// chart 96.A
09.25.2018
11.02.2018
Summarization of five principles of cloud computing.
-
Pooled computing resource available to any subscribing users
-
Virtualized computing resources to maximize hardware utilization
-
Elastic scaling up or down according to need
-
Automated creation of new virtual machines or deletion of existing ones
-
Resource usage billed only as used.
Pooled resources : Available to any subscribing users
Virtualization : High utilization of hardware assets
Elasticity : Dynamic scale without CAPEX
Automation : Build, deploy, configure, provision, and move all without manual intervention
Metered Billing : Per-usage business model; pay only for what you use
Family | Specialty | Use Case |
---|---|---|
T2 | Lowest Cost, General Purpose | Web server Small Database |
M4 | General Purpose | Applications |
M3 | General Purpose | Applications |
C4 | Compute Optimized | High CPU, Applications Database |
C3 | Compute Optimized | High CPU, Applications Database |
R3 | RAM Memory Optimized | for high mem applications |
G2 | Graphics | Optimized for: video encoding, 3D Apps, Streaming |
I2 | High Speed Storage (IOPS) | NoSQL, DBs, DataWarehousing |
D2 | Dense Storage | File servers, Hadoop |
AWS Global Infrastructure:
-
AZ - DataCenter, 12 regions and 33 AZ, possibly 11 more AZs added in 2016 [1]
-
Region - 2 or more AZs
-
Edge Location - CDN End Points for CloudFront
Networking
-
VPC - Virtual Private Server
-
Direct Connect - connecting to AWS without using an Internet Connection
-
Route53 - DNS service (port 53... duh!)
Compute
-
EC2 - virtual server**
-
EC2 Container Service - EC2 with Docker
-
Elastic Beanstalk - Service for deploying web applications and services. "AWS for Beginners", if you will.
-
Lambda - "Most powerful/revolutionary service". Run code without servers. Pay for execution time, only when code is executed.
Storage
-
S3 - Object Based storage, a place to store flat files in the cloud.
-
CloudFront - Content Delivery Network, local caching of content
-
Glacier - Long term backup, 3-5 hours to retrieve data
-
EFS - NAS in the cloud, block level storage (in preview)
-
Snowball - import/Export service. For moving large amounts of data in and out of AWS. They will ship you a suitcase of disks
-
Storage Gateway - Virtual Machine that you can run locally that replicates data from a local datacenter to AWS.
Databases
-
RDS - SQL, Aurora, Oracle, PostgresSQL, MySQL, MariaDB
-
DynamobDB - NoSQL
-
ElastiCache - Caching DB services in cloud to relieve stress on RDS for high I/O environments
-
RedShift - Data Warehousing service. Great Performance
-
DMS - Database Migration Services. How to migrate/convert local DBS into AWS
Analytical
-
EMR - Elastic Map Reduce. A way of processing Data, Managed Web Service Hadoop clusters
-
Data PipeLine - moving data from one service to another
-
Elastic Search - Managed service to deploy/operate a search engine in the cloud
-
Kinesis - managed service platform for real time streaming of big data. This would include web apps, mobile devices, wearables generate huge amount of data. Use Kinesis to digest big data
-
Machine learning - for use by developers to work with machine learning, not in test
-
Quick Sight - Business Intelligence service, (*not covered in exam)[2]
Security and Identity
-
IAM - control users, roles, groups, policies
-
Directory Services - ?
-
Inpsector - install agents on EC2 instances & check for vulnerabilities (*not covered in exam)[2]
-
WAF - Web Application Firewall condition sets:
- IP Match
- String Match
- SQL Injection Match
- Size Constraint
- Cross-site Scripting Match
-
Cloud HSM - Hardware Security Model
Certificate Manager ?
Management Tools:
- CloudWatch - Monitor
- CloudFormation - Use Templates to create infrastructure stacks uses "CloudFormer" to create a template of existing infrastructure to capture and redeploy applications that are already running
CloudTrail - track user & API activity
- By default, log files are stored indefinitely.
OpsWorks - automation
- Orchestration service that uses Chef
- Chef consists of recipes to maintain a consistent state
- Look for "chef", "recipes", "cookbook" in exam and remind yourself of OpsWorks
- Service Catalog - (*not covered in exam) [2] * Trusted Advisor - scans environment for ways to save money and increase security
Application Svcs
-
API Gateway (*not covered in exam)[2]
-
AppStream - AWS version of XenApp
-
CloudSearch - Managed search solution
-
Elastic Transcoder - Media transcoding service, change media files from source format to destination format
-
SES - Simple Email Service - sends/receive emails
-
SQS - Simple Queue Service, a way of decoupling infrastructure
-
SWF - Simple WorkFlow Service
Development Tools[ * Are not on test]
-
CodeCommit - Github
-
CodeDeploy - automates code deployment
-
CodePipeline - build, test, deploy code
Mobile Services(SNS is on the test, everything else is not)
-
Mobile Hub - test mobile apps
-
Cognito - save mobile user data in AWS cloud
-
Device Farm - test against real smartphones, and tablets in AWS cloud
-
Mobile Analytics - measure app usage and app revenue. track key trends, new users vs returning users..make data driven decisions for engagement and cash/money
-
SNS Simple notification service, Very important topic on the exam!
Enterprise Applications
- *Workspaces ** - virtual desktops (VDI) infrastructure
- they replace windows pc in the cloud with (PCoIP)
- run windows 7, provided by windows server 2008 R2
- Are persistent (EBS)
- all data on D drive backed up every 12 hours
- Do not need AWS account to login to workspaces
- Don't need an existing AD domain, can use free client app
- can integrate with existing AD domain
- by default: - users can personalize their workspace with wallpaper, icons..shortcuts ..etc - users have local admin access to install apps
-
WorkDocs - dropbox for enterprise
-
workMail - exchange
Internet of Things ( not covered in test )
- central control of AWS account
- Shared access
- granular permissions of accounts/groups/roles/policies
- Identity Federation (AD, Facebook social media sites, linkedIN etc..)
- MFA - multi Factor authentication
- Temp access for users/devices/services
- Pwd rotation policy highly customizable
- Policies - JSON key/value pairs
- IAM is universal, applies to all regions consistently
- New users have no permissions when 1st created new users are assigned an access key ID and secret access key when first created, which is only viewable once - download it *Always setup MFA on root, i.e multifactor authentication
- integrate with AWS marketplace
-
Secure, durable, highly scalable object storage. "Unlimited storage." A hard drive in the cloud ( if you will )
-
Object based NOT block based storage ( no OS or Database -> that's elastic Block storage (EBS)) allows you to upload files
-
You can upload anywhere from 0 bytes to 5 terabytes
-
Files are stored in buckets
-
S3 is a universal namespace, each namespace must be unique
http://.s3-aws-region.amazonaws.com http://s3-aws-region.amazonaws.com/
-
Read after wrote consistency for PUTS of new Objects
-
Eventually consistency for overwrite PUTS and DELETES, takes time to propagate
-
S3 - Object based
-
Objects consist of: key is the name of the object
Value is the data
Version ID (for versioning)
Metadata(tags)
Subsresources
Access Control Lists(ACLs)
99.99% availability
99.999999999% durability
Tiered storage
LifeCycle management can be used in conjunction with versioning can be applied to both current and previous versions Actions : Transition to S3-IA (128Kb and 30 days after creation) Archive to Glacier ( 30 days after S3-IA, if relevant)
Encryption ACLs and Bucket Policies
Storage Tiers
**S3**
99.99% availability
99.999999999% durability
Redundant, designed to sustain loss of 2 facilities concurrently
**S3-IA (infrequently accessed)**
99.9% availability
99.999999999% durability
Lower fee than S3, but charged a retrieval fee
**S3-RRS (Reduced Redundancy Storage)**
99.99% availability
99.99% durability
**Glacier**
Very cheap (as little as $0.01 GB/mo.)
Used for archive only
Takes 3-5 hours to restore from Glacier
Versioning
Stores all versions of an object (including all writes and deletes)
Great backup tool
Cannot disable versioning once enabled, but you can suspend
Integrates with lifecycle rules
Can use MFA delete capability, so that you can’t delete without MFA
Cross Region Replication requires versioning – only applies to files manipulated *after* CRR is turned on
Can take up a LOT of space on files that change a lot (because it stores each changed version)