Sumit Katkar's Blog
Getting Started with AWS Basics☁

Getting Started with AWS Basics☁

Day 38 - 43 for 90DaysOfDevOps

Sumit Katkar's photo
Sumit Katkar
·

14 min read

Table of contents

Day 38: AWS

Learn AWS - Apps on Google Play

Amazon Web Services (AWS) is a comprehensive, on-demand cloud computing platform provided by Amazon. It offers a wide range of services, including computing power, storage options, networking, databases, machine learning, analytics, security, and more. AWS allows businesses to access and use computing resources without the need for investing in and maintaining physical infrastructure.

Here are some key components and services offered by AWS:

  1. Compute Services:

    • Amazon EC2 (Elastic Compute Cloud): Provides scalable compute capacity in the cloud, allowing users to run virtual servers for various applications.

    • AWS Lambda: Enables serverless computing, allowing you to run code without provisioning or managing servers.

  2. Storage Services:

    • Amazon S3 (Simple Storage Service): Provides scalable object storage with high durability and low latency.

    • Amazon EBS (Elastic Block Store): Offers persistent block-level storage volumes for use with Amazon EC2 instances.

  3. Database Services:

    • Amazon RDS (Relational Database Service): Managed relational database service supporting various database engines like MySQL, PostgreSQL, Oracle, and Microsoft SQL Server.

    • Amazon DynamoDB: Fully managed NoSQL database service.

  4. Networking:

    • Amazon VPC (Virtual Private Cloud): Enables you to create isolated networks within the AWS cloud.

    • Amazon Route 53: A scalable domain name system (DNS) web service.

  5. Machine Learning and AI Services:

    • Amazon SageMaker: A fully managed service for building, training, and deploying machine learning models.

    • Amazon Comprehend: Natural language processing service for analyzing text.

  6. Analytics:

    • Amazon Redshift: A fully managed data warehouse service.

    • Amazon Athena: Allows querying data stored in Amazon S3 using standard SQL.

  7. Security:

    • AWS Identity and Access Management (IAM): Manages access to AWS services and resources securely.

    • Amazon Inspector: Automated security assessment service.

  8. Management Tools:

    • AWS CloudWatch: Monitoring and observability service for AWS resources.

    • AWS CloudFormation: Infrastructure as code service for automated provisioning of AWS resources.

AWS has a vast ecosystem, and its services cater to a wide range of use cases, from startups to large enterprises. Users can pay for the services they use on a pay-as-you-go basis, making it a flexible and cost-effective solution.

Day 39: IAM

AWS Identity and Access Management (IAM) - Amazon AWS | Enlear Academy

IAM stands for Identity and Access Management, and it is a key service provided by Amazon Web Services (AWS) for managing access to AWS resources securely. IAM allows you to control who (authentication) can do what (authorization) on your AWS environment.

Here are some key concepts related to AWS IAM:

  1. Users: IAM users represent individuals or entities within your organization who interact with AWS resources. Each user has a unique set of security credentials (username and password or access keys) for accessing AWS services.

  2. Groups: Groups are collections of IAM users. By organizing users into groups, you can apply common permissions to multiple users simultaneously.

  3. Roles: IAM roles define a set of permissions for making AWS service requests. Unlike users, roles do not have any credentials associated with them. Instead, they are assumed by trusted entities, such as IAM users, AWS services, or even external identities.

  4. Policies: IAM policies are JSON documents that define permissions. Policies can be attached to users, groups, or roles to specify what actions are allowed or denied on what AWS resources.

  5. Permissions: Permissions in IAM are granted using policies. Each policy consists of one or more statements, and each statement defines a set of permissions.

  6. ARNs (Amazon Resource Names): Amazon Resource Names are unique identifiers assigned to AWS resources. They are used in IAM policies to specify the resources to which the policy applies.

IAM allows you to implement the principle of least privilege, ensuring that users, groups, and roles have only the permissions they need to perform their tasks and nothing more. This enhances security by reducing the potential impact of accidental or malicious actions.

IAM is an integral part of AWS security and is used to control access to a wide range of AWS services, including EC2 instances, S3 buckets, RDS databases, and more. It plays a crucial role in securing your AWS environment and is a fundamental aspect of best practices in AWS account management and security.

Day 40: Automation in EC2

Automation in Amazon Elastic Compute Cloud (EC2) can be achieved using various AWS services and tools. This allows you to streamline the management of your EC2 instances, automate routine tasks, and scale resources efficiently. Here are some key aspects of automation in EC2:

  1. AWS Management Console:

    • While not fully automated, the AWS Management Console provides a graphical interface where you can manually create, manage, and monitor EC2 instances.

  2. AWS Command Line Interface (CLI):

    • The AWS CLI allows you to interact with AWS services, including EC2, through the command line. You can automate tasks by creating scripts or using commands to launch, stop, terminate, or modify EC2 instances.

  3. AWS SDKs (Software Development Kits):

    • AWS provides SDKs for various programming languages (e.g., Python, Java, JavaScript, .NET) to interact with AWS services programmatically. This allows you to build custom applications or scripts for automating EC2-related tasks.

  4. AWS CloudFormation:

    • CloudFormation is an Infrastructure as Code (IaC) service that allows you to define and provision AWS infrastructure using templates. You can use CloudFormation to create, update, or delete EC2 instances along with other resources in a reproducible and automated manner.

  5. AWS Elastic Beanstalk:

    • If you're deploying applications, AWS Elastic Beanstalk provides a fully managed service for deploying and scaling web applications. It abstracts away the underlying infrastructure details and allows you to focus on your application code.

  6. Auto Scaling:

    • Auto Scaling allows you to automatically adjust the number of EC2 instances in a group based on demand or a predefined schedule. This ensures that you have the right amount of compute capacity to handle varying workloads.

  7. AWS Systems Manager:

    • Systems Manager provides a set of tools for configuring and managing EC2 instances at scale. It includes features like Run Command, Automation, and State Manager, allowing you to automate operational tasks such as patching, software installation, and configuration management.

  8. AWS Lambda:

    • AWS Lambda enables serverless computing, allowing you to run code in response to events without provisioning or managing servers. You can use Lambda to automate tasks related to EC2, such as starting or stopping instances based on specific triggers.

  9. AWS Step Functions:

    • Step Functions lets you coordinate multiple AWS services into serverless workflows. You can use Step Functions to automate multi-step tasks involving EC2 instances and other AWS resources.

By leveraging these automation tools and services, you can enhance the efficiency, reliability, and scalability of your EC2-based infrastructure while reducing manual intervention and potential errors. The choice of the appropriate tool depends on your specific use case and requirements.

Day 41:Load Balancer with AWS EC2 🚀

Load Balancing Like a Boss with AWS EC2 and ALB | AWS in Plain English

What is Load Balancing?

Load balancing is a technique used in computing and networking to distribute incoming network traffic or workload across multiple servers or resources. The primary purpose of load balancing is to ensure that no single server or resource is overwhelmed with too much traffic or work, thus improving the overall performance, availability, and reliability of a system. Load balancing is commonly used in various scenarios, including web servers, application servers, and databases.

Here are the key aspects of load balancing:

  1. Distribution of Workload:

    • Load balancers distribute incoming requests or tasks among a group of servers or resources. This distribution helps prevent any single server from becoming a bottleneck, ensuring that the overall system can handle a larger volume of requests or tasks.

  2. Improved Performance:

    • By distributing the workload, load balancing helps optimize resource utilization and reduces response time. Users accessing a service experience faster response times because their requests are spread across multiple servers, allowing the system to handle more concurrent users.

  3. High Availability:

    • Load balancers contribute to the high availability of a system by ensuring that if one server fails or becomes unavailable, other servers in the pool can continue to handle requests. This minimizes downtime and enhances the reliability of the overall system.

  4. Scalability:

    • Load balancing facilitates scalability by allowing organizations to add or remove servers dynamically based on demand. As traffic increases, new servers can be added to the pool, and as demand decreases, servers can be taken out of service. This adaptive approach ensures efficient resource utilization.

  5. Types of Load Balancers:

    • Hardware Load Balancers: These are dedicated physical devices designed specifically for load balancing. They often provide advanced features and are suitable for handling a large number of simultaneous connections.

    • Software Load Balancers: These are software-based solutions that can run on general-purpose servers or virtual machines. Software load balancers are more flexible and can be deployed in various environments.

    • Cloud Load Balancers: Many cloud service providers, including AWS, Azure, and Google Cloud, offer load balancing services that are fully managed and integrated with their cloud platforms.

  6. Load Balancing Algorithms:

    • Load balancers use various algorithms to determine how to distribute incoming requests. Common algorithms include Round Robin, Least Connections, and Weighted Round Robin. The choice of algorithm depends on factors like the type of application and the desired distribution strategy.

Load balancing is a critical component in designing scalable and highly available systems. It is widely used in web applications, online services, and other distributed computing environments to ensure optimal performance and reliability.

Elastic Load Balancing:

LoadBalancer

Elastic Load Balancing (ELB) is an AWS service that automatically distributes incoming application or network traffic across multiple Amazon EC2 instances. ELB plays a crucial role in achieving fault tolerance, high availability, and scalability for applications hosted in the AWS cloud. It is designed to handle varying levels of traffic and automatically adjusts to changes in demand.

Key features and components of Elastic Load Balancing:

  1. Load Balancer Types:

    • Application Load Balancer (ALB): Operates at the application layer (Layer 7) and is best suited for distributing HTTP and HTTPS traffic. It supports advanced routing features, including content-based routing and host-based routing.

    • Network Load Balancer (NLB): Operates at the transport layer (Layer 4) and is suitable for handling TCP, UDP, and TLS traffic. NLB is designed to handle high-performance, low-latency scenarios.

    • Gateway Load Balancer (GLB): Used for distributing traffic across multiple virtual appliances. GLB is designed for deployment in scenarios where you need to inspect, filter, or transform traffic at the application layer.

  2. Automatic Scaling:

    • ELB can automatically scale its capacity to handle varying levels of traffic. This means that as the demand for your application increases, ELB can add or remove instances to ensure optimal performance.

  3. Health Checks:

    • ELB regularly performs health checks on the registered instances to ensure that traffic is only directed to healthy instances. If an instance fails a health check, ELB stops sending traffic to that instance until it passes the health check again.

  4. Security:

    • ELB supports secure connections through SSL termination and provides integration with AWS Certificate Manager (ACM) for managing SSL/TLS certificates. It also integrates with AWS WAF (Web Application Firewall) to enhance the security of your applications.

Day 42:IAM Programmatic access and AWS CLI 🚀 ☁

Day 42 - IAM Programmatic access and AWS CLI 🚀 ☁

IAM Programmatic Access:

IAM programmatic access involves interacting with AWS services using APIs, SDKs, or the AWS CLI. This is distinct from using the AWS Management Console, which provides a graphical interface for managing AWS resources.

Key concepts for IAM programmatic access:

  1. Access Key ID and Secret Access Key:

    • IAM users need access keys to make programmatic requests to AWS. An access key consists of an Access Key ID and a Secret Access Key. These keys should be kept secure, and the Secret Access Key should not be shared.

  2. IAM Policies:

    • IAM policies define permissions for IAM users, groups, or roles. Policies are written in JSON and specify what actions are allowed or denied on which AWS resources.

  3. IAM Roles:

    • IAM roles are similar to users but are intended for temporary use. Roles are often assumed by entities like EC2 instances, Lambda functions, or even other AWS accounts.

AWS CLI:

The AWS CLI is a powerful command-line tool that allows you to interact with AWS services directly from your terminal. Here are some basic commands to get started:

  1. Installation:

    • Make sure the AWS CLI is installed on your machine. You can download and install it from the official AWS CLI website.

  2. Configuration:

    • Run aws configure to set up your AWS CLI with your Access Key ID, Secret Access Key, default region, and output format.

  3. Basic Commands:

    • aws s3 ls: List S3 buckets.

    • aws ec2 describe-instances: Describe EC2 instances.

    • aws iam list-users: List IAM users.

    • aws lambda list-functions: List Lambda functions.

  4. Using Profiles:

    • You can use profiles to manage multiple sets of AWS CLI configuration settings. Use the --profile option with commands to specify a profile.

  5. IAM Role Assumption:

    • You can use the aws sts assume-role command to assume an IAM role and obtain temporary security credentials.

  6. Querying and Filtering:

    • The --query option allows you to filter and format the output of commands.
# Example: List EC2 instances with specific output fields
aws ec2 describe-instances --query 'Reservations[].Instances[].{ID:InstanceId,State:State.Name,Type:InstanceType}'

Keep exploring and experimenting with IAM policies, roles, and AWS CLI commands. Understanding how to manage access and automate tasks using programmatic access is a valuable skill in AWS cloud environments.

Day 43: S3 Programmatic access with AWS-CLI 💻 📁

Day 43 - S3 Programmatic access with AWS-CLI 💻 📁

S3 is a scalable object storage service provided by AWS, and it is commonly used for storing and retrieving any amount of data over the internet. Here's a more detailed overview of Amazon S3:

Amazon S3 Overview:

  1. Object Storage:

    • Amazon S3 is designed as an object storage service, which means it stores data in the form of objects. Each object consists of data, a key (unique within a bucket), and metadata.

  2. Buckets:

    • In S3, data is stored in containers called "buckets." A bucket is like a top-level folder or directory for organizing objects. Bucket names must be globally unique across all of AWS.

  3. Objects:

    • Objects are the basic storage entities in S3. They can be anything from a text file to a binary executable. Each object has a unique key within a bucket.

  4. Durability and Availability:

    • Amazon S3 provides high durability by automatically replicating data across multiple servers and facilities within a region. It also ensures high availability, making data accessible even if a server or facility goes offline.

  5. Data Lifecycle Management:

    • S3 allows you to define lifecycle policies to automatically transition objects between storage classes or delete them after a specified period. This helps optimize costs based on data access patterns.

  6. Storage Classes:

    • S3 offers different storage classes to meet various performance and cost requirements, including Standard, Intelligent-Tiering, Standard-IA (Infrequent Access), One Zone-IA, Glacier, and Glacier Deep Archive.

  7. Security and Access Control:

    • Access to S3 buckets and objects is controlled using bucket policies, access control lists (ACLs), and IAM policies. You can make buckets public or private and use signed URLs or pre-signed URLs for temporary access.

  8. Versioning:

    • S3 supports versioning, allowing you to preserve, retrieve, and restore every version of every object stored in a bucket. This feature is useful for data protection and recovery.

  9. Server Access Logging:

    • You can enable server access logging to track requests made to your S3 bucket. This provides valuable insights for auditing and troubleshooting.

  10. Event Notifications:

  • S3 supports event notifications, allowing you to trigger AWS Lambda functions, SQS queues, or SNS topics in response to events like object creation, deletion, etc.

  1. Transfer Acceleration:

    • Amazon S3 Transfer Acceleration allows you to accelerate uploading and downloading of objects to and from S3 using the Amazon CloudFront globally distributed edge locations.

Amazon S3 is widely used for various purposes, including static website hosting, backup and archiving, data storage for applications, and serving as a reliable and scalable storage solution for big data analytics.

S3 Programmatic Access with AWS CLI:

  1. Listing Buckets:

    • To list all S3 buckets in your account, use the following command:
    aws s3 ls

  1. Creating a Bucket:

    • To create an S3 bucket, you can use the mb (make bucket) command:
    aws s3 mb s3://your-unique-bucket-name

  1. Uploading a File to S3:

    • To upload a file to an S3 bucket, use the cp (copy) command:
    aws s3 cp your-local-file.txt s3://your-unique-bucket-name/

  1. Downloading a File from S3:

    • To download a file from an S3 bucket to your local machine:
    aws s3 cp s3://your-unique-bucket-name/your-s3-file.txt your-local-directory/

  1. Listing Objects in a Bucket:

    • To list objects (files) in an S3 bucket:
    aws s3 ls s3://your-unique-bucket-name/

  1. Copying Objects between Buckets:

    • To copy an object from one S3 bucket to another:
    aws s3 cp s3://source-bucket/source-file.txt s3://destination-bucket/

  1. Deleting Objects:

    • To delete an object from an S3 bucket:
    aws s3 rm s3://your-unique-bucket-name/your-s3-file.txt

  1. Syncing Local Directory with S3 Bucket:

    • To synchronize a local directory with an S3 bucket:
    aws s3 sync your-local-directory/ s3://your-unique-bucket-name/

  1. Presigned URLs:

    • Generate a presigned URL for temporary access to a private object:
    aws s3 presign s3://your-unique-bucket-name/your-private-file.txt

These are just some basic commands to get you started. The AWS CLI provides a rich set of commands for managing S3 buckets and objects. As you progress, you might explore advanced features like versioning, bucket policies, and access control settings.

AWSS3ec2IAMDevopsTrainWithShubhamcli