General

Concepts

 Scalability – accommodate larger load:

o Vertical – increasing the size of an instance
o Horizontal - increasing the number of instances (Elasticity)
 Availability – purpose is to survive a data center loss (disaster)

Billing principles

 Pay as you go: pay for what you use, remain agile, responsive, meet scale
demands
 Save when you reserve: minimize risks, predictably manage budgets, comply
with long-terms requirements
 Pay less by using more: volume-based discounts
 Pay less as AWS grows

AWS Support Plans

 Basic – Customer service & communities

 Developer – All above + Cloud support associates
 Business – All above + Infrastructure Event Management
 Enterprise – All above + Technical Account Manager + Concierge Support
Team (for billing and account best practices)

AWS Support teams:

 Abuse Team - report AWS resources used for abusive or illegal purposes
 Security team – assist with security of services offered by AWS
 Concierge team - assist with billing and account management
 Customer Service team – assist with technology questions

Regions / Availability zones / etc

Compute

EC2 – Elastic Compute Cloud

Description

 Provides secure, resizable compute capacity in the cloud ((Infrastructure as a

service)
 Web-scale cloud computing easier for developers
 Allows choice of processor, storage, networking and operating system
 Instance - virtual server in Amazon's EC2 for running applications on AWS

EC2 Instance Types

  Compute – high performance computing (CPU)
 Memory – process large data sets in memory/cache (RAM)
 Storage - large data sets on local storage (Storage)

AMI - Amazon Machine Image

 Provides the information required to launch an instance

 An AMI includes:
o Instance storage and root template (operating system, application
server and applications)
o Launch permissions
o Volumes to attach to the instance
 EC2 Image Builder - automate the creation of Virtual Machines (AMIs)

EC2 storage options (explained in Storage section)

 EC2 Instance store - temporary storage for an instance

 EBS - Storing data on virtual drives for one instance
 EFS – Network file system for multiple instances
 S3 - Object storage to store and retrieve data from anywhere

Billing options

 On-Demand – short workload, predictable pricing, pay per use

 Reserved – long workloads, discount up to 70% (minimum 1 year):
o Convertible Reserved Instances: can change the instance type
o Scheduled Reserved Instances: available at a specific time
 Spot Instances – short workloads, cheap, can lose instances (less reliable)
 Dedicated Hosts – book an entire physical server, control instance placement
 Dedicated Instances - no other customers will share your hardware

Testing

 Penetration testing can be done without prior AWS authorization

ELB – Elastic Load Balancer

 Automatically distributes incoming application traffic across multiple EC2

instances, containers and IP addresses
 Perform health checks
 3 types: Application layer (HTTP traffic – L7), Network layer (TCP traffic –
L4), Classic (legacy)

ASG - Auto-Scaling group

 Automatically add or remove EC2 instances according to conditions defined

 Scale EC2 instances based on the demand on your system, replace unhealthy
 Integrated with the ELB
  3 types: manual, dynamic (input demand or schedule parameters), predictive
(use ML to predict traffic)

Lambda

 Run code without provisioning or managing servers (serverless)

 Automatically manages the underlying compute resources
 Pay only for the compute time you consume – run on demand
 It scales quicker than EC2 but is generally more expensive

Storage

EC2 Instance Store

 Provides temporary storage for an EC2 instance

 Located on disks that are physically attached to the host computer
 Ideal for temporary storage, such as caches or temporary content
 Content lost if stopped

EBS - Elastic Block Store

 File storage for EC2 instances for data that must be quickly accessible and
requires long-term persistence
 Network drives attached to one EC2 instance at a time
 Mapped to an Availability Zones
 EBS snapshots - backup of EBS volume & transfer across AZ

EFS – Elastic File System

 File storage for use with Amazon EC2 (like a shared folder)
 Highly scalable file storage system designed to provide flexible storage for
multiple EC2 instances
 Network file system attached on several EC2 instances in a region
 EFS-IA – Infrequent Access: Cost-optimized storage class for infrequent
accessed files

Amazon S3 – Simple Storage Service

 Object storage to store and retrieve data from anywhere (websites, mobile
apps, corporate applications, and data from IoT sensors or devices)
 Concepts: Buckets (folders) and Objects (files) tied to a region
 Features:
o Security: IAM policy, S3 Bucket Policy (public access), S3 Encryption
o Websites: host a static website on Amazon S3
o Versioning: multiple versions for files to roll-back
o Access logs: log requests made within your S3 bucket
o Replication: same-region or cross-region replication
 o Object Lock: Block an object version deletion
o Glacier Vault Lock: Lock policy of object deletion for future edits
o Lifecycle rules: move objects across different storage classes
 S3 Storage classes (for real-time data access):
o S3 Standard General Purpose - low latency and high throughput
o S3 Standard Infrequent Access (IA) - data that is less frequently
accessed
o S3 One Zone-Infrequent Access – same as above for but stored in only
one zone
o S3 Intelligent Tiering - Cost-optimized by automatically moving objects
between two access tiers – better for unpredictable access patterns
 S3 Glacier (for archive & backup)
o Glacier & Glacier Deep Archive - Low cost object storage, long retrieve
times

Amazon FSx – File system

 Launch, run, and scale feature-rich, high-performance file systems in the

cloud
 It has similarities in its concept with EFS
 Two options: Windows File Server and Lustre
o Windows File Server – Network File System for Windows servers
o Lustre – High Performance Computing Linux file system

AWS Storage Gateway

 Hybrid storage service that enables on-premises applications to use AWS

cloud storage
 Used to integrate AWS Cloud storage (e.g.: S3) with existing on-site
workloads

Database

RDS - Relational Database Service

 Set up, operate, and scale a relational database in the cloud

 Optimized for memory, performance or I/O
 Provides six database engines: Aurora (AWS proprietary DB), PostgreSQL,
MySQL, MariaDB, Oracle and MS SQL Server
 RDS is a managed service: Automated provisioning, OS patching, Continuous
backups, Monitoring dashboards, Disaster Recovery, Maintenance windows
for upgrades and Scaling capability

Aurora
  Set up, operate and scale a relational database based on MySQL and
PostgreSQL
 Aurora is a proprietary DB technology from AWS
 5x performance improvement over MySQL on RDS and 3x over Postgres
 Aurora costs more than RDS (20% more) – but is more efficient

DynamoDB

 Key-value database that delivers single-digit millisecond performance at any

scale (NoSQL database)
 It's a fully managed, multiregion database with built-in security, backup and
restore, and in-memory caching for internet-scale applications
 Scales to massive workloads with low latency
 Used for caching, message queuing, and user/session management
 Millions of requests per seconds, trillions of row, 100s of TB of storage

Amazon ElastiCache

 Web service that makes it easy to deploy, operate, and scale an in-memory
cache in the cloud
 Provide ultrafast and inexpensive access to copies of data

Analytics

Redshift

 Fast, scalable data warehouse

 Makes it simple and cost-effective to analyze data across data warehouses

EMR

 Provides a managed Hadoop framework

 Makes it easy, fast, and cost-effective to process vast amounts of data across
dynamically scalable Amazon EC2 instances

Athena

 Interactive query service to analyze data in Amazon S3 using standard SQL

 Athena is serverless, so there is no infrastructure to manage
 Pay only for the queries run

Migration & Transfer

AWS Snow (Snowcone, Snowball, Snowedge and Snowmobile)

Objective:

 Import data onto S3 through a physical device

  Used for Data migration and Edge computing
 AWS OpsHub – desktop application to manage Snow Family devices

Types of devices:

 Snowcone
o Small briefcase, less storage < 8 TB
o Petabyte-scale data transport solution
 Snowball
o Large suitcase, large storage > 80 Tb
o Petabyte-scale data transport solution
o Transfer large amounts of data into and out of AWS
 Snowbal Edge
o Data migration and edge computing device
o Two types of solutions: Storage Optimized (100 TB) and Compute
Optimized (52 vCPUs)
o To be used in environments with limited connectivity
 Snowmobile
o Truck, huge storage (exabytes)
o Exabyte-scale data transfer service
o Move extremely large amounts of data to AWS

AWS DMS – Database Migration Service

 Migrate databases to AWS easily and securely

 Source database remains operational during the migration, minimizing
downtime
 Supports homogeneous (Oracle to Oracle) and heterogeneous migrations
between different database platforms (Microsoft SQL Server to Aurora)

Networking

VPC – Virtual Private Cloud

 Provision a logically isolated section of the AWS Cloud

 Launch AWS resources in a virtual private network
 Allows selection of IP address, creation of subnets and configuration of route
tables and network gateways
 Leverage AWS Cloud as an extension of corporate data center by creating a
VPN connection between the data center and VPC

Direct Connect

 Establish a dedicated private network connection from your premises to AWS

 Offer better bandwidth throughput and better network experience
  Allows to use the same connection to access: Public resources and Private
resources (EC2 instances running within a VPC)

CloudFront

 Fast content delivery network (CDN) service

 Delivers data, videos and applications with low latency and high speed
 It uses a network of over +225 Edge locations that are connected to the AWS
Regions through a backbone network
 AWS peers with thousands of Tier 1/2/3 telecom carriers globally for
connectivity

Route 53

 It provides Managed DNS (Domain Name System)

 DNS is a collection of rules and records which helps understand how to reach
a server through URLs
 Route end users to Internet applications by translating human readable
names (www.example.com) into the numeric IP addresses (192.0.2.1) that
computers use to connect to each other

Management & Governance

AWS CloudWatch

 Monitoring and management service that provides metrics for all AWS
services
 Use CloudWatch for:
o Metrics: monitor the performance of AWS services and billing metrics
o Alarms: automate notifications based on metric
o Logs: collect log files from AWS services
o Events: react to events or trigger a rule on a schedule

AWS CloudTrail

 Enables governance, compliance and auditing of your AWS account

 Records AWS API calls for your account and delivers log files

Trusted Advisor

 Helps to reduce cost, increase performance, and improve security

 Provides real-time guidance to help provision resources

AWS CloudFormation

 Create and manage a collection of related AWS resources

 Infrastructure as code – changes to the infrastructure reviewed through code
 Create templates for AWS resources, dependencies and runtime parameters
  Allows for exact cost estimation and high productivity

AWS Config

 Enables to assess, audit, and evaluate the configurations of your AWS

resources
 Helps with auditing and recording compliance of your AWS resources
 Helps record configurations and changes over time

AWS Personal Health Dashboard

 Provides alerts and remediation guidance

 Personalized view into the performance and availability of the AWS services

AWS Systems manager

 Gives you visibility and control of your infrastructure on AWS

 Provides a unified user interface to view operational data from multiple AWS
services

Security

IAM – Identify Access Management

 Control access to AWS services and resources for your users

 Allows to create and manage:
o Users and groups to manage their access to AWS resources
o Roles and permissions to control which operations can be performed
 3 types:
o AWS Management Console: protected by password + MFA
o AWS Command Line Interface (CLI): protected by access keys
o AWS Software Developer Kit (SDK): protected by access keys

Amazon Inspector

 Automated Security Assessments for EC2 instances

 Analyze vulnerabilities and unintended network access

AWS Shield

 Managed Distributed Denial of Service (DDoS) protection service

 Safeguards web applications running on AWS
 Provides always-on detection and automatic inline mitigations that minimize
application downtime and latency

AWS Organizations

 Allows to manage multiple AWS accounts

 Helps customers centrally govern their environments as they grow and scale
  Manage billing, control access, compliance, and security

AWS WAF

 Firewall that helps protect your web applications from common web exploits

AWS Artifact

 Provides customers with on-demand access to AWS’ compliance

documentation and AWS agreements

Application integration

SQS – Simple Queue Service

 Send, store, and receive messages between software components

 Place messages into a queue to be run later (e.g.: delaying sent email)

SNS – Simple Notification Service

 Send notifications to subscribers of topics (text messages)

 Notifications are triggered by AWS services (e.g.: billing alarms)
 Notifications are sent via email, SMS, HTTP, etc.

Cost management

Cost and Usage Reports

 Contains the most comprehensive set of AWS cost and usage dataset
 Lists AWS usage for each service used by an account and its IAM users

Cost Explorer

 Visualize, understand, and manage your AWS costs and usage over time
 Create custom reports that analyze cost and usage data
 View current usage (detailed) and forecast usage
 Choose an optimal Savings Plan (to lower prices)

AWS Budgets

 Provide alerts when costs or usage exceed the budgeted amounts

 3 types of budgets: Usage, Cost, Reservation

AWS Management & Governance

AWS Pricing Models

AWS Shared Responsibility Model

AWS Security, Identity, & Compliance

AWS Database