cloud network (internet / intranet)

computing

IT services

IaaS SaaS
PaaS
(infra) (software)
(Platform)
---------------------------- ---------------------------
-------------------------------
virtual providing readymade s/w
source code deployment
servers
development
storage
management
networking
etc

+
physical servers
(bare metal)

service providers: google map

developers.google.com/maps
AWS(amazon web services) sap cloud
developers.facebook.com
ms azure facebook
AWS Beanstalk
google compute engine(gce) ...
herouku

Pivotal cloud Foundry(PCF)

Alibaba cloud
oracle cloud
ibm bluemix

rackspace
digital ocean
-----------------------------------------------------------------------------
--------------------------------

hypervisor : VMM - Virtual Machine Manager (creates and manages a

Virtual machine)
e.g.
KVM -Kernel Based VM
xen
vmware ESX
HyperV

types of clouds:

private cloud : service running with-in an

organization/home(intranet)
opensource:
eucalyptus (hp helion)
 opennebula
openstack
Cloudstack
licensed
vmware vcloud
Citrix XENCloud
MS HyperV+systemCenter

public cloud : a cloudservice , offered by a service

provider, for everyone, visible and accessible via internet.

hybrid cloud private cloud + public cloud

community cloud

who coined the jargon /term cloud computing : Ramnath Chellappa

-----------------------------------------------------------------------
---------------------------
9 APR
aws account creation
1. aws.amazon.com/free ==> choose create a new account
2. provide your emailid,password, a/c name
3. provide billing address etc
4. choose between personal/professional account ( personal)
5. choose the payment method ( cc/dc visa/master/amex)
INR 2 will be deducted and will be refunded once your card is validated
6. choose the suppport model

Basic devlopers
business enterprise
(free tier)
support types:
-------------------------------------------------------------------

billing /acccount yes yes

yes yes

limit increase yes yes

yes yes

technical support not applicable yes yes

yes

support SLA None 12-24 Hrs

1 Hrs 15 mins

support fee none $29/mon

$100/mon 10% of your monthly bill or

min $15,000
7. account activation :
Phone based activaton
 roles in the cloud:
-----------------------------------------------------------------------------------
----------------
1. sysops and devops
(infrastrcuture automation) (application deployment
automation)

2. developers (cloud based API developers)

3. architects : making cloud based solutions and day to day issue analysis

4. account managers (TAM) : client liasing and first point of contact for
tech issues
-------------------
5. support resources.
-----------------------------------------------------------------------------
------------------
9-APR

EC2 : Elastic Cloud Compute

IaaS , using Virtual servers can be launched

10-APR:
vpc : virtual private cloud ( virtual network)
cidr: classlesss inter domain routing notation
S3 : simple storage service
ebs : elastic block store
public ip : visible to internet

AMI is a template that contains the software configuration (operating system,

application server, and applications) required to launch your instance

A security group is a set of firewall rules that control the traffic for your
instance. On this page, you can add rules to allow specific traffic to reach your
instance. For example, if you want to set up a web server and allow Internet
traffic to reach your instance, add rules that allow unrestricted access to the
HTTP and HTTPS ports.

13-APR
User data:
as file : should base64 encoded
You can specify user data to configure an instance or run a
configuration script during launch. If you launch more than one instance at a time,
the user data is available to all the instances in that reservation.

Scripts entered as user data are executed as the root user, so do

not use the sudo command in the script. Remember that any files you create will be
owned by root; if you need non-root users to have file access, you should modify
the permissions accordingly in the script. Also, because the script is not run
interactively, you cannot include commands that require user feedback (such as yum
update without the -y flag).

The cloud-init output log file (/var/log/cloud-init-output.log)

captures console output so it is easy to debug your scripts following a launch if
the instance does not behave the way you intended.

When a user data script is processed, it is copied to and

executed from /var/lib/cloud/instances/instance-id/. The script is not deleted
after it is run. Be sure to delete the user data scripts from
/var/lib/cloud/instances/instance-id/ before you create an AMI from the instance.
Otherwise, the script will exist in this directory on any instance launched from
the AMI.

User Data and cloud-init Directives

The cloud-init package configures specific aspects of a new
Amazon Linux instance when it is launched; most notably, it configures the
.ssh/authorized_keys file for the ec2-user so you can log in with your own private
key

Metadata server ip:

Instance metadata is data about your instance that you can use to
configure or manage the running instance. Instance metadata is divided into
categories, for example, host name, events, and security groups.

Retrieving Instance Metadata

169.254.169.254- metadata ip
To view all categories of instance metadata from within a running
instance, use the following URI.
curl http://169.254.169.254/latest/meta-data/

linux permissions:
x --- 1
w ---- 2
x+w 1+2=3
r --- 4
r+w+x --- 4+3=7

rw --- 4+2=6

AWS free tier quota: (for 12 months)

750 CPU Running hours per month on a t2.micro Linux server

or
750 CPU Running hours per month on a t2.micro Windows server
+
30 GB volume (storage space)
+
1 GB snapshot(backup of a Volume)

14-APR:
Status Checks:

System Status Checks : verify aws side physical infrastructure

This check verifies that your instance is reachable. We

test that we are able to get network packets to your instance.
If this check fails, there may be an issue with the
infrastructure hosting your instance (such as AWS power, networking or software
systems). You may need to restart or replace the instance, wait for our systems to
resolve the issue, or seek technical support.
This check does not validate that your operating system and
applications are accepting traffic.

Instance Status Checks:

reachability check for the OS running inside the Virtual
machine (instance)

15-APR:
AMI creation
on sharing ami between accounts: provide,
Add "create volume" permissions to the following associated snapshots
when creating permissions: snap-0b944ca98ac18dc2d
so that shared ami can copied from one region to another region.

else you will get "You do not have permission to access the storage of
this ami" error

No-Reboot option:When enabled, Amazon EC2 does not shut down the instance
before creating the image.
When this option is used, file system integrity on the created image cannot
be guarantee

16-aPR
volumes-and snapshots

iops: inout-output operations per second

types of volume: refer:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html

size
IOPS storage
------------------
- fee per use-case
Min
Max (Max) (GB)
------------------
------ ------------------
------------------------------------------
1. magnetic (HDD) 1 gb 1 tb
$0.05 low profile job

2. general prupose SSD(GP2) 1 gb 16 tb

16,000 $0.10 dev/test and bootable drive
(Baseline of 3 IOPS per GiB with a minimum of 100
IOPS, burstable to 3000 IOPS)
(any size > 5333 will get a fixed 16,000 iops)

3. Provisioned IOPS SSD 4 gb 16 tb

64,000 $0.125+ IOPS CHARGES production requirements
[$0.065
per provisioned IOPS-month]
The requested number of I/O operations per second that the
volume can support. For Provisioned IOPS (SSD) volumes, you can provision up to 50
IOPS per GiB. For General Purpose (SSD) volumes, baseline performance is 3 IOPS per
GiB, with a minimum of 100 IOPS and a maximum of 10000 IOPS. General Purpose (SSD)
volumes under 1000 GiB can burst up to 3000 IOPS. Learn more about

4. Cold HDD 500 gb 16 tb

12 MB/s per TiB)$0.025 data archieval

5. Throughput opptimized HDD 500 gb 16 tb 40 MB/s per

TiB)$0.045 data-warehousing dev/testing

17-apr:

Data encryption:
IAM : IDENTITY and ACCCESS MANAGEMENT - Security service
KMS: Key Managmenet System
Key material origin

KMS

External

Custom key store (CloudHSM)

AES-256 Advanced Encryption Standard (AES)

SNAPSHOT SCHEDULER (LIFECYCLE MANAGER)

DR CONCEPTS:
The recovery point objective (RPO)
is the age of files that must be recovered from backup
storage for normal operations to resume if a computer, system, or network goes down
as a result of a hardware, program, or communications failure. ... It an important
consideration in disaster recovery planning (DRP)

The Recovery Time Objective (RTO)

is the targeted duration of time and a service level within
which a business process must be restored after a disaster (or disruption) in order
to avoid unacceptable consequences associated with a break in business continuity.

20-APR:
Public data set: there is no charge for using the data in a public
data set.however you will be charged for the size of the volume created.

revised syllabus point:

ebs optimized instance:
Indicates whether the instance type supports EBS optimization. An
EBS-optimized instance provides additional, dedicated throughput for Amazon EBS
I/O. This provides improved performance for your Amazon EBS volumes and enables
instances to use provisioned IOPs fully.
21-APr:
Elastic IP(EIP)
default quota of EIPs /Region : 5
if you need more than 5 EIPs, raise a support ticket for "Limit
increase"

You will be charged for the EIP if it is,

1. in the allocated mode (not associated with any EC2 instance)
2. associated with a Stopped instance
 when your ec2 instance has a single network interface,
when you associate an EIP with EC2 instance, dynamic public ip will be
released and EIP takes over.

and
Elastic Network interface(ENI)
If you attach another network interface to your instance, your current
public IP address is released when you restart your instance
when you disassociate an EIP from an instance with single network
interface, automatically a new Dynamic Public Ip will be associated.

Elastic Fabric Adapter:An Elastic Fabric Adapter is a network device that you
can attach to your instances to reduce latency and increase throughput for
distributed High Performance Computing (HPC) and Machine Learning (ML)
applications.

22-Apr:
Loadbalancers : by default comes with High Availability
(managed load balanacer)
classic loadbalancer:

When you create a load balancer in a VPC, you must choose whether to
make it an internal load balancer or an Internet-facing load balancer.

The nodes of an Internet-facing load balancer have public IP addresses.

The DNS name of an Internet-facing load balancer is publicly resolvable to the
public IP addresses of the nodes. Therefore, Internet-facing load balancers can
route requests from clients over the Internet. For more information, see Internet-
Facing Classic Load Balancers.

The nodes of an internal load balancer have only private IP addresses.

The DNS name of an internal load balancer is publicly resolvable to the private IP
addresses of the nodes. Therefore, internal load balancers can only route requests
from clients with access to the VPC for the load balancer.

23-Apr:
to be seen:

Enable Cross-Zone Load Balancing

Enable Connection Draining 300 seconds

Application Loadbalancers: desiged to take virtually any load of http/https type.

more suited for complex web applications.

Address type:
ipv4 : lb dns will be a ipv4 dns
 dualstack : both IPV4 and IPV6 dns

Listener:
A listener checks for connection requests from clients, using the
protocol and port that you configure.
The rules that you define for a listener determine how the load
balancer routes requests to its registered targets.
Each rule consists of a priority, one or more actions, and one or
more conditions.
When the conditions for a rule are met, then its actions are
performed.
You must define a default rule for each listener, and you can
optionally define additional rules.

path based routing

e.g. |-------
path------------|
https://www.makemytrip.com/international-
flights/
https://www.makemytrip.com/flights/
host based routing
e.g
images.abc.com
videos.abc.com

abc ---->
primary domain(apex domain)
com ---->
domain type
www/images/videos ---->
secondary/sub domain

Target group :
Each target group routes requests to one or more registered
targets, such as EC2 instances, using the protocol and port number that you
specify.
You can register a target with multiple target groups.
You can configure health checks on a per target group basis.
Health checks are performed on all targets registered to a target
group that is specified in a listener rule for your load balancer.

----------------------------------------
27-apr
Autoscaling:

1. Manual scaling : Manually change the Min , Max and Desired Capacity(
group size) suitable for known/predictable workload

2. Time-scheduled : scale based on a time-schedule

suitable for known/predictable workload

3. Dynamic Scaling : suitable for unknown/ non-predictable workload

-------------------------

4. Predictive Scaling : machine learning based auto-scaling

type of scaling:
 vertical scaling : Increase/Decrease no of internal resources(cpu
cores, ram etc) with in a server
scale-up : increase
scale-down: decrease

horizontal scaling: Increase/Decrease no of servers itself

scale-in : decrease
scale-out: increase

pre-req:

1. have a golden AMI

2. Incase of Web Application , have a Loadbalancer
3. email notification
--------------------------------------------------------------

step 1:
create a Launch configuration : a temple defining the
configuration to launch instances in an Auto-scaling-group
once created, it
canot be edited. but can be copied to new name and edited

step 2:
create an Auto-scaling-group
which launch configuration
min
maximum
desired capacity
loadbalancer
(scaling policy)

Health Check Grace Period

-----------------------------------------------------------------------------------
------------------------------------------------
28 apr:

Dynamic Scaling

application type based on resource utilization :

1. CPU intensive (varibale CPU Utilization)

2. Storage intensive (disk read/write OPS or
Disk/Read )
3. Network intensive (network bytes IN/OUT)
-----------------------------------------------
----------
4.RAM/Memory intensive

29- autoscaling contd

\30- autoscaling contd
attach instance
detach instance
 set to standby
relase from Standby
Autoscaling Lifecycle hooks
for instance launch
for instance terminate

1-may autoscaling contd

using Launch templates with ASG

spot instances:
A Spot Instance is an unused EC2 instance that is available
for less than the On-Demand price. Because Spot Instances enable you to request
unused EC2 instances at steep discounts, you can lower your Amazon EC2 costs
significantly.

The hourly price for a Spot Instance is called a Spot

price.

The Spot price of each instance type in each Availability

Zone is set by Amazon EC2, and adjusted gradually based on the long-term supply of
and demand for Spot Instances. Your Spot Instance runs whenever capacity is
available and the maximum price per hour for your request exceeds the Spot price.

best suited for Fault-Tolerent / Interruption tolerant

workloads

New
BCP $0.395 New BCP $0.0425
10:00
10:45

current Spot Price $0.0338

Bid Price($)
------------
bid 1 0.04 sopt instance will
launch will get a 2 mins times to save work before instance
terminates
bid 2 0.0375 sopt
instance will not launch
bid 3 0.039 sopt instance will
not launch
bid 4 0.05 sopt instance will
launch will continue to run
bid 5 0.0455 sopt
instance will launch will continue to run
----------------------------

if you do not specify a Spot price, spot instances are charged at

Ondemand instance price.

spot termination/interruption can happen

(https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html)

1) fluctuation of SPot price

2) lake of ec2 instance capacity
3) manual cancelation of your SPOT
block/ SPOT Fleet
 spot block : Min : 1 hour max 6 hours
------------------------------------------
spot fleet : you make a spot request valid upto 1 year

Reserved instances : best suited for long term instance requests(1 year to 3
years)
30% reduced cost when compared with on demand
instance cost for the same duration

Scheduled Reserved Instances : valid upto 1 year

Scheduled Instances allow you to purchase recurring Amazon EC2
compute capacity by the hour for a one-year term.
these are chared 5% less than on-demand instance price during
Peak hours(mon-fri) and 10% less than on-demand instance price during off-peak
hours(sat-sun)

===================================================================================
==============================================
1-May
s3: simple storage service

free tier limit :

5 gb bucket space /account for each month , for an year

STANDARD Storage class only
+
20,000 get(read) requests/mon
2,000 put(upload) requests/mon

single file upload size limit : cannot be > 5tb

bucket size limit : unlimited

S3 best practice sugessts to use Multi-part upload(possible through CLI/API)

for any file > 100 MB

bucket: objects
4-may

bucket : a container for objects.

region specific (low latency region with respect to all
resources)
should have a UNIQUE name
should follow DNS naming conventions, like
No UPPERCASE
No SPL CHARs
Cannot end with a
Hyphen or a Dot
should be betweeen
3 to 63 chars

endpoint syntax : <bucket-name>.s3-website-<region-

code>.amazonaws.com/<key-name>
 e.g: http://1may-4pm-wkday-jpa.s3-website-us-west-2.amazonaws.com

object :anthing stored inside the bucket (your files /folder)

url: private by defualt
url syntax: https://<bucket-name>.s3-<region-
code>.amazonaws.com/<key-name>
e.g
Object URL
https://1may-4pm-wkday-jpa.s3-us-west-
2.amazonaws.com/index.html

ListBucket : read-only facility to list obejcts in a bucket

getobject : to get an object in to a browser/localsystem etc

Static website hosting with S3

STORAGE CLASSES: 11 9s
STORAGE FEE USE-CASE
DURABILITY%
Availability% PER GB [$]

===================================================================================
===================================
Standard 99.999999999 99.99
0.023 Frequently accessed data
no minimum retention period
no minimum billable size (object can be 0 KB also)
FREE TIER ELIGIBLE.

===================================================================================
=======================================
Standard-IA 99.999999999 99.9
0.0125 LONG LIVED AND IN-Frequently accessed data
A minimum of 30 days is required before transitioning
to the Standard-IA storage class

min retention period : 30 days

An object must remain in the Standard-IA
storage class for a minimum of 30 days before transitioning to another storage
class(onezoneia/glacier/glacier deeparchive)

min billable object size = 128 KB. any object less-

than 128 KB will be consifered as 128 KB
In addition to storage cost you will be charged for a
retrieval , when even you retrieve an object.

===================================================================================
=================================

One Zone-IA 99.999999999 99.5

 0.01 LONG LIVED AND IN-Frequently accessed and

non-critical,reproducable
data
min retention period : 30 days
An object must remain in the Standard-IA
storage class for a minimum of 30 days before transitioning to another storage
class(onezoneia/glacier/glacier deeparchive)

min billable object size = 128 KB. any object less-

than 128 KB will be consifered as 128 KB
In addition to storage cost you will be charged for a
retrieval , when even you retrieve an object.

===================================================================================
==========================================

Intelligent-Tiering 99.999999999 99.9

STORAGE FEE + Long-lived data with changing or

HANDLING FEE unknown access patterns

===================================================================================
==========================================
Glacier 99.999999999
0.004 Archive data with retrieval times

ranging from minutes to hours

retrieval plans
Bulk retrieval
Typically within 5-12 hours

Standard retrieval
Typically within 3 - 5 hours

Expedited retrieval
Typically within 1 - 5 minutes when
retrieving less than 250MB

min retention period : 90 days

===================================================================================
==========================================
Glacier Deep Archive99.999999999
Archive data that rarely, if ever, needs to be

accessed with retrieval times

in hours

min retention period : 180 days

 -----------------------------------------------------------------------
------------------------------------------------------------
RRS 99.99% 99.99%
$0.025
(Reduced redundance storage)-not recommended

Versioning
Keep multiple versions of an object in the same bucket

6 may no session
7may:

bucket permissions:

1. ACL : Access control List

2. Bucket Policy : JSON template

3. CORS : Cross-Origin Resource Sharing for ALLOW/DENY

HTTP methods from another ORIGIN

===================================================================================
=========
4. MFA Delete
Multi Factor Authentication based delete control

Cross-Region Replication
Cross-Region replication enables automatic and asynchronous copying of
objects across buckets in different AWS Regions. Buckets configured for object
replication can be owned by the same AWS account or by different accounts.

Same-Region Replication
Same-Region replication enables automatic and asynchronous copying of
objects across buckets in the same AWS Region. Buckets configured for object
replication can be owned by the same AWS account or by different accounts.

DATA ENCRYPTION:
AES-256 [AWS PROVIDED MASTER ENCRYPTION KEY] - FREE
Use Server-Side Encryption with Amazon S3-Managed
Keys (SSE-S3)

AWS-KMS[kEY MANAGEMENT SERVICE] WILL BE CHARGED A USAGE

FEE
Use Server-Side Encryption with AWS KMS-Managed Keys
(SSE-KMS)

CRR : Cross Region Replication:

only source to destination replication happens

only objects uploaded in to the bucket after enabling CRR
will be automatically replicated.
all existing objects needs to be manually copied
 There is a charge for cross region data copy

reports:

STORAGE CLASS ANALYSIS REPORT : APACHE HIVE READY REPORT : (paid

feature)

INVENTORY REPORT
LOGS:
SERVER ACCESS LOG : ALL TYPES OF ACCESS (READ/WRITE) WILL BE
LOGGED IN TO A DESTINATION Bucket

Object-level logging
Record object-level API activity using the CloudTrail
data events feature (additional cost).

CloudTrail trail : AUDIT-LOGGING SERVICE

8-May:

Transfer acceleration
you can speed file transfer between s3 buckets and your
place upto 400% than internet speed.

object lock( as of now,can be enabled only during bucket

creation)
you put imutable objects(non destructable(cannot delete) in
to your bucket by enabling object lock.
Enable Object Lock only if you need to prevent objects from
being deleted to have data integrity and regulatory compliance. After you enable
this feature, anyone with the appropriate permissions can put immutable objects in
the bucket. You might be blocked from deleting the objects and the bucket.

s3-select
you can send a s3-select query to any file of following
types:

1. csv
2. JSON
3. Apache parquet

S3 Select supports GZIP and BZIP2 compressed files and

server-side encrypted files. You can use the console to extract up to 40 MB of
records from source files up to 128 MB;
to work with larger files or more records, use the API or
use Amazon Athena (PETA bytes)

S3 Select pricing is based on the size of the input, the

output, and the data transferred.
Each query will cost 0.002 USD per GB scanned, plus 0.0007
USD per GB returned.

Glacier select : you can send a query to archived data

expedieted
 standard
bulk

8 May:

aws configure

Here you need to specify:

AWS Access Key ID [None]:Type-Your-Access-Key-here PRESS-ENTER

AWS Secret Access Key [None]:Type-Your-Secret-Access-Key-here PRESS-ENTER
Default region name [None]: us-west-2 PRESS-ENTER
Default output format [None]: table PRESS-ENTER

EC2 COMMAND LEVEL Reference-sample commands

== == == == == == Forwarded message == == == == == ==
aws ec2 describe-regions
aws ec2 describe-availability-zones --region ap-south-1

aws ec2 create-key-pair --key-name jpam11KeyPair > jpam11KeyPair.pem

also try the following and mark the difference

aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text >
MyKeyPair.pem

Reference only: aws ec2 import-key-pair --key-name keyname_test --public-key-

material file:///cldvds/sagu/id_rsa.pub

aws ec2 create-security-group --group-name jpam11SecurityGroup --description "My

security group"

aws ec2 authorize-security-group-ingress --group-name jpaNATRules --protocol tcp

--port 80 --cidr 10.0.20.112/32

aws ec2 run-instances --image-id ami-4836a428 --count 1 --instance-type t2.micro

--key-name jpam11KeyPair --security-groups jpam11SecurityGroup

Note the instance ID from the output of last statement and replace it
respectively in below statement:

aws ec2 describe-instances --filter Name=instance-type,Values=t2.micro

--filter Name=instance-id,Values=i-0d5a000bf975b2402 --filters
"Name=tag:Name,Values=*"

Linux/Mac only:
aws ec2 describe-instances --query 'Reservations[].Instances[].[Tags[?Key==`Name`]
| [0].Value, InstanceId, State.Name, PrivateIpAddress, PublicIpAddress ]' --output
table

i-04a4ae777e082526b

aws ec2 create-tags --resources i-04a4ae777e082526b --tags Key=Name,Value=anil

aws ec2 describe-instances --filter Name=instance-type,Values=t2.micro -filters

"Name=tag:Name,Values=may19-anil"
Home Work/Self practice in your account:

aws ec2 create-volume --size 1 --region us-west-2 --availability-zone us-west-2c

--volume-type gp2

aws ec2 attach-volume --volume-id vol-0f69888cb25d25fc4 --instance-id i-

0d5a000bf975b2402 --device /dev/sdf

s3 third-part cleint tools

1. cloudberry
2. dragondisk
3. s3fox
4. tntdrive
....

12-May:
IAM: Identity and Access Managmenet

Types of Policies
FULLACCESS, READONLY ....)
Managed by us/customer
PowerUser,Administrator ...)
1. AWS Managed (e.g
Read-only to the End users
2. customer Managed Created and
3. AWS Managed Job Function (e.g
Read-only to the End users

user create:
Require password reset
User must create a new password at next sign-in

Users automatically get the IAMUserChangePassword policy to

allow them to change their own password.
13-May

MFA : Multi Factor Authentication

1. hardware (RSA Token)
2. virtual (soft token)- smartphone/browser based access

s3- delete MFA based : bring an added protection for any s3 based
delete actions

Roles:
An IAM role is an AWS Identity and Access Management (IAM) entity with
permissions to make AWS service requests. IAM roles cannot make direct requests to
AWS services; they are meant to be assumed by authorized entities, such as IAM
users, applications, or AWS services such as EC2.

14 may

Identity providers:
web identity providers
 facebook
google
amazon
corporate login
amazon
cognito:mobile /web application identity (application user pool)

identity providers
SSO
SAML
2.0

OpenIDCOnnect

VPC:
VIRTUAL PRIVATE Cloud
Network PUBLIC-SUBNET
AVZ PRIVATE-SUBNET AVZ REGION
CIDR CIDR
CIDR
-----------------------------------------------------------------------
--------------------------------------
ARAVIND 100.0.0.0/16 100.0.10.0/24 A
100.0.20.0/24 B OREGON
ARU 101.0.0.0/16 101.0.10.0/24 A
101.0.20.0/24 B OREGON
A VIJAY 102.0.0.0/16 102.0.10.0/24 A
102.0.20.0/24 B OREGON
HARI 103.0.0.0/16 103.0.10.0/24 A
103.0.20.0/24 B OREGON
-----------------------------------------------------------------------
--------------------------------------
KRISHNA 104.0.0.0/16 104.0.10.0/24 A
104.0.20.0/24 B nCAL
POORNI 105.0.0.0/16 105.0.10.0/24 A
105.0.20.0/24 B nCAL
PURUSH 106.0.0.0/16 106.0.10.0/24 A
106.0.20.0/24 B nCAL
SENTHIL 107.0.0.0/16 107.0.10.0/24 A
107.0.20.0/24 B nCAL
-----------------------------------------------------------------------
---------------------------------------
JPA 10.0.0.0/16 10.0.10.0/24 A
10.0.20.0/24 B NVIR
-----------------------------------------------------------------------
--------------------------------------
18-May
NAT

NAT Instance : cutomer managed

No HighAvailability by default
suitable for Dev/Test

NAT Gateway :
AWS Managed NAT
Min 10 GBPS Bandwidth
Comes with HighAvailability
suitable for production
 per hour usage charges are applicable

Peering connection:
1. You cannot peer between two VPCs with overlapping CIDRs
e.g. you cannot peer between two deafult vpc having
cirdr (172.31.x.x)

To overcome this , use Transit gateways

2. Any VPC peering request not accepted for 7 days, will

expire

3. You cannot make a Trasitive routing

4. You cannot share the resources of a peered vpc

After the introduction of Transitive gateways , peering

connection is preferred for low profile connectivity
requirements.

Transit Gateway
A Transit Gateway (TGW) is a network transit hub that
interconnects attachments (VPCs and VPNs) within the same account or across
accounts.

21-MAY:

Amazon Route 53 (DNS Resolution)

You can use Amazon Route 53 to register new domains, transfer existing
domains, route traffic for your domains to your
AWS and external resources, and monitor the health of your resources.
Amazon Route 53 is an authoritative Domain Name System (DNS) service. DNS is
the system that translates human-readable domain names (example.com) into IP
addresses (192.0.2.0). With authoritative name servers in data centers all over the
world, Route 53 is reliable, scalable, and fast.

A hosted zone is a container that holds information about how you want to
route traffic for a domain, such as example.com, and its subdomains.
22-May

Routing policies:
1. Simple

Type of records
A IPV4 (will be charged for all external
IP references)
AAAA IPV6 (will be charged for all external IP
references)
Alias : internal references (services with DNS running with-in aws or
record sets defined within the hosted zone(free)
CNAME Cannonical Name (can point to any
DNS(inside/outside)AWS - charagable
MX Mail Exchange
PTR Pointer (for reverse DNS)
SPF SECURE MAIL
TXT informational
 NS Name server (default)
SOA Start of Authority(default)
...
====================================
22-May
s3 data consistency model:
1. Eventual consistency : Overwrites and deletes
2. read after write : New Puts (all new uploads)

vpc: Harware tenency

NACL
Security Group
At Subnet level
at instance level