What is Cloud?

• Cloud computing is the on-demand delivery of IT resources through a cloud services platform over the Internet with pay-as-you-go pricing

  • In short, it is quick access to flexible, low-cost IT resources

Cloud Service Models

• Infrastructure as a Service (IaaS) delivers infrastructure and resources to its users

• Platform as a Service (PaaS) delivers a software creation platform to its users

• Software as a Service (SaaS) delivers applications over the Internet to its users

Cloud Deployment Models

• Cloud deployment is a model in which resources are cloud-native or migrated to the cloud

• Hybrid deployment is a model in which cloud resources and on-premises resources are used together

• On-premises deployment is a model in which on-premises resources are used exclusively

Cloud Advantages

• Variable cost structure

  • Economies of scale

  • Capacity handling

  • Speed and agility

  • Less infrastructure investment

  • Global reach

Global Infrastructure

• A region is a geographic area that hosts two or more availability zones

  • Organizing level for AWS

• An availability zone (AZ) is a physically isolated group of data centers

• AZs connected in-region by a fast, low-latency network (makes synchronous replication of data possible)

Interfaces

• The AWS Command Line Interface (CLI) is a unified tool to manage AWS

• The AWS Management Console is a simple web interface for AWS

• AWS Tools and Software Development Kits (SDKs) is a framework that integrates code with AWS

Analytics Services

• Amazon Athena is an interactive query service

  • Analyze data in S3 using SQL

• Amazon Kinesis is a stream processing service

  • Collect, process, and analyze streaming data and videos

  • Amazon Kinesis Data Firehose loads streams into data stores

  • Amazon Kinesis Data Analytics analyzes data streams

  • Amazon Kinesis Data Streams captures data streams

• Amazon QuickSight is a BI service

  • Create and publish dashboards

• AWS Glue is an ETL service

  • Catalog, clean, enrich, and move data between data stores

  • Automatic data discovery, data profiling, and code generation

  • AWS Glue Data Catalog stores metadata to make data searchable, query-able, and available for ETL

• Amazon Elastic MapReduce (EMR) is a MapReduce service

  • Run and scale a managed Hadoop framework

  • MapReduce is a method to process vast sums of data in parallel

• AWS CloudSearch is a search engine service

  • Search structured and unstructured data in applications

• AWS Data Pipeline is an orchestration service

  • Schedule data movement and data processing activities

• Amazon Elasticsearch Service is an Elasticsearch service

  • Search, analyze, and visualize log data

  • Elasticsearch is a search and analytics engine

Application Integration Services

• Amazon Simple Queue Service (SQS) is a message queuing service

  • Send, store, and receive messages between pieces of software without losing messages or requiring other services to be available

• AWS Step Functions is a component coordination service

  • Design and run workflows that stitch together services

• Amazon Simple Notification Service (SNS) is a notification service

  • Pub/sub (publisher/subscriber), mobile push, and SMS

  • Coordinate and manage messages to subscribing endpoints

Business Application Services

• Amazon Chime is a communication service

  • Meet, chat, and place business calls

• Amazon WorkDocs is a content collaboration service

  • Create, edit, and share business content

• Amazon WorkMail is an email and calendar service

  • Access business email, contacts, and calendars from client applications (e.g., Outlook)

Computing Services

• Amazon Elastic Compute Cloud (EC2) is a computing service

  • Obtain and configure computing capacity

  • An instance is a virtual server

  • An instance type is a configuration of CPU, memory, storage, and networking capacity for an instance

  • Instance type options include general purpose, compute optimized, storage optimized, and memory optimized

  • A tag is metadata that can be assigned to an instance

  • A key pair is a public-private key combination for secure login

  • An instance store is a storage volume for temporary data when an instance is stopped or terminated, operation systems, no personal info should be stored here

  • An Elastic IP address is an IPv4 address that can be attached to an instance

  • An On-Demand Instance is an instance used on demand

    • Charged per hour/second

    • Short term

    • Unpredictable workloads

  • A Spot Instance is an unused instance reserved in advance for flexible workloads, (i.e., workload can handle interruptions)

    • Spare AWS capacity for up to 90% discount

    • Apps with flexible start and end times

    • Urgent computing needs for large amounts of capacity

  • A Reserved Instance (RI) is an instance reserved in advance for continuous workloads (standard, convertible, and scheduled)

    • Discount for 1-3 year commitments

    • Apps with steady state usage

  • A Scheduled Instance is an instance reserved in advance for scheduled, noncontinuous workloads

  • A Dedicated Instance is an instance that allows the use of software licenses from other vendors and is physically isolated at the hardware level

  • Dedicated host is a physical server dedicated to you

    • Apps with specific cloudce requirements

  • A security group is a set of firewall rules for inbound and outbound instance traffic

  • An Amazon Machine Imagine (AMI) is a template that contains the software configuration required to launch an instance

  • Can self-host a relational database instead of using RDS

  • Linux/Ubuntu instances bill by second, all others bill by hour rounded up (e.g., 4.5 hours of compute = 5 hours billed)

• Amazon EC2 Auto Scaling is a scaling service

  • Scale EC2 in or out to handle application load

  • Scheduled scaling scales activity based on known traffic patterns

  • Dynamic scaling scales activity based on current traffic patterns

  • Predictive scaling scales activity based on predicted traffic patterns

  • An Auto Scaling Group is a logical grouping of instances for a desired level of capacity

  • A launch configuration is a configuration template used to launch an instance

• AWS Lambda is a serverless computing service, without managing servers you can run code

  • Write event-driven code without overhead considerations

  • Supports many programming languages

  • A Lambda function is the uploaded code

• Amazon Lightsail is a private computing service

  • Preconfigured bundles of compute, storage, and networking capacity for a low, predictable price

  • Ideal for developers, students, and inexperienced cloud users

• AWS Batch is a batch computing service

  • Plan, schedule, and run batch workloads

• AWS Elastic Beanstalk is a web application service

  • Deploy, monitor, and scale applications quickly and easily

  • Emphasis on writing code, so many application stacks and programming languages are supported

Container Services

• Amazon Elastic Container Service (ECS) is a container management service

  • Run containerized applications

  • A container is a standard unit of software that packages code with its dependencies

• Amazon Elastic Container Registry (ECR) is a container registry service

  • Store, manage, and deploy container images (e.g., Docker)

  • Docker is a containerization platform

• Amazon Elastic Kubernetes Service (EKS) is a Kubernetes service

  • Deploy, scale, and manage containerized applications

  • Kubernetes (K8s) is a container orchestration service

• AWS Fargate is a serverless compute service for containers

  • Build applications and deploy them with ECS or EKS

Cost Management Services

• AWS Budgets is a budgeting service

  • Get alerts when cost or usage budgets are exceeded

• AWS Cost & Usage Reports is a cost and usage reporting service

  • Access granular reports on cost and usage

• AWS Cost Explorer is a cost exploration service

  • Visualize, understand, and manage cost and usage over time

  • Forecast costs based on past usage

  • Savings Plans is a flexible pricing model on compute usage

• The Total Cost of Ownership (TCO) Calculator allows customers to evaluate the savings from using AWS products and services

  • Match your current infrastructure to the most cost-effective AWS offering

  • Considers indirect cost of datacenter operations, such as cooling and power consumption, physical space, real estate, labor, and IT costs

• The AWS Pricing Calculator estimates the cost of AWS products and services

  • Model solutions and explore price points

  • Also known as the AWS Simple Monthly Calculator

Customer Engagement Services

• Amazon Simple Email Service (SES) is an email messaging service

• Amazon Connect is a contact center service

Database Services

• Amazon Aurora is a relational database engine service

  • Akin to a custom fork of RDS with an optimized storage layer

  • Supports MySQL and PostgreSQL

  • Open source simplicity with commercial grade performance

  • Amazon Aurora Serverless is an on-demand, auto-scaling configuration of Amazon Aurora

• Amazon DynamoDB is a non-relational database service

  • Supports key-value and document data models

  • Ideal for high-performance, Internet-scale applications

  • Global Tables are tables replicated across desired regions for globally distributed applications

  • DynamoDB Accelerator (DAX) is an in-memory cache that reduces response time to microseconds

  • Point-in-time recovery (PITR) provides continuous backups of tables and protects data against accidental changes

• Amazon ElastiCache is an in-memory caching service

  • Retrieve information quickly from in-memory data stores

  • Querying a database is always slower and more expensive than locating a copy of that data in a cache

  • Supports Redis and Memcached

• Amazon Neptune is a graph database service

• Amazon Redshift is a data warehouse service

  • Query structured data using familiar SQL clients and BI tools

  • A data warehouse is a repository of organized, processed data from many sources

• Amazon Relational Database Service (RDS) is a relational database service

  • A DB instance is a database environment with specified compute and storage resources

  • DB instance type options are general purpose, memory optimized, and burstable performance

  • Supports MySQL, PostgreSQL, MariaDB, SQL Server, Oracle, and Aurora

Developer Services

• AWS CodeCommit is source control service

  • Version code in secure repositories

• AWS CodeBuild is a continuous integration service

  • Automate build and test processes

  • Continuous integration (CI)  is a software development practice where developers regularly merge their code changes into a central repository

• AWS CodeDeploy is a continuous deployment service

  • Automate the release process

  • Continuous deployment (CD) is a software development practice where code changes are automatically prepared for a release to production

• AWS CodePipeline is a CI/CD service

  • Automate build, test, and release processes

  • Combination of CodeCommit, CodeBuild, and CodeDeploy

• AWS X-Ray is a distributed tracing service

  • Debug and monitor distributed applications

  • Distributed tracing is a diagnostic technique for understanding how a set of services coordinate to handle user requests

  • A distributed application is software that is executed or run on multiple computers within a network

End User Computing Services

• Amazon AppStream 2.0 is an application streaming service

  • Deliver desktop applications to any computer

• Amazon WorkSpaces is a desktop delivery service

  • Provision virtual desktops

Machine Learning Services

• Amazon Lex is a conversational interface service

  • Build voice and text chatbots

• Amazon Polly is a speech-enablement service

  • Turn text into lifelike speech

• Amazon Rekognition is an image and video recognition service

  • Identify objects and perform visual analysis

• Amazon SageMaker is a ML service

  • Build, train, and deploy ML models

Management & Governance Services

• AWS Config is a configuration monitoring service

  • Simplify compliance auditing, security analysis, change management, and operational troubleshooting

• AWS Service Catalog is a catalog management service

  • Create and use standardized products

• Amazon CloudWatch is a resource monitoring service

  • Collect data across resources in the form of logs, metrics, and events, and visualize it with dashboards

  • Alarms and automated actions trigger on predefined thresholds or anomalous behavior in metrics

  • Use cases include application monitoring, log analytics, infrastructure monitoring, and resource optimization

• AWS CloudFormation is a resource modeling service

• allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.

  • Provision resources as code in templates

  • A stack is a collection of resources managed as a single unit

• AWS Organizations is a management and governance service

  • Control billing, account resources, and security and compliance

  • Consolidated billing aggregates billing, payment, and usage for multiple accounts which allows the sharing of volume discounts, Savings Plans, and RI discounts

• AWS CloudTrail is an activity logging service

  • Track user and account activity

  • Event history allows for simpler auditing and troubleshooting

• AWS Trusted Advisor is a resource optimization service

  • Provision resources following AWS best practices

  • Performance, security, fault tolerance, service limits, and cost recommendations

• AWS Systems Manager is a systems management service

  • Gain operational insights and take action on resources

  • A resource group is a collection of resources that can be managed as a single unit (i.e., tagging or CloudFormation stack)

• AWS Managed Services is a resource implementation service

  • Get experts to operate and manage enterprise resources

• AWS Personal Health Dashboard is a remediation guidance tool

  • Get personalized views of health, proactive notifications, and detailed troubleshooting information

• AWS OpsWorks is a configuration management service

  • Supports Chef and Puppet

  • Use code to automate server configuration

Media Services

• Amazon Elastic Transcoder is a media transcoding service

  • Convert audio and video files into formats for supported devices

Migration & Transfer Services

• AWS Database Migration Service (DMS) is a database migration service

• AWS Server Migration Service (SMS) is a server migration service

• AWS Snowmobile is an exabyte-scale data migration service

  • Move massive amounts of data physically via shipping container

• AWS Snowball is a petabyte-scale data transfer service

  • Move data with physical storage appliances

• AWS Snowball Edge is a data transfer service for edge computing

  • Move data with physical storage appliances and support local workloads in remote or offline environments

  • Edge computing is computing done at or near the data source

  • Good when data generation is decentralized, data volumes are significant, and network connectivity is intermittent

• AWS Application Discovery Service (ADS) is an application discovery service

  • Discover on-premises resources, group into applications, and plan migrations

• AWS Migration Hub is an application migration service

  • Track all resources in migrations from a single location

Mobile Services

• AWS Device Farm is an application testing service

  • Test applications across browsers and devices

• Amazon Pinpoint is a user engagement service

  • Communicate with end users and measure engagement across channels (e.g., A/B testing, campaign management, etc.)

Networking & Content Delivery Services

• Amazon Route 53 is a DNS service

  • Route end users to applications, purchase domain names, and monitor endpoint health

  • A domain name system (DNS) connects URLs with IP addresses

• Amazon Global Accelerator is a global networking service

  • Improve application availability and performance and route users to optimal endpoints

• AWS VPN is a VPN service

  • Set up secure connections to VPC or on-premises networks

• Amazon CloudFront is a CDN service

• Deliver content across massively scaled and globally available network

  • Deliver content quickly and securely to end users

  • Use cases include static asset caching, live and on-demand video streaming, customizable content delivery, security, software distribution, and dynamic content and API acceleration

  • A content delivery network (CDN) is a distributed network of servers and data centers

  • An edge location is a localized cache that lives close to end users

  • Lambda@Edge is a feature that allows code to run closer to end users (i.e., in response to CDN events)

• Amazon Virtual Private Cloud (VPC) is a private networking service

• My personal space within the aws cloud can put single or multiple AZ , within those AZ carve out subnets: collection of available space within VPC , subnet where create instances ( subnets can be public or private)

  • Provision a logically isolated section of the cloud to launch and manage resources

  • A subnet is a subset of a VPC network which can house isolated resources

  • An Internet gateway is the VPC side of an Internet connection

  • A network access control list (NACL) is a layer of security for VPC that acts as a firewall for inbound and outbound subnet traffic

• AWS Direct Connect is a network connection service

  • Establish a direct network connection on-premises to AWS

• Amazon API Gateway is an API service

  • Create, maintain, and secure APIs

• Elastic Load Balancing (ELB) is a traffic distribution service

  • The Load Balancer serves as the point of contact for client requests, routing traffic across multiple targets

  • The Listener forwards requests to targets with the appropriate protocol and port configurations

  • The Network Load Balancer routes traffic for applications with performance requirements or volatile traffic patterns

  • The Application Load Balancer routes traffic for modern application architectures

  • The Classic Load Balancer routes traffic for legacy options (i.e., EC2 instances launched prior to VPC)

Security, Identity & Compliance Services

• Amazon Inspector is a security assessment service

  • Analyzes applications for exposure, vulnerabilities, and deviation from best practices

• Amazon Cognito is an application identity management service

  • Add user sign-up, sign-in, and access control to applications

• AWS Artifact is a compliance reporting service

  • Access compliance reports, accreditations, and agreements (e.g., ISO certifications, NDAs, etc.)

• AWS Shield is a DDoS protection service

  • Protect resources against web traffic overflows

  • A distributed denial of service (DDoS) is a malicious attempt to crash an application, service, or network with excessive traffic

• AWS Firewall Manager is a firewall management service

  • Simplify WAF administration and security rules across resources

• AWS Key Management Service is a key management service

  • Create and control keys to encrypt or digitally sign data

• Amazon Cloud Directory is a directory service

  • Organize and manage application resources and relationships between them

• AWS Secrets Manager is a secret management service

  • Rotate, manage, and retrieve database credentials and API keys

• AWS Certificate Manager is a certificate management service

  • Provision, manage, and deploy digital certificates (i.e., SSL/TLS)

  • A digital certificate creates a secure link between a web browser and a web server

• AWS CloudHSM is an HSM service

  • Generate and use encryption keys

  • A hardware security module (HSM) provides secure key storage and cryptography on a tamper-resistant hardware device

• AWS Web Application Firewall (WAF) is a firewall security service

  • Create security rules to block common attack patterns and exploits (e.g., SQL injection)

• AWS Identity and Access Management (IAM) is a resource access service

  • Control resource authentication and authorization

  • A user is an operator with permanent credentials

  • A group is a collection of users

  • A role is an operator with temporary credentials

  • A policy document is attached to a user, group, or role and defines permissions via JSON

  • Multi-factor authentication (MFA) is a best practice that adds another layer of security to a username and password

  • Least privilege is a best practice in which users are granted only the permissions necessary to do particular tasks

  • An access key is a long-term credential that allows for programmatic access to the AWS CLI or AWS API

• Security bulletins notify customers of security and privacy events

• Penetration testing is the practice of testing a network or web application for security vulnerabilities

  • Allowed by the client on eight select services without permission (e.g., Elastic Beanstalk)

Storage Services

• Amazon Simple Storage Service (S3) is an object storage service

• Unlimited storage (buckets)

• Single object limited to 5 TB

• Common Scenarios: backup and store, application hosting, media hosting, software delivering

  • Retrieve any amount of data from anywhere via Internet

  • Foundational for serverless computing, user-driven content, backup and recovery, and data lakes

  • A data lake is a repository of raw, unstructured data

  • Object storage stores data in distinct units consisting of the data itself, associated metadata, and a unique identifier

  • A bucket is a container for objects

  • Transfer acceleration enables fast and secure bucket transfers using CloudFront edge locations

  • Cross-region replication enables the copying of objects across buckets in different regions

  • S3 Standard is a storage class for frequently accessed data, replicated over all AZ if 3+ AZ

  • S3 Intelligent-Tiering is a storage class for data with changing or unknown access patterns

  • S3 Reduced Redundancy is a storage class for frequently accessed, non-critical data

  • S3 Standard-IA/One Zone-IA is for long-lived, infrequently accessed data

• Amazon Elastic Block Store (EBS) is a block storage service

• If building database applications use EBS and high throughput volumes , faster than s3

  • Mount a storage volume (i.e., hard disk) to an instance

  • Foundational for mission-critical systems, such as databases, enterprise applications, and operating systems

  • Encryption occurs on both data-at-rest and data-in-transit

  • Block storage stores data as fixed-size units, each with a unique address

  • A snapshot is an incremental backup

  • EBS Provisioned IOPS is an SSD volume type for latency-sensitive transactional workloads

  • EBS General Purpose is an SSD volume type for a wide range of transactional workloads

  • EBS Throughput Optimized is an HDD volume type for frequently accessed, throughput-intensive workloads

  • EBS Cold is an HDD volume type for less frequently accessed workloads

• Persistent block storage for instances (EC2)

• Protected through replication

• Different Drive Types : SSD (faster, perform better) and HDD (physical media)

• Scale up or down in minutes

• Pay for only what provision still pay for storage in EBS

• Snapshot functionality

• Encryption available

• Amazon Elastic File System (EFS) is a file storage service

  • Set up a Linux file system

• Amazon S3 Glacier is a data archiving and long-term backup service

  • Store infrequently accessed data inexpensively

  • Expedited Retrieval returns data in a 1-5 minutes

  • Standard Retrieval returns data in 3-5 hours

  • Bulk Retrieval returns data in 5-12 hours

• AWS Storage Gateway is a hybrid storage service

  • Get on-premises access to virtually unlimited cloud storage

Shared Responsibility Model

• The Shared Responsibility Model states that security and compliance are shared responsibilities between AWS and the customer

  • Security in the cloud is the responsibility of the customer

  • Security of the cloud is the responsibility of AWS

  • Shared Controls apply to the infrastructure layer and customer layer (e.g., awareness and training)

  • Inherited Controls include physical and environmental controls

  • Customer Specific Controls include service and communication protection and zone security

• Under the shared responsibility model, AWS is responsible for the hardware and software that run AWS services. This includes patching the infrastructure software and configuring infrastructure devices. As a customer, you are responsible for implementing best practices for data encryption, patching guest operating system and applications, identity and access management, and network & firewall configurations.

Pricing

• Storage is paid at the GB level

• Inbound data transfer is free

• Outbound data transfer is paid at the GB level

• Compute is paid by the minute or hour

• In general, pay only when you use, pay less when you reserve, and pay less as you use more

Well-Architected Framework

• Operational excellence

  • Perform operations as code

  • Annotate documentation

  • Make frequent, small, reversible changes

  • Refine procedures frequently

  • Anticipate failure

  • Learn from operational failures

• Security

  • Implement a strong identity foundation

  • Enable traceability

  • Apply security at all layers

  • Automate security best practices

  • Protect data in transit and at rest

  • Prepare for security events

• Reliability

  • Test recovery procedures

  • Automatically recover from failure

  • Scale horizontally to reduce single points of failure

  • Stop estimating capacity

  • Manage change in automation

• Performance efficiency

  • Consumed advanced technologies as services

  • Go global in minutes

  • Use serverless architectures

  • Experiment more often

  • Align the approach to the desired results

• Cost optimization

  • Adopt a consumption model

  • Measure overall efficiency

  • Eliminate datacenter spend

  • Analyze and attribute expenditures

  • Use managed and application level services

Support Plans

• The Basic plan is free and offers support for account and billing questions, service quota increases, documentation, and forums

• The Developer plan offers additional features, such as best practice guidance, basic architecture support, and AWS IAM

• The Business plan offers additional features, such as use-case guidance, AWS Trusted Advisor, the AWS Support API, and third-party software support

  • The AWS Support API is an interface for programmatic case management

• The Enterprise plan offers additional features, such as a technical account manager, infrastructure event management, in-depth architectural and operational guidance with SMEs, the AWS Abuse Team, and the AWS Support Concierge Team

  • A technical account manager (TAM) is a technical point of contact with AWS expertise

  • Infrastructure event management (IEM) provides strategic planning assistance before major events (e.g., launches)

    • a short-term engagement with AWS Support, included in the Enterprise-level Support product offering, and available for additional purchase for Business-level Support subscribers.

  • The AWS Abuse Team provides assistance when AWS resources are compromised by abusive or illegal means

  • The AWS Support Concierge Team provides assistance with account and billing subjects

Miscellaneous Services

• AWS Marketplace is a digital catalog service

  • Find, test, buy, and deploy AWS-compatible software

• AWS Quick Starts is an accelerated deployment service

  • Get automated, gold-standard enterprise solutions

  • A reference deployment includes an architectural outline, CloudFormation templates, and an implementation guide

AWS Partner Network (APN)

• APN Consulting Partners are professional services firms that help customers design, build, and manage their workloads on AWS

• APN Technology Partners provide hardware, connectivity services, or software solutions that or hosted on or integrated with AWS

Extra

Patching—updates to operating system to fix bug or security issue (client responsibility) (operating system level) except if a managed service

Hypervisor – allows multiple virtual instance to run on physical server through code.

Customer Inherit from AWS – Physical and Environment Controls

EC2 pricing:

EC2 instance pricing varies depending on many variables:

- The buying option (On-demand, Reserved, Spot, Dedicated)

- Selected AMI

- Selected instance type

- Region

- Data Transfer in/out

- Storage capacity.

The 5 Pillars of the AWS Well-Architected Framework:

1- Operational Excellence: The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

2- Security: The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

3- Reliability: The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as  misconfigurations or transient network issues.

4- Performance Efficiency: The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.

5- Cost Optimization: The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or sub-optimal resources.

Tips

• Read the Questions thoroughly

• Try eliminate 2 answers then look to see if clues

• WizLab

• Practice Practice Practice

• Practice exams – 80-100% every time

AWS Organizations has five main benefits:

1. Centrally manage access polices across multiple AWS accounts.

2. Automate AWS account creation and management.

3. Control access to AWS services.

4. Consolidate billing across multiple AWS accounts.

5. Configure AWS services across multiple accounts.

To estimate the costs of Amazon EBS consider the following:

1- Volume type.

2- Input/output operations per second(IOPS).

3- Snapshots.

4- Data Transfer.

To estimate the costs of an Amazon CloudFront distribution consider the following:

- Data Transfer Out.

- Traffic distribution.

- Number of requests.