# System Operation on AWS - Key concept ## Module 1 (Understanding Systems Operations on AWS) - Systems Operations in the Cloud - Self-describing systems - Infrastructure as Code (IaC) - Global Infrastructure - Region - Selecting a Region - Edge Location - Core Services (VPC, EC2, IAM) - Scope of Amazon Web Services (Global, Region, AZ) - Service Limits (Hard, Soft) - Identity and Access Management (IAM) - Types of Security Credentials - Users - Group - Policy - Identity-Based - Resource-Based - SCP /w Organization - ACL /w S3 - Role - Temporary Credential - Single Sign-On - Cross-Account Access - MFA - Organizations ## Module 2 (Tooling and Automation) - CLI - aws configure - .aws/credentials - .aww/config - \-\- query (JMESPath) - \-\- filter - \-\- dry-run - \-\- output - System Manager - Automation - Run Command - Session Manager - Patch Manager - Maintenance Window - State Manager - Parameter Store - Inventory - Insights Dashboard - CloudFormation - OpsWorks ## Module 3 (Computing - Servers) - Architecture of Cloud Computing - Instance Store - EBS-Optimized - Network - Configuring an Instance - AMI - Instance Type - Block Storage - EBS (SSD vs. HDD) - Instance Store - Networking - VPC, Subnet, IGW, VGW, VPN, CGW - Public, Private & Elastic IP - Security Group (chaining) - Instance Profile (Role) - User Data - Meta Data - Key Pairs - Post-launch Configuration - Source/Destination check (Enabled by default) - Get console screenshot - Termination protection - Launch Template - Versioning - Managing Instances - Lifecycle States of an EC2 Instance - Hibernation of an EC2 instance - Relaunch Instances - Transitioning to a New Instance Size - AMI Deprecation - Updating Running EC2 Instances - Securing Instances - Shared Responsibility Model - Vulnerability Scanning and Penetration Testing - Instance Pricing - On-Demand - Reserved - Scheduled - Spot (Hibernate, Stop, Terminate) - Dedicated Hosts, Dedicated Instances - Bare-metal ## Module 4 (Computing – Scaling and Name Resolution) - Elastic Load Balancing (ELB) - Application (ALB) - Network (NLB) - Classic (CLB) - Cross-Zone Load Balancing - Auto Scaling - Launch Configuration - Auto Scaling Group - Min/Max/Desired, ELB(Option), Health Check - Auto Scaling Policy - Scale-in Termination Policy - “Steady State” Group - Scheduled/Dynamic/Predictive Scaling - Alarm Sustain/Cooldown/Instance Warmup Period - Lifecycle Hooks - Route53 - alias record : ELB DNS - Routing Policies - Example: Blue-Green Deployment ## Module 5 (Computing – Containers and Serverless) - Containers - ECS - EKS - ECR - Lambda - Limits - API Gateway - Batch ## Module 6 (Computing – Database Services) - RDS - Backup : Manual, Automatic - High Availability : Multi-AZ - Scaling : Type, Capacity, Read Replica - Aurora - DynamoDB - DynamoDB Accelerator (DAX) - Global Table - Backup and Restore - ElastiCache, Redshift, Neptune - DMS - Schema Conversion Tool (SCT) ## Module 7 (Networking) - VPC - CIDR - Subnet - Public - IGW - Private - NAT(Gateway vs. Instance) - Routing Table - Default VPC - VPC Peering - Transit Gateway - Connection to own Data Center - Virtual Private Gateway(VGW) - VPN Connection - Customer Gateway(CGW) - Direct Connect (DX) - Network Address Traslation(NAT) - NAT Gateway - NAT Instance - VPC Endpoint/PrivateLink - Interface - Gateway - DNS options within a VPC - Elastic Network Interface(ENI) - Securing Network - Security Group - Network Access Control Lists (NACLs) - Bastion Host - Agent forwarding - Linux vs. Windows (RD Gateway) ## Module 8 (Storage and Archiving) - Elastic Block Store(EBS) - Volume Types - SSD vs. HDD - SSD gp2 vs. SSD io1 - First-access Penalty - EBS-optimized Instances - Incremental Snapshots - Lifecycle Management for Snapshots - Vs. Instance Store - Elastic File System(EFS) - FSx for Windows File Server - Simple Storage Service(S3) - Bucket, Object - Event Notification (SQS, SNS, Lambda) - Versioning - Storage Classes - S3 Standard - S3 Intelligent-Tiering - S3 Standard IA - S3 One-Zone IA - S3 Glacier - S3 Glacier - Vault, Archive - Interaction - S3 Lifecycle policies - Glacier API - Retrieval options - Expedited - Standard - Bulk - Storage Gateway - Transfer for SFTP - DataSync - Snowball ## Module 9 (Monitoring and Security) - CloudWatch - Metrics (Standard, Custom) - Namespace - Dimension - Period - Alarms - OK, ALARM, INSUFFICENT DATA - Events - Rule - Logs - Log Filter Metrics - CloudTrail - Config - Rules - GuardDuty - CloudTrail, VPC Flow Logs, DNS Query Logs ## Module 10 (Managing Resource Consumption) - Tag - + Config Rules - + IAM Policy (condition) - Conformity Monkey (Tag or Terminate) - Cost Management - T2 Instance - Reserved Instance (RI) - Spot Instance - Lambda - Trusted Advisor - CloudWatch - Cost Explorer - “Stopinator” - Lambda - CloudWatch Events - Cost Monitoring - Billing Dashboard - Cost Explorer - Budgets - Billing Alarms with CloudWatch - Trusted Advisor ## Module 11 (Automated and Repeatable Deployments) - User Data - AMI - Full AMI - Partially Configured AMI - OS-Only AMI - CloudFormation - Template, Stack - Template Structure - Parameters - Mappings - Resources - Init (vs. User Data) - WaitCondition - Outputs - OpsWorks - Configuration is idempotent