WisarWisar
Dasturlash kitobi/10-QISM — DevOps41 daqiqa

10.6-bob: Cloud — AWS (EC2, S3, RDS, Lightsail)

10-QISM — DevOps va Deploy · 6-mavzu


1. Kirish va motivatsiya

Shu paytgacha 10-QISM'da ilovani bitta serverga chiqarishni o'rgandik: Linux server va SSH 10.1-bob, Nginx 10.2-bob, Docker (10.3-10.4), CI/CD avtomatik deploy 10.5-bob. Lekin doim bitta savol qoladi: o'sha server o'zi qayerdan keladi? Kim uni yoqib qo'yadi, kim DB'ni backup qiladi, kim trafik o'sganda yana server qo'shadi? Ilgari kompaniyalar o'z serverini sotib olib, o'z xonasida (data-markaz) ushlab turardi — qimmat, sekin, murakkab. Bugun esa deyarli hamma cloud (bulut) ishlatadi: kerakli paytda, kerakli resursni, ijaraga olib, ishlatib bo'lgach qaytarib beradi. Va eng katta cloud — AWS (Amazon Web Services). Bu bob sizga AWS'ning eng asosiy va eng ko'p ishlatiladigan to'rt xizmatini beradi: EC2 (virtual server), S3 (fayl/rasm saqlash), RDS (managed ma'lumotlar bazasi), Lightsail (soddalashtirilgan VPS).

Cloud (bulut) — internetda, talab bo'yicha (on-demand) olinadigan hisoblash resurslari: server, disk, DB, tarmoq. Siz temir sotib olmaysiz, xona ijaralamaysiz, elektr/sovutish/xavfsizlik bilan shug'ullanmaysiz — bularning hammasini provayder (AWS) qiladi. Siz faqat ishlatgan resursing uchun to'laysiz (pay-as-you-go). Bir tugma bilan server yoqasiz, kerak bo'lmasa o'chirasiz, trafik o'ssa avtomatik ko'paytirasiz (scalability — 9.9). Eng muhimi — managed (boshqariladigan) xizmatlar: AWS sizning o'rningga DB'ni backup qiladi, yamoq (patch) o'rnatadi, replica yaratadi. Bu — "o'zim server boshqaraman" deydigan junior bilan, "to'g'ri cloud xizmatini tanlab, arzon va ishonchli infratuzilma quraman" deydigan senior o'rtasidagi farq.

Bu bob: cloud nima (IaaS/PaaS/SaaS), AWS umumiy ko'rinishi (region, availability zone, asosiy xizmatlar), EC2 (instance, AMI, key pair, elastic IP), Security Group (virtual firewall — 10.1 ufw bilan taqqoslash), S3 (obyekt saqlash — bucket, key, public/private, presigned URL), RDS (managed DB — backup/Multi-AZ/replica), Lightsail (soddalashtirilgan VPS), IAM (foydalanuvchi/role/policy — least privilege, access key), VPC (tarmoq izolyatsiya), narx modeli va free tier (ehtiyot bo'lish), va boshqa muhim xizmatlar (CloudFront, Route 53, ELB, ECS/Lambda). Bu bob 10.1 (server/SSH), 10.2 (Nginx), 10.5 (CI/CD deploy), 5.11 (Multer fayl yuklash) va 6-QISM (DB) bilan bevosita bog'lanadi.

O'xshatish: Cloud — shahar elektr tarmog'i. Eski davrda har bir zavod o'z generatorini sotib olardi (server sotib olish): qimmat, ta'mir bilan o'zi shug'ullanadi, ko'p quvvat kerak bo'lsa yangi generator qo'shadi, kam kerak bo'lsa ortiqcha generator behuda turadi. Bugun esa zavod shunchaki rozetkaga ulanadi (cloud) — qancha elektr ishlatsa, shuncha to'laydi; ko'proq kerak bo'lsa, ko'proq tortadi; elektr stansiyasini (data-markaz) boshqarish bilan umuman shug'ullanmaydi. AWS — eng katta "elektr stansiyasi". Yana bir o'xshatish: o'z server xonasini qurish — uy qurish (qimmat, uzoq, o'zingiz ta'mirlaysiz), cloud — mebelli ofisni ijaraga olish (bugun olasiz, ertaga chiqasiz, kommunal xizmatlarni egasi hal qiladi). EC2 — bo'sh xona (o'zingiz jihozlaysiz), Lightsail — to'liq mebelli tayyor xona, RDS — ofisdagi tozalovchi va xavfsizlik xizmati bilan kelgan omborxona (siz faqat ishlatasiz, qolganini boshqaradi).

Nega muhim?

  • Real deploy — production ilovalarning ko'pchiligi cloud'da (AWS bozorning eng katta ulushiga ega).
  • Managed xizmatlar — DB backup/patch/replica'ni o'zingiz qilmaysiz (vaqt va xato tejaladi).
  • Scalability — trafik o'ssa resurs qo'shasiz, tushsa kamaytirasiz (faqat ishlatganni to'laysiz).
  • Intervyu/ish — "AWS bilan ishlaganmisan? S3'ga rasm yuklab ko'rganmisan?" — eng keng savol.

2. Nazariya — chuqur tushuntirish

2.1. Cloud nima: IaaS, PaaS, SaaS

text
  CLOUD (bulut) — internetda, talab bo'yicha olinadigan resurs (server, disk, DB):
  - O'z temiringni sotib olmaysan, faqat ishlatganingga to'laysan (pay-as-you-go)
  - Kerak — yoqasan; kerak emas — o'chirasan (bir necha daqiqada)

  3 XIZMAT MODELI (qancha O'ZING boshqarasan):

  IaaS (Infrastructure as a Service) — eng past, eng ko'p nazorat:
   AWS faqat "temir + OS" beradi (EC2 virtual server)
   OS, ilova, DB — HAMMASINI o'zing sozlaysan (10.1 — Linux)
   o'xshatish: bo'sh xona ijaraga olish (o'zing jihozlaysan)

  PaaS (Platform as a Service) — o'rta:
   faqat kodni yuklaysan, qolganini platforma hal qiladi
   AWS Elastic Beanstalk, Heroku, Vercel 13.11-bob
   o'xshatish: mebelli xona (o'zing yashayverasan)

  SaaS (Software as a Service) — eng yuqori, eng kam nazorat:
   tayyor dastur (Gmail, Notion, Figma — 1.8)
   faqat ishlatasan (hech narsa sozlamaysan)
   o'xshatish: mehmonxona xonasi (kelib yashaysan)

Cloud (bulut) — internetda, talab bo'yicha (on-demand) olinadigan hisoblash resursi: virtual server, disk, ma'lumotlar bazasi, tarmoq. O'z temiringni sotib olmaysiz — faqat ishlatganingga to'laysiz (pay-as-you-go). Uch xizmat modeli — qancha o'zingiz boshqarishingga qarab: IaaS (Infrastructure as a Service — AWS faqat virtual server + OS beradi, qolganini o'zingiz sozlaysiz — EC2, bu bob; eng ko'p nazorat); PaaS (Platform — faqat kodni yuklaysiz, platforma qolganini hal qiladi — Elastic Beanstalk, Vercel — 13.11); SaaS (Software — tayyor dastur, faqat ishlatasiz — Gmail, Notion). EC2 — IaaS (Linux serverni o'zingiz boshqarasiz — 10.1), Lightsail — IaaS lekin soddalashtirilgan, RDS — managed (PaaS'ga yaqin — DB'ni AWS boshqaradi).

2.2. AWS umumiy ko'rinishi: region va availability zone

text
  AWS — dunyodagi eng katta cloud provayder (200+ xizmat):

  GLOBAL TUZILMA (geografik joylashuv muhim — latency, qonun):

  REGION — geografik hudud (alohida shahar/mamlakat):
  - us-east-1 (N. Virginia), eu-central-1 (Frankfurt), ap-south-1 (Mumbai)...
  - foydalanuvchilarga YAQIN region tanla (latency kam — 0.4)
  - ba'zi xizmat narxi region'ga qarab farq qiladi

  AVAILABILITY ZONE (AZ) — region ICHIDAGI alohida data-markaz:
  - har region'da 3+ AZ (us-east-1a, us-east-1b, us-east-1c...)
  - AZ'lar fizik ajratilgan (bittasi yiqilsa — boshqasi ishlaydi)
  - YUQORI MAVJUDLIK uchun: ilovani 2+ AZ'ga tarqat 9.9-bob

  ┌──────────────── REGION (eu-central-1) ────────────────┐
  │  ┌─── AZ-1a ───┐  ┌─── AZ-1b ───┐  ┌─── AZ-1c ───┐    │
  │  │ data-markaz │  │ data-markaz │  │ data-markaz │    │
  │  └─────────────┘  └─────────────┘  └─────────────┘    │
  └────────────────────────────────────────────────────────┘
   Multi-AZ = bitta data-markaz yonsa ham ilova ishlaydi

AWS — dunyodagi eng katta cloud provayder (200+ xizmat). Global tuzilma ikki bo'g'inli: region (geografik hudud — us-east-1 N. Virginia, eu-central-1 Frankfurt, ap-south-1 Mumbai) va availability zone (AZ — region ichidagi alohida, fizik ajratilgan data-markaz; har region'da odatda 3+ AZ — us-east-1a, us-east-1b...). Ikki muhim qoida: (1) foydalanuvchilarga yaqin region tanla (latency kam — 0.4); (2) yuqori mavjudlik (high availability) uchun ilovani 2+ AZ'ga tarqat — bitta data-markaz yiqilsa ham ilova ishlaydi (9.9 — replication). Region tanlash narxga ham ta'sir qiladi (ba'zi region arzonroq). AWS panelida (Console) doim qaysi regiondasiz — diqqat qil (resurslar region'ga bog'liq).

2.3. Eng ko'p ishlatiladigan AWS xizmatlari

text
  AWS'da 200+ xizmat, lekin amalda eng ko'p ishlatiladigan ~10 ta:

  HISOBLASH (compute — kod qayerda ishlaydi):
  - EC2         virtual server (IaaS — 2.4)
  - Lightsail   soddalashtirilgan VPS 2.8-bob
  - Lambda      serverless funksiya (server boshqarmaysan — 2.12)
  - ECS / EKS   konteyner/Kubernetes (Docker — 10.3, K8s — 10.8)

  SAQLASH (storage — fayl/ma'lumot):
  - S3    obyekt saqlash (rasm, backup, statik fayl — 2.6)
  - EBS   EC2 uchun virtual disk (block storage)

  MA'LUMOTLAR BAZASI:
  - RDS        managed SQL (PostgreSQL/MySQL — 2.7)
  - DynamoDB   managed NoSQL (key-value — 9.10: AP)

  TARMOQ / YETKAZISH:
  - VPC        tarmoq izolyatsiya 2.10-bob
  - CloudFront CDN (tez yetkazish — 2.12)
  - Route 53   DNS (domen — 2.12, 10.7)
  - ELB        load balancer (yuk taqsimlash — 2.12, 9.9)

  XAVFSIZLIK / BOSHQARUV:
  - IAM        kim nima qila oladi (2.9)

AWS'da 200+ xizmat bor, lekin amalda eng ko'p ishlatiladigani ~10 ta. Hisoblash (kod qayerda ishlaydi): EC2 (virtual server — 2.4), Lightsail (sodda VPS — 2.8), Lambda (serverless — 2.12), ECS/EKS (konteyner/Kubernetes — 10.3, 10.8). Saqlash: S3 (obyekt — rasm/backup — 2.6), EBS (EC2 diski). DB: RDS (managed SQL — 2.7), DynamoDB (managed NoSQL). Tarmoq/yetkazish: VPC (tarmoq izolyatsiya — 2.10), CloudFront (CDN), Route 53 (DNS), ELB (load balancer). Boshqaruv: IAM (ruxsatlar — 2.9). Boshlash uchun shu beshtasini bilsangiz yetadi: EC2 + S3 + RDS + IAM + Lightsail. Qolganlari kerak bo'lganda o'rganiladi (hammasini birdan o'rganishga urinma).

2.4. EC2 — virtual server (instance, AMI, key pair)

text
  EC2 (Elastic Compute Cloud) — AWS'ning virtual serveri (IaaS):

  INSTANCE — ishga tushirilgan virtual server (bitta "mashina"):
  - instance turi (type): t3.micro, t3.small, m5.large...
     "t" oilasi — arzon, umumiy maqsad; raqam — avlod; micro/small — o'lcham
     ko'proq CPU/RAM = qimmatroq (kerakligini tanla)

  AMI (Amazon Machine Image) — instance "shabloni" (OS + dasturlar):
  - Ubuntu 24.04, Amazon Linux 2023, Windows Server...
  - AMI'dan instance "nusxalanadi" (Docker image'ga o'xshash — 10.3)

  KEY PAIR — SSH kalit jufti (instance'ga ulanish — 10.1: 2.8):
  - AWS public kalitni instance'ga qo'yadi, private kalitni SEN yuklab olasan
  - .pem fayl — bir marta beriladi (yo'qotsang — qayta olib bo'lmaydi!)
  - ulanish: ssh -i kalit.pem ubuntu@<public-ip>

  ELASTIC IP — o'zgarmas public IP:
  - oddiy IP instance o'chib-yonganda O'ZGARADI (muammo — domen uziladi)
  - Elastic IP — akkauntga biriktirilgan, doimiy IP (instance'ga bog'lanadi)

EC2 (Elastic Compute Cloud) — AWS'ning virtual serveri (IaaS — Linux serverni o'zingiz boshqarasiz, 10.1 to'liq qo'llaniladi). Asosiy tushunchalar: instance — ishga tushirilgan bitta virtual mashina; instance turi (t3.micro, t3.small, m5.large) — CPU/RAM o'lchami (ko'proq = qimmatroq, kerakligini tanla); AMI (Amazon Machine Image) — instance shabloni (OS + oldindan o'rnatilgan dasturlar — Ubuntu, Amazon Linux; Docker image'ga o'xshash — 10.3); key pair — SSH kalit jufti (AWS public kalitni instance'ga qo'yadi, private kalitni .pem fayl sifatida siz yuklab olasiz — 10.1: 2.8). .pem fayl bir marta beriladi — yo'qotsangiz qayta olib bo'lmaydi (yangi key pair yaratish kerak). Elastic IP — o'zgarmas public IP: oddiy IP instance qayta yuklanganda o'zgaradi (domen uziladi), Elastic IP esa doimiy (akkauntga biriktirilgan). Ulanish — ssh -i kalit.pem ubuntu@<public-ip> (10.1: 2.8).

text
  EC2 — YANA MUHIM TUSHUNCHALAR:

  EBS (Elastic Block Store) — instance'ning virtual DISKI (block storage):
  - instance o'chsa ham ma'lumot saqlanadi (root volume + qo'shimcha volume)
  - snapshot olish mumkin (S3'da backup — diskning nusxasi)
  - S3'dan farqi: EBS = disk (bitta instance'ga ulanadi), S3 = obyekt (global)

  USER-DATA — instance birinchi yonganda avtomatik bajariladigan skript:
   "yonar-yonmas Docker o'rnat, ilovani ishga tushir" (qo'lda SSH shart emas)
   CI/CD va Auto Scaling'da muhim (yangi instance o'zini sozlaydi — 2.12)

  INSTANCE CONNECT — brauzerdan SSH (.pem'siz, Console orqali ulanish):
   kalitni yo'qotsang ham vaqtincha kirish yo'li (Xato 5)

  NARX MODELI (bir xil instance, uch xil to'lov — AWS rasmiy):
  - On-Demand  soatlik, majburiyatsiz (test/o'zgaruvchan yuk — eng moslashuvchan)
  - Reserved / Savings Plan  1-3 yil majburiyat (~70% gacha arzon — barqaror yuk)
  - Spot  AWS'ning bo'sh quvvati (~90% gacha arzon, LEKIN AWS istagan payt uzadi)
     faqat uzilishga chidamli ish uchun (batch, render — production web EMAS)

EC2'ning yana bir necha muhim tushunchasi. EBS (Elastic Block Store) — instance'ning virtual diski (block storage): instance o'chsa ham ma'lumot saqlanadi, undan snapshot (S3'da backup nusxa) olish mumkin. EBS bilan S3 farqi: EBS — disk (bitta instance'ga ulanadi, fayl tizimi), S3 — obyekt (global, kalit-qiymat). User-data — instance birinchi marta yonganda avtomatik bajariladigan skript (masalan "yonar-yonmas Docker o'rnat, ilovani ishga tushir") — qo'lda SSH qilib sozlash o'rniga; CI/CD va Auto Scaling'da muhim (yangi instance o'zini sozlaydi). EC2 Instance Connect — brauzerdan (Console orqali) .pem'siz SSH — kalitni yo'qotganda ham vaqtincha kirish yo'li (Xato 5). Narx modeli — aynan bir xil instance uchun uch xil to'lov (AWS rasmiy): On-Demand (soatlik, majburiyatsiz — test yoki o'zgaruvchan yuk uchun, eng moslashuvchan lekin qimmat); Reserved / Savings Plan (1-3 yil majburiyat — 70% gacha arzon, barqaror doimiy yuk uchun); Spot (AWS'ning bo'sh quvvati — 90% gacha arzon, lekin AWS istagan payt uzib qo'yishi mumkin — faqat uzilishga chidamli ish uchun: batch hisoblash, render; production web server uchun emas).

2.5. Security Group — virtual firewall (ufw bilan taqqoslash)

text
  SECURITY GROUP — instance uchun VIRTUAL FIREWALL (qaysi trafik kiradi/chiqadi):
   10.1'dagi "ufw"ning AWS'dagi varianti (lekin instance EMAS, AWS darajasida)

  ASOSIY XATTI-HARAKAT (AWS rasmiy):
  - Yangi SG'da KIRUVCHI (inbound) qoida YO'Q  hech narsa kirmaydi (default deny)
  - CHIQUVCHI (outbound) — default hammasi OCHIQ (instance internetga chiqadi)
  - Faqat "allow" qoidasi bor (deny qoidasi YO'Q — ro'yxatda yo'q = taqiqlangan)
  - STATEFUL — kiruvchi so'rovga javob avtomatik chiqadi (qaytishni ochmaysan)

  INBOUND QOIDA komponentlari:
  - protokol (TCP/UDP/ICMP) + port (22, 80, 443) + manba (source CIDR yoki SG)

  TIPIK WEB SERVER QOIDALARI:
  ┌──────────┬──────┬───────────────────┬──────────────────────────┐
  │ Tur      │ Port │ Manba (source)    │ Maqsad                   │
  ├──────────┼──────┼───────────────────┼──────────────────────────┤
  │ SSH      │ 22   │ MENING IP'm/32    │ faqat o'zim ulanaman     │
  │ HTTP     │ 80   │ 0.0.0.0/0         │ hamma (web)              │
  │ HTTPS    │ 443  │ 0.0.0.0/0         │ hamma (web)              │
  └──────────┴──────┴───────────────────┴──────────────────────────┘
   SSH (22) ni 0.0.0.0/0 ga ochma — faqat o'z IP'ngga (xavfsizlik)

Security Group (SG) — EC2 instance uchun virtual firewall: qaysi trafik kirishi (inbound) va chiqishi (outbound) mumkinligini boshqaradi. Bu — 10.1'dagi ufwning AWS'dagi ekvivalenti, lekin instance ichida emas, AWS tarmoq darajasida ishlaydi (ikkalasini birga ishlatish mumkin). AWS rasmiy xatti-harakati: yangi SG'da inbound qoida yo'q hech narsa kirmaydi (default deny); outbound default hammasi ochiq; faqat allow qoidasi bor (deny yo'q — ro'yxatda bo'lmagani avtomatik taqiqlangan); stateful — kiruvchi ulanishga javob avtomatik chiqadi (qaytish portini alohida ochmaysiz). Qoida — protokol (TCP) + port (22/80/443) + manba (source — CIDR yoki boshqa SG). Eng muhim xavfsizlik qoidasi: SSH (22) ni 0.0.0.0/0 ga ochma (butun internet) — faqat o'z IP'ngga (<seningIP>/32); web portlari (80/443) esa hammaga (0.0.0.0/0). Bu — 10.1: 2.7 (ufw faqat keraklisini ochish) tamoyilining aynan o'zi.

2.6. S3 — obyekt saqlash (bucket, key, presigned URL)

text
  S3 (Simple Storage Service) — obyekt saqlash (rasm, video, backup, statik fayl):
   fayl tizimi EMAS — KALIT-QIYMAT do'koni (key  fayl)

  TUZILMA:
  - BUCKET — eng yuqori "papka" (nom GLOBAL noyob — butun S3'da yagona!)
     s3://mening-loyiham-rasmlar
  - KEY — bucket ichidagi obyekt "yo'li" (papkaga o'xshaydi, lekin tekis):
     users/123/avatar.png  (slash bor, lekin haqiqiy papka yo'q — bu key)
  - OBJECT — haqiqiy fayl (ma'lumot + metadata)

  KIRISH (access) — DEFAULT HAMMASI PRIVATE (AWS rasmiy):
  - private (default)  faqat egasi/ruxsat berilgan kira oladi
  - public  hamma o'qiy oladi (statik sayt, ommaviy rasm — EHTIYOT BO'L)

  PRESIGNED URL — vaqtinchalik ruxsatli havola (private fayl uchun):
  - bucket'ni public qilmasdan, BITTA faylga vaqtli kirish beradi
  - URL imzolanadi (sening IAM huquqing bilan), muddat tugagach ishlamaydi
  - CLI: 7 kungacha; Console: 12 soatgacha (AWS rasmiy)
  - ishlatish: foydalanuvchi rasmni yuklasin/yuklab olsin (bucket yopiq qoladi)

S3 (Simple Storage Service) — obyekt saqlash (object storage): rasm, video, backup, statik fayl. Bu fayl tizimi emas — kalit-qiymat do'koni (key fayl). Tuzilma: bucket (eng yuqori "papka" — nomi butun S3 bo'ylab global noyob bo'lishi shart, ya'ni butun dunyoda bittagina mening-bucket bo'lishi mumkin); key (bucket ichidagi obyekt yo'li — users/123/avatar.png; slash bor lekin haqiqiy papka yo'q — bu shunchaki key); object (haqiqiy fayl + metadata). AWS rasmiy: default hamma obyekt private (faqat egasi kiradi); public qilish mumkin (statik sayt, ommaviy rasm — lekin ehtiyot bo'l, ko'p ma'lumot sizishi shundan). Presigned URL — bucket'ni public qilmasdan bitta faylga vaqtinchalik kirish beradigan imzolangan havola: muddat tugagach ishlamaydi (CLI'da 7 kungacha, Console'da 12 soatgacha — AWS rasmiy). Bu — Multer S3 5.11-bob bilan ideal: foydalanuvchi rasmni to'g'ridan-to'g'ri S3'ga yuklaydi, bucket yopiq qoladi.

text
  S3 — QO'SHIMCHA IMKONIYATLAR (production'da muhim):

  STORAGE CLASS (saqlash sinfi — narx vs kirish tezligi):
  - Standard         tez-tez kerak (aktiv rasm/fayl) — eng qimmat, eng tez
  - Standard-IA      kam kerak (Infrequent Access — backup, arxiv) — arzonroq
  - Glacier          juda kam kerak (uzoq muddat arxiv) — juda arzon, sekin olish
  - Intelligent-Tiering  AWS avtomatik to'g'ri sinfga ko'chiradi (bilmasang — shu)

  VERSIONING (versiyalash) — har o'zgarishda eski nusxa saqlanadi:
   tasodifan o'chirilgan/almashtirilgan faylni tiklash mumkin (backup himoya)

  LIFECYCLE (hayot sikli qoidasi) — obyektni avtomatik ko'chirish/o'chirish:
   "30 kundan keyin Standard-IA'ga, 90 kundan keyin Glacier'ga, 365 kunda o'chir"
   xarajatni avtomatik kamaytiradi (eski loglar/backup uchun)

  ENCRYPTION (shifrlash) — default yoqilgan (SSE-S3, AWS rasmiy 2023'dan):
   obyektlar diskda shifrlangan holda saqlanadi (o'zing sozlashing shart emas)
   SSE-KMS — o'z kalitingiz bilan (audit/nazorat kerak bo'lsa)

  CORS — brauzerdan to'g'ridan S3'ga so'rov (presigned PUT — Misol 6):
   frontend boshqa domendan yuklayotganda CORS qoidasi kerak (7.x — brauzer siyosati)

  STATIC WEBSITE HOSTING — S3'dan statik sayt (HTML/CSS/JS) berish:
   SPA/landing sahifani serversiz joylash (odatda CloudFront bilan — 2.12)

S3'ning production'da muhim qo'shimcha imkoniyatlari. Storage class (saqlash sinfi — narx bilan kirish tezligi o'rtasidagi murosa): Standard (tez-tez kerak bo'ladigan aktiv fayl — eng qimmat, eng tez), Standard-IA (Infrequent Access — kam kerak: backup, arxiv — arzonroq, lekin har kirishda qo'shimcha to'lov), Glacier (uzoq muddat arxiv — juda arzon, olish sekin), Intelligent-Tiering (AWS avtomatik to'g'ri sinfga ko'chiradi — qaysi sinf kerakligini bilmasangiz, shu). Versioning — har o'zgarishda eski nusxa saqlanadi (tasodifan o'chirilgan/almashtirilgan faylni tiklash mumkin — backup himoyasi). Lifecycle qoidasi — obyektni yosh(i)ga qarab avtomatik arzonroq sinfga ko'chirish yoki o'chirish (masalan "30 kunda IA'ga, 90 kunda Glacier'ga, 365 kunda o'chir") — eski log/backup xarajatini avtomatik kamaytiradi. Encryption — 2023'dan AWS default barcha obyektni diskda shifrlaydi (SSE-S3 — o'zingiz sozlashingiz shart emas; audit kerak bo'lsa SSE-KMS bilan o'z kalitingiz). CORS — brauzer boshqa domendan to'g'ridan S3'ga so'rov yuborsa (presigned PUT — Misol 6) kerak bo'ladigan qoida (brauzer xavfsizlik siyosati — 7-QISM). Static website hosting — S3'dan statik sayt (HTML/CSS/JS) berish (SPA/landing serversiz joylash, odatda oldiga CloudFront qo'yiladi — 2.12).

2.7. RDS — managed ma'lumotlar bazasi

text
  RDS (Relational Database Service) — MANAGED SQL DB (PostgreSQL, MySQL...):
   DB'ni O'ZING EC2'ga o'rnatish o'rniga — AWS boshqaradi

  QO'LLAB-QUVVATLAYDI:
  PostgreSQL 6.6-bob, MySQL 6.5-bob, MariaDB, Oracle, SQL Server, Aurora (AWS'niki)

  NEGA MANAGED (o'zing EC2'da DB tutishdan farqi — AWS qiladi):
   BACKUP — avtomatik (har kuni snapshot + point-in-time recovery)
   PATCH — DB versiyasini yangilash (xavfsizlik yamoqlari avtomatik)
   MULTI-AZ — standby replica boshqa AZ'da (primary yiqilsa — avto failover)
   READ REPLICA — o'qish nusxasi (15 tagacha — yukni taqsimlash, 9.9)
   MONITORING — metrikalar (CPU, ulanish, sekin so'rov)

  ULANISH (ilovadan — 6.6):
  - RDS endpoint (host): mydb.abc123.eu-central-1.rds.amazonaws.com
  - connection string: postgresql://user:pass@<endpoint>:5432/dbname
  -  RDS Security Group: faqat EC2'dan ulanishga ruxsat (publicga OCHMA)

RDS (Relational Database Service) — managed SQL ma'lumotlar bazasi. DB'ni o'zingiz EC2'ga o'rnatib boshqarish o'rniga, AWS uni boshqaradi. Qo'llab-quvvatlanadi: PostgreSQL 6.6-bob, MySQL 6.5-bob, MariaDB, Oracle, SQL Server, va AWS'ning o'z Aurorasi. Nega managed (o'zingiz tutishdan farqi — AWS qiladi): backup avtomatik (har kuni snapshot + point-in-time recovery — backup retention'ni 0'dan farqli qiymatga qo'ysangiz); patch (DB versiyasi/xavfsizlik yamoqlari avtomatik); Multi-AZ (standby replica boshqa AZ'da — primary yiqilsa avtomatik failover, AWS rasmiy); read replica (o'qish nusxasi — 15 tagacha, yukni taqsimlash — 9.9); monitoring (metrikalar). Ulanish — RDS beradigan endpoint (host) orqali: postgresql://user:pass@<endpoint>:5432/dbname 6.6-bob. Eng muhim: RDS Security Group'da faqat EC2'dan (yoki ilova SG'sidan) ulanishga ruxsat ber — DB'ni public internetga ochma (5432 portni 0.0.0.0/0 ga ochish — jiddiy xavf).

2.8. Lightsail — soddalashtirilgan VPS (EC2 dan farqi)

text
  LIGHTSAIL — AWS'ning SODDALASHTIRILGAN VPS xizmati (boshlovchilar uchun):
   EC2 + Security Group + IP + disk — hammasi BITTA oddiy paketda

  LIGHTSAIL vs EC2 (AWS rasmiy taqqos):
  ┌───────────────────┬──────────────────────┬─────────────────────────┐
  │ Jihat             │ Lightsail            │ EC2                     │
  ├───────────────────┼──────────────────────┼─────────────────────────┤
  │ Narx              │ FIKSIRLANGAN oylik   │ ishlatishga qarab (soat)│
  │                   │ ($5/oy dan boshlab)  │ (oldindan bilish qiyin) │
  │ Sozlash           │ tayyor paket (oson)  │ to'liq sozlash (kuchli) │
  │ Tarmoq/IP/disk    │ avtomatik kelgan     │ o'zing sozlaysan        │
  │ Tayyor shablonlar │ WordPress, LAMP...   │ faqat AMI               │
  │ Kim uchun         │ boshlovchi, oddiy    │ murakkab/katta tizim    │
  │ Scalability       │ cheklangan           │ to'liq (auto scaling)   │
  └───────────────────┴──────────────────────┴─────────────────────────┘

   Lightsail — "AWS'ga birinchi qadam" (DigitalOcean'ga o'xshash — 10.1)
   murakkablashganda EC2'ga o'tasan (RDS, Lambda kerak bo'lsa — EC2)

Lightsail — AWS'ning soddalashtirilgan VPS xizmati (boshlovchilar va oddiy loyihalar uchun). EC2 + Security Group + public IP + disk + tarmoq — hammasini bitta oddiy paketka jamlagan, sozlash murakkabligini yashirgan. EC2'dan asosiy farqlari (AWS rasmiy): narx — Lightsail'da fiksirlangan oylik (Linux uchun $5/oy dan boshlab — oldindan aniq bilasiz, hisob "portlamaydi"), EC2'da esa ishlatishga qarab soatlik (oldindan bilish qiyinroq, lekin moslashuvchan); sozlash — Lightsail tayyor paket (oson), EC2 to'liq sozlash (kuchli, murakkab); Lightsail tayyor shablonlar bilan keladi (WordPress, LAMP). Qaror: boshlovchi/oddiy loyiha Lightsail (DigitalOcean droplet'iga o'xshash — 10.1); RDS, Lambda, auto-scaling, murakkab tarmoq kerak bo'lsa EC2 (AWS rasmiy maslahati shu). Lightsail — "AWS'ga birinchi qadam", keyin murakkablashganda EC2'ga o'tasiz.

2.9. IAM — kim nima qila oladi (least privilege)

text
  IAM (Identity and Access Management) — KIM nima qila oladi (ruxsatlar):
   AWS'ning eng muhim xavfsizlik xizmati (har resurs IAM bilan himoyalangan)

  ASOSIY TUSHUNCHALAR:
  - ROOT user — akkaunt egasi (CHEKSIZ huquq — kundalik ISHLATMA!)
  - IAM USER — alohida foydalanuvchi (sen, hamkasab — cheklangan huquq)
  - GROUP — userlar to'plami (huquqni guruhga ber — oson boshqaruv)
  - ROLE — vaqtinchalik huquq (EC2/Lambda "kiyadigan" rol — kalit'siz!)
  - POLICY — JSON huquqlar hujjati (nimaga ruxsat/taqiq)

  POLICY (JSON) — Effect (Allow/Deny) + Action (s3:GetObject) + Resource (arn):
  {
    "Effect": "Allow",
    "Action": ["s3:GetObject", "s3:PutObject"],
    "Resource": "arn:aws:s3:::mening-bucket/*"
  }

  LEAST PRIVILEGE (eng kam imtiyoz — AWS rasmiy best practice — 10.1: 2.4):
   Faqat KERAKLI huquqni ber (hammasini emas — "*" dan qoch)
   ROOT'ni ishlatma (faqat IAM user/role)
   EC2'ga ROLE ber (access key qo'yma — rol kalit'siz, xavfsizroq)
   Access key kodga yozma / git'ga commit qilma (14.5)

IAM (Identity and Access Management) — kim nima qila oladini boshqaradigan AWS xavfsizlik xizmati (har bir resurs IAM bilan himoyalangan). Tushunchalar: root user (akkaunt egasi — cheksiz huquq, kundalik ishlatma!); IAM user (alohida foydalanuvchi — cheklangan huquq); group (userlar to'plami — huquqni guruhga ber); role (vaqtinchalik huquq — EC2/Lambda "kiyadigan" rol, access key'siz); policy (JSON huquqlar hujjati). Policy uchta asosiy maydon: Effect (Allow/Deny), Action (s3:GetObject), Resource (arn:...). Least privilege (eng kam imtiyoz — AWS rasmiy best practice, 10.1: 2.4 bilan bir xil g'oya): faqat kerakli huquqni ber (hammaga ruxsat beradigan "*" dan qoch); root'ni ishlatma; EC2'ga access key qo'yish o'rniga IAM role ber (rol kalit'siz, avtomatik aylanadi — ancha xavfsiz). Access key'ni hech qachon kodga yozma yoki git'ga commit qilma (eng keng sodir bo'ladigan jiddiy xato — 14.5). AWS Access Analyzer kerakli huquqlarni avtomatik aniqlashga yordam beradi.

2.10. VPC — tarmoq izolyatsiya (qisqacha)

text
  VPC (Virtual Private Cloud) — AWS'dagi O'Z xususiy tarmog'ing (izolyatsiya):
   resurslaring (EC2, RDS) shu tarmoq ichida, tashqaridan ajratilgan

  ASOSIY QISMLAR:
  - VPC       tarmoq (IP diapazoni: 10.0.0.0/16)
  - SUBNET    tarmoq bo'lagi (har AZ'da — 2.2):
    · PUBLIC subnet   internetga chiqadi (EC2 web server)
    · PRIVATE subnet  internetga chiqmaydi (RDS DB — yashirin, xavfsiz)
  - Internet Gateway  VPC'ni internetga ulaydi
  - Route Table       trafik qayerga ketishi

  ODATIY ARXITEKTURA (xavfsiz):
  Internet  [public subnet: EC2]  [private subnet: RDS]
                   public IP             public IP YO'Q (faqat EC2'dan)

   Boshlash uchun: AWS default VPC beradi (o'zing yaratmasang ham ishlaydi)
   DB'ni private subnet'ga qo'yish — eng muhim xavfsizlik amaliyoti

VPC (Virtual Private Cloud) — AWS ichidagi o'z xususiy tarmog'ing: resurslaring (EC2, RDS) shu tarmoq ichida, boshqa akkauntlardan izolyatsiya qilingan. Qismlari: VPC (tarmoq, IP diapazoni — 10.0.0.0/16); subnet (tarmoq bo'lagi, har AZ'da — public subnet internetga chiqadi (EC2 web server), private subnet chiqmaydi (RDS DB — yashirin)); Internet Gateway (VPC'ni internetga ulaydi); Route Table (trafik yo'nalishi). Odatiy xavfsiz arxitektura: Internet [public subnet: EC2 (public IP bor)] [private subnet: RDS (public IP yo'q)] — DB faqat EC2'dan ko'rinadi, internetdan ko'rinmaydi. Boshlash uchun AWS default VPC beradi (o'zingiz yaratmasangiz ham ishlaydi). DB'ni private subnet'ga qo'yish — eng muhim tarmoq xavfsizligi amaliyoti (2.7 bilan birga).

text
  VPC — YANA IKKI TUSHUNCHA:

  NAT GATEWAY — private subnet'dagi resurs INTERNETGA CHIQADI (lekin tashqaridan
  ko'rinmaydi): RDS/backend yamoq/paket yuklab olsin, ammo internetdan berkitilgan
    NAT Gateway soatlik + trafik uchun pul (unutilsa — kutilmagan hisob, 2.11)

  NACL (Network ACL) vs SECURITY GROUP — ikki qatlam himoya:
  ┌───────────────┬──────────────────────┬──────────────────────────┐
  │               │ Security Group       │ NACL                     │
  ├───────────────┼──────────────────────┼──────────────────────────┤
  │ Daraja        │ instance (resurs)    │ subnet (butun tarmoq bo'lak)│
  │ Holat         │ stateful (javob avto)│ stateless (2 tomon ochish) │
  │ Qoida         │ faqat allow          │ allow VA deny (tartib bilan)│
  │ Odatda        │ HAR DOIM ishlatasiz  │ kamdan-kam (default yetadi)│
  └───────────────┴──────────────────────┴──────────────────────────┘
   amalda 99% Security Group yetarli; NACL — qo'shimcha subnet qatlami

VPC'ning yana ikki tushunchasi. NAT Gateway — private subnet'dagi resurs (RDS, backend) internetga chiqishi (paket/yamoq yuklab olishi) mumkin, ammo internetdan unga kirib bo'lmaydi (bir tomonlama). NAT Gateway soatlik + o'tgan trafik uchun pul oladi — unutilsa kutilmagan hisobning sababi bo'ladi (2.11, Xato 4). NACL (Network ACL) va Security Group — ikki qatlamli tarmoq himoyasi: SG instance darajasida (stateful — javob avtomatik, faqat allow qoidasi), NACL esa subnet (butun tarmoq bo'lagi) darajasida (stateless — ikki tomonni alohida ochish kerak, allow va deny qoidalari tartib bilan). Amalda deyarli har doim Security Group yetarli; NACL — kamdan-kam kerak bo'ladigan qo'shimcha subnet qatlami (default NACL hammani o'tkazadi).

2.11. Narx modeli va free tier (ehtiyot bo'lish)

text
  AWS NARX MODELI — pay-as-you-go (ishlatganingga to'laysan):
  - EC2  soatiga (instance turi va ishlash vaqti)
  - S3   saqlangan GB + so'rovlar soni + chiqqan trafik (egress)
  - RDS  instance soati + saqlash + backup
  - DATA TRANSFER (egress — AWS'dan TASHQARIGA chiqqan trafik)  ko'p hisob shundan!

  FREE TIER (bepul daraja — AWS rasmiy, akkaunt sanasi muhim):
  - Akkaunt 15-iyul 2025'dan OLDIN: 12 oylik free tier (eski model)
     EC2 t2/t3.micro 750 soat/oy, S3 5GB, RDS db.t-micro 750 soat (12 oy)
  - Akkaunt 15-iyul 2025'dan KEYIN: yangi model
     Free plan (faqat "always free") yoki $200 kreditli paid plan

   EHTIYOT BO'L (kutilmagan hisob — eng keng muammo):
   BILLING ALARM qo'y (masalan $5'dan oshsa — email)
   Free tier limitini bil (oshsa — to'lov boshlanadi)
   Ishlatmagan resursni O'CHIR (EC2, Elastic IP — bog'lanmagan IP ham pul!)
   Cost Explorer'da xarajatni kuzat

AWS narx modeli — pay-as-you-go (ishlatganingga to'laysiz): EC2 soatiga, S3 saqlangan GB + so'rovlar + chiqqan trafik, RDS instance soati + saqlash. Data transfer (egress — AWS'dan tashqariga chiqqan trafik) — ko'pincha kutilmagan hisobning asosiy sababi (ichkariga kirish odatda bepul, tashqariga chiqish pulli). Free tier (bepul daraja — AWS rasmiy, akkaunt yaratilgan sanaga bog'liq): 15-iyul 2025'dan oldin ochilgan akkaunt — klassik 12 oylik free tier (EC2 t2/t3.micro 750 soat/oy, S3 5GB, RDS db.t-micro 750 soat — 12 oy davomida); 15-iyul 2025'dan keyin — yangi model (Free plan faqat "always free" xizmatlar, yoki $200 kreditli paid plan). Eng keng tarqalgan muammo — kutilmagan hisob. Himoya: billing alarm qo'y (masalan $5'dan oshsa email kelsin); free tier limitini bil; ishlatmagan resursni o'chir (to'xtatilgan EC2 ham, bog'lanmagan Elastic IP ham pul yeyishi mumkin); Cost Explorer'da xarajatni kuzat (Misol 10).

2.12. Boshqa muhim xizmatlar (CloudFront, Route 53, ELB, Lambda)

text
  YANA BILISH KERAK (kerak bo'lganda — hozir chuqurlashma):

  CLOUDFRONT — CDN (Content Delivery Network):
   statik fayllarni (S3'dagi rasm/JS) dunyo bo'ylab CACHE qiladi
   foydalanuvchiga ENG YAQIN nuqtadan beradi (latency kam, tez — 9.9)

  ROUTE 53 — DNS xizmati (domen boshqaruvi — 0.4, 10.7):
   domen sotib olish, A/CNAME yozuvlari (saytim.uz  EC2 IP)
   health check, traffic routing

  ELB (Elastic Load Balancer) — yuk taqsimlash 9.9-bob:
   bir nechta EC2 o'rtasida so'rovlarni taqsimlaydi (ALB — HTTP, NLB — TCP)
   Nginx load balancer'ning AWS'dagi managed varianti 10.2-bob

  ECS / EKS — konteyner orkestratsiya:
   ECS (AWS'niki), EKS (Kubernetes — 10.8) — Docker'ni boshqaradi 10.3-bob
   Fargate — serversiz konteyner (EC2 boshqarmaysan)

  LAMBDA — serverless funksiya:
   server YO'Q — faqat funksiya yuklaysan, so'rov kelganda ishlaydi
   ishlatilgan millisekundga to'laysan (kam trafik uchun arzon)

Kerak bo'lganda biladigan boshqa muhim xizmatlar (hozir chuqurlashma, faqat tanish bo'l): CloudFrontCDN (statik fayllarni — S3'dagi rasm/JS — dunyo bo'ylab cache qilib, foydalanuvchiga eng yaqin nuqtadan beradi, latency kam — 9.9); Route 53DNS (domen sotib olish, A/CNAME yozuvlari — saytim.uz EC2 IP — 0.4, 10.7); ELB (Elastic Load Balancer) — yuk taqsimlash (bir nechta EC2 o'rtasida — Nginx load balancer'ning AWS managed varianti, 10.2, 9.9); ECS/EKS — konteyner orkestratsiya (Docker'ni boshqaradi — 10.3, Kubernetes — 10.8; Fargate — serversiz konteyner); Lambdaserverless funksiya (server yo'q, faqat funksiya yuklaysiz, so'rov kelganda ishlaydi, ishlatilgan millisekundga to'laysiz — kam trafik uchun arzon). Boshlanishda bularning hammasi shart emas — EC2/S3/RDS bilan boshla, qolganini ehtiyoj tug'ilganda qo'sh.

2.13. Auto Scaling Group va Secrets (qisqacha)

text
  AUTO SCALING GROUP (ASG) — EC2 sonini AVTOMATIK moslash 9.9-bob:
   launch template (qanday instance) + min/max/desired son + policy
   trafik o'ssa (CPU > 70%) instance QO'SHADI, tushsa O'CHIRADI
   odatda ELB bilan birga: ELB  ASG  [EC2, EC2, EC2...] (yuk + o'sish)
   yiqilgan instance o'rniga yangisini avto qo'yadi (self-healing — 9.9)

  SECRETS (parol, access key — kodga yozilmaydi — 10.11, 14.5):
  - Secrets Manager   parol/kalit saqlash + avtomatik aylantirish (rotation)
  - Parameter Store   konfiguratsiya/maxfiy qiymat (arzonroq, oddiy)
   ilova ish paytida IAM role bilan o'qiydi (env'da ochiq turmaydi)

Auto Scaling Group (ASG) — EC2 instance sonini avtomatik moslash (9.9 — elastiklik): launch template (qanday instance yaratish) + min/max/desired son + siyosat asosida, trafik o'ssa (masalan CPU > 70%) yangi instance qo'shadi, tushsa o'chiradi. Odatda ELB bilan birga ishlaydi: ELB ASG [EC2, EC2, EC2...] — bu ham yukni taqsimlaydi, ham o'sishni boshqaradi, ham yiqilgan instance o'rniga yangisini avtomatik qo'yadi (self-healing). Secrets — parol va access key kodga yozilmaydi (10.11, 14.5): Secrets Manager (parol/kalit saqlash + avtomatik aylantirish — rotation) yoki Parameter Store (konfiguratsiya/maxfiy qiymat — arzonroq, oddiyroq); ilova ish paytida IAM role bilan o'qiydi (.envda ochiq turmaydi).

2.14. Boshqa cloud provayderlar (ekvivalent nomlar)

text
  AWS EMAS boshqa cloud'da ham xuddi shu tushunchalar (nom boshqa):

  ┌───────────────┬─────────────┬───────────────┬────────────────────┐
  │ Tushuncha     │ AWS         │ GCP (Google)  │ Azure (Microsoft)  │
  ├───────────────┼─────────────┼───────────────┼────────────────────┤
  │ Virtual server│ EC2         │ Compute Engine│ Virtual Machines   │
  │ Obyekt saqlash│ S3          │ Cloud Storage │ Blob Storage       │
  │ Managed SQL   │ RDS         │ Cloud SQL     │ Azure SQL DB       │
  │ Serverless    │ Lambda      │ Cloud Functions│ Azure Functions   │
  │ Managed K8s   │ EKS         │ GKE           │ AKS                │
  │ CDN           │ CloudFront  │ Cloud CDN     │ Azure CDN          │
  │ IAM           │ IAM         │ Cloud IAM     │ Entra ID / RBAC    │
  └───────────────┴─────────────┴───────────────┴────────────────────┘
   DigitalOcean/Linode — soddaroq (Lightsail'ga o'xshash, arzon VPS — 10.1)

AWS yagona cloud emas — GCP (Google Cloud) va Azure (Microsoft) — asosiy raqobatchilar. Tushunchalar bir xil, faqat nomlar boshqa: virtual server (EC2 GCP Compute Engine Azure Virtual Machines), obyekt saqlash (S3 Cloud Storage Blob Storage), managed SQL (RDS Cloud SQL Azure SQL), serverless (Lambda Cloud Functions Azure Functions), managed Kubernetes (EKS GKE AKS). AWS'ni bir marta yaxshi tushunsangiz, boshqasiga o'tish oson (asos bir xil). DigitalOcean va Linode — soddaroq, arzon VPS provayderlari (Lightsail'ga o'xshash — kichik loyiha uchun, 10.1'da ham eslatilgan).


3. Sintaksis — tez ma'lumotnoma

text
SOZLASH: aws configure (access key, secret, region, format) | aws sts get-caller-identity
EC2: aws ec2 run-instances --image-id ami-xxx --instance-type t3.micro --key-name K
     aws ec2 describe-instances | aws ec2 start|stop|terminate-instances --instance-ids i-xxx
SG: aws ec2 create-security-group --group-name web --description "..."
    aws ec2 authorize-security-group-ingress --group-id sg-xxx --protocol tcp --port 22 --cidr IP/32
S3 2.6-bob: aws s3 mb s3://bucket | aws s3 cp file s3://bucket/key | aws s3 sync ./dir s3://bucket
          aws s3 ls s3://bucket | aws s3 rm s3://bucket/key | aws s3 presign s3://bucket/key
RDS 2.7-bob: aws rds create-db-instance --db-instance-identifier mydb --engine postgres ...
           aws rds describe-db-instances | aws rds create-db-snapshot
LIGHTSAIL 2.8-bob: aws lightsail create-instances --instance-names web --bundle-id micro_x_x ...
IAM 2.9-bob: aws iam create-user --user-name deploy | aws iam attach-user-policy --policy-arn ...
SSH 10.1-bob: ssh -i kalit.pem ubuntu@<public-ip>

4. Batafsil kod namunalari

Misol 1 — AWS CLI o'rnatish va sozlash (aws configure)

bash
# AWS CLI v2 o'rnatish (Linux — rasmiy usul)
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip && sudo ./aws/install     # /usr/local/bin/aws ga o'rnatadi
aws --version                                # tekshirish: aws-cli/2.x.x

# Sozlash — IAM user'ning access key'ini kiritamiz (2.9, root EMAS!)
aws configure
#   AWS Access Key ID:     AKIA...                IAM user access key
#   AWS Secret Access Key: wJalr...               maxfiy (bir marta beriladi)
#   Default region name:   eu-central-1           yaqin region (2.2)
#   Default output format: json                   chiqish formati

# Kim sifatida ulanganmiz — tekshirish (xato bo'lsa sozlama noto'g'ri)
aws sts get-caller-identity                   # Account, UserId, Arn ko'rsatadi
#  Kalitlar ~/.aws/credentials da saqlanadi — bu faylni git'ga QO'SHMA (14.5)

Misol 2 — EC2 instance yaratish va ulanish (2.4, 10.1)

bash
# 1. Key pair yaratish (SSH kalit — private kalitni yuklab olamiz)
aws ec2 create-key-pair --key-name mening-kalit \
  --query 'KeyMaterial' --output text > mening-kalit.pem   # .pem faylga yozamiz
chmod 400 mening-kalit.pem                     # faqat ega o'qiydi (10.1: 2.3 — SSH talab)

# 2. Instance ishga tushirish (Ubuntu AMI, t3.micro — free tier)
aws ec2 run-instances \
  --image-id ami-0abcdef1234567890 \           # Ubuntu 24.04 AMI (region'ga xos)
  --instance-type t3.micro \                   # arzon, free tier (2.11)
  --key-name mening-kalit \                     # yuqorida yaratgan kalit
  --security-group-ids sg-0abc123 \            # firewall (Misol 3)
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=web-1}]'

# 3. Public IP'ni olish (ulanish uchun)
aws ec2 describe-instances --filters "Name=tag:Name,Values=web-1" \
  --query 'Reservations[].Instances[].PublicIpAddress' --output text

# 4. SSH bilan ulanish (10.1: 2.8 — endi Linux serverdamiz)
ssh -i mening-kalit.pem ubuntu@<public-ip>     # Ubuntu default user — "ubuntu"
#  "Connection timed out"  Security Group'da 22 ochiqmi tekshir (Misol 3, Xato 1)

Misol 3 — Security Group qoidasi (virtual firewall — 2.5)

bash
# Security Group yaratish (web server uchun)
aws ec2 create-security-group --group-name web-sg \
  --description "Web server firewall" --vpc-id vpc-0abc123
#  chiqishda: GroupId: sg-0abc123 (keyingi buyruqlarda ishlatamiz)

# SSH (22) — FAQAT o'z IP'ngga (butun internetga EMAS — xavfsizlik 2.5)
MY_IP=$(curl -s https://checkip.amazonaws.com)            # o'z public IP'mizni olamiz
aws ec2 authorize-security-group-ingress --group-id sg-0abc123 \
  --protocol tcp --port 22 --cidr ${MY_IP}/32             # /32 = faqat shu bitta IP

# HTTP (80) va HTTPS (443) — hammaga (web ochiq bo'lsin)
aws ec2 authorize-security-group-ingress --group-id sg-0abc123 \
  --protocol tcp --port 80 --cidr 0.0.0.0/0               # 0.0.0.0/0 = butun internet
aws ec2 authorize-security-group-ingress --group-id sg-0abc123 \
  --protocol tcp --port 443 --cidr 0.0.0.0/0
#  3000 (Node) va 5432 (DB) ni OCHMAYMIZ — Nginx 10.2-bob 80/443'dan kiritadi (10.1: 2.7)

Misol 4 — S3 bucket yaratish va fayl yuklash (CLI — 2.6)

bash
# Bucket yaratish (nom GLOBAL noyob bo'lishi shart — 2.6)
aws s3 mb s3://mening-loyiham-2026 --region eu-central-1
#  "make_bucket: mening-loyiham-2026" (band bo'lsa — boshqa nom tanla)

# Bitta fayl yuklash (upload)
aws s3 cp ./logo.png s3://mening-loyiham-2026/images/logo.png   # key = images/logo.png

# Butun papkani sinxron (faqat o'zgargan/yangi fayllar — tez, 10.1: 2.11 rsync'ga o'xshash)
aws s3 sync ./dist s3://mening-loyiham-2026/site --delete       # --delete = ortiqchani o'chir

# Ro'yxat va o'chirish
aws s3 ls s3://mening-loyiham-2026/images/      # bucket ichidagi obyektlar
aws s3 rm s3://mening-loyiham-2026/images/logo.png             # bitta obyekt o'chirish

# Presigned URL — private faylga vaqtli havola (2.6)
aws s3 presign s3://mening-loyiham-2026/images/logo.png --expires-in 3600  # 1 soat
#  https://...s3...amazonaws.com/...?X-Amz-Signature=... (1 soatdan keyin ishlamaydi)

Misol 5 — S3'ga Node'dan fayl yuklash (@aws-sdk/client-s3 — 5.11)

typescript
// npm i @aws-sdk/client-s3
import { S3Client, PutObjectCommand } from "@aws-sdk/client-s3";

// Client — region bilan (kalitlarni KODGA yozma! IAM role yoki env — 2.9, 14.5)
const s3 = new S3Client({ region: "eu-central-1" });
//  EC2'da ishlasa — IAM role'dan avtomatik oladi (access key shart emas — 2.9)

export async function rasmYukla(fayl: Buffer, key: string, mime: string) {
  await s3.send(
    new PutObjectCommand({
      Bucket: "mening-loyiham-2026",         // bucket nomi (2.6)
      Key: key,                              // masalan: users/123/avatar.png
      Body: fayl,                            // fayl mazmuni (Multer'dan — 5.11)
      ContentType: mime,                     // image/png (brauzer to'g'ri ko'rsatadi)
    }),
  );
  // Public bo'lmasa — to'g'ridan-to'g'ri URL ishlamaydi (presigned kerak — Misol 6)
  return `s3://mening-loyiham-2026/${key}`;
}
//  Bucket private qoladi — kirish presigned URL orqali (xavfsiz — 2.6)

Misol 6 — Presigned URL generatsiya qilish (Node — 2.6)

typescript
import { S3Client, GetObjectCommand, PutObjectCommand } from "@aws-sdk/client-s3";
import { getSignedUrl } from "@aws-sdk/s3-request-presigner";   // npm i @aws-sdk/s3-request-presigner

const s3 = new S3Client({ region: "eu-central-1" });

// O'QISH uchun presigned URL (foydalanuvchi private rasmni ko'rsin — vaqtli)
export async function koraOlishUrl(key: string) {
  const cmd = new GetObjectCommand({ Bucket: "mening-loyiham-2026", Key: key });
  return getSignedUrl(s3, cmd, { expiresIn: 3600 });    // 1 soat (so'ng ishlamaydi — 2.6)
}

// YOZISH uchun presigned URL (foydalanuvchi TO'G'RIDAN S3'ga yuklasin — server orqali emas)
export async function yuklashUrl(key: string, mime: string) {
  const cmd = new PutObjectCommand({ Bucket: "mening-loyiham-2026", Key: key, ContentType: mime });
  return getSignedUrl(s3, cmd, { expiresIn: 600 });     // 10 daqiqa
}
//  Foydalanuvchi PUT URL'ga to'g'ridan yuklaydi  server trafigi kamayadi (tez, arzon)
//    Bucket public bo'lmaydi — faqat imzolangan URL ishlaydi (xavfsiz)

Misol 7 — RDS yaratish va ilovadan ulanish (2.7, 6.6)

bash
# RDS PostgreSQL instance yaratish (CLI — managed DB)
aws rds create-db-instance \
  --db-instance-identifier mening-db \         # noyob nom
  --db-instance-class db.t3.micro \            # arzon (free tier — 2.11)
  --engine postgres \                          # PostgreSQL (6.6)
  --master-username dbadmin \                  # admin user
  --master-user-password '<KUCHLI_PAROL>' \    # maxfiy (secrets — 10.11)
  --allocated-storage 20 \                     # 20 GB disk
  --backup-retention-period 7 \                # 7 kunlik avtomatik backup (2.7)
  --no-publicly-accessible                     #  PUBLIC EMAS (faqat VPC ichidan — 2.10)

# Endpoint (host) ni olish — ilova shunga ulanadi
aws rds describe-db-instances --db-instance-identifier mening-db \
  --query 'DBInstances[0].Endpoint.Address' --output text
#  mening-db.abc123.eu-central-1.rds.amazonaws.com
bash
# Ilova .env 10.11-bob — connection string (6.6)
DATABASE_URL="postgresql://dbadmin:<PAROL>@mening-db.abc123.eu-central-1.rds.amazonaws.com:5432/postgres"
#  RDS Security Group'da faqat EC2 SG'sidan 5432'ga ruxsat ber (publicga ochma — 2.7)

Misol 8 — IAM policy JSON misol (least privilege — 2.9)

json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "FaqatShuBucketgaOqibYozish",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::mening-loyiham-2026/*"
    },
    {
      "Sid": "BucketRoyxatiniKorish",
      "Effect": "Allow",
      "Action": "s3:ListBucket",
      "Resource": "arn:aws:s3:::mening-loyiham-2026"
    }
  ]
}
bash
#  Bu policy FAQAT bitta bucket'ga ruxsat beradi (least privilege — 2.9)
#    "Action": "s3:*" yoki "Resource": "*" — XAVFLI (hammaga ruxsat — qochish kerak)
aws iam create-policy --policy-name s3-bucket-policy --policy-document file://policy.json

Misol 9 — EC2'ga Node ilova deploy qilish (umumiy — 10.1, 10.5)

bash
# === EC2'ga ulangach (Misol 2) — server tayyorlash 10.1-bob ===
sudo apt update && sudo apt upgrade -y                         # tizimni yangilash (10.1: 2.5)
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo bash - # NodeSource (5.1)
sudo apt install -y nodejs nginx                              # Node + Nginx (10.2)

# === LOKAL: kodni serverga uzatish (10.1: 2.11 — rsync) ===
npm run build                                                  # dist/ hosil
rsync -avz -e "ssh -i mening-kalit.pem" ./dist/ ubuntu@<ip>:/home/ubuntu/app/dist/

# === EC2'da: ilovani doimiy ishlatish (PM2 — 10.7) ===
sudo npm i -g pm2                                              # process manager
pm2 start dist/main.js --name myapp                           # ishga tushir
pm2 startup && pm2 save                                       # avtoyuk (10.1: 2.6 systemd'ga o'xshash)
#  Nginx'ni 80  3000'ga reverse proxy sozla 10.2-bob; SSL — Certbot (10.7)
#    Real loyihada bu jarayonni CI/CD avtomatlashtiradi (10.5 — GitHub Actions SSH deploy)

Misol 10 — Billing alarm va xavfsizlik tekshiruvi (2.11, 2.9)

bash
# Billing alarm — xarajat $5'dan oshsa email (kutilmagan hisobdan himoya — 2.11)
# (us-east-1 region'da — billing metrikalari shu yerda)
aws cloudwatch put-metric-alarm \
  --alarm-name "billing-5usd" \
  --namespace "AWS/Billing" --metric-name "EstimatedCharges" \
  --statistic Maximum --period 21600 --threshold 5 \         # $5 chegara
  --comparison-operator GreaterThanThreshold \
  --evaluation-periods 1 --dimensions Name=Currency,Value=USD \
  --alarm-actions <SNS_TOPIC_ARN>                            # email yuboradigan SNS

# Xavfsizlik tekshiruvi (best practice — 2.9)
aws iam get-account-summary                                  # MFA, user soni
aws ec2 describe-security-groups \
  --query "SecurityGroups[?IpPermissions[?ToPort==\`22\`]]"  # 22 ochiq SG'lar
#  22 yoki 5432 (DB) 0.0.0.0/0 ga ochiq bo'lsa — DARROV tuzat (2.5, 2.7)

# Ishlatilmayotgan Elastic IP (bog'lanmagan IP ham pul — 2.11)
aws ec2 describe-addresses --query "Addresses[?AssociationId==null]"  # bo'sh IP'lar

5. To'g'ri va noto'g'ri holatlar

1) Akkaunt huquqi (kim sifatida ishlash)

text
 Root user bilan kundalik ishlash, access key root'dan (cheksiz huquq — 2.9)
 IAM user/role + least privilege (faqat kerakli huquq)

2) Access key boshqaruvi

text
 Access key'ni kodga yozish / git'ga commit (sizib ketadi — 14.5)
 EC2'ga IAM role (kalit'siz), lokal'da env/aws configure (2.9)

3) SSH portini ochish (Security Group)

text
 SSH (22) ni 0.0.0.0/0 ga ochish (butun internet brute-force qiladi — 2.5)
 Faqat o'z IP'ngga (<seningIP>/32); web (80/443) hammaga

4) Ma'lumotlar bazasi joylashuvi

text
 RDS public, 5432 internetga ochiq (DB to'g'ridan hujum nishonida — 2.7)
 RDS private subnet, faqat EC2 SG'sidan ulanish (2.10)

5) S3 bucket kirishi

text
 Bucket'ni "barchaga public" qilib qo'yish (ma'lumot sizadi — 2.6)
 Private bucket + presigned URL (vaqtli, bitta faylga — 2.6)

6) Narx nazorati

text
 Billing alarm yo'q, ishlatmagan resurs yoqilgan (kutilmagan hisob — 2.11)
 Billing alarm + free tier limit + ishlatmaganni o'chirish

6. Keng tarqalgan xatolar va yechimlari

Xato 1 — EC2'ga SSH Connection timed out

Sababi: Security Group'da 22-port ochiq emas (yoki noto'g'ri IP), yoki instance public IP'siz. Yechimi: SG'da 22-port o'z IP'ngga ochilganini tekshir (authorize-security-group-ingress — Misol 3); instance'da public IP borligini ko'r (describe-instances); Elastic IP biriktir 2.4-bob. Bu — 10.1'dagi firewall muammosining AWS varianti.

Xato 2 — S3 AccessDenied

Sababi: IAM user/role'da S3 huquqi yo'q, yoki bucket policy taqiqlagan, yoki noto'g'ri bucket nomi. Yechimi: IAM policy'da s3:GetObject/PutObject shu bucket'ga ruxsat berganini tekshir (Misol 8); aws sts get-caller-identity bilan qaysi identity ekanini ko'r (Misol 1); bucket nomi to'g'rimi (global noyob — 2.6).

Xato 3 — IAM not authorized to perform

Sababi: joriy user/role'da kerakli Action ruxsati yo'q (least privilege — kerakli huquq berilmagan). Yechimi: xato xabaridagi aniq Actionni (masalan rds:CreateDBInstance) policy'ga qo'sh; AWS managed policy'dan boshlab, keyin toraytir 2.9-bob.

Xato 4 — Kutilmagan katta hisob (billing shok)

Sababi: free tier limiti oshgan, yoki katta instance/data transfer (egress), yoki unutilgan resurs (NAT Gateway, Elastic IP, RDS) yoqilgan. Yechimi: billing alarm o'rnat (Misol 10); Cost Explorer'da qaysi xizmat ko'p ekanini ko'r; ishlatilmaganni terminate/delete qil; free tier limitini bil 2.11-bob.

Xato 5 — Key pair (.pem) yo'qotish

Sababi: .pem fayl bir marta beriladi — yo'qolsa instance'ga kira olmaysiz. Yechimi: yangi key pair yarat, instance'ga qo'shish uchun: EC2 Instance Connect yoki user-data orqali yangi public kalit qo'sh; oldindan .pemni xavfsiz saqla (parol menejeri); kalitni chmod 400 qil (10.1: 2.3).

Xato 6 — Public S3 bucket orqali ma'lumot sizishi

Sababi: bucket "public" qilingan, maxfiy fayllar (backup, hujjat) hammaga ochiq. Yechimi: "Block Public Access"ni yoq (default yoqiq); public o'rniga presigned URL ishlat 2.6-bob; statik sayt uchun ham CloudFront + OAC orqali ber (to'g'ridan public emas).

Xato 7 — RDS'ga ilova ulana olmaydi (timeout/connection refused)

Sababi: RDS Security Group EC2'dan ulanishga ruxsat bermagan, yoki RDS private (to'g'ri), lekin ilova boshqa VPC'da. Yechimi: RDS SG'da EC2 SG'sidan 5432'ga inbound qoida qo'sh 2.7-bob; ilova va RDS bir VPC'da ekanini tekshir; endpoint/parol .envda to'g'ri yozilganini ko'r 6.6-bob.


7. Integratsiya — bu mavzu stack'ning qayerida uchraydi

  • Linux server/SSH 10.1-bob: EC2 — bu Linux server; ulanish, foydalanuvchi, firewall — barchasi qo'llaniladi.
  • Nginx 10.2-bob: EC2'da Nginx 80/443'da turadi, Node ilovaga reverse proxy; ELB — managed varianti.
  • Docker (10.3-10.4): image'ni ECR'ga push, ECS/Fargate'da ishga tushirish; EC2'da Docker.
  • CI/CD 10.5-bob: GitHub Actions S3'ga deploy yoki EC2'ga SSH deploy; IAM role bilan AWS'ga kirish.
  • Deploy/SSL 10.7-bob: EC2'da PM2 + domen (Route 53) + SSL (Certbot) — keyingi bob.
  • Multer fayl upload 5.11-bob: rasm/fayllarni S3'ga yuklash (lokal disk o'rniga — barqaror, masshtablanadigan).
  • DB/PostgreSQL (6.5-6.6): RDS — managed PostgreSQL/MySQL; connection string, migration shu joyda.
  • Secrets 10.11-bob: access key, DB parol — env/Secrets Manager'da (kodga yozilmaydi).
  • Xavfsizlik 14.5-bob: access key, IAM least privilege, public bucket — xavfsizlik mavzulari.

8. Eng yaxshi amaliyotlar (best practices)

  • Root'ni ishlatma (IAM user/role + MFA; root faqat akkaunt sozlash uchun — 2.9).
  • Least privilege (faqat kerakli huquq; "*" dan qoch; AWS Access Analyzer — 2.9).
  • EC2'ga IAM role (access key qo'yish o'rniga rol — kalit'siz, xavfsizroq — 2.9).
  • SSH faqat o'z IP'ngga (Security Group'da 22 — <IP>/32, web hammaga — 2.5).
  • DB private (RDS private subnet + faqat EC2 SG'sidan; publicga ochma — 2.7, 2.10).
  • S3 private + presigned URL (public bucket'dan qoch; Block Public Access yoq — 2.6).
  • Multi-AZ (production DB/ilova 2+ AZ'da — yuqori mavjudlik — 2.2, 2.7).
  • Billing alarm + free tier nazorati (kutilmagan hisobdan himoya; ishlatmaganni o'chir — 2.11).
  • Tag qo'y (resurslarga Name/Env/Project tag — boshqaruv va xarajat tahlili oson).
  • Boshlovchiga Lightsail (oddiy loyiha — fiksirlangan narx; murakkablashganda EC2 — 2.8).
  • Infrastructure as Code (resurslarni qo'lda emas, Terraform/CloudFormation bilan — 10.10).

9. Amaliy loyiha: "AWS'da to'liq deploy"

Ilovani AWS'ga noldan chiqarish: EC2'da ishlatish, S3'da fayl saqlash, RDS'da DB — real cloud ko'nikmasi.

Maqsad

Kichik Node.js/Nest ilovani AWS'da to'liq ishga tushir: EC2'da ilova, S3'da yuklangan rasmlar, RDS'da ma'lumotlar bazasi, IAM bilan xavfsiz, billing alarm bilan nazorat ostida.

Talablar (requirements)

  1. AWS akkaunt + IAM: root o'rniga deploy IAM user yarat, least privilege policy ber (Misol 1, 8, 2.9).
  2. AWS CLI: o'rnatib aws configure qil, sts get-caller-identity bilan tasdiqla (Misol 1).
  3. Security Group: 22 faqat o'z IP'ngga, 80/443 hammaga (Misol 3, 2.5).
  4. EC2: t3.micro instance yarat, key pair bilan SSH ulan (Misol 2, 10.1).
  5. Server tayyorlash: Node + Nginx o'rnat, ilovani PM2 bilan ishlat (Misol 9, 10.2, 10.7).
  6. S3: private bucket yarat, ilovadan rasm yukla (@aws-sdk/client-s3), presigned URL ber (Misol 4, 5, 6, 5.11).
  7. RDS: PostgreSQL instance yarat (--no-publicly-accessible), ilovani ulant (Misol 7, 6.6).
  8. DB xavfsizligi: RDS SG'da faqat EC2 SG'sidan 5432'ga ruxsat (2.7, 2.10).
  9. Billing alarm: $5 chegarali alarm o'rnat (Misol 10, 2.11).
  10. Tekshirish: brauzerda ilova ochilsin, rasm S3'dan kelsin, ma'lumot RDS'da saqlansin.

Maslahatlar (hint)

  • IAM user'ni avval yarat, undan keyin aws configure (root access key ishlatma — 2.9).
  • .pem faylni chmod 400 qil va xavfsiz saqla (yo'qotsangiz qayta olib bo'lmaydi — Xato 5).
  • Security Group'da SSH'ni 0.0.0.0/0 ga ochma (faqat o'z IP — Xato 1, 2.5).
  • RDS'ni --no-publicly-accessible bilan yarat, SG'da faqat EC2'dan ruxsat ber (Xato 7).
  • Bucket'ni public qilma — presigned URL ishlat (Xato 6, 2.6).
  • Birinchi marta bo'lsa — Lightsail'da ham sinab ko'r (soddaroq — 2.8).
  • Billing alarm'ni eng avval qo'y — free tier limitini bilib ishla (kutilmagan hisob — Xato 4).

"Tayyor" mezonlari (acceptance criteria)

  • IAM user (root emas) + least privilege policy bilan ishlaydi.
  • AWS CLI sozlangan (sts get-caller-identity to'g'ri javob beradi).
  • EC2 instance ishlaydi, SSH bilan ulanasiz (22 faqat o'z IP'ngga).
  • Ilova EC2'da PM2 bilan ishlaydi, Nginx 80/443'dan kiritadi.
  • S3 private bucket'ga rasm yuklanadi, presigned URL bilan ko'rinadi.
  • RDS PostgreSQL ishlaydi, ilova ulanadi (DB private — publicga ochiq emas).
  • RDS faqat EC2'dan ko'rinadi (Security Group to'g'ri).
  • Billing alarm o'rnatilgan ($5 chegara).
  • Brauzerda to'liq ilova ishlaydi (EC2 + S3 + RDS birga).

Yechim kodi ataylab berilmagan — bu loyihani o'zingiz yozib ko'ring.


10. Xulosa va keyingi bobga ko'prik

Bu bobda AWS cloud'ning asoslarini o'rgandik:

  • Cloud (IaaS/PaaS/SaaS — 2.1); AWS tuzilmasi (region, availability zone — 2.2); asosiy xizmatlar (~10 ta muhim — 2.3).
  • EC2 (instance, AMI, key pair, elastic IP — 2.4); Security Group (virtual firewall — ufw bilan — 2.5); S3 (bucket, key, presigned URL — 2.6); RDS (managed DB, backup/Multi-AZ/replica — 2.7).
  • Lightsail (sodda VPS — 2.8); IAM (user/role/policy, least privilege — 2.9); VPC (tarmoq izolyatsiya, NAT, NACL — 2.10); narx/free tier (ehtiyot bo'lish — 2.11); boshqa xizmatlar (CloudFront, Route 53, ELB, Lambda — 2.12); Auto Scaling + Secrets 2.13-bob va boshqa cloud (GCP/Azure ekvivalenti — 2.14).

Endi siz ilovani real cloud'da ishga tushira olasiz — server yoqib, fayl saqlab, DB ulanib, xavfsiz va nazorat ostida. Bu — "lokalda ishlaydi" degan chegaradan, "real foydalanuvchilarga ishlaydi" degan darajaga o'tish.

Keyingi bob — 10.7-bob: Deployment strategiyalari (PM2, domen, SSL). Ilovamiz endi EC2'da ishlayapti, lekin foydalanuvchilar uni http://1.2.3.4:3000 da emas, https://saytim.uz da ochishi kerak. PM2 bilan ilovani doimiy ishlatamiz (yiqilsa qayta yoqadi, ko'p protsessga taqsimlaymiz), domenni (Route 53 yoki boshqa registrator) serverga bog'laymiz va SSL (Let's Encrypt/Certbot) bilan HTTPS o'rnatamiz. Bu — har bir professional deploy'ning yakuniy, foydalanuvchi ko'radigan qismi.


Foydalanilgan rasmiy/ishonchli manbalar

  • AWS — Amazon EC2 User Guide: instance turlari, AMI, key pair, Elastic IP, EBS volume/snapshot, user-data, Instance Connect
  • AWS — EC2 narx modeli: On-Demand, Reserved Instances / Savings Plans, Spot Instances
  • AWS — Amazon S3 User Guide: bucket/object, storage class (Standard/IA/Glacier/Intelligent-Tiering), versioning, lifecycle, default encryption (SSE-S3/SSE-KMS), CORS, static website hosting, presigned URL (CLI 7 kun / Console 12 soat)
  • AWS CLI — s3 yuqori darajali buyruqlar (cp, sync, presign)
  • AWS — Amazon RDS User Guide: Multi-AZ, read replica, automated backup/snapshot, parameter group, Aurora
  • AWS — Amazon Lightsail: umumiy tavsif, Lightsail vs EC2, narx ($5/oy dan)
  • AWS — IAM: xavfsizlik best practices, least-privilege, IAM role va policy tuzilishi
  • AWS — VPC User Guide: subnet (public/private), Internet Gateway, NAT Gateway, route table, Security Group vs Network ACL
  • AWS — Auto Scaling Group; Elastic Load Balancing (ALB/NLB)
  • AWS — Secrets Manager va Systems Manager Parameter Store
  • AWS — Free Tier: 15-iyul 2025 model o'zgarishi ($200 kredit); billing/budget alarm va Cost Explorer
  • AWS — servis umumiy ko'rinishlari: CloudFront, Route 53, Lambda, ECS/Fargate, EKS
  • Boshqa cloud: Google Cloud (Compute Engine, Cloud Storage, Cloud SQL), Microsoft Azure (Virtual Machines, Blob Storage) rasmiy hujjatlari
  • @aws-sdk/client-s3 va @aws-sdk/s3-request-presigner — AWS SDK for JavaScript v3 rasmiy hujjati

Izohlar (0)

Izoh yozish uchun kiring.

  • Hozircha izoh yo'q. Birinchi bo'ling!
10.6-bob: Cloud — AWS (EC2, S3, RDS, Lightsail) — Wisar