HackMD - Collaborative Markdown Knowledge Base

## AWS Basic ### IAM and Resource - policy template - yaml format - VPC - ![](https://i.imgur.com/MtncdvA.png) - Subnet Subnet are created within Availability zone. AZ are basically data center. - Security Group Security Group are applied to the instance level, while Network ACL apply to the subnet level. - Routing table Determine where network traffic from your subnet or gateway is directed. ### SAM - Serverless application model. - SAM template and SAM cli. - SAM template techinque and rabbit holes. 1. Be careful of indent. 2. Fn::Sub !Sub Nested intrinsic function can be useful. 3. Cyclic dependency often happen in Roles. [Example](https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-circular-dependency-sam/) 4. Keep in mind what to parametrize. 5. Remember to grant lambda invoke policy for nested lambda. 6. Also cloudwatchfullaccess. ### Cloudformation - Template files that create resources for our infrastructure. - Be extra careful of the policy, some of them need resource some of them don't ### ECS and fargate - ECS vs EKS - Container Ochestration - ECS cluster contains services to manage container. Like a control plane. - Container needs to run on instance, for example EC2, these EC2 will connect to ECS. - Fargate delegate infrastructure to the AWS. - Not provisioning any EC2, a serverless solution. - Container are start by the image registered in relative ECR. - Log in to the AWS and use | to pass credential to docker and do push. - ECR it's self is a resource that can be create by cloudformation template. ### Task - Basically a container snapshot. - Use log group to redirect logs to cloudwatch. ### RDS Aurora We use postgres RDS ### ELB ![](https://i.imgur.com/RfeJpFU.png) Load balancer can redirect traffic to different instance in different subnets. ### Secretmanagers - Resource that store credentials. - Retrieve in the cloudformation template and inject it into the task definition or lambda or what ever. - Can be create and rotate by lambdas. ### Stepfunction - A graph that ochestrate lambdas, with trigger and directions. - Dealing with nested stepfunction output. - Statemachine asl 1. Result selector 2. Default result path 3. "AWS_STEP_FUNCTIONS_STARTED_BY_EXECUTION_ID.$": "$$.Execution.Id" - Concurrency Gateway 1. Choice. 2. Watch specific stepfunction arn. ### Lambda - Seperate implementation and business logic. - S3, client, stepfunction. - Extra careful for the access policy. - Input payload and context. ### K8s. - Minicube - kubectl - pod and nodes ### Test and debugging. - Pytest mock - Monkeypatching - mock request