Explanation:

Blue-green deployment is a technique that reduces downtime and risk by running two identical production environments called Blue and Green.

At any time, only one of the environments is live, with the live environment serving all production traffic. For this example, Blue is currently live and Green is idle.

As you prepare a new version of your software, deployment and the final stage of testing takes place in the environment that is not live: in this example, Green. Once you have deployed and fully tested the software in Green, you switch the router so all incoming requests now go to Green instead of Blue. Green is now live, and Blue is idle.

This technique can eliminate downtime due to app deployment. In addition, blue-green deployment reduces risk: if something unexpected happens with your new version on Green, you can immediately roll back to the last version by switching back to Blue.

Explanation:

A NAT (Network Address Translation) instance is, like a bastion host, an EC2 instance that lives in your public subnet. A NAT instance, however, allows your private instances outgoing connectivity to the internet while at the same time blocking inbound traffic from the internet.

A NAT (Network Address Translation) Gateways provide the same functionality as a NAT instance, however, a NAT Gateway is an AWS managed NAT service. As a result, these NAT Gateways offer greater availability and bandwidth and require less configuration and administration.

Comparison of NAT Instances and NAT Gateways

Bastion host : A bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer.

Explanation:

CIDR (Classless Inter-Domain Routing) notation is a compact representation of an IP address and its associated routing prefix. The notation is constructed from an IP address, a slash ('/') character, and a decimal number. The number is the count of leading 1 bits in the subnet mask. Larger values here indicate smaller networks. CIDR was developed as an alternative to traditional subnetting. The idea is that you can add a specification in the IP address itself as to the number of significant bits that make up the routing or networking portion.

IPv4 CIDR blocks interpretation :

IPv4 : a.b.c.d
Bits : 8.8.8.8 --> 32 bits

CIDR block Notation : a.b.c.d/prefix where prefix is the number of IP address the network can have.

Example : 192.168.100.0/22

IPs calculation for the above CIDR block will be [192(8bits).168(8bits).100(8bits).0(8bits)] = 2^32-22 = 2^10 = 1,024
where 32 -> 8 * 4 bits , 22 -> prefix

Total number of IPs for 192.168.100.0/22 CIDR block will be 1,024

192.168.100.0 -> 255
192.168.101.0 -> 255
192.168.102.0 -> 255
192.168.103.0 -> 255
where 0 -> 255 = 256 IPs

Total IPs = 256 * 4 = 1,024

By default, AWS uses 5 IPs out of these 256 IPs, So the number of IPs released will be 256 - 5 = 251

IPs used by AWS:

0 -> Network Address
1 -> Amazon VPC Routing
2 -> Domain Name System (DNS)
3 -> Future use by AWS
255 -> Broadcasting

In AWS, a subnet can have 1 primary CIDR block and 4 secondary CIDR blocks

Details:

 Security Group vs Network ACL (Network Access Control List)

Examples:

1) List of EC2 instance IDs:
aws ec2 describe-instances | grep InstanceId | tr '",' ' '

2) List of Load Balancers by Name:
aws elbv2 describe-load-balancers | grep LoadBalancerName | tr '",' ' '

3) List of Target Groups by Name:
aws elbv2 describe-target-groups | grep TargetGroupName | tr '",' ' '

4) List of Autoscale Groups by Name:
aws autoscaling describe-auto-scaling-groups | grep AutoScalingGroupName | tr '",' ' '

5) List of Launch configurations by Name:
aws autoscaling describe-launch-configurations | grep LaunchConfigurationName | tr '",' ' '

 6) List of available IAM users by Name:
aws iam list-users | grep UserName | tr '",' ' '

Reference