DEV Community: Swayam Patnaik

AWS Certified Cloud Practitioner Series – Part 2

Swayam Patnaik — Thu, 09 Apr 2026 10:24:45 +0000

Security, Storage, Scaling, and High Availability in AWS

In this article, I continue my AWS Certified Cloud Practitioner learning series by covering core AWS compute, storage, networking security, scalability, and availability concepts. These topics are extremely important from both exam and real‑world DevOps perspectives.

Security Groups
Security Groups act as virtual firewalls that control inbound and outbound traffic for EC2 instances.

Inbound Rules
Allowing HTTP (TCP 80) from anywhere (0.0.0.0/0) enables users to view an EC2 instance in a web browser.
If a Security Group is misconfigured, a timeout error typically occurs when trying to access the instance.

Outbound Rules
By default, outbound rules allow IPv4 – All Traffic.
This configuration gives the EC2 instance full outbound connectivity to anywhere.

SSH Access
Port 22 (SSH) from anywhere is required to connect to the instance using any of the four AWS-supported connection methods after clicking Connect.

Amazon EBS (Elastic Block Store)
EBS volumes are network drives attached to EC2 instances. The data stored on them persists even after the instance is terminated.
(Think of an EBS volume like a pen drive.)

Root Volume
Delete on Termination is enabled by default.
This can be checked under the instance’s storage settings.

Additional EBS Volumes
Delete on Termination is disabled by default (important for the exam).
An EBS volume can be attached to only one instance at a time, but a single instance can have multiple EBS volumes attached.

Availability Zone Scope
EBS volumes are AZ‑specific and can only be attached to EC2 instances in the same AZ.

Snapshots
A snapshot is a backup of an EBS volume.
Snapshots are used to move EBS volumes across AZs.
Detaching the volume before taking a snapshot is not required, but it is recommended.
Snapshots are stored at the region level, allowing movement across AZs.
Snapshots can also be copied across regions for disaster recovery.

Snapshot Archive
Snapshots can be moved to an archive tier, which is 75% cheaper.
Restoring archived snapshots takes 24–72 hours.

Recycle Bin for EBS Snapshots
Allows recovery of accidentally deleted snapshots.
Setup path:
Recycle Bin → Create Retention Rule → Resource Type (EBS Snapshots) → Rule Lock Settings (Unlock)
Retention period: 1 day to 1 year

Fast Snapshot Restore
Forces full initialization of a snapshot.
Removes latency during first use.
Example: Moving a Volume Across AZs

Snapshots can also be copied to other regions for disaster recovery.

EC2 Instance Store
Used when high‑performance hardware disk is required.
Delivers better I/O performance than EBS.
Ephemeral storage – data is lost when the instance is stopped.
Common use cases:
Buffers
Caches
Temporary content
Scratch data

High risk of data loss.
Backup and replication are the user’s responsibility.

AMI (Amazon Machine Image)
AMIs are customized images of EC2 instances.

Purpose of AMIs:
Include OS, software, configurations, monitoring, and licenses.
New instances can be launched without repeated configuration.
Helps to add your own software licenses (exam point).
Faster boot and configuration time.

AMI Characteristics
Types:
Public AMIs (AWS-provided).
Own AMIs (created and maintained by us).
AWS Marketplace AMIs (third‑party, may be paid).

AMI Creation Flow
Start and customize instance
Stop instance (for data integrity)
Create AMI (EBS snapshots created automatically)
Launch new instances from the AMI

EC2 Image Builder
Automatically builds, tests, and distributes AMIs.
Automates image management.
Used for VM or container image creation.
Runs on a schedule.
Free service.

Flow:
EC2 Image Builder → Builder EC2 Instance → New AMI → Test EC2 Instance → AMI distributed (multiple regions).

Amazon EFS (Elastic File System)
Fully managed network file system.
Can be mounted on hundreds of EC2 instances.
Works with Linux EC2 instances across multiple AZs.
High availability and scalability.
Expensive, pay‑per‑use, no capacity planning.

EBS vs EFS
EBS supports snapshots.
EFS provides a shared file system across AZs.

EFS‑IA
Cost‑optimized storage class.
Stores files that are infrequently accessed.

Shared Responsibility Model – EC2 Storage

AWS Responsibilities:
Infrastructure
Data replication for EBS and EFS
Replacing faulty hardware
Zero‑day issues

User Responsibilities:
Backup and snapshot configuration
Data encryption
Data stored on drives
Understanding risks of EC2 Instance Store

AWS FSx (File Systems)
Fully managed high‑performance file systems when EFS or S3 are not suitable.
FSx for Windows File Server

Native Microsoft Windows file system
Supports SMB and NTFS
Highly reliable and scalable
Accessible from AWS and on‑premises

FSx for Lustre
High Performance Computing (HPC) Linux file system
Used for ML, analytics, video processing, financial modeling
Scales to hundreds of GB/s
Millions of IOPS with sub‑millisecond latency

Scalability Concepts
Vertical Scalability
Increase instance size (e.g., t2.micro → t2.small)
Common for non‑distributed systems like databases
Hardware limits apply

Horizontal Scalability
Increase number of instances
Used in distributed systems
Common for web and modern applications
Implemented using EC2

High Availability
Application running in at least two AZs.
Helps survive data loss
Tightly coupled with horizontal scaling

Key Definitions
Scalability: Ability to handle increased load.
Elasticity: Automatic scaling once system is scalable.
Agility: Speed of resource provisioning.

Load Balancers
Load Balancers distribute incoming traffic across multiple servers.

Benefits
Distributes traffic evenly.
Single DNS entry for applications.
Health checks on instances.
SSL termination.
Managed by AWS (ELB).

Load Balancers do not perform backend autoscaling — Auto Scaling Groups are required.

## Types of Load Balancers

Application Load Balancer:
HTTP/HTTPS, gRPC, Layer 7, static DNS
Network Load Balancer:
TCP/UDP/TLS, high performance, static IP, Layer 4
Gateway Load Balancer:
GENEVE protocol, traffic inspection/firewalls, Layer 3
Classic Load Balancer:
Layer 4 and 7 (retired in 2023)

AWS Certified Cloud Practitioner Series – Part 1: Cloud Foundations

Swayam Patnaik — Mon, 16 Mar 2026 10:35:39 +0000

How My Cloud Journey Began
My interest in Cloud Computing started back in the second year of my B.Tech journey.
Like many students, I didn’t fully understand what "the cloud" meant at first. But curiosity pushed me to explore. I started by:

Reading blogs and articles on the internet.
Watching videos and documentation.
Connecting with Cloud Engineers, DevOps Engineers, and SREs on LinkedIn.

As I went deeper, I realized that cloud is not just a technology—it's a fundamental shift in how modern applications are built, deployed, and scaled.
I explored various certifications that help build a strong foundation, such as:
AWS Certified Cloud Practitioner
AWS Certified Solutions Architect - Associate
AWS Certified SysOps Administrator - Associate

Fast forward to today:

I’m working as a DevOps Engineer
I’ve cleared the AWS Certified Cloud Practitioner exam And I’m now sharing my learning to help beginners start their cloud journey with confidence This article is the first step in that series.

What Is Cloud Computing?
Cloud Computing is the on‑demand delivery of IT resources using a pay‑as‑you‑go pricing model.
Instead of owning physical hardware, organizations rent resources such as compute, storage, databases, and applications. The key advantage is that users pay only for what they use and can scale resources up or down instantly based on requirements.
In the AWS cloud, AWS owns and maintains the data centers, hardware, and networking infrastructure. As users, we provision and manage resources using the AWS Management Console, Command Line Interface (CLI), or APIs, without worrying about the underlying physical infrastructure.

Cloud Deployment Models
Cloud adoption can follow different deployment models depending on organizational needs.
A Private Cloud is used by a single organization and is not exposed to the public. It provides complete control over the infrastructure and is commonly used to meet strict compliance and business‑specific requirements.
A Public Cloud is owned and operated by third‑party cloud providers such as AWS. In this model, resources are shared securely among multiple customers and offer high scalability and cost effectiveness.
A Hybrid Cloud combines on‑premises infrastructure with cloud services. In this approach, some workloads remain private while others run in the cloud, offering flexibility and gradual cloud adoption.

CAPEX vs OPEX: A Major Cloud Advantage
One of the most significant advantages of cloud computing is the shift from Capital Expenditure (CAPEX) to Operational Expenditure (OPEX).
With cloud computing, organizations no longer need to make upfront investments in hardware or commit to long‑term infrastructure ownership. Instead, they pay only when they use resources, based on actual consumption.
This model enables organizations to go global within minutes, while benefiting from high flexibility, scalability, elasticity, high availability, fault tolerance, and faster innovation with improved agility.

Cloud Service Models
Cloud services are delivered through different service models based on responsibility and control.
Infrastructure as a Service (IaaS) provides full control over servers and operating systems. A common example is Amazon EC2, where users manage the OS and applications while AWS manages the underlying infrastructure.
Platform as a Service (PaaS) allows users to focus on application code, while AWS manages the infrastructure. AWS Elastic Beanstalk is an example of this model.
Software as a Service (SaaS) delivers complete applications to end users. In this model, users simply consume the application without managing infrastructure. Gmail is a common example.

AWS Pricing Fundamentals
AWS follows a pay‑as‑you‑go pricing model based on three core pillars.
Users pay for compute, which is the compute time consumed by resources.
They also pay for storage, based on the amount of data stored.
For data transfer, incoming traffic to AWS is free, while outgoing traffic is chargeable

AWS Global Infrastructure
AWS infrastructure is designed to deliver high availability and low latency across the globe.
AWS operates in Regions, which are geographical areas such as us-east-1. Each region is a cluster of data centers. When choosing a region, factors such as data compliance, proximity to customers, service availability, and pricing are considered.
Within each region are Availability Zones (AZs). Every region has a minimum of three AZs, and each AZ consists of one or more data centers. Availability Zones are isolated from one another but connected using ultra‑low latency, high‑bandwidth networking, enabling fault‑tolerant architectures.
To further reduce latency, AWS uses Edge Locations, which consist of 400+ Points of Presence. These are used by Amazon CloudFront to deliver content to end users with low latency

Why I Recommend AWS Certified Cloud Practitioner
For anyone who is new to cloud computing, the AWS Certified Cloud Practitioner certification provides a strong starting point.
This certification helps build solid foundational knowledge and focuses on explaining why cloud computing exists, rather than diving straight into complex services. It covers essential areas such as pricing, security, and basic cloud architecture, making it easier for beginners to understand how AWS works at a high level.

In the further posts, I will specifically focus on the other services and concepts included in the AWS Certified Cloud Practitioner (CLF) exam, such as Security Groups, Amazon EBS, EC2 Instance Store, AMIs, EC2 Image Builder, Amazon EFS, the Shared Responsibility Model for EC2 storage, scalability concepts, Auto Scaling Groups, and Load Balancers.
This progression is intentional, so that each topic builds on the previous one and helps learners develop a clear and practical understanding of AWS fundamentals.

What Is DeepSeek? Why Is DeepSeek Suddenly Everywhere? Why Is It Shaking Up the AI World?

Swayam Patnaik — Thu, 30 Jan 2025 05:40:52 +0000

DeepSeek is a Chinese artificial intelligence (AI) company. It was founded by Liang Wenfeng in 2023.

Recently on January 20, DeepSeek has welcomed its latest AI model, R1 which is good at problem solving, writing and providing the same results with fewer resources as compared to other AI models

DeepSeek has suddenly become a competitor to OpenAI as the key factor contributing to DeepSeek's popularity is the cost-effective approach it has come with to train the AI model.

"As DeepSeek continues to evolve, questions about AI’s future efficiency, accessibility, and global competition remain open. One thing is certain - DeepSeek is a name we’ll be hearing a lot more about."
Click DeepSeek to learn more about DeepSeek

The Body Shop of Security: Biometrics

Swayam Patnaik — Sat, 22 Jun 2024 19:48:39 +0000

Introduction

Biometrics is a physical security technique that makes use of a person's physical characteristics which are unique to that person.
This technique is used to authenticate the user's identity and grant access to the certain things. It is a kind of personal touch for authentication which can only be done by the genuine user.

Types of Biometrics

_Physiological : _ Physiological Biometrics is based on a person's body's unique features like fingerprints, facial recognition, iris scan, etc. This system of authentication is difficult to forge as compared to passwords. This type of security will remain constant throughout the person's life as physiological traits are generally stable.

_Behavioral : _ Behavioral Biometrics is based on how a person interacts with the system like typing pattern, voice patterns, mouse movements, touchscreen interactions, etc. This system instead of relying on physical features, analyze how a person interacts with the devices to identify the user. It works invisibly as they can adapt to the changing habits over time which offers a continuous security. Limited data on a new user can make initial identification difficult.

Advantages

Elimination of the need of remembering complex passwords.
Unauthorised access is equal to none as it is difficult to impersonate someone completely but Deepfake stands as an exception.
Biometrics is generally faster as compared to manual entry of passwords. Even if Password Managers do autofill the login credentials, biometrics is generally considered as the fastest option.
Accuracy level is high.

Disadvantages

Accuracy limit is one of the concerns when the system refuses to identify the genuine user incase of inadequate light during facial recognition, dirty fingers during fingerprint validation. False positives may cause trouble sometimes.
Storing the biometrics data is a challenging task.
Some biometrics security operations are costly such as iris recognition.

Biometrics offer a secure and speedy way to ditch passwords, but privacy concerns need to be addressed for wider trust.

Password Managers - The Future of Logins.

Swayam Patnaik — Wed, 22 May 2024 18:18:19 +0000

Introduction

Password managers are digital tools that help users to suggest, create, store and access passwords along with usernames whenever required. Password managers ensure creating strong and unique passwords which will be strongly encrypted. Users only need to remember one Master Password which will grant access to all the stored Passwords. This single point of entry raises concern sometimes, but managers use strong robust encryption techniques to safeguard this crucial key.
Convenience is the key benefit. Password managers do autofill login information on websites and apps which remove the need of manual entry. This saves time and reduces the risk of typos. Companies include zero-knowledge encryption, which ensures the company itself cannot access our passwords. This ensures even more security. If someone is accessing the password manager, additional layer of security is applied which requires the device's password to be entered.
Eg- If you are trying to access your google password manager from your laptop, you will be asked to enter your laptop's password to get access to all the stored passwords.

Similar to a coin, Password Managers also have two sides.

Pros of Password Managers.

Reduced risk of Phishing attacks:Phishing scams tries to trick users into revealing their login credentials on fake websites. Password managers helps by automatically filling stored login informations only on trusted websites.

Platform Compatibility:We can access our passwords on different devices such as Desktops, Laptops, Mobiles etc. which are logged in through same accounts.

Encryption:They provide strong encryption(AES) to protect your passwords from cyber criminals. However, they aren't 100% impenetrable.

Improved Password Hygiene: Password managers identify weak or reused passwords and prompt updates, allowing or suggesting for password changes during data breaches.

Cons of Password Managers.

Single point of failure: All the stored passwords are protected by one Master password which if compromised, can breach all the stored passwords.

Adaptibility:Password managers don’t always adapt with every web-based application, which in turn forces the users to remember the password.

Data Backup: All password managers do not offer easy backup and restore options which results in data loss.

Vendor Security Breach: A security breach at the password manager company can lead to expose your data(in encrypted form), although encryption makes it difficult to crack.

Device Risk: If our device with the password manager is lost or stolen, accessing the vault might be possible. Strong passwords on device and biometrics can help to tackle this risk.

Conclusion

While there are number of drawbacks of password managers, such as single point of failure and vendor security breach, the security advantages remove these concerns for most of the users. Creation of strong master password, enabling two-factor authentication, and choosing a reputable password manager can significantly lower the risks for data breach.

Some popular password managers we can consider are :
1Password, Dashlane, NordPass, Keeper, etc.

Ultimately convenience should not come by compromising security. Password managers bridge this gap by offering a seamless way to manage complex passwords while saving you time.

Deepfake Nightmares: Mitigating the Threat of AI-Fueled Masquerade Attacks

Swayam Patnaik — Tue, 14 May 2024 18:03:17 +0000

Introduction

The digital world solely relies on authenticity and privacy. We connect with friends and family, conduct business, and consume information, all based on the belief that what we see online is real. Now we are in a world where everything available online can't be trusted - a world of DEEPFAKE where the MASQUERADE of authenticity is easily done by anyone with an internet connection.
But what exactly are masquerade and deepfakes, and how do they work?

Masquerade Attacks- Attackers impersonate genuine users or systems to gain unauthorised access to sensitive informations which will look as a authorised access. Hackers often obtain the username and password to get access which becomes their mask which prevents them from being caught.They can also identify weak points in a network which becomes their entry points.

Deepfake is basically an image or recording that has been intentionally altered which misrepresents someone as doing or saying something which was infact never done by him/her. It is a machine learning generated image,video or audio which replaces human's face or body with that of some other person.
Deepfakes can be used for entertainment purposes, like creation of humorous immitation. But on the other hand it can also be used for heinous activities like spreading misinformation, impersonating someone in a video to damage their reputations and many more.
As AI technology continues to develop, it is harder to disguise them from real footage.

Masquerading through Deepfake

2FA(Two Factor Authentication) was introduced to add an extra layer of security to protect personal/sensitive information. But now a deepfake video can be used to bypass a 2FA or multi-factor authentication systems that rely on face recognition. Facial recognition systems find it difficult to differentiate between actual human and a deepfake video which permits the attacker to get through the 2FA system.
Therefore Multi-Factor Authentication should not only include facial recognition, rather it should be combined with other methods such as One-Time Passwords(OTP), verifying from the account already logged in from different device, requirement to answer previously set questions, etc.

Fightback against Deepfakes

One should cross-check the informations before sharing.
Users should be educated to tackle the Deepfakes like noticing unnatural body language, awkward lip syncing, not believing evidence from untrusted sources, etc.
Phising attacks are often used to steal login credentials, so one should be cautious of suspicious emails and verify the sender initially.
Data sharing practices should be checked as the less personal data available publicly, the harder it will become for the attackers to create a convinving deepfake.
Ultimately by staying up to date, informed, knowing the possible threats, we can protect ourselves and also our information from deepfake fueled masquerade attacks.

Conclusion

The future of deepfake remains uncertain. As deepfakes become more sophisticated, so will the methods for detecting and mitigating them. However, technology alone won't win this battle. The human element is also crucial. Deepfakes may pose a challenge, but they don't have to be a nightmare unless we are taking care of our personal informations.

In the age of deepfakes, seeing is no longer believing.

Blurry no more: Understanding image resolution

Swayam Patnaik — Fri, 10 May 2024 16:03:48 +0000

Introduction
In the context of screens and monitors, pixels can be defined as tiny individual squares that light up to create an image. The resolutions(144p,240p,360p,480p,720p,1080p,4k and 8k) signifies number of pixels. Higher resolution means there will be more number of pixels which results in a clearer image. We can say it as the physics of how the light works.
Now let's get introduced to Pixel Upscaling.
Pixel Upscaling basically refers to the process where a video existing with a lower resolution(144p or 240p) is converted to a high resolution(1080p or 4k). This is done by analyzing the existing pixels and creating new pixels which will fill the gap.

Upscaling Techniques
Clever algorithms are used to estimate what new pixels can be added to fill in the gaps and create a higher resolution image.

Some common upscaling techniques:
Nearest Neighbour Interpolation - This method copies the nearest existing pixel to create new ones. It is simple, speed, computationally efficient and no new data is created. It simply relies on existing information or pixels.

Deep Learning Upscaling - It makes use of Artificial Intelligence to analyze the video and create more detailed new pixels. This method includes steps like Training the Model, Analyzing the low-resolution input, Creation of new pixels and Data Enhancement. This technique is computationally expensive.

Bilinear Interpolation - This method takes the average color of the four nearest neighbouring pixels to create new pixels. It produces smoother results than nearest neighbour but may blur the details.

Conclusion
The world of video is constantly evolving with upscaling technology being at the top. The most low-resolution videos can be enjoyed in stunning detail. So next time when you watch an old video, remember the power of upscaling. It bridges the gap between the past and the present.

The future of video is not just about capturing high-resolution content, it's about making everything we have captured look its absolute best.

Beyond "password123"

Swayam Patnaik — Tue, 07 May 2024 18:02:40 +0000

Introduction

In today's digitalised world, it's more important than ever to create strong passwords which protect our online accounts from getting any unauthorised access. From social media accounts to bank statements, vast amount of personal datas do reside on the web which needs to be protected. So just "password123" as a password just won't fix the issue of making the data transparent.

Hackers use a variety of techniques to crack passwords and weak passwords are easy to guess. Some of the methods used by them are Brute-force attacks, Dictionary attacks and Social Engineering.

Type of attacks

Brute-force attacks: AI Bots systematically try every possible combination of characters until the password is guessed.
Dictionary attacks: Trying out common words and phrases which are found in dictionaries to guess passwords.
Social engineering: Tricking users to reveal their passwords through phishing scams or malware.

Building Unbreakable Passwords

We can create a strong passwords by keeping in mind the basic 3 requirements for making passwords : length, complexity and uniqueness.
The longer the length is, the more complex it will be to guess/crack it. Until then the system would have detected about it being an unauthorised access.
Usage of letters with a mix of uppercase and lowercase letters, numbers and symbols is highly recommended which will make the password more complex to guess.
We should restrict ourselves from reusing the same passwords accross different accounts. Our passwords should be unique for different accounts. A single compromised password can leave all our accounts vulnerable.

We can also use Password Managers. These tools generate as well as store strong, unique passwords for every accounts by removing the complexity neccesity to remember every password.

Additional Security Measures

Two-factor Authentication (2FA): This adds up an extra layer of security by requiring a secondary code from your phone or email in addition to your password while logging in.
Logout When Finished: Don't stay logged in to your accounts on public or shared devices. Log out completely when you're done using a service.
Secure Wi-Fi Connections: Avoid using public Wi-Fi networks for sensitive activities like online banking or entering passwords. If you have to somehow use public Wi-Fi, consider using a Virtual Private Network (VPN) which encrypts your traffic.
Regular Software Updates: Keep your operating system, web browsers, and applications updated with the latest security patches which address vulnerabilities.

Conclusion

By following the above steps, we can significantly enhance our online security posture. Investment of time and effort in creating unbreakable passwords is a necessity which will ultimately keep our accounts safe.

Brute Force Attacks and CAPTCHA

Swayam Patnaik — Fri, 03 May 2024 08:32:03 +0000

Introduction
In an increasingly interconnected world of digitalisation, security and maintenance of data is the utmost priority. Among the countless existing threats, Brute Force Attacks stand out as a persistent menace. In Brute Force Attack, automated bots are capable of conducting a trial and error method to crack login credentials, passwords, encryption keys, etc. To prevent these attack, we need robust defenses against such attacks. One of such prevention techniques is Enter CAPTCHA.

About Brute Force Attack
Brute Force Attack is one of the existing tactics for gaining unauthorised access to individual accounts, organisations' systems and networks. This method relies on sheer computational power and persistence. Hackers systematically try every possible combination of characters until the find the correct one. There are several softwares available online which can perform a Brute Force Attacks such as John the Ripper and L0phtCrack.
Brute Force Attacks are slower as they have to try every single combinations possible, for example : a five-charactered password typically takes longer to Brute Force as compared to a four-charactered password.However if the target is sufficiently long, it could take months and even years for a Brute Force attacker to crack the target. Currently most of the sites require a longer password which makes it difficult to Brute Force.

About CAPTCHA
CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It is basically designed to determine whether the end user is a human or a bot/computer program. It involves the methods which ask the users to perform various tasks which can only be solved by a human but will be difficult for the bots such as identifying distorted text, puzzle solving, selecting images as per the instructions and many more.
When the server will notice too many login attempts or registration attempts, it will suspect it as a Brute Force Attack even though the end user might be a Human. To verify the end user, it produces a CAPTCHA which will identify whether the user is a Human or a Bot. Some examples of CAPTCHA are Text-Based CAPTCHA, ReCAPTCHA, 3DCAPTCHA, Mathematical CAPTCHA, Image-Based CAPTCHA.

Conclusion
As we have explored in this article, the symbiotic relationship between Brute Force Attacks and CAPTCHA depicts the ongoing battle between the attackers and defenders in cyberspace. While the former tries to exploit weakness in security protocols, the latter serves as a preserver.