Escolar Documentos
Profissional Documentos
Cultura Documentos
them to use.. whats the policy do we need to assiogn please let me know Sonal
Can two different AWS account services communicate with each other. If yes, please
show us a demo
Cloud Computing
---------------------
On demand provisioning of IT resources over the internet
IT resources
---------------
servers
storage
hubs
network
database
appln
load balancer
whatever reqd to setup a datacenter --> IT resources
what is a datacenter?
--> collection of physical & logical/virtual IT resources , appl , database, OS,
data.
--> collection of s/w & H/w
--> on-prem
benefits of CC
---------------------
1) security
2) scalability
3) cost effective
pay -as -you-go model
4)flexibitlity
5) no upfront investment --> no capex only opex
6) no capacity planning --> saves loy of time
7) zero maintainance --> managed services --> ex:-lambda , beanstalk,RDS
forms of CC
----------------
cloud keyword is used in both private and public forms because of its always
avaialble. Private is for own use and public is for shared use.
1)Public --> all the IT resources are sitting in the public cloud provider
premises. ex: - AWS , Azure
-->resources are shared across the customers
--> managed by public cloud provider
--> security of physical infra is the responsibility of public cloud provider
--> IT resources are publicly available
2)Private --> Private cloud is using client's infrastructure but providing cloud
services within client's prem, recommended for sensitive data security technology.
--> all the IT infra in on-prem
--> nonshared model
--> we managed server from our end, each services and components has to be managed
from our end
--> IT resources hosted in your own datacenter are not publicly available
3)Hybrid --> public + private
4) multicloud --> AWS+AZURE+google cloud
Models of CC
----------------
1) IAAS --> h/w+OS --> system admin
ex:- AWS EC2,s3
2)PAAS --> used by developers , ex: - RDS, lambda, beanstalk
3)SAAS --> readymade product, used by endusers
ex:-- workdoc,workmail,workspace
1) estimate my req
2) budget
3) space for parking
4) driving , driver
5) petrol
6)maintainance
7) tax
8) insurance
9)driver
EC2
------
purchasing options
1) On-demand
2)Reserved
3)Spot
IAM
--------
--> global service
--> free
best practice
--------------
first user --> AWS --> providing mail-id --> root a/c
IAM users --> EC2admin, s3admin, dbadmin, VPCadmin,IAMadmin
2)Groups --> create a group to provide similar permission for multiple users
attach a policy--> EC2 full access,s3read access --> EC2admingroup <--EC2admin1,
Ec2admin2,....EC2admin100, admin1
IAM users --> EC2admin1, Ec2admin2,....EC2admin100
3)Policy --> std policies --> predefined authorization ,, 200+ predefined policies
attach--> user, group, role
--> user can create own custom policy
4)Role --> temp in nature
--> roles can be assumed by service, appl, federated users
service --> talk --> service
ex:--> Ec2(VM) --> role--> s3(storage)
federated users --> external identities that you use to access AWS services
1)corporate DC (corporate identity federation) --> microsoft AD/LDAP -->100+ user
credentials
2)web identity federation --> web(fb,google,amazon)
MFA
--------
google authenticator
https://docs.aws.amazon.com/cli/latest/userguide/install-macos.html
VPC
-------
--> virtual n/w that you create across your resources in AWS cloud
--> isolating the resources from the public cloud
--> custome VPC --> more control on the VPC components & security features
--> regional service
every AWS account -->unique default VPC --> unique for every region & every account
ipv6--> 128-bit
x.x.x.x/16 -- x.x.x.x/28
Topics
-------
AWS overview
2nd topic
IAM
Cloudtrail
AWS CLI
VPc --> demo done --> vpc,subnet,RT,IG
remaining part of VPC --> to be continued in next session
can u plz explain again why we should create two subsets in different AZs? creating
private and public subnets in same AZs will have high speed connectivity between
these two subnets.
vi privkey.pem
chmod 400 privkey.pem
ssh -i privkey.pem ec2-user@10.0.2.170
SG & NACL
-------------
1) SG
--> virtual firewall across the instance
--> only has allow rules (ex: - SSH,HTTP)
--> stateful (inbound allowing --> outbound allowed)
2) NACL
--> virtual firewall across subnet
--> stateless
--> can allow & deny rules
--> one subnet --> only one ACL
--> one NACL -->can be used by multiple subnets
instance store
---------------
AMI --> backed by instance store --> any instance you launch by using this AMI -->
will also be backed by instance store
--> volatile
--> similar to RAM in behavior
--> instance state --> running or terminated
--> performance is good
Virtualization
-----------------
HVM & para
EC2
------
purchasing options
1) On-demand --> pay-as-you-go
2) Reserved --> reserving in advance to optimize the cost, upto 75% cost benefit,
1 yr or 3 yr
pymt model --> all upfront, partial upfront , no upfront
3)Spot --> unused resources amazon put on auction & customer can bid for the spot
instance
--> spot instance will be interrupted as your bid price goes low with short notice
of 2 mins
--> dev & test enviromment
--> mixed environment (behind LB --> On-demand, reserved, spot)
--> spot block --> reserving spot instance for certain duration (e:g -: reserve the
spot instance betn 9Am & 1pm)
For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user.
Otherwise, if ec2-user and root don't work, check with the AMI provider.
Custom AMI
----------------
std AMI --> launch an instance --> customize the instance(e:g- configure Apache
webserver on linux) --> create an image(Golden image) --> launch a new server
EBS snapshot
------------------
root EBS volume --> create snapshot -->create an image from snapshot--> use image--
> launch an instance