AWS Practitioner

Get Started. It's Free
or sign up with your email address
AWS Practitioner by Mind Map: AWS Practitioner

1. Recall that when you modify a file in block storage, only the pieces that are changed are updated. When a file in object storage is modified, the entire object is updated.

2. block-level storage

2.1. Instance store volumes

2.1.1. Block-level storage volumes behave like physical hard drives. block-level storage for an Amazon EC2 instance.

2.1.2. comes by default with EC2 instance

2.1.3. non-persistant: data is lost when you shutdown EC2 instance S3 Standard has a higher cost than other storage classes intended for infrequently accessed data and archival storage.

2.2. AMZN EBS - Elastic Block Store

2.2.1. EBS volumes persistent data Different sizes and type you attach to your EC2 instance

2.2.2. EBS snapshot incremental backups of your data

2.2.3. service that provides block-level storage volumes that you can use with Amazon EC2 instances

2.2.4. size up to 16Tb solid state by default stores data in a single Availability Zone.

3. AMZN GuardDuty

3.1. threat detection offering

3.1.1. It analyzes continuous streams of metadata generated from your account, and network activity found on AWS Cloudtrail events AMZN VPC flow logs DNS logs

3.2. It uses integrated threat intelligence to identify threats more accurately

3.2.1. known malicious IP addresses

3.2.2. anomaly detection

3.2.3. machine learning

3.3. runs independently from your other AWS services

3.3.1. won't affect performance or availability of your existing infrastructure, and workloads

3.4. you can review detailed findings about them from the AWS Management Console

3.4.1. findings include recomendated steps for remediation

3.4.2. You can also configure AWS Lambda functions to take remediation steps automatically in response to GuardDuty’s security findings.

4. Beginning with only the resources you need and designing your architecture to automatically respond to changing demand by scaling out or in.

4.1. enables you to automatically add or remove Amazon EC2 instances in response to changing application demand

4.1.1. scale out more intances

4.1.2. scale up more resources in one instance

5. AWS Artifact

5.1. a service that provides on-demand access to AWS security and compliance reports and select online agreements

5.1.1. AWS Artifact Agreements you can review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations

5.1.2. AWS Artifact Reports provide compliance reports from third-party auditors. These auditors have tested and verified that AWS is compliant with a variety of global, regional, and industry-specific security standards and regulations

6. compute in the cloud

6.1. EC2 - Elastic Compute Cloud

6.1.1. multitennancy: This idea of sharing underlying hardware The hypervisor is responsible for coordinating this multitenancy and it is managed by AWS And a hypervisor running on the host machine is responsible for sharing the underlying physical resources between the virtual machines.

6.1.2. EC2 runs on top of physical host machines managed by AWS using virtualization technology.

6.1.3. Types varying combinations of CPU Memory Storage networking capacity Each instance type is grouped under an instance family general purpose compute optimized memory optimized Accelerated computing storage optimized

6.2. Pricing

6.2.1. On- Demand you only pay if the instance is running per hour per second depends on the type of instance and OS good to get a baseline for your average usage (to get started) short-term, irregular workloads that cannot be interrupted developing and testing applications running applications that have unpredictable usage patterns no contract

6.2.2. Savings Plan low prices in exchane for a commitment to a consistent usage (measured: dollars / hour ) for 1or 3 years also apply to Lambda and Fargate (serveless compute) savings of up to 66% over On-Demand costs. Any usage beyond the commitment is charged at regular On-Demand rates.

6.2.3. Reserved Instances for steady-state workloads or ones with predictable usage offer you up to a 75% discount versus On-Demand pricing you qualify for a discount once you commit to a one or three-year term and can pay for them with three payment options are a billing discount applied to the use of On-Demand Instances in your account. Standard Reserved Instances Convertible Reserved Instances Scheduled Reserved Instances

6.2.4. Spot Instances to request spare Amazon EC2 computing capacity for up to 90% off of the On-Demand price AWS can reclaim the instance at any time they need it, giving you a two-minute warning to finish up work and save state. A good example of those are batch workloads. ideal for workloads with flexible start and end times, or that can withstand interruptions do not require contracts or commintment to ammount of use no contract

6.2.5. Dedicated Hosts physical hosts dedicated for your use for EC2 On-Demand dedicatd hosts Dedicated Hosts Reservations for meeting certain compliance requirements nobody else will share tenancy of that host. You can use your existing per-socket, per-core, or per-VM software licenses to help maintain license compliance most expensive of all services

6.3. Scalability

6.3.1. Amazon EC2 Auto Scaling Dynamic scaling responds to changing demand. scale horizontally Predictive scaling automatically schedules the right number of Amazon EC2 instances based on predicted demand. To scale faster, you can use dynamic scaling and predictive scaling together.

6.3.2. minimun / desired / sacale as needed / maximum aws ec2 inst If you do not specify the desired number of Amazon EC2 instances in an Auto Scaling group, the desired capacity defaults to your minimum capacity.

6.4. Elasticity

6.4.1. Elastic Load Balancing service that automatically distributes incoming application traffic across multiple resources single point of contact for all incoming web traffic to your Auto Scaling group ELB + Auto Scalling high performance availability

6.5. messaging and queuing

6.5.1. monolithic application:an application with tightly coupled components. These components might include databases, servers, the user interface, business logic, and so on if a single component fails, other components fail, and possibly the entire application fails.

6.5.2. microservices: application components are loosely coupled.

6.5.3. AMZN Simple Notification Servicde (SNS) is a publish/subscribe service publisher publishes messages to subscribers. subscribers can be web servers, email addresses, AWS Lambda functions, or several other options.

6.5.4. AMZN Simple Queue Service (SQS) you can send, store, and receive messages between software components, without losing messages or requiring other services to be available an application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.

6.6. Aditional compute services

6.6.1. serverless computing do not need to provision or manage these servers. Lambda Doker containers Docker is a software platform that enables you to build, test, and deploy applications quickly is a service that lets you run code without needing to provision or manage servers. create a lambda function to run (under 15 min) when an event is triggered flexibility to scale serverless applications automatically you pay only for the compute time that you consume set your code to trigger from an event source For example, a simple Lambda function might involve automatically resizing uploaded images to the AWS Cloud. In this case, the function triggers when uploading a new image. Fargate serverless compute engine for containers you do not need to provision or manage servers you pay only for the resources that are required to run your containers.

6.6.2. Containers a container is a package for your code where you package up your application, its dependencies as well as any configurations that it needs to run provide you with a standard way to package your application's code and dependencies into a single object. You can also use containers for processes and workflows in which there are essential requirements for security, reliability, and scalability.

6.7. CLOUD computing

6.7.1. the on-demand delivery of IT resources over the internet with pay-as-you-go pricing

7. Global infra an reliability

7.1. AMZN Regions

7.1.1. geographically isolated areas, where you can access services needed to run your enterprise proximity to your customers compliance with data governance pricing available services / features Connected by high speed fiber network each region is isolated from other regions region data sovereignty

7.1.2. each region is made up of multiple AZs AZ (availability zone) is a single data center or a group of data centers within a Region low latency between them separated enough to prevent disaster in all zone always recomended to run at least in 2 AZ in a region help you solve high availability and disaster recovery scenarios, without any additional effort on your part is a fully isolated portion of the AWS global infrastructure.

7.2. AMZN Edge Location

7.2.1. Content Delivery Netwoks (CDN) Caching copies of data closer to the customers all around the world CDN Amazon CloudFront to store cached copies of your content closer to your customers for faster delivery used for data / video / apps and APIs is a content delivery service is a network that helps to deliver edge content to users based on their geographic location

7.2.2. are separate from Regions, so you can push content from inside a Region to a collection of Edge locations around the world, in order to accelerate communication and content delivery

7.2.3. run Amazon CloudFront to help get content closer to your customers, no matter where they are in the world.

7.2.4. site that Amazon CloudFront uses to store cached copies of your content closer to your customers for faster delivery

7.3. AMZN Route 53

7.3.1. DNS to direct cust to the correct web locations

7.4. AMZ Outposts

7.4.1. AWS will basically install a fully operational mini Region, right inside your own data center.

7.4.2. owned and operated by AWS

7.4.3. using 100% of AWS functionality,

7.4.4. isolated within your own building

7.5. Provisioning

7.5.1. API an application programming interface. pre determined ways for you to interact with AWS services to provision, configure, and manage your AWS resources "Do it yourself" AWS Management Console AWS CLI - Command Line Interface AWS SDKs - Software Development Kits to interact with AWS resources through various programming languages easy for developers to create programs that use AWS without using the low level API enable you to use AWS services with your existing applications or create entirely new applications that will run on AWS. Supported programming languages include C++, Java, .NET, and more. manage tools to provision AWS Elastic Beanstalk AWS CloudFormation

8. Networking

8.1. conectivity to AWS

8.1.1. AMZN VPC - Virtual Private Cloud your own private network in AWS to provision an isolated section of the AWS Cloud allows you to define your private IP range for your AWS resources Subnets chunks of IP addresses in your VPC that allow you to group resources together. is a section of a VPC that can contain resources such as Amazon EC2 instances. Public subnet Private subnet

8.1.2. olny alow trafic comming form appoved internal network

8.1.3. internet gateway (IGW) To allow public traffic from the internet to access your VPC, you attach an internet gateway to the VPC. is a connection between a VPC and the internet Without an internet gateway, no one can access the resources within your VPC to access public net with your public VPC

8.1.4. Virtual Private gateway To access private resources in a VPC allows you to create a VPN connection between a private network, like your on-premises data center or internal corporate network to your VPC to establish an encrypted VPN connection to your private internal AWS resources, you would need to attach a virtual private gateway to your VPC

8.1.5. AMZN direct connect allows you to establish a completely private, dedicated fiber connection from your data center to AWS provides a physical line that connects your network to your AWS VPC

8.1.6. security layer network hardening Network ACLs security groups application security user identity atentication and authorization DDoS prevention (distributed denial-of-service) data integrity encryption

8.1.7. Global Networking Domain Name System (DNS) DNS resolution involves a customer DNS resolver communicating with a company DNS server. DNS resolution is the process of translating a domain name to an IP address. AMZN Route 53 is a DNS web service. gives developers and businesses a reliable way to route end users to internet applications hosted in AWS. It can route users to infrastructure outside of AWS. Route 53 can direct traffic to different endpoints using several different routing policies ability to manage the DNS records for domain names

9. Storage and Databases

9.1. Object-Level Storage

9.1.1. each object consists of Data The data might be an image, video, text document, or any other type of file Metadata contains information about what the data is, how it is used, the object size, and so on Key unique identifier

9.1.2. AMZN S3 - Simple Storage Service allows you to store and retrieve an unlimited amount of data at any scale buckets where you store data, instead of FS you can Tiers / Storage Classes S3 Standard S3 Infrequent Access / S3-IA S3 Infrequent Access One Zone / S3 One Zone IA Low-cost storage designed for data archiving S3 Intelligent-Tiering Amazon S3 Glacier cases in which a large number of services and resources need to access the same data at the same time S3 Glacier Deep Archive Lowest-cost object storage class ideal for archiving Able to retrieve objects within 12 hours unlimited storage individual objects up to 5TB write once / read many is a scalable file system used with AWS Cloud services and on-premises resources. serverless

9.2. file storage

9.2.1. AMZN Elastic file system / AMZN EFS grows and shrinks automatically. It can scale on demand to petabytes without disrupting applications. multiple instances accessing the data in EFS at the same time. Linux file system when? is a regional service. It stores data in and across multiple Availability Zones. The duplicate storage enables you to access data concurrently from all the Availability Zones in the Region

9.3. relational database

9.3.1. data is stored in a way that relates it to other pieces of data.

9.3.2. use structured query language (SQL) to store and query data

9.3.3. AMZN Relational Database Service / AMZN RDS AMZN supports MySQL PostgreSQL Oracle MS SQL Server lift -and-shift migration to a EC2 managed service that automates tasks such as hardware provisioning, database setup, patching, and backups. services You can integrate Amazon RDS with other services to fulfill your business and operational needs, such as using AWS Lambda to query your database from a serverless application. customer ownership of Amazon RDS is available on six database engines, AMZN Aurora MySQL MariaDB Oracle Database Microsoft SQL Serve

9.4. DataWarehouse

9.4.1. AMZN Redshift offers the ability to collect data from many sources and helps you to understand relationships and trends across your data

9.5. nonrelational database

9.5.1. serverless DBs you do not have to provision, patch, or manage servers. do not have to install, maintain, or operate software. data warehousing service that you can use for big data analytics

9.5.2. DynamoDB noSQL is a key-value database service tables with data Purpose build simple flexible schemas, you can add and remove attributes from items in the table, at any time. Not every item in the table has to have the same attributes. it has specific use cases, and it isn't the best fit for every workload out there. milisecond response time fully managed Highly scalable petabyte size potential It has massive throughput It has granular API access stores this data redundantly across availability zones and mirrors the data across multiple drives

9.6. AMZN DMS - DB Migration Services

9.6.1. migrate data from source to target homogenous MySQL -> Amazon RDS MySQL/ Microsoft SQL Server -> Amazon RDS QL Server/ Oracle -> Amazon RDS for Oracle. schema structures, data types, and database code is compatible between source and target. source target heterogeneous two-step process

9.6.2. minimize downtime during the migration, your source database remains operational

9.6.3. other use cases development and test database migrations when you want to develop this to test against production data, but without affecting production users database consolidation when you have several databases and want to consolidate them into one central database. continuous database replication when you use DMS to perform continuous data replication sending ongoing copies of your data to other target sources instead of doing a one-time migration

9.7. content management

9.7.1. migrate a copy of your production database to your dev or test environments, either once-off or continuously

9.7.2. AMZN DocuementDB catalogs / user profiles document database service that supports MongoDB workloads

9.7.3. AMZN Neptune graph database service. social network / recommendation engines / fraud detention to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs

9.7.4. AMZN Managed Blockchain blockchain solution Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority to create and manage blockchain networks with open-source frameworks

9.7.5. AMZN Quantum Ledger Database - AMZN QLDB ledger database service An immutable system of record where any entry can never be removed from the audits can use it to review a complete history of all the changes that have been made to your application data.

9.7.6. Amazon ElastiCache a service that adds caching layers on top of your databases to help improve the read times of common requests. Memcached and Redis flavors can provide those caching layers without your team needing to worry about the heavy lifting of launching, uplift, and maintenance

9.7.7. DAX AMZN Dynamo DB accelerator a native caching layer designed to dramatically improve read times for your nonrelational data is an in-memory cache for DynamoDB.

10. Security

10.1. shared responsibility model

10.1.1. IN the cloud customers DATA APPS OS Customers are responsible for the security of everything that they create and put in the AWS Cloud. AWS Identity and Access Management policies users Groups Roles root account user.


10.2. AWS Organizations

10.2.1. central location to manage multiple AWS accounts

10.2.2. consolidated billing for all member accounts

10.2.3. implement hierarchical groupings of your accounts to meet security, compliance, or budgetary needs you can group accounts into organizational units, or OUs, kind of like business units, or BUs When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy. you can more easily isolate workloads or applications that have specific security requirements.

10.2.4. you have control over the AWS services and API actions that each account can access as an administrator of the primary account of an organization

10.2.5. service control policies (SCPs) can be applied to organization root individual member accoutn OU

10.3. Customer Compliance Center

10.3.1. contains resources to help you learn more about AWS compliance.

10.4. AWS Shield

10.4.1. DDoS A denial-of-service (DoS) attack is a deliberate attempt to make a website or application unavailable to users. distributed denial-of-service (DDoS) attack multiple sources are used to start an attack that aims to make a website or application unavailable

10.4.2. is a service that protects applications against DDoS attacks levels of protection AWS Shield Standard AWS Shield Advanced Can integrate with AWS WAF Web app Firewall

10.5. AMZN Inspector

10.5.1. helps to improve security, and compliance of your AWS deployed applications

10.5.2. running an automated security assessment against your infrastructure it provides you with a list of security findings

10.5.3. he service consists of three parts network configuration Amazon agent which can be installed an EC2 instances security assessment that brings them all together

10.6. AWS WAF

10.6.1. web application firewall that lets you monitor network requests that come into your web applications.

10.6.2. works together AMZN CloudFront App Load Balancer

10.6.3. works simmilar to ACL

10.7. encryption

10.7.1. encryption at rest data is secure while in storage AWS Key Management Service (AWS KMS) encryption operations through the use of cryptographic keys A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data ou can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications. you can choose the specific levels of access control that you need for your keys.

10.7.2. encryption in transit while it is transmitted example: SSL (secure socketts Layer)

11. Monitoring

11.1. AMZ CloudWatch

11.1.1. web service to monitor and manage various metrics configure alarm actions based on data from those metrics

11.1.2. benefits access to all your metrics from a central location helping you break down silos so that you can easily gain system-wide visibility. gain insights across your distributed stack so you can correlate and visualize metrics and logs to quickly pinpoint and resolve issues

11.1.3. CloudWatch alarms you can create alarms that automatically perform actions if the value of your metric has gone above or below a predefined threshold.

11.1.4. CloudWatch dashboard enables you to access all the metrics for your resources from a single location You can even customize separate dashboards for different business purposes, applications, or resources.

11.2. AWS CloudTrail

11.2.1. comprehensive API auditing tool records API calls for your account

11.2.2. The engine records dentity of the API caller which operator the time of the API call Where were they? What was their IP address? And what was the response? Did something change? And what is the new state? Was the request denied?

11.2.3. can save those logs indefinitely in secure S3 buckets. with tamper-proof methods like Vault Lock, you then can show absolute provenance of all of these critical security audit logs.

11.2.4. Events are typically updated in CloudTrail within 15 minutes after an API call

11.2.5. CloudTrail Insights ptional feature allows CloudTrail to automatically detect unusual API activities in your AWS account.

11.3. AWS trusted advisor

11.3.1. service that you can use in your AWS account that will evaluate your resources against five pillars cost optimization performance security fault tolerance service limits

11.3.2. in real time runs through a series of checks for each pillar in your account, based on AWS best practices

12. Pricing and support

12.1. AWS Free Tier

12.1.1. Always Free do not expire and are available to all AWS customers. AWS Lambda allows 1 million free requests and up to 3.2 million seconds of compute time per month Amazon DynamoDB allows 25 GB of free storage per month.

12.1.2. Trials Short-term free trial offers start from the date you activate a particular service Amazon Inspector offers a 90-day free trial Amazon Lightsail (a service that enables you to run virtual private servers) offers 750 free hours of usage over a 30-day period

12.2. Pricing

12.2.1. Amazon EC2 Instance Savings Plans, because the plan allows you to save up to 72% over the equivalent On-Demand Instance capacity. Pay for what you use. For each service, you pay for exactly the amount of resources that you actually use, without requiring long-term contracts or complex licensing.

12.2.2. Pay less when you reserve. suppose that your company is using Amazon EC2 instances for a workload that needs to run continuously

12.2.3. Pay less with volume-based discounts when you use more Some services offer tiered pricing, so the per-unit cost is incrementally lower with increased usage. For example, the more Amazon S3 storage space you use, the less you pay for it per GB. 12 Months Free free for 12 months following your initial sign-up date to AWS. Amazon S3 Standard Storage thresholds for monthly hours of Amazon EC2 compute time amounts of Amazon CloudFront data transfer out

12.2.4. AWS Pricing Calculator lets you explore AWS services and create an estimate for the cost of your use cases on AWS You can organize your AWS estimates by groups that you define A group can reflect how your company is organized, such as providing estimates by cost center.

12.2.5. Examples AWS Lambda you are charged based on the number of requests for your functions and the time that it takes for them to run. Compute Savings Plans Amazon EC2 you pay for only the compute time that you use while your instances are running. Amazon S3 cost components

12.2.6. Billing dashboard to pay your AWS bill monitor your usage analyze and control your costs

12.3. AWS Organizations

12.3.1. a service that enables you to manage multiple AWS accounts from a central location

12.3.2. consolidated billing enables you to receive a single bill for all AWS accounts in your organization You can still view your AWS bill in an itemized fashion enables you to share volume pricing discounts across accounts.

12.3.3. the usage for AWS resources is rolled up to the organization level but you can get the bulk discount pricing because of the aggregate across all accounts in the organization share bulk discount pricing, Savings Plans, and Reserved Instances across the accounts in your organization

12.3.4. is free and easy to use

12.3.5. On your monthly bill, you can review itemized charges incurred by each account

12.4. AWS Budgets

12.4.1. It allows you to set custom budgets for a variety of scenarios like cost and usage

12.4.2. you can also set custom alerts when your usage exceeds (or is forecasted to exceed) the budgeted amount.

12.4.3. you can create budgets to plan your service usage, service costs, and instance reservations.

12.4.4. The information in AWS Budgets updates three times a day.

12.4.5. review comparison current vs budgeted usage forecasted vs budgeted

12.5. AWS Cost Explore

12.5.1. AWS Personal Health Dashboard a tool that provides alerts and remediation guidance when AWS is experiencing events that may affect you

12.5.2. is a tool that enables you to visualize, understand, and manage your AWS costs and usage over time.

12.6. AWS Support plans

12.6.1. Basic Support is free for all AWS customers. access to whitepapers, documentation, and support communities you can also contact AWS for billing questions and service limit increases. limited selection of AWS Trusted Advisor checks The default maximum number of accounts allowed for an organization is 4, but you can contact AWS Support to increase your quota, if needed.

12.6.2. pay-by-the-month pricing Developer Best practice guidance Client-side diagnostic tools Building-block architecture Business Use-case guidance to identify AWS offerings, features, and services that can best support your specific needs All AWS Trusted Advisor checks Limited support for third-party software, such as common operating systems and application stack components Enterprise Application architecture guidance Infrastructure event management (TAM) Technical Account Manager

12.7. AWS Marketplace

12.7.1. digital catalog

12.7.2. includes thousands of software listings from independent software vendors

12.7.3. to find, test, and buy software that runs on AWS have options like one-click deployment that allows them to quickly procure and use products from thousands of software sellers right when you need them.

12.7.4. almost every vendor in the marketplace will allow you to use any annual licenses you already own and credit them for AWS deployment You can also explore software solutions by industry and use case.

12.7.5. Categories Business Apps Data & Analystics DevOps Infra software IoT Machine Learning Migration Securirty

13. Migration and Innovation

13.1. Cloud Adoption Framework

13.1.1. provide advice to your company to enable a quick and smooth migration to AWS.

13.1.2. 6 Perspectives Business capabilities Business People Governance Tech capabilities Platform Security Operations

13.2. Migration strategies

13.2.1. Based on time, cost, priority, criticality

13.2.2. 6 R's Rehosting lift-and-shift Replatforming lift, tinker, and shift not touching any core code in the process. Retire don't actually end up on AWS Retain keeping applications that are critical for the business in the source environment about to be deprecated but maybe not just yet ou should only migrate what makes sense for your business Repurchase to abandon legacy software vendors and get a fresh start as part of migration moving from a traditional license to a software-as-a-service model. Refactoring also known as re-architecting

13.3. AWS Snow Family

13.3.1. collection of physical devices that help to physically transport up to exabytes of data into and out of AWS

13.3.2. AWS Snowcon it's a device that holds up to eight terabytes of data contains edge computing Amazon EC2 instances and AWS IoT Greengrass 2 CPUs, 4 GB of memory, and 8 TB of usable storage you place an order via AWS Management Console we ship it to you analytics data, video libraries, image collections, backups, and even tape replacement data

13.3.3. AWS Snowball Snowball Edge Storage Optimized devices are well suited for large-scale data migrations and recurring transfer workflows, in addition to local computing with higher capacity needs. Snowball Edge Compute Optimized provides powerful computing resources for use cases such as machine learning, full motion video analysis, analytics, and local computing stacks. hey fit into existing server racks and can be clustered for greater computing needs you can even run AWS Lambda functions, Amazon EC2-compatible AMI's, or even AWS IoT Greengrass to perform simple processing of data he use cases include capturing of streams from IoT devices, image compression, video transcoding, and even industrial signaling.

13.3.4. AWS Snowmobile It houses 100 petabytes and is ideal for the largest migrations and even data center shutdowns It is tamper resistant, waterproof, temperature controlled, it even has fire suppression and GPS tracking 4/7 video surveillance with a dedicated security team and escort security vehicle during transit

13.3.5. hardware and software is cryptographically signed, and all data stored is automatically encrypted using 256-bit encryption keys, owned and managed by you, the customer You can even use AWS Key Management Service to generate and manage keys

13.4. VMWare Cloud on AWS

13.5. Innovation

13.5.1. Machine learning and AI services machine learning platform AMZ SageMaker AMZN Augmented AI AMZN Textract AWS DeepRacer You can use ML to analyze data, solve complex problems, and predict outcomes before they happen. Internet of Things Enabling connected devices to communicate all around the world. Artificial intelligence Amazon Transcribe Amazon Comprehend AMZN Lex Amazon Fraud Detector

13.5.2. AWS Ground Station pay for the satellite time you actually need

13.5.3. Serverless applications refers to applications that don’t require you to provision, maintain, or administer servers AWS Lambda

14. AWS Well-Architected Framework

14.1. helps you understand how to design and operate reliable, secure, efficient, and cost-effective systems in the AWS Cloud

14.2. provides a way for you to consistently measure your architecture against best practices and design principles and identify areas for improvement.

14.3. 5 pillars

14.3.1. Operational Excellence running and monitoring systems to deliver business value, and with that, continually improving processes and procedures examples automating changes with deployment pipelines responding to events that are triggered the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

14.3.2. Reliability recovery planning ncludes testing recovery procedures, scaling horizontally to increase aggregate system availability, and automatically recovering from failure. ex recovery from an Amazon DynamoDB disruption EC2 node failure ability of a system to do the following: Recover from infrastructure or service disruptions Dynamically acquire computing resources to meet demand Mitigate disruptions such as misconfigurations or transient network issues

14.3.3. Cost Optimization looks at optimizing full cost checking if you have overestimated your EC2 server size ability to run systems to deliver business value at the lowest price point.

14.3.4. Security example checking integrity of data protecting systems by using encryption the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

14.3.5. Performance Efficiency entails using IT and computing resources efficiently example using the right Amazon EC2 type

14.4. Well-Architected Tool

14.4.1. To generate a report, showing areas that should be addressed.

15. Cloud computing

15.1. On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

15.2. 6 Advanages

15.2.1. Trade upfront expense for variable expense Upfront expenses include data centers, physical servers, and other resources that you would need to invest in before using computing resources. Benefit from massive economies of scale you can pay only when you consume computing resources

15.2.2. Stop guessing capacity you don’t have to predict how much infrastructure capacity you will need before deploying an application you can launch Amazon Elastic Compute Cloud (Amazon EC2) instances when needed and pay only for the compute time you use you can access only the capacity that you need, and scale in or out in response to demand.

15.2.3. Increase speed and agility The flexibility of cloud computing makes it easier for you to develop and deploy applications.

15.2.4. Stop spending money running and maintaining data centers the ability to focus less on these tasks and more on your applications and customers.

15.2.5. Go global in minutes AWS Cloud global footprint enables you to quickly deploy applications to customers around the world, while providing them with low latency.