Home

Give and Take - Book Review

Welcome to another episode of "Continuous Improvement," the podcast dedicated to personal and professional growth. I'm your host, Victor, and today we have an exciting topic to explore: the book "Give and Take" by Adam Grant.

Before we dive into the book, let me tell you a bit about Adam Grant, the author. He's a young and brilliant professor at the Wharton Business School known for his insightful research and bestselling books. By his mid-thirties, he had already authored five books! Impressive, right?

Now, let's unravel the main points brought forth in "Give and Take." The book challenges the commonly held belief that being too giving leads to being taken advantage of. Grant breaks down success into four pillars: motivation, capabilities, luck, and how we interact with others.

Grant categorizes people into three types: takers, matchers, and givers. Takers are solely focused on what they can gain, matchers give with the expectation of receiving something in return, and givers prioritize others' interests over their own without expecting anything in return.

Interestingly, the book reveals that the top 10% of salespeople are givers. The principle of reciprocity comes into play here - people are more inclined to assist those who help them. However, the data also shows that givers can either be top performers or bottom performers. The distinguishing factor is setting boundaries to avoid becoming depleted and neglecting personal growth.

Instead of prioritizing wealth, power, pleasure, or competition, adopting an altruistic attitude can result in mutual benefits in relationships. Research indicates that those who regularly give their time and knowledge to colleagues often receive higher raises and promotions.

So, what are the key principles for success according to "Give and Take"? First, show up. Be present and engaged in all aspects of your life. Second, work hard. Dedicate yourself to your goals and put in the necessary effort. Third, be kind. Foster positive interactions and relationships. And finally, be a giver. Prioritize others' interests and help without expecting immediate returns.

Remember, it's not a zero-sum game. The goal is to help one another. By being helpful, responsible, and compassionate, we can build a better world and a good reputation for ourselves.

If you find this topic intriguing and want to explore it further, I highly recommend reading "Give and Take" by Adam Grant. It's a book that challenges our preconceptions and provides valuable insights into the power of giving.

That wraps up another episode of "Continuous Improvement." I hope you found our exploration of "Give and Take" insightful and thought-provoking. Thank you for joining me on this journey of personal and professional growth.

If you have any questions, suggestions, or topics you'd like me to cover in future episodes, feel free to reach out. Until next time, keep striving for continuous improvement.

給予與接受 - 書籍評論

在這篇博客文章中，我將對亞當·格蘭特（Adam Grant）的書籍《給予與接受》進行評論。我認為學習和成長是人類的基本需求。分享這本書的見解對我來說是一種主動學習的方式，希望對你也有所幫助。

首先，誰是亞當·格蘭特？他是沃頓商學院的一位年輕教授，以其深刻的研究和書籍而聞名。在他三十五歲之前，他已經寫了五本暢銷書。

在《給予與接受》一書中，格蘭特挑戰了一些常見的假設，如"贏者全拿"和"好人最後才完成"。這些表述反映了人們害怕過於慷慨會讓別人占你便宜的觀念。這種恐懼常被電視劇和電影加以強化，這些媒體建議成功的人必須無情。例如，電影《華爾街之狼》將金融業描繪為貪婪是善舉，成功需要成為一個怪獸般的領導者。

然而，書中指出，這種觀點並不真實。格蘭特列出了成功的四個支柱：強烈的動力、能力、機會（或者說運氣），以及你與他人的互動方式。他將人們分為三種類型：接受者、匹配者和給予者。

接受者只關注他們能得到什麼。匹配者只在他們期望得到回報時才給予幫助，這種“交換條件”的心態在政治中很常見。而給予者則將他人的利益置於自己之上，不期待回報地幫助別人。

在現實生活中，人們常常展現出這些風格的混合，適應不同的情況。那麼哪種風格最成功，特別是對於銷售員來說？令人驚訝的是，書中揭示了前10％的銷售員都是給予者。為什麼呢？一個原因可能是互惠原則：人們更願意幫助那些幫助過他們的人。

數據也顯示，給予者要么是頂尖的表現者，要么是底層的表現者。區別在於是否設定了邊界。沒有設定邊界的給予者會發現自己被耗盡，沒有時間進行個人成長。設定邊界的人會更有效，並發現幫助他人往往有助於他們自己的發展。

我並不優先於財富、權力、快樂、競爭，而是偏好並優先於幫助、責任、社會公正和同情等價值觀。這可能似乎與直覺相反，但採取更利他的態度可以在關係中實現互利。研究表明，那些經常將時間和知識給予同事的人往往能得到更高的加薪和晉升。

總的來說，成功的關鍵原則是：1）出現，2）努力工作，3）善良，4）成為一個給予者。努力讓人們笑，娛樂他們，並致力於創造一個更好的世界對於在緊密的工作環境中建立良好的聲譽至關重要。這不是零和遊戲；目標是互相幫助。如果在你讀完這篇博客文章後，我還有任何可以進一步幫助你的方式，請隨時與我聯繫。

Brand Strategy Recommendations

In this proposal, I'm offering strategic recommendations for Thought Machine, a fintech product company. Thought Machine has developed a core banking product that is transforming the banking industry and enabling banks to offer innovative services to their customers.

Thought Machine has experienced impressive growth, recently raising $200 million in a Series C funding round led by industry-leading VCs and global banks, including Nyca Partners, Molten Ventures, JPMorgan, and Standard Chartered. This brings our total funding to $350 million, with a valuation exceeding £1 billion. We serve a diverse set of bank clients, ranging from Tier 1 to Challenger banks, such as Atom Bank, Curve, Lloyds Banking Group, Monese, SEB, Standard Chartered, TransferGo, Arvest, ING, and JPMorgan Chase.

Our product, Vault, operates as a ledger on cloud-native platforms (including Amazon Web Services, Google Cloud Platform, and Microsoft Azure) without relying on legacy technology. Vault's flexibility is powered by Smart Contracts, which can configure any type of retail bank product, including current accounts, savings, loans, credit cards, and mortgages.

We use the Clock Mode framework to evaluate every interaction between the brand and the consumer across three phases: pre-purchase, purchase, and post-purchase. The pre-purchase phase includes elements like social media, fintech events, partnerships, and responding to RFPs (Request for Proposals). The purchase phase involves enablement, API, self-service, and product service. The post-purchase phase includes support services, certification programs, training content, and newsletters.

We conducted a brand audit to identify immediate, visceral associations people have with our brand. Positive associations include terms like "modern," "smart," "technology," "trustworthy," "lean," "innovative," "scalable," "configurable," "performance," "security," "reliability," and "quality." Negative associations may include complexity, not being a "bank in a box," friction during integration, and a limited local market presence.

Building on the brand audit, we created an aspirational brand identity. The core essence of Thought Machine's brand is aspirational, simple, and visceral, serving as the foundation for modern banking. Our extended brand identity encompasses a range of features, from being a technology-focused, slightly geeky person to symbolizing cloud technology and a product-first approach.

Below are my strategic recommendations for Thought Machine:

1. Differentiation: Focus on standing out from traditional vendors by building a high-quality cloud platform. Emphasize the unique capabilities of Smart Contracts, which offer unparalleled configurability. Strengthening this aspect of our identity can boost awareness and accelerate growth.

2. Relevance: Offer cloud platforms that banks won't or can't build internally. Many banks are burdened with complex, siloed legacy systems. We should aim to deliver products reliably and efficiently to become an integral part of the banking industry.

3. Sustainability: Maintain a competitive edge by offering to replace outdated mainframe servers with more modern, cloud-based solutions. Build long-term relationships with banks and integration partners to ensure success at scale and speed.

Feel free to reach out if you have any questions about this proposal: Victor Leung on LinkedIn.

Brand Strategy Recommendations

Welcome to Continuous Improvement, the podcast where we explore strategies and insights to help companies thrive in today's dynamic business landscape. I'm your host, Victor, and in today's episode, we're diving into a strategic proposal for Thought Machine, a leading fintech product company.

But before we jump into the recommendations, let's take a closer look at who Thought Machine is and what they've achieved so far. Thought Machine has revolutionized the banking industry with their core banking product called Vault. This innovative solution enables banks to offer cutting-edge services to their customers while leaving behind legacy technology.

Recently, Thought Machine raised an impressive $200 million in a Series C funding round, led by prominent VCs and global banks. Their list of clients spans from Tier 1 to Challenger banks, including renowned names like Atom Bank, Curve, Lloyds Banking Group, Monese, and many more.

Now that we have a better understanding of who Thought Machine is, let's explore the strategic recommendations for their continued success.

First off, we propose focusing on differentiation. Thought Machine already stands out from traditional vendors by delivering a high-quality cloud platform. However, it's crucial to emphasize the unique capabilities of their Smart Contracts, which allow for unparalleled configurability. By strengthening this aspect of their identity, they can further raise awareness and accelerate growth.

Next up, we recommend Thought Machine to become the go-to solution for cloud platforms that banks won't or can't build internally. Many banks are limited by complex and siloed legacy systems, and Thought Machine can offer them reliable and efficient products that seamlessly integrate into their existing infrastructure. By positioning themselves as a crucial player in the banking industry, they can enhance their relevance and become indispensable.

Lastly, sustainability is paramount. Thought Machine should continue to maintain a competitive edge by replacing outdated mainframe servers with more modern, cloud-based solutions. By building long-term relationships with banks and integration partners, they ensure success at scale and speed.

And that wraps up our strategic recommendations for Thought Machine. Their cloud-native core banking product, Vault, already boasts an impressive track record, but by focusing on differentiation, relevance, and sustainability, they can further solidify their position in the industry.

If you're interested in learning more about this proposal or have any questions, feel free to connect with Victor Leung on LinkedIn. You can find the link in the show notes.

Thank you for joining me on this episode of Continuous Improvement. Stay tuned for more valuable insights and strategies in our upcoming episodes. Until then, keep striving for excellence and embracing continuous improvement.

品牌策略建議

在這個提議中，我對Thought Machine提供戰略建議，這是一家金融科技產品公司。Thought Machine開發了一款正在改變銀行業並使銀行能夠向客戶提供創新服務的核心銀行產品。

Thought Machine的增長令人印象深刻，最近在由業界領先的風險投資公司和全球銀行（包括Nyca Partners、Molten Ventures、摩根大通和渣打銀行）主導的C輪融資中籌得2億美元。這使我們的總融資額達到3.5億美元，估值超過10億英鎊。我們為一個多元化的銀行客戶群提供服務，範圍從Tier 1到挑戰者銀行，例如Atom Bank、Curve、Lloyds Banking Group、Monese、SEB、渣打銀行、TransferGo、Arvest、ING和摩根大通。

我們的產品，Vault，作為一個在雲原生平台（包括亞馬遜網路服務，谷歌雲平台和微軟Azure）上運行的分類帳，而無需依賴舊技術。Vault的靈活性由智能合約驅動，可以配置任何類型的零售銀行產品，包括當前的帳戶，儲蓄，貸款，信用卡和抵押貸款。

我們使用Clock Mode框架來評估品牌與消費者在三個階段之間的每一個交互：購買前，購買和購買後。購買前的階段包括像社交媒體，金融科技事件，合作夥伴和回應提案（Request for Proposals）的元素。購買階段涉及使能，API，自助服務和產品服務。購買後階段包括支援服務，認證程序，培訓內容和新聞通訊。

我們進行了品牌審計，以確定人們對我們品牌的直接，強烈的聯想。積極的聯想包括"現代"，"聰明"，"技術"，"可信"，"精簡"，"創新"，"可擴展"，"可配置的"，"高效能"，"安全"，"可靠"和"品質"。消極的聯想可能包括複雜性，不是"一站式銀行"，整合期間的摩擦和有限的本地市場存在。

基於品牌審計，我們創建了一個期望的品牌形象。 Thought Machine品牌的核心精神是有遠見，簡單且強烈，是現代銀行的基礎。我們的擴展品牌形象涵蓋了一系列特點，從技術導向，有點書呆子的人到象徵雲技術和產品優先的策略。

以下是我對Thought Machine的戰略建議：

1. 差異化：專注於從傳統供應商中脫穎而出，建立一個優質的雲平台。強調智能合約的獨特功能，提供無與倫比的可配置性。加強我們身份的這一方面可以提高認知度並加快增長。

2. 相關性：提供銀行不會或不能內部建立的雲平台。許多銀行被複雜，孤立的舊系統所困擾。我們應努力提供產品，使其在銀行業中的地位不可或缺。

3. 可持續性：通過提供更換過時的主機服務器為更現代的，基於雲的解決方案，以保持競爭優勢。與銀行和整合夥伴建立長期關係，以確保在規模和速度上的成功。

如果您對此提議有任何問題，請隨時與我聯繫：Victor Leung on LinkedIn。

Setting Up Ubuntu Desktop on AWS Workspace

I've been a fan of the Ubuntu desktop distribution since 2009, back in my university days. It was exciting to use it as a Windows desktop replacement, although the journey was filled with challenges such as hardware compatibility issues related to the webcam, sound, and keyboard.

What I love about Ubuntu is the community support. I could always find answers to my questions on Google. However, when I first started, I would blindly copy and paste commands into the terminal and sometimes mess up the environment without knowing how to revert the changes. As a result, I had to reinstall Ubuntu Desktop multiple times.

Nowadays, I've migrated Ubuntu Desktop to an AWS EC2 instance. It works well with Google Chrome's remote desktop setup, and I enjoy the flexibility of choosing CPU, memory, and storage hardware based on my needs. Although the sound works, I've been disappointed by the browser scrolling experience, which feels delayed, especially when streaming YouTube videos.

This morning, I saw an announcement about the availability of Ubuntu Desktop on AWS Workspace and decided to try it out immediately. I had used AWS Workspace before—a fully managed Virtual Desktop Infrastructure (VDI)—and found the user experience to be better on Windows instances using the Remote Desktop Protocol (RDP). Since RDP is a proprietary protocol developed by Microsoft, I prefer not to use it. Meanwhile, Linux desktops use PCoIP, which can sometimes feel laggy and unresponsive. Additionally, the Amazon Linux2 image with MATE desktop wasn't customized to my liking.

Today, I finally have my preferred option: Ubuntu Desktop on AWS Workspace, set up using WorkSpaces Streaming Protocol (WSP). I'm writing this blog post from this very setup.

Step-by-Step Guide

Step 0: Before getting started, you'll need to set up a directory. You may be unsure whether to choose AWS Managed Microsoft AD or Simple AD. In my case, I only needed an inexpensive Active Directory compatible service, so I chose Simple AD, as shown in the screenshot below:

Step 1: Once the directory is set up, you can select it to create an AWS-managed workspace. This process takes some time, and you'll need to register it as well.

Steps 2 & 3: Next, create a user and identify them.

Step 4: Select the Ubuntu Desktop bundle. The UI lacks search and filter functionality, so you might have to navigate to the last page to find the Ubuntu options. You can choose from various hardware configurations. I picked the performance option because it currently has a free tier promotion.

Step 5: Choose between "Always On" or "AutoStop." I selected "AutoStop" with a one-hour timeout for cost savings.

Step 6: Skip the optional encryption for now.

Finally, wait for the status to change from "Pending" to "Ready." Then you can start connecting using the registration code. While you can download the AWS client and install it on your laptop, one feature I particularly like about Ubuntu Desktop on AWS Workspace is the ability to access it via the web. To enable this, follow one more step:

Go to the WorkSpaces console at https://console.aws.amazon.com/workspaces/ and, in the navigation pane, choose "Directories." Select your directory and then choose "Actions," followed by "Update Details." Expand "Access Control Options" and locate the "Other Platforms" section. Choose "Web Access" and then "Update and Exit."

Now you can access Ubuntu Desktop from any browser at https://clients.amazonworkspaces.com/webclient. Input your registration code to continue.

Enter your username and password. (If you've forgotten your directory password, you can reset it through your AWS console.)

And there you have it! You've successfully logged in to a fully functional Ubuntu Desktop in a web browser.

This setup is incredibly convenient, allowing me to access my workspace from anywhere. So far, the performance has been excellent, and I'm pleased with the user experience. If you have any questions about this setup, feel free to ask, and I'll be happy to share more information with the community.

Setting Up Ubuntu Desktop on AWS Workspace

Welcome back, listeners, to another episode of Continuous Improvement. I'm your host, Victor, and today we have an exciting topic to discuss – the journey of using Ubuntu Desktop and its migration to an AWS EC2 instance. If you're a fan of Ubuntu like me, you won't want to miss this episode.

It all started back in my university days when I first discovered Ubuntu Desktop as a Windows replacement. The community support and resourcefulness were truly exceptional. But, like any transition, there were challenges to overcome, such as hardware compatibility issues with webcams, sound, and keyboards.

At first, I admit, I made some rookie mistakes. I would blindly copy and paste commands into the terminal, only to realize later that I messed up my environment and had to reinstall Ubuntu Desktop multiple times. But, as they say, we learn from our mistakes.

Fast forward to today, and my journey with Ubuntu Desktop has taken a new turn. I've now migrated it to an AWS EC2 instance. With Google Chrome's remote desktop setup, I enjoy the flexibility of choosing hardware based on my needs. However, I did face disappointment with the browser scrolling experience, especially when streaming YouTube videos.

But, as luck would have it, I stumbled upon an exciting announcement this morning – the availability of Ubuntu Desktop on AWS Workspace. Intrigued by this new option, I wasted no time and immediately dove into exploring it. And guess what? I'm actually recording this podcast episode from the Ubuntu Desktop on AWS Workspace setup.

Now, let's dive into the step-by-step guide, shall we?

Step 0: Before diving into the setup process, you'll need to set up a directory. You have the option to choose between AWS Managed Microsoft AD or Simple AD, depending on your needs. In my case, I opted for Simple AD, as I needed an inexpensive Active Directory compatible service.

Step 1: Once your directory is set up, you can proceed to create an AWS-managed workspace. This process takes some time and requires you to register it as well.

Steps 2 & 3: Next, create a user and identify their credentials. Ensure everything is set up correctly.

Step 4: Now comes the exciting part – selecting the Ubuntu Desktop bundle. Keep in mind that the UI may be a bit cumbersome, lacking search and filter functionality. You may need to navigate to the last page to find the Ubuntu options. Take your time to choose the hardware configuration that suits your needs. I personally went for the performance option, as it currently has a free tier promotion.

Step 5: It's decision time – "Always On" or "AutoStop." I chose the "AutoStop" option with a one-hour timeout for cost-saving purposes.

Step 6: Optional encryption is available, but for now, I recommend skipping it unless you require additional security measures.

Now, all you have to do is wait for the status to change from "Pending" to "Ready." Once the workspace is ready, you can start connecting using the registration code. Moreover, one fantastic feature of Ubuntu Desktop on AWS Workspace is the ability to access it via the web. Here's how to enable it:

Go to the WorkSpaces console at https://console.aws.amazon.com/workspaces/ and navigate to "Directories." Choose your directory, then select "Actions" and "Update Details." Expand the "Access Control Options" section and locate "Other Platforms." Click on "Web Access" and choose "Update and Exit."

Congratulations! You're now ready to access Ubuntu Desktop from any web browser. Simply visit https://clients.amazonworkspaces.com/webclient and input your registration code.

Enter your username and password. If you've forgotten your directory password, don't worry; you can easily reset it through your AWS console.

And there you have it! You're now logged in to a fully functional Ubuntu Desktop in your web browser. This setup offers incredible convenience and allows access from anywhere. So far, my experience has been outstanding, and I'm delighted with the user experience.

If you have any questions or need further information about this setup, don't hesitate to reach out. I'm here to help and share knowledge with our wonderful community.

That concludes today's episode of Continuous Improvement. Thank you for tuning in and joining me on this Ubuntu Desktop journey. I hope you found this information valuable and that it will enhance your Ubuntu experience. Remember, as we navigate the world of technology, there's always room for continuous improvement.

Until next time, this is Victor signing off. Stay curious and keep improving!

在AWS工作區設置Ubuntu桌面

自2009年大學時期以來，我就一直是Ubuntu桌面版的粉絲。用它來替代Windows桌面非常令人興奮，儘管這條旅程充滿了挑戰，如與網攝、聲音和鍵盤相關的硬件兼容性問題。

我愛Ubuntu的原因是其社區支持。我總是可以在Google上找到對我問題的答案。然而，當我剛開始時，我會盲目地將命令複製並粘貼到終端，有時在不知道如何恢復變更的情況下破壞環境。結果，我不得不多次重新安裝Ubuntu桌面。

現在，我已經將Ubuntu桌面遷移到一個AWS EC2實例上。它與Google Chrome的遠程桌面設置配合得很好，而且我喜歡根據自己的需求選擇CPU、內存和存儲硬件的靈活性。雖然聲音可以正常工作，但我對瀏覽器滾動體驗感到失望，特別是在串流YouTube視頻時，這種體驗感覺上有延遲。

今天早上，我看到一則宣布Ubuntu桌面可在AWS Workspace上使用的消息，我立即決定試試看。我以前用過AWS Workspace——一種完全管理的虛擬桌面基礎設施（VDI），並發現使用遠端桌面協議（RDP）的Windows實例的用戶體驗更好。由於RDP是由微軟開發的專有協議，我寧願不使用它。與此同時，Linux桌面使用PCoIP，有時可能會感到延遲和反應不靈敏。此外，帶有MATE桌面的Amazon Linux2映像並不符合我的喜好。

今天，我終於有了我喜歡的選擇：在AWS Workspace上使用Ubuntu桌面，並使用WorkSpaces串流協議（WSP）進行設置。我就在這個設置下寫這篇部落格文章。

分步指南

步驟0：在開始之前，您需要設置一個目錄。您可能不確定選擇AWS管理的Microsoft AD還是簡易AD。在我情況下，我只需要一種價格低廉的Active Directory兼容服務，所以我選擇了簡易AD，如下圖所示：

步驟1：一旦設置好目錄，你就可以選擇它來創建一個AWS管理的工作區。這個過程需要一些時間，你也需要進行註冊。

步驟2 & 3：接下來，創建一個用戶並識別他們。

步驟4：選擇Ubuntu Desktop捆綁包。UI缺少搜索和過濾功能，所以你可能需要導航到最後一頁來找到Ubuntu選項。你可以從各種硬件配置中選擇。我選擇了性能選項，因為它目前有免費層次的推廣。

步驟5：選擇“一直開著”或“自動停止”。我選擇有一小時超時的"自動停止"，以節省成本。

步驟6：現在跳過可選的加密。

最後，等待狀態從“等待”變為“就緒”。然後，您可以使用註冊碼開始連接。您可以下載AWS客戶端並在您的筆記本電腦上安裝它，但我特別喜歡AWS Workspace上的Ubuntu桌面的一個功能，那就是可以通過Web來訪問它。要啟用此功能，請遵循以下所述的一個步驟：

前往WorkSpaces控制台 https://console.aws.amazon.com/workspaces/，在導航窗格中選擇“Directories”。選擇你的目錄，然後選擇“Actions”，接著選擇“Update Details”。展開“Access Control Options”並定位到"Other Platforms"。選擇"Web Access"然後選擇"Update and Exit"。

現在您可以在https://clients.amazonworkspaces.com/webclient的任何瀏覽器上訪問Ubuntu桌面。輸入你的註冊碼以繼續。

輸入您的用戶名和密碼。 (如果您忘記了目錄密碼，您可以通過AWS控制台重置它。)

你辦到了！您已經成功地登入至一個完全功能的Ubuntu桌面網頁瀏覽器。

這種設置非常便利，允許我從任何地方訪問我的工作區。到目前為止，性能一直很出色，而且我對用戶體驗感到滿意。如果您對此設置有任何疑問，請隨時提問，我將很樂意與社區分享更多信息。

Setting up a Three-Tier Architecture on AWS

Today, I'm going to demonstrate how to use Virtual Private Cloud (VPC) services to set up a three-tier architecture on Amazon Web Services (AWS). Below is the architecture diagram that illustrates the setup, which is mainly divided into three layers.

The first layer is the presentation layer. Users can directly access the public subnet via the gateway. The second layer is the logic layer, which primarily deals with business logic. This layer resides in a private subnet to limit access and sits behind a load balancer. The load balancer enables flexible and horizontal scaling to handle varying traffic demands at different times. The third layer is the data layer, which houses a MySQL database in a private subnet. Access is only permitted through the second layer. To enhance availability, I've deployed the architecture across two Availability Zones, and the database is backed up to the other zone. This ensures that if one Availability Zone fails, the application services will remain operational.

First, I'll create a VPC network named victorleungtwdemo. As per the architecture diagram, I'll choose the 172.17.0.0/16 CIDR block. This /16 subnet will give me 65,535 IP addresses, which provides room for future expansion.

Next, I'll create six subnets. The first subnet is named pub-subnet-1. I'll associate it with the VPC I just created and choose the appropriate Availability Zone (Zone A). I'll also specify the IP address range for this subnet. To ensure scalability, I'll set it as a /24 subnet.

Continuing this process, I'll create the remaining five subnets. As shown in the diagram below, I now have six subnets in different Availability Zones.

Next, I'll create a new Internet Gateway, named victorleungtw-igw.

After it's created, I'll attach it to my victorleungtwdemo VPC.

Now, let's examine the routing table. A default routing table is automatically generated when the VPC is created. All the subnets I create will connect to this table by default.

I'll then create a new routing table named pub-route, which will manage data routed to the public network. Additionally, I'll rename the original routing table to priv-route. For the database subnet, I'll create another routing table named nat-route.

At this point, I have three routing tables. Each one comes with a default route.

For the pub-route table, I'll add a route 0.0.0.0/0 directed towards victorleungtw-igw. This allows all machines in the associated subnets to access the public internet.

Next, I'll associate my public subnets, pub-subnet-1 and pub-subnet-2, with the pub-route table.

Then, I'll add the nat-route and associate it with priv-subnet-1 and priv-subnet-2.

Finally, there's no need to worry about the remaining private routing table; all subnets will default to priv-route.

Now, let's move on to creating a Network Address Translation (NAT) gateway. I'll choose priv-subnet-2 as its subnet and create an Elastic IP (EIP) for it.

I'll add the NAT gateway to the NAT routing table and set the route to 0.0.0.0/0.

So far, I've completed about 70% of the network architecture. Next, I'll configure all the related security group settings.

For security, I'll create separate security groups for my bastion host, load balancer, web servers, and database.

Now, it's time to launch the relevant EC2 instances.

Before creating the RDS server, I'll also create an RDS subnet group.

Once the RDS server is set up with the appropriate VPC and security group, we can return to our EC2 instances.

Next, I'll set up a target group for the web servers and add them to it.

Lastly, I'll create an application load balancer.

With everything set up, we can now test the system. From the bastion host, I can SSH into both web servers, launch an Nginx server, and verify access to the database from the application layer.

That wraps up this guide to setting up a three-tier architecture on AWS. If you have any questions, feel free to connect.

Setting up a Three-Tier Architecture on AWS

Hello, and welcome to another exciting episode of Continuous Improvement! I'm your host, Victor, and today we're going to dive deep into the world of Virtual Private Cloud (VPC) services on Amazon Web Services (AWS).

In this episode, we'll explore how to set up a three-tier architecture using VPC services. So, grab a cup of coffee and get ready to learn!

Now, before we jump into the technicalities, let's take a look at the architecture diagram. We have three layers: the presentation layer, the logic layer, and the data layer.

The presentation layer allows users to access the public subnet directly through the gateway. Then we have the logic layer, which handles all the business logic. This layer is located in a private subnet behind a load balancer. And finally, we have the data layer, which consists of a MySQL database in a private subnet.

To ensure high availability, we have deployed our architecture across two Availability Zones. Additionally, our database is backed up to the other zone, guaranteeing operational continuity in case of an Availability Zone failure.

Now that we have an overview of the architecture, let's dive into the setup process.

First, we'll create a VPC network named 'victorleungtwdemo.' We'll allocate the CIDR block '172.17.0.0/16' to provide room for future expansion.

Moving forward, we'll create six subnets, each associated with a specific Availability Zone. This setup allows us to distribute our resources across multiple zones, enhancing scalability and resilience.

Now, let's talk about routing. We'll create three separate routing tables: 'pub-route' for the public network, 'priv-route' for the private network, and 'nat-route' for the database subnet.

The 'pub-route' table will have a route '0.0.0.0/0' directed towards our Internet Gateway, granting access to the public internet for all machines in the associated subnets.

As for security, we'll create separate security groups for our bastion host, load balancer, web servers, and database. This way, we can ensure proper access controls and protect our infrastructure.

Once the networking and security aspects are in place, we'll launch the relevant EC2 instances and set up an RDS server with the appropriate VPC and security group.

To provide load balancing capabilities, we'll create a target group for the web servers and set up an application load balancer.

All that's left is to test the system and ensure everything is functioning as expected. From the bastion host, we'll SSH into the web servers, launch an Nginx server, and verify access to the database from the application layer.

And just like that, we've successfully set up a three-tier architecture using VPC services on AWS! Give yourself a pat on the back for a job well done.

Well, that wraps up today's episode of Continuous Improvement. I hope you found this guide helpful in understanding and implementing a three-tier architecture on AWS. If you have any questions or would like to connect, feel free to reach out to me on LinkedIn.

Join me next time as we explore more exciting topics and strategies for continuous improvement. Until then, keep learning and stay curious!

This is Continuous Improvement, signing off.