Scribd
Upload
22 views20 pages

AWS Architecture Components

The document provides an overview of various AWS services, including VPC, subnets, CIDR setup, and load balancers. It explains the differences between public and private subnets, the use of CIDR notation for IP address ranges, and the functionalities of Application Load Balancers and Network Load Balancers. Additionally, it outlines steps for setting up a Django project using AWS ECR and Terraform.

Uploaded by

dienhientran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views20 pages

AWS Architecture Components

The document provides an overview of various AWS services, including VPC, subnets, CIDR setup, and load balancers. It explains the differences between public and private subnets, the use of CIDR notation for IP address ranges, and the functionalities of Application Load Balancers and Network Load Balancers. Additionally, it outlines steps for setting up a Django project using AWS ECR and Terraform.

Uploaded by

dienhientran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

l

AWS

lo
SERVICES

x.
le
DO FOLLOW ME ON
INSTAGRAM/

ip
TWITTER/
TELEGRAM

.a SINGAM4DEVOPS
w
w
w

Get more free courses at www.aiplex.lol


VPC

l
lo
x.
le
ip
.a
w
w
w

Get more free courses at www.aiplex.lol


SUBNETS

l
• Public subnets

lo
• Include a routing table entry to an
Internet gateway to support

x.
• inbound/outbound access to the
public Internet.

le
• Private subnets

ip
• Do not have a routing table entry
to an Internet gateway and are
not directly accessible from the

.a
public Internet.
• Typically use a "jump box"
w
(NAT/proxy/bastion host) to
support restricted, outbound-only
w
public Internet access.
w

Get more free courses at www.aiplex.lol


CIDR SETUP

l
lo
• When you create your VPC, you specify its set of IP addresses with

x.
CIDR notation
• Classless Inter-Domain Routing (CIDR) notation is a simplified way
to show a specific range of IP addresses

le
• Example: 10.0.0.0/16 = all IPs from 10.0.0.0 to
10.0.255.255

ip
• 255.255.0.0=11111111 11111111 00000000 00000000

.a
255.255.254.0 = 11111111 11111111 11111110 00000000
w
• 16 bits that can have a maximum value of
1111111111111111 =65,535
w
w

We are fixing the place value /8 means one value


Get more free courses at www.aiplex.lol
/16 means two places
/16 ALL YOU HAVE TO KNOW ABOUT

l
lo
x.
• The 16 in the CIDR notation example The unlocked bits can change between 1 and 0,
allowing the full range of possible values.
represents how many of those bits are

le
"locked down" and cannot change.

ip
.a
w
w
w

Get more free courses at www.aiplex.lol


Directing Traffic Between VPC
Resources

l
lo
x.
le
ip
.a
w
w
w

Get more free courses at www.aiplex.lol


Security Layer of AWS

l
lo
x.
le
SECURITY GROUP NACL

ip
.a
w
w
w

Get more free courses at www.aiplex.lol


Network Address

l
Translation

lo
services

x.
• Enable instances in the
private subnet to initiate

le
outbound traffic to the
Internet or other AWS
services.

ip
.a
w
w
w

Get more free courses at www.aiplex.lol


AWS PROJECT SETUP WITH E2E The destination for the route is

l
lo
0.0.0.0/0 , which represents all
IPv4 addresses.

x.
The target is the internet gateway
that's attached to your VPC

le
LOCAL à SUBNET
DESTINATION à VPC, NAT

ip
Gateway, Virtual PrivatE
Gateway, VPC endpoint

.a
RT1 -> VPC HIT à ROUTE TO
Destination => IP address/CIDR range . PUBLIC SUBNET
Target => Where you want to send the traffic for the specified destination (e.g. if the destination is my local
w
subnet, mention target as "local")
The Internet gateway is one of the targets (e.g. routing traffic to the internet). Other options for the target
w
would be
NAT Gateway
Virtual Private Gateway
w

VPC endpoint
Get more
VPC peering connection etc. depending free architecture
on your courses at www.aiplex.lol
AWS API GATEWAY

l
lo
Amazon API Gateway is a
fully managed service that
makes it easy for developers

x.
to create, publish, maintain,
monitor, and secure APIs at

le
any scale.

APIs act as the "front door"

ip
for applications to access
data, business logic, or
functionality from your

.a
backend services.
w API Gateway, helps us to
create RESTful APIs and
WebSocket APIs that enable
w
real-time two-way
communication applications.
w

Get more free courses at www.aiplex.lol


AWS ROUTE 53 AWS Route 53 connects requests to the infrastructure
running in AWS. These requests include AWS ELB,

l
Amazon EC2 instances, or Amazon S3 buckets.

lo
AWS Route 53 can be easily used to configure DNS

x.
health checks, continuously monitor your
applications’ ability to recover from failures, and
control application recovery with Route 53

le
Application Recovery Controller.
AWS Route 53 traffic flow helps to manage traffic
globally via a wide variety of routing types including

ip
latency-based routing, geo DNS, weighted round-
robin, and geo proximity

.a
w
1) latency-based routing - user latency can be reduced by serving requests from the region where network latency
w
is the lowest
2) geo DNS - Geolocation routing can be used to send traffic to resources based on the geographical location of users
3) weighted round-robin - Two regions servers are there then we can divide the traffic based on percentage [East 30% and
w

West 70%]
Get more free courses at www.aiplex.lol
Log analysis with Amazon Elasticsearch Service

l
and Kibana

lo
x.
le
ip
.a
w
w
w

Get more free courses at www.aiplex.lol


S3 Glacier Data Flow

l
lo
x.
le
ip
.a
w
w
w

Get more free courses at www.aiplex.lol


Application Load Balancer

l
lo
An Application Load Balancer (ALB) only works at layer 7 (HTTP).
It has a wide range of routing rules for incoming requests based on host
name, path, query string parameter, HTTP method, HTTP headers, source

x.
IP, or port number.

** ELB only allows routing based on port number.

le
ALB can route requests to many ports on a single target.
Plus, ALB can route requests to Lambda functions.

ip
ALB further supports Server Name Indication (SNI), which allows it to
serve many domain names.

.a
There is a limit, however, to the number of certificates you can attach to
an ALB, namely 25 certificates plus the default certificate.
w
ALBs are typically used for web applications.
w
If you have a microservices architecture, ALB can be used as an internal
load balancer in front of EC2 instances or Docker containers that
implement a given service.
w

Get more free courses at www.aiplex.lol


Network Load

l
Balancer

lo
• A Network Load Balancer (NLB)

x.
works at layer 4 only and can handle
both TCP and UDP, as well as TCP
connections encrypted with TLS.

le
• It has a very high performance

ip
• It uses static IP addresses and can
be assigned Elastic IPs—not possible
with ALB and ELB.

.a
• NLBs would be used for anything
that ALBs don’t cover. A typical use
w
case would be a near real-time data
streaming service (video, stock quotes,
etc.) Another typical case is that you
w
would need to use an NLB if your
application uses non-HTTP protocols.
w

Get more free courses at www.aiplex.lol


Comparison of AWS LB’s

l
lo
Layer 4 load balancing operates at the intermediate transport layer,

x.
which is responsible for delivering messages regardless of the
content. Layer 4 load balancers simply forward network packets to
and from the upstream server without bothering to inspect what’s in
them.

le
ip
Layer 7 load balancing operates at the high-level application layer,
which is responsible for the actual content of the message. Layer 7
load balancers route network traffic in a more complex manner,

.a
usually applicable to TCP-based traffic like HTTP. Unlike Layer 4, a
Layer 7 load balancer terminates the network traffic and reads the
message within. It makes a decision based on the content of the
message. After which, it makes a new TCP connection to the selected
w
The decryption/encryption of TLS traffic is done
upstream server and writes the request to the server.

at LB end rather then the application servers,


w
which helps you optimize the performance of your
backend application servers while keeping your
w

workloads secure.
Get more free courses at www.aiplex.lol
Application Load balancer Dashboard

l
lo
x.
le
ip
.a
w
w
w

Get more free courses at www.aiplex.lol


DJANGO PROJECT LAB

l
lo
• Create a repo in aws ECR name - > django-app
• IMPORTANT - Once the repo is create change the 600735812827.dkr.ecr.us-west-1.amazonaws.com BELOW
VALUES IN COMMANDS TO THE REPO OF YOURS

x.
• aws ecr get-login-password --region us-west-1 | docker login --username AWS --password-stdin
600735812827.dkr.ecr.us-west-1.amazonaws.com
• cd app/

le
• docker build -t 600735812827.dkr.ecr.us-west-1.amazonaws.com/django-app:latest .
• docker push 600735812827.dkr.ecr.us-west-1.amazonaws.com/django-app:latest

ip
• Change the docker_image_url_django in VARIABLES.TF file with your current repo name
• Change the file paths in iam.tf and variables.tf file

.a
• Go to terraform folder and hit this below command
• ssh-keygen -f california-region-key-pair
• terraform init w
• terraform plan -out terraform.out
• terraform apply "terraform.out"
w
• pip install boto3 click
w

Get more free courses at www.aiplex.lol


• export AWS_ACCESS_KEY_ID=""

l
lo
• export AWS_SECRET_ACCESS_KEY=""

x.
• export AWS_DEFAULT_REGION="us-west-1"
• cd deploy folder

le
• Run command in deploy folder - python3 update-ecs.py --

ip
cluster=production-cluster --service=production-service
• terraform destroy

.a
w
w
w

Get more free courses at www.aiplex.lol


l
lo
x.
le
DO FOLLOW ME
ON
INSTAGRAM/

ip
TWITTER/
TELEGRAM

.a
SINGAM4DEVOPS
w
w
w

Get more free courses at www.aiplex.lol

You might also like