AWS Website: https://www.infrastructure.aws/
Region: AWS has the concept of a Region, which is a physical location around the world where they cluster data centers.
Edge Locations: A site that CloudFront uses to cache copies of your content for faster delivery to users at any location.
Geographic Separation - Isolated Fault Domain
If anything terrible should happen such terrorist attack, natural disaster, it wouldn't affect another. This is one of the way AWS achieves fault tolerance and stability.
Geopolitical Separation - Different governance
By picking a reason you will be affected by the laws and regulations of the region your infrastructure is stored in.
AWS commits that if you pick one region, it will stay in that region. (However, there are nuances to that.)
Location Control - Performance
Get as close to your customer as possible for better customer experience
AWS Regions provides resiliency.
If Sydney region gets affected and is down for some reasons, it won't affect the infrastructure available in North. Virginia (if you have that placed there).
Inside every Region, AWS provides multiple Availability Zones.
It could be 2,3,4,5, or even 6 AZs in a Region.
AZs are isolated compute, storage, network, power and facilities within a region. An AZ could be a data center but it could also be multiple data centers. It is a logical construct inside AWS. AWS doesn't give you the visibility what an AZ is.
As a solution architect, you should design solutions that are distributed among AZs and resilient.
When it takes the whole world to fail, it is a globally resilient service.
Example: IAM, Route53
If you create one RDS DB in Sydney and one in Mumbai, both are different.
When you distribute your infrastructure among Regions, so if one fails, it won't impact others.
Services can be placed among multiple AZs to make them resilient.
If a service is provisioned in one AZ fails, the service will fail.
Virtual Private Cloud (VPC) is a way to create a private network and this can work across multiple AZs to provide resilience.
A VPC = A Virtual Network inside AWS
A VPC is within 1 account & 1 region
Private and Isolated unless you decide otherwise
Two types - Default VPC and Custom VPCs
You can have only one Default VPC per region.
But you can have many custom VPCs per region.
VPC is used to connect AWS private network to your on-premises network when creating a hybrid environment
This service is also used to connect to other cloud platforms when you are creating a multi-cloud deployment.
A default VPC is created once per region when an AWS account is first created.
There can only be one default VPC per region, and they can be deleted and recreated from the console UI.
They always have the same IP range and same '1 subnet per AZ' architecture.
The way VPCs provide resilient is they are sub-divided into subnets. Each subnet inside of VPC is located in one AZ in that region. This is set on creation and can never be changed.
One per region - can be removed & recreated
Default VPC CIDR is always 172.31.0.0/16
/20 Subnet created in each AZ in the region
Internet Gateway (IGW), Security Group (SG) & NACL
Subnets assign public IPv4 addresses
IAAS - Provides Virtual Machines => Instances