Simplify AWS Learning with this Story-Driven Article
Unlock the secrets of AWS through an engaging story! This article simplifies complex cloud concepts, taking you on a journey to master AWS the smart and fun way.
My article is open to everyone; non-medium members can access the full story using the link.
Sunlight flows through the windows, tickling John to wake from the bed, with a smile, John opens his eyes slowly and got up from the bed.
John commands his legs towards the window, breeze morning air flows through his face and slowly the scene of his beautiful small village amazed him.
Every morning his village never let him down.
In a beautiful small greenery village with 80 households, John’s house is sitting on top of the hill.
After enjoying his little movement with the village, John strode away from the window, got out of his room, and went straight into the bathroom to do the morning chores.
John got out of the bathroom, went into his room again, and wears his favorite blue shirt with a professional tie, black pants with a black belt, and as usual professional black shoes.
Then, he went to the dining hall, where his angel mom greeted him with good morning, and asked him to have breakfast. He ate breakfast and thanked mom for a wonderful breakfast and got out of the house to do his daily job as a Software Developer, in an IT company called AWS, located inside a Tech Park in his village (Yes, this village has a Tech Park).
John reached the Tech Park front gate, a security guard greeted him with an informal salute, John replied with an informal salute and lowers his car window to show his ID card, the security guard confirms John’s identity and opens the gate to the Tech Park.
John parks the car in the basement at Ninja building, the building has 12 floors with 30 companies, and he noticed that the lift is coming down from the first floor to the basement, to catch that, John again did a long stride, and to his luck, at the last minute, John could get into the lift. John asked for the 7th floor, the lift reached the 7th floor, and he stepped out from the lift, again long strides because he was late to the office (seems like his life was full of strides). Finally, he reached the office lobby.
John greeted the receptionist with a smile and good morning, took his ID card out, and placed his card on the verification machine, machine confirms his identity and unlocks the door for him.
John enters a narrow hallway, where he passes through four discussion rooms and got into the main area of the office, the cubicle. His desk is situated at the far-right end of the office. He went to his desk, prepared his desk for work, and started working.
Opposite his desk, John’s manager’s cabin located, from his desk, John greeted his manager. And continued his work.
Around 11.30 AM, John went to one of the discussion rooms, where usually at this time, he will have a meeting with his teammates, to discuss the progress, requirements, and doubts.
After the meeting, John went to have snacks in the kitchen, took two butter cookies with a cup full of coffee, came back to his desk, and started enjoying work with coffee.
Then, he went back again to kitchen to clean and keep the cup in kitchen, while he was walking towards kitchen, he noticed that there is a server room located near by the kitchen, out of curiosity, he tried to enter into the server room, but there is one problem, the server room also has verification machine, where ID card needs to be placed on the verification machine to enter.
John placed his ID card on the verification machine, to his surprise the door is not opening, he understood that he doesn’t have access to the server room. He went back to his desk with little disappointment.
While he was working, he received a call from a security, he picked the call.
The security told John that a person came to meet you, a vendor to discuss about a futuristic tool.
John told the security to ask the vendor to wait in the reception.
John went to the reception, the vendor was sitting in a couch wearing a temporary ID card, John greeted the vendor and the vendor started bringing the marketing skills. As usual, the vendor is a great marketer, John was very much impressed with the presentation and asked the vendor to send proposal through email.
John office time is about to get over, so he packs his stuff and walk back to reception, places his ID card on the door verification machine, the door opens, went to basement through lift, starts the car, while going back there is no security at the tech park gate asking for ID card, the security opens the door, and after much struggle with traffic, he finally reached home.
AWS Context:
- Think of John’s village as Internet, you don’t need to have ID to roam in your village.
- Think of John’s Tech Park as AWS. Tech Park has a building called Ninja, in that building there are 12 floors. Those 12 floors can accommodate 30 companies.
- Think of John’s company as VPC (Virtual Private Cloud). A VPC is a private space in AWS. John’s company is on 7th floor, tech park has provided a private space for the John’s company to operate. In the building Ninja, 30 private spaces are there for those 30 companies to operate.
- Think of the security at the tech park gate as Network ACLs. Network Access Control Lists decides what kind of network can flow into the VPC. Network ACLs can be configured. The security at the tech park is informed to allow only persons with ID card. Only the persons with ID card can flow into the tech park.
- Think of the reception/lobby as Public Subnet. Public subnet is like a space inside VPC, whatever has been put inside the public subnet is accessible by public (internet). Reception is one of the resources that is placed inside public subnet, where the person without the company ID card has access, but not to the cubicle.
- Think of the cubicle as Private Subnet. Private subnet is like public subnet, but without ID card, you cannot enter into the subnet and access the subnet resource like desks, meeting rooms, server rooms etc.
- Think of all the desks, meeting rooms and server rooms as EC2 instances. EC2 instances are virtual machine in AWS, where you will deploy your application.
- Think of the verification machine placed at the door of the cubicle and at the door of the server rooms as Security Groups. Security groups is also like Network ACLs, where you can configure who are allowed to access your EC2 application. John has access to the cubicle, but he doesn’t have access to server room. The server room and desk have different security group configurations.
- If vendor wants to access the cubicle (i.e. private resource), the vendor must go through NAT gateway, the NAT gateway that forwarded the requests to John is the company security person. The company security person is NAT gateway.
- Think of a door without a verification machine, that type of door is called Internet Gateway.
- Route tables are grouping of subnets. John’s company is also present in 6th floor. Grouping of cubicle and reception in both 6th and 7th floor is route tables.
- What defines whether it is a private subnet or public subnet is Route tables. Route tables with internet gateway is public subnet, that is door without verification machine. Route tables without internet gateway is private subnet.
- You may noticed that, while John leaves the Tech Park, the security didn’t ask for ID card. This is called Outbound requests in AWS. Requests that are coming in is called Inbound requests and request that are going out is called Outbound requests. When John is entering the Tech Park or Office, it is called as Inbound requests to VPC and vice versa. You can configure both Security Groups and Network ACLs to allow or deny based on John’s ID card. In this case, Network ACLs are configured in such a way that outbound requests doesn’t need ID card.
I have scratched the surface of AWS, there is lot to learn and share.
Thanks for coming to the end.
Feel free to leave your suggestions/improvements.
If you like this article, leave a like and follow me for more interesting articles. And if you love it, consider tipping me.
If you need any job referrals, contact me through LinkedIn. You can check my medium profile for LinkedIn contact.
