Wajid.Pro
Wajid.Pro
AboutContact
Fundamentals

Fundamentals

Asymmetric encryption
Imagine Alice wants to send a secret message to Bob using asymmetric encryption.
  1. Key Generation: Alice and Bob each generate a pair of keys: a public key and a private key.
  1. Public and Private Keys: Alice shares her public key with Bob, and Bob shares his public key with Alice. They keep their private keys secret.
  1. Encryption: Alice wants to send a message to Bob. She encrypts the message using Bob's public key. Only Bob's private key can decrypt this message.
  1. Decryption: Bob receives the encrypted message from Alice. He uses his private key to decrypt the message and read its contents. Since Bob's private key is secret and only known to him, only he can decrypt messages encrypted with his public key.
This ensures that only Bob can read the message, even though Alice sent it. Asymmetric encryption allows secure communication without the need for both parties to share a secret key.
DNS
DNS is the system that translates human-readable domainnames to IP addresses.
  1. Client request Domain > Check Browser and OS Cache.
  1. DNS Resolver > Check Resolver Cache > Root NS > TLD (Top Level Domain) NS > Authoritative NS > IP
SSH
3-Tier Architecture
notion image
1. Infrastructure as Code (IaC) with Terraform
  • To ensure consistent, repeatable, and scalable deployments across regions, I would manage the entire infrastructure using Terraform.
  • I’d define the VPC, subnets (public/private), internet gateways, route tables, and security groups for networking. I would also configure the infrastructure in multiple AWS regions for global reach.
2. Multi-Region Deployment for Global Accessibility
  • I’d leverage AWS services such as Route 53 for global DNS routing, enabling geo-location based routing to direct users to the closest region. This improves latency and ensures high availability.
  • Amazon CloudFront (CDN) would be used to distribute static and dynamic content globally with low latency.
  • I’d deploy the application across multiple AWS regions using Elastic Load Balancers (ELB), Auto Scaling Groups, and Amazon ECS or EKS for container orchestration, to ensure fault tolerance and scalability.
3. High Availability and Disaster Recovery
  • I’d use a combination of Multi-AZ RDS (MySQL/Postgres) for relational data and Amazon DynamoDB for NoSQL data to ensure high availability and durability.
  • For disaster recovery, I’d implement Cross-Region Replication for S3 buckets, DynamoDB global tables, and read replicas for RDS.
  • Additionally, I would set up automated backups, snapshots, and use AWS Backup for comprehensive disaster recovery across all resources.
4. Microservices Architecture and CI/CD
  • The application would be designed with a microservices architecture, with each service independently deployable and scalable. I’d deploy services in EKS (Kubernetes) or Fargate with API Gateway and Lambda for serverless components.
  • For CI/CD, I’d use Jenkins or AWS CodePipeline to automate the deployment process. The pipeline would cover building, testing, and deploying containers or Lambda functions into multiple environments (dev, staging, production).
5. Database and Caching
  • For optimized performance, I’d use Aurora Global Databases for low-latency cross-region read operations and Amazon ElastiCache (Redis) for caching frequent queries and reducing the load on databases.
  • Additionally, I’d implement DynamoDB Accelerator (DAX) for faster access to NoSQL data.
6. Security and Compliance
  • IAM roles and policies would be enforced following the principle of least privilege.
  • VPC Peering or Transit Gateway would be configured for secure communication between services.
  • For application-level security, WAF (Web Application Firewall) would protect against common vulnerabilities such as SQL injection or XSS attacks.
  • AWS Shield and AWS GuardDuty would be used for DDoS protection and continuous threat monitoring.
  • I’d ensure compliance with GDPR, CCPA, and other international standards by using services like Amazon Macie and AWS CloudTrail to audit data and activities.
7. Observability and Monitoring
  • Amazon CloudWatch and Prometheus/Grafana would be used for monitoring performance, application health, and alerting on key metrics.
  • AWS X-Ray would be used to trace requests and pinpoint performance bottlenecks across the microservices architecture.
  • For log aggregation and analysis, I’d leverage AWS CloudWatch Logs or Elasticsearch/Kibana (ELK Stack).
8. Cost Optimization
  • To keep the infrastructure cost-effective, I’d use Savings Plans and Reserved Instances for EC2 and RDS.
  • I’d implement Auto Scaling to dynamically scale resources based on traffic, ensuring efficient usage.
  • S3 Intelligent-Tiering and Lifecycle Policies would be used to manage the storage cost.