Showing preview only (256K chars total). Download the full file or copy to clipboard to get everything.
Repository: iam-veeramalla/aws-devops-zero-to-hero
Branch: main
Commit: f4aa48e41941
Files: 79
Total size: 237.6 KB
Directory structure:
gitextract_8q9m8ecv/
├── LICENSE
├── README.md
├── appspec.yml
├── day-14/
│ ├── README.md
│ └── simple-python-app/
│ ├── Dockerfile
│ ├── app.py
│ ├── appspec.yml
│ ├── buildspec.yml
│ ├── requirements.txt
│ ├── start_container.sh
│ └── stop_container.sh
├── day-16/
│ ├── README.md
│ ├── custom_metrics_demo/
│ │ ├── cloudwatch_metrics.py
│ │ └── requirements.txt
│ └── default_metrics_demo/
│ └── cpu_spike.py
├── day-17/
│ └── README.md
├── day-18/
│ ├── README.md
│ └── ebs_stale_snapshosts.py
├── day-19/
│ └── README.md
├── day-2/
│ ├── README.md
│ └── interview-questions
├── day-20/
│ └── README.md
├── day-21/
│ ├── Dockerfile
│ ├── README.md
│ ├── app.py
│ ├── commands.md
│ └── requirements.txt
├── day-22/
│ ├── 2048-app-deploy-ingress.md
│ ├── README.md
│ ├── alb-controller-add-on.md
│ ├── configure-oidc-connector.md
│ ├── installing-eks.md
│ ├── prerequisites.md
│ └── sample-app.md
├── day-24/
│ ├── main.tf
│ ├── provider.tf
│ ├── userdata.sh
│ ├── userdata1.sh
│ └── variables.tf
├── day-25/
│ ├── README.md
│ ├── lambda_function.py
│ └── lambda_function_permissions.md
├── day-3/
│ └── README.md
├── day-4/
│ └── README.md
├── day-5/
│ └── README.md
├── day-6/
│ └── README.md
├── day-7/
│ └── vpc-demo-2-tier-app
├── day-8/
│ └── Interview_q&a
├── day-9/
│ ├── README.md
│ └── demos/
│ └── bucket-policies/
│ ├── restrict-access-to-owner.json
│ └── static-website-basic.json
├── interview-questions/
│ ├── 01-ADVANCED.md
│ ├── 01-SCENARIO-BASED.md
│ ├── aws-cli.md
│ ├── aws-terraform.md
│ ├── cloud-migration.md
│ ├── cloudformation.md
│ ├── cloudfront.md
│ ├── cloudtrail.md
│ ├── cloudwatch.md
│ ├── code-build.md
│ ├── code-deploy.md
│ ├── code-pipeline.md
│ ├── dynamodb.md
│ ├── ecr.md
│ ├── ecs.md
│ ├── eks.md
│ ├── elastic-bean-stalk.md
│ ├── elastic-cloud-compute.md
│ ├── elb.md
│ ├── iam.md
│ ├── lambda-functions.md
│ ├── rds.md
│ ├── route53.md
│ ├── s3.md
│ ├── systems-manager.md
│ └── vpc.md
└── scripts/
├── start_container.sh
└── stop_container.sh
================================================
FILE CONTENTS
================================================
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: README.md
================================================
# aws-devops-zero-to-hero
Complete YouTube playlist - https://www.youtube.com/playlist?list=PLdpzxOOAlwvLNOxX0RfndiYSt1Le9azze
AWS zero to hero repo for devops engineers to learn AWS in 30 Days. This repo includes projects, presentations, interview questions and real time examples. Each day's class will provide real-time knowledge on AWS services, allowing you to apply what you've learned and gain practical skills in working with AWS in a DevOps context.
## Day 1: Introduction to AWS
You will learn what is private and public cloud. Why companies are moving to public cloud, what are the advantages of moving to cloud.
Also, you will be introduced to the basics of AWS, including the core services and their significance in DevOps practices. Finally learn how to set up an AWS account and navigate the AWS Management Console.
## Day 2: IAM (Identity and Access Management)
You will explore IAM, which is used for managing access to AWS resources. You'll learn how to create IAM users, groups, and roles, and how to apply permissions and security best practices to ensure proper access control.
## Day 3: EC2 Instances
You'll dive into EC2, which provides virtual servers in the cloud. You'll learn how to launch EC2 instances, connect to them using SSH, and understand key concepts such as instance types, security groups, and key pairs.
**Your First AWS Project**: Deploy a simple web application(such as jenkins) on the ec2 instance and access the application from outside AWS.
## Day 4: AWS Networking (VPC)
You'll explore AWS networking concepts, with a specific focus on VPC (Virtual Private Cloud). You'll learn how to create and configure VPCs, subnets, and route tables, enabling you to design and manage the network infrastructure for your applications.
## Day 5: AWS Security
This day emphasizes security best practices in AWS. You'll learn how to implement security measures such as security groups, network ACLs (Access Control Lists), and IAM policies to ensure the confidentiality, integrity, and availability of your AWS resources.
## Day 6: AWS Route 53
**Project:** Configure and manage a domain name using Route 53. You'll register a domain, set up DNS records, and explore advanced features such as health checks, routing policies, and DNS-based failover.
## Day 7: Secure VPC Setup with EC2 Instances
**Project:**
- Design and configure a VPC:
Create a VPC with custom IP ranges.
Set up public and private subnets.
Configure route tables and associate subnets.
- Implement network security:
Set up network access control lists (ACLs) to control inbound and outbound traffic.
Configure security groups for EC2 instances to allow specific ports and protocols.
- Provision EC2 instances:
Launch EC2 instances in both the public and private subnets.
Configure security groups for the instances to allow necessary traffic.
Create and assign IAM roles to the instances with appropriate permissions.
- Networking and routing:
Set up an internet gateway to allow internet access for instances in the public subnet.
Configure NAT gateway or NAT instance to enable outbound internet access for instances in the private subnet.
Create appropriate route tables and associate them with the subnets.
- SSH key pair and access control:
Generate an SSH key pair and securely store the private key.
Configure the instances to allow SSH access only with the generated key pair.
Implement IAM policies and roles to control access and permissions to AWS resources.
- Test and validate the setup:
SSH into the EC2 instances using the private key and verify connectivity.
Test network connectivity between instances in different subnets.
Validate security group rules and network ACL settings.
By implementing this project, you'll gain hands-on experience in setting up a secure VPC with EC2 instances, implementing networking and routing, configuring security groups and IAM roles, and ensuring proper access control. This project will provide a practical understanding of how these AWS services work together to create a secure and scalable infrastructure for your applications.
## Day 8: AWS Interview Questions on EC2, IAM and VPC
## Day 9: Amazon S3
This day focuses on Amazon S3, a scalable object storage service. You'll learn how to create S3 buckets, upload and download objects, and organize data using S3 features like versioning, lifecycle policies, and access control.
## Day 10: AWS CLI
## Day 11: AWS CloudFormation
This day introduces Infrastructure as Code (IaC) using AWS CloudFormation. You'll learn how to create CloudFormation templates to automate the provisioning of resources, manage stacks, and ensure consistent infrastructure across deployments.
**Project:** You'll work on creating a CloudFormation template that provisions a fully configured application stack, including EC2 instances, networking components, and security groups.
## Day 12: AWS CodeCommit
This day focuses on AWS CodeCommit, a managed source control service. You'll learn how to set up a Git repository in CodeCommit, collaborate with team members, and manage version control of your codebase.
**Project:** You'll configure a CodeCommit repository for a team project, including setting up access control and collaboration workflows.
## Day 13: AWS CodePipeline
You'll dive into AWS CodePipeline, a fully managed continuous delivery service. You'll learn how to build end-to-end CI/CD pipelines by configuring source, build, and deployment stages, automating the entire software release process.
**Project:** You'll create a CI/CD pipeline using CodePipeline for an application deployment, including source code integration, build, and automatic deployment to a target environment.
## Day 14: AWS CodeBuild
This day focuses on AWS CodeBuild, a fully managed build service. You'll learn how to configure build projects in CodeBuild, define build specifications, and perform build and testing processes.
**Project:** You'll configure and run CodeBuild for a project, including defining build specifications and integrating with other AWS services.
## Day 15: AWS CodeDeploy
You'll explore AWS CodeDeploy, a service for automating application deployments to various compute environments. You'll learn how to create deployment groups, configure deployment strategies, and perform automatic rollbacks if necessary.
**Project:** You'll implement a Blue/Green deployment strategy for a sample application using CodeDeploy, ensuring zero-downtime deployments and easy rollback options.
## Day 16: AWS CloudWatch
This day focuses on monitoring AWS resources using AWS CloudWatch. You'll learn how to create alarms, set up notifications, and collect metrics to gain insights into the health and performance of your applications and infrastructure.
**Project:** You'll set up CloudWatch alarms for critical metrics of an application, define appropriate threshold conditions, and configure notification actions.
## Day 17: AWS Lambda
This day introduces serverless computing with AWS Lambda. You'll learn how to create and deploy serverless functions, trigger them based on events, and leverage Lambda to build scalable and event-driven architectures.
## Day 18: AWS CloudWatch Events and EventBridge
This day focuses on AWS CloudWatch Events and EventBridge, services for event-driven architectures. You'll learn how to create event rules, configure event targets, and build serverless event-driven workflows.
**Project:** You'll build a serverless event-driven workflow using CloudWatch Events and EventBridge, demonstrating the integration and automation of different AWS services based on events.
## Day 19: AWS CloudFront
If you've never heard of CDN or CloudFront before, don't worry, we will start from scratch and gradually build up your understanding. By the end, you'll be well-versed in these technologies.
**Project:** You'll configure a s3 bucket to host a static website and learn how to serve the requests to this website through CDN that is AWS Cloud Front.
## Day 20: AWS ECR (Elastic Container Registry)
You'll explore AWS ECR, a fully managed container registry for storing and managing container images. You'll learn how to push and pull Docker images to and from ECR, enabling seamless integration with ECS and other container services.
**Project:** You'll build a CI/CD pipeline that automatically builds, pushes, and deploys Docker images to ECR, ensuring streamlined container image management.
## Day 21: AWS ECS (Elastic Container Service)
This day focuses on AWS ECS, a fully managed container orchestration service. You'll learn how to run and manage containers using ECS, including creating task definitions, managing services, and scaling with auto-scaling capabilities.
**Project:** You'll deploy a multi-container application using ECS, configure auto-scaling policies, and ensure high availability and efficient resource utilization.
## Day 22: AWS EKS (Elastic Kubernetes Service)
This day introduces AWS EKS, a fully managed Kubernetes service. You'll learn how to deploy and manage Kubernetes clusters using EKS, including launching worker nodes, configuring networking, and deploying applications using Kubernetes manifests.
**Project:** You'll deploy a sample application on EKS using Kubernetes manifests, demonstrating the capabilities of running containerized applications on a managed Kubernetes service.
## Day 23: AWS Systems Manager
This day focuses on AWS Secrets Manager, a service for storing and managing secrets such as database credentials, API keys, and other sensitive information. You'll learn how to store, retrieve, and rotate secrets securely in your applications.
**Project:** You'll configure Secrets Manager to store and manage secrets, integrate secret retrieval in an application, and implement secret rotation policies.
## Day 24: Create Infrastructure using Terraform
This day focusses on creating infrastructure using Terraform with real time example.
**Project:** You'll create a VPC and deploy 2 applications in different availability zones. We will also create a load balancer to balance the load between the instances automatically.
## Day 25: AWS CloudTrail and Config
You'll explore AWS CloudTrail and AWS Config, which provide auditing and compliance capabilities. You'll learn how to track API calls using CloudTrail and ensure compliance with AWS Config rules.
**Project:** You'll configure CloudTrail to log API activities and set up AWS Config rules to enforce compliance policies for your AWS resources.
## Day 26: AWS Elastic Load Balancer
You'll explore AWS Elastic Load Balancer, a service for distributing incoming application traffic across multiple targets. You'll learn how to configure and manage load balancers to ensure high availability, fault tolerance, and scalability.
**Project:** You'll configure an Elastic Load Balancer for an application, define target groups, and observe the load balancing behavior across instances.
## Day 27: 500 AWS interview questions and answers topic wise for interviews.
This day focuses on learning how to migrate applications to AWS cloud. What are the most popular strategies and tools used to achieve the cloud migration.
## Day 28: AWS Cloud Migration Strategies and Tools
This day focuses on learning how to migrate applications to AWS cloud. What are the most popular strategies and tools used to achieve the cloud migration.
## Day 29: AWS Best Practices and Job Preparation
On the final day, you'll review best practices for AWS services, including security, cost optimization and performance.
## Day 30: AWS Project with RDS
================================================
FILE: appspec.yml
================================================
version: 0.0
os: linux
hooks:
ApplicationStop:
- location: scripts/stop_container.sh
timeout: 300
runas: root
AfterInstall:
- location: scripts/start_container.sh
timeout: 300
runas: root
================================================
FILE: day-14/README.md
================================================
# AWS Continuous Integration Demo
## Set Up GitHub Repository
The first step in our CI journey is to set up a GitHub repository to store our Python application's source code. If you already have a repository, feel free to skip this step. Otherwise, let's create a new repository on GitHub by following these steps:
- Go to github.com and sign in to your account.
- Click on the "+" button in the top-right corner and select "New repository."
- Give your repository a name and an optional description.
- Choose the appropriate visibility option based on your needs.
- Initialize the repository with a README file.
- Click on the "Create repository" button to create your new GitHub repository.
Great! Now that we have our repository set up, we can move on to the next step.
## Create an AWS CodePipeline
In this step, we'll create an AWS CodePipeline to automate the continuous integration process for our Python application. AWS CodePipeline will orchestrate the flow of changes from our GitHub repository to the deployment of our application. Let's go ahead and set it up:
- Go to the AWS Management Console and navigate to the AWS CodePipeline service.
- Click on the "Create pipeline" button.
- Provide a name for your pipeline and click on the "Next" button.
- For the source stage, select "GitHub" as the source provider.
- Connect your GitHub account to AWS CodePipeline and select your repository.
- Choose the branch you want to use for your pipeline.
- In the build stage, select "AWS CodeBuild" as the build provider.
- Create a new CodeBuild project by clicking on the "Create project" button.
- Configure the CodeBuild project with the necessary settings for your Python application, such as the build environment, build commands, and artifacts.
- Save the CodeBuild project and go back to CodePipeline.
- Continue configuring the pipeline stages, such as deploying your application using AWS Elastic Beanstalk or any other suitable deployment option.
- Review the pipeline configuration and click on the "Create pipeline" button to create your AWS CodePipeline.
Awesome job! We now have our pipeline ready to roll. Let's move on to the next step to set up AWS CodeBuild.
## Configure AWS CodeBuild
In this step, we'll configure AWS CodeBuild to build our Python application based on the specifications we define. CodeBuild will take care of building and packaging our application for deployment. Follow these steps:
- In the AWS Management Console, navigate to the AWS CodeBuild service.
- Click on the "Create build project" button.
- Provide a name for your build project.
- For the source provider, choose "AWS CodePipeline."
- Select the pipeline you created in the previous step.
- Configure the build environment, such as the operating system, runtime, and compute resources required for your Python application.
- Specify the build commands, such as installing dependencies and running tests. Customize this based on your application's requirements.
- Set up the artifacts configuration to generate the build output required for deployment.
- Review the build project settings and click on the "Create build project" button to create your AWS CodeBuild project.
Fantastic! With AWS CodeBuild all set up, we're now ready to witness the magic of continuous integration in action.
## Trigger the CI Process
In this final step, we'll trigger the CI process by making a change to our GitHub repository. Let's see how it works:
- Go to your GitHub repository and make a change to your Python application's source code. It could be a bug fix, a new feature, or any other change you want to introduce.
- Commit and push your changes to the branch configured in your AWS CodePipeline.
- Head over to the AWS CodePipeline console and navigate to your pipeline.
- You should see the pipeline automatically kick off as soon as it detects the changes in your repository.
- Sit back and relax while AWS CodePipeline takes care of the rest. It will fetch the latest code, trigger the build process with AWS CodeBuild, and deploy the application if you configured the deployment stage.
================================================
FILE: day-14/simple-python-app/Dockerfile
================================================
# Base image
FROM python:3.8
# Set the working directory inside the container
WORKDIR /app
# Copy the requirements file
COPY requirements.txt .
# Install the project dependencies
RUN pip install -r requirements.txt
# Copy the application code into the container
COPY . .
# Expose the port the Flask application will be listening on
EXPOSE 5000
# Set environment variables, if necessary
# ENV MY_ENV_VAR=value
# Run the Flask application
CMD ["python", "app.py"]
================================================
FILE: day-14/simple-python-app/app.py
================================================
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello():
return 'Hello, world!'
if __name__ == '__main__':
app.run()
================================================
FILE: day-14/simple-python-app/appspec.yml
================================================
version: 0.0
os: linux
hooks:
ApplicationStop:
- location: scripts/stop_container.sh
timeout: 300
runas: root
AfterInstall:
- location: scripts/start_container.sh
timeout: 300
runas: root
================================================
FILE: day-14/simple-python-app/buildspec.yml
================================================
version: 0.2
env:
parameter-store:
DOCKER_REGISTRY_USERNAME: /myapp/docker-credentials/username
DOCKER_REGISTRY_PASSWORD: /myapp/docker-credentials/password
DOCKER_REGISTRY_URL: /myapp/docker-registry/url
phases:
install:
runtime-versions:
python: 3.11
pre_build:
commands:
- echo "Installing dependencies..."
- pip install -r day-13/simple-python-app/requirements.txt
build:
commands:
- echo "Running tests..."
- cd day-13/simple-python-app/
- echo "Building Docker image..."
- echo "$DOCKER_REGISTRY_PASSWORD" | docker login -u "$DOCKER_REGISTRY_USERNAME" --password-stdin "$DOCKER_REGISTRY_URL"
- docker build -t "$DOCKER_REGISTRY_URL/$DOCKER_REGISTRY_USERNAME/simple-python-flask-app:latest" .
- docker push "$DOCKER_REGISTRY_URL/$DOCKER_REGISTRY_USERNAME/simple-python-flask-app:latest"
post_build:
commands:
- echo "Build completed successfully!"
artifacts:
files:
- '**/*'
base-directory: ../simple-python-app
================================================
FILE: day-14/simple-python-app/requirements.txt
================================================
flask
================================================
FILE: day-14/simple-python-app/start_container.sh
================================================
#!/bin/bash
set -e
# Pull the Docker image from Docker Hub
echo
# Run the Docker image as a container
echo
================================================
FILE: day-14/simple-python-app/stop_container.sh
================================================
#!/bin/bash
set -e
# Stop the running container (if any)
echo "Hi"
================================================
FILE: day-16/README.md
================================================
# AWS CLOUD WATCH
Welcome back to our "30 Days AWS Zero to Hero" series. Today, on Day 16, we will deep dive into AWS CloudWatch.
What is AWS CloudWatch?
AWS CloudWatch is a powerful monitoring and observability service provided by Amazon Web Services. It enables you to gain insights into the performance, health, and operational aspects of your AWS resources and applications. CloudWatch collects and tracks metrics, collects and monitors log files, and sets alarms to alert you on certain conditions.
Advantages of AWS CloudWatch:
Comprehensive Monitoring: CloudWatch allows you to monitor various AWS resources such as EC2 instances, RDS databases, Lambda functions, and more. You get a unified view of your entire AWS infrastructure.
Real-Time Metrics: It provides real-time monitoring of metrics, allowing you to respond quickly to any issues or anomalies that might arise.
Automated Actions: With CloudWatch Alarms, you can set up automated actions like triggering an Auto Scaling group to scale in or out based on certain conditions.
Log Insights: CloudWatch Insights lets you analyze and search log data from various AWS services, making it easier to troubleshoot problems and identify trends.
Dashboards and Visualization: Create custom dashboards to visualize your application and infrastructure metrics in one place, making it easier to understand the overall health of your system.
Problem Solving with AWS CloudWatch:
CloudWatch helps address several critical challenges, including:
Resource Utilization: Tracking resource utilization and performance metrics to optimize your AWS infrastructure efficiently.
Proactive Monitoring: Identifying and resolving issues before they impact your applications or users.
Troubleshooting: Analyzing logs and metrics to troubleshoot problems and reduce downtime.
Scalability: Automatically scaling resources based on demand to ensure optimal performance and cost efficiency.
Practical Use Cases of AWS CloudWatch:
Auto Scaling: CloudWatch can trigger Auto Scaling actions based on defined thresholds. For example, you can automatically scale in or out based on CPU utilization or request counts.
Resource Monitoring: Monitor EC2 instances, RDS databases, DynamoDB tables, and other AWS resources to gain insights into their performance and health.
Application Insights: Track application-specific metrics to monitor the performance of your applications and identify potential bottlenecks.
Log Analysis: Use CloudWatch Logs Insights to analyze log data, identify patterns, and troubleshoot issues in real-time.
Billing and Cost Monitoring: CloudWatch can help you monitor your AWS billing and usage patterns, enabling you to optimize costs.
================================================
FILE: day-16/custom_metrics_demo/cloudwatch_metrics.py
================================================
from flask import Flask
import time
import random
import boto3
app = Flask(__name__)
# Initialize AWS CloudWatch client
cloudwatch = boto3.client('cloudwatch', region_name='us-east-1')
# Sample product data for our online store
products = {
'1': {'name': 'Product 1', 'price': 10.99},
'2': {'name': 'Product 2', 'price': 19.99},
'3': {'name': 'Product 3', 'price': 5.49}
}
@app.route('/')
def index():
start_time = time.time()
# Simulate processing time
time.sleep(random.uniform(0.1, 0.5))
# Log the page view metric to CloudWatch
log_metric('PageViews', 1)
# Log the response time metric to CloudWatch
response_time = (time.time() - start_time) * 1000
log_metric('ResponseTime', response_time)
return "Welcome to our Online Store!"
@app.route('/product/<product_id>')
def product(product_id):
start_time = time.time()
# Simulate processing time
time.sleep(random.uniform(0.2, 0.8))
# Log the page view metric to CloudWatch
log_metric('PageViews', 1)
# Log the response time metric to CloudWatch
response_time = (time.time() - start_time) * 1000
log_metric('ResponseTime', response_time)
if product_id in products:
return f"Product: {products[product_id]['name']}, Price: ${products[product_id]['price']}"
else:
return "Product not found."
def log_metric(metric_name, value):
# Send custom metric to CloudWatch
cloudwatch.put_metric_data(
Namespace='OnlineStore',
MetricData=[{
'MetricName': metric_name,
'Value': value,
'Unit': 'Count'
}]
)
if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000)
================================================
FILE: day-16/custom_metrics_demo/requirements.txt
================================================
flask
boto3
================================================
FILE: day-16/default_metrics_demo/cpu_spike.py
================================================
import time
def simulate_cpu_spike(duration=30, cpu_percent=80):
print(f"Simulating CPU spike at {cpu_percent}%...")
start_time = time.time()
# Calculate the number of iterations needed to achieve the desired CPU utilization
target_percent = cpu_percent / 100
total_iterations = int(target_percent * 5_000_000) # Adjust the number as needed
# Perform simple arithmetic operations to spike CPU utilization
for _ in range(total_iterations):
result = 0
for i in range(1, 1001):
result += i
# Wait for the rest of the time interval
elapsed_time = time.time() - start_time
remaining_time = max(0, duration - elapsed_time)
time.sleep(remaining_time)
print("CPU spike simulation completed.")
if __name__ == '__main__':
# Simulate a CPU spike for 30 seconds with 80% CPU utilization
simulate_cpu_spike(duration=30, cpu_percent=80)
================================================
FILE: day-17/README.md
================================================
# AWS Lambda Deep Dive for Beginners
## Introduction to Serverless Computing
Today, we're going to embark on an exciting journey into the world of serverless computing and explore AWS Lambda, a powerful service offered by Amazon Web Services.
So, what exactly is "serverless computing"? Don't worry; it's not about eliminating servers altogether. Instead, serverless computing is a cloud computing execution model where you, as a developer, don't have to manage servers directly. You focus solely on writing and deploying your code, while the cloud provider takes care of all the underlying infrastructure.
## Understanding AWS Lambda
In this serverless landscape, AWS Lambda shines as a leading service. AWS Lambda is a compute service that lets you run your code in response to events without the need to provision or manage servers. It automatically scales your applications based on incoming requests, so you don't have to worry about capacity planning or dealing with server maintenance.
## How Lambda Functions Fit into the Serverless World
At the heart of AWS Lambda are "Lambda functions." These are individual units of code that perform specific tasks. Think of them as small, single-purpose applications that run independently.
Here's how Lambda functions fit into the serverless world:
1. **Event-Driven Execution**: Lambda functions are triggered by events. An event could be anything, like a new file being uploaded to Amazon S3, a request hitting an API, or a specific time on the clock. When an event occurs, Lambda executes the corresponding function.
2. **No Server Management**: As a developer, you don't need to worry about managing servers. AWS handles everything behind the scenes. You just upload your code, configure the trigger, and Lambda takes care of the rest.
3. **Automatic Scaling**: Whether you have one user or one million users, Lambda scales automatically. Each function instance runs independently, ensuring that your application can handle any level of incoming traffic without manual intervention.
4. **Pay-per-Use**: One of the most attractive features of serverless computing is cost efficiency. With Lambda, you pay only for the compute time your code consumes. When your code isn't running, you're not charged.
5. **Supported Languages**: Lambda supports multiple programming languages like Node.js, Python, Java, Go, and more. You can choose the language you are comfortable with or that best fits your application's needs.
## Real-World Use Cases
Now, let's explore some real-world use cases to better understand how AWS Lambda can be applied:
1. **Automated Image Processing**: Imagine you have a photo-sharing app, and users upload images every day. You can use Lambda to automatically resize or compress these images as soon as they are uploaded to S3.
2. **Chatbots and Virtual Assistants**: Build interactive chatbots or voice-controlled virtual assistants using Lambda. These assistants can perform tasks like answering questions, fetching data, or even controlling smart home devices.
3. **Scheduled Data Backups**: Use Lambda to create scheduled tasks for backing up data from one storage location to another, ensuring data resilience and disaster recovery.
4. **Real-Time Analytics**: Lambda can process streaming data from IoT devices, social media, or other sources, allowing you to perform real-time analytics and gain insights instantly.
5. **API Backends**: Develop scalable API backends for web and mobile applications using Lambda. It automatically handles the incoming API requests and executes the corresponding functions.
================================================
FILE: day-18/README.md
================================================
# AWS Cloud Cost Optimization - Identifying Stale Resources
## Identifying Stale EBS Snapshots
In this example, we'll create a Lambda function that identifies EBS snapshots that are no longer associated with any active EC2 instance and deletes them to save on storage costs.
### Description:
The Lambda function fetches all EBS snapshots owned by the same account ('self') and also retrieves a list of active EC2 instances (running and stopped). For each snapshot, it checks if the associated volume (if exists) is not associated with any active instance. If it finds a stale snapshot, it deletes it, effectively optimizing storage costs.
================================================
FILE: day-18/ebs_stale_snapshosts.py
================================================
import boto3
def lambda_handler(event, context):
ec2 = boto3.client('ec2')
# Get all EBS snapshots
response = ec2.describe_snapshots(OwnerIds=['self'])
# Get all active EC2 instance IDs
instances_response = ec2.describe_instances(Filters=[{'Name': 'instance-state-name', 'Values': ['running']}])
active_instance_ids = set()
for reservation in instances_response['Reservations']:
for instance in reservation['Instances']:
active_instance_ids.add(instance['InstanceId'])
# Iterate through each snapshot and delete if it's not attached to any volume or the volume is not attached to a running instance
for snapshot in response['Snapshots']:
snapshot_id = snapshot['SnapshotId']
volume_id = snapshot.get('VolumeId')
if not volume_id:
# Delete the snapshot if it's not attached to any volume
ec2.delete_snapshot(SnapshotId=snapshot_id)
print(f"Deleted EBS snapshot {snapshot_id} as it was not attached to any volume.")
else:
# Check if the volume still exists
try:
volume_response = ec2.describe_volumes(VolumeIds=[volume_id])
if not volume_response['Volumes'][0]['Attachments']:
ec2.delete_snapshot(SnapshotId=snapshot_id)
print(f"Deleted EBS snapshot {snapshot_id} as it was taken from a volume not attached to any running instance.")
except ec2.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidVolume.NotFound':
# The volume associated with the snapshot is not found (it might have been deleted)
ec2.delete_snapshot(SnapshotId=snapshot_id)
print(f"Deleted EBS snapshot {snapshot_id} as its associated volume was not found.")
================================================
FILE: day-19/README.md
================================================
# Comprehensive Guide to CDN and CloudFront on AWS for Beginners
If you've never heard of CDN or CloudFront before, don't worry. we'll start from scratch and gradually build up your understanding. By the end, you'll be well-versed in these technologies. So lets get started.
## Table of Contents
1. Introduction to Content Delivery Networks (CDN)
2. What is CloudFront?
3. How Does CloudFront Work?
4. Benefits of CloudFront
5. Setting Up CloudFront on AWS
6. Use Cases and Scenarios
7. Tips and Best Practices
8. Conclusion
## 1. Introduction to Content Delivery Networks (CDN)
Imagine you have a website with lots of cool content, like images, videos, and documents. When a user visits your site from a different location far away from your server, the content might take a long time to load. That's where CDN comes to the rescue!
A CDN is like a network of servers spread across various locations worldwide. These servers store a copy of your website's content. When a user requests your website, the content is delivered from the server closest to the user, making it super fast! It's like having a local store for your website content everywhere in the world.
## 2. What is CloudFront?
CloudFront is Amazon Web Services' (AWS) very own CDN service. It integrates seamlessly with other AWS services and allows you to deliver content, videos, applications, and APIs securely with low-latency and high transfer speeds.
## 3. How Does CloudFront Work?
Let's understand how CloudFront works with a simple example:
Imagine you have a website with images stored on an Amazon S3 bucket (a cloud storage service). When a user requests an image, the request goes to CloudFront first.
Here's how the process flows:
- **Step 1**: CloudFront checks if it already has the requested image in its cache (storage). If it does, great! It sends the image directly to the user. If not, it proceeds to Step 2.
- **Step 2**: CloudFront fetches the image from the S3 bucket and stores a copy in its cache for future requests. Then, it sends the image to the user.
The next time someone requests the same image, CloudFront will deliver it from its cache, making it super fast and efficient!
## 4. Benefits of CloudFront
- **Fast Content Delivery**: CloudFront ensures your content reaches users with minimal delay, making your website lightning fast.
- **Global Reach**: With servers in various locations worldwide, CloudFront brings your content closer to users, regardless of where they are.
- **Security**: CloudFront provides security features like DDoS protection and SSL/TLS encryption to keep your content and users safe.
- **Scalability**: CloudFront can handle traffic spikes effortlessly, ensuring a smooth experience for your users.
- **Cost-Effective**: Pay only for the data transfer and requests made, making it cost-effective for businesses of all sizes.
## 5. Setting Up CloudFront on AWS
Now, let's get our hands dirty and set up CloudFront on AWS!
### Step 1: Create an S3 Bucket
1. Go to the AWS Management Console and navigate to Amazon S3.
2. Create a new bucket to store your website content.
### Step 2: Upload Content to the S3 Bucket
1. Upload images, videos, or any other content you want to serve through CloudFront to your S3 bucket.
### Step 3: Create a CloudFront Distribution
1. Go to the AWS Management Console and navigate to CloudFront.
2. Click "Create Distribution."
3. Choose whether you want to deliver a web application or content (like images and videos).
4. Configure your settings, such as the origin (your S3 bucket), cache behaviors, and security settings.
5. Click "Create Distribution" to set up CloudFront.
### Step 4: Update Website URLs
1. Once your CloudFront distribution is deployed (it may take a few minutes), you'll get a CloudFront domain name (e.g., `d1a2b3c4def.cloudfront.net`).
2. Replace the URLs of your website content with the CloudFront domain name.
That's it! Your content is now being delivered through CloudFront.
## 6. Use Cases and Scenarios
### Scenario 1: E-Commerce Website
Let's say you have an e-commerce website that sells products globally. By using CloudFront, your product images and videos load quickly for customers all over the world, improving the shopping experience.
### Scenario 2: Media Streaming
You're running a video streaming platform. With CloudFront, you can stream videos to users efficiently, regardless of their location, without buffering issues.
### Scenario 3: Software Downloads
If you offer software downloads, CloudFront can distribute your files faster, reducing download times and providing a better user experience.
## 7. Tips and Best Practices
- **Caching Strategies**: Configure cache settings wisely to balance freshness and speed for different types of content.
- **Invalidation**: Learn how to invalidate or clear cached content when you make updates to your website.
- **Monitoring and Reporting**: Use AWS tools to monitor your CloudFront distribution's performance and gain insights into user behavior.
## 8. Conclusion
By using CloudFront, you can dramatically improve your website's performance, making users happier and potentially boosting your application and business.
================================================
FILE: day-2/README.md
================================================
# IAM
AWS IAM (Identity and Access Management) is a service provided by Amazon Web Services (AWS) that helps you manage access to your AWS resources. It's like a security system for your AWS account.
IAM allows you to create and manage users, groups, and roles. Users represent individual people or entities who need access to your AWS resources. Groups are collections of users with similar access requirements, making it easier to manage permissions. Roles are used to grant temporary access to external entities or services.
With IAM, you can control and define permissions through policies. Policies are written in JSON format and specify what actions are allowed or denied on specific AWS resources. These policies can be attached to IAM entities (users, groups, or roles) to grant or restrict access to AWS services and resources.
IAM follows the principle of least privilege, meaning users and entities are given only the necessary permissions required for their tasks, minimizing potential security risks. IAM also provides features like multi-factor authentication (MFA) for added security and an audit trail to track user activity and changes to permissions.
By using AWS IAM, you can effectively manage and secure access to your AWS resources, ensuring that only authorized individuals have appropriate permissions and actions are logged for accountability and compliance purposes.
Overall, IAM is an essential component of AWS security, providing granular control over access to your AWS account and resources, reducing the risk of unauthorized access and helping maintain a secure environment.
## Components of IAM
Users: IAM users represent individual people or entities (such as applications or services) that interact with your AWS resources. Each user has a unique name and security credentials (password or access keys) used for authentication and access control.
Groups: IAM groups are collections of users with similar access requirements. Instead of managing permissions for each user individually, you can assign permissions to groups, making it easier to manage access control. Users can be added or removed from groups as needed.
Roles: IAM roles are used to grant temporary access to AWS resources. Roles are typically used by applications or services that need to access AWS resources on behalf of users or other services. Roles have associated policies that define the permissions and actions allowed for the role.
Policies: IAM policies are JSON documents that define permissions. Policies specify the actions that can be performed on AWS resources and the resources to which the actions apply. Policies can be attached to users, groups, or roles to control access. IAM provides both AWS managed policies (predefined policies maintained by AWS) and customer managed policies (policies created and managed by you).
================================================
FILE: day-2/interview-questions
================================================
# Interview Questions
Q: What is AWS IAM, and why is it important?
A: AWS IAM (Identity and Access Management) is a service provided by Amazon Web Services that helps you control access to your AWS resources. It allows you to manage user identities, permissions, and policies. IAM is important because it enhances security by ensuring that only authorized individuals or entities have access to your AWS resources, helping you enforce the principle of least privilege and maintain a secure environment.
Q: What is the difference between IAM users and IAM roles?
A: IAM users represent individual people or entities that need access to your AWS resources. They have their own credentials and are typically associated with long-term access. On the other hand, IAM roles are used to grant temporary access to AWS resources, usually for applications or services. Roles have associated policies and can be assumed by trusted entities to access resources securely.
Q: What are IAM policies, and how do they work?
A: IAM policies are JSON documents that define permissions. They specify what actions are allowed or denied on AWS resources and can be attached to IAM users, groups, or roles. Policies control access by matching the actions requested by a user or entity with the actions allowed or denied in the policy. If a requested action matches an allowed action in the policy, access is granted; otherwise, it is denied.
Q: What is the principle of least privilege, and why is it important in IAM?
A: The principle of least privilege states that users should be granted only the permissions necessary to perform their tasks and nothing more. It is important in IAM because it minimizes the risk of unauthorized access and limits the potential damage that could be caused by a compromised account. Following the principle of least privilege helps maintain a secure environment by ensuring that users have only the permissions they need to perform their job responsibilities.
Q: What is an AWS managed policy?
A: An AWS managed policy is a predefined policy created and managed by AWS. These policies cover common use cases and provide predefined permissions for specific AWS services or actions. AWS managed policies are maintained and updated by AWS, ensuring they stay up to date with new AWS services and features. They can be attached to IAM users, groups, or roles in your AWS account.
================================================
FILE: day-20/README.md
================================================
# Introduction to AWS ECR (Elastic Container Registry)
In this video, we will deep dive into the fundamental concepts of ECR and provide you with a step-by-step practical guide on how to use it effectively. So, let's get started!
## Table of Contents
1. What is AWS ECR?
2. Key Benefits of ECR
3. Getting Started with AWS ECR
- Creating an ECR Repository
- Installing AWS CLI
- Configuring AWS CLI
4. Pushing Docker Images to ECR
5. Pulling Docker Images from ECR
6. Cleaning Up Resources
## 1. What is AWS ECR?
AWS Elastic Container Registry (ECR) is a fully managed container image registry service provided by Amazon Web Services (AWS). It enables you to store, manage, and deploy container images (Docker images) securely, making it an essential component of your containerized application development workflow. ECR integrates seamlessly with other AWS services like Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS).
## 2. Key Benefits of ECR
- **Security**: ECR offers encryption at rest, and images are stored in private repositories by default, ensuring the security of your container images.
- **Integration**: ECR integrates smoothly with AWS services like ECS and EKS, simplifying the deployment process.
- **Scalability**: As a managed service, ECR automatically scales to meet the demands of your container image storage.
- **Availability**: ECR guarantees high availability, reducing the risk of image unavailability during critical times.
- **Lifecycle Policies**: You can define lifecycle policies to automate the cleanup of unused or old container images, helping you save on storage costs.
## 3. Getting Started with AWS ECR
### Creating an ECR Repository
1. Go to the AWS Management Console and navigate to the Amazon ECR service.
2. Click on "Create repository" to create a new repository.
3. Enter a unique name for your repository and click "Create repository."
### Installing AWS CLI
To interact with ECR from your local machine, you'll need to have the AWS Command Line Interface (CLI) installed. Follow the instructions in the [AWS CLI User Guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html) to install it.
### Configuring AWS CLI
After installing the AWS CLI, open a terminal and run the following command to configure your CLI with your AWS credentials:
```
aws configure
```
Enter your AWS Access Key ID, Secret Access Key, default region, and preferred output format when prompted.
## 4. Pushing Docker Images to ECR
Now that you have your ECR repository set up and the AWS CLI configured, let's push a Docker image to ECR.
1. Build your Docker image locally using the `docker build` command:
```
docker build -t <your-image-name> <path-to-dockerfile>
```
2. Tag the image with your ECR repository URI:
```
docker tag <your-image-name>:<tag> <your-aws-account-id>.dkr.ecr.<your-region>.amazonaws.com/<your-repository-name>:<tag>
```
3. Log in to your ECR registry using the AWS CLI:
```
aws ecr get-login-password --region <your-region> | docker login --username AWS --password-stdin <your-aws-account-id>.dkr.ecr.<your-region>.amazonaws.com
```
4. Push the Docker image to ECR:
```
docker push <your-aws-account-id>.dkr.ecr.<your-region>.amazonaws.com/<your-repository-name>:<tag>
```
## 5. Pulling Docker Images from ECR
To pull and use the Docker images from ECR on another system or AWS service, follow these steps:
1. Log in to ECR using the AWS CLI as shown in Step 3 of the previous section.
2. Pull the Docker image from ECR:
```
docker pull <your-aws-account-id>.dkr.ecr.<your-region>.amazonaws.com/<your-repository-name>:<tag>
```
## 6. Cleaning Up Resources
As good practice, remember to clean up resources that you no longer need to avoid unnecessary costs. To delete an ECR repository:
1. Make sure there are no images in the repository, or delete the images using `docker rmi` locally.
2. Go to the AWS Management Console, navigate to the Amazon ECR service, and select your repository.
3. Click on "Delete" and confirm the action.
================================================
FILE: day-21/Dockerfile
================================================
# Use the official Python image as the base image
FROM python:3.9
# Set the working directory in the container
WORKDIR /app
# Copy the Python dependencies file to the container
COPY requirements.txt .
# Install the Python dependencies
RUN pip install --no-cache-dir -r requirements.txt
# Copy the Flask application code to the container
COPY app.py .
# Expose the port the Flask application will run on
EXPOSE 3000
# Command to run the Flask application when the container starts
CMD ["python", "app.py"]
================================================
FILE: day-21/README.md
================================================
# AWS ECS Deep Dive
## Introduction
In the ever-evolving world of cloud computing, containerization has emerged as a pivotal technology, enabling developers to package their applications along with all dependencies into a single, portable unit. Amazon Elastic Container Service (ECS), a fully managed container orchestration service from AWS, simplifies the deployment, management, and scaling of containerized applications.
This blog post aims to be your ultimate guide to AWS ECS. We'll start from the fundamentals and gradually delve into the comparisons with its alternatives. We'll also discuss the pros and cons of ECS, provide step-by-step instructions for installation and configuration, and finally, guide you through deploying your first application on ECS.
## Table of Contents
1. What is AWS ECS?
2. Why Choose ECS Over Other Container Orchestration Tools?
3. ECS Fundamentals
- Clusters
- Task Definitions
- Tasks
- Services
4. Pros of Using AWS ECS
5. Cons of Using AWS ECS
6. Installation and Configuration
- Prerequisites
- Setting Up ECS CLI
- Configuring AWS Credentials
7. Deploying Your First Application on ECS
- Preparing the Application
- Creating a Task Definition
- Configuring the Service
- Deploying the Service
- Monitoring the Service
8. Conclusion
## 1. What is AWS ECS?
AWS ECS is a fully managed container orchestration service that allows you to run Docker containers at scale. It eliminates the need to manage your own container orchestration infrastructure and provides a highly scalable, reliable, and secure environment for deploying and managing your applications.
## 2. Why Choose ECS Over Other Container Orchestration Tools?
Before diving deep into ECS, let's compare it with some popular alternatives like Kubernetes and Docker Swarm.
### Comparison with Kubernetes:
Kubernetes is undoubtedly a powerful container orchestration tool with a vast ecosystem, but it comes with a steeper learning curve. ECS, on the other hand, offers a more straightforward setup and is tightly integrated with other AWS services, making it a preferred choice for AWS-centric environments.
### Comparison with Docker Swarm:
Docker Swarm is relatively easy to set up and is suitable for small to medium-scale deployments. However, as your application grows, ECS outshines Docker Swarm in terms of scalability, reliability, and seamless integration with AWS features like IAM roles and CloudWatch.
## 3. ECS Fundamentals
To understand ECS better, let's explore its core components:
### Clusters:
A cluster is a logical grouping of EC2 instances or Fargate tasks on which you run your containers. It acts as the foundation of ECS, where you can deploy your services.
### Task Definitions:
Task Definitions define how your containers should run, including the Docker image to use, CPU and memory requirements, networking, and more. It is like a blueprint for your containers.
### Tasks:
A task represents a single running instance of a task definition within a cluster. It could be a single container or multiple related containers that need to work together.
### Services:
Services help you maintain a specified number of running tasks simultaneously, ensuring high availability and load balancing for your applications.
## 4. Pros of Using AWS ECS
- **Fully Managed Service**: AWS handles the underlying infrastructure, making it easier for you to focus on deploying and managing applications.
- **Seamless Integration**: ECS seamlessly integrates with other AWS services like IAM, CloudWatch, Load Balancers, and more.
- **Scalability**: With support for Auto Scaling, ECS can automatically adjust the number of tasks based on demand.
- **Cost-Effective**: You pay only for the AWS resources you use, and you can take advantage of cost optimization features.
## 5. Cons of Using AWS ECS
- **AWS-Centric**: If you have a multi-cloud strategy or already invested heavily in another cloud provider, ECS's tight integration with AWS might be a limitation.
- **Learning Curve for Advanced Features**: While basic usage is easy, utilizing more advanced features might require a deeper understanding.
- **Limited Flexibility**: Although ECS can run non-Docker workloads with EC2 launch types, it is primarily optimized for Docker containers.
## 6. Installation and Configuration
Let's get our hands dirty and set up AWS ECS step-by-step.
### Prerequisites:
- An AWS account with appropriate IAM permissions.
- The AWS CLI and ECS CLI installed on your local machine.
### Setting Up ECS CLI:
ECS CLI is a command-line tool that simplifies the process of creating and managing ECS resources.
```bash
$ ecs-cli configure --region <region> --access-key <access-key> --secret-key <secret-key> --cluster <cluster-name>
```
### Configuring AWS Credentials:
Ensure you have the necessary AWS credentials configured using `aws configure` command.
## 7. Deploying Your First Application on ECS
In this section, we'll deploy a simple web application using ECS.
### Preparing the Application:
1. Create a Dockerfile for your web application.
2. Build the Docker image and push it to Amazon ECR (Elastic Container Registry).
### Creating a Task Definition:
Define the task using the ECS CLI or the AWS Management Console.
### Configuring the Service:
Create an ECS service to manage the desired number of tasks and set up load balancing.
### Deploying the Service:
Use the ECS CLI or the AWS Management Console to deploy the service.
### Monitoring the Service:
Monitor your ECS service using AWS CloudWatch metrics and logs.
## 8. Conclusion
In conclusion, AWS ECS offers a robust and user-friendly platform for deploying and managing containerized applications. We covered the fundamentals of ECS, compared it with its alternatives, discussed its pros and cons, and walked through the installation, configuration, and deployment of a sample application.
================================================
FILE: day-21/app.py
================================================
# app.py
from flask import Flask
app = Flask(__name__)
# Route to the root URL
@app.route('/')
def hello():
return 'Hello, Flask on Docker!'
# Route to a custom endpoint
@app.route('/greet/<name>')
def greet(name):
return f'Hello, {name}! Welcome to Flask on Docker.'
if __name__ == '__main__':
app.run(host='0.0.0.0', port=3000)
================================================
FILE: day-21/commands.md
================================================
# Login to ECR (replace <region> and <account-id> with your actual values)
$ aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region>.amazonaws.com
# Build the Docker image (replace <repo-name> with your ECR repository name)
$ docker build -t <account-id>.dkr.ecr.<region>.amazonaws.com/<repo-name>:latest .
# Push the Docker image to ECR (replace <repo-name> with your ECR repository name)
$ docker push <account-id>.dkr.ecr.<region>.amazonaws.com/<repo-name>:latest
================================================
FILE: day-21/requirements.txt
================================================
Flask==2.0.1
================================================
FILE: day-22/2048-app-deploy-ingress.md
================================================
# 2048 App
## Create Fargate profile
```
eksctl create fargateprofile \
--cluster demo-cluster \
--region us-east-1 \
--name alb-sample-app \
--namespace game-2048
```
## Deploy the deployment, service and Ingress
```
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/examples/2048/2048_full.yaml
```
================================================
FILE: day-22/README.md
================================================
# AWS EKS
## Introduction
## Table of Contents:
1. [Understanding Kubernetes Fundamentals](#understanding-kubernetes-fundamentals)
- 1.1 [EKS vs. Self-Managed Kubernetes: Pros and Cons](#eks-vs-self-managed-kubernetes-pros-and-cons)
2. [Setting up your AWS Environment for EKS](#setting-up-your-aws-environment-for-eks)
- 2.1 [Creating an AWS Account and Setting up IAM Users](#creating-an-aws-account-and-setting-up-iam-users)
- 2.2 [Configuring the AWS CLI and kubectl](#configuring-the-aws-cli-and-kubectl)
- 2.3 [Preparing Networking and Security Groups for EKS](#preparing-networking-and-security-groups-for-eks)
3. [Launching your First EKS Cluster](#launching-your-first-eks-cluster)
- 3.1 [Using the EKS Console for Cluster Creation](#using-the-eks-console-for-cluster-creation)
- 3.2 [Launching an EKS Cluster via AWS CLI](#launching-an-eks-cluster-via-aws-cli)
- 3.3 [Authenticating with the EKS Cluster](#authenticating-with-the-eks-cluster)
4. [Deploying Applications on EKS](#deploying-applications-on-eks)
- 4.1 [Containerizing Applications with Docker](#containerizing-applications-with-docker)
- 4.2 [Writing Kubernetes Deployment YAMLs](#writing-kubernetes-deployment-yamls)
- 4.3 [Deploying Applications to EKS: Step-by-step Guide](#deploying-applications-to-eks-step-by-step-guide)
## Understanding Kubernetes Fundamentals
### 1.1 EKS vs. Self-Managed Kubernetes: Pros and Cons
1.1.1 EKS (Amazon Elastic Kubernetes Service)
Pros:
Managed Control Plane: EKS takes care of managing the Kubernetes control plane components, such as the API server, controller manager, and etcd. AWS handles upgrades, patches, and ensures high availability of the control plane.
Automated Updates: EKS automatically updates the Kubernetes version, eliminating the need for manual intervention and ensuring that the cluster stays up-to-date with the latest features and security patches.
Scalability: EKS can automatically scale the Kubernetes control plane based on demand, ensuring the cluster remains responsive as the workload increases.
AWS Integration: EKS seamlessly integrates with various AWS services, such as AWS IAM for authentication and authorization, Amazon VPC for networking, and AWS Load Balancers for service exposure.
Security and Compliance: EKS is designed to meet various security standards and compliance requirements, providing a secure and compliant environment for running containerized workloads.
Monitoring and Logging: EKS integrates with AWS CloudWatch for monitoring cluster health and performance metrics, making it easier to track and troubleshoot issues.
Ecosystem and Community: Being a managed service, EKS benefits from continuous improvement, support, and contributions from the broader Kubernetes community.
Cons:
Cost: EKS is a managed service, and this convenience comes at a cost. Running an EKS cluster may be more expensive compared to self-managed Kubernetes, especially for large-scale deployments.
Less Control: While EKS provides a great deal of automation, it also means that you have less control over the underlying infrastructure and some Kubernetes configurations.
1.1.2 Self-Managed Kubernetes on EC2 Instances
Pros:
Cost-Effective: Self-managed Kubernetes allows you to take advantage of EC2 spot instances and reserved instances, potentially reducing the overall cost of running Kubernetes clusters.
Flexibility: With self-managed Kubernetes, you have full control over the cluster's configuration and infrastructure, enabling customization and optimization for specific use cases.
EKS-Compatible: Self-managed Kubernetes on AWS can still leverage various AWS services and features, enabling integration with existing AWS resources.
Experimental Features: Self-managed Kubernetes allows you to experiment with the latest Kubernetes features and versions before they are officially supported by EKS.
Cons:
Complexity: Setting up and managing a self-managed Kubernetes cluster can be complex and time-consuming, especially for those new to Kubernetes or AWS.
Maintenance Overhead: Self-managed clusters require manual management of Kubernetes control plane updates, patches, and high availability.
Scaling Challenges: Scaling the control plane of a self-managed cluster can be challenging, and it requires careful planning to ensure high availability during scaling events.
Security and Compliance: Self-managed clusters may require additional effort to implement best practices for security and compliance compared to EKS, which comes with some built-in security features.
Lack of Automation: Self-managed Kubernetes requires more manual intervention and scripting for certain operations, which can increase the risk of human error.
## Setting up your AWS Environment for EKS
Sure! Let's go into detail for each subsection:
## 2.1 Creating an AWS Account and Setting up IAM Users
Creating an AWS account is the first step to access and utilize AWS services, including Amazon Elastic Kubernetes Service (EKS). Here's a step-by-step guide to creating an AWS account and setting up IAM users:
1. **Create an AWS Account**:
- Go to the AWS website (https://aws.amazon.com/) and click on the "Create an AWS Account" button.
- Follow the on-screen instructions to provide your email address, password, and required account details.
- Enter your payment information to verify your identity and set up billing.
2. **Access AWS Management Console**:
- After creating the account, you will receive a verification email. Follow the link in the email to verify your account.
- Log in to the AWS Management Console using your email address and password.
3. **Set up Multi-Factor Authentication (MFA)** (Optional but recommended):
- Once you are logged in, set up MFA to add an extra layer of security to your AWS account. You can use MFA with a virtual MFA device or a hardware MFA device.
4. **Create IAM Users**:
- Go to the IAM (Identity and Access Management) service in the AWS Management Console.
- Click on "Users" in the left-hand navigation pane and then click on "Add user."
- Enter a username for the new IAM user and select the access type (Programmatic access, AWS Management Console access, or both).
- Choose the permissions for the IAM user by adding them to one or more IAM groups or attaching policies directly.
- Optionally, set permissions boundary, tags, and enable MFA for the IAM user.
5. **Access Keys (for Programmatic Access)**:
- If you selected "Programmatic access" during user creation, you will receive access keys (Access Key ID and Secret Access Key).
- Store these access keys securely, as they will be used to authenticate API requests made to AWS services.
## 2.2 Configuring the AWS CLI and kubectl
With IAM users set up, you can now configure the AWS CLI and kubectl on your local machine to interact with AWS services and EKS clusters:
1. **Installing the AWS CLI**:
- Download and install the AWS CLI on your local machine. You can find installation instructions for various operating systems [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html).
2. **Configuring AWS CLI Credentials**:
- Open a terminal or command prompt and run the following command:
```
aws configure
```
- Enter the access key ID and secret access key of the IAM user you created earlier.
- Choose a default region and output format for AWS CLI commands.
3. **Installing kubectl**:
- Install kubectl on your local machine. Instructions can be found [here](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
4. **Configuring kubectl for EKS**:
- Once kubectl is installed, you need to configure it to work with your EKS cluster.
- In the AWS Management Console, go to the EKS service and select your cluster.
- Click on the "Config" button and follow the instructions to update your kubeconfig file. Alternatively, you can use the AWS CLI to update the kubeconfig file:
```
aws eks update-kubeconfig --name your-cluster-name
```
- Verify the configuration by running a kubectl command against your EKS cluster:
```
kubectl get nodes
```
## 2.3 Preparing Networking and Security Groups for EKS
Before launching an EKS cluster, you need to prepare the networking and security groups to ensure proper communication and security within the cluster:
1. **Creating an Amazon VPC (Virtual Private Cloud)**:
- Go to the AWS Management Console and navigate to the VPC service.
- Click on "Create VPC" and enter the necessary details like VPC name, IPv4 CIDR block, and subnets.
- Create public and private subnets to distribute resources in different availability zones.
Sure! Let's go into detail for each of the points:
2. **Configuring Security Groups**
**Security Groups** are a fundamental aspect of Amazon Web Services (AWS) that act as virtual firewalls for your AWS resources, including Amazon Elastic Kubernetes Service (EKS) clusters. Security Groups control inbound and outbound traffic to and from these resources based on rules you define. Here's a step-by-step guide on configuring Security Groups for your EKS cluster:
1. **Create a Security Group**:
- Go to the AWS Management Console and navigate to the Amazon VPC service.
- Click on "Security Groups" in the left-hand navigation pane.
- Click on "Create Security Group."
- Provide a name and description for the Security Group.
- Select the appropriate VPC for the Security Group.
2. **Inbound Rules**:
- Define inbound rules to control incoming traffic to your EKS worker nodes.
- By default, all inbound traffic is denied unless you explicitly allow it.
- Common inbound rules include allowing SSH (port 22) access for administrative purposes and allowing ingress traffic from specific CIDR blocks or Security Groups.
3. **Outbound Rules**:
- Define outbound rules to control the traffic leaving your EKS worker nodes.
- By default, all outbound traffic is allowed unless you explicitly deny it.
- For security purposes, you can restrict outbound traffic to specific destinations or ports.
4. **Security Group IDs**:
- After creating the Security Group, you'll receive a Security Group ID. This ID will be used when launching your EKS worker nodes.
5. **Attach Security Group to EKS Worker Nodes**:
- When launching the EKS worker nodes, specify the Security Group ID in the launch configuration. This associates the Security Group with the worker nodes, allowing them to communicate based on the defined rules.
Configuring Security Groups ensures that only the necessary traffic is allowed to and from your EKS worker nodes, enhancing the security of your EKS cluster.
3. **Setting Up Internet Gateway (IGW)**
An **Internet Gateway (IGW)** is a horizontally scaled, redundant, and highly available AWS resource that allows communication between your VPC and the internet. To enable EKS worker nodes to access the internet for tasks like pulling container images, you need to set up an Internet Gateway in your VPC. Here's how to do it:
1. **Create an Internet Gateway**:
- Go to the AWS Management Console and navigate to the Amazon VPC service.
- Click on "Internet Gateways" in the left-hand navigation pane.
- Click on "Create Internet Gateway."
- Provide a name for the Internet Gateway and click "Create Internet Gateway."
2. **Attach Internet Gateway to VPC**:
- After creating the Internet Gateway, select the Internet Gateway in the list and click on "Attach to VPC."
- Choose the VPC to which you want to attach the Internet Gateway and click "Attach."
3. **Update Route Tables**:
- Go to "Route Tables" in the Amazon VPC service.
- Identify the Route Table associated with the private subnets where your EKS worker nodes will be deployed.
- Edit the Route Table and add a route with the destination `0.0.0.0/0` (all traffic) and the Internet Gateway ID as the target.
By setting up an Internet Gateway and updating the Route Tables, you provide internet access to your EKS worker nodes, enabling them to interact with external resources like container registries and external services.
4. **Configuring IAM Policies**
**Identity and Access Management (IAM)** is a service in AWS that allows you to manage access to AWS resources securely. IAM policies define permissions that specify what actions are allowed or denied on specific AWS resources. For your EKS cluster, you'll need to configure IAM policies to grant necessary permissions to your worker nodes and other resources. Here's how to do it:
1. **Create a Custom IAM Policy**:
- Go to the AWS Management Console and navigate to the IAM service.
- Click on "Policies" in the left-hand navigation pane.
- Click on "Create policy."
- Choose "JSON" as the policy language and define the permissions required for your EKS cluster. For example, you might need permissions for EC2 instances, Auto Scaling, Elastic Load Balancing, and accessing ECR (Elastic Container Registry).
2. **Attach the IAM Policy to IAM Roles**:
- Go to "Roles" in the IAM service and select the IAM role that your EKS worker nodes will assume.
- Click on "Attach policies" and search for the custom IAM policy you created in the previous step.
- Attach the policy to the IAM role.
3. **Update EKS Worker Node Launch Configuration**:
- When launching your EKS worker nodes, specify the IAM role ARN (Amazon Resource Name) of the IAM role that includes the necessary IAM policy.
- The IAM role allows the worker nodes to authenticate with the EKS cluster and access AWS resources based on the permissions defined in the attached IAM policy.
By configuring IAM policies and associating them with IAM roles, you grant specific permissions to your EKS worker nodes, ensuring they can interact with AWS resources as needed while maintaining security and access control.
By completing these steps, your AWS environment is ready to host an Amazon EKS cluster. You can proceed with creating an EKS cluster using the AWS Management Console or AWS CLI as described in section 3.
================================================
FILE: day-22/alb-controller-add-on.md
================================================
# How to setup alb add on
Download IAM policy
```
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.11.0/docs/install/iam_policy.json
```
Create IAM Policy
```
aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.json
```
Create IAM Role
```
eksctl create iamserviceaccount \
--cluster=<your-cluster-name> \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--role-name AmazonEKSLoadBalancerControllerRole \
--attach-policy-arn=arn:aws:iam::<your-aws-account-id>:policy/AWSLoadBalancerControllerIAMPolicy \
--approve
```
## Deploy ALB controller
Add helm repo
```
helm repo add eks https://aws.github.io/eks-charts
```
Update the repo
```
helm repo update eks
```
Install
```
helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system \
--set clusterName=<your-cluster-name> \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller \
--set region=<your-region> \
--set vpcId=<your-vpc-id>
```
Verify that the deployments are running.
```
kubectl get deployment -n kube-system aws-load-balancer-controller
```
================================================
FILE: day-22/configure-oidc-connector.md
================================================
# commands to configure IAM OIDC provider
```
export cluster_name=demo-cluster
```
```
oidc_id=$(aws eks describe-cluster --name $cluster_name --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5)
```
## Check if there is an IAM OIDC provider configured already
- aws iam list-open-id-connect-providers | grep $oidc_id | cut -d "/" -f4\n
If not, run the below command
```
eksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve
```
================================================
FILE: day-22/installing-eks.md
================================================
# Install EKS
Please follow the prerequisites doc before this.
## Install using Fargate
```
eksctl create cluster --name demo-cluster --region us-east-1 --fargate
```
## Delete the cluster
```
eksctl delete cluster --name demo-cluster --region us-east-1
```
================================================
FILE: day-22/prerequisites.md
================================================
# prerequisites
kubectl – A command line tool for working with Kubernetes clusters. For more information, see [Installing or updating kubectl]("https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html").
eksctl – A command line tool for working with EKS clusters that automates many individual tasks. For more information, see [Installing or updating]("https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html").
AWS CLI – A command line tool for working with AWS services, including Amazon EKS. For more information, see [Installing, updating, and uninstalling the AWS CLI]("https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html") in the AWS Command Line Interface User Guide. After installing the AWS CLI, we recommend that you also configure it. For more information, see [Quick configuration]("https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-config") with aws configure in the AWS Command Line Interface User Guide.
================================================
FILE: day-22/sample-app.md
================================================
# Sample App deployment
## Copy the deploy.yml to your local and save it with name deploy.yml
```
apiVersion: apps/v1
kind: Deployment
metadata:
name: eks-sample-linux-deployment
labels:
app: eks-sample-linux-app
spec:
replicas: 3
selector:
matchLabels:
app: eks-sample-linux-app
template:
metadata:
labels:
app: eks-sample-linux-app
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
containers:
- name: nginx
image: public.ecr.aws/nginx/nginx:1.23
ports:
- name: http
containerPort: 80
imagePullPolicy: IfNotPresent
nodeSelector:
kubernetes.io/os: linux
```
## Deploy the app
```
kubectl apply -f deploy.yaml
```
## Copy the below file as service.yml
```
apiVersion: v1
kind: Service
metadata:
name: eks-sample-linux-service
labels:
app: eks-sample-linux-app
spec:
selector:
app: eks-sample-linux-app
ports:
- protocol: TCP
port: 80
targetPort: 80
```
## Deploy the service
```
kubectl apply -f service.yaml
```
================================================
FILE: day-24/main.tf
================================================
resource "aws_vpc" "myvpc" {
cidr_block = var.cidr
}
resource "aws_subnet" "sub1" {
vpc_id = aws_vpc.myvpc.id
cidr_block = "10.0.0.0/24"
availability_zone = "us-east-1a"
map_public_ip_on_launch = true
}
resource "aws_subnet" "sub2" {
vpc_id = aws_vpc.myvpc.id
cidr_block = "10.0.1.0/24"
availability_zone = "us-east-1b"
map_public_ip_on_launch = true
}
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.myvpc.id
}
resource "aws_route_table" "RT" {
vpc_id = aws_vpc.myvpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id
}
}
resource "aws_route_table_association" "rta1" {
subnet_id = aws_subnet.sub1.id
route_table_id = aws_route_table.RT.id
}
resource "aws_route_table_association" "rta2" {
subnet_id = aws_subnet.sub2.id
route_table_id = aws_route_table.RT.id
}
resource "aws_security_group" "webSg" {
name = "web"
vpc_id = aws_vpc.myvpc.id
ingress {
description = "HTTP from VPC"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "Web-sg"
}
}
resource "aws_s3_bucket" "example" {
bucket = "abhisheksterraform2023project"
}
resource "aws_instance" "webserver1" {
ami = "ami-0261755bbcb8c4a84"
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.webSg.id]
subnet_id = aws_subnet.sub1.id
user_data = base64encode(file("userdata.sh"))
}
resource "aws_instance" "webserver2" {
ami = "ami-0261755bbcb8c4a84"
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.webSg.id]
subnet_id = aws_subnet.sub2.id
user_data = base64encode(file("userdata1.sh"))
}
#create alb
resource "aws_lb" "myalb" {
name = "myalb"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.webSg.id]
subnets = [aws_subnet.sub1.id, aws_subnet.sub2.id]
tags = {
Name = "web"
}
}
resource "aws_lb_target_group" "tg" {
name = "myTG"
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.myvpc.id
health_check {
path = "/"
port = "traffic-port"
}
}
resource "aws_lb_target_group_attachment" "attach1" {
target_group_arn = aws_lb_target_group.tg.arn
target_id = aws_instance.webserver1.id
port = 80
}
resource "aws_lb_target_group_attachment" "attach2" {
target_group_arn = aws_lb_target_group.tg.arn
target_id = aws_instance.webserver2.id
port = 80
}
resource "aws_lb_listener" "listener" {
load_balancer_arn = aws_lb.myalb.arn
port = 80
protocol = "HTTP"
default_action {
target_group_arn = aws_lb_target_group.tg.arn
type = "forward"
}
}
output "loadbalancerdns" {
value = aws_lb.myalb.dns_name
}
================================================
FILE: day-24/provider.tf
================================================
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.11.0"
}
}
}
provider "aws" {
# Configuration options
region = "us-east-1"
}
================================================
FILE: day-24/userdata.sh
================================================
#!/bin/bash
apt update
apt install -y apache2
# Get the instance ID using the instance metadata
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
# Install the AWS CLI
apt install -y awscli
# Download the images from S3 bucket
#aws s3 cp s3://myterraformprojectbucket2023/project.webp /var/www/html/project.png --acl public-read
# Create a simple HTML file with the portfolio content and display the images
cat <<EOF > /var/www/html/index.html
<!DOCTYPE html>
<html>
<head>
<title>My Portfolio</title>
<style>
/* Add animation and styling for the text */
@keyframes colorChange {
0% { color: red; }
50% { color: green; }
100% { color: blue; }
}
h1 {
animation: colorChange 2s infinite;
}
</style>
</head>
<body>
<h1>Terraform Project Server 1</h1>
<h2>Instance ID: <span style="color:green">$INSTANCE_ID</span></h2>
<p>Welcome to Abhishek Veeramalla's Channel</p>
</body>
</html>
EOF
# Start Apache and enable it on boot
systemctl start apache2
systemctl enable apache2
================================================
FILE: day-24/userdata1.sh
================================================
#!/bin/bash
apt update
apt install -y apache2
# Get the instance ID using the instance metadata
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
# Install the AWS CLI
apt install -y awscli
# Download the images from S3 bucket
#aws s3 cp s3://myterraformprojectbucket2023/project.webp /var/www/html/project.png --acl public-read
# Create a simple HTML file with the portfolio content and display the images
cat <<EOF > /var/www/html/index.html
<!DOCTYPE html>
<html>
<head>
<title>My Portfolio</title>
<style>
/* Add animation and styling for the text */
@keyframes colorChange {
0% { color: red; }
50% { color: green; }
100% { color: blue; }
}
h1 {
animation: colorChange 2s infinite;
}
</style>
</head>
<body>
<h1>Terraform Project Server 1</h1>
<h2>Instance ID: <span style="color:green">$INSTANCE_ID</span></h2>
<p>Welcome to CloudChamp's Channel</p>
</body>
</html>
EOF
# Start Apache and enable it on boot
systemctl start apache2
systemctl enable apache2
================================================
FILE: day-24/variables.tf
================================================
variable "cidr" {
default = "10.0.0.0/16"
}
================================================
FILE: day-25/README.md
================================================
# AWS Config
we'll use AWS Config to detect compliant and non-compliant ec2 instances for below rule.
- compliant ec2 instance has monitoring enabled
- non-compliant ec2 instance does not have monitoring enabled
Step 1: Set Up AWS Config
Log in to your AWS Management Console.
Navigate to the AWS Config service.
Click on "Get started" if you're using AWS Config for the first time.
Configure the delivery channel settings, which include specifying an Amazon S3 bucket where AWS Config will store configuration history.
Choose the resource types you want AWS Config to monitor. In this case, select "Amazon EC2 Instances."
Step 2: Create a Custom Config Rule
Navigate to the AWS Config console.
In the left navigation pane, click on "Rules."
Click on the "Add rule" button.
Choose "Create a custom rule."
Give your rule a name and description (e.g., "Monitoring for EC2 Instances").
For "Scope of changes," choose "Resources."
Define the rule trigger. You can use AWS Lambda as the trigger source. If you haven't already created a Lambda function for this rule, create one that checks whether monitoring is enabled for an EC2 instance. The Lambda function will return whether the resource is compliant or not based on monitoring status.
Step 3: Define the Custom Rule in AWS Config
Choose your Lambda function from the dropdown list as the evaluator for the rule.
Specify the trigger type (e.g., "Configuration changes").
Save the rule.
Step 4: Monitor and Alert
AWS Config will now continuously evaluate your EC2 instances against the rule you've created.
If any EC2 instance is found without monitoring enabled, the custom rule's Lambda function will mark it as non-compliant.
================================================
FILE: day-25/lambda_function.py
================================================
import boto3
import json
def lambda_handler(event, context):
# Get the specific EC2 instance.
ec2_client = boto3.client('ec2')
# Assume compliant by default
compliance_status = "COMPLIANT"
# Extract the configuration item from the invokingEvent
config = json.loads(event['invokingEvent'])
configuration_item = config["configurationItem"]
# Extract the instanceId
instance_id = configuration_item['configuration']['instanceId']
# Get complete Instance details
instance = ec2_client.describe_instances(InstanceIds=[instance_id])['Reservations'][0]['Instances'][0]
# Check if the specific EC2 instance has Cloud Trail logging enabled.
if not instance['Monitoring']['State'] == "enabled":
compliance_status = "NON_COMPLIANT"
evaluation = {
'ComplianceResourceType': 'AWS::EC2::Instance',
'ComplianceResourceId': instance_id,
'ComplianceType': compliance_status,
'Annotation': 'Detailed monitoring is not enabled.',
'OrderingTimestamp': config['notificationCreationTime']
}
config_client = boto3.client('config')
response = config_client.put_evaluations(
Evaluations=[evaluation],
ResultToken=event['resultToken']
)
return response
================================================
FILE: day-25/lambda_function_permissions.md
================================================
Below are the permissions that you need to grant to the role that executes the lambda function used in the project.
================================================
FILE: day-3/README.md
================================================
# What will you learn
## Introduction to EC2:
What is EC2, and why is it important?
```
- Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud.
- Access reliable, scalable infrastructure on demand. Scale capacity within minutes with SLA commitment of 99.99% availability.
- Provide secure compute for your applications. Security is built into the foundation of Amazon EC2 with the AWS Nitro System.
- Optimize performance and cost with flexible options like AWS Graviton-based instances, Amazon EC2 Spot instances, and AWS Savings Plans.
```
EC2 usecases
```
Deliver secure, reliable, high-performance, and cost-effective compute infrastructure to meet demanding business needs.
Access the on-demand infrastructure and capacity you need to run HPC applications faster and cost-effectively.
Access environments in minutes, dynamically scale capacity as needed, and benefit from AWS’s pay-as-you-go pricing.
Deliver the broadest choice of compute, networking (up to 400 Gbps), and storage services purpose-built to optimize price performance for ML projects
```
EC2 Instance Types
Recommended to follow [this](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) page for very detailed and updated information.
General purpose
```
General Purpose instances are designed to deliver a balance of compute, memory, and network resources. They are suitable for a wide range of applications, including web servers,
small databases, development and test environments, and more.
```
Compute optimized
```
Compute Optimized instances provide a higher ratio of compute power to memory. They excel in workloads that require high-performance processing such as batch processing,
scientific modeling, gaming servers, and high-performance web servers.
```
Memory optimized
```
Memory Optimized instances are designed to handle memory-intensive workloads. They are suitable for applications that require large amounts of memory, such as in-memory databases,
real-time big data analytics, and high-performance computing.
```
Storage optimized
```
Storage Optimized instances are optimized for applications that require high, sequential read and write access to large datasets.
They are ideal for tasks like data warehousing, log processing, and distributed file systems.
```
Accelerated computing
```
Accelerated Computing Instances typically come with one or more types of accelerators, such as Graphics Processing Units (GPUs),
Field Programmable Gate Arrays (FPGAs), or custom Application Specific Integrated Circuits (ASICs).
These accelerators offload computationally intensive tasks from the main CPU, enabling faster and more efficient processing for specific workloads.
```
Instance families
```
C – Compute
D – Dense storage
F – FPGA
G – GPU
Hpc – High performance computing
I – I/O
Inf – AWS Inferentia
M – Most scenarios
P – GPU
R – Random access memory
T – Turbo
Trn – AWS Tranium
U – Ultra-high memory
VT – Video transcoding
X – Extra-large memory
```
Additional capabilities
```
a – AMD processors
g – AWS Graviton processors
i – Intel processors
d – Instance store volumes
n – Network and EBS optimized
e – Extra storage or memory
z – High performance
```
## EC2 Instance Basics:
Understanding the concept of virtual servers and instances.
Key components of an EC2 instance: AMI (Amazon Machine Image), instance types, and instance states.
Differentiating between On-Demand, Reserved, and Spot instances.
## Launching an EC2 Instance:
- Step-by-step guide on launching an EC2 instance using the AWS Management Console.
- Configuring instance details, such as instance type, network settings, and storage options.
- Understanding security groups and key pairs for securing instances.
## Managing EC2 Instances:
- Starting, stopping, and terminating instances.
- Monitoring instance performance and utilization.
- Basic troubleshooting and accessing instances using SSH (Secure Shell).
================================================
FILE: day-4/README.md
================================================
# VPC
Imagine you want to set up a private, secure, and isolated area in the cloud where you can run your applications and store your data. This is where a VPC comes into play.
A VPC is a virtual network that you create in the cloud. It allows you to have your own private section of the internet, just like having your own network within a larger network. Within this VPC, you can create and manage various resources, such as servers, databases, and storage.
Think of it as having your own little "internet" within the bigger internet. This virtual network is completely isolated from other users' networks, so your data and applications are secure and protected.
Just like a physical network, a VPC has its own set of rules and configurations. You can define the IP address range for your VPC and create smaller subnetworks within it called subnets. These subnets help you organize your resources and control how they communicate with each other.
To connect your VPC to the internet or other networks, you can set up gateways or routers. These act as entry and exit points for traffic going in and out of your VPC. You can control the flow of traffic and set up security measures to protect your resources from unauthorized access.
With a VPC, you have control over your network environment. You can define access rules, set up firewalls, and configure security groups to regulate who can access your resources and how they can communicate.
By default, when you create an AWS account, AWS will create a default VPC for you but this default VPC is just to get started with AWS. You should create VPCs for applications or projects.
## VPC components
The following features help you configure a VPC to provide the connectivity that your applications need:
Virtual private clouds (VPC)
A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. After you create a VPC, you can add subnets.
Subnets
A subnet is a range of IP addresses in your VPC. A subnet must reside in a single Availability Zone. After you add subnets, you can deploy AWS resources in your VPC.
IP addressing
You can assign IP addresses, both IPv4 and IPv6, to your VPCs and subnets. You can also bring your public IPv4 and IPv6 GUA addresses to AWS and allocate them to resources in your VPC, such as EC2 instances, NAT gateways, and Network Load Balancers.
Network Access Control List (NACL)
A Network Access Control List is a stateless firewall that controls inbound and outbound traffic at the subnet level. It operates at the IP address level and can allow or deny traffic based on rules that you define. NACLs provide an additional layer of network security for your VPC.
Security Group
A security group acts as a virtual firewall for instances (EC2 instances or other resources) within a VPC. It controls inbound and outbound traffic at the instance level. Security groups allow you to define rules that permit or restrict traffic based on protocols, ports, and IP addresses.
Routing
Use route tables to determine where network traffic from your subnet or gateway is directed.
Gateways and endpoints
A gateway connects your VPC to another network. For example, use an internet gateway to connect your VPC to the internet. Use a VPC endpoint to connect to AWS services privately, without the use of an internet gateway or NAT device.
Peering connections
Use a VPC peering connection to route traffic between the resources in two VPCs.
Traffic Mirroring
Copy network traffic from network interfaces and send it to security and monitoring appliances for deep packet inspection.
Transit gateways
Use a transit gateway, which acts as a central hub, to route traffic between your VPCs, VPN connections, and AWS Direct Connect connections.
VPC Flow Logs
A flow log captures information about the IP traffic going to and from network interfaces in your VPC.
VPN connections
Connect your VPCs to your on-premises networks using AWS Virtual Private Network (AWS VPN).
## Resources
VPC with servers in private subnets and NAT
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-example-private-subnets-nat.html
================================================
FILE: day-5/README.md
================================================
# AWS Security using Security Groups and NACL
AWS (Amazon Web Services) provides multiple layers of security to protect resources and data within its cloud infrastructure. Two important components for network security in AWS are Security Groups and Network Access Control Lists (NACLs). Let's explore how each of them works:
Security Groups:
Security Groups act as virtual firewalls for Amazon EC2 instances (virtual servers) at the instance level. They control inbound and outbound traffic by allowing or denying specific protocols, ports, and IP addresses.
Each EC2 instance can be associated with one or more security groups, and each security group consists of inbound and outbound rules.
Inbound rules determine the traffic that is allowed to reach the EC2 instance, whereas outbound rules control the traffic leaving the instance.
Security Groups can be configured using IP addresses, CIDR blocks, security group IDs, or DNS names to specify the source or destination of the traffic.
They operate at the instance level and evaluate the rules before allowing traffic to reach the instance.
Security Groups are stateful, meaning that if an inbound rule allows traffic, the corresponding outbound traffic is automatically allowed, and vice versa.
Changes made to security group rules take effect immediately.
Network Access Control Lists (NACLs):
NACLs are an additional layer of security that operates at the subnet level. They act as stateless traffic filters for inbound and outbound traffic at the subnet boundary.
Unlike Security Groups, NACLs are associated with subnets, and each subnet can have only one NACL. However, multiple subnets can share the same NACL.
NACLs consist of a numbered list of rules (numbered in ascending order) that are evaluated in order from lowest to highest.
Each rule in the NACL includes a rule number, protocol, rule action (allow or deny), source or destination IP address range, port range, and ICMP (Internet Control Message Protocol) type.
NACL rules can be configured to allow or deny specific types of traffic based on the defined criteria.
They are stateless, which means that if an inbound rule allows traffic, the corresponding outbound traffic must be explicitly allowed using a separate outbound rule.
Changes made to NACL rules may take some time to propagate to all the resources using the associated subnet.
## Project Implemented in the video
================================================
FILE: day-6/README.md
================================================
# Route53
TODO
================================================
FILE: day-7/vpc-demo-2-tier-app
================================================
# VPC Demo for 2 tier app in private subnet
https://youtu.be/FZPTL_kNvXc
================================================
FILE: day-8/Interview_q&a
================================================
# Scenario Based Interview Questions on EC2, IAM and VPC
Q: You have been assigned to design a VPC architecture for a 2-tier application. The application needs to be highly available and scalable.
How would you design the VPC architecture?
A: In this scenario, I would design a VPC architecture in the following way.
I would create 2 subnets: public and private. The public subnet would contain the load balancers and be accessible from the internet. The private subnet would host the application servers.
I would distribute the subnets across multiple Availability Zones for high availability. Additionally, I would configure auto scaling groups for the application servers.
Q: Your organization has a VPC with multiple subnets. You want to restrict outbound internet access for resources in one subnet, but allow outbound internet access for resources in another subnet. How would you achieve this?
A: To restrict outbound internet access for resources in one subnet, we can modify the route table associated with that subnet. In the route table, we can remove the default route (0.0.0.0/0) that points to an internet gateway.
This would prevent resources in that subnet from accessing the internet. For the subnet where outbound internet access is required, we can keep the default route pointing to the internet gateway.
Q: You have a VPC with a public subnet and a private subnet. Instances in the private subnet need to access the internet for software updates. How would you allow internet access for instances in the private subnet?
A: To allow internet access for instances in the private subnet, we can use a NAT Gateway or a NAT instance.
We would place the NAT Gateway/instance in the public subnet and configure the private subnet route table to send outbound traffic to the NAT Gateway/instance. This way, instances in the private subnet can access the internet through the NAT Gateway/instance.
Q: You have launched EC2 instances in your VPC, and you want them to communicate with each other using private IP addresses. What steps would you take to enable this communication?
A: By default, instances within the same VPC can communicate with each other using private IP addresses.
To ensure this communication, we need to make sure that the instances are launched in the same VPC and are placed in the same subnet or subnets that are connected through a peering connection or a VPC peering link.
Additionally, we should check the security groups associated with the instances to ensure that the necessary inbound and outbound rules are configured to allow communication between them.
Q: You want to implement strict network access control for your VPC resources. How would you achieve this?
A: To implement granular network access control for VPC resources, we can use Network Access Control Lists (ACLs).
NACLs are stateless and operate at the subnet level. We can define inbound and outbound rules in the NACLs to allow or deny traffic based on source and destination IP addresses, ports, and protocols.
By carefully configuring NACL rules, we can enforce fine-grained access control for traffic entering and leaving the subnets.
Q: Your organization requires an isolated environment within the VPC for running sensitive workloads. How would you set up this isolated environment?
A: To set up an isolated environment within the VPC, we can create a subnet with no internet gateway attached.
This subnet, known as an "isolated subnet," will not have direct internet connectivity. We can place the sensitive workloads in this subnet, ensuring that they are protected from inbound and outbound internet traffic.
However, if these workloads require outbound internet access, we can set up a NAT Gateway or NAT instance in a different subnet and configure the isolated subnet's route table to send outbound traffic through the NAT Gateway/instance.
Q: Your application needs to access AWS services, such as S3 securely within your VPC. How would you achieve this?
A: To securely access AWS services within the VPC, we can use VPC endpoints. VPC endpoints allow instances in the VPC to communicate with AWS services privately, without requiring internet gateways or NAT gateways.
We can create VPC endpoints for specific AWS services, such as S3 and DynamoDB, and associate them with the VPC.
This enables secure and efficient communication between the instances in the VPC and the AWS services.
Q: What is the difference between NACL and Security groups ? Explain with a use case ?
A: For example, I want to design a security architecture, I would use a combination of NACLs and security groups. At the subnet level, I would configure NACLs to enforce inbound and outbound traffic restrictions based on source and destination IP addresses, ports, and protocols. NACLs are stateless and can provide an additional layer of defense by filtering traffic at the subnet boundary.
At the instance level, I would leverage security groups to control inbound and outbound traffic. Security groups are stateful and operate at the instance level. By carefully defining security group rules, I can allow or deny specific traffic to and from the instances based on the application's security requirements.
By combining NACLs and security groups, I can achieve granular security controls at both the network and instance level, providing defense-in-depth for the sensitive application.
Q: What is the difference between IAM users, groups, roles and policies ?
A: IAM User: An IAM user is an identity within AWS that represents an individual or application needing access to AWS resources. IAM users have permanent long-term credentials, such as a username and password, or access keys (Access Key ID and Secret Access Key). IAM users can be assigned directly to IAM policies or added to IAM groups for easier management of permissions.
IAM Role: An IAM role is similar to an IAM user but is not associated with a specific individual. Instead, it is assumed by entities such as IAM users, applications, or services to obtain temporary security credentials. IAM roles are useful when you want to grant permissions to entities that are external to your AWS account or when you want to delegate access to AWS resources across accounts. IAM roles have policies attached to them that define the permissions granted when the role is assumed.
IAM Group: An IAM group is a collection of IAM users. By organizing IAM users into groups, you can manage permissions collectively. IAM groups make it easier to assign permissions to multiple users simultaneously. Users within an IAM group inherit the permissions assigned to that group. For example, you can create a "Developers" group and assign appropriate policies to grant permissions required for developers across your organization.
IAM Policy: An IAM policy is a document that defines permissions and access controls in AWS. IAM policies can be attached to IAM users, IAM roles, and IAM groups to define what actions can be performed on which AWS resources. IAM policies use JSON (JavaScript Object Notation) syntax to specify the permissions and can be created and managed independently of the users, roles, or groups. IAM policies consist of statements that include the actions allowed or denied, the resources on which the actions can be performed, and any additional conditions.
Q: You have a private subnet in your VPC that contains a number of instances that should not have direct internet access. However, you still need to be able to securely access these instances for administrative purposes. How would you set up a bastion host to facilitate this access?
A: To securely access the instances in the private subnet, you can set up a bastion host (also known as a jump host or jump box). The bastion host acts as a secure entry point to your private subnet. Here's how you can set up a bastion host:
Create a new EC2 instance in a public subnet, which will serve as the bastion host. Ensure that this instance has a public IP address or is associated with an Elastic IP address for persistent access.
Configure the security group for the bastion host to allow inbound SSH (or RDP for Windows) traffic from your IP address or a restricted range of trusted IP addresses. This limits access to the bastion host to authorized administrators only.
Place the instances in the private subnet and configure their security groups to allow inbound SSH (or RDP) traffic from the bastion host security group.
SSH (or RDP) into the bastion host using your private key or password. From the bastion host, you can then SSH (or RDP) into the instances in the private subnet using their private IP addresses.
================================================
FILE: day-9/README.md
================================================
# AWS S3
## About
What is Amazon S3?
Simple Storage Service is a scalable and secure cloud storage service provided by Amazon Web Services (AWS). It allows you to store and retrieve any amount of data from anywhere on the web.
What are S3 buckets?
S3 buckets are containers for storing objects (files) in Amazon S3. Each bucket has a unique name globally across all of AWS. You can think of an S3 bucket as a top-level folder that holds your data.
Why use S3 buckets?
S3 buckets provide a reliable and highly scalable storage solution for various use cases. They are commonly used for backup and restore, data archiving, content storage for websites, and as a data source for big data analytics.
Key benefits of S3 buckets
S3 buckets offer several advantages, including:
Durability and availability: S3 provides high durability and availability for your data.
Scalability: You can store and retrieve any amount of data without worrying about capacity constraints.
Security: S3 offers multiple security features such as encryption, access control, and audit logging.
Performance: S3 is designed to deliver high performance for data retrieval and storage operations.
Cost-effective: S3 offers cost-effective storage options and pricing models based on your usage patterns.
## Creating and Configuring S3 Buckets
Creating an S3 bucket
To create an S3 bucket, you can use the AWS Management Console, AWS CLI (Command Line Interface), or AWS SDKs (Software Development Kits). You need to specify a globally
unique bucket name and select the region where you want to create the bucket.
Choosing a bucket name and region
The bucket name must be unique across all existing bucket names in Amazon S3. It should follow DNS naming conventions, be 3-63 characters long, and contain only lowercase
letters, numbers, periods, and hyphens. The region selection affects data latency and compliance with specific regulations.
Bucket properties and configurations
Versioning: Versioning allows you to keep multiple versions of an object in the bucket. It helps protect against accidental deletions or overwrites.
Bucket-level permissions and policies
Bucket-level permissions and policies define who can access and perform actions on the bucket. You can grant permissions using IAM (Identity and Access Management) policies,
which allow fine-grained control over user access to the bucket and its objects.
## Uploading and Managing Objects in S3 Buckets
Uploading objects to S3 buckets
You can upload objects to an S3 bucket using various methods, including the AWS Management Console, AWS CLI, SDKs, and direct HTTP uploads.
Each object is assigned a unique key (name) within the bucket to retrieve it later.
Object metadata and properties
Object metadata contains additional information abouteach object in an S3 bucket. It includes attributes like content type, cache control, encryption settings,
and custom metadata. These properties help in managing and organizing objects within the bucket.
File formats and object encryption
S3 supports various file formats, including text files, images, videos, and more. You can encrypt objects stored in S3 using server-side encryption (SSE).
SSE options include SSE-S3 (Amazon-managed keys), SSE-KMS (AWS Key Management Service), and SSE-C (customer-provided keys).
Lifecycle management
Lifecycle management allows you to define rules for transitioning objects between different storage classes or deleting them automatically based on predefined criteria.
For example, you can move infrequently accessed data to a lower-cost storage class after a specified time or delete objects after a certain retention period.
Multipart uploads
Multipart uploads provide a mechanism for uploading large objects in parts, which improves performance and resiliency. You can upload each part in parallel and then
combine them to create the complete object. Multipart uploads also enable resumable uploads in case of failures.
Managing large datasets with S3 Batch Operations
S3 Batch Operations is a feature that allows you to perform bulk operations on large numbers of objects in an S3 bucket.
It provides an efficient way to automate tasks such as copying objects, tagging, and restoring archived data.
## Advanced S3 Bucket Features
S3 Storage Classes
S3 offers multiple storage classes, each designed for different use cases and performance requirements:
S3 Replication
S3 replication enables automatic and asynchronous replication of objects between S3 buckets in different regions or within the same region.
Cross-Region Replication (CRR) provides disaster recovery and compliance benefits, while Same-Region Replication (SRR) can be used for data resilience and low-latency access.
S3 Event Notifications and Triggers
S3 event notifications allow you to configure actions when specific events occur in an S3 bucket. For example, you can trigger AWS Lambda functions, send messages to Amazon
Simple Queue Service (SQS), or invoke other services using Amazon SNS when an object is created or deleted.
S3 Batch Operations
S3 Batch Operations allow you to perform large-scale batch operations on objects, such as copying, tagging, or deleting, across multiple buckets. It simplifies managing large
datasets and automates tasks that would otherwise be time-consuming.
## Security and Compliance in S3 Buckets
S3 bucket security considerations
Ensure that S3 bucket policies, access control, and encryption settings are appropriately configured. Regularly monitor and audit access logs for unauthorized activities.
Data encryption at rest and in transit
Encrypt data at rest using server-side encryption options provided by S3. Additionally, enable encryption in transit by using SSL/TLS for data transfers.
Access logging and monitoring
Enable access logging to capture detailed records of requests made to your S3 bucket. Monitor access logs and configure alerts to detect any suspicious activities or unauthorized access attempts.
## S3 Bucket Management and Administration
S3 bucket policies
Create and manage bucket policies to control access to your S3 buckets. Bucket policies are written in JSON and define permissions for various actions and resources.
S3 access control and IAM roles
Use IAM roles and policies to manage access to S3 buckets. IAM roles provide temporary credentials and fine-grained access control to AWS resources.
S3 APIs and SDKs
Interact with S3 programmatically using AWS SDKs or APIs. These provide libraries and methods for performing various operations on S3 buckets and objects.
Monitoring and logging with CloudWatch
Utilize Amazon CloudWatch to monitor S3 metrics, set up alarms for specific events, and collect and analyze logs for troubleshooting and performance optimization.
S3 management tools
AWS provides multiple management tools, such as the AWS Management Console, AWS CLI, and third-party tools, to manage S3 buckets efficiently and perform operations like uploads, downloads, and bucket configurations.
## Troubleshooting and Error Handling
Common S3 error messages and their resolutions
Understand common S3 error messages like access denied, bucket not found, and exceeded bucket quota. Troubleshoot and resolve these errors by checking permissions, bucket configurations, and network connectivity.
Debugging S3 bucket access issues
Investigate and resolve issues related to access permissions, IAM roles, and bucket policies. Use tools like AWS CloudTrail and S3 access logs to identify and troubleshoot access problems.
Data consistency and durability considerations
Ensure data consistency and durability by understanding S3's data replication and storage mechanisms. Verify that data is correctly uploaded, retrieve objects using proper methods, and address any data integrity issues.
Recovering deleted objects
If an object is accidentally deleted, you can often recover it using versioning or S3 event notifications. Additionally, consider enabling Cross-Region Replication (CRR) for disaster recovery scenarios.
================================================
FILE: day-9/demos/bucket-policies/restrict-access-to-owner.json
================================================
{
"Version": "2012-10-17",
"Id": "RestrictBucketToIAMUsersOnly",
"Statement": [
{
"Sid": "AllowOwnerOnlyAccess",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::your-bucket-name/*",
"arn:aws:s3:::your-bucket-name"
],
"Condition": {
"StringNotEquals": {
"aws:PrincipalArn": "arn:aws:iam::AWS_ACCOUNT_ID:root"
}
}
}
]
}
================================================
FILE: day-9/demos/bucket-policies/static-website-basic.json
================================================
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::<Bucket-Name>/*"
]
}
]
}
================================================
FILE: interview-questions/01-ADVANCED.md
================================================
### 1. **Question:** Explain the concept of "GitOps" and how it aligns with DevOps principles.
**Answer:** GitOps is a DevOps practice that uses version control systems like Git to manage infrastructure and application configurations. All changes are made through pull requests, which triggers automated deployments. This approach promotes versioning, collaboration, and automation while maintaining a declarative, auditable infrastructure.
### 2. **Question:** How does AWS CodeArtifact enhance dependency management in DevOps workflows?
**Answer:** AWS CodeArtifact is a package management service that allows you to store, manage, and share software packages. It improves dependency management by centralizing artifact storage, ensuring consistency across projects, and enabling version control of packages, making it easier to manage dependencies in DevOps pipelines.
### 3. **Question:** Describe the use of AWS CloudFormation Drift Detection and Remediation.
**Answer:** AWS CloudFormation Drift Detection helps identify differences between the deployed stack and the expected stack configuration. When drift is detected, you can use CloudFormation StackSets to automatically remediate drift across multiple accounts and regions, ensuring consistent infrastructure configurations.
### 4. **Question:** How can you implement Infrastructure as Code (IaC) security scanning in AWS DevOps pipelines?
**Answer:** You can use tools like AWS CloudFormation Guard, cfn-nag, or open-source security scanners to analyze IaC templates for security vulnerabilities and compliance violations. By integrating these tools into DevOps pipelines, you can ensure that infrastructure code adheres to security best practices.
### 5. **Question:** Explain the role of Amazon CloudWatch Events in automating DevOps workflows.
**Answer:** Amazon CloudWatch Events allow you to respond to changes in AWS resources by triggering automated actions. In DevOps, you can use CloudWatch Events to automate CI/CD pipeline executions, scaling actions, incident response, and other tasks based on resource state changes.
### 6. **Question:** Describe the use of AWS Systems Manager Automation and its impact on DevOps practices.
**Answer:** AWS Systems Manager Automation enables you to automate common operational tasks across AWS resources. In DevOps, it enhances repeatability and consistency by automating tasks like patch management, application deployments, and configuration changes, reducing manual intervention and errors.
### 7. **Question:** How can you implement fine-grained monitoring and alerting using Amazon CloudWatch Metrics and Alarms?
**Answer:** Amazon CloudWatch Metrics provide granular insights into resource performance, while CloudWatch Alarms enable you to set thresholds and trigger actions based on metric conditions. In DevOps, you can use these services to monitor specific application and infrastructure metrics, allowing you to respond to issues proactively.
### 8. **Question:** Explain the concept of "Serverless DevOps" and how it differs from traditional DevOps practices.
**Answer:** Serverless DevOps leverages serverless computing to automate and streamline development and operations tasks. It reduces infrastructure management, emphasizes event-driven architectures, and allows developers to focus on code rather than server provisioning. However, it also presents challenges in testing, observability, and architecture design.
### 9. **Question:** Describe the use of AWS CloudTrail and AWS CloudWatch Logs integration for audit and security in DevOps.
**Answer:** AWS CloudTrail records API calls, while AWS CloudWatch Logs centralizes log data. Integrating these services allows you to monitor and audit AWS API activities, detect security events, and generate alerts in near real-time. This integration enhances security and compliance practices in DevOps workflows.
### 10. **Question:** How can AWS AppConfig be used to manage application configurations in DevOps pipelines?
**Answer:** AWS AppConfig is a service that allows you to manage application configurations and feature flags. In DevOps, you can use AppConfig to separate configuration from code, enable dynamic updates, and control feature releases. This improves deployment flexibility, reduces risk, and supports A/B testing.
================================================
FILE: interview-questions/01-SCENARIO-BASED.md
================================================
### 1. **Scenario:** You have a microservices application that needs to scale dynamically based on traffic. How would you design an architecture for this using AWS services?
**Answer:** I would use Amazon ECS or Amazon EKS for container orchestration, coupled with AWS Auto Scaling to adjust the number of instances based on CPU or custom metrics. Application Load Balancers can distribute traffic, and Amazon CloudWatch can monitor and trigger scaling events.
### 2. **Scenario:** Your application's database is experiencing performance issues. Describe how you would use AWS tools to troubleshoot and resolve this.
**Answer:** I would use Amazon RDS Performance Insights to identify bottlenecks, CloudWatch Metrics for monitoring, and AWS X-Ray for tracing requests. I'd also consider optimizing queries and using read replicas if necessary.
### 3. **Scenario:** You're migrating a monolithic application to a microservices architecture. How would you ensure smooth deployment and minimize downtime?
**Answer:** I would adopt a "strangler" pattern, gradually migrating components to microservices. This minimizes risk by replacing pieces of the monolith over time, allowing for testing and validation at each step.
### 4. **Scenario:** Your team is frequently encountering configuration drift issues in your infrastructure. How could you prevent and manage this effectively?
**Answer:** I would implement Infrastructure as Code (IaC) using AWS CloudFormation or Terraform. By versioning and automating infrastructure changes, we can ensure consistent and repeatable deployments.
### 5. **Scenario:** Your company is launching a new product, and you expect a sudden spike in traffic. How would you ensure the application remains responsive and available?
**Answer:** I would implement a combination of auto-scaling groups, Amazon CloudFront for content delivery, Amazon RDS read replicas, and Amazon DynamoDB provisioned capacity to handle increased load while maintaining performance.
### 6. **Scenario:** You're working on a CI/CD pipeline for a containerized application. How could you ensure that every code change is automatically tested and deployed?
**Answer:** I would set up an AWS CodePipeline that integrates with AWS CodeBuild for building and testing containers. After successful testing, I'd use AWS CodeDeploy to deploy the containers to an ECS cluster or Kubernetes on EKS.
### 7. **Scenario:** Your team wants to ensure secure access to AWS resources for different team members. How could you implement this?
**Answer:** I would use AWS Identity and Access Management (IAM) to create fine-grained policies for each team member. IAM roles and groups can be assigned permissions based on least privilege principles.
### 8. **Scenario:** You're managing a complex microservices architecture with multiple services communicating. How could you monitor and trace requests across services?
**Answer:** I would integrate AWS X-Ray into the application to trace requests as they traverse services. This would provide insights into latency, errors, and dependencies between services.
### 9. **Scenario:** Your application has a front-end hosted on S3, and you need to enable HTTPS for security. How would you achieve this?
**Answer:** I would use Amazon CloudFront to distribute content from the S3 bucket, configure a custom domain, and associate an SSL/TLS certificate through AWS Certificate Manager.
### 10. **Scenario:** Your organization has multiple AWS accounts for different environments (dev, staging, prod). How would you manage centralized billing and ensure cost optimization?
**Answer:** I would use AWS Organizations to manage multiple accounts and enable consolidated billing. AWS Cost Explorer and AWS Budgets could be used to monitor and optimize costs across accounts.
### 11. **Scenario:** Your application frequently needs to run resource-intensive tasks in the background. How could you ensure efficient and scalable task processing?
**Answer:** I would use AWS Lambda for serverless background processing or AWS Batch for batch processing. Both services can scale automatically based on the workload.
### 12. **Scenario:** Your team is using Jenkins for CI/CD, but you want to reduce management overhead. How could you migrate to a serverless CI/CD approach?
**Answer:** I would consider using AWS CodePipeline and AWS CodeBuild. CodePipeline integrates seamlessly with CodeBuild, allowing you to create serverless CI/CD pipelines without managing infrastructure.
### 13. **Scenario:** Your organization wants to enable single sign-on (SSO) for multiple AWS accounts. How could you achieve this while maintaining security?
**Answer:** I would use AWS Single Sign-On (SSO) to manage user access across multiple AWS accounts. By configuring SSO integrations, users can access multiple accounts securely without needing separate credentials.
### 14. **Scenario:** Your company is aiming for high availability by deploying applications across multiple regions. How could you implement global traffic distribution?
**Answer:** I would use Amazon Route 53 with Latency-Based Routing or Geolocation Routing to direct traffic to the closest or most appropriate region based on user location.
### 15. **Scenario:** Your application is generating a significant amount of logs. How could you centralize log management and enable efficient analysis?
**Answer:** I would use Amazon CloudWatch Logs to centralize log storage and AWS CloudWatch Logs Insights to query and analyze logs efficiently, making it easier to troubleshoot and monitor application behavior.
### 16. **Scenario:** Your application needs to store and retrieve large amounts of unstructured data. How could you design a cost-effective solution?
**Answer:** I would use Amazon S3 with appropriate storage classes (such as S3 Standard or S3 Intelligent-Tiering) based on data access patterns. This allows for durable and cost-effective storage of unstructured data.
### 17. **Scenario:** Your team wants to enable automated testing for infrastructure deployments. How could you achieve this?
**Answer:** I would integrate AWS CloudFormation StackSets into the CI/CD pipeline. StackSets allow you to deploy infrastructure templates to multiple accounts and regions, enabling automated testing of infrastructure changes.
### 18. **Scenario:** Your application uses AWS Lambda functions, and you want to improve cold start performance. How could you address this challenge?
**Answer:** I would implement an Amazon API Gateway with the HTTP proxy integration, creating a warm-up endpoint that periodically invokes Lambda functions to keep them warm.
### 19. **Scenario:** Your application has multiple microservices, each with its own database. How could you manage database schema changes efficiently?
**Answer:** I would use AWS Database Migration Service (DMS) to replicate data between the old and new schema versions, allowing for seamless database migrations without disrupting application operations.
### 20. **Scenario:** Your organization is concerned about data protection and compliance. How could you ensure sensitive data is securely stored and transmitted?
**Answer:** I would use Amazon S3 server-side encryption and Amazon RDS encryption at rest for data storage. For data transmission, I would use SSL/TLS encryption for communication between services and implement security best practices.
================================================
FILE: interview-questions/aws-cli.md
================================================
### 1. What is the AWS Command Line Interface (CLI)?
The AWS Command Line Interface (CLI) is a unified tool that allows you to interact with various AWS services using command-line commands.
### 2. Why would you use the AWS CLI?
The AWS CLI provides a convenient way to automate tasks, manage AWS resources, and interact with services directly from the command line, making it useful for scripting and administration.
### 3. How do you install the AWS CLI?
You can install the AWS CLI on various operating systems using package managers or by downloading the installer from the AWS website.
### 4. What is the purpose of AWS CLI profiles?
AWS CLI profiles allow you to manage multiple sets of AWS security credentials, making it easier to switch between different accounts and roles.
### 5. How can you configure the AWS CLI with your credentials?
You can configure the AWS CLI by running the `aws configure` command, where you provide your access key, secret key, default region, and output format.
### 6. What is the difference between IAM user-based credentials and IAM role-based credentials in the AWS CLI?
IAM user-based credentials are long-term access keys associated with an IAM user, while IAM role-based credentials are temporary credentials obtained by assuming a role using the `sts assume-role` command.
### 7. How can you interact with AWS services using the AWS CLI?
You can interact with AWS services by using AWS CLI commands specific to each service. For example, you can use `aws ec2 describe-instances` to list EC2 instances.
### 8. What is the syntax for AWS CLI commands?
The basic syntax for AWS CLI commands is `aws <service-name> <operation> [options]`, where you replace `<service-name>` with the service you want to interact with and `<operation>` with the desired action.
### 9. How can you list available AWS CLI services and commands?
You can run `aws help` to see a list of AWS services and the corresponding commands available in the AWS CLI.
### 10. What is the purpose of output formatting options in AWS CLI commands?
Output formatting options allow you to specify how the results of AWS CLI commands are presented. Common options include JSON, text, table, and YAML formats.
### 11. How can you filter and format AWS CLI command output?
You can use filters like `--query` to extract specific data from AWS CLI command output, and you can use `--output` to choose the format of the output.
### 12. How can you create and manage AWS resources using the AWS CLI?
You can create and manage AWS resources using commands such as `aws ec2 create-instance` for EC2 instances or `aws s3 cp` to copy files to Amazon S3 buckets.
### 13. How does AWS CLI handle pagination of results?
Some AWS CLI commands return paginated results. You can use the `--max-items` and `--page-size` options to control the number of items displayed per page.
### 14. What is the AWS SSO (Single Sign-On) feature in the AWS CLI?
The AWS SSO feature in the AWS CLI allows you to authenticate and obtain temporary credentials using an AWS SSO profile, simplifying the management of credentials.
### 15. Can you use the AWS CLI to work with AWS CloudFormation?
Yes, you can use the AWS CLI to create, update, and delete CloudFormation stacks using the `aws cloudformation` commands.
### 16. How can you debug AWS CLI commands?
You can use the `--debug` option with AWS CLI commands to get detailed debug information, which can help troubleshoot issues.
### 17. Can you use the AWS CLI in AWS Lambda functions?
Yes, AWS Lambda functions can use the AWS CLI by packaging it with the function code and executing CLI commands from within the function.
### 18. How can you secure the AWS CLI on your local machine?
You can secure the AWS CLI on your local machine by using IAM roles, IAM user-based credentials, and the AWS CLI's built-in encryption mechanisms for configuration files.
### 19. How can you update the AWS CLI to the latest version?
You can update the AWS CLI to the latest version using package managers like `pip` (Python package manager) or by downloading the installer from the AWS website.
### 20. How do you uninstall the AWS CLI?
To uninstall the AWS CLI, you can use the package manager or the uninstaller provided by the installer you used to install it initially.
================================================
FILE: interview-questions/aws-terraform.md
================================================
### 1. What is Terraform?
Terraform is an open-source Infrastructure as Code (IaC) tool that allows you to define, manage, and provision infrastructure resources using declarative code.
### 2. How does Terraform work with AWS?
Terraform interacts with the AWS API to create and manage resources based on the configurations defined in Terraform files.
### 3. What is an AWS provider in Terraform?
An AWS provider in Terraform is a plugin that allows Terraform to interact with AWS services by making API calls.
### 4. How do you define resources in Terraform?
Resources are defined in Terraform using HashiCorp Configuration Language (HCL) syntax in `.tf` files. Each resource type corresponds to an AWS service.
### 5. What is a Terraform state file?
The Terraform state file maintains the state of the resources managed by Terraform. It's used to track the actual state of the infrastructure.
### 6. How can you initialize a Terraform project?
You can initialize a Terraform project using the `terraform init` command. It downloads required provider plugins and initializes the backend.
### 7. How do you plan infrastructure changes in Terraform?
You can use the `terraform plan` command to see the changes that Terraform will apply to your infrastructure before actually applying them.
### 8. What is the `terraform apply` command used for?
The `terraform apply` command applies the changes defined in your Terraform configuration to your infrastructure. It creates, updates, or deletes resources as needed.
### 9. What is the purpose of Terraform variables?
Terraform variables allow you to parameterize your configurations, making them more flexible and reusable across different environments.
### 10. How do you manage secrets and sensitive information in Terraform?
Sensitive information should be stored in environment variables or external systems like AWS Secrets Manager. You can use variables to reference these values in Terraform.
### 11. What is remote state in Terraform?
Remote state in Terraform refers to storing the state file on a remote backend, such as Amazon S3, instead of locally. This facilitates collaboration and enables locking.
### 12. How can you manage multiple environments (dev, prod) with Terraform?
You can use Terraform workspaces or create separate directories for each environment, each with its own state file and variables.
### 13. How do you handle dependencies between resources in Terraform?
Terraform automatically handles dependencies based on the resource definitions in your configuration. It will create resources in the correct order.
### 14. What is Terraform's "apply" process?
The "apply" process in Terraform involves comparing the desired state from your configuration to the current state, generating an execution plan, and then applying the changes.
### 15. How can you manage versioning of Terraform configurations?
You can use version control systems like Git to track changes to your Terraform configurations. Additionally, Terraform Cloud and Enterprise offer versioning features.
### 16. What is the difference between Terraform and CloudFormation?
Terraform is a multi-cloud IaC tool that supports various cloud providers, including AWS. CloudFormation is AWS-specific and focuses on AWS resource provisioning.
### 17. What is a Terraform module?
A Terraform module is a reusable set of configurations that can be used to create multiple resources with a consistent configuration.
### 18. How can you destroy infrastructure created by Terraform?
You can use the `terraform destroy` command to remove all resources defined in your Terraform configuration.
### 19. How does Terraform manage updates to existing resources?
Terraform applies updates by modifying existing resources rather than recreating them. This helps preserve data and configurations.
### 20. Can Terraform be used for managing third-party resources?
Yes, Terraform has the capability to manage resources beyond AWS. It supports multiple providers, making it versatile for managing various cloud and on-premises resources.
================================================
FILE: interview-questions/cloud-migration.md
================================================
### 1. What is cloud migration?
Cloud migration refers to the process of moving applications, data, and workloads from on-premises environments or one cloud provider to another.
### 2. What are the common drivers for cloud migration?
Drivers for cloud migration include cost savings, scalability, agility, improved security, and the ability to leverage advanced cloud services.
### 3. What are the six common cloud migration strategies?
The six common cloud migration strategies are Rehost (lift and shift), Replatform, Repurchase (buy a SaaS solution), Refactor (rearchitect), Retire, and Retain (leave unchanged).
### 4. What is the "lift and shift" migration strategy?
The "lift and shift" strategy (Rehost) involves moving applications and data as they are from on-premises to the cloud without significant modifications.
### 5. How does the "replatform" strategy differ from "lift and shift"?
The "replatform" strategy involves making minor adjustments to applications or databases before migrating them to the cloud, often to optimize for cloud services.
### 6. When would you consider the "rebuy" strategy?
The "rebuy" strategy (Repurchase) involves replacing an existing application with a cloud-based Software as a Service (SaaS) solution. It's suitable when a suitable SaaS option is available.
### 7. What is the "rearchitect" migration strategy?
The "rearchitect" strategy (Refactor) involves modifying or rearchitecting applications to fully leverage cloud-native features and services.
### 8. How do you decide which cloud migration strategy to use?
The choice of strategy depends on factors like business goals, existing technology stack, application complexity, and desired outcomes.
### 9. What are some key benefits of the "rearchitect" strategy?
The "rearchitect" strategy can lead to improved performance, scalability, and cost savings by utilizing cloud-native services.
### 10. What is the importance of a migration readiness assessment?
A migration readiness assessment helps evaluate an organization's current environment, readiness for cloud migration, and the appropriate migration strategy to adopt.
### 11. How can you minimize downtime during cloud migration?
You can use strategies like blue-green deployments, canary releases, and traffic shifting to minimize downtime and ensure a smooth migration process.
### 12. What is data migration in the context of cloud migration?
Data migration involves moving data from on-premises databases to cloud-based databases, ensuring data consistency, integrity, and minimal disruption.
### 13. What is the "big bang" migration approach?
The "big bang" approach involves migrating all applications and data at once, which can be risky due to potential disruptions. It's often considered when there's a clear deadline.
### 14. What is the "staged" migration approach?
The "staged" approach involves migrating applications or components in stages, allowing for gradual adoption and risk mitigation.
### 15. How does the "strangler" migration pattern work?
The "strangler" pattern involves gradually replacing components of an existing application with cloud-native components until the entire application is migrated.
### 16. What role does automation play in cloud migration?
Automation streamlines the migration process by reducing manual tasks, ensuring consistency, and accelerating deployments.
### 17. How do you ensure security during cloud migration?
Security should be considered at every stage of migration. Ensure data encryption, access controls, compliance, and monitoring are in place.
### 18. How can you handle application dependencies during migration?
Understanding application dependencies is crucial. You can use tools to map dependencies and ensure that all necessary components are migrated together.
### 19. What is the "lift and reshape" strategy?
The "lift and reshape" strategy involves moving applications to the cloud and then making necessary adjustments for better cloud optimization and cost savings.
### 20. What is the importance of testing in cloud migration?
Testing helps identify issues, validate performance, and ensure the migrated applications function as expected in the new cloud environment.
================================================
FILE: interview-questions/cloudformation.md
================================================
### 1. What is AWS CloudFormation?
AWS CloudFormation is a service that allows you to define and provision infrastructure as code, enabling you to create, update, and manage AWS resources in a declarative and automated way.
### 2. What are the benefits of using AWS CloudFormation?
Benefits of using AWS CloudFormation include infrastructure as code, automated resource provisioning, consistent deployments, version control, and support for template reuse.
### 3. What is an AWS CloudFormation template?
An AWS CloudFormation template is a JSON or YAML file that defines the AWS resources and their configurations needed for a particular stack.
### 4. How does AWS CloudFormation work?
AWS CloudFormation interprets templates and deploys the specified resources in the order defined, managing the provisioning, updating, and deletion of resources.
### 5. What is a CloudFormation stack?
A CloudFormation stack is a collection of AWS resources created and managed as a single unit, based on a CloudFormation template.
### 6. What is the difference between AWS CloudFormation and AWS Elastic Beanstalk?
AWS CloudFormation provides infrastructure as code and lets you define and manage resources at a lower level, while AWS Elastic Beanstalk is a platform-as-a-service (PaaS) that abstracts the deployment of applications.
### 7. What is the purpose of a CloudFormation change set?
A CloudFormation change set allows you to preview the changes that will be made to a stack before applying those changes, helping to ensure that updates won't cause unintended consequences.
### 8. How can you create an AWS CloudFormation stack?
You can create a CloudFormation stack using the AWS Management Console, AWS CLI, or AWS SDKs. You provide a template, choose a stack name, and specify any parameters.
### 9. How can you update an existing AWS CloudFormation stack?
You can update a CloudFormation stack by making changes to the template or stack parameters and then using the AWS Management Console, AWS CLI, or SDKs to initiate an update.
### 10. What is the CloudFormation rollback feature?
The CloudFormation rollback feature automatically reverts changes to a stack if an update fails, helping to ensure that your infrastructure remains consistent.
### 11. How does AWS CloudFormation handle dependencies between resources?
CloudFormation handles dependencies by automatically determining the order in which resources need to be created or updated to maintain consistent state.
### 12. What are CloudFormation intrinsic functions?
CloudFormation intrinsic functions are built-in functions that you can use within templates to manipulate values or perform dynamic operations during stack creation and update.
### 13. How can you perform conditionals in CloudFormation templates?
You can use CloudFormation's intrinsic functions, such as `Fn::If` and `Fn::Equals`, to define conditions and control the creation of resources based on those conditions.
### 14. What is the CloudFormation Designer?
The CloudFormation Designer is a visual tool that helps you design and visualize CloudFormation templates using a drag-and-drop interface.
### 15. How can you manage secrets in CloudFormation templates?
You should avoid hardcoding secrets in templates. Instead, you can use AWS Secrets Manager or AWS Parameter Store to store sensitive information and reference them in your templates.
### 16. How can you provision custom resources in CloudFormation?
You can use AWS Lambda-backed custom resources to perform actions in response to stack events that aren't natively supported by CloudFormation resources.
### 17. What is stack drift in AWS CloudFormation?
Stack drift occurs when actual resources in a stack differ from the expected resources defined in the CloudFormation template.
### 18. How does CloudFormation support rollback triggers?
Rollback triggers in CloudFormation allow you to specify actions that should be taken when a stack rollback is initiated, such as sending notifications or cleaning up resources.
### 19. Can AWS CloudFormation be used for creating non-AWS resources?
Yes, CloudFormation supports custom resources that can be used to manage non-AWS resources or to execute arbitrary code during stack creation and update.
### 20. What is CloudFormation StackSets?
CloudFormation StackSets allow you to deploy CloudFormation stacks across multiple accounts and regions, enabling centralized management of infrastructure deployments.
================================================
FILE: interview-questions/cloudfront.md
================================================
### 1. What is Amazon CloudFront?
Amazon CloudFront is a Content Delivery Network (CDN) service provided by AWS that accelerates content delivery by distributing it across a network of edge locations.
### 2. How does CloudFront work?
CloudFront caches content in edge locations globally. When a user requests content, CloudFront delivers it from the nearest edge location, reducing latency and improving performance.
### 3. What are edge locations in CloudFront?
Edge locations are data centers globally distributed by CloudFront. They store cached content and serve it to users, minimizing the distance data needs to travel.
### 4. What types of distributions are available in CloudFront?
CloudFront offers Web Distributions for websites and RTMP Distributions for media streaming.
### 5. How can you ensure that content in CloudFront is updated?
You can create invalidations in CloudFront to remove cached content and force the distribution of fresh content.
### 6. Can you use custom SSL certificates with CloudFront?
Yes, you can use custom SSL certificates to secure connections between users and CloudFront.
### 7. What is an origin in CloudFront?
An origin is the source of the content CloudFront delivers. It can be an Amazon S3 bucket, an EC2 instance, an Elastic Load Balancer, or even an HTTP server.
### 8. How can you control who accesses content in CloudFront?
You can use CloudFront signed URLs or cookies to restrict access to content based on user credentials.
### 9. What are cache behaviors in CloudFront?
Cache behaviors define how CloudFront handles different types of requests. They include settings like TTL, query string forwarding, and more.
### 10. How can you integrate CloudFront with other AWS services?
You can integrate CloudFront with Amazon S3, Amazon EC2, AWS Lambda, and more to accelerate content delivery.
### 11. How can you analyze CloudFront distribution performance?
You can use CloudFront access logs stored in Amazon S3 to analyze the performance of your distribution.
### 12. What is the purpose of CloudFront behaviors?
CloudFront behaviors help specify how CloudFront should respond to different types of requests for different paths or patterns.
### 13. Can CloudFront be used for dynamic content?
Yes, CloudFront can be used for both static and dynamic content delivery, improving the performance of web applications.
### 14. What is a distribution in CloudFront?
A distribution represents the configuration and content for your CloudFront content delivery. It can have multiple origins and cache behaviors.
### 15. How does CloudFront handle cache expiration?
CloudFront uses Time to Live (TTL) settings to determine how long objects are cached in edge locations before checking for updates.
### 16. What are the benefits of using CloudFront with Amazon S3?
Using CloudFront with Amazon S3 reduces latency, offloads traffic from your origin server, and improves global content delivery.
### 17. Can CloudFront be used for both HTTP and HTTPS content?
Yes, CloudFront supports both HTTP and HTTPS content delivery. HTTPS is recommended for enhanced security.
### 18. How can you measure the performance of CloudFront distributions?
You can use CloudFront metrics in Amazon CloudWatch to monitor the performance of your distributions and analyze their behavior.
### 19. What is origin shield in CloudFront?
Origin Shield is an additional caching layer that helps reduce the load on your origin server by caching content closer to the origin.
### 20. How can CloudFront improve security?
CloudFront can help protect against DDoS attacks by absorbing traffic spikes and providing secure connections through HTTPS.
================================================
FILE: interview-questions/cloudtrail.md
================================================
### 1. What is AWS CloudTrail?
AWS CloudTrail is a service that provides governance, compliance, and audit capabilities by recording and storing API calls made on your AWS account.
### 2. What type of information does AWS CloudTrail record?
CloudTrail records API calls, capturing information about who made the call, when it was made, which service was accessed, and what actions were taken.
### 3. How does AWS CloudTrail store its data?
CloudTrail stores its data in Amazon S3 buckets, allowing you to easily analyze and retrieve the recorded information.
### 4. How can you enable AWS CloudTrail for an AWS account?
You can enable CloudTrail through the AWS Management Console or the AWS CLI by creating a trail and specifying the services you want to track.
### 5. What is a CloudTrail trail?
A CloudTrail trail is a configuration that specifies the settings for logging and delivering events. Trails can be applied to an entire AWS account or specific regions.
### 6. What is the purpose of CloudTrail log files?
CloudTrail log files contain records of API calls and events, which can be used for security analysis, compliance, auditing, and troubleshooting.
### 7. How can you access CloudTrail log files?
CloudTrail log files are stored in an S3 bucket. You can access them directly or use services like Amazon Athena or Amazon CloudWatch Logs Insights for querying and analysis.
### 8. What is the difference between a management event and a data event in CloudTrail?
Management events are related to the management of AWS resources, while data events focus on the actions performed on those resources.
### 9. How can you view and analyze CloudTrail logs?
You can view and analyze CloudTrail logs using the CloudTrail console, AWS CLI, or third-party tools. You can also set up CloudWatch Alarms to detect specific events.
### 10. What is CloudTrail Insights?
CloudTrail Insights is a feature that uses machine learning to identify unusual patterns and suspicious activity in CloudTrail logs.
### 11. How can you integrate CloudTrail with CloudWatch Logs?
You can integrate CloudTrail with CloudWatch Logs to receive CloudTrail events in near real-time, allowing you to create CloudWatch Alarms and automate actions.
### 12. What is CloudTrail Event History?
CloudTrail Event History is a feature that displays the past seven days of management events for your account, helping you quickly identify changes made to resources.
### 13. What is CloudTrail Data Events?
CloudTrail Data Events track actions performed on Amazon S3 objects, providing insight into object-level activity and changes.
### 14. What is the purpose of CloudTrail Insights events?
CloudTrail Insights events are automatically generated when CloudTrail detects unusual or high-risk activity, helping you identify and respond to potential security issues.
### 15. How can you ensure that CloudTrail logs are tamper-proof?
CloudTrail logs are stored in an S3 bucket with server-side encryption enabled, ensuring that the logs are tamper-proof and protected.
### 16. Can CloudTrail logs be used for compliance and auditing?
Yes, CloudTrail logs can be used to demonstrate compliance with various industry standards and regulations by providing an audit trail of AWS account activity.
### 17. How does CloudTrail support multi-region trails?
Multi-region trails allow you to capture events from multiple AWS regions in a single trail, providing a centralized view of account activity.
### 18. Can CloudTrail be used to monitor non-AWS services?
CloudTrail primarily monitors AWS services, but you can integrate it with AWS Lambda to capture and log custom events from non-AWS services.
### 19. How can you receive notifications about CloudTrail events?
You can use Amazon SNS (Simple Notification Service) to receive notifications about CloudTrail events, such as when new log files are delivered to your S3 bucket.
### 20. How can you use CloudTrail logs for incident response?
CloudTrail logs can be used for incident response by analyzing events to identify the cause of an incident, understand its scope, and take appropriate actions.
================================================
FILE: interview-questions/cloudwatch.md
================================================
### 1. What is Amazon CloudWatch?
Amazon CloudWatch is a monitoring and observability service that provides insights into your AWS resources and applications by collecting and tracking metrics, logs, and events.
### 2. What types of data does Amazon CloudWatch collect?
Amazon CloudWatch collects metrics, logs, and events. Metrics are data points about your resources and applications, logs are textual data generated by resources, and events provide insights into changes and notifications.
### 3. How can you use Amazon CloudWatch to monitor resources?
You can use CloudWatch to monitor resources by collecting and visualizing metrics, setting alarms for specific thresholds, and generating insights into resource performance.
### 4. What are CloudWatch metrics?
CloudWatch metrics are data points about the performance of your resources and applications. They can include data like CPU utilization, network traffic, and more.
### 5. How can you collect custom metrics in Amazon CloudWatch?
You can collect custom metrics in CloudWatch by using the CloudWatch API or SDKs to publish data to CloudWatch using the `PutMetricData` action.
### 6. What are CloudWatch alarms?
CloudWatch alarms allow you to monitor metrics and set thresholds to trigger notifications or automated actions when specific conditions are met.
### 7. How can you visualize CloudWatch metrics?
You can visualize CloudWatch metrics using CloudWatch Dashboards, which allow you to create customized views of metrics, graphs, and text.
### 8. What is CloudWatch Logs?
CloudWatch Logs is a service that collects, stores, and monitors log files from various resources, making it easier to analyze and troubleshoot applications.
### 9. How can you store logs in Amazon CloudWatch Logs?
You can store logs in CloudWatch Logs by sending log data from your resources or applications using the CloudWatch Logs agent, SDKs, or directly through the CloudWatch API.
### 10. What is CloudWatch Logs Insights?
CloudWatch Logs Insights is a feature that allows you to query and analyze log data to gain insights into your applications and resources.
### 11. What is the CloudWatch Events service?
CloudWatch Events provides a way to respond to state changes in your AWS resources, such as launching instances, creating buckets, or modifying security groups.
### 12. How can you use CloudWatch Events to trigger actions?
You can use CloudWatch Events to trigger actions by defining rules that match specific events and associate those rules with targets like Lambda functions, SQS queues, and more.
### 13. What is CloudWatch Container Insights?
CloudWatch Container Insights provides a way to monitor and analyze the performance of containers managed by services like Amazon ECS and Amazon EKS.
### 14. What is CloudWatch Contributor Insights?
CloudWatch Contributor Insights provides insights into the top contributors affecting the performance of your resources, helping you identify bottlenecks and optimization opportunities.
### 15. How can you use CloudWatch Logs for troubleshooting?
You can use CloudWatch Logs for troubleshooting by analyzing log data, setting up alarms for specific log patterns, and correlating events to diagnose issues.
### 16. Can CloudWatch Logs Insights query data from multiple log groups?
Yes, CloudWatch Logs Insights can query data from multiple log groups, allowing you to analyze and gain insights from a broader set of log data.
### 17. How can you set up CloudWatch Alarms?
You can set up CloudWatch Alarms by defining a metric, setting a threshold for the metric, and specifying actions to be taken when the threshold is breached.
### 18. What is CloudWatch Anomaly Detection?
CloudWatch Anomaly Detection is a feature that automatically analyzes historical metric data to create a baseline and detect deviations from expected patterns.
### 19. How does CloudWatch support cross-account monitoring?
You can use CloudWatch Cross-Account Cross-Region (CACR) to set up cross-account monitoring, allowing you to view metrics and alarms from multiple AWS accounts.
### 20. Can CloudWatch integrate with other AWS services?
Yes, CloudWatch can integrate with other AWS services like Amazon EC2, Amazon RDS, Lambda, and more to provide enhanced monitoring and insights into resource performance.
================================================
FILE: interview-questions/code-build.md
================================================
### 1. What is AWS CodeBuild?
AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software artifacts, such as executable files or application packages.
### 2. How does CodeBuild work?
CodeBuild uses build specifications defined in buildspec.yml files. When triggered by a source code change, it pulls the code from the repository, follows the build steps specified, and generates the build artifacts.
### 3. What is a buildspec.yml file?
A buildspec.yml file is used to define the build steps, environment settings, and other instructions for CodeBuild. It's stored in the same repository as the source code and provides the necessary information to execute the build.
### 4. How can you integrate CodeBuild with CodePipeline?
You can add a CodeBuild action to your CodePipeline stages. This enables you to use CodeBuild as one of the actions in your CI/CD workflow for building and testing code.
### 5. What programming languages and build environments does CodeBuild support?
CodeBuild supports a wide range of programming languages and build environments, including Java, Python, Node.js, Ruby, Go, .NET, Docker, and more.
### 6. Explain the caching feature in CodeBuild.
The caching feature allows you to store certain directories in Amazon S3 to speed up build times. CodeBuild can fetch cached content instead of rebuilding dependencies, improving overall build performance.
### 7. How does CodeBuild handle environment setup and cleanup?
CodeBuild automatically provisions and manages the build environment based on the specifications in the buildspec.yml file. After the build completes, CodeBuild automatically cleans up the environment.
### 8. Can you customize the build environment in CodeBuild?
Yes, you can customize the build environment by specifying the base image, build tools, environment variables, and more in the buildspec.yml file.
### 9. What are artifacts and how are they used in CodeBuild?
Artifacts are the output files generated by the build process. They can be binaries, archives, or any other build output. These artifacts can be stored in Amazon S3 or other destinations for later use.
### 10. How can you secure sensitive information in your build process?
Sensitive information, such as passwords or API keys, should be stored in AWS Secrets Manager or AWS Systems Manager Parameter Store. You can retrieve these secrets securely during the build process.
### 11. Describe a scenario where you'd use multiple build environments in a CodeBuild project.
You might use multiple build environments to support different stages of the development process. For example, you could have one environment for development builds and another for production releases.
### 12. What is the role of build projects in CodeBuild?
A build project defines how CodeBuild should build your source code. It includes settings like the source repository, build environment, buildspec.yml location, and other configuration details.
### 13. How can you troubleshoot a failing build in CodeBuild?
You can view build logs and examine the output of build steps to identify issues. If a buildspec.yml file has errors, they can often be resolved by reviewing the syntax and ensuring proper settings.
### 14. What's the benefit of using CodeBuild over traditional build tools?
CodeBuild is fully managed and scalable. It eliminates the need to provision and manage build servers, making it easier to set up and scale build processes without infrastructure overhead.
### 15. Can you build Docker images using CodeBuild?
Yes, CodeBuild supports building Docker images as part of the build process. You can define build steps to build and push Docker images to repositories like Amazon ECR.
### 16. How can you integrate third-party build tools with CodeBuild?
You can define build steps in your buildspec.yml file to execute third-party build tools or scripts. This enables seamless integration with tools specific to your project's needs.
### 17. What happens if a build fails in CodeBuild?
If a build fails, CodeBuild can be configured to stop the pipeline in CodePipeline, send notifications, and provide detailed logs to help diagnose and resolve the issue.
### 18. Can you set up multiple build projects within a single CodeBuild project?
Yes, a CodeBuild project can have multiple build projects associated with it. This is useful when you want to build different components of your application in parallel.
### 19. How can you monitor and visualize build performance in CodeBuild?
You can use Amazon CloudWatch to collect and visualize metrics from CodeBuild, such as build duration, success rates, and resource utilization.
### 20. Explain how CodeBuild pricing works.
CodeBuild pricing is based on the number of build minutes consumed. A build minute is billed per minute of code build time, including time spent provisioning and cleaning up the build environment.
================================================
FILE: interview-questions/code-deploy.md
================================================
### 1. What is AWS CodeDeploy?
AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute platforms, including Amazon EC2 instances, AWS Lambda functions, and on-premises servers.
### 2. How does CodeDeploy work?
CodeDeploy coordinates application deployments by pushing code changes to instances, managing deployment lifecycle events, and rolling back deployments if necessary.
### 3. What are the deployment strategies supported by CodeDeploy?
CodeDeploy supports various deployment strategies, including Blue-Green, In-Place, and Canary. Each strategy determines how new code versions are rolled out to instances.
### 4. Explain the Blue-Green deployment strategy in CodeDeploy.
In Blue-Green deployment, two identical environments (blue and green) are set up. New code is deployed to the green environment, and after successful testing, traffic is switched from the blue to the green environment.
### 5. How does CodeDeploy handle rollbacks?
If a deployment fails or triggers alarms, CodeDeploy can automatically roll back to the previous version of the application, minimizing downtime and impact.
### 6. Can you use CodeDeploy for serverless deployments?
Yes, CodeDeploy can be used to deploy AWS Lambda functions. It facilitates smooth updates to Lambda function code without service interruption.
### 7. What is an Application Revision in CodeDeploy?
An Application Revision is a version of your application code that is deployed using CodeDeploy. It can include application files, configuration files, and scripts necessary for deployment.
### 8. How can you integrate CodeDeploy with your CI/CD pipeline?
CodeDeploy can be integrated into your CI/CD pipeline using services like AWS CodePipeline. After successful builds, the pipeline triggers CodeDeploy to deploy the new version.
### 9. What is a Deployment Group in CodeDeploy?
A Deployment Group is a set of instances or Lambda functions targeted for deployment. It defines where the application should be deployed and how the deployment should be executed.
### 10. How can you ensure zero downtime during application deployments?
Zero downtime can be achieved by using strategies like Blue-Green deployments or Canary deployments. These strategies allow you to gradually shift traffic to the new version while testing its stability.
### 11. Explain how you can manage deployment configuration in CodeDeploy.
Deployment configuration specifies parameters such as deployment style, traffic routing, and the order of deployment lifecycle events. It allows you to fine-tune deployment behavior.
### 12. How can you handle database schema changes during deployments?
Database schema changes can be managed using pre- and post-deployment scripts. These scripts ensure that the database is properly updated before and after deployment.
### 13. Describe a scenario where you would use the Canary deployment strategy.
You might use the Canary strategy when you want to gradually expose a new version to a small portion of your users for testing before rolling it out to the entire user base.
### 14. How does CodeDeploy handle instances with different capacities?
CodeDeploy can automatically distribute the new version of the application across instances with varying capacities by taking into account the deployment configuration and specified traffic weights.
### 15. What are hooks in CodeDeploy?
Hooks are scripts that run at various points in the deployment lifecycle. They allow you to perform custom actions, such as validating deployments or running tests, at specific stages.
### 16. How does CodeDeploy ensure consistent deployments across instances?
CodeDeploy uses an agent on each instance that manages deployment lifecycle events and ensures consistent application deployments.
### 17. What is the difference between an EC2/On-Premises deployment and a Lambda deployment in CodeDeploy?
An EC2/On-Premises deployment involves deploying code to instances, while a Lambda deployment deploys code to Lambda functions. Both utilize CodeDeploy's deployment capabilities.
### 18. How can you monitor the progress of a deployment in CodeDeploy?
You can monitor deployments using the AWS Management Console, AWS CLI, or AWS SDKs. CodeDeploy provides detailed logs and metrics to track the status and progress of deployments.
### 19. Can CodeDeploy deploy applications across multiple regions?
Yes, CodeDeploy can deploy applications to multiple regions. However, each region requires its own deployment configuration and setup.
### 20. What is the role of the CodeDeploy agent?
The CodeDeploy agent is responsible for executing deployment instructions on instances. It communicates with the CodeDeploy service and manages deployment lifecycle events.
================================================
FILE: interview-questions/code-pipeline.md
================================================
### 1. What is AWS CodePipeline?
AWS CodePipeline is a fully managed continuous integration and continuous delivery (CI/CD) service that automates the release process of software applications. It enables developers to build, test, and deploy their code changes automatically and efficiently.
### 2. How does CodePipeline work?
CodePipeline orchestrates the flow of code changes through multiple stages. Each stage represents a step in the release process, such as source code retrieval, building, testing, and deployment. Developers define the pipeline structure, including the sequence of stages and associated actions, to automate the entire software delivery lifecycle.
### 3. Explain the basic structure of a CodePipeline.
A CodePipeline consists of stages, actions, and transitions. Stages are logical phases of the pipeline, actions are the tasks performed within those stages (e.g., source code checkout, deployment), and transitions define the flow of execution between stages.
### 4. What are artifacts in CodePipeline?
Artifacts are the output files generated during the build or compilation phase of the pipeline. These artifacts are the result of a successful action and are used as inputs for subsequent stages. For example, an artifact could be a packaged application ready for deployment.
### 5. Describe the role of the Source stage in CodePipeline.
The Source stage is the starting point of the pipeline. It retrieves the source code from a version control repository, such as GitHub or AWS CodeCommit. When changes are detected in the repository, the Source stage triggers the pipeline execution.
### 6. How can you prevent unauthorized changes to the pipeline?
Access to CodePipeline resources can be controlled using AWS Identity and Access Management (IAM) policies. By configuring IAM roles and permissions, you can restrict access to only authorized individuals or processes, preventing unauthorized modifications to the pipeline.
### 7. Can you explain the concept of a manual approval action?
A manual approval action is used to pause the pipeline and require human intervention before proceeding to the next stage. This action is often employed for production deployments, allowing a designated person to review and approve changes before they are released.
### 8. What is a webhook in CodePipeline?
A webhook is a mechanism that allows external systems, such as version control repositories like GitHub, to automatically trigger a pipeline execution when code changes are pushed. This integration facilitates the continuous integration process by initiating the pipeline without manual intervention.
### 9. How can you parallelize actions in CodePipeline?
Parallel execution of actions is achieved by using parallel stages. Within a stage, you can define multiple actions that run concurrently, optimizing the pipeline's execution time and improving overall efficiency.
### 10. What's the difference between AWS CodePipeline and AWS CodeDeploy?
AWS CodePipeline manages the entire CI/CD workflow, encompassing various stages like building, testing, and deploying. AWS CodeDeploy, on the other hand, focuses solely on the deployment phase by automating application deployment to instances or services.
### 11. Describe a scenario where you'd use a custom action in CodePipeline.
A custom action is useful when integrating with third-party tools or services that are not natively supported by CodePipeline's built-in actions. For example, you could create a custom action to integrate with a specialized security scanning tool.
### 12. How can you handle different deployment environments (e.g., dev, test, prod) in CodePipeline?
To handle different deployment environments, you can create separate stages for each environment within the pipeline. This allows you to customize the deployment process, testing procedures, and configurations specific to each environment.
### 13. Explain how you would set up automatic rollbacks in CodePipeline.
Automatic rollbacks can be set up using CloudWatch alarms and AWS Lambda functions. If the deployment triggers an alarm (e.g., error rate exceeds a threshold), the Lambda function can initiate a rollback by deploying the previous version of the application.
### 14. How do you handle sensitive information like API keys in your CodePipeline?
Sensitive information, such as API keys or database credentials, should be stored in AWS Secrets Manager or AWS Systems Manager Parameter Store. During pipeline execution, you can retrieve these secrets and inject them securely into the deployment process.
### 15. Describe Blue-Green deployment and how it can be achieved with CodePipeline.
Blue-Green deployment involves running two separate environments (blue and green) concurrently. CodePipeline can achieve this by having distinct stages for each environment, allowing testing of the new version in the green environment before redirecting traffic from blue to green.
### 16. What is the difference between a pipeline and a stage in CodePipeline?
A pipeline represents the end-to-end workflow, comprising multiple stages. Stages are the individual components within the pipeline, each responsible for specific actions or tasks.
### 17. How can you incorporate testing into your CodePipeline?
Testing can be integrated into CodePipeline by adding testing actions to appropriate stages. Unit tests, integration tests, and other types of tests can be performed as part of the pipeline to ensure code quality and functionality.
### 18. What happens if an action in a pipeline fails?
If an action fails, CodePipeline can be configured to respond in various ways. It can stop the pipeline, notify relevant stakeholders, trigger a rollback, or continue with the pipeline execution based on predefined conditions and actions.
### 19. Explain how you can create a reusable pipeline template in CodePipeline.
To create a reusable pipeline template, you can use AWS CloudFormation. Define the pipeline structure, stages, and actions in a CloudFormation template. This enables you to consistently deploy pipelines across multiple projects or applications.
### 20. Can you integrate CodePipeline with on-premises resources?
Yes, you can integrate CodePipeline with on-premises resources using the AWS CodePipeline on-premises action. This allows you to connect your existing tools and infrastructure with your AWS-based CI/CD pipeline, facilitating hybrid deployments.
================================================
FILE: interview-questions/dynamodb.md
================================================
### 1. What is Amazon DynamoDB?
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. It's designed to handle massive amounts of structured data across various use cases.
### 2. How does Amazon DynamoDB work?
DynamoDB stores data in tables, each with a primary key and optional secondary indexes. It automatically replicates data across multiple Availability Zones for high availability and durability.
### 3. What types of data models does Amazon DynamoDB support?
DynamoDB supports both document data model (key-value pairs) and columnar data model (tables with items and attributes). It's well-suited for a variety of applications, from simple key-value stores to complex data models.
### 4. What are the key features of Amazon DynamoDB?
Key features of DynamoDB include automatic scaling, multi-master replication, global tables for global distribution, support for ACID transactions, and seamless integration with AWS services.
### 5. What is the primary key in Amazon DynamoDB?
The primary key is used to uniquely identify items within a table. It consists of a partition key (and optional sort key), which determines how data is distributed and stored.
### 6. How does partitioning work in Amazon DynamoDB?
DynamoDB divides a table's data into partitions based on the partition key. Each partition can store up to 10 GB of data and handle a certain amount of read and write capacity.
### 7. What is the difference between a partition key and a sort key in DynamoDB?
The partition key is used to distribute data across partitions, while the sort key is used to determine the order of items within a partition. Together, they create a unique identifier for each item.
### 8. How can you query data in Amazon DynamoDB?
You can use the Query operation to retrieve items from a table based on the primary key or a secondary index. Queries are efficient and support various filter expressions.
### 9. What are secondary indexes in Amazon DynamoDB?
Secondary indexes allow you to query the data using attributes other than the primary key. Global secondary indexes span the entire table, while local secondary indexes are created on a specific partition.
### 10. What is eventual consistency in DynamoDB?
DynamoDB offers both strong consistency and eventual consistency for read operations. With eventual consistency, changes made to items may take some time to propagate across all replicas.
### 11. How can you ensure data durability in Amazon DynamoDB?
DynamoDB replicates data across multiple Availability Zones, ensuring data durability and availability even in the event of hardware failures or AZ outages.
### 12. Can you change the schema of an existing Amazon DynamoDB table?
Yes, you can change the schema of an existing DynamoDB table by modifying the provisioned throughput, changing the primary key, adding or removing secondary indexes, and more.
### 13. What is the capacity mode in Amazon DynamoDB?
DynamoDB offers two capacity modes: Provisioned and On-Demand. In Provisioned mode, you provision a specific amount of read and write capacity. In On-Demand mode, capacity is automatically adjusted based on usage.
### 14. How can you automate the scaling of Amazon DynamoDB tables?
You can enable auto scaling for your DynamoDB tables to automatically adjust read and write capacity based on traffic patterns. Auto scaling helps maintain optimal performance.
### 15. What is DynamoDB Streams?
DynamoDB Streams captures changes to items in a table, allowing you to process and react to those changes in real time. It's often used for building event-driven applications.
### 16. How can you back up Amazon DynamoDB tables?
DynamoDB provides backup and restore capabilities. You can create on-demand backups or enable continuous backups, which automatically create backups as data changes.
### 17. What is the purpose of the DynamoDB Accelerator (DAX)?
DynamoDB Accelerator (DAX) is an in-memory cache that provides high-speed access to frequently accessed items. It reduces the need to read data from the main DynamoDB table.
### 18. How can you implement transactions in Amazon DynamoDB?
DynamoDB supports ACID transactions for multiple item updates. You can use the `TransactWriteItems` operation to group multiple updates into a single, atomic transaction.
### 19. What is the difference between Amazon DynamoDB and Amazon S3?
Amazon DynamoDB is a NoSQL database service optimized for high-performance, low-latency applications with structured data. Amazon S3 is an object storage service used for storing files, images, videos, and more.
### 20. What are Global Tables in Amazon DynamoDB?
Global Tables enable you to replicate data across multiple AWS regions, providing low-latency access to DynamoDB data from users around the world.
================================================
FILE: interview-questions/ecr.md
================================================
### 1. What is Amazon Elastic Container Registry (ECR)?
Amazon Elastic Container Registry (ECR) is a fully managed Docker container registry that makes it easy to store, manage, and deploy Docker container images.
### 2. How does Amazon ECR work?
Amazon ECR allows you to push Docker container images to a repository and then pull those images to deploy containers on Amazon ECS, Kubernetes, or other container orchestrators.
### 3. What are the key features of Amazon ECR?
Key features of Amazon ECR include secure and private Docker image storage, integration with AWS Identity and Access Management (IAM), lifecycle policies, and image vulnerability scanning.
### 4. What is a Docker container image?
A Docker container image is a lightweight, standalone, and executable software package that contains everything needed to run a piece of software, including code, runtime, libraries, and settings.
### 5. How do you push Docker images to Amazon ECR?
You can use the `docker push` command to push Docker images to Amazon ECR repositories after authenticating with your AWS credentials.
### 6. How can you pull Docker images from Amazon ECR?
You can use the `docker pull` command to pull Docker images from Amazon ECR repositories after authenticating with your AWS credentials.
### 7. What is the significance of Amazon ECR lifecycle policies?
Amazon ECR lifecycle policies allow you to define rules that automatically clean up and manage images based on conditions like image age, count, and usage.
### 8. How does Amazon ECR support image vulnerability scanning?
Amazon ECR supports image vulnerability scanning by integrating with Amazon ECR Public and AWS Security Hub to provide insights into the security posture of your container images.
### 9. How can you ensure private and secure image storage in Amazon ECR?
Amazon ECR repositories are private by default and can be accessed only by authorized users and roles. You can control access using IAM policies and resource-based policies.
### 10. How does Amazon ECR integrate with Amazon ECS?
Amazon ECR integrates seamlessly with Amazon ECS, allowing you to use your ECR repositories to store and manage container images for your ECS tasks and services.
### 11. What are ECR lifecycle policies?
ECR lifecycle policies are rules you define to manage the retention of images in your repositories. They help keep your image repositories organized and free up storage space.
### 12. Can you use Amazon ECR for multi-region deployments?
Yes, you can use Amazon ECR in multi-region deployments by replicating images across different regions and using cross-region replication.
### 13. What is Amazon ECR Public?
Amazon ECR Public is a feature that allows you to store and share publicly accessible container images. It's useful for distributing open-source software or other public content.
### 14. How can you improve image build and deployment speed using Amazon ECR?
You can improve image build and deployment speed by using Amazon ECR's image layer caching and pulling pre-built base images from the registry.
### 15. What is the Amazon ECR Docker Credential Helper?
The Amazon ECR Docker Credential Helper is a tool that simplifies authentication to Amazon ECR repositories, allowing Docker to authenticate with ECR using IAM credentials.
### 16. How does Amazon ECR support image versioning?
Amazon ECR supports image versioning by allowing you to tag images with different version labels. This helps in maintaining different versions of the same image.
### 17. Can you use Amazon ECR with Kubernetes?
Yes, you can use Amazon ECR with Kubernetes by configuring the necessary authentication and pulling container images from ECR repositories when deploying pods.
### 18. How does Amazon ECR handle image replication?
Amazon ECR provides cross-region replication to replicate images to different AWS regions, improving availability and reducing latency for users in different regions.
### 19. What is the cost structure of Amazon ECR?
Amazon ECR charges based on the amount of data stored in your repositories and the data transferred out to other AWS regions or services.
### 20. How can you ensure high availability for images in Amazon ECR?
Amazon ECR provides high availability by replicating images across multiple Availability Zones within a region, ensuring durability and availability of your container images.
================================================
FILE: interview-questions/ecs.md
================================================
### 1. What is Amazon ECS?
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that allows you to run, manage, and scale Docker containers on a cluster of Amazon EC2 instances or AWS Fargate.
### 2. How does Amazon ECS work?
Amazon ECS simplifies the deployment and management of containers by providing APIs to launch and stop containerized applications. It handles the underlying infrastructure and scaling for you.
### 3. What is a container in the context of Amazon ECS?
A container is a lightweight, standalone executable package that includes everything needed to run a piece of software, including the code, runtime, libraries, and system tools.
### 4. What is a task definition in Amazon ECS?
A task definition is a blueprint for running a Docker container as part of a task in Amazon ECS. It defines container configurations, resources, networking, and more.
### 5. How are tasks and services related in Amazon ECS?
A task is a running container or a group of related containers defined by a task definition. A service in ECS manages the desired number of tasks to maintain availability and desired state.
### 6. What is the difference between Amazon ECS and AWS Fargate?
Amazon ECS gives you control over EC2 instances to run containers, while AWS Fargate is a serverless compute engine for containers. With Fargate, you don't need to manage the underlying infrastructure.
### 7. How can you schedule tasks in Amazon ECS?
Tasks in Amazon ECS can be scheduled using services, which maintain a desired count of tasks in a cluster. You can also use Amazon ECS Events to trigger task execution based on events.
### 8. What is the purpose of the Amazon ECS cluster?
An Amazon ECS cluster is a logical grouping of container instances and tasks. It provides a way to manage and organize your containers within a scalable infrastructure.
### 9. How can you scale containers in Amazon ECS?
You can scale containers by adjusting the desired task count of an ECS service. Amazon ECS automatically adjusts the number of tasks based on your scaling policies.
### 10. What is Amazon ECS Agent?
The Amazon ECS Agent is a component that runs on each EC2 instance in your ECS cluster. It's responsible for communicating with the ECS control plane and managing tasks on the instance.
### 11. What is the difference between a task and a container instance in Amazon ECS?
A task is a running instance of a containerized application, while a container instance is an Amazon EC2 instance that's part of an ECS cluster and runs the ECS Agent.
### 12. How can you manage container secrets in Amazon ECS?
You can manage container secrets using AWS Secrets Manager or AWS Systems Manager Parameter Store. Secrets can be injected into containers at runtime as environment variables.
### 13. What is the purpose of Amazon ECS Capacity Providers?
ECS Capacity Providers allow you to manage capacity and scaling for your tasks. They define how tasks are placed and whether to use On-Demand Instances or Spot Instances.
### 14. Can you use Amazon ECS to orchestrate non-Docker workloads?
Yes, Amazon ECS supports running tasks with the Fargate launch type that allow you to specify images from various sources, including Amazon ECR, Docker Hub, and more.
### 15. How does Amazon ECS integrate with other AWS services?
Amazon ECS integrates with other AWS services like Amazon CloudWatch for monitoring, AWS Identity and Access Management (IAM) for access control, and Amazon VPC for networking.
### 16. What is the difference between the Fargate and EC2 launch types in Amazon ECS?
The Fargate launch type lets you run containers without managing the underlying infrastructure, while the EC2 launch type gives you control over the EC2 instances where containers are deployed.
### 17. How can you manage container networking in Amazon ECS?
Amazon ECS uses Amazon VPC networking for containers. You can configure networking using task definitions, security groups, and subnets to control communication between containers.
### 18. What is the purpose of the Amazon ECS Task Placement Strategy?
Task Placement Strategy allows you to define rules for how tasks are distributed across container instances. It can help optimize resource usage and ensure high availability.
### 19. What is the role of the ECS Service Scheduler?
The ECS Service Scheduler is responsible for placing and managing tasks across the cluster. It ensures tasks are launched, monitored, and replaced as needed.
### 20. How can you ensure high availability in Amazon ECS?
To achieve high availability, you can use Amazon ECS services with multiple tasks running across multiple Availability Zones (AZs), combined with Auto Scaling to maintain
gitextract_8q9m8ecv/
├── LICENSE
├── README.md
├── appspec.yml
├── day-14/
│ ├── README.md
│ └── simple-python-app/
│ ├── Dockerfile
│ ├── app.py
│ ├── appspec.yml
│ ├── buildspec.yml
│ ├── requirements.txt
│ ├── start_container.sh
│ └── stop_container.sh
├── day-16/
│ ├── README.md
│ ├── custom_metrics_demo/
│ │ ├── cloudwatch_metrics.py
│ │ └── requirements.txt
│ └── default_metrics_demo/
│ └── cpu_spike.py
├── day-17/
│ └── README.md
├── day-18/
│ ├── README.md
│ └── ebs_stale_snapshosts.py
├── day-19/
│ └── README.md
├── day-2/
│ ├── README.md
│ └── interview-questions
├── day-20/
│ └── README.md
├── day-21/
│ ├── Dockerfile
│ ├── README.md
│ ├── app.py
│ ├── commands.md
│ └── requirements.txt
├── day-22/
│ ├── 2048-app-deploy-ingress.md
│ ├── README.md
│ ├── alb-controller-add-on.md
│ ├── configure-oidc-connector.md
│ ├── installing-eks.md
│ ├── prerequisites.md
│ └── sample-app.md
├── day-24/
│ ├── main.tf
│ ├── provider.tf
│ ├── userdata.sh
│ ├── userdata1.sh
│ └── variables.tf
├── day-25/
│ ├── README.md
│ ├── lambda_function.py
│ └── lambda_function_permissions.md
├── day-3/
│ └── README.md
├── day-4/
│ └── README.md
├── day-5/
│ └── README.md
├── day-6/
│ └── README.md
├── day-7/
│ └── vpc-demo-2-tier-app
├── day-8/
│ └── Interview_q&a
├── day-9/
│ ├── README.md
│ └── demos/
│ └── bucket-policies/
│ ├── restrict-access-to-owner.json
│ └── static-website-basic.json
├── interview-questions/
│ ├── 01-ADVANCED.md
│ ├── 01-SCENARIO-BASED.md
│ ├── aws-cli.md
│ ├── aws-terraform.md
│ ├── cloud-migration.md
│ ├── cloudformation.md
│ ├── cloudfront.md
│ ├── cloudtrail.md
│ ├── cloudwatch.md
│ ├── code-build.md
│ ├── code-deploy.md
│ ├── code-pipeline.md
│ ├── dynamodb.md
│ ├── ecr.md
│ ├── ecs.md
│ ├── eks.md
│ ├── elastic-bean-stalk.md
│ ├── elastic-cloud-compute.md
│ ├── elb.md
│ ├── iam.md
│ ├── lambda-functions.md
│ ├── rds.md
│ ├── route53.md
│ ├── s3.md
│ ├── systems-manager.md
│ └── vpc.md
└── scripts/
├── start_container.sh
└── stop_container.sh
SYMBOL INDEX (9 symbols across 6 files) FILE: day-14/simple-python-app/app.py function hello (line 6) | def hello(): FILE: day-16/custom_metrics_demo/cloudwatch_metrics.py function index (line 20) | def index(): function product (line 36) | def product(product_id): function log_metric (line 54) | def log_metric(metric_name, value): FILE: day-16/default_metrics_demo/cpu_spike.py function simulate_cpu_spike (line 3) | def simulate_cpu_spike(duration=30, cpu_percent=80): FILE: day-18/ebs_stale_snapshosts.py function lambda_handler (line 3) | def lambda_handler(event, context): FILE: day-21/app.py function hello (line 9) | def hello(): function greet (line 14) | def greet(name): FILE: day-25/lambda_function.py function lambda_handler (line 4) | def lambda_handler(event, context):
Condensed preview — 79 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (252K chars).
[
{
"path": "LICENSE",
"chars": 11357,
"preview": " Apache License\n Version 2.0, January 2004\n "
},
{
"path": "README.md",
"chars": 11696,
"preview": "# aws-devops-zero-to-hero\n\nComplete YouTube playlist - https://www.youtube.com/playlist?list=PLdpzxOOAlwvLNOxX0RfndiYSt1"
},
{
"path": "appspec.yml",
"chars": 224,
"preview": "version: 0.0\nos: linux\n\nhooks:\n ApplicationStop:\n - location: scripts/stop_container.sh\n timeout: 300\n run"
},
{
"path": "day-14/README.md",
"chars": 4104,
"preview": "# AWS Continuous Integration Demo\n\n## Set Up GitHub Repository\n\nThe first step in our CI journey is to set up a GitHub r"
},
{
"path": "day-14/simple-python-app/Dockerfile",
"chars": 469,
"preview": "# Base image\nFROM python:3.8\n\n# Set the working directory inside the container\nWORKDIR /app\n\n# Copy the requirements fil"
},
{
"path": "day-14/simple-python-app/app.py",
"chars": 147,
"preview": "from flask import Flask\n\napp = Flask(__name__)\n\n@app.route('/')\ndef hello():\n return 'Hello, world!'\n\nif __name__ == "
},
{
"path": "day-14/simple-python-app/appspec.yml",
"chars": 225,
"preview": "version: 0.0\nos: linux\n\nhooks:\n ApplicationStop:\n - location: scripts/stop_container.sh\n timeout: 300\n run"
},
{
"path": "day-14/simple-python-app/buildspec.yml",
"chars": 1025,
"preview": "version: 0.2\n\nenv:\n parameter-store:\n DOCKER_REGISTRY_USERNAME: /myapp/docker-credentials/username\n DOCKER_REGIST"
},
{
"path": "day-14/simple-python-app/requirements.txt",
"chars": 5,
"preview": "flask"
},
{
"path": "day-14/simple-python-app/start_container.sh",
"chars": 109,
"preview": "#!/bin/bash\nset -e\n\n# Pull the Docker image from Docker Hub\necho\n\n# Run the Docker image as a container\necho\n"
},
{
"path": "day-14/simple-python-app/stop_container.sh",
"chars": 68,
"preview": "#!/bin/bash\nset -e\n\n# Stop the running container (if any)\necho \"Hi\"\n"
},
{
"path": "day-16/README.md",
"chars": 2765,
"preview": "# AWS CLOUD WATCH \n\nWelcome back to our \"30 Days AWS Zero to Hero\" series. Today, on Day 16, we will deep dive into AWS "
},
{
"path": "day-16/custom_metrics_demo/cloudwatch_metrics.py",
"chars": 1701,
"preview": "from flask import Flask\nimport time\nimport random\nimport boto3\n\n\napp = Flask(__name__)\n\n# Initialize AWS CloudWatch clie"
},
{
"path": "day-16/custom_metrics_demo/requirements.txt",
"chars": 11,
"preview": "flask\nboto3"
},
{
"path": "day-16/default_metrics_demo/cpu_spike.py",
"chars": 914,
"preview": "import time\n\ndef simulate_cpu_spike(duration=30, cpu_percent=80):\n print(f\"Simulating CPU spike at {cpu_percent}%...\""
},
{
"path": "day-17/README.md",
"chars": 3605,
"preview": "# AWS Lambda Deep Dive for Beginners\n\n## Introduction to Serverless Computing\n\nToday, we're going to embark on an exciti"
},
{
"path": "day-18/README.md",
"chars": 646,
"preview": "# AWS Cloud Cost Optimization - Identifying Stale Resources\n\n## Identifying Stale EBS Snapshots\n\nIn this example, we'll "
},
{
"path": "day-18/ebs_stale_snapshosts.py",
"chars": 1859,
"preview": "import boto3\n\ndef lambda_handler(event, context):\n ec2 = boto3.client('ec2')\n\n # Get all EBS snapshots\n respons"
},
{
"path": "day-19/README.md",
"chars": 5199,
"preview": "# Comprehensive Guide to CDN and CloudFront on AWS for Beginners\n\nIf you've never heard of CDN or CloudFront before, don"
},
{
"path": "day-2/README.md",
"chars": 2855,
"preview": "# IAM\n\nAWS IAM (Identity and Access Management) is a service provided by Amazon Web Services (AWS) that helps you manage"
},
{
"path": "day-2/interview-questions",
"chars": 2398,
"preview": "# Interview Questions\n\nQ: What is AWS IAM, and why is it important?\n\nA: AWS IAM (Identity and Access Management) is a se"
},
{
"path": "day-20/README.md",
"chars": 4076,
"preview": "# Introduction to AWS ECR (Elastic Container Registry)\n\nIn this video, we will deep dive into the fundamental concepts o"
},
{
"path": "day-21/Dockerfile",
"chars": 511,
"preview": "# Use the official Python image as the base image\nFROM python:3.9\n\n# Set the working directory in the container\nWORKDIR "
},
{
"path": "day-21/README.md",
"chars": 5947,
"preview": "# AWS ECS Deep Dive\n\n## Introduction\n\nIn the ever-evolving world of cloud computing, containerization has emerged as a p"
},
{
"path": "day-21/app.py",
"chars": 347,
"preview": "# app.py\n\nfrom flask import Flask\n\napp = Flask(__name__)\n\n# Route to the root URL\n@app.route('/')\ndef hello():\n retur"
},
{
"path": "day-21/commands.md",
"chars": 535,
"preview": "# Login to ECR (replace <region> and <account-id> with your actual values)\n$ aws ecr get-login-password --region <region"
},
{
"path": "day-21/requirements.txt",
"chars": 13,
"preview": "Flask==2.0.1\n"
},
{
"path": "day-22/2048-app-deploy-ingress.md",
"chars": 533,
"preview": "# 2048 App\n\n## Create Fargate profile\n\n```\neksctl create fargateprofile \\\n --cluster demo-cluster \\\n --region us-e"
},
{
"path": "day-22/README.md",
"chars": 14247,
"preview": "# AWS EKS \n\n## Introduction\n\n## Table of Contents:\n\n1. [Understanding Kubernetes Fundamentals](#understanding-kubernetes"
},
{
"path": "day-22/alb-controller-add-on.md",
"chars": 1233,
"preview": "# How to setup alb add on\n\nDownload IAM policy\n\n```\ncurl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-b"
},
{
"path": "day-22/configure-oidc-connector.md",
"chars": 477,
"preview": "# commands to configure IAM OIDC provider \n\n```\nexport cluster_name=demo-cluster\n```\n\n```\noidc_id=$(aws eks describe-clu"
},
{
"path": "day-22/installing-eks.md",
"chars": 266,
"preview": "# Install EKS\n\nPlease follow the prerequisites doc before this.\n\n## Install using Fargate\n\n```\neksctl create cluster --n"
},
{
"path": "day-22/prerequisites.md",
"chars": 1013,
"preview": "# prerequisites\n\nkubectl – A command line tool for working with Kubernetes clusters. For more information, see [Installi"
},
{
"path": "day-22/sample-app.md",
"chars": 1323,
"preview": "# Sample App deployment\n\n## Copy the deploy.yml to your local and save it with name deploy.yml\n\n```\napiVersion: apps/v1\n"
},
{
"path": "day-24/main.tf",
"chars": 3260,
"preview": "resource \"aws_vpc\" \"myvpc\" {\n cidr_block = var.cidr\n}\n\nresource \"aws_subnet\" \"sub1\" {\n vpc_id = aws_v"
},
{
"path": "day-24/provider.tf",
"chars": 184,
"preview": "terraform {\n required_providers {\n aws = {\n source = \"hashicorp/aws\"\n version = \"5.11.0\"\n }\n }\n}\n\npro"
},
{
"path": "day-24/userdata.sh",
"chars": 1058,
"preview": "#!/bin/bash\napt update\napt install -y apache2\n\n# Get the instance ID using the instance metadata\nINSTANCE_ID=$(curl -s h"
},
{
"path": "day-24/userdata1.sh",
"chars": 1049,
"preview": "#!/bin/bash\napt update\napt install -y apache2\n\n# Get the instance ID using the instance metadata\nINSTANCE_ID=$(curl -s h"
},
{
"path": "day-24/variables.tf",
"chars": 45,
"preview": "variable \"cidr\" {\n default = \"10.0.0.0/16\"\n}"
},
{
"path": "day-25/README.md",
"chars": 1768,
"preview": "# AWS Config\n\nwe'll use AWS Config to detect compliant and non-compliant ec2 instances for below rule.\n- compliant ec2 i"
},
{
"path": "day-25/lambda_function.py",
"chars": 1324,
"preview": "import boto3\nimport json\n\ndef lambda_handler(event, context):\n\n # Get the specific EC2 instance.\n ec2_client = bot"
},
{
"path": "day-25/lambda_function_permissions.md",
"chars": 269,
"preview": "Below are the permissions that you need to grant to the role that executes the lambda function used in the project.\n\n![S"
},
{
"path": "day-3/README.md",
"chars": 4230,
"preview": "# What will you learn \n\n## Introduction to EC2:\n\nWhat is EC2, and why is it important?\n\n```\n- Amazon Elastic Compute Clo"
},
{
"path": "day-4/README.md",
"chars": 4464,
"preview": "# VPC\n\nImagine you want to set up a private, secure, and isolated area in the cloud where you can run your applications "
},
{
"path": "day-5/README.md",
"chars": 2678,
"preview": "# AWS Security using Security Groups and NACL \n\nAWS (Amazon Web Services) provides multiple layers of security to protec"
},
{
"path": "day-6/README.md",
"chars": 16,
"preview": "# Route53\n\nTODO\n"
},
{
"path": "day-7/vpc-demo-2-tier-app",
"chars": 74,
"preview": "# VPC Demo for 2 tier app in private subnet\n\nhttps://youtu.be/FZPTL_kNvXc\n"
},
{
"path": "day-8/Interview_q&a",
"chars": 8754,
"preview": "# Scenario Based Interview Questions on EC2, IAM and VPC\n\n\nQ: You have been assigned to design a VPC architecture for a "
},
{
"path": "day-9/README.md",
"chars": 8238,
"preview": "# AWS S3\n\n## About \n\nWhat is Amazon S3?\n\nSimple Storage Service is a scalable and secure cloud storage service provided "
},
{
"path": "day-9/demos/bucket-policies/restrict-access-to-owner.json",
"chars": 458,
"preview": "{\n \"Version\": \"2012-10-17\",\n \"Id\": \"RestrictBucketToIAMUsersOnly\",\n \"Statement\": [\n {\n \"Sid\": \"AllowOwnerOnly"
},
{
"path": "day-9/demos/bucket-policies/static-website-basic.json",
"chars": 338,
"preview": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"PublicReadGetObject\",\n \"Effec"
},
{
"path": "interview-questions/01-ADVANCED.md",
"chars": 4318,
"preview": "### 1. **Question:** Explain the concept of \"GitOps\" and how it aligns with DevOps principles.\n**Answer:** GitOps is a D"
},
{
"path": "interview-questions/01-SCENARIO-BASED.md",
"chars": 7408,
"preview": "### 1. **Scenario:** You have a microservices application that needs to scale dynamically based on traffic. How would yo"
},
{
"path": "interview-questions/aws-cli.md",
"chars": 4304,
"preview": "### 1. What is the AWS Command Line Interface (CLI)?\nThe AWS Command Line Interface (CLI) is a unified tool that allows "
},
{
"path": "interview-questions/aws-terraform.md",
"chars": 4071,
"preview": "### 1. What is Terraform?\nTerraform is an open-source Infrastructure as Code (IaC) tool that allows you to define, manag"
},
{
"path": "interview-questions/cloud-migration.md",
"chars": 4220,
"preview": "### 1. What is cloud migration?\nCloud migration refers to the process of moving applications, data, and workloads from o"
},
{
"path": "interview-questions/cloudformation.md",
"chars": 4462,
"preview": "### 1. What is AWS CloudFormation?\nAWS CloudFormation is a service that allows you to define and provision infrastructur"
},
{
"path": "interview-questions/cloudfront.md",
"chars": 3677,
"preview": "### 1. What is Amazon CloudFront?\nAmazon CloudFront is a Content Delivery Network (CDN) service provided by AWS that acc"
},
{
"path": "interview-questions/cloudtrail.md",
"chars": 4132,
"preview": "### 1. What is AWS CloudTrail?\nAWS CloudTrail is a service that provides governance, compliance, and audit capabilities "
},
{
"path": "interview-questions/cloudwatch.md",
"chars": 4308,
"preview": "### 1. What is Amazon CloudWatch?\nAmazon CloudWatch is a monitoring and observability service that provides insights int"
},
{
"path": "interview-questions/code-build.md",
"chars": 4956,
"preview": "### 1. What is AWS CodeBuild?\nAWS CodeBuild is a fully managed continuous integration service that compiles source code,"
},
{
"path": "interview-questions/code-deploy.md",
"chars": 4785,
"preview": "### 1. What is AWS CodeDeploy?\nAWS CodeDeploy is a fully managed deployment service that automates software deployments "
},
{
"path": "interview-questions/code-pipeline.md",
"chars": 6441,
"preview": "### 1. What is AWS CodePipeline?\nAWS CodePipeline is a fully managed continuous integration and continuous delivery (CI/"
},
{
"path": "interview-questions/dynamodb.md",
"chars": 4849,
"preview": "### 1. What is Amazon DynamoDB?\nAmazon DynamoDB is a fully managed NoSQL database service that provides fast and predict"
},
{
"path": "interview-questions/ecr.md",
"chars": 4393,
"preview": "### 1. What is Amazon Elastic Container Registry (ECR)?\nAmazon Elastic Container Registry (ECR) is a fully managed Docke"
},
{
"path": "interview-questions/ecs.md",
"chars": 4776,
"preview": "### 1. What is Amazon ECS?\nAmazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration serv"
},
{
"path": "interview-questions/eks.md",
"chars": 4550,
"preview": "### 1. What is Amazon EKS?\nAmazon Elastic Kubernetes Service (Amazon EKS) is a fully managed Kubernetes service that mak"
},
{
"path": "interview-questions/elastic-bean-stalk.md",
"chars": 5269,
"preview": "### 1. What is AWS Elastic Beanstalk?\nAWS Elastic Beanstalk is a platform-as-a-service (PaaS) offering that simplifies a"
},
{
"path": "interview-questions/elastic-cloud-compute.md",
"chars": 5018,
"preview": "### 1. What is Amazon EC2?\nAmazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute ca"
},
{
"path": "interview-questions/elb.md",
"chars": 5349,
"preview": "Certainly! Here are 20 interview questions related to Elastic Load Balancers (ELBs) in AWS, along with detailed answers "
},
{
"path": "interview-questions/iam.md",
"chars": 4423,
"preview": "### 1. What is AWS Identity and Access Management (IAM)?\nAWS IAM is a service that allows you to manage users, groups, a"
},
{
"path": "interview-questions/lambda-functions.md",
"chars": 4751,
"preview": "### 1. What is AWS Lambda?\nAWS Lambda is a serverless compute service that lets you run code without provisioning or man"
},
{
"path": "interview-questions/rds.md",
"chars": 4836,
"preview": "### 1. What is Amazon RDS?\nAmazon RDS is a managed relational database service that simplifies database setup, operation"
},
{
"path": "interview-questions/route53.md",
"chars": 4230,
"preview": "### 1. What is Amazon Route 53?\nAmazon Route 53 is a scalable and highly available Domain Name System (DNS) web service "
},
{
"path": "interview-questions/s3.md",
"chars": 4631,
"preview": "### 1. What is Amazon S3?\nAmazon Simple Storage Service (Amazon S3) is a scalable object storage service designed to sto"
},
{
"path": "interview-questions/systems-manager.md",
"chars": 4544,
"preview": "Certainly! Here are 20 interview questions related to AWS Systems Manager, along with detailed answers in Markdown forma"
},
{
"path": "interview-questions/vpc.md",
"chars": 4248,
"preview": "### 1. What is Amazon Virtual Private Cloud (VPC)?\nAmazon VPC is a logically isolated section of the AWS Cloud where you"
},
{
"path": "scripts/start_container.sh",
"chars": 208,
"preview": "#!/bin/bash\nset -e\n\n# Pull the Docker image from Docker Hub\ndocker pull abhishekf5/simple-python-flask-app\n\n# Run the Do"
},
{
"path": "scripts/stop_container.sh",
"chars": 67,
"preview": "#!/bin/bash\nset -e\n\n# Stop the running container (if any)\necho \"Hi\""
}
]
About this extraction
This page contains the full source code of the iam-veeramalla/aws-devops-zero-to-hero GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 79 files (237.6 KB), approximately 51.9k tokens, and a symbol index with 9 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.