What is AWS?
Choosing the right Region (what to consider)
*Latency *Pricing *Service Availability * Data Compliance
AWS responsibility (Security)
*Protecting and securing AWS Regions, Availability Zones, and data centers, down to the physical security of the buildings *Managing the hardware, software, and networking components that run AWS services, such as the physical servers, host operating systems, virtualization layers, and AWS networking components
Root user 2 sets of credentials
*email and password used to create the account (access to AWS Management Console) *Access Key (allows you to make programmatic requests from AWS CLI or AWS API
6 Advantages of Cloud Computing
1)Pay as you go, 2)Benefit from massive economies of scale (lower cost), 3)Stop guessing cap. needs, 4)Increase speed and agility, 5)Realize cost savings (reallocate funds), 6)Go global in minutes
EC2 instance lifecycle
1)Pending, 2)Running, 3)Rebooting, 4)Stopping, 5)Terminated
Containers
A container is a standardized unit that packages your code and its dependencies, has it's own independent environment, can go from on premise to cloud and also development to production
EC2 Instance
A virtual server in Amazon Elastic Compute Cloud (Amazon EC2) for running applications on the Amazon Web Services (AWS) infrastructure.
AWS CLI
AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
Where can API calls be made?
AWS Management Console, AWS CLI, or AWS SDKs
API Call
All actions taken in AWS
2 AWS Container Orchestration Services
Amazon ECS (Elastic Container Service) and Amazon EKS (Elastic Kubernetes Service)
AMI
Amazon Machine Image: 1st setting configured when launching an EC2 instance
What is AWS?
Amazon Web Services (AWS) is a cloud-based service where apps can be ran on virtual servers.
Virtual Machine
An virtual emulation of a computer system.
AZs
Availability Zones host data centers *You want at least 2 AZs incase 1 goes down
Hardware specs include...
CPU, memory, network, and storage
VMs vs Containers
Containers share the same operating system and kernel as the host that they exist on. But virtual machines contain their own operating system. Each virtual machine must maintain a copy of an operating system, which results in a degree of wasted resources.
Latency
Delay btween a request for data and the response
Container Instance
EC2 Instance w/ a container agent
ECS
Elastic Container Service: end to end container orchestration service that assists you in starting up new containers, uses a task definition
EKS
Elastic Kubernetes Service: amazon service that allows you to run Kubernetes w/out having to install, operate, or manage own Kubernetes control plane
What to define to create an EC2 instance
Hardware specs, Logical configurations
What to consider when managing your compute @ large scale (w/ containers)
How to place ur containers on ur instances, what happens if ur container fails, what happens if ur instance fails, how to monitor deployments of ur containers
4 Main Factors when choosing a region
Latency, Price, Service availability, and Compliance
What main actions can be performed when Amazon ECS container instances are up and running?
Launching/stopping containers, Getting cluster state, Scaling in/out, Schedule placement of containers across cluster, Assign permissions, Meet availability requirements
3 Types of Cloud Computing Deployment Models
On-premises, Cloud, and Hybrid
Relationship btwn Regions, AZs, and Data Centers
Regions are grouping of AZs, AZs host 1 or more discrete data centers
AWS SDK
Running code (in preferred language) to make API calls, open source
Amazon EC2
Service that provides secure and resizable virtual servers on AWS
AWS Root User
Single sign-in ID w/ complete access to AWS services in the account
Relationship btwn AMIs and EC2 instances
The AMI is how you model and define your instance, EC2 instance is the entity you interact w/
Customer responsibility (Security)
The customers' level of responsibility depends on the AWS service. Some services require the customer to perform all the necessary security configuration and management tasks. Other more abstracted services require customers to only manage the data and control access to their resources. Using the two categories of AWS services, customers can determine their level of responsibility for each AWS service that they use.
Supported MFA device types
Virtual MFA, Hardware TOTP token, FIDO security keys
3 Compute options
Virtual Machines (instances), Containers, Serverless
Region
Worldwide geographical locations where AWS data centers are located *Each AWS Region has a geographical name and Region code *Contain AZs (availability zones)
Servers
a computer program/device that provides resources, data, services or programs to other computers (clients) over a network
Amazon CloudFront
a worldwide network of edge locations that delivers content
Instance Type: remaining letters before period
additional attributes
Kubernetes
an open source system for automating deployment, scaling, and management of containerized applications
Edge Location
global locations where content is cached
Cache
high speed storage btwn RAM and CPU, temp stores frequently accessed data
Instance Type: First position
instance family
Instance Type: after period
instance size
Logical configurations include...
networking location, firewall rules, authentication, and the operating system of choice
Benefits of Cloud computing
pay as you go
AWS Root User best practices
pick a strong password, Enable MFA, Don't share password or access keys, Create IAM user for admin task and everyday tasks
Key things that can be done on Amazon EC2
provision/launch EC2 instances in seconds, stop/shut down EC2 instances in when finished running a workld, pay/hr or sec for each instance type (min of 60 sec)
Multi-factor authentication
requires at least 2 or more methods to verify ID
Advantage of using AMIs
reusable
3 categories of info MFA pulls from
something you know (username and password or pin), something you have (1-time passcode), something you are (biometrics)
Resource
specifies the object/s that the policy statement covers
Difference btwn stop and stop-hibernate
stop=data from instance memory (RAM) is lost, stop-hibernate= save contents from instance memory (RAM) to the EBS root volume
Instance Type: 2nd position
the generation of instance
Action
the type of action that will be allowed or denied
Version
version of the policy language, specifies language syntax rules
IAM policy contains...
version, statement, effect, action, resource
AWS Management Console
web-based interface for accessing and managing AWS services
Effect
will the policy allow or deny access
