learn AWS

EC2 EC2 is a service in AWS, allows you to create and manage EC2 instances. EC2 instances are basically virtual machine, highly recommend you to read (https://www.learn-aws.com/2024/11/server-virtualization.html). So long story short, EC2 allows you create/manage EC2 instances based on your resource needs.  How EC2 instances works ? There are powerfull servers on AWS datacenters and hypervisor software used to manage those EC2 instances (virtual machines) on these servers. A lot of variying CPU,RAM,networking combination of EC2 options available. There are 3 types of IP addresses for EC2 instances: Public: You are not charged for public IP assignment Lost when instance is stopped (When you stop and start instance new public address will be assigned) Associated with private IP address  Cannot be moved between instances Private: Retained when instance is stopped (Start and stop instance same private address will be assigned) Used in association with public address Elastic: You are charge

High availability and Fault tolerance High availability: Minimal service interruption Designed with no single point of failure Uptime measured in percentage, like 99.9999% Lower cost compared to Fault tolerance Examples services create High Availability : Elastic load balancers, EC2 auto scaler, Amazon Route 53 Fault tolerance: No service interruption Specialized hardware with instant failover functionality No downtime Higher cost compared to High Availability Examples of Fault Tolerance :  Disk mirroring, Synchronous Database replication, redundant power.

Scaling vertically vs Scaling horizontally Scaling vertically - means that we are upgrading our server's capability so it will perform better.Let's suppose we have t1.micro (1 CPU and 1GB RAM) EC2 instance and running Mysql database on it.If we upgrade server resources (change EC2 instance to m1.large). We would definetly improve overall performance of database. But it costs money and sometimes not necessary. Scaling horizontally - means that we are adding multiple servers to our infrastructure to increase the performance. Let's suppose we have t1.micro (1 CPU and 1GB RAM) EC2 instance and running web application on it. If we add multiple t1.micro servers with same application and add load-balancer front of it. Overall performance of web application will be better. This kind of scaling is a lot cheaper than vertical scaling since we don't need to invest high-end expensive servers. These two scaling methods have their own usages. Scaling horizontally of databaese server

Server Virtualization Server Virtualization is key concept of cloud. This enables a lot of opportunities and also decrease the work-load of IT engineers.  Let's suppose we have a server infrastructure, to deploy our web application on it, we must allocate resources, install operating system, required libraries/tools  etc. And do same things every time when  we transfer it to other physical server or location.  And it is major hurdle to transfer application from this server to another one. Not only that but if our server has a lot of resources than it normally use, then it would cost us a lot of money too. We want to make sure that our application portable so that it will able to work on another computer/server as well. Therefore hypervisor technology came into play. Hypervisor adds abstraction layer between server (host) and to the virtual machines (VM). Hypervisor allocates resources (CPU,RAM,Storage etc.) for virtual machines (VM). Thanks to this technology we can now run multipl

IAM vs IAM Identity Center We have already familiar with IAM, and have little hands on experience with it. But there is another service called IAM Identity Center previously known as AWS Single-Sign-On (SSO).  What is SSO ? SSO is a method that allows users to authenticate once and access multiple applications without being prompted to enter their credentials again. This is typically done by an identity provider (IdP) that issues a token to the user, which is then passed to the different applications the user wants to access. So basically lets consider the scenario that as company IT engineer you want to provide access of Meta workplace, office365, SAP platforms to company users. But instead of typing their set of credentials for each of these services you implement company SSO. So once they logged in to company's portal, they will be granted access to all integrated platforms without needing to log in again. So basically IAM Identity Center is providing centralized permissions man

IAM Roles Roles in AWS has special meaning. With this functionality you can define different variety of roles and assign it users or your application/service can use them. Roles are specifically important for AWS security. Because roles use temporary credentials with services. So that we don't need to use own permanent credentials to do some operations. If somehow hackers got access to AWS infrastructure they won't able to access our cached permanent  credentials. Here are some of advantages of using roles : Reduced Risk of Credential Exposure Least Privilege Principle Cross-Account Access  Let's create a role and assign it to the user  Click to "IAM" , "Roles" and then "Create role" button.  We need ARN (we talked about this in the previous post) of the user. Copy 12 digit unique ID. During role creation select "AWS account" since we are planning to add this role to user. Enter the ID we got from previous step. This ID defines our us

AWS Policies AWS policies, as the name implies, allow you to set permissions to access your AWS resources. This is essential for controlling who can do what with your AWS services. There are two types of policies : Resource based policy (This can be applied to specific services (not all supports this) ) Identity based policy (This can be applied to users,groups and roles) Example Policy for Full Access to S3 Let's suppose we want to provide full access to the S3 resource. Here's an example policy: Version : The version number of the policy language. Statement : The key part of the policy. Each statement includes: Effect : Can be either Allow or Deny . Action : Specifies the actions that are allowed. The s3:* wildcard means all actions on Amazon S3 are allowed, including creating, listing, and deleting buckets, uploading and downloading objects, setting permissions, etc. Resource : Specifies the resources that the actions apply to. The * wildcard means all resources. In the