Update
This commit is contained in:
parent
03a92d5bea
commit
48db2d4664
20
README.md
20
README.md
@ -24,7 +24,7 @@
|
||||
<td align="center"><a href="topics/cicd/README.md"><img src="images/cicd.png" width="75px;" height="75px;" alt="cicd"/><br /><b>CI/CD</b></a></td>
|
||||
<td align="center"><a href="topics/git/README.md"><img src="images/git.png" width="75px;" height="75px;" alt="Git"/><br /><b>Git</b></a></td>
|
||||
<td align="center"><a href="topics/ansible/README.md"><img src="images/ansible.png" width="75px;" height="75px;" alt="ansible"/><br /><b>Ansible</b></a></td>
|
||||
<td align="center"><a href="#Network"><img src="images/network.png" width="75px;" height="75px;" alt="Network"/><br /><b>Network</b></a></td>
|
||||
<td align="center"><a href="#network"><img src="images/network.png" width="75px;" height="75px;" alt="Network"/><br /><b>Network</b></a></td>
|
||||
<td align="center"><a href="topics/linux/README.md"><img src="images/logos/linux.png" width="75px;" height="75px;" alt="Linux"/><br /><b>Linux</b></a></td>
|
||||
|
||||
</tr>
|
||||
@ -244,6 +244,20 @@ CSMA/CD algorithm:
|
||||
* hub</summary><br><b>
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>What is a "Collision Domain"?</summary><br><b>
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>What is a "Broadcast Domain"?</summary><br><b>
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>three computers connected to a switch. How many collision domains are there? How many broadcast domains?</summary><br><b>
|
||||
|
||||
Three collision domains and one broadcast domain
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>How does a router works?</summary><br><b>
|
||||
|
||||
@ -407,6 +421,10 @@ For example, your computer's private IP could be 192.168.1.100, but your router
|
||||
* SFTP - 22
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>Which factors affect network performances</summary><br><b>
|
||||
</b></details>
|
||||
|
||||
#### Network - Data and Control planes
|
||||
|
||||
<details>
|
||||
|
@ -1,12 +1,14 @@
|
||||
# AWS
|
||||
|
||||
**Note**: Provided solutions are using the AWS console. It's recommended you'll use IaC technologies to solve the exercises (e.g. Terraform, Pulumi).<br>
|
||||
**2nd Note**: Some of the exercises cost $$$ and can't be performed using the free tier/resources
|
||||
**Note**: Some of the exercises <b>cost $$$</b> and can't be performed using the free tier/resources
|
||||
|
||||
**2nd Note**: Provided solutions are using the AWS console. It's recommended you'll use IaC technologies to solve the exercises (e.g. Terraform, Pulumi).<br>
|
||||
|
||||
- [AWS](#aws)
|
||||
- [Exercises](#exercises)
|
||||
- [IAM](#iam)
|
||||
- [EC2](#ec2)
|
||||
- [S3](#s3)
|
||||
- [ELB](#elb)
|
||||
- [Auto Scaling Groups](#auto-scaling-groups)
|
||||
- [VPC](#vpc)
|
||||
@ -33,10 +35,12 @@
|
||||
- [Containers](#containers-1)
|
||||
- [ECS](#ecs)
|
||||
- [Fargate](#fargate)
|
||||
- [S3](#s3)
|
||||
- [S3](#s3-1)
|
||||
- [Basics](#basics)
|
||||
- [Buckets](#buckets)
|
||||
- [Buckets 101](#buckets-101)
|
||||
- [Objects](#objects)
|
||||
- [Security](#security)
|
||||
- [Misc](#misc-1)
|
||||
- [Disaster Recovery](#disaster-recovery)
|
||||
- [CloudFront](#cloudfront)
|
||||
- [ELB](#elb-1)
|
||||
@ -55,12 +59,12 @@
|
||||
- [Monitoring and Logging](#monitoring-and-logging)
|
||||
- [Billing and Support](#billing-and-support)
|
||||
- [Automation](#automation)
|
||||
- [Misc](#misc-1)
|
||||
- [Misc](#misc-2)
|
||||
- [High Availability](#high-availability)
|
||||
- [Production Operations and Migrations](#production-operations-and-migrations)
|
||||
- [Scenarios](#scenarios)
|
||||
- [Architecture Design](#architecture-design)
|
||||
- [Misc](#misc-2)
|
||||
- [Misc](#misc-3)
|
||||
|
||||
## Exercises
|
||||
|
||||
@ -91,6 +95,11 @@
|
||||
| Create an AMI | EC2, AMI | [Exercise](exercises/create_ami/exercise.md) | [Solution](exercises/create_ami/solution.md) | |
|
||||
| Create EFS | EC2, EFS | [Exercise](exercises/create_efs/exercise.md) | [Solution](exercises/create_efs/solution.md) | |
|
||||
|
||||
### S3
|
||||
|
||||
|Name|Topic|Objective & Instructions|Solution|Comments|
|
||||
|--------|--------|------|----|----|
|
||||
| Create buckets | S3 | [Exercise](exercises/s3/new_bucket/exercise.md) | [Solution](exercises/s3/new_bucket/solution.md)
|
||||
### ELB
|
||||
|
||||
|Name|Topic|Objective & Instructions|Solution|Comments|
|
||||
@ -1116,6 +1125,8 @@ True.
|
||||
- As a user you don't have to worry about filesystems or disk space
|
||||
</b></details>
|
||||
|
||||
#### Buckets 101
|
||||
|
||||
<details>
|
||||
<summary>What is a bucket?</summary><br><b>
|
||||
|
||||
@ -1123,22 +1134,68 @@ An S3 bucket is a resource which is similar to folders in a file system and allo
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>Explain folders and objects in regards to buckets</summary><br><b>
|
||||
<summary>True or False? Buckets are defined globally</summary><br><b>
|
||||
|
||||
* Folder - any sub folder in an s3 bucket
|
||||
* Object - The files which are stored in a bucket
|
||||
False. They are defined at the region level.
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>True or False? A bucket name must be globally unique</summary><br><b>
|
||||
|
||||
True
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>How to rename a bucket in S3?</summary><br><b>
|
||||
|
||||
A S3 bucket name is immutable. That means it's not possible to change it, without removing and creating a new bucket.
|
||||
|
||||
This is why the process for renaming a bucket is as follows:
|
||||
|
||||
* Create a new bucket with the desired name
|
||||
* Move the data from the old bucket to it
|
||||
* Delete the old bucket
|
||||
|
||||
With the AWS CLI that would be:
|
||||
|
||||
```sh
|
||||
# Create new bucket
|
||||
aws s3 mb s3://[NEW_BUCKET_NAME]
|
||||
# Sync the content from the old bucket to the new bucket
|
||||
$ aws s3 sync s3://[OLD_BUCKET_NAME] s3://[NEW_BUCKET_NAME]
|
||||
# Remove old bucket
|
||||
$ aws s3 rb --force s3://[OLD_BUCKET_NAME]
|
||||
```
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>True or False? The max object size a user can upload in one go, is 5TB</summary><br><b>
|
||||
|
||||
True
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>Explain "Multi-part upload"</summary><br><b>
|
||||
|
||||
[Amazon docs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html): "Multipart upload allows you to upload a single object as a set of parts. Each part is a contiguous portion of the object's data...In general, when your object size reaches 100 MB, you should consider using multipart uploads instead of uploading the object in a single operation."
|
||||
</b></details>
|
||||
|
||||
#### Objects
|
||||
|
||||
<details>
|
||||
<summary>Explain "Object Versioning"</summary><br><b>
|
||||
|
||||
When enabled at a bucket level, versioning allows you to upload new version of files, overriding previous version and so be able to easily roll-back and protect your data from being permanently deleted.
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>Explain the following:
|
||||
|
||||
- Object Lifecycles
|
||||
- Object Sharing
|
||||
- Object Versioning</summary><br><b>
|
||||
- Object Sharing</summary><br><b>
|
||||
|
||||
* Object Lifecycles - Transfer objects between storage classes based on defined rules of time periods
|
||||
* Object Sharing - Share objects via a URL link
|
||||
* Object Versioning - Manage multiple versions of an object
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
@ -1148,6 +1205,49 @@ Object Durability: The percent over a one-year time period that a file will not
|
||||
Object Availability: The percent over a one-year time period that a file will be accessible
|
||||
</b></details>
|
||||
|
||||
#### Security
|
||||
|
||||
<details>
|
||||
<summary>True or False? Every new S3 bucket is public by default</summary><br><b>
|
||||
|
||||
False. A newly created bucket is private unless it was configured to be public.
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>What's a presigned URL?</summary><br><b>
|
||||
|
||||
Since every newly created bucket is by default private it doesn't allows to share files with users. Even if the person who uploaded them tries to view them, it gets denied.
|
||||
|
||||
A presigned URL is a way to bypass that and allow sharing the files with users by including the credentials (token) as part of the URL. It can be done for limited time.
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>What security measures have you taken in context of S3?</summary><br><b>
|
||||
* Don't make a bucket public.
|
||||
* Enable encryption if it's disabled.
|
||||
* Define an access policy
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>True or False? In case of SSE-AES encryption, you manage the key</summary><br><b>
|
||||
|
||||
False. S3 manages the key and uses AES-256 algorithm for the encryption.
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>True or False? In case of SSE-C encryption, both S3 and you manage the keys</summary><br><b>
|
||||
|
||||
False. You manage the keys. It's customer provided key.
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>True or False? Traffic between a host an S3 (e.g. uploading a file) is encrypted using SSL/TLS</summary><br><b>
|
||||
|
||||
True
|
||||
</b></details>
|
||||
|
||||
#### Misc
|
||||
|
||||
<details>
|
||||
<summary>What is a storage class? What storage classes are there?</summary><br><b>
|
||||
|
||||
@ -1250,70 +1350,6 @@ Learn more [here](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-accel
|
||||
No. S3 support only statis hosts. On a static website, individual webpages include static content. They might also contain client-side scripts. By contrast, a dynamic website relies on server-side processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting.
|
||||
</b></details>
|
||||
|
||||
#### Buckets
|
||||
|
||||
<details>
|
||||
<summary>True or False? A bucket name must be globally unique</summary><br><b>
|
||||
|
||||
True
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>How to rename a bucket in S3?</summary><br><b>
|
||||
|
||||
A S3 bucket name is immutable. That means it's not possible to change it, without removing and creating a new bucket.
|
||||
|
||||
This is why the process for renaming a bucket is as follows:
|
||||
|
||||
* Create a new bucket with the desired name
|
||||
* Move the data from the old bucket to it
|
||||
* Delete the old bucket
|
||||
|
||||
With the AWS CLI that would be:
|
||||
|
||||
```sh
|
||||
# Create new bucket
|
||||
aws s3 mb s3://[NEW_BUCKET_NAME]
|
||||
# Sync the content from the old bucket to the new bucket
|
||||
$ aws s3 sync s3://[OLD_BUCKET_NAME] s3://[NEW_BUCKET_NAME]
|
||||
# Remove old bucket
|
||||
$ aws s3 rb --force s3://[OLD_BUCKET_NAME]
|
||||
```
|
||||
</b></details>
|
||||
|
||||
#### Security
|
||||
|
||||
<details>
|
||||
<summary>True or False? Every new S3 bucket is public by default</summary><br><b>
|
||||
|
||||
False
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>What security measures have you taken in context of S3?</summary><br><b>
|
||||
* Don't make a bucket public.
|
||||
* Enable encryption if it's disabled.
|
||||
* Define an access policy
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>True or False? In case of SSE-AES encryption, you manage the key</summary><br><b>
|
||||
|
||||
False. S3 manages the key and uses AES-256 algorithm for the encryption.
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>True or False? In case of SSE-C encryption, both S3 and you manage the keys</summary><br><b>
|
||||
|
||||
False. You manage the keys. It's customer provided key.
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
<summary>True or False? Traffic between a host an S3 (e.g. uploading a file) is encrypted using SSL/TLS</summary><br><b>
|
||||
|
||||
True
|
||||
</b></details>
|
||||
|
||||
### Disaster Recovery
|
||||
|
||||
<details>
|
||||
|
15
topics/aws/exercises/s3/new_bucket/exercise.md
Normal file
15
topics/aws/exercises/s3/new_bucket/exercise.md
Normal file
@ -0,0 +1,15 @@
|
||||
# Create buckets
|
||||
|
||||
## Objectives
|
||||
|
||||
1. Create the following buckets:
|
||||
1. Private bucket
|
||||
1. eu-west-2 region
|
||||
2. Upload a single file to the bucket. Any file.
|
||||
2. Public bucket
|
||||
1. eu-west-1 region
|
||||
2. Versioning should be enabled
|
||||
|
||||
## Solution
|
||||
|
||||
Click [here](solution.md) to view the solution
|
28
topics/aws/exercises/s3/new_bucket/pulumi/__main__.py
Normal file
28
topics/aws/exercises/s3/new_bucket/pulumi/__main__.py
Normal file
@ -0,0 +1,28 @@
|
||||
import pulumi
|
||||
import pulumi_aws as aws
|
||||
|
||||
# Private Bucket
|
||||
private_bucket = aws.s3.Bucket("my-first-private-bucket",
|
||||
acl="private",
|
||||
tags={
|
||||
"Environment": "Exercise",
|
||||
"Name": "My First Private Bucket"},
|
||||
region="eu-west-2"
|
||||
)
|
||||
|
||||
# Bucket Object
|
||||
|
||||
aws.s3.BucketObject("bucketObject",
|
||||
key="some_object_key",
|
||||
bucket=private_bucket.id,
|
||||
content="object content")
|
||||
|
||||
# Public Bucket
|
||||
aws.s3.Bucket("my-first-public-bucket",
|
||||
acl="private",
|
||||
tags={
|
||||
"Environment": "Exercise",
|
||||
"Name": "My First Public Bucket"},
|
||||
region="eu-west-1",
|
||||
versioning=aws.s3.BucketVersioningArgs(enabled=True)
|
||||
)
|
43
topics/aws/exercises/s3/new_bucket/solution.md
Normal file
43
topics/aws/exercises/s3/new_bucket/solution.md
Normal file
@ -0,0 +1,43 @@
|
||||
# Create buckets
|
||||
|
||||
## Objectives
|
||||
|
||||
1. Create the following buckets:
|
||||
1. Private bucket
|
||||
1. eu-west-2 region
|
||||
2. Upload a single file to the bucket. Any file.
|
||||
2. Public bucket
|
||||
1. eu-west-1 region
|
||||
2. Versioning should be enabled
|
||||
|
||||
## Solution
|
||||
|
||||
### Console
|
||||
|
||||
For the first bucket:
|
||||
|
||||
1. Go to S3 service in the AWS console. If not in buckets page, click on "buckets" in the left side menu
|
||||
2. Click on "Create bucket"
|
||||
3. Give a globally unique name for your bucket
|
||||
4. Choose the region "eu-west-2"
|
||||
5. Click on "Create bucket"
|
||||
6. Click on the bucket name
|
||||
7. Under "objects" click on "Upload" -> "Add files" -> Choose file to upload -> Click on "Upload"
|
||||
|
||||
For the second bucket:
|
||||
|
||||
1. Go to S3 service in the AWS console. If not in buckets page, click on "buckets" in the left side menu
|
||||
2. Click on "Create bucket"
|
||||
3. Give a globally unique name for your bucket
|
||||
4. Choose the region "eu-west-1"
|
||||
5. Make sure to uncheck the box for "Private bucket" to make it public
|
||||
6. Make sure to check the enable box for "Bucket Versioning"
|
||||
7. Click on "Create bucket"
|
||||
|
||||
### Terraform
|
||||
|
||||
Click [here](terraform/main.tf) to view the solution
|
||||
|
||||
### Pulumi - Python
|
||||
|
||||
Click [here](pulumi/__main__.py) to view the solution
|
40
topics/aws/exercises/s3/new_bucket/terraform/main.tf
Normal file
40
topics/aws/exercises/s3/new_bucket/terraform/main.tf
Normal file
@ -0,0 +1,40 @@
|
||||
resource "aws_s3_bucket" "private_bucket" {
|
||||
bucket = "my-first-private-bucket"
|
||||
region = "eu-west-2"
|
||||
acl = "private"
|
||||
|
||||
tags = {
|
||||
Name = "My First Private Bucket"
|
||||
Environment = "Exercise"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_acl" "private_bucket_acl" {
|
||||
bucket = aws_s3_bucket.private_bucket.id
|
||||
acl = "private"
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket" "public_bucket" {
|
||||
bucket = "my-first-public-bucket"
|
||||
region = "eu-west-1"
|
||||
|
||||
tags = {
|
||||
Name = "My First Public Bucket"
|
||||
Environment = "Exercise"
|
||||
}
|
||||
|
||||
versioning {
|
||||
enabled = true
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_acl" "public_bucket_acl" {
|
||||
bucket = aws_s3_bucket.public_bucket.id
|
||||
acl = "public-read"
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket_object" "bucket_object" {
|
||||
bucket = "my-first-private-bucket"
|
||||
key = "some_object_key"
|
||||
content = "object content"
|
||||
}
|
Loading…
Reference in New Issue
Block a user