Professional Documents
Culture Documents
EC2
Published Jan 4, 2021
This post as the free official course from AWS [1] is the first on a series to
cover the entire course content. The focus on this post is to go over the EC2
(Elastic Compute) service and another computing services that AWS
provides. Besides that, a brief introduction to the model pay as you go that
AWS uses is shared.
Previous: AWS Cloud Practitioner Notes
SQS queues are places where messages are stored until they are processed.
o send messages (data within a message: payload. It is protected until
delivery)
o store messages
o receive messages
o at any volume (without loosing messages)
1. AWS SNS (simple notification service)
AWS LAMBDA
AWS lambda is a service that allows you to upload your code to be executed.
The code is executed in a managed environment.
o lambda is designed to run code in 15 minutes
o automatically scale
UP NEXT
Infrastructure and reliability
Each region is made up of multiple of data centers. AWS calls a single data
center or a group of data centers a availability zone or AZ. AWS data
centers have redundant power, networking and connectivity.
Services that have the check “Regionally scoped service” are already high
available.
CLOUDFORMATION
Cloud formation is a service that AWS provides to provision services through
scripts (code tool). Through XML or JSON declarative scripts called
CloudFormation templates. This kind of approach of serving infrastructure on
a coded basis is known as Infrastructure as Code (IaC), CloudFormation is for
AWS, but, there are other tools that supports another cloud providers such as
[terraform]/certification/2021/08/07/terraform-hashicorp-certification.html.
calls to AWS apis
________________
| |
CloudFormation template ---------> | Aws Formation |
-----------> AWS services
|________________|
The CloudFormation approach decouples the what yuo want to build from how
to build it. The CloudFormation takes cares of the how, and you, the what.
UP NEXT
Networking
____________________________________________
| AWS cloud
|
|
___________________________________ |
| |VPC
| |
__________ | __|_________
| |
| Client | internet request | |internet |
| |
|________| --------------------------> |gateway |
| |
| |__________|
| |
| |
| |
| |
| |
| |
| |
| |
_________________________________| |
|
__________________________________________|
Virtual private gateway allow access to private resources in a VPC.
____________________________________________
| AWS cloud
|
|
___________________________________ |
| |VPC
| |
_______________ | _|_________
| |
| Corporate | | | virtual |
| |
| data center | internet | | private |
| |
|_____________| ---------------------->| gateway |
| |
VPN connection | |___________|
| |
| |
| |
| |
| |
| |
| |
| |
_________________________________| |
|
__________________________________________|
AWS Direct connect [3] provides a direct connection from private data
center, offices, or other locations to AWS.
____________________________________________
| AWS cloud
|
____________________ |
___________________________________ |
| | | |VPC
| |
_______________ |AWS direct connect| | ___|_________
| |
| Corporate | |location | | | virtual |
| |
| data center | | | | | private |
| |
|_____________|---->|AWS direct |----->| gateway |
| |
|connect end point | | |___________|
| |
| | | |
| |
| | | |
| |
|__________________| | |
| |
| |
_________________________________| |
|
__________________________________________|
UP NEXT
Storage and databases
EBS S3
EBS EFS
AMAZON AURORA
o MySQL or PostgreSQL support
o 1/10th cost of commercial databases
o Data replication
o Up to 15 read replicas
o Automated backup to S3
RDS DynamoDB
HOMOGENOUS DATABASES
The first type of migration is: homogenous. Homogenous databases are
migrations across the same database type. For example:
o MySQL to Amazon RDS for MySQL
o Microsoft SQL Server to Amazon RDS for SQL Server
o Oracle to Amazon RDS for Oracle
HETEROGENEOUS DATABASES
The second type of migration is: heterogeneous databases. Which provides a
migration for different database vendors.
For this type of migration there are two steps, the first is the conversion from
the database source into the origin database. Then the last step is to do the
migration.
UP NEXT
Security
CUSTOMER RESPONSIBILITIES
Customers are responsible for everything they put in AWS.
_______________________________________________________________
_____________________________
|C|__________________________________ CUSTOMER DATA
_______________________________________|
|U|
_______________________________________________________________
_________________________|
|S|_________________ PLATFORM, APPLICATIONS, IDENTITY AND
ACCESS MANAGEMENT________________|
|T|
_______________________________________________________________
_________________________|
|O|_________________ OPERATING SYSTEMS, NETWORK AND FIREWALL
CONFIGURATION ________________|
|M|
_______________________________________________________________
_________________________|
|E|
_______________________________________________________________
_________________________|
|R|_ CLIENT-SIDEDATA ENCRYPTION | SERVER SIDE ENCRYPTION |
NETWORKING TRAFFIC PROTECTION __|
AWS RESPONSIBILITIES
AWS is responsible for security of the cloud.
_______________________________________________________________
_____________________________
|A|_____________________________________ SOFTWARE
_________________________________________|
| |_____ COMPUTE ______|______ STORAGE ______|_____ DATABASE
_____|_____ NETWORKING _______|
|W|
_______________________________________________________________
_________________________|
| |_________________________ HARDWARE/AWS GLOBAL INFRASTRUCTURE
___________________________|
|S|______ REGIONS _____|____________ AVAILABILITY ZONES
__________|__ EDGE LOCATIONS ______|
Option Value
IAM groups are groups of users, you can attach policies to a group and all
users in that group will have the permissions listed there.
IAM roles have associated permissions that allow or deny actions in aws, and
this roles can be assume for temporary amount of time.
MODULE 6 - ORGANIZATIONS
AWS Organizations are used to consolidate and manage multiple AWS
accounts, in a centralized manner. This approach avoids the problem of
managing multiple aws accounts.
MODULE 6 - COMPLIANCE
Compliance checks if a given regulation is being followed, countries might
have different compliances. For example:
o EU - GDPR
o Health care in US - HIPAA
Aws has already built data center, infrastructure and networking following
industries best practices for security, and you as a customer inherit those
practices as well.
Enabling data protection is a configuration setting on the resource. AWS
offers whitepapers are documents you can download and use for compliance
reports.
o AWS Artifact - compliance reports done by third parties [1]
o AWS Compliance - compliance information in all one place [2]
AMAZON INSPECTOR
runs an automated security assessment infrastructure, check deviations
against best practices.
AMAZON GUARDDUTY
It analyses streams of data from network, vpc logs and dns logs. Runs
independently from aws services.
CLOUDWATCH ALARMS
You can use CloudWatch Alarms to set alerts based on a given metric that
perform actions based on its value [1].
CLOUDWATCH DASHBOARD
CloudWatch dashboard provides a single location to access all the metrics for
the resources.
SPECIAL SERVICES
o The AWS lambda service allows for 1 million free invocations per
month
o Amazon S3 is free for 12 months for up to 5GB of standard storage
o AWS Lightsail offers 1 month trial of up to 750 hours of usage
o DynamoDB offers 25GB of free storage per month
AWS SNOWCONE
AWS Snowcone is a small, rugged, and secure edge computing and data
transfer device. It features 2 CPUs, 4 GB of memory, and 8 TB of usable
storage.
AWS SNOWMOBILE
Capacity up to 100PB.
AMAZON SAGEMAKER
Quickly build, train and deploy machine learning model at scale, and it is
supported by the most popular open source frameworks.
AMAZON A2I
Machine platform that anyone can operate without an expertise
AMAZON LEX
Helps you build interactive chat-bots
AMAZON TEXTRACT
Helps you to extract text from documents
AWS DEEPRACER
Machine learning service for reinforcement learning
SECURITY
Priority number, checking integrity of data, protecting systems using
encryption.
RELIABILITY
Recovery planning, such as dynamoDB disruption or EC2 failures, how you
handle failure to meet business and customer demand.
PERFORMANCE EFFICIENCY
IT and computing resources efficiently, for example, using the correct EC2
type.
COST OPTIMIZATION
Controlling where money is spent, checking if the ec2 size if over estimated. If
so, you can change for a better type of instance.
Building with AWS is fundamentally different, the cost will vary month-to-
month as you consume different services. You cans tart small, pay for only
what you use and as you grow pay on demand.
1. Turn off unuSed instances
2. Delete old resources
3. Optimize your applications
4. Receive recommendations from AWS Trusted Advisor
6. GO GLOBAL IN MINUTES
With traditionally data center approach, expand to a secondary part of the
world, could take months or years. With AWS it takes minutes.