Skip to content

AWS Tech Essentials – Random Notes

  • Regions encapsulate 1+N availability zones (AZ’s)
  • AZ’s have any number of servers
  • AWS vs Amazon (naming) – AWS have dependent services / Amazon are stand alone
  • Tip: update new images (they are snapshots)  – this is strongly recommended
  • Tip: Bitnami offers WordPress and other pre-backed images
  • FYI – Images in AWS are called AMI – Amazon machine images
  • Tip: White-list RPD/SSH to personal IP address or get PWN’d
  • S3 buckets have default 5gb free space
  • Windows is billed per hour / Linux is per second
  • WARNING: Each time you STOP and instance it resets your billing – 3 stops in 15 minutes == 3 hours of  billing for a window instance – Its better to restart the machine (i.e for updates)
  • You are billed for what you allocate- not what you use – i.e 64TB disk allocated 1mb used – you are billed for the lot
  • You can programmatically retrieve instance metadata by navigating to http://169.254.169.254/latest/meta-data.
  • User Data are scripts that get run when the instances start up for the first time (bash on Linux / PowerShell on windows)
  • Reserved are cheaper than On-demand – BUT they required commitment
  • Within a VPC you configure a CIDR ip address range i.e 10.0.0.0/16
  • Subnets are a range of ips
  • You can have public and private subnets
  • Public subnets have internet gateways
  • You configure NAT router to talk between private/public subnets
  • Look at VPC pairing for DR across regions – Tip: CIDR range should not overlap on paired VPC’s
  • AWS can store all versions of a document in S3 buckets
  • AWS glacier is cold storage for stuff you don’t access often (3 to 5 hour fetch time)
  • Every time an instance is stopped it gets moved to another physical host
  • For authentication you can federate with existing AD instance
  • Don’t use root account  – it can do everything – create a new account and control its access
  • Some AWS IAM best practice :
  1. Delete root access keys
  2. Create individual IAM users
  3. Grant least privilege
  4. Use Groups
  5. Monitor activity – CloudTrail
  • Classic (layer 4) VS Application Load Balancer (layer 7) – Application LB are more advanced with rule based routing. Classic is simple register and go.
  • Handle load with auto scale groups – fed by cloud watch metrics.

Categories

Uncategorized

Tags

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: