AWS providing Infrastructure as a Service (IaaS). Below diagram depicts various resources can be created on AWS to deploy EC2 instances. AWS resources are created individually and need to integrate with the other resources to have an infrastructure deployed.
- Amazon Machine Image is region specific resource
- Multiple EC2 instances can be deployed using the same AMI
- AMI created in one region will not be available in another region, however it is possible to share/copy the AMI to other regions.
- AMI can be copied to other regions in the same AWS account
- AMI can be shared to other regions in the same or other AWS accounts also.
- EC2 Key-Pair is region specific resource
- One Key-Pair can be associated with multiple EC2 instances, where as one EC2 instance cannot have more than one Key-Pair associated.
- Key-Pair created in one region will not be available on other regions.
- Key-Pairs cannot be copied/shared to other regions
- Elastic IP is region specific resource
- One EIP can be associated with one network interface only, however it’s possible to de-associate and associate to another network interface within the same region.
- EIP cannot be copies/shared to other regions
- EBS volumes are Availability Zone specific resources
- EBS volume cannot be span multiple AZs
- EBS volume must be created in same AZ where EC2 created to attach the volume to the instance.
- EBS volume can be attach to multiple EC2 instances, but only selected types of EBS volumes are supported for this feature to work with clustered apps.
- Security Groups are VPC specific resources
- One Security Group can be associated with multiple EC2 instances with in the same VPC.
- Security Group cannot be associated with resources in different VPC.
- Security Groups are stateful and works at EC2/RDS/ELB level.
- NACL is VPC specific resource
- NACL is Stateless and can only be associated with subnets.
- One NACL can be associated with multiple subnets, however one Subnet can have only one NACL.
- Internet Gateways are region specific resource
- Internet Gateways must be associated with only one VPC.
- VPC must be associated with only one IGW
- IGW cannot span multiple VPC
- Route Tables are VPC specific resources
- Route Tables must be associated with subnets only.
- One Route Table can associate with multiple subnets; however, one Subnet can have only one Route Table.
- Route Tables cannot span VPCs
- VPC is region specific resource
- Instances deployed into one VPC can communicate each other via local GW by default.
- Communication between the VPCs not possible by default.
- VPC Peering or Transit Gateway is required to provide communication between the VPCs.
- VPC cannot span multiple regions
- Subnets must be associated with one Availability Zone.
- One Subnet can associate with one AZ only, however one AZ can have multiple subnets.
- Subnets cannot span multiple AZs.