1. 1 Introduction to AWS
1.1. 1. Region
1.1.1. 1. region is a named set of AWS resources in the same geographical area.
1.1.2. 2. A region comprises at least two Availability Zones.
1.2. 2. AZ
1.2.1. 1. Availability Zone is a distinct location within a region that is insulated from failures in other Availability Zones and
1.2.2. 2. provides inexpensive, low-latency network connectivity to other Availability Zones in the same region.
1.3. 3. Deployment
1.3.1. 1. hybrid deployment is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud.
1.3.2. 2. An all-in deployment refers to an environment that exclusively runs in the cloud.
2. 8 SQS, SWF, and SNS
2.1. 1. SQS
2.1.1. 1. SQS is a fast, reliable, scalable, fully managed message queuing service that allows organizations to decouple the components of a cloud application. With Amazon SQS, organizations can transmit any volume of data, at any level of throughput, without losing messages or requiring other services to be always available.
2.1.2. 2. SQS visibility timeout
2.1.2.1. 1. max 12 hours
2.1.2.2. 2. default 30 sec
2.1.3. 3. properties
2.1.3.1. 1. Message ID
2.1.3.2. 2. Body
2.2. 2. SWF
2.2.1. helps developers build, run, and scale background jobs that have parallel or sequential steps.
2.3. 3. SNS
2.3.1. provides a messaging bus complement to Amazon SQS; however, it doesn’t provide the decoupling of components necessary for this scenario.
2.4. 2. SNS features
2.4.1. 1. Publishers
2.4.2. 2. Subscribers
2.4.3. 3. Topics
2.4.3.1. 1. ARN created
2.5. 1. Supported Protocols
2.5.1. 1. HTTPS
2.5.2. 2. AWS Lambda
2.5.3. 3. Email-JSON
3. 2 S3 and Glacier Storage
3.1. 1. Glacier
3.1.1. provides lowcost archival storage.
3.2. S3
3.2.1. 4. key characteristics of s3
3.2.1.1. All objects have a URL.
3.2.1.2. S3 can store unlimited amounts of data.
3.2.1.3. S3 uses a REST (Representational State Transfer) Application Program Interface (API).
3.2.2. 3. appropriates use cases for s3
3.2.2.1. Storing web content
3.2.2.2. Storing backups for a relational database
3.2.2.3. Storing logs for analytics
3.2.3. 2. Objects are stored in buckets, and objects contain both data and metadata.
3.2.3.1. objects are private by default
4. 9 DNS and Route 53
4.1. 1. Route 53 provides a highly available and scalable cloud Domain Name System (DNS) web service.
5. 3 EC2 and EBS
5.1. 1. EBS provides persistent block-level storage volumes for use with Amazon EC2 instances on the AWS Cloud.
5.2. EC2 Type
5.2.1. On Demand
5.2.2. Spot
5.2.3. Reserved
5.2.4. Dedicated Hosts
5.2.5. Saving Plan
5.3. EC2 Storage
5.3.1. EBS Volume
5.3.2. Elastic File System (EFS)
6. 10 ElastiCache
6.1. 1. ElastiCache is a service that provides in-memory cache in the cloud.
7. 4 VPC
7.1. 1. VPC
7.1.1. VPC lets organizations provision a logically isolated section of the AWS Cloud where they can launch AWS resources in a virtual network that they define.
8. 5 ELB, CloudWatch and Auto Scaling
8.1. 1. CloudWatch
8.1.1. CloudWatch is a monitoring service for AWS Cloud resources and the applications organizations run on AWS.
8.1.2. CloudWatch metrics provide hypervisor visible metrics.
8.2. 2. Auto Scaling
8.2.1. helps maintain application availability and allows organizations to scale Amazon Elastic Compute Cloud (Amazon EC2) capacity up or down automatically according to conditions defined for the particular workload. Not only can it be used to help ensure that the desired number of Amazon EC2 instances are running, but it also allows resources to scale in and out to match the demands of dynamic workloads.
8.2.2. Auto Scaling Group
8.2.2.1. default EC2 capacity (20) for new region.
8.2.2.2. launches instances from an AMI specified in the launch configuration associated with the Auto Scaling group
8.2.2.3. enforces a minimum number of instances in the min-size parameter of the Auto Scaling group.
8.2.2.4. launch configurations
8.2.2.4.1. allows you to change the EC2 instance type and AMI without disrupting the Auto Scaling group.
8.2.2.4.2. facilitates rolling out a patch to an existing set of instances managed by an Auto Scaling group.
8.2.2.4.3. allows you to change security groups associated with the instances launched without having to make changes to the Auto Scaling group.
8.2.2.5. May use instances
8.2.2.5.1. On-Demand Instances
8.2.2.5.2. Spot Instances
8.2.2.6. Supported Plans
8.2.2.6.1. Manual
8.2.2.6.2. Scheduled
8.2.2.6.3. Dynamic
8.2.3. Auto Scaling is designed to scale out based on an event like increased traffic while being cost effective when not needed.
8.2.4. Auto Scaling responds to changing conditions by adding or terminating instances
8.3. ELB
8.3.1. Websites behind ELB
8.3.1.1. An SSL certificate must specify the name of the website in either the subject name or listed as a value in the Subject Alternative Name SAN extension of the certificate in order for connecting clients tonot receive a warning.
8.3.2. When Amazon EC2 instances fail the requisite number of consecutive health checks, the load balancer stops sending traffic to the Amazon EC2 instance.
8.3.3. ELB Health Checks
8.3.3.1. A ping
8.3.3.2. A connection attempt
8.3.3.3. A page request
8.3.4. Connection Draining
8.3.4.1. When connection draining is enabled, the load balancer will stop sending requests to a deregistered or unhealthy instance
8.3.4.2. attempt to complete in-flight requests until a connection draining timeout period is reached, which is 300 seconds by default.
8.3.5. supported types of load balancer
8.3.5.1. Internet-facing
8.3.5.2. Internal
8.3.5.3. HTTPS using SSL
9. 12 Security on AWS
10. 13 AWS Risk and Compliance
11. 6 IAM
11.1. IAM Policies
11.1.1. Service Name
11.1.2. Action
11.2. IAM Security Features
11.2.1. MFA
11.3. Actions Authorized by IAM
11.3.1. Launching a Linux EC2 instance
11.4. EC2 roles
11.4.1. Key rotation is not necessary.
11.5. temporary security tokens
12. 14 Architecture Best Practices
13. 7 Databases and AWS
13.1. 1. Databases
13.1.1. 1. DynamoDB
13.1.1.1. 1. non-relational database
13.1.1.1.1. 1. NoSQL databases like Amazon DynamoDB excel at scaling to hundreds of thousands of requests with key/value access to user profile and session
13.1.1.2. 2. fully managed, fast, and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale.
13.1.1.3. 3. DynamoDB tables
13.1.1.3.1. 1. Local secondary indexes can only be created when the table is being creseated
13.1.1.3.2. 2. You can only have one local secondary index
13.1.2. 2. RDS
13.1.2.1. 1. OLTP
13.1.2.1.1. 1. Online Transaction Processing
13.1.2.2. 2. RDS provides managed relational databases.
13.1.2.3. 3. increase resiliency
13.1.2.3.1. 1. split out the MySQL dB onto RDS Instance with Multi-AZ enabled
13.1.2.4. 4. RDS supports Microsoft SQL Server Enterprise edition and the license is available only under the BYOL model
13.1.2.5. 5. MySQL
13.1.2.5.1. 1. handle the load
13.2. 2. read replicas
13.2.1. 1. to increase performance, use read replicas to scale out the database and thus maximize read performance
13.2.2. 2. read replicas and a Multi-AZ deployment allow you to replicate your data and reduce the time to failover
13.3. 3. DB Snapshots
13.3.1. 1. can be used to restore a complete copy of the database at a specific point in time
13.3.2. 2. DB snapshots allow you to back up and recover your data
13.4. 4. Multi-AZ supported db engines
13.4.1. 1. MS SQL Server, MySQL, Aurora, PostgreSQL, Oracle...
13.5. 5. database failover
13.5.1. 1. Force a Multi-AZ failover from one Availability Zone to another by rebooting the primary instance using the Amazon RDS console.
13.5.1.1. 1. rebooting the primary instance using the Amazon RDS console.
13.6. 6. General Purpose (SSD) volumes are generally the right choice for databases that have bursts of activity
13.7. 7. offload read requests
13.7.1. 1. Add a read replica DB instance, and configure the client’s application logic to use a read-replica.
13.7.2. 2. Create a caching environment using ElastiCache to cache frequently used data. Update the application logic to read/write from the cache.
13.8. 8. securing the database
13.8.1. 1. requires a multilayered approach that secures the infrastructure, the network, and the database itself