Skip to content

AWS Notes

(~) This is a draft in progress.

A few notes on AWS.

AWS Global Infrastructure

Global Services

These are AWS services that are available and operate across all AWS Regions. Examples include IAM (Identity and Access Management), Route 53 (DNS service), and CloudFront (CDN service). These services are not tied to a specific region but rather operate globally to support your applications anywhere.

Regions

An AWS Region is a geographic area that consists of a collection of data centers. Each Region is isolated from others, and AWS designs Regions to ensure fault tolerance and low-latency performance. For example, AWS has a "US East (N. Virginia)" Region, and this could be used for services to be close to that geographic area.

Data Residency

AWS does not move your data across Regions unless you explicitly configure it to do so. This means your data remains in the Region where you store it, ensuring latency control and security.

Some industries and governments have data sovereignty laws that require data to remain within a specific country or region. AWS provides compliance programs to help customers meet regulatory requirements.

AZs

A Region is made up of multiple Availability Zones (AZs). Each AZ is essentially a data center or a group of data centers in a specific location. AZs are designed to be isolated from failurese in other AZs but connected to each other with high-speed, low-latency networking.

Edge Locations

Edge locations are AWS data centers used by services like CloudFront (Content Delivery Network) and AWS Lambda@Edge. These are located closer to end users and serve to cache data or run code closer to where the users are. Edge locations enable low-latency delivery of content, such as static website assets or videos, by caching copies at locations globally. AWS has a large number of these Edge Locations worldwide.

Edge Computing

Edge computing processes data closer to the source (e.g., IoT devices, sensors, users) instead of relying on centralized cloud servers. This reduces latency, bandwidth usage, and improves real-time decision-making. It's commonly used in IoT, gaming, AI-powered retail, autonomous vehicles, and healthcare.

VPC

VPC (Virtual Private Cloud) is a service that lets you create an isolated, private network within AWS. It allows you to define and control networking aspects like IP addressing, subnets, route tables, security groups, and internet gateways.

VPC is regional, meaning each AWS Region has its own VPC resources. You create and manage VPCs within a specific region, and these VPCs do not span across multiple regions.

Default VPC

A default VPC in AWS is automatically created in each region with a CIDR block of 172.31.0.0/16, providing private IP address space for instance. Each AZ in the region has one default subnet. The default VPC also includes an internet gateway for internet access, a default security group, a default NACL (Network Access Control List), and route tables for managingmanaging traffic between instances and the internet.

Use Custom VPC for Production

The default VPC has limited customization and is designed for ease of use and quick deployment, but it may not meet all the needs of a production environment.

EC2

EC2 (Elastic Compute Cloud) is a default compute service that allows you to rent virtual machines (instances) to run applications. It provides scalable compute services, with flexible pricing models.

By default, EC2 instances are launched within a VPC (Virtual Private Cloud) and are assigned to a specific subnet in an Availability Zone (AZ), but they are not automatically resilient across AZs. To ensure AZ resilience, you need to manually deploy instances across multiple AZs, use an Elastic Load Balancer (ELB) to distribute traffic, and configure Auto Scaling.

EC2 instances use EBS (Elastic Block Store) for persistent storage by default, but can also include instance store (local storage) for temporary data. EBS is persistent, scalable, and highly available within an AZ, while instance store is temporary and offers high-speed storage but loses data if the instance is stopped or terminated.

Instances are private by default, meaning they are launched in private subnets without direct internet access. To make an EC2 instance publicly accessible, you need to place it in a public subnet, configure route tables to an Internet Gateway, and assign a public IP or Elastic IP. Security groups and network ACLs need to be adjusted to control traffic access.

AMI

An Amazon Machine Image (AMI) is a pre-configured template that includes the operating system, applications, and configurations needed to launch EC2 instances.

AMI can be public, private, or shared with specific AWS accounts using launch permissions.

The root volume of an AMI is typically EBS-backed for persistence across reboots, but some AMIs use instance store, which is temporary.

Block device mapping defines the storage setup, specifying the root volume and any additional attached EBS or instance store volumes This allows for flexible storage configurations and automated instance provisioning.