AWS Information doc
This commit is contained in:
RadinPirouz
209
AWS/1-Information.md
Normal file
209
AWS/1-Information.md
Normal file
@@ -0,0 +1,209 @@
|
||||
# AWS Core Services Overview
|
||||
|
||||
## Compute & Container Services
|
||||
|
||||
**EC2 (Elastic Compute Cloud)**
|
||||
|
||||
* Infrastructure as a Service (IaaS)
|
||||
* Provides virtual machines (instances)
|
||||
* Storage options:
|
||||
|
||||
* **EBS** (Elastic Block Store): High-performance block storage attached to a single instance
|
||||
* **EFS** (Elastic File System): Network file system that can be mounted by multiple instances
|
||||
* Requires user management of OS, patching, and scaling
|
||||
|
||||
**ECS (Elastic Container Service)**
|
||||
|
||||
* AWS-managed container orchestration service
|
||||
* Supports Docker containers
|
||||
* Deployment options:
|
||||
|
||||
1. **EC2 Launch Type** – you manage EC2 instances
|
||||
2. **Fargate Launch Type** – serverless, AWS manages infrastructure
|
||||
|
||||
**ECR (Elastic Container Registry)**
|
||||
|
||||
* Fully managed Docker container image registry
|
||||
* Used to store, manage, and deploy container images for ECS and EKS
|
||||
|
||||
**EKS (Elastic Kubernetes Service)**
|
||||
|
||||
* Managed Kubernetes service
|
||||
* AWS manages the Kubernetes control plane
|
||||
* Worker nodes can run on EC2 or Fargate
|
||||
|
||||
**AWS Lambda**
|
||||
|
||||
* Serverless compute service
|
||||
* Event-driven execution
|
||||
* Maximum execution time: **15 minutes**
|
||||
* No server management required
|
||||
* Common use cases: APIs, background jobs, automation
|
||||
|
||||
---
|
||||
|
||||
## Messaging & Integration
|
||||
|
||||
**SQS (Simple Queue Service)**
|
||||
|
||||
* Fully managed message queue service
|
||||
* Used for decoupling and scaling distributed systems
|
||||
* Supports Standard and FIFO queues
|
||||
|
||||
---
|
||||
|
||||
## Databases
|
||||
|
||||
**RDS (Relational Database Service)**
|
||||
|
||||
* Managed relational databases (MySQL, PostgreSQL, Oracle, SQL Server, MariaDB, Aurora)
|
||||
* Typically deployed in **private subnets**
|
||||
* High availability using Multi-AZ
|
||||
* Automated backups, patching, and scaling
|
||||
|
||||
**DynamoDB**
|
||||
|
||||
* Fully managed NoSQL key-value and document database
|
||||
* Serverless, auto-scaling, and highly available
|
||||
* Low latency and global replication support
|
||||
|
||||
---
|
||||
|
||||
## Networking & Traffic Management
|
||||
|
||||
**VPC (Virtual Private Cloud)**
|
||||
|
||||
* Isolated virtual network in AWS
|
||||
* Uses CIDR ranges for IP addressing
|
||||
|
||||
**Subnets**
|
||||
|
||||
* **Public Subnet**: Has a route to the Internet Gateway
|
||||
* **Private Subnet**: No direct internet access
|
||||
|
||||
**Internet Gateway (IGW)**
|
||||
|
||||
* Enables inbound and outbound internet access for public subnets
|
||||
|
||||
**NAT Gateway**
|
||||
|
||||
* Placed in a public subnet
|
||||
* Allows **outbound-only** internet access for private subnet resources
|
||||
* Cannot receive inbound connections
|
||||
|
||||
**Route 53**
|
||||
|
||||
* Managed DNS service
|
||||
* Supports domain registration, routing policies, and health checks
|
||||
|
||||
---
|
||||
|
||||
## Load Balancing
|
||||
|
||||
**ELB (Elastic Load Balancing)**
|
||||
|
||||
* Distributes traffic across multiple targets
|
||||
|
||||
**ALB (Application Load Balancer)**
|
||||
|
||||
* Layer 7 (Application layer)
|
||||
* Supports HTTP/HTTPS routing rules
|
||||
* Can route traffic to:
|
||||
|
||||
* EC2
|
||||
* ECS
|
||||
* Lambda
|
||||
* IP addresses
|
||||
|
||||
---
|
||||
|
||||
## Security & Identity
|
||||
|
||||
**IAM (Identity and Access Management)**
|
||||
|
||||
* Manages users, groups, roles, and permissions
|
||||
* Global AWS service
|
||||
|
||||
**IAM Roles**
|
||||
|
||||
* Used by AWS services to access other AWS resources securely
|
||||
|
||||
**IAM Reports**
|
||||
|
||||
* **Credential Report**: Shows credential status for all users
|
||||
* **Access Advisor**: Shows last-used service permissions
|
||||
|
||||
**Security Groups**
|
||||
|
||||
* Stateful virtual firewalls for AWS resources
|
||||
* Control inbound and outbound traffic
|
||||
* Attached to EC2, ALB, RDS, ECS, etc.
|
||||
|
||||
---
|
||||
|
||||
## Monitoring & Logging
|
||||
|
||||
**CloudWatch**
|
||||
|
||||
* Monitoring and observability service
|
||||
* Collects metrics, logs, and events
|
||||
* Used for alarms, dashboards, and automation
|
||||
|
||||
---
|
||||
|
||||
## AWS Global Infrastructure
|
||||
|
||||
**Region**
|
||||
|
||||
* Geographic area containing multiple Availability Zones
|
||||
|
||||
**Availability Zone (AZ)**
|
||||
|
||||
* One or more isolated data centers within a region
|
||||
|
||||
**Global Services**
|
||||
|
||||
* IAM
|
||||
* Route 53
|
||||
* CloudFront
|
||||
* AWS WAF
|
||||
|
||||
**Regional Services**
|
||||
|
||||
* EC2
|
||||
* ECS
|
||||
* EKS
|
||||
* RDS
|
||||
* Lambda
|
||||
|
||||
---
|
||||
|
||||
## IP Addressing
|
||||
|
||||
**Private IP**
|
||||
|
||||
* Assigned from VPC CIDR range
|
||||
* Used for internal communication
|
||||
|
||||
**Public IP**
|
||||
|
||||
* Assigned automatically to EC2 instances in public subnets
|
||||
* Released when instance is stopped
|
||||
|
||||
**Elastic IP (EIP)**
|
||||
|
||||
* Static public IPv4 address
|
||||
* Remains allocated even if the instance stops
|
||||
* Used for failover and stable endpoints
|
||||
|
||||
---
|
||||
|
||||
## Database Networking Best Practices
|
||||
|
||||
* RDS instances should run in **private subnets**
|
||||
* Access options:
|
||||
|
||||
* EC2 in the same VPC
|
||||
* Bastion host
|
||||
* VPN or Direct Connect
|
||||
* NAT Gateway can be used for outbound access (updates, patches)
|
||||
Reference in New Issue
Block a user