From 13fb88455b5e01639ef47b8d3841b88608ecbd5d Mon Sep 17 00:00:00 2001 From: saumyap24 Date: Mon, 28 Aug 2023 14:06:48 -0500 Subject: [PATCH] replacing the with --- APIGateway/api-gateway-cheatsheet.md | 2 +- .../application-integration.md | 22 +++++----- Aurora/aurora-cheatsheet.md | 8 ++-- Aurora/aurora.md | 18 ++++---- CloudFront/cloudfront-cheatsheet.md | 4 +- EFS/efs.md | 6 +-- Ec2-Pricing/ec2-pricing.md | 12 ++--- ElastiCache/elasticache.md | 14 +++--- Lambda/lambda.md | 8 ++-- Quicksight/quicksight.md | 12 ++--- Redshift/redshift.md | 12 ++--- Storage/storage-cheatsheet.md | 6 +-- Storage/storage.md | 44 +++++++++---------- VPC/vpc-flow-logs-cheatsheet.md | 4 +- VPC/vpc.md | 20 ++++----- overview.md | 36 ++++++++------- 16 files changed, 117 insertions(+), 111 deletions(-) diff --git a/APIGateway/api-gateway-cheatsheet.md b/APIGateway/api-gateway-cheatsheet.md index 2977358..5fd2f18 100644 --- a/APIGateway/api-gateway-cheatsheet.md +++ b/APIGateway/api-gateway-cheatsheet.md @@ -9,5 +9,5 @@ - Usage Plan - Provides selected API clients with access to one or more deployed APISs. You can use a usage plan to configure throttling and quota limits, which are enforced on individual client API keys - Features: - - Amazon API Gateway provides throttling at multiple levels including global and by a service call. Throttling limits can be set for standard rates and bursts. + - Amazon API Gateway provides throttling at multiple levels including global and by a service call. Throttling limits can be set for standard rates and bursts. - For example, API owners can set a rate limit of 1,000 requests per second for a specific method in their REST APIs, and also configure Amazon API Gateway to handle a burst of 2,000 requests per second for a few seconds. \ No newline at end of file diff --git a/Application-Integration/application-integration.md b/Application-Integration/application-integration.md index a5b7a59..2d68aa1 100644 --- a/Application-Integration/application-integration.md +++ b/Application-Integration/application-integration.md @@ -9,14 +9,14 @@ - Used to provide asynchronous communication and decouple processes via messages / events from sender and receiver (producer and consumer) - What is Queuing System ? - - A queueing system is a messaging system that generally will delete messages once they are consumed . + - A queueing system is a messaging system that generally will delete messages once they are consumed . - Simple Communication - - Not Real-time + - Not Real-time - Have to pull - Not reactive - Simple Queuing System (SQS) - - Fully managed queuing service that enables you to decouple and scale mircroservices, distributed systems, and serverless applications + - Fully managed queuing service that enables you to decouple and scale mircroservices, distributed systems, and serverless applications - Use Case: You need to queue up transaction emails to be sent - e.g. Signup, Reset Password @@ -28,9 +28,9 @@ - What is Streaming ? - Multiple consumers can react to events (messages) - Events live in the stream for long periods of time, so complex operations can be applied - - Real-time + - Real-time - Amazon-Kinesis - - Amazon Kinesis is the AWS fully managed solution for collecting, processing and analyzing streaming data in the cloud + - Amazon Kinesis is the AWS fully managed solution for collecting, processing and analyzing streaming data in the cloud @@ -38,23 +38,23 @@ ## Pub-Sub and SNS --- - ### What is Pub / Sub ? - - Publish-subscribe pattern commonly implemented in messaging systems. - - In a pub/sub system the sender of messages (publishers) do not send their messages directly to receivers. - - They instead send their messages to an event bus . The event bus categorizes their messages into groups. - - The receivers of messages Subscribers subscribe to these groups + - Publish-subscribe pattern commonly implemented in messaging systems. + - In a pub/sub system the sender of messages (publishers) do not send their messages directly to receivers. + - They instead send their messages to an event bus . The event bus categorizes their messages into groups. + - The receivers of messages Subscribers subscribe to these groups - Whenever new messages appear within their subscription the messages are immediately delivered to them - Publisher have no knowledge of who their subscribers are - Subscribers do not pull for messages - - Messages are instead automatically and immediately pushed to subscribers + - Messages are instead automatically and immediately pushed to subscribers - Messages and events are interchangeable terms in pub/sub - Use case: - A real-time chat system - A web-hook system - ### Simple Notification Service - - It is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems and serverless applications + - It is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems and serverless applications diff --git a/Aurora/aurora-cheatsheet.md b/Aurora/aurora-cheatsheet.md index 2c2b5ba..a7c3336 100644 --- a/Aurora/aurora-cheatsheet.md +++ b/Aurora/aurora-cheatsheet.md @@ -5,11 +5,11 @@ - When you need a fully-managed Postgres or MySQL database that needs to scale, automate backups, high availability and fault tolerance think Aurora - Aurora can run MySQL or Postgres database engines -- Aurora MySQL is 5x faster over regular MySQL -- AUrora Postgres is 3x faster over regular Postgres +- Aurora MySQL is 5x faster over regular MySQL +- AUrora Postgres is 3x faster over regular Postgres - Aurora is 1/10 the cost over its competitors with similar performance and availability options -- Aurora replicates 6 copies for your database across 3 availability zones -- Aurora is allowed up to 15 Aurora Replicas +- Aurora replicates 6 copies for your database across 3 availability zones +- Aurora is allowed up to 15 Aurora Replicas - An Aurora database can span multiple regions via Aurora Global Database - Aurora Serverless allows you to stop and start Aurora and scale automatically while keeping costs low - Aurora Serverless is ideal for new projects or projects with infrequent database usage diff --git a/Aurora/aurora.md b/Aurora/aurora.md index c6c02be..173ac62 100644 --- a/Aurora/aurora.md +++ b/Aurora/aurora.md @@ -16,8 +16,8 @@ --- - Combines the speed and availability of high-end databases with the simplicity and cost-effectiveness of open source databases - Aurora can run either MySQL or Postgres compatible engines -- Aurora MYSQL is 5x better performance than traditional MySQL -- Aurora Postgres is 3x better performance than traditional Postgres +- Aurora MYSQL is 5x better performance than traditional MySQL +- Aurora Postgres is 3x better performance than traditional Postgres - 1/10th costs of other solutions offering similar performance and availability --- @@ -30,22 +30,22 @@ --- ## Aurora Availability --- -- A minimum of 3 availability zones each contain 2 copies of your data at all times. -- That means there are 6 copies -- If in case you lose up to 2 copies of your data without affecting write availability -- If in case you lose up to 3 copies of your data without affecting read availability +- A minimum of 3 availability zones each contain 2 copies of your data at all times. +- That means there are 6 copies +- If in case you lose up to 2 copies of your data without affecting write availability +- If in case you lose up to 3 copies of your data without affecting read availability --- ## Fault Tolerance and Durability --- -- Aurora Backup and Failover is handled automatically -- Snapshots of data can be shared with other AWS accounts +- Aurora Backup and Failover is handled automatically +- Snapshots of data can be shared with other AWS accounts -- Storage is self-healing , in that data blocks and disks are continuously scanned for errors and repaired automatically +- Storage is self-healing , in that data blocks and disks are continuously scanned for errors and repaired automatically --- ## Aurora Replicas diff --git a/CloudFront/cloudfront-cheatsheet.md b/CloudFront/cloudfront-cheatsheet.md index 02bd65f..73084d0 100644 --- a/CloudFront/cloudfront-cheatsheet.md +++ b/CloudFront/cloudfront-cheatsheet.md @@ -1,5 +1,5 @@ - CloudFront is a CDN (Content Distribution Network). It makes website load fast by serving cached content that is nearby -- CloudFront distributes cached copy at Edge Locations +- CloudFront distributes cached copy at Edge Locations - Edge Locations aren't just not read-only , you can write them eg. PUT objects - TTL (Time to live) defines how long until the cache expires (refreshes cache) - When you invalidate your cache, you are forcing it to immediately expire (refreshes cached data) @@ -10,5 +10,5 @@ - Web Distribution (statis website content) - RTMP (steaming media) - Origin Identity Access (OAI) is used access private S3 buckets -- Access to cached content can be protected via Signed URLs or Signed Cookies +- Access to cached content can be protected via Signed URLs or Signed Cookies - Lambda@Edge allows you to pass each request through a Lambda to change the behavior of the response diff --git a/EFS/efs.md b/EFS/efs.md index 7195601..e398c25 100644 --- a/EFS/efs.md +++ b/EFS/efs.md @@ -4,7 +4,7 @@ --- ## Elastic File System (EFS) --- -- Scalable, elastic, Cloud-Native NFS File System +- Scalable, elastic, Cloud-Native NFS File System - Attach a single file system to multiple EC2 Instances - Don't worry about running out or managing disk space @@ -13,8 +13,8 @@ --- - EFS is a file storage service for EC2 instances - Storage capacity grows (upto petabytes) and shrinks automatically based on data stored (elastic) -- Multiple EC2 instances in same VPC can mount a single EFS Volume (Volume must be in same VPC) +- Multiple EC2 instances in same VPC can mount a single EFS Volume (Volume must be in same VPC) - EC2 instances install the NFSv4.1 client and can then mount the EFS volume - EFS is using Network File System version 4 (NFSv4) protocol -- EFS creates multiple mount targets in all your VPC subnets +- EFS creates multiple mount targets in all your VPC subnets 0 You based per space used starting at $0.30 GB / month \ No newline at end of file diff --git a/Ec2-Pricing/ec2-pricing.md b/Ec2-Pricing/ec2-pricing.md index fbb4ca4..0f5bca4 100644 --- a/Ec2-Pricing/ec2-pricing.md +++ b/Ec2-Pricing/ec2-pricing.md @@ -12,13 +12,13 @@ --- ## Reserved Instances (RI) -- Designed for applications that have a steady state, predictable usage or require reserved capacity. +- Designed for applications that have a steady state, predictable usage or require reserved capacity. - Reduced Pricing is based on Term x Class Offering x Payment Option - ### Term - {The longer the term the greater the savings} - - Commit to 1 year or 3 Year contract + - Commit to 1 year or 3 Year contract - Reserved Instances do not renew automatically - - When it is expired it will use on-demand with no interruption to service + - When it is expired it will use on-demand with no interruption to service - ### Class - {The less flexible the greater savings} - Standard @@ -34,8 +34,8 @@ - All upfront : full payment at the start - Partial Upfront : A portion of the cost must be paid and remaining hours billed at a discounted hourly rate - No Upfront : billed at a discounted hourly rate for every hour within the term,regardless of whether the Reserved Instance is being used - - RIs can be shared between multiple accounts within AWS organization - - Unused RIs can be sold in the Reserved Instance Marketplace + - RIs can be shared between multiple accounts within AWS organization + - Unused RIs can be sold in the Reserved Instance Marketplace --- ## Reserved Instance (RI) Attributes @@ -58,7 +58,7 @@ | Regional RI : purchase for a region | Zonal RI : purchase for an Availability Zone | | ----------------------------------------------------------- | ---------------------------------------------------------------------------------- | | does not reserve capacity | reserves capacity in the specified Availability Zone | -| RI discount applies to instance usage in any AZ in the Region | RI discount applies to instance in the selected AZ (No AZ Flexibility) | +| RI discount applies to instance usage in any AZ in the Region | RI discount applies to instance in the selected AZ (No AZ Flexibility) | | Ri discount applied to instance usage within the instance family, regardless of size. Only supported n Amazon Linux, Unix Reserved Instances with default tenancy | No instance size flexibility
Ri discounts applies to instance usage for the specified instance type and size only
| | You can queue purchases for regional RI | You can't queue purchases for Zonal RI | diff --git a/ElastiCache/elasticache.md b/ElastiCache/elasticache.md index 9869f1e..da55d87 100644 --- a/ElastiCache/elasticache.md +++ b/ElastiCache/elasticache.md @@ -5,7 +5,7 @@ ## What is ElastiCache for Redis? --- -- ElastiCache is a web service that makes it easy to set up, manage and scale a distributed in-memory data store or cache environment in the cloud. +- ElastiCache is a web service that makes it easy to set up, manage and scale a distributed in-memory data store or cache environment in the cloud. - Features: - Automatic detection of and recovery from cache node failures - Multi-AZ for a failed primary cluster to a read replica in Redis cluster @@ -20,11 +20,11 @@ ## Authenticating with Redis AUTH command --- - Users enter a token (password) on a token-protected Redis server. -- Include the parameter `--auth-token` (API: AuthToken) with the correct token to create the replication group or cluster. +- Include the parameter `--auth-token` (API: AuthToken) with the correct token to create the replication group or cluster. - Key Parameters: - - `--engine` - Must be redis - - --engine-version - Must be 3.2.6,4.0.10 or later - - --transit-encryption-enabled - Required for authentication and HIPAA eligibility - - --auth-token - Required for HIPAA eligibility. This value must be correct token for this token-protected Redis-server - - --cache-subnet-group - Required fro HIPAA eligibility + - `--engine` - Must be redis + - --engine-version - Must be 3.2.6,4.0.10 or later + - --transit-encryption-enabled - Required for authentication and HIPAA eligibility + - --auth-token - Required for HIPAA eligibility. This value must be correct token for this token-protected Redis-server + - --cache-subnet-group - Required fro HIPAA eligibility diff --git a/Lambda/lambda.md b/Lambda/lambda.md index 743ca5f..4d78c5f 100644 --- a/Lambda/lambda.md +++ b/Lambda/lambda.md @@ -7,17 +7,17 @@ --- ## AWS Lambda --- -- Run code without thinking about servers or clusters -- Run code without provisioning or managing infrastructure. Simply write and upload code as a .zip file or container image +- Run code without thinking about servers or clusters +- Run code without provisioning or managing infrastructure. Simply write and upload code as a .zip file or container image - Automatically respond to code execution requests at any scale, from a dozen events per day to hundreds of thousands per second -- Save costs by paying only for the compute time you use by per millisecond instead of provisioning infrastructure upfront for peak capacity +- Save costs by paying only for the compute time you use by per millisecond instead of provisioning infrastructure upfront for peak capacity - Optimize code execution time and performance with the right function memory size. Respond to high demand in double-digit milliseconds with Provisioned Concurrency. --- ## How it works --- -- AWS Lambda is a serverless, event-driven compute service that lets you run code for virtually any type of application or backend service without provisioning or managing servers. +- AWS Lambda is a serverless, event-driven compute service that lets you run code for virtually any type of application or backend service without provisioning or managing servers. - Ypu can trigger Lambda over 200 AWS services and software as a service (Saas) applications and only pay for what you use --- diff --git a/Quicksight/quicksight.md b/Quicksight/quicksight.md index dfe8272..294ef3c 100644 --- a/Quicksight/quicksight.md +++ b/Quicksight/quicksight.md @@ -4,18 +4,18 @@ --- ## What is Amazon QuickSight ? --- -- Amazon Quicksight is a very fast, easy-to-use, cloud -powered business analytics service that makes it easy for all employees within an organization to build visualizations, perform ad-hoc analysis, and quickly get business insights from their data, anytime on any device. -- 1/10th the cost of traditional BI Solutions -- With QuickSight all users can meet varying analytic needs from the same source of truth through modern interactive dashboards, paginated reports, embedded analytics and natural language queries +- Amazon Quicksight is a very fast, easy-to-use, cloud -powered business analytics service that makes it easy for all employees within an organization to build visualizations, perform ad-hoc analysis, and quickly get business insights from their data, anytime on any device. +- 1/10th the cost of traditional BI Solutions +- With QuickSight all users can meet varying analytic needs from the same source of truth through modern interactive dashboards, paginated reports, embedded analytics and natural language queries --- ## Benefits --- - Pay only for what you use -- Scale to tens of thousands of users +- Scale to tens of thousands of users - Easily embed analytics to differentiate your applications - Enable BI for everyone with QuickSight Q - Can get data insights in minutes from AWS services (e.g. Redshift, RDS, Athena, S3) - Can choose QuickSight to keep the data in SPICE up-yo-date as the data in the underlying sources change - SPICE : - - Amazon QuickSight is built with SPICE - a super-fast, parallel, In-memory calculation Engine. - - SPICE uses a combination of columnar storage, in-memory technologies enabled through the latest hardware innovations and machine code generation to run interactive queries on large datasets and get rapid responses + - Amazon QuickSight is built with SPICE - a super-fast, parallel, In-memory calculation Engine. + - SPICE uses a combination of columnar storage, in-memory technologies enabled through the latest hardware innovations and machine code generation to run interactive queries on large datasets and get rapid responses diff --git a/Redshift/redshift.md b/Redshift/redshift.md index b34452e..df45c74 100644 --- a/Redshift/redshift.md +++ b/Redshift/redshift.md @@ -7,7 +7,7 @@ --- ## Amazon Redshift --- -- Fully managed Petabyte-size Data warehouse . +- Fully managed Petabyte-size Data warehouse . - Analyze (Run complex SQL queries) on massive amounts of data Columnar Store database --- @@ -28,14 +28,14 @@ --- ## Introduction to Redshift --- -- AWS Redshift is the AWS managed, petabyte-scale solution for Data Warehousing -- Pricing starts at just $0.25 per hour with no upfront costs or commitments. +- AWS Redshift is the AWS managed, petabyte-scale solution for Data Warehousing +- Pricing starts at just $0.25 per hour with no upfront costs or commitments. - Scale up to petabytes for $1000 per terabyte , per year - Redshift price is less than 1/10 cost of most similar services - Redshift is used for Business Intelligence -- Redshift uses OLAP (Online Analytics Processing System) -- Redshift is Columnar Storage Database -- Columnar Storage for database tables is an important factor in optimizing analytic query performance because it drastically reduces the overall disk I/O requirements and reduces the amount of data you need to load from disk +- Redshift uses OLAP (Online Analytics Processing System) +- Redshift is Columnar Storage Database +- Columnar Storage for database tables is an important factor in optimizing analytic query performance because it drastically reduces the overall disk I/O requirements and reduces the amount of data you need to load from disk --- ## Redshift Use Case diff --git a/Storage/storage-cheatsheet.md b/Storage/storage-cheatsheet.md index 2763e14..e65f8de 100644 --- a/Storage/storage-cheatsheet.md +++ b/Storage/storage-cheatsheet.md @@ -1,7 +1,7 @@ - Simple Storage Service (S3) Object-based storage. Store unlimited amount of data without worry of underlying storage infrastructure -- S3 replicates data across at least 3 AZs to ensure 99.99% Availability and 11'9s of durability +- S3 replicates data across at least 3 AZs to ensure 99.99% Availability and 11'9s of durability - Objects contain data (they're like files) -- - Objects can be size anywhere from 0 Bytes up to 5 Terabytes +- - Objects can be size anywhere from 0 Bytes up to 5 Terabytes - Buckets contain objects. Buckets can also contain folders which can in turn can contain objects - Bucket names are unique across all AWS accounts. Like a domain name - When you upload a file to S3 successfully you'll receive a HTTP 200 code . Lifecycle Management Objects can be moved between storage classes or objects can be deleted automatically based on schedule @@ -13,7 +13,7 @@ Logging can be turned to on a bucket to log to track operations performed on obj - Bucket Policies are JSON documents which let you write complex control access - ACLs are the legacy method (not depracated) where you grant access to objects and buckets with simple actions - Security in Transit Uploading is done over SSL -- SSE stands for Server Side Encryption , S3 has 3 options for SSE +- SSE stands for Server Side Encryption , S3 has 3 options for SSE - SSE-AES S3 handles the key, uses AES-256 algorithm - SSE-KMS Envelope encryption via AWS KMS and you manage the keys - SSE-C Customer provided key (you manage the key) diff --git a/Storage/storage.md b/Storage/storage.md index ed824c8..37278e1 100644 --- a/Storage/storage.md +++ b/Storage/storage.md @@ -25,22 +25,22 @@ - data storage architecture that manages data as objects, as opposed to other storage architectures: - file systems: which manages data as files and fire hierarchy - block storage- which manages data as blocks within sectors and tracks - - S3 provides with Unlimited storage + - S3 provides with Unlimited storage - Need not think about underlying infrastructure - S3 console provides an interface for you to upload and access your data - - Individual Object can be store form 0 Bytes to 5 Terabytes in size + - Individual Object can be store form 0 Bytes to 5 Terabytes in size | **S3 Object** | **S3 Bucket** | | ------------------------------------------------------------------------------- | ----------------------------------------------------------------------- | | - Obejcts contain data(files) | - Buckets hold objects | | - They are like files | - Buckets can have folders which can turn in hold objects | -| Object may consists of:
- Key this is the name of the object
- Value data iteself is made up of sequence of bytes
- Version Id version of object (when versioning is enabled)
- Metadata additional information attached to the object | - S3 is universal namespace so domain names must be Unique (like having a domain name) | +| Object may consists of:
- Key this is the name of the object
- Value data iteself is made up of sequence of bytes
- Version Id version of object (when versioning is enabled)
- Metadata additional information attached to the object | - S3 is universal namespace so domain names must be Unique (like having a domain name) | --- ## S3 Storage Classes --- -- AWS offers a range of S3 Storage classes that trade Retrieval, Time, Accessability and Durability for Cheaper Storage +- AWS offers a range of S3 Storage classes that trade Retrieval, Time, Accessability and Durability for Cheaper Storage @@ -62,7 +62,7 @@ - S3 Standard-IA (Infrequent Access) - Still Fast! Cheaper if you access files less than once a month - - Additional retrieval fee is applied. 50% less than standard (reduced availability) + - Additional retrieval fee is applied. 50% less than standard (reduced availability) - S3 One-Zone-IA - Still fast! Objects only exist in one AZ. @@ -73,7 +73,7 @@ - S3 Glacier - For long term cold storage - - Retrieval of data can take minutes to hours but the off is very cheap storage + - Retrieval of data can take minutes to hours but the off is very cheap storage - S3 Glacier Deep Archive - The lowest cost storage class @@ -166,8 +166,8 @@ --- - Fast and secure transfer of files over long distances between your end users and an S3 bucket -- Utilizes CloudFront's distributed Edge locations -- Instead of uploading to your bucket, users use a distinct URL for an Edge location +- Utilizes CloudFront's distributed Edge locations +- Instead of uploading to your bucket, users use a distinct URL for an Edge location - As data arrives at the Edge location it is automatically routed to S3 over a specially optimized network path. (Amazon's backbone network) @@ -176,7 +176,7 @@ ## Presigned URLs --- - Generates a URL which provides temporary access to an object to either upload or download object data. -- Presigned Urls are commonly used to provide access to private objects +- Presigned Urls are commonly used to provide access to private objects - Can use AWS CLI or AWS SDK to generate Presigned Urls @@ -196,13 +196,13 @@ -- Only the bucket owner logged in as Root User can DELETE objects from bucket +- Only the bucket owner logged in as Root User can DELETE objects from bucket --- ## AWS Snow Family --- -- AWS Snow Family are Storage and compute devices used to physically move data in or out the cloud when moving data over the internet or private connection it to slow, difficult or costly +- AWS Snow Family are Storage and compute devices used to physically move data in or out the cloud when moving data over the internet or private connection it to slow, difficult or costly ![Snow family](../images/S3/snow_family.png) @@ -211,29 +211,29 @@ --- - Simple Storage Service (S3) - - A serverless object storage service is created + - A serverless object storage service is created - can upload very large files and unlimited amount of files - you pay for what you store - Need not worry about the underlying file-system or upgrading the disk size - S3 Glacier - Cold storage service - - low cost storage solution for archiving and long-term backup + - low cost storage solution for archiving and long-term backup - Uses previous generation HDD drives to get that low cost - highly secure and durable - Elastic Block Store (EBS) - - a persistent block storage service + - a persistent block storage service - virtual hard drive in the cloud to attach to EC2 instances - can choose different kinds of storage: SSD, IOPS, SSD, Throughput HHD, Cold HHD - Elastic File Storage (EFS) - - a cloud-native NFS file system service - - File storage you can mount to multiple Ec2 instances at the same time + - a cloud-native NFS file system service + - File storage you can mount to multiple Ec2 instances at the same time - When you need to share files between multiple EC2 instances - Storage Gateway - - a hybrid cloud storage service that extends your on-premise storage to cloud + - a hybrid cloud storage service that extends your on-premise storage to cloud - File Gateway : extends your local storage to AWS S3 - Volume Gateway : caches your local drives to S3 so you have continuous backup of files on cloud - Tape Gateway : stores files on virtual tapes for very cost effective and long term storage @@ -245,7 +245,7 @@ - Snowcone very small version of snowball that can transfer 8TB of data - AWS Backup - - a fully managed backup service + - a fully managed backup service - centralize and automate the backup of the backup data across multiple AWS services - eg. EC2, EBS, RDS, DynamoDB, EFS, Storage Gateway - can create backup plans @@ -254,13 +254,13 @@ - Continuously replicates your machines into low cost staging area in your target AWS account and preferred region enabling fast and reliable recovery if one of the data center fails - Amazon FSx - - a feature rich and highly-performant file system + - a feature rich and highly-performant file system - Can be used for Windows (SMB) or Linux (Lustre) - Amazon Fsx for Window File Server uses the SMB protocol to and allows you to mount FSx to windows servers - Amazon FSx for Lustre uses Linux's Lustre file systems and allows you to mount FSx to Linux servers - Amazon Athena - - A serverless, interactive analytics service built on open-source frameworks, supporting open-table and file formats. + - A serverless, interactive analytics service built on open-source frameworks, supporting open-table and file formats. - Athena provides simplified flexible way to analyze petabytes of data where it lives - Analyze data or build applications from an S3 data lake and 30 data sources, including on-premises data sources or other cloud systems using SQL or Python @@ -275,8 +275,8 @@ ## S3 Object Lock --- -- With S3 Object Lock, you can store objects using write-once-read-many (WORM) mode. -- Object lock can prevent from objects from being deleted or overwritten for a fixed amount of time or indefinitely +- With S3 Object Lock, you can store objects using write-once-read-many (WORM) mode. +- Object lock can prevent from objects from being deleted or overwritten for a fixed amount of time or indefinitely ### Governance mode - Users can't overwrite or delete an object version or alter its lock settings unless they have special permissions. diff --git a/VPC/vpc-flow-logs-cheatsheet.md b/VPC/vpc-flow-logs-cheatsheet.md index e12abb0..e6ca564 100644 --- a/VPC/vpc-flow-logs-cheatsheet.md +++ b/VPC/vpc-flow-logs-cheatsheet.md @@ -4,8 +4,8 @@ - You cannot change the configuration of a flow log after it's created - You cannot enable flow logs for VPCs which are peered with your VPC unless it is in the same account - VPC FLow logs can be delivered to an S3 or CLoudWatch Logs -- VPC Flow logs contains the source and destination IP addresses (not hostnames) -- Some instance traffic is not monitored : +- VPC Flow logs contains the source and destination IP addresses (not hostnames) +- Some instance traffic is not monitored : - Instance traffic generated by contacting the AWS DNS servers - Windows license activation traffic from instances - Traffic to and from the instance metadta address (169.254.169.254) diff --git a/VPC/vpc.md b/VPC/vpc.md index fe3bae2..99f2a07 100644 --- a/VPC/vpc.md +++ b/VPC/vpc.md @@ -66,7 +66,7 @@ - VPC Peering allows to connect one VPC with another over a direct network route using private IP addresses - Instances on peered VPCs behave just like they are on the same network - Connect VPCs across same or different AWS accounts and regions -- Peering uses a Star Configuration: 1 Central VPC - 4 other VPCs +- Peering uses a Star Configuration: 1 Central VPC - 4 other VPCs - No Transitive Peering (peering must take place directly between VPCs) - Needs a one to one connect to immediate VPC - No Overlapping CIDR Blocks @@ -99,9 +99,9 @@ ## Bastion / Jumpbox --- - Bastions are EC2 instances which are security harden. -- They are designed to help you gain access to your EC2 instances via SSH or RCP that are in a private subnet +- They are designed to help you gain access to your EC2 instances via SSH or RCP that are in a private subnet - They are also known as Jump boxes because you are jumping from one box to access another. -- NAT Gateways/Instances are only intended for EC2 instances to gain outbound access to the internet for things such as security updates . +- NAT Gateways/Instances are only intended for EC2 instances to gain outbound access to the internet for things such as security updates . - NATs cannot/should not be used as Bastions - System Manager's Sessions Manager replaces the need for Bastions @@ -126,9 +126,9 @@ - There are two types of VPC Endpoints 1. Interface endpoints 2. Gateway Endpoints -- Eliminates the need for an Internet Gateway, NAT device, VPN connection or AWS Direct Connect connections -- Instances in the VPC do not require a public IP address to communicate with service resources -- Traffic between your VPC and other services does not leave the AWS network +- Eliminates the need for an Internet Gateway, NAT device, VPN connection or AWS Direct Connect connections +- Instances in the VPC do not require a public IP address to communicate with service resources +- Traffic between your VPC and other services does not leave the AWS network - Horizontally scaled,redundant and highly available VPC component - Allows secure communication between instances and services without adding avilability risks or bandwidth constraints on your traffic @@ -211,7 +211,7 @@ ## NACLs --- - Network Access Control List (NACLs) -- An (optional) layer of Security that acts as a firewall for controlling traffic in and out of subnet(s) . +- An (optional) layer of Security that acts as a firewall for controlling traffic in and out of subnet(s) . - NACLs acts as a virtual firewall at the subnet level - VPCs automatically get a default NACL - Subnets are associated with NACLs. Subnets can only belong to a single NACL @@ -255,9 +255,9 @@ ## Secrets Manager --- -- Helps to manage, retrieve and rotate database credentials, application credentials, OAuth tokens, API keys and other secrets throughout their lifecycles - -- Helps to improve security posture , because you no longer need hard-coded credentials in application source code. +- Helps to manage, retrieve and rotate database credentials, application credentials, OAuth tokens, API keys and other secrets throughout their lifecycles + +- Helps to improve security posture , because you no longer need hard-coded credentials in application source code. - Storing the credentials in Secrets Manager helps avoid possible compromise by anyone who can inspect the application or the components. - Replace hard-coded credentials with a runtime call to the Secrets Manager service to retrieve credentials with a runtime call to the Secrets Manager service to retrieve credentials dynamically when you need them. - \ No newline at end of file diff --git a/overview.md b/overview.md index 1bd91d8..e97752c 100644 --- a/overview.md +++ b/overview.md @@ -15,35 +15,37 @@ - [Secrets Manager](#secrets-manager) - [Textract](#textract) - [RPO and RTO](#rpo-and-rto) +- [EC2](#ec2) + ## Amazon EBS --- - Amazon EBS provides three volume types to best meet the needs of your workloads: - General Purpose (SSD) - - General Purpose (SSD) volumes are suitable for a broad range of workloads, including small to medium-sized databases, development and test environments, and boot volumes. + - General Purpose (SSD) volumes are suitable for a broad range of workloads, including small to medium-sized databases, development and test environments, and boot volumes. - Provisioned IOPS (SSD) - - These volumes offer storage with consistent and low-latency performance and are designed for I/O intensive applications such as large relational or NoSQL databases. + - These volumes offer storage with consistent and low-latency performance and are designed for I/O intensive applications such as large relational or NoSQL databases. - Magnetic - - for workloads where data are accessed infrequently, and applications where the lowest storage cost is important. + - for workloads where data are accessed infrequently, and applications where the lowest storage cost is important. ## Cloudwatch --- - Monitoring tool for your AWS resources and applications. -- Display metrics and create alarms that watch the metrics and send notifications or automatically make changes to the resources you are monitoring when a threshold is breached. +- Display metrics and create alarms that watch the metrics and send notifications or automatically make changes to the resources you are monitoring when a threshold is breached. ## AWS Identity and Access Management --- -- You can use an IAM role to specify permissions for users whose identity is federated from your organization or a third-party identity provider (IdP). +- You can use an IAM role to specify permissions for users whose identity is federated from your organization or a third-party identity provider (IdP). - Federating users with SAML 2.0 - - If your organization already uses an identity provider software package that supports SAML 2.0 (Security Assertion Markup Language 2.0), you can create trust between your organization as an identity provider (IdP) and AWS as the service provider. - - You can then use SAML to provide your users with federated single-sign on (SSO) to the AWS Management Console or federated access to call AWS API operations. + - If your organization already uses an identity provider software package that supports SAML 2.0 (Security Assertion Markup Language 2.0), you can create trust between your organization as an identity provider (IdP) and AWS as the service provider. + - You can then use SAML to provide your users with federated single-sign on (SSO) to the AWS Management Console or federated access to call AWS API operations. - For example: if your company uses Microsoft Active Directory and Active Directory Federation Services, then you can federate using SAML 2.0 - - Federating users by creating a custom identity broker application - - If your identity store is not compatible with SAML 2.0, then you can build a custom identity broker application to perform a similar function. - - The broker application authenticates users, requests temporary credentials for users from AWS, and then provides them to the user to access AWS resources. + - Federating users by creating a custom identity broker application + - If your identity store is not compatible with SAML 2.0, then you can build a custom identity broker application to perform a similar function. + - The broker application authenticates users, requests temporary credentials for users from AWS, and then provides them to the user to access AWS resources. - The application verifies that employees are signed into the existing corporate network's identity and authentication system, which might use LDAP, Active Directory, or another system. The identity broker application then obtains temporary security credentials for the employees. - To get temporary security credentials, the identity broker application calls either `AssumeRole` or `GetFederationToken` to obtain temporary security credentials, depending on how you want to manage the policies for users and when the temporary credentials should expire. - - The call returns temporary security credentials consisting of an AWS access key ID, a secret access key, and a session token. The identity broker application makes these temporary security credentials available to the internal company application. + - The call returns temporary security credentials consisting of an AWS access key ID, a secret access key, and a session token. The identity broker application makes these temporary security credentials available to the internal company application. - This scenario has the following attributes: @@ -58,7 +60,7 @@ --- - Supports Aurora, MySQL, MariaDB, PostgreSQL, Oracle, Microsoft SQL Server. - DB Instance - - For production OLTP use cases, use Multi-AZ deployments for enhanced fault tolerance with Provisioned IOPS storage for fast and predictable performance. + - For production OLTP use cases, use Multi-AZ deployments for enhanced fault tolerance with Provisioned IOPS storage for fast and predictable performance. - You can use PIOPS storage with Read Replicas for MySQL, MariaDB or PostgreSQL. - Magnetic - Doesn’t allow you to scale storage when using the SQL Server database engine. @@ -71,15 +73,15 @@ --- - An interactive query service that makes it easy to analyze data directly in Amazon S3 and other data sources using SQL. - Serverless -- Has a built-in query editor. +- Has a built-in query editor. - highly available and durable -- integrates with Amazon QuickSight for easy data visualization. +- integrates with Amazon QuickSight for easy data visualization. - retains query history for 45 days. - You pay only for the queries that you run. You are charged based on the amount of data scanned by each query. - There are 2 types of cost controls: - Per-query limit - specifies a threshold for the total amount of data scanned per query. - - Any query running in a workgroup is canceled once it exceeds the specified limit. + - Any query running in a workgroup is canceled once it exceeds the specified limit. - Only one per-query limit can be created - Per-workgroup limit - this limits the total amount of data scanned by all queries running within a specific time frame. @@ -140,6 +142,7 @@ - A managed cluster that simplifies running big data frameworks like Apache Hadoop and Apache Spark on AWS to process and analyze vast amounts of data. - You can process data for analytics purposes and business intelligence workloads using EMR together with Apache Hive and Apache Pig - You can use EMR to move large amounts of data in and out of other AWS data stores and databases like S3 and DynamoDB + ## Auto Scaling @@ -192,3 +195,6 @@ - Data loss is measured from most recent backup to the point of disaster. Downtime is measured from the point of disaster until fully recovered and available for service. +## EC2 +--- +