My notes on AWS essentials course

Kasra Madadipouyaby Kasra MadadipouyaLast updated on
Default featured post

Recently I took a 6 hours AWS essentials course provided freely by Linux Academy on Udemy. Even though that I had some experiences with AWS, I decided to take note of some important concepts for my future references and then decided to publish it here so anyone can benefit from. All the notes are written in bullet points so it should be pretty easy to follow.

Let’s get started.

  • AWS provides the following services:
    • Identity & Access Management (IAM)
    • Virtual Private Cloud (VPC)
    • Simple Storage Service (S3)
    • Elastic Cloud Compute (EC2)
    • RDS/DynamoDB (Database)
    • Simple Notification Service (SNS)
    • CloudWatch (Monitoring)
    • Elastic Load Balancing (Distributing Traffic)
    • Auto Scaling (Scalable & Elastic Architecture)
    • Route 53 (Domains & DNS)
    • Lambda (Serverless Computing)
  • To check your AWS service skills you can give a test at [Cloud Assessments](https://www.cloudassessments.com/).
  • What is IAM? It stands for Identity & Access Management. It basically allows managing AWS users and their access to accounts and services in AWS. It usually used to manage users, groups, and to define policy and roles.
  • The user that we signed up is root user that access to everything. Any new user created does not have access to anything and access to any services should be given.
  • IAM policy vs IAM role? The policy is used for accounts to access to a service whereas roles are used to allow access one service to another service.
  • What is VPC? It stands for Virtual Private Cloud. It allows creating a private sub-section of AWS to manage resources and control who can or cannot access to them. With VPC, one can configure subnets, route tables, and network gateways.
  • When creating an AWS account, there would be a default VPC contains the Internet gateway, route table, as well as subnets.
  • What is Internet Gateways (IGW)? It is a combination of software and hardware that horizontally scaled with high availability that allows traffic to in or out of VPC. Only one IGW can attach to a VPC at a time. An IGW cannot be detached from a VPC if the VPC has active resources.
  • What is Route Table (RT)? It is a set of rules, called routes that determine where network traffic should be directed. Upon creating an AWS account, the main route table is created.
  • What is NACL? It stands for Network Access Control Lists which is an optional layer of security for VPC that access firewall for controlling traffic in and out of one or more subnets.
  • NACLs have Inbound and Outbound Rules which can be totally separated. If there are two rules that one is allowed and another denies, and if the allow one has higher rule number, the allow one will take effect.
  • Subnets can only be associated with only one network access control list at a time. NACL only provide access on subnet level.
  • When creating a VPC, it spins up in all availability zone, and in each, you can create a subnet. Each subnet must reside entirely in one availability zone and cannot span zones.
  • Subnets should be associated with a routing table. To make a subnet private, just need to attach it to a routing table that is not connected to any internet gateway. A subnet can only be in one availability zone, however, a VPC can be in multiple availability zones.
  • What is an S3 bucket? The root folder of an S3 called bucket. Any subfolder created under bucket is called folder. Any file store stored in a folder called S3 object.
  • When creating an S3 bucket, need to select a region where the S3 will be located. The best practice is to create a bucket in a location that physically closest.
  • S3 has multiple storage classes which are:
    • Standard
    • Reduced Redundancy Storage (RRS)
    • Infrequent Access (S3-IA)
    • Glacier
  • Each S3 storage class dictates things like storage cost, availability, durability, and frequency of access.
  • Each object (file) in S3 must have a storage class and the default class is the standard storage class.
  • What are the specifications for each storage class?
    • Standard
      • Designed for the general files
      • The most expensive storage class
      • Has the highest durability (99.99999999999%) and availability (99.99999999999%)
    • Reduced Redundancy Storage
      • Designed for the non-critical files
      • Is less expensive than Standard class
      • Has lesser durability (99.99%) and availability (99.99%) than Standard class
    • Infrequent Access
      • Designed for the object that rarely accessed but when it accessed it should be available immediately.
      • Has the same durability (99.99999999999%) but less availability (99.90%) compare to the
    • Standard class
      • The cost is cheaper than the aforementioned classes
    • Glacier
      • Designed for the long-term archiving
      • It takes time to retrieve the object stored there, up to several hours
      • Has high durability as standard class (99.99999999999%)
      • Is the cheapest class of S3
  • What is *Object Durability*? It is percent that a file over a year in S3 will not be lost.
  • What is *Object Availability*? It is a percent over a year that a file stored in S3 will be accessible.
  • It is possible to change an object class during upload, after upload (via changing the properties) or using object lifecycles with exception of Glacier. For Glacier, the object class can be changed only during the lifecycle of the object which may take a couple of days.
  • What is *object lifecycle*? It is a set of rules that automate the migration of an object’s storage class to a different storage class or even deletion based on specified time intervals.
  • What are S3 permissions? They allow having granular control over who can view, access and use specific buckets and objects. Permissions can be defined on object and bucket level.
  • What is S3 versioning? It is a feature that keeps track of all old/new versions of an object. So that one can use an older version of an object if desired. Versioning can be turned on and off at bucket level. Once it turns on it cannot turn off, that means that it prevents new objects to have versioning but it keeps versioning of the already uploaded files.
  • Multiple options available to launch an EC2 instance:
    • On-demand: The most expensive EC2, yet the most flexible.
    • Reserved: Allow purchasing an instance for a period of time between 1 to 3 years. It is much cheaper than on-demand. It provides three options which are upfront, partial upfront and no upfront.
    • Spot pricing: It is a way to bid for an instance type and will be available when the instance price is equal or below to your bid price. As a result, once the spot price is the same or equal to your bid price, an instance is provisioned for you but once the price rises then the instance automatically shuts down.
  • What is AMI? It stands for Amazon Machine Image. It is basically operating system of the EC2 instance.
  • It is possible to create an AMI template to be used later when launching EC2 instances.
  • There are three types of AMIs:
    • Community AMI (Free to use)
    • AWS marketplace AMI (Need to pay, enterprise)
    • My AMI (Custom made AMI by yourself)
  • Components of an instance type:
    • Family: It is a type of instance that is optimized to do certain works. Instance family is:
    • General purpose
    • Compute optimized
    • GPU instances, compute
    • Memory optimized
    • Storage optimized
    • Type: Subcategory for each family type and some are:
      • t2.nano
      • t2.micro
      • t2.small
      • t2.medium
      • t2.large
      • m4.large
      • m4.xlarge
      • m4.2xlarge
    • vCpu: Number of a virtual CPU an instance has.
    • Memory: The amount of memory allocation for instance.
    • Instance Storage: Local instance storage some are: EBS only, SSD.
    • EBS-optimized option: If EBS optimization is supported for instance.
    • Network performance: Based on the data transfer rate from/to instance.
  • What is EBS? It stands for Elastic Block Store which is a block storage volume that can be used with EC2 instances. They are highly available which can be attached to any live instance. They are independent of the instance and can be persisted separately.
  • What is IOPS? It stands for Input/Output Operations per Second which refers to the amount of the data that can be written, read to an EBS instance. The measure of IOPS is 256 KiB for SSD and 1,024 KiB for HDD.
  • Every EC2 instance has to have a root volume. This may or may not be BS. Root volume is created when creating an EC2 instance. Any additional volume can be added afterward. The default root volume is EBS.
  • By default root volume is deleted after instance termination. However, there is an option to persist the EBS root volume before instance termination.
  • What is the snapshot? It is an image of an EBS volume that can be stored as a backup of the volume or used to create a duplicate volume. It is not a real volume and cannot be attached or detached to an instance. To restore a snapshot, need to create an EBS volume and use the snapshot as the template of the volume.
  • What is Security Group in EC2 instances? They are very similar to Network Access Control Layer (NACL) that allow and deny traffic. The differences between Security Group and NACL is that Security Group applied on instance level in contrast of NACL that applied on subnet level.
  • Security Group allows traffic to/from instances. When changing a security group rules, all the rules applied to the instances within the security group.
  • When creating a new Security Group (SG) all the inbound traffic is blocked and all the outbound traffic is allowed.
  • All traffics in SG are denied unless explicitly defined as allowed. There is no deny rule in SG.
  • What is IP addressing? It is providing an EC2 a public IP address.
  • Amazon RDS is a SQL database and DynamoDB is a NoSQL database.
  • RDS options include:
    • Amazon Aurora (Amazon specific MySQL)
    • MySQL
    • MariaDB
    • PostgreSQL
    • Oracle
    • Microsoft SQL server
  • DynamoDB is a NoSQL database service which unlike RDS does not provide any other NoSQL software options. It can be seen as a replacement for MongoDB, Cassandra DB, and Oracle NoSQL.
  • RDS instance class is quite similar to instance type. Same is true for purchasing terms and IOPS.
  • DynamoDB charges are based on:
    • Provisioned throughput capacity
    • Indexed data storage
    • DynamoDB streams
    • Reserved capacity
    • Data transfer in and out of DynamoDB
  • Private subnet vs public subnet? Private subnet does not have a route to the Internet whereas the public subnet can be routed to the Internet.
  • To access a private subnet, SSH tunneling can be used.
  • What is SNS? It stands for Simple Notification Service. It allows automating sending email or text messages notification based on events that happen in an AWS account. The messages sent over one of the supported protocols such Amazon SQS, HTTP/S, email, SMS, or Lambda.
  • The simplest use case of SNS is health check monitoring of a server. This means the server is monitored by CloudWatch and when there is a downtime, it triggers an SNS message or email which will be sent to the system administrator.
  • SNS using publisher/subscriber model whereby a topic is defined which a subscriber receives a message upon that, a publisher that triggers sending an SNS message in regards to that topic. The publisher can be another system such as CloudWatch or even a human being.
  • What is CloudWatch? It is a service allows to monitor various AWS elements. It is able to trigger SNS topics and/or make changes to the resources automatically based on defined rules.
  • What is ELB? It stands for Elastic Load Balancer. It is a load balancer that evenly distributes the load across multiple EC2 instances that are associated together. ELB increase an application fault tolerance and is able to detect unhealthy instances and routes traffic to healthy instance only.
  • What is Auto Scaling? It is a process of adding up (scaling up) or removing (scaling down) EC2 instances based on the traffic. This ensures that the correct number of Amazon EC2 instances handling the load.
  • In order auto-scaling to work, need to create an auto-scaling template to know about the type of EC2 instances required, network and security configurations as well as auto-scaling group which specifies when to add or when to remove EC2 instances.
  • What is Route 53? It is a place where domains for websites or applications hosted on AWS is defined. It has three main functionalities which are:
    • Domain registration
    • Domain Name System (DNS) service
    • Health checking
  • What is Lamda? It is serverless computing which can be seen as the next generation of cloud computing that will replace EC2 instances for the most part. Lamda allows to do computing without provisioning or maintaining any servers.

You might also like

Getting started with AWS Secret Manager

Getting started with AWS Secret Manager

Last updated on
AWS Lambda Java

Getting started with AWS Lambda and API gateway to building Rest APIs

Last updated on
Default featured post

Amazon Web Services fundamental concepts for absolute beginners (Q&A approach)

Last updated on