My exam notes covering all aspects of amazon’s entry level qualification

The majority of my learning was done through following the Linux Academy course and so my notes will follow the same format (it is a great course that I would highly recommend!)

The CPE is Amazon’s introduction to the cloud. It is a non-technical qualification which allows individuals to demonstrate an understanding of the cloud.

The exam has a passing score of 700/1000 and is comprised of four sections with differing weight:

  • Cloud Concepts — 28% of the exam
  • Security — 24%
  • Technology — 36%
  • Billing and Pricing — 12%

Section 1 — Cloud Concepts

You can think of an application as being comprised of four parts:

  • Compute —this refers to the brains of the operation and includes the CPU and RAM.
  • Storage — where the data is saved
  • Network — the pathways that allow communication between different devices
  • Database an application that stores the data in a structured way

It is useful to have this analogy in mind when thinking about the different components of the cloud and how they all come together to facilitate different parts of an application.

“One of the key benefits of cloud computing is the opportunity to replace upfront capital infrastructure expenses with low variable costs that scale with your business. With the cloud, businesses no longer need to plan for and procure servers and other IT infrastructure weeks or months in advance. Instead, they can instantly spin up hundreds or thousands of servers in minutes and deliver results faster.” — AWS

Before there was a cloud business’s faced a large number of problems including:

  • Cost Control: Before the cloud a business would be required to make large capital expenditures of hardware with a life-cycle of between three and five years with the cloud a business only pays for what is uses. Cloud allows you to trade fixed expenses for variable expenses. “No longer have to guess”.
  • Slow Provisioning: If a business wanted to add additional capacity they would need to order a new server, schedule someone to come in and configure/test it with this all taking a lot of time
  • Server Sprawl: Server Sprawl is defined as a situation in which multiple, under-utilized servers take up more space and consume more resources than can be justified by their workload”.When operating a traditional client-server architecture, in which a server was dedicated to a single application, a business would have to spin up new servers for each application when it needed additional capacity. However, if this capacity was not needed in the future the business was be left with a server which was not fully utilized
  • Workforce: A business would be required to hire a workforce to install, upgrade and maintain all of its on-premise infrastructure
  • Physical Requirements: A business would have to set up a physical data center as well as be responsible for the large power and cooling systems
  • No Economies of Scale: Businesses did not group together for large IT purchases as so did not benefit from EoS. With a cloud provider having hundreds of thousands of customers, a business can now fully benefit from EoS translating to lower costs
  • Going Global: With the cloud a business can quickly “go global” and leverage on data centers around the world while if a business with on-premise infrastructure wanted to reach clients globally this could take a huge cost and years to deliver

Sentence to help remembering: Child (Cost Saving) Performs (Slow Provisioning) Poorly (Physical Requirements) Geography (Going Global) Exam (Economics of Scale), So (Server Sprawl) What (Workforce)?

You can commonly think of a cloud as falling into one of three types.

Private Clouds

“A private cloud consists of computing resources used exclusively by one business or organisation. The private cloud can be physically located at your organisation’s on-site data center, or it can be hosted by a third-party service provider. But in a private cloud, the services and infrastructure are always maintained on a private network and the hardware and software are dedicated solely to your organisation.” — Microsoft Azure

This is the “traditional model” in which an organisation creates and controls everything.

A Internal Private Cloud is hosted within an organisation’s own offices (on-premise). A Hosted Private Cloud is owned and operated by a third-party service provider.

The benefits of a private cloud are:

  • Flexibility / Fully Customization: You are in complete control which allows you to customize the cloud environment to meet specific needs i.e if you are a quantitative hedge fund with very specific requirements
  • Security: As resources are not shared with others, it can be more secure which is very important, especially to large firms

The dis-advantages are:

  • Higher Cost: Especially, if a company is operating an Internal Private Cloud within their own premise’s it will be far more expensive than using a public cloud like AWS with the customer not benefiting from economies of scale.
  • Maintenance: A business will be responsible for the maintenance of the cloud
  • Lack of Elasticity: Potentially do not have the ability to scale up or down your resources to align with market demand

Public Clouds

“Public clouds are the most common way of deploying cloud computing. The cloud resources (like servers and storage) are owned and operated by a third-party cloud service provider and delivered over the Internet. Microsoft Azure is an example of a public cloud. With a public cloud, all hardware, software, and other supporting infrastructure is owned and managed by the cloud provider. In a public cloud, you share the same hardware, storage, and network devices with other organisations or cloud “tenants.” (key difference vs hosted private clouds) — Microsoft Azure

As noted by quote above, the key difference between a Public and Hosted Private Cloud is that on a Public Cloud the infrastructure you are leveraging is also being used by other cloud tenants i.e. you will have a piece of a server and one of your competitors may have another piece of that same server.

As you do not own any of the infrastructure, public clouds facilitate a pay as you go model and are indefinitely scalable.

Advantages of Public Clouds include:

  • Lower costs: There is no need to purchase hardware or software.
  • No Maintenance: You are not responsible for any of the maintenance of the cloud
  • Scalable: You are able to practically scale your resources to enormous levels
  • Highly Reliable: A vast network of servers ensures up time

The most common perceived dis-advantages of Public Clouds are the fact that you lose direct control with the cloud being managed by a third party with this also bringing the question of security into play as you have to trust this third party to keep your data and systems safe. In addition, as the Cloud is managed by a third-party, you are limited in terms of your ability to customize your set-up.

Hybrid Clouds

This infrastructure is a mix between private and public clouds and is normally used when transitioning to the cloud. This template allows a company to use the public cloud for high-volume, lower-security needs such as email hosting, and the private cloud for sensitive, business-critical operations like financial reporting.

A company can use “cloud bursting” with this model which is when an application runs in a private cloud until there is a spike in demand in which case the application can “burst” through to the public cloud.

The advantages of hybrid clouds are:

  • Control: Your company can maintain a private infrastructure for sensitive assets
  • Flexibility: You can take advantage of additional resources in the public cloud when you need them
  • Best of Both Worlds: Can give you a “best of both worlds” type situation where you can pick and choose where you deploy services based on the specific use case

“IaaS helps build the infrastructure of a cloud-based technology. PaaS helps developers build custom apps via an API that can be delivered over the cloud. And SaaS is cloud-based software companies can sell and use.

Think of IaaS as the foundation of building a cloud-based service — whether that’s content, software, or the website to sell a physical product, PaaS as the platform on which developers can build apps without having to host them, and SaaS as the software you can buy or sell to help enterprises (or others) get stuff done.” — Jay Chapel

Cloud services companies provide resources (compute, network, storage and databases) as a service so that customers do not have to incur the cost of acquiring and managing the required components.

You can think of cloud services as falling into one of three categories:

  • IaaS (Infrastructure as a service) — This is the most basic level and is when a third party will provide the access to networking, compute and storage. Examples include AWS, Azure and GCP
  • PaaS (Platform as a service) — This is a step further and includes the operating system and application services as well such as Windows, Linux etc. PaaS removes the need for a company to manage underlying infrastructure and allows you to focus on deployment and management of applications. Offerings include AWS’s Elastic Beanstalk which provides a platform to deploy a web application sitting on top of the IaaS
  • Saas (Software as a service) — A fully functional application hosted on the cloud examples include Dropdown, Slack and Salesforce

When talking about the cloud & its benefits there are a few terms that routinely come up.

Key Cloud Terms

Scalability — scalability refers to the ability to easily grow in size, capacity and scope when required

Elasticity — The ability to grow (scalability) as well as contract when required like an elastic band. This is the holy grail for businesses as you get the benefits of scalability without the potential downside of server sprawl. On-Premise is scalable but not elastic!

Fault Tolerance —The ability to withstand a certain amount of failure while still maintaining functionality with there being no single point of failure

Highly Available — The idea that something is accessible when you want to access it which links back to fault tolerance as if something is always going to be up and running it helps it such a thing can deal well with some failures

Cost-Effective — Pay only for services that you need with no long term contracts. This PAYG model means that you can move IT expenditure from CapEx to OpEx as you are no longer making large upfront capital purchases

Ingress Traffic— Inbound traffic which AWS will not charge you for. Traffic that comes from outside your network will not be charged

Egress Traffic— Outbound traffic which AWS will charge you for as your network is responding or sending out requests

Firmware — firmware is a specific class of computer software that provides the low-level control for a device’s specific hardware, it is the responsibility of AWS

The AWS Cloud Infrastructure is built around AWS Regions and Availability zones. There are currently 21 regions and 64 availability zones with more coming.

A Breakdown:

  • Region — A Region is a physical location in the world which contains multiple availability zones. Each region is isolated from each other and independent to ensure fault tolerance and sustainability
  • Availability Zone —AZ consist of one of more data centers each with redundant power, networking and connectivity i.e. they are isolated and non-dependent on each other or the same resources. Each AZ within a region is connected via low latency links.
  • Edge Locations — These are CDN endpoints for Cloudfront with there currently being over 100 edge locations allowing you to cache data closely to your end users
  • The idea is to use multiple AZs within a region to ensure high availability and fault tolerance as even if one of the data centers has a problem and other AZs within a region can handle the workload or store your data
  • For example, the region North Virginia contains 6 Availability Zones

So what is IAM?

IAM is the service where AWS user accounts and their access to various services are managed with an administrator being able to manage users, groups, roles and credentials. AWS users are global and not linked to a given region.

Root User — The root user is the account owner and has full access to all services (the maximum authority possible). AWS recommends that you do not use this Root User account to build or manage services due to the security risk of this god-level account to be compromised. If you want full admin rights, then create an IAM user (not root) and attach full admin rights to it.

Any new or additional user is created with no access to AWS resources with simply the access to log-in. Nothing is granted by default with permissions having to be added. When granting permissions you should use the “Principle of Least Privilege” which is the guiding principle that a user should be granted the minimum privileges required for them to execute their job.

Active Keys

Active Keys are a combination of an access key ID and a secret access key.You can assign two active access keys to a user at a time.

These can be used to make programmatic calls to AWS when using the API in program code or at a command prompt when using the AWS CLI or the AWS PowerShell tools.

The secret access is returned only at creation time and if lost a new key must be created.

You must ensure access keys and secret access keys are stored securely.

MFA

AWS advises that you should always set-up multi-factor authentication (MFA) when creating accounts such as sending a six-digit text to a users phone.

Groups

Groups are central to user management on AWS. A Group is a collection of IAM users who share the same permissions. For example, you can group 20 people who all work in finance within the same group allowing you to easily and efficiently add or remove permissions from all of these 20 people at once.

A user can belong to multiple groups. However, if group 1 has an explicit Deny (we actually say explicitly they should not be allowed) and group 2 has an allow to use a service and the user is in both groups than the explicit Deny will override the allow as AWS puts security first!

Groups can’t be nested; they can contain only users, not other groups. There’s no default group that automatically includes all users in the AWS account. If you want to have a group like that, you need to create it and assign each new user to it.

Policies

You manage access in AWS by creating policies and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. A policy is an object in AWS that, when associated with an identity or resource, defines their permissions.

Policy objects are written in JSON with all permissions being explicitly denied by default.

AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied.

Roles

An IAM role is an IAM entity that defines a set of permissions for making AWS service requests. IAM roles are not associated with a specific user or group. Instead, trusted entities assume roles, such as IAM users, applications, or AWS services such as EC2.

“An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials such as a password or access keys associated with it. Instead, when you assume a role, it provides you with temporary security credentials for your role session.” — AWS

IAM roles allow you to delegate access with defined permissions to trusted entities without having to share long-term access keys. You can use IAM roles to delegate access to IAM users managed within your account, to IAM users under a different AWS account, or to an AWS service such as EC2.

For example, an EC2 instance can assume a role and execute AWS command with that assigned privileges. The same goes for other services like API gateway, Lambda, Kinesis, RDS and so on.

“Q: What is the difference between an IAM role and an IAM user?
An IAM user has permanent long-term credentials and is used to directly interact with AWS services. An IAM role does not have any credentials and cannot make direct requests to AWS services. IAM roles are meant to be assumed by authorized entities, such as IAM users, applications, or an AWS service such as EC2.” — AWS IAM FAQs

What is AWS Cognito?

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.

The two main components of AWS Cognito are user pools and identity pools:

  • Authentication = User pools are user directories that provide sign-up and sign-in options for your app users.
  • Authorization = Identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token. With an identity pool, you can obtain temporary, limited-privilege AWS credentials to access other AWS services.

As we can see from the image above a user would authenticate and go into the user pool. Once they have got a token back from the user pool they can request credentials from the identify pool and access resources!

Identity Federation: Identity Federation (including AD, Facebook etc.) can be configured allowing secure access to resources in an AWS account without creating an IAM user account.

What is AWS STS?

The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (federated users).

AWS recommends using Cognito for identity federation with Internet identity providers.

By default, AWS STS is available as a global service, and all AWS STS requests go to a single endpoint at https://sts.amazonaws.com.

The AWS STS API action returns temporary security credentials that consist of:

  • An access key which consists of an access key ID and a secret ID.
  • A session token.
  • Expiration or duration of validity.
  • Users (or an application that the user runs) can use these credentials to access your resources.

Cloud Networking — Section 2

What is a VPC?

“Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.” — AWS

A VPC is a private subsection of AWS that you control into which you can place AWS resources. This virtual network (remember that VPCs are about networks) resembles a traditional network that you’d operate in your own data-center.

Your VPC is logically isolated from other virtual networks in the cloud.

An VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses.

Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering connection).

VPC Peering does not support On-Premise solutions with both VPCs needing to be on AWS (See Transit Gateway)

This would allow two private subnets in different VPCs to connect to each other!

What is AWS Transit Gateway?

AWS Transit Gateway connects VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships.

What is a subnet?

A subnet is shorthand for “sub-network” and is a subsection of a network /VPC. You can have one or more subnets within a VPC with resources being placed within a subnet.

A subnet must reside entirely within one Availability Zone and cannot span across multiple zones.

If a subnet is connected to an internet gateway then is known as a public subnet, however, if it is not connected to an internet gateway it is known as a private subnet.

What is an Internet Gateway?

An Internet Gateway is a combination of hardware and software that provides your private network with a route to the internet to connect to the outside world. If you do not have an IGW attached to a resource then that resource cannot access the internet.

What is a Route Table?

A Route Table contains a set of rules called routes that are used to determine where network traffic is directed.

What is a Network Access Control List (NACL)?

A NACL is a component that sites in front of your subnet and acts as a firewall and security layer.

By Default a NACL will allow all inbound and outbound traffic but can be customized.

It can be thought of as the “bouncer” which controls the traffic in and out of a subnet.

NACL’s operate at a subnet level not an AZ level!

What is a Security Group?

A security group is similar to a NACL but it is defined at an instance level not subnet.

By default a security group allows all outbound traffic from the instances and allows all inbound traffic from other instances associate with the default security group.

For example, the NACL could let HTTP traffic flow to a subnet but the security group could block it for a given instance like EC2.

This allows full network security group rules across the given hierarchies and the maximum amount of flexibility.

Cloud Compute — Section 3

What is an EC2?

An EC2 is one of AWS’s most traditional offerings and allows you to launch as many or as few virtual servers as you need which can be thought of as basic computers hosted in the cloud.

The AWS definitions is “Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, re-sizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.”

You can purchase EC2s in three different ways:

  • On-Demand: You can choose any type you like and provision/terminate the instance at any time only paying for what you use. Of course, this flexibility comes at a price with the user paying a premium for this ability
  • Reserves: With reserved purchasing, you can purchase an instance for a set time period such as one-year or three-years. As you are reserving compute you get a significant discount — There are even different types of Reserved payment models such as Standard (you cannot change any of your EC2 options like instance type), Convertible (you can increase options like instance type) or Scheduled (you can reserve for limited periods like one day a week)
  • Spot: Spot instances allow you to take advantage of the spare capacity in the AWS cloud. It is to AWS’s advantage to have as much of their infrastructure working and generating revenue. Spot instances are offered at steep discounts when compared with on-demand instances, allowing you to lower your operating costs. Because a spot instance can be terminated — that is “recovered” by AWS with only a two minute warning, workloads must be fault-tolerant and able to adapt to the changes in the spot environment
  • Dedicated Host: “an Amazon EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate compliance requirements” — it is by far the most expensive option and is mainly used when a user cannot deploy on an multi-tenant server helping to get over any compliant issues.

The benefits of EC2s are:

  • Elastic Computing: You can quickly increase or decrease EC2 usage as well as transition from running one to one thousand instances
  • Flexible Service: You can choose between multiple instance types, operating systems and software packages as well as instances with varying CPUs, memory and storage
  • Reliable & Secure: EC2s can have SLAs of 99.95% which they are fully integrated with the AWS security infastructure

What is an Amazon Machine Image?

You can think of an AMI as an EC2 template that you make in which you specify an operating system, software packages, instance size etc. In practice, an AMI is a virtual appliance that is used to create a virtual machine within an EC2 instance (virtual server).

Once you have made this template you can then launch an EC2 instance. You can launch multiple instances from one AMI “template”. The idea is that once you create your AMI you can quickly add more EC2 based on the same template. You need to make an AMI before launching an EC2.

An AMI includes:

  • Template for the OS, server and its applications
  • Launch permissions that control which AWS accounts can use the AMI to launch instances
  • A block device mapping that specifies the volumes to attach to the instance when it’s launched

AMIs come in three types:

  • Community AMIs — free to use and generally just selecting the OS you want
  • AWS Marketplace AMIs — pay to use and generally come with additional licensed software
  • My AMIs — AMIs that you create yourself — can be known as a Golden Image

Selecting an Instance Type

When configuring an EC2 you have the ability to choose a type.

“Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix of resources for your applications. Each instance type includes one or more instance sizes, allowing you to scale your resources to the requirements of your target workload.” — AWS

What is Elastic Block Storage?

EBS is a storage volume for an EC2 instance (think of it like a hard drive of an instance). AWS definition is “Amazon Elastic Block Store (EBS) is an easy to use, high performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction intensive workloads at any scale.”

The instance type allows you to specify the CPU and RAM while EBS is where you add the long term memory

An EBS can be attached to any running instance in the same availability zone. You can attach EBS volumes to an EC2 instance and they will be alive even after you terminate the EC2

By Default, EBS volumes are set to be delete when the EC2 instance is terminated, however, you can change this setting to have EBS volumes persist after termination. When your EC2 grows, you can simply add more EBS volumes, however, an EBS volume must be within the same region as its EC2.

You can set EBS Snapshots to backup an EBS at a point in time storing this data in S3.

What is AWS Lightsail?

Lightsail is ideal for simpler workloads, quick deployments, and getting started on AWS. It’s designed to help you start small, and then scale as you grow.” — AWS

Amazon Lightsail is great for users who do not have deep AWS technical expertise as it make it very easy to provision compute services.

Common use cases for Lightsail include running websites, web applications, blogs, e-commerce sites, simple software, and more.

You can launch:

  • AWS Lightsail instance: A Lightsail instance is a virtual private server (VPS) that lives in the AWS Cloud. Use your Lightsail instances to store your data, run your code, and build web-based applications or websites.
  • AWS Lightsail Databases: Amazon Lightsail databases are instances that are dedicated to running databases. Amazon Lightsail managed databases provide an easy, low maintenance way to store your data in the cloud.

What is AWS Elastic Beanstalk?

“AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.

You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time.

There is no additional charge for Elastic Beanstalk — you pay only for the AWS resources needed to store and run your applications.” — AWS

Elastic Beanstalk is built on top of Cloud Formation (Infrastructure as Code)

What is AWS EC2 Container Service?

Amazon Elastic Container Service (ECS) is another product in the AWS Compute category. It provides a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances.

Amazon ECS eliminates the need for you to install, operate, and scale your own cluster management infrastructure.

Cloud Storage — Section 3

What is S3?

“Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.” — AWS

Amazon S3’s storage units are objects that are organised into buckets. Buckets are used to organise files, like a folder. Any subfolder within a bucket is known as a “folder”.

An S3 object is comprised of a Key-Value pair.

Each S3 Bucket exists within a region of the Cloud. It is important to note that a Bucket’s name must be unique across the whole of AWS.

You are able to enable versioning of objects in a bucket which will allow you to even go back in time and see an older version!

When storing an object on S3, you are able to choose between different tiers each with their own pros and cons with your decision being based around the cost, importance of the data, and how quickly you need to access your storage.

Object Availability = % over a one-year period that a file stored in S3 will be accessible

Object Durability = % over a one-year time period that a file stored in S3 will be lost

  • S3 Standard — General purpose storage for any type of data, typically used for frequently accessed data. Durable, immediately available, frequently accessed. Standard is the most expensive class as it has the highest durability and accessibility
  • S3 IA (Infrequently accessed) — For durable, immediately available but infrequently accessed objects. It is cheaper than S3 but you will pay a retrieval fee to get your object.
  • S3 One Zone-IA — Similar to IA but in as your data resides in only one availability zone it is less resilient and therefore it is cheaper to store your data this way.
  • S3 Glacier — This is used to cheaply archive data. As you can see from the table below your data is housed across 3 availability zones (very safe), however it can take minutes or even hours to retrieve data that you have requested.
  • S3 Intelligent Tiering — This tier allows AWS to move your data based on the frequency of it being accessed/newness between different tiers to save you money. In the words of AWS “S3 Intelligent-Tiering stores objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. For a small monthly monitoring and automation fee per object, S3 Intelligent-Tiering monitors access patterns and moves objects that have not been accessed for 30 consecutive days to the infrequent access tier.”

You can even set up a kind of Intelligent Tiering yourself in which objects will move between tiers at defined time intervals such as after 45 days of creation.

What is S3 Transfer Acceleration?
Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.

Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.

What is S3 Replication?

Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets.

To enable object replication, you add a replication configuration to your source bucket. The minimum configuration must provide the following:

  • The destination bucket where you want Amazon S3 to replicate objects
  • An AWS Identity and Access Management (IAM) role that Amazon S3 can assume to replicate objects on your behalf

What is Storage Gateway?

AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.

Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. These include moving backups to the cloud, using on-premises file shares backed by cloud storage, and providing low latency access to data in AWS for on-premises applications.

What is Snowball?

With AWS Snowball (Snowball), you can transfer hundreds of terabytes or petabytes of data between your on-premises data centers and Amazon Simple Storage Service (Amazon S3).

What is Direct Connect?

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your on-premise infrastructure to AWS.

Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or co-location environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.

Benefits of AWS Direct Connect are:

  • Reduce cost when using large volumes of traffic.
  • Increase reliability (predictable performance).
  • Increase bandwidth (predictable bandwidth).
  • Decrease latency.

How is Storage Gateway different to Direct Connect?

Direct Connect creates a private network connection between AWS and on-premise resources while Storage Gateway enables you to store and retrieve Amazon S3 objects through standard file storage protocol.

What is AWS Snowmobile?

AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. You can transfer up to 100PB per Snowmobile, a 45-foot long shipping container, pulled by a semi-trailer truck.

What is AWS Elastic File System?

Amazon Elastic File System (EFS) is a scalable, elastic, cloud-native file system for Linux OS built for EC2s.

EBS is a block storage you can mount to an EC2 while EFS is a file system you can mount on an EC2. EBS is storage for a single EC2 while EFS can provide storage to multiple EC2s at the same time.

Using EFS, applications running on multiple EC2s can access one shared file storage system at the same time.

“The main differences between EBS and EFS is that EBS is only accessible from a single EC2 instance in your particular AWS region, while EFS allows you to mount the file system across multiple regions and instances.” — missioncloud.com

Q. When should I use Amazon EFS vs. Amazon S3 vs. Amazon Elastic Block Store (EBS)?

Amazon Web Services (AWS) offers cloud storage services to support a wide range of storage workloads.

Amazon EFS is a file storage service for use with Amazon EC2. Amazon EFS provides a file system interface, file system access semantics (such as strong consistency and file locking), and concurrently-accessible storage for up to thousands of Amazon EC2 instances.

Amazon EBS is a block level storage service for use with Amazon EC2. Amazon EBS can deliver performance for workloads that require the lowest-latency access to data from a single EC2 instance.

Amazon S3 is an object storage service. Amazon S3 makes data available through an Internet API that can be accessed anywhere.

Elastic Load Balancing & Auto Scaling — Section 4

What is Elastic Load Balancing?

An ELB will evenly distribute traffic between instances that are associated with it. The AWS definition is that “Elastic Load Balancing automatically distributed incoming application traffic across multiple targets, such as EC2 instances, containers, IP addressed and Lambda functions. It can handle the varying load of your application traffic in a single AZ or across multiple AZs”

As we can see from the architecture above, the ELB will spread traffic between these two servers preventing one from being overloaded and potentially crashing. As we can see from the graph, one EC2 is in AZ A and the other in AZ B meaning that if a hurricane hits AZ A the users can still access the site via AZ B (it is highly available and highly fault tolerant!).

Why would you even have multiple EC2s in the first place?

When scaling you have 2 primary options, either scaling out or scaling up:

  • Scaling Up: increase the power of a single EC2
  • Scaling Out: increase the number of EC2s with ELB handling the traffic

When you scale out you distribute your load and your risk! There is also a limit when scaling up i.e. you cannot have an EC2 with 100TB of RAM.

What is Auto-Scaling?

Auto scaling will automate the process of adding or removing instances based on the traffic of an application. The AWS definition is that “AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost”.

You can set up rules called scaling policies to determine when this will happen i.e. when CPU usage on an instance is at 80% then add more instances to the auto scaling group / if CPU is less than 50% than remove instances.

What is an Auto Scaling group?

An Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service.

Allows you to say “hey, if I am maxing out my current EC2s then spin up more automatically”.

The size of an Auto Scaling group depends on the number of instances that you set as the desired capacity. You can adjust its size to meet demand, either manually or by using automatic scaling.

You can specify the minimum number of instances in each ASG, and AWS Auto Scaling will ensure the group never goes beneath this size.

CloudFront & DNS — Section 5

What is Route 53?

Route 53 is a service which allows you to configure and manage web domains for websites and applications hosted.

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well — AWS

Route 53 performing 3 main functions:

  • Domain Registration
  • Domain Name System (DNS): DNS is a DB which simply translates domain names to IP addresses so browser can load internet resources
  • Health Checking: Automated requests over the internet to your application to verify that its reachable and available

Route 53 also has the ability to perform geographical routing in order to route to a given service depending on the location that the request is coming from i.e. if you wanted to have traffic from Spain go directly to the Spanish version of the website.

What is CloudFront?

CloudFront is a content delivery network that allows you to store and cache your content at edge locations around the world.

“Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS — both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. CloudFront works seamlessly with services including AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing or Amazon EC2 as origins for your applications, and Lambda@Edge to run custom code closer to customers’ users and to customise the user experience. Lastly, if you use AWS origins such as Amazon S3, Amazon EC2 or Elastic Load Balancing, you don’t pay for any data transferred between these services and CloudFront.” — AWS

CloudFront benefits:

  • Cache content at Edge Location for fast distribution to customers.
  • Built-in Distributed Denial of Service (DDoS) attack protection.
  • Integrates with many AWS services (S3, EC2, ELB, Route 53, Lambda)

What is AWS Global Accelerator?

AWS Global Accelerator uses the AWS global network to optimize the path from your users to your applications, improving the performance of your traffic by as much as 60%.

Monitoring and Logging — Section 6

What is Cloudwatch?

Cloudwatch is a service that allows you to monitor various elements of your AWS account.

You can setup alarms to alert you to events such as an S3 bucket surpassing 100 objects or an EC2 reaching its limits while you can also perform actions automatically based on these events.

What is Cloudtrail?

Cloudtrial allows you to monitor all actions taken by IAM users. For example, you can see who has deleted an S3 object or started a DB.

Cloudtrail is a service which enables governance, compliance, operational auditing and risk auditing of your AWS account.

CloudTrail is about logging and saves a history of API calls for your AWS account.

Logs API calls made via:

  • AWS Management Console.
  • AWS SDKs.
  • Command line tools.
  • Higher-level AWS services (such as CloudFormation).

Can think of the fact that APIs within an account are executed by users and therefore go under the domain of CloudTrail!

CloudTrail records account activity and service events from most AWS services and logs the following records:

  • The identity of the API caller.
  • The time of the API call.
  • The source IP address of the API caller.
  • The request parameters.
  • The response elements returned by the AWS service.

Notification Services — Section 11

What is the Simple Notification Service (SNS)?

SNS is service which allows you to automatically send messages based on events.

“Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple micro services, distributed systems, and serverless applications. Amazon SNS provides topics for high-throughput, push-based, many-to-many messaging. Using Amazon SNS topics, your publisher systems can fan out messages to a large number of subscriber endpoints for parallel processing, including Amazon SQS queues, AWS Lambda functions, and HTTP/S webhooks. Additionally, SNS can be used to fan out notifications to end users using mobile push, SMS, and email”— AWS

SNS can be triggered by events in Cloudwatch based on alarms. For example, if an instance crashes SNS can send a text to the system administrator.

SNS concepts:

  • Topics — how you label and group different endpoints that you send messages to.
  • Subscriptions — the endpoints that a topic sends messages to.
  • Publishers — the person/alarm/event that gives SNS the message that needs to be sent.

SNS usage:

  • Send automated or manual notifications.
  • Send notification to email, mobile (SMS), SQS, and HTTP endpoints.
  • Closely integrated with other AWS services such as CloudWatch so that alarms, events, and actions in your AWS account can trigger notifications.

What is loose coupling?

As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components.

AWS messaging services SQS and SNS can be applied at architectural level to build loosely coupled systems that facilitate multiple business use cases.

Loose coupling implies that services are independent so that changes in one service will not affect any other. The more dependencies you have between services, the more likely it is that changes will have wider, unpredictable consequences.

Implementing a loosely coupled system helps to reduce the risk that’s often inherent in systems or networks that depend on multiple components. Because the components, or elements, of a system or network are not dependent on one another, a domino effect won’t occur if one of them experiences problems . Instead, when one component is changed, experiences issues, or fails, then the other components will continue to work at close to full capacity, preventing the system or network from becoming useless.

SQL and NoSQL — Section 12

Relational Databases and Non-Relational Databases

There are two broad categories of Database:

  • Relational Databases known as “SQL”: A relational database is a collection of data items with pre-defined relationships between them. These items are organized as a set of tables with columns and rows. Tables are used to hold information about the objects to be represented in the database. RDS is an example of a SQL Database.
  • Non-Relational Databases known as “NoSQL” as in “Not Only SQL”: A NoSQL database provides a mechanism for storage and retrieval of data that is modeled in means other than the tabular relations used in relational databases. Dynamo DB is an example of a NoSQL DB.

What is RDS?

RDS stands for Cloud Relational Database Service is a SQL database service. You are able to pick between various SQL engines including Aurora (AWS’s database), MySQL, MSSQ and PostgreSQL.

“Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.” — AWS

Benefits of RDS Include:

  • Read Replicas: Amazon RDS Read Replicas enable you to create one or more read-only copies of your database instance within the same AWS Region or in a different AWS Region. Updates made to the source database are then asynchronously copied to your Read Replicas. This will mean that when you perform read queries the work will not be performed by the main DB and therefore it will reduce its workload!
  • Multi-AZ: When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. Your DB can be more fault-tolerant and resilient!

What is Dynamo DB?
DynamoDB is a NoSQL Database service. Unlike RDS, DynamoDB does not provide other NoSQL engine options such as MongoDB or Oracle NoSQL.

“Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale. It’s a fully managed, multiregion, multimaster, durable database with built-in security, backup and restore, and in-memory caching for internet-scale applications. DynamoDB can handle more than 10 trillion requests per day and can support peaks of more than 20 million requests per second.” — AWS

ElastiCache and Redshift — Section 13

What is ElastiCache?

ElastiCache is a data caching service used to help improve speed/performance of web applications running on AWS.

“Amazon ElastiCache allows you to seamlessly set up, run, and scale popular open-Source compatible in-memory data stores in the cloud. Build data-intensive apps or boost the performance of your existing databases by retrieving data from high throughput and low latency in-memory data stores. Amazon ElastiCache is a popular choice for real-time use cases like Caching, Session Stores, Gaming, Geospatial Services, Real-Time Analytics, and Queuing.” — AWS

ElastiCache can get data from 2 open source in-memory data stores either Redix or Memcached.

What is Redshift?

Redshift is a data warehouse service designed to handle petabytes of data for analysis.

RedShift is ideal for processing large amounts of data for business intelligence.

RedShift is 10x faster than a traditional SQL DB.

Interesting Article: https://blog.panoply.io/a-full-comparison-of-redshift-and-bigquery

“No other data warehouse makes it as easy to gain new insights from all your data. With Redshift you can query petabytes of structured and semi-structured data across your data warehouse, operational database, and your data lake using standard SQL. Redshift lets you easily save the results of your queries back to your S3 data lake using open formats like Apache Parquet to further analyze from other analytics services like Amazon EMR, Amazon Athena, and Amazon SageMaker.” — AWS

What is Athena?

Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL.

Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.

Athena is easy to use — simply point to your data in Amazon S3, define the schema, and start querying using standard SQL.

What is AWS Glue?

AWS Glue is a fully-managed, pay-as-you-go, extract, transform, and load (ETL) service that automates the time-consuming steps of data preparation for analytics.

AWS Glue automatically discovers and profiles data via the Glue Data Catalog, recommends and generates ETL code to transform your source data into target schemas.

AWS Glue runs the ETL jobs on a fully managed, scale-out Apache Spark environment to load your data into its destination.

What is Amazon EMR (Elastic Map Reduce)?

Amazon EMR is a managed cluster platform that simplifies running big data frameworks, such as Apache Hadoop and Apache Spark, on AWS to process and analyze vast amounts of data. By using these frameworks and related open-source projects, such as Apache Hive and Apache Pig, you can process data for analytics purposes and business intelligence workloads.” — AWS

It enables users to launch and use resizable Hadoop clusters within Amazon’s infrastructure. Like Hadoop, Amazon EMR can be used to analyze vast data sets.

It also simplifies the setups and management of the cluster of Hadoop and MapReduce components.

It differs from AWS Glue with AWS Glue being a serverless ETL focused tool while EMR is not serverless.

You can use EMR to process data in a variety of ways including:

  • ETL
  • Machine Learning

EMR use Amazon’s prebuilt and customized EC2 instances, that can take full advantage of Amazon’s infrastructure and other services offered by AWS. Such EC2 instances are invoked when we initiate a new Job Flow to form an EMR cluster. A Job Flow is Amazon’s term for complete data processing that occurs through a series of computational steps in Amazon’s EMR. A Job Flow is defined by the MapReduce framework and its input and output parameters.

What is AWS Kinesis?

Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information.

Collection of services for processing streams of various data.

Migrating Data(bases) from On-Premise to the Cloud

What is AWS Database Migration Service?

“AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases.” — AWS

What is AWS DataSync?

“AWS DataSync makes it simple and fast to move large amounts of data online between on-premises storage and Amazon S3, Amazon Elastic File System (Amazon EFS), or Amazon FSx for Windows File Server.

Manual tasks related to data transfers can slow down migrations and burden IT operations.

DataSync eliminates or automatically handles many of these tasks, including scripting copy jobs, scheduling and monitoring transfers, validating data, and optimizing network utilization. The DataSync software agent connects to your Network File System (NFS), Server Message Block (SMB) storage, and your self-managed object storage, so you don’t have to modify your applications.

DataSync can transfer hundreds of terabytes and millions of files at speeds up to 10 times faster than open-source tools, over the internet or AWS Direct Connect links. You can use DataSync to migrate active data sets or archives to AWS, transfer data to the cloud for timely analysis and processing, or replicate data to AWS for business continuity.” — AWS

Serverless — Section 14

What is Lambda?

Lambda is serverless computing and is the next generation of cloud computing replacing EC2s in a lot of contexts.

“AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume. With Lambda, you can run code for virtually any type of application or backend service — all with zero administration. Just upload your code and Lambda takes care of everything required to run and scale your code with high availability. You can set up your code to automatically trigger from other AWS services or call it directly from any web or mobile app.” — AWS

Lambda will automatically scale to meet your needs.

Benefits of Lambda are:

  • No servers to manage
  • Continuous Scaling
  • Integrates with almost all other AWS services

What are Step Functions?

AWS Step Functions is a service provided by Amazon Web Services that makes it easier to orchestrate multiple AWS services to accomplish tasks.

Step Functions allows you to create steps in a process where the output of one step becomes the input for another step, all using a visual workflow editor.

You can create a workflow which goes through ten lambda functions in order passing the output from one to another!

Security and Compliance — Section 15

The Shared Responsibility Model

The shared responsibility model defines what you (as an AWS account holder) and AWS are responsible for when it comes to security and compliance

AWS is responsible for the security of the cloud while we are responsible for security within the cloud.

Shared Controls — Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives.

In the AWS shared security model, a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. .

Examples of shared controls include:

  • Patch Management — AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications such as Qlik Sense
  • Configuration Management — AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications such as Qlik Sense
  • Awareness & Training — AWS trains AWS employees, but a customer must train their own employees

What is a penetration test?

A Pen Test is when an environment is tested against attacks

AWS customers are welcome to carry out pen test against some of the AWS infrastructure without prior approval from AWS.

These services include EC2 instances, RDS, Cloudfront,API Gateways and AWS Lambda. Prohibited Pen Test activates include: DDos Attacks, Port Flooding, Protocol Flooding and Request Flooding.

AWS has various security services which you are able to use to find vulnerabilities including:

  • AWS Inspector: works within EC2s to inspect for any vulnerabilities
  • AWS GuardDuty: a threat detection service that provides a way to monitor your AWS account
  • AWS Artifact: provides access to security and compliance reports on the AWS infrastructure. AWS Artifact is your go-to, central resource for compliance-related information that matters to you. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls.

What is AWS Trusted Advisor?

“AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. Trusted Advisor checks help optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits. Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally.” — AWS

Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment.

Trusted Advisor provides real time guidance to help you provision your resources following best practices.

Trusted Advisor will advise you on Cost Optimization, Performance, Security, and Fault Tolerance.

Ackronym Support (Security) Portland (Performance) F (Fault Tolerance) C (Cost Optimization)

Trusted Advisor is not just about security but about optimizing your entire infastructure based on AWS Best Practises

AWS TA will check all the resources used and gives advice based on best practices. Upgrading support plan enables all Trusted Advisor recommendations, free plan doesn’t include all

Trusted Advisor vs Inspector:

  • Trusted Advisor applies to the AWS account and AWS services
  • Amazon Inspector applies to the content of multiple EC2 instances

AWS WAF & AWS Shield:

AWS Shield is a service built on AWS to protect mainly against DDoS attacks. DDoS (Distributed Denial of Service) is an attack that uses a large number of servers to put a load on web services, bringing down servers and applications and making them unusable.

AWS WAF is a web application firewall provided by AWS, which has the largest share of the global cloud service market. It is mainly used to protect websites from attacks on web applications.

What is AWS Guard Duty?

Amazon GuardDuty offers threat detection and continuous security monitoring for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.

The service monitors for activity that indicate a possible account compromise, potentially compromised instance, or reconnaissance by attackers or intellectual property, and continuously monitors data access activity for anomalies that might single unauthorized access or inadvertent data leaks.

What is AWS Key Management Service?

“AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140–2, or are in the process of being validated, to protect your keys. AWS KMS is integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.” — AWS

AWS Key Management Service is integrated with most other AWS services making it easy to encrypt the data you store in these services with encryption keys you control

What is AWS CloudHSM?

CloudHSM (hardware security module) is similar to KMS and is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

What is the main difference between CloudHSM and KSM?

CloudHSM uses dedicated Hardware and so may be required due to regulatory requirements.

What is AWS Personal Health Dashboard?

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you such as AWS performing an patch!

Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.

Alerts are triggered by changes in the health of AWS resources, giving you event visibility, and guidance to help quickly diagnose and resolve issues.

What is the AWS Well Architected Framework?

AWS Well-Architected helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. Based on five pillars — operational excellence, security, reliability, performance efficiency, and cost optimization — AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures, and implement designs that can scale over time.

Acronym: Oranges (Operational Excellence) Sometimes (Security) Come (Cost Optimization) Poorly (Performance Efficiency) Ripened(Reliability)

Billing & Support Services — Section 16

What is an AWS Organisation?

AWS Organisations allow you to manage billing, security and access to MULTIPLE AWS accounts in one user interface.

A group can have one account for company A and another account for company B and consolidate all billing!

You can consolidate billing allowing better prices as you get economies of scale while you can set up one payment methods to be used by all of your accounts taking advantage of pricing benefits

AWS has 4 different plans for various users:

  • Basic: A free service with no support and SLAs
  • Developer: $29 a month with Tech support via email and an SLA of between 12–24 hours
  • Business: $100 a month with Tech support provided via email, chat or phone. 1 Hour SLA for Urgent Cases
  • Enterprise: $15K a month with full Tech Support and a 15 minute response time SLA. Only Enteprise accounts come with there own Technical Account Manager (TAM)

What is the Total Cost of Ownership Calculator?

“AWS helps you reduce Total Cost of Ownership (TCO) by reducing the need to invest in large capital expenditures and providing a pay-as-you-go model that empowers you to invest in the capacity you need and use it only when the business requires it.

Our TCO calculators allow you to estimate the cost savings when using AWS and provide a detailed set of reports that can be used in executive presentations. The calculators also give you the option to modify assumptions that best meet your business needs.” — AWS

What is AWS Personal Health Dashboard?

“AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.

The dashboard displays relevant and timely information to help you manage events in progress, and provides proactive notification to help you plan for scheduled activities. With Personal Health Dashboard, alerts are triggered by changes in the health of AWS resources, giving you event visibility, and guidance to help quickly diagnose and resolve issues.” — AWS

Code Deployment

What is CodeCommit?

In essence, It is tackling the same problem as Github. It may be picked over Github as it allows you to use AWS IAM roles making it highly secure and already integrated into your security stack. It can also be cheaper than using Github.

“AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.” — AWS

AWS CodeCommit is a source control storage and version code service provided by Amazon. It helps the team with better code management and collaboration, exploiting the benefits of CI/CD.

It eliminates the need for a third party version control.

This service can be used to store assets such as documents, source code, and binary files. It also helps you manage these assets. Managing includes scaling, integrating, merging, pushing and pulling code changes.

What is CodeDeploy?

A fully managed service which automates software deployments to a variety of services such as EC2, Fargate and Lamdba.

Codedeploy can even deploy to instances running On-Premise.

What is Cloud Formation?

It addresses the same pain points that terraform addresses providing infastructure as code capabilities.

The easiest way to describe what CloudFormation is that it is a tool from AWS that allows you to spin up resources effortlessly.

You define all the resources you want AWS to spin up in a blueprint document, click a button, and then AWS magically creates it all. This blueprint is called a template in CloudFormation speak.

So instead of having to write script with a bunch of AWS API calls, wait loops, and retry logic, you just tell describe what you want and tell CloudFormation to do it for you. Beautiful.

What is Bootstrapping? (links in with CloudFormation above ^^^)

Bootstrapping refers to creating a sustainable, start up process that can run on its own and in the context of AWS it typically means the process needed to get an application up and running on an EC2 instance.

With Bootstrapping, a script will be run when the EC2 is created which will perform various tasks automatically like downloading applications

Bootstrapping:

  • Execute automated bootstrapping actions to modify default configurations.
  • This includes scripts that install software or copy data to bring that resource to a particular state.
  • You can parameterize configuration details that vary between different environments.

What are Resource Groups + Tags?

Resource Groups allow you to easily create, maintain, and view a collection of resources that share common tags.

You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time.

What are Stateless and Stateful Services?

Stateless applications:

  • A stateless application is an application that needs no knowledge of previous interactions and stores no session information.
  • A stateless application can scale horizontally since any request can be serviced by any of the available compute resources (e.g., EC2 instances, AWS Lambda functions).

Stateless components:

  • Most applications need to maintain some kind of state information.
  • For example, web applications need to track whether a user is signed in, or else they might present personalized content based on previous actions.
  • Web applications can use HTTP cookies to store information about a session at the client’s browser (e.g., items in the shopping cart).
  • Consider only storing a unique session identifier in a HTTP cookie and storing more detailed user session information server-side.
  • DynamoDB is often used for storing session state to maintain a stateless architecture.
  • For larger files a shared storage system can be used such as S3 or EFS.
  • SWF can be used for a multi step workflow.

Stateful components:

  • Databases are stateful.
  • Many legacy applications are stateful.
  • Load balancing with session affinity can be used for horizontal scaling of stateful components.
  • Session affinity is however not guaranteed and existing sessions do not benefit from newly launched nodes.

What is AWS OpsWorks?

OpsWork is similar to CloudFormation!

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.

What is AWS Config?

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.