AWS: Difference between revisions

Latest revision as of 20:48, 11 February 2022

General[edit]

Amazon Web Services (AWS) Amazon Resource Name (ARN)

Regions and Availability Zones[edit]

Amazon cloud computing resources are hosted in multiple locations world-wide. These locations are composed of AWS Regions and Availability Zones. Each AWS Region is a separate geographic area. Each AWS Region has multiple, isolated locations known as Availability Zones. An Availability Zone is a logical data center in a region available for use by any AWS customer. Each zone in a region has redundant and separate power, networking and connectivity to reduce the likelihood of two zones failing simultaneously. A common misconception is that a single zone equals a single data center.

IP and DNS[edit]

after start of an instance it gets a new public IP and DNS name
to avoid dynamic IPs and DNS names you can use an Elastic IP Address. It is free if it is assigned to a running instance, otherwise it costs about 1 cent per hour.

Security Groups[edit]

Security groups act as a firewall for associated instances,

User[edit]

for new instances there is a default user name (see here)
for Ubuntu it is 'ubuntu'

Identity & Access Management (IAM)[edit]

IAM is a global service and automatically available across all regions.

IAM User: is a unique identifier generated by the IAM service. It can be a person, system, application. Roles and policies control the scope (permissions) of a user.
IAM Group: collects IAM users with the same level of permissions
IAM Role: set of policies to access AWS services. You can either assign a role to an IAM user or AWS service.
IAM policy: an access control policy is a JSON file thet defines the resource to grant access, level of access and allowed actions.

A Trust relationship defines a relationship between a trusting account and other AWS trusted accounts. The trusting account owns the resource to be accessed.

Command Line Interface[edit]

installation see here
the AWS access key is a combination of an Access Key ID and a Secret Access Key.
find out account data by

aws sts get-caller-identity

Web Services[edit]

AWS CloudFormation[edit]

CloudFormation is a tool for creating, managing, configuring, and deploying cloud resources. Like any other AWS service, CloudFormation can be used via either the CLI or web-console. The (JSON or YAML) script file is also called the CloudFormation template. This collection of resources that get created using a single script, is considered a one-logical entity called a stack. It means you can create, update, or delete a stack in just a single command.

Amazon Elastic Block Storage (ABS)[edit]

Amazon Elastic Block Store (Amazon EBS) is an easy-to-use, scalable, high-performance block-storage service designed for Amazon Elastic Compute Cloud (Amazon EC2).

Amazon Elastic Compute Cloud (Amazon EC2)[edit]

Instance: Instances marked with a t are used for testing, the m (memory-intensive) types can be used for processing larger databases or installing single servers. The large capacity c (CPU-intensive) Instances are recommended for e.g. hosting Magento stores.
- Amazon Machine Image (AMI)
  - Instance Types
    - t2.micro (free)

Key Pairs[edit]

are generated, private key (*.pem file) has to be downloaded (which is only be possible once, because it is not stored by AWS) and used for connecting to the server
PuTTY doesn't natively support the private key format (.pem) generated by Amazon EC2. You must convert your private key into a .ppk file before you can connect to your instance using PuTTY. You can use the PuTTYgen tool for this conversion.

Amazon Machine Image (AMI)[edit]

Community AMIs: Whenever you create an AMI, you can add permissions to it to make it public. In that case, it goes to "community AMIs". These are AMIs that comes from AWS users, and are not verified by AWS
AWS Maketplace: this is a whole service at AWS, and all AMIs here are verified by AWS. It is basically used for software vendors to sell their products through AWS. The customers will be billed by AWS only, but then AWS will pay the AMI owner in return.

Amazon Elastic Kubernetes Service (EKS)[edit]

Amazon RDS[edit]

create, manage and scale an Amazon Relational Database Service like MySQL

Amazon Simple Storage Service (Amazon S3)[edit]

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. An Amazon S3 bucket is a public cloud storage resource. An S3 customer first creates a bucket in the AWS region of his or her choice and gives it a globally unique name. AWS recommends that customers choose regions geographically close to them to reduce latency and costs. Once the bucket has been created, the user then selects a tier for the data, with different S3 tiers having different levels of redundancy, prices and accessibility.

@@ Line 1: / Line 1: @@
 ==General==
 Amazon Web Services (AWS)
+Amazon Resource Name (ARN)
 ===Regions and Availability Zones===
 Amazon cloud computing resources are hosted in multiple locations world-wide. These locations are composed of AWS Regions and Availability Zones. Each AWS '''Region''' is a separate geographic area. Each AWS Region has multiple, isolated locations known as Availability Zones. An '''Availability Zone''' is a logical data center in a region available for use by any AWS customer. Each zone in a region has redundant and separate power, networking and connectivity to reduce the likelihood of two zones failing simultaneously. A common misconception is that a single zone equals a single data center.
@@ Line 22: / Line 24: @@
 * IAM Role: set of policies to access AWS services. You can either assign a role to an IAM user or AWS service.
 * IAM policy: an access control policy is a JSON file thet defines the resource to grant access, level of access and allowed actions.
+A Trust relationship defines a relationship between a '''trusting account''' and other AWS trusted accounts. The trusting account owns the resource to be accessed.
 ===Command Line Interface===
 * installation see [[EDTLaptop1#AWS_Command_Line_Interface_.28AWS_CLI.29|here]]
 * the AWS access key is a combination of an Access Key ID and a Secret Access Key.
+* find out account data by
+ aws sts get-caller-identity
 ===Web Services===
+====AWS CloudFormation====
+CloudFormation is a tool for creating, managing, configuring, and deploying cloud resources. Like any other AWS service, CloudFormation can be used via either the CLI or web-console. The (JSON or YAML) script file is also called the '''CloudFormation template'''. This collection of resources that get created using a single script, is considered a one-logical entity called a '''stack'''. It means you can create, update, or delete a stack in just a single command.
 ====Amazon Elastic Block Storage (ABS)====
@@ Line 52: / Line 61: @@
 ====Amazon Simple Storage Service (Amazon S3)====
-Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. An Amazon S3 '''bucket''' is a public cloud storage resource.
+Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. An Amazon S3 '''bucket''' is a public cloud storage resource. An S3 customer first creates a bucket in the AWS region of his or her choice and gives it a globally unique name. AWS recommends that customers choose regions geographically close to them to reduce latency and costs. Once the bucket has been created, the user then selects a tier for the data, with different S3 tiers having different levels of redundancy, prices and accessibility.
+====Amazon Virtual Private Cloud (Amazon VPC)====