netlify
aws-cda
docker
git
aws-ccp
heroku
useEffect-memory-leak
Repo (private)

AWS Certified Cloud Practitioner

Cloud Computing

  • 6 Benefits of Cloud Computing

    1. Trade upfront expense for variable expense: no upfront payments for physical servers
    2. Stop spending to maintain and run data centers
    3. Stop guessing capacity: launch EC2 whenever instead of paying for unused resources
    4. Economies of scale: large number of customers results in lower pay-as-you-go prices.
    5. Increase speed and agility: access new resources w/in minutes
    6. Go global in minutes

  • AWS Glossary: https://docs.aws.amazon.com/general/latest/gr/glos-chap.html

  • AWS Whitepaper: https://d0.awsstatic.com/whitepapers/aws-overview.pdf

  • Cloud vs On-Premise vs Hybrid

  • AZ Availability Zone

  • Regions vs Edge Locations

  • EC2 (Elastic Compute Cloud)

    • Only pay for the compute time you use when an instance is running, not when it is stopped or terminated.
    • Multitenancy
    • Vertical scaling

  • Amazon Machine Images (AMI): template that contains a software configuration (e.g. an operating system, an application server, and applications) for creating new instances.

5 types of EC2 instances

  1. General Purpose: balance of compute, memory, and networking resources.
  2. Compute optimized instances: high-performance processor
  3. Memory optimized instances: ideal for workloads that process large datasets in memory, such as high-performance databases.
  4. Accelerated computing instances: expedite data processing. Ideal for workloads such as graphics applications, game streaming, and application streaming.
  5. Storage optimized instances: workloads that require high, sequential read and write access to large datasets on local storage.

EC2 Pricing:

  1. On-Demand: short-term, irregular workloads that cannot be interrupted. No upfront costs/minimum contracts.
  2. Savings Plans: commit to 1-year or 3-year term up to 72% savings over On-Demand. Chraged at discount rate upto commitment & charged at On-Demand rates beyond commitment.
  3. Reserved Instances: billing discount applied to use of On-Demand instances; more upfront payment == more discount
  4. Spot Instances: flexible start and end times, can withstand interruptions. Up to 90% discount of On-Demand. E.g. background processing.
  5. Dedicated Hosts: dedicated physical servers

EC2 Auto Scaling:

  1. Dynamic scaling: responds to changing demand
  2. Predictive scaling: automatically scaling based on predicted demand

Elastic Load Balancing: automatically distribute traffic across multiple resources. Ensuring that no single Amazon EC2 instance carry the full workload on its own.

  • Application Load Balancer
  • Network Load Balancer
  • Gateway Load Balancer
  • Classic Load Balancer

OpsWorks: configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.

Decoupling: an app should be designed to reduce inter-dependencies so that failures don't impact other components

Tightly vs loosely coupled

  1. Monolithic app is tightly coupled. If a single component fails, the entire app fails.
  2. Microservices: Loosly coupled. If a single component fails, the other components continue to work. AWS provides two services: * Simple Notification Service (SNS): publish/subscribe service * Amazon Simple Queue Service (SQS): send, store, and receive messages between software components through a queue.

Serverless: your code runs on servers, but you don't need to provision or manage the servers

  • Lambda: pay only for the compute time you consume. Charges only apply when code is running. Scales automatically.

Containers: standard way to package your app's code and dependencies into a single object.

  • Elastic Container Service (ECS): container management system for running and scaling apps on AWS; supports Docker containers
  • Elastic Kubernetes Service (EKS): fully managed service use to run Kubernetes on AWS
  • Fargate: serverless compute engine for containers. Works with both ECS and EKS
Global Infrastructure & Reliability

Key business factors to choose a region:

  1. Compliance: e.g. some data may not leave border due to local laws
  2. Proximity: Selecting a region that is close to your customers will help deliver content faster
  3. Feature availability: some regions might not have all the features required by customer
  4. Pricing: certain countries have higher taxes, causing higher prices

Regions: geographically isolated areas for accessing services to run business. Region contain Availability Zones.

Availability Zone (AZ): a single data center or a group of data centers within a Region. Run instances accross multiple AZ to avoice failure, e.g. natual disaster

CloudFront: Edge locations run CloudFront to help get content to customers faster like CDN via caching

Outposts: Physical rack of extended AWS infrastructure and services to your on-premises data center.

Route 53:

Interact with AWS services:

  1. Management Console: access via username & password
  2. Command Line Interface (CLI):
  3. Software Development Kits (SDKs):
  4. Elastic Beanstalk: You provide code and configuration setings, Elastic Beanstalk deploys resource to perform: * Adjust capacity * Load balancing * Automatic scaling * Application health monitoring
  5. CloudFormation: infrastructure as code tool; create a template that programmatically defines policies and configurations of all AWS resources as code
Networking:
  • Virtual Private Cloud (VPC): networking service that you can use to establish boundaries around your AWS resources
  • Subnet: a section of VPC that contain resources such as EC2
    • Public subnets: contain resources accessible by public (e.g. online store's website)
    • Private subnets: contain resources accessible through private network (e.g. database containing personal info)
  • Internet gateway: allows traffic from internet to access VPC

https://content.aws.training/wbt/cecpeb/en/x3/1.0.0/assets/jT00NkdpFxblO2xy_NEblbQjD0vn0-pPU.png

  • Virtual private gateway: enables VPN connection between VPC and private network (e.g. on-premise data center, internal corporate network) https://content.aws.training/wbt/cecpeb/en/x3/1.0.0/assets/txsIf8iobMpGn5D-_s8U3lQzEONXm1FMX.png

  • AWS Direct Connect: establishes a dedicated private connection between on-premise data center and VPC https://content.aws.training/wbt/cecpeb/en/x3/1.0.0/assets/Mf8EKEhx8qPkMyjf_YdzRvczPABE_j-yV.png

  • Network access control lists (ACLs):

    • Operates at the (outside of) subnet level
    • Supports allow rules and deny rules
    • Stateless: Return traffic must be explicitly allowed by rules https://docs.aws.amazon.com/vpc/latest/userguide/images/security-diagram.png

  • Security groups:

    • Operates at the (inside of subnet) instance level
    • Supports allow rules only
    • Stateful: Return traffic is automatically allowed, regardless of any rules https://content.aws.training/wbt/cecpeb/en/x3/1.0.0/assets/ARuEYs_q_o2XstpJ_ha8um-1InZb0jryB.png

  • Route 53:

    • route end users to apps on AWS
    • manage the DNS records for domain names
    • configure DNS health checks to route traffic to healthy endpoints
Storage & Databases

  • EC2 Instance Store: provides temp. block-level storage; data is deleted when EC2 instance is stopped

  • Elastic Block Store (EBS): provides block-level storage volumes; data is not deleted after EC2 stopped; backups (only data that changed) can be created by taking snapshots; store data within a single AZ https://content.aws.training/wbt/cecpeb/en/x3/1.0.0/assets/W_7ixi53tyEgUZ_B_ruyKsXvVP8ZbeHC1.png

  • Simple Storage Service (S3): store data as objects in buckets; images, videos, text files, etc.; volume discount

    • S3 Standard: frequently accessed data; stores in minimum 3 AZ
    • S3 Standard-Infrequent Access (S3 Standard-IA): ideal for infrequently accessed data; similar to S3 standard but cheaper storage price but higher retrival price
    • S3 One Zone-Infrequent Access (S3 One Zone-IA): store in a single AZ; lower storage price than S3 Standard-IA
    • S3 Intelligent-Tiering: ideal for data with changing access patterns
    • S3 Glacier: Low-cost storage designed for archiving; retrived within minutes/hours
    • S3 Glacier Deep Archive: lowest cost; retrieve within 12 hours

  • S3 Transfer Acceleration: bucket-level feature that enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.

  • Elastic File System (EFS): store data across multiple AZ; scalable file system used with AWS Cloud services and on-premises resources. It does not store data as object storage.

  • Relational Database Service (RDS): enables relational databases in AWS cloud

    • Amazon Aurora: enterprise-class relational database
    • Postgres
    • MySQL
    • MariaDB
    • Oracle DB
    • MSSQL

  • DynamoDB: nonrelational database, key-value pair; serverless; automatic scale

  • Redshift: data warehousing service that you can use for big data analytics. Use Amazon Redshift to collect data from many sources and help you understand relationships and trends across your data.

  • Database Migration Service (DMS): migrate relational databases, nonrelational databases, and other types of data stores

  • DocumentDB: supports MongoDB workloads

  • Neptune: graph database service

  • Quantum Ledger Database (QLDB): ledger database service

  • Managed Blockchain: create and manage blockchain networks with open-source frameworks. Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority.

  • ElastiCache:

    • adds caching layers on top of your databases to help improve the read times of common requests.
    • Querying a database is always slower and more expensive than locating a copy of that data in a cache

  • DynamoDB Accelerator (DAX): in-memory cache for DynamoDB; helps improve response time

  • Storage Gateway: hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.

  • Data Pipeline: a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources

  • Read Replicas: reduce load on RDS database read activity

Security

  • Shared responsibility model: Customers are responsible for the security of everything that they create and put in the AWS Cloud. AWS is responsible for security of the cloud. https://content.aws.training/wbt/cecpeb/en/x3/1.0.0/assets/pHssWCpzrdwheUUk_eyqltDSWURM2V1xC.png

  • Identity and Access Management (IAM): manage access to AWS services and resources securely.

    • Root User: complete access to all the AWS services and resources in the account https://content.aws.training/wbt/cecpeb/en/x3/1.0.0/assets/fkdaG8uIqJCQZoeV_G6mCtOEHNBDNNKV4.png
    • IAM users: an identity that you create in AWS; represents the person or application that interacts with AWS services and resources; use Access Keys to interact with AWS services;
    • IAM policy: a document that allows or denies permissions to AWS services and resources.
    • IAM group: a collection of IAM users. When you assign an IAM policy to a group, all users in the group are granted permissions specified by the policy.
    • IAM role: an identity that you can assume to gain temporary access to permissions.
    • Multi-Factor Authentication (MFA): provides an extra layer of security for your AWS account on top of username & password.
    • Access keys: an access key ID and a secret access key; equivalent to a user name and password and is used to authenticate your programmatic access to AWS services and APIs

  • Orginazations: use AWS Organizations to consolidate and manage multiple AWS accounts within a central location.

    • service control policies (SCPs):
      • enable you to place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access.
      • can apply service control policies (SCPs) to the organization root, an individual member account, or an OU.
    • Orgizational units (OUs): group accounts into OUs to make it easier to manage accounts with similar business or security requirements. https://content.aws.training/wbt/cecpeb/en/x3/1.0.0/assets/3wimMpAlasVZ5fxs_Hle4bFGJ87RVMr5R.png

  • AWS Artifact: a service that provides on-demand access to Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports.

    • Artifact Agreements: review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations.
    • Artifact Reports: provide compliance reports from third-party auditors.

  • Customer Compliance Center: contains resources to help you learn more about AWS compliance.

  • Distributed denial-of-service (DDoS): deliberate attempt to make a website or application unavailable to users.

  • AWS Shields:

    • Standard: protects AWS resources from most commonly occurring DDoS attacks.
    • Advanced: provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks.

Additional security services:

  • Key Management Service (KMS): enables you to perform encryption operations through the use of cryptographic keys.
  • WAF: web application firewall that lets you monitor network requests (HTTP) that come into your web applications.
  • Amazon Inspector: helps to improve the security and compliance of applications by running automated security assessments.
  • Amazon GuardDuty: provides intelligent threat detection; continuously monitoring the network activity and account behavior; https://content.aws.training/wbt/cecpeb/en/x3/1.0.0/assets/vEjJLkZpj7UqFBhh_phaFiuF9QHWbEoD0.png
  • AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services
Monitoring and Analytics

  • CloudWatch: web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics. Access metrics from a single dashboard.

  • CloudTrail: records API calls for your account. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, and more. Filter logs to assist with operational analysis and troubleshooting. Automatically detecting unusual account activity. https://content.aws.training/wbt/cecpeb/en/x3/1.0.0/assets/2wB1BK5VNbsGmBs2_LpdzY_ElDiXoJpKQ.png

    • CloudTrail Insights: optional feature allows CloudTrail to automatically detect unusual API activities in your AWS account.

  • Trusted Advisor: web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. Compares its findings to AWS best practices in five categories:

    1. Cost Optimization
    2. Performance
    3. Security
    4. Fault Tolerance
    5. Service Limits

  • AWS Config: a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

  • Amazon Elastic MapReduce (EMR): cloud big data platform for processing vast amounts of data using open source tools

  • X-Ray: helps analyze and debug apps built with microservices and serveless architecture

  • Personal Health Dashboard: provides alerts and remediation guidance when AWS is experiencing events that may impact you

Pricing and Support

  • Free Tiers:

    • Always Free: AWS Lambda allows 1 million free requests and up to 3.2 million seconds of compute time per month. Amazon DynamoDB allows 25 GB of free storage per month.
    • 12 Months Free: 12 months following your initial sign-up date to AWS. Amazon S3 Standard Storage, thresholds for monthly hours of Amazon EC2 compute time, and amounts of Amazon CloudFront data transfer out.
    • Trials: Short-term free trial offers start from the date you activate a particular service. The length of each trial might vary by number of days or the amount of usage in the service.

  • Pricing concepts:

    • Pay for what you use
    • Pay less when you reserve
    • Pay less with volume-based discounts when you use more

  • Billing & Cost Management dashboard: pay your AWS bill, monitor your usage, and analyze and control your costs.

  • Consolidated billing: enables you to receive a single bill for all AWS accounts in your organization; all accounts in organization receive hourly cost benefit; e.g. Account A has 3 Reserved Instances, Account B has 0; Account A uses 2 RI, Account B uses 2 RI; AWS bills 3 instances as RI and 1 as On-demand;

  • Budgets: create budgets to plan your service usage, service costs, and instance reservations; set custom alerts when your usage exceeds (or is forecasted to exceed) the budgeted amount. https://content.aws.training/wbt/cecpeb/en/x3/1.0.0/assets/q3FNdcMsECYqVLUj_apC9pO4ad_pgAhAm.jpg

  • Cost Explorer: a tool that enables you to visualize, understand, and manage your AWS costs and usage over time. https://content.aws.training/wbt/cecpeb/en/x3/1.0.0/assets/gBzwOBMnZG40gtm2_pS6DLACY5OOiDZZb.png

  • Simple Monthly Calculator: helps estimate your monthly AWS bill more efficiently

  • Cost & Usage Report: enables customers to access detailed information related to their AWS costs and usage; does not estimate costs

  • Support: https://aws.amazon.com/premiumsupport/plans/

    • Basic: free for all AWS customers. It includes access to whitepapers, documentation, and support communities. With Basic Support, you can also contact AWS for billing questions and service limit increases.
    • Developer:
      • Best practice guidance
      • Client-side diagnostic tools
      • Building-block architecture support
    • Business:
      • Use-case guidance to identify AWS offerings, features, and services that can best support your specific needs
      • All AWS Trusted Advisor checks
      • Limited support for third-party software, such as common operating systems and application stack components
    • Enterprise:
      • Application architecture guidance, which is a consultative relationship to support your company’s specific use cases and applications
      • Infrastructure event management: A short-term engagement with AWS Support that helps your company gain a better understanding of your use cases. This also provides your company with architectural and scaling guidance.
      • A Technical Account Manager: provides technical expertise for the full range of AWS services and obtains a detailed understanding of your use case and technology architecture.

  • Marketplace: digital catalog that includes thousands of software listings from independent software vendors.

Migration and Innovation

  • Six core perspectives of the Cloud Adoption Framework (CAF):

    1. Business: create a strong business case for cloud adoption and prioritize cloud adoption initiatives. Ensure that your business strategies and goals align with your IT strategies and goals.
    2. People: evaluate organizational structures and roles, new skill and process requirements, and identify gaps. This helps prioritize training, staffing, and organizational changes.
    3. Governance: update the staff skills and processes necessary to ensure business governance in the cloud. Manage and measure cloud investments to evaluate business outcomes.
    4. Platform: understand and communicate the structure of IT systems and their relationships. Describe the architecture of the target state environment in detail.
    5. Security: structure the selection and implementation of security controls that meet the organization’s needs.
    6. Operations: day-to-day, quarter-to-quarter, and year-to-year business is conducted. Align with and support the operations of the business. The AWS CAF helps these stakeholders define current operating procedures and identify the process changes and training needed to implement successful cloud adoption.

  • 6 Migration strategies (6 R's):

    1. Rehosting: “lift-and-shift” involves moving applications without changes.
    2. Replatforming: “lift, tinker, and shift,” involves making a few cloud optimizations to realize a tangible benefit. Optimization is achieved without changing the core architecture of the application.
    3. Refactoring/re-architecting: reimagining how an application is architected and developed by using cloud-native features. Refactoring is driven by a strong business need to add features, scale, or performance that would otherwise be difficult to achieve in the application’s existing environment.
    4. Repurchasing: replacing an existing application with a cloud-based version, such as software found in AWS Marketplace.
    5. Retaining: consists of keeping applications that are critical for the business in the source environment. This might include applications that require major refactoring before they can be migrated, or, work that can be postponed until a later time.
    6. Retiring: removing applications that are no longer needed.

  • Snow Family: physical devices that help to physically transport up to exabytes of data into and out of AWS

    • Snowcone: 2 CPUs, 4GB memory, 8TB storage
    • Snowball:
      • Snowball Edge Storage Optimized: 80TB HDD, 40 vCPU, 80GiB memory
      • Snowball Edge Compute Optimized: 42TB HDD, 52 vCPU, 208GiB
    • Snowmobile: 100 petabytes

  • Innovation with AWS:

    • Serverless: Lambda
    • AI:
      • Amazon Transcribe: speech to text
      • Amazon Comprehend: discover patterns in text
      • Amazon Fraud Detector: identify potentially frad online activities
      • Amazon Lex: build voice and text chatbots
    • ML: Amazon SageMaker remove the difficult work from the process and empower you to build, train, and deploy ML models quickly.
      • use ML to analyze data, solve complex problems, and predict outcomes before they happen.
The Cloud Journey

  • Well-Architected Framework: design and operate reliable, secure, efficient, and cost-effective systems in the AWS Cloud.

    • Operational excellence: ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.
    • Security: protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
    • Reliability: Recover from infrastructure or service disruptions; Dynamically acquire computing resources to meet demand; Mitigate disruptions such as misconfigurations or transient network issues
    • Performance efficiency: use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.
    • Cost optimization: run systems to deliver business value at the lowest price point.

  • Six advantages of cloud computing:

    • Trade upfront expense for variable expense.
    • Benefit from massive economies of scale.
    • Stop guessing capacity.
    • Increase speed and agility.
    • Stop spending money running and maintaining data centers.
    • Go global in minutes.
Miscellaneous

  • Cloud9: cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser.

  • Cognito: provides simple and Secure User Sign-Up, Sign-In, and Access Control.

  • Kinesis: collect, process, and analyze video and data streams in real time.

  • Connect: an easy to use omnichannel cloud contact center that helps you provide superior customer service at a lower cost.

  • Config: a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

  • Catalog: allows organizations to create and manage catalogs of IT services that are approved for use on AWS.

  • Application Discovery Service: helps customers plan migration projects by gathering information about their on-premises data centers.

  • AWS Certificate Manager (ACM) is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates

  • Security Bulletins: latest security and privacy events

  • AWS Professional Services: a global team of experts that helps customers realize their desired business outcomes when using AWS.

  • Rekognition: ML image and video analysis

  • U2F security key: a physics USB device; a type of MFA device that you can use to protect your AWS resources.