Class 1:

AWS Cloud – it is one of the public cloud,

on-premises env Cloud Env
-------------- -----------------------
1.server purchase, assemble 1.Rent based servers
2.Server room 2.X
3.Temp controller device,23c (ACSetup) 3.X
4.Authentication devices 4.X
5.H/w,N/w and Server Admin 5.Cloud Engineers
6.powerbackup 24 hrs. 6.X
7.spare parts 7.X
8.Licences 8.BYO
-- max 5 years --min 1 year --- 3 years,

--------------------------------------------------------------------------------
Server Room ----------- Data center ------------------ Availability Zone
10's ------------------ 100's ------------------------ 1000's
AWS --- 34 regions --- 2006
AZ - 108
Regions
Mumbai --------- 3 AZs
Hyderabad ------ 3 AZs
NV -------------- 6 AZ
NC -------------- 3
Ohio ------------ 3
Oregon ---------- 4
Azure: 2010

Between the regions distance: minimum 30 to 100 kms

-------------------------------------===================================
1. What Is AWS And Why Is It So Popular?
 AWS is a cloud computing platform known for its scalability, cost-effectiveness, and
global infrastructure. It allows businesses to efficiently scale operations, reduce
costs, and innovate rapidly1

Cloud Services :
IAAS : Infrastructure As A Service : Hardware
PAAS : Platform As A Service : Hardware + Runtime
SAAS : Software As Service : Hardware + Runtime + Application
Cloud Engineer: IAAS + PAAS + IAAC - Infrastructure As A Code(script)

--------------------------------------------------------------------------==================================
We have to learn 3 types of cloud:
 public: AWS, Azure, GCP
 private: restricted
 hybrid: public + private (more opportunity on this)
--------------------------------------------------------------------------------------------------------------------------------------
AWS Free Tier Account:
 750 hrs. + 12 months
 CC/DC --- Master/VISA --- 2 rs | $1
 free service + paid service
 Rs 200 max (per month)
 pay as you go model

Why AWS ?
Security: Data security (KMS: key management service)
Laptop ----> AWS Account ----------Encryption/Decryption-----------------> Data center
 Account: userName + password + MFA

Services: SLA: 96% - 97% (SLA: service level agreement)

99.99%, 98%

Market Share:

AWS -- 38% - 40%

Azure -- 20%
on-premises ---- 70% ----> 30%
20% -----> 80%
---------------------------------------------------
Cloud practinier -------------- AZ-900
AWS: AWS Solution Architect Associate ---> 2 years ---- AZ-104 (certification)
AWS Solution Architect

CLASS-2:
AWS Networking:
1)IP Address
2)VPC (virtual private cloud)
3)Subnets
4)IGW | NAT IGW (IGW=Internet gate way)
5)Route tables
6)SG | NACL (SG- security group, NACL )

---------------------------------------

1) IP Address:
IP address is an Identity of resource (resource - OS | VM | Instance)
There are 2 types of IP address versions
 IPV4 : 32 bit range : x.x.x.x : 0.0.0.0 -- 255.255.255.255
 IPv6 : 128 bit range : x:x:x::x : trillions of trillions ips are holded here
IPv6 is better than IPV4
AWS supports both IPv4 and IPv6

Server:
If I launches server, each server is having min 2 ips (one is public ip and second one is private ip)
1) public IP:
 public is nothing but where we can have one ip only
 if we restart the server then its ip changes -- Auto
2) private IP:
 private ip is nothing but where we can have one or one + like 1 2 3 4 or more
ips
 if we restart the server then its private ip never changes –Auto
What is the main ip of server
main Ip of a server is private Ip
(Reason: whenever server restated then its public ip changes but private is cannot be changes)

3) Elastic IP:
 Elastic ip is nothing but even though if you restart the server public Ip cannot
be changes
 constant public IP – manually configured
 idle elastic Ip is chargeable
Class-A: N.H.H.H: parity bit range is “0”
(converter URL: https://www.rapidtables.com/convert/number/binary-to-decimal.html?x=01111111)
0.0.0.0 -- 127.255.255.255 --- 16777216 ips
00000000.00000000.00000000.00000000 ----- 01111111.11111111.11111111.11111111
class-B : N.N.H.H : parity bit range is “10”
128.0.0.0 -- 191.255.255.255 --- 65536 ips
10000000.00000000.00000000.00000000 ----- 10111111.11111111.11111111.11111111
class-C : N.N.N.H : parity bit range is “110”
192.0.0.0 -- 223.255.255.255 --- 256 ips
11000000.00000000.00000000.00000000 ----- 110111111.11111111.11111111.11111111
---------------------------------------------------------------------------------------------------
2) VPC: VPC is an Isolated Network (without CIDR block called as IP, with CIDR called as VPC)
 X.X.X.X/X --- CIDR -- Classless Inter Domain Routing
 /X -- subnet masking -- decides the number of ips
 /X : As per General networking /8 to /30
 As per AWS networking /16 to /28
 CLASS-A VPC:
(Ip range calculator url: https://www.site24x7.com/tools/ipv4-subnetcalculator.html)
 0.0.0.0-- 127.255.255.255 (class A range)
 10.50.0.0/15 ---- 131072 ips

CLASS-B VPC :
 128.0.0.0 -- 191.255.255.255
 150.168.0.0/16 ---- 65536 ips

CLASS-C VPC:
 192.0.0.0 -- 223.255.255.255
 192.168.0.0/24 ---- 256 ips

CLASS-A & B are used by the companies

CLASS-C is used by Remote desktops users and third-party users
EX: class C: internet ip -----> router -----> 256 ips

---------------------------------------------------------------------------------------

3. subnets:
o Subnet is Slice of the VPC (VPC will provide by company)
o subnets are derived from VPC.
o X.X.X.X/X --- CIDR -- Classless Inter Domain Routing
 /X -- subnet masking -- decides the number of ips
 As per General Networking Each subnet reserves 2 ips (min & max)
 As per AWS Networking Each subnet reserves 5 ips
1.Network Address ---------10.50.0.0
2.DNS Server -------------10.50.0.1
3.VPC Router -------------10.50.0.2
4.Future Usage ------------10.50.0.3
5.Network broadcast address-10.50.0.255
VPC : 10.50.0.0/15 (VPC provided by company)
 subnets-1 : 10.50.0.0/22 --- 1019/1024 ips --- 10.50.0.1 - 10.50.3.254
 subnets-2 : 10.50.4.0/22 --- 1019/1024 ips ---10.50.4.1 - 10.50.7.254
 subnets-3 : 10.50.8.0/22 --- 1019/1024 ips ---10.50.8.1 - 10.50.11.254
  subnets-4 : 10.50.12.0/22-- 1019/1024 ips -----10.50.12.1 - 10.50.15.254
-----------------------------------------------------------------------------------

VPC : 150.168.0.0/16 (VPC provided by company)

subnets-1 : 150.168.0.0/20 --- 4091/4096 ips --- 150.168.0.1 - 150.168.15.254
subnet-2 : 150.168.16.0/20---------------------------- 150.168.16.1 - 150.168.31.254
subnet-3 : - 150.168.32.0/20-------------------------------150.168.32.1 - 150.168.47.254

4)IGW | NAT IGW

 IGW: Internet Gateway: to provide internet services to public subnets, free
of cast
 VPC: IGW ---- 1:1 (VPC and IGW should be in 1:1 ratio)
 NAT IGW: to provide internet services to private subnets, chargeable
---------------------------------------------------------------------------------------

5) Route tables:
 decides whether it is public or private subnet
 default route table: it is nothing but main route table
 public route table: IGW , subnet-1,2
 private route table: NAT IGW, subnet-3,4
--------------------------------------------------------------------------------------
6)SG | NACL
A virtual firewall that controls traffic to and from resources associated with it. You can specify which
traffic is allowed based on IP addresses and port ranges
1. SG is nothing but security group
a) inbound rules: incoming traffic
SSH --- 22
HTTP -- 80
HTTPs -- 443
RDP ---- 3389
b) outbound rules: outgoing traffic
ALL Traffic
2. NACL: Network Access control list
inbound rules: incoming traffic
outbound rules: outgoing traffic
 rule no --- allow/deny

CLASS-3:
Why VPC setup done: it is nothing but platform, we need launch server on this platform.
VPC set up
plat form ---- server
AWS : default VPC
custom VPC
Create VPC step by step: (recoding 4 and 5)
VPC : 10.50.0.0/16 (VPC provided by company)
 subnets-1 : 10.50.0.0/22 --- 1019/1024 ips --- 10.50.0.1 - 10.50.3.254
 subnets-2 : 10.50.4.0/22 --- 1019/1024 ips ---10.50.4.1 - 10.50.7.254
 subnets-3 : 10.50.8.0/22 --- 1019/1024 ips ---10.50.8.1 - 10.50.11.254
 subnets-4 : 10.50.12.0/22-- 1019/1024 ips -----10.50.12.1 - 10.50.15.254
1. login AWS as IAM user
2. click on VPC (default VPC will show)
3. navigate to cleate VPC
4. Give name as VPC-1
5. Give the subnet like 10.50.0.0/16
6. Create the VPC
7. Navigate to subnetting
8. Click on create subnet
9. Select VPC id from dropdown menu
10. Give subnet name as VPC1-Subnet-1
11. Same as above create, 4 subnets
Internet gate ways:

Once click on create its in detach mode

Now change detach to attach mode

Successfully attached internet gateway

Route tables:
By default, created one route table
I m creating public route table
Edit route and add route

Add route:

Note: Create private route table same as public no need to add route

Security groups
Edit VPC setting and enable dns host name then vpc ready the dns

We can create 5 VPCs for region (1+4) and 1 VPC max we can create 200 subnets only

==================================================================
before launching the server, we need to create keypair
keypair : -- 1)public key --- managed by AWS --- region specific
2)private key -- Given to user
max 5000 keypairs per region
two file formats:
1) .pem : privacy enhanced mail
2) .ppk : putty private key

====================================================
Log tools :
1)putty : .ppk file
2)git bash : .pem
3)MobaxTerm : .pem
server --- keypair (default user)
 password
create .pem file
AMI -- Amazon Machine Image
public key : 3.12.73.172
private key : 10.50.15.225
Elastic IP : 13.234.243.250
Login Tool : download putty
puttyGen : converts .pem to .ppk
putty : Login purpose
apache2

git

winscp

pipeline :

git ---> jenkins ----> server

DNS ------> Route53 -----> server ip

After server launch: (recorded file 6 and 7 server launching process)

ubuntu@ip-10-50-15-225:~$ sudo apt install update
ubuntu@ip-10-50-15-225:~$ sudo apt install tree -y
ubuntu@ip-10-50-15-225:~$ sudo apt install apache2 -y
service apache2 status (to know the status of apache)

we can `use putty or gitbash

How do u login the private server in AWS
1. Launch 1 public servers in AWS (called as bastions server)
2. Launch 1 private servers in AWS
3. Public server is logged in with public ip
Private server login procedure:
 Take private server keypair
 Copy the private keypair in public server with same name like as below


 Save the key in public server.
 Execute below steps


 Try to check internet in private server,

 Not getting internet due to non-connection
 Need to create NAT gateway on public server
Open VPC and navigate to NAT gateway
Go to route table and navigate to private subnet, add route as a NAT gateway.

After this configuration private server is working fine

----------------------------------------------------------------------------------------------------------------------------
Peering: (recording 10)
Setup:
1. Peering is to develop the communication between two different networks
2. Create 2 VPCs within the region (intra peering) (Ohio region)
3. Launch 2 servers each VPCs (server-1 is in VPC-1 and server-2 is VPC 2)
4. Server 1 and server 2 are having public networks, both servers are communicating etch
other with limited access through public network (Limited access mean between the
servers no data sharing access) it’s called handshaking communication
5. Now we need to configure peering between the VPCs with private network

Configuration:
1. Access SSH to server 1 and ping server 2 public Ip, It is pingable then ur having limited access it is
called as handshaking communication

2.Try to ping server 2 private ip from server 1, it is not pingable, so there is no communication
between the 2 VPCs

3 . Navigate to peering tab and configure as below

4. Accept the request:

5. Open VPC1 route table and give server 2’s private ip as below(we can configure specific like
particular server or vpc or subnet also)

6. Open VPC2 route table and give server 1’s private Ip as below
--------------------------------------------------------------------------------------------------------

EBS (Elastic Block Storage): by default EBS is AZ specific (recording-11)

1.Root volume: Generally, if you launch any server, then by default having volume it’s called root volume, this
volume is bootable.

2.Additional volume: this volume is bootable and non-bootable

Volume types: bootable and non-bootable, each volume having device name.

Bootable volumes:

o Magnetic
o General purpose
o Provisioned IOPS

non-bootable volumes:

o COLD -HDD
o Throughput

By default, volumes are raw

Raw---------------format----------mount

We need to check 1st the volumes are formatted or not, apply below commands

sudo file -s <device name>

sudo mkfs -t ext4 <device name>

sudo mount source location target location

By default, EBS is AZ specific, with in AZ only we can use the storage.

Setup:
 1. Launch one instance
2. Create volume as below

2. Attach the volume

To check the volume by using below command:

To check the volume, it is formatted or not:

sudo file -s <device name>

To mount data (RAW) position to other :

sudo mkfs -t ext4 <device name>

sudo mount source location target location

If additional volume size increase:

If you want to use same storage on different region then we need create snapshot.
Please refer recording 11

Process management:
If you want to run any command, then running process will store in below path

Commands for process management:

=================================================================================
ELB (Elastic Load Balance) (Rec 12):
 ELB job is going to take the incoming request and forwarding equal in to the existing server
 Region specific (with in the region only it will work -----cross AZ)
How they are going to forward request depends on the type of ELBs

Classic ELB: This is very old generation ELB it is going work on round robin prosses
Network ELB:

Setup:

1.Go to the OHIO region Launch 2 instances (both UBUNTU)

2.Take only ubuntu or amazon Linux, combination is will not work
3.Try to access both instances through ssh and launch the site on both

Configuration:
1. Try to create classic ELB in AWS
2. Classic ELB supported below protocols
 3. While creating ELB check the health of instances, after health checkup done screen will show
as below

4. Please taken ELB DNS URL as below and send request to the server

Network ELB: incpming request as per the network

Network ELB supports protocols
Please refer recording 12.
==============================================================================
Auto scaling:
Auto scaling group is without any manual intervention activities is done in server, based on
our requirement automatically server reducing and increasing will happened

Setup:
Before configuration we need some concepts
1. Create one instance (Ubuntu) and launch the application
2. Create the topics (SNS)

3. Create Image from instance

 IAM (Identity Access Management)
--User Creation
Console Access User
-Console Access User called as root user --web access, this user having username
and password
-username
-password -- custom password / Auto Generated
-Login URL
Programmatic Access user -- cmd access
-AccessKey
-SecretKey
Note: this is command line access, for this we can down load python and AWS cli
https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
Download python: https://www.python.org/
Group creation :
Group can be created as per the requirement
Policies creations:
1.AWS Managed Policies
-read only Access
full Access
2.custom Policies
-JSON script
--Roles
roles are attached to resource

Every service having ARN(Amazon resource Name) it is unique identity name

AWS CLI is equalent platform to AWS console

AWS cli setup: (recording 18 and 19)
AWS CLI documentation Link :
https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
https://docs.aws.amazon.com/cli/latest/userguide/cli-services-s3-commands.html#using-s3-
commands-managing-buckets-creating

1.https://awscli.amazonaws.com/AWSCLIV2.msi
2.Windows Download and run the 64-bit Windows installer.
3.Open Command prompt and Run as An Administrator
snap install aws-cli --classic
4.aws --version
5.aws configure
 AWS Access Key ID [None]: AKxxxxxxxxxUK6
 AWS Secret Access Key [None]: axxxxxxxsvg
 Default region name [None]: us-east-1
 Default output format [None]: json

Commands:
1. To show the IAM list of users’ command
C:\> aws iam list-users
2. To show the IAM list of groups command
C:\> aws iam list-groups
3. Group creation
C:\> aws iam create-group --group-name-demo
4. User Creation
C:\>aws iam create-user --user-name Duser
5. Policy Attachment:
C:\> aws iam attach-user-policy --user-name Duser --policy-arn
arn:aws:iam::aws:policy/AdministratorAccess

6. Add user to Group

C:\>aws iam add-user-to-group --user-name Duser --group-name Demo
Simple Storage Service (S3):
1. S3 is one of the global services.
2. While creating the S3 buckets, we are going to set a region, your current region is will be taken
as default region
3. If you want to storage any data in a cloud nothing but S3, it is like a folder,

4. If you create any buckets by default, that bucket is in private mode only. We have to make
externally private mode

 bucket creation: private mode ----> public mode

 region selection: no need to select, automatically it will select
 bucket name is unique
 object storage: private mode only
There are 2 types data:
1) Read-After-Write Consistency:

 Strong Consistency
 once data is uploaded in particular region, then it never leaves the region.
 If we upload a file into s3 bucket, the file will be copied/replicated across the
multiple az's in the same region.

2 ) Eventual Consistency:
For Updates and deletes
If we did any modifications to a file in one data center and some one
trying to access same file from another data center they may not get updated one.
after some time, modified file replicates to all data center.
It is known as Eventual Consistency.
-We can mention during read consistence read or eventual consistence read.
-In case of consistence read, s3 will check all the data centers and returns the most updated data.

Availability refers to system uptime, (how quickly it is responding to u )

Durability refers to long-term data protection (how long data can be stored)
Note: By default, we can create up 100 buckets for each AWS account and we can increase up to
max 1000 buckets, there is no default size of bucket.
Storage classes: (https://aws.amazon.com/s3/storage-classes/)
1. Standard:
2. STD_IA
3. one zone_IA
4. intelligent tier
5. Glacier
6. deep Glacier
7. RRS

CHAPTERS IN S3
Versioning:

Life Cycle:
AWS S3 Lifecycle is a set of rules that automatically manages the lifecycle of objects in an Amazon S3
bucket

CRR (Cross Region replica):

Amazon S3 CRR automatically replicates data between buckets across different AWS Regions. With
CRR, you can set up replication at a bucket level, a shared prefix level, or an object level using S3
object tags.