AWS VPC Fundamentals- Webinar

Editor's Notes

• #11: Each AZ is placed in a way to ensure that latency is as low as 2 ms 99% of the time.
• #34: Let’s take a look at some examples of security groups in action. In the first example, we use a source description of 0.0.0.0/0 to specify that any computer from anywhere on the Internet can access a web server on our instance that is listening on port 80. Note that security groups that restrict access by IP actually specify an IP range using a convention called CIDR Notation. CIDR is short for Classless Inter-Domain Routing. We will discuss CIDR in more depth in the VPC module. For now, it is enough to know that the address 0.0.0.0/0 specifies any IP address, and that the address 10.50.2.133/32 is how we specify a single IP address (in this case, 10.50.2.133) in CIDR notation. In the second example, we specify that we only want to allow access from a specific IP address. In the third example, we specify that members of this security group should only allow SSH access from an instance that belongs to the security group that has the security group ID sg-4ad3712f. This can be very useful when you need instances to communicate with one another, but only want to grant this permission to instances that serve a particular function in your network. A great example of this is the bastion host, which we will discuss in more detail in the next module.
• #48: Notes: Here’s a basic system. Remember, it is important to build security into every layer of your design.
• #49: Notes: Here’s a basic system. Remember, it is important to build security into every layer of your design.
• #52: AWS CloudFormation enables you to create and provision AWS infrastructure deployments in a predictable, repeatable, and automated fashion. You can create templates for the service or application architectures you want and then have  AWS CloudFormation use those templates for quick and reliable provisioning of the services or applications (called “stacks”). When you use AWS CloudFormation, you work with templates and stacks.   An AWS CloudFormation template is a JSON text file used to describe the AWS resources and their properties in your infrastructure. For example, in a template, you can describe an Amazon EC2 instance, such as the instance type, the AMI ID, block device mappings, and its Amazon EC2 key pair name. You use these templates to create a stack. A stack is a collection of AWS resources that has been created from a template. You may provision (create) a stack numerous times.   When a stack is provisioned, the AWS resources specified by its template are created. Any AWS usage changes  incurred from using these services will start accruing as they are created as part of the AWS CloudFormation stack. When a stack is deleted, the resources associated with the stack are deleted. The order of deletion is determined by AWS CloudFormation; you do not have direct control over what gets deleted when.
• #54: AWS CloudFormation enables you to create and provision AWS infrastructure deployments in a predictable, repeatable, and automated fashion. You can create templates for the service or application architectures you want and then have  AWS CloudFormation use those templates for quick and reliable provisioning of the services or applications (called “stacks”). When you use AWS CloudFormation, you work with templates and stacks.   An AWS CloudFormation template is a JSON text file used to describe the AWS resources and their properties in your infrastructure. For example, in a template, you can describe an Amazon EC2 instance, such as the instance type, the AMI ID, block device mappings, and its Amazon EC2 key pair name. You use these templates to create a stack. A stack is a collection of AWS resources that has been created from a template. You may provision (create) a stack numerous times.   When a stack is provisioned, the AWS resources specified by its template are created. Any AWS usage changes  incurred from using these services will start accruing as they are created as part of the AWS CloudFormation stack. When a stack is deleted, the resources associated with the stack are deleted. The order of deletion is determined by AWS CloudFormation; you do not have direct control over what gets deleted when.
• #55: With Infrastructure as Code, you can automate your entire dev, test, or production environment to be deployed, configured, and ready to use within minutes. For example, the entire setup on this slide can be deployed using AWS CloudFormation templates. You can create baseline templates for your Dev and Test environments, and then create stacks as needed from those templates. You can easily create production-like setups to perform your development and testing as part of your software development lifecycle. All the templates can be stored in a version control system like Git or AWS CodeCommit.
• #56: In this reference diagram note that you can have many S3 buckets: 1. Public S3 buckets, that will store static files to be cached by Cloudfront and 2. Private S3 buckets that can store logs, backups, config files that can be read by any server in any AZ.