AWS Concepts ¶
Availability Zone¶
An Availability Zone is a single data center or a group of data centers within a Region. Availability Zones are located tens of miles apart from each other. This is close enough to have low latency (the time between when content requested and received) between Availability Zones. However, if a disaster occurs in one part of the Region, they are distant enough to reduce the chance that multiple Availability Zones are affected.
Bastion Host¶
A bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example, a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened
In AWS, a bastion host is a server whose purpose is to provide access to a private network from an external network, such as the Internet. Because of its exposure to potential attacks, a bastion host must minimize the chances of penetration.
For users to talk to a private instance, we place a bastion host in a public subnet that is connected to the instance in a private subnet
Pre Signed URL π¶
Info
A user who does not have AWS credentials or permission to access an S3 object can be granted temporary access by using a pre-signed URL
A pre-signed URL is generated by an AWS user who has access to the object. The generated URL is then given to the unauthorized user. The pre-signed URL can be entered in a browser or used by a program or HTML webpage. The credentials used by the pre-signed URL are those of the AWS user who generated the URL
Dedicated instances¶
Instances run on hardware that is dedicated to a host.
Dedicated Host¶
In this case, the whole server is dedicated to a particular host. It is used in case, where a company has a security policy.
VPC peering¶
TLDR
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network.
You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering connection). This allows VPC resources including EC2 instances, Amazon RDS databases, and Lambda functions that run in different AWS Regions to communicate with each other using private IP addresses, without requiring gateways, VPN connections, or separate network appliances. The traffic remains in the private IP space.Β All inter-region traffic is encrypted with no single point of failure, or bandwidth bottleneck.Β
A VPC peering connection is a one to one relationship between two VPCs. You can create multiple VPC peering connections for each VPC that you own, but transitive peering relationships are not supported.
NAT Gateway¶
- NAT gateway is a managed NAT service.
- We create
NAT instancein a public subnet so that it can talk to the internet.
Lift and shift¶
Lift and shiftis a strategy for migrating a workload to the cloud without redesigning the application or making code changes.- It is also called as
rehosting.
APN¶
The AWS Partner Network (APN) is a global community that leverages AWS technologies, programs, expertise, and tools to build solutions and services for customers. The APN has more than 130,000 partners from over 200 countries, with 70% headquartered outside of the United States. *As of October 2023.
CSP: Cloud Service Provider like AWS, Azure
MSP: Managed Service Provider like CloudReach or CloudOps
The AWS Cloud Adoption Framework (AWS CAF) identifies common cloud migration activities and best practices to optimize your migrations and cloud adoption outcomes.
The AWS Cloud Adoption Readiness Tool (CART) helps customers develop efficient and effective plans for cloud adoption and enterprise cloud migrations