I.

Amazon Elastic Compute Cloud (Amazon EC2)

Amazon Elastic Compute Cloud (Amazon EC2) provides secure, resizable compute
capacity in the cloud as Amazon EC2 instances.

- You can provision and launch an Amazon EC2 instance within minutes.
- You can stop using it when you have finished running a workload.
- You pay only for the compute time you use when an instance is running, not
when it is stopped or terminated.
- You can save costs by paying only for server capacity that you need or want

Amazon EC2 instance types:

- General purpose instances

Balanced in compute, memory, and networking. Suitable for:

 Application, gaming, and backend servers

 Small/medium databases

Ideal when resource needs are evenly distributed without requiring optimization in one area.

- Compute optimized instances

Best for compute-heavy tasks needing high-performance CPUs. Use cases:

 High-performance web/app servers

 Dedicated gaming servers

 Batch processing with many transactions

- Memory optimized instances

Designed for workloads needing large data sets in memory. Ideal for:

 High-performance databases

 Real-time processing of large/unstructured data

These provide high-speed access for memory-intensive apps.

- Accelerated computing instances

Use hardware accelerators (coprocessors) for faster processing than CPUs alone. Great for:
  Graphics apps

 Game and app streaming

 Data pattern matching, complex calculations

- Storage optimized instances

Built for high-speed, sequential read/write of large local datasets. Best for:

 Distributed file systems

 Data warehousing

 High-frequency OLTP

They offer high IOPS (input/output operations per second), supporting demanding storage
performance needs.

Amazon EC2 Auto Scaling

Amazon EC2 Auto Scaling automatically adds or removes EC2 instances based on
application demand, helping maintain availability.

It offers two scaling methods:

 Dynamic scaling: Reacts to real-time demand changes.

 Predictive scaling: Schedules instance adjustments based on forecasted demand

When launching an app on Amazon EC2, you can configure an Auto Scaling group with:

Minimum capacity: The least number of EC2 instances always running (e.g., 1).

Desired capacity: The number of instances to launch initially

(e.g., 2). If not set, it defaults to the minimum.

Maximum capacity: The highest number of instances allowed

(e.g., 4), scaling out as demand increases.

You only pay for the instances you use, making it a cost-effective
way to ensure performance and availability
II. Elastic Load Balancing (ELB)
Elastic Load Balancing (ELB) automatically distributes incoming traffic across multiple
resources like Amazon EC2 instances.

The load balancer acts as a single entry point, routing traffic to multiple instances in your
Auto Scaling group. This helps balance the load so no single instance is overwhelmed.

Though ELB and EC2 Auto Scaling are separate services, they work together to maintain
high performance and availability for your application.

Low-Demand Period

Imagine a coffee shop with just a few customers.

Only a few registers (like EC2 instances) are open
—enough to handle the low demand without
wasting resources.

High-Demand Period

As more customers arrive, more registers

open. A staff member (like a load balancer)
directs customers evenly to open registers,
preventing long waits and overloading any
one register.

This illustrates how Elastic Load Balancing

works—distributing traffic across EC2
instances based on demand.
III. Messaging and Queuing
Applications consist of multiple components that work together to transmit data and
handle requests.

-Monolithic architecture, components like databases, servers, UI, and business

logic are tightly connected. If one fails, it can cause other components—or even
the entire app—to fail.
- In a microservices architecture, components are loosely coupled. If one fails,
others keep running, reducing the risk of total application failure.
 On AWS, you can build microservices using services like Amazon SNS and Amazon
SQS, which help integrate and coordinate different components.

Amazon SNS is a publish/subscribe service where publishers send messages to a topic,

and subscribers receive them.

It's like a coffee shop: the cashier (publisher) sends orders to the barista (subscriber).
Subscribers can be web servers, email addresses, AWS Lambda functions, and more.
Amazon SQS is a message queuing service that lets components send, store, and
receive messages reliably—even if other services are temporarily unavailable.

Messages are placed in a queue, processed by a service or user, and then deleted once
handled.

IV. Additional Compute Services

- AWS Lambda

AWS Lambda lets you run code without managing servers. You only pay for the compute
time used, with no charges when code isn’t running.
You can run code for nearly any app or backend task. For example, a Lambda function
can automatically resize images when they’re uploaded to the cloud.

How AWS Lambda works

- Amazon Elastic Container Service (Amazon ECS)

Amazon ECS is a scalable, high-performance container management service for running

and scaling containerized applications on AWS.

It supports Docker containers, allowing you to build, test, and deploy apps efficiently.
With ECS, you can use API calls to start and stop Docker-based applications.

- Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon EKS is a fully managed service for running Kubernetes on AWS.

Kubernetes is open-source software for deploying and managing containerized

applications at scale. Maintained by a large community, it allows you to easily update
your apps as new features are released—EKS keeps your Kubernetes apps current and
manageable.

- AWS Fargate

AWS Fargate is a serverless compute engine for containers that works with ECS and EKS.

With Fargate, there's no need to manage servers—AWS handles the infrastructure. You
focus on building your apps and only pay for the resources your containers use.
 V. Subnets
A section of a VPC (Virtual Private Cloud) in which you
can group resources based on security or operational
needs. Subnets can be public or private.

- Public subnets contain resources that need to

be accessible by the public.
- Private subnets contain resources that should
be accessible only through your private
network.

In a VPC, subnets can communicate with each other.

VI. Network traffic in a VPC

When a customer requests data, this request is sent as a packet. A packet is a unit of
data sent over the internet or a network.

Packets enter into a VPC through an internet gateway. Before a packet can enter or exit
from a subnet, it checks for permissions. Permissions indicate who sent the packet and
how the packet is trying to communicate with the resources.

The component that checks packet permissions is a Network Access Control List (ACL) .

VII. Network ACLs

A network ACL is a virtual firewall that controls inbound and outbound traffic at the
subnet level. Each AWS account includes a default network ACL that allows all traffic by
default, but it can be modified. Custom ACLs deny all traffic until rules are added. All
ACLs include an explicit deny rule for unmatched traffic.

Network ACLs are stateless—they don’t remember past

traffic. Each packet is checked individually for both
inbound and outbound rules. For example, a response to
an EC2 request is evaluated as a new packet.
 Once a packet enters a subnet, access to resources like EC2 instances is controlled by
security groups, which handle instance-level permissions.

VIII. Security groups

A security group is a virtual firewall that controls traffic for an
EC2 instance. By default, it denies all inbound traffic and
allows all outbound traffic. You can add rules to allow specific
traffic; anything else is denied.

Think of it like a door attendant in an apartment: they check a

list before letting guests (packets) in but don't check when they
leave.

Multiple EC2 instances in a VPC can share a security group or

each have their own.

Security groups use stateful packet filtering—they remember past traffic.

For example, if an EC2 instance sends a request to the internet, the security group
automatically allows the response back, even if no inbound rule exists for it.
Both network ACLs and security groups let you create custom traffic rules, but it's
important to understand their differences as you explore AWS networking and security.

IX. Domain Name System (DNS)

Suppose that AnyCompany’s website is hosted on AWS. When customers enter its web
address, DNS resolution translates the domain name into an IP address, allowing access.
DNS acts like the internet’s phone book.

For example:

1. A browser request goes to a customer DNS resolver.

2. The resolver queries the company DNS server for the website’s IP.

3. The server replies with the IP address, 192.0.2.0.

X. Amazon Route 53
Amazon Route 53 is a DNS web service. It provides a reliable way to route end users to
internet applications hosted in AWS.

- Connects user requests to infrastructure running in AWS (such as Amazon EC2

instances and load balancers)
- Route users to infrastructure outside of AWS.
- Manage the DNS records for domain names:
o You can register new domain names directly in Route 53.
o You can also transfer DNS records for existing domain names managed by
other domain registrars, enables you to manage all of your domain names
within a single location.
Example: How Amazon Route 53 and Amazon CloudFront deliver content

Suppose AnyCompany’s application is running on several Amazon EC2 instances. These

instances are in an Auto Scaling group that attaches to an Application Load Balancer.

1. A customer requests data from the application by going to AnyCompany’s

website.
2. Amazon Route 53 uses DNS resolution to identify AnyCompany.com’s
corresponding IP address, 192.0.2.0. This information is sent back to the
customer.
3. The customer’s request is sent to the nearest edge location through Amazon
CloudFront.
 4. Amazon CloudFront connects to the Application Load Balancer, which sends the
incoming packet to an Amazon EC2 instance.

XI. Amazon Elastic Block Store (Amazon EBS)

- Instance stores:

Block-level storage volumes behave like physical hard drives.

An instance store(opens in a new tab) provides temporary block-level storage for an

Amazon EC2 instance. An instance store is disk storage that is physically attached to the
host computer for an EC2 instance, and therefore has the same lifespan as the instance.
When the instance is terminated, you lose any data in the instance store.
 - Amazon Elastic Block Store (Amazon EBS)

Amazon EBS provides block-level storage volumes that can

be used with Amazon EC2 instances. If you stop or
terminate an EC2 instance, data on the attached EBS volume
remains available.

To create one, define the configuration (ex: volume size and

type) and provision it. After that, attach it to an Amazon EC2
instance.

Because EBS volumes are for data that needs to persist, it’s
important to back up the data. You can take incremental
backups of EBS volumes by creating Amazon EBS snapshots.

- Amazon EBS snapshots

An EBS snapshot is an incremental backup. The first snapshot copies all data, but later
snapshots only save changed data blocks since the last one.

This differs from a full backup, which copies all data every time, even unchanged data.

XII. Amazon Simple Storage Service (Amazon S3)

- Object storage
An object consists of data, metadata, and a key.

The data is an image, video, text document, or any other file.

Metadata contains information about

what the data is, how it is used, the
object size, and so on.

The key is the object’s unique identifier.

When update a file in block storage, only the changes are updated.

When update a file in object storage, the entire object is updated.

- Amazon Simple Storage Service (Amazon S3)

Amazon Simple Storage Service (Amazon S3) provides object-level storage. Objects are
stored in buckets.

Any files can be uploaded to Amazon S3, like images, videos, text files, …. Amazon S3
offers unlimited storage space. The maximum size for an object is 5 TB.

A file can have permissions to control visibility and access to it. Amazon S3 versioning
feature can also be used to track changes to objects over time.

- Amazon S3 Storage Classes

Amazon S3 offers various storage classes to meet different access and cost needs.
Selection depends on how often data is accessed and the required availability.

S3 Standard

 For frequently accessed data

 Stores data across at least 3 Availability Zones

 High availability; suitable for websites, content delivery, and analytics

 Higher cost compared to archival options

S3 Standard-Infrequent Access (S3 Standard-IA)

 For infrequently accessed data with high availability

 Also stored across 3 Availability Zones

 Lower storage cost, higher retrieval cost than S3 Standard

S3 One Zone-Infrequent Access (S3 One Zone-IA)

 Stores data in a single Availability Zone

 Lower cost than Standard-IA

 Suitable if data is easily reproducible in case of failure

S3 Intelligent-Tiering

 Ideal for data with unpredictable access patterns

 Automatically moves data between frequent and infrequent tiers based on usage

 Includes a small monthly monitoring fee

S3 Glacier Instant Retrieval

 For archived data requiring fast access

 Retrieves objects in milliseconds

 Same performance as S3 Standard but at lower cost

S3 Glacier Flexible Retrieval

 Cost-effective for archival data

 Retrieval time: 1 minute to 12 hours

 Suitable for older, rarely accessed content

S3 Glacier Deep Archive

 Lowest-cost storage class

 Retrieval time: 12 to 48 hours

 Best for long-term storage and digital preservation

 Data stored across at least 3 geographically separate zones

 S3 Outposts

 Enables S3 buckets on AWS Outposts (on-premises)

 Keeps data close to local apps for performance or residency needs

 Provides durable, redundant storage on-site

XIII. Amazon Elastic File System (Amazon EFS)

- File Storage Overview

File storage allows multiple clients (users, apps, servers) to access shared files via file
paths. It uses block storage with a local file system. This method suits scenarios where
many services need simultaneous access to the same data.

- Amazon EFS (Elastic File System)

A scalable file system for AWS and on-premises use. Automatically adjusts capacity as
files are added or removed, scaling to petabytes without downtime.

- Amazon EBS vs. Amazon EFS

 Amazon EBS
Stores data in a single Availability Zone. EC2 instances and EBS volumes must be in
the same zone to connect.

 Amazon EFS
A regional service storing data across multiple Availability Zones. Supports
concurrent access from all zones and from on-premises via AWS Direct Connect.

XIV. Amazon Relational Database Service (Amazon RDS)

- Amazon RDS:

 Managed service to run relational databases in AWS Cloud.

 Automation: Automates hardware provisioning, database setup, patching, and

backups.

 Security: Supports encryption at rest and in transit for most engines.

 Integration: Works with services like AWS Lambda for serverless queries.

 Supported Engines: Aurora, PostgreSQL, MySQL, MariaDB, Oracle, SQL Server.

- Amazon Aurora:

 Compatible with MySQL and PostgreSQL

 Up to 5x faster than MySQL, 3x faster than PostgreSQL

 Reduces I/O for cost efficiency

 Replicates data across 3 Availability Zones

 Continuous backup to Amazon S3

XV. Amazon DynamoDB

Serverless key-value database with single-digit millisecond latency at any scale:

 Serverless: No server provisioning, patching, or software management required.

 Automatic Scaling: Adjusts capacity automatically as data size changes, maintaining

consistent performance.