AWS - robbiehume/CS-Notes GitHub Wiki

Bookmark links (Click me)

Common AWS tutorials

• Set up to use Amazon EC2 - Amazon Elastic Compute Cloud
• Connect to your Linux instance using SSH - Amazon Elastic Compute Cloud
• Tutorial: Create a Classic Load Balancer - Elastic Load Balancing
• Install a web server on your EC2 instance - Amazon Relational Database Service
• Connect to your Linux instance - Amazon Elastic Compute Cloud
• Control traffic to resources using security groups - Amazon Virtual Private Cloud
• Get started with Amazon VPC - Amazon Virtual Private Cloud
• Getting set up with IAM - AWS Identity and Access Management
• Creating an IAM user in your AWS account - AWS Identity and Access Management
• Create an Auto Scaling group using a launch template - Amazon EC2 Auto Scaling
• Getting started with API Gateway

Other docs / tutorials

• Prerequisites to use the AWS CLI version 2 - AWS Command Line Interface
• Managing access keys for IAM users - AWS Identity and Access Management
• Set Up an AWS Account and Create an Administrator User - Amazon Kinesis Data Streams
• Set up EC2 Instance Connect - Amazon Elastic Compute Cloud

• AWS Lambda & Serverless Framework
• Serverless with Lambda & API Gateway | AWS BASICS
• ELB with ASG for EC2

---

• Create a classic load balancer
• Set up an EC2
• Load balancer EC2 health check failures
  • Add EC2 security group rule to allow traffic from load balancer security group
• How to connect to your Linux instance
• Getting started with AWS VPCs
• Create an ASG using a launch template

---

• Proxy S3 and lambda from nginx
• API Gateway and authorizers
• https://www.youtube.com/watch?v=uFsaiEhr1zs

• AWS provides a lot of different services
  • EC2, ELB, ASG, S3, VPC, RDS
• Common service icons

• Prerequisites to use AWS CLI
• Need to add user access keys or setup IAM roles for AWS CLI to work
• For access keys, create a key pair for a user and add them by running the aws configure command
• For IAM roles, create a role with the specific permission polices and attach the role to the EC2

• Security groups docs
• Security groups act as a firewall to allow / disallow certain traffic based on different parameters (port, IP, etc.)
• If you plan to launch EC2 instances in multiple regions, you need to create a security group for each region

• IAM is a permissions system that helps you control access to AWS resources (S3 bucket, EC2 instance, etc.)
• Users attempt to perform actions on resources, i.e. S3::CreateBucket
• Authorization to perform and action depends on a policy
• It allows you to assign permissions to groups of users or specific users
• 4 key concepts
  • Users: specific individuals, can receive personal logins (secret access keys)
  • Groups: a collection of users with a common theme
  • Roles: a collection of policies (DB read, DB write)
  • Policies: low level permission to resources (allow or deny)
    • They are JSON files that specify what actions a particular user or role can / can't do with a resource

• Comparison article
• Summary:
  • EBS snapshot is just a data backup
  • AMI is a representation of system state at specific time. You can also boot from it
• EBS snapshot:
  • It's used as a backup of a single EBS volume attached to the EC2 instance
  • It's the better option when the instance contains multiple EBS volumes
  • Only play for the storage of the modified data (it's an incremental backup type)
  • It is a non-bootable image on EBS volume
• AMI:
  • It's used as a backup of an EC2 instance
  • An AMI uses a snapshot
  • It's used to replace a failed EC2 instance
  • Only pay for the storage that you use
  • It is a bootable image on an EC2 instance

• EC2 tutorial video
• Gives you bare servers to run software on
• Can access an EC2 through putty (or similar ssh client) or AWS provides a browser CLI access page (select instance and click "connect")
• SSH to EC2: ssh -i <key_file> ec2-user@<public DNS>
• EC2 creation steps:
  1. Choose an AMI (Amazon Machine Image)
     • AMI is a template used to create a new instance / machine based on user requirement
     • It includes configs related to the software, OS, storage volume info, and access permissions
     • There are predefined AMIs and you can also create custom ones or copy an image from an existing instance
  2. Choose an instance type (the hardware specs you need)
     • The types are organized into 5 main families:
       • Compute optimized, Memory optimized, GPU optimized, Storage optimized, and General purpose
  3. Configure the instance (how many, what subnets, IAM roles, shutdown behavior, etc.)
     • Shutdown behavior: stopping = temporarily shutdown the system; terminating = returning control back to Amazon
     • Can also add bootstrap scripts that are executed when the VM starts up
  4. Add storage (ephemeral storage, EBS (elastic block storage), or S3)
  5. Add tags to be able to identify the EC2 instance easier; this is necessary for large environments with lots of instances
  6. Configure the Security Groups / firewall
  7. Review
     • Can setup public / private key pairs to login with PuTTY (ec2-user is the default user)

• How ELBs work (AWS docs)
• 3 types of AWS load balancers: classic, application, and network
  • Also can set it up as internal (private) or external (public)
• Benefits of load balancers:
  • They allow you to better handle traffic and spread the load across multiple instances
  • Allow you to only expose a single point of access (DNS) to your application
  • Can seamlessly handle instance failures without the user even realizing
  • Can also use cookies to enforce stickiness where a user is always sent to the same instance
  • Can do health checks on the instances
• When the ELB detects an unhealthy EC2 instance, it'll stop routing traffic to it and spread the load across the other instances
• When using VPC, you can create security groups assisted with ELB to provide additional networking security options
• Can set the protocol and port for both the load balancer and the EC2 instance
• Need to set the health check that the load balancer will use to monitor the EC2 instances
• When using an ELB with an ASG, it' not necessary to register individual EC2 instances with the ELB
  • Instances that are launched by the ASG are automatically registered with the ELB
• You need to add a rule to the security group used by the EC2 instances that allows traffic from the ELB security group

• AWS auto scaling helps you monitor applications and automatically adjust capacity to maintain steady, predictable performance at the lowest possible cost
• Benefits:
  • Provides better fault tolerance, cost management, reliability, scalability, and availability
• Using snapshots or AMI allows you to launch multiple EC2 instances with minimum time and same configuration
• Scaling plan: helps a user configure a set of instructions for scaling based on software requirements
  • Dynamic scaling: helps optimize resources (for availability and price) based on required metrics and thresholds
  • Predictive scaling: predicts the future workload based on daily / weekly trends and regularly forecast future network traffic
• When creating an ASG, you assign the ins
• You create a configuration launch template for the EC2 instances

• Serverless doesn't actually mean there's no server, it means that you as the developer don't have to care about the server behind the scenes
  • As the developer, you don't have to care about writing code for a server, creating a server, maintaining a server, or deploying a server
  • It allows you to focus on code instead of web server infrastructure

JAMstack (JavaScript, APIs, and Markup)

• Goal is to host things that become super fast and easy to serve to a user and easy for the developer to host
• You use serverless functions for the host to just take care of things

Severless Functions

• Only pay for the amount of time used or requests received by your functions

Pros and Cons of Severless:

• No server maintenance
• Low cost and easy to scale
  • Serverless functions spin up when you need them and spin don't when you don't, so you're only paying for what you use
• Con: typically no access to a file system, so can't keep a state in memory

• Getting started with the REST API console
• Allows you to create a RESTful API for AWS services (Lambda, EC2, etc.)
  • Ex: can setup an API that runs a Lambda function when you make a certain HTTP request (GET, POST, etc.)
• API lambda integration type
  • Lambda proxy integration:
    • Supports a streamlined integration setup with a single Lambda function
    • The setup is simple and can evolve with the backend without having to tear down the existing setup
    • It is the better option in most cases
  • Lambda custom (non-proxy) integration:
    • Allows for reuse of configured mapping templates for various integration endpoints that have similar requirements of the input and output data formats
    • This option is more involved and is recommended for more advanced application scenarios

• Event-driven approach; code functions only run when a trigger occurs
  • Ex: if a file is uploaded to an S3 storage bucket, take a certain action
• AWS CLI download lambda
• Steps to create Python Lambda Layer: (requests)
  1. Set up the directory for the layer
  • Create the python/ folder where you'll install the package(s)

  • mkdir -p lambda-layer/python
    cd lambda-layer/python
    

  2. Install the package locally

  • pip install requests -t .
    

  3. Zip the layer content

  • cd ..
    zip -r9 requests-layer.zip python
    

• S3 buckets provides safe and secure object storage
• Can store all types of files, media, source code, spreadsheets, etc.
• It automatically makes copies on multiple devices at multiple facilities
• Provides different storage classifications
• Also provides ACL
• S3 buckets are useful in a variety of contexts:
  • Website hosting: storing static content (HTML/CSS, JS, etc.)
  • Database backups: store a snapshot of a database
  • Data processing pipelines
• S3 bucket static website hosting
  • Inside the bucket go to the 'Properties' tab and go to the bottom and click the edit button in Static website hosting
  • Click 'Enable' under static website hosting
  • Choose 'Host a static website'
  • Set index.html as the index document
  • Then go to the permissions tab and turn on 'Block all public access'
  • Then edit the bucket policy:

    • {"Sid": "Access-to-specific-VPCE-only", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": ["<bucket ARN>/*",	"<bucket ARN>"], "Condition": {"StringEquals": {"aws:sourceVpc": ["vpc-123abc"]}}}

• VPC basics
• AWS default VPCs
• Getting started with AWS VPCs
• A VPC uses an internet gateway to be able to communicate with the outside internet

• It is a fully managed, in-memory caching service provided by AWS
  • In-memory means it's stored in RAM for faster retrieval compared to slower storage like disk drives
• It helps improve the performance and scalability of web apps by enabling fast retrieval of frequently accessed data
• What it is:
  • A caching layer that sits between your application and database
  • It supports two open-source caching engines: Redis and Memcached
• Key features
  • Fast performance with in-memory data storage
• Use cases:
  • Website and application caching: storing frequently access data to reduce database load and improve response time
  • Session caching: storing user session data for quick retrieval
  • Database query caching: caching results of common or compute-intensive queries to reduce database load

• API Gateway is designed for API management, handling complex API workflows, request validation, throttling, and security for microservices or serverless architectures.
• Application Load Balancer (ALB) is primarily used for HTTP(S) load balancing across EC2 instances, containers, or Lambda functions, distributing traffic at Layer 7 (application layer)

Detailed Comparison:

Feature	API Gateway	Application Load Balancer (ALB)
Primary Use Case	API management and microservices	Load balancing for web services and apps
Protocol Support	HTTPS (default), HTTP (internal communication)	HTTP, HTTPS
Routing	Path, query, method, header-based	Path and host-based
Lambda Integration	Direct, native	Supports, but less direct
Rate Limiting	Built-in	Not supported
Authentication	Cognito, IAM, OAuth, custom	Basic (via WAF)
WebSocket Support	Yes	No
Cost	Pay-per-request	Pay-per-hour + usage
Latency	Higher (due to transformations)	Lower
Caching	Supported	Not supported
Best For	Serverless, API management	Web traffic, container-based apps

When to Use API Gateway:

• Serverless applications (direct Lambda integration)
• Complex API management (rate limiting, authentication, request/response transformation)
• Microservices needing unified API endpoints
• WebSockets for real-time communication

When to Use ALB:

• Load balancing traffic to EC2, ECS, EKS, or Lambda
• Path/host-based routing for microservices
• High-traffic, lower-cost web services
• Simpler HTTP(S) applications without advanced API features

Decision Points:

• Use API Gateway when you need advanced API management, rate limiting, authentication, and request/response transformation
• Use ALB when you need load balancing, path-based routing, and simple HTTP traffic distribution