AWS Fundamentals

 AWS Eventbridge AWS EventBridge -  Extention of CloudWatch => Events Event buses types -  Default event bus - events from AWS services are sent to this Partner event bus - receive events from external SaaS Application Custom event bus - for your own application Event rules - how to processs the events  Event buses support cross-account access Cron Jobs - when creating an EB rule, we can select "schedule" instead of event pattern to trigger an event based on a cron expression Can archieve events (all or based on a filter ) sent to an event bus to replay later  EventBridge is recommended for decoupling application that reacts to events from third-party SaaS applications   Schema Registry -  Defines how the data is structured in the event bus  Schema can be versioned  Event Bus Policy -  Manage permission for an event  Useful to allow or deny events from another AWS account or region

 AWS Kinesis AWS Kinesis -  Real-time data steaming service  Used in digest data in real time directly from source  Capacity Modes -  Provisioned - Publishing - 1mb/s per shard or 1000 msg/s per shard  Consuming -  2mb/s per shard (throughput shared between all consumer) Enhanced Fanout - 2mb/s per shard consumer (dedicated throughput for each consumer ) Throughput scales with shards (manual scaling) Pay per shard provisioned per hour  On-demand -  No need to provision or manage the capacity  Default capacity provisioned - 4mb/s or 4000 record/s Scales automatically based on observed throughput peak during the last 30 days  Pay per stream per hour and data in/out per GB g Not serverless Data retention: 1day (default) to 365 days A record consist of a partition key ( used to partition data coming from multiple publisher) and data blob (max 1mb) Record will be ordered in each shard  Producers SDK, kinesis producer library (KPL), ...

 AWS SNS AWS SNS -  Used to broadcast messages Pub-sub model (publisher publishes messages to a topic, subscribers listen to the topic) Instant message delivery (does not queue messages) Encryption -  In-flight encyption by default using HTTPS API At-rest encyption using KMS keys Client-side encryption Access Management -  IAM policies to regulate access to the SNS API SNS Access Policies (resource based policies) Used for cross-account access to SNS topic Used for allowing other AWS services to publish to an SNS topic  Standard Topics -  Highest throughput  At least once message delivery  Best effort ordering  Subscibers can be - SQS queues HTTP/HTTPS endpoints Lamda function Emails (using SNS) SMS and mobile notification Kinesis Data Firehouse to send the data into S3 or Redshift Fifo Topics -  Guaranteed  ordering of messages in that topic  Publishing messages to a fifo topic reqiures -  Group ID - messages will be orde...

 AWS SQS AWS SQS -  Used to asychronously decouple application  Suppports multiple producers and consumers  The consumer polls the queue for messages. Once a consumer processes a messages, it deletes it from the queue using DeleteMessage API Unlimited number of messages in queue Max 10 messages recieved per batch (configured using MaxNumberOfMessages parameter in the ReceiveMessage API) Max message size - 256kb  Consumers could be EC2 instances or Lamda function SQS cannot ingest data, it must be sent to the queue by the producer (use kinesis - kinesis data stream kds instead) Queue Types -  Standard queue -  Unlimited throughput (publish any number of message per second into the queue) Low latency (<10 ms on publish and recieve) Can have duplicate messages (at least once delivery) Can have out of order messages (best effort ording) Fifo queue - Limited throughput -  300 msg/s without batching (batch size=1) 3000 msg/s withour batching (batch s...

 AWS Config AWS Config -  Regional service Can aggregated across regions and accounts Record Configuration changes over time Evaluate compliance of resources using config rules Does not prevent non-complaint actions from happening  Evaluate config rules -  For each config changes  At regular time intervals Can make custom config rules (must be define in lamda function) such as -  Check if EBS disk is of type gp2  Check if each Ec2 instance is t2.micro Can be used along with CloudTrail to get timeline of changes in configuration and complaince overtime Integrates with EventBridge or SNS to trigger notifications when AWS resources are non-compliant Remediation -    Automate remediation of non-compliant resources using SSM automation documents  You can set remediation retries if the resource is still non-complaint For Ex- If IAm access keys expires (non-compliant), trigger an auto-remediation action to revoke unused IAM user credentials...

 AWS CloudTrail AWS CloudTrail -  AWS CloudTrail is a web service that records activity made on your account  A cloudtrail trail can be treated which delivers log files to an S3 bucket CloutTrail is about logging and saves a history of API calls for your AWS account Provides governance, compliance, and operational and auditing of your AWS account  Enabled by default Records the API calls made within the AWS account  Event Retention- 90days CloudTrail logs up to the last 90 days can be analyzed in Cloudtrail console. Older logs should be present in S3 and can be analyzed using athena modification to logs files can be Detected by enabling Log File Validation on the logging bucket  Event Types -  Managment Events -  Events of operation that modifies AWS resources like creating IAM user, deleting subnet  Enabled by default  Can saperate read events from write events  Data Events -  Events of operation that modify data like Lamda fu...

 AWS CloudWatch AWS CloudWatch -  AWS CloudWatch is a monitoring service for AWS cloud resources and the application you run on AWS CloudWatch is is to collect and track metrics, collect and monitor log files, and set alarms CloudWatch alarms monitor metrics and can be configured to automatically initiate actions CloudWatch logs centralizes logs from systems, applications, and AWS Services CloudWatch events delivers a stream of system events that describe and changes in AWS resources CloudWatch is serverless performance monitoring service  CloudWatch integrates with AWS IAM Metrics -  Metrics are the fundamental concept in CloudWatch  A metrics represents a time-ordered set of data points that are published  Up to 30 dimensions per metrics Dimension in an attribute to the metrics Metrics exist within a region Metrics cannot be deleted but automatically expire after 15 months Custom Metrics -  You can publish your own metrics to CloudWatch using the AWS...

 AWS API Gateway AWS API Gateway -  Enables developers to create, publish, maintain, monitoring, and secure APIs at any scale Allows creating, deploying and managing a restful api to to expose backend HTTP endpoints, lamda functions or other AWS services  Together with lamda, API Gateway forms the app facing part of the AWS Serverless Infrastructure Features -  API Gateway can execute Lamda code in your account,start step function state machines, or make calls to elastic beanstalk, EC2, or web services outside of AWS with publically acceessible HTTP endpoints  API Gateway helps you define plans that meter and restric third party developer access to your API  API Gateway helps you to manage traffic to your backend systems by allowing you to set throttling rules based on the number of requests per sec for each HTTP method in your API  You can set up a cache with a customaizable keys and time-to-live in sec for your API data to avoid hitting your backend ...

 AWS Lambda AWS Lambda - AWS Lamda let you run a code as functions without provisioning or managing servers Lamda based applications are composed of functions triggered by events With serverless computing your application still run on servers but all the server management is done by AWS You cannot log into compute instances that run lamda function or customize the operating system or language runtime Features of AWS Lamda -  Auto Scaling and High Availability -  AWS lamda will make sure that your application was highly available to the end users when there is sudden incoming traffic. Highly available can be achieved by scaling the application  Serverless Execution - there is no need for provisioning the servers manually in AWS. AWS will lamda will provision the underlying infrastructure based on the triggers you are mentioned whenevr a new file is uploaded to a particular then AWS lamda will automatically trigger and takes care of the infastructure Pay-Per-Use-Pricin...

 AWS Global Accelerator AWS Global Accelerator -  AWS Global Accelerator is service that improves availability and performance of application with local or global users It provides a static IP addresses that act as fix entry point to appication end points in single or multiple AWS regions such as  ALB, NLB or EC2 Uses the AWS Global Network to optimize the path from users to application, improving the performance of TCP and UDP traffic AWS GA continuously monitor the health of the application endpoints and will detect an unhealthy endpoint and redirect the traffic to healthy endpoint within 1min  Benefits and Details of AWS GA -  Uses Redundant (two) static anycast IP  addresses in different network zones The redundant pair are globally advertised Uses AWS Edge Location - addresses are announced from multiple edge location at the same time Addresses are regional AWS resources or endpoints AWS GAs IP addresses serve as the frontend interface of applications ...

 AWS CloudFront AWS CloudFront -  AWS Content Delivery Network (CDN) service that delivers data, videos, applications, and APIs to users globally with low latency and high transfer speeds 216 points of presence globally (edge location) Integrates with other AWS services products to give developers and businesses easy way to distribute contents to end-users with low latency, high data transfer speed and no minimum usage commitments DDOS protection, integration with shield, AWS WAF (Web Application Firewall) Content Delivery Security -  CloudFront can distribute content securely over SSL/TLS by creating an HTTPS or WebSocket SSL/TLS connection with the viewer  Supports HTTP/2, WebSocket, and all versions SSL/TLS  Provides multiple SSL/TLS certificates to enhance security using server name indication (SNI) CloudFront Origins -  CloudFront can fetch content from various AWS resources like S3 bucket, ELB or EC2 S3 Bucket -  For distributing files and cachin...

  AWS Transit Gateway Transit Gateway -  Transitive peering between thousands of VPCs and on-premise data centers using hub and spoke (star) topology  Works with Direct Connect Gateway, VPN connection and VPC  Bound to region  Transitive peering between VPCs in same region and account  Route tables to control communication within the transitive network  Supports IP multicast (not supported by any other AWS service) Increasing BW of Site-To-Site Connection -   ECMP (equal-cost-multi-path) routing is a routing strategy to allow to forward a packet over multiple best path  To increase the bandwidth of the connection between transit gateway and corporate data centre, create multiple site-to-site VPN, each with 2 tunnels (2 x 1.25 = 2.5Gbps per VPN Connection) Only one VPN connection to a VPC having to tunnels out of which only 1 is used (1.25Gbps) Share DX Between Multiple Accounts -  Share Transit Gateway across account using Resource ...

 Virtual Private Cloud (VPC) What is VPC ? Amazon VPC lets you create a logically isolated section of the AWS cloud where you can launch AWS service in the vitual network which you defined VPC is a regional resource Soft limit of 5 VPC per region Subnet are AZ specific IP Adresses And CIDR Notation -  What is IP ? - Unique string of numbers assigned to a computer using the internet protocol to communicate over a network IPv4 Address -  The internet protocol addresses are 32 bits in length,this gives us a maximum of 2^32 addresses. This addresses reffered as IPv4 notation Binary Notation - In binary notation, the IPv4 address is displayed as 32 bits. Each octate is often referred to as a byte. So it is common to hear on IPv4 address referred to as 32 bits address or a 4 byte address. Ex - 00000001 00000001 00000001 00000001  Dotted Decimal Notation - To make the IPv4 address more compact and easier to read, internet addresses are usally written in decimal form. E...