Conteúdo do Curso
AWS Solutions Architect Associate
AWS Solutions Architect Associate
AWS Services Overview
Amazon EC2 (Elastic Compute Cloud)
Amazon EC2 is often the first AWS service new users encounter. It's the primary tool for creating virtual machines in the cloud, allowing users to scale computing resources according to their needs. EC2 provides various instance types for different workloads, and features like Elastic Load Balancing distribute traffic across instances for better performance. Auto Scaling adjusts instance numbers automatically with changing demand, making EC2 suitable for hosting applications, running databases, and handling other compute-intensive tasks.
Amazon S3 (Simple Storage Service)
S3 enables storage of any data type as objects within buckets, which can be configured to be private or public. It offers exceptional scalability, data availability, and security. S3 supports different storage classes for varying access patterns and includes versioning and lifecycle management for objects. This makes S3 ideal for backups, disaster recovery, big data analytics, and content delivery.
Amazon RDS (Relational Database Service)
Amazon RDS simplifies database management by supporting multiple database engines and handling tasks like backups, patching, and scaling. It's designed for high availability with multi-AZ deployments and can enhance read performance with Read Replicas. RDS is perfect for enterprise applications, e-commerce, and any workload requiring a relational database.
AWS IAM (Identity and Access Management)
IAM is crucial for securing AWS resources. It manages access to AWS services and resources, enabling fine-grained control over permissions through policies and roles. IAM also enforces security best practices like Multi-Factor Authentication, ensuring that access is as secure as possible while following the principle of least privilege.
Amazon VPC (Virtual Private Cloud)
A VPC is essential for creating a logically isolated section of the AWS cloud. Within a VPC, you can control networking aspects like IP addressing and subnet creation. Subnets within a VPC dictate resource accessibility:
- Public subnets host resources that need internet access, like web servers, with direct connectivity via an internet gateway;
- Private subnets are used for backend services that should not be internet-accessible, lacking a direct internet route;
- Hybrid subnets provide a mix, using NAT or bastion hosts for controlled internet access.
Security within a VPC is maintained through:
- Security Groups which manage traffic at the instance level in a stateful manner, automatically allowing return traffic;
- Network Access Control Lists (ACLs) which offer stateless control over subnet traffic, requiring separate rules for inbound and outbound traffic.
When architecting a solution, use public subnets for internet-facing services, private for internal resources, and consider Network ACLs for additional subnet-level security where fine control is needed.
Obrigado pelo seu feedback!