From 0ac6111abe6035ea23db5dfaf0f07df4709edbec Mon Sep 17 00:00:00 2001 From: Ajay Dhangar Date: Wed, 1 Apr 2026 21:29:44 +0530 Subject: [PATCH] added new docs for devOps --- .../devops-beginner/aws/_category_.json | 14 ++ .../devops-beginner/aws/core-services.mdx | 100 +++++++++++++ .../aws/deploy-first-instance.mdx | 138 ++++++++++++++++++ .../aws/global-infrastructure.mdx | 95 ++++++++++++ .../devops-beginner/aws/iam-security.mdx | 131 +++++++++++++++++ .../devops-beginner/aws/intro-to-aws.mdx | 116 +++++++++++++++ 6 files changed, 594 insertions(+) create mode 100644 absolute-beginners/devops-beginner/aws/_category_.json create mode 100644 absolute-beginners/devops-beginner/aws/core-services.mdx create mode 100644 absolute-beginners/devops-beginner/aws/deploy-first-instance.mdx create mode 100644 absolute-beginners/devops-beginner/aws/global-infrastructure.mdx create mode 100644 absolute-beginners/devops-beginner/aws/iam-security.mdx create mode 100644 absolute-beginners/devops-beginner/aws/intro-to-aws.mdx diff --git a/absolute-beginners/devops-beginner/aws/_category_.json b/absolute-beginners/devops-beginner/aws/_category_.json new file mode 100644 index 0000000..b9d022f --- /dev/null +++ b/absolute-beginners/devops-beginner/aws/_category_.json @@ -0,0 +1,14 @@ +{ + "label": "AWS", + "position": 7, + "link": { + "type": "generated-index", + "title": "AWS Cloud Practitioner Guide", + "description": "Master the fundamentals of Amazon Web Services (AWS). This track is designed specifically for absolute beginners to understand cloud infrastructure, core services, and industrial security practices used at CodeHarborHub." + }, + "customProps": { + "icon": "☁️", + "status": "new", + "author": "CodeHarborHub Team" + } +} \ No newline at end of file diff --git a/absolute-beginners/devops-beginner/aws/core-services.mdx b/absolute-beginners/devops-beginner/aws/core-services.mdx new file mode 100644 index 0000000..063d047 --- /dev/null +++ b/absolute-beginners/devops-beginner/aws/core-services.mdx @@ -0,0 +1,100 @@ +--- +title: "AWS Core Services" +sidebar_label: "3. Core Services" +sidebar_position: 3 +description: "A deep dive into the essential AWS services every developer needs to know. Learn about EC2, S3, RDS, and more. Understand how these services interact to build scalable applications on AWS." +tags: [aws, core-services, compute, storage, database, networking] +--- + +AWS offers hundreds of services, but as a **Full-Stack Developer** at **CodeHarborHub**, you only need to master the "Core 5" to build 90% of modern applications. We categorize these into **Compute**, **Storage**, **Database**, and **Networking**. + +## 1. Compute Services: The Brains + +Compute services provide the processing power for your applications. Whether you're running a Node.js API or a Python script, these services host your code. + +### EC2 (Elastic Compute Cloud) +EC2 provides resizable virtual servers. It is the most flexible compute option. + +* **Instance Types:** Optimized for different tasks (e.g., `t3.micro` for testing, `c5` for heavy computation). +* **AMIs (Amazon Machine Images):** Pre-configured templates (Ubuntu, Amazon Linux, Windows). + +### Lambda (Serverless) +Run code without provisioning or managing servers. You only pay for the milliseconds your code executes. + +```mermaid +graph LR + A[Trigger: S3 Upload] --> B{AWS Lambda} + B --> C[Process Image] + B --> D[Update Database] + C --> E[Final Output] +``` + +If your application has unpredictable traffic or you want to avoid server management, Lambda is a great choice. For a MERN stack app, you might use Lambda for background tasks like image processing or sending emails. + +## 2. Storage Services: The Memory + +Where do your files, images, and backups live? AWS provides highly durable storage solutions. + + + + +**Simple Storage Service (S3)** + + * **Concept:** Store files as "Objects" in "Buckets." + * **Durability:** 99.999999999% (11 nines). Your data is practically impossible to lose. + * **Use Case:** Static website hosting, user profile pictures, logs. + + + + +**Elastic Block Store (EBS)** + + * **Concept:** A virtual hard drive attached to an EC2 instance. + * **Use Case:** Installing a database or an OS on a server. + * **Scope:** Stays within a single Availability Zone. + + + + + +## 3. Database Services: The Heart + +Managing databases manually is hard. AWS RDS handles the heavy lifting like backups, patching, and scaling. + +| Service | Type | Use Case | +| :--- | :--- | :--- | +| **Amazon RDS** | Relational (SQL) | Structured data, MySQL, PostgreSQL. | +| **DynamoDB** | NoSQL (Key-Value) | High-speed, serverless, great for MERN apps. | +| **ElastiCache** | In-Memory | Caching data for ultra-fast performance (Redis). | + +## Service Interaction Map + +Here is how a typical **CodeHarborHub** industrial-level architecture looks using these core services: + +```mermaid +flowchart TD + User((User)) --> CloudFront[CloudFront - CDN] + CloudFront --> S3[S3 - Static React App] + User --> ALB[Application Load Balancer] + ALB --> EC2[EC2 - Node.js Backend] + EC2 --> RDS[(RDS - PostgreSQL)] + EC2 --> S3_Files[S3 - User Uploads] +``` + +In this architecture: +* The user accesses the React frontend hosted on S3 via CloudFront for low latency. +* The backend API runs on EC2 instances behind an Application Load Balancer (ALB) +* The backend interacts with RDS for structured data and S3 for file storage. + +## Quick Summary Table + +| Service | Analogy | Why it's "Industrial Level"? | +| :--- | :--- | :--- | +| **EC2** | Your Laptop in the Cloud | Full control over the environment. | +| **S3** | Unlimited Dropbox | Scales to petabytes of data effortlessly. | +| **RDS** | A DBA in a Box | Automated backups and high availability. | +| **VPC** | Your Private Office | Isolates your resources from the public internet. | + +:::tip Developer Note +If you are building a **MERN Stack** project, start with **EC2** for your Express server and **MongoDB Atlas** (or AWS DocumentDB). As you grow, move your frontend to **S3 + CloudFront** for global speed! +::: \ No newline at end of file diff --git a/absolute-beginners/devops-beginner/aws/deploy-first-instance.mdx b/absolute-beginners/devops-beginner/aws/deploy-first-instance.mdx new file mode 100644 index 0000000..73b371c --- /dev/null +++ b/absolute-beginners/devops-beginner/aws/deploy-first-instance.mdx @@ -0,0 +1,138 @@ +--- +title: "Deploy Your First Instance" +sidebar_label: "5. Hands-on Lab" +sidebar_position: 5 +description: "A step-by-step guide to launching, securing, and connecting to your first AWS EC2 Linux server. Learn the essential commands to prepare your server for a MERN stack deployment and understand the best practices for managing your cloud resources." +--- + +Welcome to the final capstone of the **CodeHarborHub** AWS Beginner series! Today, you will move from theory to practice by launching a live **Ubuntu Linux** server in the AWS Cloud. + +:::info Why This Matters +Deploying your own server is a critical milestone in your DevOps journey. It gives you hands-on experience with cloud infrastructure, security, and server management. This lab will prepare you for real-world scenarios where you'll need to deploy and manage applications in the cloud. +::: + +## The Deployment Lifecycle + +Before we click the buttons, let's look at what happens behind the scenes when you request a server. + +```mermaid +sequenceDiagram + participant U as You (Developer) + participant C as AWS Console + participant R as EC2 Resource + participant N as VPC/Network + + U->>C: Select AMI & Instance Type + C->>R: Provision Virtual Hardware + R->>N: Attach Elastic Network Interface + N->>R: Assign Public IP + R->>R: Status Check (Initialising) + R-->>U: Instance Running ✅ +``` + +In this lifecycle: +1. You select the **AMI** (Amazon Machine Image) and **Instance Type** (virtual hardware). +2. AWS provisions the virtual server and attaches it to the network. +3. The server undergoes status checks to ensure it's healthy before you can connect. + +## Step-by-Step Implementation + +Follow these steps carefully. At **CodeHarborHub**, we use the **Free Tier** to ensure you learn without incurring costs. + +### 1. Launch the Instance + +1. Log in to the [AWS Management Console](https://aws.amazon.com/console/). +2. In the search bar, type **EC2** and select it. +3. Click the orange **"Launch instance"** button. + +### 2. Name and Application Image (AMI) + + * **Name:** `CodeHarborHub-Web-Server` + * **AMI:** Select **Ubuntu** (Choose the `Ubuntu Server 24.04 LTS` - Free tier eligible). + +### 3. Instance Type & Key Pair + + * **Instance Type:** Select `t2.micro` (1 vCPU, 1 GiB Memory). + * **Key pair:** Click **"Create new key pair"**. + * **Name:** `codeharbor-key` + * **Format:** `.pem` (for OpenSSH/Mac/Linux) or `.ppk` (for PuTTY/Windows). + * **Action:** Download and save this file safely! **You cannot download it again.** + +### 4. Network Settings (Security Groups) + +The Security Group acts as a virtual firewall. + +* **Allow SSH traffic from:** Anywhere (0.0.0.0/0) — *For production, use "My IP".* +* **Allow HTTPS traffic** (Port 443). +* **Allow HTTP traffic** (Port 80). +* **Review and Launch** your instance. + +## Connecting to Your Server + +Once the instance state says **"Running"**, it's time to log in via your terminal. + + + + +1. Open your terminal and navigate to the folder containing your `.pem` file. +2. Set permissions (Security requirement): + ```bash + chmod 400 codeharbor-key.pem + ``` +3. Connect using the Public IP: + ```bash + ssh -i "codeharbor-key.pem" ubuntu@ + ``` + + + + +1. Open PowerShell as Administrator. +2. Navigate to your key folder and run: + ```powershell + ssh -i .\codeharbor-key.pem ubuntu@ + ``` + + *(Note: Modern Windows 10/11 has OpenSSH built-in\!)* + + + + +## Industrial Level Commands + +Once you are inside your server, run these commands to prepare it for a **MERN Stack** deployment: + +```bash +# Update the package manager +sudo apt update && sudo apt upgrade -y + +# Install Node.js (Current LTS) +curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - +sudo apt-get install -y nodejs + +# Verify installation +node -v +``` + +:::info Best Practice + +Always keep your server updated to patch security vulnerabilities. Use `sudo apt update && sudo apt upgrade -y` regularly to maintain a secure environment. + +::: + + +## The "Wallet Safety" Rule + +To keep your AWS account free, you must manage your resources. At the end of your practice session: + +1. Go to the **Instances** dashboard. +2. Select your instance. +3. Click **Instance state** -> **Terminate instance**. + +:::danger Warning +**Stopping** an instance saves the data but might still charge for EBS storage. **Terminating** deletes the instance and stops all billing for that resource. +::: + +## Graduation Challenge + +Now that your server is running, try to install **Nginx** (`sudo apt install nginx`) and paste your instance's **Public IP** into a browser. If you see the "Welcome to nginx!" page, you have successfully deployed a web server to the cloud! \ No newline at end of file diff --git a/absolute-beginners/devops-beginner/aws/global-infrastructure.mdx b/absolute-beginners/devops-beginner/aws/global-infrastructure.mdx new file mode 100644 index 0000000..54f8b4e --- /dev/null +++ b/absolute-beginners/devops-beginner/aws/global-infrastructure.mdx @@ -0,0 +1,95 @@ +--- +title: "AWS Global Infrastructure" +sidebar_label: "2. Global Infrastructure" +sidebar_position: 2 +description: "Understand how AWS Regions, Availability Zones, and Edge Locations work to provide high availability. Learn the core concepts of AWS's global footprint and how to choose the right region for your applications." +--- + +To build "Industrial Level" applications at **CodeHarborHub**, you must understand where your code actually lives. AWS doesn't just have "one big cloud"; it has a massive, physical footprint across every continent. + +The AWS Global Infrastructure is built around three core concepts: **Regions**, **Availability Zones (AZs)**, and **Edge Locations**. + +## The Infrastructure Hierarchy + +Visualizing the relationship between these components is key to passing the **AWS Cloud Practitioner** exam and building resilient systems. + +```mermaid +graph TD + A[AWS Global Cloud] --> B[Region: ap-south-1 Mumbai] + A --> C[Region: us-east-1 N. Virginia] + + subgraph "Inside a Region (e.g., Mumbai)" + B --> D[AZ: ap-south-1a] + B --> E[AZ: ap-south-1b] + B --> F[AZ: ap-south-1c] + end + + subgraph "Inside an Availability Zone" + D --> G[Data Center 1] + D --> H[Data Center 2] + end +``` + +## 1. Regions + +A **Region** is a physical location in the world where AWS clusters data centers. + +:::info Key Fact +Each Region is completely independent and isolated from other regions. This achieves the greatest possible fault tolerance and stability. +::: + +### How to Choose a Region? + +When deploying your project (like a **MERN stack** app), consider these four factors: + +1. **Compliance:** Does the data need to stay in India (e.g., for government projects)? +2. **Latency:** How close is the region to your users? (e.g., Choose Mumbai for users in **Madhya Pradesh**). +3. **Pricing:** Some regions (like US-East) are cheaper than others (like Sao Paulo). +4. **Service Availability:** Not all AWS services are available in every region. + +## 2. Availability Zones (AZs) + +An **Availability Zone** consists of one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. + +| Feature | Description | +| :--- | :--- | +| **Isolation** | AZs are physically separated by miles to prevent "single point of failure." | +| **Connectivity** | Connected via ultra-fast, low-latency private fiber-optic networking. | +| **High Availability** | If one AZ goes down (flood/fire), your app fails over to another AZ. | + +## 3. Edge Locations & CloudFront + +**Edge Locations** are specialized data centers located in major cities globally. They are used by **Amazon CloudFront** (a Content Delivery Network) to deliver content to end-users with lower latency. + +```mermaid +sequenceDiagram + participant U as User (Indore, India) + participant E as Edge Location (Mumbai) + participant O as Origin Server (US-East-1) + + U->>E: Request codeharborhub.png + Note over E: Is it in Cache? + E-->>U: Yes! (Fast Delivery) + Note right of E: No? Fetch from Origin + E->>O: Request from US + O->>E: Send File + E->>U: Deliver to User & Cache +``` + +## Comparison Summary + +To help you remember for your interviews, here is the "CodeHarborHub Cheat Sheet": + +| Component | Physical Scale | Primary Purpose | +| :--- | :--- | :--- | +| **Region** | Large (Cluster of AZs) | Data Sovereignty & Latency. | +| **AZ** | Medium (Data Center) | High Availability & Disaster Recovery. | +| **Edge Location** | Small (Cache Point) | Content Delivery Speed (CDN). | + +## Hands-on Tip: Selecting a Region + +When you log into your **AWS Management Console**, look at the top right corner. You will see a dropdown menu (e.g., "N. Virginia"). + +:::warning Important +Always check your region **before** creating resources! If you create an EC2 instance in "Oregon" but your database is in "Mumbai," your application will be incredibly slow due to high latency. +::: \ No newline at end of file diff --git a/absolute-beginners/devops-beginner/aws/iam-security.mdx b/absolute-beginners/devops-beginner/aws/iam-security.mdx new file mode 100644 index 0000000..782dfb2 --- /dev/null +++ b/absolute-beginners/devops-beginner/aws/iam-security.mdx @@ -0,0 +1,131 @@ +--- +title: "IAM & Security" +sidebar_label: "4. Security (IAM)" +sidebar_position: 4 +description: "Learn how to secure your AWS account using Identity and Access Management (IAM) and security best practices. Understand the shared responsibility model and how to protect your applications from common security pitfalls." +tags: [aws, security, iam, best-practices, shared-responsibility] +keywords: [aws, security, iam, best-practices, shared-responsibility] +--- + +In the world of Cloud Computing, **Security is Job Zero**. **AWS IAM (Identity and Access Management)** is the service that allows you to manage access to AWS services and resources securely. + +At **CodeHarborHub**, we follow a **Zero-Trust Model**: by default, no one has access to anything until explicitly granted. + +## The IAM Hierarchy + +Understanding how IAM components interact is essential for building "Industrial Level" secure applications. + +```mermaid +graph TD + A[Root User] -->|Create| B[IAM Users] + B -->|Belong to| C[IAM Groups] + D[IAM Roles] -->|Assumed by| E[EC2 / Lambda] + + subgraph Permissions + F[JSON Policy] -.-> B + F -.-> C + F -.-> D + end +``` + +In this hierarchy: +* The **Root User** is the original account creator with full access. It should be locked +* **IAM Users** are individual identities for people or applications. +* **IAM Groups** are collections of users with shared permissions. +* **IAM Roles** are temporary identities that can be assumed by services (like EC2) or users. + +:::info Principle of Least Privilege +Always grant the minimum permissions necessary for a user or service to perform their job. This minimizes the potential damage if credentials are compromised. +::: + +## Core Components of IAM + +| Component | What it is | Best Practice | +| :--- | :--- | :--- | +| **Users** | A person or application (e.g., "Developer-John"). | One IAM user per physical person. | +| **Groups** | A collection of users (e.g., "Admins", "Devs"). | Assign permissions to Groups, not individual Users. | +| **Roles** | Temporary identities for services or users. | Use Roles for EC2 instances to access S3. | +| **Policies** | JSON documents defining permissions. | Follow the **Principle of Least Privilege**. | + +## Anatomy of an IAM Policy (JSON) + +AWS uses JSON (JavaScript Object Notation) to define what a user can or cannot do. Here is a standard policy used at **CodeHarborHub** to allow a developer to read files from a specific S3 bucket. + +```json title="s3-read-policy.json" +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:Get*", + "s3:List*" + ], + "Resource": "arn:aws:s3:::codeharborhub-assets/*" + } + ] +} +``` + +In this policy: +* The `Effect` is set to `Allow`, meaning the actions are permitted. +* The `Action` specifies which API calls are allowed (e.g., `s3:GetObject`). +* The `Resource` defines which AWS resource the policy applies to (in this case, all objects in the `codeharborhub-assets` S3 bucket). + +### Breaking down the JSON: + + * **Effect:** Set to `Allow` or `Deny`. + * **Action:** The specific API calls allowed (e.g., `s3:GetObject`). + * **Resource:** The specific AWS resource (ARN) the policy applies to. + +## Industrial Security Checklist + +To protect your **CodeHarborHub** projects and avoid massive bills from hackers, follow these "Golden Rules": + + + + + * **Never** use your Root Account for daily tasks. + * Enable **MFA (Multi-Factor Authentication)** immediately. + * Delete your Root Access Keys. + + + + + * Only give users the permissions they need for their job. + * If a developer only needs to upload images, don't give them "Administrator" access. + + + + + * **Never** hardcode Access Keys inside your Node.js or Python code. + + * Use **IAM Roles** to allow your EC2 server to talk to your Database or S3 bucket securely. + + + + + + +## Shared Responsibility: Security Revisited + +Remember, security is a two-way street. While AWS secures the data center, **you** secure the data. + +```mermaid +pie title Who Secures What? + "AWS: Physical Infrastructure" : 50 + "User: IAM & Data Encryption" : 25 + "User: Firewall (Security Groups)" : 25 +``` + +:::danger Critical Warning +If you commit your AWS `ACCESS_KEY_ID` and `SECRET_ACCESS_KEY` to a public GitHub repository, bots will find them within seconds. They will launch the most expensive servers available to mine cryptocurrency, and **you** will be responsible for the bill. **Always use `.env` files and add them to `.gitignore`!** +::: + +## Learning Challenge + +1. Log into your AWS Console. +2. Search for **IAM**. +3. Create a new **IAM User** with "Custom Password." +4. Create a **Group** called `Developers` and attach the `PowerUserAccess` policy. +5. Add your new user to the `Developers` group and try logging in with that user. \ No newline at end of file diff --git a/absolute-beginners/devops-beginner/aws/intro-to-aws.mdx b/absolute-beginners/devops-beginner/aws/intro-to-aws.mdx new file mode 100644 index 0000000..d1ee420 --- /dev/null +++ b/absolute-beginners/devops-beginner/aws/intro-to-aws.mdx @@ -0,0 +1,116 @@ +--- +title: "Introduction to AWS Cloud" +sidebar_label: "1. What is AWS?" +sidebar_position: 1 +description: "A comprehensive beginner's guide to Amazon Web Services (AWS) infrastructure and cloud concepts." +--- + +Welcome to the **CodeHarborHub** AWS series. **Amazon Web Services (AWS)** is the world's most broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. + +Whether you are building a simple MERN stack application or a global AI-driven ecosystem, AWS provides the "Lego blocks" required to build, deploy, and scale your vision. + +:::info Why AWS? +* **Market Leader:** AWS holds the largest market share in cloud computing, making it a critical skill for developers and businesses. +* **Comprehensive Services:** From compute to storage, databases to machine learning, AWS has a service for every need. +* **Global Reach:** With data centers in 25+ regions worldwide, AWS allows you to serve users with low latency and high availability. +::: + +## What is Cloud Computing? + +Before we dive into AWS specifically, we must understand the shift from **On-Premise** to **Cloud**. + +:::info Definition +Cloud computing is the on-demand delivery of IT resources over the internet with **pay-as-you-go** pricing. Instead of buying, owning, and maintaining physical data centers and servers, you access technology services as needed. +::: + +### The Visual Shift +How a request flows from a user to the CodeHarborHub infrastructure: + +```mermaid +graph LR + A[User/Learner] -->|Request| B(Internet) + B --> C{AWS Cloud} + subgraph Infrastructure + C --> D[EC2 - Compute] + C --> E[S3 - Storage] + C --> F[RDS - Database] + end + D --- G((CodeHarborHub App)) +``` + +## Core Cloud Concepts + +To master AWS, you must understand these four fundamental pillars: + +| Pillar | Explanation | Why it matters at CodeHarborHub | +| :--- | :--- | :--- | +| **Agility** | Spin up resources in minutes. | Faster experimentation and deployment. | +| **Elasticity** | Scale up/down automatically based on traffic. | Handles 1,000 to 1M users seamlessly. | +| **Cost Savings** | Trade fixed expense for variable expense. | No upfront cost for expensive hardware. | +| **Global Reach** | Deploy globally in minutes. | Low latency for users in India and worldwide. | + +## Deployment Models + +How do you want to manage your infrastructure? Choose the model that fits your project needs. + + + + +**Everything is on AWS.** + + * No hardware to manage. + * High scalability. + * **Example:** Hosting the CodeHarborHub educational platform. + + + + +**On-premise resources.** + + * Used by government or highly regulated banks. + * Complete control but high maintenance. + * **Example:** A local Cooperative Bank (PACS) data center. + + + + +**The best of both worlds.** + + * Connects on-premise data centers to the AWS Cloud. + * **Example:** Storing sensitive user data locally while using AWS for heavy AI processing. + + + + + +## The AWS Shared Responsibility Model + +Security is a "Shared Responsibility" between AWS and you (the Customer). This is a critical concept for the **AWS Cloud Practitioner** exam. + +```mermaid +quadrantChart + title Responsibility Split + x-axis "Customer Responsible" --> "AWS Responsible" + y-axis "Infrastructure" --> "Data/Software" + "Data Encryption": [0.2, 0.8] + "OS Configuration": [0.3, 0.6] + "IAM Users": [0.1, 0.7] + "Physical Security": [0.8, 0.2] + "Hardware Maintenance": [0.9, 0.1] + "Global Regions": [0.8, 0.3] +``` + + * **AWS Responsibility (Security OF the Cloud):** Protecting the hardware, software, networking, and facilities that run AWS services. + * **Customer Responsibility (Security IN the Cloud):** You are responsible for your data, firewall configurations (Security Groups), and identity management (IAM). + +## Key Terminology for Beginners + +Before moving to the next chapter, ensure you are familiar with these terms: + +1. **Region:** A physical location in the world where AWS has multiple Availability Zones. +2. **Availability Zone (AZ):** One or more discrete data centers with redundant power and networking. +3. **Edge Location:** Used by **CloudFront** to cache content closer to users (like in Indore or Mumbai) for faster loading. + +:::tip Hands-on Task +Sign up for an **AWS Free Tier** account today. You will get **750 hours/month** of EC2 usage and **5GB** of S3 storage for free for the first 12 months! +::: \ No newline at end of file