Benefits of Cloud Computing

About AWS, Why AWS

AWS Management Console Introduction

Launching First EC2 Instance (Virtual Machine) (Elastic Compute Cloud)
How to take remote of that Instance using various methods?
Linux Operating System (Amazon Linux similar to RHEL)
4 Sessions to complete Linux OS

Virtualization
Virtual Machine
Containerization
Container Vs Virtual Machine
AWS Journey
AWS Global Infrastructure (Regions, AZs, Edge Locations, Local & Wavelength Zone)
AWS List of Services

Launching First EC2 Instance (Virtual Machine) (Elastic Compute Cloud)

for Introduction

Launching First Virtual Machine in AWS

Methods to Connect EC2 Instance
1 Core = 2 vCPU AMI ( Amazon Machine Image)
Image of an Operating System
2 1
Configuration EBS Volume (Block Storage)
of the Instance:
3 Elastic Block Store up to 30 GB EBS Vol is Free
Instance Type
10 Instance x 75 Hrs User
vCPU + RAM+ 4
network Capabilities
t2.micro 5
External Firewall
750 Hr/mo 1vCPU+
1GB RAM
EC2 Instance Security Group
Internet
Private Key
3 of Instance
Windows Power Shell from Host OS: Windows 10/11
1 AWS
Connect
5
2
puTTy
CloudShell putty does support .ppk private key
putty does not support .pem key
You have to convert .pem key into .ppk format
puttygen application for this conversion.
4
EC2 (In Free Tier A/C)
MobaxTerm
puTTyGen
750 Hrs/mo Free of cost Barclayskey.pem Barclayskey.ppk
using t2.micro instance
EBS Volume Size<=30GB

If the Key is lost

AMI
Public Key AWS Machine Image

Private Key Download Instance

Running
Why AWS?

more than 200 fully featured services

total major or minor services > 1500
AWS is agile.
AWS Global Cloud Infrastructure
Region (geolocation) =30 Live Regions
> 96 Availability zones => group of data centers
> 410 Edge locations
Direct connect

AWS Free Tier Account

Performance Intel-​Xeon (Servers) EC2

Deployment Speed

Security DDoS

Server

Hypervisors

Type-1 Hypervisor: it directly installed on bare metal/Physical server

we are using Type-1 Hypervisors in Data Centers
Examples: VMWare vSphere ESXi, Citrix XEN etc.

Type-2 Hypervisor : Used on Laptops/Desktops for Dev and Test Environment

Examples: Oracle Virtual Box, VMWare Workstation etc.
 AWS CloudShell
AWS CloudShell is a browser-​based, pre-​authenticated shell that you can launch directly from the AWS
Management Console. You can run AWS CLI commands against AWS services using your preferred shell,
such as Bash, PowerShell, or Z shell. And, you can do this without needing to download or install
command line tools.

Purpose or example of CloudShell

used for AWS CLI

used to take remote of Linux instances (Servers)
used as AWS CDK AWS Cloud Development Kit

AWS CloudShell is a web-​based shell service provided by Amazon Web Services (AWS). It allows users to
access an environment with the AWS Management Console, the AWS command-​line interface (CLI), and
other tools pre-​installed and configured. Users can access the shell using a web browser and do not
need to set up or maintain any infrastructure. CloudShell also includes a persistent storage volume that
users can use to store files and scripts. It's a way to easily manage and access AWS resources without
having to set up and maintain a separate environment.

What you are going to get free in AWS Free Tier Account?

AWS Free Tier offers a variety of free services and resources that users can use to learn and
test AWS services. Some of the services and resources that are included in the free tier are:

1. Amazon Elastic Compute Cloud (EC2): Users can launch a free t2.micro instance for 750
hours per month.
2. Amazon Simple Storage Service (S3): Users can store 5 GB of data in S3 and transfer up
to 15 GB of data out of S3 each month.
3. Amazon DynamoDB: Users can store up to 25 GB of data and perform up to 25 write
capacity units and 25 read capacity units of DynamoDB per month.
4. Amazon Relational Database Service (RDS): Users can launch a free db.t2.micro DB
instance for 750 hours per month.
5. Amazon Elastic Container Service (ECS): Users can run 1 Fargate task and 1,000 ECS
container instances per month.
6. AWS Lambda: Users can run 1 million free requests per month and 400,000 GB-​
seconds of compute time per month.
7. Amazon CloudFront: Users can transfer 50 GB of data out and 2 million HTTP and
HTTPS requests per month.
8. Amazon Elastic Block Store (EBS): Users can use 30 GB of EBS storage, 2 million I/Os,
and 1 GB of snapshot storage for free.

These are some of the most popular services, and there are many more services that are
available as part of the free tier. It's always worth checking the AWS Free Tier page to see
the most up-​to-​date information on what services and resources are available for free.
 Why to choose AWS Cloud Platform?
There are several reasons why organizations choose to use the Amazon Web Services (AWS)
cloud platform:

1. Scalability: AWS allows organizations to scale their resources up or down as needed,

which can save costs and ensure that resources are always available when needed.
2. Global availability: AWS has a global network of data centers and edge locations, which
allows organizations to run their applications and services from multiple regions for
high availability and low latency.
3. Wide range of services: AWS offers a wide range of services, from compute and storage
to databases and analytics, which allows organizations to easily build, deploy, and run
their applications and services.
4. Security: AWS provides a variety of security services and features, such as security
groups, encryption, and identity and access management, to help organizations secure
their resources and data.
5. Cost-​effectiveness: AWS offers a pay-​as-​you-​go pricing model, which can help
organizations reduce costs by only paying for the resources they use. Additionally, the
free tier also allows developers to test and deploy their projects with no charges at all.
6. Integration: AWS integrates with various other services and tools, which allows
organizations to easily integrate their existing systems and workflows with the cloud.
7. Innovation: AWS is constantly introducing new services and features, which allows
organizations to take advantage of the latest technologies and capabilities to innovate
and improve their business.
8. Support: AWS provides a variety of support options, from documentation and
community resources to professional services and technical support, which can help
organizations quickly resolve any issues they may encounter.

Overall, AWS offers a comprehensive, secure, reliable and cost-​effective cloud platform that
can help organizations of all sizes and industries to run their applications and services.
 Virtualization
Virtualization is a technology to create virtual machine.

Physical Server

Application Performance

CPU= 70-90% CPU is wasted

RAM= 40-60% RAM is wasted

OS: Linux/Windows Server

Configuration
Bare Metal Server/Physical Server
24 vCPU +
128 GB RAM
Application
Virtualization

OS:Linux OS:Win OS:Linux OS:Win 4 vCPU+8GB RAM

Configuration of VM
2 vCPU+4GB RAM
VM VM VM VM

Configuration
24 vCPU + Type-1 Hypervisor: ESXi or XEN

128 GB RAM
Bare Metal Server/Physical Server

Hypervisors

Type-1 Hypervisor: it directly installed on bare metal/Physical server

we are using Type-1 Hypervisors in Data Centers
Examples: VMWare vSphere ESXi, Citrix XEN etc.
In AWS, AWS uses Nitro Hypervisors in AWS Data Centers

Type-2 Hypervisor : Used on Laptops/Desktops for Dev and Test Environment

Examples: Oracle Virtual Box, VMWare Workstation etc.

Guest OS OS

VM

Type-2 Hypervisor
Windows 11
Laptop
 Data Center Virtualization

P S

OS:Linux OS:Linux
OS:Linux OS:Win OS:Win OS:Linux OS:Win OS:Linux OS:Win

VM VM
VM VM VM VM VM VM VM

Type-1 Hypervisor: ESXi or XEN Type-1 Hypervisor: ESXi or XEN Type-1 Hypervisor: ESXi or XEN

Bare Metal Server/Physical Server Bare Metal Server/Physical Server Bare Metal Server/Physical Server

Cluster

Data Center Features

Network Switch/Layer 2 S/W
Resource Load Balancing
High Availability
SAN/iSCSI Storage
Fault Tolerance

DRS (Distributed Resource

Scheduling)

Data Center Management Server

Containerization
Containerization is a technology to create & manage Containers
Containers are light weight virtual machines

Challenges of Virtualization or Virtual Machines

Every machine needs a separate OS
Every machine needs a sufficient amount of compute resources
These VMs are expensive model if you are going to launch
microservices

Containers for microservices

 Container Contains OS+Applications+All Dependencies to run Application
RHEL Ubuntu CentOS Suse
Resource: 0.5 vCPU
+ 512 MB RAM

Docker Container Engine

Kernel of OS
Linux OS

Bare Metal/Physical Server

Kernel is a Core part of Operating System

In AWS to create Virtual Machines (Instances) we use EC2 (Elastic Compute Cloud) Service.

in AWS to create Containers we use ECS (Elastic Container Service) Service

Questions:
In what use cases we should use Virtual Machines (Instances).
In What use cases we should use Containers.

Virtual machines (VMs) are often used in the following scenarios:

1. Legacy applications: VMs can be used to run legacy applications that are not compatible
with newer operating systems or hardware.
2. Isolation: VMs provide a high level of isolation between the host and guest operating
systems, making them ideal for running multiple applications with different security
requirements on the same physical hardware.
3. Testing and development: VMs can be used to create a test environment that closely
mimics a production environment, making it easier to find and fix issues before
deployment.
4. Resource-​intensive applications: VMs can be used to run resource-​intensive
applications, such as databases, that require a dedicated amount of resources.
5. Compliance: VMs are helpful to comply with regulations that require specific software
configurations and versions to be used.
6. Cloud computing: VMs are often used as a means of providing cloud-​based
infrastructure-​as-​a-​service (IaaS) and platform-​as-​a-​service (PaaS) offerings.
Containers are often used in the following scenarios:

1. Microservices: Containers are well-​suited for microservices-​based architectures, which

involve breaking down a monolithic application into smaller, independent services.
Containers can be used to package and deploy each service separately.
2. Cloud-​native applications: Containers are designed to be lightweight and portable,
making them well-​suited for cloud-​native applications that need to be deployed across
multiple environments.
3. Continuous integration and delivery: Containers can be used to package applications,
making it easy to test, deploy, and scale them across different environments.
4. Resource efficiency: Containers use fewer resources than VMs because they don't
require a separate operating system for each instance.
5. Scalability: Containers can be easily scaled up or down as needed, making them well-​
suited for applications that experience fluctuating traffic.
6. DevOps: Containers enable developers to work closely with operations teams, by
providing a consistent and predictable runtime environment, making it easier to test,
deploy and scale applications.
7. Hybrid and Multi-​cloud: Containers can be deployed on-​premises, on public clouds, or
in a hybrid environment, making it easy to move applications across different
infrastructure.

Difference between Virtual Machines and Containers

A virtual machine (VM) is a software emulation of a physical computer. It
creates a virtualized environment on a host machine, allowing multiple
VMs to run on the same physical hardware. Each VM has its own operating
system, and runs applications in isolation from other VMs.

A container, on the other hand, is a lightweight, standalone executable

package that includes everything needed to run a piece of software,
including the code, a runtime, system tools, and libraries. Containers share
the host machine's operating system kernel and run directly on top of the
host's kernel.

In summary, VMs provide a full-​fledged and isolated guest operating

system, while containers share the host operating system kernel and
provide operating-​system level virtualization.
 What are SAN and iSCSI storages?
SAN (Storage Area Network) is a specialized, high-​speed network that provides
block-​level access to data storage. SANs are primarily used to make storage
devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to
servers so that the devices appear like locally-​attached devices to the operating
system. SANs are typically composed of hosts, switches, storage elements, and
storage devices that are interconnected using a variety of technologies,
topologies, and protocols such as Fibre Channel, FCoE and iSCSI.

iSCSI (Internet Small Computer Systems Interface) is a protocol that allows SCSI
commands to be transmitted over TCP/IP networks. iSCSI is used to facilitate
data transfers over intranets and to manage storage over long distances. iSCSI
can be used to transmit data over local area networks (LANs), wide area
networks (WANs), or the Internet, and can enable location-​independent data
storage and retrieval.

In summary, SAN is a type of network that provides block-​level access to data

storage, and iSCSI is a protocol that allows SCSI commands to be transmitted
over TCP/IP networks. iSCSI is used to connect servers to the SAN storage over
a standard IP network, enabling to use the existing network infrastructure, and
reducing the complexity and cost of storage networks.

Next Session:

AWS Global Infrastructure

Regions

Availability Zones

Local Zones

Wavelength Zone

Edge Locations

Direct Connect

EC2 (Elastic Compute Cloud) Service

 Regions, Availability Zones,
Edge Location, Direct Connect,
AWS Global Cloud Infrastructure
Local Zones, Wavelength Zones
Region & Availability Zones
Region is an independent and separate geographic location.
Within a Region we have at least 2 or 3 isolated locations called Availability Zones

Availability Zones
Region
Mumbai
ap-​south-1

Region Data Centers

AZ

Mumbai
ap-​south-1 Region

AZ1 AZ2 AZ3

ap-​south-1a ap-​south-1b ap-​south-1c

Data Centers

PoP:
Point of Presence

Edge Location Mini Data Centers Edge locations containing, networking devices such as routers,
switches and also containing number of Servers to cache
memory for CDN (Content Delivery Network). You can find
for connectivity between DCs these edge location in all major cities, around the world for
Edge Location content distribution. More than 400 Edge Locations are there
in AWS Global Infrastructure.
usedsomething
Type for CDN (content distribution)
AWS Elasticache (CDN Service)
Local Zone
Local Zones are creating near to large populations, or IT & Industrial Hub.

Region: N.Virginia

Chicago

Atlanta

Houston Dallas

Miami

Wavelength Zone
AWS Wavelength is an infrastructure offering optimized for mobile edge computing applications.
This is basically meant for 5G mobile technology.
Wavelength Zone are AWS Infrastructure deployments that embed AWS Compute and
Storage Services within telecommunication provider's center at the edge to the 5G Network.

Direct Connect

It provides connectivity between physical data center with AWS Cloud

Hybrid Cloud

AWS: Public Cloud

Private Cloud

AWS
upto 100 GBPS

Direct Connect
Co's Data Center

AWS Direct Connect makes it easy to establish a dedicated network connection from your
premises to AWS. Using AWS Direct Connect, you can establish private connectivity between
AWS and your datacenter, office, or colocation environment.

AWS EC2 (Elastic Compute Cloud)

EC2 is a compute service
You can Create and Manage Virtual Machines (EC2 Instances)
AMI (Amazon Machine Image)
Instance Types
EBS Volume (Elastic Block Store) IAM & AWS CLI
Security Group
Identity and Access Management
EIP (Elastic IP)
Users
Key Pairs
Roles
Snapshot
Policies
Bootstrapping
AWS CLI
Bastion Host
 EC2 (Elastic Compute Cloud)
AMI (Amazon Machine Image)
Template of OS, Image of OS
It contains OS + Configuration of OS + Applications + User Data
Quick Start: Most frequently used AMIs of various OS
My AMI: Your created AMIs
AWS Marketplace: Vendor's AMI (Readymade AMI)

LAB
Region: Mumbai
Region:N.Virginia
Customize the Instance
1 Configure Instance &
4
Application 2 3
NEW AMI
copy
1 2
EC2 AMI EC2 AMI EC2 AMI
EC2 Instance

Sharing AMI Privately Sharing AMI Publicly

N.Virginia

5 Sharing AMI Publicly 6

over the Internet
In order to access, this shared AMI
you need AMI ID to access.
EC2 AMI EC2 AMI

Command to create as an Apache Server in Linux

#sudo su -
#yum install httpd -​y
#systemctl start httpd
EC2 AMI
#systemctl enable httpd
#cd /var/www/html
#echo "This is my Apache Server" > index.html

Mumbai

Contains: Meta Data

Deregistering AMI
of AMI
EC2 AMI

Process to delete AMI EC2 AMI

1. Deregister the AMI from Action Option
2. Delete the related Snapshot from that Region S3
using Action button and delete it. Simple Storage Service
Snapshot Object Level Storage
Instance Purchase Options

On-​Demand

With On-​Demand Instances, you pay for compute capacity by the second with no long-​term
commitments. You have full control over its lifecycle—​you decide when to launch, stop,
hibernate, start, reboot, or terminate it.
There is no long-​term commitment required when you purchase On-​Demand Instances.

Reserved Instances

Reserved Instances provide you with significant savings on your Amazon EC2 costs compared to
On-​Demand Instance pricing. Reserved Instances are not physical instances, but rather a billing
discount applied to the use of On-​Demand Instances in your account. These On-​Demand Instances
must match certain attributes, such as instance type and Region, in order to benefit from the billing
discount.

Spot Instances

Spot Instances are spare EC2 capacity that can save you up to 90% off of On-​Demand prices
that AWS can interrupt with a 2-​minute notification. Spot uses the same underlying EC2
instances as On-​Demand and Reserved Instances, and is best suited for fault-​tolerant,
flexible workloads. Spot Instances provide an additional option for obtaining compute
capacity and can be used along with On-​Demand and Reserved Instances.

Dedicated Hosts

An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to
your use. Dedicated Hosts allow you to use your existing per-​socket, per-​core, or per-​VM software
licenses, including Windows Server, Microsoft SQL Server, SUSE, and Linux Enterprise Server.

VM
Hypervisors Used by AWS
Citrix XEN Hypervisor, hypervisor
AWS Created Hypervisor: Nitro
Host

The AWS Nitro System is the underlying platform for our next generation of EC2 instances that
enables AWS to innovate faster, further reduce cost for our customers, and deliver added benefits
like increased security and new instance types.

Instance Type: Configuration of EC2 Instance that you will launch

for example: Instance type contains: vCPUs, RAM, EBS Volumes, Network Configuration.
Instance Type

Instance Type provides configuration to EC2 instance such as t2.micro

where we have 1 vCPU and 1 GB RAM

General Purpose:
General purpose instances provide a balance of compute, memory and networking
resources, and can be used for a variety of diverse workloads.

Elastic IP Address (EIP)

EIP is a Fixed or static public IPv4 address
Chargeable but in AWS Free Tier A/c One EIP is Free
Max 5 EIPs can be allocated to your AWS Account Region
EIPs are needed for DNS (Domain Name System) reverse entry or EIP is required
for NAT(Network address translation) Gateway
EIPs are also needed for Global Accelerators
if you need fixed or non changeable IP address in that case EIP will be used.
By default VMs (instances) will have dynamic public IP address

To provide public Static IP (EIP) is a two step process.

1. Allocate an EIP to your AWS Account
2. Associate the EIP with your EC2 Instance or Global Accelerator or NAT G/W

Dynamic IP
44.202.148.39

EIP $0.005 per hour

35.168.201.105

Procedure/steps to dissassociate the EIP from the Instance

1. Dissassociate the EIP from the Instance
2. Release the EIP from you AWS Account.
 EBS (Elastic Block Store)

Block Storage

3 IOPs/GB up to 50 IOPs/GB

IOPs = Input Output Operations per Sec Gp2/gp3 100 GB 300 IOPs
600 GB 1800 IOPs
io1/io2 2000 GB 6000 IOPs

EC2 Instance
1000 Clients Approx.
Vol <=30GB

Vol <=30GB

in AWS Free Tier up to 30 GB

is Free in gp2 SSD Volumes.

LAB: How to create EBS Volume, and Connect & Configure Volume with EC2 Instance(Linux).

Region: Availability Zone

EC2 Instance
Root Volume
 IOPS Input/Output Operations/Second on IO1 or IO2, you can take
upto 50 IOPs per GB Volume

io1/io2 100 GB 1000 IOPs

100 GB 5000 IOPs

In General Purpose EBS Volume

3 IOPs/GB

100 GB 300 IOPs

1500 GB 4500 IOPs

Multi-​Attach Volume

Pre-​requisite for Multi-​Attach Volume

Instance Type: All instances must be Nitro Based Instances
The following virtualized instances are built on the Nitro System:
1. General purpose: M5, M5a, M5ad, M5d, M5dn, M5n, M5zn, M6a, M6g, M6gd, M6i, M6id, T3, T3a, T4g
2. Compute optimized: C5, C5a, C5ad, C5d, C5n, C6a, C6g, C6gd, C6gn, C6i, C6id , Hpc6a
3. Memory optimized: R5, R5a, R5ad, R5b, R5d, R5dn, R5n, R6a, R6g,R6gd, R6i,
R6id, u-3tb1.56xlarge, u-6tb1.56xlarge, u-6tb1.112xlarge, u-9tb1.112xlarge, u-12tb1.112xlarge, X2gd, X2idn, X2iedn,
X2iezn, z1d
4. Storage optimized: D3, D3en, I3en, I4i , Im4gn , Is4gen
5. Accelerated computing: DL1, G4, G4ad, G5, G5g, Inf1, p3dn.24xlarge, P4 , VT1

All Instances and EBS (io1/io2) volumes must be in the same Availability Zone in a Region

Availability Zone

io1/io2
Multi-​Attach Volume

LAB1: Attach an EBS Volume with one Instance (Attach & detach)

LAB2: Multi-​Attach Volume

LAB3: How to transfer data from One Region to another Region using EBS
 LAB1: Attach an EBS Volume with one Instance (Attach & detach)

Availability Zone

Root Volume(Operating System)

/dev/xvdf EFS

xfs

/dev/xvdf1
Additional Volume EBS Multi-​Attach Vol
Linux

​ fdisk /dev/xvdf
1
2 lsblk
New Volume 3 mkfs.xfs /dev/xvdf1
4 clear
Create a Partition within that volume 5 mkdir /mnt/dd1
6 ll
Format the Partition (Providing File System for the Partition) 7 mount /dev/xvdf1 /mnt/dd1
8 df -​h
Mount the Partition on root tree structure of Linux
LAB2: Multi-​Attach Volume
Nitro Instances

Availability Zone

Linux

c5.xlarge c5.xlarge

io1/io2

How to resize the volume?

 Elastic IP Address (EIP)
EIP is a Fixed or static public IPv4 address
Chargeable but in AWS Free Tier A/c One EIP is Free
Max 5 EIPs can be allocated to your AWS Account Region
EIPs are needed for DNS (Domain Name System) reverse entry or EIP is required
for NAT(Network address translation) Gateway
EIPs are also needed for Global Accelerators
if you need fixed or non changeable IP address in that case EIP will be used.
By default VMs (instances) will have dynamic public IP address

To provide public Static IP (EIP) is a two step process.

1. Allocate an EIP to your AWS Account
2. Associate the EIP with your EC2 Instance or Global Accelerator or NAT G/W

Dynamic IP
44.202.148.39

EIP
35.168.201.105

Procedure/steps to dissassociate the EIP from the Instance

1. Dissassociate the EIP from the Instance
2. Release the EIP from you AWS Account.
BootStrapping

It is a method to configure instance at launch time using script (Shell for Linux/
Power Shell for Windows)

Example: Lets say you need to launch a Web Server, and you need to configure the
web server during the launch time, we will use a Shell Script to configure the Instance
at launch time.

Script
#!/bin/bash
sudo su -
yum install httpd -​y
systemctl start httpd
systemctl enable httpd
cd /var/www/html
echo "This is my bootstrap Web Server 2023" > index.html

EC2 Key Pair

Public Key Cryptography

Public Key
Public key is used to encrypt the information
Public Key belongs to AWS

Private Key
Private key is used to decrypt the information
you download the Private Key

AWS generated key uses 2048 bit and SSH-2 RSA algorithm
You AWS Account can have up to 5000 key pairs per Region

EIP EIP

Amazon EC2 AMI

Server is running

Database Server
Snapshot
Snapshot is a backup and recovery method for EBS volume
The snapshot is a point in time backup of an EBS Volume
EBS Snapshots are incremental and cost effective solution
if multiple backups are taken of a volume, they are incremental

EBS Volume

10GB 10 GB First Time

EBS Snapshot

4 GB 10
10:00AM Second Snapshot
6 GB 6 GB

EBS Snapshot

Snapshots are stored in S3 storage space

Availability Zones

10 GB EBS Snapshot

EBS Snapshot
EBS Snapshot

EBS Snapshot

Region-​A Snapshot is a Region Specific

root/boot volume (contains OS)

Amazon EC2 AMI

EBS Snapshot
Amazon EC2 AMI

Data Volume Restored EBS Volume

EBS Snapshot

Copy
Region-​B

Attach
ed
Restored EBS Volume
d
are

EBS Snapshot
Sh
cly

Priv
bli

ate
ly S
Pu

har
ed

Note:
EBS Snapshot EBS Snapshot
Snapshots can be shared privately or publicly
LAB: Assignment
N.Virginia
1 root volume
3
2

Data Volume EBS Snapshot

Ohio
4
5

EBS Snapshot

Charges: Snapshots are stored in S3 Storage Space

S3 is a Global Service
You will get 5 GB space Free of Cost in AWS Free Tier A/C

Bastion Host / Jump Server

VPC

Subnet01 Public Subnet Subnet02 Private Subnet

Bastion Host
1

2
4
User
3
Private Instance

Key of Public
Instance Public Instance
Key of Private Instance

Question:

What are Spot Instances? Write Use case of Spot Instances

Security Group: External Firewall to be attached with EC2 Instance
Its a bunch of firewall rules
You would write rules in Security Group to allow or restrict traffic
You can connect multiple security groups with one instance.
Max 5 security groups can be connected with one instance
Max 2500 security groups can be created per region/VPC
You find rules written in Security Group are permissive in nature, it means you cannot create rules that deny access.
Security Group are stateful in nature. In stateful, when you send a request from your instance, acknowledgement traffic for
that request is allowed.

Security Group Sections

Inbound: to filter incoming traffic
Max 60 rules can be written in Inbound
It does filter the traffic on the basis of Protocol, Port Number and IP address/NID
By default, in inbound, all traffic is denied, therefor you will write rules to allow traffic

Outbound: to filter outgoing traffic

Max 60 rules can be written in Outbound

It does filter the traffic on the basis of Protocol, Port Number and IP address/NID
By Default, in outbound, all traffic is allowed

Linux
ssh:22
Web Server

RDP:3389
Windows Server
IIS Server

http/https:80/443

Linux
NFS Server (NAS)
NFS:2049

Linux RDS Server

RDS: 3306 (RDBMS)
MySQL Server

Linux
ssh:22
WebServer
RDBMS 80/443 for http and https
NFS 3306 for MySQL
NFS 2049
EFS (Storage)
ELB
AutoScaling
Route53