Professional Documents
Culture Documents
• VPC – Networking
• IAM – Security
Storage
Databases Networking
Compute
Monitoring Security
Scaling
AWS Administration
Ireland Sweden 2
Canada 3 3 Beijing 6
3 Seoul
Oregon 4 3 Frankfurt
London 3 Ningxia 3
N. California 3 Ohio 3 4 Tokyo
6 N. Virginia Paris 3 2 Mumbai
Milan 3 3 Hong Kong
2
Bahrain 3
Singapore 2
Indonesia
3 Sao Paulo
3 Sydney
2
Cape Town
Case Study
Please open your copy of the Terra Firma
• An availability zone contains one or more data centers that host EC2 instances
and EBS storage
• Other regional data centers contain other AWS services (S3 Buckets, ELB,
etc.)
• Applications hosted in multiple AZ’s have high availability and reliability
Availability Availability
Zone Zone
AWS
Region Availability
Zone
Demo: Regions
and Availability
Zones
Choosing an AWS Region
Compliance: Rules and regulations you must
follow
CloudFront (CDN)
User (Singapore)
High speed
private network
Edge Location in
Singapore
Demo: Global
AWS Services
Compute Services at AWS
Compute, Families, Security groups and Pricing
Compute Services
EC2 ECS
Instance Containers
Lambda LightSail
Serverless Blueprints
EC2 Instances (and Migration)
Compute optimized ?
Possible
Answer
The EC2 instance that is chosen should be
matched to a compute option where the
CPU cores, storage size and speed, the
amount of required RAM, and networking
speeds match your requirements.
3rd question
Storage optimized ?
Possible Answer
The database instance could use a storage optimized
EC2 instance with high provisioned IOPS (input output
per second).
EC2
Instances share
Instance size can be Secure logon uses
bare-metal server
changed after launch public / private key pair
hardware by default
• AMI types:
• Custom – created by the customer
• Published – AWS marketplace
• Pre-created by AWS – Linux and Windows
AMI
Create AMI # 1
Template
AMI # 3
Launch
EC2
Instance AWS Region
Launch AMI # 2
EC2
Instance
Demo: Create
an AMI
Security Groups
EC2 instance firewall
Securing Access : Security Groups
Security groups
Security group are
allow access to the
firewalls
EC2 Instance
• Quota examples:
• EC2 instances default limit: 20 per region
• Elastic Load Balancer: default limit: 20
• Virtual Private Cloud: default limit: 5
Spot Requests
Dedicated Hosts Dedicated Instances
Unused instances
Physical host Single tenant
(Hibernate, 1 to 6
dedicated to you hardware
Hour)
Saving Plans
• Savings Plans provides savings of up to 72% on
your AWS compute usage
• Applies to all Amazon EC2 instances and, or AWS
Fargate and AWS Lambda usage
• Commit to use a specific amount of compute
power (measured in $/hour) for a one, or
three-year period
Controlling
Costs at AWS
• AWS Budgets – manage usage
S3
EBS
Object and
Block storage
archive
FSx EFS
WIN shared Linux shared
storage storage
EBS: Elastic Block Storage
Elastic Block Storage
• Throughput optimized:
• 99.999999999 % durability
• 99.99 % availability
S3 or S3 Glacier?
Possible Answer
S3 Glacier or S3 Glacier Deep Archive.
7th question
Would a lifecycle rule help
manage office records moved to
S3 cloud storage?
Possible Answer
A lifecycle rule could control the movement of records
stored in an S3 bucket to S3 glacier archive storage.
EFS and FSx: Shared Storage Services
Elastic File System - Linux storage
• Fully managed storage service providing shared file storage for Linux EC2
instances
• Highly available
• Highly durable
• Petabyte scale
• High-performance options Single Namespace
• Highly durable
• Petabyte scale
• Transparent encryption
Shares
• Integrates with AWS KMS
Networking Services at AWS
Networking Services
VPC IP Addresses
Subnets Public / Private
Access VPN
Internet Gateway Connectivity
Virtual Private
Cloud (VPC)
• Launch EC2 Instances into a private
virtual network
• You configure:
• IP address ranges
• Subnets
• Route tables
• Network Gateway’s
• Security settings
• Endpoints
Subnets
• Instances and AWS services are launched
into subnets
• Speeds up to 10 Gb
• Two-way communication
IAM
Root User
User security
Identity and Access Management
The Root User
• When you order an AWS account, the
first administrative account is called the
Root user
• Identity-based policy
• AWS provides pre-created policies called
managed policies
RDS
DynamoDB
SQL, MySQL
NoSQL
Oracle
Relational
Database Service
• Managed service for creation,
management, and scaling of relational
databases
Trusted Advisor
CloudTrail
Log API calls
CloudWatch
Monitor
Trusted Advisor
• Trusted Advisor analyzes your AWS
account against best practices
• Alert criteria:
● Red ( Action recommended )
● Yellow ( Investigation recommended )
● Green ( No problem detected )
CloudTrail
• View all AWS account activity for 90 days
• VPC – Networking
• IAM – Security
• Monitoring – CloudWatch,
Trusted Advisor