Posts

Showing posts with the label amazon

VPC - Virtual Private Cloud

Image
OSI model consists of 7 layer : 1. Physical layer - Raw bits transfered over cable via electrical signals. 2. Data link - Switches direct these electrical signals. They use MAC address to identify the next destination.  3. Network layer - Routers receive frames from Data link layer and directs them to the destination based on the address defined in the frame. They use IP (Internet protocol) to identify the next destination. ICMP, ARP are example protocols work on this layer. 4. Transport layer - This layer manages delivery and error checking. TCP,UDP are the examples of protocols work on this layer. 5. Session layer - This layer controls communication between two computers. Netbios,PPTP is the one of the example works on this layer. 6. Presentation layer - This layer is responsible for encryption/decryption of data. SSL, TLS are examples. 7. Application layer - The final layer where user interacts. Example protocols : HTTP,SMTP, FTP etc. So we can say that switches connect computers wi

EC2 - Load Balancing and Auto scaling

Image
Load balancing and Auto scaling Let's suppose we have deployed our web application to the EC2 instance. And all of the sudden, our app. got viral and previously 10k daily users became 1 million. So we want our infrastructure to use less resources when there is little or no user, more when there is high load or spike, it somehow must adjust itself in a way to withstand to this load. This is when auto scaling comes into play. Load balancer - is a proxy that allows you to distribute connections to servers. It provides fault tolerance and high availability . Load balancer can be front of  EC2,ECS, other load balancers, lambda functions etc. There are 3 types of load balancer in AWS: Application load balancer (operates at Application layer (L7) http, https etc.) Network load balancer (operates at IP layer (L4) -  TCP, TLS, UDP etc.)  Gateway load balancer (uses Geneva protocol, balances firewalls,IDS/IPS, operates at layer 3 ) Auto scaling - allows you to automatically and terminate EC2

EC2 - User data

Image
User data Functionality in EC2 service is important and very handy tool. This allows us to execute script right after EC2 instance creation phase. By that we can execute,install any program we want or update, upgrade operating system on that virtual machine. User data functionality will run once just after completion of the instance creation sequence.  First we need to create an EC2 instance with extra steps. Choose Amazon Linux OS so we don't have to install aws-cli tool which we will need in the next steps.    Click to advanced options and add script below also tick the metadata options as well. With new metadata service it is not possible to send request to metadata service without secret key. That is why we need to use old metadata service for the demonstration purposes. Script is at the end of the page !!! We need one more thing to do, since by default all the ports are closed state. We need to add firewall allow line to open port 80 to serve our page to the public web. Click

EC2 - Using Roles for a Service

Image
Using Roles for a Service So as we mentioned before, Role is important part of IAM since it supports security of service indirectly. Let's imagine the scenario we want EC2 instance to access our S3 bucket (object storage) and receive some files from it. Since we have to do it programmatically, need to use cli for that. But cli is not enough, we need some kind of credentials to authenticate ourselves into the service. We can use access credentials and Roles for that .   Let's list S3 buckets using the command below, but it will display and error. It couldn't find the credentials that will help it to authenticate.  Search IAM and navigate to the users page. Click to the "create access key" button. Choose "Command line interface" option. Copy the credentials and paste into the cli. Use aws-cli utility tool to add credentials. And then you will be able to list all the available buckets. The issue with this approach is that it is not recommended and secure wa