learn AWS

 Security groups, Network ACL and Firewall Stateful and Stateless firewall - when connection initiated from client firewall checks the rules written and based on the defined rules allows/denies the traffic. Client initiates connection from any port (except the reserved by the OS) but destination port is known and static. So stateful firewall which as name implies keeps the state of connection so that even though there is no outbound rule for the outgoing connection, firewall will automatically allow it. Contrary to this approach in stateless firewall case you should explicitly define rule for inbound and outbound connections.   Network Access Control List (Network ACL) -  is stateless firewall allows you to define rules in subnet level. Also it processes rules in order. Security group - on the other hand stateful and also applied to individual instance or instance group . It evaluates all the rules.  Let's learn how to manage Network ACL's : Search VPC in the s...

Load balancing and Auto scaling Let's suppose we have deployed our web application to the EC2 instance. And all of the sudden, our app. got viral and previously 10k daily users became 1 million. So we want our infrastructure to use less resources when there is little or no user, more when there is high load or spike, it somehow must adjust itself in a way to withstand to this load. This is when auto scaling comes into play. Load balancer - is a proxy that allows you to distribute connections to servers. It provides fault tolerance and high availability . Load balancer can be front of  EC2,ECS, other load balancers, lambda functions etc. There are 3 types of load balancer in AWS: Application load balancer (operates at Application layer (L7) http, https etc.) Network load balancer (operates at IP layer (L4) -  TCP, TLS, UDP etc.)  Gateway load balancer (uses Geneva protocol, balances firewalls,IDS/IPS, operates at layer 3 ) Auto scaling - allows you to automatically and ter...

User data Functionality in EC2 service is important and very handy tool. This allows us to execute script right after EC2 instance creation phase. By that we can execute,install any program we want or update, upgrade operating system on that virtual machine. User data functionality will run once just after completion of the instance creation sequence.  First we need to create an EC2 instance with extra steps. Choose Amazon Linux OS so we don't have to install aws-cli tool which we will need in the next steps.    Click to advanced options and add script below also tick the metadata options as well. With new metadata service it is not possible to send request to metadata service without secret key. That is why we need to use old metadata service for the demonstration purposes. Script is at the end of the page !!! We need one more thing to do, since by default all the ports are closed state. We need to add firewall allow line to open port 80 to serve our page to the public w...

EC2 EC2 is a service in AWS, allows you to create and manage EC2 instances. EC2 instances are basically virtual machine, highly recommend you to read (https://www.learn-aws.com/2024/11/server-virtualization.html). So long story short, EC2 allows you create/manage EC2 instances based on your resource needs.  How EC2 instances works ? There are powerfull servers on AWS datacenters and hypervisor software used to manage those EC2 instances (virtual machines) on these servers. A lot of variying CPU,RAM,networking combination of EC2 options available. There are 3 types of IP addresses for EC2 instances: Public: You are not charged for public IP assignment Lost when instance is stopped (When you stop and start instance new public address will be assigned) Associated with private IP address  Cannot be moved between instances Private: Retained when instance is stopped (Start and stop instance same private address will be assigned) Used in association with public address Elastic: You a...