all the best

Thanks a lot for the support ❤️

Resource based policy is attached to a resource and it tells us that what permission are provided on a Aws resource For example on s3 -- a policy can be that user a has the access to perform read operation Identity based policy tells us what permission does the identity have over a resource Like user-a can read on s3 The point to understand here is that the only difference is in the way we attach the policies.

@@Pythoholic thank you 😊 can we attach both to the single service. If so which applies first?

I guess that's something you should try, Go to ur free tier account and allow read only for s3 to a user and Try and modify the s3 policy to allow this user to both read and write. Let me know what you find.

@@Pythoholic sure... I will try that scenerio..

@@Pythoholic i tried the scenario and IAM policies are given higher priority than a bucket policy when both are enabled.

hi gourav thanks for the query. i have made a video on s3 with ec2 with iam role please check that out.

Thanks jyoti

Please check this playlist : kzbin.info/aero/PLiH9_MU-6RjI9gdFqmvUfKRfw_zRxIb6o you can find the videos there.

All services need a connectivity it could be either a public access using internet gateway or by using private connectivity using endpoint services. if u wish to create a private connectivity to ur rds then u have to create rds within the scope of your private subnet or using direct connect if not then we can make use of bastions.

Yes, you can access various AWS services through an endpoint by adjusting your service policies. AWS allows you to set up endpoints to enable direct communication between your internal network and AWS services, bypassing the public internet. Examples of services you can access via endpoints include S3, DynamoDB, and various others like API Gateway, CloudWatch, etc. Each service comes with its own set of policies you can customize to fit your needs. For instance, with an S3 bucket policy, you can specify who has access and what actions they can perform. Similarly, you can change policies for other services when accessed via an endpoint. As for pricing, AWS charges for the usage of VPC Endpoints. Pricing is based on the number of hours that the endpoint is provisioned and available, the amount of data processed, and in the case of Gateway Load Balancer endpoints, the number of hours the endpoint network interfaces are provisioned and available. So yes, if you keep a VPC Endpoint ON for 24hrs, you will be billed for those hours, regardless of whether you are actively using the service or not. The bill will also depend on the data processed through the endpoint. Therefore, it is advisable to plan and manage your AWS resources wisely to control your costs. Please note that pricing varies by region and specific AWS service, and it is subject to change. You should always check the most up-to-date pricing information on the official AWS website. For further information on the use of VPC endpoints and pricing, refer to the AWS documentation or consider consulting with AWS support or a trusted advisor.

I just use ppt and i think i like to be creative so.. it helps

In the AWS infrastructure, an Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in a VPC and the Internet. When an Internet Gateway is attached to a VPC, it enables traffic to flow between the VPC and the internet. So to answer your question, in the gateway example schema, the Internet Gateway is attached to the VPC to enable communication between instances in the VPC and the Internet. It does not mean that traffic leaves the AWS network to go to the internet. Instead, it means that the Internet Gateway acts as a gateway for traffic going from the VPC to the internet, and vice versa. In summary, the Internet Gateway is attached to the VPC to provide internet connectivity to resources within the VPC, and it does not mean that traffic leaves the AWS network to go to the internet.

Never mind i got it. Principal helps us with cross account. Else you won’t be able to verify service.

i have a video on bastion host please check it out

Just powerpoint

Choosing a public subnet instead of a private subnet while creating a gateway endpoint can have significant implications, particularly in terms of accessibility and security. Here's a breakdown of what this choice entails:Network Accessibility:Public Subnet: A public subnet is typically associated with resources that need to be accessible from the internet. When you place a gateway endpoint in a public subnet, it may be directly reachable from the internet, depending on your network access control lists (NACLs) and security group settings.Private Subnet: A private subnet is designed for resources that should not be directly accessible from the internet. Gateway endpoints in private subnets are typically used for internal services and are accessed through private network routes.Security Implications:Public Subnet: By placing a gateway endpoint in a public subnet, you potentially expose it to a wider range of security risks, as it could be accessible from any internet location. This requires stringent security measures like strong NACLs, security groups, and potentially additional firewall protection.Private Subnet: A gateway endpoint in a private subnet is generally considered more secure, as it is not exposed to the public internet. This reduces its vulnerability to external attacks, but it still requires proper internal security measures.

@@Pythoholic Many thanks for your explanation. I was wondering what are the use cases of placing gateway endpoint in a public subnet? Is it a common implication?

Actually I don't have it as of now because it is not allowing me to upload 45 hours of content at once

Endpoint service provides you the endpoint or the means to create an endpoint

Currently there is no specific benefited from. But I am planning a few more things upfront in 2021. For now it's just so that if u wish you can support the channel. Other details are mentioned in the membership page. Honestly I just have 2 members now. So u can understand the situation here. But I am thankful for that

thanks asit, actuallt this is a part of the series. for indepth i need to create another video. which i will do this month

write a python script to locally delete the file based on a schedule or cron job and using boto3 upload them to s3

yes sir sure i will add it. thanks for the feedback

sure thanks amit for the feedback

It's a nomenclature. Mostly it's like referring to the interface as a gateway to internet access..

@@Pythoholic Cool, I got confused whether you were talking about interface endpoint or gateway endpoint by this term.

You have made this complicated. But well tried

Thanks 👍 It's just PowerPoint

@@Pythoholic Thank you for the prompt reply and making those excellent videos available to us. I am prepping for SAA-S02 and your excellent course is way better than most paid for ones. Many thanks, again.

Yeah but if u remember while creating a bucket u need to specify the region. Even though it's a global scope the buckets are regionally scoped

@@Pythoholic yeah I got your point. But my understanding, S3 is just a collections of objects in buckets. If its required to mention buckets region how can it be a global service. Correct me if I am going wrong. Anyway all the buckets rely on S3 if S3 is global then the buckets should be expected as global.

The thing here is that even if s3 is global it means the bucket name should always be unique and it can be accessed by any other accounts in any region they are. But if I have to specify the buckets of my account in the region that I have created I have to use the command with the region name. It's not mandatory but I wanted to list it for the region I have created the buckets in. That's all. But mostly even if u don't specify it will list all s3 buckets. It's the same if u do as well. I hope ur doubt is cleared. Thanks for the query

May be I confused you more.

@@Pythoholic Thank you.. it helped a lot.

hey mukund its just for support its rs 29 but even without that all the content is free

Have you allowed permissions on the policy part with respect to S3

@@Pythoholic how to do that?

Hi Shubham. If you please elaborate the query

That will be covered in DVA-C01 .. Its coming up

Route 53 provides Resolver endpoints and Resolver rules so that you can use the Route 53 Resolver from outside your VPC. An inbound Resolver endpoint forwards DNS queries from the on-premises network to Route 53 Resolver. An outbound Resolver endpoint forwards DNS queries from the Route 53 Resolver to the on-premises network. If you configure private DNS for the inbound Resolver endpoint, requests from your on-premises network use the interface endpoint to access Amazon S3.