Leaders of the cloud - Answer-1. AWS
2. Microsoft
3. Google
4. Alibaba Cloud
5. Oracle
6. IBM
Over 1 million users on AWS
/.AWS Cloud Use Cases - Answer--Enables you to build sophisticated, scalable
applications
-Applicable to a diverse set of industries
-Use Cases include:
Enterprise IT, Backup & Storage, Big Data Analytics, host a website, create a backend
for mobile & social apps, entire gaming service, endless options.
McDonalds, Netflix, Activision, 21st century fox
/.AWS regions - Answer--Regions all around the world
-Names can be us-east- I, eu-west-3...
-A region is a cluster of data centers
-Most AWS services are region
/.How to choose an AWS region? - Answer--Compliance with data governance and
legal requirements: data never leaves a region without your explicit permission
-Proximity to customers: reduced latency
-Available services within a region
-Pricing
/.AWS availability zone - Answer--Each region has many availability zones. Usually 3,
min is 3, max is 6.
Ex:
ap-southeast-2a
ap-southeast-2b
ap-southeast-2c
There are more than in case of destruction. Each availability zone is their own discrete
data center and connected with high bandwidth, ultra-low latency networking.
,/.AWS Points of Presence (Edge Locations) - Answer-Amazon has 400+ points of
presence, 10+ regional caches, in 90+ cities across 40+ countries.
Content is delivered to end users with lower latency
/.AWS Global Services - Answer--Identity and Access Management (IAM)
-Route 53 (DNS service)
-CloudFront (Content Delivery Network)
-WAF (Web Application Firewall)
/.Most AWS services are region-scoped: - Answer--Amazon EC2 (infrastructure as a
service)
-Elastic beanstalk (Platform as a service)
-Lambda (Function as a service)
-Rekognition (Software as a service)
/.IAM: Users and Groups - Answer-IAM = Identity and Access Management, Global
service
Root account created by default, shouldn't be used or shared.
Users instead - people within your organization and can be.
Groups only contain users and can belong to multiple groups. EX: Grouped as "Group:
Developers" or "Group: Operations"
/.IAM: Permissions - Answer-Users or groups can be assigned JSON documents called
policies. These policies define the permissions of the users.
In AWS you apply the least privilege principle.
/.IAM Policies structure - Answer-Consists of:
-Version: Policy language version, always include "2012-I0-I7"
-ID (optional)
-Statement: one or more individual statements
---Consists of: Sid: an identifier for the statement (optional)
---Effect: whether the statement allows or denies access (Allow, Deny)
---Principle: account/user to which policy applied to
---Action: List of actions this policy allows or denies
---Resources: list of resources to which actions apply to
---Condition: Conditions for when this policy is in effect (optional)
/.IAM defense 15.**** - Answer-1. IAM Password Policy Allows users to edit their own
passwords, etc.
2. MFA - Device options:
,/.AWS CloudShell - Answer-A browser-based shell that makes it easy to securely
manage, explore, and interact with your AWS resources
/.IAM security tools - Answer-IAM credentials report (account-level)
IAM access advisor (user-level)
/.IPv4 - Answer-Most common format used online
-Allows for 3.7 billion address
/.Placement Groups: - Answer-Having strategy for EC2 instance placement define as:
1. Cluster - clusters instances into a low-latency group in a single availability zone
----Con: If rack fails, all instances fail at same time
2. Spread - spreads instances across underlying hardware
3. Partition - spreads instances across many different partitions. (rely on different sets of
racks).
/.ENI (Elastic Network Interfaces) - Answer-Logical component in a VPC that represents
a virtual network card. Can have:
-Primary private IPv4
/.EC2 Hibernate - Answer--RAM state is preserved. The instance boot is much faster
-Used for long-running processing, saving RAM state, services that take time to initialize
-Hibernation no more than 60 days
/.EBS (Amazon EC2 - Instace Storage) - Answer-Elastic Block store volume
-A network drive you attach to your instances while they run
-Allows to persist data after termination
-One instance at a time (CCP) level
-Bound to a specific availability zone
-Snapshot it to move a volume across
/.Two kinds of scalability: - Answer-1. Vertical Scalability
-Increase instance size =scale up/down
2. Horizontal Scalability
-Increase number of instances =scale out/in
-Load balancer
3. High Availability
-Run instances for the same application across multi AZ
/.What is load balancing? - Answer-Servers that forward traffic to multiple servers (e.g.,
EC2 instances) downstream.
Why use a load balancer?
-Spread across multiple downstream instances
-Handle failures of downstream instances
-High availability
, etc.
/.Why use an Elastic Load Balancer? - Answer-An Elastic Load Balancer is a managed
load balancer.
-AWS gurantees that it will be working
-AWS takes care of upgrades, maintenance, high availability,
-AWS provides only a few configuration knobs
-Integrated with many AWS offerings/services
-Costs less but more work
/.4 kinds of managed Load Balancers - Answer-1. Classic Load Balancer
2. Application Load Balancer
3. Network Load Balancer
4. Gateway Load Balancer
*Use newer generation (Gateway) for more features
/.Application Load Balancer (v2) - Answer--Is Layer 7 (HTTP)
-Load balancing to multiple HTTP applications across machines (target groups)
---EC2 instances, tasks, lambda functions, IP addresses.
---Health checks done at the target level.
-to multiple applications on the same machine (containers)
-Support for HTTP/2 and WebSocket
-Support redirects (from HTTP to HTTPS)
-Routing tables to different target groups:
--Routing based on path in URL
--Routing based on hostname in URL
--Routing based on Query String
/.Application Load Balancer (v2) Good to Know - Answer--Fixed hostname
-Application servers don't see the IP of the client directly
---The True IP of the client is inserted in the header X-Forwarded-For also port and
proto (X-Forwarded-Port) example
/.Network Load Balancer (v2) - Answer--Think one static IP per AZ and supports
assigning Elastic IP
-NLB (layer 4) allow to forward TCP & UDP traffic to your instances
-Handle millions of request per seconds
-Less latency
-NLB are used for extreme performance, TCP or UDP traffic
-Target groups: EC2 instances, private IPs, Application Load Balancer
-Health Checks support the TCP, HTTP, and HTTPS Protocols
/.Gateway Load Balancer - Answer--Deploy, scale, and manage a fleet of 3rd party
network virtual appliances in AWS: EX: Firewalls, Intrusion Detection and Prevention
Systems
2. Microsoft
3. Google
4. Alibaba Cloud
5. Oracle
6. IBM
Over 1 million users on AWS
/.AWS Cloud Use Cases - Answer--Enables you to build sophisticated, scalable
applications
-Applicable to a diverse set of industries
-Use Cases include:
Enterprise IT, Backup & Storage, Big Data Analytics, host a website, create a backend
for mobile & social apps, entire gaming service, endless options.
McDonalds, Netflix, Activision, 21st century fox
/.AWS regions - Answer--Regions all around the world
-Names can be us-east- I, eu-west-3...
-A region is a cluster of data centers
-Most AWS services are region
/.How to choose an AWS region? - Answer--Compliance with data governance and
legal requirements: data never leaves a region without your explicit permission
-Proximity to customers: reduced latency
-Available services within a region
-Pricing
/.AWS availability zone - Answer--Each region has many availability zones. Usually 3,
min is 3, max is 6.
Ex:
ap-southeast-2a
ap-southeast-2b
ap-southeast-2c
There are more than in case of destruction. Each availability zone is their own discrete
data center and connected with high bandwidth, ultra-low latency networking.
,/.AWS Points of Presence (Edge Locations) - Answer-Amazon has 400+ points of
presence, 10+ regional caches, in 90+ cities across 40+ countries.
Content is delivered to end users with lower latency
/.AWS Global Services - Answer--Identity and Access Management (IAM)
-Route 53 (DNS service)
-CloudFront (Content Delivery Network)
-WAF (Web Application Firewall)
/.Most AWS services are region-scoped: - Answer--Amazon EC2 (infrastructure as a
service)
-Elastic beanstalk (Platform as a service)
-Lambda (Function as a service)
-Rekognition (Software as a service)
/.IAM: Users and Groups - Answer-IAM = Identity and Access Management, Global
service
Root account created by default, shouldn't be used or shared.
Users instead - people within your organization and can be.
Groups only contain users and can belong to multiple groups. EX: Grouped as "Group:
Developers" or "Group: Operations"
/.IAM: Permissions - Answer-Users or groups can be assigned JSON documents called
policies. These policies define the permissions of the users.
In AWS you apply the least privilege principle.
/.IAM Policies structure - Answer-Consists of:
-Version: Policy language version, always include "2012-I0-I7"
-ID (optional)
-Statement: one or more individual statements
---Consists of: Sid: an identifier for the statement (optional)
---Effect: whether the statement allows or denies access (Allow, Deny)
---Principle: account/user to which policy applied to
---Action: List of actions this policy allows or denies
---Resources: list of resources to which actions apply to
---Condition: Conditions for when this policy is in effect (optional)
/.IAM defense 15.**** - Answer-1. IAM Password Policy Allows users to edit their own
passwords, etc.
2. MFA - Device options:
,/.AWS CloudShell - Answer-A browser-based shell that makes it easy to securely
manage, explore, and interact with your AWS resources
/.IAM security tools - Answer-IAM credentials report (account-level)
IAM access advisor (user-level)
/.IPv4 - Answer-Most common format used online
-Allows for 3.7 billion address
/.Placement Groups: - Answer-Having strategy for EC2 instance placement define as:
1. Cluster - clusters instances into a low-latency group in a single availability zone
----Con: If rack fails, all instances fail at same time
2. Spread - spreads instances across underlying hardware
3. Partition - spreads instances across many different partitions. (rely on different sets of
racks).
/.ENI (Elastic Network Interfaces) - Answer-Logical component in a VPC that represents
a virtual network card. Can have:
-Primary private IPv4
/.EC2 Hibernate - Answer--RAM state is preserved. The instance boot is much faster
-Used for long-running processing, saving RAM state, services that take time to initialize
-Hibernation no more than 60 days
/.EBS (Amazon EC2 - Instace Storage) - Answer-Elastic Block store volume
-A network drive you attach to your instances while they run
-Allows to persist data after termination
-One instance at a time (CCP) level
-Bound to a specific availability zone
-Snapshot it to move a volume across
/.Two kinds of scalability: - Answer-1. Vertical Scalability
-Increase instance size =scale up/down
2. Horizontal Scalability
-Increase number of instances =scale out/in
-Load balancer
3. High Availability
-Run instances for the same application across multi AZ
/.What is load balancing? - Answer-Servers that forward traffic to multiple servers (e.g.,
EC2 instances) downstream.
Why use a load balancer?
-Spread across multiple downstream instances
-Handle failures of downstream instances
-High availability
, etc.
/.Why use an Elastic Load Balancer? - Answer-An Elastic Load Balancer is a managed
load balancer.
-AWS gurantees that it will be working
-AWS takes care of upgrades, maintenance, high availability,
-AWS provides only a few configuration knobs
-Integrated with many AWS offerings/services
-Costs less but more work
/.4 kinds of managed Load Balancers - Answer-1. Classic Load Balancer
2. Application Load Balancer
3. Network Load Balancer
4. Gateway Load Balancer
*Use newer generation (Gateway) for more features
/.Application Load Balancer (v2) - Answer--Is Layer 7 (HTTP)
-Load balancing to multiple HTTP applications across machines (target groups)
---EC2 instances, tasks, lambda functions, IP addresses.
---Health checks done at the target level.
-to multiple applications on the same machine (containers)
-Support for HTTP/2 and WebSocket
-Support redirects (from HTTP to HTTPS)
-Routing tables to different target groups:
--Routing based on path in URL
--Routing based on hostname in URL
--Routing based on Query String
/.Application Load Balancer (v2) Good to Know - Answer--Fixed hostname
-Application servers don't see the IP of the client directly
---The True IP of the client is inserted in the header X-Forwarded-For also port and
proto (X-Forwarded-Port) example
/.Network Load Balancer (v2) - Answer--Think one static IP per AZ and supports
assigning Elastic IP
-NLB (layer 4) allow to forward TCP & UDP traffic to your instances
-Handle millions of request per seconds
-Less latency
-NLB are used for extreme performance, TCP or UDP traffic
-Target groups: EC2 instances, private IPs, Application Load Balancer
-Health Checks support the TCP, HTTP, and HTTPS Protocols
/.Gateway Load Balancer - Answer--Deploy, scale, and manage a fleet of 3rd party
network virtual appliances in AWS: EX: Firewalls, Intrusion Detection and Prevention
Systems
