1. AWS Cloud Services

1.0 AWS Cloud Architecture

1.1 AWS - EC2

• Amazon EC2 (Elastic Compute Cloud) is a web service provided by Amazon Web
Services (AWS) that allows users to rent virtual servers in the cloud.
• With EC2, users have complete control over their virtual servers, including the
choice of operating system, instance type, and other configurations.

1.1.1 Components of EC2

1.1.1.1 AMI (Amazon Machine Image)

• AMI (Amazon Machine Image) is a pre-configured template that contains the necessary information to launch an instance (virtual server) in Amazon EC2.
• AMIs provide a starting point for creating instances with specific configurations, such as a particular operating system, software packages, and application stacks. They can be
customized and shared among users, making it easy to replicate and deploy consistent
environments.
* Gets credentials from from the metadata service, 169.254.169.254

1.1.1.2 Custom AMIs

1.1.1.3 Accessing EC2

1.1.1.4 SSH / RDP – Also VPN

1.1.1.5 EC2 Instance Connect

1.1.1.6 SSM

1.1.1.7 Security Groups

•Security groups control inbound and outbound traffic for EC2 instances.
•They act as virtual firewalls, regulating traffic based on rules for protocols, ports, and IP
addresses.
•Security groups are stateful, enabling automatic handling of response traffic.

1.2 AWS - S3

Object storage
• Provide secure, durable and highly scalable object storage

1.3 AWS- ARN (Amazon Resource Name)

• Amazon Resource Names (ARNs) uniquely identify AWS resources
• We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls

examples
arn:partition:service:region:account-id:resource-id
arn:partition:service:region:account-id:resource-type/resource-id
arn:partition:service:region:account-id:resource-type:resource-id

1.4 AWS-VPC (Virtual Private Cloud)

• With Amazon Virtual Private Cloud (Amazon VPC), you can launch AWS resources in a logically isolated virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS

1.4.1 VPC - Components

• Subnet
• Routing table
• Internet gateway
• NAT Gateway
• Network ACL
• Security Groups
• Peering connection
• Endpoints

1.5 AWS-IMDS

AWS IMDS stands for "Instance Metadata Service." It's like a secret notebook for your
computer in the cloud. When your computer (an instance) wants to know more about itself, like its name or secret codes, it asks IMDS, and IMDS gives the answers. It's a helpful way for the instance to learn about itself without needing to carry all that info around

1.6 AWS Lambda

AWS Lambda is a cloud service that lets you run code without managing servers. You provide a piece of code and define when you want it to run (like when a certain event happens), and AWS Lambda takes care of running that code for you. It's like having a helper who automatically does a task for you whenever you ask, without you having to do it yourself.

• Gets credential from environment variable
  

1.7 AWS - Security Services

1.7.1 Cloud Trail

1.7.2 CloudWatch

1.7.3 Secret Manager

Secrets Manager is a service that securely stores, encrypts, and rotates your database credentials and other secrets.