AWS Practitioner

Get Started. It's Free
or sign up with your email address
AWS Practitioner by Mind Map: AWS Practitioner

1. Recall that when you modify a file in block storage, only the pieces that are changed are updated. When a file in object storage is modified, the entire object is updated.

2. block-level storage

2.1. Instance store volumes

2.1.1. Block-level storage volumes behave like physical hard drives.

2.1.1.1. block-level storage for an Amazon EC2 instance.

2.1.2. comes by default with EC2 instance

2.1.3. non-persistant: data is lost when you shutdown EC2 instance

2.1.3.1. S3 Standard has a higher cost than other storage classes intended for infrequently accessed data and archival storage.

2.2. AMZN EBS - Elastic Block Store

2.2.1. EBS volumes

2.2.1.1. persistent data

2.2.1.2. Different sizes and type

2.2.1.3. you attach to your EC2 instance

2.2.2. EBS snapshot

2.2.2.1. incremental backups of your data

2.2.3. service that provides block-level storage volumes that you can use with Amazon EC2 instances

2.2.4. size up to 16Tb

2.2.4.1. solid state by default

2.2.4.2. stores data in a single Availability Zone.

3. AMZN GuardDuty

3.1. threat detection offering

3.1.1. It analyzes continuous streams of metadata generated from your account, and network activity found on

3.1.1.1. AWS Cloudtrail events

3.1.1.2. AMZN VPC flow logs

3.1.1.3. DNS logs

3.2. It uses integrated threat intelligence to identify threats more accurately

3.2.1. known malicious IP addresses

3.2.2. anomaly detection

3.2.3. machine learning

3.3. runs independently from your other AWS services

3.3.1. won't affect performance or availability of your existing infrastructure, and workloads

3.4. you can review detailed findings about them from the AWS Management Console

3.4.1. findings include recomendated steps for remediation

3.4.2. You can also configure AWS Lambda functions to take remediation steps automatically in response to GuardDuty’s security findings.

4. Beginning with only the resources you need and designing your architecture to automatically respond to changing demand by scaling out or in.

4.1. enables you to automatically add or remove Amazon EC2 instances in response to changing application demand

4.1.1. scale out

4.1.1.1. more intances

4.1.2. scale up

4.1.2.1. more resources in one instance

5. AWS Artifact

5.1. a service that provides on-demand access to AWS security and compliance reports and select online agreements

5.1.1. AWS Artifact Agreements

5.1.1.1. you can review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations

5.1.2. AWS Artifact Reports

5.1.2.1. provide compliance reports from third-party auditors.

5.1.2.2. These auditors have tested and verified that AWS is compliant with a variety of global, regional, and industry-specific security standards and regulations

6. compute in the cloud

6.1. EC2 - Elastic Compute Cloud

6.1.1. multitennancy: This idea of sharing underlying hardware

6.1.1.1. The hypervisor is responsible for coordinating this multitenancy and it is managed by AWS

6.1.1.1.1. And a hypervisor running on the host machine is responsible for sharing the underlying physical resources between the virtual machines.

6.1.2. EC2 runs on top of physical host machines managed by AWS using virtualization technology.

6.1.3. Types

6.1.3.1. varying combinations of

6.1.3.1.1. CPU

6.1.3.1.2. Memory

6.1.3.1.3. Storage

6.1.3.1.4. networking capacity

6.1.3.2. Each instance type is grouped under an instance family

6.1.3.2.1. general purpose

6.1.3.2.2. compute optimized

6.1.3.2.3. memory optimized

6.1.3.2.4. Accelerated computing

6.1.3.2.5. storage optimized

6.2. Pricing

6.2.1. On- Demand

6.2.1.1. you only pay if the instance is running

6.2.1.1.1. per hour

6.2.1.1.2. per second

6.2.1.1.3. depends on the type of instance and OS

6.2.1.2. good to get a baseline for your average usage (to get started)

6.2.1.3. short-term, irregular workloads that cannot be interrupted

6.2.1.3.1. developing and testing applications

6.2.1.3.2. running applications that have unpredictable usage patterns

6.2.1.4. no contract

6.2.2. Savings Plan

6.2.2.1. low prices in exchane for a commitment to a consistent usage (measured: dollars / hour ) for 1or 3 years

6.2.2.2. also apply to Lambda and Fargate (serveless compute)

6.2.2.3. savings of up to 66% over On-Demand costs.

6.2.2.4. Any usage beyond the commitment is charged at regular On-Demand rates.

6.2.3. Reserved Instances

6.2.3.1. for steady-state workloads or ones with predictable usage

6.2.3.2. offer you up to a 75% discount versus On-Demand pricing

6.2.3.2.1. you qualify for a discount once you commit to a one or three-year term and can pay for them with three payment options

6.2.3.3. are a billing discount applied to the use of On-Demand Instances in your account.

6.2.3.3.1. Standard Reserved Instances

6.2.3.3.2. Convertible Reserved Instances

6.2.3.3.3. Scheduled Reserved Instances

6.2.4. Spot Instances

6.2.4.1. to request spare Amazon EC2 computing capacity for up to 90% off of the On-Demand price

6.2.4.2. AWS can reclaim the instance at any time they need it, giving you a two-minute warning to finish up work and save state.

6.2.4.3. A good example of those are batch workloads.

6.2.4.3.1. ideal for workloads with flexible start and end times, or that can withstand interruptions

6.2.4.4. do not require contracts or commintment to ammount of use

6.2.4.5. no contract

6.2.5. Dedicated Hosts

6.2.5.1. physical hosts dedicated for your use for EC2

6.2.5.1.1. On-Demand dedicatd hosts

6.2.5.1.2. Dedicated Hosts Reservations

6.2.5.2. for meeting certain compliance requirements

6.2.5.3. nobody else will share tenancy of that host.

6.2.5.4. You can use your existing per-socket, per-core, or per-VM software licenses to help maintain license compliance

6.2.5.5. most expensive of all services

6.3. Scalability

6.3.1. Amazon EC2 Auto Scaling

6.3.1.1. Dynamic scaling responds to changing demand.

6.3.1.1.1. scale horizontally

6.3.1.2. Predictive scaling automatically schedules the right number of Amazon EC2 instances based on predicted demand.

6.3.1.3. To scale faster, you can use dynamic scaling and predictive scaling together.

6.3.2. minimun / desired / sacale as needed / maximum aws ec2 inst

6.3.2.1. If you do not specify the desired number of Amazon EC2 instances in an Auto Scaling group, the desired capacity defaults to your minimum capacity.

6.4. Elasticity

6.4.1. Elastic Load Balancing

6.4.1.1. service that automatically distributes incoming application traffic across multiple resources

6.4.1.2. single point of contact for all incoming web traffic to your Auto Scaling group

6.4.1.3. ELB + Auto Scalling

6.4.1.3.1. high performance

6.4.1.3.2. availability

6.5. messaging and queuing

6.5.1. monolithic application:an application with tightly coupled components. These components might include databases, servers, the user interface, business logic, and so on

6.5.1.1. if a single component fails, other components fail, and possibly the entire application fails.

6.5.2. microservices: application components are loosely coupled.

6.5.3. AMZN Simple Notification Servicde (SNS)

6.5.3.1. is a publish/subscribe service

6.5.3.2. publisher publishes messages to subscribers.

6.5.3.3. subscribers can be web servers, email addresses, AWS Lambda functions, or several other options.

6.5.4. AMZN Simple Queue Service (SQS)

6.5.4.1. you can send, store, and receive messages between software components, without losing messages or requiring other services to be available

6.5.4.2. an application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.

6.6. Aditional compute services

6.6.1. serverless computing

6.6.1.1. do not need to provision or manage these servers.

6.6.1.2. Lambda

6.6.1.2.1. Doker containers

6.6.1.2.2. Docker is a software platform that enables you to build, test, and deploy applications quickly

6.6.1.2.3. is a service that lets you run code without needing to provision or manage servers.

6.6.1.2.4. create a lambda function to run (under 15 min) when an event is triggered

6.6.1.2.5. flexibility to scale serverless applications automatically

6.6.1.2.6. you pay only for the compute time that you consume

6.6.1.2.7. set your code to trigger from an event source

6.6.1.2.8. For example, a simple Lambda function might involve automatically resizing uploaded images to the AWS Cloud. In this case, the function triggers when uploading a new image.

6.6.1.3. Fargate

6.6.1.3.1. serverless compute engine for containers

6.6.1.3.2. you do not need to provision or manage servers

6.6.1.3.3. you pay only for the resources that are required to run your containers.

6.6.2. Containers

6.6.2.1. a container is a package for your code where you package up your application, its dependencies as well as any configurations that it needs to run

6.6.2.1.1. provide you with a standard way to package your application's code and dependencies into a single object. You can also use containers for processes and workflows in which there are essential requirements for security, reliability, and scalability.

6.7. CLOUD computing

6.7.1. the on-demand delivery of IT resources over the internet with pay-as-you-go pricing

7. Global infra an reliability

7.1. AMZN Regions

7.1.1. geographically isolated areas, where you can access services needed to run your enterprise

7.1.1.1. proximity to your customers

7.1.1.2. compliance with data governance

7.1.1.3. pricing

7.1.1.4. available services / features

7.1.1.5. Connected by high speed fiber network

7.1.1.6. each region is isolated from other regions

7.1.1.6.1. region data sovereignty

7.1.2. each region is made up of multiple AZs

7.1.2.1. AZ (availability zone)

7.1.2.1.1. is a single data center or a group of data centers within a Region

7.1.2.1.2. low latency between them

7.1.2.1.3. separated enough to prevent disaster in all zone

7.1.2.1.4. always recomended to run at least in 2 AZ in a region

7.1.2.1.5. help you solve high availability and disaster recovery scenarios, without any additional effort on your part

7.1.2.1.6. is a fully isolated portion of the AWS global infrastructure.

7.2. AMZN Edge Location

7.2.1. Content Delivery Netwoks (CDN)

7.2.1.1. Caching copies of data closer to the customers all around the world

7.2.1.2. CDN Amazon CloudFront

7.2.1.2.1. to store cached copies of your content closer to your customers for faster delivery

7.2.1.2.2. used for data / video / apps and APIs

7.2.1.2.3. is a content delivery service

7.2.1.3. is a network that helps to deliver edge content to users based on their geographic location

7.2.2. are separate from Regions, so you can push content from inside a Region to a collection of Edge locations around the world, in order to accelerate communication and content delivery

7.2.3. run Amazon CloudFront to help get content closer to your customers, no matter where they are in the world.

7.2.4. site that Amazon CloudFront uses to store cached copies of your content closer to your customers for faster delivery

7.3. AMZN Route 53

7.3.1. DNS

7.3.1.1. to direct cust to the correct web locations

7.4. AMZ Outposts

7.4.1. AWS will basically install a fully operational mini Region, right inside your own data center.

7.4.2. owned and operated by AWS

7.4.3. using 100% of AWS functionality,

7.4.4. isolated within your own building

7.5. Provisioning

7.5.1. API

7.5.1.1. an application programming interface.

7.5.1.2. pre determined ways for you to interact with AWS services

7.5.1.2.1. to provision, configure, and manage your AWS resources

7.5.1.3. "Do it yourself"

7.5.1.3.1. AWS Management Console

7.5.1.3.2. AWS CLI - Command Line Interface

7.5.1.4. AWS SDKs - Software Development Kits

7.5.1.4.1. to interact with AWS resources through various programming languages

7.5.1.4.2. easy for developers to create programs that use AWS without using the low level API

7.5.1.4.3. enable you to use AWS services with your existing applications or create entirely new applications that will run on AWS.

7.5.1.4.4. Supported programming languages include C++, Java, .NET, and more.

7.5.1.5. manage tools to provision

7.5.1.5.1. AWS Elastic Beanstalk

7.5.1.5.2. AWS CloudFormation

8. Networking

8.1. conectivity to AWS

8.1.1. AMZN VPC - Virtual Private Cloud

8.1.1.1. your own private network in AWS

8.1.1.1.1. to provision an isolated section of the AWS Cloud

8.1.1.2. allows you to define your private IP range for your AWS resources

8.1.1.3. Subnets

8.1.1.3.1. chunks of IP addresses in your VPC that allow you to group resources together.

8.1.1.3.2. is a section of a VPC that can contain resources such as Amazon EC2 instances.

8.1.1.3.3. Public subnet

8.1.1.3.4. Private subnet

8.1.2. olny alow trafic comming form appoved internal network

8.1.3. internet gateway (IGW)

8.1.3.1. To allow public traffic from the internet to access your VPC, you attach an internet gateway to the VPC.

8.1.3.2. is a connection between a VPC and the internet

8.1.3.3. Without an internet gateway, no one can access the resources within your VPC

8.1.3.4. to access public net with your public VPC

8.1.4. Virtual Private gateway

8.1.4.1. To access private resources in a VPC

8.1.4.2. allows you to create a VPN connection between a private network, like your on-premises data center or internal corporate network to your VPC

8.1.4.2.1. to establish an encrypted VPN connection to your private internal AWS resources, you would need to attach a virtual private gateway to your VPC

8.1.5. AMZN direct connect

8.1.5.1. allows you to establish a completely private, dedicated fiber connection from your data center to AWS

8.1.5.2. provides a physical line that connects your network to your AWS VPC

8.1.6. security layer

8.1.6.1. network hardening

8.1.6.1.1. Network ACLs

8.1.6.1.2. security groups

8.1.6.2. application security

8.1.6.3. user identity

8.1.6.4. atentication and authorization

8.1.6.5. DDoS prevention (distributed denial-of-service)

8.1.6.6. data integrity

8.1.6.7. encryption

8.1.7. Global Networking

8.1.7.1. Domain Name System (DNS)

8.1.7.1.1. DNS resolution involves a customer DNS resolver communicating with a company DNS server.

8.1.7.1.2. DNS resolution is the process of translating a domain name to an IP address.

8.1.7.2. AMZN Route 53

8.1.7.2.1. is a DNS web service.

8.1.7.2.2. gives developers and businesses a reliable way to route end users to internet applications hosted in AWS.

8.1.7.2.3. It can route users to infrastructure outside of AWS.

8.1.7.2.4. Route 53 can direct traffic to different endpoints using several different routing policies

8.1.7.2.5. ability to manage the DNS records for domain names

9. Storage and Databases

9.1. Object-Level Storage

9.1.1. each object consists of

9.1.1.1. Data

9.1.1.1.1. The data might be an image, video, text document, or any other type of file

9.1.1.2. Metadata

9.1.1.2.1. contains information about what the data is, how it is used, the object size, and so on

9.1.1.3. Key

9.1.1.3.1. unique identifier

9.1.2. AMZN S3 - Simple Storage Service

9.1.2.1. allows you to store and retrieve an unlimited amount of data at any scale

9.1.2.2. buckets

9.1.2.2.1. where you store data, instead of FS

9.1.2.2.2. you can

9.1.2.3. Tiers / Storage Classes

9.1.2.3.1. S3 Standard

9.1.2.3.2. S3 Infrequent Access / S3-IA

9.1.2.3.3. S3 Infrequent Access One Zone / S3 One Zone IA

9.1.2.3.4. Low-cost storage designed for data archiving

9.1.2.3.5. S3 Intelligent-Tiering

9.1.2.3.6. Amazon S3 Glacier

9.1.2.4. cases in which a large number of services and resources need to access the same data at the same time

9.1.2.5. S3 Glacier Deep Archive

9.1.2.5.1. Lowest-cost object storage class ideal for archiving

9.1.2.5.2. Able to retrieve objects within 12 hours

9.1.2.6. unlimited storage

9.1.2.7. individual objects up to 5TB

9.1.2.8. write once / read many

9.1.2.8.1. is a scalable file system used with AWS Cloud services and on-premises resources.

9.1.2.9. serverless

9.2. file storage

9.2.1. AMZN Elastic file system / AMZN EFS

9.2.1.1. grows and shrinks automatically. It can scale on demand to petabytes without disrupting applications.

9.2.1.2. multiple instances accessing the data in EFS at the same time.

9.2.1.3. Linux file system

9.2.1.4. when?

9.2.1.5. is a regional service. It stores data in and across multiple Availability Zones.

9.2.1.5.1. The duplicate storage enables you to access data concurrently from all the Availability Zones in the Region

9.3. relational database

9.3.1. data is stored in a way that relates it to other pieces of data.

9.3.2. use structured query language (SQL) to store and query data

9.3.3. AMZN Relational Database Service / AMZN RDS

9.3.3.1. AMZN supports

9.3.3.1.1. MySQL

9.3.3.1.2. PostgreSQL

9.3.3.1.3. Oracle

9.3.3.1.4. MS SQL Server

9.3.3.1.5. lift -and-shift migration to a EC2

9.3.3.2. managed service that automates tasks such as hardware provisioning, database setup, patching, and backups.

9.3.3.2.1. services

9.3.3.3. You can integrate Amazon RDS with other services to fulfill your business and operational needs, such as using AWS Lambda to query your database from a serverless application.

9.3.3.3.1. customer ownership of

9.3.3.4. Amazon RDS is available on six database engines,

9.3.3.4.1. AMZN Aurora

9.3.3.4.2. MySQL

9.3.3.4.3. MariaDB

9.3.3.4.4. Oracle Database

9.3.3.4.5. Microsoft SQL Serve

9.4. DataWarehouse

9.4.1. AMZN Redshift

9.4.1.1. offers the ability to collect data from many sources and helps you to understand relationships and trends across your data

9.5. nonrelational database

9.5.1. serverless DBs

9.5.1.1. you do not have to provision, patch, or manage servers.

9.5.1.2. do not have to install, maintain, or operate software.

9.5.1.3. data warehousing service that you can use for big data analytics

9.5.2. DynamoDB

9.5.2.1. noSQL

9.5.2.1.1. is a key-value database service

9.5.2.1.2. tables with data

9.5.2.2. Purpose build

9.5.2.2.1. simple flexible schemas,

9.5.2.2.2. you can add and remove attributes from items in the table, at any time.

9.5.2.2.3. Not every item in the table has to have the same attributes.

9.5.2.2.4. it has specific use cases, and it isn't the best fit for every workload out there.

9.5.2.3. milisecond response time

9.5.2.4. fully managed

9.5.2.5. Highly scalable

9.5.2.5.1. petabyte size potential

9.5.2.6. It has massive throughput

9.5.2.7. It has granular API access

9.5.2.8. stores this data redundantly across availability zones and mirrors the data across multiple drives

9.6. AMZN DMS - DB Migration Services

9.6.1. migrate data from source to target

9.6.1.1. homogenous

9.6.1.1.1. MySQL -> Amazon RDS

9.6.1.1.2. MySQL/ Microsoft SQL Server -> Amazon RDS

9.6.1.1.3. QL Server/ Oracle -> Amazon RDS for Oracle.

9.6.1.1.4. schema structures, data types, and database code is compatible between source and target.

9.6.1.1.5. source

9.6.1.1.6. target

9.6.1.2. heterogeneous

9.6.1.2.1. two-step process

9.6.2. minimize downtime

9.6.2.1. during the migration, your source database remains operational

9.6.3. other use cases

9.6.3.1. development and test database migrations

9.6.3.1.1. when you want to develop this to test against production data, but without affecting production users

9.6.3.2. database consolidation

9.6.3.2.1. when you have several databases and want to consolidate them into one central database.

9.6.3.3. continuous database replication

9.6.3.3.1. when you use DMS to perform continuous data replication

9.6.3.3.2. sending ongoing copies of your data to other target sources instead of doing a one-time migration

9.7. content management

9.7.1. migrate a copy of your production database to your dev or test environments, either once-off or continuously

9.7.2. AMZN DocuementDB

9.7.2.1. catalogs / user profiles

9.7.2.2. document database service that supports MongoDB workloads

9.7.3. AMZN Neptune

9.7.3.1. graph database service.

9.7.3.2. social network / recommendation engines / fraud detention

9.7.3.3. to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs

9.7.4. AMZN Managed Blockchain

9.7.4.1. blockchain solution

9.7.4.1.1. Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority

9.7.4.2. to create and manage blockchain networks with open-source frameworks

9.7.5. AMZN Quantum Ledger Database - AMZN QLDB

9.7.5.1. ledger database service

9.7.5.2. An immutable system of record where any entry can never be removed from the audits

9.7.5.3. can use it to review a complete history of all the changes that have been made to your application data.

9.7.6. Amazon ElastiCache

9.7.6.1. a service that adds caching layers on top of your databases to help improve the read times of common requests.

9.7.6.2. Memcached and Redis flavors

9.7.6.2.1. can provide those caching layers without your team needing to worry about the heavy lifting of launching, uplift, and maintenance

9.7.7. DAX

9.7.7.1. AMZN Dynamo DB accelerator

9.7.7.2. a native caching layer designed to dramatically improve read times for your nonrelational data

9.7.7.3. is an in-memory cache for DynamoDB.

10. Security

10.1. shared responsibility model

10.1.1. IN the cloud

10.1.1.1. customers

10.1.1.1.1. DATA

10.1.1.1.2. APPS

10.1.1.1.3. OS

10.1.1.1.4. Customers are responsible for the security of everything that they create and put in the AWS Cloud.

10.1.1.2. AWS Identity and Access Management

10.1.1.2.1. policies

10.1.1.2.2. users

10.1.1.2.3. Groups

10.1.1.2.4. Roles

10.1.1.3. root account user.

10.1.2. OF the cloud

10.1.2.1. AWS

10.1.2.1.1. PHYSICAL

10.1.2.1.2. NETWORK

10.1.2.1.3. HYPERVISOR

10.2. AWS Organizations

10.2.1. central location to manage multiple AWS accounts

10.2.2. consolidated billing for all member accounts

10.2.3. implement hierarchical groupings of your accounts to meet security, compliance, or budgetary needs

10.2.3.1. you can group accounts into organizational units, or OUs, kind of like business units, or BUs

10.2.3.1.1. When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy.

10.2.3.1.2. you can more easily isolate workloads or applications that have specific security requirements.

10.2.4. you have control over the AWS services and API actions that each account can access as an administrator of the primary account of an organization

10.2.5. service control policies (SCPs)

10.2.5.1. can be applied to

10.2.5.1.1. organization root

10.2.5.1.2. individual member accoutn

10.2.5.1.3. OU

10.3. Customer Compliance Center

10.3.1. contains resources to help you learn more about AWS compliance.

10.4. AWS Shield

10.4.1. DDoS

10.4.1.1. A denial-of-service (DoS) attack is a deliberate attempt to make a website or application unavailable to users.

10.4.1.2. distributed denial-of-service (DDoS) attack

10.4.1.2.1. multiple sources are used to start an attack that aims to make a website or application unavailable

10.4.2. is a service that protects applications against DDoS attacks

10.4.2.1. levels of protection

10.4.2.1.1. AWS Shield Standard

10.4.2.1.2. AWS Shield Advanced

10.4.2.2. Can integrate with AWS WAF

10.4.2.2.1. Web app Firewall

10.5. AMZN Inspector

10.5.1. helps to improve security, and compliance of your AWS deployed applications

10.5.2. running an automated security assessment against your infrastructure

10.5.2.1. it provides you with a list of security findings

10.5.3. he service consists of three parts

10.5.3.1. network configuration

10.5.3.2. Amazon agent

10.5.3.2.1. which can be installed an EC2 instances

10.5.3.3. security assessment

10.5.3.3.1. that brings them all together

10.6. AWS WAF

10.6.1. web application firewall that lets you monitor network requests that come into your web applications.

10.6.2. works together

10.6.2.1. AMZN CloudFront

10.6.2.2. App Load Balancer

10.6.3. works simmilar to ACL

10.7. encryption

10.7.1. encryption at rest

10.7.1.1. data is secure while in storage

10.7.1.2. AWS Key Management Service (AWS KMS)

10.7.1.2.1. encryption operations through the use of cryptographic keys

10.7.1.2.2. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data

10.7.1.2.3. ou can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.

10.7.1.2.4. you can choose the specific levels of access control that you need for your keys.

10.7.2. encryption in transit

10.7.2.1. while it is transmitted

10.7.2.2. example: SSL (secure socketts Layer)

11. Monitoring

11.1. AMZ CloudWatch

11.1.1. web service

11.1.1.1. to monitor and manage various metrics

11.1.1.2. configure alarm actions based on data from those metrics

11.1.2. benefits

11.1.2.1. access to all your metrics from a central location

11.1.2.1.1. helping you break down silos so that you can easily gain system-wide visibility.

11.1.2.2. gain insights across your distributed stack

11.1.2.2.1. so you can correlate and visualize metrics and logs to quickly pinpoint and resolve issues

11.1.3. CloudWatch alarms

11.1.3.1. you can create alarms that automatically perform actions if the value of your metric has gone above or below a predefined threshold.

11.1.4. CloudWatch dashboard

11.1.4.1. enables you to access all the metrics for your resources from a single location

11.1.4.2. You can even customize separate dashboards for different business purposes, applications, or resources.

11.2. AWS CloudTrail

11.2.1. comprehensive API auditing tool

11.2.1.1. records API calls for your account

11.2.2. The engine records

11.2.2.1. dentity of the API caller

11.2.2.2. which operator

11.2.2.3. the time of the API call

11.2.2.4. Where were they?

11.2.2.5. What was their IP address?

11.2.2.6. And what was the response?

11.2.2.7. Did something change?

11.2.2.8. And what is the new state?

11.2.2.9. Was the request denied?

11.2.3. can save those logs indefinitely in secure S3 buckets.

11.2.3.1. with tamper-proof methods like Vault Lock, you then can show absolute provenance of all of these critical security audit logs.

11.2.4. Events are typically updated in CloudTrail within 15 minutes after an API call

11.2.5. CloudTrail Insights

11.2.5.1. ptional feature allows CloudTrail to automatically detect unusual API activities in your AWS account.

11.3. AWS trusted advisor

11.3.1. service that you can use in your AWS account that will evaluate your resources against five pillars

11.3.1.1. cost optimization

11.3.1.2. performance

11.3.1.3. security

11.3.1.4. fault tolerance

11.3.1.5. service limits

11.3.2. in real time runs through a series of checks for each pillar in your account, based on AWS best practices

12. Pricing and support

12.1. AWS Free Tier

12.1.1. Always Free

12.1.1.1. do not expire and are available to all AWS customers.

12.1.1.2. AWS Lambda allows 1 million free requests and up to 3.2 million seconds of compute time per month

12.1.1.3. Amazon DynamoDB allows 25 GB of free storage per month.

12.1.2. Trials

12.1.2.1. Short-term free trial offers start from the date you activate a particular service

12.1.2.2. Amazon Inspector offers a 90-day free trial

12.1.2.3. Amazon Lightsail (a service that enables you to run virtual private servers) offers 750 free hours of usage over a 30-day period

12.2. Pricing

12.2.1. Amazon EC2 Instance Savings Plans, because the plan allows you to save up to 72% over the equivalent On-Demand Instance capacity.

12.2.1.1. Pay for what you use.

12.2.1.1.1. For each service, you pay for exactly the amount of resources that you actually use, without requiring long-term contracts or complex licensing.

12.2.2. Pay less when you reserve.

12.2.2.1. suppose that your company is using Amazon EC2 instances for a workload that needs to run continuously

12.2.3. Pay less with volume-based discounts when you use more

12.2.3.1. Some services offer tiered pricing, so the per-unit cost is incrementally lower with increased usage.

12.2.3.1.1. For example, the more Amazon S3 storage space you use, the less you pay for it per GB.

12.2.3.2. 12 Months Free

12.2.3.2.1. free for 12 months following your initial sign-up date to AWS.

12.2.3.2.2. Amazon S3 Standard Storage

12.2.3.2.3. thresholds for monthly hours of Amazon EC2 compute time

12.2.3.2.4. amounts of Amazon CloudFront data transfer out

12.2.4. AWS Pricing Calculator

12.2.4.1. lets you explore AWS services and create an estimate for the cost of your use cases on AWS

12.2.4.2. You can organize your AWS estimates by groups that you define

12.2.4.2.1. A group can reflect how your company is organized, such as providing estimates by cost center.

12.2.5. Examples

12.2.5.1. AWS Lambda

12.2.5.1.1. you are charged based on the number of requests for your functions and the time that it takes for them to run.

12.2.5.1.2. Compute Savings Plans

12.2.5.2. Amazon EC2

12.2.5.2.1. you pay for only the compute time that you use while your instances are running.

12.2.5.3. Amazon S3

12.2.5.3.1. cost components

12.2.6. Billing dashboard

12.2.6.1. to pay your AWS bill

12.2.6.2. monitor your usage

12.2.6.3. analyze and control your costs

12.3. AWS Organizations

12.3.1. a service that enables you to manage multiple AWS accounts from a central location

12.3.2. consolidated billing

12.3.2.1. enables you to receive a single bill for all AWS accounts in your organization

12.3.2.1.1. You can still view your AWS bill in an itemized fashion

12.3.2.2. enables you to share volume pricing discounts across accounts.

12.3.3. the usage for AWS resources is rolled up to the organization level

12.3.3.1. but you can get the bulk discount pricing because of the aggregate across all accounts in the organization

12.3.3.1.1. share bulk discount pricing, Savings Plans, and Reserved Instances across the accounts in your organization

12.3.4. is free and easy to use

12.3.5. On your monthly bill, you can review itemized charges incurred by each account

12.4. AWS Budgets

12.4.1. It allows you to set custom budgets for a variety of scenarios like cost and usage

12.4.2. you can also set custom alerts when your usage exceeds (or is forecasted to exceed) the budgeted amount.

12.4.3. you can create budgets to plan your service usage, service costs, and instance reservations.

12.4.4. The information in AWS Budgets updates three times a day.

12.4.5. review comparison

12.4.5.1. current vs budgeted usage

12.4.5.2. forecasted vs budgeted

12.5. AWS Cost Explore

12.5.1. AWS Personal Health Dashboard

12.5.1.1. a tool that provides alerts and remediation guidance when AWS is experiencing events that may affect you

12.5.2. is a tool that enables you to visualize, understand, and manage your AWS costs and usage over time.

12.6. AWS Support plans

12.6.1. Basic Support

12.6.1.1. is free for all AWS customers.

12.6.1.2. access to whitepapers, documentation, and support communities

12.6.1.3. you can also contact AWS for billing questions and service limit increases.

12.6.1.4. limited selection of AWS Trusted Advisor checks

12.6.1.4.1. The default maximum number of accounts allowed for an organization is 4, but you can contact AWS Support to increase your quota, if needed.

12.6.2. pay-by-the-month pricing

12.6.2.1. Developer

12.6.2.1.1. Best practice guidance

12.6.2.1.2. Client-side diagnostic tools

12.6.2.1.3. Building-block architecture

12.6.2.2. Business

12.6.2.2.1. Use-case guidance to identify AWS offerings, features, and services that can best support your specific needs

12.6.2.2.2. All AWS Trusted Advisor checks

12.6.2.2.3. Limited support for third-party software, such as common operating systems and application stack components

12.6.2.3. Enterprise

12.6.2.3.1. Application architecture guidance

12.6.2.3.2. Infrastructure event management

12.6.2.3.3. (TAM) Technical Account Manager

12.7. AWS Marketplace

12.7.1. digital catalog

12.7.2. includes thousands of software listings from independent software vendors

12.7.3. to find, test, and buy software that runs on AWS

12.7.3.1. have options like one-click deployment that allows them to quickly procure and use products from thousands of software sellers right when you need them.

12.7.4. almost every vendor in the marketplace will allow you to use any annual licenses you already own and credit them for AWS deployment

12.7.4.1. You can also explore software solutions by industry and use case.

12.7.5. Categories

12.7.5.1. Business Apps

12.7.5.2. Data & Analystics

12.7.5.3. DevOps

12.7.5.4. Infra software

12.7.5.5. IoT

12.7.5.6. Machine Learning

12.7.5.7. Migration

12.7.5.8. Securirty

13. Migration and Innovation

13.1. Cloud Adoption Framework

13.1.1. provide advice to your company to enable a quick and smooth migration to AWS.

13.1.2. 6 Perspectives

13.1.2.1. Business capabilities

13.1.2.1.1. Business

13.1.2.1.2. People

13.1.2.1.3. Governance

13.1.2.2. Tech capabilities

13.1.2.2.1. Platform

13.1.2.2.2. Security

13.1.2.2.3. Operations

13.2. Migration strategies

13.2.1. Based on time, cost, priority, criticality

13.2.2. 6 R's

13.2.2.1. Rehosting

13.2.2.1.1. lift-and-shift

13.2.2.2. Replatforming

13.2.2.2.1. lift, tinker, and shift

13.2.2.2.2. not touching any core code in the process.

13.2.2.3. Retire

13.2.2.3.1. don't actually end up on AWS

13.2.2.4. Retain

13.2.2.4.1. keeping applications that are critical for the business in the source environment

13.2.2.4.2. about to be deprecated but maybe not just yet

13.2.2.4.3. ou should only migrate what makes sense for your business

13.2.2.5. Repurchase

13.2.2.5.1. to abandon legacy software vendors and get a fresh start as part of migration

13.2.2.5.2. moving from a traditional license to a software-as-a-service model.

13.2.2.6. Refactoring

13.2.2.6.1. also known as re-architecting

13.3. AWS Snow Family

13.3.1. collection of physical devices that help to physically transport up to exabytes of data into and out of AWS

13.3.2. AWS Snowcon

13.3.2.1. it's a device that holds up to eight terabytes of data

13.3.2.2. contains edge computing

13.3.2.2.1. Amazon EC2 instances and AWS IoT Greengrass

13.3.2.3. 2 CPUs, 4 GB of memory, and 8 TB of usable storage

13.3.2.4. you place an order via AWS Management Console

13.3.2.4.1. we ship it to you

13.3.2.5. analytics data, video libraries, image collections, backups, and even tape replacement data

13.3.3. AWS Snowball

13.3.3.1. Snowball Edge Storage Optimized

13.3.3.1.1. devices are well suited for large-scale data migrations and recurring transfer workflows, in addition to local computing with higher capacity needs.

13.3.3.2. Snowball Edge Compute Optimized

13.3.3.2.1. provides powerful computing resources for use cases such as machine learning, full motion video analysis, analytics, and local computing stacks.

13.3.3.3. hey fit into existing server racks and can be clustered for greater computing needs

13.3.3.3.1. you can even run AWS Lambda functions, Amazon EC2-compatible AMI's, or even AWS IoT Greengrass to perform simple processing of data

13.3.3.4. he use cases include capturing of streams from IoT devices, image compression, video transcoding, and even industrial signaling.

13.3.4. AWS Snowmobile

13.3.4.1. It houses 100 petabytes and is ideal for the largest migrations and even data center shutdowns

13.3.4.2. It is tamper resistant, waterproof, temperature controlled, it even has fire suppression and GPS tracking

13.3.4.2.1. 4/7 video surveillance with a dedicated security team and escort security vehicle during transit

13.3.5. hardware and software is cryptographically signed, and all data stored is automatically encrypted using 256-bit encryption keys, owned and managed by you, the customer

13.3.5.1. You can even use AWS Key Management Service to generate and manage keys

13.4. VMWare Cloud on AWS

13.5. Innovation

13.5.1. Machine learning and AI services

13.5.1.1. machine learning platform

13.5.1.1.1. AMZ SageMaker

13.5.1.1.2. AMZN Augmented AI

13.5.1.1.3. AMZN Textract

13.5.1.1.4. AWS DeepRacer

13.5.1.1.5. You can use ML to analyze data, solve complex problems, and predict outcomes before they happen.

13.5.1.2. Internet of Things

13.5.1.2.1. Enabling connected devices to communicate all around the world.

13.5.1.3. Artificial intelligence

13.5.1.3.1. Amazon Transcribe

13.5.1.3.2. Amazon Comprehend

13.5.1.3.3. AMZN Lex

13.5.1.3.4. Amazon Fraud Detector

13.5.2. AWS Ground Station

13.5.2.1. pay for the satellite time you actually need

13.5.3. Serverless applications

13.5.3.1. refers to applications that don’t require you to provision, maintain, or administer servers

13.5.3.2. AWS Lambda

14. AWS Well-Architected Framework

14.1. helps you understand how to design and operate reliable, secure, efficient, and cost-effective systems in the AWS Cloud

14.2. provides a way for you to consistently measure your architecture against best practices and design principles and identify areas for improvement.

14.3. 5 pillars

14.3.1. Operational Excellence

14.3.1.1. running and monitoring systems to deliver business value, and with that, continually improving processes and procedures

14.3.1.2. examples

14.3.1.2.1. automating changes with deployment pipelines

14.3.1.2.2. responding to events that are triggered

14.3.1.3. the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

14.3.2. Reliability

14.3.2.1. recovery planning

14.3.2.1.1. ncludes testing recovery procedures, scaling horizontally to increase aggregate system availability, and automatically recovering from failure.

14.3.2.2. ex

14.3.2.2.1. recovery from an Amazon DynamoDB disruption

14.3.2.2.2. EC2 node failure

14.3.2.3. ability of a system to do the following: Recover from infrastructure or service disruptions Dynamically acquire computing resources to meet demand Mitigate disruptions such as misconfigurations or transient network issues

14.3.3. Cost Optimization

14.3.3.1. looks at optimizing full cost

14.3.3.2. checking if you have overestimated your EC2 server size

14.3.3.3. ability to run systems to deliver business value at the lowest price point.

14.3.4. Security

14.3.4.1. example

14.3.4.1.1. checking integrity of data

14.3.4.1.2. protecting systems by using encryption

14.3.4.2. the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

14.3.5. Performance Efficiency

14.3.5.1. entails using IT and computing resources efficiently

14.3.5.2. example

14.3.5.2.1. using the right Amazon EC2 type

14.4. Well-Architected Tool

14.4.1. To generate a report, showing areas that should be addressed.

15. Cloud computing

15.1. On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

15.2. 6 Advanages

15.2.1. Trade upfront expense for variable expense

15.2.1.1. Upfront expenses

15.2.1.1.1. include data centers, physical servers, and other resources that you would need to invest in before using computing resources.

15.2.1.1.2. Benefit from massive economies of scale

15.2.1.2. you can pay only when you consume computing resources

15.2.2. Stop guessing capacity

15.2.2.1. you don’t have to predict how much infrastructure capacity you will need before deploying an application

15.2.2.1.1. you can launch Amazon Elastic Compute Cloud (Amazon EC2) instances when needed and pay only for the compute time you use

15.2.2.1.2. you can access only the capacity that you need, and scale in or out in response to demand.

15.2.3. Increase speed and agility

15.2.3.1. The flexibility of cloud computing makes it easier for you to develop and deploy applications.

15.2.4. Stop spending money running and maintaining data centers

15.2.4.1. the ability to focus less on these tasks and more on your applications and customers.

15.2.5. Go global in minutes

15.2.5.1. AWS Cloud global footprint enables you to quickly deploy applications to customers around the world, while providing them with low latency.