# AWS Architecture

This notebook serves as a foundational guide for understanding AWS services.

---

## 🗺️ AWS Architecture Diagram

![AWS Architecture](aws_architecture.png)


---

## 🌍 Region

### What is a Region?
A Region is a geographically separated area where AWS hosts multiple data centers.

### Description
Each Region operates independently, ensuring fault isolation and compliance with local regulations. AWS offers multiple Regions worldwide to provide low-latency access and disaster recovery capabilities.

### Example
In the diagram, all AWS resources (VPC, subnets, EC2 instances, databases) are created within a single Region such as **us-east-1 (N. Virginia)** to maintain proximity and minimize latency.

---

## 🧱 Availability Zone (AZ)

### What is an Availability Zone?
An Availability Zone (AZ) is an isolated data center within a Region.

### Description
Each AZ has independent power, cooling, and networking. Deploying resources across multiple AZs provides high availability and fault tolerance.

### Example
The architecture shows multiple subnets distributed across AZs (e.g., **AZ1** and **AZ2**) to ensure that even if one AZ fails, the application remains operational.

---

## 🌐 Virtual Private Cloud (VPC)

### What is a VPC?
A VPC (Virtual Private Cloud) is your private network within AWS.

### Description
A VPC provides an isolated section of the AWS cloud where you can define IP ranges, subnets, route tables, and gateways. It gives full control over inbound and outbound network traffic.

### Example
The diagram’s entire infrastructure—public and private subnets, NAT Gateway, EC2, and RDS—resides inside a single **VPC**, ensuring security and controlled network flow.

---

## 🧩 Subnets

### What is a Subnet?
A subnet divides your VPC into smaller network segments.

### Description
Subnets can be public or private depending on accessibility. Public subnets connect through the Internet Gateway, while private subnets rely on NAT Gateway or internal routing.

### Example
In the diagram, web servers are hosted in **public subnets** (accessible via ALB), and **database servers** are in private subnets, isolated from direct Internet access.

---

## 🛣️ Route Tables

### What is a Route Table?
A route table defines how network traffic is directed within your VPC.

### Description
Each subnet must be associated with a route table that determines allowed network paths—for example, to an Internet Gateway, NAT Gateway, or Transit Gateway.

### Example
Public subnets use a route table that points to the **Internet Gateway**, while private subnets use one that points to the **NAT Gateway** for outbound traffic.

---

## 🌉 Internet Gateway (IGW)

### What is an Internet Gateway?
An Internet Gateway connects your VPC to the public Internet.

### Description
It enables communication between instances in public subnets and users on the Internet. It’s horizontally scaled, redundant, and highly available.

### Example
In the architecture, the Internet Gateway allows the Application Load Balancer in the public subnet to serve incoming HTTP requests from users worldwide.

---

## 🚪 NAT Gateway

### What is a NAT Gateway?
A NAT Gateway provides Internet access for instances in private subnets without exposing them publicly.

### Description
Deployed in a public subnet, the NAT Gateway forwards outbound traffic from private resources to the Internet, ensuring security and controlled data flow.

### Example
Private EC2 instances in the backend subnets use the NAT Gateway to download updates or reach external APIs securely without direct Internet exposure.

---

## 🔗 VPC Peering

### What is VPC Peering?
VPC Peering allows two VPCs to communicate privately using AWS’s internal network.

### Description
It connects resources across VPCs as if they were part of the same network. Peering is one-to-one and does not support transitive routing.

### Example
In the diagram, the application VPC may peer with a **logging VPC** to send audit logs to a central monitoring system securely.

---

## 🌐 Transit Gateway

### What is a Transit Gateway?
A Transit Gateway is a central hub that connects multiple VPCs and on-premises networks.

### Description
It simplifies complex peering setups by allowing one-to-many connectivity. All traffic routes through the Transit Gateway, improving scalability.

### Example
In a large enterprise setup, the diagram’s Transit Gateway connects multiple VPCs (application, database, analytics) and the corporate data center for unified routing.

---

## 🔒 PrivateLink

### What is PrivateLink?
PrivateLink enables private access to AWS or third-party services without exposing traffic to the Internet.

### Description
It uses private IPs within your VPC, improving security and minimizing latency. Often used when accessing SaaS applications or shared services.

### Example
In the architecture, PrivateLink allows secure communication from the application VPC to a centralized **logging or authentication service** VPC.

---

## 🧭 VPC Endpoints

### What is a VPC Endpoint?
A VPC Endpoint provides private connectivity between your VPC and AWS services.

### Description
It removes the need for Internet Gateways or NAT Gateways when accessing AWS services like S3 or DynamoDB. Comes in two types: Gateway and Interface endpoints.

### Example
The backend EC2 instances in private subnets use a **VPC Gateway Endpoint** to access S3 for storing data backups, ensuring traffic never leaves the AWS network.

---

## ⚖️ Load Balancers

### What is a Load Balancer?
A Load Balancer distributes incoming traffic across multiple targets to ensure availability and scalability.

### Description
AWS supports Application Load Balancer (Layer 7) for HTTP/HTTPS traffic and Network Load Balancer (Layer 4) for TCP/UDP traffic.

### Example
In the diagram, the **Application Load Balancer (ALB)** in the public subnet distributes user requests to multiple EC2 instances in private subnets.

---

## 💻 EC2 Instances

### What is EC2?
EC2 (Elastic Compute Cloud) provides virtual servers to run applications in AWS.

### Description
You can define instance size, storage, networking, and IAM roles. EC2 is the backbone of compute operations in AWS.

### Example
The **EC2 instances** shown in the diagram host the backend application logic behind the ALB, ensuring scalable compute power for requests.

---

## 🌀 AWS Lambda

### What is AWS Lambda?
Lambda is AWS’s serverless compute service.

### Description
It runs code in response to events without provisioning servers. Lambda automatically scales based on event frequency.

### Example
In the architecture, Lambda may trigger from **S3 events** to process uploaded files asynchronously.

---

## 🗄️ Amazon S3

### What is Amazon S3?
S3 (Simple Storage Service) is an object storage service for files, media, and backups.

### Description
It offers scalable, durable, and cost-efficient storage accessible via the web or privately through VPC endpoints.

### Example
In the diagram, **S3** stores static web content and backups for EC2 instances and databases. It’s accessed privately through the VPC Endpoint.

---

## 🧮 DynamoDB

### What is DynamoDB?
DynamoDB is a fully managed NoSQL database service.

### Description
It provides single-digit millisecond latency and automatically scales for workloads like gaming, IoT, or real-time analytics.

### Example
In the diagram, **Lambda functions** store processed metadata into DynamoDB for fast retrieval without managing servers.

---

## 🛢️ Amazon RDS (MySQL)

### What is RDS?
RDS (Relational Database Service) is a managed relational database offering engines like MySQL and PostgreSQL.

### Description
RDS automates backups, patching, and failover between AZs for high availability.

### Example
In the diagram, RDS MySQL is deployed in private subnets with Multi-AZ replication, serving as the application’s primary transactional database.

---

## 📬 SQS (Simple Queue Service)

### What is SQS?
SQS is a managed message queuing service for decoupling components.

### Description
It ensures reliable, asynchronous message delivery between microservices.

### Example
In the architecture, when users upload data, messages are placed in **SQS**, and backend workers process them asynchronously.

---

## 📢 SNS (Simple Notification Service)

### What is SNS?
SNS is a publish-subscribe messaging service.

### Description
It allows systems or users to receive notifications through multiple protocols such as email, SMS, or HTTP endpoints.

### Example
In the diagram, **SNS** notifies administrators whenever a new file is uploaded to S3 or an event triggers a Lambda function.

---

## 🌐 Route 53

### What is Route 53?
Route 53 is AWS’s DNS and domain management service.

### Description
It translates domain names into IP addresses and performs routing and health checks.

### Example
In the architecture, Route 53 routes user requests to the **CloudFront distribution** or **ALB** based on configured DNS records.

---

## 🌎 CloudFront & Edge Locations

### What is CloudFront?
CloudFront is a global Content Delivery Network (CDN).

### Description
It caches data at edge locations close to end users, reducing latency and improving performance.

### Example
Static web content from S3 is distributed globally via **CloudFront**, ensuring fast access from the nearest edge location.

---

## 🔐 Client VPN

### What is Client VPN?
Client VPN provides secure remote access to AWS or on-prem networks.

### Description
Users authenticate and connect to internal AWS resources securely using corporate credentials.

### Example
In the diagram, corporate users use **Client VPN** to access private resources within the AWS VPC securely.

---

## 🛰️ Direct Connect

### What is Direct Connect?
Direct Connect is a dedicated physical link between your on-premises data center and AWS.

### Description
It provides low-latency, high-bandwidth, and secure connectivity without traversing the public Internet.

### Example
In the diagram, Direct Connect links the corporate data center to the AWS Transit Gateway for hybrid integration.

---

## 🔒 IPSec VPN

### What is IPSec VPN?
An IPSec VPN is an encrypted tunnel between your on-premises network and AWS.

### Description
It offers secure site-to-site connectivity and can serve as a backup link to Direct Connect.

### Example
In the architecture, IPSec VPN connects the corporate network to the AWS environment through the **Virtual Private Gateway**.

---

## 🏢 Corporate Data Center Integration

### What is a Corporate Data Center Integration?
It represents extending on-premises infrastructure to AWS.

### Description
Through Direct Connect or VPN, on-premises workloads communicate securely with AWS services.

### Example
In the diagram, the corporate data center connects via **Customer Gateway** and **Virtual Private Gateway** to interact with AWS-hosted applications.

---

## 🧩 Service VPC

### What is a Service VPC?
A Service VPC hosts shared services accessible by multiple environments.

### Description
It often contains authentication, logging, or monitoring systems shared across VPCs via PrivateLink or Transit Gateway.

### Example
In the architecture, a Service VPC provides centralized logging accessible by the application VPC through PrivateLink.

---

## 🔁 End-to-End Architecture Flow

1. The user accesses a domain managed by **Route 53**.
2. **CloudFront** delivers static content from **S3**.
3. Dynamic requests go through the **Application Load Balancer** in the public subnet.
4. ALB forwards traffic to **EC2 instances** in private subnets.
5. EC2 instances interact with **RDS (MySQL)** or **DynamoDB**.
6. Private resources use **VPC Endpoints** for S3 and other services.
7. **SQS** queues background tasks, and **SNS** notifies events.
8. **PrivateLink** connects VPCs securely.
9. **Client VPN** and **Direct Connect** link the on-prem network.
10. **Transit Gateway** manages routing between all VPCs.

---

### 🎯 Key Takeaway
This notebook demonstrates the logical relationship of AWS components in a production-grade environment, ensuring learners can visualize and explain the complete architecture end to end.
