AWS CDA – CERTIFIED DEVELOPER

ASSOCIATE
KICK STARTED, IAM & AWS CLI
WELCOME!

 We’re going to prepare for the Certified Developer exam

 It’s a challenging certification, so this course will be long and interesting
 We will cover over 30 AWS services
 AWS / IT Beginners welcome! (but take your time, it’s not a race)
 You don’t need to be a developer to pass this exam
 Even if you’ve done AWS Certified Solutions Architect, don’t skip lectures
WHAT’S AWS?

 We’re going to prepare for the Certified Developer exam

 AWS (Amazon Web Services) is a Cloud Provider
 They provide you with servers and services that you can use on demand and scale easily
 AWS has revolutionized IT over time
 AWS powers some of the biggest websites in the world
 Amazon.com
 Netflix
WHAT WE’LL LEARN
GETTING STARTED WITH AWS
AWS CLOUD HISTORY
AWS CLOUD NUMBER FACTS

 In 2019, AWS had $35.02 billion in annual revenue

 AWS accounts for 47% of the market in 2019 (Microsoft is
2nd with 22%)
 Pioneer and Leader of the AWS Cloud Market for the 9th
consecutive year
 Over 1,000,000 active users
AWS CLOUD USE CASES

 AWS enables you to build sophisticated, scalable applications

 Applicable to a diverse set of industries
 Use cases include
 Enterprise IT, Backup & Storage, Big Data analytics
 Website hosting, Mobile & Social Apps
 Gaming
AWS GLOBAL INFRASTRUCTURE

 AWS Regions (30)

 AWS Availability Zones (96)
 AWS Data Center
 AWS Edge Location / Points of
Presence

 https://infrastructure.aws/
AWS REGIONS

 AWS has Regions all around the world

 Names can be us-east-1, eu-west-3, etc.
 A region is a cluster of data centers
 Most AWS services are region-scope

https://aws.amazon.com/about-aws/global-infrastructure/
HOW TO CHOOSE AN AWS REGIONS

 Compliance with data governance and

?
legal requirements: data never leaves a

?
region without your explicit permission
 Proximity to customers: reduced latency

?  Available services within a Region: new

services and new features aren’t available
in every Region

?  Pricing: pricing varies region to region and

is transparent in the service pricing page
 AWS AVAILABILITY ZONES
 Each region has many availability zones (usually 3, min is 2, max is
6). Example:
 ap-southeast-2a
 ap-southeast-2b
 ap-southeast-2c

 Each availability zone (AZ) is one or more discrete data centers

with redundant power, networking, and connectivity
 They’re separate from each other, so that they’re isolated from
disasters
 They’re connected with high bandwidth, ultra-low latency
networking
 AWS POINTS OF PRESENCE (EDGE LOCATIONS)
 Amazon has 216 Points of Presence (205 Edge
Locations & 11 Regional Caches) in 84 cities across
42 countries
 Content is delivered to end users with lower latency

https://aws.amazon.com/cloudfront/features/
 TOUR OF THE AWS CONSOLE
 AWS has Global Services:
 Identity and Access Management (IAM)
 Route 53 (DNS service)
 CloudFront (Content Delivery Network)
 WAF (Web Application Firewall)
 Content is delivered to end users with lower latency
 Most AWS services are Region-scoped:
 Amazon EC2 (Infrastructure as a Service)
 Elastic Beanstalk (Platform as a Service)
 Lambda (Function as a Service)
 Rekognition (Software as a Service)

 Region Table: https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services

IAM SECTION
 IAM: USERS & GROUP
 AWS has Global Services
 IAM = Identity and Access Management, Global service
 Root account created by default, shouldn’t be used or shared
 Users are people within your organization, and can be grouped
 Groups only contain users, not other groups
 Users don’t have to belong to a group, and user can belong to multiple groups

Group: Operations
Group: Developers Group:
Auditors

Alice Bob Charles David Edward Fred

 IAM: PERMISSIONS
{
 Users or Groups can be assigned JSON documents "Version": "2012-10-17",
called policies "Statement": [
{
 These policies define the permissions of the users "Effect": "Allow",
"Action": "ec2:Describe*",
 In AWS you apply the least privilege principle: "Resource": "*"
},
don’t give more permissions than a user needs {
"Effect": "Allow",
"Action":
"elasticloadbalancing:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudwatch:ListMetrics",

"cloudwatch:GetMetricStatistics",
"cloudwatch:Describe*"
],
"Resource": "*"
}
]
IAM POLICIES INHERITANCE
Auditors

Operations
Developers

Alice Bob Charles David Edward Fred

 IAM POLICIES STRUCTURE
 Consists of
 Version: policy language version, always include “2012-10-
17”
 Id: an identifier for the policy (optional)
 Statement: one or more individual statements (required)
 Statements consists of
 Sid: an identifier for the statement (optional)
 Effect: whether the statement allows or denies access
(Allow, Deny)
 Principal: account/user/role to which this policy applied to
 Action: list of actions this policy allows or denies
 Resource: list of resources to which the actions applied to
 Condition: conditions for when this policy is in effect
(optional)
 IAM – PASSWORD POLICY
 AWS has Global Services
 Strong passwords = higher security for your account
 In AWS, you can setup a password policy:
 Set a minimum password length
 Require specific character types:
 including uppercase letters
 lowercase letters
 Numbers
 non-alphanumeric characters

 Allow all IAM users to change their own passwords

 Require users to change their password after some time (password expiration)
 Prevent password re-use
 MULTI FACTOR AUTHENTICATION - MFA
 Users have access to your account and can possibly change configurations or delete resources in your AWS account
 You want to protect your Root Accounts and IAM users
 MFA = password you know + security device you own

Password + => Successful login

Alice

 Main benefit of MFA: if a password is stolen or hacked, the account is not compromised
THANK YOU