My Learning Path: 2017

Thursday, June 1, 2017

Dynamo DB

DynamoDB:

DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single digit millisecond latency at any scale. It is a fully managed database and supports both document and key-value data models. Its flexible data model and reliable performance make it a great fit for mobile, web, gaming, ad-Tech, IoT and many other applications.
Stored on SSD storage.
Spread across three geographically distinct data centers.
If any data is written to one of the table in DynamoDB, the data is then written to other two locations. There are two different data consistency models:

Eventual Consistent Reads(Default):
Consistency across all copies of data is usually reached within a second. Repeating a read after a short period of time should return the updated data.(Best read performance).
Strongly Consistent Reads:
A strongly consistent read returns a result that reflects all writes that received a successful response prior to the read.

The Basics of DynamoDB:

Tables
Items(Think a row of data in a table)
Attributes(Think of a column of data in a table).
DynamoDB allows nested attributes upto a level of 35.

Pricing :

Provisioned throughput capacity:
- write throughput of 0.0065$ /hr/10 units.
- read throughput of 0.0065$ /hr/50 units.
- Storage cost is 0.25$ per GB per month.
First 25GB stored/month is free.
After that 0.25GB/GB/Month.

For Ex:- Our application needs 1M reads and writes per day. Dividing 1M (1,000,000)
-- 1,000,000/(24 hrs)/60(Mins)/60 Secs -> 11.6 reads per second
Dynamo DB can handle 1 write capacity per second, so we ll need 12 write capacities through out the day
Per Unit write is 0.00065$ -- so per day will cost --> 0.00065$*12*24 hrs = 0.1872 per day
Per Unit read is 0.0065/50 --> so per day will cost --> 0.0065/50*12*24 = 0.0374
If the total storage for out application is 30GB, since 25GB is free, we have to pay for the extra 5GB which is 0.25*5 = 1.25$ per month.
The total is 1.25$ + (0.1872$+0.0374$)*30.

Wednesday, May 31, 2017

S3: Simple Storage Service
    S3 provides developers and IT teams with secure, durable, highly-scalable object storage. S3 is easy to use with simple webservices interface to store and retrieve any amount of information from anywhere on the web.
    It is object based storage(flat files).
    It is spread across multiple devices and facilities.
    Files can be from 0 bytes to 5TB.
    There is unlimited storage.
    Files are stored in buckets.
    S3 is a universal namespace, i.e., names must be unique throughout the world.
    The S3 DNS is something like
     https://S3-region-name.amazonaws.com/name_of_the_bucket
    When you upload a file to S3 we always get a HTTP 200 code if the upload was successful.

    Data Consistency Model for S3:
    If we are writing a new object to S3 it will be available immediately, but if we are editing the record or delete it, it will take some time for the changes to take place.
    The reason behind this is AWS doesnt let you see any corrupt data whatsoever.
    Read after write consistency for PUTS of new objects. -- Can read immediately after writing
    Eventual consistency of overwrite PUTS and DELETES(can take some time to propagate.)
--Updates and deletes can take some time
    S3 is a simple Key-Value Store.
    S3 is object based. Objects consists of the following:

Key(This is simply the name of the object)
Value(This is simply the data and is made up of a sequence of bytes)
Version ID(Important for versioning)
Metadata(Data about the data that is being stored)

        Subresources:
            Access Control Lists.
            Torrent.

Built for 99.99% availability for the S3 platform.
Amazon Guarantees 99.99% availability.
Amazon Guarantees 99.999999999% durability for S3 information.
(9*11)
Tiered storage available.
Lifecycle Management.
Versioning.
Encryption.
Secure the data in couple of different ways using Access Control Lists and Bucket Policies.

S3 Storage Classes/Tiers:

S3: 99.99% availability, 9*11 durability, stored across multiple devices in multiple facilities and is designed to sustain the loss of 2 facilities concurrently.
S3: IA(Infrequently Accessed), For data that is accessed less frequently, but requires rapid access when needed. Lower fees than S3 but charged for retrieval.
Reduced Redundancy Storage: 99.99% durability and 99.99% availability of objects over a given year.
Glacier: Very cheap but used for archival only. It takes 3-4 hours to restore from glacier.

Glacier:

Extremely Low.
Used only for data archieval.
$0.01 per GB per month.
Retrieval times from 3-5 hours.

S3- Charges:

Storage
Requests
Storage Management Pricing
Data Transfer Pricing
Transfer Acceleration (fast easy and secure transfer of files over long distances b/n end users and an S3 bucket. It takes advantage of CloudFront's globally distributed edge locations. As the data arrives at the edge location, data is routed to Amazon S3 over an optimized network path)

S3 FAQs IMP

S3 falls under the storage services of the AWS.
This is based on object based storage and can be used to store files, docs, multimedia, audio files, video files etc., and not to do software installations.

As soon as we login to the console we can see S3 under storage.
The first step under the S3 is we need to create a bucket.

Under the bucket created we have some more options available under the properties:

Versioning :

To see the different versions of the same object in the bucket.

Static Web Hosting :

Allows to host a static web site without any server side technologies (plain html).
This has tremendous advantages.
No worries about load balancing, auto scaling, virtual machines.
It scales automatically and extremely low cost.

Logging :

We can set up log reports.

Under the Advanced Settings:

Tags :

Using tags for cost controls.

Cross Region Replication :

Used for replicating the objects in different regions.

Events :

Under events we can have specific notifications when specific events occur in your bucket.
For Ex: Someone uploaded a file and we want to invoke a lambda function and that lambda function is going to convert that into a thumb nail and save the output of that in another bucket.

Under the Lifecycle :

We can have settings which will say if the object is not used by the user in certain number of days, move it to less frequently used tier or if it is more than 120 days move it to Glacier and things like that can be configured here.
This specifies the different storage tiers.

Under Permissions :

ACL (Access Control Lists) :

We can specify the access control lists. By default all the buckets created are private/inaccessible.

Under Management :

Analytics :

We can do analytic s for different storage classes.

Metrics and Inventory:

Uploading some data in S3:

The first time we upload some data in S3, the permissions are not set to it(it is in private mode so no one can actually access it)
The format for the object will be something like this :
https://s3.amazonaws.com/bucketName/objectName.

As soon as you upload an object and try to access it they will be an error message saying the access is denied.
If we want the object to be accessed by someone, we need to either specify the email id/everyone/aws verified user.

Under the object permission there are two things
1. Giving the user permission to read/write the object.
2. Giving the user permission to read/write the object permissions(giving the authority to actually autorize the others users).

Once the versioning is enabled on S3, we cannot remove versioning but we can only disable it.
To check the versions of an object, we can view that on the drop down beside the file.

From the architecture point of view, we should not have large files with versioning checked in with out any archieval planning after certain versions. As each file is in its original size.

When we delete a file in the bucket it disappears from the version but it is essentially hiding the versioning and not actually deleting the file. To restore the file back after delete, just go back to show versions and delete the 'Delete Marker', which will delete the invisible condition set on the object.
It is a great back up tool.

An additional layer of security can be added to the S3 buckets by creating MFA delete capability which can avoid accidental deletion of S3 objects.

Creating a static website using amazon S3:

Create a bucket in S3, upload objects into the bucket.
Under the website hosting section of the bucket we can enable website with an index.html and error.html as the landing and error pages for our static website.

Cross Origin Resource Sharing (CORS):

This is a way of referring code in one S3 bucket using JavaScript in another S3 bucket.
This allows all the buckets talk to each other.
Under the CORS section for the sample just mention the URL of the bucket which it should allow to be accessed from.

Polly:

Polly is text to speech recognition service.

S3 - Versioning Lab

Create a bucket and while creating it enable versioning.
Versioning actually stores all the objects/versions seperately.
Once Versioning is enabled it cannot be removed but only be disabled.
If versioning has to be removed, we have to create a new bucket and transfer the objects to that bucket.
If we delete a version we cannot restore it back, but if we delete an object itself we can restore it back.

Cross Region Replication

Versioning must be enabled on both the source and the destination buckets.
Regions must be unique.
Files in an existing bucket are not replicated automatically. All the subsequent updated files will be replicated automatically.
You cannot replicate to multiple buckets or use daisy chaining.
Delete markers are replicated.
Deleting individual versions or delete markets will not be replicated.

Lifecycle Mangement, IA S3 and Galcier - Hands On

Lifecycle Management:

This basically helps in maintaining the life cycle of the object by writing a rule for the object under management section, by adding a life cycle rule.

Life cycle rule: These rules help in manage the life cycle cost by transitioning from S3, after certain time into IA S3 and then to Glacier archiving the files which are least frequently used there by reducing the cost of the storage drastically.

Under the life cycle transition rules we can configure either on the current version or on the previous versions.

Object Created -- 30days later --> Transitioned to IA -- 30days later --> Transitioned to Glacier

-- 425 days later --> Expires

If the number of days in the glacier is less than 90 days and we want to expire it before completing 90 days in the glacier, we will be required to give an extra authorization saying we want to delete the object even though we are charged for 90 days(which logically doesn't make sense).
Glacier is designed to store an object at least for a minimum of 90 days.

Min 30 days after creation to IA S3, 60 days to Glacier and 61 days to Expire

Wednesday, May 24, 2017

AWS Cloud Formation

CloudFormation allows us to quickly and easily deploy your infrastructure resources and applications on AWS.
We can either 'Create New Stack' ( if we do not have any stacks ) or 'Launch CloudFormer' if a Stack is already available.
The use of services such as CloudFormation, ElasticBealStalk and AutoScaling are free, we are actually paying for the resources these services create

To get the attribute name we use the function Fn::GetAtt for the value in the outputs tag will return the name of the attribute specified.
If there is an error in the script CloudFormation will automatically roll back all the resources that were created.
Rollback is enabled by default.

Amazon SWF Service: Simple WorkFlow Service

SWF is a webservice that makes it easy to coordinate work across distributed application components.
SWF enables applications for a wide range of use cases, including media processing, web-applications back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks.
Tasks represent invocations of various processing steps in an application which can be performed by executable code, web serice calls, human actions, and scripts.

SWF Workers & Deciders:

The Workers and Deciders can run on Cloud Infrastructure, such as Amazon EC2, or on machines behind the firewalls. SWF brokers the interaction between the workers and deciders.
It allows the deciders to get consistent views into the progress of tasks and to initiate new tasks in an ongoing manner.
At the same time, Amazon SWF stores tasks, assign them to workers when they are ready, and monitors their progress. It ensures that the task is assigned only once and is never duplicated. Since SWF maintains the applications state durably, workers and deciders dont have to keep track of execution state. They can run independantly and scale quickly.

    SQS and SWF-- SWF is assinged only once and SQS can have duplicate messages.

    SWF Domain:
    The workflow and activity types and the workflow execution itself are all scoped to a domain. Domains isolate a set of types, executions and task lists from others within the same account.

    We can register a domain using amazon console or by RegisterDomain action in the Amazon SWF API.

    SQS - By default 12 hours and SWF - 1 year and the value is always measured in seconds.

    SWF -- Task Oriented API, Message only once never duplicated, Keeps track of all the events and tasks, Human interaction
    SQS -- Message Oriented API, Duplicate messages need to be handled, Application level tracking, No Human Interaction

SNS : Simple Notification Service;

SNS : Simple Notification Service;

It is a web service that makes it easy to set up, operate and send notifications from the cloud.
It provides developers with a highly scalable, flexible and cost effective capability to publish messages from an application and immediately deliver them to subscribers or other applications.

SNS follows publish-subscribe messaging paradigm, with notifications being delivered to clients using a "push" mechanism that eliminates the need to periodically check or poll for the new information and updates.

With simple APIs requiring minimal up-front development effort, no maintainance, SNS gives developers an easy mechanism to incorporate a powerfull notification system with their applications.
SNS -- PUSH ; SQS -- PULL/POLL;

SNS can deliver notifications by SMS Text Messages or email, to SQS queues or to an HTTP end point.
To prevent the messages from getting lost the SNS messages are stored across multiple availability zones.
SNS allows you to group multiple receiptients using topics. Topic is an access point for allowing receiptients to dynamically subscribing for identical copies of the same notification.

One Topic -- Multiple end points
        -- IOS devices
        -- Android devices
        -- SMS Receipients etc.,
        When we publish once to a topic SNS will deliver appropriately formatted copies of your message to each subscriber.

SNS Benefits:
    -- Instantaneous, push-based delivery (no polling)
    -- Simple APIs and easy integration with applications
    -- Flexible message delivery over multiple tranport protocols.
    -- Inexpensive, pay-as-you-go model with no upfront costs.
    -- Web-based AWS Management Console offers simplicity of a point and click interface.

SNS Vs. SQS
-- Both messaging services.
-- SNS -- Push
-- SQS -- Poll/Pulls

SNS Pricing
-- $.50 for 1 million requests for SNS.
-- $.06 per 100,000 notification deliveries over HTTP.
-- $.75 for 100 notifications deliveries over SMS.
-- $2.00 for 100,000 notification deliveries over Email.

SQS - Simple Queue Service

SQS : Simple Queue Service

It s web service that gives you access to a message queue that can be used to store messages while waiting for a computer to process them.
It is a distributed queue system that enables web service applications to quickly and reliably queue messages that one component in the applications generates to be consumed by another component. A queue is a temporary repository for messages that are awaiting processing.
Decouple the components of an application so they can run independently, amazon SQS easing the message management between components. Any component of a distributed application can store messages in a fail-safe queue.
Messages can contain up to 256KB of text in any format. Any component can later retrieve messages programmatically using the Amazon SQS API.

    Issue SQS resolves: Producer is producing work faster than the consumer can process it, or if the producer and consumer are intermittently connected to the N/W.

    With SQS service ensures delivery of a message atleast once and supports multiple readers and writers interacting with the same queue.

    A single queue can be used by simultaneously by many distributed application components, with no need for the components to coordinate with each other to share the queue.

    It is engineered to be always available and deliver messages.

    SQS TradeOff : SQS doesnt guarantee first in first out delivery of messages. For many distributed applications, each message can stand on its own and wait as long as the messages are delivered, the order is not important.

    If the system requires order to be preserved, we can place sequencing information in each message, so that we can reorder the messages when the queue returns them.

    The visibility time out clock starts only when the application server has picked up the service atleast once. If the server goes offline the visibility timeout also expires and the message will still be available for another application server.

    Only when the message is deleted from the queue thats when the message is complete.

    If the messages have gone close to the threshold, it will make more application servers spin to complete the messages. SQS with Autoscaling is VERY POWERFUL.

    Exam Q's :

No First In First Out
12 hours visibility timeout by default.
SQS is engineered to provide the message at least once. We need to make sure as developer so that multiple messages will not give errors/inconsistencies.
256KB message now available
Billed at 64KB chunks.
A 256KB is 4 chunks( 4* 64KB).

Pricing:

First 1 million SQS requests per month are free.
$0.50 per million SQS requests per month there after ($0.00000050 per SQS request).
A single request can have 1 to 10 messages upto a maximum total payload of 256KB.
Even a single API call for 256KB is billed 4 times per 64KB.

Tuesday, May 23, 2017

AWS Databases

Services Available under AWS Databases:

RDS
DynamoDB
ElastiCache
Redshift
DMS

RDS Types Available :

SQL Server
Oracle
MySQL Server
PostgreSQL
Aurora
MariaDB

NRDB :

Monday, May 1, 2017

EC2 Elastic Cloud Compute

EC2:

EC2 is a web service that provides resizable compute capability in the cloud. It reduced the time required to obtain and boot new servers into minutes, allowing us to quickly scale the capacity both up and down, as the computing requirements changes.
It is simply a Virtual Machine in the cloud, can be a Linux server, Windows server etc.,
It allows you to pay only for the capacity that we actually use, it provides the developers with the tools to build a failure resilient applications and isolate them from common failure scenarios.

Types of payment options for EC2:

On Demand: It lets you pay fixed rate by hour with no commitment.
Users with that want the low cost and flexibility of EC2 without any upfront payment or long term contract.
Application with short term, spiky or unpredictable workloads that cannot be interrupted.
Applications being developed or tested on EC2 for the first time.
Reserved: Provides you with a capacity reservation with a significant discount on the hourly charge for an instance. 1 year or 3 year term.
Applications with steady state or predictable usage.
Applications that require reserved capacity.
Users able to make upfront payments to reduce their total computing costs further.
Spot pricing: Enables you to bid for whatever price you want for instance capacity, providing for even greater savings if the applications have flexible start and end times.
Applications that are feasible at very low compute prices.
Users with urgent computing needs for large amounts of additional capacity.
Dedicated Hosts: Physical EC2 servers dedicated for your use. Dedicated hosts can help you reduce costs by allowing you to use your existing server bound software licenses. This can be paid by hourly price.
Useful for regulatory requirements that may not support multi-tenant virtualisation.
Great for licensing which does not support multi-tenancy or cloud deployments. For ex:-Oracle
Can be purchased on demand(hourly).
Can be purchased as a reservation for up to 70% off the on demand price.

Diff. EC2 instances:

How to Remember them:

EBS:
Amazon EBS allows you to create storage volumes and attach them to EC2 instances. Once attached you can create a file system on top of these volumes, run a database or use them in any other way as a block device.
EBS are placed in a specific availability zone and are automatically replicated to protect from failure of a single component.

EBS Volume Types:

General Purpose SSD(GP2):- Bootable

General purpose, balances both price and performance.
Ratio of 3 IOPS per GB with upto 10000 IOPS and the ability to burst upto 3000 IOPS for extended periods of time for volumes under 1GB.

Provisioned IOPS SSD(101)- Bootable

Designed for I/O intensive applications such as large relational or NoSQL databases.
Use if you need more than 10000 IOPS.
Can provision upto 20000 IOPS per volume.

Throughput optimized HDD(ST1) - Not bootable

Big data
Data warehouses
Log processing

Cold HDD(SC1) - Not bootable

Lowest cost storage for in frequently accessed workloads
Used for File Server

Magnetic (Standard) - Bootable

Lowest cost per GB of all EBS types that is bootable. Magnetic volumes are ideal for workloads where data is accessed infrequently and applications where the lowest cost is important.

Launching an EC2 Instance:

EC2 is available under the Compute section in the console. EC2 is area specific, so there are some types of instances that are not available in all the regions.

Click on the launch instance to start the process of installation. The first step would be to choose between the different AMIs(Amazon Machine Images) which is a SnapShot of virtual machines. We have the flexibility to choose between the different Operating Systems. Different Types of virtualizations : http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/virtualization_types.html
Next will give you the type of instance that we want depending on the need from DRMCGIFTPIX of which some are eligible for free trial.
In the configure instance section this is the main screen. In the advance section we can pass bootstrap scripts to the EC2 instance. One subnet is equal to one availability zone.
In the add storage section, root volume is the bootable volume from where the OS loads. If the delete on termination is checked, when the EC2 instance is terminated this volume is deleted as well.
In the add tags section we can specify the key and value for the tag which can be tagged to the EC2 instance. Tagging as much as possible helps to track who is using the instance there by helping in cost efficiency.
In the configure security section, they are virtual files. Its a virtual firewall. In the source section we can specify down to the IP address that we want to use to access the instance.

We will need to create a key pair. We have a public key and a private key, we can have same public key for multiple EC2 instances and have different private keys to instances.

Types of security groups (ex: SSH, HTTP, HTTPS etc.,): http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html

Commands Used
-- yum install httpd -y -- used to install apache

Security Groups:

Security groups helps you attach them to the EC2 there by creating a firewall to the instance. HTTP for instance allows you to access the public IP address using the web browser and this can be limited down to the IP address.
As soon as we make any change to the security group the effect kicks in immediately.
All inbound traffic is Blocked by default.
All Outbound Traffic is allowed by default.
You can have any number of EC2 instances within a security group.
You can have multiple security groups attached to EC2 instances.
Security Groups are StateLess.
-> If you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again.
You cannot block a specific IP addresses using security Groups, instead use Network Access Control Lists.
You can specify allow rules, but not deny rules.

Volume & Snapshot Lab:

Snapshot is a point in time photograph of harddisk. Everytime we take a new snapshot only the data that is changed is stored.
Volumes exist on EBS(Elastic Block Storage). Volume is a virtual harddisk attached to the EC2 instance.
Snapshots exist on S3.
Snapshots are point in time copies of volumes.
Snapshots are incremental, this means that only the block that have changed since your last snapshot are moved to S3.

Commands used on IOS Terminal:
CHMOD 400 MyEC2Key.pem -- Encrypts the key to make it possible to SSH to EC2 instance.
ssh ec2-user@31.229.**.*** -i MyEC2Key.pem -- to ssh into the ec2 instance using the key
sudo yum update - to get all the updates
sudo su - get the root level access
yum install httpd -y -- to install Apache on the instance to make the instance a web server
cd /var/www/html -- to go into html directory.

nano index.html -- create a small text editor file
service httpd start -- to start apache

-- Now after starting the web server we enter the public IP address of the EC2 instance we can access the html file we created.

SSH into the EBS volumes:

Follow above to actually SSH into the EC2 instance, from then:
lsblk -- will give the information about the volumes that are attached to the EC2 instance and the volumes that are available.
mkfs -t ext4 /dev/xvdb -- will create a file system
mkdir /hello -- will create a new folder
mount /dev/xvdb /hello -- the new volume other than root volume will be attached to this folder
cd /hello -- goto hello
nano test.html -- create a html file named test.
umount /dev/xvdb -- unmount from the folder /hello

Exam Tips :

EBS Volumes can be changed on the fly(except for magnetic standard).
Best practice to stop the EC2 instance and then change the volume.
You can change volume types by taking a snapshot and then using the snapshot to create a new volume.
If you change a volume on the fly you must wait for 6 hours before making another change.
You can scale EBS volumes up only.
Volumes must be in the same AZ as the EC2 instances.

EFS (Not an exam imp topic):

Amazon Elastic File System(EFS) is a file storage service for Amazon EC2 instances. Amazon EFS is easy to use and provides a simple interface that allows you to create and configure file systems quickly and easily. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it.
Supports the Network File System version 4(NFSv4) protocol.
You only pay for the storage you use.
Can scale upto the petabytes.
Can support thousands of concurrent NFS connections
Data is stored accross multiple AZ's within a region
Read after write consistency.
The basic difference b/n EFS and EBS is that once we can mount any number of instances on one EFS using a load balancer and EBS can only support one EC2 instance.

CLI Commands - Developers Associate Exam :

aws ec2 describe-instances -- This basically tells us about all the EC2 instances that we have running.
aws ec2 describe-images -- Returns all the images that are available to provision
aws ec2 terminate-instances -- terminates the instances.
aws ec2 run-instance -- create instances/launch instances
aws ec2 start-instance-- used to start an existing instance.

Getting Instance Metadata:

curl http://169.254.169.254/latest/meta-data/ -- to get all the available details
curl http://169.254.169.254/latest/meta-data/public-ipv4 -- will give the public IP Address for the EC2 instance.
For a developer when he wants to access the public ip for the instance and echo we use this command as a variable and echo it.

Elastic Load Balancers:

Elastic Load Balancer is a virtual appliance that spreads the load of the traffic across the different web servers.
Two types : Application Load Balancer(layer 7); Classic Load Balancer (layer 4).
Instances monitored by ELS are reported as : InService , or OutofService.
Health checks check the instance health by talking to it.
Have their own DNS name. You are never given an IP address.
Read the ELB FAQs for Classic Load Balancers.

Exam Tips:

Know all the available SDK's https://aws.amazon.com/tools/
Android, iOS, JavaScript (Browser)
Java
.Net
Node.js
PHP
Python
Ruby
Go
C++

SDK Default Regions:

Default Region - US-EAST-1
Some have default regions (Java).
Some do not (Node.js).

Lambda (Not imp for Exam):
-> AWS Lambda is a compute service where you can upload your code and create a Lambda function. AWS lambda takes care of provisioning and managing the servers that you use to run the code. You dont have to worry about operating systems, patching, scaling, etc. You can use Lambda in the following ways:

As an event-driven compute service where AWS Lambda runs your code in response to events. These events could be changes to data in an Amazon S3 bucket or an Amazon DynamoDB table.
As a compute service to run the code in response to HTTP requests using Amazon API Gateway or API calls made using AWS SDKs.

Languages that can be used :

Node.js
Java
Python
C#

Pricing:

Number of requests: First 1 million request are free. $0.20 per 1 million requests thereafter.
Duration : Duration is calculated from the time your code begins executing until it returns or otherwise terminates, rounded up to the nearest 100ms. The price depends on the amount of memory you allocate to your function. You are charged $0.00001667 for GB-second used.
No Servers!
Continous Scaling
Super Cheap!

Exam Tips EC2:

Know the differences between;

On Demand
Spot
Reserved
Dedicated Hosts

2. Remember with Spot instances;

If you terminate the instance, you pay for the hour.
If AWS terminates the spot instance, you get the hour it was terminated in for free.

Sunday, April 30, 2017

Introduction to Identity Access Management

Essentially IAM allows you to manage users and their level of access to the AWS console.
IAM is very important for administrating a companies AWS account in real life.

Centralised control of AWS account.
Shared access to your AWS account.
It gives granular permissions. (User John Smith to have access to have read only access to dynamoDB)
Identity Federation (including Active Directory, Facebook, Linkedin etc). Login to FB/Linkedin and use AWS resources.
Multifactor authentication.
Provide temporary access for users/devices and services where necessary.
Allows you to set up your own password rotation policy (how often users have to change the password, also allows to have password policy like small case, upper case, numerical etc.,).
Integrates with many different AWS services.
Supports PCI DSS Compliance. PCI DSS Compliance is an order process that has to go thorough for online payments when you are handling the payments ourselves, if we are using any third party vendors like PayPal or any other service they take care of the PCI DSS Component.
IAM is global it doesn't require any region. So we cannot select any region as such.

Critical Terms :

Users - End Users (People using)
Groups - A collection of users under one set of permissions (Developers, Human Resources, Finance dept.,).
Roles - You create roles and can then assign them to AWS resources.
Policies - A document that defines one or more permissions. We create a policy document and assign it to a user/group/role.

Hands On:

The first time we login in to AWS console, we are actually logging in with the root account.
In order to access IAM, we have to select IAM under the Security, Identity and Compliance section.

We can see that the five sections out of which only the first one is complete and the rest are incomplete.
One other thing we can observe is that IAM doesnt have any location, it is specified as global.
So the users, groups and roles are available all across the world, doesnt matter on a location.

We can customize the sign-in link by clicking on customize and giving our own DNS name space, which is unique.
The number that comes up on the link is the AWS account number which can also be accessed from My Account.

Step 1: Activate MFA(MultiFactor Authentication) on your root account:
Root account is the email id that we used to login in to the AWS, which gives root access(highest power).

Managing a MFA can be done in two ways using the virtual device or a hardware device.

Google Authenticator app is generally used for authentication by scanning the QR code.

Download the app, scan the QR code and enter the activation key twice and thats it the virtual device is all set up for the root account.

Step 2: Manage Users:
Click on manage users, give the names of the users.

Access Type:
Programmatic access is used for the developers where they can access AWS programmatically using command line or their code using access key id and secret access key.
Management console access is by using the AWS console.

The next step is to give permissions to the users that we have created either by copy users to a group(inheriting the permissions that the group has) or copy the permissions from an existing group or by attaching existing policies directly.

When you try to create a group, we can attach a policy from the existing policies.

In the final step of adding the users we can see the secret access key and the tokens for the users that can be used to access AWS programmatically.

For the users to login to console they will be needing the user name and the password.
These cannot be used vice versa.

Console - User Name and Password
Programmatic acess - token and access key

We can create new groups attach policies and add users to those groups.

We can even add individual permissions/policies to the users.

Step 5 : Apply an IAM password policy

Creating Roles:

AWS Service Roles; roles for different services. Select one of the services roles and then select the policy (which basically specifies what kind of access to which service)
Role for Cross-Account Access; which is for one service to be able to access another service.
Role for Identity Provider Access; used when external applications like FB, LinkedIn or anyother services have to talk to AWS.

Security Token Service (STS):-

Grants users limited and temporary access to AWS resources. Users can come from three sources:

Federation (Active Directory)-> Uses Security Assertion Markup Language(SAML).
-> Grants temporary access based off the users Active Directory credentials. Does not need to be a user in IAM.
-> SSO allows users to log in to AWS console without assigning IAM credentials.
Federation with mobile Apps-> Use Facebook/Amazon/Google or other OpenID providers to log in.
Cross Account Access
-> Lets users from on AWS account access resources in another.

Key Terms:

Federation: combining or joining a list of users in one domain (such as IAM) with a list of users in another domain (such as Active Directory, Facecbook etc)
Identity Broker: a service that allows you take an identity from point A and join it (federate it) to point B.
Identity Store: Services like AD, FB, Goole etc.,
Identities : A user of a service like FB. etc..

Process of using STS to connect to LDAP:

Develop an Identity Broker to communicate with LDAP and AWS STS.
Identity Broker always authenticates with LDAP first, then with AWS STS.
Application then gets temporary access to AWS resources.

Active Directory Federation:

->When someone is working from home and need to login to AWS console.
->They browse to a url and access using AD username and password.
->Browser then receives a SAML assertion in the form of an authentication response from ADFS.
->Browser posts the SAML assertion to the AWS sign-in endpoint for SAML. Behind the scenes, sign-in uses the AssumeRoleWithSAML API to request temporary security credentials and then constructs a sign-in URL for the AWS Management Console.
-> Browser receives the sign-in URL and is redirected to the console.

User Always get authenticated against the AD first and then gets assigned a temporary URL for authentication to sign in to the AWS.

Web Identity Federation: -
-> Uses call AssumeRoleWithWebIdentity (using FB, Google etc.,)
-> We basically sign in to either FB or google and then get a temporary token after getting authenticated against the same and continue to use AWS resources.

Saturday, April 29, 2017

AWS Certified Developer Important Topics:

-> Messaging
-> Security and Identity
-> Management Tools (Very High level)
-> Storage
-> Databases
-> Networking & Content Delivery
-> Compute
-> AWS Global Infrastructure

AWS Global Infrastructure:

Broken down into three different things : Regions, AZ and Edge Locations.
Regions: It is geographical area. It consists of two or more availability zones.
AZ: It is simply a data center/centers (so it is made sure that they are have enough space between in case of natural calamity).
Edge Location: It is CDN end point for CloudFront. It is a way to cache media files on the first access. This is more like user dependent and nothing to do with Regions and AZ's.

Networking & Content Delivery:

VPC: Virtual Private Cloud is virtual data center where assets are deployed. (Very Important).
Route53: It is Amazons DNS service. Register domain names using Route53. 53 is the DNS port.
CloudFront: It consists of Edge Locations which will cache files.
DirectConnect: It is used to connect to AWS using dedicated line.

Compute:

EC2: Elastic Cloud Compute, is virtual machines that run on the cloud.
EC2 Container Services: It is a highly scalable and highly performing container management system. It allows to run applications on a managed cluster of EC2 instances. (Not in Developer Associate Exam).
Elastic BeanStalk: Code can be uploaded to elastic beanstalk, this will look at the code (PHP, MySQL,etc) and provide the underlying infrastructure. (Important for Developer Exam).
Lambda: It is actually called serverles, for EC2 allows you to login to the operating system, but here we will upload the code and the code will respond to events. (Still not coming up on the Developers Exam but it is very important).
LightSail: Out of the box cloud, for people who don't know AWS. (Not in Developer Associate Exam).

Storage:

S3: Simple Storage Service, is an object based storage and not to install anything(Important for Developer Exam).
Glacier: Files from S3 are archived from S3, it is much cheaper than S3.
EFS: Elastic File Service, it is a block based storage and used for installation and share the volume with multiple machines.
Storage Gateway: It is a way of connecting up S3 to on premis data center, a VM that you install in premis and that communicates to S3.(Not important for developer, IMP for SYSOPS).

Databases:

RDS: It is a Relational Database Service, it consists of a number of database technologies (Oracle, MySql etc.,).(Not Stressed much in Developer Exam).
DynamoDB: It is a non relational database service (No Sql DB), it is really scalable and very high performance. (Very Imp for Developer Exam)
RedShift: It is data warehousing solution, a copy of production is moved on to RedShift and reports are run so that we are not effecting the production performance.
ElastiCache: It is a way of caching data in the cloud. Lets say top selling items on a site, it is cached using ElastiCache.

Migration Services:

SnowBall: It was a way of sending disks to Amazon and the content is transferred to S3 etc., but now it is done at enterprise level and is a briefcase sized appliance and load it and send it back to Amazon. SnowBall Edge has compute capacity to it to have an AWS on prems.
DMS: Database migration services, this allows the on premis data bases to cloud and also to other regions. Important advantage is we don't have to stick to the same data base service.
SMS: Server migration services, to replicate VMs in the cloud.(not in developers exam).

Analytics (Not very Imp for Dev Assoc exams, just need to know what each service does):

Athena: Allows to run SQL on S3 (not in developers exam).
EMR: Elastic Map Reduce, this is used for Big Data processing, to process large amounts of data and uses Hadoop(not in developers exam).
Cloud Search/ Elastic Search: Search engines for websites or application. Cloud Search is fully managed by AWS, but Elastic Search is based on an open source.
Kinesis: It s a way of streaming and analyzing real time data at a massive scale.(Imp for Bigdata Speciality Exam).
Data PipeLine: This is used to move data from S3 to DynamoDB and vice versa etc.,
Quick Sight: It is a business analytics tool and create visualizations in rich dashboards.

Security & Identity:

IAM: Provides permissions and assigns roles to the users(Very Very Imp for all the certifications).
Inspector: Agent on the virtual machine to inspects virtual machines and provides the security reports.
Certificate Manager: Gives free SSL certificates for domain names.
Directory Service: Way of connecting AD to the AWS.(Imp for Assoc Achitect). Only theory
WAF: Web Application Firewall, this gives application level firewall.(Not Very Imp for exam)
Artifacts: These are just documentation on the AWS console.

Management Tools(Asked in all the three Assoc. Exams.):

Cloud Watch: Used to monitor performance like EC2, (mostly asked in SysOps).
Cloud Formation: Is a way of turning infrastructure into cloud.(Very Very Imp for sols architect).
Cloud Trail: Is used for auditing AWS resources. Changes to the AWS is recording.
OpsWorks: Is basically a way of automating deployments using Shift(comes in DevOps).
Config: It a way of monitoring the env and gives warning automatically.
Service Catalog: This is a service for larger enterprises. Allows authorization and non authorization(Not Imp).
Trusted Advisor: It s an automated way of getting suggestions. (Imp for assoc architect).

Application Services:

Step Functions: Its a way of visualizing what is going on inside the applcations.
Simpe WorkFlow: It is a way of coordination automated tasks and manual tasks.
API Gateway: Create, publish, maintain, monitor and secure apps to access data from the backend (business logic, functionality like lambda etc.,). (Not Imp for exam).
AppStream: It is a way of streaming desktop applications to the users.(Not Imp for exam).
Elastic Transcoder: Changes the video format to match all the devices.(Not Imp for exam).

Developer Tools:(Not Imp until now for Assoc Dev)

CodeCommit: It is basically GitHub, where we store the code securely.
CodeBuild: We pay by the min and used for compiling the code.
CodeDeploy: To deploy code to EC2 .
CodePipeLine: Track of code, basically versions of code.

Mobile Services:(Not Imp until now for Assoc Dev)

ModileHub: Add configure and design feature for mobile apps to include things like user authentication, data storage, backend logic, push notifications etc.,
Cognito: Service for the users to sign up and sign in for the apps and using things like social identity providers.
DeviceFarm: Testing the apps on a number of smart devices.
Mobile Analytics: Collect and analyze app usage data.
PinPoint: This enables understand and engage with the application users.

Business Productivity:

WorkDocs: Storing imp word docs.
WorkMail: Exchange for AWS.

IOT:

IoT: Keeping track of all the devices.

Desktop & App Streaming:

WorkSpaces: It is like having a work station in the cloud.
AppStream 2.0:

Artificial Intelligent:

Alexa: Voice Service on the cloud.
Polly: Most advanced text to speech service.
Machine Learing: Give a data set and AWS will determine the outcome of it.
Rekognition: It will tell you what is in the picture.

Messaging(Imp for all three Assoc Exams):

SNS: Simple Notification Services by sending email, text etc.,
SQS: A way of decoupling applications(Very Imp).
Simple Email Service: Way of sending emails.

Thursday, April 20, 2017

AWS Services Summary:

All the services in AWS are summarized with one liners below for quick reference:

N/W and Content Delivery:
    VPC ; Availability Centers are physical Data centers and VPC is virtual data center. Multiple VPCs in a region.
    Route53 ; Domain names are registered under the route53 service of aws.
    CloudFront ; It is a part of CDN, it consists of all the edge locations which will cache the assets giving faster accessibility to the users
    Direct Connect : It is a dedicated line to the data center from the office for seemless accessibility.

Storage:
    S3 - Simple Storage Services; Virtual Disk in the cloud to store objects (docs/files/text files/movies etc). Not to install a DB, an application, a computer game. This is an object based storage. For installing a DB, application or a computer game we need a block based storage.
    Galcier; Glacier is used to archieve files from S3, It is used when we dont need instant access.
    EFS - Elastic File System; EFS is a block based storage.
    Storage Gateway; It allows users to connect S3 to an on premise data center or to the head quarters. It is a virtual machine installed on premis.

Compute :
    EC2 Elastic Cloud Compute; Virtual machines in the cloud that run on AWS.
    EC2 Container service; allows applications to run on a managed cluster of EC2 instances (i.e., virtual machines)
    Elastic BeanStalk; Used to deploy the code onto AWS. It will check the code for any errors.
    Lambda; It runs the code without any managed servers. Can run code of virtually any application or backend service
    LightSail; Choose a configuration from the menu and launch a virtual machine preconfigured with SSD based storage, DNS management, and a static IP addres.

Databases :
    RDS; Relational Databases; MySQL, SQL Server, Oracle, etc all come under this section.
    DynamoDB; Non Relational Databases; NoSQL database and can be scalable very vastly.
    Redshift; Amazon warehousing solution; BigData in the warehouse; Query is not directly run on the database instead run on a copy in the redshift.
    Elasticache; Way of caching data in the cloud, usually done on data which is most frequently used.

Security and Identity:
    IAM - Identity And Access Management; Used to sign in to AWS, setup permissions, groups etc.,
    Inspector; Its an agent installed on the virtual machine and inspects the virtual machine and does security reporting.
    Certificate Manager; This gives free SSL certificates for the domain names.
    Directory Service; This is a way of using MS AD with AWS.
    WAF - Web Application Firewall; Firewall gives N/W protection, this gives application level protection.
    Artifacts; Place to get documentation.

Migration Services:
    Snowball; Appliance used to store data and send back to amazon.
    Snowball Edge; Similar to Snowball but with compute capability like a data center.
    DMS - Database Migration Services; DMS will help migrate the data with no downtime.
    SMS - Server Migration Services; Exactly like DMS but for migrating VMWare.

Analytics:
    Athena; Allows SQL queries on S3, Turning Flat files into searchable data bases.
    Ealstic Map Reduce; Used for big data processing and based on Hadoop, Apache Spark etc
    Cloud Search; Similar to elastic, search engine for website or application.
    Elastic Search; This service uses open source.
    Kinesis; Way of analyzing and streaming real time data, analyzing market, social media tweets etc.
    Data Pipeline; It is a service used to move data from place to place. Ex:- from S3 to DynamoDB.
    Quick Sight; This is a business analytics tool used for creating rich dashboards for the data.



Management Tools:
    Cloud Watch; This is imp for SysOps certification; Used for monitoring performance of AWS environment especially EC2.
    Cloud Formation; It is a way of turning physical infrastructure into code, Using this we can provision production environment using one script.
    Cloud Trial; Auditing AWS resources.
    Opswork; A way of automating deployments using shift.
    Config; Config manager automatically monitors environment and gives warnings if the config might break.
    Trusted Advisor; Designed by the AWS solutions architecture team. They make series of recommendations; Security, Cost optimization, series of recommendations which is automated by scanning the env.

Application Services:
    Step Functions; Visualizing whats going on inside the application basically what micro services it is using.
    SWF - Simple Workflow Service; A way of coordinating automated tasks and manual tasks.
    API Gateway; Door for the Apps to access the back end data things like Lambda etc.,
    AppStream; It is a way of streaming desktop applications to the users.
    Elastic Transcoder; Used for changing the video format to suit all different devices based on resolution, size etc.,

Developer Tools:
    CodeCommit; It is a GitHub, GitHub is place to store code.
    CodeBuild; It is a way to compile code.
    CodeDeploy; Way of deploying in an automated fashion.
    CodePipeLine; Way of keeping versions of the code.

Mobile Services:
    Mobile Hub; This lets to add, configure and design features for mobile apps which includes, user auth, data storage, push notifications, back end logic, content delivery and anlytics.
    Cognito; Used for signing up using gmail credentials. Used in IOS with AWS.
    Device Farm; Helps improve the mobile apps by quickly and securing the apps on hundreds of real smart phones.
    Mobile Analytics; This app helps in analyzing the app usage data in a cost effective manner.
    Pinpoint; Helps in engage and understand with the application users. For Ex:- Helps in creating targeted marketing campaigns.

Business Productivity:
    WorkDocs; Used for storing important word documents in the cloud. In the back end using S3 with extra security added.
    Workmail; This is like exchange for AWS. A way of sending and receiving the emails.

iOT- Internet of Things:
    This is a way of having millions of devices keeping keeping track of them using the iOT gateway.

Desktop & AppStreaming:
    WorkSpaces; Workspace is a way of having desktop on the cloud.
    AppStream; It is a way of streaming desktop applications to the users.

Artificial Intelligence:
    Alexa; Alexa is amazons voice service in the cloud, can be communicated to alexa using echo.
    Polly; It is the most advanced text to speech service on the planet. Can use 47 voices and available in 24 languages.
    Machine Learning; This allows to predict data based on the previous performance.
    Rekognition; This service will recognize an uploaded picture and tells the details in the picture(objects, nature, humans, animals, gender etc.,)

Messaging:
    SNS - Simple Notification Services; this is a way of notifying either by email, text message.
    SQS; This is a way of decoupling applications, it is a queue system.
    SES - Simple Email Serice; A way of sending and receiving emails.

FYI: Regions --> Two or more Availability Zones inside regions --> Each Availability Zone is a data center/centers
Edge Location is a content delivery location. They are CDN end points for CloudFront.
CDN : Way to cache media files in the cloud. From the second user the cached filed is fetched from the edge location.

Amazon Storage Gateway - In Detail

AWS Storage Gateway; is a service that connects an on-premises software appliance with cloud-based storage to provide seemless and secure integration between an organizations on-premise IT environment and AWS's storage infrastructure. The service enables you to securely store data to the AWS cloud for scalable and cost-efficient storage.

Files are stored as objects in your S3 buckets, accessed through a Network File System (NFS) mount point. Ownership, permissions, and timestamps are durably stored in S3 in the user-metadata of the object associated with the file. Once objects are transferred to S3, they can be managed as native S3 objects, and bucket policies such as versioning, lifecycle management and cross-region replication apply directly to the objects stored in the bucket.

Storage Gateway is a virtual appliance installed into a host in the data center and this will propagate replicate data to AWS (particularly to S3/Galcier). This is available for download as a virtual machine image.

Once the Gateway is installed and associated with the AWS account through the activation process, you can use the AWS management console to create the storage gateway option that is right for you.

Four types of Storage Gateways:

File Gateway (NFS) used for storing flat files on S3.

Volume Gateway (iSCSI) used for block based storage.
- Stored Volumes: Entire copy of data on premis.
- Cached Volumes: Storing most recently accessed data.
Tape Gateway (VTL)

AWS Identity Access Management

Friday, March 24, 2017

S3 - Security & Encryption - In detail

Securing the buckets:

By default, the newly created buckets are private.
We can setup access control to the buckets using;
- Bucket Policies;
- ACL (Access Control Lists) ;

We can setup access log on the S3 buckets.

Encryption :

Two Types;

- In Transit (SSO/TLS, just using HTTPS)
- At Rest (Server side and client side)
- Server Side; S3 Managed Key - SSE S3
- AWS Key Management Service, Managed Keys - SSE-KMS
- Server Side encryption with customer provided keys - SSE - C
- Client Side encryption.

Content Delivery Network CDN - Hands On

As soon as we login to the AWS console, we can see the CloudFront under the Networking & Content Delivery section:

Click on CloudFront to see this screen below:

The first thing is to create a distribution.

Creating a simple web distribution:

From the auto populated sections of the S3 buckets or Elastic Load Balancers, we can choose one of the S3 buckets object. Thats the origin domain name.

Origin Path : Can be a folder with in an S3 bucket, so that its not pointed to the root of the bucket. We can leave the origin path. There can be multiple origins in the same distribution.

We can restrict the bucket access, by clicking on Yes under restrict access. This restrict the public access of the S3 url object and the object cannot be accepted by the public using the S3 url, but only from the CloudFront.

Origin Access Identity: This is another way of restricting buckets.

The purpose of each of the options can be read from the information icon beside the field.

Restrict Viewer Access: Restricts the users from accessing the files by securing it. Only the authorized users can access the files.

Once the required settings are made which are quite a few, we can now create a distribution and access the same object that we have accessed using url of the S3 bucket we can access using the CloudFront Url, which will load the object from the cache of the edge location from the second user accessing it.

The Unique domain of the distribution can be configured to be able to remembered by a human.

Upon successfully creating the Distribution we can click the Id link to open the distribution and view other options:

Under the Restrictions --> Geo Restriction we can enable this and select either white or black list
and shuffle the countries under it.

White list : want the cloudFront to allow to distribute the content.
Black list : dont want the cloudFront to allow to distribute the content.

We can create custom error pages when users get any errors they land on this page.

We can delete the distribution, we can select the distribution and click on disable it, it will take some 15 mins, after that we can delete the destribution.

CloudFront - In Detail

What is CDN ?

CDN is Content Delivery Network. It is a system of distributed services, that delivers webpages and other web content to a user base based on the geographic locations of the users, the origin of the web page and and a content delivery server.

How the users would access without CDN :

Edge Location:

This is the location where the content is cached. This is separate to an AWS Region/AZ.
We can look at the different locations by going to the

Origin :

This is the origin of all the files that CDN will distribute. This can be an S3 bucket, an EC2 Instance, an Elastic Load Bucket or Route53.

Distribution :

This is a name given to the CDN which consists of a collection of Edge Locations.

CDN :
When the first user makes a request, the request goes to the edge location.
Edge location checks if the file is cached in that location or not.
If it doesnt, it pulls from S3, and caches it.
From the second user, the file is already cached at that location and can be much faster from the second user in that region.

Amazon CloudFront can be used to deliver your entire website, including dynmic, static, streaming and interactive content using a global network of edge locations. Requests for the content are automatically routed to the nearest edge location, so the content is delivered with the best possible performance.

CloudFront is optimized to work with other amazon service like the S3, EC2, Load balancing, Route53.

CloudFront also works with any non AWS origin server, which stores the original, definitive versions of your files.

Two Types of Distributions;
Web distributions: Typically used for websites.
RTMP : used of media streaming(adobe flash)

Edge locations are not for read only.
We can set a TTL for the object to be cached at the edge location.
You will be charged to clear the cached object.

Thursday, March 16, 2017

Lifecycle Mangement, IA S3 and Galcier - Hands On

Lifecycle Management:

Object Created -- 30days later --> Transitioned to IA -- 30days later --> Transitioned to Glacier

-- 425 days later --> Expires

Monday, March 13, 2017

AWS Global Infrastructure - INTRO

AWS Global Infrastructure:

Regions are physical stuffs that AWS runs on. (Regions, Availability zones and each locations)
Regions are places where AWS resources exist.
They keep constantly increasing.
Each region consists of two or more availability zones.
Availability zones are simply data centers (collection of data centers as well).

Edge Location is a content delivery location. They are CDN end points for CloudFront.

CDN : Content Delivery Network.

Way to cache media files in the cloud. From the second user the cached filed is fetched from the edge location.

North America has the largest Edge Locations obviously because of the number of users.

Friday, March 10, 2017

Messaging - INTRO

SNS-Simple Notification Services

Simple Notification Services; this is a way of notifying either by email, text message.

SQS-Imp

This is a way of decoupling the applications. Its a queue system.

SES-Simple email service

This is a way of sending and receiving the emails using AWS.

Atrificial Intelligence - INTRO

Alexa -

Alexa is amazons voice service in the cloud, can be communicated to Alexa using Echo.
In the back end it is talking to Lambda. Lex drives Alexa. Now there is no longer any need for Echo, this can be embedded in all kinds of devices.

Polly-

Polly is the most advanced text to speech service on the planet. Can use 47 voices and available in 24 languages. Text is converted in MP3. It uses synthesis speech mark up language and stores the MP3 file in S3 which stores the files as objects.

Machine Learning -

We give AWS a data set (name, married, age, occupation, etc) we tell it what the outcomes (bought a product or not ) amazon will use machine learning to analyze the data set and predict outcomes for future decisions. This allows to predict data based on the previous performance.

Rekognition -

This service will recognize an uploaded picture if it has a human being (facial recognition) and also identifies the objects in the picture (mountain bike)

Desktop and App Streaming - INTRO

WorkSpaces-

Workspace is a way of having desktop in the cloud. The actual OS is running on the cloud.

AppStream 2.0 -

It is a way of streaming desktop applications to the users. The previous version is called AppStream 1.0 and it is retired but still sits on the AWS console.

Internet Of Things - INTRO

iOT -

This is a way of having millions of devices keeping track of them using the iOT gateway.
This service is new.

Business Productivity - INTRO

WorkDocs -

Used for storing important work documents in the cloud. In the back end it is using S3 but with all the security added.

Workmail-

This is like the exchange for AWS. A way of sending and receiving the emails.

Mobile Services - INTRO

Mobile Hub -

This lets to add, configure and design features for mobile apps which includes, user auth, data storage, push notifications, back end logic, content delivery and anlytics. Mobile has its own console for mobile apps.

Cognito -

It is used for sign up using gmail credentials. Used in IOS with AWS.
Instagram style app - IOS with AWS back end services. Take a photo stored in S3 write the metadata to DynamoDB, trigger Lambda to generate thumbnails of that photo.

Device Farm -

This service helps improve the android, IOS and fios apps by quickly and securely testing them on hundreds of real smart phones.This helps test the physical devices using AWS data center, in other words this service is used for load testing.

Mobile Analytics -

This service helps in analyzing the app usage data in a cost effective manner.

Pinpoint -

This is new service added to the mobile services list. This enables us to engage and understand with the application users. To understand what the users are doing with the app. Lets say we wanted to do a targeted marketing campaign this service helps do that.

Developer Tools - INTRO

CodeCommit -

It is a GitHub, GitHub is place to store code.

CodeBuild -

It is a way to compile the code.

CodeDeploy -

Way of deploying in an automated fashion.

CodePipeline -

Way of keeping versions of code.

Application Services - INTRO

Step Functions:

Announced in 2016. Visualizing whats going on inside the application basically what micro services it is using.

SWF - Simple Workflow Service

This is used in the amazon fulfillment center. A way of coordinating automated tasks and manual tasks.

API Gateway -

Door to create, publish, monitor, maintain and secure APIs at scale. Door for the Apps to access the back end data things like Lambda etc.

AppStream -

Its a way of streaming desktop applications to users.

Elastic Transcoder -

Used for changing the video format to suit all different devices based on resolution, size etc

Management Tools - INTRO

Cloud Watch -

SysOps certification. Used for monitor performance of AWS env, in particular EC2.

Cloud Formation - Most Imp

It is a way of turning physical infrastructure into code. Provision prod env using one script.

Cloud Trial -

Auditing AWS resources.

Opswork -

A way of automating deployments using shift.

Config -

Config manager automatically monitors environment and gives warnings if the config might break.

Trusted Advisor -

Designed by the AWS solutions architecture team. They make series of recommendations; Security, Cost optimization, series of recommendations which is automated by scanning the env.

Security and Identity - INTRO

IAM - Identity Access Management

Fundamental component and comes up in all the certifications.
Used to sign in to AWS, setup permissions, groups etc.,

Inspector -

Its an agent installed on the virtual machine, and inspects the virtual machines and does security reporting.

Certificate Manager -

This gives free SSL certificates for the domain names.

Directory Service -

A way of using Microsoft AD with AWS.

WAF - Web Application Firewall -

This allows application level protection. Firewall gives network protection, this service gives application level protection. This is a security protocol.

Artifacts -

Place where we can get documentation.

Analytics - INTRO

Athena -

This basically allows SQL queries on S3. Turning Flat files into searchable data bases.

Elastic Map Reduce -

This is used for big data processing.
This is used for processing of large amounts of data (web indexing, log analysis etc ). Framework based on Hadoop, Apache Spark etc.

Cloud Search -

This is similar to Elastic. Search engine for website or application we can use cloud or elastic search.
This is based purely managed service by the Amazon.

Elastic Search -

This is service using open source.

Kinesis -

This is a way of streaming and analyzing real time data. We can capture and store terrabytes of data, things like analyzing market, social media tweets etc.,

Data Pipeline -

Data Pipeline is a service to move data place to place. Ex:- From S3 to DynamoDB.

Quick Sight -

This is a business analytics tools, used for creating rich dashboards for the data. Not in demand now.

Migration Services - INTRO

Snowball -

Snowball started as import and export. Send disk/disks and connect those disks and transfer the data to S3/EC2 etc. Snowball was introduced to avoid disks which comes in different shapes and sizes. It is a brief case sized appliance consists of only storage and load it with terra bytes of data and send back to Amazon. Recently introduced Snowball edge which instead of just being a storage application and added compute capacity like a data center.

DMS - Database Migration Services

DMS allows on premis data base to cloud and into things like Redshift. Dont have to stay with the migrated data base. DMS will take care of the migration with no downtime.

SMS - Server Migration Services

This does exactly like DMS but targets VMWare migrations. Can work on 50 concurrently.

Databases - INTRO

RDS - Relational Database Service

MySQL, SQL Server, Oracle, etc all come under this section.

DynamoDB - Non Relational Database Service

Heavily stressed in the developer associate course. This is a No SQL database and this can be scalable very vastly.

Redshift - Amazon warehousing solution

Queried only when required like big data stored in the warehouse. Queries are not directly run the production data base as it is going to get slowed down instead we transfer a copy on the redshift and query as and when required.
This is stressed mainly in the Big Data speciality certifications.

Elasticache -

This is a way of caching the data in the cloud. Usually data that is most frequently being used.

Thursday, March 9, 2017

Storage - INTRO

Storage consists of four different components:

S3 - Simple Storage Service

Virtual Disk in the cloud to store objects (docs/files/text files/movies etc). Not to install a DB, an application, a computer game. This is an object based storage. For installing a DB, application or a computer game we need a block based storage. DropBox is one of the first start up to use S3.

Glacier -

Glacier is a place where we archive your files from S3. Glacier is used where we dont need instant access. It is extremely low cost. It takes around 3-4 hours to retrieve them.

EFS - Elastic File Service-

EFS is block based storage. This is a new service. EFS can be shared with multiple virtual machines.

Storage Gateway -

This is a way of connecting S3 to the on premise data center or to the head quarters. It is a virtual machine that is installed on prems, and you get a virtual machine image it then communicates with S3.