A collection of AWS maps drawn with http://draw.io and some notes in a portable markdown summary.
This repo is intended as a collection of reference notes and summaries of AWS services. I used draw.io and dillinger.io as open source web-based map tool and official Amazon guides.
[2.1] Compute and Networking Services
[2.2] Storage and Content Delivery Services
[2.3] Security and Identity Services
This is a big picture of AWS:
AWS provides services in different parts of the world: for this reason, AWS products are available in different Regions. Each region contains multiple distinct Availability Zones. Each Region is isolated from failures in others. Each Availability Zone is isolated from failures in others. You can use region and availability zone to meet legal requirements, provide services closer to specific customers and so on. Note: not every Region / Availability Zone supports every AWS resource. Prices in each Regione are different.
The main products in AWS environment are:
This is a picture with listed AWS products and key services:
With the help of starting guide provided by Amazon, we go more in deep analyzing key services for each group of products.
This set of services are related to compute and networking functions: the following key services are available:
You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. EC2 provides scalable computing capacity (amazon servers in amazon datacenters) to build and host your app. EC2 works with Amazon Machine Image or AMI: an “AMI” is an image template with software configuration inside like OS, webserver, specific applications, and so on. You create instance(s) starting from AMI. An instance is no more than a copy of AMI running as a VM in Amazon Datacenter. When you decide to create you instance, you can choose what type of host computer (in term of physical resources) you need: CPU, memory, etc. See AMIs & Instances section below for more details.
Each Amazon instance has its own public IP address and public DNS name: the last follows the rules above:
ec2-[public_ip].compute-1.amazonaws.com
ec2-[public_ip].[region_code].compute.amazonaws.com
You can ignore how instances work: they simply keep running until fail. They don’t restart automatically if fails occurs. To better meet your / your customers’ requirements, you can buildi your own AMI image starting from the repo of AMI and choosing the one that best fits your needs. Than, you can customize it adding more resources / applications in it.
As we said, an Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). From an AMI, you launch an instance, which is a copy of the AMI running as a virtual server in the cloud. You can launch multiple instances of an AMI. You can launch different types of instances from a single AMI. An instance type essentially determines the hardware of the host computer used for your instance. Each instance type offers different compute and memory capabilities. Select an instance type based on the amount of memory and computing power that you need for the application or software that you plan to run on the instance. When you launch an instance, the root device volume contains the image used to boot the instance. A long time ago all AMIs were backed by Amazon EC2 instance store, which means the root device for an instance launched from the AMI was an instance store volume created from a template stored in Amazon S3. After, Amazon introduced Amazon EBS (Elastic Block Store) so AMIs are now backed by Amazon EBS.
This means that the root device for an instance launched from the AMI is an Amazon EBS volume created from an Amazon EBS snapshot.
Your instance may include local storage volumes, known as instance store volumes, which you can configure at launch time with block device mapping. Amazon EC2 supports two types of block devices:
A block device mapping defines the block devices (instance store volumes and EBS volumes) to attach to an instance. You can specify a block device mapping as part of creating an AMI so that the mapping is used by all instances launched from the AMI. Alternatively, you can specify a block device mapping when you launch an instance, so this mapping overrides the one specified in the AMI from which you launched the instance.
Amazon Virtual Private Cloud is a virtual network dedicated to your AWS account. It is logically isolated from other virtual network. You can use subnets to split IP(s) range and group (run) istances to handle security and computational needs.
Note: VPC is isolated from outside world by default. If you want a subnet to reach www, you need to add an Internet Gateway AND a route table to the Internet and the subnet. Starting from the end of 2013, a default VPC is created with your account. That means that every EC2 instances run in a VPC (default or non-default).
TODO: add schema and screenshots of VPC setup
A security group acts like iptable: for each instance, you can create a security group with two separate set of rules, one for inbound and one for outbound traffic. If a connection doesn’t match any in/out rules, then it will be discarded.
Route 53 is a DNS web service: it permits you to create redirect from your personal domain name(s) to AWS assigned urls. Infact, each time you create a Resource, AWS assign to it a domain name. Route 53 resolve this name to the IP address of the resource itself. If you have a personal domain name, you can transfer it to Route 53: if you don’t have it you can pick one from available in Route 53.
A hosted zone is a collection of resource record sets for a specified domain. You create a hosted zone for a domain (such as example.com), and then you create resource record sets to tell the Domain Name System how you want traffic to be routed for that domain.
When you create a hosted zone, Amazon Route 53 automatically creates a name server (NS) record and a start of authority (SOA) record for the zone. The NS record identifies the four name servers that you give to your registrar or your DNS service so that DNS queries are routed to Amazon Route 53 name servers.
todo yet
todo yet
todo yet
todo yet
todo yet
todo yet