AWS TECHNOLOGY
AWS Aurora
-AWS Managed Database service. - MySQL compatible - 5x better performance - 1/10 price
What are 3 different flavors of Load Balancers?
1) Application Load Balancers 2)Network Load Balancers 3) Classic Load Balancers
How to restrict Bucket Access?
1) Bucket Policies - Applies across the whole bucket 2)Object Policies- Applies to individual files 3)IAM Policies to Users and Groups - Applies to users and groups.
You are charged for S3 in the following ways:
1) Storage 2) Requests 3) Storage Management Pricing 4) Data Transfer Pricing 5) Transfer Acceleration 6) Cross Region Replication Pricing
6 Advantage of Cloud
1) Trade Capital Expense for variable Expense 2) Benefit from massive economies of scales. 3)Stop Guessing about capacity 4) Increase speed and agility 5) Stop spending money running and maintaining data centers 6) Go global in minutes.
EC2 architecture
Always design for failure. Have one EC2 instance in each availability zone.
Bootstrapping
Bootstrapping is the execution of automated actions to services such as EC2 and RDS. This is typically in the form of scripts that run when the instances are launched.
3 Types of Cloud Computing
Infrastructure as a Service (IAAS) Platform as a Service (PAAS) Software as a Service (SAAS)
Data Warehousing
Red Shift OLAP(Online Analytics Processing)
What AWS Services can be used on premise?
Snowball Snowball Edge Storage Gateway CodeDeploy Opsworks IOT Greengrass
What a Firewall Does?
To let everything in 0.0.0.0/0 To let just one IP in X.X.X.X/32
VPC Peering
VPC peering creates a connection between two VPCs. The scenario described is a hybrid environment with one end being AWS cloud and the other end being on-premises (non-cloud) resources.
To restrict access to an entire bucket you use _______________?
bucket policies
S3 has the following gurantees from amazon
1) Built for 99.9% availability for S3 platform 2) Amazon guarantee 99.9% availability 3) Amazon gurantees 99.999999999% durability for S3 information (remember 11*9)
What is CloudFront?
1) CloudFront in a content delivery network (CDN) is a system of distributed servers that deliver webpages and other web contents to a user based on the geographic locations of the user, the origin of the webpage, and a content delivery server. 2) Objects are cached for the life of the TTL (Time to Live)
CloudWatch
1) Cloudwatch is used for monitoring performance. 2) Cloudwatch can monitor most of AWS as well as your applications that run on AWS. 3) CloudWatch with EC2 will monitor events every 5 minutes by default. 4) You can have 1 minute intervals by turning on detailed monitoring 5) You can create CloudWatch alarms which trigger notifications. 6) CloudWatch is all about performance.
Choosing the right AWS Region?
1) Data Sovereignty Laws. 2) Latency to end users. 3) AWS Service.
Choosing the right AWS Region?
1) Data Soverenignty Laws : (Maybe data can only reside in particular country like federal requirement, government data) 2) Latency to end users :(If 90 % of customer are in Us East then you will choose the region closely loacated to customer) 3) AWS Services: US EAST 1 has almost have most services and some region doesn't have particular services.
Name all the compute services?
1) EC2 2) Elastic Beanstalk 3) Lambda 4) Batch 5) EKS 6) ECS 7) ECR 8) Lightsail
S3 Transfer Acceleration
1) It enables fast, easy, and secure transfers of files over long distances between your end users and an S3 buckets. 2) Transfer Acceleration takes advantage of Amazon cloud-front globally distributed edge location.As the data arrives at an edge locations, data is routed to amazon S3 over an optimized network path.
S3 Features
1) Tired Storage Available 2) Lifecycle Management 3) Versioning 4) Encryption 5) Secure your data using Access control lists and bucket policies.
Key Fundamentals of S3 are:
1)Key (This is simply the name of the object) 2)Value (This is simply the data and is made up of a sequence of bytes) 3)Read after Write Consistency for PUTS of new Objects 4)Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate)
AWS On-Premesis Resource
AWS Managed VPN AWS Direct Connect
Which AWS service can be used to deploy applications on-premise?
CodeDeploy OpsWorks
EC2 Instance Types -Mnemonic
F- for FPGA I- for IOPS G- Graphics H- High Disk Throughput T- Cheap general purpose (think T2 Micro) D- For Density R- For Ram M- Main choice for general purpose apps C- For Compute P- Graphics (think Pics) X- Extreme Memory Z- Extreme Memory and CPU A- Arm based workloads U- Bare Metals
Which AWS Services are Global?
IAM Route53 CloudFront SNS SES
AWS EMR (Amazon Elastic MapReduce)
It is a cloud native big data platform that gives teams the power to process the massive amounts of data quickly while keeping spending down. It plays well with open source tool, and it built with AWS EC2 and S3 for reliability purpose.
EC2 Pricing Models
1) On Demand:-Allows you to pay a fixed rate by the hour (or by the second) with no commitment. 2) Reserved:-Provides you with a capacity reservation and offer significant discount on the hourly charge for an instance Contract terms are 1 year or 3 year. 3) SPOT:- Enables you to bid whatever price you want for instance capacity, providing for even greater savings if your application have flexible start and end times. 4) Dedicated Hosts:- Physical EC2 server dedicated for your use. Dedicated Hosts can help you to use your existing server-bound software license.
S3 Storage Classes
1) S3 Standard 99.99% availability 99.999999999% durability 2)S3-IA (Infrequent Accessed) for the data that is accessed less frequently but requires rapid access when needed. Lower fee than S3 but you are charged a retrieval fee. 3) S3 One Zone-IA For where you want a lower cost option for infrequently accessed data but do not require the multiple availability zone data resilience 4) S3-Intelligent Tiering- Designed to optimize costs by automatically moving data to the most cost effective access tier, without performance impact or operational overhead. 5)S3 Glacier- It is a secure, durable and low-cost storage class for data archiving. You can reliably store any amount of data at costs that are competitive with or cheaper than on-premises solutions. Retrieval times configurable from minutes to hours. 6)S3 Glacier Deep Archive- It is Amazon S3's lowest-cost storage class where a retrieval time of 12 hours is acceptable.
Basics of S3
1) S3 is Object based ----i.e allows you to upload files. 2) Files can be from 0 Bytes to 5 TB. 3) There is unlimited storage. 4) Files are stored in Buckets. 5) S3 is a universal namespaces. That is name must be unique globally 6) https://s3-eu-west-1. amazonaws.com/abhijeetsolanki 7) When you upload a file to S3 you will receive a HTTP 200 code if the upload was successful . 8) S3 is a keyvalue store. (key,value,version ID,Metadata,subresources)
Types of EBS
1) SSD a)General Purpose SSD (GP2)-balances price and performance for a wide variety of workloads. b)Provisioned IOPS SSD (IO1)- Highest performance SSD volume for mission critical low latency or high throughput workloads. 2) Magnetic a) Throughput Optimize HDD (ST1)- Low cost HDD volume designed for frequently accessed, throughput intensive workloads. b) Cold HDD (SC1)- Lowest cost HDD volume designed for less frequently accessed workloads (File Servers). c) Magnetic- Previous Generation
System Manager
1) Systems Manager can be used to manage fleets of EC2 instances and virtual machines. 2) A piece of software is installed on each VM. 3) Can be both inside AWS and on premise. 4) Run Command is used to install,patch, uninstall software. 5) Integrates with cloudwatch to give you a dashboard of your entire estate.
How you can Interact with AWS?
1) Using the console. 2)Using the Command Line Interface (CLI) 3)Using the Software Development Kits (SDKs)
S3 website hosting
1) You can use bucket policies to make entire S3 buckets make public 2) You can use S3 to host STATIC websites. Websites that require database connections such as Wordpress etc cannot be hosted on S3. 3) S3 scales automatically to meet your demand.
Bucket
1)Bucket names share a common name space. You cannot have the same bucket name as someone else. 2)When you view your buckets you view them globally but you can have buckets in individual regions. 3)You can replicate the contents of one bucket to another bucket automatically by using cross region replication. 4)You can change the storage classes and encryption of your objects on the fly. 5) Buckets are region-specific.
How does data consistency works for S3?
1)Read after Write consistency for PUTS of new object. 2)Eventual Consistency for Overwrite PUTS and Deletes (can take some times to propagate).
Reserved Pricing Types
1)Standard Reserved instances:- These offer up to 75% off on demand instances. The more you pay up front and the longer the contract the greater the discount. 2)Convertible Reserved Instances :- These offer up to 54% off on demand capability to charge the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. 3)Scheduled Reserved Instances:- These are available to launch within the time windows you option allow you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month. reserve.This
What is a Group?
A group is simply to store your users. Your users will inherit all permissions that the group has. Examples of groups might be developers, system administrators, human resources, finance etc.
Difference between a region, an Availability Zone (AZ) and an Edge Location
A region is a physical location in the world which consists of two or more availability zone (AZ's) An AZ is one or more discrete data centers each with redundant power, networking and connectivity, housed in separate facilities. Edge Locations are endpoints for AWS which are used for caching content.Typically this consists of CloudFront, Amazon's Content Delivery Network (CDN)
Virtual Private Gateway
A virtual private gateway is a logical, fully redundant distributed edge routing function that sits at the edge of your VPC. As it is capable of terminating VPN connections from your on-prem or customer environments, the VPG is the VPN concentrator on the Amazon side of the Site-to-Site VPN connection.
AWS Partner Network (APN) Consulting Partners
APN Consulting Partners are professional services firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their journey to the cloud. APN Consulting Partners often implement Technology Partner solutions in addition to the professional services they offer.
Cloud Formation
AWS CloudFormation is a service that helps you model and set up youramazon Web services resources so that you can spend less time managing those resources and more time focusing on your application that run in AWS. You create a template that describes all the AWS resources that you want and AWS cloudFormation takes care of provisioning and configuring those resources for you. You don't need to individually create and configure AWS resources and figure out what dependent on what; AWS cloud formation handles all of that.
AWS CloudFormation
AWS CloudFormation provides a common language for you to model and provision AWS and third-party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. AWS CloudFormation simplifies provisioning and management on AWS. You can create templates for the service or application architectures you want and have AWS CloudFormation use those templates for quick and reliable provisioning of the services or applications (called "stacks"). You can also easily update or replicate the stacks as needed.
AWS CloudHSM
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. CloudHSM offers you the flexibility to integrate with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries.
AWS Direct Connect
AWS Direct Connect provides a low-latency, high bandwidth connection to connect customer on-premise environments with the AWS cloud which allows them to create a "hybrid" cloud architecture.
AWS KMS
AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect your keys. AWS KMS is integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
AWS Lambda
AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume.
AWS Personal Health Dashboard
AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you.While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.
To restrict access to an individual object in the bucket you use _______________?
Access Control lists
Route53
Amazon DNS(Domain Name System) service is called Route53. It's global, similar to IAM and S3. You can use it to direct traffic all around the world and you can use it to register a domain name.
What is EC2?
Amazon Elastic Compute Cloud is just a virtual server in the cloud. Amazon EC2 reduce the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change.
Which service can be used for building and integrating loosely-coupled, distributed applications?
Amazon SNS
Autoscalling
Autoscaling allows you to provision multiple EC2 instances behind a load balancer automatically depending on your demand.
AWS Support Plan
BASIC: Customer Service for account and billing questions and access to the AWS community forums. DEVELOPER: (Experimenting with AWS) One primary contact may ask technical questions through support center and get a response within 12-24 hours during local business hours. BUSINESS: (Production use of AWS) 24x7 support by phone and chat 1- hour response to urgent support cases and help with common third party software. Full access to AWS Trusted advisor for optimizing your AWS infrastructure and access to the AWS support API for automating your support cases and retrieving Trusted Advisor result. ENTERPRISE: (Mission critical use of AWS) All the features of the business support plan plus an assigned Technical account manager (TAM) who provides proactive guidance and best practices to help plan develop and run your aws solutions, a support concierge who provides billing and account analysis and assistance, access to infrastructure event management to support product launches, seasonal promotions/events and migrations, and 15 minutes respond to critical support cases with prioritize cases handling.
Understand the difference Support Packages
Basic- Free Developer- $29 a month (scales based on usage) Business- $100 a month (scales based on usage) Enterprise- $15000 a month (scales based on usage) -TAM, Technical Account Manager).
Understand the difference support packages
Basic: Free Developer: $29 a month(scales based on usage) Business:$100 a month (scales based on usage) Enterprise$15000 a month (scales based on usage) - TAM,Technical Account Manager)
Elasticache
Caching very frequently based database query. Mainly use for speed up performance of existing databases (frequent identical queries). Consist of two types:- 1) Memcached 2) Redis
CloudFront Benefits
CloudFront is a content delivery network (CDN) that allows you to store (cache) your content at "edge locations" located around the world. This allows customers to access content more quickly and provides security against DDoS attacks. CloudFront can be used for data, videos, applications, and APIs. Benefits include: - Cache content at Edge Location for fast distribution to customers. - Built-in Distributed Denial of Service (DDoS) attack protection. - Integrates with many AWS services (S3, EC2, ELB, Route 53, Lambda).
No SQL Database
DynamoDb The latest Amazon DynamoDB update added support for JSON data, making it easy to store JSON documents in a DynamoDB table while preserving their complex and possibly nested shape. Now, the AWS SDK for .NET has added native JSON support, so you can use raw JSON data when working with DynamoDB. This is especially helpful if your application needs to consume or produce JSON (for instance, if your application is talking to a client-side component that uses JSON to send and receive data), as you no longer need to manually parse or compose this data.
EC2
EC2 is a compute based service. It is not serverless. It's a server! You need a private key to connect to EC2. Inexpensive compare to non-cloud servers Elastic web-scale computing
CloudFront Key Terminology
Edge Location- This is the location where content will be cached. This is separate to an AWS region/AZ. They are not just Read only- you can write to them too. Origin- This is the origin of all the files that the CDN will distribute. This can be an S3 Bucket, an EC2 Instance, an Elastic Load Balancer, or Route53. Distribution- This is the name given CDN which consists of a collection of Edge Locations.
Difference between Elastic Beanstalk and Cloud Formation?
Elastic Beanstalk is limited in what it can provision and is not programmable. Cloud Formation almost any AWS service and is completely programmable.
Elastic Beanstalk
Elastic Beanstalk you can quickly deploy and manage applications in the AWS cloud without worrying about the infrastructure that runs those applications. You simply upload your applications, and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring.
Network Load Balancers
Extreme Performance/Static IP Addresses Network Load Balancer is best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies.
Which route53 policies allow you to a) route data to a second resource if the first is unhealthy, and b) route data to resource that have better performance.
Failover Routing and Latency-based routing
IAM
IAM stands for Identity Access Management. It is Global, you do not specify a region when dealing with IAM. When you create a user or group this is created Globally.
What is IAM?
IAM stands for Identity Access Management. It is global you do not specify a region when dealing with IAM. When you create a user or group, this is created Globally.
Spot Instance
If the spot instance is terminated by Amazon EC2 you will not be charged for a partial hour of usage. However, if you terminate the instance yourself, you will be charged for any hour in which the instance ran.
Eventual Consistency for Overwrite PUTS and Deletes (can take some times to propagate).
If you update an existing file or data a file and read it immediately you may get the older version or you may not. Basically changes to objects can take a little bit of time to propagate.
Read after Write consistency for PUTS of new object.
If you write a new file and read it immediately afterwards, you will be able to view that data.
What amazon graph database service is?
It is called Neptune Advantages of Graph databases 1) Scalability 2)High Availability
Application Load Balancers
Layer 7 (Make Intelligent Decisions) Application Load Balancer is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers. Operating at the individual request level (Layer 7), Application Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) based on the content of the request.
Common Ports
Linus = SSH (Port 22) Microsoft = Remote Desktop Protocol (Port 3389) HTTP = Port 80 HTTPS = Port 443
RDS has 2 Key Features
Multi-AZ :- For Disaster Recovery Read Replicas - For Performance
A Load Balancer which can serve traffic at the TCP, and UDP layers. It needs to handle millions of requests per second at very low latencies Which Load Balancer should we use?
Network Load Balancer
3 Types of Cloud Computing deployment
Public Cloud-AWS,Azure,GCP Hybrid-Mixture of public and private Private cloud- You manage it, in your datacenter. Openstack or Vmware.
Roles
Roles are much more secure than using access key id and secret access keys are easier to manage. You can apply roles to EC2 instances at any time.When you do this the change takes place immediately. Roles are universal. You do not need to specify what region they are in, similar to users.
Some Services give global Views but are regional
S3
What is S3?
S3 is a safe place to store your files. It is Object-based storage. The data is spread across multiple devices and facilities.
Database RDS (Relational Database)
SQL MySQL PostgreSQL Oracle Aurora MariaDB
Security Groups
Security groups are virtual firewalls in the cloud. You need to open ports in order to use them. Popular ports are SSH (22) , HTTP (80), HTTPS(443), RDP(3389)
Classic Load Balancers
Test & Dev, Keep Costs Low. Classic Load Balancer provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. Classic Load Balancer is intended for applications that were built within the EC2-Classic network.
What is the root account?
The root email address you used to set up your AWS account. The root account always has full administrator access. You should not give these account credentials away to anyone. Instead create a user for each individual within your organization. You should always secure this root account using multi-factor authentication.
Billing Alerts/ Billing Alarms
They will alert you automatically when a certain level of AWS spend has been reached.
How to give permission to any group?
To set the permissions in a group you need to apply a policy to that group.policies consists of Java Script Object Notation (JSON) . These are referred to as key value pairs. You have your keys, such as name and then the value. eg: {"name":"Abhijeet Solanki"}
True or False A cloudFront Origin can be an S3 bucket, an EC2 instance, and Elastic Load Balancer, or Route53.
True
Cloudfront distribution types
Web Distribution- Typically used for websites. RTMP-Used for zMedia Streaming.
Elastic Beanstalk and CloudFormtion are both services free?
Yes both services are free however the resources they provisions such as EC2 instances are not free.
How you can access the AWS platform ?
You can access the AWS platform in 3 different ways: 1) Via the Console 2) Programmatically(Using the Command Line) 3) Using the software Developer Kit (SDK)
Cost Allocation Tags
You can use tags to organize your resources, and cost allocation tags to track your AWS cost on detailed level.
How can you get automatic notification if your account goes over like a $1000 etc?
You go into CloudWatch and you create a billing alarm uses an SNS topic.
