AWS Cloud Practitioner Essentials (Second Edition)

# AWS Cloud Practitioner Essentials (Second Edition) ###### tags: `AWS` `APN` `Cloud Practitioner` ## Services ### EBS Volume - EBS volume is the storage for EC2 instances. - The EBS volume should be created at the same AZ as the EC2 instance. - We can scale up the volume or change the volume type without stopping the instance. - We can **attach** a volume to a instance - `lsblk` - `mke2fs` - `mount /dev/xvda /mnt` - Volume not attached will be in **available** state, otherwise in **in-use** state - <mark>Tags are important</mark> while viewing billing info. ### S3 - Security controls: IAM policies - Default: none of the data are shared publicly - Key, Object, Bucket name(Globally unique): `https://bucketname/region-specific-endpoint/object/key` - A bucket is based on a region. - Supports Cross region replication - `aws s3 cp local.file s3://bucket-name/file - Provision IAM role to a instance to access S3 through that instance. - `aws s3 sync s3://bucket-name/folder local-folder` ### Security Group - Multi tier security group ![](https://i.imgur.com/9WmoeYt.png) ### ALB ![](https://i.imgur.com/GCbOvv3.png) - Use case 1: Microservices. Rout different req to different ports (containers) on a instance. - Concept - Listeners - Target - Target Group - ![](https://i.imgur.com/pwnXJ7d.png) ### Auto Scaling - Questions - How can I ensure I have enough resources (Scalability) - Hot to automate (Automation) - **Scale Out**: Launch instances - **Scale In**: Terminate Instances - Components 1. **Launch Config**: (WHAT) AMI, Instance Types, SG, Roles *(Just like launching an instance)* 2. **Auto Scaling Group**: (WHERE) VPC, Subnets, LB, Min/Max instances 3. **Auto Scaling Policy**: (WHEN) Scheduled, On-demand, Scale-out/in - CloudWatch alarm -> Auto scaling group -> ELB ### Route53 - DNS route to endpoints - Managed DNS solution - Domain registaration - Private/Public Hosted Zone - **Record Set** : Subdomain - Multiple routing algorithms ### RDS #### [Synchronous vs Asynchronous Replication](https://cloudbasic.net/white-papers/synchronous-vs-asynchronous-replication/) - HA with multi-AZ - Sync: Avoid data loss when failover occured - ![](https://i.imgur.com/xEA4cje.png) - Read Replicas - Async replication method used (用在只讀不寫的情境) - Ideal for read heavy DB workloads - ![](https://i.imgur.com/QlWJLOd.png) - 可以建立在 Different Region ### Lambda - Event-driven - integrate w/ CodePipeline/CodeDeploy - ![](https://i.imgur.com/UbKsGnx.png) - Use Cases - Auto backups - Upload object to S3 - ... - Examples: - ![](https://i.imgur.com/cfK0UHS.png) - ![](https://i.imgur.com/B2JPhHc.png) - ![](https://i.imgur.com/5TMzIHR.png) - ![](https://i.imgur.com/cRD9wOs.png) ### Elastic Beanstalk ![](https://i.imgur.com/jB6kirm.png) ### CLoudWatch - Real-time monitoring ![](https://i.imgur.com/GE0YZ7g.png) - Components - **Metrics** - Data about the **performances** of the systems - Several services provide **free** metrics for resources - **Alarms** - Watches **a single Metric** - Perform one or more **actions** (eg. Auto scaling, SMS, ...) - *eg. If CPU utili > 60& for 5 min...* - **Events** - Describes **changes** of system events in AWS resources - Use **rules** to match events and take action - **Schedule** automated action (cron or rate expressions) - *eg. Detect & revoke unintended IAM access w/ CloudWatch Events* - **Logs** - **Monitor and a troubleshoot** systems/apps - Installable agent for Ubuntu, Win, Amazon linux etc. - Monitor in real-time - Archive -> S3 - **Dashboard** - Create views of the metrics ans ![](https://i.imgur.com/3KrbMiI.png) ### CloudFront - Origin: Can be some AWS services (S3, LB ...) or an IP or other domain outside of AWS ### CloudFormation - Simplifies, Repeaditly, Predictably - Automate the provision of AWS resources - Create, Update, del resources in sets known as **stack** - **template file** + CloudFormation = **Stack** - **Stack**: Unit of provision - **Template file**: - **JSON** or **YAML** text file. - You **don't have to list the resource in the exact order**. Use the "depends on" attribution instead. - **Parameters and Conditions** - Template libraries <-> Code Repositories - Requirements: **Template** + **Permisions** - Get started w/ CLoudFormation: CloudFormation ## AWS Well-architected Framework **Five Pillars: <mark>OSRPC</mark>** ### Security - IAM - Detective controls: identify potential security incidents, integrat auditing, analyzing logs - Infra protection: protected against unauthorized accesses - Data protection: data encryption, backup, replication, recovery - Incident response: accomadate timely investigation - **Design Principles** - Implement security at all levels - enable traceability - Apply **principle of least privilege** - Focus on securing your system - Automate ### Reliability - **Recover** from failures - Apply best practices in - Foundation: Foundation before construction - Change mgmt: Be aware how change can affect your system. - Failure mgmt - **Design Principles** * Test recovery procedures: simulate different failure * Automatically recover from failure * Scale horizontally to increase aggregate system availability * Stop guessing capacity: monitor demand & utilization, automate addtion/removal resources * Manage change in automation: Only manage the automation ### Performance efficiency - **Select** customizable solutions: choose the best solution - Review to continually innovate: continually innovate - Monitor AWS services: monitoring performance before customered are affected (CloudWatch, SQS, Kenesis...) - Consider the trade-offs: eg. space vs time (latency) - **Design Principles** * Democratize advanced technologies: * Go global in minutes * Use serverless architectures * Experiment more often * Mechanical sympathy ### Cost optimization - Use cost-effective resources - Matching supply with demand - Increase expenditure awareness: being fully aware, break down current cost, predict future cost - Optimize over time - **Design Principles** * Adopt a consumption model: * Measure overall efficiency * Stop spending money on data center operations * Analyze and attribute expenditure: optimiz resources and reduce cost * Use managed services to reduce cost of ownership ### Operational excellence - **Design Principles** * Perform operations as code * Annotate documentation * Make frequent, small, reversible changes * Refine operations procedures frequently * Anticipate failure * Learn from all operational failures ## Fault Tolerant & HA ### HA Service tools - ELB - EIP - Route53 - Auto Scaling - CLoudWatch (Used w/ auto scaling) ### Fault tolerant tools - SQS - S3 - RDS ## Security ### Shared responsibility model ### IAM - User: - A permanent name operator (can be a name, a machine etc.) - Group - Collection of users - Role - Important in IAM - A **Authentication** method - An operator, could be human/machine - Is **temporary** - Policy docs - Attach to a user or group or role - Lists a specific of APIs Associate policies to operators. ![](https://i.imgur.com/0GLkIMx.png) ## Pricing ### Reserved Instance https://aws.amazon.com/ec2/pricing/reserved-instances/ #### Payment Attributes Offering classes: - convertible - standard: more discount Terms: - 1 year - 3 year Payment Options: - All up-front (**AURI**) - Partial up-front (**PURI**) - No upfront payments (**NURI**). *the larger the upfront payment, the greater the discount* --> Economy of scale #### RI Attributes - Instance type - Platform description - Tenancy - AZ ### Cost fundamentals #### Pay for - Compute capacity - Storage - **Outbound** data transfer (No charge on inbound transfer) #### EC2 - Monitoring (CloudWatch): Free basic monitoring. - Auto scaling: No additional charge - EIP: No charge when associated w/ a running instance - **OS prices included in instance prices** - Requires vender license/ own license #### S3 Pricing based on: - Number of requests - Type of requests (different rate for GET requests) - **Amount of data transferred** out of the S3 region #### EBS Volumes persist independently from the instance - Volumn types: - General purpose (SSD) - Provisioned IOPS (SSD) - Magnetic (HDD) - **Volumes**: CHarges by the **Amount provisioned in GBs per month** - **IOPS**: - General purpose (SSD): Included in price - Provisioned IOPS (SSD): The amount you provisioned in IOPS - Magnetic (HDD): The amount of requests - Snapshots: added cost per GB-month **Inbound traffics are free** #### RDS - Clock-hour billing - Engine, size, memory class impacts cost - On-demand DB are **charged by the hour** - No charge to backup storage of up to 100% DB storage #### CloudFront - Pricing varies accross geographic regions - Based on: **requests**, **data transfer out** ### Trusted Advisor A service help you provision resources following AWS best practices. Provides best practices (checks) in : - Cost optimization - Performance - Security - Fault tolerance - Service Limits ### Support Plans https://aws.amazon.com/tw/premiumsupport/pricing/ ## Billing and Cost management ### Cost Explorer - viewing your AWS cost data as a **graph** - see a **forecast** of future costs based on your historical cost data ### Budgets - use the cost visualization provided by Cost Explorer - provides **forecasts** - **SNS**: tells you when you go over your budgeted amounts ### Integrated w/ IAM - 控制查看 billing 權限 ### Organizations (Consolidated Billing) - Multiple accounts, multiple IAM users - Combine multiple member accounts under a master account > a single bill ### 最後的小測驗 ![](https://i.imgur.com/pTXeqgO.png) ### 有錯的題目 ![](https://i.imgur.com/H3qFcWZ.png)