1. Networking & Content Delivery in AWS
1.1. Amazon VPC (Virtual Private Cloud): Virtual network to secure resources
1.2. Subnet: Separate private & public resources
1.3. Internet Gateway: Allows Public Subnets to accept traffic to/from internet
1.4. NAT (Network Address Translation) Gateway: Allow internet traffic from private subnets
1.5. Security Group: Control traffic at an instance level
1.6. NACL: Control traffic at Subnet level
1.7. VPC Peering: Connect one VPC to another VPCs
1.8. VPC Flow Logs: Enable logs to debug problems. Mornitor traffic In & Out of VPC
1.9. AWS Direct Connect: Dedicated, fast, private connection to on-premise
1.10. AWS VPN: Encrypted tunnel over internet to on-premises
1.11. Amazon Route 53: Highly Available Global DNS service
1.12. Amazon CloudFront: Distribute content from edge locations. Users get lower latency (ex: S3 static website)
1.13. Global Accelerator: Static IP routes to closest endpoint (EC2, ELB, ...). Faster connection for global user (Edge locations)
2. Authentication, Authorization & Encryption
2.1. AWS IAM: Control Access to AWS resource Who can access AWS resource (authentication) What can they do (authorization)
2.2. IAM users: Users created in an AWS account
2.3. IAM groups: Collection of IAM users
2.4. IAM roles: Temporary identities whithout credentials
2.5. IAM policies: Define permissions Attach with IAM users, IAM group & IAM roles
2.6. Amazon Cognito: Web/Mobile App User Auth. & Authorization Supports SAML & Social Media Logins
2.7. AWS KMS: Create keys & encrypt your data Integration with Storage, Database & other AWS services
3. Managing Multi AWS Accounts
3.1. AWS Organizations: Centralized mgmt for multiple AWS Accounts: - Create separate AWS accounts for different business units - Create separate AWS account for different environments
3.1.1. Consolidated Billing: Get one bill across multiple accounts - Feature of AWS Organizations - Get discounts at enterprise level - With this feature, one account can share and use Reserved Instances from another account within the same organization
3.2. AWS IAM Identity Center: Manage IAM for multiple AWS Accounts - Centrally create & connect your workforce identities - Streamline single sign-on access on AWS
3.3. AWS Firewall Manager: Manage Firewalls across multiple AWS Accounts. - Supports Security Groups, WAF (Web Application Firewall), Shield, .. - Automatically enforce your defined security policies
4. IAM best practices
4.1. Users - create individual users
4.2. Groups - Manage permissions with groups
4.3. Permissions - Grant least privilege
4.4. Auditting - Turn on AWS CloudTrail
4.5. Password - Configure a strong password policy
4.6. MFA - Enable MFA for privileged users
4.7. Roles - Use IAM roles for Amazon EC2 instances
4.8. Sharing - Use IAM roles to share access
4.9. Rotate - Rotate security credentials regularly
4.10. Root - Reduce or remove use of root
5. DevOps
5.1. Versioning and Source Control: AWS Code Commit (Git)
5.2. CI/CD orchestration: AWS CodePipeline
5.2.1. Build and Test Code: AWS CodeBuild
5.2.2. Automate Deployment: AWS CodeDeploy
5.3. Observability - Tracing: X-Ray
5.4. Observability - Metrics & Alarms: CloudWatch
5.5. Observability: Logging: CloudWatch
5.6. IaC - AWS CloudFormation: YAML/JSON based scripts. Stack Set: Provision same resources in multiple regions
5.7. IaC- AWS CDK: IaC in your favorite programming language
5.8. IaC - AWS SAM: Easy provisioning & deployment of Serverless apps
5.9. App Configuration -Secrets: Secret Manager - Flexible Auto Rotation + Costlier + Integration with RDS, ... +
5.10. App Configuration - App Config + Secret: Parameter Store - Secrets + Configuration + Cost Effective
6. Interaction with AWS resource
6.1. AWS CLI: Interact with AWS services from command line - Write scripts to automate as needed - Best for: Users comforatble with CLI
6.2. AWS CloudShell: Browser-based command line interface - No need to configure software on your machine - Best for: Users who want to use command line from the browser
6.3. AWS Management Console: Web-based GUI - Access & manage AWS resources - Best for: Users that prefer a GUI to interact with AWS
6.4. AWS SDK: Call AWS services from your code - Libraries available for various programming languages - Best for: Integrate AWS servcies into their apps
6.5. IaC: AWS CloudFormation, AWS CDK, AWS SAM
7. Analytics & Intelligence
7.1. Amazon Redshift: Relational OLAP Database (Datawarehouse) - Petabyte scale with a serverless option (Reduced Management)
7.2. Amazon EMR (Elastic MapReduce): Big data framework service - Big data using Spark, Hadoop
7.3. AWS Glue: Discover, prepare, and integrate data at any scale. - Serverless data preparation & load service (ETL)
7.4. Amazon Athena: Run serverless SQL on Amazon S3 data - Ad-hoc data querying without server setup
7.5. Amazon QuickSight: Visualization - Business Intelligence Dashboards for insights - NLP (Natural language processing) powered by machine learning for easier analysis
7.6. Amazon Elasticsearch Service (Amazon ES): Search & analytics engine - Real-time application monitoring & log analysis
8. Simplifying Governance
8.1. AWS Artifact: Get access to AWS security & compliance reports
8.2. AWS Service Catalog: Create & govern curated IaC templates
8.3. AWS Marketplace: Deploy Third Party Applications Quickly
8.4. AWS Trusted Advisor: Get recommendations from AWS - Cost optimization, Performance, Security - Fault tolerance (resiliencey), Service limits, Operational Excellence - Checks SG rules allowing unrestricted access - 0.0.0.0/0
8.5. Amazon CloudTrail: Audit AWS Service calls - Track all activities on AWS services
9. Managing Costs in AWS
9.1. AWS Billing & Cost Management: Centralized dashboard. Manage your payment methods, Pay your bills
9.2. Pricing Calculator: Estimate cost of AWS resources
9.3. AWS Budgets: Set a Budget. - Get alerts from CloudWatch when you exceed the budget
9.4. AWS Cost Explorer: Visualize your AWS costs - Get right sizing recommendations - Filter by Region, AZ, tags, etc.. - See future cost projection
9.5. AWS Compute Optimizer: Resource optimization recommendations. - RightSizing for EC2, ECS, Lambda, EBS
9.6. Free to use but pay for resources provisioned. - AWS Management Console, AWS Cloud Formation, AWS Organizations,.. - Free: AWS Cost Explorer (UI), Identity & Access Management (IAM), ...
10. AWS Well-Architected Framework - Design Principles
10.1. Design Principles
10.1.1. Reliability: Automatically recover from failure - Scale horizontally, Stop guessing capacity - Manage change with automation
10.1.2. Security: Apply security at all layers - Protect data in transit & at rest - Maintain traceability
10.1.3. Operational excellence: Use managed services - Perform operations as code - Frequent, small, reversible changes - Anticipate & learn from failure
10.1.4. Performance efficiency: Go global in minutes - Experiment more often, Use serverless architectures
10.1.5. Cost optimization: Implement Cloud Financial Management: - Analyze & attribute expenditure
10.1.6. Sustainability: Understand your impact, Establish goals, Maximize utilization, Reduce the downstream impact
10.2. 6 Pillars
10.2.1. Sustainability: Meet needs without impacting future generations
10.2.2. Cost optimization: Ability to run systems at the lowest price point
10.2.3. Operational excellence: Ability to support development - Run workloads effectively - Gain insight into operations and continuously improve
10.2.4. Performance efficiency: Ability to use computing resources efficiently. Maintain that efficiency as demand changes and technologies evolve
10.2.5. Reliability: Ability of a workload to perform its intended function correctly and consistently
10.2.6. Security: Ability to protect data, systems & assets
11. AWS CAF (Cloud Adoption Framework)
11.1. AWS CAF: Framework to guide your cloud adoption
11.2. Envision phases: Identify & prioritize opportunities. Define success metrics and desired outcomes
11.3. Align phase: Identify capability gaps. Address gaps through upskilling, ..
11.4. Launch phase: Deliver pilot initiatives. Execute pilot projects. Interate and learn from initial deployments.
11.5. Scale phse: Expand & deliver business value. Expand successful pilots. Coninuously optimize your cloud environment
12. Managing your AWS Migration
12.1. AWS Migration Hub: Streamlines Migration Oversight. Central hub for tracking migration progress
12.2. Application Discovery Service: During initial analysis and planning. Collect on-premise infrastructure data
12.3. AWS Migration Evaluator: Focus on financial and technical feasibility. - Understand the implication, costs, and technical consideration of migration. - Identify the right AWS services and configurations (right-sizing) for your needs
12.4. Database Migration Service (DMS): Seamless Database Transition. Ensures minimal downtime for critical database workloads
12.5. Snowmobile: Securely transfer petabytes and exabyte of data. Recommended for > 10 Petabytes
12.6. Snowball Edge: Enhanced Data Transfer & Edge Computing - Offers offline data transfer & local computing capabilities - Suitable for remote or disconected environments
12.7. AWS DataSync: Accelerated Online Data Transfer. Automates data synchronization tasks
12.8. The AWS TCO (total cost ownership) Calculator provides estimates of potential cost savings from migrating to AWS
13. Getting help from AWS
13.1. AWS Knowledge Center: Article & videos with FAQs. Based on requests that AWS receives from customer
13.2. AWS Professional Services: Get help from AWS specialists. Plan, migrate & manage your AWS journey
13.3. AWS Partner Network: Get help from 3rd-party Certified Consultants. Migrate Workload with professional guidance
13.4. AWS Managed Services: Ongoing mgmt of your AWS infra. - Extend your team with operational support from AWS - Get help for mornitoring, patch, backup & cost optimization
13.5. AWS Support Plans: Get support from AWS - Basic (FREE): AWS Trusted Advisor Basic + AWS Health + Docs - Developer (PAID): Business hours email support - Business (PAID): 24/7 phone, web & chat support - Enterprise (PAID): Lots of additional features: AWS Managed Services (PAID) + TAM for proactive guidance + consultative review & guidance based on your apps
14. Key AWS Reports
14.1. IAM Credential Report: Auditing & Compliance. - List all your AWS IAM users - List status of credentials - MFA & last use of access keys
14.2. IAM Access Analyzer: Identifies resources shared with an external entity Example: S3 bucket that can be accessed by the public. IAM Role that can be accessed by another AWS account
14.3. Access Analyzer for S3: ANalyze access to S3 Identify S3 buckets configured to allow public access
14.4. S3 Inventory Report: Manage your storage. List of the objects in the source bucket & metadata for each object
14.5. AWS Cost & usage report: Understand your AWS expenses. ANalyze AWS spending & usage trends
14.6. AWS Trusted Advisor: Recommendation for your AWS account. Categories: Cost optimization, Performance, security, fault tolerance, service limits, operational excellence
15. Shared responsibility examples
15.1. AWS: Security of the Cloud - Physical security of data centers - Hardware and network infrastructure - Virtualization layer (HostOS)
15.2. Customer: Security in the Cloud - Data Security (Encryping data - rest & transit) - Proper Configuration (IAM, Security Groups, .. )
15.3. Example 1: Amazon EC2 (IaaS) AWS: Physical security, hardware, network infra, virtualization (Host OS)
15.4. Example 2: Amazon Se (PaaS) - AWS: Infrastructure, OS, networking, durability, availability - Customer: Data & configuration - Encryption, IAM, ACLs, Lifecycle, ..
15.5. Example 3: Amazon RDS (PaaS) - AWS: Infrastructure, OS, networking , DB Software installation, patching - Customer: Data & configuration - Backup, Encryption, IAM, ..
16. Advantages
16.1. Increase speed and agility => Exteriment fast
16.2. Go global in minutes => Multiple Regions around the world
16.3. Trade fixed expense for variable expense = >Pay only when you consume
16.4. Benefit from massive economies of scale => Lower pay-as-you-go prices
16.5. Stop guessing capacity => Scale up & down as required (Elasticity)
16.6. Stop spending money maintaining data centers => Avoid undeifferentiated heavy lifting
17. Compute Options
17.1. EC2: Virtual Machines in the Cloud
17.2. EC2 Auto Scaling: - Add/Remove EC2 instances based on load - Monitor & replace unhealthy instances (Auto Scaling Group)
17.3. Elastic Load Balancing: Load balance between multiple EC2 instances
17.4. AWS Elastic Beanstalk: - Simplified Deployment of EC2 instances (with ELB) - Fast Provision & Deployment of Python or Java or NodeJs or .. apps
17.5. Amazon ECS (Elastic Container Service): AWS Specific Container Orchestration
17.6. AWS Fargate: Serveless ECS
17.7. Amazon EKS: Kubernetes based Container Orchestration
17.8. AWS Lambda: Serverless Compute (Pay for invocations). Only for short duration workloads
17.9. AWS Batch: Run batch application on AWS
18. EC2 Pricing Options
18.1. Spot Instances($): Lowest cost, Interruptible, short-term const-sensitive workloads, can provide discounts of up to 90%
18.2. Reserved Instances ($$) : Reserve EC2 instances 1 year or 3 year commitment: - Standard and Convertible reserved instance types
18.3. Saving Plans ($$$): - 1 or 3 years commitment - Flexibility: EC2 or AWS Fargate or Lambda
18.4. On-Demand ($$$$): - Flexible, for immediate workloads - Always running for ONLY 1 week or 3 months
18.5. Dedicated Hosts ($$$$): - Your own dedicated server - Useful for specific licensing & security needs
19. AWS Storage Options
19.1. Block Storage
19.1.1. Instance Store: - Emphemeral Attached Block Storage - Lifecycle tied to EC2 instance
19.1.2. Elastic Block Store (EBS): - Network Block Storage - More durable. Attache & Detach as needed.
19.2. File Storage
19.2.1. Elasitic File Store (EFS): - Scalable file storage. - For Linux-based application, supports NFS protocol
19.2.2. Amazon FSx for Windows file Server: - Managed Windows-based file storage - Supports SMB protocols
19.3. Object Storage
19.3.1. Amazon S3: Serverless Object Storage - Flexible: Standard (Frequently accessed data), Glacier (Archive data), Intelligent-Tiering (unknown access patterns) - Support Versioning: Prevent Accidental Deletion - Create Low Latency Static Website with Amazon CloudFront
19.4. Hybrid Storage
19.4.1. AWS Storage Gateway: Hyprid Storage (on-premise + cloud) - AWS Storage File Gateway (Hybrid file share) - AWS Storage Tape Gateway (Tape backups) - AWS Storage Volume Gateway (Hybrid block storage)
20. AWS Database & Caching Options
20.1. No SQL DB
20.1.1. Amazon DynamoDB: - Serverless NoSQL/ Non Relational databases - Single-degit millisecond responses for million of TPS
20.1.2. Amazon Nepture: Graph Database - Store & nagivate data with complex relationships
20.2. SQL database
20.2.1. Amazon Redshift: Relational OLAP Database (Datawarehouse) - Petabyte scale with a serverless option (Reduced Management)
20.2.2. Amazon Aurora: Global Relational Database with Serverless Option MySQL, PostGreSQL compatible
20.2.3. Amazon RDS: - Managed Relational OLTP Databases: MySQL, SQL Server, Oracle, DB2, MariaDB, PostgreSQL
20.3. Cache
20.3.1. Amazon ElasticCache: In-memory database/cache - Option 1: Redis (persistent - leader boards) - Option 2: Memcached (non-persistent - pure cache)
21. Loose Coupling
21.1. Amazon SQS: Push, Pull Messaging - Decoupling microservices for scalability
21.2. Amazon SNS: Publish subscribe pattern Bulk notifications & Mobile push support (Email + SMS)
21.3. Amazon EventBridge: Build event-driven architectures - React to events generated from AWS services, SAAS & custom apps - EventBridge Scheduler provides shceduling services
21.4. Amazon Kinesis: Real-time data streaming & analytics - Process & analyze streaming data (e.g from IOT device) at scale
21.5. Amazon MSK: Managed Service for Apache Kafka - Fully managed, highly available Kafka service
21.6. AWS Step Functions: Workflow service to automate processes - Orchestrate serverless workflows with visual drag-and-drop interface
22. Machine learning
22.1. Pre-Built Models
22.1.1. Amazon Comprehend: Analyze Unstructured Text
22.1.2. Amazon Rekognition: Search & Analyze Images & Videos
22.1.3. Amazon Transcribe?: Powerful Speech Recognition
22.1.4. Amazon Polly: Turn Text into Lifelike Speech
22.1.5. Amazon Translate: Powerful Neural Machine Translation
22.1.6. Amazon Personalize: Add real-time recommendations to your apps
22.1.7. Amazon Forecast: Time-series forecasting service
22.1.8. Amazon Lex: Build Voice & Text Chatbots
22.1.9. Amazon Bedrock: Access Generative AI Foundation Models
22.2. Customized Model
22.2.1. Build Complex Models: Amazon SageMaker - Need data scientists and team
22.2.2. Build Simple Models: Amazon SageMaker Auto ML - Without needing data scientists - Needs Limited/no-code experience
23. Improving Your Security Posture in AWS
23.1. AWS Security Hub: Cloud secutrity posture mgmt (CSPM) service - Automate security best practice checks - Aggregate security alerts into a single place - Understand overall security posture across multiple AWS accounts
23.2. AWS SAF: Block SQL Injection + XSS - Protect your web application from OWASP Top 10 exploits - Can be deployed on CloudFront, ALB, API Gateway, .. - AWS Inpsector: Automated vulnerability mgmt - Discover software vulnerabilities & unintended network exposure - Discovers & scans EC2 instances, container images & Lambda fns
23.3. Amazon Macie: Detect PII (Personal indentifiable information) in S3 - Recognize & classify sensitive data
23.4. AWS Shield: Always-on DDoS protection - Integrates with Route 53, CloudFront, EC2, ELB..
24. AWS CAF
24.1. Perspective
24.1.1. Business: Ensure that your cloud investments accelerates: your digital transformation ambitions and business outcomes
24.1.2. People: Bridge between technology and business. Evolve to a culture of continuous growth, learning. Change becomes business-as-normal.
24.1.3. Governance: Orchestrate your cloud initiatives - Goal: Maximizing organizational benefits - Goal: Minimizing transformation-related risks
24.1.4. Platform: Build an enterprise-grade cloud platform. Modernize existing workloads. Implement cloud-native solutions
24.1.5. Security: Achieve CIA (confidentiality, integrity, and availability) for data and workload.
24.1.6. Operations: Deliver cloud services that meet business needs
24.2. Capabilities
24.2.1. Business: Strategy Mgmt, Product Mgmt, Portfolio Mgmt. Innovation Mgmt, Data monetization, Strategic partnership
24.2.2. People: Organizational Alignment, Organization Design. Culture Evolution, Cloud Fluency
24.2.3. Governance: Program & ProjectMgmt, Cloud Financial Mgmt, Application Portfolio Mgmt, Risk Mgmt, Data Curation, Data Governance
24.2.4. Platform: Architecutre, Provisioning & Orchestration - Modern AppIn Development, Data Engineering, Data Architecture, CI/CD
24.2.5. Security (CIA): Identity & Access Mgmt, Insfrastructure Protection. Vulerability Mgmt, Incident Response, Application Security. Threat Detection, Data Protection, Security Assurcance
24.2.6. Operations: Event Mgmt (AIOps), Incident & Problem Mgmt, Configuration Mgmt, Application Mgmt, Patch Mgmt, Availability & continuity Mgmt, Observability, Change & release Mgmt