AWS Overview Whitepaper

What are the benefits of using EC2

*Elastic Web-Scale Computing*: increase/decrease capacity within minutes *Completely Controlled*: you have root access, completely controllable through APIs *Flexible Cloud Hosting Services*: multiple instance types, OSses and software packages *Designed for use with other Amazon Web Services*: especially to integrate with S3, SQS, RDS and so on. *Reliable*: can be rapidly and reliably commissioned, has 99.95% availability for each region *Secure*: works in conjunction with VPC *Inexpensive*

Application Services

- API Gateway - AppStream - CloudSearch - Elastic Transcoder - SES - SQS - SWF

Developer Tools

- CodeCommit - CodeDeploy - CodePipeline

IAM

- Enables you to securely control access to services and resources for your users - create and manage users and groups - permissions to allow and deny their access to resources Allows you to - manage IAM users and their access - manage IAM roles and their permissions - manage federated users and their permissions

Config

- Fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. - These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting. - define guidelines for provisioning and configuring AWS resources and then continuously monitor compliance with those guidelines - you can choose from a set of existing rules - example: ensure that EBS volumes are encrypted

Security and Identity

- IAM - KMS - Directory Service - Inspector - WAF - CloudHSM

Amazon Kinesis

- Kinesis Firehose - Kinesis Analytics - Kinesis Streams

Mobile Services

- Mobile Hub - Cognito - Device Farm - Mobile Analytics - SNS - Mobile SDK

Database options

- RDS - Aurora - Database Migration Service (DMS) - DynamoDB - Redshift - ElastiCache

Enterprise Applications

- WorkSpaces - WorkDocs - Workmail

Trusted Advisor

- acts like a customized cloud expert, and it helps provision resources by following best practices - inspects environment and finds opportunities to save money, improve system performance and reliability, or help close security gaps

Service Catalog

- allows organizations to create and manage catalogs of IT services that are approved for use on AWS. - AWS SC allows you to complete multi-tier application architectures - allows you to centrally manage commonly deployed IT services - helps achieve consistent governance and meet your compliance requirements

OpsWork

- configuration management service that helps you configure and operate applications of all shapes and sizes using Chef. - includes automation to scale your application based on time or load and dynamic configuration to orchestrate changes as your environment scales.

The major service categories are _____

1. Compute 2. Storage 3. Database 4. Networking & Content Delivery 5. Migration 6. Developer Tools 7. Management Tools 8. Security, Identity & Compliance 9. Analytics 10. Artificial Intelligence 11. IoT 12. Game Development 13. Mobile Services 14. Application Services 15. Messaging 16. Business Productivity 17. Desktop & App Streaming

What are the major compute services

1. EC2 2. Auto Scaling 3. Elastic Load Balancing 4. AWS Lambda 5. Amazon EC2 Container Service 6. AWS Elastic Beanstalk 7. VM Import / Export

To access Services you can use _______

1. The AWS management console 2. The command line interface 3. The mobile App 4. One of the many SDKs

What are the six major advantages of cloud computing over traditional computing models?

1. Trade capital expense for variable expense 2. Benefit from massive economies of scale 3. Stop guessing about capacity 4. Increase speed and agility 5. Stop spending money running and maintaining data centres 6. Go global in minutes

Glacier

A secure, durable, and extremely low-cost storage service for data archiving and long-term backup. As little as 0.007 USD per gigabyte

Availability Zones and Regions

AWS is available in multiple locations worldwide. These locations are composed of regions and Availability Zones. A region is a named set of AWS resources in the same separate geographic area. Each region has multiple, isolated locations known as Availability Zones. AWS enables the placement of resources, such as instances, and data in multiple locations. Resources aren't replicated across regions unless you chose to do so.

Database Migration Service

helps you migrate databases to AWS easily and securely while the source database remains fully operational.

Route 53

highly available and scalable Domain Name Server (DNS) web service

Elasticache

makes it easy to deploy, operate, and scale an in-memory cache in the cloud. supports: - Memcached: object driven cache - Redis: key/value pair driven cache

AWS Direct Connect

makes it easy to establish a dedicated network connection from your premises to AWS.

ALB

Application Load Balancer. An Application Load Balancer is a load balancing option for the Elastic Load Balancing service that operates at the application layer and *allows you to define routing rules based on content across multiple services or containers running on one or more Amazon Elastic Compute Cloud (Amazon EC2) instances*.

Kinesis Streams

Build custom applications that process or analyze streaming data for specialized needs

Cloud Front

CDN.

Kinesis Firehose

Capture and automatically load streaming data into Amazon S3 and Redshift enabling near real-time analytics

CloudHSM

Cloud Hardware Security Module. - dedicated HSM in the cloud - securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you - provisioned inside your Amazon VPC with an IP address that you specify

Management Tools

CloudWatch CloudFormation CloudTrail Config OpsWorks Service Catalog Trusted Advisor

Does RedShift columnar or row storage?

Columnar for fast query performance

Directory Service

managed service that allows you to connect your resources with an existing on-premises MS Active Directory or to set up a new, standalone directory in the cloud

API Gateway

Create, publish, maintain, monitor and secure APIs at any scale

AppStream

Deliver windows applications to any device Applications are deployed and rendered on AWS infrastructure and the output is streamed to mass-market devices.

Does AWS foresee security features?

Duh! AWS provides security-specific tools and features across network security, configuration management, access control, and data encryption

Availability Zone and region isolation

Each region is completely independent and is designed to be completely isolated from the other regions. This achieves the greatest possible fault tolerance and stability. Each Availability Zone is isolated, but the Availability Zones in a region are connected through low-latency links. Availability Zones are physically separated within a typical metropolitan region

Elastic Beanstalk

Easy-to-use service for deploying and scaling web applications and services developed with Java, .Net, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and Internet Information Services (IIS)

EBS

Elastic Block Storage. Provides persistent block-level storage volumes for use with Amazon EC2 instances in the AWS cloud.

Explain EC2

Elastic Compute Cloud is a web service that provides resizable compute capacity in the cloud. It is designed to make web scale computing easier for developers.

EFS

Elastic File System. Shared file storage service for Amazon EC2 instances.

ELB

Elastic Load Balancing automatically distributes incoming application traffic across multiple EC2 instances in the cloud. It increases the level of fault tolerance in your applications.

EMR

Elastic Map Reduce. - quickly and cost effectively process vast amounts of data - managed Apache Hadoop framework

Mobile Hub

Fastest way to build apps powered by AWS. Add and configure features for apps, including user authentication, data storage, back-end logic, push notifications, content delivery and analytics and device testing.

ELB increases the level of _____ in your applications.

Fault tolerance

AWS Import/Export Snowball

petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of AWS.

WorkDocs

Fully managed, secure enterprise storage and sharing service

CloudFormation

Gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.

EC2 Container Service

Highly scalable, high-performance Container management service that supports Docker containers. Run applications on a managed cluster of EC2 instances. Manage your Docker-enabled applications using APIs

Data Pipeline

reliably process and move data between different AWS compute and storage services as well as on-premises data sources at specified intervals

T/F Database Migration Service only migrates between the same type of database engines (ie Oracle to Oracle)

False. DMS can migrate from one type to another, ie From Oracle to Amazon Aurora.

T/F Auto Scaling is only suited to applications that experience hourly, daily or weekly variability in usage

False. It is suited to both applications that have stable demand patterns and applications that experience hourly, daily or weekly variability in usage

T/F A down-side of Elastic Beanstalk w.r.t. EC2 is that you don't have full access to the underlying infrastructure

False. You retain full control over the AWS resources powering your application and can access the underlying resources at any time.

QuickSight

Fast, cloud-powered business intelligence service

Each EBS volume is automatically replicated within _____ to protect you from _____, offering high availability and durability.

Its Availability Zone. Component Failure.

KMS

Key Management Service. Create and control encryption keys used to encrypt data, and uses HSMs to protect the security of your keys. Integrated with other AWS services including EBS, S3, RedShift integrated with CloudTrail to provide logs of all key usage to help meet regulatory and compliance needs

AWS Lambda

Lets you run code without provisioning or managing servers. You pay for the computer time you consume

WorkMail

Managed business email and calendaring service with support for existing desktop and mobile email clients

IoT

Managed cloud platform that lets connected devices securily interact with cloud applications and other devices.

WorkSpaces

Managed desktop computing service in the cloud

CloudSearch

Managed service in the AWS cloud that makes it easy to set up, manage, and scale a search solution for your website or application. Support 34 languages and popular search features such as highlighting, autocomplete, and geospatial search

Elasticsearch

Managed service to deploy, operate, and scale Elasticsearch in the AWS cloud. Elasticsearch is a popular open-source search and analysis engine for use cases such as log analytics, real-time application monitoring, and click stream analytics.

Mobile Analytics

Measure app usage and app revenue

Device Farm

Mobile app-testing service

CloudWatch

Monitoring service for AWS cloud resources and the applications. Collect and track metrics, collect and monitor log files and set alarms. use CloudWatch to gain system-wide visibility into resource utilization, application performance, and operational health.

Aurora

MySQL compatible up to 5x better performance than MySQL

CodeDeploy

service that automates code deployments to any instance, including EC2 instances and instances running on-premises

What is cloud computing (according to AWS)?

On-demand delivery of IT resources and applications via the Internet with pay-as-you-go pricing

Mobile SDK

Provides access to AWS mobile services, mobile-optimized connectors to popular data and storage services.

CloudTrail

Records API calls for your account and delivers log files to you. The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.

RDS

Relational Database Service. Makes it easy to set up, focus and scale relational databases in the cloud. Provides 6 database engines: 1. Aurora 2. Oracle 3. Microsoft SQL Server 4. PostgreSQL 5. MySQL 6. MariaDB For commercial DBs like Oracle and MSSQL you can bring your own existing licenses or pay for the license as part of the service.

Kinesis Analytics

Run standard SQL queries against streaming data

Name a few certifications and standards with which AWS complies

SOC 1/ISAE 3402, SOC 2, SOC 3 FISMA, DIACAP, and FedRAMP PCI DSS Level 1 ISO 9001, ISO 27001, ISO 27018

Cognito

Save mobile user data, such as app preferences or game state, in the AWS cloud without writing any back end code. Mobile identity management and data synchronization across devices.

Auto Scaling

Scale EC2 instance up or down according to conditions you define.

AWS Storage Gateway

Service connecting an on-premises software appliance with cloud based storage. It provides low-latency performance by maintaining frequently accessed data on-premises while securely storing all of your data encrypted in S3 or Glacier

Machine Learning

Service that developers of all skill levels to use machine learning technology. Provides visualization tools and wizards.

SES

Simple E-mail Service. Cost effective e-mail service. Send transactional email, marketing messages.

SNS

Simple Notification Service. Fully managed pub-sub messaging service. Notification service to send push notifications, email, and SMS messages; or as an enterprise-messaging infrastructure

SQS

Simple Queue Service. Managed queue Service

S3

Simple Storage Service

SWF

Simple WorkFlow. Fully managed state tracker and task coordinator. For steps that take more than 500 millisecondsto complete. Need to recover or retry if a task fails --> use SWF

Why would you use AWS Direct Connect?

To reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based connections

T/F Elastic Beanstalk manages deployment, and scaling of web applications and services developed with Java, .NET, PHP... on popular webservices

True

T/F DynamoDB can be installed locally.

True for development. You can download and use a local version of DynamoDB to experiment and develop locally.

(T/F) The Application Load Balancer supports both WebSockets and HTTP/2.

True!

T/F Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, and auto scaling to application health monitoring

True.

T/F EBS is pay-as-you-go

True. You can scale upor down in a matter of minutes all while paying a low price for only what you provision.

VPC

Virtual Private Cloud lets you provision a logically isolated section of the AWS cloud

WAF

Web Application Firewall. Protects your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. Blocks common attack vectors, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. Includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules

What is a limitation of AWS Direct Connect?

You can only have it between your premises and one of the AWS Direct Connect locations

VPC Peering

You have the ability to create a VPC peering connection between VPCs in the same AWS Region. Once established, EC2 instances in the peered VPCs can communicate with each other across the peering connection using their private IP addresses, just as if they were within the same network. You can create a peering connection between two of your own VPCs, or with a VPC in another AWS account. A VPC can have one-to-one peering connections with up to 50 other VPCs in the same Region.

VM Import/Export

allows you to leverage your existing investment in images that meet compliance and security and other requirements; you import them into AWS and run them on EC2.

Inspector

automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Automatically assesses applications for vulnerabilities or deviations from best practices

CodePipeline

continuous delivery service. Builds, tests, and deploys your code every time there is a code change

DynamoDB

fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale.

RedShift

fast, fully managed, petabyte-scale data warehouse service

CodeCommit

fully managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories