learn AWS

 S3 - Create a static website Creating static website with S3 bucket is very easy. This will make not only your website fast but also hassle-free and cheap alternative to traditional hosting. Please read this post before going further -  https://www.learn-aws.com/2024/11/s3.html  Create a bucket and set the permissions.  Click on the bucket, and navigate to the "Properties" tab, scroll down you will see this option. Edit it like below. Create a simple index.html file like the one below and upload it with the files you used in index file. In this case "aws.png" is also uploaded into the bucket as well. <html> <title> Hello from AWS S3 </title> <body> <img src="aws.png" alt="AWS"> </body> </html>  If we do everything right, we will be able to see rendered html when we copy and paste the link in the index file's link in S3 service.

 Security groups, Network ACL and Firewall Stateful and Stateless firewall - when connection initiated from client firewall checks the rules written and based on the defined rules allows/denies the traffic. Client initiates connection from any port (except the reserved by the OS) but destination port is known and static. So stateful firewall which as name implies keeps the state of connection so that even though there is no outbound rule for the outgoing connection, firewall will automatically allow it. Contrary to this approach in stateless firewall case you should explicitly define rule for inbound and outbound connections.   Network Access Control List (Network ACL) -  is stateless firewall allows you to define rules in subnet level. Also it processes rules in order. Security group - on the other hand stateful and also applied to individual instance or instance group . It evaluates all the rules.  Let's learn how to manage Network ACL's : Search VPC in the s...

OSI model consists of 7 layer : 1. Physical layer - Raw bits transfered over cable via electrical signals. 2. Data link - Switches direct these electrical signals. They use MAC address to identify the next destination.  3. Network layer - Routers receive frames from Data link layer and directs them to the destination based on the address defined in the frame. They use IP (Internet protocol) to identify the next destination. ICMP, ARP are example protocols work on this layer. 4. Transport layer - This layer manages delivery and error checking. TCP,UDP are the examples of protocols work on this layer. 5. Session layer - This layer controls communication between two computers. Netbios,PPTP is the one of the example works on this layer. 6. Presentation layer - This layer is responsible for encryption/decryption of data. SSL, TLS are examples. 7. Application layer - The final layer where user interacts. Example protocols : HTTP,SMTP, FTP etc. So we can say that switches connect computer...

Using Roles for a Service So as we mentioned before, Role is important part of IAM since it supports security of service indirectly. Let's imagine the scenario we want EC2 instance to access our S3 bucket (object storage) and receive some files from it. Since we have to do it programmatically, need to use cli for that. But cli is not enough, we need some kind of credentials to authenticate ourselves into the service. We can use access credentials and Roles for that .   Let's list S3 buckets using the command below, but it will display and error. It couldn't find the credentials that will help it to authenticate.  Search IAM and navigate to the users page. Click to the "create access key" button. Choose "Command line interface" option. Copy the credentials and paste into the cli. Use aws-cli utility tool to add credentials. And then you will be able to list all the available buckets. The issue with this approach is that it is not recommended and secure wa...

IAM vs IAM Identity Center We have already familiar with IAM, and have little hands on experience with it. But there is another service called IAM Identity Center previously known as AWS Single-Sign-On (SSO).  What is SSO ? SSO is a method that allows users to authenticate once and access multiple applications without being prompted to enter their credentials again. This is typically done by an identity provider (IdP) that issues a token to the user, which is then passed to the different applications the user wants to access. So basically lets consider the scenario that as company IT engineer you want to provide access of Meta workplace, office365, SAP platforms to company users. But instead of typing their set of credentials for each of these services you implement company SSO. So once they logged in to company's portal, they will be granted access to all integrated platforms without needing to log in again. So basically IAM Identity Center is providing centralized permissions man...