VPC

 



stateless / add or remove rules/ inbound rules , by CIDR


private ip 
public ipo cannot reuse 
and elastic ip can be reused to another instance


create ec2 key pair
1. vpc--> your vpc--> create vpc-->vpc only--name vpc--> add ip 10.0.0.0/24  (ipv4) --create vpc is created.

2. vpc console--> network acls--> nacl01(nameit) select vpc(just createdone) -->crtea n/w acl.

3. vpc flow log feature is to capture ip traffic from (vpc) .. pubclished cloud watch/s3 and retrieve (diaglotics, security group stoping traffic, more inbound /or outbound)
4. flow log for sub net / vpc 





aws consule -- s3 console--giveabucketname--createbucket-->vpc console-->selectecrtedone-->createflow-->defaultoptions..>find arn of s3bckt -->

internet gateway--> if ipv4 public address --> egress-only igway. is a scalable for ipv6 -- vpc--> canot talk to ec2 from internet.

NAT-- pvt subnet--outside vpc--cannot initate connection to instances.

private subnet -- ec2 cannot connect to internet directly, connect to NAT--(public subnet) -- connect to internet.













Comments

Post a Comment

Popular posts from this blog

SRE

Image
Service Reliability Engineer (SRE): Primarily responsible for improving the reliability of services through collaboration with development, proactive monitoring, and optimization of redundancies in operations. SRE is an integral part of modern cloud development teams who are involved in proactive testing, observability, service reliability, and speed Shift left security – from DevOps to DevSecOps With a move from just a few releases a year to weekly feature releases, security can no longer be ensured manually. Security needs to be part of the DevOps pipeline and be automated. There are plenty of security tools out there from various vendors than can integrate with the pipeline. The key things to be addressed in a DevSecOps pipeline include security tools that address the following. Securing cloud-native development and operations Securing the DevOps pipeline involves catching security errors early in the cycle and addressing the vulnerabilities of deployable artifacts, as well as perfo...
Read more

monitoring

  visualize using Grafana: CPU Usage : Monitor the utilization of CPU resources across different hosts or containers to identify potential bottlenecks or performance issues. Memory Usage : Track the usage of memory resources to ensure optimal memory allocation and identify memory leaks or inefficiencies. Disk Usage : Monitor disk space usage on servers or storage systems to prevent disk space-related issues and plan for capacity expansion. Network Traffic : Visualize incoming and outgoing network traffic to identify network congestion, anomalies, or potential security threats. HTTP Requests : Monitor HTTP request rates, response times, and status codes to gauge the performance and availability of web services and applications. Database Queries : Track database query execution times, throughput, and error rates to optimize database performance and identify slow or problematic queries. Latency Metrics : Monitor latency metrics such as request/response times for different services or ...
Read more