Vocareum Lab

March 2, 2020 to March 6, 2020

Vocareum Lab helped me understand easier and best practice with AWS.

Lab 1: Introduction to AS IAM, I tried it out and learn more about AWS IAM. AWS Identity and Access Management (IAM) is “a web service that enables AWS customers to manage users and user permissions. Make idea for the customer manages the IAM group with the team that they work together on AWS EC2 instances and manage user permissions. In my opinion that it is for security, IAM users would be able to access any AWS features in EC2 instance like Amazon S3 bucket and EBS. I see three things of AWS IAM from Lab 1 is manage IAM Users and their access, IAM Roles and their permissions, and federated users and their permissions. That’s cool! IAM Users and their access is to assign users for individual security credentials and change permission to control which operations that users can perform that what they can do. In concept of business, IAM role is great for divide employees’ work on AWS features (S3 bucket, EBS, EC2 instances, etc). Lab is best to help me understand more about IAM role, IAM group, and permission.

Lab 2: Build your VPC and Launch a Web Server. VPC is Virtual Private Cloud that it enables you to launch aWS resources into a virtual network that was defined. A virtual network closely resembles a traditional network that I would operate in own data center, with the benefits of using the scalable infrastructure of AWS and would create a VPC that spans multiple Availability Zones. There are one or more data center are hold by each availability zone. Architecture showed me that Region, Availability Zone A, Availability Zone B, and VPC 10.0.0.0/16. It looks like Network/Security group to me. I understand what is Firewall that allows user to access network port (HTTP). You would be able to see URL address: (Copy and paste public DNS from Amazon EC2 instance). Web page should work if HTTP is open to anywhere in Security Group. Security Group is in Public subnet 2. NAT Gateway operates on a router usually connecting two networks together and translates the private addresses in the internal network into legal addresses, before packets are forwarded to another network. NAT Gateway is in Public subnet 1. I think NAT gateway is a global network. Each subnet allows connected AWS instances to communicate with each other, and routers to used to communicate between subnets. A subnet is a logical partition of an IP network into multiple, smaller network segments and like every device with IP addresses that start x.x.x.x like 10.0.0.1, 192.168.1.1, or other number be part of same subnet.

In senior project team, AWS Spot Instance is decided to be chosen because it is cost cheaper than On-Demand and Reserved. That what I asked why we choose Spot Instance. Team showed me Amazon EC2 Spot Fleet web app: Workshop guide. It said that Amazon EC2 Spot Instances are spare compute capacity in the AWS cloud available to you at steep discount compared to On-Demand prices. Choosing Spot instance can save up to 90% on On-Demand prices. I think On-Demand instance costs full price is very expensive. I will work on it and learn about AWS workshop later. AWS Spot Fleet: Workshop guide reference Link below: https://github.com/awslabs/ec2-spot-labs/blob/master/workshops/ec2-spot-fleet-web-app/README.md