Amazon does not launch new services in all regions.
Normally services are first launched in US-East i.e. North Virginia region
Identity and Access Management
In here you get a custom link for your login(contains random numbers), which you can customize to any unused word you want.
Minimum security that AWS recommends:
User creation:
You get username and password for console login and access key and secret access key for API
EC2
Elastic compute cloud
Provides resizable compute capacity
Payment:
EC2 Instance types:
FIGHTDRMCPX
EBS
virtual disk
elastic block storage - attach to EC2
is replicated
EBS Types:
General purpose SSD: 10K IOPS burst upto 30K IOPS
Provisioned IOPS SSD: DB, extreme performance, >10K IOPS
Throughput optimized HDD (ST1) : no root volumne, data warehouseing, log processing
Cold HDD (SC1): file server, lowest cost, bootable
To connect to EC2, we use SSH for linux and RDP for windows
Load Balancers: Application(layer 7)/Network(most expensive/perf)/Classic(layer 7 or 4)
504 error is gateway timeout, app did not respond
Use header X-Forwarded-For to find out who the load balancer forwarded ipv4
Route53: DNS service
AWS CLI
aws configure
aws s3 ls
aws s3 mb s3://bucket
aws s3 cp hello.txt s3://bucket
User with CLI access might not need console access, dont give it
Always create groups
Secret access key will be shown only once
Dont use access key, use roles instead
RDS
ElastiCache : in-memory cache, faster than DB
Supported engines:
Normally services are first launched in US-East i.e. North Virginia region
Identity and Access Management
In here you get a custom link for your login(contains random numbers), which you can customize to any unused word you want.
Minimum security that AWS recommends:
- Delete root access keys
- Enable MFA
- Create IAM users
- Root account should not be used for anything
- Restrict access to users and give them access to what they need
- Use Groups to assign permissions
- We can also give permissions directly to users
- Apply password policy
User creation:
You get username and password for console login and access key and secret access key for API
EC2
Elastic compute cloud
Provides resizable compute capacity
Payment:
- On Demand - fixed rate by hour (linux by second) - no commitment, no upfront payment, good for learning
- Reserved - commitment for 1 or 3 year, discounted hourly rate,
- Standard RI: cost can be 75% off on demand
- Convertible RI:
- Scheduled RI:
- Spot - allows you to bid, good for flexible timings, price goes above bid, AWS will terminate and not charge, if you terminate, will be charged
- Dedicted hosts - usefull if you have server bound software licenses, regulatory requirement for no multi-tenancy
EC2 Instance types:
FIGHTDRMCPX
EBS
virtual disk
elastic block storage - attach to EC2
is replicated
EBS Types:
General purpose SSD: 10K IOPS burst upto 30K IOPS
Provisioned IOPS SSD: DB, extreme performance, >10K IOPS
Throughput optimized HDD (ST1) : no root volumne, data warehouseing, log processing
Cold HDD (SC1): file server, lowest cost, bootable
To connect to EC2, we use SSH for linux and RDP for windows
Load Balancers: Application(layer 7)/Network(most expensive/perf)/Classic(layer 7 or 4)
504 error is gateway timeout, app did not respond
Use header X-Forwarded-For to find out who the load balancer forwarded ipv4
Route53: DNS service
AWS CLI
aws configure
aws s3 ls
aws s3 mb s3://bucket
aws s3 cp hello.txt s3://bucket
User with CLI access might not need console access, dont give it
Always create groups
Secret access key will be shown only once
Dont use access key, use roles instead
RDS
ElastiCache : in-memory cache, faster than DB
Supported engines:
- Memcached
- Redis
Backup
- Automated
1-35 days recovery, stored on S3, free - Snapshot
manually, stored after RDS is deleted
Restoring - is a new RDS instance
Multi AZ - disaster recovery, sync
Read replicas - improve performance, async replication, scaling
No comments:
Post a Comment