AWS Practitioner

1. AMZN GuardDuty

1.1. threat detection offering

1.1.1. It analyzes continuous streams of metadata generated from your account, and network activity found on

1.1.1.1. AWS Cloudtrail events

1.1.1.2. AMZN VPC flow logs

1.1.1.3. DNS logs

1.2. It uses integrated threat intelligence to identify threats more accurately

1.2.1. known malicious IP addresses

1.2.2. anomaly detection

1.2.3. machine learning

1.3. runs independently from your other AWS services

1.3.1. won't affect performance or availability of your existing infrastructure, and workloads

1.4. you can review detailed findings about them from the AWS Management Console

1.4.1. findings include recomendated steps for remediation

1.4.2. You can also configure AWS Lambda functions to take remediation steps automatically in response to GuardDuty’s security findings.

2. AWS Artifact

2.1. a service that provides on-demand access to AWS security and compliance reports and select online agreements

2.1.1. AWS Artifact Agreements

2.1.1.1. you can review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations

2.1.2. AWS Artifact Reports

2.1.2.1. provide compliance reports from third-party auditors.

2.1.2.2. These auditors have tested and verified that AWS is compliant with a variety of global, regional, and industry-specific security standards and regulations

3. Global infra an reliability

3.1. AMZN Regions

3.1.1. geographically isolated areas, where you can access services needed to run your enterprise

3.1.1.1. proximity to your customers

3.1.1.2. compliance with data governance

3.1.1.3. pricing

3.1.1.4. available services / features

3.1.1.5. Connected by high speed fiber network

3.1.1.6. each region is isolated from other regions

3.1.1.6.1. region data sovereignty

3.1.2. each region is made up of multiple AZs

3.1.2.1. AZ (availability zone)

3.1.2.1.1. is a single data center or a group of data centers within a Region

3.1.2.1.2. low latency between them

3.1.2.1.3. separated enough to prevent disaster in all zone

3.1.2.1.4. always recomended to run at least in 2 AZ in a region

3.1.2.1.5. help you solve high availability and disaster recovery scenarios, without any additional effort on your part

3.1.2.1.6. is a fully isolated portion of the AWS global infrastructure.

3.2. AMZN Edge Location

3.2.1. Content Delivery Netwoks (CDN)

3.2.1.1. Caching copies of data closer to the customers all around the world

3.2.1.2. CDN Amazon CloudFront

3.2.1.2.1. to store cached copies of your content closer to your customers for faster delivery

3.2.1.2.2. used for data / video / apps and APIs

3.2.1.2.3. is a content delivery service

3.2.1.3. is a network that helps to deliver edge content to users based on their geographic location

3.2.2. are separate from Regions, so you can push content from inside a Region to a collection of Edge locations around the world, in order to accelerate communication and content delivery

3.2.3. run Amazon CloudFront to help get content closer to your customers, no matter where they are in the world.

3.2.4. site that Amazon CloudFront uses to store cached copies of your content closer to your customers for faster delivery

3.3. AMZN Route 53

3.3.1. DNS

3.3.1.1. to direct cust to the correct web locations

3.4. AMZ Outposts

3.4.1. AWS will basically install a fully operational mini Region, right inside your own data center.

3.4.2. owned and operated by AWS

3.4.3. using 100% of AWS functionality,

3.4.4. isolated within your own building

3.5. Provisioning

3.5.1. API

3.5.1.1. an application programming interface.

3.5.1.2. pre determined ways for you to interact with AWS services

3.5.1.2.1. to provision, configure, and manage your AWS resources

3.5.1.3. "Do it yourself"

3.5.1.3.1. AWS Management Console

3.5.1.3.2. AWS CLI - Command Line Interface

3.5.1.4. AWS SDKs - Software Development Kits

3.5.1.4.1. to interact with AWS resources through various programming languages

3.5.1.4.2. easy for developers to create programs that use AWS without using the low level API

3.5.1.4.3. enable you to use AWS services with your existing applications or create entirely new applications that will run on AWS.

3.5.1.4.4. Supported programming languages include C++, Java, .NET, and more.

3.5.1.5. manage tools to provision

3.5.1.5.1. AWS Elastic Beanstalk

3.5.1.5.2. AWS CloudFormation

4. Networking

4.1. conectivity to AWS

4.1.1. AMZN VPC - Virtual Private Cloud

4.1.1.1. your own private network in AWS

4.1.1.1.1. to provision an isolated section of the AWS Cloud

4.1.1.2. allows you to define your private IP range for your AWS resources

4.1.1.3. Subnets

4.1.1.3.1. chunks of IP addresses in your VPC that allow you to group resources together.

4.1.1.3.2. is a section of a VPC that can contain resources such as Amazon EC2 instances.

4.1.1.3.3. Public subnet

4.1.1.3.4. Private subnet

4.1.2. olny alow trafic comming form appoved internal network

4.1.3. internet gateway (IGW)

4.1.3.1. To allow public traffic from the internet to access your VPC, you attach an internet gateway to the VPC.

4.1.3.2. is a connection between a VPC and the internet

4.1.3.3. Without an internet gateway, no one can access the resources within your VPC

4.1.3.4. to access public net with your public VPC

4.1.4. Virtual Private gateway

4.1.4.1. To access private resources in a VPC

4.1.4.2. allows you to create a VPN connection between a private network, like your on-premises data center or internal corporate network to your VPC

4.1.4.2.1. to establish an encrypted VPN connection to your private internal AWS resources, you would need to attach a virtual private gateway to your VPC

4.1.5. AMZN direct connect

4.1.5.1. allows you to establish a completely private, dedicated fiber connection from your data center to AWS

4.1.5.2. provides a physical line that connects your network to your AWS VPC

4.1.6. security layer

4.1.6.1. network hardening

4.1.6.1.1. Network ACLs

4.1.6.1.2. security groups

4.1.6.2. application security

4.1.6.3. user identity

4.1.6.4. atentication and authorization

4.1.6.5. DDoS prevention (distributed denial-of-service)

4.1.6.6. data integrity

4.1.6.7. encryption

4.1.7. Global Networking

4.1.7.1. Domain Name System (DNS)

4.1.7.1.1. DNS resolution involves a customer DNS resolver communicating with a company DNS server.

4.1.7.1.2. DNS resolution is the process of translating a domain name to an IP address.

4.1.7.2. AMZN Route 53

4.1.7.2.1. is a DNS web service.

4.1.7.2.2. gives developers and businesses a reliable way to route end users to internet applications hosted in AWS.

4.1.7.2.3. It can route users to infrastructure outside of AWS.

4.1.7.2.4. Route 53 can direct traffic to different endpoints using several different routing policies

4.1.7.2.5. ability to manage the DNS records for domain names

5. Security

5.1. shared responsibility model

5.1.1. IN the cloud

5.1.1.1. customers

5.1.1.1.1. DATA

5.1.1.1.2. APPS

5.1.1.1.3. OS

5.1.1.1.4. Customers are responsible for the security of everything that they create and put in the AWS Cloud.

5.1.1.2. AWS Identity and Access Management

5.1.1.2.1. policies

5.1.1.2.2. users

5.1.1.2.3. Groups

5.1.1.2.4. Roles

5.1.1.3. root account user.

5.1.2. OF the cloud

5.1.2.1. AWS

5.1.2.1.1. PHYSICAL

5.1.2.1.2. NETWORK

5.1.2.1.3. HYPERVISOR

5.2. AWS Organizations

5.2.1. central location to manage multiple AWS accounts

5.2.2. consolidated billing for all member accounts

5.2.3. implement hierarchical groupings of your accounts to meet security, compliance, or budgetary needs

5.2.3.1. you can group accounts into organizational units, or OUs, kind of like business units, or BUs

5.2.3.1.1. When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy.

5.2.3.1.2. you can more easily isolate workloads or applications that have specific security requirements.

5.2.4. you have control over the AWS services and API actions that each account can access as an administrator of the primary account of an organization

5.2.5. service control policies (SCPs)

5.2.5.1. can be applied to

5.2.5.1.1. organization root

5.2.5.1.2. individual member accoutn

5.2.5.1.3. OU

5.3. Customer Compliance Center

5.3.1. contains resources to help you learn more about AWS compliance.

5.4. AWS Shield

5.4.1. DDoS

5.4.1.1. A denial-of-service (DoS) attack is a deliberate attempt to make a website or application unavailable to users.

5.4.1.2. distributed denial-of-service (DDoS) attack

5.4.1.2.1. multiple sources are used to start an attack that aims to make a website or application unavailable

5.4.2. is a service that protects applications against DDoS attacks

5.4.2.1. levels of protection

5.4.2.1.1. AWS Shield Standard

5.4.2.1.2. AWS Shield Advanced

5.4.2.2. Can integrate with AWS WAF

5.4.2.2.1. Web app Firewall

5.5. AMZN Inspector

5.5.1. helps to improve security, and compliance of your AWS deployed applications

5.5.2. running an automated security assessment against your infrastructure

5.5.2.1. it provides you with a list of security findings

5.5.3. he service consists of three parts

5.5.3.1. network configuration

5.5.3.2. Amazon agent

5.5.3.2.1. which can be installed an EC2 instances

5.5.3.3. security assessment

5.5.3.3.1. that brings them all together

5.6. AWS WAF

5.6.1. web application firewall that lets you monitor network requests that come into your web applications.

5.6.2. works together

5.6.2.1. AMZN CloudFront

5.6.2.2. App Load Balancer

5.6.3. works simmilar to ACL

5.7. encryption

5.7.1. encryption at rest

5.7.1.1. data is secure while in storage

5.7.1.2. AWS Key Management Service (AWS KMS)

5.7.1.2.1. encryption operations through the use of cryptographic keys

5.7.1.2.2. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data

5.7.1.2.3. ou can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.

5.7.1.2.4. you can choose the specific levels of access control that you need for your keys.

5.7.2. encryption in transit

5.7.2.1. while it is transmitted

5.7.2.2. example: SSL (secure socketts Layer)

6. Migration and Innovation

6.1. Cloud Adoption Framework

6.1.1. provide advice to your company to enable a quick and smooth migration to AWS.

6.1.2. 6 Perspectives

6.1.2.1. Business capabilities

6.1.2.1.1. Business

6.1.2.1.2. People

6.1.2.1.3. Governance

6.1.2.2. Tech capabilities

6.1.2.2.1. Platform

6.1.2.2.2. Security

6.1.2.2.3. Operations

6.2. Migration strategies

6.2.1. Based on time, cost, priority, criticality

6.2.2. 6 R's

6.2.2.1. Rehosting

6.2.2.1.1. lift-and-shift

6.2.2.2. Replatforming

6.2.2.2.1. lift, tinker, and shift

6.2.2.2.2. not touching any core code in the process.

6.2.2.3. Retire

6.2.2.3.1. don't actually end up on AWS

6.2.2.4. Retain

6.2.2.4.1. keeping applications that are critical for the business in the source environment

6.2.2.4.2. about to be deprecated but maybe not just yet

6.2.2.4.3. ou should only migrate what makes sense for your business

6.2.2.5. Repurchase

6.2.2.5.1. to abandon legacy software vendors and get a fresh start as part of migration

6.2.2.5.2. moving from a traditional license to a software-as-a-service model.

6.2.2.6. Refactoring

6.2.2.6.1. also known as re-architecting

6.3. AWS Snow Family

6.3.1. collection of physical devices that help to physically transport up to exabytes of data into and out of AWS

6.3.2. AWS Snowcon

6.3.2.1. it's a device that holds up to eight terabytes of data

6.3.2.2. contains edge computing

6.3.2.2.1. Amazon EC2 instances and AWS IoT Greengrass

6.3.2.3. 2 CPUs, 4 GB of memory, and 8 TB of usable storage

6.3.2.4. you place an order via AWS Management Console

6.3.2.4.1. we ship it to you

6.3.2.5. analytics data, video libraries, image collections, backups, and even tape replacement data

6.3.3. AWS Snowball

6.3.3.1. Snowball Edge Storage Optimized

6.3.3.1.1. devices are well suited for large-scale data migrations and recurring transfer workflows, in addition to local computing with higher capacity needs.

6.3.3.2. Snowball Edge Compute Optimized

6.3.3.2.1. provides powerful computing resources for use cases such as machine learning, full motion video analysis, analytics, and local computing stacks.

6.3.3.3. hey fit into existing server racks and can be clustered for greater computing needs

6.3.3.3.1. you can even run AWS Lambda functions, Amazon EC2-compatible AMI's, or even AWS IoT Greengrass to perform simple processing of data

6.3.3.4. he use cases include capturing of streams from IoT devices, image compression, video transcoding, and even industrial signaling.

6.3.4. AWS Snowmobile

6.3.4.1. It houses 100 petabytes and is ideal for the largest migrations and even data center shutdowns

6.3.4.2. It is tamper resistant, waterproof, temperature controlled, it even has fire suppression and GPS tracking

6.3.4.2.1. 4/7 video surveillance with a dedicated security team and escort security vehicle during transit

6.3.5. hardware and software is cryptographically signed, and all data stored is automatically encrypted using 256-bit encryption keys, owned and managed by you, the customer

6.3.5.1. You can even use AWS Key Management Service to generate and manage keys

6.4. VMWare Cloud on AWS

6.5. Innovation

6.5.1. Machine learning and AI services

6.5.1.1. machine learning platform

6.5.1.1.1. AMZ SageMaker

6.5.1.1.2. AMZN Augmented AI

6.5.1.1.3. AMZN Textract

6.5.1.1.4. AWS DeepRacer

6.5.1.1.5. You can use ML to analyze data, solve complex problems, and predict outcomes before they happen.

6.5.1.2. Internet of Things

6.5.1.2.1. Enabling connected devices to communicate all around the world.

6.5.1.3. Artificial intelligence

6.5.1.3.1. Amazon Transcribe

6.5.1.3.2. Amazon Comprehend

6.5.1.3.3. AMZN Lex

6.5.1.3.4. Amazon Fraud Detector

6.5.2. AWS Ground Station

6.5.2.1. pay for the satellite time you actually need

6.5.3. Serverless applications

6.5.3.1. refers to applications that don’t require you to provision, maintain, or administer servers

6.5.3.2. AWS Lambda

7. Cloud computing

7.1. On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

7.2. 6 Advanages

7.2.1. Trade upfront expense for variable expense

7.2.1.1. Upfront expenses

7.2.1.1.1. include data centers, physical servers, and other resources that you would need to invest in before using computing resources.

7.2.1.1.2. Benefit from massive economies of scale

7.2.1.2. you can pay only when you consume computing resources

7.2.2. Stop guessing capacity

7.2.2.1. you don’t have to predict how much infrastructure capacity you will need before deploying an application

7.2.2.1.1. you can launch Amazon Elastic Compute Cloud (Amazon EC2) instances when needed and pay only for the compute time you use

7.2.2.1.2. you can access only the capacity that you need, and scale in or out in response to demand.

7.2.3. Increase speed and agility

7.2.3.1. The flexibility of cloud computing makes it easier for you to develop and deploy applications.

7.2.4. Stop spending money running and maintaining data centers

7.2.4.1. the ability to focus less on these tasks and more on your applications and customers.

7.2.5. Go global in minutes

7.2.5.1. AWS Cloud global footprint enables you to quickly deploy applications to customers around the world, while providing them with low latency.

8. Recall that when you modify a file in block storage, only the pieces that are changed are updated. When a file in object storage is modified, the entire object is updated.

9. block-level storage

9.1. Instance store volumes

9.1.1. Block-level storage volumes behave like physical hard drives.

9.1.1.1. block-level storage for an Amazon EC2 instance.

9.1.2. comes by default with EC2 instance

9.1.3. non-persistant: data is lost when you shutdown EC2 instance

9.1.3.1. S3 Standard has a higher cost than other storage classes intended for infrequently accessed data and archival storage.

9.2. AMZN EBS - Elastic Block Store

9.2.1. EBS volumes

9.2.1.1. persistent data

9.2.1.2. Different sizes and type

9.2.1.3. you attach to your EC2 instance

9.2.2. EBS snapshot

9.2.2.1. incremental backups of your data

9.2.3. service that provides block-level storage volumes that you can use with Amazon EC2 instances

9.2.4. size up to 16Tb

9.2.4.1. solid state by default

9.2.4.2. stores data in a single Availability Zone.

10. Beginning with only the resources you need and designing your architecture to automatically respond to changing demand by scaling out or in.

10.1. enables you to automatically add or remove Amazon EC2 instances in response to changing application demand

10.1.1. scale out

10.1.1.1. more intances

10.1.2. scale up

10.1.2.1. more resources in one instance

11. compute in the cloud

11.1. EC2 - Elastic Compute Cloud

11.1.1. multitennancy: This idea of sharing underlying hardware

11.1.1.1. The hypervisor is responsible for coordinating this multitenancy and it is managed by AWS

11.1.1.1.1. And a hypervisor running on the host machine is responsible for sharing the underlying physical resources between the virtual machines.

11.1.2. EC2 runs on top of physical host machines managed by AWS using virtualization technology.

11.1.3. Types

11.1.3.1. varying combinations of

11.1.3.1.1. CPU

11.1.3.1.2. Memory

11.1.3.1.3. Storage

11.1.3.1.4. networking capacity

11.1.3.2. Each instance type is grouped under an instance family

11.1.3.2.1. general purpose

11.1.3.2.2. compute optimized

11.1.3.2.3. memory optimized

11.1.3.2.4. Accelerated computing

11.1.3.2.5. storage optimized

11.2. Pricing

11.2.1. On- Demand

11.2.1.1. you only pay if the instance is running

11.2.1.1.1. per hour

11.2.1.1.2. per second

11.2.1.1.3. depends on the type of instance and OS

11.2.1.2. good to get a baseline for your average usage (to get started)

11.2.1.3. short-term, irregular workloads that cannot be interrupted

11.2.1.3.1. developing and testing applications

11.2.1.3.2. running applications that have unpredictable usage patterns

11.2.1.4. no contract

11.2.2. Savings Plan

11.2.2.1. low prices in exchane for a commitment to a consistent usage (measured: dollars / hour ) for 1or 3 years

11.2.2.2. also apply to Lambda and Fargate (serveless compute)

11.2.2.3. savings of up to 66% over On-Demand costs.

11.2.2.4. Any usage beyond the commitment is charged at regular On-Demand rates.

11.2.3. Reserved Instances

11.2.3.1. for steady-state workloads or ones with predictable usage

11.2.3.2. offer you up to a 75% discount versus On-Demand pricing

11.2.3.2.1. you qualify for a discount once you commit to a one or three-year term and can pay for them with three payment options

11.2.3.3. are a billing discount applied to the use of On-Demand Instances in your account.

11.2.3.3.1. Standard Reserved Instances

11.2.3.3.2. Convertible Reserved Instances

11.2.3.3.3. Scheduled Reserved Instances

11.2.4. Spot Instances

11.2.4.1. to request spare Amazon EC2 computing capacity for up to 90% off of the On-Demand price

11.2.4.2. AWS can reclaim the instance at any time they need it, giving you a two-minute warning to finish up work and save state.

11.2.4.3. A good example of those are batch workloads.

11.2.4.3.1. ideal for workloads with flexible start and end times, or that can withstand interruptions

11.2.4.4. do not require contracts or commintment to ammount of use

11.2.4.5. no contract

11.2.5. Dedicated Hosts

11.2.5.1. physical hosts dedicated for your use for EC2

11.2.5.1.1. On-Demand dedicatd hosts

11.2.5.1.2. Dedicated Hosts Reservations

11.2.5.2. for meeting certain compliance requirements

11.2.5.3. nobody else will share tenancy of that host.

11.2.5.4. You can use your existing per-socket, per-core, or per-VM software licenses to help maintain license compliance

11.2.5.5. most expensive of all services

11.3. Scalability

11.3.1. Amazon EC2 Auto Scaling

11.3.1.1. Dynamic scaling responds to changing demand.

11.3.1.1.1. scale horizontally

11.3.1.2. Predictive scaling automatically schedules the right number of Amazon EC2 instances based on predicted demand.

11.3.1.3. To scale faster, you can use dynamic scaling and predictive scaling together.

11.3.2. minimun / desired / sacale as needed / maximum aws ec2 inst

11.3.2.1. If you do not specify the desired number of Amazon EC2 instances in an Auto Scaling group, the desired capacity defaults to your minimum capacity.

11.4. Elasticity

11.4.1. Elastic Load Balancing

11.4.1.1. service that automatically distributes incoming application traffic across multiple resources

11.4.1.2. single point of contact for all incoming web traffic to your Auto Scaling group

11.4.1.3. ELB + Auto Scalling

11.4.1.3.1. high performance

11.4.1.3.2. availability

11.5. messaging and queuing

11.5.1. monolithic application:an application with tightly coupled components. These components might include databases, servers, the user interface, business logic, and so on

11.5.1.1. if a single component fails, other components fail, and possibly the entire application fails.

11.5.2. microservices: application components are loosely coupled.

11.5.3. AMZN Simple Notification Servicde (SNS)

11.5.3.1. is a publish/subscribe service

11.5.3.2. publisher publishes messages to subscribers.

11.5.3.3. subscribers can be web servers, email addresses, AWS Lambda functions, or several other options.

11.5.4. AMZN Simple Queue Service (SQS)

11.5.4.1. you can send, store, and receive messages between software components, without losing messages or requiring other services to be available

11.5.4.2. an application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.

11.6. Aditional compute services

11.6.1. serverless computing

11.6.1.1. do not need to provision or manage these servers.

11.6.1.2. Lambda

11.6.1.2.1. Doker containers

11.6.1.2.2. Docker is a software platform that enables you to build, test, and deploy applications quickly

11.6.1.2.3. is a service that lets you run code without needing to provision or manage servers.

11.6.1.2.4. create a lambda function to run (under 15 min) when an event is triggered

11.6.1.2.5. flexibility to scale serverless applications automatically

11.6.1.2.6. you pay only for the compute time that you consume

11.6.1.2.7. set your code to trigger from an event source

11.6.1.2.8. For example, a simple Lambda function might involve automatically resizing uploaded images to the AWS Cloud. In this case, the function triggers when uploading a new image.

11.6.1.3. Fargate

11.6.1.3.1. serverless compute engine for containers

11.6.1.3.2. you do not need to provision or manage servers

11.6.1.3.3. you pay only for the resources that are required to run your containers.

11.6.2. Containers

11.6.2.1. a container is a package for your code where you package up your application, its dependencies as well as any configurations that it needs to run

11.6.2.1.1. provide you with a standard way to package your application's code and dependencies into a single object. You can also use containers for processes and workflows in which there are essential requirements for security, reliability, and scalability.

11.7. CLOUD computing

11.7.1. the on-demand delivery of IT resources over the internet with pay-as-you-go pricing

12. Storage and Databases

12.1. Object-Level Storage

12.1.1. each object consists of

12.1.1.1. Data

12.1.1.1.1. The data might be an image, video, text document, or any other type of file

12.1.1.2. Metadata

12.1.1.2.1. contains information about what the data is, how it is used, the object size, and so on

12.1.1.3. Key

12.1.1.3.1. unique identifier

12.1.2. AMZN S3 - Simple Storage Service

12.1.2.1. allows you to store and retrieve an unlimited amount of data at any scale

12.1.2.2. buckets

12.1.2.2.1. where you store data, instead of FS

12.1.2.2.2. you can

12.1.2.3. Tiers / Storage Classes

12.1.2.3.1. S3 Standard

12.1.2.3.2. S3 Infrequent Access / S3-IA

12.1.2.3.3. S3 Infrequent Access One Zone / S3 One Zone IA

12.1.2.3.4. Low-cost storage designed for data archiving

12.1.2.3.5. S3 Intelligent-Tiering

12.1.2.3.6. Amazon S3 Glacier

12.1.2.4. cases in which a large number of services and resources need to access the same data at the same time

12.1.2.5. S3 Glacier Deep Archive

12.1.2.5.1. Lowest-cost object storage class ideal for archiving

12.1.2.5.2. Able to retrieve objects within 12 hours

12.1.2.6. unlimited storage

12.1.2.7. individual objects up to 5TB

12.1.2.8. write once / read many

12.1.2.8.1. is a scalable file system used with AWS Cloud services and on-premises resources.

12.1.2.9. serverless

12.2. file storage

12.2.1. AMZN Elastic file system / AMZN EFS

12.2.1.1. grows and shrinks automatically. It can scale on demand to petabytes without disrupting applications.

12.2.1.2. multiple instances accessing the data in EFS at the same time.

12.2.1.3. Linux file system

12.2.1.4. when?

12.2.1.5. is a regional service. It stores data in and across multiple Availability Zones.

12.2.1.5.1. The duplicate storage enables you to access data concurrently from all the Availability Zones in the Region

12.3. relational database

12.3.1. data is stored in a way that relates it to other pieces of data.

12.3.2. use structured query language (SQL) to store and query data

12.3.3. AMZN Relational Database Service / AMZN RDS

12.3.3.1. AMZN supports

12.3.3.1.1. MySQL

12.3.3.1.2. PostgreSQL

12.3.3.1.3. Oracle

12.3.3.1.4. MS SQL Server

12.3.3.1.5. lift -and-shift migration to a EC2

12.3.3.2. managed service that automates tasks such as hardware provisioning, database setup, patching, and backups.

12.3.3.2.1. services

12.3.3.3. You can integrate Amazon RDS with other services to fulfill your business and operational needs, such as using AWS Lambda to query your database from a serverless application.

12.3.3.3.1. customer ownership of

12.3.3.4. Amazon RDS is available on six database engines,

12.3.3.4.1. AMZN Aurora

12.3.3.4.2. MySQL

12.3.3.4.3. MariaDB

12.3.3.4.4. Oracle Database

12.3.3.4.5. Microsoft SQL Serve

12.4. DataWarehouse

12.4.1. AMZN Redshift

12.4.1.1. offers the ability to collect data from many sources and helps you to understand relationships and trends across your data

12.5. nonrelational database

12.5.1. serverless DBs

12.5.1.1. you do not have to provision, patch, or manage servers.

12.5.1.2. do not have to install, maintain, or operate software.

12.5.1.3. data warehousing service that you can use for big data analytics

12.5.2. DynamoDB

12.5.2.1. noSQL

12.5.2.1.1. is a key-value database service

12.5.2.1.2. tables with data

12.5.2.2. Purpose build

12.5.2.2.1. simple flexible schemas,

12.5.2.2.2. you can add and remove attributes from items in the table, at any time.

12.5.2.2.3. Not every item in the table has to have the same attributes.

12.5.2.2.4. it has specific use cases, and it isn't the best fit for every workload out there.

12.5.2.3. milisecond response time

12.5.2.4. fully managed

12.5.2.5. Highly scalable

12.5.2.5.1. petabyte size potential

12.5.2.6. It has massive throughput

12.5.2.7. It has granular API access

12.5.2.8. stores this data redundantly across availability zones and mirrors the data across multiple drives

12.6. AMZN DMS - DB Migration Services

12.6.1. migrate data from source to target

12.6.1.1. homogenous

12.6.1.1.1. MySQL -> Amazon RDS

12.6.1.1.2. MySQL/ Microsoft SQL Server -> Amazon RDS

12.6.1.1.3. QL Server/ Oracle -> Amazon RDS for Oracle.

12.6.1.1.4. schema structures, data types, and database code is compatible between source and target.

12.6.1.1.5. source

12.6.1.1.6. target

12.6.1.2. heterogeneous

12.6.1.2.1. two-step process

12.6.2. minimize downtime

12.6.2.1. during the migration, your source database remains operational

12.6.3. other use cases

12.6.3.1. development and test database migrations

12.6.3.1.1. when you want to develop this to test against production data, but without affecting production users

12.6.3.2. database consolidation

12.6.3.2.1. when you have several databases and want to consolidate them into one central database.

12.6.3.3. continuous database replication

12.6.3.3.1. when you use DMS to perform continuous data replication

12.6.3.3.2. sending ongoing copies of your data to other target sources instead of doing a one-time migration

12.7. content management

12.7.1. migrate a copy of your production database to your dev or test environments, either once-off or continuously

12.7.2. AMZN DocuementDB

12.7.2.1. catalogs / user profiles

12.7.2.2. document database service that supports MongoDB workloads

12.7.3. AMZN Neptune

12.7.3.1. graph database service.

12.7.3.2. social network / recommendation engines / fraud detention

12.7.3.3. to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs

12.7.4. AMZN Managed Blockchain

12.7.4.1. blockchain solution

12.7.4.1.1. Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority

12.7.4.2. to create and manage blockchain networks with open-source frameworks

12.7.5. AMZN Quantum Ledger Database - AMZN QLDB

12.7.5.1. ledger database service

12.7.5.2. An immutable system of record where any entry can never be removed from the audits

12.7.5.3. can use it to review a complete history of all the changes that have been made to your application data.

12.7.6. Amazon ElastiCache

12.7.6.1. a service that adds caching layers on top of your databases to help improve the read times of common requests.

12.7.6.2. Memcached and Redis flavors

12.7.6.2.1. can provide those caching layers without your team needing to worry about the heavy lifting of launching, uplift, and maintenance

12.7.7. DAX

12.7.7.1. AMZN Dynamo DB accelerator

12.7.7.2. a native caching layer designed to dramatically improve read times for your nonrelational data

12.7.7.3. is an in-memory cache for DynamoDB.

13. Monitoring

13.1. AMZ CloudWatch

13.1.1. web service

13.1.1.1. to monitor and manage various metrics

13.1.1.2. configure alarm actions based on data from those metrics

13.1.2. benefits

13.1.2.1. access to all your metrics from a central location

13.1.2.1.1. helping you break down silos so that you can easily gain system-wide visibility.

13.1.2.2. gain insights across your distributed stack

13.1.2.2.1. so you can correlate and visualize metrics and logs to quickly pinpoint and resolve issues

13.1.3. CloudWatch alarms

13.1.3.1. you can create alarms that automatically perform actions if the value of your metric has gone above or below a predefined threshold.

13.1.4. CloudWatch dashboard

13.1.4.1. enables you to access all the metrics for your resources from a single location

13.1.4.2. You can even customize separate dashboards for different business purposes, applications, or resources.

13.2. AWS CloudTrail

13.2.1. comprehensive API auditing tool

13.2.1.1. records API calls for your account

13.2.2. The engine records

13.2.2.1. dentity of the API caller

13.2.2.2. which operator

13.2.2.3. the time of the API call

13.2.2.4. Where were they?

13.2.2.5. What was their IP address?

13.2.2.6. And what was the response?

13.2.2.7. Did something change?

13.2.2.8. And what is the new state?

13.2.2.9. Was the request denied?

13.2.3. can save those logs indefinitely in secure S3 buckets.

13.2.3.1. with tamper-proof methods like Vault Lock, you then can show absolute provenance of all of these critical security audit logs.

13.2.4. Events are typically updated in CloudTrail within 15 minutes after an API call

13.2.5. CloudTrail Insights

13.2.5.1. ptional feature allows CloudTrail to automatically detect unusual API activities in your AWS account.

13.3. AWS trusted advisor

13.3.1. service that you can use in your AWS account that will evaluate your resources against five pillars

13.3.1.1. cost optimization

13.3.1.2. performance

13.3.1.3. security

13.3.1.4. fault tolerance

13.3.1.5. service limits

13.3.2. in real time runs through a series of checks for each pillar in your account, based on AWS best practices

14. Pricing and support

14.1. AWS Free Tier

14.1.1. Always Free

14.1.1.1. do not expire and are available to all AWS customers.

14.1.1.2. AWS Lambda allows 1 million free requests and up to 3.2 million seconds of compute time per month

14.1.1.3. Amazon DynamoDB allows 25 GB of free storage per month.

14.1.2. Trials

14.1.2.1. Short-term free trial offers start from the date you activate a particular service

14.1.2.2. Amazon Inspector offers a 90-day free trial

14.1.2.3. Amazon Lightsail (a service that enables you to run virtual private servers) offers 750 free hours of usage over a 30-day period

14.2. Pricing

14.2.1. Amazon EC2 Instance Savings Plans, because the plan allows you to save up to 72% over the equivalent On-Demand Instance capacity.

14.2.1.1. Pay for what you use.

14.2.1.1.1. For each service, you pay for exactly the amount of resources that you actually use, without requiring long-term contracts or complex licensing.

14.2.2. Pay less when you reserve.

14.2.2.1. suppose that your company is using Amazon EC2 instances for a workload that needs to run continuously

14.2.3. Pay less with volume-based discounts when you use more

14.2.3.1. Some services offer tiered pricing, so the per-unit cost is incrementally lower with increased usage.

14.2.3.1.1. For example, the more Amazon S3 storage space you use, the less you pay for it per GB.

14.2.3.2. 12 Months Free

14.2.3.2.1. free for 12 months following your initial sign-up date to AWS.

14.2.3.2.2. Amazon S3 Standard Storage

14.2.3.2.3. thresholds for monthly hours of Amazon EC2 compute time

14.2.3.2.4. amounts of Amazon CloudFront data transfer out

14.2.4. AWS Pricing Calculator

14.2.4.1. lets you explore AWS services and create an estimate for the cost of your use cases on AWS

14.2.4.2. You can organize your AWS estimates by groups that you define

14.2.4.2.1. A group can reflect how your company is organized, such as providing estimates by cost center.

14.2.5. Examples

14.2.5.1. AWS Lambda

14.2.5.1.1. you are charged based on the number of requests for your functions and the time that it takes for them to run.

14.2.5.1.2. Compute Savings Plans

14.2.5.2. Amazon EC2

14.2.5.2.1. you pay for only the compute time that you use while your instances are running.

14.2.5.3. Amazon S3

14.2.5.3.1. cost components

14.2.6. Billing dashboard

14.2.6.1. to pay your AWS bill

14.2.6.2. monitor your usage

14.2.6.3. analyze and control your costs

14.3. AWS Organizations

14.3.1. a service that enables you to manage multiple AWS accounts from a central location

14.3.2. consolidated billing

14.3.2.1. enables you to receive a single bill for all AWS accounts in your organization

14.3.2.1.1. You can still view your AWS bill in an itemized fashion

14.3.2.2. enables you to share volume pricing discounts across accounts.

14.3.3. the usage for AWS resources is rolled up to the organization level

14.3.3.1. but you can get the bulk discount pricing because of the aggregate across all accounts in the organization

14.3.3.1.1. share bulk discount pricing, Savings Plans, and Reserved Instances across the accounts in your organization

14.3.4. is free and easy to use

14.3.5. On your monthly bill, you can review itemized charges incurred by each account

14.4. AWS Budgets

14.4.1. It allows you to set custom budgets for a variety of scenarios like cost and usage

14.4.2. you can also set custom alerts when your usage exceeds (or is forecasted to exceed) the budgeted amount.

14.4.3. you can create budgets to plan your service usage, service costs, and instance reservations.

14.4.4. The information in AWS Budgets updates three times a day.

14.4.5. review comparison

14.4.5.1. current vs budgeted usage

14.4.5.2. forecasted vs budgeted

14.5. AWS Cost Explore

14.5.1. AWS Personal Health Dashboard

14.5.1.1. a tool that provides alerts and remediation guidance when AWS is experiencing events that may affect you

14.5.2. is a tool that enables you to visualize, understand, and manage your AWS costs and usage over time.

14.6. AWS Support plans

14.6.1. Basic Support

14.6.1.1. is free for all AWS customers.

14.6.1.2. access to whitepapers, documentation, and support communities

14.6.1.3. you can also contact AWS for billing questions and service limit increases.

14.6.1.4. limited selection of AWS Trusted Advisor checks

14.6.1.4.1. The default maximum number of accounts allowed for an organization is 4, but you can contact AWS Support to increase your quota, if needed.

14.6.2. pay-by-the-month pricing

14.6.2.1. Developer

14.6.2.1.1. Best practice guidance

14.6.2.1.2. Client-side diagnostic tools

14.6.2.1.3. Building-block architecture

14.6.2.2. Business

14.6.2.2.1. Use-case guidance to identify AWS offerings, features, and services that can best support your specific needs

14.6.2.2.2. All AWS Trusted Advisor checks

14.6.2.2.3. Limited support for third-party software, such as common operating systems and application stack components

14.6.2.3. Enterprise

14.6.2.3.1. Application architecture guidance

14.6.2.3.2. Infrastructure event management

14.6.2.3.3. (TAM) Technical Account Manager

14.7. AWS Marketplace

14.7.1. digital catalog

14.7.2. includes thousands of software listings from independent software vendors

14.7.3. to find, test, and buy software that runs on AWS

14.7.3.1. have options like one-click deployment that allows them to quickly procure and use products from thousands of software sellers right when you need them.

14.7.4. almost every vendor in the marketplace will allow you to use any annual licenses you already own and credit them for AWS deployment

14.7.4.1. You can also explore software solutions by industry and use case.

14.7.5. Categories

14.7.5.1. Business Apps

14.7.5.2. Data & Analystics

14.7.5.3. DevOps

14.7.5.4. Infra software

14.7.5.5. IoT

14.7.5.6. Machine Learning

14.7.5.7. Migration

14.7.5.8. Securirty

15. AWS Well-Architected Framework

15.1. helps you understand how to design and operate reliable, secure, efficient, and cost-effective systems in the AWS Cloud

15.2. provides a way for you to consistently measure your architecture against best practices and design principles and identify areas for improvement.

15.3. 5 pillars

15.3.1. Operational Excellence

15.3.1.1. running and monitoring systems to deliver business value, and with that, continually improving processes and procedures

15.3.1.2. examples

15.3.1.2.1. automating changes with deployment pipelines

15.3.1.2.2. responding to events that are triggered

15.3.1.3. the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

15.3.2. Reliability

15.3.2.1. recovery planning

15.3.2.1.1. ncludes testing recovery procedures, scaling horizontally to increase aggregate system availability, and automatically recovering from failure.

15.3.2.2. ex

15.3.2.2.1. recovery from an Amazon DynamoDB disruption

15.3.2.2.2. EC2 node failure

15.3.2.3. ability of a system to do the following: Recover from infrastructure or service disruptions Dynamically acquire computing resources to meet demand Mitigate disruptions such as misconfigurations or transient network issues

15.3.3. Cost Optimization

15.3.3.1. looks at optimizing full cost

15.3.3.2. checking if you have overestimated your EC2 server size

15.3.3.3. ability to run systems to deliver business value at the lowest price point.

15.3.4. Security

15.3.4.1. example

15.3.4.1.1. checking integrity of data

15.3.4.1.2. protecting systems by using encryption

15.3.4.2. the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

15.3.5. Performance Efficiency

15.3.5.1. entails using IT and computing resources efficiently

15.3.5.2. example

15.3.5.2.1. using the right Amazon EC2 type

15.4. Well-Architected Tool

15.4.1. To generate a report, showing areas that should be addressed.