AWS Developer [ACG Learning Path] – Part 1

Introduction to AWS

Security and Identity

• Data Protection
  • Amazon Macie: discover and protect sensitive data
  • AWS Key Management Service: store and manage encryption keys
  • AWS CloudHSM: Hardware based key storage
  • AWS Certificate Manager: provision, manage and deploy SSL and TLS security certificates
  • AWS Secrets Manager: rotate, manage and retrieve secrets
• Infrastructure Protection
  • AWS Shield: denial of service protection
  • AWS Web Application Firewall: filter malicious website traffic
  • AWS Firewall Manager: centrally manage firewall rules
• Threat Detection
  • Amazon GuardDuty: automatically detect threats
  • Amazon Inspector: analyze application security
  • AWS Config: record and evaluation configurations of your AWS resources
  • AWS CloudTrail: track use activity and API usage
• Identity Management
  • AWS IAM: securely manage access to AWS account services and resources
  • AWS Single Sign-on: implement cloud single sign-on
  • Amazon Cognito: manage identity inside applications
  • AWS Directory Service: implement and manage Microsoft Active Directory
  • AWS Organizations: centrally govern and manage multiple AWS accounts in one place

Compute

• Instance
  • Amazon EC2 (Elastic Compute Cloud): secure and resizable virtual machines in the cloud
  • Amazon EC2 Spot: run fault-tolerant workloads at 90% off the normal price
  • Amazon EC2 AutoScaling: automatically add or remove capacity based on demand
  • Amazon Lightsail: an easy-to-use cloud platform to build applications or websites
• Containers
  • Amazon ECS (Elastic Container Service): run secure, reliable and scalable containers
  • Amazon ECR: store, manage and deploy container images
  • Amazon EKS: fully managed Kubernetes service
• Serverless
  • AWS Lambda: a compute service to run code without servers
• Edge
  • AWS Outposts: run AWS service on-premises
  • AWS Snow Family: bring data into AWS
  • AWS Wavelength: access AWS services via 5G networks
  • VMWare Cloud on AWS: migrate VMWare workloads
  • AWS Local Zones: run latency sensitive applications closer to end users

• Elastic Compute Cloud (EC2)
  • Rent virtual computers
  • Choose from various types with different CPU, RAM and storage
  • Different optimizations are available as well
  • Pay by the hour or second
• AWS Lambda
  • Serverless compute service
  • Runs your code in response to events
  • Runs your code for you “somewhere”
  • Charged by the millisecond
    • Price depends on RAM use

Storage

• File Storage
  • Amazon EFS (Elastic File System): a scalable, elastic and cloud native Network file system
  • Amazon FSx for wWindows File Server: a fully managed file storage for Windows Server
• Block Storage
  • Amazon EBS: easy to use, high performance block storage
• Object Storage
  • Amazon S3 (Simple Storage Service): store and retrieve any amount of data from anywhere in the world
• Backup
  • AWS Backup: centrally manage and automate backups across AWS services
• Data Transfer
  • AWS Storage Gateway: provide on-premises access to unlimited cloud storage
  • AWS DataSync: easily transfer data to and from AWS up to 10 times faster than normal
  • AWS Transfer Family: transfer files to Amazon S3 using SFTP, FTP and FTPS

• Simple Storage Service (S3)
  • Industry leading durability: 11 9’s
  • Different storage classes:
    • Standard
    • Standard-Infrequent
    • One Zone-Infrequent
    • Glacier & Glacier Deep Archive
      • Data archival and long-term backup
      • $1/TB/month
      • Query-in-place functionality
      • Three retrieval options:
        • Standard – low cost
        • Bulk retrieval – cost effective for large amounts
        • Expedited – urgent retrieval
    • Intelligent Tiering
• Amazon Elastic Filesystem (EFS)
  • Highly available and durable
  • Built-in protection from AZ outages and other failures
  • Storage classes
    • Standard
    • Infrequent Access
  • Automatically grows and shrinks
  • Encrypted by default
• AWS Storage Gateway
  • Gives you access to virtually unlimited cloud storage on premises
  • Types
    • File Gateway: gives you SMB and NFS interfaces to S3
    • Tape Gateway: presents a virtual tape library on your local network
    • Volume Gateway: presents an iSCSI block storage volume to your on-premises application

Databases

• Relational Databases
  • Amazon Aurora: a mySQL and PostgreSQL compatible database built for the cloud
  • Amazon RDS: easily set up, use and scale multiple database engines
  • Amazon Redshift: a cloud data warehouse
• Key-Value Database
  • Amazon DynamoDB: fast and flexible NoSQL database for any scale
• In-Memory Databases
  • Amazon ElasticCache: managed, in-memory data store service for Redis, and Memocached
• Document Database
  • Amazon DocumentDB: MongoDB compatible fast, scalable, highly available document database

• Relational Database Service (RDS)
  • Easy to set up
  • Fully managed
  • Scalable
  • Automated backups
  • Automatic host replacement
  • Cost effective
• DynamoDB
  • Key-value document database
  • Single-digit millisecond performance
  • Fully managed
  • Works in multiple regions
  • Built-in security, backup and restore
  • Can handle more than 20,000,000 requests per second
  • Works great with serverless

Networking

• Cloud Network
  • Amazon VPC: define and provision an isolated network for your AWS resources
  • AWS Transit Gateway: connect VPSs and on-premises networks
  • AWS Privatelink: provide private connectivity between VPCs and on-premises applications
  • Amazon Route 53: host your own managed DNS
• Network Scaling
  • Elastic Load Balancing: automatically distribute network traffic across a pool of resources
  • AWS Global Accelerator: direct traffic through the AWS global network to improve global application performance
• Content Delivery
  • Amazon CloudFront: securely deliver data, videos and applications to customers globally with low latency and high transfer speeds

• Amazon Virtual Private Cloud (VPC)
  • Private gated community for your virtual machines and other services in AWS
  • Control flow:
    • NAT gateway
    • Internet gateway
    • Network access control list
• CloudFront
  • Content delivery network
  • Edge locations to reduce the delivery time
  • Increases security
  • Traffic spike protection
  • Lambda@Edge
  • Cost-effective
• Route 53
  • DNS services
    • DNS is kind of database, which IP addresses map to which domains
  • Policies
    • Simple Routing Policy
    • Weighted Policy
    • Geolocation Policy
    • Latency Policy
    • Failover Policy
    • Multi-value Answer Policy

Management and Governance

• Account Management Services
  • AWS Control Tower: set up and govern a secure multi-account AWS environment
  • AWS Organizations: centrally govern and manage your environments across multiple AWS accounts
  • AWS Budgets: improve your planning and cost control
• Provisioning Services
  • AWS CloudFormation: model and provision all your resources via code
  • AWS Service Catalog: create, organise and govern your own curated catalog of AWS products
  • AWS OpsWorks: automate operations with Chef and Puppet
  • AWS Marketplace: find, test, buy and deploy software that runs on AWS
• Operation Services
  • Amazon CloudWatch: observe your services via metrics and logging
  • AWS Config: record and evaluate configurations of AWS resources
  • AWS CloudTrail: track all user activity across your AWS accounts
  • AWS Systems Manager: optimize performance and security while managing a large amount of systems
  • Amazon X-ray: analyse and debug production applications

• CloudFormation
  • Version control
  • Automation
  • Scale
• CloudWatch
  • Monitoring and observability services for AWS
  • Collect metrics from services
  • Integrates with 70+ AWS services
  • Lots of pre-defined metrics
  • Collect and display in various graphs
  • Combined with Log Storage and Analysis
• Auto Scaling
  • Auto scaling group
  • Load Balancer
  • High availability
  • Better fault tolerance
  • Better cost management
  • EC2, DynamoDB, Aurora

Machine Learning

• ML AI
  • Amazon Kendra: intelligent search
  • Amazon Personalize: personalised recommendations
• ML Business Metrics
  • Amazon Lookout for Metrics: detect unexpected changes; eg revenue performance and customer retention, and identify root causes
  • Amazon Forecast: build accurate forecasting models
  • Amazon Fraud Detector: identify potentially fraudulent online activities
• ML Vision
  • Amazon Rekognition: analyse images and videos and extract meaning
• ML Language Services
  • Amazon Polly: turn text into life-like speech
  • Amazon Transcribe: add high quality speech to text capabilities to your application
  • Amazon Lex: easily build conversational agents or chat bots

• Rekognition
  • Object and Scene Detection
  • Image Moderation
  • Facial Analysis
  • Celebrity Recognition
  • Face Comparison
  • Text Extraction
  • Personal Protective Equipement (PPE) Detection
• DeepRacer
• CodeGuru
  • Help code review
  • Detect critical issues
  • Find security vulnerabilities
  • Point out hard-to-find bugs

AWS Certification Preparation Guide

• You remember things you understand

AWS Certified Cloud Practitioner (CLF-C01)

Foundations of Cloud Computing

• Cloud computing is the delivery of computing services over the internet
• Virtual Machines: virtualization lets you divide hardware resources on a single physical server into smaller units
• Usage: you pay only when you access it and only for what you use
• 6 Advantages
  • Go global in minutes
  • Stop spending money running and maintaining data centers
  • Benefit from massive economies of scales
  • Increase speed and agility
  • Stop guessing capacity
  • Trade capital expense for variable expense
• Benefits
  • High Availability
  • Elasticity
  • Agility
  • Durability
• Cloud Computing Models
  • Infrastructure as a Service
    • Building Blocks
    • Web Hosting
  • Software as a Service
    • Complete Application
    • Email Provider
  • Platform as a Service
    • Used by Developers
    • Storefront Website
• Cloud Deployment Models
  • Private Cloud
  • Public Cloud
  • Hybrid Cloud
• Region Characteristics
  • Fully independent and isolated
  • Resource and Service Specific
• Availability Zones (AZs)
  • Consists of one or more physically separated data centers
• Edge locations
  • Cache content for fast delivery to your users
  • Reduce latency

Technology

• EC2
  • Rent and manage virtual servers in the cloud
  • Access to an EC2 instance
    • AWS Management Console
    • Secure Shell (SSH)
    • EC2 Instance Connect (EIC) – no need to manage the SSH keys
    • AWS System Manager
  • Price Options
    • On-demand: fixed price, down to the second
    • Spot: cheapest
    • Reserved Instances (RIs): Instance commit to 1 or 3 years
    • Dedicated Hosts: gully dedicated to your instances
    • Savings plan: Compute usage for 1 or 3 years
  • Features:
    • Elastic loading balancing according to incoming application traffic
    • Auto Scaling, based on need and changing demand
• Lambda
  • Serverless compute service that lets you run code without managing servers
  • Features:
    • Supports popular programming languages
    • You author code using your favorite development environment or via the console
    • Lambda can execute code in response to events
    • Have a 15-minute timeout
  • Pricing Model
    • Compute time
    • Request count
    • Always free: 1 million free request every month
• AWS Fargate
  • A serverless compute engine for containers
• Amazon Lightsail
  • Allows you to quickly launch all the resources you need for small projects
• AWS Outposts (?)
  • Allows you to run cloud services in your internal data center
• AWS Batch
  • Allows your to process large workloads in smaller chunks (batches)
• S3
  • Objects (files) are stored in buckets (directories)
  • Regional service but has a global namespace
• EC2 Storage
  • Elastic Block Store (EBS)
    • A storage device (called a volume) that can be attached to or removed from instance
    • Data persists when the instance stops
    • Can only be attached to one instance in the same zone
  • Instance Store
    • A local storage that is physically attached to the host computer and cannot be removed
    • Temporary
    • Faster with hight I/O speeds
  • Elastic File System (EFS)
    • Serverless network file system for sharing files
    • Only supports the Linux file system
    • More expensive than EBS
    • Accessible across different Availability Zones in the same Region
• Storage Gateway
  • A hybrid storage service
  • Connect on-premises and cloud data
• AWS Backup
  • Manage data backups across multiple AWS services
• Content Delivery
  • A CDN is a mechanism to deliver content quickly and efficiently based on a geographic location
  • CloudFront
    • A CDN that delivers data and applications globally with low latency
    • Uses edge locations to cache content
  • Amazon Global Accelerator
    • Sends your users through the AWS global network when accessing content, speeding up delivery
  • S3 Transfer Acceleration
    • Improves content uploads and downloads to and from S3 buckets
• VPC and Subcomponents
  • VPC peering allows you to connect 2 VPCs together
    
• Route 53
  • A DNS service that routes users to applications
• Direct Connect
  • A dedicated physical network connection from on-premises data center to AWS
• VPN
  • Site-toSite VPN creates a secure connection between your internal network and AWS VPCs
• API Gateways
  • Allows you to build and manage APIs

• Databases
  • RDS
    • Relational databases
  • Aurora
    • Relational database compatible with MySQL and PostgreSQL
  • DynamoDB
    • NoSQL key-value and document database
  • Neptune
    • Fully managed graph database
  • ElastiCache
    • Fully managed in-memory datastore
  • DocumentDB
    • NoSQL compatible with MongoDB
• Migration and Transfer Services
  • Database Migration Service (DMS)
    • Migrate on-premises databases to AWS
    • Virtually no downtime
  • Server Migration Service (SMS)
    • Migrate on-premise servers to AWS
    • Server saved as a new Amazon Machine Image (AMI)
    • Use AMI to launch servers as EC2 instances
  • Snow Family
    • Transfer large amount of data
  • DataSync
    • Online data transfer
• Analytics Services
  • A data warehouse is a data storage solution that aggregates massive amounts of historical data from disparate sources
  • Data warehouses support querying, reporting, analytics and business intelligence. They are not used for transaction processing.
  • Amazon Redshift
    • Data consolidation for reporting
  • Athena
    • A query service for Amazon S3
  • Glue
    • Prepares your data fro analytics
  • Kinesis
    • Analyse data and video streams in real time
  • Elastic MapReduce
    • Process large amount of data
    • Using Hadoop
  • Data Pipeline
    • Move data between compute and storage services running either on AWS or on-premises
  • QuickSight
    • Visualise data
• Machine Learning
  • Rekognition
    • Automate image and video analysis
  • Comprehend
    • NLP
  • Polly
    • Turns text into speech
  • SageMaker
    • Build, train and deploy machine learning models quickly
  • Translate
  • Lex
    • Build conversational interfaces like chatbots
• Developer Tools
  • Cloud9
    • Integrated development environment
  • CodeCommit
    • Source control system for private Git repositories
  • CodeBuild
    • Build and test application source code
    • CI/CD
  • CodeDeploy
  • CodePipeline
    • Automates the software release process
  • X-Ray
    • Debug production applications
  • CodeStar
• Deployment and Infrastructure Management Services
  • Infrastructure as Code (IaC)
    • Write a script to provision AWS resources
  • CloudFormation
    • Allows you to provision AWS resources using IaC
  • Elastic Beanstalk
    • Allows you to deploy web applications and web services to AWS
  • OpsWorks
    • Allows you to use Chef or Puppet to automate the configuration of servers and deploy code
• Messaging and Integration Services
  • Loose coupling
    • Microservices
    • Connected but not dependent on each other
    • Queues are used to implement loosely coupled systems
  • Simple Queue Service (SQS)
    • Allows component-to-component communication using messages
    • Multiple components can add messages to the queue
    • Messages are processed in an asynchronous manner
  • Simple Notification Service (SNS)
    • Allows you to send emails and text messages from your applications
  • Simple Email Service (SES)
    • Allows you to send richly formatted HTML emails from applications
• Auditing, Monitoring and Logging Services
  • CloudWatch
    • A collection of services that help you monitor and observe your cloud resources
      • Alarms
      • Logs
      • Metrics
      • Events
  • CloudTrail
    • Tracks user activity and API calls within your account
• Additional Services
  • Amazon WorkSpaces
    • Allows you to host virtual desktops in the cloud
  • Amazon Connect
    • Cloud contact center service

Security and Compliance

• Shared Responsibility Model
  • AWS is responsible for protecting and securing their infrastructure
  • Customer responsible for how the services are implemented and managing application data
  • EC2 Shared Responsibility Model
    • AWS
      • EC2 Service
      • Patching the host operating system
      • Security of the physical server
    • You
      • Installed applications
      • Patching the guest operating system
      • Security controls
    • Lambda
      • AWS
        • Lambda service
        • Upgrading Lambda languages
        • Lambda endpoints
        • Operating system
        • Underlying infrastructure
        • Software dependencies
      • You
        • Security of code
        • Storage of sensitive data
        • IAM for permissions
• Well-Architected Framework
  • 5 pillars describe design principles and best practices for running workloads in the cloud
    • Operational Excellence
    • Security
    • Reliability
    • Performance Efficiency
    • Cost Optimization
• IAM Users
  • Principle of least privilege
• Application Security Services
  • WAF (Web Application Firewall)
    • Helps protect web applications against common web attacks
  • Shield
    • A managed Distributed Denial of Service protection service
  • Macie
    • Helps discovering and protecting sensitive data
  • Config
    • Allows to assess, audit and evaluate the configurations of resources
  • GuardDuty
    • An intelligent threat detection system that uncovers unauthorized behavior
  • Inspector
    • Works with EC2 instances to uncover and report vulnerabilities
  • Artifact
    • Offers on-demand access to AWS security and compliance reports
  • Cognito
    • Helps controlling access to mobile and web applications
• Data Encryption and Secrets Management Services
  • KMS (Key Management Service)
    • Generate and store encryption keys
  • CloudHSM
    • A hardware security module used to generate encryption keys
  • Secrets Manager
    • Manage and retrieve secrets (PWs or keys)

Pricing, Billing and Governance

• Understanding AWS Pricing
  • Resources
    • Compute
    • Storage
    • Outbound data transfer
  • Free Offer Types
    • 12 months free
    • Always free
    • Trials
  • EC2
    • On-Demand
    • Savings Plan
    • Reserved Instances
    • Spot Instances
    • Dedicated Hosts
  • Lambda
    • Number of requests
    • Code execution time
    • Always free
  • S3
    • Storage class
    • Storage
    • Data transfer
    • Request and data retrieval
  • RDS
    • Running clock hours
    • Type of database
    • Storage
    • Purchase type
    • Database count
    • API requests
    • Deployment type
    • Data transfer
  • Total Cost of Ownership (TCO)
  • Application Discovery Service
    • Plan migration projects to the AWS Cloud
  • Price List API
    • Query the price of AWS services
• Billing Services
  • Budgets
    • Set custom budgets that alert you when costs or usage exceed budgeted amount
    • Types
      • Cost Budgets
      • Usage Budgets
      • Reservation Budgets
  • Cost and Usage Report
    • Contains the most comprehensive set of cost and usage data
  • Cost Explorer
    • Visualize and forecast costs and usage over time
  • Cost Allocation Tags
    • Useful for tracking costs
• Governance Services
  • Organizations
    • Centrally manage multiple AWS accounts under one umbrella
  • Control Tower
    • Ensure your accounts conform to company-wide policies
  • Systems Manager
    • Gives visibility and control over AWS resources
  • Trusted Advisor
    • Provides real-time guidance to help provision resources following AWS best practices
• Management Services

Serverless Concepts

• Multi-tier Architecture
  • Presentation
  • Application
  • Data
• Backend as a Service
  • A bunch of APIs that are hosted by the cloud
• Function as a Service
  • Provide code to be executed in the cloud by event-triggered containers that are dynamically allocated and ephemeral in nature
• Serverless Architecture
  • A runtime architecture where infrastructure is entirely managed by a cloud service provider and resources are dynamically allocated on demand for a given unit of business logic
  • Benefits
    • Remove burden of infrastructure management
    • Built-in Scaling
    • Reduced operational costs
    • Simplified Deployment
  • Drawbacks
    • Must keep less used applications warmed up
    • Easy to become vendor locked
    • Multi-tenancy concerns
    • No ability for infrastructure optimization
    • Monitoring can be complicated
• API Proxy & Gateway
  • API Proxy: An http server that allows decoupling from backend services by routing calls to certain endpoints
  • API Gateway: An API Proxy which provides advanced features such as authentication, input validation, monitoring and advanced request routing
• Serverless Technologies
  • AWS Lambda
  • Azure Functions
  • Google Cloud Functions