Professional Documents
Culture Documents
4PM Weekday Classnotes Desktop B8GS35K
4PM Weekday Classnotes Desktop B8GS35K
4PM Weekday Classnotes Desktop B8GS35K
computing
IT services
IaaS SaaS
PaaS
(infra) (software)
(Platform)
---------------------------- ---------------------------
-------------------------------
virtual providing readymade s/w
source code deployment
servers
development
storage
management
networking
etc
+
physical servers
(bare metal)
rackspace
digital ocean
-----------------------------------------------------------------------------
--------------------------------
types of clouds:
community cloud
-----------------------------------------------------------------------
---------------------------
9 APR
aws account creation
1. aws.amazon.com/free ==> choose create a new account
2. provide your emailid,password, a/c name
3. provide billing address etc
4. choose between personal/professional account ( personal)
5. choose the payment method ( cc/dc visa/master/amex)
INR 2 will be deducted and will be refunded once your card is validated
6. choose the suppport model
Basic devlopers
business enterprise
(free tier)
support types:
-------------------------------------------------------------------
min $15,000
7. account activation :
Phone based activaton
roles in the cloud:
-----------------------------------------------------------------------------------
----------------
1. sysops and devops
(infrastrcuture automation) (application deployment
automation)
3. architects : making cloud based solutions and day to day issue analysis
4. account managers (TAM) : client liasing and first point of contact for
tech issues
-------------------
5. support resources.
-----------------------------------------------------------------------------
------------------
9-APR
10-APR:
vpc : virtual private cloud ( virtual network)
cidr: classlesss inter domain routing notation
S3 : simple storage service
ebs : elastic block store
public ip : visible to internet
A security group is a set of firewall rules that control the traffic for your
instance. On this page, you can add rules to allow specific traffic to reach your
instance. For example, if you want to set up a web server and allow Internet
traffic to reach your instance, add rules that allow unrestricted access to the
HTTP and HTTPS ports.
13-APR
User data:
as file : should base64 encoded
You can specify user data to configure an instance or run a
configuration script during launch. If you launch more than one instance at a time,
the user data is available to all the instances in that reservation.
linux permissions:
x --- 1
w ---- 2
x+w 1+2=3
r --- 4
r+w+x --- 4+3=7
rw --- 4+2=6
14-APR:
Status Checks:
15-APR:
AMI creation
on sharing ami between accounts: provide,
Add "create volume" permissions to the following associated snapshots
when creating permissions: snap-0b944ca98ac18dc2d
so that shared ami can copied from one region to another region.
else you will get "You do not have permission to access the storage of
this ami" error
No-Reboot option:When enabled, Amazon EC2 does not shut down the instance
before creating the image.
When this option is used, file system integrity on the created image cannot
be guarantee
16-aPR
volumes-and snapshots
size
IOPS storage
------------------
- fee per use-case
Min
Max (Max) (GB)
------------------
------ ------------------
------------------------------------------
1. magnetic (HDD) 1 gb 1 tb
$0.05 low profile job
17-apr:
Data encryption:
IAM : IDENTITY and ACCCESS MANAGEMENT - Security service
KMS: Key Managmenet System
Key material origin
KMS
External
DR CONCEPTS:
The recovery point objective (RPO)
is the age of files that must be recovered from backup
storage for normal operations to resume if a computer, system, or network goes down
as a result of a hardware, program, or communications failure. ... It an important
consideration in disaster recovery planning (DRP)
20-APR:
Public data set: there is no charge for using the data in a public
data set.however you will be charged for the size of the volume created.
and
Elastic Network interface(ENI)
If you attach another network interface to your instance, your current
public IP address is released when you restart your instance
when you disassociate an EIP from an instance with single network
interface, automatically a new Dynamic Public Ip will be associated.
Elastic Fabric Adapter:An Elastic Fabric Adapter is a network device that you
can attach to your instances to reduce latency and increase throughput for
distributed High Performance Computing (HPC) and Machine Learning (ML)
applications.
22-Apr:
Loadbalancers : by default comes with High Availability
(managed load balanacer)
classic loadbalancer:
When you create a load balancer in a VPC, you must choose whether to
make it an internal load balancer or an Internet-facing load balancer.
23-Apr:
to be seen:
Address type:
ipv4 : lb dns will be a ipv4 dns
dualstack : both IPV4 and IPV6 dns
Listener:
A listener checks for connection requests from clients, using the
protocol and port that you configure.
The rules that you define for a listener determine how the load
balancer routes requests to its registered targets.
Each rule consists of a priority, one or more actions, and one or
more conditions.
When the conditions for a rule are met, then its actions are
performed.
You must define a default rule for each listener, and you can
optionally define additional rules.
abc ---->
primary domain(apex domain)
com ---->
domain type
www/images/videos ---->
secondary/sub domain
Target group :
Each target group routes requests to one or more registered
targets, such as EC2 instances, using the protocol and port number that you
specify.
You can register a target with multiple target groups.
You can configure health checks on a per target group basis.
Health checks are performed on all targets registered to a target
group that is specified in a listener rule for your load balancer.
----------------------------------------
27-apr
Autoscaling:
1. Manual scaling : Manually change the Min , Max and Desired Capacity(
group size) suitable for known/predictable workload
-------------------------
type of scaling:
vertical scaling : Increase/Decrease no of internal resources(cpu
cores, ram etc) with in a server
scale-up : increase
scale-down: decrease
pre-req:
step 1:
create a Launch configuration : a temple defining the
configuration to launch instances in an Auto-scaling-group
once created, it
canot be edited. but can be copied to new name and edited
step 2:
create an Auto-scaling-group
which launch configuration
min
maximum
desired capacity
loadbalancer
(scaling policy)
-----------------------------------------------------------------------------------
------------------------------------------------
28 apr:
Dynamic Scaling
spot instances:
A Spot Instance is an unused EC2 instance that is available
for less than the On-Demand price. Because Spot Instances enable you to request
unused EC2 instances at steep discounts, you can lower your Amazon EC2 costs
significantly.
New
BCP $0.395 New BCP $0.0425
10:00
10:45
Bid Price($)
------------
bid 1 0.04 sopt instance will
launch will get a 2 mins times to save work before instance
terminates
bid 2 0.0375 sopt
instance will not launch
bid 3 0.039 sopt instance will
not launch
bid 4 0.05 sopt instance will
launch will continue to run
bid 5 0.0455 sopt
instance will launch will continue to run
----------------------------
Reserved instances : best suited for long term instance requests(1 year to 3
years)
30% reduced cost when compared with on demand
instance cost for the same duration
===================================================================================
==============================================
1-May
s3: simple storage service
bucket: objects
4-may
STORAGE CLASSES: 11 9s
STORAGE FEE USE-CASE
DURABILITY%
Availability% PER GB [$]
===================================================================================
===================================
Standard 99.999999999 99.99
0.023 Frequently accessed data
no minimum retention period
no minimum billable size (object can be 0 KB also)
FREE TIER ELIGIBLE.
===================================================================================
=======================================
Standard-IA 99.999999999 99.9
0.0125 LONG LIVED AND IN-Frequently accessed data
A minimum of 30 days is required before transitioning
to the Standard-IA storage class
===================================================================================
=================================
non-critical,reproducable
data
min retention period : 30 days
An object must remain in the Standard-IA
storage class for a minimum of 30 days before transitioning to another storage
class(onezoneia/glacier/glacier deeparchive)
===================================================================================
==========================================
===================================================================================
==========================================
Glacier 99.999999999
0.004 Archive data with retrieval times
Standard retrieval
Typically within 3 - 5 hours
Expedited retrieval
Typically within 1 - 5 minutes when
retrieving less than 250MB
===================================================================================
==========================================
Glacier Deep Archive99.999999999
Archive data that rarely, if ever, needs to be
Versioning
Keep multiple versions of an object in the same bucket
6 may no session
7may:
bucket permissions:
===================================================================================
=========
4. MFA Delete
Multi Factor Authentication based delete control
Cross-Region Replication
Cross-Region replication enables automatic and asynchronous copying of
objects across buckets in different AWS Regions. Buckets configured for object
replication can be owned by the same AWS account or by different accounts.
Same-Region Replication
Same-Region replication enables automatic and asynchronous copying of
objects across buckets in the same AWS Region. Buckets configured for object
replication can be owned by the same AWS account or by different accounts.
DATA ENCRYPTION:
AES-256 [AWS PROVIDED MASTER ENCRYPTION KEY] - FREE
Use Server-Side Encryption with Amazon S3-Managed
Keys (SSE-S3)
reports:
INVENTORY REPORT
LOGS:
SERVER ACCESS LOG : ALL TYPES OF ACCESS (READ/WRITE) WILL BE
LOGGED IN TO A DESTINATION Bucket
Object-level logging
Record object-level API activity using the CloudTrail
data events feature (additional cost).
8-May:
Transfer acceleration
you can speed file transfer between s3 buckets and your
place upto 400% than internet speed.
s3-select
you can send a s3-select query to any file of following
types:
1. csv
2. JSON
3. Apache parquet
8 May:
aws configure
Note the instance ID from the output of last statement and replace it
respectively in below statement:
Linux/Mac only:
aws ec2 describe-instances --query 'Reservations[].Instances[].[Tags[?Key==`Name`]
| [0].Value, InstanceId, State.Name, PrivateIpAddress, PublicIpAddress ]' --output
table
i-04a4ae777e082526b
12-May:
IAM: Identity and Access Managmenet
Types of Policies
1. AWS Managed (e.g
FULLACCESS, READONLY ....) Read-only to the End users
2. customer Managed Created and
Managed by us/customer
3. AWS Managed Job Function (e.g
PowerUser,Administrator ...) Read-only to the End users
user create:
Require password reset
User must create a new password at next sign-in
s3- delete MFA based : bring an added protection for any s3 based
delete actions
Roles:
An IAM role is an AWS Identity and Access Management (IAM) entity with
permissions to make AWS service requests. IAM roles cannot make direct requests to
AWS services; they are meant to be assumed by authorized entities, such as IAM
users, applications, or AWS services such as EC2.
14 may
Identity providers:
web identity providers
facebook
google
amazon
corporate login
amazon
cognito:mobile /web application identity (application user pool)
identity providers
SSO
SAML
2.0
OpenIDCOnnect
VPC:
VIRTUAL PRIVATE Cloud
Network PUBLIC-SUBNET
AVZ PRIVATE-SUBNET AVZ REGION
CIDR CIDR
CIDR
-----------------------------------------------------------------------
--------------------------------------
ARAVIND 100.0.0.0/16 100.0.10.0/24 A
100.0.20.0/24 B OREGON
ARU 101.0.0.0/16 101.0.10.0/24 A
101.0.20.0/24 B OREGON
A VIJAY 102.0.0.0/16 102.0.10.0/24 A
102.0.20.0/24 B OREGON
HARI 103.0.0.0/16 103.0.10.0/24 A
103.0.20.0/24 B OREGON
-----------------------------------------------------------------------
--------------------------------------
KRISHNA 104.0.0.0/16 104.0.10.0/24 A
104.0.20.0/24 B nCAL
POORNI 105.0.0.0/16 105.0.10.0/24 A
105.0.20.0/24 B nCAL
PURUSH 106.0.0.0/16 106.0.10.0/24 A
106.0.20.0/24 B nCAL
SENTHIL 107.0.0.0/16 107.0.10.0/24 A
107.0.20.0/24 B nCAL
-----------------------------------------------------------------------
---------------------------------------
JPA 10.0.0.0/16 10.0.10.0/24 A
10.0.20.0/24 B NVIR
-----------------------------------------------------------------------
--------------------------------------
18-May
NAT
NAT Gateway :
AWS Managed NAT
Min 10 GBPS Bandwidth
Comes with HighAvailability
suitable for production
per hour usage charges are applicable
Peering connection:
1. You cannot peer between two VPCs with overlapping CIDRs
e.g. you cannot peer between two deafult vpc having
cirdr (172.31.x.x)
Transit Gateway
A Transit Gateway (TGW) is a network transit hub that
interconnects attachments (VPCs and VPNs) within the same account or across
accounts.
21-MAY:
A hosted zone is a container that holds information about how you want to
route traffic for a domain, such as example.com, and its subdomains.
22-May
Routing policies:
1. Simple
Type of records
A IPV4 (will be charged for all external
IP references)
AAAA IPV6 (will be charged for all external IP
references)
Alias : internal references (services with DNS running with-in aws or
record sets defined within the hosted zone(free)
CNAME Cannonical Name (can point to any
DNS(inside/outside)AWS - charagable
MX Mail Exchange
PTR Pointer (for reverse DNS)
SPF SECURE MAIL
TXT informational
NS Name server (default)
SOA Start of Authority(default)
...
====================================
22-May
s3 data consistency model:
1. Eventual consistency : Overwrites and deletes
2. read after write : New Puts (all new uploads)
NACL
Security Group
At Subnet level
at instance level