DEV Community

Cover image for AWS Fundamentals
Hootan
Hootan

Posted on • Edited on

AWS Fundamentals

#aws #fundamental
  • S3 bucket: Have all your front-end files
  • could front: CDN(content delivery network) share your files around the world.
  • rout 53: Helps people to find it.
  • container:
  1. Programing languages
  2. Library
  3. Configuration files
  4. Dependencies

this is every thing that a application code needs to ran.

  • ECS: AWS's service for managing containers.
  • Database:
  1. RDs: AQL database Cons:Queries, storing relationships.
  2. DynamoDB: no SQL database Cons:Fast, Scalability.

when use pushes Add to card
|
V
API getway
|
V
lambda -> update the database

Lamda does that all automation but if you want customize it, you better use EC2.

If it is a Post method request, it mu7st include and Origin header.

Security

VPC: 1. Network ACLs. 2. Security Groups
Nacls: block certain types of traffic
Searching Groups: firewall for each specific instance or service

Security Groups

Security Groups is like frimworks and they need out-bound rul connect with other tools and for the other tool should have in-bound rull so it can recive from the first security group

Amazon S3 - Security

1.User-based IAM policy
2.Resource-based:

  • bucket policies
  • object access control list
  • bucket access control list 3.Encryption

An IAM principle can access an S3 objext of the user IAM premissions allow it or the resource policy allow it and no explict deny.

what S3 transfer acceleration does?

  1. Speed up uploads
  2. Global optimization
  3. No neeed for reginal buckets or replication.

S3 Lifecycle role

Helps manage object storage cost effectivly by deleting or moving objects after defined period.

storage class transition comparation

Intelligent-Tiering storage class uses machine learning algorithms to automatically move objects between two access tiers: frequent access and infrequent access. This means that objects that are frequently accessed will be stored in the frequent access tier, while objects that are infrequently accessed will be moved to the infrequent access tier, helping to reduce storage costs without sacrificing performance.

Cross-Region replication & versioning in S3 bucket

Copies objects from a source S3 bucket in another region bucket
source bucket > Management > Create replication rule

Athena

Amazon Athena is a serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL.

AWS PrincipleOrgID

it allows you to write a bucket policythat checks whether the request is coming from an AWS account that belongs to your organization.

AWS Snowball Edge Storage Optimized

AWS Snowball Edge Storage Optimized helps move **large amounts of data **between your on-premises environment and AWS.

The Storage Optimized variant is designed specifically for:

  • High-capacity storage: ~80 TB of usable storage per device.
  • Efficient bulk data transfer: Ideal for petabyte-scale migrations.
  • Local compute capability: Can run AWS Lambda functions and EC2 instances locally for preprocessing data before transfer.

Glue

Amazon Glue is a serverless data integration service from AWS that helps you discover, prepare, and combine data for analytics, machine learning, and application development.

EMR (Elastic MapReduce)

Amazon EMR (Elastic MapReduce) is a cloud-based big data platform that lets you process massive datasets using popular open-source frameworks like Apache Hadoop, Spark, Hive, and Presto.

VPC: Private space in the cloud

  • How to structure your network
  • Manage connections
  • How everything communicates

Every VPC has their own subnet
Private IP adress ranges:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

Lambda function should be inside VPC

DataBase should have private IP address.

Early projects are a great way to start learning

  • Build a Portfolio website -> S3 bucket
  • System for tracking tasks -> connect your App to RDs in the EC2
  • App for showing images -> using IAM rules(security practices)

Red shift

Amazon Redshift is AWS’s fully managed cloud data warehouse designed for fast, scalable analytics on massive datasets. It’s built to handle everything from simple dashboards to complex data modeling—without the headache of managing infrastructure.

EC2

when you working EC2 , on network setting change the subnet.

EBS (Elastic Block Store

Amazon Elastic Block Store (Amazon EBS) is a scalable, high-performance block storage service designed for use with Amazon EC2 instances. Think of it as a virtual hard drive in the cloud that you can attach to your virtual machines (EC2) to store data persistently—even if the instance is stopped or terminated

EBS volum types

Cognito

It is used to manage thr user data for your apps across multiple mobiles or connected devices
Beacause we using Cognito user pool, we have to create an authorizer in API getway.
to authenticate calls API geteway is going to use Json web tokens(JWT) that are returned by cognito.

while you making cognito keep that in mined that:

If you select "Public client" or "Single Page Application(SPA)" or "Mobile Application", a client secret will not be generated by default.
If you select "confidential client" or "web application", a client secret will be generated by default.

AWS System manager

Provides secure node managment without the need to open inbound ports, maintain bastion hosts, or manage SSH keys.

Internet Getway

Rout destination 0.0.0.0/0
Instance public V4 or V6 or ElasticIP

Nat Getway

Nat Getway is a tool that can connect Lambda to interner getway so that one can connect to the internet, so basicly nat geteway makes publicIP for lambda

Specify the public subnet.
Specify elastic IP Address.
Update the Rout table and target to Nat getway.

The way that web server and DB server works

AWS Backup

keywords: centralzed, full managed services
Automated the data protiction across the varius AWS swrvices.
it used for data storage protection

Top comments (0)