- S3 bucket: Have all your front-end files
- could front: CDN(content delivery network) share your files around the world.
- rout 53: Helps people to find it.
- container:
- Programing languages
- Library
- Configuration files
- Dependencies
this is every thing that a application code needs to ran.
- ECS: AWS's service for managing containers.
- Database:
- RDs: AQL database Cons:Queries, storing relationships.
- DynamoDB: no SQL database Cons:Fast, Scalability.
when use pushes Add to card
|
V
API getway
|
V
lambda -> update the database
Lamda does that all automation but if you want customize it, you better use EC2.
If it is a Post method request, it mu7st include and Origin header.
Security
VPC: 1. Network ACLs. 2. Security Groups
Nacls: block certain types of traffic
Searching Groups: firewall for each specific instance or service
Security Groups
Security Groups is like frimworks and they need out-bound rul connect with other tools and for the other tool should have in-bound rull so it can recive from the first security group
Amazon S3 - Security
1.User-based IAM policy
2.Resource-based:
- bucket policies
- object access control list
- bucket access control list 3.Encryption
An IAM principle can access an S3 objext of the user IAM premissions allow it or the resource policy allow it and no explict deny.
what S3 transfer acceleration does?
- Speed up uploads
- Global optimization
- No neeed for reginal buckets or replication.
Amazon Athena
Amazon Athena is a serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL.
AWS PrincipleOrgID
it allows you to write a bucket policythat checks whether the request is coming from an AWS account that belongs to your organization.
AWS Snowball Edge Storage Optimized
AWS Snowball Edge Storage Optimized helps move **large amounts of data **between your on-premises environment and AWS.
The Storage Optimized variant is designed specifically for:
- High-capacity storage: ~80 TB of usable storage per device.
- Efficient bulk data transfer: Ideal for petabyte-scale migrations.
- Local compute capability: Can run AWS Lambda functions and EC2 instances locally for preprocessing data before transfer.
VPC: Private space in the cloud
- How to structure your network
- Manage connections
- How everything communicates
Every VPC has their own subnet
Private IP adress ranges:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Lambda function should be inside VPC
DataBase should have private IP address.
Early projects are a great way to start learning
- Build a Portfolio website -> S3 bucket
- System for tracking tasks -> connect your App to RDs in the EC2
- App for showing images -> using IAM rules(security practices)
EC2
when you working EC2 , on network setting change the subnet.
Cognito
It is used to manage thr user data for your apps across multiple mobiles or connected devices
Beacause we using Cognito user pool, we have to create an authorizer in API getway.
to authenticate calls API geteway is going to use Json web tokens(JWT) that are returned by cognito.
while you making cognito keep that in mined that:
If you select "Public client" or "Single Page Application(SPA)" or "Mobile Application", a client secret will not be generated by default.
If you select "confidential client" or "web application", a client secret will be generated by default.
AWS System manager
Provides secure node managment without the need to open inbound ports, maintain bastion hosts, or manage SSH keys.
Internet Getway
Rout destination 0.0.0.0/0
Instance public V4 or V6 or ElasticIP
Nat Getway
Nat Getway is a tool that can connect Lambda to interner getway so that one can connect to the internet, so basicly nat geteway makes publicIP for lambda
Specify the public subnet.
Specify elastic IP Address.
Update the Rout table and target to Nat getway.
AWS Backup
keywords: centralzed, full managed services
Automated the data protiction across the varius AWS swrvices.
it used for data storage protection
Top comments (0)