Cloud Practitioner
Virtual Private Gateway
Creates a VPN connection between the VPC and the internal corporate network The virtual private gateway is the component that allows protected internet traffic to enter into the VPC. Even though your connection to the coffee shop has extra protection, traffic jams are possible because you're using the same road as other customers. Here's an example of how a virtual private gateway works. You can think of the internet as the road between your home and the coffee shop. Suppose that you are traveling on this road with a bodyguard to protect you. You are still using the same road as other customers, but with an extra layer of protection.
Networking Services (Site-to-Site VPN)
Creates a secure connection between your internal networks and your AWS VPCs - Similar to direct connect, but data travels over the public internet - data is automatically encrypted - connects on-premises data center to AWS - supports a hybrid environment - slightly cheaper than direct connect site to site VPN in real world - a site-to-site VPN makes moving applications to the cloud easier
Shared Responsibility Model
Customer: responsible for security "in" the cloud AWS: responsible for security "of" the cloud Defines what you and AWS are responsible for when it comes to security and compliance
ElastiCache
Data caching service used to help improve the speed/performance of web applications running on AWS a service that adds caching layers on top of your databases to help improve the read times of common requests. It supports two types of data stores: Redis and Memcached.
RedShift
Data warehouse database service designed to handle petabytes of data for analysis - offers the ability to collect data from many sources and helps you to understand relationships and trends across your data. - used for historical analytics and not in operational. its set data
Networking Services (Direct Connect)
Dedicated physical network connection from your on-premises data center to AWS - is very high speed because it is a physical connection - connects your on-premises data center to AWS - Data travels over a private network - Supports a hybrid environment Suppose that there is an apartment building with a hallway directly linking the building to the coffee shop. Only the residents of the apartment building can travel through this hallway. This private hallway provides the same type of dedicated connection as AWS Direct Connect. When to use in real world - Large datasets (transfer large datasets to AWS) - Business critical (transfer internal data directly to AWS, bypassing your internet service provider) - Hybrid Model (Build hybrid environments)
Roles
Define access permissions and are temporarily assumed by an IAM user or service Key Takeaways for roles - You assume a role to perform a task in a single session - Assumed by any user or service that needs it - Access is assigned using policies - You grant users in one AWS account access to resources in another AWS account DevOps-Engineer - create code brance in CodeCommit - List pipelines in CodePipeline Lambda-Execution - List contents of an S3 bucket - Query DynamoDB
What database can operate MongoDB workloads at scale
DocumentDB
Document Database
DocumentDB - a fully managed document database that supports MongoDB - is compatible with MangoDB - fully managed and serverless - non-relational - great for content management, catalogs, user profiles
Durability
Durability is all about long-term data protection. This means your data will remain intact without corruption.
What is a NoSQL database fast enough to handle millions of requests per second?
DynamoDB
EC2 Storage options
EC2 supports several storage options for your instances. They include Elastic Block Store (EBS) - a storage device (called a volume) that can be attached to (or removed from) your instance - is the most common for EC2 instance -are persistent. can terminate instance and attach to another. also persists if instance isn't running - only tied to 1 AZ - can only be attached to one instance in the same AZ - recommended for: quickly accessible data, running a database on an instance, long-term data storage Elastic File System (EFS) - share drive that can be associated with many different instances - serverless network file system for sharing files - like dropbox or google drive - only supports Linux file system - accessible across different AZ in the same Region - more expensive than EBS - recommended for : main directory for business critical apps that need to be shared, lift-and-shift existing enterprise apps Instance store - afemural. data does not persist if EC2 instance is stopped or terminated - local storage that is physically attached to the host computer and cannot be removed - storage is temporary since the data loss occurs when the EC2 instance is stopped - fastest option and low latency - recommended for: temporary storage needs, data replicated across many instances
Edge Locations
Edge locations cache content for fast delivery to your users. mroe edgelocations than regions or availability zones - used to Cache content (made possible through cloud front) - Reduce latency and increases speed.
How would you alleviate database load for data that is accessed often?
ElastiCache
Data Encryption
Encodes data so it cannot be read by unauthorized users Data in flight - data that is moving from one location to another Data at rest - data that is inactive or stored for later use
Subscriptions
Endpoints to which a topic sends messages
Elastic Load Balancing (ELB)
Evenly distributes traffic between EC2 instances that are associated with it
Security Group (SG)
Firewall/security layer on the server/instance level
Governance Services (Systems Manager)
Give you visibility and control over your AWS resources - Automate operational tasks on your resources - group resources and take action - patch and run commands on multiple EC2 instances or manage RDS instances
Principle of Least Privilege
Giving a user only the rights/access to the AWS services and resources they need to do their job and nothing more
Governance Services
Governance and management services help you maintain and control over cost, compliance, and security across your AWS accounts
Management Services
Help you migrate to and build faster in the cloud - There are expert teams available that help you manage and operate your cloud environment
Amazon Developer Tools (CodeStar)
Helps developers collaboratively work on development projects - Developers connect their development environment - Integrates with CodeCommit, CodeBuild, and CodeDeploy - Contains issue tracking dashboard Real World - can manage the development pipeline
Management Services (Professional Services)
Helps enterprise customers move to a cloud based operating model - will propose solutions - help architect solutions - help implement solutions
Machine Learning Service (Lex)
Helps you build conversational interfaces like chatbots - recognizes speech and understands language - can build highly engaging chatbots - powers Amazon Alexa real world - integrate voice into a device like Alexa
Machine Learning Service (SageMaker)
Helps you build, train, and deploy machine learning models quickly - ability to prepare data for models - train and deploy models - provides deep learning AMIs In the real world - recommendation engine for a company like Netflix to recommend a viewers next movie based off past watches
Cognito
Helps you control access to mobile and web applications. - provides authentication and authorization - helps you manage users - assists with user sign-up and sign-in can provide functionality for users to sign in using social media account
Amazon Developer Tools (X-Ray)
Helps you debug production applications - Analyze and debug production applications - Map application components - View requests end to end Real World - What to trace calls to an RDS database? X-Ray can help you map these requests. can track the info
Macie
Helps you discover and protect sensitive data - uses machine learning behind the scenes - evaluates S3 Environment - uncovers PII and protects it - PII includes credit card numbers, passports numbers, social security numbers and more
Management Services (Managed Services)
Helps you efficiently operate your AWS infrastructure - Augments your internal staff - Provides ongoing management of your infrastructure - Reduces operational risks and overhead
Governance Services (License Manger)
Helps you manage software licenses - Manage on-premises and AWS licenses - Track licenses for Oracle, Microsoft, SAP, and more
Analytics Service (Data Pipeline)
Helps you move data between compute and storage services running either on AWS or on-premises - Move data at specific intervals - Move data based on conditions - Sends notifications on success or failure
Analytics Service (Elastic MapReduce (EMR))
Helps you process large amounts of data - can do data mining, data processing, machine learning, etc - analyze data using Hadoop - Works with big data frameworks
High Availability
Highly available systems are designed to operate continuously without failure for a long time. These systems avoid loss of service by reducing or managing failures.
Roles
How different AWS services are granted permission to communicate and share data
Topics
How you label and group different endpoints to which you send messages
Publishers
Human/alarm/event that gives SNS the message that needs to be sent
Storage Gateway
Hybrid storage service you can use when you want to store some data on the cloud and some locally - connect on premises and cloud data - recommended for: moving backups to the cloud, reducing costs for hybrid cloud storage, low latency access data
User Credentials
IAM user's username and password for logging in to AWS
Identities vs. Access
Identities define WHO can access your resources - Root User, Individual Users, Groups, Roles Access defines WHAT resources they can access - controlled through Policies, AWS managed policies, Customer managed policies, Permissions boundaries
AWS Security, Identity, & Compliance Services Categories
Identity and Access Management Detection Network and Application Protection Data Protection Incident Response Compliance
IAM users
Individuals who have been granted access to an AWS account
Cloud Computing Models (from more control as a user to less)
Infrastructure as a Service - Most basic fundamental building block - Building Blocks (fundamental building blocks that can be rented) - Web Hosting (Monthly subscription to have a hosting company serve your website) Software as a Service - Complete Application (Using a complete application, on demand, that someone offers to use) like sagemaker, which is the amazon stream - Email Provider (Your personal email that you access through a web browser is SaaS) Platform as a Service - Used by Developers (develop software using webbased tools without worrying about the underlying infrastructure) would be Cloud9 - Storefront Website (Tools provided to build a storefront application that runs on another company's server)
Type of AWS computing services
Instances (virtual Machines) Containers Serverless Edge and Hybrid Cost and Capacity management
Total Cost of Ownership (TCO)
Is a financial estimate that helps you understand both the direct and indirect costs of AWS helps you answer the questions: - How much does it cost to migrate to the AWS Cloud - how can i reduce total cost of ownership using AWS no longer a TCO calculator available. there is a pricing calculator that you can use Ways to reduce your TCO using AWS - Minimize capital expenditures - Utilize Reserved Instances - Right size your resources
Management Services (AWS Partner Network)
Is a global community of approved partners that offer software solutions and consulting services for AWS - Offers technology partners that provide software solutions - provides consulting partners that offer professional services - Find approved vendors with deep AWS expertise
CloudHSM
Is a hardware security module (HSM) used to generate encryption keys - Dedicated hardware for security - Generate and manage your own encryption keys - AWS does not have access to your keys
Machine Learning Service (Comprehend)
Is a natural-language processing (NLP) service that finds relationships in text - Uncovers insights and relationships within text real world application - can use to review social media posts - this is like if a pizza store owner would use this to search social media posts to see how people feel about the offered products
Amazon Redshift
Is a scalable data warehouse solution - improves speed and efficiency - handles exabyte-scale data RedShift in the real world - data consolidation (when you need to consolidate multiple data sources for reporting - relational databases (when you want to run a database that doesn't require real-time transaction processing -- insert, update, and delete)
Amazon Developer Tools (CodeCommit)
Is a source control system for private Git repositories - Create repositories to store code - commit, branch, and merge code - collaborate with other software developers Real World - What to manage versions of source code files for applications? CodeCommit can be used to manage source code and the different versions of application files SIMILAR TO GitHub!
GuardDuty
Is an intelligent threat detection system that uncovers unauthorized behavior a service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment. runs independently so wont effect performance - Uses machine learning - built-in detection for EC2, S3 and IAM - review CloudTrail, VPC Flow Logs, and DNS logs
Which analytics service helps you analyze logs in near real time for application monitoring or fraud detection?
Kinesis
IAM Credential Report
Lists all users in your account and the status of their various credentials - Lists all users and status of passwords, access keys, and MFA devices - Used for auditing and compliance
AWS Storage Services (Managed file transfer)
Managed File transfer - Simple and seamless file transfer to Amazon S3 and Amazon EFS using SFTP, FTPS, and FTP protocols
AWS Supported Databases
MySQL PostgreSQL Oracle Microsoft SQL Server most often stored in your data center. Moved to the cloud by a "lift and shift" and migrate your database to run on EC2. can also be moved by RDS with added benefits
Which database do you want to use when you need to process large sets of user profiles and social interactions?
Neptune
Graph Database
Neptune - a fully managed graph database that supports highly connected datasets - supports highly connected datasets like social media network - fully managed and serverless - fast and reliable - used for social networking, fraud detection
Stateless vs. Stateful
Network ACLs perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound. Security groups perform stateful packet filtering. They remember previous decisions made for incoming packets.
Amazon Networking and Content Delivery Service Categories
Network Foundations Application Networking Edge Networking Hybrid Connectivity Network Security
DynamoDB
NoSQL database service that does not provide other NoSQL software options. also called nonrelational database. It is a key-value database you can add or remove attributes from items in the table at any time. not every item in the table has to have the same attributes. It is a lot less rigid than a relational database that has to have specific schemas. you run queries based on a small subset of attributes instead of complex ones a created table. you can access and query serverless and auto scaling massive throughput capabilities PB size potential Granular API access Amazon DynamoDB Accelerator (DAX) is an in-memory cache for DynamoDB. It helps improve response times from single-digit milliseconds to microseconds.
How are you charged for using Lambda
Number of request code execution time 1 million requests free per month
Object storage vs Block Storage
Object storage treats any file as a complete discreet object. good for documents and images and video files that get uploaded and consumed as entire objects. but every time there is a change to an object, you must reupload and save that change to the entire file. no delta updates Block Storage breaks those files down to small component parts or blocks. This means, for that 80-gigabyte file, when you make an edit to one scene in the film and save that change, the engine only updates the blocks where those bits live. If you're making a bunch of micro edits, using EBS, elastic block storage, is the perfect use case. does not automatically scale
AWS Storage Services categories
Object, File and Block Storage Data Migration Hybrid Cloud storage and Edge Computing Managed File Transfer Disaster Recovery Backup
What are 5 ways to pay for EC2 instances
On Demand - pay by the hour or by the second without pre pay Savings Plan - commit to compute usage measured per hour for a 1 or 3 year term Reserved Instances - commit to usage for 1 or 3 years and you pay regardless to usage Spot Instances - only launch if spare capacity is available Dedicated Hosts - Entire physical server just for you
Different pricing for EC2 Instances
On Demand - fixed price billed down to second - low cost without upfront payment or long term commitment - apps under development - workload not ran longer than a year Spot - Let you take advantage of unused EC2 capacity - request filled only when capacity is available - use when you are not concerned with start or stop time of your app, workload can be interrupted, application only feasible at very low compute prices. - you save up to 90%, cheapest option Reserved - allwos you to commit to a specific instnce type in a region for 1-3 years - used when you want to pay money upfront, app required capacity reservations, app has steady state instance - can save up to 75% off on demand prices - have to sign a contract for 1-3 years - can pay all upfront (cheapest), or partial upfront - provides convertible types for 54% discount Dedicated host - physical server that allows you to pay for a physical server that is fully dedicated to running your instances - used when you have regulatory or corporate compliance, when you want to bring your own server-bound software that is licensed - can save 70% off on demand prices - bring your existing per-socket, per-core, or per-VM software - server is not shared with any other tenants Savings Plan - allow you to commit to compute usage that is measured per hour for 1-3 years - used to lower bill across multiple compute services, when you want the flexibility to changes services, instant types, operating systems or regions - can save up to 72% off on demand prices - not making commitment to dedicated host, just compute instances -savings can be shared across various compute services like EC2, Fargate and Lambda
Simple Storage Service (S3)
Online bulk storage service you can access from almost any device. stores data as objects in buckets You can upload any type of file to Amazon S3, such as images, videos, text files, and so on. For example, you might use Amazon S3 to store backup files, media files for a website, or archived documents. Amazon S3 offers unlimited storage space. The maximum file size for an object in Amazon S3 is 5 TB. When you upload a file to Amazon S3, you can set permissions to control visibility and access to it. You can also use the Amazon S3 versioning feature to track changes to your objects over time.
Well-Architected Framework - 6 Pillars
Operational Excellence - creating applications that effectively support production workloads - Plan for and anticipate failure -script operations as code - deploy smaller, reversible changes - learn from failure and refine Security - focuses on putting mechanism in place that help protect your systems and data - automate security tasks - encrypt data in transit and at rest - assign least privileges - track who did what and when - secure all layers Reliability - design systems that work consistently and recover quickly - scale horizontally for resilience - manage change through automation - reduce idle resources - test recovery procedures Performance Efficiency - focuses on the effective use of computing resources to meet system and business requirements while removing bottlenecks - user serverless architectures first (leverage AWS managed services) - use multi region deployments - delegate tasks to cloud vendor when appropriate - experiment with virtual resources Cost Optimization - focuses on delivering optimum and resilient solutions at the least cost to the user. -utilize consumption based pricing - implement cloud financial management - measure overall efficiency - pay only for resources your application requires Sustainability - focuses on environmental impacts especially energy consumption and efficiency - understand your impact - establish sustainability goals - maximize utilization - use managed services - Reduce downstream impact
Shared Responsibilities for security
Patch Management - AWS patches infrastructure - You patch guest OS and applications Configuration Management - AWS configures infrastructure devices - You configure databases and applications Awareness and Training - AWS is responsible for their employees - You are responsible for your employees
Object Availability
Percent over a one-year time period that a file stored in S3 will be accessible
Object Durability
Percent over a one-year time period that a file stored in S3 will not be lost
Aurora comes in SQL and
PostgreSQL
Analytics Service (Glue)
Prepares your data for analytics - is a Extract, Transform, Load (ETL) service - Prepare and load data - helps you better understand your data
3 Common Cloud Deployment Models
Private Cloud - Also called "on-premises" - Exists in your internal data center - Doesn't offer the advantages of cloud computing Public Cloud - Offered by AWS - You aren't responsible for the physical hardware - Provides all the advantages of cloud computing Hybrid Cloud - Sample Architecture for a hybrid solution - highly sensitive data stored locally - Web Application runs on AWS infrastructure - AWS provides tools so they talk to each other (AWS Direct Connect)
Fault Tolerance
Property that enables a system to continue operating properly in the event of the failure of one or more components
Web Application Firewall (WAF)
Protects your web applications against common web attacks is a web application firewall that lets you monitor network requests that come into your web applications. AWS WAF works together with Amazon CloudFront and an Application Load Balancer. Recall the network access control lists that you learned about in an earlier module. AWS WAF works in a similar way to block or allow traffic. However, it does this by using a web access control list (ACL) to protect your AWS resources. - Protects apps against common attack patterns - Protects against SQL injection - Protects against cross-site scripting
Machine Learning Service (Translate)
Provides language translation - provides real-time and batch language translation - supports many languages - Translates many content formats real world - add localization to a website or application to support a diverse user base
Elastic Book Store (EBS)
Provides persistent block storage volumes for use of EC2 instances.
Which database do you use when you want to migrate an on-premises Oracle database to the cloud?
RDS (Relational Database Service)
Relational Databases Amazon Offers
RDS (Relational Database Service) -- makes it easy to launch and manage relational databases -- customer ownership of data, of schema and control of network. not auto --supports popular database engines --high availability and fault tolerance -- AWS manages the database with automatic software patching, automated backups, operating system maintenance, and more --Launch read replicas (read only copy of database for fast querying) across regions in order to provide enhanced performance and durability -- able to build complex analysis of data spread across multiple tables, is the strength of any relational system -- built for business analytics Aurora - Relational database compatible with MySQL and PostgreSQL that was created by AWS - 5x fasters than normal MySQL and 3x faster than normal PostgreSQL - Scales automatically while providing durability and high availability - Managed by RDS
AWS Database Services Categories
Relational Key-value in-memory Document Wide Column Graph Time Series Ledger
what are the different types of databases that support different use cases
Relational -RDS -Aurora NoSQL - DynamoDB Graph - Neptune In-memory - ElastiCache Document -DocumentDB
Which database do you use when you want to migrate on-premises PostgreSQL database to the cloud?
Relational Database Service Aurora
AWS Relational Database Services
Relational databases store data with predefined schemas and relationships between them. These databases are designed to support ACID transactions, and maintain referential integrity and strong data consistency. EX: Amazon Aurora Amazon RDS Amazon Redshift Use Cases: Traditional applications, enterprise resource planning (ERP), customer relationship management (CRM), ecommerce. If yoiu want to keep track if your customer buys the same drink and give a reward on the next purchase
Storage Class
Represents "classification" assigned to each object in S3 (standard, RRS, S3-IA, Glacier)
Buckets
Root-level "folders"
How do you report abuse of AWS resources?
Rotate your passwords and active keys first!! then contact the AWS Trust & Safety team using the Report Amazon AWS abuse form or by contacting [email protected] Typical Abuse can be - intrusion attempts from a particular IP address - if you are getting spammed - you see a DDos attack - you see content being illegally distributed
Lambda
Serverless computing that will replace EC2 instances, for the most part
Trusted Advisor
Service that "advises" and helps you optimize aspects of your AWS account
Identity and Access Management (IAM)
Service where AWS user accounts and their access to various AWS services are managed enables you to manage access to AWS services and resources securely. IAM gives you the flexibility to configure access based on your company's specific operational and security needs. allows you to control access to your AWS services and resources - helps you secure your cloud resources - you define who has access - you define what they can do - IAM is a free global service
Object Lifecycle
Set rules to automatically transfer objects between storage classes at defined time intervals
Shared Responsibility Model (AWS vs Customer)
Shared Security Responsibility - AWS responsible for security OF the Cloud -- AWS is responsible for protecting and securing their infrastructure -- AWS is responsible for its global infrastructure elements: Regions, edge locations, and Availability Zones -- AWS controls access to its data centers where your data resides -- AWS maintains networking components (i.e. generators, computer room air conditioning, power supply, fire suppression, etc) -- AWS is responsible for any managed service like RDS, S3, ECS, or Lambda, patching of host operating systems, and data endpoints - Your are responsible for security IN the Cloud -- you are responsible for how services are implemented and managing your application data. -- You are responsible for managing application data which includes encryption options -- You are responsible for security configuration like securing your account, API calls, rotating credentials, restricting internet access from your VPC, etc -- You are responsible for the guest operating system (OS), which includes updates and security patching -- You are responsible for application security and identity and access management -- You are responsible for network traffic protection, which includes security group firewall configuration -- You are responsible for your application code, installed software, etc. you should frequently scan for and patch vulnerabilities in your code
Governance Services (Control Tower)
Sits on top of Organizations and helps you ensure your accounts conform to company-wide policies - Helps set up new accounts using a multi-account strategy - Works directly with AWS Organizations - Enforces the best use of services across accounts - provides a dashboard to hep you manage accounts - can disallow public write access to all S3 buckets across your accounts
Amazon Developer Tools
Software developers use tools to accelerate the software development and release cycle Cloud9 CodeStar CodeCommit CodeBuild CodeDeploy CodePipeline X-Ray
S3 Storage Classes
Standard --general purpose --data stored across multiple availability zones --low latency and high throughput -- recommenced for frequently accessed data Intelligent Tiering --automatically moves data to most cost effective storage class -- no retrieval fees -- recommended for data with unknown or changing patterns Infrequent Access (IA) -- data accessed less frequently but requires rapid access -- cheaper than S3 --recommended for long -lined data, infrequently accesses, millisecond access when needed One-Zone Infrequent Access --like IA but data only stored in one availability zone -- 20% less than s3 Standard -- data stored in this storage class can be lost due to only being in one AZ -- recommended for recreatable data, infrequently accessed data with millisecond access and data that availability and durability arent essential - only 99.5% available Glacier -- long term and archival data storage --data retrieval takes time --3 retrieval options (1-5 min, 3-5 hrs, 5-12 hrs) --recommended for long term backups. cheaper storage options Glacier Deep Archive --longer access time than glacier -- only 2 retrieval options (12hrs & 48hrs) --cheapest of all S3 --stored accross multiple AZ -- recommended for long term data archival accesses 1-2 times a year or retrieving data for regulatory compliance requirements Outposts --provides object storage on premise -- a single storage class -- store data across multiple devices and servers --recommended for data that needs to be kept local, and applications that have demanding performance needs
S3 in the Real World (why and how you would use)
Static Websites - global distribution Data Archive Analytics Systems - like Redshift and Athena Mobile Applications
This approach allows data to be stored in an easily understandable, consistent, and scalable way.
Structured Query Language
How Amazon Route 53 and Amazon CloudFront deliver content
Suppose that AnyCompany's application is running on several Amazon EC2 instances. These instances are in an Auto Scaling group that attaches to an Application Load Balancer. 1 A customer requests data from the application by going to AnyCompany's website. 2 Amazon Route 53 uses DNS resolution to identify AnyCompany.com's corresponding IP address, 192.0.2.0. This information is sent back to the customer. 3 The customer's request is sent to the nearest edge location through Amazon CloudFront. 4 Amazon CloudFront connects to the Application Load Balancer, which sends the incoming packet to an Amazon EC2 instance.
Cost Trackers (Cost Allocation Tags)
Tags are useful for tracking spend - Tags allow you to label resources using a key and value pair - Tags allow you to track costs via the cost allocation report
Object Sharing
The ability to make any object publicly available via a URL.
Agility
The cloud gives you increased agility. All the services you have access to help you innovate faster, giving you speed to market.
Deployment and IT Infrastructure Management Services
These services help you quickly stand up new applications, automate the management of infrastructure, and provide real-time visibility into system health CloudFormation Elastic Beanstalk OpsWorks
Auditing, Monitoring and Logging service (CloudTrail)
Tracks user activity and API calls within your account records API calls for your account. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, and more. You can think of CloudTrail as a "trail" of breadcrumbs (or a log of actions) that someone has left behind them. - Log and retain account activity - Tack activity through the console, SDKs and CLI - Identify which user made changes - Detect unusual activity in your account Within CloudTrail, you can also enable CloudTrail Insights. This optional feature allows CloudTrail to automatically detect unusual API activities in your AWS account. Real World - Track the time a particular event occurred to trouble shoot event. can narrow down the specific time an event occurred. what can you track with CloudTrail? - User - Event Time - IP address - Access Key Used - Region - Error Code
Machine Learning Service (Polly)
Turns text into speech -mimics natural sounding human speech - Several voices across many languages - you can create a custom voice Real World - can convert text to speech in a blog
Networking services (Amazon Virtual Private Cloud)
VPC is a foundational service that allows you to create a secure private network in the AWS cloud where you launch your resources - can set up private virtual network where you can set up IP address names, subnets, route tables, firewalls. - can launch resources like EC2 instances inside the VPC - way to isolate and protect resources - spans AZ's in a Region - can be seen as a privacy fence VPC Peering - Allows you to connect 2 VPCs together and make them behave as one - it facilitates the transfer of data in a secure manner
Route 53
Where you configure and manage web domains for websites or applications you host on AWS
Elasticity
With elasticity, you don't have to plan ahead of time how much capacity you need. You can provision only what you need, and then grow and shrink based on demand. (like a rubberband) build or take away servers based on demand
EC2 Shared Responsibility Model
You are Responsible for: - Installed applications - Patching the guest operating system - Security Controls AWS is Responsible for: - EC2 Service - Patching the host operating system - Security of the physical server
Lambda Shared Responsibility Model
You are Responsible for: - Security of code - Storage of sensitive data - IAM for permissions AWS is Responsible for: - Lambda Service - Upgrading Lambda Languages - Lambda Endpoints - Operating System - Underlying Infrastructure - Software Dependencies
Policies
You manage permissions for IAM users, groups, and roles by creating a policy document in JSON format and attaching it
Data Warehouse
a data storage solution that aggregates massive amounts of historical data from disparate sources benefits include they support querying, reporting, analytics, and business intelligence. They are not used for transaction processing. primarily used for reporting and analytics
Queue
a data structure that holds request or messages
Analytics Service (Athena)
a query service for Amazon S3 - Analyze S3 data using SQL - Pay per query - Serverless - helps you query historical data stored in S3 as if they were relational data using standard SQL
AWS Fargate
a serverless compute engine for containers. - allows you to manage containers like docker (leading container technology) - scales automatically
AWS Lambda
a service to run code without managing servers (serverless unlike EC2, they are managed by AWS) -the author application code called functions, using many popular languages - scales automatically - allows developers to focus on core business logic for the apps they are developing instead of worrying about managing servers -used for real time file processing, sending email notifications, backend business logic - used for short compute instances and not complex ones like EC2 is features include - supports popular programming languages - author code using favorite development environment or console - lambda can execute your code in response to events (triggered when a file uploaded to s3 example) - functions have a 15-minute timeout (not good for processes that run longer) pricing model - charged for duration and number of requests - pay only for compute time uses, there is no charge for code not running - a request is counted each time it starts execution (test invokes in the console count as well - the free usage tier includes 1 million free requests each month
Content Delivery Network (CDN)
a system of hardware and software that stores user data in many different geographical locations and makes those data available on demand a mechanism to deliver content quickly and efficiently based on your geographic location
AWS CloudWatch
a web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics. CloudWatch uses metrics to represent the data points for your resources. AWS services send metrics to CloudWatch. CloudWatch then uses these metrics to create graphs automatically that show how performance has changed over time.
DataSync
allows for online data transfer from on-premises to AWS storage services like S3 or EFS - Copy data over direct connect or the internet - copy data between AWS storage services - Replicate data across a region or cross-account
AWS Management Console
allows you to access your AWS account and manage applications running in your account fro ma web browser Has broad usage 1. new to cloud (if your just getting started with the cloud) 2. Non- Technical Roles (if you serve in a non-technical role: business analyst, project manager, and many more) 3. Technical Roles (If you serve in a technical role: software engineer, web developer, solutions architect, and many more)
AWS Command Line Interface
allows you to access your AWS account through a terminal or command window mainly used by developers gives you programmatic access - provides access to your AWS resources through an application or a tool like the CLI
Machine Learning Service (Rekognition)
allows you to automate your image and video analysis - identify custom labels in images and video - performs face to text detection in images and videos in the real world - could help alfredo identify the toppings on his pizzas to know they are being made consistently
Key Management Service (KMS)
allows you to generate and store encryption keys enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications. - Key generator - store and control keys - AWS manages encryption keys (governing and storing keys and allows issues decryption key for those with permissions) - Automatically enabled for certain services
Amazon Lightsail
allows you to quickly launch all the resources you need for small projects - deploy preconfigured applications, like WordPress websites, at the click of a button - single screens for people with no cloud experience - includes virtual machine, storage, data transfer, DNS management and a static IP - low predictable monthly fee as low as $3.50 - great for very simple workloads, quick deployments and just getting started with AWS. designed to have you start small and scale as you grow
Notification Services (Simple Email Service (SES))
an email service that allwos you to send richly formatted HTML emails from your applications - ideal choice for marketing campaigns or professional emails - unlike SNS, SES sends HTML emails. Means it is pretties and you can format with color and other things Real World - want to send a marketing email and track open or click-through rates?? use SES
EBS Snapshots
an incremental backup. This means that the first backup taken of a volume copies all the data. For subsequent backups, only the blocks of data that have changed since the most recent snapshot are saved. Incremental backups are different from full backups, in which all the data in a storage volume copies each time a backup occurs. The full backup includes data that has not changed since the most recent backup.
servers
are the physical compute hardware running in a data center. Everything else was a geographical area or building, these are the actual things in the building EC2 instances are the virtual servers running on these physical servers
Cost Trackers (Cost and Usage Report)
contains the most comprehensive set of cost and usage data - downloadable detailed and comprehensive report - Lists usage for each service category - Aggregate usage data on a daily, hourly, or monthly level - allows you to view the most granular data about your AWS bill. allows you to deep dive to the exact instance and numbers
Management Services (Marketplace)
digital catalog of prebuilt solutions you can purchase or license. You may also sell your own solutions to others via Marketplace. is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS. - you can buy third-party software - sell solutions to AWS customers - Search the catalog of software listings and install with the click of a button
Domain Name System (DNS)
directs internet traffic by connecting domain names with web servers
AWS Backup
helps you manage data backups across multiple AWS services - integrates with resources like EC2, EBS, EFS and more - Create a backup plan that includes your desired frequency and retention
Application Discovery Service
helps you plan migration projects to the AWS Cloud - Plan migration projects - Used to estimate TCO - Works with other services to migrate servers
Governance Services (Certificate Manager)
helps you provision and manage SSL/TLS certificates - provides public and private certificates for free - integrates with Elastic Load Balancing, API Gateway, and more
Analytics Service (QuickSight)
helps you visualize your data by using interactive dashboards that you can integrate/embed into your applications.
Content Delivery Service (S3 Transfer Acceleration)
improves content uploads and downloads to and from S3 buckets - fast transfer of files over long distances - uses CloudFront's globally distributed edge locations - customers around the world can upload to a central bucket using this
Networking Services (Route 53)
is a DNS service that routes users to applications - allows you to register domain name - performs health checks on AWS resources - supports hybrid cloud architectures - ran with Edge locations to direct customers/traffic to correct locations
Auditing, Monitoring and Logging service (CloudWatch)
is a collection of services that help you monitor and observe your cloud resources - collects metrics, logs, and events - Detect anomalies in your environment - Set Alarms - Visualize logs - real time monitoring on EC2 and other instances includes: CloudWatch Alarms CloudWatch Logs CloudWatch Metrics CloudWatch Events (automated action based on conditions)
Shield
is a managed Distributed Denial of Service (DDoS) protection service. get real time notifications -always-on detection feature shield standard -- free protection against common and frequently occurring attacks Shield Advanced -- Provides enhanced protections and 24/7 access to AWS experts for a fee -- DDoS protection via Shield Advanced is supported on several services: CloudFront, Route 53, Elastic Load Balancing, AWS Global accelerator
Amazon Simple Storage Service (S3)
is a regional object storage service for the cloud that is highly available -Objects (files) are stored in buckets (directories) - Essentially unlimited storage that can hold millions of objects per bucket - Objects can be public or private - You can upload objects via the console, the CLI, or programmatically from within code using SDKs - can set security by using ACL's, bucket policies or access point policies - can enable versioning to create multiple versions of our file in order to protect against accidental deletion - can use S3 access logs to track who accesses your buckets/objects - `bucket names must be globally unique (the name for your bucket cant be duplicated)
Elastic File System (EFS)
is a scalable file system used with AWS Cloud services and on-premises resources. As you add and remove files, Amazon EFS grows and shrinks automatically. It can scale on demand to petabytes without disrupting applications. a true file system for linux. you can share these files. automatically scales unlike EBS stores across multiple availability zones
Amazon Managed Blockchain
is a service that you can use to create and manage blockchain networks with open-source frameworks. is fully managed Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority.
Latency
is the time that passes between a user request and a resulting response - Low Latency is good! means your website loads faster
WHat is a firewall
it prevents unauthorized access to your networks by inspecting incoming and outgoing traffic against security rules you've defined.
Amazon Quantum Ledger Database (Amazon QLDB
ledger database service. You can use Amazon QLDB to review a complete history of all the changes that have been made to your application data. is immutable and no entry can be removed
Amazon Developer Tools (CodeDeploy)
manages the deployment of code to compute services in the cloud or on-premises - Deploys code to EC2, Fargate, Lambda, and on-premises - Helps Maintain application uptime Real World - You want to maintain application uptime when rolling out a new version? CodeDeploy eliminates the downtime of your application when deploying a new version due to its rolling deployments
Simple Queue Service (SQS)
message queuing service that allows you to build loosly coupled systems - Allows for component to component communication using messages - Multiple components (or producers) can add messages to the queue - Messages are processed in an asynchronous manner (don't sit and wait for a response) Real World - Want to build a money transfer app that performs well under heavy load?
AWS Artifact
offers on-demand access to AWS security and compliance reports AWS Artifact consists of two main sections: AWS Artifact Agreements and AWS Artifact Reports. - Central repository for compliance reports from third-party auditors - Service organization Controls (SOC) audits can be stored here - Payment Card Industry (PCI) reports can be stored here
how you pay for S3 pricing
pay only for the storage you use, no minimal fee and prices are based on: - location of S3 bucket - storage class - number and size of objects in storage - data transferred out of S3 region - requests made for data and amount of requests made
Governance Services (Trusted Advisor)
provides real-time guidance to help you provision your resources following AWS best practices a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. Trusted Advisor compares its findings to AWS best practices in five categories: cost optimization, performance, security, fault tolerance, and service limits. For the checks in each category, Trusted Advisor offers a list of recommended actions and additional resources to learn more about AWS best practices. - Checks your account and makes recommendations - Helps you see service limits - Helps you understand best practices - checks for access on ports for free - checks for MFA on root account for free - Checks IAM password policy for fee - checks for RDS public snapshots for free -checks for service usage greater than 80 % for fee - checks for exposed access keys - checks for cloudfront delivery optimization green = no problems orange = recommended investigations red = recommended actions
Content Delivery Service (Global Accelerator)
sends your users through the AWS global network when accessing your content, speeding up delivery - improves latency and availability of single-Region applications - sends traffic through the AWS global network infrastructure - 60% performance boost - automatically reroutes traffic to healthy available regional endpoints
Artificial Intelligence (Machine Learning)
teaches computers to do things that normally require human intelligence Businesses leverage AI and machine learning to add intelligence to their applications and leverage trends and patterns in data.
AWS Cloud Perspective Framework (AWS CAF)
the AWS Cloud Adoption Framework (AWS CAF) organizes guidance into six areas of focus, called Perspectives. Each Perspective addresses distinct responsibilities. The planning process helps the right people across the organization prepare for the changes ahead. In general, the Business, People, and Governance Perspectives focus on business capabilities, whereas the Platform, Security, and Operations Perspectives focus on technical capabilities.
API call
the method an application uses when it makes a request of the OS you can use API calls to provision, manage, and configure your AWS resources
Auditing, Monitoring and Logging
these services give ou insight into how well your systems are performing and help you proactively find and resolve errors. Answers questions such as: - Who signed in and made changes via the AWS management console? - What is the current load on this EC2 instance? - What is the root cause of this application error? - Which execution path resulted in this error?
Organization Service Control Policies (SCPs)
used to enforce permissions you want everyone in the organization to follow
Horizontal scaling vs. Vertical Scaling
with vertical scaling, you upgrade (going up). This upgrades an EC2 instance by adding more power (CPU,RAM) to an existing server horizontal scaling (going out) is when you are adding or removing servers
Amazon Inspector
work with EC2 instances to uncover and report vulnerabilities helps to improve the security and compliance of applications by running automated security assessments. It checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions. After Amazon Inspector has performed an assessment, it provides you with a list of security findings - Agent installed on EC2 instance - Reports vulnerabilities found - Checks access from the internet, remote root login, vulnerable software versions, etc - consist of network configuration reachability, an agent and a security assessment service
AWS Pricing
*Pay as you go *Pay for what you use *Pay less as you use more *Pay even less when you reserve capacity
AWS Document Database services
- A document database is designed to store semistructured data as JSON-like documents. These databases help developers build and update applications quickly. Amazon DocumentDB (with MongoDB compatibility) Use cases: Content management, catalogs, user profiles
AWS Wide Column Database Services
- A wide column store is a type of NoSQL database. It uses tables, rows, and columns, but unlike a relational database, the names and format of the columns can vary from row to row in the same table. Amazon Keyspaces Use cases: High-scale industrial apps for equipment maintenance, fleet management, and route optimization
Elastic Block Storage (EBS)
- Easy to use, high-performance block storage service for both throughput and transaction intensive workloads at any scale a service that provides block-level storage volumes that you can use with Amazon EC2 instances. If you stop or terminate an Amazon EC2 instance, all the data on the attached EBS volume remains available. stores in a single availability zone To create an EBS volume, you define the configuration (such as volume size and type) and provision it. After you create an EBS volume, it can attach to an Amazon EC2 instance. Because EBS volumes are for data that needs to persist, it's important to back up the data. You can take incremental backups of EBS volumes by creating Amazon EBS snapshots.
IAM Best Practices
- Enable MFA for privileged users. - Implement strong password policies - Create individual users instead of using root - use roles for Amazon EC2 instances - Require human users to use federation with an identity provider to access AWS using temporary credentials - Require workloads to use temporary credentials with IAM roles to access AWS - Rotate access keys regularly for use cases that require long term credentials - use IAM access analyzer to generate least privilege policies based on access activity - use conditions in IAM policies to further restrict access - establish guardrails across multiple accounts
AWS Graph Database Services
- Graph databases are for applications that need to navigate and query millions of relationships between highly connected graph datasets with millisecond latency at large scale. Amazon Neptune Use cases: Fraud detection, social networking, recommendation engines
AWS Ledger Database Services
- Ledger databases provide a centralized and trusted authority to maintain a scalable, immutable, and cryptographically verifiable record of transactions for every application. Amazon Ledger Database Services (QLDB) use cases: Systems of record, supply chain, registrations, banking transactions
AWS Time Series Database Services
- Time-series databases efficiently collect, synthesize, and derive insights from data that changes over time and with queries spanning time intervals. Amazon TimeStream Use cases: Internet of Things (IoT) applications, DevOps, industrial telemetry
Instance Store Volumes
- afemural (temporary). data does not persist if EC2 instance is stopped or terminated - local storage that is physically attached to the host computer and cannot be removed - storage is temporary since the data loss occurs when the EC2 instance is stopped - fastest option and low latency - recommended for: temporary storage needs, data replicated across many instances
What can only Root user do?
- close your account - change email address - Modify support plan
Database Migration Service (DMS)
- helps you migrate databases to or within AWS -continuous replication - supports homogeneous and heterogeneous migrations - virtually no downtime. - enables you to migrate relational databases, nonrelational databases, and other types of data stores. With AWS DMS, you move data between a source database and a target database. The source and target databases can be of the same type or different types. - During the migration, your source database remains operational, reducing downtime for any applications that rely on the database. Real World use Case - oracle to aurora MySQL (migrate an on-premises oracle database to aurora MySQL) - Oracle to Oracle (migrate on on-premises oracle database to Oracle on EC2) - RDS Oracle to Aurora MySQL (Migrate an RDS Oracle Database to Aurora MySQL
Programmatic Access
- provides access to your AWS resources through an application or a tool like the CLI. - Can be attained by the methods below CLI - allows you to manage AWS services from a terminal session on your laptop. allows you to automate and make API requests as well. Application Code - AWS services can be accessed from application code using SDKs and programmatic calls Software Development Kits (SDKs) - Allow you to access AWS services from popular programming languages like Java, Python, C#, and many more
RDS Pricing
- running clock hours - type of database - Storage - Purchase type (in demand or reserve) - database count (# of instances) - API requests and calls (includes calls from insights dashboard - Deployment type (single or multiple AZs) - Data transfer (inbound free but cost for outbound)
AWS In-memory Database services
-In-memory databases are used for applications that require real-time access to data. By storing data directly in memory, these databases deliver microsecond latency to applications for whom millisecond latency is not enough. Amazon ElastiCache Amazon MemoryDB for Redis Use cases: Caching, session management, gaming leaderboards, geospatial applications
AWS Key-Value Database Services
-Key-value databases are optimized for common access patterns, typically to store and retrieve large volumes of data. These databases deliver quick response times, even in extreme volumes of concurrent requests. Ex: Amazon DynamoDB Use cases: High-traffic web applications, ecommerce systems, gaming applications
What are Databases
-allow us to collect, store, retrieve, sort, graph, and manipulate data -a database is an organized collection of various forms of data -databases are used by many applications: web, mobile, services and more - are necessary to persist data through runs of an applications - you access the data stored in a database by querying it - databases are typically controlled by a database management system
6 Advantages of Cloud Computing
1. Increased Agility & Speed 2. Stop Spending Money on Running and Maintaining Data centers (focus on building applications instead) 3. Benefit from Massive Economies of Scale 4. Go Global in Minutes 5. Stop Guessing Capacity (matched to your demand) 6. Trade Capital expense for Variable Expense
Free Offer Types at AWS
12 months free - following initial sign up to AWS - or until application usage threshold is rached Always free Trials - short term free trials starting from date you activate free service
DNS Server
A database of website domains and their corresponding IP addresses
Access Control List (ACL)
A firewall/security layer on the subnet level
Virtual Private Cloud (VPC)
A private subsection of AWS you control and in which you can place AWS resources Amazon VPC enables you to provision an isolated section of the AWS Cloud. In this isolated section, you can launch resources in a virtual network that you define. Within a virtual private cloud (VPC), you can organize your resources into subnets. A subnet is a section of a VPC that can contain resources such as Amazon EC2 instances.
Subnet
A subsection of a network and generally includes all the computers in a specific location
Firewall
A type of software that either allows or blocks certain kinds of internet traffic to pass through it
Elastic Compute Cloud (EC2)
A web service that provides resizable computing capacity in the cloud. - is the virtual servers running on physical servers located in data centers -Can use a preconfigured template called an Amazon Machine Image (AMI) to launch your - You receive 750 compute hours per month on the Free Tier plan. - offer load balancing to automatically distribute your incoming application traffic across multiple EC2 instances (classic, application, gateway and network balancers). like a greeter at the door directing traffic - offers autoscaling which adds or replaces EC2 instances automatically across AZs, based on need and chaning demand. it reduces the impact of system failure and improves the availability of your applications.
Amazon Networking and Content Delivery service (Application Networking)
AWS AppMesh - Connect containers and microservices with application level networking AWS API Gateway - Create, maintain, and secure APIs at any scale AWS Cloud Map - Discover and access the most up-to-date service resources
AWS Security, Identity, & Compliance Services (Compliance)
AWS Artifact - No cost, self-service portal for on-demand access to AWS' compliance reports AWS Audit Manager - Continuously audit your AWS usage to simplify how you assess risk and compliance
AWS Storage Services (Data Migration)
AWS DataSync - Online data transfer service that optimizes network bandwidth and accelerates data movement between on-premises storage and AWS storage AWS Snow Family - offline data transfer devices with built-in security and logistics features for simplified data migration
AWS Analytics Services (Predictive Analytics and Machine Learning)
AWS Deep Learning AMIs - Frameworks and interfaces Amazon SageMaker - Platform services
Amazon Networking and Content Delivery service (Hybrid Connectivity)
AWS Direct Connect - Establish a private, dedicated AWS connection to your data center, office, or colocation environment Established a dedicated connection between the on-premises data center and the VPC AWS Site-to-Site VPN - Create an encrypted network connection to your Amazon VPCs or AWS Transit Gateways AWS Client VPN - Connect your remote workforce to AWS or on-premises with a Virtual Private Network (VPN) AWS Cloud WAN - Easily build, manage, and monitor global wide area networks
AWS Storage Services (Disaster Recovery and Backup)
AWS Elastic Disaster Recovery (DRS) - minimize downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery AWS Backup - Fully managed, policy-based service to centrally manage and automate data protection, compliance, and governance for applications running on AWS
AWS Security, Identity, & Compliance Services (Identity and Access Management)
AWS Identity and Access Management (IAM) - Securely manage access to services and resources AWS IAM Identity Center (Successor to AWS SSO) - Cloud single-sign-on (SSO) device Amazon Cognito - identity management for your apps AWS Directory Service - Managed Microsoft Active Directory AWS Resource Access Manager - Simple, secure service to share AWS resources AWS Organizations - Central governance and management across AWS accounts
AWS Compute Service (Serverless)
AWS Lambda - Run code without thinking about servers. Pay only for the compute time you consume
How to connect to EC2 Instance
AWS Management Console Secure Shell (SSH) -most common way to connect to Linux EC2 Instances. Have to generate a key pair (private and public) to verify identity EC2 Instance Connect (EIC) -allows you to use IAM policies to control SSH access to your instances, removing the need to manage SSH Keys AWS Systems Manager - allows you to manage your EC2 instances via web browser or the AWS CLI
AWS Security, Identity, & Compliance Services (Network and Application Protection)
AWS Network Firewall - network security AWS Shield - DDos Protection Amazon Route 53 Resolver DNS Firewall - Filer and control outbound DNS traffic for your VPCs AWS Web Application Firewall (WAF) - Filter malicious web traffic AWS Firewall Manager - Central management of firewall rules
AWS Compute Service (Edge and Hybrid)
AWS Outposts - Run AWS infrastructure and services on premises for a truly consistent hybrid experience AWS Snow Family - Collect and process data in rugged or disconnected edge environments AWS Wavelength - Deliver ultra-low latency application for 5G devices VMware Cloud on AWS - Preferred service for all vSphere workloads to rapidly extend and migrate to the cloud AWS Local Zones - Run latency sensitive applications closer to end-users
AWS Compute Service (Cost and Capacity Management)
AWS Savings Plan - Flexible pricing mode that provides savings of up to 72% on AWS compute usage AWS Compute Optimizer - Recommends optimal AWS compute resources for your workloads to reduce coats and improve performance AWS Elastic Beanstalk - Easy-to-use service for deploying and scaling web applications and services EC2 Image Builder - Build and maintain secure Linux or Windows Server images Elastic Load Balancing (ELB) - automatically distribute incoming application traffic across multiple targets
AWS Security, Identity, & Compliance Services (Detection)
AWS Security Hub - Automate AWS security checks and centralize security alerts Amazon GuardDuty - Protect AWS accounts with intelligent threat detection Amazon Inspector - Automate vulnerability management AWS Config - Record and evaluate configurations of your AWS resources AWS CloudTrail - Track user activity and API usage AWS IoT Device Defender - Security management for IoT Devices
Amazon Networking and Content Delivery service (Network Security)
AWS Shield - Safeguard AWS applications against distributed denial of service (DDoS) attacks AWS WAF - Protect your web applications from common web exploits AWS Network Firewall - Deploy network security across your Amazon VPCs AWS Firewall Manager - Centrally configure and manage firewall rules
AWS Storage Services (Hybrid Cloud storage and edge computing)
AWS Storage Gateway - Hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage AWS Snow Family - Edge compute, data collection, and data transfer services with security and end-to-end logistics for mobile and rugged deployments
Why should you control access to your AWS servcies and resources using software-based security tools
AWS has several software-based security tools available to help you monitor and protect your resources
Regions
AWS logically groups its Regions into Geographic locations for ease of management. - fully independent and isolated from each other - they are resource and service specific (have to identify a region when deploying an app)
Simple Notification Service (SNS)
AWS service that allows you to automate the sending of email or text messaging notifications based on events that happen in your AWS account
Support Case Types
Account and Billing - Free for all customers Service Limit Increases - can be opened by all customers Technical Support - can only be open by customers on paid plans (developer, business or enterprise plan) NO support cases for code development, debugging custom software, or performing system administration tasks
Management Services (Personal Health Dashboard)
Alerts you to events that might impact your AWS environment - Provides troubleshooting guidance - Feedback tailored to your specific environment
AWS Organizations
Allow you or your company access to manage billing and access to multiple AWS accounts in one user interface used to consolidate and manage multiple AWS accounts within a central location. can group accounts into organizational units (OUs) to make it easier to manage accounts with similar business or security requirements. When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy.
Governance Services (Organizations)
Allow you to centrally manage multiple AWS accounts under one umbrella - Group multiple accounts - Single payment for all accounts - automate account creation - centrally manage and apply access policies across groups What are the benefits of using Organizations? - Consolidated Billing, Cost Savings, Account Governance
Analytics Service (Kinesis)
Allows you to analyze data and video streams in real time - Analyze real-time streaming data (data and videos) - supports video, audio, application logs, website clickstreams, and IoT
Config
Allows you to assess, audit, and evaluate the configurations of your resources - Track configuration changes over time - Delivers configuration history file to S3 - Notifications via Simple Notification Service (SNS) of every configuration change
Amazon Developer Tools (CodeBuild)
Allows you to build and test your application source code - Compiles source code and runs tests - Enables continuous integration and delivery - Produces build artifacts ready to be deployed Real World - Want to run tests before deploying a new version of an application to product? use CodeBuild
Deployment and IT Infrastructure Management Services (Elastic Beanstalk)
Allows you to deploy your web applications and web services to AWS - allows you to provision amazon EC2 instances. environment built for you. - orchestration service that provisions resources - automatically handles the deployment from capacity provisioning, load balancing and autoscaling - monitors application health via a health dashboard Real World - Your able to quickly deploy a scalable java-based web application to AWS
AWS CLI- command line interface
Allows you to make API calls using the terminal on your machine. AWS CLI enables you to control multiple AWS services directly from the command line within one tool. AWS CLI is available for users on Windows, macOS, and Linux. By using AWS CLI, you can automate the actions that your services and applications perform through scripts. For example, you can use commands to launch an Amazon EC2 instance, connect an Amazon EC2 instance to a specific Auto Scaling group, and more. makes errors less likely because you can automate
Secrets Manager
Allows you to manage and retrieve secrets (passwords or keys) Rotate manage and retrieve secrets - encrypt secrets at rest - integrates with services like RDS, Redshift, and DocumentDB
Server Migration Service (SMS)
Allows you to migrate on-premises servers to AWS - Server saved as a new Amazon Machine Image (AMI) - Uses AMI to launce servers as EC2 instances
AWS Batch
Allows you to process large workloads in smaller chunks (or batches) - used for larger jobs - runs hundreds and thousands of smaller batch processing jobs. - Dynamically provisions instances based on volume - for instance, if a business wants to send out hundreds of thousands of emails, they can be batched and only send out hundreds at a time.
AWS Price List API
Allows you to query the price of AWS services - Query using JSON or HTML - Able to receive price alerts when prices change
AWS Outposts
Allows you to run cloud services in your internal data center - supports workloads that need to remain on-premises due to latency or data sovereignty needs - AWS delivers and installs servers in your internal data center - used for a hybrid experience - Have access to the cloud services and APIs to develop apps on-premises - ran with Edge to to run a fully operational region inside your building
Notification Services (Simple Notification Service (SNS))
Allows you to send emails and text messages from your applications - Publish a message to a topic - Subscribers can receive messages - this is plain text and NOT colorful text Real World - what to be notified by email when CPU utilization of an EC2 instance goes above 80%? Use SNS
Cost Trackers (Budgets)
Allows you to set custom budgets that alert you when your costs or usage exceed your budgeted amount - allows you to improve planning and cost control - can receive budget alerts - 3 types of budgets: -- Cost (plan how much you want to spend) -- Usage (plan how much you want to use on one or more services) -- Reservation budgets (set reserved instances or savings plans utilization or coverage targets)
AWS Snow Family
Allows you to transfer large amounts of on-premises data to AWS (the cloud) using a physical device -more cost effective and faster - typically used when you have large amounts of data (from smallest to largest_ Snowcone - smallest member of the data transport devices - 8 terabytes of usable storage - offline shipping - Online with DataSync Snowball and Snowball Edge - Petabyte-scale data transport solution - Transfer data in and out - Cheaper than internet transfer - snowball edge supports EC2 and Lambda Snowmobile - multi-petabyte or exabyte scale data - largest (is a 45 foot long shipping container) - Data loaded to S3 - Securely transported
Deployment and IT Infrastructure Management Service (OpsWorks)
Allows you to use Chef or Puppet to automate the configuration of your servers and deploy code - Deploy code and manage applications - Manage on-premises servers or EC2 instances in AWS Cloud Real World - What to automate software configurations and infrastructure management for your application? Use OpsWorks
Consolidated Billing
Allows you to view, manage, and pay bills for multiple AWS accounts in one user interface
Cost Trackers (Cost explorer)
Allows you to visualize, understand, manage and forecast your costs and usage over time AWS Cost Explorer includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. - view past 12 months - can forecast for up to 3 months in the future
Amazon Developer Tools (Cloud9)
Allows you to write code within an integrated development environment (IDE) from within your web browser - You can write and debug code - supports popular programming languages Real World - if you want to build a serverless application, Cloud9 preconfigures the development environment with the needed SDKs and libraries
Deployment and IT Infrastructure Management Service (CloudFormation)
Allows you yo provision AWS resources using infrastructure as Code (IoC) - Provides a repeatable process for provisioning resources - Works with most AWS services - Create templates for the resources you want to provision Real World - automate infrastructure provisioning process for EC2 servers
Migration and Transfer services
Alot of companies are migrating to the cloud, and they need inexpensive, fast, and secure ways to move their on-premises data to AWS Database Migration Service (DMS) Server Migration Service (SMS
Amazon Networking and Content Delivery service (Network Foundations)
Amazon (Virtual Private Cloud) VPC - Customize and control your networking environment AWS Transit Gateway - Simplify your network with VPCs and on-premises networks connected to a single gateway AWS PrivateLink - Establish private connectivity between VPCs and AWS or on-premises services
AWS Analytics Services (Analytics)
Amazon Athena - interactive Amazon EMR - big data processing Amazon redshift - data warehousing Amazon Kinesis - interactive Amazon OpenSearch Service - operational analytics Amazon Quicksight - Dashboards and visualizations AWS Glue DataBrew - Visual data preparation
Amazon RDS Database Engines
Amazon Aurora PostgreSQL MySQL MariaDB Oracle Database Microsoft SQL Server
Amazon Networking and Content Delivery service (Edge Networking)
Amazon CloudFront - Deliver data, videos, applications, and APIs at high transfer speeds with low latency Amazon Route 53 - Drive end users to internet applications with a low cost managed Domain Name System (DNS) AWS Global Accelerator - Optimize user traffic to your application
AWS Security, Identity, & Compliance Services (Incident response)
Amazon Detective - investigate potential security secrets AWS Elastic Disaster Recovery - Scalable, cost-effective application recovery to AWS
NoSQL databases
Amazon DynamoDB - is a fully managed noSQL key-value and document database - fully managed and serverless - non-relational - scales automatically to massive workloads with fast performance
AWS Compute Services (Instances, Virtual machines)
Amazon Elastic Compute Cloud (EC) - Secure and resizable compute capacity (virtual servers) in the cloud Amazon EC2 Spot - Run Fault-tolerant workloads for up to 90% off Amazon EC2 AutoScaling - Automatically add or remove compute capacity to meet changes in demand Amazon Lightsail - Easy to use cloud platform that offers you everything you need to build an application or website AWS Batch - fully managed batch processing at any scale
in-memory datastore
Amazon Elasticache - a fully managed in-memory datastore compatible with Redis and Memcached - data can be lost - Offers high performance and low latency
AWS Security, Identity, & Compliance Services (Data Protection)
Amazon Macie - Discover and protect your sensitive data at scale AWS Key Management Service (KMS) - key storage and management AWS CloudHSM - Hardware based key storage for regulatory compliance AWS Certificate Manager - Provision, manage, and deploy public and private SSL/TLS certificates AWS Secrets Manager - Rotate, manage, and retrieve secrets
AWS Analytics Services (Data Lake)
Amazon S3 and AWS Lake Formation - object storage Amazon S3 Glacier and AWS Backup - Backup and archive AWS Glue and AWS Lake Formation - data catalog AWS Data Exchange - Third-Party data
AWS Storage Services (Object, File, and Block Storage)
Amazon Simple Storage Service (S3) - Object storage with industry-leading scalability, availability, and security for you to store and retrieve any amount of data from anywhere Amazon Elastic File System (EFS) - A simple, serverless, elastic, set-and-forget file system for you to share file data without managing storage Amazon FSx - Fully managed, cost-effective file storage offering the capabilities and performance of popular commercial and open-source file systems Amazon Elastic Block Storage (EBS) - Easy to use, high-performance block storage service for both throughput and transaction intensive workloads at any scale
Additional Services you may see on Exam
Amazon WorkSpaces - allows you to host virtual desktops in the cloud - can virtualize Linux or Windows desktops - Enables employees to work from home Amazon Connect - Is a cloud contact center service - allows you to build contact center or help desk - Provides customer service functionality - Improves productivity of help desk agents
AWS Compute Service (Containers)
Amazon elastic Container Service (ECS) - Highly secure, reliable, and scalable way to run containers Amazon ECS Anywhere - Run containers on custom-managed infrastructure Amazon Elastic Container Registry (ECR) - Easily Store, manage, and deploy container images Amazon Elastic Kubernetes Service (EKS) - Fully managed Kubernetes Service Amazon EKS Anywhere - Create and operate Kubernetes clusters on your own infrastructure AWS Fargate - Serverless compute for containers AWS App Runner - Build and run containerized applications on a fully managed service
AWS Analytics Services Categories
Analytics Data Movement Data Lake Predictive Analytics and Machine Learning
Analytics services in AWS
Analytics is the act of querying or processing your data There are several services that allow you to gain deeper insights, enhance decision-making, and act in real time to what your data is telling you Athena Glue Kinesis Elastic MapReduce (EMR) Data Pipeline QuickSight
AWS Software Development Kits (SDKs)
Another option for accessing and managing AWS services. SDKs make it easier for you to use AWS services through an API designed for your programming language or platform. SDKs enable you to use AWS services with your existing applications or create entirely new applications that will run on AWS. To help you get started with using SDKs, AWS provides documentation and sample code for each supported programming language. Supported programming languages include C++, Java, .NET, and more.
Folder
Any "subfolder" created in a bucket
Networking Services (API Gateway)
Application programming interface gateway - API's are predetermined ways for you to interact with AWS resources allows you to build and manage APIs - Share data between systems - Integrate with services like Lambda API Gateway in the real world - sends and retrieves information for clients
Which analytics service helps you search data in S3?
Athena
Authentication vs Authorization
Authentication is WHO Authorization is WHAT
Auto Scaling
Automates the process of adding or removing EC2 instances based on traffic demand for your application
Amazon Developer Tools (CodePipeline)
Automates the software release process - quickly deliver new features and updates - integrates with CodeBuild to run builds and unit tests - Integrates with CodeCommit to retrieve source code - Integrates with CodeDeploy to deploy changes Real World - add automation to the building, testing, and deployment of your application. help team implement devops practices
Object Versioning
Automatically keep multiple versions of an object (when enabled)
AWS Analytics Services (Data Movement)(real-time data movement)
Aws Glue Amazon Managed Streaming for Apache Kafka (MSK) Amazon Kinesis Data Streams Amazon Kinesis Data Firehose Amazon Kinesis Video Streams AWS Database Migration Service
What are the support plans offered by AWS
Basic - included for free for all AWS accounts - no access to technical support - customer service access via email only Developer - Support starts at $29 a month and is recommended for testing and development - allowed 1 primary contact - can open unlimited support cases - access to a cloud support associate during business hours by email only - <24 hr response time on general guidance. <12 hr response time if system impaired Business - starts at $100 a month and is recommended for production workloads - allowed unlimited contacts and cases - access to full set of trusted advisor checks - 24/7 access to cloud support engineers via email, phone or chat - Response times: < 24 hr general guidance, <4 hrs production system impaired, <12 hrs system impaired, <1 hour production system down Enterprise - starts at $15,000 a month and is recommended for business or mission-critical production workloads - unlimited contacts and cases - have a technical account manager (TAM) - Concierge support team - Infrastructure Event Management - Full set of Trusted advisor checks - 24/7 access to cloud support engineer vi email, phone or chat - Response times: same as Business but includes <15 min business-critical system down
What are the tools to help you track your ongoing spend1
Budgets Cost and Usage report Cost Explorer Cost Allocation Tags
Capital Expenditures (CapEx) vs Operating Expenses (OpEx)
CapEx - Capital expenditures are upfront purchases toward fixed assets. OpEx - Operating expenses are funds used to run day-to-day operations.
Distributed Denial of Service (DDoS)
Causes a traffic jam on a website or web application in an attempt to cause it to crash hacker uses multiple computer programs/BOTs to accomplish. the webapp can become overwhelmed and crash Shield (AWS) helps stop these attacks
Content Delivery Service (CloudFront)
Cloudfront is a CDN that delivers data and applications globally with low latency - makes content available globally or restricts it based on location - speeds up delivery of static and dynamic web content - uses edge locations to cache content - if content is already in the edge location, CloudFront delivers it immediately - if content is not in the cache Real World Usage - used with S3 to deploy content globally - used to prevent web attacks like DDoS - IP Address blocking. Geo-restriction prevents users in certain countries from accessing content
What are the three fundamental drivers of cost in AWS
Compute - pay hourly from launch of resource to termination Storage - Data your store in cloud Outbound Data Transfer - data inflight moving bewteen systems - no cost for inbound in most cases - usually no charge for inbetween services
Availability Zones
Consist of one or more Physically separated data centers, each with redundant power, networking, and connectivity, housed in separate facilities. usually called availability zones Characteristics of availability zones: - Use different power grids - connected amongst themselves in a single region through low latency links - fault tolerant (when one goes down another doesn't) - allows for high availability
CloudFront
Content delivery network (CDN) that allows you to store your content at "edge locations" located all around the world, allowing customers to access your content more quickly
Developer Tools on AWS (services)
Continuous integration - continuously merge and improve application code using DevOps model Continuous delivery - Automatically build, test, and prepare software for release Infrastructure as code - Automatically build, test, and prepare software for release SDKs - work with AWS services natively through code in your editor CLI - Work with and manage AWS services from your command-line interface IDEs and IDE Toolkits - Write code for AWS applications in your browser or favorite integrated development environment (IDE) Communication and collaboration - bring together developer and operations workflows
Loose Coupling
Coupling defines the interdependencies or connections between components of a system. Loose coupling helps reduce the risk of cascading failures between components. So if one component breaks it usually goes down the line and each component breaks. with loose coupling it doesn't go down the line and break. Queueing helps this Tight coupling is the opposite where components are highly dependent on each other... tight is BAD