DEV Community

Cover image for AWS Fundamentals
Hootan
Hootan

Posted on • Edited on

AWS Fundamentals

#aws #fundamental
  • S3 bucket: Have all your front-end files
  • could front: CDN(content delivery network) share your files around the world.
  • rout 53: Helps people to find it.
  • container:
  1. Programing languages
  2. Library
  3. Configuration files
  4. Dependencies

this is every thing that a application code needs to ran.

  • ECS: AWS's service for managing containers.
  • Database:
  1. RDs: AQL database Cons:Queries, storing relationships.
  2. DynamoDB: no SQL database Cons:Fast, Scalability.

when use pushes Add to card
|
V
API getway
|
V
lambda -> update the database

Lamda does that all automation but if you want customize it, you better use EC2.

If it is a Post method request, it mu7st include and Origin header.

Security

VPC: 1. Network ACLs. 2. Security Groups
Nacls: block certain types of traffic
Searching Groups: firewall for each specific instance or service

Amazon S3 - Security

1.User-based IAM policy
2.Resource-based:

  • bucket policies
  • object access control list
  • bucket access control list

An IAM principle can access an S3 objext of the user IAM premissions allow it or the resource policy allow it and no explict deny.

3.Encryption

VPC: Private space in the cloud

  • How to structure your network
  • Manage connections
  • How everything communicates

Every VPC has their own subnet
Private IP adress ranges:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

Early projects are a great way to start learning

  • Build a Portfolio website -> S3 bucket
  • System for tracking tasks -> connect your App to RDs in the EC2
  • App for showing images -> using IAM rules(security practices)

EC2

when you working EC2 , on network setting change the subnet.

Cognito

Beacause we using Cognito user pool, we have to create an authorizer in API getway.
to authenticate calls API geteway is going to use Json web tokens(JWT) that are returned by cognito.

while you making cognito keep that in mined that:

If you select "Public client" or "Single Page Application(SPA)" or "Mobile Application", a client secret will not be generated by default.
If you select "confidential client" or "web application", a client secret will be generated by default.

AWS System manager

Provides secure node managment without the need to open inbound ports, maintain bastion hosts, or manage SSH keys.

Internet Getway

Rout destination 0.0.0.0/0
Instance public V4 or V6 or ElasticIP

Nat Getway

Specify the public subnet.
Specify elastic IP Address.
Update the Rout table and target to Nat getway.

Top comments (0)