Posts

VPC

Image
  stateless / add or remove rules/ inbound rules , by CIDR private ip  public ipo cannot reuse  and elastic ip can be reused to another instance create ec2 key pair 1. vpc--> your vpc--> create vpc-->vpc only--name vpc--> add ip 10.0.0.0/24  (ipv4) --create vpc is created. 2. vpc console--> network acls--> nacl01(nameit) select vpc(just createdone) -->crtea n/w acl. 3. vpc flow log feature is to capture ip traffic from (vpc) .. pubclished cloud watch/s3 and retrieve (diaglotics, security group stoping traffic, more inbound /or outbound) 4. flow log for sub net / vpc  aws consule -- s3 console--giveabucketname--createbucket-->vpc console-->selectecrtedone-->createflow-->defaultoptions..>find arn of s3bckt --> internet gateway--> if ipv4 public address --> egress-only igway. is a scalable for ipv6 -- vpc--> canot talk to ec2 from internet. NAT-- pvt subnet--outside vpc--cannot initate connection to instances. private...
Post a Comment
Read more

SRE

Image
Service Reliability Engineer (SRE): Primarily responsible for improving the reliability of services through collaboration with development, proactive monitoring, and optimization of redundancies in operations. SRE is an integral part of modern cloud development teams who are involved in proactive testing, observability, service reliability, and speed Shift left security – from DevOps to DevSecOps With a move from just a few releases a year to weekly feature releases, security can no longer be ensured manually. Security needs to be part of the DevOps pipeline and be automated. There are plenty of security tools out there from various vendors than can integrate with the pipeline. The key things to be addressed in a DevSecOps pipeline include security tools that address the following. Securing cloud-native development and operations Securing the DevOps pipeline involves catching security errors early in the cycle and addressing the vulnerabilities of deployable artifacts, as well as perfo...
Post a Comment
Read more

monitoring

  visualize using Grafana: CPU Usage : Monitor the utilization of CPU resources across different hosts or containers to identify potential bottlenecks or performance issues. Memory Usage : Track the usage of memory resources to ensure optimal memory allocation and identify memory leaks or inefficiencies. Disk Usage : Monitor disk space usage on servers or storage systems to prevent disk space-related issues and plan for capacity expansion. Network Traffic : Visualize incoming and outgoing network traffic to identify network congestion, anomalies, or potential security threats. HTTP Requests : Monitor HTTP request rates, response times, and status codes to gauge the performance and availability of web services and applications. Database Queries : Track database query execution times, throughput, and error rates to optimize database performance and identify slow or problematic queries. Latency Metrics : Monitor latency metrics such as request/response times for different services or ...
Post a Comment
Read more

vpc2

Image
 private subnet would not allow internet inbound traffic directly, but database has to connect internet and update the patches, todo so , you need to have NAT gateway(elasticip) database server --> router--> internet gateway--> route tables says (nat-gateway-id) (for ip 00000/0)--then traffic goes to natgateway--> custom route table says (igw-id) it means allowed to go via internet gateway. High performance 55000 sessions it is not possible only for ec2 instance directly.. without NAT users cannot route traffic to a NAT gateway through a vpc peer,site to site vpn, or aws direct connect. 1. interface endpoints.. saas solution direct connect. 2. gateway endpoints create vpc --  1publci subnet 2. private subnte 3. public route table 4.private route table associate vpc, assign subnet. 5.internet gateway 6. natgate name it, then selecct in public subnet., associate elasitc ip, create natgw. 7. open publicroutetable, edit routes, add rount to internet 0.0.0.0/0 target ig...
Post a Comment
Read more