logo
Powered by
cover_image

What are the components or the basic components of a computer?

So the first thing is something that we're all probably pretty familiar with at this point, and that's an operating system. So typically, you're going to see Windows or Linux operating systems when you talk about AWS. But out in the world we have many different operating systems, including Linux and Windows but a lot of people also use Mac OS on their Mac computers. Examples of operating systems include Windows 7, Windows 10, Windows 8, as well as Mac OS and for Linux, we have things like Red Hat, Fedora, CentOS. There are a lot of different operating systems out there, so the operating system is required so that your applications can run.

So the operating system is the base platform that's used to allow all of the other applications to perform their tasks and then there's the CPU. Think of the CPU as the brain. I like to say the brains of the operation, right? So the CPU does the processing for the tasks, the thinking that needs to be done by your computer. The CPU is responsible for that. And then we have the hard drive, so the hard drive is where data is stored. So whenever data is processed, your CPU processes that information, and then it passes it off to the hard drive for safekeeping. So the hard drive is storage, right? Just like you might have a storage container where you put things inside of it. That's what our hard drive is used for.

The data is put inside of the hard drive. Now there are different types of storage. You have local storage, and you have remote storage. What I mean by that is you have a hard drive that's inside of your computer, where you store data, and then sometimes there's a central place where there's a server where you might store data remotely. In this example we're talking about local storage, and then, quite often, we want to use our computer and this CPU power to help us to access the internet and a network adapter or a network card is used to provide that internet access.

So the network adapter could be ethernet based where we put a cable in or it might be WiFi based. But the goal or the job of the network adapter is to connect us to the network so that we can communicate with other computers on our same network and on remote networks. Now, once you get access to the internet, you're going to want a firewall. The firewall is responsible for helping to block unauthorized or undesirable access to your computer for things like viruses and malware. So many operating systems already having OS level Firewall installed. As an example on Windows, you might see Windows Firewall.

Now you can buy third party products and use them. But by default, you'll see Windows Firewall on Linux computers one of the older ones that you'll see that a lot of people might be familiar with is something called IP tables. So we used these firewalls again to help block undesirable or malicious activity from accessing our computer. And then we have the RAM. RAM stands from random access memory, so when data is processed by your computer before it's processed, it goes into memory. The memory hands it off to the CPU for actual processing.

Think of RAM as short term memory, things that recently happened or things that need to be processed by the CPU go into memory first and then from memory they're handed off to the CPU for processing. So these are really the basic components that are part of a computer.

You want to take just a moment to try to understand those basic components, because we're going to apply the same concept to the virtual computers that we use on AWS. Those were called Elastic Cloud Compute instances or EC2 instances, and there are some other compute services as well, but in this section our focus is on EC2. So that's going to do it for compute basics. Thanks for watching. I'll see you in the next lesson.

EBS volumes

You have instances that you can purchase from the AWS marketplace. Generally, these have additional license software that's bundled with the operating system, and then you have AMIs that you create. So let's go over here to AMI under images, and I'm going to click on the link for AWS Marketplace and I'm going to scroll down. There's a search section here. We can search for different types of AMIs based on categories, but I'm going to scroll down here and just select operating systems. And if I scroll down a little more over here,

I can select free, and I'm also going to select Linux/Unix operating systems and Amazon Linux. So these are the free Amazon Linux AMIs that have been created by AWS. So you can use these to actually deploy your own EC2 instances. Now, when we talk about instance type options, these are the instance type families that can be utilized when an instance is deployed so think of the purpose or what the instance might actually be used for, and that family kind of helps you narrow down what type of instance you should be looking at as an example, if you have an application that is very memory intensive than you might want, a memory optimized instance.

If you're setting of something like just a web server, then a general purpose Instance may be a good choice. So, based off of your requirement, you select the correct instance type. Now when we think about AMIs, AMIs have several components that include the root volume template that has the operating system and any application software that is included with that AMI, the permissions for launching that AMI, and the block device mapping, which basically maps out the hard drive. These components make up an instance, so in this example, we have an instance named my Linux EC2 instance. The root volume template has Amazon Linux and an Apache web server, installed for the root volume, launch permissions, and then the device mapping for the hard drive or the EBS volume.

From that, we can make an AMI and when we create that AMI. We're creating a template that we can use to launch additional EC2 instances with the exact same configuration. So here you can see we've created the AMI and from the AMI my we can then deploy multiple EC2 instances with that exact same configuration, so you can see how AMIs can help speed up your application deployments. You can create your own customized AMI with all of your applications already installed making image, and then you can deploy multiple EC2 instances with that configuration already preinstalled, it really is a big time saver. So when we look at instance types, instance types are basically the CPU of your instance. The AWS definition is when you launch an instance the instance type that you specify determines the hardware of the host computer. That's the computer that's running your virtual server.

Each instance type offers different compute, memory, and storage capabilities and our grouped in instance families based on these capabilities select an instance type based on the requirements of the application or software that you planned to run on that instance. So if we go back to our EC2 dashboard and click "Launch Instances" and select our Amazon 2 Linux AMI. So let's go ahead and take a deeper dive into these instance type components. The family, which includes the instance type that we want, one that might be used for general purpose, memory optimized, GPU optimized, and so on. The next to that you have the subcategory or type. So within each family, there are multiple subcategories. As an example, we have T2, the T3s, and then we have M5s and all of these are still general purpose. Within each type, we can also select small, medium, large, extra large and so on. So you have multiple options available to you within that family.

You have the virtual CPU is basically how much processing and parallel processing basically multitasking, how much of that is the instance going to have to do? And based on that and the application requirements, you select the correct number of Virtual CPUs and then the memory requirements, what type of instance storage is being utilized like EBS storage, whether or not it's EBS optimize storage.

If that's available as an option for that instance type, what type of network performance you expect, whether you expect of the five gig up to 10 gig at the 20 gig of network performance requirements and then whether or not it supports IP version six. So now that we have a little bit more of an understanding of instance types, let's talk some more about EBS. So I'm going to hit "Cancel" here, and actually, I'm going to go back into that instance type because we're going to take a look at EBS storage. So I'm going to hit "Launch," going to hit the instance type. I'm going to leave that at the T2.micro default. I'm going to hit "Configure Instance Details." I'm going to leave that at all of the default settings.

I'm going to go over to add storage. So from add storage, notice that we have a root volume that's attached here. And this root volume is used as local storage for where the operating system and applications can be installed. So think of EBS as the hard drive for that instance, EBS provides block level storage volumes for use with your EC2 instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance that is in the same availability zone. EBS volumes that are attached to an instance are exposed as storage volumes that persist independently of the life of the instance. So what does that mean?

That means that you can attach additional volumes, EBS volumes, to your instance, and those volumes can survive even when that instance is terminated. So if I click "Add Volume" here and I'm going to leave this all at the default and if you look here at the options, we can see here that the volume type is general purpose. But there are other options here for the type of EBS storage as well, we're not going to go through all those storage types here, as that's a more advanced topic. But just know that we're able to select the type of storage that's used with our EC2 instance.

Now you also have the ability to set whether or not you want this volume to the lead on termination. We're not going to select that for this particular example, but this shows how we can attach additional volumes EBS volumes to our EC2 instance and they're treated like local hard drives. So every EC2 instance must have a root volume which may or may not be based on EBS. By default, EBS root volumes are set to be deleted when the instance is terminated. However, you can choose to have that volume persist after termination. So you see, we have a root and a EBS volume. Your root volumes by default are deleted when the instance is terminated. Your EBS volumes that you attach your secondary volumes, those EBS volumes are not automatically deleted. When the instance is deleted.

You can delete them, but by default, they're set to not delete when the instance is terminated. These are attached volumes so you can attach and detach these secondary volumes to your instance at any time. So, in order to keep this video from becoming too long, we're going to go ahead and pause here and pick up with security groups in the next video. So I'll see you in part two. Thanks for watching. I'll see you in the next video.

Deep drive into the AWS VPC

Let's go ahead and jump in. Now you may feel like we've talked about some of these topics already, but there are some additional things that we really need to make sure that we cover VPCs and all of their associated components. So let's start off talking about subnets.

Subnet is short for sub network, and it's a subsection of a network generally a subnet includes all of the computers in a specific location, very much like our houses on the street analogy. All of the houses on that street, like we talked about before, are related to each other. They're on the same street, and they each have an identifier that identifies them as houses on that same street. Well, it's the same thing when you think about your home network.

It's not a direct analogy, but you can think of your home network as a subnet or a sub network of your ISP's network because your network has to connect to your ISP's network in order for you to get access to different internet resources. So you can think of your house as a subnet, your neighbor's house as a subnet, and so on, and each of you have different devices that are within your home that connect to the internet. Could be computers, could be tablets, could be phones, could be any type of device, but the fact that they're all in the same specific location and they're all connecting either using ethernet or to your wifi so that they can communicate with each other and so that they can communicate off to the internet in it's most basic terms that is a subnet. Now, when you think about the AWS definition, when you create a VPC, it spans all of the availability zones in the region. After creating a VPC, you can add one or more subnet in each availability zone. Each subnet must reside entirely within one availability zone and cannot span zones. Also note that the default VPC has subnets that are created by default. So let's take a little bit deeper look at this. So this diagram shows you that we have two separate availability zones and those availability zones we also call them AZs cross through your VPC, right? Your VPC can have resources in any of those availability zones. Now, when you look at your subnets, in our example, we have a private and a public subnet and then each has resources within it, so you can think of each of the subnets as separate streets with houses on those streets. Now it's up to us to determine what these resources can communicate with, what access do they have.

So if we wanted these instances to be able to talk to each other, then we actually use the communication throughout network access control lists. The route table then says where that data needs to go. So it says, okay, we're going to go back through the network access control list over to this other subnet so you can use the network access control list to control access between subnets and out to the internet, which we've kind of talked about before a little bit. Now what makes this a public subnet, and what makes this a private subnet? And that's what we're going to talk about next. So public subnets are subjects that have the ability to access resources on the internet. Well, what makes that possible is the fact that the route table has an internet gateway attached to it. The communication from the subnet goes through the network access control lists. The route table directs it out to the internet gateway. So the title public subnet does not make it a public subnet what makes it a public subnet is what rules are in the route table. If you have a route table that has an internet gateway rule associated with that route table, then you have access to the internet. If you have a route table that does not have a rule that points to an internet gateway, then it is a private subnet. Again, these labels do not directly effect, whether it is a public or private subnet what does that is, the entries in the route table. So let's now go ahead and take a little bit more of a look at networking security. So we talked some previously about network access control lists, right? So you've seen this particular slide before, and we kind of focused at a high level of how a network access control list behaves like a bouncer, right? How he guards the door like a doorman and determines who can come in and who can't. We talked briefly as well about security groups. Well in this lesson, we're going to take a little bit of a deeper dive into looking at exactly what the network access control lists can do and what a security group can do.

So it'll help you to be able to compare and contrast the difference between those resources. So this is a diagram that presents a little bit more about how the data is moving through a network access control list. This is resources for our public subnet. And over here in the blue is our route table and information for our private subnet. So for our private subnet if we wanted to access resources in the public subnet this route table tells it hey, that's local to the VPC so you can communicate directly with that subnet but it does not have an Internet gateway attached so it can't send traffic to the internet. Now, the other thing is that it actually is sending through the network access control list. So you can use this network because access control list to control communication between subnets. We could—on the public subnet—we could add a deny rule that would prevent any resource in this private subnet from being able to see and access anything in the public subnet. In terms of the rules for the NACLs think of it like a list a numbered list. And the number represents the order in which the rules are actually processed. So if you wanted to allow HTTP that might be rule 10. If you want to deny FTP that might be ruled 20. So you're able to specify so the rules so that they're processed in order. Now what we're doing in this diagram is we're saying we're going to allow HTTP traffic through this network access control list, and that's what we're doing up here. This user is attempting to HTTP or access a website, and as they go through the internet gateway. The route table directs them to the appropriate subnet, but they have to come upon the bouncer, right? So the bouncer says, hey was up? Do I know you, right? HTTP says, hey, you know me. We're buddies, right? So I need to be able to access this EC2 instance, that's in your public subnet.

I need you to let me through. The network ACL checks its list and then directs that communication through to the public subnet, which will then have to be evaluated by the security group. And now your security group also has to do determine should it allow that traffic to enter into the security group and ultimately touch this EC2 instance for the purposes of this example, let's say that HTTP is allowed so that communication comes through the security group and you can access the EC2 instance. Now that NACL or the network ACL can also block traffic. So here we have FTP traffic that's actually coming through and being blocked at the network ACL. Again, the NACL is the bouncer and is saying sorry you're not allowed to pass, you're not allowed to access that server in the public subnet. We do not allow FTP access. Your name is not on the list. So you can apply both allow and deny rules to a network ACL. Now the interesting thing about network ACLs is they are considered stateless. And that means that when the return traffic, after it goes to the EC2 instance, comes back to the NACL in order to get out, to go back to our user up here the network ACL has to have a rule that actually says to allow that traffic back out. So the bouncer is standing at the door and saying, for both inbound and outbound traffic, let me check my list to see if you are allowed. If you are allowed out, then I'll let your traffic out. So let's go ahead now and take a look at how NACLs work for inbound and outbound. Notice that you have inbound rules and outbound rules. So think of it like we have different bouncers, right? There's a bouncer for inbound, and there's a bouncer for outbound. The bouncer stands there with his list and he says you're allowed to pass or you're not. The bouncer on the outbound, which will be the bouncer here, does the exact same thing. You're either allowed out or you're not, and it all comes down to are you on the list? Anything that's not explicitly on that list there's a rule at the end that says block everything else.

Now, when we look at our rules, rules again are evaluated based on rule number from lowest to highest, the first matching rule that it finds gets applied and all of the other rules no longer come into play. So if I have 10 rules and rule number three says allow HTTP traffic as long as there's not a rule before this that says deny HTTP traffic, then the traffic is automatically allowed. It doesn't matter that the rule at the end says block everything, right? So you have to make sure you put your rules in the right order. Now, on your network access control list as well, okay, so let's go ahead now and look at the difference between your default network ACL. And creating your own new network ACL So the default network ACL is assigned to the default VPC. So if you remember, if we came over here and went to VPC and we go to network access control list there is a default network access control list associated with the subnets. So notice down here that we have both inbound and outbound rules. So if I go to inbound rules, notice that the default one has and allow everything rule and then a deny everything. Well, the allow everything is the first rule. So that's the rule that's going to get processed first. This rule matches, so that's what is going to allow. So if we go to our outbound rules, we have the same thing. So your default NACL always has a rule in it that allows everything allows all types of traffic. That's AWS's way of ensuring that you have the easiest possible set up if you're not familiar with how VPCs work and how all of those associated components work. Now, when you create a new network ACL everything is denied by default. So let's create a network ACL and we will call this see CCP_NACL and select our default VPC and click "Create." So now we go here and then go to our outbound rules. Notice that it denies everything, right? Same thing for inbound rules. So we would have to create a rule that decides what traffic to allow when you make a new network ACL from scratch. So I'm going to click "Edit Inbound Rules." I'm going to add a rule. Let's just call this rule 100. I'm going to select HTTP as a rule type port looks fine and here is that default hey send everything through this particular path through this IP address. Now, if you want to only allow certain resources through the NACL like certain subnets.

Let's say you say I only want to allow this private subnet to have access to HTTP. You don't have to allow everything. You can restrict this to the IP address range that's assigned to that subnet. So let's say that the subnet address is 172.31.2.0/24. I'm just making that address up right now, so I'm going to click "Save" and now I have that rule notice that says, hey, HTTP from this subnet is allowed. But if it's coming from any other subnet or for any other kind of traffic deny and that's inbound only outbound. We have a deny all. So if this instance tries to access something over here based off of this rule, what happened is the traffic will be allowed inbound, but it would not be allowed to exit because our only rule is deny. That's what stateless means when you're talking about network ACLs. Let's take one final look at this diagram. We talked a lot about network ACLs, but we haven't talked a whole lot about the security groups we likely touched on them. The security groups are really associated more so with the actual EC2 instances. Now, I can have multiple instances inside of a security group but they're associated at that level and not at the subnet level. So that's a key differentiator between the two. So we're going to actually talk more about security groups and how they actually work in the next section when we talk about compute. But for now, know that your network access control lists are stateless, and they allow that communication both inbound and outbound.

Now, if you come over to the AWS console, you'll notice that you see both network ACLs and security groups here underneath the VPCs. You'll also find security groups on the EC2 dashboard as well. So AWS put that in both locations to make it easier for you to be able to see and access it. But the security groups, are more so associated with the instance and not with the subnet. So this is a common point of confusion for folks, so make sure that you're very clear on that. The network access control list is the doorway to the subnet itself, and it decides what traffic is allowed in and out of the subnets and it's stateless, meaning that you have to explicitly create rules for both inbound and outbound traffic. The security groups we'll talk about again as we get into the next section. So that's going to do it for this lesson on subnets, security groups, and NACLs. Thanks for watching. I'll see you in the next lesson.

Related Scientific Programmings

More Runnbale articles in this catoegory.