AWS Cloud Practitioner Essentials Day

# AWS Cloud Practitioner Essentials Day 講師: Stanley ## training 1. aws官方培訓 ## introdution ### Module 1. ### What is Cloud computing?([影片](https://www.youtube.com/watch?v=mxT233EdY5c&t=15s) 3mins.) Cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go pricing. Instead of buying, owning, and maintaining physical data centers and servers, you can access technology services, such as computing power, storage, and databases, on an as-needed basis from a cloud provider like Amazon Web Services (AWS). 1. client server communicate 2. avoid large upfront investments ### Depoloyment Provider need to know that service location relate to your customer.(ex. taiwan related in tokyo region included in taiwan region) #### accelerated computing:運算 #### storage optimized:儲存 1. ideal for high-performance databases -memory optimized ### 架微服務時, 可使用container(讓小需求使用)： ecs-協作(https://aws.amazon.com/tw/ecs/?nc1=h_ls)![](https://hackmd.io/_uploads/rkJh7Jt8h.png) eks-k8s(https://aws.amazon.com/tw/eks/) ![](https://hackmd.io/_uploads/SyAtQ1FLh.png) ### Module 3. 1. load balance: ec2會放在2個availability zone -減少同一個區域資料同時斷電的問題，導致網站資料不見 2. distance base on optical fiber capacity（100km) 3. local zone: taiwan(no high availabiltity region) 4. taiwan local zone under tokyo region for low latency 如果台灣要減少延遲狀況發生，主機需要設定在Tokyo.（目前台灣尚未有region,只有AZ(availability zone) 6. AWS outposts family: 雲端建立私有雲,用來設定同一區域性的協作使用。 ### Monolithic and microservices architecture #### Monolithic(巨型服務) 1. 學習曲線低 2. 開發時發生問題較容易修改，且容易擴展服務 #### microservices architecture 1. 學習曲線高 2. 需開發前需完整規劃服務架構，避免後續擴增時發生問題 3. 需要低耦合架構 #### VPC: virtual private clould: 1. public or private subnet, generial case will build public and subnet together. 2. public subnet: cannot read ip default will send it to internet gateway for checking, and also need to setup ip address for others check 3. private subnet: use VPN connection 補充：isp: 合作廠商中華、四方 netacl(network access control list)狀態: VPC protect service ,security protect subnet #### amazon route 53: 因為建立在TCP/UDP 53端口上, 故取名為route 53, 可以設權限、heathy check ## S3 storage ami = Amazon Machine Image(https://docs.aws.amazon.com/zh_tw/AWSEC2/latest/UserGuide/ec2-instances-and-amis.html) bigdata: 支援bigdata(關聯資料庫較貴) S3預設會copy3份資料, 1. standard:與standard-IA速度差不多 2. standard-IA: 適合存大量資料使用, 成本較低 3. one Zone-IA: 只儲存一份資料, avalability lower than 0.5% ### Aurora 效能較高但需要調整(tunning)->當db直接轉換的時候要做好相關設定 ### dynamoDB: 適合一筆row不可超過400kb ## shared responsibility model 1. security in the cloud(customers): 最小權限法則（可自己設定），但aws不會負責security的責任 2. physical security of data centers: 硬體上security(aws內部有嚴謹的管控) ## IAM(identity and access management) 1. 設定權限policy way: user, group, MFA(token) 2. root user: root account(best pratice: create admin: 並設定一個超富複雜密碼, 並收藏在一個保險箱) 3. group: 如果function group設定好的話, 可以設定在IAM裏面 4. aws artifact: 會有認證說明, 可在aws找到並說服客戶, assurance programs ## monitoring and analytics 1. amazon cloudwatch: watch ec2 資源當過忙->auto-scaling->create other server 2. dashboard: 可以自己拉報表, 可建立自己應用系統的user, add a point in signup realtime.(analyst: 可以將事件與記憶體是否有相關, 用曲線確認) 3. AWS cloudtrail(audit): event->accounting, 當有駭客正在入侵時,出現大量request, 利用lamda系統反應並暫時block 4. trusted advisor: guildline -> suggestion-> adjust 4-1. dashboard: information-> cost, performance, security, fault tolerance, service limits ## aws free tier categories 1. pricing calculator: Free trial: aws.amazon.free搜尋