IAM Section

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 7

IAM Section – Summary

• Users: mapped to a physical user, has a password for AWS Console

• Groups: contains users only

• Policies: JSON document that outlines permissions for users or groups

• Roles: for EC2 instances or AWS services

• Security: MFA + Password Policy

• AWS CLI: manage your AWS services using the command-line

• AWS SDK: manage your AWS services using a programming language

• Access Keys: access AWS using the CLI or SDK

• Audit: IAM Credential Reports & IAM Access Advisor

EC2 Section – Summary


• EC2 Instance: AMI (OS) + Instance Size (CPU + RAM) + Storage +

security groups + EC2 User Data

• Security Groups: Firewall attached to the EC2 instance

• EC2 User Data: Script launched at the first start of an instance

• SSH: start a terminal into our EC2 Instances (port 22)

• EC2 Instance Role: link to IAM roles

• Purchasing Options: On-Demand, Spot, Reserved (Standard + Convertible + Scheduled), Dedicated


Host, Dedicated Instance.
ELB & ASG – Summary
• High Availability vs Scalability (vertical and horizontal) vs Elasticity vs

Agility in the Cloud

• Elastic Load Balancers (ELB)

• Distribute traffic across backend EC2 instances, can be Multi-AZ

• Supports health checks

• 4 types: Classic (old), Application (HTTP – L7), Network (TCP – L4), Gateway (L3)

• Auto Scaling Groups (ASG)

• Implement Elasticity for your application, across multiple AZ

• Scale EC2 instances based on the demand on your system, replace unhealthy

• Integrated with the ELB

Amazon S3 – Summary
• Buckets vs Objects: global unique name, tied to a region

• S3 security: IAM policy, S3 Bucket Policy (public access), S3 Encryption

• S3 Websites: host a static website on Amazon S3

• S3 Versioning: multiple versions for files, prevent accidental deletes

• S3 Replication: same-region or cross-region, must enable versioning

• S3 Storage Classes: Standard, IA, 1Z-IA, Intelligent, Glacier (Instant, Flexible, Deep)

• Snow Family: import data onto S3 through a physical device, edge computing

• OpsHub: desktop application to manage Snow Family devices

• Storage Gateway: hybrid solution to extend on-premises storage to S3


Databases & Analytics Summary in AWS
• Relational Databases - OLTP: RDS & Aurora (SQL)

• Differences between Multi-AZ, Read Replicas, Multi-Region

• In-memory Database: ElastiCache

• Key/Value Database: DynamoDB (serverless) & DAX (cache for DynamoDB)

• Warehouse - OLAP: Redshift (SQL)

• Hadoop Cluster: EMR

• Athena: query data on Amazon S3 (serverless & SQL)

• QuickSight: dashboards on your data (serverless)

• DocumentDB: “Aurora for MongoDB” (JSON – NoSQL database)

• Amazon QLDB: Financial Transactions Ledger (immutable journal, cryptographically verifiable)

• Amazon Managed Blockchain: managed Hyperledger Fabric & Ethereum blockchains

• Glue: Managed ETL (Extract Transform Load) and Data Catalog service

• Database Migration: DMS

• Neptune: graph database

Other Compute - Summary


• Docker: container technology to run applications

• ECS: run Docker containers on EC2 instances

• Fargate:

• Run Docker containers without provisioning the infrastructure

• Serverless offering (no EC2 instances)

• ECR: Private Docker Images Repository

• Batch: run batch jobs on AWS across managed EC2 instances

• Lightsail: predictable & low pricing for simple application & DB stacks
Lambda Summary
• Lambda is Serverless, Function as a Service, seamless scaling, reactive

• Lambda Billing:

• By the time run x by the RAM provisioned

• By the number of invocations

• Language Support: many programming languages except (arbitrary) Docker

• Invocation time: up to 15 minutes

• Use cases:

• Create Thumbnails for images uploaded onto S3

• Run a Serverless cron job

• API Gateway: expose Lambda functions as HTTP API

Deployment - Summary
• CloudFormation: (AWS only)

• Infrastructure as Code, works with almost all of AWS resources

• Repeat across Regions & Accounts

• Beanstalk: (AWS only)

• Platform as a Service (PaaS), limited to certain programming languages or Docker

• Deploy code consistently with a known architecture: ex, ALB + EC2 + RDS

• CodeDeploy (hybrid): deploy & upgrade any application onto servers

• Systems Manager (hybrid): patch, configure and run commands at scale

• OpsWorks (hybrid): managed Chef and Puppet in AWS


Developer Services - Summary
• CodeCommit: Store code in private git repository (version controlled)

• CodeBuild: Build & test code in AWS

• CodeDeploy: Deploy code onto servers

• CodePipeline: Orchestration of pipeline (from code to build to deploy)

• CodeArtifact: Store software packages / dependencies on AWS

• CodeStar: Unified view for allowing developers to do CICD and code

• Cloud9: Cloud IDE (Integrated Development Environment) with collab

• AWS CDK: Define your cloud infrastructure using a programming language

Global Applications in AWS - Summary


• Global DNS: Route 53

• Great to route users to the closest deployment with least latency

• Great for disaster recovery strategies

• Global Content Delivery Network (CDN): CloudFront

• Replicate part of your application to AWS Edge Locations – decrease latency

• Cache common requests – improved user experience and decreased latency

• S3 Transfer Acceleration

• Accelerate global uploads & downloads into Amazon S3

• AWS Global Accelerator

• Improve global application availability and performance using the AWS global

network
Global Applications in AWS - Summary
• AWS Outposts

• Deploy Outposts Racks in your own Data Centers to extend AWS services

• AWS WaveLength

• Brings AWS services to the edge of the 5G networks

• Ultra-low latency applications

• AWS Local Zones

• Bring AWS resources (compute, database, storage, …) closer to your users

• Good for latency-sensitive applications

Integration Section – Summary


• SQS:

• Queue service in AWS

• Multiple Producers, messages are kept up to 14 days

• Multiple Consumers share the read and delete messages when done

• Used to decouple applications in AWS

• SNS:

• Notification service in AWS

• Subscribers: Email, Lambda, SQS, HTTP, Mobile…

• Multiple Subscribers, send all messages to all of them

• No message retention

• Kinesis: real-time data streaming, persistence and analysis

• Amazon MQ: managed message broker for ActiveMQ and RabbitMQ in the cloud (MQTT, AMQP..
protocols)
Monitoring Summary
• CloudWatch:

• Metrics: monitor the performance of AWS services and billing metrics

• Alarms: automate notification, perform EC2 action, notify to SNS based on metric

• Logs: collect log files from EC2 instances, servers, Lambda functions…

• Events (or EventBridge): react to events in AWS, or trigger a rule on a schedule

• CloudTrail: audit API calls made within your AWS account

• CloudTrail Insights: automated analysis of your CloudTrail Events

• X-Ray: trace requests made through your distributed applications

• AWS Health Dashboard: status of all AWS services across all regions

• AWS Account Health Dashboard: AWS events that impact your infrastructure

• Amazon CodeGuru: automated code reviews and application performance recommendations

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy