Unlock the full potential of your projects.
Show full map
Copy and edit map Copy

AWS 101

Other
Ming 11
Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
AWS 101 by Mind Map: AWS 101

1. Security

1.1. IAM

1.1.1. AWS Security Token Service

1.1.1.1. Limited temp access to AWS resources

1.1.2. Identify Federation

1.1.2.1. SAML 2.0

1.1.3. AWS AD

1.2. Organization

1.2.1. Root OU

1.2.1.1. Sub OU

1.2.2. Master Acc.

1.3. System Manager

1.3.1. Parameter Store

1.4. Secret Manager

1.4.1. Auto gen and force rotation API key, DB cred

1.5. Encryption

1.5.1. CloudHSM

1.5.1.1. Customer manage root trust

1.5.2. AWS KMS

1.5.2.1. AWS manage root trust

2. Application

2.1. Messaging

2.1.1. SQS

2.1.1.1. Autoscale MQ -

2.1.1.2. consumer pull data

2.1.1.3. 1sec -14days

2.1.2. SNS

2.1.2.1. Push notification to HTTP/HTTPS/Email/Email JSON/SQS/Lambda

2.1.3. Kinesis

2.1.3.1. Kafka alt

2.1.3.2. consumer pull

2.1.3.3. Shard 1000rec/s

2.2. APIGW

2.2.1. API versioning, security, API key

2.2.2. Transform/validate req, throttle

2.2.3. To Lambda, HTTP endpoint, AWS

2.3. CI/CD

2.3.1. Code

2.3.1.1. AWS CodeCommit

2.3.1.2. Git

2.3.2. Build

2.3.2.1. AWS CodeBuild

2.3.2.2. Jenkins and others

2.3.3. Deploy

2.3.3.1. AWS Elastic Beanstalk

2.3.3.2. AWS CodeDeploy

2.3.3.3. CloudFormation EC2 fleet

2.3.4. Container

2.3.4.1. ECS

2.3.4.2. EKS

3. Well Architecture

3.1. Operational Excellence

3.2. Security

3.3. Reliability

3.4. Performance efficiency

3.5. Cost optimization

4. Operation

4.1. Config

4.1.1. Bean Stalk

4.2. Monitoring

4.2.1. CloudWatch

4.2.1.1. log agent for EC2

4.2.1.2. Watch alarm

4.2.2. CloudTrail

4.2.3. AWS Config: record config change for compliance

5. Compute

5.1. EC2

5.1.1. Mode

5.1.1.1. Ondemand

5.1.1.2. Reserved: 1yr or 3yr, can pay upfront

5.1.1.3. Spot

5.1.1.4. Dedicated host

5.1.2. Group replacement

5.1.2.1. Cluster - high perf, single AZ

5.1.2.2. Spread - high availability, AZ+

5.1.2.3. Partition - distributed

5.1.3. Scalability

5.1.3.1. Auto Scaling Group

5.1.3.1.1. Policy based on CPU/network/schedule/visitor pattern

5.1.3.1.2. Launch template

5.1.3.1.3. Lifecyle hook - restore/backup before start/shutdown

5.1.3.1.4. Regional

5.2. Serverless Lambda

5.2.1. ondemand scale, max 15mins

5.2.2. No docker

5.3. ECS

5.3.1. Regional

5.4. EKS

5.4.1. Multi-Region Cluster

6. Storage

6.1. EBS - block storage

6.1.1. Types

6.1.1.1. GP2 - 3k IPOS

6.1.1.1.1. boot volume

6.1.1.2. IOS - 64K IOPS

6.1.1.2.1. SDD IO=16KB

6.1.1.2.2. transactional workload

6.1.1.3. Throughput optimized (ST1)

6.1.1.3.1. HDD IO=1MB

6.1.1.3.2. big data, streaming, log

6.1.1.4. Cold HDD (SC1)

6.1.2. Snapshot

6.1.2.1. Incremental

6.1.2.2. Copy EBS to another AZ

6.1.2.3. Lifecycle policy - schedule backup, retention by tag

6.1.3. Encryption

6.1.3.1. Encrypt non-encrypted volume: Create Snapshot - Copy Snap and Encrypt - Create volume from Snap - attach new volume

6.2. EFS - file system

6.2.1. Mount to diff EC2, AZ+

6.2.2. 10GB/s, low latency mode/high throughput mode

6.3. S3 - object storage

6.3.1. Bucket - file sys with ACL

6.3.1.1. regionalm cross AZ backup

6.3.1.2. cross-region replication

6.3.1.3. global unique

6.3.2. Storage class

6.3.2.1. GP

6.3.2.2. In-frequent access

6.3.2.3. Glacier

6.3.3. Lifecycle by prefix or tag

6.3.4. Encrption

6.3.4.1. SSE-S3 - AWS managed

6.3.4.2. SSE-KMS - user managed at cloud

6.3.4.3. SSE-C - user managed

6.3.4.4. Client side

6.3.5. Pre-signed URL - for a limited time

6.3.6. Cross Origin Resource Sharing - allow bucket website to GET/ POST/ UPDATE object in another bucket

6.3.7. Serverless Analytic - Athena

7. Network

7.1. ELB

7.1.1. Types

7.1.1.1. Classic

7.1.1.2. App LB

7.1.1.2.1. HTTP/HTTPS/WebSocket

7.1.1.3. Network LB

7.1.1.3.1. TCP layer 4 /TLS/UDP

7.1.2. Features

7.1.2.1. Server Name Indication(SNI)

7.1.2.2. Deregistration Delay

7.2. VPC

7.2.1. CIDR for sec group

7.2.2. Internet Gateway for each VPC

7.2.3. Pub (DMZ) vs Private Subnet

7.2.3.1. NAT in pub subnet

7.2.4. NACL (subnet) vs Sec Group (EC2)

7.2.5. VPC peering

7.2.5.1. Route table - add route in both tables

7.2.5.1.1. Still need to add sec group

7.3. DNS - Route 53

7.3.1. Routing policy

7.3.1.1. Random

7.3.1.2. Weighted

7.3.1.3. Latency

7.3.1.4. Failover

7.3.1.5. Geo

7.3.2. Endpoint: IP/domain, HTTP/HTTPS/TCP

7.4. CDN

7.4.1. CloudFront

7.4.1.1. Use Origin Access Identity to access S3

7.4.1.2. Use Signed URL/Cookie to distribute paid content

7.4.2. Global Accelerator

7.4.2.1. 2 IP to connect EC2, LB, elastic IP

7.5. AWS Shield (DDoS)

7.6. Web App Firewall

7.6.1. HTTP L7

7.6.2. Protect SQL injection, Cross Site Scipting XSS

8. Data

8.1. Relational

8.1.1. RDS

8.1.1.1. Usage: structured, relational, OLTP

8.1.1.2. Auto pacthing, AZ+

8.1.1.3. Aurora, MySQL, MariaDB, ProsgreSQL, Oracle, MS SQL

8.1.1.4. Auto backup

8.1.1.4.1. Daily full backup, 7 days retention

8.1.1.4.2. Tran log every 5min

8.1.1.4.3. Snapshot by user

8.1.1.5. Read Replicas

8.1.1.5.1. ASYNC, concurrent READ, RW

8.1.1.5.2. Within AZ free, AZ+ $$

8.1.1.6. Multi AZ

8.1.1.6.1. SYNC

8.1.1.6.2. One DNS name, auto failover

8.1.2. Aurora

8.1.2.1. PostgreSQL, MySQL

8.1.3. Athena (Serverless)

8.1.3.1. Onetime SQL

8.1.4. Data Warehouse Redshift

8.1.4.1. PostgreSQL for PB scale OLAP

8.2. NoSQL

8.2.1. DynamoDB

8.2.1.1. Managed DB across 3 AZ

8.2.1.2. Tables with primary key