Amazon EC2 Mac Instances


In this article we will see about recently launched EC2 Mac instance.



What is AWS EC2 Mac Instances?

Amazon EC2 Mac instances enable customers to run on-demand macOS workloads in the cloud for the first time, extending the flexibility, scalability, and cost benefits of AWS to all Apple developers. With EC2 Mac instances, developers creating apps for iPhone, iPad, Mac, Apple Watch, Apple TV, and Safari can provision and access macOS environments within minutes, dynamically scale capacity as needed, and benefit from AWS’s pay-as-you-go pricing.

EC2 Mac instances are built on Apple Mac minicomputers featuring Intel Core i7 processors, and offer customers a choice of both macOS Mojave (10.14) and macOS Catalina (10.15) operating systems, with support for macOS Big Sur (11.0) coming soon

History: Announcing Amazon EC2 Mac instances for macOS
November 30th, 2020

Use Amazon EC2 Mac Instances to Build & Test macOS, iOS, iPadOS, tvOS, and watchOS Apps


Benefit of AWS EC2 Mac Instances

Quickly provision macOS environments:

Time and resources previously spent building and maintaining on-premises macOS environments can now be refocused on building creative and useful apps. Development teams can now seamlessly provision and access macOS compute environments to enjoy convenient, distributed testing and fast app builds, bringing additional choice to developers so they can use Mac as their trusted platform, on-premises or in the cloud. EC2 Mac instances offload the heavy lifting that comes with managing infrastructure to AWS, which means Apple developers can focus entirely on building great apps.

Reduce costs:

EC2 Mac instances allow developers to launch macOS environments within minutes, adjust provisioned capacity as needed, and only pay for actual usage with AWS’s pay-as-you-go pricing. Developers save money since they only need to pay for the systems that are in use. For example, more capacity can be used when building an app, and less capacity when testing.

Extend your toolkits:

EC2 Mac instances provide developers with seamless access to dozens of AWS services so they can more easily and efficiently collaborate with team members, and develop, build, test, analyze, and improve their apps. Similar to other EC2 instances, customers can easily use EC2 Mac instances together with AWS services and features like Amazon Virtual Private Cloud (VPC) for network security, Amazon Elastic Block Storage (EBS) for expandable storage, Amazon Elastic Load Balancer (ELB) for distributing build queues, Amazon FSx for scalable file storage, and AWS Systems Manager (SSM) for configuring, managing, and patching macOS environments.

Features of AWS EC2 Mac Instances



Built on Apple Mac hardware:

Amazon EC2 Mac instances are built on Apple Mac mini computers, featuring 8th Generation 3.2GHz (4.6GHz turbo) Intel Core i7 processors with 6 physical/12 logical cores, and 32GiB of Memory.

Enabled by the AWS Nitro System:

The AWS Nitro System is a rich collection of building blocks that offloads many of the traditional software-defined functions to dedicated hardware and software to deliver high performance, high availability, and high security. Amazon EC2 Mac instances are uniquely enabled by the AWS Nitro System, which makes it possible to offer Mac mini computers as fully integrated and managed EC2 instances to provide 10 Gbps of VPC network bandwidth and 8 Gbps of EBS storage bandwidth.

Scaled on highly reliable infrastructure:

EC2 Mac instances are designed so that customers can build critical applications with confidence. AWS has the most secure, extensive, and reliable global infrastructure for running workloads that require high availability, and is recognized as an industry leader for uptime standards. EC2 Mac instances enable your macOS workloads to benefit from the scale, elasticity, reliability, and experience that AWS’s secure, on-demand infrastructure has offered to millions of customers for more than a decade.

AWS EC2 Mac Instances available today in Regions



EC2 Mac instances are available today in US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), and Asia-Pacific (Singapore) AWS Regions as EC2 Dedicated Hosts with a minimum host allocation duration of 24 hours. EC2 Mac instances are available for purchase On-Demand or as part of Savings Plan (1 year and 3 year). 


How to create AWS EC2 Mac Instances?


Firstly, login on AWS console and click on service and click on ec2 and then click on launch instance



Select macOS Catalina or Mojave one of them



Currently only one instance type is available which is by default select so click on Review and launch instance





Review all the details and click on launch button and after that you have successfully created a Mac instance.






 AWS Security Group

In this article, we will see about AWS Security Group.



What is a Security Group?


A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups. 

If you don't specify a security group, Amazon EC2 uses the default security group. You can add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time. 

New and modified rules are automatically applied to all instances that are associated with the security group. When Amazon EC2 decides whether to allow traffic to reach an instance, it evaluates all of the rules from all of the security groups that are associated with the instance.

When you launch an instance in a VPC, you must specify a security group that's created for that VPC. After you launch an instance, you can change its security groups. Security groups are associated with network interfaces.



What is Security Group Rules


The rules of a security group control the inbound traffic that's allowed to reach the instances that are associated with the security group. The rules also control the outbound traffic that's allowed to leave them.

The following are the characteristics of security group rules:

By default, security groups allow all outbound traffic.

Security group rules are always permissive; you can't create rules that deny access.

Security groups are stateful — if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. For VPC security groups, this also means that responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.

You can add and remove rules at any time. Your changes are automatically applied to the instances that are associated with the security group

When you associate multiple security groups with an instance, the rules from each security group are effectively aggregated to create one set of rules. Amazon EC2 uses this set of rules to determine whether to allow access.



How to create a Security Group?


Open your AWS console and type VPC on find service and open that



Click on Security Groups



Click on Create Security Group to Create Security Group 





Mention these details in require field and click on Create Security Group





 AWS ELB (Elastic Load Balancer)

In this article, we will see about AWS ELB (Elastic Load Balancer)





What is AWS ELB?


Load balancer is a service which uniformly distributes network traffic and workloads across multiple servers or cluster of servers. Load balancer in AWS increases the availability and fault tolerance of an application. AWS Elastic Load Balancer is the single point of contact to all the clients, they can be sent to the nearest geographic instance or the instance with the lowest latency.

AWS Load balancer will distribute your workloads across multiple compute resources, such as a Virtual Machine or Virtual Server. The application availability and failover will decrease due to this. You can also let your load balancer take care of your encryption and decryption and let your compute services do their main work.

How many types of ELB?


There are mainly three types of Amazon load balancers:

Classic Load Balancer

Network Load Balancer



Application Load Balancer


Classic Load Balancer:


Classic Load balancer in AWS is used on EC2-classic instances. This is the previous generation’s load balancer and also it doesn’t allow host-based or path-based routing.

The Classic Load balancer will route traffic to all registered targets in the Availability Zones, it doesn’t check what is in the servers in those targets. It routes to every single target. Mostly it is used to route traffic to one single URL.




Network Load Balancer:


Network Load Balancer in AWS takes routing decisions in the Transport layer (TCP/SSL) of the OSI model, it can handle millions of requests per second. Widely used to load balancing the TCP traffic and it will also support elastic or static IP.

Let us see a simple example, you own a video sharing website which has decent traffic every day. One day, after a video on your website, went viral the website’s traffic is very high and you need an immediate solution to maintain it. AWS Network Load Balancer to the rescue!

AWS Network Load Balancer can be trusted in these types of situations. It can handle millions of requests and a sudden spike of traffic because it works at the connection level.




Application Load Balancer:


An Application Load Balancer in AWS makes routing decisions at the application layer (HTTP/HTTPs) of the OSI model, thus the name Application Load Balancer. ALB supports path-based and host-based routing, we will look at them after learning how the ALB works.



The Application Load Balancer receives the route requests, then it inspects the received packets. Then it chooses the best target possible for the type of load and sends to the target with the highest efficiency.



The benefit of AWS ELB


Highly Available

ELB distributes traffic evenly among all the targets, for example, multiple EC2 instances.
ELB has an SLA of 99.99%

Flexible

ELB let’s you route traffic with the application’s IP address, this allows you launch multiple applications in a single instance.

Highly secure

You can implement robust security features using Amazon VPC with Amazon ELB

Elastically scalable

ELB can handle sudden spikes in traffic and can handle millions of requests per second. Whenever there is a traffic increase, an auto-scaling feature will be enabled, and also load balancing rules will be used to provide the website users a seamless performance

Hybrid load balancing

You can use the same Amazon load balancer to balance across applications on your on-premises set up and your AWS infrastructure. Now, it will be very easy to migrate your application from on-premise to AWS cloud.

Robust monitoring and auditing

Applications and their performance can be monitored and maintained. You can also use CloudWatch metrics and logs to analyze our applications data, traffic, and working

 AWS CloudWatch

In this article, we will see about AWS CloudWatch.



What is CloudWatch?


Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. 

CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. 



CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers. 

You can use CloudWatch to detect anomalous behavior in your environments,  set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly.

How does CloudWatch works?




Advantages of Amazon CloudWatch

One dashboard, Access all data
The web applications produce a lot data as they are highly distributed, to access all the data which have been collected you just need a single CloudWatch dashboard.



Visibility on the complete Infrastructure
You can see through all the AWS resources and services you use, so you can correlate and contradict data produced from multiple services.

Improve total cost of ownership
CloudWatch can be used to set high resolution alarms and can take automated actions while there is a breach in the limits provided. This can help in minimize the costs spent on AWS services

Insights from logs
       You receive detailed insights on separate AWS services and the applications you run on the infrastructure.      Data like memory, CPU utilization, and capacity utilization can be monitored and receive insights from it

Optimize Applications and resources
Using the log and metric data, you can optimize your AWS services to provide maximum throughput and performance.


 AWS CloudTrail

In this article, we will see about AWS Cloud Trail.



What is CloudTrail?




AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. 

CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. In addition, you can use CloudTrail to detect unusual activity in your AWS accounts. These capabilities help simplify operational analysis and troubleshooting.

How Does CloudTrail work?







What is the benefit of CloudTrail?


CloudTrail provides the user with several benefits and they are:

Simplified compliance: 
With AWS CloudTrail, simplify your compliance audits by automatically recording and storing event logs for actions made within your AWS account. Integration with Amazon CloudWatch Logs provides a convenient way to search through log data, identify out-of-compliance events, accelerate incident investigations, and expedite responses to auditor requests.

Visibility into user and resource activity:
AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred.

Security analysis and troubleshooting:
With AWS CloudTrail, you can discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account within a specified period of time.

Security automation:
AWS CloudTrail allows you track and automatically respond to account activity threatening the security of your AWS resources. With Amazon CloudWatch Events integration, you can define workflows that execute when events that can result in security are detected. For example, you can create a workflow to add a specific policy to an Amazon S3 bucket when CloudTrail logs an API call that makes that bucket public.


How to create CloudTrail Log?


Open AWS console and Go to Services and Click on CloudTrail






Click on Trails  and then click on Create Trail



Fill Require Information and click on Create







 AWS CloudFront (CDN – Content Delivery Network)


In this article, we will see about AWS CloudFront (CDN – Content Delivery Network)



What is AWS CloudFront?


CloudFront is a CDN (Content Delivery Network). It retrieves data from the Amazon S3 bucket and distributes it to multiple datacenter locations. It delivers the data through a network of data centers called edge locations. The nearest edge location is routed when the user requests for data, resulting in the lowest latency, low network traffic, fast access to data, etc.

Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. CloudFront works seamlessly with services including AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing, or Amazon EC2 as origins for your applications, and Lambda@Edge to run custom code closer to customers’ users and to customize the user experience. Lastly, if you use AWS origins such as Amazon S3, Amazon EC2 or Elastic Load Balancing, you don’t pay for any data transferred between these services and CloudFront.



AWS CloudFront delivers the content in the following steps.


Step 1 − The user accesses a website and requests an object to download like an image file.

Step 2 − DNS routes your request to the nearest CloudFront edge location to serve the user request.

Step 3 − At edge location, CloudFront checks its cache for the requested files. If found, then returns it to the user otherwise does the following −

First CloudFront compares the request with the specifications and forwards it to the applicable origin server for the corresponding file type.

The origin servers send the files back to the CloudFront edge location.

As soon as the first byte arrives from the origin, CloudFront starts forwarding it to the user and adds the files to the cache in the edge location for the next time when someone again requests for the same file.

Step 4 − The object is now in an edge cache for 24 hours or for the provided duration in file headers. CloudFront does the following −

CloudFront forwards the next request for the object to the user’s origin to check the edge location version is updated or not.

If the edge location version is updated, then CloudFront delivers it to the user.
If the edge location version is not updated, then origin sends the latest version to CloudFront. CloudFront delivers the object to the user and stores the latest version in the cache at that edge location.


Features of CloudFront


Fast − The broad network of edge locations and CloudFront caches copies of content close to the end-users that results in lowering latency, high data transfer rates and low network traffic. All these make CloudFront fast.

Simple − It is easy to use.

Can be used with other AWS Services − Amazon CloudFront is designed in such a way that it can be easily integrated with other AWS services, like Amazon S3, Amazon EC2.

Cost-effective − Using Amazon CloudFront, we pay only for the content that you deliver through the network, without any hidden charges and no up-front fees.

Elastic − Using Amazon CloudFront, we need not worry about maintenance. The service automatically responds if any action is needed, in case the demand increases or decreases.

Reliable − Amazon CloudFront is built on Amazon’s highly reliable infrastructure, i.e. its edge locations will automatically re-route the end users to the next nearest location, if required in some situations.

Global − Amazon CloudFront uses a global network of edge locations located in most of the regions.

How to Set Up AWS CloudFront?




Login on your AWS console and click on service after that click on CloudFront.



Click on Create Distribution


Click on Get Started


Fill Require details




Click on Create Distribution