Scribd
Upload
40 views287 pages

Aws Foundations 1753794161211

The document provides an overview of Amazon Web Services (AWS), highlighting its status as a leading cloud platform with over 200 services utilized by various organizations to enhance agility, reduce costs, and foster innovation. It outlines AWS's infrastructure, including data centers, availability zones, and virtual private clouds, as well as best practices for cloud design and deployment. Additionally, it covers the importance of AWS account management and tools like Route 53 for DNS management.

Uploaded by

jainshobhit446
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
40 views287 pages

Aws Foundations 1753794161211

The document provides an overview of Amazon Web Services (AWS), highlighting its status as a leading cloud platform with over 200 services utilized by various organizations to enhance agility, reduce costs, and foster innovation. It outlines AWS's infrastructure, including data centers, availability zones, and virtual private clouds, as well as best practices for cloud design and deployment. Additionally, it covers the importance of AWS account management and tools like Route 53 for DNS management.

Uploaded by

jainshobhit446
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Click to edit Master title style

AWS Foundations

Chad Smith
Principal Cloud Architect
Click to edit Master title style

Introduction: Cloud Basics


Click to edit
Introduction: CloudMaster
Basics title style

AWS cloud definitions and best


practices
AWS Official Definition
Click to edit Master title style
Amazon Web Services (AWS) is the world’s
most comprehensive and broadly adopted
cloud platform, offering over 200 fully featured
services from data centers globally. Millions of
customers—including the fastest-growing
startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
AWS Official Definition Breakdown
Click to edit Master title style
Amazon Web Services (AWS) is the world’s AWS is a cloud computing
platform provided by
most comprehensive and broadly adopted
Amazon that offers on-
cloud platform, offering over 200 fully featured demand access to IT
services from data centers globally. Millions of resources over the internet.

customers—including the fastest-growing


startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
AWS Official Definition Breakdown
Click to edit Master title style
AWS provides a wide range
Amazon Web Services (AWS) is the world’s of tools and services
most comprehensive and broadly adopted covering computing,
cloud platform, offering over 200 fully featured storage, networking,
databases, machine
services from data centers globally. Millions of learning, and more.
customers—including the fastest-growing
startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
AWS Official Definition Breakdown
Click to edit Master title style
Amazon Web Services (AWS) is the world’s AWS is widely used across
most comprehensive and broadly adopted many industries and by
cloud platform, offering over 200 fully featured organizations of all sizes
globally.
services from data centers globally. Millions of
customers—including the fastest-growing
startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
AWS Official Definition Breakdown
Click to edit Master title style
A cloud platform delivers
Amazon Web Services (AWS) is the world’s computing services—like
most comprehensive and broadly adopted servers, storage, and
cloud platform, offering over 200 fully featured software—over the
internet instead of through
services from data centers globally. Millions of local infrastructure.
customers—including the fastest-growing
startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
AWS Official Definition Breakdown
Click to edit Master title style
Amazon Web Services (AWS) is the world’s AWS offers an extensive
ecosystem of services, each
most comprehensive and broadly adopted
with deep functionality,
cloud platform, offering over 200 fully featured designed for specific use
services from data centers globally. Millions of cases and industries.

customers—including the fastest-growing


startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
AWS Official Definition Breakdown
Click to edit Master title style
AWS operates physical
Amazon Web Services (AWS) is the world’s server facilities in multiple
most comprehensive and broadly adopted geographic regions to
cloud platform, offering over 200 fully featured ensure high availability,
redundancy, and
services from data centers globally. Millions of performance.
customers—including the fastest-growing
startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
AWS Official Definition Breakdown
Click to edit Master title style
Amazon Web Services (AWS) is the world’s A large and diverse user
most comprehensive and broadly adopted base relies on AWS, ranging
cloud platform, offering over 200 fully featured from individual developers
to global corporations.
services from data centers globally. Millions of
customers—including the fastest-growing
startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
AWS Official Definition Breakdown
Click to edit Master title style
Amazon Web Services (AWS) is the world’s Small, fast-growing
companies use AWS for its
most comprehensive and broadly adopted
scalability and flexibility
cloud platform, offering over 200 fully featured without needing to invest in
services from data centers globally. Millions of physical infrastructure.

customers—including the fastest-growing


startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
AWS Official Definition Breakdown
Click to edit Master title style
Amazon Web Services (AWS) is the world’s Large companies choose
most comprehensive and broadly adopted AWS to modernize their IT
cloud platform, offering over 200 fully featured systems and scale
operations efficiently.
services from data centers globally. Millions of
customers—including the fastest-growing
startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
AWS Official Definition Breakdown
Click to edit Master title style
Amazon Web Services (AWS) is the world’s Public sector organizations
most comprehensive and broadly adopted adopt AWS for secure,
cloud platform, offering over 200 fully featured reliable, and compliant
cloud services.
services from data centers globally. Millions of
customers—including the fastest-growing
startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
AWS Official Definition Breakdown
Click to edit Master title style
Amazon Web Services (AWS) is the world’s AWS helps users reduce
most comprehensive and broadly adopted capital expenses by
cloud platform, offering over 200 fully featured charging only for the
resources they use.
services from data centers globally. Millions of
customers—including the fastest-growing
startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
AWS Official Definition Breakdown
Click to edit Master title style
Amazon Web Services (AWS) is the world’s With AWS, customers can
most comprehensive and broadly adopted quickly launch new services
cloud platform, offering over 200 fully featured and adapt to changing
needs.
services from data centers globally. Millions of
customers—including the fastest-growing
startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
AWS Official Definition Breakdown
Click to edit Master title style
AWS accelerates
Amazon Web Services (AWS) is the world’s development by providing
most comprehensive and broadly adopted tools and infrastructure
cloud platform, offering over 200 fully featured that support rapid
experimentation and
services from data centers globally. Millions of deployment.
customers—including the fastest-growing
startups, largest enterprises, and leading
government agencies—are using AWS to lower
costs, become more agile, and innovate faster.
Why AWS?
Click to edit Master title style
Better security
Higher resilience
Increased company agility
Lower cost - maybe?**
AWS Glossary of Terms
Click to edit Master title style

[Link]
AWS Best Practices: Design Principles
Click to edit Master title style
Stop guessing your capacity needs
Scale horizontally
using automation
based on metrics
AWS Best Practices: Design Principles
Click to edit Master title style
Stop guessing your capacity needs Deploy using IAC and
test full-size
Test systems at production scale environments in a cost
effective way
AWS Best Practices: Design Principles
Click to edit Master title style
Stop guessing your capacity needs
Replicate workloads at
low cost and test
Test systems at production scale impact of changes

Automate with architectural experimentation


in mind
AWS Best Practices: Design Principles
Click to edit Master title style
Stop guessing your capacity needs Decouple
infrastructures so
technology
Test systems at production scale replacement is easily
accomplished
Automate with architectural experimentation
in mind
Consider evolutionary architectures
AWS Best Practices: Design Principles
Click to edit Master title style
Stop guessing your capacity needs Establish performance
baselines and explore
data-driven
Test systems at production scale improvement
possibilities
Automate with architectural experimentation
in mind
Consider evolutionary architectures

Drive architectures using data


AWS Best Practices: Design Principles
Click to edit Master title style
Stop guessing your capacity needs Validate playbooks on
test (or actual)
Test systems at production scale environments
frequently
Automate with architectural experimentation
in mind
Consider evolutionary architectures

Drive architectures using data

Improve through game days


Click to edit
Introduction: CloudMaster
Basics title style

AWS Account Definition and


Basics
Account Definition
Click to edit Master title style
AWS account

Logical
container for
AWS
resources
Account Definition
Click to edit Master title style
AWS account

Unit of:
Organization

Billing

Access
Account Definition
Click to edit Master title style
AWS account

Root User

Unique Email

Payment Info

Contact Info
AWS Building Blocks
Click to edit Master title style
AWS Building Blocks - Course Scope
Click to edit Master title style
Amazon Resource Name (ARN)
Click to edit Master title style
Globally Unique Identifier

arn:
Amazon Resource Name (ARN)
Click to edit Master title style
Globally Unique Identifier

arn:partition

aws
aws-cn
aws-us-gov
Amazon Resource Name (ARN)
Click to edit Master title style
Globally Unique Identifier

arn:partition:service

ec2
s3
iam
Amazon Resource Name (ARN)
Click to edit Master title style
Globally Unique Identifier

arn:partition:service:region

us-east-1
eu-west-1
ap-south-1
Amazon Resource Name (ARN)
Click to edit Master title style
Globally Unique Identifier

arn:partition:service:region:account-id
0123456789012
Amazon Resource Name (ARN)
Click to edit Master title style
Globally Unique Identifier

arn:partition:service:region:account-id:resource-id

User/Chad
instance/i-XXXXXX
volume/vol-XXXXX
Click to edit
Introduction: CloudMaster
Basics title style

Demo: AWS console login and


account exploration
Click to edit Master title style

Global Infrastructure
Click to edit Master title style
Global Infrastructure

AWS points of presence and


service scopes
AWS Data Center
Click to edit Master title style
10s of thousands of servers

Independent power, A/C and


Internet
AWS
data center

Custom network hardware

Commodity server and storage


hardware

No services
AWS Availability Zone
Click to edit Master title style
Availability Zone

AWS data center 1+ data centers

AWS data center


Sub-millisecond latency

AWS data center


Infrastructure resource scope
AWS Region
Click to edit Master title style
Region
Multiple, physically
Availability Zone 1 Availability Zone 2 Availability Zone 3 separate AZs
AWS data center AWS data center AWS data center
<10ms latency between
AZs
AWS data center AWS data center AWS data center
Service API endpoint
scope
AWS data center AWS data center AWS data center
AWS Local Zone
Click to edit Master title style
Region City 3

Availability Zone 1 Availability Zone 2 Availability Zone 3 Local Zone 1

One AZ of AWS
infrastructure
City 1 City 2
Supports AZ-scope
Local Zone 1 Local Zone 2 Local Zone 1
resources

Private connectivity to
remote region
CloudFront PoPs and Regional Edge Caches
Click to edit Master title style
Embedded in ISP In the AWS network, Within AWS regional
networks peer with ISP networks networks

900+ 700+ 13+


CloudFront Embedded PoP

CloudFront PoP
CloudFront Embedded PoP

CloudFront Embedded PoP


Regional Edge
CloudFront PoP Cache

CloudFront Embedded PoP

CloudFront PoP
CloudFront Embedded PoP

CloudFront Embedded PoP


Click to edit
Introduction: CloudMaster
Basics title style

Demo: Explore AZs, Regions,


Local Zones
Click to edit Master title style

AWS Network Services


Click to edit
AWS Network Master title style
Services

Build virtual networks using VPC


Amazon VPC
Click to edit Master title style
Define and launch AWS resources in a logically isolated virtual network

Acronym: Virtual Private Cloud

Service scope: Region

Dependencies: None
VPC Building Block Location
Click to edit Master title style
VPC Use Cases
Click to edit Master title style
● Isolate development and
production environments
● Host private applications
securely
● Connect on-premises data
centers to cloud
● Enable secure multi-tier
application architecture
● Control and monitor
network traffic flow
VPC Deployment
Click to edit Master title style
Availability Zone 1 Availability Zone 2

VPC
Create the VPC, including a
name and primary CIDR
range
VPC Deployment
Click to edit Master title style
Availability Zone 1 Availability Zone 2

VPC
Create subnets, in two AZs.
Public subnet Public subnet All subnets are identical at
this point
VPC Deployment
Click to edit Master title style
Availability Zone 1 Availability Zone 2

VPC
Internet gateway
Create an IGW and attach it
Public subnet Public subnet
to the VPC
VPC Deployment
Click to edit Master title style
Availability Zone 1 Availability Zone 2

VPC
Internet gateway
Create a route table, add a
route with IGW as the
Public subnet Public subnet
target, and attach to the
public subnets
Route table
VPC Deployment
Click to edit Master title style
Availability Zone 1 Availability Zone 2

VPC
Internet gateway
Create private subnets, also
Public subnet Public subnet
in two AZs

Route table

Private subnet Private subnet


VPC Deployment
Click to edit Master title style
Availability Zone 1 Availability Zone 2

VPC
Internet gateway
Create a NAT Gateway in
Public subnet Public subnet
each public subnet

Route table NAT gateway NAT gateway

Private subnet Private subnet


VPC Deployment
Click to edit Master title style
Availability Zone 1 Availability Zone 2

VPC
Internet gateway
Create two route tables,
each with a route to the NAT
Public subnet Public subnet
Gateway in the same AZ, and
attach to private subnets
Route table NAT gateway NAT gateway

Private subnet Private subnet

Route table Route table


Click to edit
AWS Network Master title style
Services

Manage DNS using Route53


Amazon Route 53
Click to edit Master title style
A reliable and cost-effective way to route end users to Internet applications

Acronym: 53 refers to DNS tcp/udp port

Service scope: Global

Dependencies: None
Route 53 Building Block Location
Click to edit Master title style
Route 53 Use Cases
Click to edit Master title style
● Route workload traffic to
AWS resources
● Manage DNS for scalable
web applications
● Route users to the nearest
application endpoint
● Monitor application health
with DNS failover
● Simplify domain
registration and
management tasks
Route 53 Hosted Zone Deployment
Click to edit Master title style
Register the domain through
the AWS registrar
Register domain

Amazon Route 53
Route 53 Hosted Zone Deployment
Click to edit Master title style
Public zone

Create the public hosted


zone matching the domain
Register domain Hosted zone name

Amazon Route 53
Route 53 Hosted Zone Deployment
Click to edit Master title style
Public zone
Any records created in the
public hosted zone can be
Hosted zone Internet
resolved from all Internet
Register domain
hosts

Amazon Route 53
Route 53 Hosted Zone Deployment
Click to edit Master title style
Public zone

Create the private hosted


Hosted zone Internet
zone
Register domain

Private zone
Hosted zone
Amazon Route 53
Route 53 Hosted Zone Deployment
Click to edit Master title style
Public zone
Associate the private zone
with 1+ VPCs so all hosts in
Hosted zone Internet
each VPC can resolve the
Register domain
domain

Private zone
Hosted zone
Amazon Route 53

Virtual private
cloud (VPC)
DNS Health Check Deployment
Click to edit Master title style
Record Name Location Record Type Value Health Check

Requirement: Route 53
health checks require a
public-facing endpoint
DNS Health Check Deployment
Click to edit Master title style
Record Name Location Record Type Value Health Check

[Link] us-east-1 Alias us-east-1 ALB Primary

Create the first application


stack in us-east-1 behind an
ALB
DNS Health Check Deployment
Click to edit Master title style
Record Name Location Record Type Value Health Check

[Link] us-east-1 Alias us-east-1 ALB Primary

[Link] us-west-2 Alias us-west-2 ALB Primary

Create the second


application stack in us-west-
2 behind an ALB
DNS Health Check Deployment
Click to edit Master title style
Record Name Location Record Type Value Health Check

[Link] us-east-1 Alias us-east-1 ALB Primary

[Link] us-west-2 Alias us-west-2 ALB Primary

The ALBs will be


active/active and serve
equal traffic when using this
architecture
DNS Health Check Deployment
Click to edit Master title style
Record Name Location Record Type Value Health Check

[Link] us-east-1 Alias us-east-1 ALB Primary

[Link] us-west-2 Alias us-west-2 ALB Primary

If one ALB fails it's health


check, all traffic is delivered
to the other primary
endpoint
DNS Health Check Deployment
Click to edit Master title style
Record Name Location Record Type Value Health Check

[Link] us-east-1 Alias us-east-1 ALB Primary

[Link] us-west-2 Alias us-west-2 ALB Primary

[Link] eu-west-1 Alias eu-west-1 S3 bucket Secondary

Create an S3 bucket in eu-


west-1 hosting a static
turnaway page as the health
check secondary
DNS Health Check Deployment
Click to edit Master title style
Record Name Location Record Type Value Health Check

[Link] us-east-1 Alias us-east-1 ALB Primary

[Link] us-west-2 Alias us-west-2 ALB Primary

[Link] eu-west-1 Alias eu-west-1 S3 bucket Secondary

The only time the S3 bucket


serves traffic is when both
ALBs fail their health checks
Click to edit
AWS Network Master title style
Services

Demo: Create a VPC and deploy


Route 53 DNS resources
Click to edit Master title style

AWS Compute Services


Click to edit
AWS Compute Master title style
Services

Launch virtual machines using


EC2
Amazon EC2
Click to edit Master title style
Secure and resizable compute capacity for virtually any workload

Acronym: Elastic Compute Cloud

Service scope: AZ

Dependencies: VPC Subnet, Security Group


EC2 Building Block Location
Click to edit Master title style
EC2 Use Cases
Click to edit Master title style
● Run scalable web servers on
demand
● Host applications with flexible
compute capacity
● Process data using temporary
compute resources
● Test and develop in isolated
environments
● Deploy high-performance
computing workloads
efficiently
EC2 Resource Provisioning
Region
Click to edit Master title style
EC2 Resource Provisioning
Region
Click to edit Master title style
VPC
EC2 Resource Provisioning
Region
Click to edit Master title style
Availability Zone

VPC
Subnet
EC2 Resource Provisioning
Region
Click to edit Master title style
Availability Zone

VPC
Subnet

EC2 instance
EC2 Resource Provisioning
Region
Click to edit Master title style
Availability Zone

VPC
Subnet

EC2 instance

Tags
EC2 Resource Provisioning
Region
Click to edit Master title style
Availability Zone

VPC
Subnet

EC2 instance AMI

Tags Image
EC2 Resource Provisioning
Region
Click to edit Master title style
Availability Zone

VPC
Subnet

EC2 instance AMI

Tags Image
Key pair
Key Pair
EC2 Resource Provisioning
Region
Click to edit Master title style
Availability Zone

VPC
Subnet

EC2 instance AMI

Tags Image
Key pair
Key Pair

Network ENI
Security group
EC2 Resource Provisioning
Region
Click to edit Master title style
Availability Zone

VPC
Subnet

EC2 instance AMI

Tags Image
Key pair
Key Pair

Network ENI
Security group

Storage
OS volume

Data volume
EC2 Resource Provisioning
Region
Click to edit Master title style
Availability Zone

VPC
Subnet

EC2 instance AMI

Tags Image
Key pair
Key Pair

Network ENI
Security group

Storage
OS volume

Advanced Data volume

Role
Click to edit
AWS Compute Master title style
Services

Execute serverless functions


with Lambda
AWS Lambda
Click to edit Master title style
Run code without thinking about servers or clusters

Acronym: None

Service scope: Region

Dependencies: None
Lambda Building Block Location
Click to edit Master title style
Lambda Use Cases
Click to edit Master title style
● Run code without managing
servers
● Automate tasks with event-
driven functions
● Process data in real-time
streams
● Build scalable backend APIs
● Replace OS-based
scheduled tasks or cron
jobs
Lambda Resource Provisioning
Click to edit Master title style
.NET

Java

[Link]

Runtime Python

Ruby

Amazon Linux

Docker
Lambda Resource Provisioning
Click to edit Master title style
.NET x86_64
Architecture
Java arm64

[Link]

Runtime Python

Ruby

Amazon Linux

Docker
Lambda Resource Provisioning
Click to edit Master title style
.NET x86_64
Architecture
Java arm64

[Link]

Runtime Python Tags

Ruby

Amazon Linux

Docker
Lambda Resource Provisioning
Click to edit Master title style
.NET x86_64
Architecture
Java arm64

[Link]

Runtime Python Tags

Ruby VPC

Amazon Linux

Docker
Lambda Resource Provisioning
Click to edit Master title style
.NET x86_64
Architecture
Java arm64

[Link]

Runtime Python Tags

Ruby VPC

Amazon Linux Permissions

Docker
Click to edit
AWS Compute Master title style
Services

Demo: Provision compute


resources in EC2 and Lambda
Click to edit Master title style

AWS Storage Services


Click to edit
AWS Storage Master title style
Services

Manage block storage using EBS


Amazon EBS
Click to edit Master title style
Easy to use, high performance block storage at any scale

Acronym: Elastic Block Store

Service scope: AZ

Dependencies: None
EC2 Building Block Location
Click to edit Master title style
EBS Use Cases
Click to edit Master title style
● Provide persistent storage for
EC2 instances
● Scale block storage volumes
dynamically
● Enable high-performance
database workloads
● Create snapshots for data
backups
● Migrate data between
availability zones
EBS Volume Types
Click to edit Master title style
Designed for smaller
data size operations in
SSD random places on the
volume
EBS Volume Types
Click to edit Master title style
● Most workloads
SSD ● IOPS bound
● Default choice
gp2 gp3
EBS Volume Types
Click to edit Master title style
● High performance
SSD workloads
● IOPS bound
gp2 gp3 io1 io2
EBS Volume Types
Click to edit Master title style

SSD
gp2 gp3 io1 io2

Designed for larger


data size operations in
HDD
consecutive places on
the volume
EBS Volume Types
Click to edit Master title style

SSD
gp2 gp3 io1 io2

● Cost
optimized
HDD ● Throughput
st1 sc1 bound
Click to edit
AWS Storage Master title style
Services

Deploy object storage using S3


Amazon S3
Click to edit Master title style
Object storage built to retrieve any amount of data from anywhere

Acronym: Simple Storage Service

Service scope: Region

Dependencies: None
EC2 Building Block Location
Click to edit Master title style
S3 Use Cases
Click to edit Master title style
● Store and retrieve any amount
of data
● Host static websites with high
availability
● Backup and archive critical
business data
● Share files globally with high
durability
● Enable big data analytics
workloads
S3 Resource Provisioning
Click to edit Master title style
Region Versioning

Static Website

Bucket name must be unique Storage Classes


and conform to DNS naming
General purpose
bucket conventions Permissions

Lifecycle Rules

Replication
Click to edit
AWS Storage Master title style
Services

Demo: Provision storage


resources with EBS and S3
Click to edit Master title style

AWS Database Services


Click to edit
AWS Database Master title style
Services

Implement relational databases


using RDS
Amazon RDS
Click to edit Master title style
Easy to manage relational databases optimized for total cost of ownership

Acronym: Relational Database Service

Service scope: AZ

Dependencies: VPC, Subnet Group


RDS Building Block Location
Click to edit Master title style
RDS Use Cases
Click to edit Master title style
● Managed relational databases
for applications
● Automate database backups
and patches
● Scale database performance as
needed
● Multi-AZ deployments for high
availability
● Secure databases with
encryption and IAM
RDS Resource Provisioning
Click to edit Master title style
Region Availability Zone 1 Availability Zone 2

VPC
RDS Resource Provisioning
Click to edit Master title style
Region Availability Zone 1 Availability Zone 2

VPC

Subnet 1 Subnet 2
RDS Resource Provisioning
Click to edit Master title style
Region Availability Zone 1 Availability Zone 2

VPC
Subnet group

Subnet 1 Subnet 2
RDS Resource Provisioning
Click to edit Master title style
Region Availability Zone 1 Availability Zone 2

VPC
Subnet group

Subnet 1 Subnet 2

Security group

Amazon RDS
instance
RDS Resource Provisioning
Click to edit Master title style
Region Availability Zone 1 Availability Zone 2 Engine type and version

VPC
Subnet group Authentication and encryption
Subnet 1 Subnet 2

Parameter and option groups


Security group

Multi-AZ configuration
Amazon RDS
instance

Monitoring configuration

Backups and maintenance


RDS Database Engines
Click to edit Master title style

● MySQL
● PostgreSQL
● Oracle DB
● Microsoft SQL Server
● MariaDB
● Db2
Click to edit
AWS Database Master title style
Services

Go NoSQL with DynamoDB


Amazon DynamoDB
Click to edit Master title style
Serverless, NoSQL, fully managed database with single-digit millisecond
performance at any scale

Acronym: None

Service scope: Region

Dependencies: None
DynamoDB Building Block Location
Click to edit Master title style
DynamoDB Use Cases
Click to edit Master title style
● Serverless NoSQL database for
apps
● Scale automatically with
demand
● Low-latency access to data
● Store user profiles and
sessions
● Handle high-traffic workloads
efficiently
DynamoDB Resource Provisioning
Click to edit Master title style
Region Key-value and document models

Scale to zero

Global tables
Partition key is the most
Table important parameter
Secondary indexes

Expiration using TTL

DAX in-memory cache


Click to edit
AWS Database Master title style
Services

Demo: Create databases in RDS


and DynamoDB
Click to edit Day
AWS Foundations Master
1 title style

Take-home exercises!
Click to edit Master title style

AWS Security Services


Click to edit
AWS Security Master title style
Services

Implement access control using


IAM
AWS IAM
Click to edit Master title style
Securely manage identities and access to AWS services and resources

Acronym: Identity and Access Management

Service scope: Region/Global

Dependencies: None
IAM Building Block Location
Click to edit Master title style
IAM Use Cases
Click to edit Master title style
● Control access to AWS
resources
● Manage user permissions
securely
● Utilize multi-factor
authentication
● Assign roles to AWS resources
● Implement least-privilege
permissions
IAM User
Click to edit Master title style
● Principal identity
● Direct permissions
and/or group
permissions
● Sign-in credentials
(console)
● Access keys (CLI/SDK)
● MFA
IAM Group
Click to edit Master title style

● Collection of IAM Users


● Associated with
permissions
● Cannot be nested
IAM Role
Click to edit Master title style

● IAM Identity
● Associated with
permissions
● Assumed by other
principals
IAM Permission Policy Attachment
Click to edit Master title style
Inline policies are a
parameter of the
user or group, not
a separate
resource

Inline
IAM Permission Policy Attachment
Click to edit Master title style
Managed
permission policies
are standalone
resources

Customer-managed AWS-managed
IAM Permission Policy Attachment
Click to edit Master title style
Customer managed
policies can be
edited

AWS managed
policies cannot be
edited

Customer-managed AWS-managed
IAM Permission Policy Attachment
Click to edit Master title style
Both managed
policy types can be
associated with an
IAM User

Customer-managed AWS-managed
IAM Permission Policy Attachment
Click to edit Master title style
Both managed
policy types can be
associated with an
IAM Group

Customer-managed AWS-managed
IAM Permission Policy Attachment
Click to edit Master title style
Associate
permissions with
user through
group membership

Customer-managed AWS-managed
Putting It All Together 1
Click to edit Master title style
Admins
(group) Administrator
(permission policy)

csmith
(user)
Putting It All Together 1
Click to edit Master title style
Admins
(group) Administrator
(permission policy)

csmith
(user)
Sign-in
credentials

MFA token

Access key
Putting It All Together 1
Click to edit Master title style
Admins
(group) Administrator
(permission policy)

csmith
(user)
Sign-in
Create a cost
credentials budget AWS Cost Explorer

MFA token

Access key
Putting It All Together 1
Click to edit Master title style
Admins
(group) Administrator
(permission policy)

csmith
(user)
Sign-in
credentials

MFA token
Empty an S3
bucket
Access key Amazon S3
Putting It All Together 2
Click to edit Master title style
Developers
(group) PowerUser
(permission policy)

dev1
(user)
Putting It All Together 2
Click to edit Master title style
Developers
(group) PowerUser
(permission policy)

dev1
(user)
Sign-in
credentials

MFA token

Access key
Putting It All Together 2
Click to edit Master title style
Developers
(group) PowerUser
(permission policy)

dev1
(user)
Sign-in
credentials

MFA token
Deploy a code
update
Access key AWS CodeDeploy
Putting It All Together 2
Click to edit Master title style
Developers
(group) PowerUser
(permission policy)

dev1
(user) View the
Sign-in deployment
credentials
logs Amazon CloudWatch

MFA token

Access key
Putting It All Together 3
Click to edit Master title style
App1Role
(Role) App1Policy
(permission policy)

EC2 instance
App1 runtime
Putting It All Together 3
Click to edit Master title style
App1Role
(Role) App1Policy
(permission policy)

EC2 instance
App1 runtime
Temporary security
credential
Putting It All Together 3
Click to edit Master title style
App1Role
(Role) App1Policy
(permission policy)

EC2 instance
App1 runtime Generate real-
Temporary security time inference
credential
Amazon SageMaker
Click to edit
AWS Security Master title style
Services

Monitor security using


CloudTrail and GuardDuty
AWS CloudTrail
Click to edit Master title style
Track user activity and API usage on AWS and in hybrid and multicloud
environments

Acronym: None

Service scope: Region/Global

Dependencies: None
CloudTrail Building Block Location
Click to edit Master title style
CloudTrail Use Cases
Click to edit Master title style
● Track AWS API events and
outcomes
● Monitor account security and
compliance
● Investigate operational and
security incidents
● Retain event logs for auditing
● Detect unauthorized AWS
resource changes
CloudTrail Basics
Click to edit Master title style

● Transferred to S3 for long-


term storage
● Deliver to CloudWatch Logs
for monitoring
● 90-day searchable history
● Insights events reporting
Amazon GuardDuty
Click to edit Master title style
Protect your AWS accounts, workloads, and data with intelligent threat
detection

Acronym: None

Service scope: Region

Dependencies: None
GuardDuty Building Block Location
Click to edit Master title style
GuardDuty Use Cases
Click to edit Master title style

● Detect malicious AWS account


activity
● Monitor for unusual API calls
● Identify compromised EC2
instances
● Analyze VPC flow log threats
● Alert on suspicious login
attempts
GuardDuty Example
Click to edit Master title style
We start with an EC2 instance
in a public subnet, with ssh-
inbound enabled

VPC

Public subnet

Instance
GuardDuty Example
Click to edit Master title style
AWS public IP ranges can be
downloaded and scanned, then
attacked

Brute force SSH


break-in attempt

VPC

Public subnet

Instance
GuardDuty Example
Click to edit Master title style
VPC flow logs capture this
network flow information

Brute force SSH


break-in attempt

VPC

Public subnet

Instance Flow logs


GuardDuty Example
Click to edit Master title style
GuardDuty labels this traffic as
abnormal, based on pattern
recognition

Brute force SSH


break-in attempt
GuardDuty

VPC

Public subnet

Instance Flow logs


GuardDuty Example
Click to edit Master title style
A finding is generated which
can be consumed and acted
upon

Brute force SSH


break-in attempt
Finding
GuardDuty

VPC

Public subnet

Instance Flow logs


Click to edit
AWS Security Master title style
Services

Audit compute resources using


Inspector
Amazon Inspector
Click to edit Master title style
Automated and continual vulnerability management at scale

Acronym: None

Service scope: Region

Dependencies: None
Inspector Building Block Location
Click to edit Master title style
Inspector Use Cases
Click to edit Master title style

● Scan EC2 instances for


vulnerabilities
● Detect zero-day exploits
automatically
● Prioritize fixes with risk scores
● Scan container images
● Meet compliance standards
Inspector EC2 Configuration Example
Click to edit Master title style
VPC
Internet gateway
The EC2 instance is
Public placed in a private
subnet

NAT gateway

Private

Instance
Inspector EC2 Configuration Example
Click to edit Master title style
VPC
Internet gateway The instance requires
the Systems Manager
Public
agent and appropriate
permissions
NAT gateway

Private

Agent Instance Role


Inspector EC2 Configuration Example
Click to edit Master title style
VPC
Internet gateway The agent
communicates with the
Public
SSM service API
endpoint
NAT gateway

AWS Systems Manager


Private

Agent Instance Role


Inspector EC2 Configuration Example
Click to edit Master title style
VPC
Internet gateway
Inspector gathers
Public inventory using SSM
Amazon Inspector
associations and plugins

NAT gateway

AWS Systems Manager


Private

Agent Instance Role


Inspector EC2 Configuration Example
Click to edit Master title style
VPC
Internet gateway The instance may also
privately communicate
Public
Amazon Inspector with SSM using an
interface endpoint
NAT gateway

AWS Systems Manager


Private

SSM Endpoint

Agent Instance Role


Click to edit
AWS Security Master title style
Services

Demo: Enable and configure


security services
Click to edit Master title style

AWS Developer Services


Click to editServices
AWS Developer Master title style

Generate code with Amazon Q


Developer
Amazon Q Developer
Click to edit Master title style
The most capable generative AI–powered assistant for software development

Acronym: None

Service scope: Global

Dependencies: None
Q Developer Building Block Location
Click to edit Master title style
Q Developer Use Cases
Click to edit Master title style
● Generate code with AI
assistance
● Debug and explain complex
code
● Optimize AWS architecture
recommendations
● Automate CI/CD pipeline
troubleshooting
● Translate legacy code to
modern
Click to editServices
AWS Developer Master title style

Integrate CI/CD with CodeDeploy


AWS CodeDeploy
Click to edit Master title style
Automate code deployment to maintain application uptime

Acronym: None

Service scope: Region

Dependencies: None
CodeDeploy Building Block Location
Click to edit Master title style
CodeDeploy Use Cases
Click to edit Master title style
● Automate application
deployments quickly
● Roll back failed updates
automatically
● Deploy to EC2, Lambda, or ECS
● Track deployment health in
real-time
● Integrate with CI/CD pipelines
seamlessly
AWS CI/CD Pipeline - CodeDeploy Context
Click to edit Master title style

AWS CodeBuild AWS CodeArtifact AWS CodeDeploy

Code Build/ Artifact


Deploy
repo Test repo

CodeDeploy
AWS CodePipeline
orchestrates quality
deployments
Click to editServices
AWS Developer Master title style

Deploy code onto ECS


Amazon ECS
Click to edit Master title style
Run highly secure, reliable, and scalable containers

Acronym: Elastic Container Service

Service scope: Region/AZ

Dependencies: None/VPC
ECS Building Block Location
Click to edit Master title style
ECS Use Cases
Click to edit Master title style

● Run containers at scale


● Schedule tasks to run reliably
● Integrate with ALB for load
balancing
● Deploy services with rolling
updates
● Reduce operational overhead
with Fargate serverless
ECS Infrastructure - Cluster
Click to edit Master title style
Logical grouping of
resources

Cluster
ECS Infrastructure - Cluster
Click to edit Master title style
1+ running containers
with optional load
balancing and auto
scaling
Cluster

Service
ECS Infrastructure - Cluster
Click to edit Master title style
Single running
container

Cluster

Service Task
ECS Infrastructure - Launch Type
Click to edit Master title style
Deploy tasks to EC2
EC2

Cluster

Service Task
ECS Infrastructure - Launch Type
Click to edit Master title style
Deploy tasks to
EC2 Fargate

Cluster

Fargate
Service Task
ECS Infrastructure - Launch Type
Click to edit Master title style
Deploy tasks on-
EC2 premises

Cluster

Fargate
Service Task
Corporate
data center
ECS Infrastructure - Task Definition
Click to edit Master title style
Task Definitions
contain all container
parameters and
EC2 resource
requirements
Cluster

Fargate
Service Task
Corporate
Task data center

Definition
Click to editServices
AWS Developer Master title style

Demo: Deploy a Docker


container application into AWS
Click to edit Master title style

AWS Monitoring Services


Click to editServices
AWS Monitoring Master title style

Implement traditional
monitoring with CloudWatch
Amazon CloudWatch
Click to edit Master title style
Observe and monitor resources and applications on AWS, on premises, and on
other clouds

Acronym: None

Service scope: Region

Dependencies: None
CloudWatch Building Block Location
Click to edit Master title style
CloudWatch Use Cases
Click to edit Master title style
● Monitor AWS resource
performance metrics
● Set alarms for operational
thresholds
● Collect and analyze log data
● Automate responses to system
events
● Visualize metrics with custom
dashboards
Default CloudWatch Metrics
Click to edit Master title style

CPUUtilization
NetworkIn
CPUCreditBalance
Default CloudWatch Metrics
Click to edit Master title style

VolumeReadBytes
VolumeQueueLength
BurstBalance
Default CloudWatch Metrics
Click to edit Master title style

HTTPCode_ELB_5XX_Count
ProcessedBytes
RuleEvaluations
Default CloudWatch Metrics
Click to edit Master title style

DatabaseConnections
FreeStorageSpace
ReplicaLag
Default CloudWatch Metrics
Click to edit Master title style

Invocations
Errors
Throttles
Click to editServices
AWS Monitoring Master title style

Configure messaging with SNS


and Chatbot
Amazon SNS
Click to edit Master title style
Fully managed Pub/Sub service for A2A and A2P messaging

Acronym: Simple Notification Service

Service scope: Region

Dependencies: None
SNS Building Block Location
Click to edit Master title style
SNS Use Cases
Click to edit Master title style
● Send real-time notifications to
subscribers
● Trigger Lambda functions from
events
● Alert on CloudWatch alarms
automatically
● Fan-out messages to multiple
endpoints
● Integrate with mobile push
notifications
Amazon Q Developer in Chat Applications (Chatbot)
Click to edit Master title style
Monitor, operate, and troubleshoot your AWS resources with interactive
ChatOps

Acronym: None

Service scope: Global

Dependencies: None
Chatbot Building Block Location
Click to edit Master title style
Chatbot Use Cases
Click to edit Master title style
● Monitor alerts in Slack/Teams
● Execute AWS CLI commands
conversationally
● Troubleshoot incidents via
chat
● Fetch CloudWatch metrics on-
demand
● Manage AWS resources
without consoles
Chatbot Workflow
Click to edit Master title style
Important DevOps
notification

Notifications must be configured to deliver


to an SNS topic
Chatbot Workflow
Click to edit Master title style
Important DevOps
notification

Chatbot can be configured to subscribe to


the SNS topic
Chatbot Workflow
Click to edit Master title style
Important DevOps Slack
notification

Teams

Chime

Chatbot can deliver to Slack, Teams, or


Chime
Chatbot Workflow
Click to edit Master title style
Important DevOps Slack
notification

Teams

Chime

Users in these services can respond to the


messages, invoking the AWS CLI
Chatbot Workflow
Click to edit Master title style
Important DevOps Slack
notification

Teams

AWS Cloud

Chime

The CLI can perform operations with the


appropriate permissions and services
Click to editServices
AWS Monitoring Master title style

Monitor events with Config and


EventBridge
AWS Config
Click to edit Master title style
Assess, audit, and evaluate configurations of your resources

Acronym: None

Service scope: Region

Dependencies: None
Config Building Block Location
Click to edit Master title style
Config Use Cases
Click to edit Master title style
● Track AWS resource
configurations
● Assess compliance against
rules
● Audit configuration changes
historically
● Detect insecure resource
settings
● Trigger remediation for
misconfigurations
AWS EventBridge
Click to edit Master title style
Build event-driven applications at scale across AWS, existing systems, or SaaS
applications

Acronym: None

Service scope: Region

Dependencies: None
EventBridge Building Block Location
Click to edit Master title style
EventBridge Use Cases
Click to edit Master title style
● Build event-driven serverless
applications
● Deliver events to multiple
targets
● Schedule automated
tasks/cron jobs
● Stream events between AWS
services
● React to system state changes
EventBridge Event Source Examples
Click to edit Master title style
CloudTrail logs,
including data events
EventBridge Event Source Examples
Click to edit Master title style
AWS Health and Health
Abuse events
EventBridge Event Source Examples
Click to edit Master title style
Config rule compliance
events
EventBridge Event Source Examples
Click to edit Master title style
CloudWatch alarm
state change
EventBridge Event Source Examples
Click to edit Master title style
Interval schedule or
cron expression
EventBridge Rule Details
Click to edit Master title style
EventBridge rules are
JSON filters which can
match 1+ event
elements
EventBridge
Rule
EventBridge Target Options
Click to edit Master title style
SNS topic delivery

EventBridge
Rule
EventBridge Target Options
Click to edit Master title style
Asynchronous Lambda
function invocation

EventBridge
Rule
EventBridge Target Options
Click to edit Master title style
Various EC2 actions

EventBridge
Rule
EventBridge Target Options
Click to edit Master title style
Invoke a Step Function
workflow

EventBridge
Rule
EventBridge Target Options
Click to edit Master title style
Deliver to Kinesis data
stream

EventBridge
Rule
Click to editServices
AWS Monitoring Master title style

Demo: Implement event-based


monitoring with notifications
Click to edit Master title style

AWS Cost and Billing Services


Click toand
AWS Cost edit Master
Billing Services title style

Explore free tier services and


usage levels
AWS Free Tier
Click to edit Master title style
12 Months Free Always Free Trial

● Expires after 12
● Never expires
months ● Short term
● Small usage rate
● Small usage rate ● Try before you buy
● Permanent
● Specific resource ● Specific services
discount
types

Learn how to implement in


here for maximum benefit!
Click toand
AWS Cost edit Master
Billing Services title style

View AWS bill details with Cost


Explorer
AWS Cost Explorer
Click to edit Master title style
Visualize, understand, and manage your AWS costs and usage over time

Acronym: None

Service scope: us-east-1

Dependencies: None
Cost Explorer Building Block Location
Click to edit Master title style
Cost Explorer Use Cases
Click to edit Master title style

● Visualize AWS spending trends


● Forecast future cloud costs
● Identify cost optimization
opportunities
● Analyze usage by service
● Track reserved instance
utilization
Cost Explorer Advanced Features
Click to edit Master title style
Default: monthly and daily
granularity for 14 months

Granular data: hourly granularity


for 14 days

Multi-year: monthly granularity for


38 months
Click toand
AWS Cost edit Master
Billing Services title style

Monitor cost activity with


Budgets
AWS Budgets
Click to edit Master title style
Improve planning and cost control with flexible budgeting and forecasting

Acronym: None

Service scope: us-east-1

Dependencies: None
Budgets Building Block Location
Click to edit Master title style
Budgets Use Cases
Click to edit Master title style

● Set custom cost/spending


alerts
● Predict budget overruns
● Track reserved instance
coverage
● Monitor resource usage costs
● Enforce cost governance
policies
Click toand
AWS Cost edit Master
Billing Services title style

Demo: Configure cost and billing


features
Click to edit Master title style

AWS AI/ML Services


Click to edit
AWS AI/ML Master title style
Services

Develop ML applications using


SageMaker
Amazon SageMaker
Click to edit Master title style
The next generation of Amazon SageMaker is the center for all your data,
analytics, and AI

Acronym: None

Service scope: Region

Dependencies: None
Budgets Building Block Location
Click to edit Master title style
SageMaker Use Cases
Click to edit Master title style

● Train ML models at scale


● Deploy predictive models
easily
● Automate data labeling
workflows
● Run Jupyter notebooks in
cloud
● Optimize models with AutoML
Click to edit
AWS AI/ML Master title style
Services

Implement Generative AI
workloads using Bedrock
Amazon Bedrock
Click to edit Master title style
The easiest way to build and scale generative AI applications with foundation
models

Acronym: None

Service scope: Region

Dependencies: None
Bedrock Building Block Location
Click to edit Master title style
Bedrock Use Cases
Click to edit Master title style

● Build generative AI
applications
● Access foundation models via
API
● Customize models with your
data
● Deploy AI agents easily
● Ensure responsible AI usage
Click to edit
AWS AI/ML Master title style
Services

Create RAG infrastructure using


Bedrock Knowledge Bases and
Aurora
Implement RAG in AWS
Click to edit Master title style
Region
Upload structured or
unstructured data into
an S3 data source
Implement RAG in AWS
Click to edit Master title style
Region
Create the knowledge
base with the S3 bucket
as the source
Implement RAG in AWS
Click to edit Master title style
Region
Configure Aurora
serverless as the vector
data store

Availability Zone 1 Availability Zone 2 Availability Zone 3

VPC

Subnet 1 Subnet 2 Subnet 3


Implement RAG in AWS
Click to edit Master title style
Region

Sync the data source to


the vector data store

Availability Zone 1 Availability Zone 2 Availability Zone 3

VPC

Subnet 1 Subnet 2 Subnet 3


Click to edit
AWS AI/ML Master title style
Services

Demo: Create a Bedrock


Knowledge Base using Terraform
Click to edit Master title style

Bonus Discussion - AWS AI/ML


(Time Permitting)
Scenario Description
Click to edit Master title style
A commercial investment firm is creating an
How can the
AI application infrastructure to allow
research analysts and customers to investment firm use
converse with the financial filings and AWS services and
documents for publicly traded companies. features to
implement this
infrastructure using
The application must support audio, video, agentic AI
images, and text, all in the form of unstructured architecture?
data.
Workflow Elements
Click to edit Master title style
Knowledge base retrieval
Router agent
Multimodal RAG agent
Multi-tool collaboration
Report creation agent
Click to edit Master title style User request is
delivered to the router
agent

Router
If the request requires
Click to edit Master title style
external data, an agent
will pull from external
APIs as needed

Router

Supervisor
This can include web
Click to edit Master title style searches, or APIs
returning company
financials or stock
history

Router

Web Search
Supervisor

Financials
Multi-agent
Stock History
Click to edit Master title style
Requests can search
earnings call audio

Audio Search

Router

Web Search
Supervisor

Financials
Multi-agent
Stock History
To achieve this, a
Click to edit Master title style lambda function delivers
the audio file to Bedrock
Data Automation

Audio Search

Router

Web Search
Supervisor

Financials
Multi-agent
Stock History
Click to edit Master title style
The audio is converted
to text and uploaded to
S3

Audio Search

Router

Web Search
Supervisor

Financials
Multi-agent
Stock History
The S3 bucket is used as
Click to edit Master title style a data source for a
Bedrock knowledge
base with AOSS

Audio Search

Router

Web Search
Supervisor

Financials
Multi-agent
Stock History
A parallel agent allows
Click to edit Master title style for earnings call
presentation search,
converted to images,
then text

Audio Search

Router

Image Search

Web Search
Supervisor

Financials
Multi-agent
Stock History
Report Writer

Click to edit Master title style


An agent is dedicated to
reports, and can ingest
from the other agents

Audio Search

Router

Image Search

Web Search
Supervisor

Financials
Multi-agent
Stock History
Report Writer
The final report
Click to edit Master title style Image Generation combines images and
text, appearing human
analyst prepared
Final Report
Report

Audio Search

Router

Image Search

Web Search
Supervisor

Financials
Multi-agent
Stock History
Click to edit Master title style

Q&A

You might also like