AWS Security Group

In this article, we will see about AWS Security Group.



What is a Security Group?


A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups. 

If you don't specify a security group, Amazon EC2 uses the default security group. You can add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time. 

New and modified rules are automatically applied to all instances that are associated with the security group. When Amazon EC2 decides whether to allow traffic to reach an instance, it evaluates all of the rules from all of the security groups that are associated with the instance.

When you launch an instance in a VPC, you must specify a security group that's created for that VPC. After you launch an instance, you can change its security groups. Security groups are associated with network interfaces.



What is Security Group Rules


The rules of a security group control the inbound traffic that's allowed to reach the instances that are associated with the security group. The rules also control the outbound traffic that's allowed to leave them.

The following are the characteristics of security group rules:

By default, security groups allow all outbound traffic.

Security group rules are always permissive; you can't create rules that deny access.

Security groups are stateful — if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. For VPC security groups, this also means that responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.

You can add and remove rules at any time. Your changes are automatically applied to the instances that are associated with the security group

When you associate multiple security groups with an instance, the rules from each security group are effectively aggregated to create one set of rules. Amazon EC2 uses this set of rules to determine whether to allow access.



How to create a Security Group?


Open your AWS console and type VPC on find service and open that



Click on Security Groups



Click on Create Security Group to Create Security Group 





Mention these details in require field and click on Create Security Group





 AWS ELB (Elastic Load Balancer)

In this article, we will see about AWS ELB (Elastic Load Balancer)





What is AWS ELB?


Load balancer is a service which uniformly distributes network traffic and workloads across multiple servers or cluster of servers. Load balancer in AWS increases the availability and fault tolerance of an application. AWS Elastic Load Balancer is the single point of contact to all the clients, they can be sent to the nearest geographic instance or the instance with the lowest latency.

AWS Load balancer will distribute your workloads across multiple compute resources, such as a Virtual Machine or Virtual Server. The application availability and failover will decrease due to this. You can also let your load balancer take care of your encryption and decryption and let your compute services do their main work.

How many types of ELB?


There are mainly three types of Amazon load balancers:

Classic Load Balancer

Network Load Balancer



Application Load Balancer


Classic Load Balancer:


Classic Load balancer in AWS is used on EC2-classic instances. This is the previous generation’s load balancer and also it doesn’t allow host-based or path-based routing.

The Classic Load balancer will route traffic to all registered targets in the Availability Zones, it doesn’t check what is in the servers in those targets. It routes to every single target. Mostly it is used to route traffic to one single URL.




Network Load Balancer:


Network Load Balancer in AWS takes routing decisions in the Transport layer (TCP/SSL) of the OSI model, it can handle millions of requests per second. Widely used to load balancing the TCP traffic and it will also support elastic or static IP.

Let us see a simple example, you own a video sharing website which has decent traffic every day. One day, after a video on your website, went viral the website’s traffic is very high and you need an immediate solution to maintain it. AWS Network Load Balancer to the rescue!

AWS Network Load Balancer can be trusted in these types of situations. It can handle millions of requests and a sudden spike of traffic because it works at the connection level.




Application Load Balancer:


An Application Load Balancer in AWS makes routing decisions at the application layer (HTTP/HTTPs) of the OSI model, thus the name Application Load Balancer. ALB supports path-based and host-based routing, we will look at them after learning how the ALB works.



The Application Load Balancer receives the route requests, then it inspects the received packets. Then it chooses the best target possible for the type of load and sends to the target with the highest efficiency.



The benefit of AWS ELB


Highly Available

ELB distributes traffic evenly among all the targets, for example, multiple EC2 instances.
ELB has an SLA of 99.99%

Flexible

ELB let’s you route traffic with the application’s IP address, this allows you launch multiple applications in a single instance.

Highly secure

You can implement robust security features using Amazon VPC with Amazon ELB

Elastically scalable

ELB can handle sudden spikes in traffic and can handle millions of requests per second. Whenever there is a traffic increase, an auto-scaling feature will be enabled, and also load balancing rules will be used to provide the website users a seamless performance

Hybrid load balancing

You can use the same Amazon load balancer to balance across applications on your on-premises set up and your AWS infrastructure. Now, it will be very easy to migrate your application from on-premise to AWS cloud.

Robust monitoring and auditing

Applications and their performance can be monitored and maintained. You can also use CloudWatch metrics and logs to analyze our applications data, traffic, and working

 AWS CloudWatch

In this article, we will see about AWS CloudWatch.



What is CloudWatch?


Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. 

CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. 



CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers. 

You can use CloudWatch to detect anomalous behavior in your environments,  set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly.

How does CloudWatch works?




Advantages of Amazon CloudWatch

One dashboard, Access all data
The web applications produce a lot data as they are highly distributed, to access all the data which have been collected you just need a single CloudWatch dashboard.



Visibility on the complete Infrastructure
You can see through all the AWS resources and services you use, so you can correlate and contradict data produced from multiple services.

Improve total cost of ownership
CloudWatch can be used to set high resolution alarms and can take automated actions while there is a breach in the limits provided. This can help in minimize the costs spent on AWS services

Insights from logs
       You receive detailed insights on separate AWS services and the applications you run on the infrastructure.      Data like memory, CPU utilization, and capacity utilization can be monitored and receive insights from it

Optimize Applications and resources
Using the log and metric data, you can optimize your AWS services to provide maximum throughput and performance.


 AWS CloudTrail

In this article, we will see about AWS Cloud Trail.



What is CloudTrail?




AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. 

CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. In addition, you can use CloudTrail to detect unusual activity in your AWS accounts. These capabilities help simplify operational analysis and troubleshooting.

How Does CloudTrail work?







What is the benefit of CloudTrail?


CloudTrail provides the user with several benefits and they are:

Simplified compliance: 
With AWS CloudTrail, simplify your compliance audits by automatically recording and storing event logs for actions made within your AWS account. Integration with Amazon CloudWatch Logs provides a convenient way to search through log data, identify out-of-compliance events, accelerate incident investigations, and expedite responses to auditor requests.

Visibility into user and resource activity:
AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred.

Security analysis and troubleshooting:
With AWS CloudTrail, you can discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account within a specified period of time.

Security automation:
AWS CloudTrail allows you track and automatically respond to account activity threatening the security of your AWS resources. With Amazon CloudWatch Events integration, you can define workflows that execute when events that can result in security are detected. For example, you can create a workflow to add a specific policy to an Amazon S3 bucket when CloudTrail logs an API call that makes that bucket public.


How to create CloudTrail Log?


Open AWS console and Go to Services and Click on CloudTrail






Click on Trails  and then click on Create Trail



Fill Require Information and click on Create







 AWS CloudFront (CDN – Content Delivery Network)


In this article, we will see about AWS CloudFront (CDN – Content Delivery Network)



What is AWS CloudFront?


CloudFront is a CDN (Content Delivery Network). It retrieves data from the Amazon S3 bucket and distributes it to multiple datacenter locations. It delivers the data through a network of data centers called edge locations. The nearest edge location is routed when the user requests for data, resulting in the lowest latency, low network traffic, fast access to data, etc.

Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. CloudFront works seamlessly with services including AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing, or Amazon EC2 as origins for your applications, and Lambda@Edge to run custom code closer to customers’ users and to customize the user experience. Lastly, if you use AWS origins such as Amazon S3, Amazon EC2 or Elastic Load Balancing, you don’t pay for any data transferred between these services and CloudFront.



AWS CloudFront delivers the content in the following steps.


Step 1 − The user accesses a website and requests an object to download like an image file.

Step 2 − DNS routes your request to the nearest CloudFront edge location to serve the user request.

Step 3 − At edge location, CloudFront checks its cache for the requested files. If found, then returns it to the user otherwise does the following −

First CloudFront compares the request with the specifications and forwards it to the applicable origin server for the corresponding file type.

The origin servers send the files back to the CloudFront edge location.

As soon as the first byte arrives from the origin, CloudFront starts forwarding it to the user and adds the files to the cache in the edge location for the next time when someone again requests for the same file.

Step 4 − The object is now in an edge cache for 24 hours or for the provided duration in file headers. CloudFront does the following −

CloudFront forwards the next request for the object to the user’s origin to check the edge location version is updated or not.

If the edge location version is updated, then CloudFront delivers it to the user.
If the edge location version is not updated, then origin sends the latest version to CloudFront. CloudFront delivers the object to the user and stores the latest version in the cache at that edge location.


Features of CloudFront


Fast − The broad network of edge locations and CloudFront caches copies of content close to the end-users that results in lowering latency, high data transfer rates and low network traffic. All these make CloudFront fast.

Simple − It is easy to use.

Can be used with other AWS Services − Amazon CloudFront is designed in such a way that it can be easily integrated with other AWS services, like Amazon S3, Amazon EC2.

Cost-effective − Using Amazon CloudFront, we pay only for the content that you deliver through the network, without any hidden charges and no up-front fees.

Elastic − Using Amazon CloudFront, we need not worry about maintenance. The service automatically responds if any action is needed, in case the demand increases or decreases.

Reliable − Amazon CloudFront is built on Amazon’s highly reliable infrastructure, i.e. its edge locations will automatically re-route the end users to the next nearest location, if required in some situations.

Global − Amazon CloudFront uses a global network of edge locations located in most of the regions.

How to Set Up AWS CloudFront?




Login on your AWS console and click on service after that click on CloudFront.



Click on Create Distribution


Click on Get Started


Fill Require details




Click on Create Distribution






 AWS Elastic Beanstalk


In this article, we will see about AWS Elastic Beanstalk.





What is Elastic Beanstalk?


AWS Elastic Beanstalk is a compute service which makes it easier for the developers to quickly deploy and manage applications which you upload to the AWS cloud. 

Developers simply upload their application to the AWS cloud, and then let the AWS Beanstalk provision and handle the configuration for you. Your application will be provided with capacity provisioning, load balancing, auto-scaling, and health monitoring.

How Does Elastic Beanstalk work?





What is benefit of Elastic Beanstalk?


Elastic Beanstalk provides the user with several benefits and they are:

Easy to start with

Autoscaling options

Developer productivity

Customization

Cost-effective

Management and updates

Easy to start with




The fastest and easy way to upload your application and keep it running is uploading it to Elastic Beanstalk.
You need not worry about the platform of your application; you can create it on your local system and upload it.

Autoscaling options

Beanstalk takes care of scaling up or down whenever required. If your application’s traffic increases or decreases, beanstalk automatically scales it accordingly.

Developer productivity

Developers don’t need to think much about uploading their application online, they only have to concentrate on keeping their application more secure and user friendly.

Customization

AWS Elastic Beanstalk allows you to select the configuration of your AWS services which you have used with your application. For example, consider Amazon EC2, you can change the instance type which is optimal for your application. Also, if you want to take control of some services manually, you can change the settings according to it.

Cost-Effective

There is no cost involved in creating a Beanstalk environment. When there is a need for making it into the production of the application, then you can create your application bigger.

Management and Updates

You don’t need to worry about updating your application according to the change in the platform. The software patches, platform updates, and infrastructure management are taken care of by the AWS professionals.


What is the Concept of Elastic Beanstalk?


There are certain key concepts which you will come across frequently when you deploy an application on Beanstalk. Let us have look at those concepts: 

Application:
An application in Elastic Beanstalk is conceptually similar to a folder
An application is a collection of components including environments, versions and environment configuration

Application Version:
An application version refers to a specific, labeled iteration of deployable code for a Web application
An application version points to an Amazon S3 object that contains the deployable code such as a Java WAR file

Environment:
Environments within Elastic Beanstalk Application is where the current version of the application will be active Each environment runs only a single application version at a time. But it is possible to run same or different versions of an application in many environments at the same time



Environment Tier:
Based on requirement beanstalk offers two different Environment tiers: Web Server Environment, Worker Environment

Web Server Environment: 
Handles HTTP requests from clients 

Worker Environment:
Processes background tasks which are resource consuming and time-intensive.


Open AWS console and Go to Services and Click on Elastic Beanstalk 



Click on Create Application




Fill Require information and click on Create Application




Check Beanstalk dashboard