Cloudfront is a (Content Delivery Network) CDN that delivers content to Edge Locations around the world. Origin: This term means the location where the content can originate from. There are a few places: EC2 ELB, with ec2 instances behind it S3 bucket route53 – e.g. if actual source is an […]

You can set up active and passive entries for the same url in route 53. So when route 53 discovers that the active (primary) source has become unhealthy it will failover to the passive (secondary) entry. For example, we have a static website running on an EC2 instance. This EC2 […]

For security reasons you should not have your aws resources (e.g. ec2 instances) directly accessible via the internet unless it is necessary, i.e. keep your aws resources internal. However you still want to be able to access your VPCs, there’s a few ways to achieve this: Setup bastion hosts setup […]

Some Internet Service Providers can connect your on premise devices directly to aws AZ without being rerouted via the rest of the internet. this results in faster connection more stable connection reduced latency No need to go via the public internet better security No need to have any special hardware […]

Launch Configurations – let’s you specify a template for automatically create new instance, based on this presets. Therefore when creating a Launch Configuration resource you specify things like: – AMI id – Instance type – Which vpc to build instances in – IAM role – default storage requirements. E.g. number […]

Note: AMIs created in one region cannot be used to create instances in another region. However you can get round this by copying the AMI to another region first.   You can also modify access permissions of the AMI, in the following ways: Make the AMI public, so anyone can […]

A VPN is essentially a subnet where it’s members are a combination of AWS resources and on premise devices. I.e. a a VPN is a subnet that extends to an on premise site. There are 2 ways to set up VPN: Hardware based VPN Tunnelling (OpenVPN)   Hardware based VPN […]

A subnet by design is attached to a particular AZ. So all instances/resources that reside in a subnet actually exists in the same AZ. However RDS has features such as Multi-AZ and Read Replicas, which are used for improved redundancies and performance reasons. However these features needs to know what […]

All resources inside a vpc can automatically communicate with each other via their private ip addresses, irrespective of which public/private subnets they belong to. However it is also possible for resources in one vpc to communicate with resources in another vpc. This is done by setting up a “vpc peering” […]

If you have an ec2 instance that is attached to a private subnet only, then it won’t have internet access. That’s because by definition, the routing table that is associated with the private subnet, doesn’t have an entry for routing traffic to/from an internet gateway. For security reasons, this is […]