블로그 이미지
개발자로서 현장에서 일하면서 새로 접하는 기술들이나 알게된 정보 등을 정리하기 위한 블로그입니다. 운 좋게 미국에서 큰 회사들의 프로젝트에서 컬설턴트로 일하고 있어서 새로운 기술들을 접할 기회가 많이 있습니다. 미국의 IT 프로젝트에서 사용되는 툴들에 대해 많은 분들과 정보를 공유하고 싶습니다.
솔웅

최근에 받은 트랙백

글 보관함

calendar

          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            

[AWS Certificate] Developer - VPC memo

2017.11.29 10:56 | Posted by 솔웅



VPC (*****) Overview (Architect, Developer and Sysop)



Think of a VPC as a virtual data center in the cloud.


Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.


You can easily customize the network configuration for your Amazon Virtual Private Cloud. For example, you can create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.


Additionally, you can create a Hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter.





What can you do with a VPC?


- Launch instances into a subnet of your choosing

- Assign custom IP address ranges in each subnet

- Configure route tables between subnets

- Create internet gateway and attach it to our VPC

- Much better security control over your AWS resources

- Instance security groups

- Subnet network access control list (ACLS)



Default VPC vs. Custom VPC


- Default VPC is user friendly, allowing you to immediately deploy instances.

- All Subnets in default VPC have a route out to the internet

- Each EC2 instance has both a public and private IP address



VPC Peering

- Allows you to connect one VPC with another via a direct network route using private IP addresses

- Instances behave as if they were on the same private network

- You can peer VPC's with other AWS accounts as well as with other VPCs in the same account.

- Peering is in a star configuration : i.e. 1 central VPC peers with 4 others. NO TRANSITIVE PEERING!!!




Exam Tips


- Think of a VPC as a logical datacenter in AWS.

- Consistes of IGWs (or Virtual Private Gateways), Route Tables, Network Access Control Lists, Subnets, and Security Groups

- 1 Subnet = 1 Availability Zone

- Security Groups are Stateful; Network Access Control Lists are Stateless

- NO TRANSITIVE PEERING


===================================


* Create VPC





Automatically created Route Tables, Network ACLs and Security Groups


Create 1st Subnet - 10.0.2.0-us-east-1a


VPCs and Subnet  - http://docs.aws.amazon.com/ko_kr/AmazonVPC/latest/UserGuide/VPC_Subnets.html 


Create 2nd Subnet - 10.0.2.0-us-east-1b



* Internet Gateway

Create Internet Gateway - Attach the VPC

1 VPC can be assigned to 1 Internet Gateway (*****)



* Route Table

Create new route table with the VPC

-> Navigate to Routes tab in Route Table -> Edit -> Add another route 0.0.0.0/0 - Target = above internet gateway -> Save

Add another route ::/0 - Target = above gateway - Save


-> Navigate to Subnet Associations tab -> Edit -> select first one as main


Go to Subnets - Set Auto-assign Public IP to Yes for first one

-> Subnet Actions -> Modify auto-assign IP settings -> Check Enable auto-assign public IPv4 address



* Create New EC2 Instance


Select the VPC for Network, Select Subnet (first one), 


Create 2nd EC2 instance - Select the VPC for Network, Select Subnet (2nd one), 


1st Instance has public IP address

2nd Instance has no public IP address


* Open a Terminal


1178578-C02NW6G1G3QD:AWS_SSH changsoopark$ ssh ec2-user@34.228.40.70 -i EC2KeyPair.pem.txt 

The authenticity of host '34.228.40.70 (34.228.40.70)' can't be established.

ECDSA key fingerprint is SHA256:CNhUvY2BVwpZrGXQOE/SWocZS17IKYP8xKWKApE6P9c.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '34.228.40.70' (ECDSA) to the list of known hosts.


       __|  __|_  )

       _|  (     /   Amazon Linux AMI

      ___|\___|___|


https://aws.amazon.com/amazon-linux-ami/2017.09-release-notes/

[ec2-user@ip-10-0-1-232 ~]$ sudo su

[root@ip-10-0-1-232 ec2-user]# yum update -y





=========================================================


Network Address Translation (NAT)



NAT Instances & NAT Gateways



http://docs.aws.amazon.com/ko_kr/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html



Exam Tips - NAT instances


- When creating a NAT instance, Disable Source/Destination Check on the Instance

- NAT instances must be in a public subnet

- There must be a route out of the private subnet to the NAT instance, in order for this to work.

- The amount of traffic that NAT instances can support depends on the instance size. If you are bottlenecking, increase the instance size.

- You can create high availability using Autoscaling Groups, multiple subnets in different AZs, and a script to automate failover

- Behind a security group





Exam Tips - NAT Gateways


- Preferred by the enterprise

- Scale automatically up to 10Gbps

- No need to patch

- Not associated with security groups

- Automatically assigned a public ip address

- Remember to update your route tables

- No need to disable Source/Destination Checks

- More secure than a NAT instance




=========================================


Network Access Control Lists vs. Security Groups


can block specific IP address


Ephemeral Port


Exam Tips - Network ACLs


- Your VPC automatically comes a default network ACL, and by default it allows all outbound and inbound traffic

- You can create custom network ACLs. By default, each custom network ACL denies all inbound and outbound traffic until you add rules

- Each subnet in your VPC must be associated with a network ACL. If you don't explicitly associate a subnet with a network ACL, the subnet is automatically associated with the default network ACL.

- You can associate a network ACL with multiple subnets; however, a subnet can be associated with only one network ACL at a time. When you associate a network ACL with a subnet, the previous association is removed

- Network ACLs contain a numbered list of rules that is evaluated in order, starting with the lowest numbered rule.

- Network ACLs have separate inbound and outbound rules, and each rule can either allow or deny traffic

- Network ACLs are stateless; responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa).

- Block IP addresses using network ACLs not security Groups


========================================


Custom VPC's and ELB


=========================================


VPC Flow Logs



VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. After you've created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs.


Flow logs can be created at 3 levels

- VPC

- Subnet

- Network Interface Level





Create Flow Log 


Create Log Group in CloudWatch - Create Flow log


VPC Flow Logs Exam Tips


- You cannot enable flow logs for VPCs that are peered with your VPC unless the peer VPC is in your account

- You cannot tag a flow log

- After You've created a flow log, you cannot change its configuration; for example, you can't associate a different IAM role with the flow log.


Not all IP Traffic is monitored


- Traffic generated by instances then they contact the Amazon DNS server. If you use your own DNS server, then all traffic to that DNS server is logged

- Traffic generated by a Windows instance for Amazon Windows license activation

- Traffic to and from 169.254.169.254 for instance metadata

- DHCP traffic

- Traffic to the reserved IP address for the default VPC router.


=================================================


NAT vs. Bastion


Exam Tips - NAT vs Bastions


- A NAT is used to provide internet traffic to EC2 instances in private subnets

- A Bastion is used to securely administer EC2 instances (using SSH or RDP) in private subnets. In Australia we call them jump boxes.


==================================================


VPC End Points


Create Endpoint 



===================================================


VPC Clean up



===================================================


VPC Summary


NAT instances


- When creating a NAT instance, Disable Source/Destination Check on the Instance.

- NAT instances must be in a public subnet

- There must be a route out of the private subnet to the NAT instance, in order for this to work.

- The amount of traffic that NAT instances can support depends on the instance size. If you are bottlenecking, increase the instance size.

- You can create high availability using Autoscaling Groups, multiple subnets in different AZs, and a script to automate failover.

- Behind a security group



NAT Gateways


- Preferred by the enterprise

- Scale automatically up to 10Gbps

- No need to patch

- Not associated with security groups

- Automatically assigned a public ip address

- Remember to update your route tables

- No need to disable Source/Destination Checks

- More secure than a NAT instance



Network ACLs


- Your VPC automatically comes a default network ACL, and by default it allows all outbound and inbound traffic.

- You can create custom network ACLs. By default, each custom network ACL denies all inbound and outbound traffic until you add rules.

- Each subnet in your VPC must be associated with a network ACL. If you don't explicitly associate a subnet with a network ACL, the subnet is automatically associated with the default network ACL.

- You can associate a network ACL with multiple subnets; however, a subnet can be associated with only one network ACL at a time. When you associate a network ACL with a subnet, the previous association is removed

- Network ACLs contain a numbered list of rules that is evaluated in order, starting with the lowest numbered rule.

- Network ACLs have separate inbound and outbound rules, and each rule can either allow or deny traffic

- Network ACLs are stateless; responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa.)

- Block IP Addresses using network ACLs not Security Groups



ALB's


- You will need at least 2 public subnets in order to deploy an application load balancer



VPC Flow Logs Exam Tips


- You cannot enable flow logs for VPCs that are peered with your VPC unless the peer VPC is in your account

- You cannot tag a flow log.

- After you've created a flow log, you cannot change its configuration; for example, you can't associate a different IAM role with the flow log.



Not all IP Traffic is monitored;


- Traffic generated by instances when they contact the Amazon DNS server. If you use your own DNS server, then all traffic to that DNS server is logged.

- Traffic generated by a Windows instance for Amazon Windows license activation

- Traffic to and from 169.254.169.254 for instance metadata

- DHCP traffic

- Traffic to the reserved IP address for the default VPC router.



=================================



VPC Quiz


- VPC stands for Virtual Private Cloud : True

- Security groups act like a firewall at the instance level whereas ______ are an additional layer of security that act at the subnet level.

  : Network ACL's

- Select the incorrect statement

  1. In Amazon VPC, an instance retains its private IP

  2. It is possible to have private subnets in VPC

  3. A subnet can be associated with multiple Access Control Lists

  4. You may only have 1 internet gateway per VPC

==> Answer is 3

- How many VPC's am I allowed in each AWS Region by default?  : 5

- How many internet gateways can I attach to my custom VPC?  : 1

저작자 표시 비영리 동일 조건 변경 허락
신고


Route53 & DNS



What is DNS?


If you've used the internet, you've used DNS. DNS is used to convert human friendly domain names (such as http://acloud.guru) into an Internet Protocol (IP) address (such as http://82.124.53.1).


IP addresses are used by computers to identify each other on the network. IP addresses commonly come in 2 different forms, IPv4 and IPv6.



IPv4 vs. IPv6


The IPv4 space is a 32 bit field and has over 4 billion different addresses (4,294,967,296 to be precise).


IPv6 was created to solve this depletion issue and has an address space of 128 bits which in theory is

340,282,366,920,938,463,463,374,607,431,768,211,456 addresses or 340 undecillion addresses





Top Level Domains


If we look at common domain names such as google.com, bbc.co.uk. acloud,guru etc. you will notice a string of characters separated by dots (periods). The last word in a domain name represents the "top level domain". The second word in a domain name is known as a second level domain name (this is optional though and depends on the domain name).

.com, .edu, .gov, .co.uk, .gov.uk, .com.au


These top level domain names are controlled by the Internet Assigned Numbers Authority (IANA) in a root zone database which is essentially a database of all available top level domains. You can view this database by visiting

http://www.iana.org/domains/root/db







Domain Registrars



Because all of the names in a given domain name have to be unique there needs to be a way to organize this all so that domain names aren't duplicated. This is where domain registrars come in. A registrar is an authority that can assign domain names directly under one or more top-level domains. These domains are registered with InterNIC, a service of ICANN, which enforces uniqueness of domain names across the Internet. Each domain name becomes registered in a central database known as the WhoIS database.


Popular domain registrars include GoDaddy.com, 123-reg.co.uk etc.



SOA Records


The SOA record stores information about


- The name of the server that supplied the data for the zone.

- The administrator of the zone.

- The current version of the data file.

- The number of seconds a secondary name server should wait before checking for updates

- The number of seconds a secondary name server should wait before retrying a failed zone transfer

- The maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire.

- The default number of seconds for the time-to-live file on resource records.



NS Records


NS stands for Name Server records and are used by Top Level Domain servers to direct traffic to the Content DNS server which contains the authoritative DNS records.



A Records


An 'A' record is the fundamental type of DNS record and the 'A' in A record stands for 'Address'. The A record is used by a computer to translate the name of the domain to the IP address. For example http://www.acloud.guru might point to http://123.10.10.80



TTL


The length that a DNS record is cached on either the Resolving Server or the users own local PC is equal to the value of the "Time To Live" (TTL) in seconds. The lower the time to live, the faster changes to DNS records take to propagate throughout the internet.



CNAMES


A Canonical Name (CName) can be used to resolve one domain name to another. For example, you may have a mobile website with the domain name http://m.acloud.guru that is used for when users browse to your domain name on their mobile devices. You may also want the name http://mobile.acloud.guru to resolve to this same address.



Alias Records


Alias records are used to map resource record sets in your hosted zone to Elastic Load Balancers, CloudFront distributions, or S3 buckets that are configured as websites.


Alias records work like a CNAME record in that you can map one DNS name (www.example.com) to another 'target' DNS name (elb1234.elb.amazonaws.com).


Key difference - A CNAME can't be used for naked domain names (zone apex record). You can't have a CNAME for http://acloud.guru, it must be either an A record or an Alias.


Alias resource record sets can save you time because Amazon Route 53 automatically recognizes changes in the record sets that the alias resource record set refers to.


For example, suppose an alias resource record set for example.com points to an ELB load balancer at lb1-1234.us-east-1.elb.amazonaws.com. If the IP address of the load balancer changes, Amazon Route 53 will automatically reflect those changes in DNS answers for example.com without any changes to the hosted zone that contains resource record sets for example.com.





Exam Tips


- ELB's do not have pre-defined IPv4 addresses, you resolve to them using a DNS name.

- Understand the difference between an Alias Record and a CNAME.

- Given the choice, always choose an Alias Record over a CNAME


==================================


Route 53 - Register A Domain Name 


AWS Console - Networking - Route 53 - Registered Domains - Register New Domain - 



=====================================


Set up EC2 Instances


Set up 2 Instances - create html files

Set up LoadBalancer - DNS name -> will display html file in 1 of 2 Instances


Change Region

Setup an Instance - create html files - Create new security group - Create new key - Launch

Create new Region ELB


DNS name - display html file in new Region instance


=================================


Simple Routing Policy Lab


- Simple

This is the default routing policy when you create a new record set. This is most commonly used when you have a single resource that performs a given function for your domain, for example, one web server that serves content for the http://acloud.guru website.





AWS Console - Route53 - Create Hosted Zone - click on DNS link - Create Record Set

-> Alias Target - ELB


=========================


- Weighted Routing Policy


Weighted Routing Policies let you split your traffic based on different weights assigned. For example you can set 10% of your traffic to go to US-EAST-1 and 90% to go to EU-WEST-1.


AWS Console - Route 53 - Create Record Set - Alias - Select ELB - Routing Policy : Weighted - Enter Weight (90%) and Set ID - Click on Create Button


Create Record Set - Select other ELB - Enter Weight (10%)





==========================


Latency Routing Policy


Latency based routing allows you to route your traffic based on the lowest network latency for your end user (i.e. which region will give them the fastest response time).


To use latency-based routing you create a latency resource record set for the Amazon EC2 (or ELB) resource in each region that hosts your website. When Amazon Route 53 receives a query for your site, it selects the latency resource record set for the region that gives the user the lowest latency. Route 53 then responds with the value associated with that resource record set.


AWS Console - Route 53 - Create Record Set - Alias Target (ELB) - Routing Policy (Latency) - Set ID - Select Region 1


AWS Console - Route 53 - Create Record Set - Alias Target (ELB) - Routing Policy (Latency) - Set ID - Select Region 2




==========================


Failover Routing Policy



Failover routing policies are used when you want to create an active/passive set up. For example you may want your primary site to be in EU-WEST-2 and your secondary DR Site in AP-SOUTHEAST-2.


Route 53 will monitor the health of your primary site using a health check.


A health check monitors the health of your end points.


AWS Console - ELB : Copy DNS name - Route 53 - Health check - Name 1, Domain Name, enter advanced configuration - Create health check


AWS Console - ELB : Copy DNS name - Route 53 - Health check - Name 2, Domain Name, enter advanced configuration - Set Alarm : Set SNS Topic - Create health check


AWS Console - Route 53 - Create Record Set - Alias Target (ELB) - Routing Policy : Failover, Set Primary or Secondary, Set Associate with Health Check 


AWS Console - Route 53 - Create Record Set - Alias Target (ELB) - Routing Policy : Failover, Set Primary or Secondary



==========================



Geolocation Routing Policy



Geolocation routing lets you choose where your traffic will be sent based on the geographic location of our users (i.e. the location from which DNS queries originate). For example, you might want all queries from Europe to be routed to a fleet of EC2 instances that are specifically configured for your European customers. These servers may have the local language of your European customers and all prices are displayed in Euros.


AWS Console - Route 53 - Create Record Set - Alias (ELB) - Routing Policy : Geolocation - US or Europe etc. , Set ID


AWS Console - Route 53 - Create Record Set - Alias (ELB) - Routing Policy : Geolocation - US or Europe etc. , Set ID




===========================


DNS Summary


DNS Exam Tips


Delete all Load balancers. It is paid service.


ELB has no IP address - only DNS name


- ELB's do not have pre-defined IPv4 addresses, you resolve to them using a DNS name.

- Understand the difference between an Alias Record and a CNAME.

- Given the choice, always choose an Alias Record over a CNAME.

- Remember the different routing policies and their use cases.

: Simple

: Wighted

: Latency

: Failover

: Geolocation



http://realmojo.tistory.com/179





저작자 표시 비영리 동일 조건 변경 허락
신고


CloudFormation



What is CloudFormation?




One of the most powerful parts of AWS, CloudFormation allows you to take what was once traditional hardware infrastructure and convert it into code.


CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.


You don't need to figure our the order for provisioning AWS services or the subtleties of making those dependencies work. CloudFormation takes care of this for you.


After the AWS resources are deployed, you can modify and update them in a controlled and predictable way, in effect applying version control to your AWS infrastructure the same way you do with your software.




CloudFormation Stack vs. Template


A CloudFormation Template is essentially an architectural diagram and a CloudFormation Stack is the end result of that diagram (i.e. what is actually provisioned).


You create, update, and delete a collection of resources by creating, updating, and deleting stacks using CloudFormation templates.


CloudFormation templates are in the JSON format or YAML.



Elements of A Template


Mandatory Elements

- List of AWS Resources and their associated configuration values


Optional Elements

- The template's file format & version number

- Template Parameters

  : The input values that are supplied at stack creation time. Limit of 60

- Output Values

  : The output values required once a stack has finished building (such as the public IP address, ELB address, etc.) Limit of 60.

- List of data tables

  : Used to look up static configuration values such AMI's etc.

  


Outputting Data


- You can use Fn:GetAtt to output data



Exam Tips


- By default, the "automatic rollback on error" feature is enabled

- You are charged for errors

- CloudFormation is free

- Stacks can wait for applications to be provisioned using the "WaitCondition"

- You can use Fn:GetAtt to output data

- Route53 is completely supported. This includes creating new hosted zones or updating existing ones.

- You can create A Records, Aliases etc.

- IAM Role Creation and Assignment is also supported.


1~2 questions in Exam


===========================



Cloud Formation Quiz


- The default scripting language for CloudFormation is : JSON

- Cloud Formation itself is free, however the resources it provisions will be charged at the usual rates. : True

- What happens if Cloud Formation encounters an error by default?

  : It will terminate and rollback all resources created on failure

- You are creating a virtual data center using cloud formation and you need to output the DNS name of your load balancer. What command would you use to achieve this?

  : FN::GetAtt

- What language are cloud formation templates written in? : JSON



======================================


Shared Responsibility Model



===========================


Shared Responsibility Model Quiz


- You are required to patch OS and Applications in RDS? : False

- In the shared responsibility model, what is AWS's responsibility?

  : Restricting access to the data centers, proper destruction of decommissioned disks, patching of firmware for the hardware on which your AWS resources reside



================================




DNS


What is DNS?


If you've used the internet, you've used DNS. DNS is used to convert human friendly domain names (such as http://acloud.guru) into an Internet Protocol (IP) address (such as http://82.124.53.1).


IP addresses are used by computers to identify each other on the network. IP addresses commonly come in 2 different forms, IPv4 and IPv6.



IPv4 vs. IPv6


The IPv4 space is a 32 bit field and has over 4 billion different addresses (4,294,967,296 to be precise).


IPv6 was created to solve this depletion issue and has an address space of 128 bits which in theory is

340,282,366,920,938,463,463,374,607,431,768,211,456 addresses or 340 undecillion addresses



Top Level Domains


If we look at common domain names such as google.com, bbc.co.uk. acloud,guru etc. you will notice a string of characters separated by dots (periods). The last word in a domain name represents the "top level domain". The second word in a domain name is known as a second level domain name (this is optional though and depends on the domain name).

.com, .edu, .gov, .co.uk, .gov.uk, .com.au


These top level domain names are controlled by the Internet Assigned Numbers Authority (IANA) in a root zone database which is essentially a database of all available top level domains. You can view this database by visiting

http://www.iana.org/domains/root/db



Domain Registrars


Because all of the names in a given domain name have to be unique there needs to be a way to organize this all so that domain names aren't duplicated. This is where domain registrars come in. A registrar is an authority that can assign domain names directly under one or more top-level domains. These domains are registered with InterNIC, a service of ICANN, which enforces uniqueness of domain names across the Internet. Each domain name becomes registered in a central database known as the WhoIS database.


Popular domain registrars include GoDaddy.com, 123-reg.co.uk etc.




SOA Records


The SOA record stores information about


- The name of the server that supplied the data for the zone.

- The administrator of the zone.

- The current version of the data file.

- The number of seconds a secondary name server should wait before checking for updates

- The number of seconds a secondary name server should wait before retrying a failed zone transfer

- The maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire.

- The default number of seconds for the time-to-live file on resource records.



NS Records


NS stands for Name Server records and are used by Top Level Domain servers to direct traffic to the Content DNS server which contains the authoritative DNS records.



A Records


An 'A' record is the fundamental type of DNS record and the 'A' in A record stands for 'Address'. The A record is used by a computer to translate the name of the domain to the IP address. For example http://www.acloud.guru might point to http://123.10.10.80



TTL


The length that a DNS record is cached on either the Resolving Server or the users own local PC is equal to the value of the "Time To Live" (TTL) in seconds. The lower the time to live, the faster changes to DNS records take to propagate throughout the internet.



CNAMES


A Canonical Name (CName) can be used to resolve one domain name to another. For example, you may have a mobile website with the domain name http://m.acloud.guru that is used for when users browse to your domain name on their mobile devices. You may also want the name http://mobile.acloud.guru to resolve to this same address.



Alias Records


Alias records are used to map resource record sets in your hosted zone to Elastic Load Balancers, CloudFront distributions, or S3 buckets that are configured as websites.


Alias records work like a CNAME record in that you can map one DNS name (www.example.com) to another 'target' DNS name (elb1234.elb.amazonaws.com).


Key difference - A CNAME can't be used for naked domain names (zone apex record). You can't have a CNAME for http://acloud.guru, it must be either an A record or an Alias.


Alias resource record sets can save you time because Amazon Route 53 automatically recognizes changes in the record sets that the alias resource record set refers to.


For example, suppose an alias resource record set for example.com points to an ELB load balancer at lb1-1234.us-east-1.elb.amazonaws.com. If the IP address of the load balancer changes, Amazon Route 53 will automatically reflect those changes in DNS answers for example.com without any changes to the hosted zone that contains resource record sets for example.com.



Exam Tips


- ELB's do not have pre-defined IPv4 addresses, you resolve to them using a DNS name.

- Understand the difference between an Alias Record and a CNAME.

- Given the choice, always choose an Alias Record over a CNAME





저작자 표시 비영리 동일 조건 변경 허락
신고