Amazon Web Services (AWS) is a comprehensive, evolving cloud computing platform provided by Amazon. It provides a mix of infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service (SaaS) offerings.
AWS Global Infrastructure:
AWS Global Infrastructure:
- Compute [EC2]
- Storage [S3]
- Database [RDS]
- Migration and Transfer [AWS Snow ball]
- Network and content Delivery [VPC]
- Security, Identity and Compliance [IAM]
Region and Availability zone Difference:
- AWS Global Infrastructure:
- Availability Zone = An availability may be several data centre but because they are close together they counter as 1 Availability Zone, 1 AZ = 1 DC
- Region: A Region is a geographical area. Each region consists 2 or more Availability Zone
- Edge Location: It is an endpoints for AWS which are used for cache content. Typically this consists of cloud front Amazon’s content Delivery Network. There are many more edge location than regions.
Compute EC2 [Elastic Compute Cloud]
- Virtual computing environments, known as instances
- Pre configured templates for your instances, known as Amazon Machine Images (AMIs), that package the bits you need for your server (including the operating system and additional software)
- Various configurations of CPU, memory, storage, and networking capacity for your instances, known as instance types
- Secure login information for your instances using key pairs (AWS stores the public key, and you store the private key in a secure place)
- Storage volumes for temporary data that's deleted when you stop or terminate your instance, known as instance store volumes
- Persistent storage volumes for your data using Amazon Elastic Block Store (Amazon EBS), known as Amazon EBS volumes
- Multiple physical locations for your resources, such as instances and Amazon EBS volumes, known as regions and Availability Zones
- A firewall that enables you to specify the protocols, ports, and source IP ranges that can reach your instances using security groups
- Static IPv4 addresses for dynamic cloud computing, known as Elastic IP addresses
- Metadata, known as tags, that you can create and assign to your Amazon EC2 resources
- Virtual networks you can create that are logically isolated from the rest of the AWS cloud, and that you can optionally connect to your own network, known as virtual private clouds (VPCs)
- Four types of EC2 options. On demand, Reserved, Spot and Dedicated Hosts
S3 [Simple Storage Service]
- Global service
- Name is universal can not be duplicate
- Upload to Object on bucket receive a HTTP 200 code
- Three types of S3 storage S3, S3- Infrequent Access and S3 Redundancy storage
- By default buckets are private and all object store inside them are private
- Versioning can enable on bucket and it is backup tool it can’t remove but we can suspend it
- Cross region replication: if you made any change or upload any file it will replicated but If you delete any file or version it will not replicate
- Version must be enable in both bucket for cross region replication
- Lifecycle Management needs to enable on bucket to define old content to different s3 storage version. Like after in activity for 30 days move to S3 to S3- IA
IAM [Identity and Authentication Management
- There are 2 users. One user is root and another normal user
- Root is user from where you have created account of AWS console.
- Access key is your username and the secret key is your password.
- Normal user can access using Browser that is console
- Programmatic user access API and CLI
- There are 2 Keys Access and Secret Key
- IAM Role
- Centralized control of your AWS account
- Shared Access of your AWS account
- Granular Permissions
- Identity Federation [Incl. Active Directory, Facebook and linkedin]
- Multifactor Authentication
- Provide temporary access for users/devices and services whew necessary
- Allow you to setup your password rotation
- Integrates with many different AWS services
- Support PCI DSS compliance
No comments:
Post a Comment