# AWS Concepts and Questions

## 1. The 6 Pillars of AWS
The six pillars of AWS represent the key areas of focus when architecting a system on the AWS Cloud:

1. **Operational Excellence**: The ability to run and monitor systems to deliver business value.
2. **Security**: Protecting data, systems, and assets with controls and monitoring.
3. **Reliability**: The ability to recover from failures and meet business requirements.
4. **Performance Efficiency**: Using cloud resources efficiently based on needs.
5. **Cost Optimization**: Reducing costs by eliminating unneeded resources and improving efficiency.
6. **Sustainability**: Minimizing environmental impact in designing and operating systems.

## **Keywords**

### 1. Global Data Center
AWS operates in multiple data centers globally, providing low-latency and redundancy for their services.

### 2. Region
A Region is a geographical area that contains two or more Availability Zones (AZs), providing high availability and fault tolerance.

### 3. Availability Zones (AZ)
AZs are isolated locations within a region. They help ensure high availability and fault tolerance in a region.

### 4. AWS Management Console
The AWS Management Console is a web-based interface for interacting with AWS services and resources.

### 5. AWS CloudShell
AWS CloudShell is a browser-based shell environment that provides command-line access to AWS resources without needing to install or configure anything locally.

### 6. Amazon Machine Image (AMI)
An AMI is a pre-configured template/image contains OS, software used to launch EC2 instances

### 7. Instance Launch Template
An Instance Launch Template is a set of parameters used to launch EC2 instances, allowing consistent and repeatable instance configurations.

## **AWS Services**

### 1. EC2
EC2 (Elastic Compute Cloud) is a web service that provides scalable computing capacity in the cloud.
- **Instance Types**: Different types of EC2 instances designed for various workloads.
- **Security Group**: Virtual firewalls used to control traffic to EC2 instances.

### 2. EFS
EFS (Elastic File System) is a scalable file storage service for use with EC2 instances and other AWS services.

### 3. EBS
EBS (Elastic Block Store) provides persistent block-level storage for EC2 instances.

### 4. IAM
IAM (Identity and Access Management) allows you to manage access to AWS services.
- **Identity**: Represents a user, group, or role.
- **Policy**: Defines permissions granted to identities.
- **Role**: Allows users or services to assume temporary access to AWS resources.

### 5. VPC
VPC (Virtual Private Cloud) allows you to provision a logically isolated section of the AWS cloud where you can launch resources in a virtual network.

## **Questions**

### 1. What is the relationship between AWS availability zones and regions? How does using them help with disaster recovery?
- Availability Zones are isolated locations within a Region. Each Region has multiple AZs, which provide fault tolerance and high availability. By distributing resources across multiple AZs, you can ensure disaster recovery in case one AZ becomes unavailable.

### 2. What are the benefits of using AWS CloudShell over the AWS Management Console?
- AWS CloudShell provides an integrated environment for managing AWS resources via the command line, without needing to configure any local tools. Unlike the AWS Management Console, it allows for automation and scripting.

### 3. What is the advantage of using EBS over the local instance store?
- EBS provides persistent storage that survives instance termination, whereas local instance storage is temporary and data is lost when the instance is stopped or terminated.

### 4. What is the importance of security groups?
- Security groups act as virtual firewalls, controlling inbound and outbound traffic to EC2 instances. They ensure that only authorized traffic can reach the instances.

### 5. What is the difference between AMI and an instance launch template?
- An AMI is a snapshot of an EC2 instance, which includes the operating system and configurations, while an instance launch template defines the configurations for launching new EC2 instances, such as instance type and security groups.

### 6. What are the three fundamental components of an IAM policy?
- IAM policies consist of:
  - **Effect**: Whether the policy allows or denies actions.
  - **Action**: The specific actions allowed or denied.
  - **Resource**: The AWS resource that the action applies to.

### 7. Explain the difference between IAM roles and IAM groups.
- IAM roles allow users or services to assume permissions temporarily, while IAM groups are collections of users that share the same permissions.

### 8. Explain the practice of "least-privilege permissions".
- Least-privilege permissions involve granting users or services the minimum level of access necessary to perform their tasks, reducing the risk of unauthorized actions.

### 9. What are the benefits of using VPC?
- A VPC allows you to isolate resources within a private network, customize IP address ranges, control network traffic with security groups and ACLs, and securely connect to on-premises resources.

### 10. What are the components that make up the VPC?
- The components of a VPC include subnets, route tables, internet gateways, security groups, network ACLs, and VPC peering.

### 11. How do instances in a VPC access the Internet?
- Instances in a VPC can access the Internet via an Internet Gateway, which is attached to the VPC and allows bidirectional communication between instances and the public internet.

### 12. Does traffic go over the internet when two instances communicate using public IP addresses?
- Yes, traffic between two instances communicating using public IP addresses goes over the internet unless both instances are in the same region or VPC and are communicating over private IPs or internal VPC connections.
