AWS Blog

AWS supported CIDR block range

The allowed block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses).

VPC Limits

Resource	Default limit
VPCs per Region	5
Subnets per VPC	200
IPv4 CIDR blocks per VPC	5
IPv6 CIDR blocks per VPC	5

Private vs Public IP (IPV4) Fundamental Differences

Public IP:

Public IP means the machine can be identified on the internet (WWW)

Must be unique across the whole web (not two machines can have the same public IP).

Can be geo-located easily

Private IP:

Private IP means the machine can only be identified on a private network only

The IP must be unique across the private network

BUT two different private networks (two companies) can have the same IPs.

Machines connect to WWW using an internet gateway (a proxy)

Only a specified range of IPs can be used as private IP

Note: When you stop/start your instance, the IP address will change. If you reboot the instance, it will keep the same IP addresses. Unfortunately, it is not possible for us to reassign the address to your instance as that address would have been released back into the pool used by other EC2 instances.

Why use a custom AMI?

Using a custom built AMI can provide the following advantages:

Pre-installed packages needed

Faster boot time (no need for ec2 user data at boot time)

Machine comes configured with monitoring / enterprise software

Security concerns - control over the machines in the network

Control of maintenance and updates of AMIs over time

Active Directory Integration out of the box

Installing your app ahead of time (for faster denloys when auto-scaling)

Using someone else's AMI that is optimised for DB, etc...

Note:AMI's are region specific

AMI Storage

Your AMI take space and they live in Amazon S3 • Amazon S3 is a durable, cheap and resilient storage where most of your backups will live (but you won't see in the S3 console) • By default, your AMls are private, and locked for your account / region. • You can also make your own AMI or tranfer to ther AWS accounts or sell them on the Marketplace.

Security Groups

Can be attached to multible instances. • Locked down to a region / VPC combination. • Does live "outside" the EC2 - if traffic is blocked the EC2 instance won't see it. • If your application is not accessible (time out), then it's a security group issue. • If your application gives a "connection refused" error, then it's an application error or it's not launched. • All inbound traffic is blocked by default

Elastic IP

With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. • You can only have 5 Elastic IP in your account (you can ask AWS to increase that).

Note, try to avoid using Elastic IP because they often reflect poor architectural decisions. Instead, use a random public IP and register a DNS name to it Or, use a Load Balancer and don't use a public IP.

Types of Placement Groups:

Cluster Group: Same Rack, Same AZs. Packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of HPC applications.

Spread Group: Small group of instances across multiple AZs. Strictly places a small group of instances across distinct underlying hardware to reduce correlated failures.

Partition Group: Combination of the above. Spreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka.

ALB vs NLB vs CLB

Feature	Application Load Balancer	Network Load Balancer	Classic Load Balancer
Layer	Layer 7	Layer 4	Layer 4
Protocols	HTTP, HTTPS	TCP, TLS	TCP, SSL/TLS, HTTP, HTTPS
Platforms	VPC	VPC	EC2-Classic, VPC
Health checks	✔	✔	✔
CloudWatch metrics	✔	✔	✔
Logging	✔	✔	✔
Zonal fail-over	✔	✔	✔

Application Load Balancer

Web applications with L7 routing (HTTP/HTTPS)

Microservices architectures (e.g. Docker containers)

Lambda targets

Network Load Balancer

TCP and UDP based applications

Ultra-low latency

Static IP addresses

Gateway Load Balancer

Load balance virtual appliances such as:

Intrusion detection systems (IDS)

Intrusion prevention systems (IPS)

Next generation firewalls (NGFW)

Web application firewalls (WAF)

Distributed denial of service protection systems (DDoS)

Integrate with Auto Scaling groups for elasticity

Apply network monitoring and logging for analytics

S3

Versioning Objects in S3

Cannot Be Disabled: Once enabled, versioning cannot be disabled; it can only be suspended temporarily if needed.

All Versions: All versions of an object are stored in S3, including all writes and even if an object is deleted.

Lifecycle Rules: Versioning can be integrated with lifecycle rules, allowing you to automate the transition of object versions between different storage tiers.

Supports MFA: Versioning supports multi-factor authentication, adding an extra layer of security to protect your data.

S3 Lifecycle Management

Automates moving objects between different storage tiers.

Can be used in conjunction with versioning.

Can be applied to current versions and previous versions.

Auto Scaling

Dynamic Scaling Policies

Target Tracking Scaling • Most simple and easy to set up • Example: We want the average ASG CPU to stay at around 40%

Simple/Stepped Scaling

When a CloudWatch Alarm is triggered (ex: CPU > 70%), then add 2 units • When CloudWatch alarm is triggered (ex: CPU < 30%), then remove 1

Scheduled Actions

Anticipate a scaling based on known usage patterns • Ex: increase the min capacity to 10 at 5pm on Fridays

What is ECS?

ECS - Elastic Container Service • Launch Docker containers on AWS You must provision & maintain the infrastructure (the EC2 instances) • AWS takes care of starting/Stopping containers • You can integrate Application Load Balancer

What is Fargate?

Launch Docker containers on AWS • You do not provision & maintain the infrastructure (no EC2 instances) • Serverless offering • AWS just runs containers for you based on the CPU/RAM you need

ECS Task Definitions

Task Definitions are metadata in JSON format to tell ECS how to Run a Docker Container. It Contains Crucial Information like: • Image Name • Port Binding for Container and Host • Memory and CPU Required • Environment Variables • Networking Information • IAM Role • Logging Configurations (ex: CloudWatch) • Internet Gateway

ECS IAM Roles Deep Dive

EC2 Instance Profile:

Used by the ECS Agent

Make API Calls to ECS Service

Send Container Logs to CloudWatch Logs

Pull Docker Image from ECR

ECS Task Role:

Allow Each Task to Have a Specific Role

Use Different Roles for the Different ECS Services you Run

Task Role is Defined in the Task Definition

ECS Service:

ECS Services Help Define How Many Tasks Should Run and How They should be Run.

They Ensure that the Number of Tasks Desired is Running Across our Fleet of EC2 Instance.

They can be Linked to ELB / NLB / ALB if Needed

You Can Run Task Without ECS Services!

AWS Lamda

PROS	CONS
Less time spent maintaining infrastructure	Less flexibility and control
Built-in scalability	Not necessarily cheaper
Only pay for what you need	Potential cold starts
Integrates with other AWS services	ㅤ

Limitations:

Functions will timeout after 15 minutes.

The amount of RAM available ranges from 128MB to 3008MB with a 64MB increment between each option.

The Lambda code should not exceed 250mb in size, and the zipped version should be no larger than 50mb

There is a limit of 1,000 requests that can run concurrently, any request above this limit will be throttled and will need to wait for other functions to finish running.

Elastic Beanstalk

Deploy and Scale: Deploys and scales your web applications, including the web application server platform.

Programming Languages: Java, PHP, Python, Ruby, Go, Docker, .NET, Node.js.

Application Servers: Apache http Server, Tomcat, Passenger, Puma, Nginx, and IIS.

Provision AWS Resources: Provisions the AWS resources for you, e.g. EC2, RDS, S3, Elastic Load Balancers, Auto Scaling Groups, etc.

Systems Administration: OS and application server updates. Monitoring, metrics, and health checks are all included.

Administrative Control: Can fully manage the EC2 instances for you or you can take full administrative control.

RDS

ㅤ	RDS Multi-AZ	Read Replicas
Description	An exact copy of your production database in another Availability Zone.	A read-only copy of your primary database in the same AZ, cross-AZ, or cross-region.
Purpose	Used for DR (Disaster Recovery).	Used to increase or scale read performance.
Failover	In the event of a failure, RDS will automatically failover to the standby instance.	-
Workload Type	-	Great for read-heavy workloads and takes the load off your primary database for read-only workloads.
Example Use Case	-	Business Intelligence reporting jobs.

RDS Automated Backup

RDS provides automated backup features that include:

Point-In-Time Recovery: Recover your database to any point in time within a "retention period" of 1-35 days.

Full Daily Backup: RDS takes a full daily backup, or snapshot, and also stores transaction logs throughout the day.

The Recovery Process: When you perform a recovery, AWS will first choose the most recent daily backup. AWS then applies transaction logs relevant to that day, up to the recovery point.

RDS Snapshots:

Snapshots are not automated: DB Snapshots are performed manually, meaning they are initiated by the user.

No Retention Period: Manual snapshots are not deleted, even if the original RDS instance, along with any automated backups, is deleted.

Backup to a Known State: You have the ability to back up your DB instance to a known state as frequently as desired. This allows you to restore to a specific state at any given time.

Migration of Database from EC2 to RDS Database:


# ec2db is the current db 
# rdsdb is the RDS db which is created when RDS is configured.
# -p = password
# -P = port
mysqldump -u root -p ec2db > ec2db.sql
mysql -h <replace-rds-end-point-here> -P 3306 -u rdsuser -p rdsdb < ec2db.sql
mysql -h <replace-rds-end-point-here> -P 3306 -u rdsuser -p

# Commands to check the db if migrated properly 
USE rdsdb
SELECT * FROM table1;

Elastic Cache

In-Memory Cache (Key Value): ElastiCache facilitates the seamless deployment, operation, and scalability of an in-memory cache in the cloud.

Enhances Database Performance: It provides the capability to access data from swift in-memory caches rather than slower disk-based storage, thereby improving overall database performance.

Ideal for Read-Heavy Database Workloads: In-Memory Cache is particularly beneficial for caching the results of I/O-intensive database queries. Additionally, it proves valuable in storing session data for distributed applications.

2 Types of ElastiCache:

Memcached	Redis
Great for basic object caching.	A more sophisticated solution with enterprise features like persistence, replication, Multi-AZ, and failover.
Scales horizontally, but no persistence, Multi-AZ, or failover.	Supports sorting and ranking data (e.g., for gaming leaderboards), and complex data types like lists and hashes.
A good choice for simple caching needs.	ㅤ

Cognito

Sign-up and sign-in options for your apps.

Access for guest users.

Acts as an identity broker between you, eliminating the need for writing custom code.

Synchronizes user data across multiple devices.

Integration with social media authentication and web ID providers.

SQl vs NoSQL

Feature	SQL	NoSQL	Best Use Case
Data Structure	Structured	Unstructured	Well-defined, structured data with complex relationships
Query Language	SQL	Varies by database	Complex queries, joins, transactions, and reporting
Scalability	Vertical	Horizontal	Traditional scaling with vertical hardware resources
Schema	Fixed	Dynamic	Rigid, predefined schema, and data consistency requirements
Flexibility	Limited	High	Agile development, frequent schema changes, evolving needs
Performance	Optimized for complex queries and joins	Varies by database	High-speed data retrieval, real-time data analysis and high-throughput scenarios
Examples	MySQL, Oracle, Redshift, PostgreSQL, Oracle, SQL Server, and AWS Aurora	MongoDB, Redis, DynamoDB	E-commerce platforms, financial systems, content management systems, real-time analytics

Amazon Aurora

5x Performance: Amazon Aurora offers up to 5 times better performance compared to MySQL and 3 times better performance compared to PostgreSQL databases.

Lower Price Point: Despite the improved performance, Aurora is available at a much lower price point, making it a cost-effective choice for applications requiring high performance.

Similar Performance and Availability: While delivering enhanced performance, Aurora maintains similar levels of performance and availability as traditional relational databases, ensuring reliability and uptime for your applications.

Amazon DynamoDB

Amazon DynamoDB is a fully managed NoSQL database service designed to provide fast and flexible storage for various applications. It offers consistent, single-digit millisecond latency regardless of the scale of your application.

Key Features of DynamoDB:

NoSQL Database: DynamoDB supports both document and key-value data models, allowing you to store and retrieve data in a flexible manner.

Fully Managed: DynamoDB is a fully managed database service, meaning AWS handles administrative tasks such as hardware provisioning, setup, configuration, and maintenance, allowing you to focus on developing your applications.

Scalability: DynamoDB scales seamlessly to handle any amount of traffic and data, automatically adjusting its capacity to meet your application's needs. It can handle millions of requests per second and trillions of rows, making it suitable for applications with high traffic and demanding workloads.

Low Latency: With its optimized architecture, DynamoDB delivers consistent, single-digit millisecond latency, enabling fast read and write operations. This makes it well-suited for real-time applications and use cases that require rapid data access.

Versatility: DynamoDB is widely applicable and can be used for a variety of applications such as mobile, web, gaming, ad-tech, IoT, and more. Its flexible data model and reliable performance make it a suitable choice for diverse use cases.

Route53

Route 53 is AWS's Domain Name System (DNS) service. It serves as the DNS resolver for VPCs and typically operates on the IP address 169.254.169.253 within a VPC.

Route 53 performs three main functions:

Domain registration

DNS routing

Health checking.

Zones are utilized with DNS servers to store records related to a domain. Examples of top-level domains include amazon.com, example.com, and swas.in. Sub-domains, such as academy.amazon.com, are also common. Zones hold DNS record set information, including details about the authoritative name server for a particular domain name. Route 53 provides hosted zones, which act as containers for DNS records. Each zone includes information about the IP address to which a domain name resolves and the mail server to which email should be forwarded.

AWS offers two types of hosted zones:

Public hosted zones, which hold records specifying how to route internet-based traffic.

Private hosted zones, which hold records specifying how to route traffic within a VPC.