Why Cloud Computing? (Simple Explanation)
Cloud computing means renting IT resources (servers, storage, databases) over the internet instead of buying expensive hardware.
Benefits:
- Cost-Efficient – Pay only for what you use.
- Scalable – Increase or decrease resources anytime.
- Reliable – No need to worry about hardware failures.
- Secure – Cloud providers handle security.
- Accessible – Access from anywhere in the world.
AWS Pillars (5 Pillars of Well-Architected Framework) π
Operational Excellence π
- Automate tasks and monitor systems efficiently.
- Example: Using AWS CloudWatch for performance monitoring.
Security π
- Protect data and applications with encryption & access control.
- Example: Using IAM roles, MFA, and AWS Shield.
Reliability ⚙️
- Ensure systems recover quickly from failures.
- Example: Using Auto Scaling and Multi-AZ databases.
Performance Efficiency ⚡
- Optimize resources for fast and efficient performance.
- Example: Using Amazon EC2 instance types based on workload.
Cost Optimization π°
- Reduce costs by using only what you need.
- Example: Using AWS Reserved Instances for long-term savings.
Operational Excellence π
- Automate tasks and monitor systems efficiently.
- Example: Using AWS CloudWatch for performance monitoring.
Security π
- Protect data and applications with encryption & access control.
- Example: Using IAM roles, MFA, and AWS Shield.
Reliability ⚙️
- Ensure systems recover quickly from failures.
- Example: Using Auto Scaling and Multi-AZ databases.
Performance Efficiency ⚡
- Optimize resources for fast and efficient performance.
- Example: Using Amazon EC2 instance types based on workload.
Cost Optimization π°
- Reduce costs by using only what you need.
- Example: Using AWS Reserved Instances for long-term savings.
Summary:
AWS follows these 5 pillars to help businesses build secure, high-performing, and cost-effective cloud solutions. π
IaaS, PaaS, and SaaS
Infrastructure as a Service (IaaS) π️
- Provides virtual servers, storage, and networking over the cloud.
- Users manage the OS, applications, and security.
- Example: AWS EC2, Google Compute Engine, Azure Virtual Machines.
- Analogy: Renting an empty house where you bring your own furniture and appliances.
Platform as a Service (PaaS) π
- Provides a ready-to-use development environment.
- Users manage applications, while the provider handles the underlying infrastructure.
- Example: AWS Elastic Beanstalk, Google App Engine, Heroku.
- Analogy: Renting a furnished apartment—you just move in and live.
Software as a Service (SaaS) π
- Fully managed software applications accessible via a web browser.
- Users don’t manage infrastructure or development; they just use the software.
- Example: Google Drive, Gmail, Dropbox, Microsoft 365.
- Analogy: Staying in a hotel—everything is provided, and you just use the service.
Summary
- IaaS → Full control over infrastructure.
- PaaS → Focus on app development, no server management.
- SaaS → Ready-made software, just use it! π
AWS IAM Components
Root User π
- The first account created when you sign up for AWS.
- Has full access to all AWS services.
- Should not be used for daily tasks (too powerful).
- Secure it with Multi-Factor Authentication (MFA).
IAM User π€
- A regular user account created inside AWS.
- Has specific permissions based on assigned policies.
- Used for daily tasks instead of the root user.
- Each IAM user can have an access key for API use.
IAM Groups π’
- A collection of IAM users.
- Helps manage permissions for multiple users at once.
- Example: A "Developers" group with access to EC2, S3, etc.
IAM Policies π
- Defines what actions a user, group, or role can perform.
- Written in JSON format (Allow/Deny rules).
- Example: A policy that allows a user to read from an S3 bucket.
IAM Roles π
- Temporary permissions given to users or AWS services.
- Used by EC2, Lambda, or other AWS services to perform actions.
- Example: An EC2 instance assumes a role to access S3 without needing access keys.
Multi-Factor Authentication (MFA) π
- Adds extra security by requiring a second factor (e.g., OTP on a mobile app).
- Highly recommended for root and IAM users.
AMAZON EC2
Root User π
- The first account created when you sign up for AWS.
- Has full access to all AWS services.
- Should not be used for daily tasks (too powerful).
- Secure it with Multi-Factor Authentication (MFA).
IAM User π€
- A regular user account created inside AWS.
- Has specific permissions based on assigned policies.
- Used for daily tasks instead of the root user.
- Each IAM user can have an access key for API use.
IAM Groups π’
- A collection of IAM users.
- Helps manage permissions for multiple users at once.
- Example: A "Developers" group with access to EC2, S3, etc.
IAM Policies π
- Defines what actions a user, group, or role can perform.
- Written in JSON format (Allow/Deny rules).
- Example: A policy that allows a user to read from an S3 bucket.
IAM Roles π
- Temporary permissions given to users or AWS services.
- Used by EC2, Lambda, or other AWS services to perform actions.
- Example: An EC2 instance assumes a role to access S3 without needing access keys.
Multi-Factor Authentication (MFA) π
- Adds extra security by requiring a second factor (e.g., OTP on a mobile app).
- Highly recommended for root and IAM users.
EC2 Instance Types & Use Cases
EC2 instances come in different types based on compute, memory, and storage needs:
- T-Series (T3, T4g) → General-purpose, cost-effective, web apps, dev/test.
- M-Series (M5, M6g, M7i) → Balanced performance for apps, medium-sized databases.
- C-Series (C5, C6i, C7g) → High CPU, ideal for data analytics, gaming servers.
- R-Series (R5, R6g, R7i) → Memory-intensive, used for large databases, caching.
- X-Series (X2idn, X2gd) → Extreme memory workloads (SAP HANA, in-memory DBs).
- I-Series (I3, I4i) → High-speed NVMe storage for NoSQL DBs, data warehousing.
- P-Series (P4, P5) → AI/ML training, deep learning, GPU-based workloads.
- G-Series (G5, G6g) → Graphics-intensive tasks (video rendering, game streaming).
- HPC Optimized (Hpc6id, Hpc7g) → Scientific simulations, engineering, AI research.
2️⃣ EC2 Networking & Public IP
- Network Card (NIC) → Controls how fast data moves in/out of an EC2 instance.
- Speed varies: 1 Gbps (standard) → 100 Gbps (HPC & AI workloads).
- Public IP Address → The "home address" of your instance for internet access.
- Dynamic Public IP → Changes every time the instance starts.
- Elastic IP → Static IP that stays the same for reliability.
3️⃣ Security Groups (Firewall Rules)
- Security groups act as a firewall for EC2 instances.
- They control which traffic is allowed in (inbound) and allowed out (outbound).
- Example rules:
- Allow HTTP (port 80) → Anyone can visit the website.
- Allow HTTPS (port 443) → Secure website access.
- Allow SSH (port 22) → Only from a specific IP for secure admin access.
- By default, everything is blocked until you allow it.
4️⃣ EC2 User Data (Automated Setup)
- EC2 User Data is a script that runs when an instance starts.
- Automates tasks like software installation, updates, configurations.
- Example (Linux):
- Benefits:
- Saves time & manual work.
- Ensures consistent setup every time a new instance launches.
- Useful for scaling applications automatically.
πΉSummary
- Choose the right EC2 instance type based on workload needs (CPU, RAM, storage).
- Network settings & Public IPs define how instances communicate over the internet.
- Security groups protect your EC2 by allowing only necessary traffic.
- User Data automates instance setup, making deployment faster & more efficient.
.png)
