Scribd Logo
Carica

Benvenuto in Scribd!

  • Aws Day 1

    Caricato da

    dipaksingh1980
    70 visualizzazioni6 pagine
    This document provides an overview of cloud computing concepts including infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), public clouds, private clouds, hybrid clouds, Amazon Web Services (AWS), virtual private clouds (VPCs), Elastic Compute Cloud (EC2), identity and access management (IAM), and security groups. Key points covered include on-demand provisioning of IT resources over the internet, benefits of cloud computing like scalability and flexibility, and AWS services like EC2, S3, and Lambda.

    Descrizione originale:

    AWS Day1

    Copyright

    © © All Rights Reserved

    Formati disponibili

    TXT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    This document provides an overview of cloud computing concepts including infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), public clouds, private clouds, hybrid clouds, Amazon Web Services (AWS), virtual private clouds (VPCs), Elastic Compute Cloud (EC2), identity and access management (IAM), and security groups. Key points covered include on-demand provisioning of IT resources over the internet, benefits of cloud computing like scalability and flexibility, and AWS services like EC2, S3, and Lambda.

    Copyright:

    © All Rights Reserved
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    70 visualizzazioni6 pagine

    Aws Day 1

    Caricato da

    dipaksingh1980
    This document provides an overview of cloud computing concepts including infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), public clouds, private clouds, hybrid clouds, Amazon Web Services (AWS), virtual private clouds (VPCs), Elastic Compute Cloud (EC2), identity and access management (IAM), and security groups. Key points covered include on-demand provisioning of IT resources over the internet, benefits of cloud computing like scalability and flexibility, and AWS services like EC2, S3, and Lambda.

    Copyright:

    © All Rights Reserved
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 6

    i have treid but i am not sure how i can give only a single VM to a user and ask

    them to use.. whats the policy do we need to assiogn please let me know Sonal
    Can two different AWS account services communicate with each other. If yes, please
    show us a demo
    Cloud Computing
    ---------------------
    On demand provisioning of IT resources over the internet

    IT resources
    ---------------
    servers
    storage
    hubs
    network
    database
    appln
    load balancer
    whatever reqd to setup a datacenter --> IT resources

    what is a datacenter?
    --> collection of physical & logical/virtual IT resources , appl , database, OS,
    data.
    --> collection of s/w & H/w
    --> on-prem

    AWS --> public cloud provider

    benefits of CC
    ---------------------
    1) security
    2) scalability
    3) cost effective
    pay -as -you-go model
    4)flexibitlity
    5) no upfront investment --> no capex only opex
    6) no capacity planning --> saves loy of time
    7) zero maintainance --> managed services --> ex:-lambda , beanstalk,RDS

    forms of CC
    ----------------

    cloud keyword is used in both private and public forms because of its always
    avaialble. Private is for own use and public is for shared use.

    1)Public --> all the IT resources are sitting in the public cloud provider
    premises. ex: - AWS , Azure
    -->resources are shared across the customers
    --> managed by public cloud provider
    --> security of physical infra is the responsibility of public cloud provider
    --> IT resources are publicly available
    2)Private --> Private cloud is using client's infrastructure but providing cloud
    services within client's prem, recommended for sensitive data security technology.
    --> all the IT infra in on-prem
    --> nonshared model
    --> we managed server from our end, each services and components has to be managed
    from our end
    --> IT resources hosted in your own datacenter are not publicly available
    3)Hybrid --> public + private
    4) multicloud --> AWS+AZURE+google cloud

    Models of CC
    ----------------
    1) IAAS --> h/w+OS --> system admin
    ex:- AWS EC2,s3
    2)PAAS --> used by developers , ex: - RDS, lambda, beanstalk
    3)SAAS --> readymade product, used by endusers
    ex:-- workdoc,workmail,workspace

    1) estimate my req
    2) budget
    3) space for parking
    4) driving , driver

    5) petrol
    6)maintainance
    7) tax
    8) insurance
    9)driver

    EC2
    ------
    purchasing options
    1) On-demand
    2)Reserved
    3)Spot

    IAM
    --------
    --> global service
    --> free

    best practice
    --------------
    first user --> AWS --> providing mail-id --> root a/c
    IAM users --> EC2admin, s3admin, dbadmin, VPCadmin,IAMadmin

    1)IAM Users --> additional identities


    EC2admin <-- EC2 service (by attaching a policy--> EC2 full access)
    s3admin <--- s3 service (s3 full access)
    Admin<-- administrator full access

    2)Groups --> create a group to provide similar permission for multiple users
    attach a policy--> EC2 full access,s3read access --> EC2admingroup <--EC2admin1,
    Ec2admin2,....EC2admin100, admin1
    IAM users --> EC2admin1, Ec2admin2,....EC2admin100

    3)Policy --> std policies --> predefined authorization ,, 200+ predefined policies
    attach--> user, group, role
    --> user can create own custom policy
    4)Role --> temp in nature
    --> roles can be assumed by service, appl, federated users
    service --> talk --> service
    ex:--> Ec2(VM) --> role--> s3(storage)

    federated users --> external identities that you use to access AWS services
    1)corporate DC (corporate identity federation) --> microsoft AD/LDAP -->100+ user
    credentials
    2)web identity federation --> web(fb,google,amazon)

    SSO--> single sign on

    1)join --> new role is defined


    or
    2)you join under a role
    org/company/managemn
    ex: -- Manager --> IBM
    Manager --> infosys

    MFA
    --------
    google authenticator

    https://docs.aws.amazon.com/cli/latest/userguide/install-macos.html

    VPC
    -------
    --> virtual n/w that you create across your resources in AWS cloud
    --> isolating the resources from the public cloud
    --> custome VPC --> more control on the VPC components & security features
    --> regional service

    every AWS account -->unique default VPC --> unique for every region & every account

    CIDR(class-less interdomain routing)


    ------------------------------------------
    ipadresses -> every host requires a unique Ipaddress
    CIDR supported range --> /16 -- /28

    ipv4 --> 32-bit


    -------------
    192.168.1.1

    ipv6--> 128-bit

    x.x.x.x/16 -- x.x.x.x/28

    10.0.0.0/16 , 32-16=16, 2^16=65536 ipaddress


    10.0.0.0/20, 32-20=12,2^12=4096 ipaddress
    10.0.0.0/24, 32-24=8,2^8=256 ipaddress
    10.0.0.0/28, 32-28=4, 2^4=16 ipaddress
    Reverved Ips --> 5 ips--> subnet
    --------------------------------
    10.0.0.0 --> network address
    10.0.0.1 --> VPC router
    10.0.0.2 --> DNS server
    10.0.0.3 --> future use
    10.0.0.255 --> n/w broadcast address

    ONe IG --> ONe VPC

    Topics
    -------
    AWS overview
    2nd topic
    IAM
    Cloudtrail
    AWS CLI
    VPc --> demo done --> vpc,subnet,RT,IG
    remaining part of VPC --> to be continued in next session

    can u plz explain again why we should create two subsets in different AZs? creating
    private and public subnets in same AZs will have high speed connectivity between
    these two subnets.

    vi privkey.pem
    chmod 400 privkey.pem
    ssh -i privkey.pem ec2-user@10.0.2.170

    SG & NACL
    -------------
    1) SG
    --> virtual firewall across the instance
    --> only has allow rules (ex: - SSH,HTTP)
    --> stateful (inbound allowing --> outbound allowed)

    2) NACL
    --> virtual firewall across subnet
    --> stateless
    --> can allow & deny rules
    --> one subnet --> only one ACL
    --> one NACL -->can be used by multiple subnets

    EC2(Elastic compute cloud)


    -----------------------------------
    --> VM/VS/instance
    --> 750hr/month of Ec2 is free
    --> configuration --> CPU , MEm, Internal storage, CPU core, Network, Cache <--
    instance type <---instance family (e:g :- CPU optimized, Memory opti
    --> OS <--- preinstalled OS image <--- AMI (Amazon machine image)

    AMI (Amazon machine image) --> template


    -->standard AMIs
    -->preinstalled OS image (e:g :- windows & linux)
    --> preinstalled packages & package repository
    -->launch permission
    --> storage attached --> backed by EBS volume or instance store(ephemeral)
    --> custom AMI

    EBS & instance store


    -------------------------
    EBS
    -------
    AMI --> backed by EBS volume --> any instance you launch by using this AMI --> will
    also be backed by EBS volume
    --> persistent
    --> similar to internal hard disk
    --> instance state --> running , stop, terminated
    --> upto 30GB --> free tier
    --> EBS types --> SSD & HDD

    instance store
    ---------------
    AMI --> backed by instance store --> any instance you launch by using this AMI -->
    will also be backed by instance store
    --> volatile
    --> similar to RAM in behavior
    --> instance state --> running or terminated
    --> performance is good

    Virtualization
    -----------------
    HVM & para

    Amzon recommends --> EBS & HVM

    EC2
    ------
    purchasing options
    1) On-demand --> pay-as-you-go
    2) Reserved --> reserving in advance to optimize the cost, upto 75% cost benefit,
    1 yr or 3 yr
    pymt model --> all upfront, partial upfront , no upfront
    3)Spot --> unused resources amazon put on auction & customer can bid for the spot
    instance
    --> spot instance will be interrupted as your bid price goes low with short notice
    of 2 mins
    --> dev & test enviromment
    --> mixed environment (behind LB --> On-demand, reserved, spot)
    --> spot block --> reserving spot instance for certain duration (e:g -: reserve the
    spot instance betn 9Am & 1pm)

    5thjan.pem --> putty keygen--> .ppk


    The appropriate user names are as follows:

    For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user.

    For a Centos AMI, the user name is centos.

    For a Debian AMI, the user name is admin or root.

    For a Fedora AMI, the user name is ec2-user or fedora.

    For a RHEL AMI, the user name is ec2-user or root.

    For a SUSE AMI, the user name is ec2-user or root.

    For an Ubuntu AMI, the user name is ubuntu.

    Otherwise, if ec2-user and root don't work, check with the AMI provider.

    Custom AMI
    ----------------

    std AMI --> launch an instance --> customize the instance(e:g- configure Apache
    webserver on linux) --> create an image(Golden image) --> launch a new server

    yum install httpd -y


    cd /var/www/html/
    service httpd start
    chkconfig httpd on

    EBS snapshot
    ------------------
    root EBS volume --> create snapshot -->create an image from snapshot--> use image--
    > launch an instance

    Potrebbero piacerti anche