Security, Storage, Scaling, and High Availability in AWS
In this article, I continue my AWS Certified Cloud Practitioner learning series by covering core AWS compute, storage, networking security, scalability, and availability concepts. These topics are extremely important from both exam and real‑world DevOps perspectives.
Security Groups
Security Groups act as virtual firewalls that control inbound and outbound traffic for EC2 instances.
Inbound Rules
Allowing HTTP (TCP 80) from anywhere (0.0.0.0/0) enables users to view an EC2 instance in a web browser.
If a Security Group is misconfigured, a timeout error typically occurs when trying to access the instance.
Outbound Rules
By default, outbound rules allow IPv4 – All Traffic.
This configuration gives the EC2 instance full outbound connectivity to anywhere.
SSH Access
Port 22 (SSH) from anywhere is required to connect to the instance using any of the four AWS-supported connection methods after clicking Connect.
Amazon EBS (Elastic Block Store)
EBS volumes are network drives attached to EC2 instances. The data stored on them persists even after the instance is terminated.
(Think of an EBS volume like a pen drive.)
Root Volume
Delete on Termination is enabled by default.
This can be checked under the instance’s storage settings.
Additional EBS Volumes
Delete on Termination is disabled by default (important for the exam).
An EBS volume can be attached to only one instance at a time, but a single instance can have multiple EBS volumes attached.
Availability Zone Scope
EBS volumes are AZ‑specific and can only be attached to EC2 instances in the same AZ.
Snapshots
A snapshot is a backup of an EBS volume.
Snapshots are used to move EBS volumes across AZs.
Detaching the volume before taking a snapshot is not required, but it is recommended.
Snapshots are stored at the region level, allowing movement across AZs.
Snapshots can also be copied across regions for disaster recovery.
Snapshot Archive
Snapshots can be moved to an archive tier, which is 75% cheaper.
Restoring archived snapshots takes 24–72 hours.
Recycle Bin for EBS Snapshots
Allows recovery of accidentally deleted snapshots.
Setup path:
Recycle Bin → Create Retention Rule → Resource Type (EBS Snapshots) → Rule Lock Settings (Unlock)
Retention period: 1 day to 1 year
Fast Snapshot Restore
Forces full initialization of a snapshot.
Removes latency during first use.
Example: Moving a Volume Across AZs
Snapshots can also be copied to other regions for disaster recovery.
EC2 Instance Store
Used when high‑performance hardware disk is required.
Delivers better I/O performance than EBS.
Ephemeral storage – data is lost when the instance is stopped.
Common use cases:
Buffers
Caches
Temporary content
Scratch data
High risk of data loss.
Backup and replication are the user’s responsibility.
AMI (Amazon Machine Image)
AMIs are customized images of EC2 instances.
Purpose of AMIs:
Include OS, software, configurations, monitoring, and licenses.
New instances can be launched without repeated configuration.
Helps to add your own software licenses (exam point).
Faster boot and configuration time.
AMI Characteristics
Types:
Public AMIs (AWS-provided).
Own AMIs (created and maintained by us).
AWS Marketplace AMIs (third‑party, may be paid).
AMI Creation Flow
Start and customize instance
Stop instance (for data integrity)
Create AMI (EBS snapshots created automatically)
Launch new instances from the AMI
EC2 Image Builder
Automatically builds, tests, and distributes AMIs.
Automates image management.
Used for VM or container image creation.
Runs on a schedule.
Free service.
Flow:
EC2 Image Builder → Builder EC2 Instance → New AMI → Test EC2 Instance → AMI distributed (multiple regions).
Amazon EFS (Elastic File System)
Fully managed network file system.
Can be mounted on hundreds of EC2 instances.
Works with Linux EC2 instances across multiple AZs.
High availability and scalability.
Expensive, pay‑per‑use, no capacity planning.
EBS vs EFS
EBS supports snapshots.
EFS provides a shared file system across AZs.
EFS‑IA
Cost‑optimized storage class.
Stores files that are infrequently accessed.
Shared Responsibility Model – EC2 Storage
AWS Responsibilities:
Infrastructure
Data replication for EBS and EFS
Replacing faulty hardware
Zero‑day issues
User Responsibilities:
Backup and snapshot configuration
Data encryption
Data stored on drives
Understanding risks of EC2 Instance Store
AWS FSx (File Systems)
Fully managed high‑performance file systems when EFS or S3 are not suitable.
FSx for Windows File Server
Native Microsoft Windows file system
Supports SMB and NTFS
Highly reliable and scalable
Accessible from AWS and on‑premises
FSx for Lustre
High Performance Computing (HPC) Linux file system
Used for ML, analytics, video processing, financial modeling
Scales to hundreds of GB/s
Millions of IOPS with sub‑millisecond latency
Scalability Concepts
Vertical Scalability
Increase instance size (e.g., t2.micro → t2.small)
Common for non‑distributed systems like databases
Hardware limits apply
Horizontal Scalability
Increase number of instances
Used in distributed systems
Common for web and modern applications
Implemented using EC2
High Availability
Application running in at least two AZs.
Helps survive data loss
Tightly coupled with horizontal scaling
Key Definitions
Scalability: Ability to handle increased load.
Elasticity: Automatic scaling once system is scalable.
Agility: Speed of resource provisioning.
Load Balancers
Load Balancers distribute incoming traffic across multiple servers.
Benefits
Distributes traffic evenly.
Single DNS entry for applications.
Health checks on instances.
SSL termination.
Managed by AWS (ELB).
Load Balancers do not perform backend autoscaling — Auto Scaling Groups are required.
## Types of Load Balancers
Application Load Balancer:
HTTP/HTTPS, gRPC, Layer 7, static DNS
Network Load Balancer:
TCP/UDP/TLS, high performance, static IP, Layer 4
Gateway Load Balancer:
GENEVE protocol, traffic inspection/firewalls, Layer 3
Classic Load Balancer:
Layer 4 and 7 (retired in 2023)
Top comments (0)