Chapter 1 – AWS Overview
Chapter 2 – IAM
Chapter 3 – S3
Chapter 4 – S3 Versioning
Chapter 5 – S3 Cross Region Replication
Chapter 6 – S3 Life-Cycle Management
Chapter 7 – Amazon CloudFront
Chapter 8 – Amazon Storage Gateway
Recently I sat and passed the AWS Solutions Architect Associate exam. This set of blog posts are my notes that I took while studying, I am providing these in hopes that it will benefit you while you’re going through and studying for the AWS Solutions Architect Associate exam. These notes are a compilation of what I gathered while going through the A Cloud Guru course material. Enjoy!
Amazon Web Services Overview
16 Regions & 44 Availability Zones (December 2017)
Never tested on specific numbers.
No max RAM / vCPUs
Regions: A geographical area (London, Sydney, Tokyo)
Each Region consists of 2 ore more Availability Zones
Availability Zones: A data center or multiple data centers – Place resources across multiple Availability Zones
An Availability Zone (AZ) is a distinct location within an AWS Region. Each Region comprises at least two AZs.
Further information: https://aws.amazon.com/about-aws/global-infrastructure/
“Secret” zone is for the Intelligence
Edge Location: Endpoints for AWS which are used for caching content. Typically, this consists of CloudFront, Amazon’s Content Delivery Network (CDN). Edge locations cache pictures, video.
Currently 96 edge locations
AWS Services List and What They Do
- EC2 – Elastic Compute Cloud (Compute Cloud) VMs inside the AWS platform – Very First compute service.
- VMs – You can have physical dedicated machines under EC2
- EC2 – Container Services – Run and Manage Docker Containers at scale
- Elastic Beanstalk – Developers who don’t understand AWS – just focus on the code – auto provision – Developer Associate Course
- Lambda – Serverless
- Cloud you upload to the cloud and it runs
- No physical or VMs – just worry about the code
- Lambda function
- VPS (Virtual Private Server) – Don’t want to worry about any of the underlying AWS Services, Fixed IP, SSH (Linux) and RDP (Windows) – Very watered down version of EC2, just worry about the Operating System
- Batch – Not covered in any of the AWS Certification Exams
- Used if you want to do batch computing in the cloud
- S3 – Simple Storage Service – Oldest Storage Service, Object-Based Storage (Buckets) Upload files into Buckets in the Cloud
- S3 is object storage built to store and retrieve any amount of data from anywhere – web sites and mobile apps, corporate applications, and data from IoT sensors or devices. Further information: https://docs.aws.amazon.com/AmazonS3/latest/gsg/GetStartedWithS3.html
- EFS – Elastic File System – Network Attached Storage – Store files, mount to multiple VMs
- Glacier – Data Archival – every year or so – cheap.d
- Snowball – Bring in large amounts of data into the AWS data center – not broadband – write physically to disk and then import in manually
- Physical device that you get, transfer data to
- Storage Gateway – Virtual Appliances in which replicate into S3, there are 4 different types
- RDS – Relation Database Services – MySQL, SQL Server, Aurora (AWS) PostGres
- DynamoDB – Non relational databases
- DynamoDB is AWS’ No-SQL database service. Further information: https://aws.amazon.com/documentation/dynamodb/
- Elasticache – way of caching commonly queried things from your database server, store, top 10 products, have elasticache
- Red Shift – Data warehousing, business intelligence, profit loss – built for data warehousing
- AWS Migration Hub – Tracking Service, applications into AWS
- Application Discovery Service – Automated set of tools – finds apps and their dependencies
- Database Migration Service – Way of migrating databases on-premises into AWS.
- AWS Migration hub
- Server Migration Service – Helps you migrate VMs and Physical servers into AWS
- Snowball – In between storage and migration services, kinda both – Used for migrating large amounts of data into the cloud (TBs)
- VPC – Amazon Virtual Private Cloud – Virtual Data center, Firewall, Availability Zones, Network ACLs, Routing Tables (Entire VPC Section) – YOU NEED TO UNDERSTAND VPC in and out! FUNDAMENTAL
- A Virtual Private Cloud (VPC) is a virtual network dedicated to a single AWS account. It is logically isolated from other virtual networks in the AWS cloud, providing compute resources with security and robust networking functionality.
- Further information: https://docs.aws.amazon.com/gettingstarted/latest/awsgsg-intro/gsg-aws-compute-network.html
- CloudFront – Amazon’s Content Delivery Network – Media Assets, Video / Image Files – Users in Australia but files are in London – Cloud Front will store the files in Australia and not directly from London.
- Route 53 – Amazon’s DNS Service
- Route53 is AWS’ DNS service. The name is a portmanteau of Route 66, an American highway, and 53, the port used for DNS.
- Further information: https://aws.amazon.com/route53/
- API Gateway – A way of creating your own APIs for other services to talk to
- Direct Connect – Running dedicated line from HQ or Data center into Amazon, directly connects to your VPC
- YOU NEED TO UNDERSTAND VPC in and out!
- CodeStar – Way of getting a group of developers working together neatly, project managing your code, continues development chain
- CodeCommit – Place to store code, source control service, gitrepository
- CodeBuild – compile code and deliver
- CodeDeploy – deployment service, ec2 instances or on-prem and lambda
- CodePipe – Continuous Delivery
- X-Ray – Debug and analyze serverless applications
- Cloud9 – IDE – develop your code inside the AWS environment, web browser Integrated Development Environment – Acquisition that AWS made, private company – released at Re:invent 2017
- Cloud Watch – Monitoring service, bread and butter of sysops exam
- CloudFormation – Solutions Architect in Real-Life – way of scripting infrastructure – Cloud Formation Template to deploy a wordpress site – Reuse code to deploy in different VPC’s
- CloudTrail – Everytime you click in the AWS Mgmt Console, that is basically triggering an API call – Cloud Trail logs changes to your environment – On by default but only stores records for 1 week. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
- Further information: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-use
- Config – Cool – Monitors the configuration of your environment, point in time snapshots – visualize your AWS environment and see how its configured
- OpsWorks – Uses chef and puppet – a way of automating your environment, configuration
- AWS OpsWorks is a configuration management service that uses Chef, an automation platform that treats server configurations as code.
- Further information: https://docs.aws.amazon.com/opsworks/latest/userguide/welcome.html
- Service Catalog – Manage a catalog of IT Services, way of managing approved for use IT Servicees on AWS. Governance and Compliance
- Systems Manager – Manage AWS resources, EC2 mainly, Security Patches – Easier to use to manage lots of patches – departments (not in any exams yet)
- Trusted Advisor – Favorite in security associate, cloud practictioner – Trusted advisor and Inspector
- Multiple different disciplines, security, ports open, not using AWS services as much as you can – will tell you how to save money using AWS. Advice on AWS
- Managed Services – Offer AWS managed services for the AWS Cloud
- Elastic Transcoder – transcodes so video looks good on different devices
- MediaConvert – File based video transcoder with broadcast type features
- MediaLive – Live video processing service – video streams
- MediaPackage – prepares and protects for delivery over the internet
- MediaStore – storage service optimized for media, low latency
- MediaTailor -Targeted advertising into video streams without sacrificing quality
- SageMaker – deeeeep learning for developers (2017)
- Comprehend – Analysis around data, are [people saying good things about your product?
- DeepLens – Camera can figure out what exactly its looking at – not connecting to AWS backend – the camera actuall
- Physical piece of hardware you can buy
- Lex – What powers Amazon Alexa Service – Way of communicating with Customers – None in any exams yet.
- Machine Learning – Normal AI – entry level – Throw a dataset into AWS Cloud and Analyze with some results output. Amazon.com when you’re recommended new products
- Polly – Takes text and turns it into speech!
- Rekognition – Does video and images – upload video and it’ll tell you what’s in the image – gives you percentages on accuracy.
- Amazon Translate – Machine Translation Service – Just like Google Translate only Amazon’s version
- Transcribe – Closed Captions
- ATHENA – Run SQL Queries against S3 buckets – design a query that will go through object in the bucket and return the results – serverless, no servers. 2016
- EMR – Elastic Map Reduce – Used for processing large amounts of data, big data solutions, bunch of servers that chops your data into – Amazon EMR is a web service that makes it easy to process large amounts of data efficiently.
- Further information: https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-what-is-emr
- Cloud Search
- ElasticSearch Service
- Kinesis – Huge TOPIC –
- Kinesis Video Streams – A way of ingesting large amounts of data into AWS – Social Media Feeds, Tweets, #’tag – Kinesis will let you ingest.
- QuickSight – Business Intelligence tool (2016) BI Tool – Fraction of the cost 1/10 the cost of competitors Amazon QuickSight is a fast, cloud-powered business analytics service that makes it easy to build visualizations, perform ad-hoc analysis, and quickly get business insights from your data.
- Further information: https://docs.aws.amazon.com/quicksight/latest/user/welcome.html
- Data Pipeline – Moving data between different services
- Glue – very new 2017 – ETL Extract Transform Load – Data not always in the format you want – Glue transforms data into the format that you want.
SECURITY IDENTITY & COMPLIANCE
- IAM – Identity Access Management – KNOW THIS –
- Cognito – Device Authentication – Mobile App Authentication – Facebook, etc – Use Cognito to request access to specific resources in AWS MongoDB.
- GuardDuty – Monitors for malicious activity on your AWS account
- Inspector – Agent on VMs – EC2 – Run tests against it – Does my Ec2 instances have any vulnerabilities – Generate a report – a severity list, how severe
- Macie – Scan S3 buckets and search for PII Personally Identifiable Information, Social Security etc.
- Certificate Manager – SSL Certificates for FREE! Manage SSL
- CloudHSM – Hardware Security Module – Dedicated pieces of hardware to store your private / public keys and use keys to access EC2 instances – Encrypt objects on AWS – Used to be very expensive, now per hour billing.
- Directory Service – Integrate Active Directory with AWS
- Web Application Firewall – SQL injections, looking at the application layer (layer 7) user being malicious?
Shield – DDOS mitigation and Advanced Shield – 24×7 ($3k per month).
- Artifact – Audit and Compliance, portal for downloading AWS Compliance reports
- Mobile Hub – Mobile App and you can make a hub to create your own cloud configuration file, cloud sdk to connect to
- Pinpoint – use targeted push notifications
- AWS App Sync
- Device Farm – Test on Real-Life devices
- Mobile Analytics
AR / VR
- Augmented Reality and Virtual Reality
- Sumerian (CodeName) – First ever language that was written down –
- Readyplayer1 – book – says it’s a must read
- Step Functions
- Amazon MQ – Message Queues
- SNS – Simple Notification Service, billing alarms
- SQS – Decoupling infrastructure – uploads an image to the website, held in queue and then EC2 instance grabs and then removes from the queue –
- SWF – Simple Workflow Service – Used by Amazon – Creates a Workflow job
- Amazon Connect – Contact Center as a Service
- Simple Email Service – Sending large amounts of email, scalable, customizable, pay as you go
- Alexa for Business –
- Chime – Google Hangouts, Zoom – Video Conferencing
- Work Docs – Dropbox for AWS – Safely and Securely storing documents
- WorkMail – Office 365 for AWS, like gmail
DESKTOP & APP STREAMING
- Workspaces – VDI in the Cloud
- AppStream 2.0 – Streams application delivery over the web live to your device
- iOT – sensor management, video feeds, audio –
- iOT Device Management – managing at scale is tough.
- Amazon Free RTOS
- GameLift – Develop games in the cloud.
- Cloud Watch
- All Storage
- All Compute including ECS
- All Networking
- Cloud Formation
- Cloud Trail
- Trusted Advisor
- Directory Service
- Certificate manager
- Understand the difference between Region, AZ and Edge Location