- IAM is used to manage AWS users and their access to AWS accounts and Services
- Good way to think about groups and roles:
- Groups are logical grouping of users with the same permissions;
- Roles are logical group of AWS Services with the same permission (i.e. Users can be assigned to a group which can have policies, just like AWS services can be assigned to a role which can have policies).
- A security group is a set of firewall rules that control the traffic for your instance. Add rules to allow specific traffic to reach your instance.
- Specify user data to provide commands or a command script to run when you launch your instance.
- All these cmds run with root permissions only not by ec2-user
- Runs only once while creating instance
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html?icmpid=docs_ec2_console
- SSH into ec2 machine
sudo yum update -y
sudo yum install httpd -y
sudo systemctl status htppd
sudo systemctl start httpd
sudo systemctl status httpd
sudo systemctl enable httpd
cd var/www/html
sudo su
echo "<h1>tag Hello welcome to AWS learning</h1>" > index.html
- Now in browser type the public ip address/public DNS and voila , your server is serving now
- https://netflixtechblog.com/tagged/chaos-monkey -- good to read one
- System check:AWS related infrastructure issues
- Instance Check:Issue related to my ec2 application
- Create an Status check alarm in Status Check tab
- Raise an alarm when CPU Utilization is >= 50% constantly for 5 mins
- If the alarm is triggered, take Terminate action on EC2 instance
- Now connect to ec2
- sudo amazon-linux-extras install epel -y
- sudo yum install stress -y
- stress --help -- for help
- stress --cpu 7 ----> applying stress on my ec2 instance
- Just a information about your machine
- Instance metadata is data about your instance that you can use to configure or manage the running instance.
- Instance metadata is divided into categories, for example, host name, events, and security groups.
- We can view/get the metadata only winthin the instance
- ssh into ec2
- curl http://169.254.169.254/latest/meta-data/
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
- An Elastic IP address is a static(it does not change over time) public IPv4 address
- Flow logs can capture IP traffic flow information for the network interfaces associated with your resources. You can create multiple subscriptions to send traffic to different destinations.
- An image (also referred to as an AMI) defines the programs and settings that are applied when you launch an EC2 instance. You can create an image from the configuration of an existing instance.
- Add you can start using your image when creating a instance
- Determines how the instances are placed on the underlying hardware.
- Cluster (low network latency,low availability)
- Rack crashes => All EC2 instances fail
- Partition (multiple partitions with low network latency)
- Spread (avoid simultaneous failures)
- https://aws.amazon.com/ec2/pricing/
- On Demand
- Spot Instances
- Savings plan
- Reserved Instances
- Dedicated Hosts
- Allows communication between your insatnces in your VPC and the internet
- Your default VPC already has an IGW attached
- Internet Gateway is to be attached to VPC to enable communication with internet
- Only 1 IGW can be attached to a VPC at a time
- An IGW cannot dettached from a VPC while there are active aws resources in the VPC(such as ec2 instance or RDS database)
- Route table contains a set of rules called 'Routes' that are used to determine where internet traffic is redirected
- Classless Inter Domain Routing
- 0.0.0.0/0 - means all IP
- Global service
- Store and retrieve any amount of data from anywhere
- Buckets are containers for data stored in S3.
- Storage classes has varying attributes that dictates things like:
- Storage Cost
- Object Availability
- Object Durability
- Frequency of access to the object
- Each object must be assigned to a storage class(standard is default SC)
Links |
---|
AWS Essentials by Linux Academy |
Notes |