Please Google about What is a desktop system what are the components involved in a desktop system, what is desktop engineer, what are the roles and responsibilities of a desktop engineer, what is an operating system, What is the Architecture of an operating system, what is a network switch, what are the components of a network switch, what is SAN, What are the components of a SAN storage device, What is the Architecture of SAN storage device, What are the various SAN and NAS storage devices available in the market, What is Cloud computing, What are the various Public Cloud providers, What is AWS, When Aws cloud launched, What is the roles and responsibilities of AWS Cloud Engineer, What is managed services, what is managed cloud services, what is Azure, What is GCP, What are the various services provided by AWS Cloud, What are the components of Cloud Architecture, What is OSI layer, What are the differences between AWS,Azure,GCP

Study all these make some notes and keep them handy.

AWS site to site VPN

You can create Aws Site to site VPN and establish connection between your Aws infra and Client’s corporate office.

The other way is to create a Direct Link connectivity between Aws and corporate office of your client.

Good practice is to create your instances in a VPC with Private IP.

NAT gateway is created in order to allow internet access outbound for your instance. A NAT gateway should be in Public Subnet. Though Aws has the feature to assign Public Ips to your instances it’s vulnerable and strictly instances should be attached only with Private IP.

The cost associated with Direct Link and Site to site VPN can be calculated using aws.pricing.calculator — Google it.

The elastic IPs created in Aws account lying without attachment to EC2 or NAT gateway will cost.

When you create Aws Client VPN, in the association make sure you add all VPC CIDRs present with the account.

You can generate certificate from your Linux instance and connect to your AWS account using access key and secret key once it’s done using the import certificate command you can add the SSL certificate you generated to AWS certificate manager.

Pls refer this — https://lnkd.in/gVkeJbf

Job role of AWS Solutions Architect

A client approaches you to provision his Infra present in onprem to AWS Cloud.

The first step would be to initiate a meeting with client, understand his/her requirements and then explain him Aws best practices. The next day create an Architecture diagram using draw.io as per AWS best practices (Google the five pillars of AWS). Once client reviews it go ahead and provision them on AWS infra.

If your client is in need of multiple instances to be present in multiple accounts then first create a Aws Landing Zone for him. You have to first create an account with his credit card details by choosing professional check box while creating account.

Google Aws Landing Zone Implementation Guide, go through it, find the S3 URL that has aws-landing-zone template and download it. Traverse to your AWS Client’s Master account and navigate to Cloud formation, load the S3 URL and run the stack. It will take 2 hours or more for it to complete. You could see Log Account, Shared Account, Network Account, Security Account getting created, during this time if you want Prod,Non-Prod accounts get them created via Account Vending Machine.

Create VPCs in each account, create transit gateway in network account and create transit gateway attachments for all VPCs

Glimpse of Transit Gateway

Transit Gateway is being created in order to avoid multiple VPC peering. VPC peering concept is to connect Two VPCs or four VPCs. Imagine if you have 8 VPCs then if you create multiple VPCs it will cost more for the customer. If we create one Transit Gateway and Transit gateway attachments, then all VPCs can communicate with each other. Google about Transit Gateway AWS architecture. When you search in google for any Aws related things include premium support guide, for example (Aws transit gateway premium support guide) you will be directed to self-explanatory documents step by step guide.

If you want to monitor the utilization of your EC2 instances, you have to login and install cloudwatch-agent in them.

Cloudwatch-agent for Monitoring your Ec2 instances

While installing cloudwatch-agent choose Standard so that metrics like CPU,Disk, Memory will be configured.

You have to attach a Cloudwatch-agent full permission role to the EC2 instances as well

=============================

Installation Process Overview

You can download and install the CloudWatch agent manually using the command line, or you can integrate it with SSM. The general flow of installing the CloudWatch agent using either method is as follows:

-Create IAM roles or users that enable the agent to collect metrics from the server and optionally to integrate with AWS Systems Manager.

-Download the agent package.

-Modify the CloudWatch agent configuration file and specify the metrics that you want to collect.

-Install and start the agent on your servers. As you install the agent on an EC2 instance, you attach the IAM role that you created in step 1. As you install the agent on an on-premises server, you specify a named profile that contains the credentials of the IAM user that you created in step 1.

=============================

Installation Process Steps :

======

Step 1: To create the IAM role necessary to run the CloudWatch agent on EC2 instances

— Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/

• In the navigation pane on the left, choose Roles and then Create role.

• For Choose the service that will use this role, choose EC2 Allows EC2 instances to call AWS services on your behalf. Choose Next: Permissions.

• In the list of policies, select the check box next to CloudWatchAgentServerPolicy. If necessary, use the search box to find the policy.

• Choose Next: Review.

• Confirm that CloudWatchAgentServerPolicy appears next to Policies. In Role name, enter a name for the role, such as CloudWatchAgentServerRole. Optionally give it a description. Then choose Create role.

• The role is now created.

=======

Step 2: Download the CloudWatch agent.

— Download the CloudWatch agent.

You can use an Amazon S3 download link to download the CloudWatch agent package depending on your architecture and platform.
Please refer this link to get the appropriate package’s link : https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/download-cloudwatch-agent-commandline.html#download-CloudWatch-Agent-on-EC2-Instance-commandline-first

• On a Linux server, enter the following. For download-link, use the appropriate download link from the previous table.

command : $ wget

• On a server running Windows Server, download the following file :

https://s3.amazonaws.com/amazoncloudwatch-agent/windows/amd64/latest/amazon-cloudwatch-agent.msi

• Install the package.

If you downloaded an RPM package on a Linux server, change to the directory containing the package and enter the following:

command : $ sudo rpm -U ./amazon-cloudwatch-agent.rpm

If you downloaded a DEB package on a Linux server, change to the directory containing the package and enter the following:

command : $ sudo dpkg -i -E ./amazon-cloudwatch-agent.deb

If you downloaded an MSI package on a server running Windows Server, change to the directory containing the package and enter the following:

command : msiexec /i amazon-cloudwatch-agent.msi

=======

Step 3: Create the CloudWatch Agent Configuration File with the Wizard

• The wizard is configured with predefined sets of metrics, with different detail levels. These sets of metrics are shown in the following tables. For more information about these metrics, see Metrics Collected by the CloudWatch Agent.

-To create the CloudWatch agent configuration file. Start the CloudWatch agent configuration wizard by entering the following:

command : $ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard

On a server running Windows Server, enter the following:

cd “C:\Program Files\Amazon\AmazonCloudWatchAgent”
amazon-cloudwatch-agent-config-wizard.exe

• Answer the questions to customize the configuration file for your server.

• You would have to give the location of your log file here in this wizard and then the agent will start picking them from the mentioned location in your case

• If you’re storing the configuration file locally, the configuration file config.json is stored in /opt/aws/amazon-cloudwatch-agent/bin/ on Linux servers, and is stored in C:\Program Files\Amazon\AmazonCloudWatchAgent on Windows Server.

=======

Step 4:Start the CloudWatch Agent Using the Command Line

Follow these steps to use the command line to start the CloudWatch agent on a server.

• On an EC2 instance running Linux, enter the following command. Replace configuration-file-path with the path to the agent configuration file. This file is called config.json is you created it with the wizard,

command : $ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:configuration-file-path -s

example : $ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json -s

• On an EC2 instance running Windows Server, enter the following from the PowerShell console:

& “C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-ctl.ps1” -a fetch-config -m ec2 -c file:configuration-file-path -s

• On an on-premises server running Windows Server, enter the following from the PowerShell console:

& “C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-ctl.ps1” -a fetch-config -m onPremise -c file:configuration-file-path -s

=======

Step 5: Verification

— Check that the agent is running with the following command:

command : $ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -m ec2 -a status

• Additionally kindly verify that your instance has the connectivity to the monitoring and logs endpoint from within the instance.

https://monitoring.us-east-1.amazonaws.com
https://logs.us-east-1.amazonaws.com

Commands :

$ telnet monitoring.us-east-1.amazonaws.com 443

$ telnet logs.us-east-1.amazonaws.com 443

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

===========

References :

[1] https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Install-CloudWatch-Agent.html

[2] https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/installing-cloudwatch-agent-commandline.html

[3] https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/metrics-collected-by-CloudWatch-agent.html

AWS Windows AMI with SQL Web

AWS has a Windows Server AMI with SQL web enabled. Once after launching the server login to it and press windows key followed by typing SSMS then SQL Management Studio gets opened.

You have to create a user and set password further you must add admin privileges, add user to schema and enable DB access, Admin access etc.

AWS Autoscaling concept explained

AWS AMI explained

What if you lose your EBS backed EC2 key in AWS Cloud

AWS status checks explained

AWS VPC components , interview question

To be continued …

Since medium blog is not free, I have replicated from my Medium blog to here