Foundamental

setup account

different types of services

Global - Region - AZ(Availability Zone)

AZ - Data Center(one or more data center)

vpc(virtual private cloud)

• a virtual network in the cloud
• private and isolated from the public internet
• 1 account and 1 region
• types
• default vpc
• custom vpc

EC2

• IAAS - Provides Virtual Machines => Instances
• Private service by-default - uses VPC networking
• AZ Resilient - Instance fails if AZ fails
• Different instance sizes and capabilities
• On-Demand Billing - Per second
• Local on-host storage or Elastic Block Store (EBS)

Life Cycle

• running
• stopped(memory, cpu, GPU stopped, still generate Storage usage)
• terminated(fully deleted)

AMI(Amazon Machine Image)

AMI - EC2 -AMI

• Permissions(Public, owner, explicit)
• Root Volume
• Block Device Mapping

Connect EC2

• 3389 - RDP
• 22 - SSH

S3

• bucket name
• unique name globally
• 3-63 characters
• startwith number/lowercase letter
• can't be IP, eg. 1.1.1.1
• 100 soft limit, 1000 hard per account
• unlimited objects in bucket, 0bytes-5TB
• Flat structure (no folders) name like old/test.jpg

CFN(CloudFormation)

• use yaml or Json
• Metadata
• control UI
• Parameters
• Mappings(optional)
• lookup tables
• Conditions
• create conditions
• use conditions
• Outputs

• stack create - logical resources - physical resources

CloudWatch

• Collect and manage operational data
• Metrics
• timestamp
• value
• dimensions
  • instance_id, value
  • instance_type, value
• Logs
• Events

Shared Responsibility Model

High Availability (HA), Fault-Tolerance (FT) and Disaster Recover (DR)

HA

• ensure service is available as much as possible

FT

• ensure service is available even when some components fail

DR

• pre-planning, backup, recovery

Route 53

• register domains
• host zones(manage nameservers)
• hosted on 4 managed servers
• can be public/private(linked to VPC)
• store records(DNS records)
• global service

DNS Records

nameservers

Identity Policies

Managed Policies

• for groups, users, roles

Inline Policies

• for specific users/roles

IAM

• 5,000 IAM Users per account
• IAM User can be a member of 10 groups
• This has systems design impacts...
• Internet-scale applications
• Large orgs & org merges

IAM Groups

• inline
• managed
• no nested
• 300 Group limit per account

IAM Users

• inline
• managed
• 1000 users per account

IAM Roles

Service Linked Role

Service Control Policies (SCP)

CloudWatch Logs

• collect, monitor, store, search, analyze
• log groups
• log streams
• log events

CloudTrail

S3- objects version

• use ID to identify the version, but same key with different version
• delete marker for deleted items
• space is consumed by all versions

MFA delete

• change version/delete version

S3

Object sotrage classes

S3 Lifecycle

stayed 30 days in standard, then transition to IA, then glacier