4) AWS Fundamentals:

Three different network zones:

AWS Global Infrastructure:

- Regions
- Edge Locations
- Availability Zones (AZs) helps with providing low latency.

AWS Regions:
- isolated fault tolerance.
- Different governance/laws based on a particular region.
- location control for low latency.

AWS Regions have a Region Code, Region Name and AZs.

For example, code = ap-southeast-2

Region name = Asia Pacific (Sydney)
AZs = ap-southeast-2a, ap-southeast-2b and ap-southeast-2c

Service Resilience - Globally resilient, Regionally resilient, AZ resilient.

Basic Services:

VPC:

● VPC is within 1 account & 1 region (regionally resilient)

● Private and isolated

➔ Default VPC (Only one per region)

➔ Custom VPC (multiple, but needs to be configured)

● Default VPC:
○ Only one per region (can be removed & recreated)
○ The default VPC CIDR is always 172.31.0.0/16
○ A /20 subnet is created in each AZ in region.
○ Subnets in the default VPCs are set to give services a public IPv4 addresses.

EC2:

● IaaS - provides VMs or instances

● Private service by default

● AZ resilient

● On-demand billing (per second etc.)

● Storage options - Local storage or Elastic Block storage (EBS)

● Instance Lifecycle
○ Running - charged for CPU compute time, memory, storage, and networking etc.
○ Stopped - not charged for anything except storage (EBS)
○ Terminated

Amazon Machine Image (AMI):

● Can be used to create an EC2 instance, or created from an EC2 instance

● Can be set as - public (everyone allowed), implicit allow (owner only), or Explicit (specific
accounts are allowed)

● Contains - attached permissions, Root volume, and Block device mapping

Connecting to EC2:
Windows:
● Remote desktop protocol (RDP) over TCP port 3389
● Get the admin password by decrypting it from the private part of the key pair
 ● By using the Remote Desktop Connection application
Linux:
● SSH using port 22 (authentication happens using key pairs)
● Key pairs - public part kept by AWS, private part downloaded by you

S3:

● Global, Public service

● Regionally resilient

All S3 objects and buckets are private by default.

Objects are the files that are stored. Buckets contain objects.

● Object key (file name) ● Regional (unless configured otherwise)

● Value (contents of the object) ● A bucket name should be globally unique

● Can hold unlimited number of objects

Objects can be empty or between 0-5 TB

“Folders” exist as prefixes in buckets (For example, bucket-name/folder-name/object-name.txt

CloudFormation:

● Templates are written in either YAML or JSON

● Resources configured in a CFN template are called - Logical resources (instances,

buckets etc.)

● Stack - contains all Logical resources that a template tells it to create

● CloudFormation takes a template and creates a stack. For all the Logical resources in a
stack, CloudFormation creates a Physical resource

● CloudFormationUse cases - Automation, change management and for quick

deployments.

In a YAML document, the Description should always immediately follow the

AWSTemplateFormatVersion.
CloudWatch:

● Collects and manages operational data (Metrics)

➔ CloudWatch Events - manages operational changes and executes operations if set up

➔ CloudWatch Logs - collection, monitoring of logging data

Components of CloudWatch:

● Namespace - container for data (for example, AWS/EC2)

● Metrics - collection of time ordered set of data points

○ Data points - Timestamp + value

● Dimension - name value pairs that separate data points for different perspectives within
the same metric

● Alarms are linked to metrics to trigger actions (like send a SNS notification etc.)

Shared Responsibility Model