robots

Author: aslamcodes

aws/cloud-formation/cfn-signal.md

@@ -7,14 +7,60 @@ done: false
 ---
 
 > Way to know if the cfn init worked as expected
-
 - The cfn-signal command executes right after cfn-init **conventionally**
 - **Wait Condition** is required which makes the template wait until it receives the signal from cfn-signal. For this, we would need to attach a creation policy
 ```yaml
 CreationPolicy:
 	ResourceSignal:
 		Timeout: PT5M
 		Count: 1 // How many signals are you waiting
+
+```
+
+# Wait Condition Sample
+```
+Resources:
+  MyInstance:
+    Type: AWS::EC2::Instance
+    Properties:
+      ImageId: ami-123456
+      InstanceType: t2.micro
+      UserData:
+        Fn::Base64: !Sub |
+          #!/bin/bash
+          yum install -y httpd
+          /opt/aws/bin/cfn-signal -e 0 --stack ${AWS::StackName} --resource MyWaitCondition --region ${AWS::Region}
+
+  MyWaitHandle:
+    Type: AWS::CloudFormation::WaitConditionHandle
+
+  MyWaitCondition:
+    Type: AWS::CloudFormation::WaitCondition
+    DependsOn: MyInstance
+    Properties:
+      Handle: !Ref MyWaitHandle
+      Timeout: 300
+      Count: 1
+
+```
+# CreationPolicy sample
+```yaml
+Resources:
+  WebServer:
+    Type: AWS::EC2::Instance
+    Properties:
+      ImageId: ami-123456
+      InstanceType: t2.micro
+      UserData:
+        Fn::Base64: !Sub |
+          #!/bin/bash
+          yum install -y nginx
+          systemctl start nginx
+          /opt/aws/bin/cfn-signal -e 0 --stack ${AWS::StackName} --resource WebServer --region ${AWS::Region}
+    CreationPolicy:
+      ResourceSignal:
+        Timeout: PT10M
+
 ```
 ![[Udemy ScreenShot 2025-07-03 15-25-08-2.jpeg]]
 

aws/cloud-formation/deletion policy, stack policy, termination policy.md

@@ -10,17 +10,20 @@ done: false
 - Delete
 - Snapshot (Supported services only)
 - Retain
-
 > More like lifecycle policy from terraform
 
 > [!NOTE] Deletion would not work on S3 if it has objects
 > Either manually delete the objects or develop a custom resource that deletes all objects before deleting the bucket
-
 # Stack policy
 - By default all stack updates are applied for all resource
 - Stack policy dictates what are allowed on updation
 - Protect resources against accidental updates
-
+# Creation Policy
+- Used with resources like `AWS::EC2::Instance`.
+- Works with `cfn-signal` to **delay resource success** status until signaling is complete.
+- Ensures app/config is properly set before marking complete.
+	- `AWS::EC2::Instance`
+	- `AWS::AutoScaling::AutoScalingGroup`
 # Termination protection
 - Prevent accidental deletion
-- once activated, deletion is prompted termination protection. If you have necessary permission you can delete the resource by editing teh termination protection
+- once activated, deletion is prompted termination protection. If you have necessary permission you can delete the resource by editing teh termination 

aws/ec2/metrics.md

@@ -8,7 +8,7 @@ done: false
 ---
 
 Basic monitoring - metrics 5 minute interval
-Detialed Monitoring - metrcis 1 minute interval
+Detailed Monitoring - metrics 1 minute interval
 Metrics - CPU, Network, Disk and Status check metrics
 ## Custom metrics
 Basic - One minute

aws/iam/RCP Resource control policies.md

@@ -6,4 +6,5 @@ done: false
 ---
 - RCPs acts as **Guardrail** to access of resources in your AWS organization
 - It doesn't allow any, by itself, like [[SCP]]s, You'll need to attach [[Identity vs resource policies|IAM resources]]
-- All access resources that aren't explicitly allowed will not be allowed even IAM policies allows it
+- All access resources that aren't explicitly allowed will not be allowed even IAM policies allows it
+- Useful when you start working on 

aws/iam/policy evaluation.md

@@ -5,10 +5,6 @@ type:
 date: 19th July 2025
 done: false
 ---
-
----
-dg-publish: true
----
 ![[policy evaluation-1752904322048.png]]
 This image if not carefully interpreted, might mislead you into thinking "Resource based policy or Identity policy". It says See Resource base policies section, but what section
 

aws/lambda/lambda concurrency and throttling.md

@@ -18,5 +18,9 @@ Concurrently Issue
 - It is recommended reserve =limit concurrency
 
 **Provisioned Concurrency**
-Cold Start - The cold has to be loaded, many dependencies, code outside the lambda handler, the process can take some time to serve the first connection
-So **allocate concurrency** before any invocations
+- Cold Start - The cold has to be loaded, many dependencies, code outside the lambda handler, the process can take some time to serve the first connection
+- So **allocate concurrency** before any invocations
+- Charged **even when idle**.
+# Reserved concurrency
+- Sets max limit for concurrent lambda execution
+- Helps lambda eating all concurrency of your account

aws/networking/DXGW.md

@@ -0,0 +1,8 @@
+---
+tags: 
+type: 
+date: 2025-07-24
+done: false
+---
+- **DXGW is mandatory for Transit Gateway**, but **optional for single-region, single-VPC private VIFs**.
+- 

aws/networking/Direct Connect DX.md

@@ -5,22 +5,31 @@ type:
 date: 19th July 2025
 done: false
 ---
-# Components
+# Architecture
+![[Direct Connect DX-1753335913338.png]]
+> Essentially a dedicated private connection between on-prem and aws in the high level. 
+**Core Components:**
+1. **Customer Router:** Your on-prem router that connects to Direct Connect via a dedicated line.
+2. **Direct Connect Location:** AWS’s colocation facility where AWS provides a Direct Connect router (partner or AWS-managed).
+3. **Cross Connect:** Physical fiber link between your router and AWS’s router in the colocation.
+4. **AWS Router (DX Router):** Terminates the Direct Connect connection; connects to AWS backbone.
+5. **Virtual Interfaces (VIFs):**
+    - **Private VIF:** To access VPC resources.
+    - **Public VIF:** To access AWS public services (e.g., S3, DynamoDB).
+    - **Transit VIF:** For multiple VPCs via a Transit Gateway.
+**Data Flow:**  
+On-prem → Customer Router → Cross Connect → AWS DX Router → VIF → VGW/Transit GW → VPC
+# and More
 - Direct Connect Connection
-- VIFs
-- Customer Router
-- AWS Router
 - [[bgp|BGP]]
 - LOA-CFA
-- Direct Connect Location
 - Direct Connect Gateway (DXGW)
 - [[Transit Gateway]]
 - Redundant Connections (for HA)
 - Link Aggregation Group (LAG)
 - Router Peer IPs / ASN
 - Route Tables
 - Colocation Facility / Partner Network
-
 ![[Udemy ScreenShot 2025-06-30 12-01-20.jpeg]]
 Dedicated private connection to remote network into VPC
 Hybrid Model

aws/networking/S2S.md

@@ -22,6 +22,13 @@ Each VPN connection includes two VPN tunnels which you can simultaneously use fo
 > You probably setup a device on on-premises, and you create a AWS resource customer gateway, which lets AWS know the device
 
 # Virtual Private gateway (VGW)
+- AWS managed [[ipsec]] and [[bgp]] edge device
+	- **VPN concentrator** → for **Site-to-Site VPN** (IPsec tunnels).
+	- **Routing target (BGP edge)** → for **Direct Connect** (**private VIF** termination).
+- **VGW** serves both roles, depending on how it's used:
+	- If used with **VPN**, it handles IPsec + BGP.
+	- If used with **DX**, it just does **BGP** (no IPsec).
+- **VPN concentrator** or **routing target**.
 - The created on aws side
 - You can choose to give you ASN
 - Which then have to be attached to a VPC