* If you want to make allow request which is originated form the private instance should be able to reach internet you make use of NAT

* The traffic which originated from the internet and for these private instance that's comes via ELB

* ELB work as a Reserve Proxy
* NAT Gateway work as a Forward proxy
* NAT Gateway should place in pulic subnet
* ELB should place in public or private subnet
* NAT and ELB  both are the managed services but NAT Gateway live in one subnet as a ELB if we choose correctly can spam in multiple subnet
* In NAT we have two options NAT instace and NAT Gateway
* NAT Gateway can live only one availability zone or we can choose only one subnet for one instance


--------------------------------------------------

Elastic Load Balancer

* ELB is mananged service by amazon
* ELB distribute the taffic to n number of instances which are registed to ELB
* ELB does check continious health check which are registred to ELB, in case any intance become unhealthy ELB will stop send traffic to that particular instance.
* Intenaly ELB launch the instance so it consomme the IP from your subnet hence keep some buffer in terms of private IP address
* You can move Web-server to private subnet and keep only ELB in public Subnet. Within a VPC all instances can talk to each other(irrespective of subnet)
* Traffic gets distributed between 2 AZs in roub-robin fashion, with in AZ there are n number of instances and request will go which have lease of connections
* ELB should be access by DNS not by IP address
* If we use check botton "Create an internal load balancer" then it will be private load balancer
* If we know the URL then we do choose httpd and URL path ohterwise we should choose TCP
* And you have to enable Cross-Zone Load Balancing and enable Connection Draining, it will distribute traffic in all instance of all AZ equaly

* And connection draining is a time which ELB  we give to that unhealthy instance has some open connections with in particular time instance can relese his connection

Appilcation Load Balancer

* If configured a clasic load balancer and register N number of ec2 instance then every instance would have same type of content or would have all the file similar
* Where as in case of application load balancer we can go head and create rules based on which any incoming request can go to specific target group

* On the physical host, ec2 is a VM, and EBS volume not their in physical host they are connected via a network to this particular host
* Where as Instance store is their on the physical host it self
* When we stop any ec2 instance the resoureces of that particular instace become free which means CPU RAM will be free but data which is available in EBS volume that is connect by network is remain their
* We stop and start the instance the underline hardware change but we reboot the ec2 instance only os whould reboot nothing will change
========================================================================================================================================
ec2 Auto Recovery:- Auto recovery is a process which helps you to recover your instance in case something went wrong at your H/W level or on the host level
Main two prars in auto recovery:-
(1) System status check:- There is some issue with the software of pysical host. We can not do any thing on system status check
(2) Instance status check:- Which are reletated to our ec2 instance level

Events:- If any actvity have planed by amazon side it will show in event, so we can plane to stop or any migration of our instance.
Limit:- Aws provide limit for luacnhing any service suppose any developer start a for infinity loop to lauch a instance and this loop lauch many instances, limit feature  stop these type of actvity. if we want to increase limit of any service have to request to AWS

Limits are two types:-
(1) Soft limit:- we can request to AWS to increase the limit of that particular service i.e. ec2, s3, vpc etc
(2) Hard limit:- We can not request to AWS to increase the limit of that service just like security group, rule in security grop etc.

Private IP:- Private IP address is associated with eithernet of ec2 instance, when we login any ec2 instance it shows, this ip address is not accessable from out side the world, and belogns to particular VPC, when we stop/satar/reboot the instance ip address does not change.

Public IP:- Public ip address is accessable from out side the world, but these are limited, so for any application internal communication we use only private IP, when we stop and start the ec2 instance public IP automatic relese and new public IP assign, if we reboot any instance then public IP does not change.

Elastic IP:- Elastic IP work as a public IP, we generate and elastic ip and accociate with any ec2 instance and if we stop and start that ec2 instance then public IP wil not change due to this elastic ip which is associated with particular instance.
 Suppose we want do migrated any appilcation and we create power full server configuration then as per elastic ip side we simple deattach elastic ip from older server and attach to new serve.

[root@docker ~]# aws ec2 describe-instances --instance-ids i-0734100aebc91b85c
[root@docker ~]# aws ec2 stop-instances --instance-ids i-0734100aebc91b85c
[root@docker ~]# aws ec2 start-instances --instance-ids i-0734100aebc91b85c
[root@docker ~]# aws ec2 terminate-instances --instance-ids i-0734100aebc91b85c

Change hostname in AWS Linux server

[root@ip-172-31-20-169 ~]# rpm -qf /etc/cloud/cloud.cfg
[root@ip-172-31-20-169 ~]# rpm -qf /etc/cloud/cloud.cfg
[root@ip-172-31-20-169 ~]# vi /etc/cloud/cloud.cfg:- Add below parameter in mentioned file
preserve_hostname: true
[root@ip-172-31-20-169 ~]# vi /etc/hostname:- Give the hostname in mentioned file
awslabserver
[root@ip-172-31-20-169 ~]# vi /etc/hosts
172.31.20.169 awslabserver
[root@ip-172-31-20-169 ~]# init 6
[root@awslabserver ~]# uname -a
Linux awslabserver 4.14.138-114.102.amzn2.x86_64 #1 SMP Thu Aug 15 15:29:58 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[root@docker ~]#  aws ec2 create-vpc --cidr-block 10.0.0.0/16            vpc-040630f59ce9188ea---VPCid
[root@docker ~]# aws ec2 describe-vpcs
[root@docker ~]# aws ec2 create-tags --resources vpc-040630f59ce9188ea --tags Key=Name,Value=CLI-VPC
[root@docker ~]# aws ec2 create-subnet --vpc-id vpc-040630f59ce9188ea --cidr-block 10.0.1.0/24
[root@docker ~]# aws ec2 create-tags --resources subnet-03b167b7e4e7fde24 --tags Key=Name,Value=Public-Subnet
[root@docker ~]# aws ec2 create-subnet --vpc-id vpc-040630f59ce9188ea --cidr-block 10.0.2.0/24
[root@docker ~]# aws ec2 create-tags --resources subnet-01f5fbf80d0bd44aa --tags Key=Name,Value=Private-Subnet
[root@docker ~]# aws ec2 describe-subnets
[root@docker ~]# aws ec2 create-internet-gateway
[root@docker ~]# aws ec2 create-tags --resources igw-04d67210fe8d1888f --tags Key=Name,Value=CLI-IGY
[root@docker ~]# aws ec2 attach-internet-gateway --internet-gateway-id igw-04d67210fe8d1888f --vpc-id vpc-040630f59ce9188ea
[root@docker ~]# aws ec2 allocate-address --domain vpc
[root@docker ~]# aws ec2 create-nat-gateway --subnet-id subnet-03b167b7e4e7fde24 --allocation-id eipalloc-0a804bd0125aeff3e
[root@docker ~]# aws ec2 create-tags --resources nat-0af1dfe5aa12ad301 --tags Key=Name,Value=CLI-Natgateway
[root@docker ~]# aws ec2 create-route-table --vpc-id vpc-040630f59ce9188ea
[root@docker ~]# aws ec2 create-tags --resources rtb-0828ddd487dfbb6cd --tags Key=Name,Value=CLI-PublicRouteTable
[root@docker ~]# aws ec2 create-route-table --vpc-id vpc-040630f59ce9188ea
[root@docker ~]# aws ec2 create-tags --resources rtb-03ddfa883bae4206f --tags Key=Name,Value=CLI-PrivateRouteTable
[root@docker ~]# aws ec2 create-route --route-table-id  rtb-0828ddd487dfbb6cd --destination-cidr-block 0.0.0.0/0 --gateway-id igw-04d67210fe8d1888f
[root@docker ~]# aws ec2 describe-route-tables
root@docker ~]# aws ec2 create-route --route-table-id rtb-03ddfa883bae4206f --destination-cidr-block 0.0.0.0/0 --nat-gateway nat-0af1dfe5aa12ad301
[root@docker ~]# aws ec2 associate-route-table --route-table-id rtb-0828ddd487dfbb6cd --subnet-id subnet-03b167b7e4e7fde24
[root@docker ~]# aws ec2 associate-route-table --route-table-id rtb-03ddfa883bae4206f --subnet-id subnet-01f5fbf80d0bd44aa
[root@docker ~]#  aws ec2 create-security-group --group-name CLI-WEB-Securitygroop --description "My Security Group" --vpc-id vpc-040630f59ce9188ea
[root@docker ~]# aws ec2 create-tags --resources sg-09b5d0442532e08d0 --tags Key=Name,Value=CLI-Security-SR
[root@docker ~]# aws ec2 authorize-security-group-ingress --group-id sg-09b5d0442532e08d0 --protocol tcp --port 22 --cidr 0.0.0.0/0
[root@docker ~]# aws ec2 authorize-security-group-ingress --group-id sg-09b5d0442532e08d0 --protocol tcp --port 80 --cidr 0.0.0.0/0
[root@docker ~]# aws ec2 create-key-pair --key-name Mykey123
[root@docker ~]# aws ec2 run-instances --image-id ami-04b762b4289fba92b  --count 1 --instance-type t2.micro --key-name Mykey123 --security-group-ids sg-09b5d0442532e08d0 --subnet-id subnet-03b167b7e4e7fde24

[root@docker ~]# aws s3 ls
[root@docker ~]# aws s3 mb s3://pranchaldixit123
make_bucket: pranchaldixit123
[root@docker ~]# aws s3 rb s3://pranchaldixit123
remove_bucket: pranchaldixit123
[root@docker ~]#
[root@docker ~]# aws s3 mb s3://pdixit123
make_bucket: pdixit123
[root@docker ~]#
[root@docker ~]# aws s3 ls
2019-10-14 02:02:52 pdixit123
[root@docker s3test]# aws s3 cp 1.txt s3://$BucketName/firstobject
[root@docker s3test]# aws s3 cp 1.txt s3://pdixit123/firstobject
[root@docker s3test]# aws s3 cp 2.txt s3://pdixit123/firstobject
[root@docker s3test]# aws s3 cp 3.txt s3://pdixit123/firstobject
root@docker s3test]# touch permTest.txt
[root@docker s3test]# aws s3 cp permTest.txt s3://pdixit123 --acl public-read
[root@docker s3test]# touch more1.txt
[root@docker s3test]# touch more2.txt
[root@docker s3test]# touch more3.txt
[root@docker s3test]# aws s3 sync . s3://pdixit123
[root@docker s3test]# aws s3 ls s3://pdixit123/
[root@docker s3test]# rm more2.txt
[root@docker s3test]# aws s3 sync . s3://pdixit123 --delete
[root@docker s3test]# aws s3 sync . s3://pdixit123 -delete -exclude more3.txt
[root@docker s3test]# aws s3api list-objects --bucket pdixit123
[root@docker s3test]# aws s3 rb s3://pdixit123
[root@docker s3test]# aws s3 rb s3://pdixit123 --force
[root@docker s3test]# aws s3api put-bucket-versioning --bucket simpletestbucket1 --versioning-configuration Status=Enabled
[root@docker s3test]# touch b.txt
[root@docker s3test]# aws s3 cp b.txt s3://simpletestbucket1
[root@docker s3test]# aws s3api list-object-versions --bucket simpletestbucket1
[root@docker s3test]# aws s3api list-object-versions --bucket simpletestbucket1
[root@docker s3test]# aws s3api list-object-versions --bucket simpletestbucket1
[root@docker s3test]# aws s3 cp s3://simpletestbucket1/a.txt .
[root@docker s3test]# aws s3 cp s3://simpletestbucket1/b.txt .
[root@docker s3test]# aws s3 ls s3://simpletestbucket1
[root@docker s3test]# aws s3 cp s3://simpletestbucket1/a.txt  s3://gdixit123
[root@docker s3test]# aws s3 cp s3://simpletestbucket1 .  --recursive
root@docker s3test]# aws s3 cp s3://simpletestbucket1 s3://gdixit123 --recursive
[root@docker s3test]# aws s3 mv s3://simpletestbucket1 . --recursive
[root@docker s3test]# aws s3 mv  ab2.txt s3://simpletestbucket1
[root@docker s3test]# aws s3 mv s3://simpletestbucket1/ab2.txt s3://gdixit123
[root@docker s3test]# aws s3 mv s3://simpletestbucket1 . --recursive
[root@docker s3test]# aws s3 sync . s3://simpletestbucket1
[root@docker s3test]# aws s3 sync s3://simpletestbucket1 s3://gdixit123
[root@docker ~]# aws s3 rm s3://simpletestbucket1/ab.txt
[root@docker ~]# aws s3 rm s3://simpletestbucket1/ab.txt
[root@docker ~]# aws s3api put-bucket-tagging --bucket gdixit123 --tagging 'TagSet=[{Key=client,Value=scaleway}]'
[root@docker ~]# aws s3api get-bucket-tagging --bucket gdixit123
[root@docker ~]# aws s3api delete-bucket-tagging --bucket gdixit123
[root@docker ~]# aws s3api put-object-tagging --bucket gdixit123 --key a.txt --tagging 'TagSet=[{Key=client,Value=scaleway},{Key=service,Value=objectstorage}]'
[root@docker ~]# aws s3api get-object-tagging --bucket mybucket --key a.txt
[root@docker ~]# aws s3api put-bucket-acl --bucket gdixit123 --grant-full-control id=891367088372

[root@docker ~]# aws iam list-users
USERS arn:aws:iam::891367088372:user/admin 2019-10-09T14:26:04Z / AIDA47CM6MD2AN7VASBDF admin
USERS arn:aws:iam::891367088372:user/admin2 2019-10-13T12:20:54Z / AIDA47CM6MD2OLSC2IMCR admin2
[root@docker ~]# aws iam list-groups
GROUPS arn:aws:iam::891367088372:group/Admin 2019-10-09T14:27:31Z AGPA47CM6MD2LOQU7WHU2 Admin /
[root@docker ~]# aws iam list-roles
[root@docker ~]# aws iam create-user --user-name pranchal
USER arn:aws:iam::891367088372:user/pranchal 2019-10-13T12:53:19Z / AIDA47CM6MD2AC7Y4TXX7 pranchal
[root@docker ~]# aws iam create-access-key --user-name pranchal
ACCESSKEY AKIA47CM6MD2NKJCHCSJ 2019-10-13T12:55:00Z Oxa+39HjQbzzWUXMBHCOvtI8zBEZ6RMbcel0Gjcp Active pranchal
[root@docker ~]# aws iam create-group --group-name developer
GROUP arn:aws:iam::891367088372:group/developer 2019-10-13T12:57:26Z AGPA47CM6MD2BYIWA5OTR developer /
[root@docker ~]# aws iam add-user-to-group --user-name pranchal --group-name developer
[root@docker ~]# aws iam list-policies
[root@docker ~]# aws iam list-policies --scope AWS |more
[root@docker ~]# aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --group-name developer
[root@docker ~]# aws iam list-attached-group-policies --group-name developer
[root@docker ~]# aws iam create-role --role-name TestRole --assume-role-policy-document file://ec2-role-trust-policy.jason
[root@docker ~]# aws iam list-roles
[root@docker ~]# aws iam delete-role --role-name TestRole
[root@docker ~]# aws iam create-user --user-name dummy
[root@docker ~]# aws iam create-group --group-name dummy
[root@docker ~]# aws iam delete-user --user-name dummy
[root@docker ~]# aws iam delete-group --group-name dummy

docker volume create myvlo1
docker volume ls
docker volume inspect myvol1
docker run --name Myjenkins1 -v myvol1:/var/jenkins_home -p 8090:9090 -p 50000:50000
docker run --name MyJenkins1 -v myvol1:/var/jenkins_home -p 8090:8090 -p 50000:50000 jenkins

docker volume rm myvlo1

[root@docker ~]# docker network --help
[root@docker ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
4288b2609ccc        bridge              bridge              local
f21d9af6b09e        host                host                local
42281628272f        none                null                local

[root@docker ~]# docker network create mynetwork
[root@docker ~]# docker network ls
[root@docker ~]# docker network inspect mynetwork
[root@docker ~]# docker container ls
[root@docker ~]# docker container ls -a
[root@docker ~]# docker run  --name centoscontainer -d -it --net mynetwork centos /bin/bash
[root@docker ~]# docker container ls -a
[root@docker ~]# docker inspect mynetwork
[root@docker ~]# docker run -d -it --name centoscontainer2 centos /bin/bash
[root@docker ~]# docker container ls
[root@docker ~]# docker container ls -a
[root@docker ~]# docker network connect mynetwork centoscontainer2
[root@docker ~]# docker network inspect
[root@docker ~]# docker network inspect  mynetwork
[root@docker ~]# docker  exec -it centoscontainer2 /bin/bash
[root@docker ~]# docker  start centoscontainer
[root@docker ~]# docker attach centoscontainer2
[root@docker ~]# docker attach centoscontainer
[root@docker ~]# docker network disconnect mynetwork centoscontainer
[root@docker ~]# docker network inspect mynetwork
[root@docker ~]# docker network ls
[root@docker ~]# docker network disconnect mynetwork centoscontainer2
[root@docker ~]# docker network rm mynetwork
[root@docker ~]# docker network ls

[root@docker ~]# docker container run hello-world
[root@docker ~]# docker image ls
[root@docker ~]# docker ps -a
[root@docker ~]# docker ps
[root@docker ~]# docker ps -a
[root@docker ~]# docker version
[root@docker ~]# systemctl status docker
[root@docker ~]# docker run -i -t --name "MyfirstContainer" centos:latest /bin/bash
root@02ac310f3cce:/# top
root@02ac310f3cce:/# df -h
root@02ac310f3cce:/# hostname -f
root@02ac310f3cce:/# ps -ef
root@02ac310f3cce:/# exit
[root@docker ~]# cd /var/lib/docker/overlay2/
[root@docker ~]# ls
[root@docker ~]# ll -lrth
[root@docker ~]# docker images ls
[root@docker ~]# docker image ls
[root@docker ~]# docker run -i -t --name container1 ubuntu /bin/bash
[root@docker ~]# docker image ls
[root@docker ~]# docker run -d -t --name "Mycentoscontainer" centos:7 /bin/bash
[root@docker ~]# docker container ls
[root@docker ~]# docker exec -i -t ba5b34de9f70 /bin/bash
[root@ba5b34de9f70 /]# hostname -f
[root@ba5b34de9f70 /]# rpm -qa |grep httpd
[root@ba5b34de9f70 /]# yum install -y httpd
[root@ba5b34de9f70 /]# systemctl status httpd
[root@ba5b34de9f70 /]# rpm -qa |grep httpd
[root@ba5b34de9f70 /]# exit
[root@docker ~]# docker container ls
[root@docker ~]# docker commit ba5b34de9f70 pranchaldixit/centos-httpd:7
[root@docker ~]# docker image ls

groupmod -g 501 nicgep
usermod -u 501 nicgep
usermod -u 502 gepreps
useradd  -u 502 -g 501  gepreps
passwd gepreps

# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# rpm -ivh epel-release-latest-7.noarch.rpm
# yum install python-pip
# pip list
# pip install awscli botocore
# pip list awscli
# aws
# aws configure
# ls -al /root/.aws/credentials
# cat  /root/.aws/credentials
# cat ~/.aws/config
# aws ec2 describe-regions
# aws configure
# aws ec2 describe-regions
# aws ec2 describe-instances
# aws ec2 describe-regions --output table
# aws iam list-access-key
# aws iam list-access-keys