https://catalog.workshops.

aws/aws101/en-US/1-getting-started/01-architecture

During Modules 1–10, you build your AWS Cloud knowledge by learning about AWS Cloud concepts,

AWS services, security, architecture, pricing, and support.

 The lessons in each module include videos, supporting information, and links to additional

resources that further your understanding of AWS services.

 The knowledge checks and quizzes are opportunities to review the key concepts that were

covered in each module. After answering each question, review the detailed answer

explanations and external links to reinforce your understanding of the concepts.

In the final Module 11, you learn about the structure of the AWS Certified Cloud Practitioner exam. You

also review strategies that help you to increase the probability of passing the exam.

You then conclude the course with a final 30-question assessment.

Module 1: Introduction to Amazon Web Services.

 Course Overview:

o Covers essential AWS knowledge.

o Explains AWS benefits for businesses.

o Focuses on fundamental cloud compute model.

 AWS Service Breadth:

o Offers a massive range of services.

o From basic (compute, storage, network security) to complex (blockchain, AI, robotics,

specialized tools).

o Course focuses on fundamentals.

 Client-Server Model:

o Core concept in modern computing.

o Coffee shop analogy used to illustrate (customer/barista).

 o AWS equivalent: EC2 (Elastic Compute Cloud), a virtual server.

o User requests, server responds.

 Pay-as-you-go Model:

o Key AWS concept.

o Pay only for what you use (like a coffee shop paying staff only for hours worked).

o Contrasts with on-premises data centers (fixed capacity, potential waste).

o AWS allows scaling resources up or down as needed.

 Cloud Computing Definition:

o On-demand delivery of IT resources over the internet with pay-as-you-go pricing.

o On-demand: Resources available when needed, no pre-planning required.

o Flexibility: Scale resources quickly, return them when not needed.

 AWS Philosophy:

o Provides a wide range of IT resources because businesses need them.

o Focuses on "undifferentiated heavy lifting": Handles common, repetitive IT tasks (e.g.,

database engines).

o Businesses can focus on unique aspects.

 Access and Pricing:

o Resources accessed over the internet (secure console or programmatically).

o No extra contracts or sales calls.

o Pay-as-you-go: Only pay for resources used (e.g., avoid paying for developer

environments on weekends).

Module 2 compute in the cloud

 Amazon EC2 (Elastic Compute Cloud) Overview:

o Provides virtual servers (instances) in the cloud.

o Essential for businesses needing compute capacity to power applications.

 o Replaces the need for owning and managing physical servers.

 Benefits of EC2 vs. On-Premises Servers:

o EC2: Flexible, cost-effective, quick setup. AWS handles infrastructure.

o On-Premises: High upfront costs, long setup times (research, purchase, delivery,

installation, configuration).

o EC2 eliminates the burden of physical server management.

 EC2 Operation:

o AWS manages massive compute capacity.

o Users request EC2 instances, which launch within minutes.

o Instances can be easily stopped or terminated when no longer needed.

o Pay-as-you-go model: Only pay for running instances.

 Multitenancy and Hypervisors:

o EC2 uses virtualization technology.

o Multiple instances (virtual machines) share physical hosts.

o Hypervisor manages resource sharing and isolates instances for security.

o AWS manages the hypervisor; multitenancy is transparent to the user.

 EC2 Flexibility and Control:

o Choose operating system (Windows or Linux).

o Provision thousands of instances on demand.

o Configure software: Run any applications (internal, web, databases, third-party).

o Resizable instances: Vertically scale (increase/decrease resources like CPU, memory) as

needed.

o Control networking: Define access (public/private) and manage requests.

 EC2's Impact:

o Simplifies server acquisition and management.

 o Enables faster innovation for programmers and businesses.

o More to learn about EC2 beyond virtualization and software configurations.

 EC2 Instance Types Overview:

o Different types of EC2 instances are available, each optimized for specific tasks.

o Analogy: Just like a coffee shop needs different employees (cashier, barista, etc.), AWS

offers various instance types.

o Each instance type belongs to an instance family.

 Instance Families:

o General Purpose: Balanced compute, memory, and networking. Suitable for diverse

workloads (web servers, code repositories).

o Compute Optimized: Ideal for compute-intensive tasks (gaming servers, high-

performance computing, scientific modeling).

o Memory Optimized: Designed for memory-intensive applications.

o Accelerated Computing: Uses hardware accelerators for tasks like floating-point

calculations, graphics processing, and data pattern matching.

o Storage Optimized: Optimized for workloads requiring high performance for locally

stored data.

 Coffee Shop Analogy Revisited:

o Cashier: Memory optimized instance.

o Barista: Compute optimized instance.

o Latte art employee: Accelerated computing instance.

 EC2 Pricing Options: Several options exist to cater to different usage patterns and budgets.

 On-Demand:
 o Pay only for the instance's running duration (per hour or per second).

o No long-term commitments or upfront payments.

o Best for initial exploration, testing, and establishing usage baselines.

 Savings Plans:

o Lower prices in exchange for a commitment to consistent usage (dollars per hour) for 1

or 3 years.

o Savings up to 72% on compute usage.

o Flexible: Applies across instance families, sizes, OS, regions, Fargate, and Lambda.

 Reserved Instances:

o Discounted pricing (up to 75% off On-Demand) for steady-state, predictable workloads.

o Requires a 1 or 3-year commitment.

o Payment options: All Upfront, Partial Upfront, No Upfront.

 Spot Instances:

o Request spare EC2 capacity for up to 90% off On-Demand price.

o AWS can reclaim instances with a 2-minute warning.

o Suitable for interruptible workloads (e.g., batch jobs).

 Dedicated Hosts:

o Physical hosts dedicated to a single user.

o Used for compliance requirements.

o No shared tenancy on the host.

 Scalability and Elasticity: AWS's key benefit: adjusting capacity to meet changing business

needs.

 On-Premises Data Center Dilemma:

o Balancing hardware purchase: Too little for peak times, too much for average use.
 o Buying for average usage: Risk of service disruption during peak loads.

o Buying for peak usage: Wasteful spending on idle resources (low utilization).

o On-premises solutions struggle to address this efficiently.

 AWS Solution:

o Provision resources exactly to match demand (hourly, daily).

o Happy customers (always get service) and happy finance team (good ROI).

 High Availability and Redundancy:

o Decoupled system: Order taking (Morgan) separate from drink making (Rudy).

o Plan for failure: Create redundant instances (multiple Morgans) to avoid single points of

failure.

o If one instance fails, others take over seamlessly, maintaining service.

o Redundancy also applied to backend processing instances.

 Handling Demand Spikes (Elasticity):

o System now highly available, but needs to also scale with demand. (This is the next topic

to be covered, implied but not detailed in this segment.)

 Traffic Management Challenge: Uneven distribution of traffic to EC2 instances can lead to

some instances being overloaded while others are idle. Similar to customers lining up at one

cashier in a coffee shop while others are free.

 Solution: Load Balancing: Distributes incoming requests evenly across EC2 instances. A

"host" directing customers to the shortest line is the analogy.

 Elastic Load Balancing (ELB):

o Managed AWS service for load balancing.

o Addresses the "undifferentiated heavy lifting" of load balancing.

o Regional Construct: Runs at the regional level, providing automatic high availability.
 o Automatic Scalability: Handles traffic growth without manual intervention or cost

changes.

o Integration with Auto Scaling: Seamlessly integrates with EC2 Auto Scaling. ELB is

notified of new instances and removes terminated instances from the pool.

o External and Internal Traffic: Used for both external (internet-facing) and internal

traffic (between application tiers).

 Internal Load Balancing Example:

o Front-end instances communicate with back-end instances.

o Without ELB: Each front-end instance needs to know about every back-end instance,

creating a complex network.

o With ELB: Front-end instances communicate with a single ELB URL. ELB distributes traffic

to back-end instances.

o Decoupled architecture: Front-end instances are unaware of the number of back-end

instances. ELB handles the distribution and scaling.

 Benefits of ELB:

o Improved traffic distribution.

o Increased availability and fault tolerance.

o Simplified management.

o Scalability.

 Next Steps: ELB is one method for back-end communication. Other services may be more

suitable for certain architectures (topic of the next video).

 Messaging and Queuing: Improves application communication by introducing a buffer.

 Tightly Coupled vs. Loosely Coupled Architectures:

o Tightly Coupled: Components communicate directly. Failure in one component affects

 others. (Analogy: Cashier hands order directly to barista; if barista is busy, cashier is

blocked).

o Loosely Coupled: Components communicate through a buffer (message queue). Failure

in one component doesn't disrupt others. (Analogy: Cashier puts order on an order board;

barista picks it up when ready).

 Benefits of Loosely Coupled Architectures:

o Increased reliability and fault tolerance.

o Improved scalability.

o Greater flexibility.

 AWS Services for Messaging and Queuing:

o Amazon Simple Queue Service (SQS):

 Sends, stores, and receives messages between application components.

 Messages (coffee orders) are placed in queues (order board) until processed.

 AWS manages the queue infrastructure (scalable, reliable, easy to use).

 Messages contain a payload (order details) and are protected.

o Amazon Simple Notification Service (SNS):

 Sends messages to services and notifications to end-users.

 Uses a publish/subscribe (pub/sub) model.

 Messages are published to a topic (channel), and subscribers receive them.

 Subscribers can be SQS queues, Lambda functions, webhooks, or end-users (via

mobile push, SMS, email).

 Example: Notifying a customer via SMS when their coffee order is ready.

 EC2 Instances:

o Flexible, reliable, scalable virtual machines.

 o Suitable for a wide range of use cases.

o Requires management (patching, scaling, high availability architecture).

 Serverless Computing:

o AWS offers serverless compute options for simplified management.

o No access to underlying infrastructure (instances).

o AWS handles provisioning, scaling, high availability, and maintenance.

 AWS Lambda:

o Serverless compute service.

o Upload code as Lambda functions.

o Configure triggers to execute code.

o Automatically scalable and highly available.

o AWS manages the environment.

o Designed for short-running code (under 15 minutes).

o Suitable for web backends, request handling, event processing.

 Container Services:

o For efficient and portable application deployment.

o Docker Containers: Package applications with dependencies and configurations.

o Container Orchestration: Managing containers (starting, stopping, restarting,

monitoring).

 Amazon Elastic Container Service (ECS):

o Container orchestration service.

o Simplifies running containerized applications at scale.

 Amazon Elastic Kubernetes Service (EKS):

o Container orchestration service (using Kubernetes).

 AWS Fargate:
 o Serverless compute platform for ECS and EKS.

o Eliminates the need to manage EC2 instances for containers.

 Compute Options Summary:

o EC2: Traditional applications, full OS access.

o Lambda: Short-running functions, serverless.

o ECS/EKS: Containerized workloads. Choose ECS or EKS as your orchestration tool. Then

choose EC2 (managed instances) or Fargate (serverless) as your platform.

 Cloud Computing:

o On-demand delivery of IT resources (compute, networking, storage, etc.) over the

internet.

o Pay-as-you-go pricing: Pay only for resources consumed.

 AWS Services (Review):

o Amazon EC2:

 Dynamically provision and manage virtual servers (EC2 instances).

 Instance families (general purpose, compute optimized, memory optimized,

accelerated computing, storage optimized) cater to different workloads.

 Scaling: Vertical (resizing) and horizontal (adding instances).

 Amazon EC2 Auto Scaling: Automates horizontal scaling.

 Elastic Load Balancer (ELB): Distributes traffic across EC2 instances.

 EC2 Pricing Models: On-Demand, Spot, Reserved Instances, Savings Plans.

o Messaging Services:

 Amazon SQS: Decouples system components; messages stored in queues until

consumed.

 Amazon SNS: Sends messages (emails, texts, notifications, HTTP requests) to

 subscribers via a publish/subscribe model.

o Container Services:

 Amazon ECS: Container orchestration tool.

 Amazon EKS: Container orchestration tool (Kubernetes).

 AWS Fargate: Serverless compute platform for containers (eliminates EC2

management).

o AWS Lambda: Serverless compute; upload code, configure triggers, pay only for

execution time. No VM or container management.

 High Availability: Ensuring continuous service availability even during disruptions.

 Coffee Shop Analogy:

o Parade blocks access to the main coffee shop location.

o Solution: Multiple locations across the city ensure customers can still get coffee.

 AWS Global Infrastructure:

o Not just one or two data centers, but many.

o Operates in multiple regions around the world.

o Provides high availability and fault tolerance.

o If one region experiences an issue, services can failover to another.

 Key Takeaway: AWS's global infrastructure, with its multiple regions, is designed for high

availability, similar to the coffee shop chain with multiple locations. This ensures service

continuity even in the face of disruptions.

 Data Residency and Sovereignty: Data must live and operate somewhere. 1 AWS allows

companies to run applications in data centers they don't own. 2 A key concern is what happens in

a data center disaster.

 Traditional Data Center Challenges: Disaster recovery is difficult and expensive (duplicate

hardware, real estate, staffing, etc.). Backups are often the primary strategy, but "hope" is not a

good plan.

 AWS Regions:

o AWS data centers are grouped into Regions (e.g., Paris, Tokyo, Sao Paulo, Dublin, Ohio). 3

o Each Region has multiple data centers with compute, storage, and other services. 4

o Regions are connected by a high-speed fiber network.5

 Region Selection: The business chooses which Region to use.

 Data Isolation: Data within a Region never leaves without explicit permission. Crucial for

security and compliance.

 Data Sovereignty: Data is subject to the local laws of the Region's location.

 Four Factors for Choosing a Region:

o Compliance: Mandatory requirements (e.g., data must stay within specific country

borders).6 This overrides all other factors.

o Proximity: Closer to customers = lower latency.7 Important for performance.

o Feature Availability: New AWS services may not be available in all Regions

immediately.8

o Pricing: Operational costs vary by Region (taxes, etc.), resulting in different pricing

structures.9

 Serving Global Customers: Proximity to customers is important, but what if customers are

geographically dispersed?

 Content Delivery Networks (CDNs): Cache copies of data closer to customers worldwide.

 Amazon CloudFront: AWS's CDN service.

o Delivers data, video, applications, and APIs globally with low latency and high transfer
 speeds.

o Uses Edge locations around the world.

 Edge Locations:

o Separate from Regions.

o Content is pushed from Regions to Edge locations.

o Used by CloudFront to accelerate communication and delivery.

o Also used by Amazon Route 53 (DNS) for low-latency routing.

 AWS Outposts:

o Brings a fully operational AWS "mini-Region" into a customer's own data center.

o Owned and operated by AWS.

o For specific use cases requiring on-premises infrastructure.

 Key Takeaways about AWS Global Infrastructure:

o Regions: Geographically isolated areas for accessing AWS services.

o Availability Zones (AZs): Contained within Regions. Physically separated buildings

(tens of miles apart) for high availability and disaster recovery, while logically unified for

your application.

o Edge Locations: Run CloudFront to bring content closer to global customers.

 Interacting with AWS Services: Primarily done through APIs (Application Programming

Interfaces). Everything in AWS is an API call.

 API Calls: Used to provision, configure, and manage AWS resources (e.g., launching EC2

instances, creating Lambda functions).

 Methods for Interacting with AWS:

1. AWS Management Console:

 Browser-based interface for visual management of resources.

  Great for learning, testing, and non-technical tasks.

 Not ideal for production due to manual, point-and-click nature, which is prone to

human error.

2. AWS Command Line Interface (CLI):

 Command-line tool for making API calls via the terminal.

 Allows scripting and automation of AWS actions.

 Reduces human error and enables repeatable processes.

 Essential for production environments.

3. AWS Software Development Kits (SDKs):

 Language-specific libraries for interacting with AWS resources through code.

 Simplifies development by providing higher-level abstractions of the APIs.

 Enables developers to build programs that integrate with AWS.

 Review of AWS Global Infrastructure:

o Availability Zones (AZs): Logical clusters of data centers.

o Regions: Made up of AZs, spread globally.

o Best practice: Deploy across at least two AZs for redundancy.

o Some services (ELB, SQS, SNS) automatically handle multi-AZ deployment. 1

o Edge Locations: For content deployment (CloudFront) to speed up delivery. 2

o AWS Outposts: AWS infrastructure in customer data centers.3

 Provisioning AWS Resources:

o AWS Management Console: Visual interface.4

o SDKs: Programmatic interaction (various languages).5

o CLI: Command-line interface.6

o AWS Elastic Beanstalk: Platform for deploying and scaling web applications. 7
 o AWS CloudFormation: Infrastructure as code.8

 Key Takeaways:

o AWS's global reach and availability.

o Ease of provisioning resources.

 Amazon Virtual Private Cloud (VPC): Logically isolated section of the AWS Cloud. Allows you

to define your own virtual network and launch resources within it.

 Subnets: Ranges of IP addresses within a VPC. Resources are grouped into subnets.

 Public Subnets: Resources have internet access (e.g., cashier in the coffee shop analogy,

handling customer orders).

 Private Subnets: Resources have no internet access (e.g., baristas focused on making coffee,

back-end databases and application servers).

 Key Analogy: Coffee shop with cashiers (public subnet) interacting with customers and baristas

(private subnet) focused on their tasks. VPC provides this separation and control over access.

 VPC (Virtual Private Cloud): Your private network in AWS. EC2 instances, ELBs, etc., reside

within it.

 Subnets: Grouping of IP addresses within a VPC. Control public/private access.

 Controlling Traffic into a VPC:

o Internet Gateway (IGW): "Front door" for public-facing resources. Allows internet traffic

to/from the VPC (e.g., for public websites). Analogy: Coffee shop's front door.

o Virtual Private Gateway (VGW): "Private doorway" for internal resources. Creates a

VPN connection between your on-premises network and the VPC. Analogy: Private bus

route for employees only.

o AWS Direct Connect: Dedicated, private fiber connection from your data center to
 AWS. Highest security and lowest latency. Analogy: Secret magic doorway.

 Key Points:

o VPCs are isolated networks.

o Subnets control public/private access within a VPC.

o Different gateways cater to different connectivity needs.

o A single VPC can have multiple gateways.

 VPC Security: A VPC is a "fortress," but perimeter security is only one aspect. AWS offers

comprehensive security tools at every layer.

 Network Access Control Lists (NACLs):

o Act as "passport control officers" at subnet boundaries.

o Check traffic entering and leaving a subnet.

o Stateless: Evaluates every packet, regardless of context.

o Can block traffic based on source/destination IP and port.

 Security Groups:

o Instance-level security (like a "doorman" at each EC2 instance).

o By default, all inbound traffic is blocked.

o Allow specific traffic types (e.g., HTTPS for web servers).

o Stateful: Remembers connections and allows return traffic automatically.

 Key Differences: NACLs vs. Security Groups:

| Feature | NACL (Network ACL) | Security Group | |-----------------|-------------------------|-----------------------------|

| Level | Subnet | Instance | | Direction | Inbound and Outbound | Inbound (Outbound default allow) | |

Stateful/Stateless| Stateless | Stateful | | Analogy | Passport Control | Doorman |

 Packet Flow Example (Instance A to Instance B, different subnets):

o Instance A's Security Group (outbound): Allows all outbound.

 o Instance A's NACL (outbound): Checks against its rules.

o Instance B's NACL (inbound): Checks against its rules.

o Instance B's Security Group (inbound): Checks against its rules.

o Return traffic follows a similar path, with Security Groups remembering the connection

(stateful) and NACLs checking each packet (stateless).

 Security in Depth: Use both NACLs and Security Groups for comprehensive network security.

 Customer Interaction with AWS: Primarily through websites and applications.

 Amazon Route 53 (DNS):

o Translates website names (e.g., www.example.com) into IP addresses (e.g., 192.1.1.1).

o Highly available and scalable.1

o Routing Policies:

 Latency-based routing: Directs traffic to the closest AWS Region based on

latency.2

 Geolocation DNS: Routes traffic based on the user's location (e.g., North

America to Oregon, Ireland to Dublin).3

 Geoproximity: Routes traffic based on how geographically close users are to

resources.4

 Weighted round robin: Distributes traffic across multiple resources based on

assigned weights.5

o Domain Registration: Allows buying and managing domain names. 6

 Amazon CloudFront (CDN):

o Speeds up website asset delivery (images, GIFs, etc.).7

o Uses Edge locations to cache content closer to users. 8

o Example:
  Seattle user accesses website; static assets delivered from CloudFront Edge

location in North America.

 Dublin user accesses the same website; static assets delivered from CloudFront

Edge location in Dublin.

o Improves latency and user experience.9

 AWS Networking Simplified: Focus shifts from complex topology to defining communication

permissions. If you can answer "who should be allowed to communicate with whom," you can

set up your AWS network.

 Key Networking Concepts Covered:

o VPC (Virtual Private Cloud): Isolates your workload in AWS.

o Network Security Fundamentals:

 Gateways: Control traffic in/out of the VPC.

 Network ACLs (NACLs): Stateless packet filtering at subnet boundaries.

 Security Groups: Stateful packet filtering at the instance level.

o Connectivity Options:

 VPN: Encrypted connection over the internet.

 Direct Connect: Dedicated, private fiber connection.

o Global Networks:

 Edge Locations: Serve content closer to users (CloudFront).

 Route 53: DNS service.

 Key Takeaway: This module provides a foundational understanding of AWS networking,

focusing on the essential components needed to get a business started. It's not exhaustive, but

it covers the core building blocks.

 Growing Coffee Shop Analogy: Successful, scalable, and secure coffee shop operation.

 Customer Loyalty Program: Need to track customer orders and purchases for rewards and

analysis.

 Requirement: Databases and storage solutions are needed to manage customer data

effectively.

 Key Challenge: Choosing the right database and storage solution for different data types and

usage needs. This will be the focus of the upcoming module.

 EC2 Instance Storage Needs: Applications running on EC2 instances require access to CPU,

memory, network, and storage.

 Block-Level Storage:

o Stores files as blocks on a disk.

o Efficient for applications like databases, enterprise software, and file systems.

o Analogy: Your laptop's hard drive.

 Instance Store Volumes:

o Local storage physically attached to the EC2 host.

o Data is ephemeral: Deleted when the instance is stopped or terminated.

o Useful for temporary files, scratch data, or easily recreated data.

 Amazon Elastic Block Store (EBS):

o Provides persistent block storage volumes (EBS volumes) that can be attached to EC2

instances.

o Data on EBS volumes persists even if the instance is stopped or terminated. 1

o Volumes come in various sizes and types.

o Process: Define size/type/configuration, provision the volume, attach it to the EC2

instance.
 EBS Snapshots:

o Incremental backups of EBS volumes.

o Essential for data protection and disaster recovery.

o Allows restoring data from a previous point in time.

 Amazon S3 (Simple Storage Service): Object storage service for storing and retrieving

virtually unlimited data at any scale.

 Core Concepts:

o Objects: Files (series of bytes). Max size: 5TB.

o Buckets: Containers for objects (like file directories).

o Versioning: Retain previous object versions to protect against accidental deletion.

o Permissions: Control access to objects and buckets.

 S3 Storage Classes (Tiers): Different tiers for different use cases.

o S3 Standard: High durability (11 nines), data stored in at least three facilities. Suitable

for frequently accessed data. Also used for static website hosting.

o S3 Standard-IA (Infrequent Access): For less frequently accessed data that needs

rapid retrieval (backups, disaster recovery files).

o S3 Glacier Flexible Retrieval: For long-term archiving (audit data). Retrieval times

from minutes to hours. Vault lock policies for compliance (WORM - Write Once, Read

Many).

o Other storage classes exist (S3 One Zone-IA, S3 Glacier Instant Retrieval, S3 Glacier Deep

Archive).

 S3 Lifecycle Policies:

o Automate data movement between storage tiers based on defined rules (e.g., move data

from S3 Standard to S3-IA after 90 days, then to Glacier after 120 days).
 o Reduces management overhead.

 Static Website Hosting: Host static websites directly from S3 buckets.

 Amazon Elastic File System (EFS): Managed file system service.

 Use Case: Shared file systems for applications (e.g., multiple servers analyzing data). Replaces

the need for managing on-premises file servers.

 Benefits:

o AWS handles scaling and replication.

o Multiple EC2 instances can access the EFS file system concurrently.

o Automatic scaling: Storage grows as needed.

 EFS vs. EBS:

| Feature | EFS | EBS | |----------------------|----------------------------------------|------------------------------------------| |

Access | Multiple instances concurrently | Single instance (per volume) | | Scaling | Automatic, scales as

data grows | Manual provisioning, fixed size | | Scope | Regional (accessible from any AZ in region) |

Availability Zone (AZ) specific | | Type | File system (Linux) | Block storage (hard drive) | | Use Cases |

Shared file systems, big data analytics | Databases, application storage, boot volumes |

 Relational Databases (RDBMS): Used when data relationships need to be maintained (e.g.,

customer orders and purchase history).

 Key Concepts:

o Data stored in tables.

o Tables related through common attributes.

o Data queried using SQL.

 Supported Database Engines: MySQL, PostgreSQL, Oracle, Microsoft SQL Server, and others.

 Migration Options:
 o Lift-and-Shift to EC2: Migrate existing database to run on EC2 instances. Maintains

control over OS, memory, CPU, storage. Quickest cloud entry.

o Amazon Relational Database Service (RDS): Managed database service. Supports

major engines. Provides automated patching, backups, redundancy, failover, and disaster

recovery. Frees up database administrators to focus on business needs.

o Amazon Aurora: AWS's most managed relational database option (MySQL and

PostgreSQL compatible). Cost-effective (1/10th the price of commercial databases).

Features include:

 Data replication across multiple facilities (6 copies).

 Up to 15 read replicas for performance scaling.

 Continuous backups to S3.

 Point-in-time recovery.

 Amazon DynamoDB: Serverless NoSQL database.1

 Key Features:

o Serverless: No infrastructure management.

o Scalable: Handles any data volume.2

o Highly Performant: Millisecond response times.

o Redundant: Data mirrored across AZs and drives.3

 NoSQL Database:

o Relational Databases (SQL): Rigid schema, complex queries, potential scaling issues. 4

o NoSQL Databases (e.g., DynamoDB): Flexible schema, simple queries, high

scalability.

 DynamoDB Characteristics:

o Non-relational (NoSQL).5
 o Purpose-built for specific use cases (high-volume, flexible data).

o Millisecond response times.

o Fully managed.

o Highly scalable (example: Prime Day traffic).6

 Key Differences: Relational vs. NoSQL:

| Feature | Relational (SQL) | NoSQL (e.g., DynamoDB) | |----------------|----------------------|-----------------------| |

Schema | Rigid | Flexible | | Queries | Complex (joins) | Simple (single table) | | Scalability | Challenging |

Highly scalable | | Performance | Varies | Millisecond response |

 Data Warehouses: Designed for historical data analysis (business intelligence), not real-time

operations.

 Challenges with Traditional Databases for Analytics:

o Volume: Historical data grows rapidly (especially with IoT).

o Variety: Data comes from different sources (inventory, finance, sales).

o Traditional databases struggle with the scale and complexity of analytical queries.

 Data Warehouse Use Cases:

o Analyzing historical trends (e.g., "How has production improved?").

o Business intelligence (BI) projects.

o Note: "Historical" can be recent (e.g., "last hour's sales"). The key is that the data is

static (past).

 Amazon Redshift: Data warehousing as a service.

 Key Features and Benefits:

o Massive Scalability: Handles petabytes of data.

o Redshift Spectrum: Queries exabytes of unstructured data in data lakes.

o High Performance: Up to 10x faster than traditional databases for BI workloads.

 o Managed Service: AWS handles the operational overhead.

o Easy to Get Started: Single API call.

 Key Takeaway: Redshift simplifies and accelerates big data analytics, allowing businesses to

focus on insights rather than database administration.

 Amazon Database Migration Service (DMS): Helps migrate existing databases to AWS.1

 Key Features:

o Secure and easy migration.

o Source database remains operational during migration (minimizes downtime). 2

o Supports various source and target database types. 3

 Migration Types:

o Homogenous: Source and target databases are the same type (e.g., MySQL to RDS

MySQL).4 Straightforward process due to compatibility.

o Heterogeneous: Source and target databases are different types (e.g., Oracle to

PostgreSQL).5 Requires schema and code conversion using the AWS Schema Conversion

Tool (SCT) before using DMS.6

 Source and Target Locations:

o Source: On-premises, EC2, or RDS.7

o Target: EC2 or RDS.8

 Migration Process:

o Create a migration task with source and target connections.

o Start the migration. DMS handles the rest.

 Other DMS Use Cases:

o Development/Test Database Migrations: Copy production data to dev/test

environments (one-time or continuous).9

 o Database Consolidation: Migrate data from multiple databases into a single

database.10

o Continuous Data Replication: For disaster recovery or geographic distribution.11

 Choosing the Right Database: No "one-size-fits-all" solution. AWS offers a variety of

databases for specific needs.

 Additional Database Options (Beyond Core Offerings):

o Amazon DocumentDB: For content management, catalogs, user profiles.

o Amazon Neptune: Graph database for social networking, recommendations, fraud

detection.

o Amazon Managed Blockchain: For blockchain solutions (decentralized, but may not be

suitable for all financial use cases).

o Amazon QLDB (Quantum Ledger Database): Immutable ledger for financial records,

supply chains, and other applications requiring verifiable history.

 Database Acceleration:

o Amazon ElastiCache: Caching layer for databases (Memcached and Redis). Improves

read times (milliseconds to microseconds).

o DynamoDB Accelerator (DAX): Native caching layer for DynamoDB, dramatically

improving read performance.

 Key Takeaway: AWS provides a wide range of databases and acceleration tools to ensure

businesses can select the optimal solutions for their specific workloads and performance

requirements. The emphasis is on using the "best tool for the job."
 Review of AWS Storage and Database Services:

o EBS (Elastic Block Store): Persistent block storage for EC2 instances.

o S3 (Simple Storage Service): Object storage for virtually unlimited data.

o Relational Databases (RDS, Aurora): For structured data with relationships (MySQL,

PostgreSQL, etc.).

o DynamoDB: NoSQL key-value store for high-performance applications.

o EFS (Elastic File System): Managed file system for shared access.

o Redshift: Data warehouse for analytics and business intelligence.

o DMS (Database Migration Service): Migrates existing databases to AWS.

o DocumentDB: For document databases.

o Neptune: Graph database.

o QLDB (Quantum Ledger Database): Immutable ledger.

o Amazon Managed Blockchain: For blockchain solutions.

o ElastiCache: Caching for relational databases.

o DAX (DynamoDB Accelerator): Caching for DynamoDB.

 Key Takeaway: Understanding the different storage and database options is crucial for

choosing the right solution for each specific data type and workload.

 AWS Security: Shared Responsibility Model (AWS "of the cloud," customer "in the cloud").

 Shared Responsibility Model:

o AWS: Physical layer, network, hypervisor.

o Customer: Operating system, applications, data.

o Analogy: Builder provides walls and doors; homeowner locks them.

 Key Security Concepts and Services:

o IAM (Identity and Access Management):

  Root User: Complete access (use with MFA only).

 IAM Users: Individual accounts (least privilege).

 IAM Groups: Group users for easier permission management.

 IAM Policies: JSON documents defining permissions (allow/deny).

 IAM Roles: Temporary credentials for specific tasks.

 Federated Identities: Use existing corporate credentials to access AWS.

 AWS Organizations: Centralized management of multiple AWS accounts (billing,

access, compliance).

 Consolidated billing.

 Hierarchical grouping (OUs).

 Service Control Policies (SCPs).

o Compliance and Auditing:

 AWS adheres to various compliance programs.

 Shared responsibility: AWS handles some, the customer handles others.

 Region selection can aid compliance.

 Data ownership and encryption are the customer's responsibility.

 AWS Artifact: Access compliance reports and documents.

 AWS Compliance Center: Central hub for compliance information.

o DDoS Protection:

 Security Groups: Filter traffic at the network level.

 ELB (Elastic Load Balancer): Handles HTTP traffic requests.

 AWS Shield: Managed DDoS protection service.

 AWS WAF (Web Application Firewall): Filters web traffic for malicious

signatures.

o Data Security:
  Encryption at Rest: Data is encrypted when stored (e.g., DynamoDB).

 Encryption in Transit: Data is encrypted during transfer (e.g., SSL/TLS).

 AWS KMS (Key Management Service): Manages encryption keys.

o Security Assessment and Threat Detection:

 Amazon Inspector: Automated security assessments for EC2 instances.

 Amazon GuardDuty: Threat detection using logs and machine learning.

 Key Takeaway: AWS offers a comprehensive suite of security tools and services to help

customers secure their cloud environments, but it's a shared responsibility. Understanding the

shared responsibility model and leveraging the available services are crucial for building a

secure and compliant cloud architecture.

 Review of AWS Security Concepts:

o Shared Responsibility Model: AWS secures "the cloud," the customer secures "in the

cloud."

o IAM (Identity and Access Management):

 Users: Individual accounts (no permissions by default).

 Groups: Group users for easier management.

 Roles: Temporary credentials for specific tasks.

 Policies: JSON documents defining permissions (allow/deny).

 Federation: Integrate existing corporate identities.

 MFA (Multi-Factor Authentication): Essential, especially for the root user.

o AWS Organizations: Centralized management of multiple AWS accounts.

o Compliance:

 AWS has third-party audits for compliance programs.

 AWS Compliance Center and AWS Artifact provide information and documents.
  Compliance is a shared responsibility.

o DDoS Protection:

 ELB, Security Groups, AWS Shield, and AWS WAF are used for defense.

o Encryption:

 In transit and at rest.

 Customer is responsible for data security.

 Key Security Best Practices:

o Least privilege principle.

o Encrypt data (in transit and at rest).

o Use AWS security services.

o Consult AWS documentation for service-specific security measures.

 Monitoring: Observing systems, collecting metrics, and using them to make decisions or take

action.

 Amazon CloudWatch:

o Monitors AWS resources and applications in real time.

o Tracks metrics (e.g., CPU utilization, custom metrics).

o CloudWatch Alarms: Trigger actions based on metric thresholds (e.g., send an SNS

notification when an espresso machine needs cleaning).

o CloudWatch Dashboards: Visualize metrics in a single pane of glass.

o Benefits:

 Centralized monitoring.

 System-wide visibility.

 Reduced MTTR (Mean Time to Resolution).

 Improved TCO (Total Cost of Ownership).

  Operational insights.

 AWS CloudTrail:

o Logs every API call made to AWS (who, what, when, where, response).

o Crucial for auditing and compliance.

o Provides tamper-proof logs for security analysis.

 AWS Trusted Advisor:

o Automated advisor that evaluates AWS resources against best practices.

o Five Pillars:

 Cost Optimization.

 Performance.

 Security.

 Fault Tolerance.

 Service Limits.

o Provides recommendations and alerts.

o Some checks are free, others depend on the support plan.

 Importance of Monitoring: Key to efficient, secure, and compliant applications.

 Review of Monitoring Tools:

o CloudWatch: Real-time monitoring, metrics, alarms, dashboards.

o CloudTrail: API call logging for auditing and compliance (who, what, when, where).

o Trusted Advisor: Automated best practice checks for cost, performance, security, and

fault tolerance.

 Key Takeaway: This module introduces some of the essential monitoring and analysis tools in

AWS. While not an exhaustive list, these services provide a solid foundation for understanding

and managing your AWS environment.

 AWS Free Tier:

o Always Free: Services that are free for all AWS customers (e.g., Lambda with 1 million

free invocations per month).

o 12 Months Free: Services that are free for the first 12 months of your AWS account

(e.g., S3 with 5GB of storage).

o Trials: Short-term free trials for specific services (e.g., Lightsail with 750 hours for one

month).

 Billing and Cost Management:

o AWS Billing Console: Provides access to billing information, cost analysis tools, and

invoices.

o AWS Organizations - Consolidated Billing: Combines billing for multiple AWS

accounts into a single bill.

 Easier management.

 Potential for bulk discounts.

 Sharing of Savings Plans and Reserved Instances.

o AWS Budgets: Set custom budgets and receive alerts when costs or usage exceed or

are forecasted to exceed the budget.

o AWS Cost Explorer: Visualize and analyze AWS spending.

 Historical data (12 months).

 Grouping by service, region, tag, etc.

 Custom reports.

 AWS Support:

o AWS Basic Support: Free for all customers. Includes customer service, documentation,

whitepapers, forums, Trusted Advisor, and Personal Health Dashboard.

 o AWS Developer Support: Email support with 24-hour response time.

o AWS Business Support: Phone support, enhanced Trusted Advisor, infrastructure event

management.

o AWS Enterprise On-Ramp: Faster response times, access to Technical Account

Managers (TAMs).

o AWS Enterprise Support: Fastest response times, designated TAM, proactive

monitoring and optimization.

 Technical Account Managers (TAMs):

o Provide proactive guidance and support.

o Conduct Well-Architected reviews.

o Assist with infrastructure event management.

 AWS Marketplace:

o Curated digital catalog of third-party software.

o Streamlines finding, deploying, and managing software on AWS.

o Offers various payment options (including pay-as-you-go).

o Provides enterprise-focused features (custom terms, private marketplace, procurement

integration).

 Review of AWS Pricing and Support:

o Pay-as-you-go: Only pay for what you use.1

o On-premises vs. Cloud Costs: Different cost models.

o AWS Free Tier: Free access to many services.2

o AWS Organizations: Manages multiple accounts, consolidated billing. 3

o AWS Budgets: Set and track budgets.4

 o AWS Cost Explorer: Analyze spending.5

o AWS Billing Console: Access billing information.6

o AWS Support: Different tiers for different needs (Basic, Developer, Business, Enterprise

On-Ramp, Enterprise).7

o AWS Partner Ecosystem: Partners for assistance with workloads.8

o AWS Marketplace: Third-party software catalog.9

 Key Takeaway: AWS offers a variety of tools and support options to help customers understand

and manage their cloud costs effectively.10 There are also resources available to help with

implementation and support of AWS services.11

 Migration to AWS: A process requiring expertise and planning.

 AWS Cloud Adoption Framework (CAF): Provides guidance for smooth migration.

o Organizes guidance into six perspectives:

 Business

 People

 Governance

 Platform

 Security

 Operations

o Helps identify gaps and create an action plan.

 Six R's of Migration:

o Rehosting (Lift and Shift): Move applications as-is. Quickest, but may not be

optimized.

o Replatforming (Lift, Tinker, and Shift): Make minor cloud optimizations (e.g., move
 to RDS).

o Retire: Decommission unused applications.

o Retain: Keep applications as-is (temporarily).

o Repurchase: Switch to new software (e.g., new CRM).

o Refactoring: Rewrite applications for cloud-native features.

 AWS Snow Family: Physical devices for data transfer.

o Snowcone: 8 TB, edge computing.

o Snowball Edge: Compute or storage optimized, edge computing, clustering.

o Snowmobile: 100 PB, for massive migrations and data center shutdowns.

o All devices are secure and tamper-resistant, with data encryption.

 Other AWS Capabilities (Brief Overview):

o VMware Cloud on AWS: Run VMware environments on AWS.

o Machine Learning and AI:

 Pre-trained AI services.

 Amazon SageMaker: Build, train, and deploy models.

 Amazon Augmented AI (A2I).

 Amazon Lex: Chatbots.

 Amazon Textract: Data extraction from documents.

 AWS DeepRacer: Reinforcement learning.

o IoT (Internet of Things): Connected devices.

o AWS Ground Station: Satellite access.

 Key Takeaway: AWS offers a wide range of tools and services to support migration and

innovation, including physical data transfer solutions, machine learning platforms, and access to

emerging technologies.
 Review of Migration and Innovation Concepts:

o AWS Cloud Adoption Framework (CAF): Guidance for cloud migration planning,

covering Business, People, Governance (non-technical) and Platform, Security,

Operations (technical) perspectives.

o Six R's of Migration: Strategies for moving solutions to the cloud:

1. Rehost (Lift and Shift)

2. Replatform (Lift, Tinker, and Shift)

3. Repurchase

4. Refactor

5. Retire

6. Retain

o AWS Snow Family: Physical data transfer devices:

1. Snowcone

2. Snowball Edge

3. Snowmobile

 AWS Well-Architected Framework: Helps evaluate architectures against best practices.

 Six Pillars:

1. Operational Excellence: Running and monitoring systems, continuous improvement.

2. Security: Protecting data and systems.

3. Reliability: Recovery planning, handling change.

4. Performance Efficiency: Efficient resource utilization.

5. Cost Optimization: Controlling expenses.

 6. Sustainability: Minimizing environmental impact.

 Well-Architected Tool: Self-service tool in the AWS Management Console to evaluate

workloads. Uses a traffic light system (green, orange, red) for identifying areas of improvement.

 Six Benefits of AWS Cloud:

1. Trade capital expense for variable expense: Pay-as-you-go model.

2. Benefit from massive economies of scale: Lower costs due to AWS's scale.

3. Stop guessing capacity: Scale resources as needed.

4. Increase speed and agility: Easy experimentation and fast provisioning.

5. Stop spending money running and maintaining data centers: Focus on core

business.

6. Go global in minutes: Rapid international expansion.