AWS - robbiehume/CS-Notes GitHub Wiki

Bookmark links (Click me)

Common AWS tutorials

Other docs / tutorials

Links

Common AWS tutorial docs

Look into

AWS Overview

AWS CLI

  • Prerequisites to use AWS CLI
  • Need to add user access keys or setup IAM roles for AWS CLI to work
  • For access keys, create a key pair for a user and add them by running the aws configure command
  • For IAM roles, create a role with the specific permission polices and attach the role to the EC2

Security groups

  • Security groups docs
  • Security groups act as a firewall to allow / disallow certain traffic based on different parameters (port, IP, etc.)
  • If you plan to launch EC2 instances in multiple regions, you need to create a security group for each region

IAM (identity & access management)

  • IAM is a permissions system that helps you control access to AWS resources (S3 bucket, EC2 instance, etc.)
  • Users attempt to perform actions on resources, i.e. S3::CreateBucket
  • Authorization to perform and action depends on a policy
  • It allows you to assign permissions to groups of users or specific users
  • 4 key concepts
    • Users: specific individuals, can receive personal logins (secret access keys)
    • Groups: a collection of users with a common theme
    • Roles: a collection of policies (DB read, DB write)
    • Policies: low level permission to resources (allow or deny)
      • They are JSON files that specify what actions a particular user or role can / can't do with a resource

Snapshots vs AMI:

  • Comparison article
  • Summary:
    • EBS snapshot is just a data backup
    • AMI is a representation of system state at specific time. You can also boot from it
  • EBS snapshot:
    • It's used as a backup of a single EBS volume attached to the EC2 instance
    • It's the better option when the instance contains multiple EBS volumes
    • Only play for the storage of the modified data (it's an incremental backup type)
    • It is a non-bootable image on EBS volume
  • AMI:
    • It's used as a backup of an EC2 instance
    • An AMI uses a snapshot
    • It's used to replace a failed EC2 instance
    • Only pay for the storage that you use
    • It is a bootable image on an EC2 instance

EC2 (Elastic Compute Cloud)

  • EC2 tutorial video
  • Gives you bare servers to run software on
  • Can access an EC2 through putty (or similar ssh client) or AWS provides a browser CLI access page (select instance and click "connect")
  • SSH to EC2: ssh -i <key_file> ec2-user@<public DNS>
  • EC2 creation steps:
    1. Choose an AMI (Amazon Machine Image)
      • AMI is a template used to create a new instance / machine based on user requirement
      • It includes configs related to the software, OS, storage volume info, and access permissions
      • There are predefined AMIs and you can also create custom ones or copy an image from an existing instance
    2. Choose an instance type (the hardware specs you need)
      • The types are organized into 5 main families:
        • Compute optimized, Memory optimized, GPU optimized, Storage optimized, and General purpose
    3. Configure the instance (how many, what subnets, IAM roles, shutdown behavior, etc.)
      • Shutdown behavior: stopping = temporarily shutdown the system; terminating = returning control back to Amazon
      • Can also add bootstrap scripts that are executed when the VM starts up
    4. Add storage (ephemeral storage, EBS (elastic block storage), or S3)
    5. Add tags to be able to identify the EC2 instance easier; this is necessary for large environments with lots of instances
    6. Configure the Security Groups / firewall
    7. Review
      • Can setup public / private key pairs to login with PuTTY (ec2-user is the default user)

ELBs (elastic load balancer)

  • How ELBs work (AWS docs)
  • 3 types of AWS load balancers: classic, application, and network
    • Also can set it up as internal (private) or external (public)
  • Benefits of load balancers:
    • They allow you to better handle traffic and spread the load across multiple instances
    • Allow you to only expose a single point of access (DNS) to your application
    • Can seamlessly handle instance failures without the user even realizing
    • Can also use cookies to enforce stickiness where a user is always sent to the same instance
    • Can do health checks on the instances
  • When the ELB detects an unhealthy EC2 instance, it'll stop routing traffic to it and spread the load across the other instances
  • When using VPC, you can create security groups assisted with ELB to provide additional networking security options
  • Can set the protocol and port for both the load balancer and the EC2 instance
  • Need to set the health check that the load balancer will use to monitor the EC2 instances
  • When using an ELB with an ASG, it' not necessary to register individual EC2 instances with the ELB
    • Instances that are launched by the ASG are automatically registered with the ELB
  • You need to add a rule to the security group used by the EC2 instances that allows traffic from the ELB security group

ASG (autoscaling group)

  • AWS auto scaling helps you monitor applications and automatically adjust capacity to maintain steady, predictable performance at the lowest possible cost
  • Benefits:
    • Provides better fault tolerance, cost management, reliability, scalability, and availability
  • Using snapshots or AMI allows you to launch multiple EC2 instances with minimum time and same configuration
  • Scaling plan: helps a user configure a set of instructions for scaling based on software requirements
    • Dynamic scaling: helps optimize resources (for availability and price) based on required metrics and thresholds
    • Predictive scaling: predicts the future workload based on daily / weekly trends and regularly forecast future network traffic
  • When creating an ASG, you assign the ins
  • You create a configuration launch template for the EC2 instances

Serverless Architecture

  • Serverless doesn't actually mean there's no server, it means that you as the developer don't have to care about the server behind the scenes
    • As the developer, you don't have to care about writing code for a server, creating a server, maintaining a server, or deploying a server
    • It allows you to focus on code instead of web server infrastructure

JAMstack (JavaScript, APIs, and Markup)

  • Goal is to host things that become super fast and easy to serve to a user and easy for the developer to host
  • You use serverless functions for the host to just take care of things

Severless Functions

  • Only pay for the amount of time used or requests received by your functions

Pros and Cons of Severless:

  • No server maintenance
  • Low cost and easy to scale
    • Serverless functions spin up when you need them and spin don't when you don't, so you're only paying for what you use
  • Con: typically no access to a file system, so can't keep a state in memory

AWS API Gateway:

  • Getting started with the REST API console
  • Allows you to create a RESTful API for AWS services (Lambda, EC2, etc.)
    • Ex: can setup an API that runs a Lambda function when you make a certain HTTP request (GET, POST, etc.)
  • API lambda integration type
    • Lambda proxy integration:
      • Supports a streamlined integration setup with a single Lambda function
      • The setup is simple and can evolve with the backend without having to tear down the existing setup
      • It is the better option in most cases
    • Lambda custom (non-proxy) integration:
      • Allows for reuse of configured mapping templates for various integration endpoints that have similar requirements of the input and output data formats
      • This option is more involved and is recommended for more advanced application scenarios

AWS Lambda Functions:

  • Event-driven approach; code functions only run when a trigger occurs
    • Ex: if a file is uploaded to an S3 storage bucket, take a certain action
  • AWS CLI download lambda

S3 (simple storage service) buckets

  • S3 buckets provides safe and secure object storage
  • Can store all types of files, media, source code, spreadsheets, etc.
  • It automatically makes copies on multiple devices at multiple facilities
  • Provides different storage classifications
  • Also provides ACL
  • S3 buckets are useful in a variety of contexts:
    • Website hosting: storing static content (HTML/CSS, JS, etc.)
    • Database backups: store a snapshot of a database
    • Data processing pipelines
  • S3 bucket static website hosting
    • Inside the bucket go to the 'Properties' tab and go to the bottom and click the edit button in Static website hosting
    • Click 'Enable' under static website hosting
    • Choose 'Host a static website'
    • Set index.html as the index document
    • Then go to the permissions tab and turn on 'Block all public access'
    • Then edit the bucket policy: 
      • {"Sid": "Access-to-specific-VPCE-only", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": ["<bucket ARN>/*",	"<bucket ARN>"], "Condition": {"StringEquals": {"aws:sourceVpc": ["vpc-123abc"]}}}

VPC

RDS (Relational Database Service)

⚠️ **GitHub.com Fallback** ⚠️