AWS

This is for AWS Associate Certificate

Get Started. It's Free
or sign up with your email address
AWS by Mind Map: AWS

1. Networking & Content Delivery in AWS

1.1. Amazon VPC: Virtual network to secure resources

1.2. Subnet: Separate private & public resources

1.3. Internet Gateway: Allows Public Subnets to accept traffic to/from internet

1.4. NAT Gateway: Allow internet traffic from private subnets

1.5. Security Group: Control traffic at an instance level

1.6. NACL: Control traffic at Subnet level

1.7. VPC Peering: Connect one VPC to another VPCs

1.8. VPC Flow Logs: Enable logs to debug problems. Mornitor traffic In & Out of VPC

1.9. AWS Direct Connect: Dedicated, fast, private connection to on-memise

1.10. AWS VPN: Encrypted tunnel over internet to on-premises

1.11. Amazon Route 53: Highly Available Global DNS service

1.12. Amazon CloudFront: Distribute content from edge locations. Users get lower latency (ex: S3 static website)

1.13. Global Accelerator: Static IP routes to closest endpoint (EC2, ELB, ...). Faster connection for global user (Edge locations)

2. Authentication, Authorization & Encryption

2.1. AWS IAM: Control Access to AWS resource Who can access AWS resource (authentication) What can they do (authorization)

2.2. IAM users: Users created in an AWS account

2.3. IAM groups: Collection of IAM users

2.4. IAM roles: Temporary identities whithout credentials

2.5. IAM policies: Define permissions Attach with IAM users, IAM group & IAM roles

2.6. Amazon Cognito: Web/Mobile App User Auth. & Authorization Supports SAML & Social Media Logins

2.7. AWS KMS: Create keys & encrypt your data Integration with Storage, Database & other AWS services

3. IAM best practices

3.1. Users - create individual users

3.2. Groups - Manage permissions with groups

3.3. Permissions - Grant least privilege

3.4. Auditting - Turn on AWS CloudTrail

3.5. Password - Configure a strong password policy

3.6. MFA - Enable MFA for privileged users

3.7. Roles - Use IAM roles for Amazon EC2 instances

3.8. Sharing - Use IAM roles to share access

3.9. Rotate - Rotate security credentials regularly

3.10. Root - Reduce or remove use of root

4. DevOps

4.1. Versioning and Sourc Control: AWS Code Commit (Git)

4.2. CI/CD orchestration: AWS CodePipeline

4.2.1. Build and Test Code: AWS CodeBuild

4.2.2. Automate Deployment: AWS CodeDeploy

4.3. Observability - Tracing: X-Ray

4.4. Observability - Metrics & Alarms: CloudWatch

4.5. Observability: Logging: CloudWatch

4.6. IaC - AWS CloudFormation: YAML/JSON based scripts. Stack Set: Provision same resources in multiple regions

4.7. IaC- AWS CDK: IaC in your favorite programming language

4.8. IaC - AWS SAM: Easy provisioning & deployment of Serverless apps

4.9. App Configuration -Secrets: Secret Manager - Flexible Auto Rotation + Costlier + Integration with RDS, ... +

4.10. App Configuration - App Config + Secret: Parameter Store - Secrets + Configuration + Cost Effective

5. Interaction with AWS resource

5.1. AWS CLI: Interact with AWS services from command line - Write scripts to automate as needed - Best for: Users comforatble with CLI

5.2. AWS CloudShell: Browser-based command line interface - No need to configure software on your machine - Best for: Users who want to use command line from the browser

5.3. AWS Management Console: Web-based GUI - Access & manage AWS resources - Best for: Users that prefer a GUI to interact with AWS

5.4. AWS SDK: Call AWS services from your code - Libraries available for various programming languages - Best for: Integrate AWS servcies into their apps

5.5. IaC: AWS CloudFormation, AWS CDK, AWS SAM

6. Advantages

6.1. Increase speed and agility => Exteriment fast

6.2. Go global in minutes => Multiple Regions around the world

6.3. Trade fixed expense for variable expense = >Pay only when you consume

6.4. Benefit from massive economies of scale => Lower pay-as-you-go prices

6.5. Stop guessing capacity => Scale up & down as required (Elasticity)

6.6. Stop spending money maintaining data centers => Avoid undeifferentiated heavy lifting

7. Compute Options

7.1. EC2: Virtual Machines in the Cloud

7.2. EC2 Auto Scaling: - Add/Remove EC2 instances based on load - Monitor & replace unhealthy instances (Auto Scaling Group)

7.3. Elastic Load Balancing: Load balance between multiple EC2 instances

7.4. AWS Elastic Beanstalk: - Simplified Deployment of EC2 instances (with ELB) - Fast Provision & Deployment of Python or Java or NodeJs or .. apps

7.5. Amazon ECS: AWS Specific Container Orchestration

7.6. AWS Fargate: Serveless ECS

7.7. Amazon EKS: Kubernetes based Container Orchestration

7.8. AWS Lambda: Serverless Compute (Pay for invocations). Only for short duration workloads

7.9. AWS Batch: Run batch application on AWS

8. EC2 Pricing Options

8.1. Spot Instances($): Lowest cost, Interruptible, short-term const-sensitive workloads

8.2. Reserved Instances ($$) : Reserve EC2 instances 1 year or 3 year commitment

8.3. Saving Plans ($$$): - 1 or 3 years commitment - Flexibility: EC2 or AWS Fargate or Lambda

8.4. On-Demand ($$$$): - Flexible, for immediate workloads - Always running for ONLY 1 week or 3 months

8.5. Dedicated Hosts ($$$$): - Your own dedicated server - Useful for specific licensing & security needs

9. AWS Storage Options

9.1. Block Storage

9.1.1. Instance Store: - Emphemeral Attached Block Storage - Lifecycle tied to EC2 instance

9.1.2. Elastic Block Store (EBS): - Network Block Storage - More durable. Attache & Detach as needed.

9.2. File Storage

9.2.1. Elasitic File Store (EFS): - Scalable file storage. - For Linux-based application, supports NFS protocol

9.2.2. Amazon FSx for Wondows file Server: - Managed WIndows-based file storage - Supports SMB protocols

9.3. Object Storage

9.3.1. Amazon S3: Serverless Object Storage - Flexible: Standard (Frequently accessed data), Glacier (Archive data), Intelligent-Tiering (unknown access patterns) - Support Versioning: Prevent Accidental Deletion - Create Low Latency Static Website with Amazon CloudFront

9.4. Hybrid Storage

9.4.1. AWS Storage Gateway: Hyprid Storage (on-premise + cloud) - AWS Storage File Gateway (Hybrid file share) - AWS Storage Tape Gateway (Tape backups) - AWS Storage Volume Gateway (Hybrid block storage)

10. AWS Database & Caching Options

10.1. No SQL DB

10.1.1. Amazon DynamoDB: - Serverless NoSQL/ Non Relational databases - Single-degit millisecond responses for million of TPS

10.1.2. Amazon Nepture: Graph Database - Store & nagivate data with complex relationships

10.2. SQL database

10.2.1. Amazon Redshift: Relational OLAP Database (Datawarehouse) - Petabyte scale with a serverless option (Reduced Management)

10.2.2. Amazon Aurora: Global Relational Database with Serverless Option MySQL, PostGreSQL compatible

10.2.3. Amazon RDS: - Managed Relational OLTP Databases: MySQL, SQL Server, Oracle, DB2, MariaDB, PostgreSQL

10.3. Cache

10.3.1. Amazon ElasticCache: Inmemory database/cache - Option 1: Redis (persistent - leader boards) - Option 2: Memcached (non-persistent - pure cache)

11. Loose Coupling

11.1. Amazon SQS: Push, Pull Messaging - Decoupling microservices for scalability

11.2. Amazon SNS: Publish subscribe pattern Bulk notifications & Mobile push support (Email + SMS)

11.3. Amazon EventBridge: Build event-driven architectures - React to events generated from AWS services, SAAS & custom apps - EventBridge Scheduler provides shceduling services

11.4. Amazon Kinesis: Real-time data streaming & analytics - Process & analyze streaming data (e.g from IOT device) at scale

11.5. Amazon MSK: Managed Service for Apache Kafka - Fully managed, highly available Kafka service

11.6. AWS Step Functions: WOrkflow service to automate processes - Orchestrate serverless workflows with visual drag-and-drop interface