Rai Notes

AWS

2 min read

AWS Certified Developer - Associate

AWS Certified Solutions Architect - Associate

IAM

  • users and user groups
  • roles - credentials provided by a Role are temporary and automatically rotated by AWS.
  • policies - like permissions

Glue

Lambda

Step Functions

SQS

  • pull (consumers poll for messages)
  • 1 to 1

SNS

  • fan-out (messages are pushed to subscribers)
  • 1 to many

VPC

  • for a region e.g. eu-west-1
  • one or more subnets in each availability zone
  • Each subnet has a route table associated with it that tells network traffic where to go.
  • network ACL (access control list) on the VPC - stateless firewall for subnets - If you allow inbound traffic on port 80, you must also create a corresponding outbound rule to allow the response traffic on the appropriate port range (ephemeral ports). The ACL inspects each packet in isolation, without considering previous packets.
  • internet gateway (IGW) to make subnet public

Security Groups

  • stateful
  • When you allow inbound traffic on a certain port (e.g., port 80 for HTTP), the Security Group automatically allows the return traffic from the instance on an ephemeral port. It “remembers” the initial request.

A complete Security Group rule has three pieces:

  1. Type: The kind of traffic (e.g., TCP, which is used for most database connections).
  2. Port: The specific “door” for that traffic. For a MySQL database, this would be port 3306.
  3. Source: This is the clever part. Instead of using the web server’s specific IP address, we can use the web server’s own Security Group as the source.

So, the rule on the database’s Security Group would look like this:

  • Allow traffic of type TCP on port 3306 but only from sources that are part of the web-server-security-group.

Disaster Recover

Graph View

Backlinks