1. AMZN GuardDuty
1.1. threat detection offering
1.1.1. It analyzes continuous streams of metadata generated from your account, and network activity found on
1.1.1.1. AWS Cloudtrail events
1.1.1.2. AMZN VPC flow logs
1.1.1.3. DNS logs
1.2. It uses integrated threat intelligence to identify threats more accurately
1.2.1. known malicious IP addresses
1.2.2. anomaly detection
1.2.3. machine learning
1.3. runs independently from your other AWS services
1.3.1. won't affect performance or availability of your existing infrastructure, and workloads
1.4. you can review detailed findings about them from the AWS Management Console
1.4.1. findings include recomendated steps for remediation
1.4.2. You can also configure AWS Lambda functions to take remediation steps automatically in response to GuardDuty’s security findings.
2. AWS Artifact
2.1. a service that provides on-demand access to AWS security and compliance reports and select online agreements
2.1.1. AWS Artifact Agreements
2.1.1.1. you can review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations
2.1.2. AWS Artifact Reports
2.1.2.1. provide compliance reports from third-party auditors.
2.1.2.2. These auditors have tested and verified that AWS is compliant with a variety of global, regional, and industry-specific security standards and regulations
3. Global infra an reliability
3.1. AMZN Regions
3.1.1. geographically isolated areas, where you can access services needed to run your enterprise
3.1.1.1. proximity to your customers
3.1.1.2. compliance with data governance
3.1.1.3. pricing
3.1.1.4. available services / features
3.1.1.5. Connected by high speed fiber network
3.1.1.6. each region is isolated from other regions
3.1.1.6.1. region data sovereignty
3.1.2. each region is made up of multiple AZs
3.1.2.1. AZ (availability zone)
3.1.2.1.1. is a single data center or a group of data centers within a Region
3.1.2.1.2. low latency between them
3.1.2.1.3. separated enough to prevent disaster in all zone
3.1.2.1.4. always recomended to run at least in 2 AZ in a region
3.1.2.1.5. help you solve high availability and disaster recovery scenarios, without any additional effort on your part
3.1.2.1.6. is a fully isolated portion of the AWS global infrastructure.
3.2. AMZN Edge Location
3.2.1. Content Delivery Netwoks (CDN)
3.2.1.1. Caching copies of data closer to the customers all around the world
3.2.1.2. CDN Amazon CloudFront
3.2.1.2.1. to store cached copies of your content closer to your customers for faster delivery
3.2.1.2.2. used for data / video / apps and APIs
3.2.1.2.3. is a content delivery service
3.2.1.3. is a network that helps to deliver edge content to users based on their geographic location
3.2.2. are separate from Regions, so you can push content from inside a Region to a collection of Edge locations around the world, in order to accelerate communication and content delivery
3.2.3. run Amazon CloudFront to help get content closer to your customers, no matter where they are in the world.
3.2.4. site that Amazon CloudFront uses to store cached copies of your content closer to your customers for faster delivery
3.3. AMZN Route 53
3.3.1. DNS
3.3.1.1. to direct cust to the correct web locations
3.4. AMZ Outposts
3.4.1. AWS will basically install a fully operational mini Region, right inside your own data center.
3.4.2. owned and operated by AWS
3.4.3. using 100% of AWS functionality,
3.4.4. isolated within your own building
3.5. Provisioning
3.5.1. API
3.5.1.1. an application programming interface.
3.5.1.2. pre determined ways for you to interact with AWS services
3.5.1.2.1. to provision, configure, and manage your AWS resources
3.5.1.3. "Do it yourself"
3.5.1.3.1. AWS Management Console
3.5.1.3.2. AWS CLI - Command Line Interface
3.5.1.4. AWS SDKs - Software Development Kits
3.5.1.4.1. to interact with AWS resources through various programming languages
3.5.1.4.2. easy for developers to create programs that use AWS without using the low level API
3.5.1.4.3. enable you to use AWS services with your existing applications or create entirely new applications that will run on AWS.
3.5.1.4.4. Supported programming languages include C++, Java, .NET, and more.
3.5.1.5. manage tools to provision
3.5.1.5.1. AWS Elastic Beanstalk
3.5.1.5.2. AWS CloudFormation
4. Networking
4.1. conectivity to AWS
4.1.1. AMZN VPC - Virtual Private Cloud
4.1.1.1. your own private network in AWS
4.1.1.1.1. to provision an isolated section of the AWS Cloud
4.1.1.2. allows you to define your private IP range for your AWS resources
4.1.1.3. Subnets
4.1.1.3.1. chunks of IP addresses in your VPC that allow you to group resources together.
4.1.1.3.2. is a section of a VPC that can contain resources such as Amazon EC2 instances.
4.1.1.3.3. Public subnet
4.1.1.3.4. Private subnet
4.1.2. olny alow trafic comming form appoved internal network
4.1.3. internet gateway (IGW)
4.1.3.1. To allow public traffic from the internet to access your VPC, you attach an internet gateway to the VPC.
4.1.3.2. is a connection between a VPC and the internet
4.1.3.3. Without an internet gateway, no one can access the resources within your VPC
4.1.3.4. to access public net with your public VPC
4.1.4. Virtual Private gateway
4.1.4.1. To access private resources in a VPC
4.1.4.2. allows you to create a VPN connection between a private network, like your on-premises data center or internal corporate network to your VPC
4.1.4.2.1. to establish an encrypted VPN connection to your private internal AWS resources, you would need to attach a virtual private gateway to your VPC
4.1.5. AMZN direct connect
4.1.5.1. allows you to establish a completely private, dedicated fiber connection from your data center to AWS
4.1.5.2. provides a physical line that connects your network to your AWS VPC
4.1.6. security layer
4.1.6.1. network hardening
4.1.6.1.1. Network ACLs
4.1.6.1.2. security groups
4.1.6.2. application security
4.1.6.3. user identity
4.1.6.4. atentication and authorization
4.1.6.5. DDoS prevention (distributed denial-of-service)
4.1.6.6. data integrity
4.1.6.7. encryption
4.1.7. Global Networking
4.1.7.1. Domain Name System (DNS)
4.1.7.1.1. DNS resolution involves a customer DNS resolver communicating with a company DNS server.
4.1.7.1.2. DNS resolution is the process of translating a domain name to an IP address.
4.1.7.2. AMZN Route 53
4.1.7.2.1. is a DNS web service.
4.1.7.2.2. gives developers and businesses a reliable way to route end users to internet applications hosted in AWS.
4.1.7.2.3. It can route users to infrastructure outside of AWS.
4.1.7.2.4. Route 53 can direct traffic to different endpoints using several different routing policies
4.1.7.2.5. ability to manage the DNS records for domain names
5. Security
5.1. shared responsibility model
5.1.1. IN the cloud
5.1.1.1. customers
5.1.1.1.1. DATA
5.1.1.1.2. APPS
5.1.1.1.3. OS
5.1.1.1.4. Customers are responsible for the security of everything that they create and put in the AWS Cloud.
5.1.1.2. AWS Identity and Access Management
5.1.1.2.1. policies
5.1.1.2.2. users
5.1.1.2.3. Groups
5.1.1.2.4. Roles
5.1.1.3. root account user.
5.1.2. OF the cloud
5.1.2.1. AWS
5.1.2.1.1. PHYSICAL
5.1.2.1.2. NETWORK
5.1.2.1.3. HYPERVISOR
5.2. AWS Organizations
5.2.1. central location to manage multiple AWS accounts
5.2.2. consolidated billing for all member accounts
5.2.3. implement hierarchical groupings of your accounts to meet security, compliance, or budgetary needs
5.2.3.1. you can group accounts into organizational units, or OUs, kind of like business units, or BUs
5.2.3.1.1. When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy.
5.2.3.1.2. you can more easily isolate workloads or applications that have specific security requirements.
5.2.4. you have control over the AWS services and API actions that each account can access as an administrator of the primary account of an organization
5.2.5. service control policies (SCPs)
5.2.5.1. can be applied to
5.2.5.1.1. organization root
5.2.5.1.2. individual member accoutn
5.2.5.1.3. OU
5.3. Customer Compliance Center
5.3.1. contains resources to help you learn more about AWS compliance.
5.4. AWS Shield
5.4.1. DDoS
5.4.1.1. A denial-of-service (DoS) attack is a deliberate attempt to make a website or application unavailable to users.
5.4.1.2. distributed denial-of-service (DDoS) attack
5.4.1.2.1. multiple sources are used to start an attack that aims to make a website or application unavailable
5.4.2. is a service that protects applications against DDoS attacks
5.4.2.1. levels of protection
5.4.2.1.1. AWS Shield Standard
5.4.2.1.2. AWS Shield Advanced
5.4.2.2. Can integrate with AWS WAF
5.4.2.2.1. Web app Firewall
5.5. AMZN Inspector
5.5.1. helps to improve security, and compliance of your AWS deployed applications
5.5.2. running an automated security assessment against your infrastructure
5.5.2.1. it provides you with a list of security findings
5.5.3. he service consists of three parts
5.5.3.1. network configuration
5.5.3.2. Amazon agent
5.5.3.2.1. which can be installed an EC2 instances
5.5.3.3. security assessment
5.5.3.3.1. that brings them all together
5.6. AWS WAF
5.6.1. web application firewall that lets you monitor network requests that come into your web applications.
5.6.2. works together
5.6.2.1. AMZN CloudFront
5.6.2.2. App Load Balancer
5.6.3. works simmilar to ACL
5.7. encryption
5.7.1. encryption at rest
5.7.1.1. data is secure while in storage
5.7.1.2. AWS Key Management Service (AWS KMS)
5.7.1.2.1. encryption operations through the use of cryptographic keys
5.7.1.2.2. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data
5.7.1.2.3. ou can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.
5.7.1.2.4. you can choose the specific levels of access control that you need for your keys.
5.7.2. encryption in transit
5.7.2.1. while it is transmitted
5.7.2.2. example: SSL (secure socketts Layer)
6. Migration and Innovation
6.1. Cloud Adoption Framework
6.1.1. provide advice to your company to enable a quick and smooth migration to AWS.
6.1.2. 6 Perspectives
6.1.2.1. Business capabilities
6.1.2.1.1. Business
6.1.2.1.2. People
6.1.2.1.3. Governance
6.1.2.2. Tech capabilities
6.1.2.2.1. Platform
6.1.2.2.2. Security
6.1.2.2.3. Operations
6.2. Migration strategies
6.2.1. Based on time, cost, priority, criticality
6.2.2. 6 R's
6.2.2.1. Rehosting
6.2.2.1.1. lift-and-shift
6.2.2.2. Replatforming
6.2.2.2.1. lift, tinker, and shift
6.2.2.2.2. not touching any core code in the process.
6.2.2.3. Retire
6.2.2.3.1. don't actually end up on AWS
6.2.2.4. Retain
6.2.2.4.1. keeping applications that are critical for the business in the source environment
6.2.2.4.2. about to be deprecated but maybe not just yet
6.2.2.4.3. ou should only migrate what makes sense for your business
6.2.2.5. Repurchase
6.2.2.5.1. to abandon legacy software vendors and get a fresh start as part of migration
6.2.2.5.2. moving from a traditional license to a software-as-a-service model.
6.2.2.6. Refactoring
6.2.2.6.1. also known as re-architecting
6.3. AWS Snow Family
6.3.1. collection of physical devices that help to physically transport up to exabytes of data into and out of AWS
6.3.2. AWS Snowcon
6.3.2.1. it's a device that holds up to eight terabytes of data
6.3.2.2. contains edge computing
6.3.2.2.1. Amazon EC2 instances and AWS IoT Greengrass
6.3.2.3. 2 CPUs, 4 GB of memory, and 8 TB of usable storage
6.3.2.4. you place an order via AWS Management Console
6.3.2.4.1. we ship it to you
6.3.2.5. analytics data, video libraries, image collections, backups, and even tape replacement data
6.3.3. AWS Snowball
6.3.3.1. Snowball Edge Storage Optimized
6.3.3.1.1. devices are well suited for large-scale data migrations and recurring transfer workflows, in addition to local computing with higher capacity needs.
6.3.3.2. Snowball Edge Compute Optimized
6.3.3.2.1. provides powerful computing resources for use cases such as machine learning, full motion video analysis, analytics, and local computing stacks.
6.3.3.3. hey fit into existing server racks and can be clustered for greater computing needs
6.3.3.3.1. you can even run AWS Lambda functions, Amazon EC2-compatible AMI's, or even AWS IoT Greengrass to perform simple processing of data
6.3.3.4. he use cases include capturing of streams from IoT devices, image compression, video transcoding, and even industrial signaling.
6.3.4. AWS Snowmobile
6.3.4.1. It houses 100 petabytes and is ideal for the largest migrations and even data center shutdowns
6.3.4.2. It is tamper resistant, waterproof, temperature controlled, it even has fire suppression and GPS tracking
6.3.4.2.1. 4/7 video surveillance with a dedicated security team and escort security vehicle during transit
6.3.5. hardware and software is cryptographically signed, and all data stored is automatically encrypted using 256-bit encryption keys, owned and managed by you, the customer
6.3.5.1. You can even use AWS Key Management Service to generate and manage keys
6.4. VMWare Cloud on AWS
6.5. Innovation
6.5.1. Machine learning and AI services
6.5.1.1. machine learning platform
6.5.1.1.1. AMZ SageMaker
6.5.1.1.2. AMZN Augmented AI
6.5.1.1.3. AMZN Textract
6.5.1.1.4. AWS DeepRacer
6.5.1.1.5. You can use ML to analyze data, solve complex problems, and predict outcomes before they happen.
6.5.1.2. Internet of Things
6.5.1.2.1. Enabling connected devices to communicate all around the world.
6.5.1.3. Artificial intelligence
6.5.1.3.1. Amazon Transcribe
6.5.1.3.2. Amazon Comprehend
6.5.1.3.3. AMZN Lex
6.5.1.3.4. Amazon Fraud Detector
6.5.2. AWS Ground Station
6.5.2.1. pay for the satellite time you actually need
6.5.3. Serverless applications
6.5.3.1. refers to applications that don’t require you to provision, maintain, or administer servers
6.5.3.2. AWS Lambda
7. Cloud computing
7.1. On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing
7.2. 6 Advanages
7.2.1. Trade upfront expense for variable expense
7.2.1.1. Upfront expenses
7.2.1.1.1. include data centers, physical servers, and other resources that you would need to invest in before using computing resources.
7.2.1.1.2. Benefit from massive economies of scale
7.2.1.2. you can pay only when you consume computing resources
7.2.2. Stop guessing capacity
7.2.2.1. you don’t have to predict how much infrastructure capacity you will need before deploying an application
7.2.2.1.1. you can launch Amazon Elastic Compute Cloud (Amazon EC2) instances when needed and pay only for the compute time you use
7.2.2.1.2. you can access only the capacity that you need, and scale in or out in response to demand.
7.2.3. Increase speed and agility
7.2.3.1. The flexibility of cloud computing makes it easier for you to develop and deploy applications.
7.2.4. Stop spending money running and maintaining data centers
7.2.4.1. the ability to focus less on these tasks and more on your applications and customers.
7.2.5. Go global in minutes
7.2.5.1. AWS Cloud global footprint enables you to quickly deploy applications to customers around the world, while providing them with low latency.
8. Recall that when you modify a file in block storage, only the pieces that are changed are updated. When a file in object storage is modified, the entire object is updated.
9. block-level storage
9.1. Instance store volumes
9.1.1. Block-level storage volumes behave like physical hard drives.
9.1.1.1. block-level storage for an Amazon EC2 instance.
9.1.2. comes by default with EC2 instance
9.1.3. non-persistant: data is lost when you shutdown EC2 instance
9.1.3.1. S3 Standard has a higher cost than other storage classes intended for infrequently accessed data and archival storage.
9.2. AMZN EBS - Elastic Block Store
9.2.1. EBS volumes
9.2.1.1. persistent data
9.2.1.2. Different sizes and type
9.2.1.3. you attach to your EC2 instance
9.2.2. EBS snapshot
9.2.2.1. incremental backups of your data
9.2.3. service that provides block-level storage volumes that you can use with Amazon EC2 instances
9.2.4. size up to 16Tb
9.2.4.1. solid state by default
9.2.4.2. stores data in a single Availability Zone.
10. Beginning with only the resources you need and designing your architecture to automatically respond to changing demand by scaling out or in.
10.1. enables you to automatically add or remove Amazon EC2 instances in response to changing application demand
10.1.1. scale out
10.1.1.1. more intances
10.1.2. scale up
10.1.2.1. more resources in one instance
11. compute in the cloud
11.1. EC2 - Elastic Compute Cloud
11.1.1. multitennancy: This idea of sharing underlying hardware
11.1.1.1. The hypervisor is responsible for coordinating this multitenancy and it is managed by AWS
11.1.1.1.1. And a hypervisor running on the host machine is responsible for sharing the underlying physical resources between the virtual machines.
11.1.2. EC2 runs on top of physical host machines managed by AWS using virtualization technology.
11.1.3. Types
11.1.3.1. varying combinations of
11.1.3.1.1. CPU
11.1.3.1.2. Memory
11.1.3.1.3. Storage
11.1.3.1.4. networking capacity
11.1.3.2. Each instance type is grouped under an instance family
11.1.3.2.1. general purpose
11.1.3.2.2. compute optimized
11.1.3.2.3. memory optimized
11.1.3.2.4. Accelerated computing
11.1.3.2.5. storage optimized
11.2. Pricing
11.2.1. On- Demand
11.2.1.1. you only pay if the instance is running
11.2.1.1.1. per hour
11.2.1.1.2. per second
11.2.1.1.3. depends on the type of instance and OS
11.2.1.2. good to get a baseline for your average usage (to get started)
11.2.1.3. short-term, irregular workloads that cannot be interrupted
11.2.1.3.1. developing and testing applications
11.2.1.3.2. running applications that have unpredictable usage patterns
11.2.1.4. no contract
11.2.2. Savings Plan
11.2.2.1. low prices in exchane for a commitment to a consistent usage (measured: dollars / hour ) for 1or 3 years
11.2.2.2. also apply to Lambda and Fargate (serveless compute)
11.2.2.3. savings of up to 66% over On-Demand costs.
11.2.2.4. Any usage beyond the commitment is charged at regular On-Demand rates.
11.2.3. Reserved Instances
11.2.3.1. for steady-state workloads or ones with predictable usage
11.2.3.2. offer you up to a 75% discount versus On-Demand pricing
11.2.3.2.1. you qualify for a discount once you commit to a one or three-year term and can pay for them with three payment options
11.2.3.3. are a billing discount applied to the use of On-Demand Instances in your account.
11.2.3.3.1. Standard Reserved Instances
11.2.3.3.2. Convertible Reserved Instances
11.2.3.3.3. Scheduled Reserved Instances
11.2.4. Spot Instances
11.2.4.1. to request spare Amazon EC2 computing capacity for up to 90% off of the On-Demand price
11.2.4.2. AWS can reclaim the instance at any time they need it, giving you a two-minute warning to finish up work and save state.
11.2.4.3. A good example of those are batch workloads.
11.2.4.3.1. ideal for workloads with flexible start and end times, or that can withstand interruptions
11.2.4.4. do not require contracts or commintment to ammount of use
11.2.4.5. no contract
11.2.5. Dedicated Hosts
11.2.5.1. physical hosts dedicated for your use for EC2
11.2.5.1.1. On-Demand dedicatd hosts
11.2.5.1.2. Dedicated Hosts Reservations
11.2.5.2. for meeting certain compliance requirements
11.2.5.3. nobody else will share tenancy of that host.
11.2.5.4. You can use your existing per-socket, per-core, or per-VM software licenses to help maintain license compliance
11.2.5.5. most expensive of all services
11.3. Scalability
11.3.1. Amazon EC2 Auto Scaling
11.3.1.1. Dynamic scaling responds to changing demand.
11.3.1.1.1. scale horizontally
11.3.1.2. Predictive scaling automatically schedules the right number of Amazon EC2 instances based on predicted demand.
11.3.1.3. To scale faster, you can use dynamic scaling and predictive scaling together.
11.3.2. minimun / desired / sacale as needed / maximum aws ec2 inst
11.3.2.1. If you do not specify the desired number of Amazon EC2 instances in an Auto Scaling group, the desired capacity defaults to your minimum capacity.
11.4. Elasticity
11.4.1. Elastic Load Balancing
11.4.1.1. service that automatically distributes incoming application traffic across multiple resources
11.4.1.2. single point of contact for all incoming web traffic to your Auto Scaling group
11.4.1.3. ELB + Auto Scalling
11.4.1.3.1. high performance
11.4.1.3.2. availability
11.5. messaging and queuing
11.5.1. monolithic application:an application with tightly coupled components. These components might include databases, servers, the user interface, business logic, and so on
11.5.1.1. if a single component fails, other components fail, and possibly the entire application fails.
11.5.2. microservices: application components are loosely coupled.
11.5.3. AMZN Simple Notification Servicde (SNS)
11.5.3.1. is a publish/subscribe service
11.5.3.2. publisher publishes messages to subscribers.
11.5.3.3. subscribers can be web servers, email addresses, AWS Lambda functions, or several other options.
11.5.4. AMZN Simple Queue Service (SQS)
11.5.4.1. you can send, store, and receive messages between software components, without losing messages or requiring other services to be available
11.5.4.2. an application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.
11.6. Aditional compute services
11.6.1. serverless computing
11.6.1.1. do not need to provision or manage these servers.
11.6.1.2. Lambda
11.6.1.2.1. Doker containers
11.6.1.2.2. Docker is a software platform that enables you to build, test, and deploy applications quickly
11.6.1.2.3. is a service that lets you run code without needing to provision or manage servers.
11.6.1.2.4. create a lambda function to run (under 15 min) when an event is triggered
11.6.1.2.5. flexibility to scale serverless applications automatically
11.6.1.2.6. you pay only for the compute time that you consume
11.6.1.2.7. set your code to trigger from an event source
11.6.1.2.8. For example, a simple Lambda function might involve automatically resizing uploaded images to the AWS Cloud. In this case, the function triggers when uploading a new image.
11.6.1.3. Fargate
11.6.1.3.1. serverless compute engine for containers
11.6.1.3.2. you do not need to provision or manage servers
11.6.1.3.3. you pay only for the resources that are required to run your containers.
11.6.2. Containers
11.6.2.1. a container is a package for your code where you package up your application, its dependencies as well as any configurations that it needs to run
11.6.2.1.1. provide you with a standard way to package your application's code and dependencies into a single object. You can also use containers for processes and workflows in which there are essential requirements for security, reliability, and scalability.
11.7. CLOUD computing
11.7.1. the on-demand delivery of IT resources over the internet with pay-as-you-go pricing
12. Storage and Databases
12.1. Object-Level Storage
12.1.1. each object consists of
12.1.1.1. Data
12.1.1.1.1. The data might be an image, video, text document, or any other type of file
12.1.1.2. Metadata
12.1.1.2.1. contains information about what the data is, how it is used, the object size, and so on
12.1.1.3. Key
12.1.1.3.1. unique identifier
12.1.2. AMZN S3 - Simple Storage Service
12.1.2.1. allows you to store and retrieve an unlimited amount of data at any scale
12.1.2.2. buckets
12.1.2.2.1. where you store data, instead of FS
12.1.2.2.2. you can
12.1.2.3. Tiers / Storage Classes
12.1.2.3.1. S3 Standard
12.1.2.3.2. S3 Infrequent Access / S3-IA
12.1.2.3.3. S3 Infrequent Access One Zone / S3 One Zone IA
12.1.2.3.4. Low-cost storage designed for data archiving
12.1.2.3.5. S3 Intelligent-Tiering
12.1.2.3.6. Amazon S3 Glacier
12.1.2.4. cases in which a large number of services and resources need to access the same data at the same time
12.1.2.5. S3 Glacier Deep Archive
12.1.2.5.1. Lowest-cost object storage class ideal for archiving
12.1.2.5.2. Able to retrieve objects within 12 hours
12.1.2.6. unlimited storage
12.1.2.7. individual objects up to 5TB
12.1.2.8. write once / read many
12.1.2.8.1. is a scalable file system used with AWS Cloud services and on-premises resources.
12.1.2.9. serverless
12.2. file storage
12.2.1. AMZN Elastic file system / AMZN EFS
12.2.1.1. grows and shrinks automatically. It can scale on demand to petabytes without disrupting applications.
12.2.1.2. multiple instances accessing the data in EFS at the same time.
12.2.1.3. Linux file system
12.2.1.4. when?
12.2.1.5. is a regional service. It stores data in and across multiple Availability Zones.
12.2.1.5.1. The duplicate storage enables you to access data concurrently from all the Availability Zones in the Region
12.3. relational database
12.3.1. data is stored in a way that relates it to other pieces of data.
12.3.2. use structured query language (SQL) to store and query data
12.3.3. AMZN Relational Database Service / AMZN RDS
12.3.3.1. AMZN supports
12.3.3.1.1. MySQL
12.3.3.1.2. PostgreSQL
12.3.3.1.3. Oracle
12.3.3.1.4. MS SQL Server
12.3.3.1.5. lift -and-shift migration to a EC2
12.3.3.2. managed service that automates tasks such as hardware provisioning, database setup, patching, and backups.
12.3.3.2.1. services
12.3.3.3. You can integrate Amazon RDS with other services to fulfill your business and operational needs, such as using AWS Lambda to query your database from a serverless application.
12.3.3.3.1. customer ownership of
12.3.3.4. Amazon RDS is available on six database engines,
12.3.3.4.1. AMZN Aurora
12.3.3.4.2. MySQL
12.3.3.4.3. MariaDB
12.3.3.4.4. Oracle Database
12.3.3.4.5. Microsoft SQL Serve
12.4. DataWarehouse
12.4.1. AMZN Redshift
12.4.1.1. offers the ability to collect data from many sources and helps you to understand relationships and trends across your data
12.5. nonrelational database
12.5.1. serverless DBs
12.5.1.1. you do not have to provision, patch, or manage servers.
12.5.1.2. do not have to install, maintain, or operate software.
12.5.1.3. data warehousing service that you can use for big data analytics
12.5.2. DynamoDB
12.5.2.1. noSQL
12.5.2.1.1. is a key-value database service
12.5.2.1.2. tables with data
12.5.2.2. Purpose build
12.5.2.2.1. simple flexible schemas,
12.5.2.2.2. you can add and remove attributes from items in the table, at any time.
12.5.2.2.3. Not every item in the table has to have the same attributes.
12.5.2.2.4. it has specific use cases, and it isn't the best fit for every workload out there.
12.5.2.3. milisecond response time
12.5.2.4. fully managed
12.5.2.5. Highly scalable
12.5.2.5.1. petabyte size potential
12.5.2.6. It has massive throughput
12.5.2.7. It has granular API access
12.5.2.8. stores this data redundantly across availability zones and mirrors the data across multiple drives
12.6. AMZN DMS - DB Migration Services
12.6.1. migrate data from source to target
12.6.1.1. homogenous
12.6.1.1.1. MySQL -> Amazon RDS
12.6.1.1.2. MySQL/ Microsoft SQL Server -> Amazon RDS
12.6.1.1.3. QL Server/ Oracle -> Amazon RDS for Oracle.
12.6.1.1.4. schema structures, data types, and database code is compatible between source and target.
12.6.1.1.5. source
12.6.1.1.6. target
12.6.1.2. heterogeneous
12.6.1.2.1. two-step process
12.6.2. minimize downtime
12.6.2.1. during the migration, your source database remains operational
12.6.3. other use cases
12.6.3.1. development and test database migrations
12.6.3.1.1. when you want to develop this to test against production data, but without affecting production users
12.6.3.2. database consolidation
12.6.3.2.1. when you have several databases and want to consolidate them into one central database.
12.6.3.3. continuous database replication
12.6.3.3.1. when you use DMS to perform continuous data replication
12.6.3.3.2. sending ongoing copies of your data to other target sources instead of doing a one-time migration
12.7. content management
12.7.1. migrate a copy of your production database to your dev or test environments, either once-off or continuously
12.7.2. AMZN DocuementDB
12.7.2.1. catalogs / user profiles
12.7.2.2. document database service that supports MongoDB workloads
12.7.3. AMZN Neptune
12.7.3.1. graph database service.
12.7.3.2. social network / recommendation engines / fraud detention
12.7.3.3. to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs
12.7.4. AMZN Managed Blockchain
12.7.4.1. blockchain solution
12.7.4.1.1. Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority
12.7.4.2. to create and manage blockchain networks with open-source frameworks
12.7.5. AMZN Quantum Ledger Database - AMZN QLDB
12.7.5.1. ledger database service
12.7.5.2. An immutable system of record where any entry can never be removed from the audits
12.7.5.3. can use it to review a complete history of all the changes that have been made to your application data.
12.7.6. Amazon ElastiCache
12.7.6.1. a service that adds caching layers on top of your databases to help improve the read times of common requests.
12.7.6.2. Memcached and Redis flavors
12.7.6.2.1. can provide those caching layers without your team needing to worry about the heavy lifting of launching, uplift, and maintenance
12.7.7. DAX
12.7.7.1. AMZN Dynamo DB accelerator
12.7.7.2. a native caching layer designed to dramatically improve read times for your nonrelational data
12.7.7.3. is an in-memory cache for DynamoDB.
13. Monitoring
13.1. AMZ CloudWatch
13.1.1. web service
13.1.1.1. to monitor and manage various metrics
13.1.1.2. configure alarm actions based on data from those metrics
13.1.2. benefits
13.1.2.1. access to all your metrics from a central location
13.1.2.1.1. helping you break down silos so that you can easily gain system-wide visibility.
13.1.2.2. gain insights across your distributed stack
13.1.2.2.1. so you can correlate and visualize metrics and logs to quickly pinpoint and resolve issues
13.1.3. CloudWatch alarms
13.1.3.1. you can create alarms that automatically perform actions if the value of your metric has gone above or below a predefined threshold.
13.1.4. CloudWatch dashboard
13.1.4.1. enables you to access all the metrics for your resources from a single location
13.1.4.2. You can even customize separate dashboards for different business purposes, applications, or resources.
13.2. AWS CloudTrail
13.2.1. comprehensive API auditing tool
13.2.1.1. records API calls for your account
13.2.2. The engine records
13.2.2.1. dentity of the API caller
13.2.2.2. which operator
13.2.2.3. the time of the API call
13.2.2.4. Where were they?
13.2.2.5. What was their IP address?
13.2.2.6. And what was the response?
13.2.2.7. Did something change?
13.2.2.8. And what is the new state?
13.2.2.9. Was the request denied?
13.2.3. can save those logs indefinitely in secure S3 buckets.
13.2.3.1. with tamper-proof methods like Vault Lock, you then can show absolute provenance of all of these critical security audit logs.
13.2.4. Events are typically updated in CloudTrail within 15 minutes after an API call
13.2.5. CloudTrail Insights
13.2.5.1. ptional feature allows CloudTrail to automatically detect unusual API activities in your AWS account.
13.3. AWS trusted advisor
13.3.1. service that you can use in your AWS account that will evaluate your resources against five pillars
13.3.1.1. cost optimization
13.3.1.2. performance
13.3.1.3. security
13.3.1.4. fault tolerance
13.3.1.5. service limits
13.3.2. in real time runs through a series of checks for each pillar in your account, based on AWS best practices
14. Pricing and support
14.1. AWS Free Tier
14.1.1. Always Free
14.1.1.1. do not expire and are available to all AWS customers.
14.1.1.2. AWS Lambda allows 1 million free requests and up to 3.2 million seconds of compute time per month
14.1.1.3. Amazon DynamoDB allows 25 GB of free storage per month.
14.1.2. Trials
14.1.2.1. Short-term free trial offers start from the date you activate a particular service
14.1.2.2. Amazon Inspector offers a 90-day free trial
14.1.2.3. Amazon Lightsail (a service that enables you to run virtual private servers) offers 750 free hours of usage over a 30-day period
14.2. Pricing
14.2.1. Amazon EC2 Instance Savings Plans, because the plan allows you to save up to 72% over the equivalent On-Demand Instance capacity.
14.2.1.1. Pay for what you use.
14.2.1.1.1. For each service, you pay for exactly the amount of resources that you actually use, without requiring long-term contracts or complex licensing.
14.2.2. Pay less when you reserve.
14.2.2.1. suppose that your company is using Amazon EC2 instances for a workload that needs to run continuously
14.2.3. Pay less with volume-based discounts when you use more
14.2.3.1. Some services offer tiered pricing, so the per-unit cost is incrementally lower with increased usage.
14.2.3.1.1. For example, the more Amazon S3 storage space you use, the less you pay for it per GB.
14.2.3.2. 12 Months Free
14.2.3.2.1. free for 12 months following your initial sign-up date to AWS.
14.2.3.2.2. Amazon S3 Standard Storage
14.2.3.2.3. thresholds for monthly hours of Amazon EC2 compute time
14.2.3.2.4. amounts of Amazon CloudFront data transfer out
14.2.4. AWS Pricing Calculator
14.2.4.1. lets you explore AWS services and create an estimate for the cost of your use cases on AWS
14.2.4.2. You can organize your AWS estimates by groups that you define
14.2.4.2.1. A group can reflect how your company is organized, such as providing estimates by cost center.
14.2.5. Examples
14.2.5.1. AWS Lambda
14.2.5.1.1. you are charged based on the number of requests for your functions and the time that it takes for them to run.
14.2.5.1.2. Compute Savings Plans
14.2.5.2. Amazon EC2
14.2.5.2.1. you pay for only the compute time that you use while your instances are running.
14.2.5.3. Amazon S3
14.2.5.3.1. cost components
14.2.6. Billing dashboard
14.2.6.1. to pay your AWS bill
14.2.6.2. monitor your usage
14.2.6.3. analyze and control your costs
14.3. AWS Organizations
14.3.1. a service that enables you to manage multiple AWS accounts from a central location
14.3.2. consolidated billing
14.3.2.1. enables you to receive a single bill for all AWS accounts in your organization
14.3.2.1.1. You can still view your AWS bill in an itemized fashion
14.3.2.2. enables you to share volume pricing discounts across accounts.
14.3.3. the usage for AWS resources is rolled up to the organization level
14.3.3.1. but you can get the bulk discount pricing because of the aggregate across all accounts in the organization
14.3.3.1.1. share bulk discount pricing, Savings Plans, and Reserved Instances across the accounts in your organization
14.3.4. is free and easy to use
14.3.5. On your monthly bill, you can review itemized charges incurred by each account
14.4. AWS Budgets
14.4.1. It allows you to set custom budgets for a variety of scenarios like cost and usage
14.4.2. you can also set custom alerts when your usage exceeds (or is forecasted to exceed) the budgeted amount.
14.4.3. you can create budgets to plan your service usage, service costs, and instance reservations.
14.4.4. The information in AWS Budgets updates three times a day.
14.4.5. review comparison
14.4.5.1. current vs budgeted usage
14.4.5.2. forecasted vs budgeted
14.5. AWS Cost Explore
14.5.1. AWS Personal Health Dashboard
14.5.1.1. a tool that provides alerts and remediation guidance when AWS is experiencing events that may affect you
14.5.2. is a tool that enables you to visualize, understand, and manage your AWS costs and usage over time.
14.6. AWS Support plans
14.6.1. Basic Support
14.6.1.1. is free for all AWS customers.
14.6.1.2. access to whitepapers, documentation, and support communities
14.6.1.3. you can also contact AWS for billing questions and service limit increases.
14.6.1.4. limited selection of AWS Trusted Advisor checks
14.6.1.4.1. The default maximum number of accounts allowed for an organization is 4, but you can contact AWS Support to increase your quota, if needed.
14.6.2. pay-by-the-month pricing
14.6.2.1. Developer
14.6.2.1.1. Best practice guidance
14.6.2.1.2. Client-side diagnostic tools
14.6.2.1.3. Building-block architecture
14.6.2.2. Business
14.6.2.2.1. Use-case guidance to identify AWS offerings, features, and services that can best support your specific needs
14.6.2.2.2. All AWS Trusted Advisor checks
14.6.2.2.3. Limited support for third-party software, such as common operating systems and application stack components
14.6.2.3. Enterprise
14.6.2.3.1. Application architecture guidance
14.6.2.3.2. Infrastructure event management
14.6.2.3.3. (TAM) Technical Account Manager
14.7. AWS Marketplace
14.7.1. digital catalog
14.7.2. includes thousands of software listings from independent software vendors
14.7.3. to find, test, and buy software that runs on AWS
14.7.3.1. have options like one-click deployment that allows them to quickly procure and use products from thousands of software sellers right when you need them.
14.7.4. almost every vendor in the marketplace will allow you to use any annual licenses you already own and credit them for AWS deployment
14.7.4.1. You can also explore software solutions by industry and use case.
14.7.5. Categories
14.7.5.1. Business Apps
14.7.5.2. Data & Analystics
14.7.5.3. DevOps
14.7.5.4. Infra software
14.7.5.5. IoT
14.7.5.6. Machine Learning
14.7.5.7. Migration
14.7.5.8. Securirty
15. AWS Well-Architected Framework
15.1. helps you understand how to design and operate reliable, secure, efficient, and cost-effective systems in the AWS Cloud
15.2. provides a way for you to consistently measure your architecture against best practices and design principles and identify areas for improvement.
15.3. 5 pillars
15.3.1. Operational Excellence
15.3.1.1. running and monitoring systems to deliver business value, and with that, continually improving processes and procedures
15.3.1.2. examples
15.3.1.2.1. automating changes with deployment pipelines
15.3.1.2.2. responding to events that are triggered
15.3.1.3. the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.
15.3.2. Reliability
15.3.2.1. recovery planning
15.3.2.1.1. ncludes testing recovery procedures, scaling horizontally to increase aggregate system availability, and automatically recovering from failure.
15.3.2.2. ex
15.3.2.2.1. recovery from an Amazon DynamoDB disruption
15.3.2.2.2. EC2 node failure
15.3.2.3. ability of a system to do the following: Recover from infrastructure or service disruptions Dynamically acquire computing resources to meet demand Mitigate disruptions such as misconfigurations or transient network issues
15.3.3. Cost Optimization
15.3.3.1. looks at optimizing full cost
15.3.3.2. checking if you have overestimated your EC2 server size
15.3.3.3. ability to run systems to deliver business value at the lowest price point.
15.3.4. Security
15.3.4.1. example
15.3.4.1.1. checking integrity of data
15.3.4.1.2. protecting systems by using encryption
15.3.4.2. the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
15.3.5. Performance Efficiency
15.3.5.1. entails using IT and computing resources efficiently
15.3.5.2. example
15.3.5.2.1. using the right Amazon EC2 type
15.4. Well-Architected Tool
15.4.1. To generate a report, showing areas that should be addressed.