AWS Cloud Essentials - Yash-777/MyWorld GitHub Wiki
- Root user Account owner that performs tasks requiring unrestricted access.
π AWS Concepts
AWS Cloud Essentials - GETTING STARTED GUIDE
Amazon Elastic Compute Cloud (EC2) : Create, manage, and monitor virtual servers in the cloud.
πΊοΈ AWS Network Architecture Overview
Amazon Web Services (AWS) provides a highly reliable, scalable, and secure global infrastructure. Understanding the hierarchy and relationship between Regions, Availability Zones, VPCs, Subnets, and Networking Components is fundamental to architecting solutions in AWS.
Amazon EC2 is hosted in multiple locations world-wide. These locations are composed of AWS Regions, Availability Zones, Local Zones, AWS Outposts, and Wavelength Zones.
- Regions are separate geographic areas.
- Availability Zones are multiple, isolated locations within each Region.
- Local Zones provide you with the ability to place resources, such as compute and storage, in multiple locations closer to your end users.
- Wavelength Zones provide you with the ability to build applications that deliver ultra-low latencies to 5G devices and end users. Wavelength deploys standard AWS compute and storage services to the edge of telecommunication carriers' 5G networks.
- AWS Outposts brings native AWS services, infrastructure, and operating models to virtually any data center, colocation space, or on-premises facility.
AWS operates state-of-the-art, highly available data centers. Although rare, failures can occur that affect the availability of instances that are in the same location. If you host all of your instances in a single location that is affected by a failure, none of your instances would be available.
π’ AWS Region = Branch Head Office
A Region is a large geographic area in the world (like Mumbai, Virginia, or Ireland) where AWS provides its services. Each region contains multiple data centers, which are grouped into Availability Zones.
Regions are independent β they don't share infrastructure or resources with other regions. When you create AWS resources (like EC2 instances or databases), you choose a specific region to host them.
When you are preparing to deploy a workload, consider which Region or Regions best meet your needs. For example, select a Region that has the AWS services and features that you need. Also, you can lower network latency when you select a Region that is close to the majority of your users.
Account types
- An AWS account provides multiple Regions so that you can create AWS resources in the locations that meet your requirements. For example, you want to create resources in Europe to be closer to your European customers or to meet legal requirements.
- An Amazon AWS (China) account provides access to the Beijing and Ningxia Regions only. Amazon Web Services China Regions
- π An AWS GovCloud (US) account provides access to the AWS GovCloud (US-West) Region and the AWS GovCloud (US-East) Region. AWS GovCloud (US-East and US-West), operated by U.S. citizens on U.S. soil that enable secure, scalable, and resilient enterprise cloud architectures
AWS GovCloud (US-East and US-West), operated by U.S. citizens on U.S
What it is: AWS GovCloud is a specialized region that is isolated from other AWS commercial regions and designed to comply with strict U.S. government requirements (such as ITAR, FedRAMP, and CJIS). It provides cloud services for government agencies and contractors, allowing them to store sensitive data in a compliant and secure environment.Location: AWS GovCloud has two main regions:
- GovCloud (US-East) β Located in the U.S. East region.
- GovCloud (US-West) β Located in the U.S. West region.
Why it's different:
- Compliance: It supports a variety of U.S. government compliance programs.
- Isolation: The infrastructure is separate from AWS's commercial regions to meet security and compliance needs.
- Restricted Access: Only U.S. persons (i.e., citizens or permanent residents) are allowed to manage resources in AWS GovCloud.
Example: Think of AWS GovCloud as a special building inside AWS with higher security, where only authorized government contractors or federal agencies can access sensitive data.
You can't describe or access the Regions of one type of account from another. For example, you can't access the AWS GovCloud (US) Regions or the China Regions from an AWS account.
Specify which AWS Regions your account can use
| Regions enabled by default | Regions disabled by default |
|---|---|
|
|
The following table lists are some of the Regions provided by an AWS account.
| Region Code | Region Name | AZs (AZ ID's) | Geography | Opt-in status |
|---|---|---|---|---|
| us-east-1 | US East (N. Virginia) | 6 | United States of America | Not required |
| us-east-2 | US East (Ohio) | 3 | United States of America | Not required |
| us-west-1 | US West (N. California) | 3 β | United States of America | Not required |
| us-west-2 | US West (Oregon) | 4 | United States of America | Not required |
| ap-south-2 | Asia Pacific (Hyderabad) | 3 (aps2-az1, aps2-az2, aps2-az3) | India | Required |
| ap-south-1 | Asia Pacific (Mumbai) | 3 (aps1-az1, aps1-az2, aps1-az3) | India | Not required |
Region vs Zones : Switch Regions to manage Zones for a different AWS Region.
Regions and Nodes Ex: Asia Pacific (Mumbai) - ap-south-1
|
||||||
|---|---|---|---|---|---|---|
|
||||||
 |
||||||
| Availability Zones | Local Zones | Wavelength Zones | AWS Outposts |
|---|---|---|---|
us-west-2a |
us-west-2-lax-1 in Los Angeles |
us-west-1-wl1-den-wlz-1 | customer premises us-west-2
|
 |
 |
 |
 |
An Availability Zone (AZ) is one or more data centers within a region. These data centers have their own power, cooling, and networking to keep them running independently.
AZs are close enough to each other to allow fast communication, but they are built separately so that if one has an issue (like a power failure), the others are not affected.
Example AZ names: ap-south-1a, ap-south-1b, etc.
AZs in the same region are connected by low-latency, high-speed links, allowing them to work together efficiently. This setup increases availability and fault tolerance.
| AWS Availability Zones | |
Each Region has multiple, isolated locations known as Availability Zones. |
The following diagram illustrates multiple Availability Zones in an AWS Region. |
π§ Key relationships
- A Region contains multiple Availability Zones.
- An Availability Zone is part of only one region.
- You can deploy your applications across multiple AZs in the same region for high availability and disaster recovery.
𧩠Example: Imagine AWS is like a chain of supermarkets:
- A Region is like a city where AWS has stores.
- An Availability Zone is like a separate store in different neighborhoods of that city.
- If one store has a power outage, other stores in the city (AZs) still work.
- And if there's a problem in one city (Region), it doesn't affect stores in another city.
Local Zones are like small branch offices in a city (usually near a major region). These are connected to a larger AWS region but provide low-latency services for users or workloads closer to those locations.
Example:
- AWS Region = "Main Head Office in New York"
- Local Zone = "Branch office in Los Angeles" for specific workloads needing low-latency, like gaming applications.
Outposts are like miniature branch offices that are built directly inside your own physical data center. These are AWS-managed racks that extend AWS infrastructure into your on-premises environment.
Example:
- Main Head Office = "AWS Data Center in New York"
- Outposts = "Small AWS office within your own data center in California"
AWS takes care of the management, but you're still running some workloads on-premises for specific needs.
Wavelength Zones are special places where AWS has set up edge data centers. These are used primarily for low-latency applications like 5G, gaming, or AR/VR, and they bring AWS resources closer to users' devices.
Example:
- Wavelength Zone = "A small server in a telecom provider's building near your customers" (for real-time apps like gaming or VR)
π Comparison Table:
| Concept | Real-World Analogy | Purpose |
|---|---|---|
| Region (Head Office) | Main Office Building in a City | Physical location where AWS resources are run. |
| Availability Zone (AZ) | Area-Wise Office in the City | Isolated data centers in the same region for redundancy. |
| Local Zone | Small Branch Offices in a City | Extends AWS to smaller locations for low-latency services. |
| Outposts | Mini Branch in Your Own Data Center | AWS infrastructure managed in your on-premises environment. |
| Wavelength Zones | Edge Data Centers in Telecom Providers' Buildings | Low-latency services for 5G, gaming, AR/VR, etc. |
π§ Simple Explanation of Key Terms:
-
Region (Head Office): AWS global presence divided into multiple regions (e.g., US-East-1, EU-West-1). These are large geographic areas that host your resources.
-
Availability Zone (Area-Wise Office): Multiple AZs exist in each region. Think of each AZ as a separate office that helps ensure your workloads stay online even if one office (AZ) faces an issue.
- π Best Practices: Use AZs for Fault Tolerance: Spread your workloads across multiple AZs within a region for high availability.
-
Local Zones (Small Branch Offices): Smaller, nearby locations within a region that provide low-latency access for things like gaming or media.
- π Best Practices: Leverage Local Zones for Low-Latency: Use Local Zones when you need to serve users with extremely low latency (e.g., gaming, live streaming).
-
Outposts (Mini Branches): AWS infrastructure that you can set up inside your own building or data center to extend AWS services locally.
- π Best Practices: Outposts for Hybrid Cloud: If you need to run some services on-premises but want AWS-like management, consider Outposts.
-
Wavelength Zones (Edge Locations): Super-close-to-user infrastructure deployed by AWS at the edge of mobile networks (like 5G towers) to handle latency-sensitive apps.
- π Best Practices: Wavelength for 5G: If youβre developing mobile apps or 5G applications, Wavelength Zones are key to reducing latency.
Billing Information - Secure verification : We will not charge you for usage below AWS Free Tier limits. We may temporarily hold up to $1 USD (or an equivalent amount in local currency) as a pending transaction for 3-5 days to verify your identity.
New: Resource search Type "/Resources" (forward slash) to focus search results on resources such as EC2 instances, S3 buckets, and more.
π‘οΈ AWS VPC & Subnet Limits (Per Region)
| What is Amazon VPC? | For more information, see Amazon Virtual Private Cloud (Amazon VPC) | |
|---|---|---|
|
 |
Does VPC belong to a region or zone?
- β A VPC is regional. VPC is like a private network inside AWS.
- π A VPC (Virtual Private Cloud) covers all the Availability Zones (AZs) in a region.
- When you create a VPC, it's available across multiple AZs within the same region only.
π¦ Subnets
What is a subnet?
- A subnet is a segment of the VPCβs IP address range.
- Subnets divide the VPCβs IP space into smaller chunks.
Subnet scope:
- β A subnet is tied to a single Availability Zone.
- You must specify an AZ when creating a subnet.
- Types of subnets:
- Public subnet:
- Has a route to the Internet Gateway.
- Instances in this subnet can have public IPs and access the internet.
- Private subnet:
- No direct route to the Internet Gateway.
- Used for internal services like databases.
- Public subnet:
π§ Key relationship:
- A VPC spans a region, but subnets live in a single AZ.
- You typically create one subnet per AZ for high availability.