLong term storage, backups, data store for disaster recovery\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eS3 One Zone - Infrequent access\u003c/td\u003e\n \u003ctd\u003e99.5%\u003c/td\u003e\n \u003ctd\u003eUsed for less frequently accessed data, but requires rapid retrieval when needed. This storage class stores data in a single AZ unlike other who stores data into minimum of 3 AZ. Cost 20% less than S3 Standard - IA.Minimum storage duration is 30 days.\u003c/td\u003e\n \u003ctd\u003eStoring secondary backups\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eS3 Glacier - Instant retrieval\u003c/td\u003e\n \u003ctd\u003e99.99%\u003c/td\u003e\n \u003ctd\u003eArchive storage class that delivers lowest cost storage for long lived data that is rarely accessed and requires retrieval in milliseconds. Using this storage class can save cost upto 68% than S3 - IA. Minimum storage duratin for objects should be 90 days.\u003c/td\u003e\n \u003ctd\u003eNews media, user generated content etc\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eS3 Glacier - Flexible retrieval\u003c/td\u003e\n \u003ctd\u003e99.99%\u003c/td\u003e\n \u003ctd\u003eArchived storage class. Costs 10% less than S3 glacier instance retrieval. Data which is less accessed less than 1/2 times in a year. This class differs from S3 - IA or S3 one zone IA, as archived data is not retrieved rapidly (minutes to hours). Configurable retrieval times, from minutes to hours, with free bulk retrievals. Minimum storage duration is 90 days.\u003c/td\u003e\n \u003ctd\u003eDisaster recovery, offsite data storage etc\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eS3 Glacier - Deep Archive\u003c/td\u003e\n \u003ctd\u003e99.99%\u003c/td\u003e\n \u003ctd\u003eArchived storage class.Data retrieval can take around 12 hours. Minimum storage duration is 180 days.\u003c/td\u003e\n \u003ctd\u003eDisaster recovery, offsite data storage etc\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eS3 Intelligent - Tiering\u003c/td\u003e\n \u003ctd\u003e99.99%\u003c/td\u003e\n \u003ctd\u003eAutomatically move objects/files to other storage classes based on the usage patten. Can save cost by moving files to correct tier.\u003c/td\u003e\n \u003ctd\u003eany use case can be considered\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eS3 Object lock \u0026 Glacier Vault lock\u003c/strong\u003e: Adopt a WORM policy (Write Once Read Many) model. Block an object version deletion for a specified amount of time.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eS3 Encryption\u003c/strong\u003e: Three types to be considere for all uploaded files. No encryption - nothing is encrypted. Server-Side Encryption - Encrypt file after uploaded to S3, handled by AWS. Client side Encryption - USer encypts the file with some private key before uplaoding.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS Snow family\u003c/strong\u003e: Offline devices to perform data migrations in and out of AWS. If it takes weeks to transfer data to AWS over the network you should use Snowball devices.\n \u003cp\u003eDevices:\u003c/p\u003e\n \u003ctable\u003e\n \u003cthead\u003e\n \u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e\u003cstrong\u003eAWS Snowcone\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003e\u003cstrong\u003eAWS Snowball edge storage optimized\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003e\u003cstrong\u003eAWS snowball edge compute optimized\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003e\u003cstrong\u003eAWS snowmobile\u003c/strong\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/thead\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd\u003eUsable HDD Storage\u003c/td\u003e\n \u003ctd\u003e8 TB\u003c/td\u003e\n \u003ctd\u003e80 TB\u003c/td\u003e\n \u003ctd\u003e42 TB\u003c/td\u003e\n \u003ctd\u003e100 PB\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eUsable SDD Storage\u003c/td\u003e\n \u003ctd\u003e14 TB\u003c/td\u003e\n \u003ctd\u003e1 TB\u003c/td\u003e\n \u003ctd\u003e7.68 TB\u003c/td\u003e\n \u003ctd\u003eNo\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eUsable vCPUs\u003c/td\u003e\n \u003ctd\u003e4 vCPUs\u003c/td\u003e\n \u003ctd\u003e40 vCPUs\u003c/td\u003e\n \u003ctd\u003e52 vCPUs\u003c/td\u003e\n \u003ctd\u003eN/A\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eUsable Memory\u003c/td\u003e\n \u003ctd\u003e4 GB\u003c/td\u003e\n \u003ctd\u003e80 GB\u003c/td\u003e\n \u003ctd\u003e208 GB\u003c/td\u003e\n \u003ctd\u003eN/A\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eStorage Clustering\u003c/td\u003e\n \u003ctd\u003eNo\u003c/td\u003e\n \u003ctd\u003eYes, 5-10 nodes\u003c/td\u003e\n \u003ctd\u003eYes, 5-10 nodes\u003c/td\u003e\n \u003ctd\u003eN/A\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e256-bit Encryption\u003c/td\u003e\n \u003ctd\u003eYes\u003c/td\u003e\n \u003ctd\u003eYes\u003c/td\u003e\n \u003ctd\u003eYes\u003c/td\u003e\n \u003ctd\u003eYes\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eHIPAA Compliant\u003c/td\u003e\n \u003ctd\u003eNo\u003c/td\u003e\n \u003ctd\u003eYes, eligible\u003c/td\u003e\n \u003ctd\u003eYes, eligible\u003c/td\u003e\n \u003ctd\u003eYes, eligible\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eData Sync\u003c/td\u003e\n \u003ctd\u003ePre-installed\u003c/td\u003e\n \u003ctd\u003eNo\u003c/td\u003e\n \u003ctd\u003eNo\u003c/td\u003e\n \u003ctd\u003eNo\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS Edge locations\u003c/strong\u003e: Process or generate data on an edge location's. These locations may have limited/no internet access, no access to compiuting power. Examples: Trasport services, Ships, underground mining etc\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS Storage Gateway\u003c/strong\u003e: AWS Storage Gateway is a set of hybrid cloud storage services that provide on-premises access to virtually unlimited cloud storage.\n \u003c/li\u003e\n\u003c/ol\u003e\n\n---\n\n\u003ch2\u003eDatabases \u0026 Analytics\u003c/h2\u003e\n\n\u003col\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS RDS \u0026 Aurora\u003c/strong\u003e: RDS stands for Relational Database service, and is a managed Database service provided by the AWS. It allows provisioning database engines such as Mysql, Postgres, MariaDb, Oracle, Aurora etc. Aurora is a proprietary database built by AWS. \u003cstrong\u003eAurora is 5x better than using mysql on RDS and 3x better than using postgres on RDS.\u003c/strong\u003e\n \u003cp\u003e\u003cbr\u003e\u003cins\u003eWhy to use RDS ? you can install any database service in EC2 instances right ?\u003c/ins\u003e\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eRDS is a managed service.\u003c/li\u003e\n \u003cli\u003eAWS maintains \u0026 updates OS running the RDS instance.\u003c/li\u003e\n \u003cli\u003eFeatures such as auto backups and restore.\u003c/li\u003e\n \u003cli\u003eRead replicas for improved read performance.\u003c/li\u003e\n \u003cli\u003eMulti AZ setup for Disaster recovery.\u003c/li\u003e\n \u003cli\u003eScaling capability.\u003c/li\u003e\n \u003cli\u003eStorage backed by EBS.\u003c/li\u003e\n \u003cli\u003eDashboards for monitoring health.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" alt=\"RDS architecture\" src=\"assets/rds.jpg\" /\u003e\n \u003cp align=\"center\"\u003eRDS architecture\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eRDS Deployments options\u003c/strong\u003e: Different ways you can configure RDS instances to serve any request.\n \u003cul\u003e\n \u003cli\u003e\n \u003cins\u003eRead Replicas\u003c/ins\u003e: Amazon RDS Read Replicas provide enhanced performance and durability for Amazon RDS database (DB) instances. They make it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput.\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" alt=\"RDS architecture\" src=\"assets/read-replicas.jpg\" /\u003e\n \u003cp align=\"center\"\u003eRDS deployment architecture\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cins\u003eMulti AZ\u003c/ins\u003e: In an Amazon RDS Multi-AZ deployment, Amazon RDS automatically creates a primary database (DB) instance and synchronously replicates the data to an instance in a different AZ. When it detects a failure, Amazon RDS automatically fails over to a standby instance without manual intervention.\n \u003ca href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZSingleStandby.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cins\u003eMulti-Region\u003c/ins\u003e: Similar to a Multi-AZ dpeloyment, but provides better application performance region wise as there can be multiple read replicas setup for a given primary database.\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eElastic Cache\u003c/strong\u003e: Is a in-memory database, supported engines are Memcache and Redis. Data stored here is not permanent hence should only be used as a cache service. All Database extensive read tasks must be shifted to an in-memory cache for better performance as it has low latency. \u003cp\u003e\u003cem\u003eStrategy :: For any item that needs to be written to DB -\u003e check if it exists in cache -\u003e if not write/update to db then to the cache -\u003e read from cache always -\u003e if deleted from db delete from cache.\u003c/em\u003e\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eDynamo DB\u003c/strong\u003e: It is a fully managed NoSQL database. Data stored in dynamo db is encrypted at rest by default. Low in cost and has auto scaling capabilities. Data is stored in SSD's and replicated across multiple Availability Zones in an AWS Region, providing built-in high availability and data durability.\n \u003cp\u003e\u003cins\u003eDynamo Accelerator DAX\u003c/ins\u003e: Cache specific for dynamoc DB. Caches items which are frequently accessed.\u003c/p\u003e\n \u003cp\u003e\u003cins\u003eDynamo Global Tables\u003c/ins\u003e: Make a DynamoDB table accessible with low latency across multiple regions.\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eRedshift\u003c/strong\u003e: Based on PostgreSQL but not used for OLTP. Used for OLAP - online analytical proceessing. Columnar storage of data instead of Row, 10x better performance than other data warehousing tools. Provides SQL interface to execute queries.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAmazon EMR\u003c/strong\u003e: Stands for \"Elastic MapReduce\". Creates a Hadoop Cluster to analyze and process vast amount of data. Cluster can be made of multiple EC2 instances. EMR takes care of provisioning and configuring the instances. Provides auto-scaling and is integrated with Spot instances.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAthena\u003c/strong\u003e: Serverless query service to perform analytics against S3 objects. Use standard SQL language to query the files. Supports CSV, JSON, ORC files. Use-cases look for a pattern in log files.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eQuickSight\u003c/strong\u003e: Serverless machine learning-powered business intelligence service to create dashboards. Can source data from RDS/Redshift/DynamoDb etc\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eDocument DB\u003c/strong\u003e: AWS name for MongoDB with many performance changes added by AWS team.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eNeptune\u003c/strong\u003e: Amazon Neptune is a fast, reliable, fully managed graph database service that makes it easy to build and run applications that work with highly connected datasets. The core of Neptune is a purpose-built, high-performance graph database engine that is optimized for storing billions of relationships and querying the graph with milliseconds latency. Neptune supports the popular graph query languages Apache TinkerPop Gremlin and W3C’s SPARQL, allowing you to build queries that efficiently navigate highly connected datasets. Neptune powers graph use cases such as recommendation engines, fraud detection, knowledge graphs, drug discovery, and network security.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAmazon OLDB\u003c/strong\u003e: Amazon Quantum Ledger Database (Amazon QLDB) is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log owned by a central trusted authority. It is used to track all application data changes, and maintain a complete and verifiable history of changes over time.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eManaged Blockchain\u003c/strong\u003e: Blockchain makes it possible to build applications where multiple parties can execute transactions without the need for a trusted, central authority.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS Glue\u003c/strong\u003e: Managed ETL (Extract Transform Load) service. Good to prepare and transform data (script) for analytics.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eDMS Service\u003c/strong\u003e: Database migration service. Extract source data from XYZ database and restore to AWS managed database.\n \u003c/li\u003e\n\u003c/ol\u003e\n\n---\n\n\u003ch2\u003eCompute Services - ECS, Lambda, Batch, LightSail\u003c/h2\u003e\n\n\u003col\u003e\n \u003cli\u003e\n \u003cstrong\u003eECS\u003c/strong\u003e: Amazon Elastic Container Service (Amazon ECS) is a highly scalable and fast container management service. Use it to run, stop, and manage containers on a cluster. With Amazon ECS, containers are defined in a task definition that you use to run an individual task or tasks within a service. In this context, a service is a configuration that you use to run and maintain a specified number of tasks simultaneously in a cluster.\n \u003cp\u003eFeatuers of ECS\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eIntegration with IAM.\u003c/li\u003e\n \u003cli\u003eIntegration with other AWS services.\u003c/li\u003e\n \u003cli\u003eIntegration with CI/CD tools and processes which monitors source code and build new images, then pushes to the registry.\u003c/li\u003e\n \u003cli\u003eSupport for sending container instance logs to cloud-watch.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eFargate\u003c/strong\u003e: Similar to ECS only difference is the infrastructure is managed by AWS, hence you do not have to plan for capacity, servers, disk space etc. AWS will run the containers with the supplied configuration RAM/CPU.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eECR\u003c/strong\u003e: Elastic Container Registry, private registry to store Docker images.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eServerless\u003c/strong\u003e: Do not manage any infrastructure, just deploy the code and use the service. It is billed as Pay-per go pricing model.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eLambda\u003c/strong\u003e: Lambda is a compute service that lets us run code without provisioning or managing servers. Lambda runs our code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, and logging. With Lambda, you can run code for virtually any type of application or backend service. \u003ca href=\"https://docs.aws.amazon.com/lambda/latest/dg/welcome.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003cp\u003e\u003cins\u003eExamples/Use-cases\u003c/ins\u003e\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eLambda connected to an API gateway which performs authentication tasks.\u003c/li\u003e\n \u003cli\u003eConnected with cloud watch event rule \"cron job\".\u003c/li\u003e\n \u003cli\u003ePush/Pull data from Snowflake.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAPI Gateway\u003c/strong\u003e: Amazon API Gateway is an AWS service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale. API developers can create APIs that access AWS or other web services, as well as data stored in the AWS Cloud.\n \u003cp\u003eAPI gateway allows us to create the following API types HTTP, WebSocket, REST , REST API Private (Accesible only from a VPC).\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS Batch\u003c/strong\u003e: Managed service providing batch processing at a larger scale and provides the ability to access large amount of computing power. Can run 1000\u003csup\u003e*\u003c/sup\u003e of batch jobs efficiently. Batch service provisions EC2/Spot instance dynamically. Batch jobs are designed as Docker images which run on ECS inside the provision EC2 servers.\n \u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003eLightSail\u003c/strong\u003e: Provides with virtual servers, database and networking; for users who do not wish to get into details of EC2 instance handling and has less cloud experience. Provides with high availability but provides no auto scaling and has limited integrations with other AWS services. e.g. Hosting a Lamp stack, good for dev/test sites etc\n \u003c/li\u003e\n\u003c/ol\u003e\n\n---\n\n\u003ch2\u003eDeployments \u0026 Managing Infrastructure at Scale\u003c/h2\u003e\n\n\u003col\u003e\n \u003cli\u003e\n \u003cstrong\u003eCloud Formation\u003c/strong\u003e: Have all the Infrastructure as Yaml code; (IaC templates) Create a template that describes all the AWS resources that are needed (like Amazon EC2 or Amazon RDS DB instances), and CloudFormation takes care of provisioning and configuring those resources for you. No manual intervention needed to create and configure AWS resources and figure out what's dependent on what; CloudFormation handles all the configuration.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eCloud Development Kit (CDK)\u003c/strong\u003e: Instead of writing cloud (IaC) templates in yaml format (cloud formation templates), CDK allows you to write them in any language of choice such as python, typescript, java, .net etc and this service compiles the code into CloudFormation templates.\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" alt=\"CDK process\" src=\"assets/cdk.jpg\" /\u003e\n \u003cp align=\"center\"\u003eCDK process\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eElastic Beanstalk\u003c/strong\u003e: Managed service which can be used to deploy/host your application in AWS cloud. Instance and OS configuration is handled by Beanstalk service. Provides with services such as capacity provisioning, load balancing \u0026 auto scaling.\n \u003cp\u003e\u003ca href=\"https://medium.com/@kyawzinlatt/aws-elastic-beanstalk-or-aws-lightsail-when-to-use-which-f448e4a49147\"\u003eAWS Beanstalk vs LightSail\u003c/a\u003e.\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eCodeDeploy\u003c/strong\u003e: Managed Service which can be used to deploy code automatically to other services such as EC2, Lambda, Fargate and on-premises servers. CodeDeploy can deploy application code that runs on a server which is stored in Amazon S3 buckets, GitHub repositories, or Bitbucket repositories. It scales with the infrastructure, as in it can deploy to single or multiple instances without much delay.\n \u003cul\u003e\n \u003cli\u003eRapidly release new features.\u003c/li\u003e\n \u003cli\u003eUpdate AWS Lambda function versions.\u003c/li\u003e\n \u003cli\u003eAvoid downtime during application deployment.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eCodeCommit\u003c/strong\u003e: Source control service that hosts GIT based repositories. Makes it easy to collaborate with other users.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eCodeBuild\u003c/strong\u003e: Managed Code building service in the cloud. Can pull data from CodeCommit, compile it, run unit tests and create deployable artifacts.\n \u003cul\u003e\n \u003cli\u003eFully managed, serverless.\u003c/li\u003e\n \u003cli\u003eContinuosly scalable and higly available.\u003c/li\u003e\n \u003cli\u003eOnly pay for the build time.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eCode Pipeline\u003c/strong\u003e: CodePipeline is a continuous delivery service that automates the building, testing, and deployment of your software into prod/dev/test environments. Earlier you saw CodeDeploy, CodeCommit and CodeBuild; wondering how all of them can be connected ? CodePipeline allows us to create a view of the famous CI/CD tool using all of the above and other different services.\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" alt=\"CodePipeline\" src=\"assets/code-pipeline.jpg\" /\u003e\n \u003cp align=\"center\"\u003eAWS Codepipeline\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eCodeArtifact\u003c/strong\u003e: It is a Artifact Management system which is usually used by a code-pipeline stage to store and retrieve artifacts. \u003cp\u003eExample: When running test cases in our code repository, test stage will create a test report file and store the same in the artifactory.\u003c/p\u003e\n \u003cp\u003eExample 2: Integrate the build process with sonar lint and store the reports of all code violations in the artifactory.\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eCodeStar\u003c/strong\u003e: Easier way to quickly setup CodeCommit, CodePipeline, CodeBuild, CodeDeploy, EC2 and other services. This service provides with an UI interface which allows us to use the above mentioned services.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eCloudNine\u003c/strong\u003e: Is a Cloud IDE for writing, running and debugging our code. It opens in a browser, user can start working on any project with doing any pre-required code or development environment setup. Allows for code collaboration in real time.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eSystems Manager\u003c/strong\u003e: AWS service to control/monitor/debug/update/patch the overall provisioned application infrastructure or the different AWS services. It helps administrators to investigate issues with any of the service or a group of services and remediate them by rolling out patches/updates.\n \u003cp\u003eExample: you need to monitor the fleet of EC2 instances, starting you need the SSM Agent installed on all of the instances so that they can be controlled at once using the Systems manager service. \u003c/p\u003e\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:60%;\" alt=\"Systems Manager\" src=\"assets/ssm.jpg\" /\u003e\n \u003cp align=\"center\"\u003eSystems Manager\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eSSM Session Manager\u003c/strong\u003e: Start a secure shell session to any of the EC2 instances controlled by the sessions manager service.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS Ops Works\u003c/strong\u003e: AWS OpsWorks is a configuration management service that helps to configure and operate applications in a cloud enterprise by using Puppet or Chef. AWS OpsWorks Stacks and AWS OpsWorks for Chef Automate allow to use Chef cookbooks and solutions for configuration management, while OpsWorks for Puppet Enterprise lets us configure a Puppet Enterprise master server in AWS. Puppet offers a set of tools for enforcing the desired state of your infrastructure, and automating on-demand tasks.\n \u003c/li\u003e\n\u003c/ol\u003e\n\n--- \n\n\u003ch2\u003eLeveraging the AWS global Infrastructure\u003c/h2\u003e\n\n\u003col\u003e\n \u003cli\u003e\n \u003cstrong\u003eGlobal Applications\u003c/strong\u003e: Application's deployed in multiple AZs and regions, not restricted to a given geographic area. This setup allows you to operate applications which are highly available, fault tolerant and scalable \u003ca href=\"https://aws.amazon.com/about-aws/global-infrastructure/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003cp\u003eBenefits of using the Global Infrastructure -:\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eSecurity\u003c/li\u003e\n \u003cli\u003eScalability\u003c/li\u003e\n \u003cli\u003eAvailability\u003c/li\u003e\n \u003cli\u003eFlexibility\u003c/li\u003e\n \u003cli\u003ePerformance - (Decreased Latency)\u003c/li\u003e\n \u003cli\u003eGlobal Footprint\u003c/li\u003e\n \u003cli\u003eDisaster Recovery: Failover to another region if there a disaster at some geographic location.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eRoute 53\u003c/strong\u003e: It is a highly scalable and available DNS management service. \u003cstrong\u003eDNS\u003c/strong\u003e = The Domain Name System is the hierarchical and decentralized naming system used to identify computers reachable through the Internet or other Internet Protocol networks. (name =\u003e IP Address mapping) (www.google.com =\u003e 142.250.182.228)\n \u003cp\u003e\u003cstrong\u003eDNS Record types \u003c/strong\u003e\u003ca href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eA record : Domain to IPv4\u003c/li\u003e\n \u003cli\u003eAAAA record : Domain to IPv6.\u003c/li\u003e\n \u003cli\u003eAlias record : Route traffic from a Domain to some AWS service.\u003c/li\u003e\n \u003cli\u003eCNAME record : Route traffic from a Domain to another domain.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cp\u003e\u003cstrong\u003eRouting Policy \u003c/strong\u003e\u003ca href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cins\u003eSimple routing\u003c/ins\u003e: Domain pointing to a single webserver.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eFailover routing\u003c/ins\u003e: DNS system does a Health check on the webserver and sends traffic to the health one.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eGeolocation routing\u003c/ins\u003e: Redirect client request to the nearest server determined by the users location.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eGeoproximity routing\u003c/ins\u003e: Redirect client request to the nearest server determined by the users location as well the resources.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eLatency routing\u003c/ins\u003e: Redirect traffic to the server which provides the least latency.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eIP-based routing\u003c/ins\u003e: Route traffic based on the location of the users, and have the IP addresses that the traffic originates from\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eMultivalue answer routing\u003c/ins\u003e: T.B.D\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eWeighted routing\u003c/ins\u003e: Route traffic to multiple resources in proportions that is specified. Weighted records can be created in private hosted zone.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eCloudfront\u003c/strong\u003e: Is a Content Delivery Network (CDN), which speeds up the delivery of static assets of website (.css, .js, .html, img/*). Cloud front serve requested resources through a network of data locations called the Edge locations. There are in total 216 AWS edge locations globally.\n \u003cp\u003e\u003cins\u003eHow does Cloudfront serve any requests ?\u003c/ins\u003e: \u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eWhen a resource served via. the Cloudfront service is requested, the request is routed to the nearest edge location providing the least latency. Cloudfront will cache the resource, to serve it faster for further requests.\u003c/li\u003e\n \u003cli\u003e\n If Cloudfront finds a valid cached copy of the requested resource it will serve the same.\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003cp\u003e\u003cins\u003eCloudfront distributions\u003c/ins\u003e: Distribution must be created in order to use Cloudfront service, it is a set of config which tell the service on how to serve the requested resource. Types of config.\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003e\n \u003cins\u003eContent origin\u003c/ins\u003e: the Amazon S3 bucket, AWS Elemental MediaPackage channel, AWS Elemental MediaStore container, Elastic Load Balancing load balancer, or HTTP server from which CloudFront gets the files to distribute.\u003c/li\u003e\n \u003cli\u003e\n \u003cins\u003eAccess\u003c/ins\u003e: whether the files to be available to everyone or restrict access to some users.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cins\u003eSecurity\u003c/ins\u003e: should CloudFront ask users to use HTTPS to access the content.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cins\u003eCache key\u003c/ins\u003e: what must be the value of the cache-key. The cache key uniquely identifies each file in the cache for a given distribution.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cins\u003eOrigin request settings\u003c/ins\u003e: should cloudfront relay the request Headers, Query, Cookies to the origin service.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cins\u003eGeographic restrictions\u003c/ins\u003e: should CloudFront prevent users in selected countries from accessing the content.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cins\u003eLogs\u003c/logs\u003e: should CloudFront create standard logs or real-time logs that show viewer activity.\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eS3 Transfer Acceleration\u003c/strong\u003e: Amazon S3 Transfer Acceleration is a bucket-level feature that enables fast, easy, and secure transfers of files over long distances between the requestor and an S3 bucket. Transfer Acceleration is designed to optimize transfer speeds from across the world into S3 buckets. Transfer Acceleration takes advantage of the globally distributed edge locations in Amazon CloudFront. As the data arrives at an edge location, the data is routed to Amazon S3 over an optimized network path.\n \u003cp\u003e\u003cstrong\u003eWays to upload files to an S3 bucket\u003c/strong\u003e:\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eDirectly upload to an S3 bucket.\u003c/li\u003e\n \u003cli\u003eUse S3 transger acceleration to upload files.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cp\u003eRefer to the following tool to see the different os using Transer Acceleration over direct upload \u003ca href=\"https://s3-accelerate-speedtest.s3-accelerate.amazonaws.com/en/accelerate-speed-comparsion.html\"\u003eLink\u003c/a\u003e\u003c/p\u003e\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" src=\"./assets/s3-transfer-accelerator.jpg\" /\u003e\n \u003cp align=\"center\"\u003eS3 Transfer Acceleration\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eGlobal Accelerator\u003c/strong\u003e: Create accelerators to improve the performance of the application. When a consumer queries any resource/server hosted on AWS inorder to reduce the total response time, by using Global accelerator you can leverage the AWS internal network which optimizes the request route needed to reach the destination. Done by providing 2 static anycast IP addresses that only need to be configured by users once. Behind these IP address you can add or remove AWS origins, opening up uses such as endpoint failover, scaling, or testing without any user-side changes.\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" src=\"./assets/global-accelerator.jpg\" /\u003e\n \u003cp align=\"center\"\u003eS3 Global Accelerator\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS Outpost\u003c/strong\u003e: AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools to customer premises. By providing local access to AWS managed infrastructure, AWS Outposts enables customers to build and run applications on premises using the same programming interfaces as in AWS Regions, while using local compute and storage resources for lower latency and local data processing needs.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS Wavelength\u003c/strong\u003e: AWS Wavelength enables developers to create applications with ultra-low latencies for mobile devices and end users. Wavelength brings standard AWS compute and storage services to the edge of telecom carriers' 5G networks. You can extend an Amazon Virtual Private Cloud (VPC) to one or more Wavelength Zones and then use AWS resources such as Amazon Elastic Compute Cloud (Amazon EC2) instances to run applications that require ultra-low latency and a connection to AWS services in the Region. \n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS Local zones\u003c/strong\u003e: AWS Local Zones are a type of AWS infrastructure deployment that place compute, storage, database, and other select services closer to large population, industry, and IT centers, enabling you to deliver applications that require single-digit millisecond latency to end-users.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eGlobal Application architecture\u003c/strong\u003e: Ideal architecture styles to achieve a global application.\n \u003cul\u003e\n \u003cli\u003eSingle region, Single AZ\u003c/li\u003e\n \u003cli\u003eSingle region, Multi AZ\u003c/li\u003e\n \u003cli\u003eMulti region, Active/Passive\u003c/li\u003e\n \u003cli\u003eMulti region, Active/Active\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n\u003c/ol\u003e\n\n--- \n\n\u003ch2\u003eCloud Integrations\u003c/h2\u003e\n\n\u003cul\u003e\n \u003cli\u003e\u003cstrong\u003eSQS\u003c/strong\u003e: Amazon Simple Queue Service (SQS) is a managed message queuing service which is used to send, store and retrieve multiple messages of various sizes asynchronously. Terminologies -: Producers create the message.Consumers, processes the messages. Data persist for a max duration of \u003cstrong\u003e14 days\u003c/strong\u003e.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003eSNS\u003c/strong\u003e: Amazon Simple Notification Service (AWS SNS) is a managed service that automates the process of sending notifications to the subscribers attached to it.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003eKinesis\u003c/strong\u003e: Amazon Kinesis is a managed, scalable service that allows real-time processing of streaming data per second. It can collect data from multiple sources and then pass onto other applications/services to work on it.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003eAmazon MQ\u003c/strong\u003e: Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers on AWS. Amazon MQ reduces your operational responsibilities by managing the provisioning, setup, and maintenance of message brokers for you. Because Amazon MQ connects to your current applications with industry-standard APIs and protocols, you can easily migrate to AWS without having to rewrite code.\u003c/li\u003e\n\u003c/ul\u003e \n\n---\n\n\u003ch2\u003eCloud Monitoring\u003c/h2\u003e\n\n\u003col\u003e\n \u003cli\u003e\u003cstrong\u003eCloudwatch Metric\u003c/strong\u003e: Provides information on the health and performance of all AWS services.\n Default metrics are provided by a variety of services, including EC2 instances, EBS volumes, Lambda and RDS DB instances. Cloudwatch collects metrics from all AWS services and displays them in an easy-to-use dashboard formatted as a graph.By default, all metrics are refreshed every five minutes.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003eCloudwatch Alarm\u003c/strong\u003e: Alarms are triggered after some cloudwatch metric crosses it defined threshold value. The value can be default usage of the service or deduced via some mathematical calculation. Alarms have actions associated with them, which are performed when the alarm is triggered. e.g Send email to user when the CPU utilization of EC2 isntance crosses 80% or Auto scale the instances if there is more load and downgrade when it is less.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003eCloudwatch logs\u003c/strong\u003e: With the help of CloudWatch Logs, you can consolidate all of your system, application, and AWS service logs into a single, scalable service.\n They can then be quickly viewed, searched for certain error codes or patterns, filtered according to particular fields or safely archived for later research.\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" src=\"./assets/cloudwatch-logs.jpg\" /\u003e\n \u003cp align=\"center\"\u003eCollecting logs via the agent\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003eEventBridge\u003c/strong\u003e: Service which provides with real time delivery of events generated by AWS services. Example : EC2 instance stagte chaning from \"Pending\" to \"Started\" or from \"Running\" to \"Stopped\". With Event bridge you can capture these events and can have have targets or a group of them which will process these events and perform some actions described for it.\n \u003cp\u003e\u003cstrong\u003eTerminologies\u003c/strong\u003e -:\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cins\u003eEvents\u003c/ins\u003e: An event indicates a change in your AWS environment. AWS resources can generate events when their state changes. \u003c/li\u003e\n \u003cli\u003e\u003cins\u003eRules\u003c/ins\u003e: A rule matches incoming events and routes them to targets for processing.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eTargets\u003c/ins\u003e: A target processes events it receives events in JSON format.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS Cloudtrail\u003c/strong\u003e: AWS CloudTrail enables operational and risk auditing, governance, and compliance for your AWS account. Events in CloudTrail are actions taken by a user, role, or AWS service. Events include AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs actions. \n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eX-Ray\u003c/strong\u003e: AWS X-Ray is a service that gathers information about the requests that your application fulfils and offers tools for you to view, filter, and gain insights into that information in order to spot problems and areas for improvement. You may view comprehensive details for any tracked request made to your application, including the request, the answer, and any calls that your application makes to databases, web APIs, microservices, and downstream AWS resources. \n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eCodeguru\u003c/strong\u003e: Amazon CodeGuru is a developer tool that provides intelligent recommendations to improve code quality and identify an application’s most expensive lines of code. Static code analysis, similar to what Sonar Qube/Profiler tool does. Has integrations with Github, BitBucket, CodeCommit etc\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eService Health\u003c/strong\u003e: Shows health of all AWS service for all regions. \u003ca hred=\"https://health.aws.amazon.com/health/status\"\u003eAWS Health Dashboard\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003ePersonal Health Dashboard\u003c/strong\u003e: Personalized view of all the service which you are using. example :: if you have EC2 instances deployed which also send/fetch data from the SQS quque service, then personal health dashboard will only give insights on those two services which are deployed.\n \u003c/li\u003e\n\u003c/ol\u003e\n\n---\n\n\u003ch2\u003eVPC \u0026 Networking\u003c/h2\u003e\n\n\u003col\u003e\n \u003cli\u003e\n \u003cstrong\u003eVPC - Virtual Private Cloud\u003c/strong\u003e: A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. As the name suggest it is a private cloud where you deploy the AWS resources related to your application stack. \u003ca href=\"https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:50%;\" src=\"./assets/vpc.jpg\" /\u003e\n \u003cp align=\"center\"\u003eVPC Diagram\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eSubnet\u003c/strong\u003e: A subnet is a range of IP addresses in your VPC. A subnet must reside in a single Availability Zone. After you add subnets, you can deploy AWS resources in your VPC. \u003ca href=\"https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003ePublic Subnet\u003c/strong\u003e: Subnet which is accessible from the Internet.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003ePrivate Subnet\u003c/strong\u003e: Subnet which is not accessible from the Internet.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eIGW - Internet Gateway\u003c/strong\u003e: Help the VPC resources to connect with Internet.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eNAT Gateway\u003c/strong\u003e: Allow your private subnet to connect to internet while reamining private.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eSecurity Group and NACL (Network Access Control List)\u003c/strong\u003e:\n \u003ctable\u003e\n \u003cthead\u003e\n \u003ctr\u003e\n \u003ctd\u003e\u003cstrong\u003eSecurity Group\u003c/strong\u003e\u003c/td\u003e\n \u003ctd\u003e\u003cstrong\u003eNACL\u003c/strong\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/thead\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd\u003eAttached to EC2 instances\u003c/td\u003e\n \u003ctd\u003eAttached at Subnet level\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eProvides with Allow rules\u003c/td\u003e\n \u003ctd\u003eProvides with both Allow and Deny rules\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eSecurity groups are stateful i.e. any change to incoming rule (traffic) is also applicable to outgoing rule. e.g. If we allow incoming traffic on PORT 80 outgoing traffic is also allowed.\u003c/td\u003e\n \u003ctd\u003eNACL are stateless i.e. any change to incoming rule (traffic) is not applicable to outgoing rule. e.g. If we allow incoming traffic on PORT 80 outgoing traffic must be explicitly allowed.\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eMultiple Security groups can be attached to a single EC2 instance\u003c/td\u003e\n \u003ctd\u003eOne NACL attached to a Subnet\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eVPC Flow logs\u003c/strong\u003e: You can record details about the IP traffic to and from network interfaces in your VPC using a feature called VPC Flow Logs.Data from flow logs can be published to Amazon CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose, among other places.Following the creation of a flow log, the entries can be retrieved from the log group, bucket, or delivery stream that you configured and viewed. \n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eVPC Peering\u003c/strong\u003e: Connecting two VPC is called as VPC peering. Peering is not transitive i.e. if VPC(A) \u003c-\u003e VPC(B) \u0026 VPC(A) \u003c-\u003e VPC(C) then VPC(B) not connected to VPC (C). VPC Peering allows us to create a bigger network of resources across multiple regions.\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" src=\"./assets/vpc-peering.jpg\" /\u003e\n \u003cp align=\"center\"\u003eVPC Peering\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eVPC Endpoint\u003c/strong\u003e: VPC Endpoints allows you to connect to AWS services over a private network (VPN), which provides with lowered latency and and better security to access the AWS cloud.\n \u003cul\u003e\n \u003cli\u003e\n \u003cins\u003eVPC Endpoint Gateway\u003c/ins\u003e: When connecting to S3 and DynamoDB.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cins\u003eVPC Endpoint Interface\u003c/ins\u003e: When connecting to other services.\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS PrivateLink\u003c/strong\u003e: Without exposing your traffic to the open internet, AWS PrivateLink offers private connectivity between your on-premises networks, AWS services, and VPCs. Your network design can be greatly simplified by using AWS PrivateLink to connect services across several accounts and VPCs.\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" src=\"./assets/vpc-privatelink.jpg\" /\u003e\n \u003cp align=\"center\"\u003eVPC Private link\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eSite to Site VPN\u003c/strong\u003e: Connect an on premises VPN to AWS. The connection is encrypted and transfer happens over the public internet.\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" src=\"./assets/site-to-site-vpn.jpg\" /\u003e\n \u003cp align=\"center\"\u003eSite to Site VPN\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eDirect Connect (DX)\u003c/strong\u003e: Eshtablish a physical connection between on-premises infrastructure and AWS.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eClient VPN\u003c/strong\u003e: AWS Client VPN is a managed client-based VPN service that gives you access to your on-premises network's and AWS resources safely. With Client VPN, you can use an OpenVPN-based VPN client to access your resources from any place. \n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eTransit Gateway\u003c/strong\u003e: Your on-premises networks and Amazon Virtual Private Clouds (VPCs) are linked together by a central hub using AWS Transit Gateway.By doing this, you can eliminate complicated peering arrangements and simplify your network. Every new connection is formed only once; it functions as a cloud router.\n \u003cp align=\"center\"\u003e\n \u003cimg align=\"center\" style=\"display:block;margin:0% auto;width:70%;\" src=\"./assets/transit-gateway.jpg\" /\u003e\n \u003cp align=\"center\"\u003eTransit Gateway\u003c/p\u003e\n \u003c/p\u003e\n \u003c/li\u003e\n\u003c/ol\u003e\n\n---\n\n\u003ch2\u003eMachine Learning\u003c/h2\u003e\n\n\u003col\u003e\n \u003cli\u003e\n \u003cstrong\u003eRekognition\u003c/strong\u003e: Makes it easy to perform image and video analysis with the help of the Amazon Rekognition API. The service can identify objects, people, text, scenes, and activities. Perform accurate facial analysis, face comparison, and face search capabilities. \u003ca href=\"https://aws.amazon.com/rekognition/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eTranscribe\u003c/strong\u003e: Convert Speech to Text. Support automatic language identification for multi-lingual support, remove PII data using redaction.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003ePolly\u003c/strong\u003e: Turn Text to Speech using deep learning.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eTranslate\u003c/strong\u003e: Natural and accurate language translation.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eLex \u0026 connect\u003c/strong\u003e: \u003cstrong\u003e@todo\u003c/strong\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eComprehend\u003c/strong\u003e: Amazon Comprehend is a natural-language processing (NLP) service that uses machine learning to uncover valuable insights and connections in text. usecases : find the language of the text, extract key phrases, peoples, brands or places etc.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eSagemaker\u003c/strong\u003e: Amazon SageMaker is a fully managed machine learning service. With SageMaker, data scientists and developers can quickly and easily build and train machine learning models, and then directly deploy them into a production-ready hosted environment.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eForecast\u003c/strong\u003e: Forecast is a fully managed service that uses statistical and machine learning algorithms to deliver highly accurate time-series forecasts.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eKendra\u003c/strong\u003e: Amazon Kendra is a highly accurate and intelligent search service that enables your users to search unstructured and structured data using natural language processing and advanced search algorithms. Document search service powered by machine learning allows to extract text from documents of multiple formats (text, pdf, HTML, PowerPoint, MS word, FAQs).\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003ePersonalize\u003c/strong\u003e: Amazon Personalize is a fully managed machine learning service that uses your data to generate item recommendations for your users. It can also generate user segments based on the users' affinity for certain items or item metadata.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eTextract\u003c/strong\u003e: Amazon Textract makes it easy to add document text detection and analysis to your applications.\n \u003c/li\u003e\n\u003c/ol\u003e\n\n---\n\n\u003ch2\u003eOther Services\u003c/h2\u003e\n\n\u003col\u003e\n \u003cli\u003e\n \u003cstrong\u003eWorkspaces\u003c/strong\u003e: Amazon WorkSpaces is a fully managed desktop virtualization service for Windows and Linux that allows you to access resources from any supported device. \u003ca href=\"https://aws.amazon.com/workspaces/main/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAppStream 2.0\u003c/strong\u003e: Amazon AppStream 2.0 is a fully managed, secure application streaming service which allows streaming desktop applications. User can stream any application they want to work on device of their choice.\u003ca href=\"https://docs.aws.amazon.com/appstream2/index.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAmazon sumerian\u003c/strong\u003e: Used to create 3D models, VR (virtual reality) or AR (augmented reality) applications.\u003ca href=\"https://docs.aws.amazon.com/appstream2/index.html\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eSumerian\u003c/strong\u003e: Used to create 3D models, VR (virtual reality) or AR (augmented reality) applications.\u003ca href=\"https://aws.amazon.com/sumerian/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eIoT Core\u003c/strong\u003e: Connect billions of IoT devices and route trillions of messages to AWS services without managing infrastructure. \u003ca href=\"https://aws.amazon.com/iot-core/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eElastic Transcoder\u003c/strong\u003e: Media Transcoding service, convert your source video file into multiple formats. Source video is an S3 Bucket -\u003e Transcoder -\u003e S3 Bucket. \u003ca href=\"https://aws.amazon.com/elastictranscoder/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAppSync\u003c/strong\u003e: AppSync creates serverless GraphQL and Pub/Sub APIs to make application development easier by providing a single endpoint for securely querying, updating, and publishing data. \u003ca href=\"https://aws.amazon.com/appsync/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAmplify\u003c/strong\u003e: Amplify is a complete solution that lets frontend web and mobile developers easily build, ship, and host full-stack applications on AWS, with the flexibility to leverage the breadth of AWS services as use cases evolve. No cloud expertise needed. \u003ca href=\"https://aws.amazon.com/amplify/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eDevice Farm\u003c/strong\u003e: Testing service that lets you improve the quality of your web and mobile apps by testing them across an extensive range of desktop browsers and real mobile devices. \u003ca href=\"https://aws.amazon.com/device-farm/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eAWS Backup\u003c/strong\u003e: Manage and automate backups across all AWS services. Take on-demand backups, supports Point-in-Time recovery, cross region backups, cross account backups etc \u003ca href=\"https://aws.amazon.com/backup/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eDisaster Recovery\u003c/strong\u003e: Types of Strategies\n \u003cul\u003e\n \u003cli\u003e\u003cins\u003eBackup and Restore\u003c/ins\u003e: Backup data from Storage S3/EBS in case of failure.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003ePilot Light\u003c/ins\u003e: Have few (core) services in the cloud, to failover in case of disaster.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eWarm standby\u003c/ins\u003e: Have a minimum but full version of the application in the cloud.\u003c/li\u003e\n \u003cli\u003e\u003cins\u003eMulti-Site/Hot Site\u003c/ins\u003e: Have full version of the application in the cloud to switch in case of failover.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eElastic Disaster Recovery\u003c/strong\u003e: AWS Elastic Disaster Recovery (AWS DRS) minimizes downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery. \u003ca href=\"https://aws.amazon.com/disaster-recovery/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eDataSync\u003c/strong\u003e: AWS DataSync moves large amounts of data online between on-premises storage and Amazon S3, Amazon Elastic File System (Amazon Elastic File System) or Amazon FSx. Manual tasks related to data transfers can slow down migrations and burden IT operations. \u003ca href=\"https://aws.amazon.com/datasync/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eFault Injection Simulator\u003c/strong\u003e: AWS Fault Injection Simulator (FIS) is a fully managed service for running fault injection experiments to improve an application’s performance, observability, and resiliency. FIS simplifies the process of setting up and running controlled fault injection experiments across a range of AWS services, so teams can build confidence in their application behavior.\u003ca href=\"https://aws.amazon.com/fis/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eStep Functions\u003c/strong\u003e: AWS Step Functions is a visual workflow service that helps developers use AWS services to build distributed applications, automate processes, orchestrate microservices, and create data and machine learning (ML) pipelines.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eGround Station\u003c/strong\u003e: Control sattelite data, control communications, process data nd scale the sattelite operations.\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003ePinpoint\u003c/strong\u003e: Amazon Pinpoint offers marketers and developers one customizable tool to deliver customer communications across channels, segments, and campaigns at scale. \u003ca href=\"https://aws.amazon.com/pinpoint/\"\u003e\u003csub\u003einfo\u003c/sub\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cstrong\u003eApplication Migration Service\u003c/strong\u003e: T.B.C\n \u003c/li\u003e\n\u003c/ol\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvishwac09%2Faws-cloud-practitioner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvishwac09%2Faws-cloud-practitioner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvishwac09%2Faws-cloud-practitioner/lists"}