Improve AWS Roadmap content (#7400)
* Introduction. * EC2. * VPC * IAM * Autoscaling.pull/7427/head
Vedansh
1 week ago
committed by
GitHub
parent
5b29181d95
commit
78a642f8bd
28 changed files with 120 additions and 35 deletions
@ -1,3 +1,8 @@ |
||||
# What is Cloud Computing? |
||||
|
||||
Cloud Computing refers to the delivery of computing services over the internet instead of using local servers. It offers reliable, scalable, and inexpensive cloud computing services which include data storage, databases, applications, analytics, machine learning, and even setting up virtual servers. The biggest names providing cloud computing services are Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and others. The main selling point is that you only pay for the services you use, helping you manage your expenses more effectively. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@article@What is Cloud Computing - IBM](https://www.ibm.com/topics/cloud-computing) |
||||
- [@article@Cloud Computing - AWS](https://aws.amazon.com/what-is-cloud-computing/) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Shared Responsibility Model |
||||
|
||||
In Amazon Web Services (AWS), the concept of 'Shared Responsibility' pertains to the distribution of security and compliance responsibilities between AWS and the user/client. Under this model, AWS is responsible for the security "of" the cloud — including the infrastructure, hardware, software, networking, and facilities that run AWS cloud services. On the other hand, the user is responsible for security "in" the cloud — this includes managing and configuring the customer-controlled services, protecting account credentials, and securing customer data. This shared model aims to lessen operational burden for users and provide flexible security controls. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Shared Responsibility Model](https://aws.amazon.com/compliance/shared-responsibility-model/) |
||||
|
||||
@ -1,10 +1,10 @@ |
||||
# Introduction to AWS |
||||
|
||||
AWS (Amazon Web Services) offers a broad set of global cloud-based products including compute, storage, databases, analytics, networking, mobile, developer tools, management tools, IoT, security, and enterprise applications: on-demand, available in seconds, with pay-as-you-go pricing. From data warehousing to deployment tools, directories to content delivery, over 200 AWS services are available. New services can be provisioned quickly, without the upfront fixed expense. This allows enterprises, start-ups, small and medium-sized businesses, and customers in the public sector to access the building blocks they need to respond quickly to changing business requirements. This whitepaper provides you with an overview of the benefits of the AWS Cloud and introduces you to the services that make up the platform. |
||||
AWS (Amazon Web Services) offers a broad set of global cloud-based products including compute, storage, databases, analytics, networking, mobile, developer tools, management tools, IoT, security, and enterprise applications: on-demand, available in seconds, with pay-as-you-go pricing. From data warehousing to deployment tools, directories to content delivery, over 200 AWS services are available. New services can be provisioned quickly, without the upfront fixed expense. This allows enterprises, start-ups, small and medium-sized businesses, and customers in the public sector to access the building blocks they need to respond quickly to changing business requirements. This whitepaper provides you with an overview of the benefits of the AWS Cloud and introduces you to the services that make up the platform. |
||||
|
||||
Learn more from the following links: |
||||
|
||||
- [@article@AWS Documentation](https://docs.aws.amazon.com/) |
||||
- [@article@Introduction of AWS](https://docs.aws.amazon.com/whitepapers/latest/aws-overview/introduction.html) |
||||
- [@official@AWS Documentation](https://docs.aws.amazon.com/) |
||||
- [@official@Introduction of AWS](https://docs.aws.amazon.com/whitepapers/latest/aws-overview/introduction.html) |
||||
- [@video@AWS Tutorial for Beginners](https://www.youtube.com/watch?v=zA8guDqfv40) |
||||
- [@feed@Explore top posts about AWS](https://app.daily.dev/tags/aws?ref=roadmapsh) |
||||
|
||||
@ -1,10 +1,10 @@ |
||||
# Introduction |
||||
|
||||
AWS (Amazon Web Services) offers a broad set of global cloud-based products including compute, storage, databases, analytics, networking, mobile, developer tools, management tools, IoT, security, and enterprise applications: on-demand, available in seconds, with pay-as-you-go pricing. From data warehousing to deployment tools, directories to content delivery, over 200 AWS services are available. New services can be provisioned quickly, without the upfront fixed expense. This allows enterprises, start-ups, small and medium-sized businesses, and customers in the public sector to access the building blocks they need to respond quickly to changing business requirements. This whitepaper provides you with an overview of the benefits of the AWS Cloud and introduces you to the services that make up the platform. |
||||
AWS (Amazon Web Services) offers a broad set of global cloud-based products including compute, storage, databases, analytics, networking, mobile, developer tools, management tools, IoT, security, and enterprise applications: on-demand, available in seconds, with pay-as-you-go pricing. From data warehousing to deployment tools, directories to content delivery, over 200 AWS services are available. New services can be provisioned quickly, without the upfront fixed expense. This allows enterprises, start-ups, small and medium-sized businesses, and customers in the public sector to access the building blocks they need to respond quickly to changing business requirements. This whitepaper provides you with an overview of the benefits of the AWS Cloud and introduces you to the services that make up the platform. |
||||
|
||||
Learn more from the following links: |
||||
|
||||
- [@article@How to create an AWS Account](https://grapplingdev.com/tutorials/how-to-create-aws-account) |
||||
- [@article@AWS Documentation](https://docs.aws.amazon.com/) |
||||
- [@article@Introduction of AWS](https://docs.aws.amazon.com/whitepapers/latest/aws-overview/introduction.html) |
||||
- [@official@AWS Documentation](https://docs.aws.amazon.com/) |
||||
- [@official@Introduction of AWS](https://docs.aws.amazon.com/whitepapers/latest/aws-overview/introduction.html) |
||||
- [@article@How to Create an AWS Account](https://grapplingdev.com/tutorials/how-to-create-aws-account) |
||||
- [@video@AWS Tutorial for Beginners](https://www.youtube.com/watch?v=zA8guDqfv40) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Purchasing Options |
||||
|
||||
Amazon EC2 provides several purchasing options to fit different workload needs. The **On-Demand** option allows clients to pay for compute capacity per hour with no long-term commitments. **Reserved Instances** provide a significant discount compared to On-Demand pricing and are ideal for applications required steady state usage. **Spot Instances** allow clients to bid for unused Amazon EC2 capacity and can provide significant savings if flexibility is possible in starting and stopping times. **Dedicated Hosts** are physical EC2 servers dedicated to specific clients, suitable for regulatory requirements and licenses which do not support multi-tenant virtualization, and **Savings Plans** offer reduced rates for committing to a consistent amount of usage for 1 or 3 years. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Purchasing Options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Private Subnet |
||||
|
||||
Private subnets in AWS are isolated network segments within your VPC that do not have direct access to the internet. You can use private subnets to run services and applications that should not be directly accessible from the outside world, but still need to communicate with other resources within your VPC. Any instances launched in a private subnet cannot directly send traffic to the internet without routing through a NAT device. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Subnets](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Public Subnet |
||||
|
||||
In AWS, a subnet that's designated as `public` is one that has direct access to the Internet. Each subnet that you create runs on its own portion of the AWS network, and you can consider them as logically isolated sections. When a subnet is designated as public, it means an Internet Gateway is attached to it and thus instances within this subnet can easily communicate with the outside net. Each instance that you launch into a public subnet is automatically assigned a private IPv4 address and a public IPv4 address. These addresses don't change and remain with the instance, until it's stopped, terminated or replaced with a different address. This setup allows instances in the public subnet to communicate directly with the internet and other AWS services. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Subnets](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Subnets |
||||
|
||||
Subnets or subnetworks in Amazon VPC (Virtual Private Cloud) are divisions of a VPC's IP address range. You can launch Amazon Elastic Compute Cloud (Amazon EC2) instances into a selected subnet. When you create a subnet, you specify the CIDR block for the subnet, which is a subset of the VPC CIDR block. Each subnet must be associated with a route table, which controls the traffic flow between the subnets. There are two types of subnets: public and private. A public subnet is one in which the associated route table directs the subnet to the Internet Gateway (IGW) of the VPC. A private subnet does not have a route to the IGW and hence has no direct route to the internet. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Subnets](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Security Groups |
||||
|
||||
Security Groups in AWS act as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security Groups are stateful — if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. You can specify allow rules, but not deny rules. You can specify separate rules for inbound and outbound traffic. Therefore, if you need to allow specific communication between your instances, you'll need to configure both outbound rules for the sender security group and inbound rules for the receiver security group. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Security Groups](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Internet Gateway |
||||
|
||||
An **Internet Gateway** is a redundant, horizontally scalable component in AWS that performs bi-directional routing between a VPC and the Internet. It serves two purposes; routing outbound traffic from the VPC to the internet (NAT), and routing inbound traffic from the Internet to the VPC. It's automatically highly available and provides bandwidth and redundancy across all AWS Regions. It becomes associated with a VPC upon creation, and cannot be detached or attached to another VPC once created. Security to and from the Internet Gateway can be controlled using route tables and security groups or network ACLs. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@article@Internet Gateway](https://www.cisco.com/c/en/us/products/routers/what-is-a-network-gateway.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# NAT Gateway |
||||
|
||||
AWS NAT Gateway is a managed service that provides source Network Address Translation (NAT) for instances in a private subnet so they can access the internet securely. It's designed to operate automatically, handling bandwidth scaling, failover, and managing carrier IP addresses. With NAT Gateway, instances within a VPC can access the internet for software updates, patches, etc, but inbound traffic from the internet is prevented, helping maintain the security and privacy of the private subnet. NAT Gateway is redundant within the Availability Zone, providing high availability. It supports TCP, UDP, and ICMP protocols, as well as Port Address Translation (PAT). |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@NAT Gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# VPC |
||||
|
||||
Amazon VPC (Virtual Private Cloud) is a service that lets you launch AWS resources in a logically isolated virtual network that you define. It provides advanced security features such as security groups and network access control lists to enable inbound and outbound filtering at the instance and subnet level. Additionally, you can create a Hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC to leverage the AWS cloud as an extension of your corporate datacenter. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@VPC](https://aws.amazon.com/vpc/) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Identity-Based |
||||
|
||||
"Identity-based policies" are one of the types of policies you can create in AWS (Amazon Web Services). They are attached directly to an identity (like an IAM user, group, or role) and control what actions that identity can perform, on which resources, and under what conditions. There are two types - inline and managed. Inline policies are created and managed individually, while managed policies are standalone policies that you can attach to multiple identities. This offers a flexible framework for managing permissions across your AWS resources. These policies are written in a language called JSON (JavaScript Object Notation). |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Identity Based Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Resource-Based |
||||
|
||||
Resource-based policies are attached directly to the AWS resources that receive the permissions. The policy then specifies what actions are allowed or denied on that particular resource. In resource-based policies, you include a `Principal` element in the policy to indicate the IAM users or roles that are granted the permissions. While not all AWS services support resource-based policies, common services that do include Amazon S3 for bucket policies, AWS KMS for key policies, and Amazon SNS for topic policies. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Identity Based Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Users / User Groups |
||||
|
||||
In AWS Identity and Access Management (IAM), a **Users Group** is a collection of IAM users. Groups enable you to specify permissions for multiple users, making it easier to manage the permissions for those users. For example, you could have a group called "Developers" and give that group the necessary permissions for developing in your environment. If a new developer joins your organization, rather than defining permissions specifically for that user, you can add the user to the "Developers" group to assign those permissions. Remember, each AWS IAM user in a group inherits the permission policies attached to the group. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@IAM - AWS](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Instance Profiles |
||||
|
||||
Instance profiles are AWS IAM entities that you can use to grant permissions to applications running on your EC2 instances. They effectively allow your instances to make secure API requests. An instance profile is essentially a container for an AWS Identity and Access Management (IAM) role that you can use to pass roles to EC2 instances at launch time. Once an IAM role is associated with an instance at launch time, we can't change the role. However, you can modify the permissions policies attached to the role, and the updated permissions do take effect immediately. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Instance Profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Assuming Roles |
||||
|
||||
Assuming roles in AWS allows one AWS identity to perform actions and access resources in another AWS account, without having to share security credentials. This is achieved using temporary security credentials. You assume a role by calling the `AWS Security Token Service (STS)` AssumeRole APIs, passing the ARN of the role to assume. After successfully assuming a role, STS returns temporary security credentials that you can use to make requests to any AWS service. The assumed role provides specific permissions that determine what the role user can and cannot do. Thus, users can switch between roles using AWS Management Console, AWS CLI, or AWS API. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Assuming Roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage-assume.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# AMIs |
||||
|
||||
Amazon Machine Images (AMIs) are pre-configured templates for EC2 instances. When you launch an instance in EC2, you start with an AMI. An AMI includes details such as the operating system to use, applications to install, and the volume type and size. AMIs can be either public or private — public AMIs are available for anyone to use, while private AMIs are only available to specific AWS accounts. You can create your own custom AMIs, enabling you to quickly start and replicate a known configuration for your EC2 instances. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@AMIs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Launch Templates |
||||
|
||||
"Launch Templates" in AWS Auto Scaling are configurations that an Auto Scaling group uses to launch EC2 instances. They store the configuration information necessary to launch an instance, which includes the ID of the Amazon Machine Image (AMI), the instance type, a key pair, security groups, and the storage configuration. It helps in setting up new instances quickly and prevent configuration inconsistencies across instances. These templates can also be versioned, allowing updates and roll backs to previous configurations. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Launch Templates](https://aws.amazon.com/about-aws/whats-new/2017/11/introducing-launch-templates-for-amazon-ec2-instances/) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Auto-Scaling Groups |
||||
|
||||
"Autoscaling Groups" in AWS, also known as Auto Scaling Groups (ASGs), are the main components used for scaling resources automatically according to your requirements in AWS. They contain a collection of Amazon Elastic Compute Cloud (EC2) instances that are treated as a logical grouping for the purpose of automatic scaling and management. The instances in an ASG are distributed across different availability zones in a region, ensuring a high level of fault tolerance. When defining an ASG, you specify its minimum, maximum, and desired number of EC2 instances. You also have to specify a launch configuration that determines what type of instances should be launched and from which Amazon Machine Image (AMI). |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Auto Scaling Groups](https://docs.aws.amazon.com/eks/latest/best-practices/cas.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Scaling Policies |
||||
|
||||
AWS Autoscaling supports various types of scaling policies that control how and when to scale. These include target tracking scaling policies, step scaling policies, and simple scaling policies. Target tracking scaling policies adjust the capacity based on specified dynamic conditions, maintaining the target value for the specified metric. Step scaling policies adjust the capacity based on a set of scaling adjustments, increasing or decreasing the capacity within the constraints of the minimum and maximum capacity. Meanwhile, simple scaling policies increase or decrease the capacity based on a single alarm. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@AWS Autoscaling Policy](https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Elastic Load Balancers |
||||
|
||||
Elastic Load Balancing (ELB) is a load-balancing service for Amazon Web Services (AWS) deployments. It automatically distributes incoming application traffic and scales resources to meet traffic demands. ELB helps to ensure that the incoming traffic is spread evenly across your Amazon EC2 instances, making your application more highly available and fault-tolerant. It supports routing and load balancing for HTTP/HTTPS, and TCP traffic. There are three types of load balancers that ELB offers - Application Load Balancer (ideal for HTTP and HTTPS traffic), Network Load Balancer (best for TCP traffic where extreme performance is required) and Classic Load Balancer (provides basic load balancing across multiple Amazon EC2 instances). |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Elastic Load Balancers](https://aws.amazon.com/elasticloadbalancing/) |
||||
|
||||
@ -1,3 +1,7 @@ |
||||
# Auto-Scaling |
||||
|
||||
AWS Auto Scaling is a service that automatically scales resources to meet the demands of your applications. It uses policies, health status, and schedules to determine when to add more instances, ensuring that your application always has the right amount of capacity. AWS Auto Scaling can scale resources across multiple services and manage the scaling process in real time. It optimizes for cost and performance, and with the help of Amazon CloudWatch, it adjusts capacity based on the demand patterns of your workloads. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@AWS Autoscaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html) |
||||
|
||||
Loading…
Reference in new issue