CPC Exam
what determines price for S3 glacier
o Storage o Data retrieval times
AWS penetration testing
--· is a simulated cyber attack against your computer system to check for exploitable vulnerabilities · You can carry it out against your AWS infrastructure without prior approval for: o Amazon EC2 instances o NAT gateways o Elastic load balancers o Amazon RDS o Cloudfront o Aurora o API Gateway § It allows developers to easily work with the various AWS resources programmatically § Does not reduce cost § Allows the customer's developers to work with resources o Lambda o Lightsail o Elastic Bean Stalk
S3 - IA
*Standard Infrequent Access* S3 storage class for data that is accessed less frequently, but requires rapid access when needed. -- lower fee than S3, but you are charged a retrieval fee
S3
-- provides developers and IT teams with secure, durable, highly-scalable object storage, is easy to use, with a simple web services interface to store and retrieve any amount of data from anywhere on the web o Not just a storage bucket --- requester pays, versioning, hosting static website, object lifecycle management
S3 Standard Storage
99.99% Availability and 99.9999999% Durability because your data is stored on 3 different storage facilities and is designed to with stand the lose of 2 data center facilities.
Amazon QuickSight
=is a fast, cloud-powered business analytics service that makes it easy to build visualizations, perform ad-hoc analysis, and quickly get business insights from your data
cloudfront
A content delivery system (CDN) is a system of distributed servers (network) that delivers webpages and other web content to a user based on the geographic locations of the user, the origin of the webpage, and a content delivery server --- can be used to deliver your entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations, requests for your content are automatically routed to the nearest edge location, so content is delivered with the best possible performance
Relational databases on AWS
Aurora, SQL, Oracle, MySQL, MariaDB, PostgreSQL
Amazon Aurora
enterprise-class relational database mySQL or PostgreSQL compatible continuous backup to S3 -- helps you save time by automating time-consuming tasks such as provisioning, patching, backup, recovery, failure detection, and repair.
DNS
Domain Name System -- transfers domain names to IP addresses
fleet
if your application runs on Amazon EC2 instances
global AWS services
IAM, Route53, CloudFront, SNS, SES
SQL database
Rows contain all the information about one entry, and columns are the attributes that separate the data points. A database schema is fixed: columns must be locked before data entry. You can amend schemas if the database is altered entirely and taken offline. Data in is queried using structure query language (SQL), which can allow for complex queries. Can scale vertically by increasing hardware power. Are commonly used for traditional applications, ERP, CRM, and ecommerce.
global AWS services, but are regional
S3
Amazon cognito
Single user identity and data synchronization service Helps manage and synch app data for users across their mobile devices Create unique identities for users through public login providers (Facebook, google, amazon) and support unauthenticated guests Save any kind of data in the AWS cloud without writing any backend code or managing infrastructure.
Software as a Service (SaaS)
Software that is hosted centrally on the Internet and accessed by users with a Web browser.
advantages of hosting database software on EC2 instances:
You need full control over the database, including SYS/SYSTEM user access, or you need access at the operating system level. • You need to use commercial software features or options that are not currently supported by AWS.
AWS support plans
basic, developer, business, enterprise
groups
collections of users with identical permissions
the drivers of cost:
compute, storage, data outbound
OLTP
databases usually process a large number of small transactions and are often used to provide source data to data warehouses. Amazon RDS
benefits of EC2
elastic web-scale computing, complete control, flexible cloud hosting services, integrated with most AWS services, reliable, secure, inexpensive
Amazon SNS (Simple Notification Service)
fully managed messaging for distributed or serverless applications -- reliable deliver messages with durability, automatically scale workload, no up-front cost, simplify architecture -- enables message filtering to a large number of subscribers
AWS X-Ray
helps developers analyze and debug distributed applications in production or under development, such as those built using a microservices architecture. -- Can understand how the application and its underlying services perform to identify and troubleshoot the root cause of performance issues and errors o Detects performance issues for AWS Lambda applications - sends traces to x-ray, which is further analyzed to generate a performance report
AWS CloudHSM
helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS Cloud securing encryption keys
AWS Database Migration Service
helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, reducing downtime to applications that rely on the database. The AWS DMS can migrate your data to and from most widely used commercial and opensource databases. The source database can be located on premises in Amazon EC2 or in Amazon RDS.
Amazon RDS
provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching, and backups. It frees you to focus on your applications so that you can give them the fast performance, high availability, security, compatibility
Redshift
is a fast, scalable data warehouse that makes it simple and cost effective to analyze all your data across your data warehouse and data lake. delivers 10 times faster performance than other data warehouses by using machine learning, massively parallel query execution, and columnar storage on high performance disks ---o Used for business intelligence o Used to pull in very large and complex data sets, usually used by management to do queries on data (current performance vs targets, etc.) o Use a different type of architecture both from a database perspective and infrastructure layer
AWS Certificate Manager
is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services
ElastiCache
is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache in the cloud. The service improves application performance by allowing developers to retrieve information from fast, managed, in-memory data stores instead of relying on slower disk-based databases. When a read request is sent, the caching layer checks to determine whether it has the answer. If it doesn't, the request is sent to the database. Meeting read requests through the caching layer in this manner is more efficient and delivers higher performance than what can be had from a traditional database alone. It is also more cost-effective. Memcached and Redis
roles
is similar to a user in that it is an AWS identity with permissions that determine what the identity can and cannot do in AWS. it does not have any long-term defined credentials, such as password or access keys, associated with it. Instead, if a user is assigned to it, access keys are created dynamically and provided to the user temporarily. Use them to delegate access to users, applications, or services that don't normally have access to your AWS resources.
resource tag
key value pairs attached to AWS resources, metadata
AWS Key Management Service
makes it easy for you to create and control encryption keys used to encrypt your data integrates with other AWS services --Ideal for S3 objects, database passwords, and API keys stored in systems manager parameter store o Encrypt and decrypt data -- encryption on AWS!!
compute capacity
means functionality traditionally provided by virtual or on-premises physical servers. You get the same functionality as you would from a physical server but with the benefits of hosting it in the cloud.
Dynamo DB
non-relational database -- you simply create a database table, set your target utilization for automatic scaling, and let the service handle the rest. You no longer need to worry about database management tasks, such as hardware or software provisioning, setup and configuration, software patching, operating a distributed database cluster, or partitioning data over multiple instances, as you scale. ---low-latency queries -- integrates with IAM for fine-grained access control of users in your organization -- store JSON documents directly into Amazon DynamoDB tables
business
o $100 a month o 24x7 email, chat, phone o No TAM o Unlimited contacts/ cases o General response times: § General guidance: <24 hours § System impaired: <12 hours § Production system impaired: <4 hours § Production system down: <1 hour
enterprise
o $15k a month o 24x7 email, chat, phone o Yes TAM o Unlimited contacts/ cases o General response times: § General guidance: <24 hours § System impaired: <12 hours § Production system impaired: <4 hours § Production system down: <1 hour § Business-critical system down: <15 minutes
developer
o $29 a month o Business hour access via email o No TAM o 1 person/ unlimited cases o General response times: § General guidance: <24 business hours § System impaired: <12 business hours
what determines price for RDS
o What determines price § Clock hours of server time § Database characteristics /purchase types § Number of database instances § Provision storage § Additional storage § Deployment types § Request § Data transfer
user
§ A person or application that interacts with AWS
Elastic File System (EFS)
o ) is a file storage service for Amazon Elastic compute cloud (EC2) instances o Can be shared across many instances and AZs o Place where you can install databases, but does not come with a set size o Content management system, file systems o Easy to use and provides a simple interface that allows you to create and configure file systems quickly and easily o is elastic § Automatically adjusts file sizes as you add/ remove files
AWS Global Infrastructure
o 25 regions and 80 availability zones, over 150 edge locations
Direct connect
o A cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS o You can establish private connectivity between AWS and your data center, office, or colocation environment, which can reduce your network costs, increase bandwidth throughput and provide a more consistent network experience than internet-based connections o If you need a stronger connection
AWS Lambda
o A compute service where you can upload your code and create a lambda function - takes care of provisioning and managing the servers you use the run the code § You don't have to worry about operating systems, patching, scaling, etc. o An event-driven compute service that can run your code in response to events § Events can be changes to data in an Amazon S3 bucket or Amazon DynamoDB table o A compute service to run your code in response to HTTP requests using Amazon API gateway or API calls made using AWS SDKs SERVERLESS
CodeCommit
o A managed source control service - used as a data store to store source code, o is a fully managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories. eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use it to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools
AWS trusted advisor
o An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment o Provides real time guidance to help you provision your resources following AWS best practices o Will advise you on Cost Optimization, Performance, Security, Fault Tolerance, service limits o Looks at entire AWS environment and gives report on it o Core checks and recommendations o Full trusted advisor - business and enterprise companies only o Related to infrastructure security optimization recommendations
relational database service (RDS)
o Best suited in scenarios where the datasets and forms are consistent such that their data schema is persistently valid - load can be anticipated and is somewhat finite o makes it easy to set up, operate, and scale relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. o It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need o Easily scalable, automatic software patching, automated backups, database snapshots, multi-AZ deployments, automatic host replacement, encryption at rest and in transit
Elastic Block Store
o Block storage volumes § provides persistent block storage volumes for use with Amazon EC2 instances in the AWS cloud § Virtual hard disk in the cloud o Storing operating systems/ databases o Automatically replicated § Each volume is automatically replicated within it's AZ to protect you from component failure, offering high availability and durability o Virtual disk that can be attached to EC2 - size of the disk is changed, but not done automatically o Pay for only what you provision o Typically attached to one EC2 instance at a time and one AZ
secrets manager
o Charge per secret stored and per 10,000 API calls o Automatically rotate secrets o Apply new key/password in RDS for yu o Generate random secrets
what determines EC2 pricing
o Clock hours of server time o Instance type o Pricing model o Number of instances o Load balancing o Detailed monitoring o Autoscaling o Elastic IP Addresses Operating Systems and Software Packages
Parameter store
o Component of AWS Systems Manager (SSM) o Secure serverless storage for configuration and secrets o Passwords o Database connection strings o Stored using encrypted KMS or plaintext o Set TTL to expire values, such as passwords o No cost to use, there's a limit of 10,000 parameters per account
AWS Rekognition
o Converts images into tags/ text o Upload an image and recognition will tell you what it thinks the image is with a certain degree of confidence Can be used with lots of apps
Transcribe
o Converts speech into text o This can be great for generating subtitles or getting transcripts of interviews, speeches and more
Polly
o Converts text to life-like voice o Can choose number of different languages, male or female, what accent you would like the voice to be rendered in
global accelerator
o Create accelerators to improve availability and performance of your applications for local and global users o Direct traffic to optimal endpoints over the AWS global network, this improves the availability and performance of your internet applications that are used by a global audience o Leverages edge locations and edge infrastructure is a networking service that improves the availability and performance of the applications that you offer to your global users · How it works o Uses Amazon's dedicated network § Sends your user's traffic through AWS global network infrastructure, improving your internet user performance by up to 60% § When your internet is congested, automatic routing optimizations will help keep your packet loss, jitter and latency consistently low o Is suitable for applications that are non-HTTP, where CloudFront enhances the performance of HTTP-based content, such as dynamic web applications, images and videos o Does not have the content caching capabilities that Amazon CloudFront does
CodeDeploy
o Deploys code to on-premise web servers is a service that automates code deployments to any instance, including EC2 instances and instances running on premises. makes it easier for you to rapidly release new features, helps you avoid downtime during application deployment, and handles the complexity of updating your applications. You can use it to automate software deployments, eliminating the need for error-prone manual operations. The service scales with your infrastructure so you can easily deploy to one instance or thousands
Identity and Access Management (IAM)
o Enables you to securely control access to AWS services and resources for your users - you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources o You can grant permissions to a user by creating a policy, which is a document in JSON format that explicitly lists permissions to allow or deny access to resources in an AWS account.
in S3...
o Files can be from 0 Bytes to 5 TB o Unlimited storage o Files are stored in buckets (folders in the cloud) o Is a universal namespace, names must be unique globally o When you upload a file to S3, you will receive a HTTP 200 code if the upload was successful o Not suitable to install an operating system on
basic
o Free o No tech support o No TAM o No one can open cases
AWS budgets
o Gives you the ability to set custom budgets that alert you when your costs or usage exceed/ or are forecasted to exceed your budgeted amount o Used to budget costs before they have been incurred o Helps clients plan their service usage, service costs, and get informed alerts when the cost reaches a certain threshold
VPN
o Hardware virtual private network connection between your corporate data center and your VPC, leveraging the AWS cloud as an extension of your corporate data center
cost explorer
o Has an easy to use interface that allows you to visualize, understand and manage your AWS costs and usage over time o Used to explore costs after they have been incurred
AWS Landing zone
o Helps customers more quickly set up a secure, multi-account AWS environment based on AWS best practices
security
o Implement strong security foundation § Centralize privilege management and reduce/ eliminate reliance on long-term credentials o Enable traceability § Monitor, alert, and audit actions and changes to your environment in real time o Apply security at all layers o Automate security best practices o Protect data in transit and at rest o Prepare for security events
cost optimization
o Includes the ability to avoid or reduce unneeded cost or suboptimal resources o Adopt a consumption model § Pay only for the computing resources that you consume and increase or decrease usage depending on business requirements, not by using elaborate forecasting. For example, development and test environments are typically used for only eight hours a day during the work week. You can stop these resources when they are not in use for a potential cost savings of 75 percent (40 hours versus 168 hours). o Measure efficiency o Stop spending money on data center operations o Analyze and attribute expenditure o Used managed services to reduce cost of ownership § In the cloud, managed services remove the operational burden of maintaining servers for tasks like sending email or managing databases. And because managed services operate at cloud scale, they can offer a lower cost per transaction or service.
operational excellence
o Includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures o Perform operations as code § Use scripting and automation to trigger actions in response to events - helps limit human error o Annotate documentation § Seek to automate the documentation update process o Make frequent, small, reversible changes o Refine operations procedures frequently o Anticipate failure o Learn from all operational failures
Athena
o Interactive query service which enables you to analyze and query data located in S3 using standard SQL § Serverless, nothing to provision, pay per query / per TB scanned § No need to set up complex Extract/Transform/Load (ETL) processes § Works directly with data stored in S3 o It can be used for: § Query log files stored in S3 § Generate business reports on data stored in S3 § Analyse AWS cost and usage reports § Run queries on click-stream data o Serverless service
AWS Snowball
o Is a PB-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud o Think of it as the gigantic disk to move your data into AWS cloud o Device shipped to AWS data center
AWS Shield
o Is a managed distributed denial of service (DDoS) protection service that safeguards web applications running on AWS o Provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS support to benefit from DDoS protection o There are two tiers of AWS shield - standard and advanced o Stops DDOS mitigation service o Turned on my default, but you can by advanced
EBS
o allows you to create storage volumes and attaches them to Amazon EC2 instances, once attached you can create a file system on top of these volumes, run a database, or use them in any other way you would use a block device, volumes are placed in a specific Availability Zone, where they are automatically replicated to protect you from the failure of a single component o Virtual disk in the cloud that the virtual servers run off o Creating snapshots of volumes can help ensure that you have a backup of your volume in place Replicated with its AZ to protect you from component failure
AWS organizations
o Is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage o helps you centrally manage and govern your environment as you grow and scale your AWS resources. , you can programmatically create new AWS accounts and allocate resources, group accounts to organize your workflows, apply policies to accounts or groups for governance, and simplify billing by using a single payment method for all of your accounts. o In addition, it is integrated with other AWS services so you can define central configurations, security mechanisms, audit requirements, and resource sharing across accounts in your organization. it is available to all AWS customers at no additional charge.
AWS inspector
o Is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS o Automatically assesses applications for vulnerabilities or deviations from best practices o After performing an assessment, it produces a detailed list of security findings prioritized by level of severity o These findings can be reviewed directly or as part of detailed assessment reports, which are available via the Amazon Inspector Console or API o Installed on EC2 instance
Lex
o Is what powers Amazon's Alexa o A service that allows you to build conversational chatbots o These can be powered either via voice or text o When you hear lex, think chatbot
VPC
o Lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network you define o You have complete control over your virtual networking environment, including selection of your own IP addresses, range, creation of subnets o Virtual data center in the cloud o after selecting a Region, you create a VPC and then specify the full IP address range for all resources that will be hosted within that VPC. The VPC can include resources in any or all Availability Zones within the Region. You can then create subnets within the network you specified for the VPC, choosing whether they'll allow connections to the public internet or remain private.
AWS detective
o Machine learning service that automatically collates log data from all AWS resources
5 Pillars of Well-Architected Framework
o Operational excellence o Security o Reliability o Performance efficiency o Cost optimization
the basic pricing policies
o Pay as you go o Pay less when you reserve o Pay even less per unit by using more o Pay even less as AWS grows o Custom pricing
How to use CloudTrail
o Per AWS account and enabled per region o Can consolidate logs using an S3 bucket: § Turn Cloudtrail on § Create a bucket policy that allows cross-account access § Turn on CloudTrail in the other accounts and use the bucket in the paying account o Best practice is to use a separate account for logging o Unused reserved instances for EC2 are applied across the group o CloudTrail is on a per account and per region basis, but can be aggregated into a single bucket belonging to the paying account
AWS config
o Provides a detailed view of the configuration of AWS resources in your AWS account o This includes how the resources are related to one another and how they were configured in the past, so that you can see how the configurations and relationships change over time o Security group change
Resource Group
o Resource groups in combination with AWS Systems manager allow you to control and execute automation against entire fleets of EC2 instances, all at the push of a button o You can group resources that share one or more tags o Tag editor is a global service that allows us to discover resources and to add additional tags to them as well o Resource groups share one or more tags, collection of resources that are deployed in the same AWS region, and that match the criteria specified in the group's query o Resource groups contain information such as: § Region § Name § Employee ID § Department
AWS Macie
o Security service which uses machine learning and NLP (natural language processing) to discover, classify, and protect sensitive data stored in S3 § Uses AI to recognize if your S3 objects contain sensitive data such as PII § Dashboards, reporting and alerts § Works directly with data stored in S3 § Can also analyze CloudTrail logs § Great for PCI-DSS and preventing ID theft
Cloudformation
o Service that helps you model and set up AWS resources and more time focusing on your applications that run in the AWS - model and provision cloud infrastructure resources o You create a template that describes all the AWS resources that you want (Amazon EC2 or Amazon RDS DB), and it takes care of provisioning and configuring those resources for you o You don't need to individually create and configure AWS resources and figure out what's dependent on what - it handles all of that o AWS Change Set can be used to preview changes to AWS resources when a stack is executed
Opsworks
o Similar to elastic bean stalk o Deploys code to EC2 and on-premise o To use it for servers in customer data centers, the servers should be Linux operating systems with a Stacks agent installed and connectivity to AWS public endpoints o Using it to create Amazon EC2 instances, you can also register it with a Linux stack
what determines price for S3?
o Storage class (standard/ IA) o Storage o Requests (GET, PUT, COPY) o Data transfer
CloudFront pricing
o Traffic distribution o Number of requests o Data transfer out
principle of lease privilege
o Users should be granted permission to access only resources they need to do their assigned job
EC2
o Virtual servers in the cloud o Reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change o Provides resizable compute capacity in the cloud
what determines price for EBS?
o Volumes per GB o Snapshots per GB o Data transfer
AWS WAF - Web Application Firewall
o Web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security or consume excessive resources o Inspects firewall/ inspects what's going on o Stops hackers
edge locations
o are AWS endpoints used for caching content - consists of Cloudfront o there are more than regions - over 150
Security groups
o are virtual firewalls in the cloud - you need to open ports in order to use them - popular ports are SSH 22, HTTP 80, HTTPS 443, RDP 3389 § Outer level of protection that allows outside groups interact with your EC2 instance § Inbound traffic - determines you can interact with your resource § Only 'allow rules', no 'deny' rules § Default values: · No inbound traffic and all outbound traffic allowed § Stateful: allows responses from allowed inbound traffic § For each group, you allow rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic. o Security groups act at the instance level, not the subnet level. Therefore, each resource in a subnet in your VPC could be assigned to a different set of security groups. If you don't specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.
Elastic Load Balancing
o automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault tolerant.
Availability Zone
o data center, building filled with servers, may be several data centers o each data center has its own redundant power, networking, connectivity, housed in separate facilities o physically isolated and connected via a low latency redundant link
region
o geographical area, each region consists of 2 or more availability zones
reliability
o includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions, such as misconfigurations or transient network issues. o Test recovery procedures o Automatically recover from failure o Scale horizontally to increase aggregate system availability § Replace one large resource with multiple small resources to reduce the impact of a single failure on the overall system. Distribute requests across multiple, smaller resources to ensure that they don't share a common point of failure. o Stop guessing capacity o Manage change in automation
performance efficiency
o includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve. o Democratize advanced technologies § Some complex technologies require expertise that is not evenly dispersed across the technical community, such as NoSQL databases, media transcoding, and machine learning. In the cloud, these technologies can become services that your team can consume while focusing on product development instead of resource provisioning and management. o Go global in minutes o Use serverless technologies o Experiment more often o Apply mechanical sympathy § Use the technology approach that aligns best to what you are trying to achieve. For example, consider data access patterns when selecting database or storage approaches.
CloudTrail
o monitors API calls in the AWS platform - tool for auditing o is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With it, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. o provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. In addition, you can use it to detect unusual activity in your AWS accounts. These capabilities help simplify operational analysis and troubleshooting. o Learn more about who terminated EC2 instances o Increases visibility into your user and resource activity by recording AWS management console actions and API calls o You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred o Records everything going on in AWS environment
Personal Health Dashboard
o offers an overview of the AWS services you actually use and whether or not they have any availability issues · Relevant, up to data information o The dashboard displays up to date information on the status of your AWS services and provides proactive notifications as to any scheduled activities · The dashboard displays relevant and timely information to help you manage events in progress, and provides proactive notification to help you plan for scheduled activities. alerts are automatically triggered by changes in the health of AWS resources, giving you event visibility and guidance to help quickly diagnose and resolve issues.
auto scaling and fleet management
o refers to the functionality that automatically replaces unhealthy o instances and maintains your fleet at the desired capacity o Amazon EC2 Auto Scaling fleet management ensures that your application is able to receive traffic and that the instances themselves are working properly. When Amazon EC2 Auto Scaling detects a failed health check, it can replace the instance automatically.
Customer manages
security in the cloud
AWS manages
security of the cloud
Amazon DynamoDB use cases
serverless web applications, microservices data store, mobile backends, adtech, gaming, internet of things
What AWS services can be used on-premise
snowball, snowball edge, storage gateway, codedeploy, codecommit, opsworks
AWS simple monthly calculator
static website on S3, is used to calculate your running costs on AWS on a per month basis -- NOT a comparison tool
NoSQL databases
store data using one of many storage models, including key-value pairs, documents, and graphs. Schemas are dynamic, and information can be added rapidly. Each row doesn't have to contain data for each column. Data in databases is queried by focusing on collections of documents. Databases scale horizontally by increasing servers. Key-value databases are commonly used for internet-scale applications, real-time bidding, shopping carts, and customer preferences.
AWS Artifact
used to retrieve compliant reports
OLAP system
usually process a small number of complex queries that help analyze data. Amazon Redshift
On Demand Instances
§ Allows you to pay a fixed rate by the hour with no commitment § Run continuously until you stop them, not recommended for workloads that last 1+ year § Useful for: · users that want the low cost and flexibility of Amazon EC2 without any up-front payment or long-term commitment · Applications with short-term, spiky, or unpredictable workloads that cannot be interrupted · Developed or tested on EC2 for the first time
free AWS services
§ Amazon VPC --- virtual data center in the cloud § Elastic Beanstalk § CloudFormation § Identity Access Management (IAM) § Auto Scaling § Opsworks § Consolidated Billing
Infrastructure as a Service (IaaS)
§ Basically AWS - you manage the server which can be physical or virtual, as well as the operating system, usually the data center provider will have no access to your server - EC2 § Basic building blocks of cloud IT and typically provides access to networking features, computers and data storage space § Provides highest level of flexibility and management control over IT resources
AWS Quick Start
§ CloudFormation templates, built by AWS solutions architects and partners based on best practices, includes a guide of how to deploy popular technologies on AWS
S3 -- intelligent tiering
§ Designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead, uses machine learning § Delivers automatic cost savings by moving data between two-access tiers - frequent and infrequent access - when access patterns change, and is ideal for data with unknown or changing access patterns
S3 Transfer Acceleration
§ Enabled fast, easy and secure transfers of files over long distances between your end users and an S3 bucket, takes advantage of Amazon Cloudfront's globally distributed edge locations, as the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path § Optimizes performance for data transfer between users & objects in Amazon S3 bucket
Spot Instances
§ Enables you to bid whatever price you want for instance capacity, providing for even greater savings if your applications have flexible start and end times § Can withstand interruptions § Greatest savings - take advantage of unused Amazon EC2 capacity in the cloud § Does not require a contract or a commitment to a consistent amount of compute usage § Useful for: · Applications that have flexible start and end times · That are only feasible at very low compute prices · Urgent computing needs for large amounts of additional capacity
S3 one zone -- IA
§ For when you want a lower-cost option for infrequently accessed data, but do not require the multiple availability zone data resilience
root account
§ Has full administrator access - create users for each individual within your organization § Complete access to all AWS services
AWS total cost of ownership calculator
§ How much it costs to have data on-premise vs on the cloud § Is used to compare costs of running infrastructure on premise vs cloud, it will generate reports that you can give to your C-level execs to make a business case to move to the cloud
what is PII?
§ Personal data used to establish an individual's identity § Data that could be exploited by criminals, used in identity theft and financial fraud · Home address, email address, SSN · Passport number, driver's license number · DOB, phone number, bank account, credit card number
dedicated hosts
§ Physical EC2 servers dedicated for your use - reduces costs by allowing you to use your existing server-bound contracts § Useful for: · Regulatory requirements that may not support multi-tenant virtualization (govt.) · Great for licensing which does not support multi-tenancy or cloud deployments · Can be purchased on-demand, or as a reservation for up to -70% off the on-demand price
Reserved Instances
§ Provides you with a capacity reservation, and offer a significant discount on the hourly charge for an instance - contract terms are 1- or 3-year terms § Useful for: · predictable usage, require reserved capacity, able to make upfront payments to reduce their total computing costs even further
Platform as a Service (PaaS)
§ Removes the need for organizations to manage the underlying infrastructure and allow you to focus on the deployment and management of your applications § Helps you be more efficient as you don't need to worry about resource procurement, capacity planning, software maintenance, patching or any of the undifferentiated heavy lifting involved in running your application
what determines pricing for lambda?
§ Request pricing · Free tier: 1 million requests per month · 0.20 per 1 million requests thereafter § Duration pricing · 400,000 GB-seconds per month free, up to 3.2 million seconds of compute time § Additional charges · If your lambda function uses other AWS services or transfers data · If your lambda function reads and writes data from Amazon S3, you will be billed for the read/ write requests and the data stored in Amazon S3
S3 glacier deep archive
§ S3 glacier deep archive is Amazon S3's lowest cost storage class where a retrieval time of 12 hours is acceptable
S3 glacier
§ Secure, durable, low-cost storage class for data archiving, you can reliably store any amount of data at costs that are competitive with or cheaper than on-premises solutions, retrieval times configurable from minutes to hours § Uses: media asset workflows, healthcare information, compliance archiving, scientific data storage, digital preservation § Can use vaults
access key
§ for programmatic access to AWS · Long-term credentials for IAM user, authenticates requests
application load balancer
§ is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers. Operating at the individual request level (Layer 7), Application Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) based on the content of the request. § Scenarios: the ability to use containers to host your microservices and route to those applications from a single load balancer
network load balancer
§ is best suited for load balancing of TCP traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies. Network Load Balancer is also optimized to handle sudden and volatile traffic patterns. § Latency - how fast the network is § Automatically routes incoming web traffic across a dynamically changing number of instances Your load balancer acts as a single point of contact for all incoming traffic to the instances in your Auto Scaling group. You can automatically increase the size of your Auto Scaling group when demand goes up and decrease it when demand goes down. As the Auto Scaling group adds and removes Amazon EC2 instances, the Network Load Balancer makes sure that the traffic for your application is distributed across all of your instances.
Classic Load Balancer
§ provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. Classic Load Balancer is intended for applications that were built within the EC2-Classic network.
AWS security hub
· A comprehensive view of security alerts across multiple AWS accounts · Provides a single place that aggregates, organizes, and prioritizes your security alerts or findings from multiple AWS services - such as GuardDuty, Inspector, Macie, IAM, Firewall Manager - across multiple AWS accounts
AWS Systems Manager
· Allows you to manage EC2 instances at scale · A piece of software is installed on each VM · Integrates with CloudWatch to give you a dashboard of your entire estate. · Allows users to control their AWS resources by unifying services into a user interface --- one in which they can be able to view, automate and monitor operational tasks · Gives the user the ability to group AWS resources across different AWS regions by application and collectively view their operational data for monitoring purposes · gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. With Systems Manager, you can group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon RDS instances, by application, view operational data for monitoring and troubleshooting, and act on your groups of resources. Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems
AWS trusted advisor services
· Can check for: o Cost optimization o Performance o Security o Fault tolerance o Service limits · To have all of Trusted Advisor unlocked, you must upgrade your support plan to business
Memory Optimized Instance Types
· Deliver fast performance for workloads that process large data sets in memory · Ideal for high performance databases that involves real-time processing of a large amount of unstructured data
Storage Optimized Instance Types
· Designed for workloads that require high, sequential read and write access to large datasets on local storage · Examples include data warehousing, high-frequency online transaction processing systems (OLTP) · Input/output operations per second (IOPS) is a metric that measures the performance of a storage device · Think of it as data put into a system · Ex. records entered into a database · If you have an application that has high IOPS requirements go for storage optimized instances
what to do if your IAM credentials are compromised:
· Determine what resources those credentials have access to · Invalidate the credentials so they no longer can be used to access your account · Consider invalidating any temporary security credentials that might have been issued using credentials · Restore appropriate access · Review access to your AWS account
compute optimized instances
· Ideal for compute-bound applications that benefit from high-performance processors · Ideal for high-performance web servers, compute-intensive applications servers, batch processing workloads that require processing many transactions in a single group and dedicated gaming servers
CloudWatch
· Monitoring service to monitor performance on AWS services and applications that run on AWS o Can monitor things like § Compute · EC2 instances · Autoscaling groups · Elastic load balancers · Route53 health checks § Storage and content delivery · EBS volumes · Storage gateways · CloudFront · You can use it to set high resolution alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to optimize your applications, and ensure they are running smoothly · Benefits: o Access all your metrics from a single platform o Maintain visibility across applications, infrastructure, services -- all about performance
Service Health Dashboard
· Overview of all regions o Shows all regions and the health of AWS in those regions · Daily historical information o You can review all historical information for each AWS service on a per-day basis · RSS feeds o Subscribe to RSS feeds and get immediate notifications if a specific service in a region goes down · General status of AWS services
general purpose instance
· Provides a balance of compute, memory, and networking resources · Use when resources needed are roughly equivalent
AWS control tower
· The easiest way to set up and govern a new, secure multi-account AWS environment · Allows you to provision multiple AWS accounts in minutes · Those accounts conform to company policies Used for large enterprises with multiple AWS accounts
GuardDuty
· Uses machine learning algorithms o Anomaly detection and third-party data to monitor and protect your AWS Account · One click to enable (30 day trial) o Don't need to install software · Input data: o Cloudtrail event logs o VPC flow logs o DNS logs · Enabled across the one account
accelerated computing instances
· Utilizes hardware accelerators or co-processors to perform some functions more efficiently than just using a cpu · Ideal for floating-point number calculations, graphics processing, data pattern matching, graphics applications, game streaming, and application streaming
IAM credential report
· You can generate and download a credential report that lists all the users in your account o Passwords § Whether it was enabled, last used, last changed o Access keys § Whether it is access, last used, last rotated o MFA § Whether it has been enabled
Elastic Beanstalk
· You can quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications - you simply upload your application and elastic beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring -- is ideal if you have a PHP, Java, Python, Ruby, Node.js, .NET, Go, or Docker web application. -- uses core AWS services, such as Amazon EC2, Amazon Elastic Container Service (Amazon ECS), AWS Application Auto Scaling, and Elastic Load Balancing, to support applications that need to scale to serve millions of users. To get started, you upload your application code. The service supports the following operations: • Resource provisioning • Load balancing • Automatic scaling • Monitoring
amazon EC2 auto scaling
· automatically add or remove EC2 instances in response to changing application demand o To scale faster, use both dynamic scaling and predictive scaling together monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost.
