Instant Ebook Access, One Click Away – Begin at ebooknice.

com

(Ebook) Learning Amazon Web Services (AWS): A

Hands-On Guide to the Fundamentals of AWS Cloud by
Wilkins, Mark ISBN 9780135298343, 0135298342

https://ebooknice.com/product/learning-amazon-web-services-
aws-a-hands-on-guide-to-the-fundamentals-of-aws-
cloud-35029588

OR CLICK BUTTON

DOWLOAD EBOOK

Get Instant Ebook Downloads – Browse at https://ebooknice.com

 Instant digital products (PDF, ePub, MOBI) ready for you
Download now and discover formats that fit your needs...

Start reading on any device today!

(Ebook) Genomics in the AWS Cloud: Analyzing Genetic Code Using Amazon Web Services
by Wall, David, Vacher, Catherine ISBN 9781119573371, 1119573378

https://ebooknice.com/product/genomics-in-the-aws-cloud-analyzing-genetic-code-
using-amazon-web-services-55645028

ebooknice.com

(Ebook) Aws Administration - The Definitive Guide: Design, Build, and Manage Your
Infrastructure on Amazon Web Services - Second Edition by Yohan Wadia ISBN
9781788477178, 1788477170

https://ebooknice.com/product/aws-administration-the-definitive-guide-design-
build-and-manage-your-infrastructure-on-amazon-web-services-second-
edition-22009544

ebooknice.com

(Ebook) Biota Grow 2C gather 2C cook by Loucas, Jason; Viles, James ISBN
9781459699816, 9781743365571, 9781925268492, 1459699815, 1743365578, 1925268497

https://ebooknice.com/product/biota-grow-2c-gather-2c-cook-6661374

ebooknice.com

(Ebook) Learning AWS IoT: Effectively manage connected devices on the AWS cloud
using services such as AWS Greengrass, AWS button, predictive analytics and machine
learning by Kurniawan, Agus ISBN 9781788396110, 1788396111

https://ebooknice.com/product/learning-aws-iot-effectively-manage-connected-
devices-on-the-aws-cloud-using-services-such-as-aws-greengrass-aws-button-
predictive-analytics-and-machine-learning-55161948

ebooknice.com
(Ebook) Website Hosting and Migration with Amazon Web Services: A Practical Guide to
Moving Your Website to AWS by Jason Nadon (auth.) ISBN 9781484225882, 9781484225899,
1484225880, 1484225899

https://ebooknice.com/product/website-hosting-and-migration-with-amazon-web-
services-a-practical-guide-to-moving-your-website-to-aws-5880844

ebooknice.com

(Ebook) Host Your Web Site In The Cloud: Amazon Web Services Made Easy: Amazon EC2
Made Easy by Jeff Barr ISBN 9780980576832, 0980576830

https://ebooknice.com/product/host-your-web-site-in-the-cloud-amazon-web-
services-made-easy-amazon-ec2-made-easy-1182254

ebooknice.com

(Ebook) Amazon Web Services in Action, Third Edition: An in-depth guide to AWS -
MEAP Version 3 by Andreas Wittig, Michael Wittig ISBN 9781633439160, 163343916X

https://ebooknice.com/product/amazon-web-services-in-action-third-edition-an-in-
depth-guide-to-aws-meap-version-3-44019894

ebooknice.com

(Ebook) Practical Amazon EC2, SQS, Kinesis, and S3: A Hands-On Approach to AWS by
Sunil Gulabani (auth.) ISBN 9781484228401, 9781484228418, 1484228405, 1484228413

https://ebooknice.com/product/practical-amazon-ec2-sqs-kinesis-and-s3-a-hands-
on-approach-to-aws-5880892

ebooknice.com

(Ebook) Serverless Web Applications with AWS Amplify: Build Full-Stack Serverless
Applications Using Amazon Web Services by Akshat Paul, Mahesh Haldar ISBN
9781484287064, 1484287061

https://ebooknice.com/product/serverless-web-applications-with-aws-amplify-
build-full-stack-serverless-applications-using-amazon-web-services-51197104

ebooknice.com
Learning Amazon
Web Services
(AWS)
 The Pearson Addison-Wesley
Learning Series

Visit informit.com/learningseries for a complete list of available publications.

The Pearson Addison-Wesley Learning Series is a collection of hands-

on programming guides that help you quickly learn a new technology or
language so you can apply what you’ve learned right away.

Each title comes with sample code for the application or applications built
in the text. This code is fully annotated and can be reused in your own
projects with no strings attached. Many chapters end with a series of
exercises to encourage you to reexamine what you have just learned, and
to tweak or adjust the code as a way of learning.

Titles in this series take a simple approach: they get you going right away
and leave you with the ability to walk off and build your own application
and apply the language or technology to whatever you are working on.

Make sure to connect with us!

informit.com/socialconnect
Learning Amazon
Web Services
(AWS)
A Hands-On Guide to the
Fundamentals of AWS Cloud

Mark Wilkins
 Learning Amazon Web Services (AWS) Acquisition Editor
Copyright © 2020 by Pearson Education, Inc. Paul Carlstroem

All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, Managing Editor
or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, Sandra Schroeder
without written permission from the publisher. No patent liability is assumed with respect to Development Editor
the use of the information contained herein. Although every precaution has been taken in Kiran Panigrahi
the preparation of this book, the publisher and author assume no responsibility for errors
or omissions. Nor is any liability assumed for damages resulting from the use of the Project Editor
information contained herein. Lori Lyons
Production
Trademarks Manager
All terms mentioned in this book that are known to be trademarks or service marks have been Aswini Kumar
appropriately capitalized. Pearson cannot attest to the accuracy of this information. Use of a term
in this book should not be regarded as affecting the validity of any trademark or service mark. Copy Editor
Kitty Wilson
AWS screenshots © Amazon Web Services, Inc.
Indexer
Cover photo: Sdecoret/Shutterstock
Cheryl Lenser
Microsoft and/or its respective suppliers make no representations about the suitability of the
Proofreader
information contained in the documents and related graphics published as part of the services
Abigail Manheim
for any purpose. All such documents and related graphics are provided “as is” without warranty of
any kind. Microsoft and/or its respective suppliers hereby disclaim all warranties and conditions Designer
with regard to this information, including all warranties and conditions of merchantability, whether Chuti Prasertsith
express, implied or statutory, fitness for a particular purpose, title and non-infringement. In no Compositor
event shall Microsoft and/or its respective suppliers be liable for any special, indirect or conse-
codeMantra
quential damages or any damages whatsoever resulting from loss of use, data or profits, whether
in an action of contract, negligence or other tortious action, arising out of or in connection with
the use or performance of information available from the services. The documents and related
graphics contained herein could include technical inaccuracies or typographical errors. Changes
are periodically added to the information herein. Microsoft and/or its respective suppliers may
make improvements and/or changes in the product(s) and/or the program(s) described herein at
any time. Partial screenshots may be viewed in full within the software version specified.
Microsoft® Windows®, Microsoft Office®, and Microsoft Azure® are registered trademarks of
the Microsoft Corporation in the U.S.A. and other countries. Screenshots reprinted with per-
mission from the Microsoft Corporation. This book is not sponsored or endorsed by or affili-
ated with the Microsoft Corporation.
For information regarding permissions, request forms and the appropriate contacts
within the Pearson Education Global Rights & Permissions Department, please visit
www.pearsoned.com/permissions/.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate as possible,
but no warranty or fitness is implied. The information provided is on an “as is” basis. The
author and the publisher shall have neither liability nor responsibility to any person or entity
with respect to any loss or damages arising from the information contained in this book.
Special Sales
For information about buying this title in bulk quantities, or for special sales opportunities
(which may include electronic versions; custom cover designs; and content particular to
your business, training goals, marketing focus, or branding interests), please contact our
corporate sales department at corpsales@pearsoned.com or (800) 382-3419.
For government sales inquiries, please contact governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact intlcs@pearson.com.
Visit us on the Web: informit.com/aw
ISBN-13: 978-0-13-529834-3
ISBN-10: 0-13-529834-2
Library of Congress Control Number: 2019937606
2 20

A01_Wilkins_FM-pi-pxxii.indd iv 02/03/20 1:58 PM

Accessing the Web Edition
Your purchase of this book in any format includes access to the corresponding Web Edition.
Your Web Edition contains the following:
■ The complete text of the book
■ Hours of instructional video keyed to the text

The Web Edition can be viewed on all types of computers and mobile devices with any modern
web browser that supports HTML5.

To get access to the Learning Amazon Web Services (AWS) Web Edition, all you need to do is register
this book:

1. Go to www.informit.com/register.

2. Sign in or create a new account.

3. Enter the ISBN: 9780135298343.

4. Answer the questions as proof of purchase.

5. The Web Edition will appear under the Digital Purchases tab on your Account page.
Click the Launch link to access the product.
Contents at a Glance
Preface xix
1 Learning AWS 1

2 Designing with AWS Global Services 29

3 AWS Networking Services 77

4 Compute Services: AWS EC2 Instances 147

5 Planning for Scale and Resiliency 209

6 Cloud Storage 255

7 Security Services 315

8 Automating AWS Infrastructure 373

Index 409
Table of Contents

1 Learning AWS 1
About This Book 1
Trying to Define the Cloud 2
Moving to AWS 5
Infrastructure as a Service 6
Platform as a Service 8
Essential Characteristics of AWS Cloud Computing 10
Operational Benefits of AWS 14
Cloud Provider Limitations 15
Data Security at AWS 16
Network Security at AWS 18
Application Security at AWS 18
Compliance in the AWS Cloud 19
Playing in the AWS Sandbox 20
What’s the Problem That Needs to Be Solved? 21
Migrating Applications 23
The Well-Architected Framework 24
The Well-Architected Tool 25
In Conclusion 27

2 Designing with AWS Global Services 29

Considering Location 30
AWS Regions 32
Region Isolation 34
Availability Zones 35
Availability Zone Distribution 37
Multiple Availability Zones 38
What’s the AWS Service-Level Agreement? 40
Everything Fails 42
Global Edge Services 44
Services Located at the Edge 44
Choosing a Region 49
Compliance 49
AWS and Compliance 53
HIPAA 54
viii Contents

NIST 55
GovCloud 56
Latency Concerns 57
Services Offered at Each Region 58
Calculating Costs 59
Management Service Costs 60
Management Tools Pricing: AWS Config 61
AWS Compute Costs 62
Storage Costs 63
Data Transfer Costs 64
Understand Tiered Costs at AWS 66
Optimizing Costs at AWS 67
Optimizing Compute Costs 67
Tools for Analyzing Costs at AWS 69
Trusted Advisor 69
AWS Simple Monthly Calculator 73
Total Cost of Ownership (TCO) Calculator 75
In Conclusion 76
Top 10 Big-Picture Discussion Points: Compliance, Governance, Latency,
and Failover Considerations 76

3 AWS Networking Services 77

VPC Networking 78
Partnering with AWS 79
What’s Behind the Networking Curtain? 81
It’s All About Packet Flow 83
Creating Your First VPC 86
How Many VPCs? 90
Creating the VPC CIDR Block 91
Planning Your Primary VPC CIDR Block 91
The Default VPC 93
Revisiting Availability Zones 95
Creating Subnets 95
NAT Services 97
Working with Route Tables 98
The Main Route Table 99
Private IPV4 Addresses 102
Elastic IP Addresses 104
Traffic Charges 106
 Contents ix

Bring Your Own IP (BYOIP) 107

The BYOIP Process 108
IPv6 Addresses 110
Security Groups 110
Custom Security Groups 113
Network ACLs 117
Network ACL Implementation Details 118
Understanding Ephemeral Ports 121
VPC Flow Logs 122
Peering VPCs 123
Establishing a Peering Connection 123
Gateway VPC Endpoints 125
Interface VPC Endpoints 128
VPC Connectivity 131
Internet Gateway: The Public Door 131
VPN Connections 133
Virtual Private Gateway 134
VPN Connections 136
VPN CloudHub 137
Understanding Route Propagation 137
Direct Connect 138
Route 53 139
Route 53 Routing Options 141
Route 53 Health Checks 142
Using DNS with a VPC: Private DNS Zones 143
DNS Hostnames 143
In Conclusion 144
Top 10 Discussion Points: Considerations for Security, Failover, and
Connectivity 145

4 Compute Services: AWS EC2 Instances 147

A Short History of EC2 Virtualization 148
The Nitro System 150
EC2 Instances 152
Instance Families 153
What’s a vCPU? 154
EC2 Instance Choices 155
General-Purpose Instances 156
x Contents

Instances Designed to Burst 157

Compute-Optimized Instances 159
Memory-Optimized Instances 159
Accelerated Computing (GPU) 160
Storage-Optimized Instances 161
Bare-Metal Instances 161
Dedicated Hosts 162
Dedicated Instances 162
EC2 Network Performance 163
Amazon Machine Images (AMIs) 164
Choosing an AMI 166
AWS Linux AMIs 166
Linux AMI Virtualization Types 166
Windows AMIs 167
AWS Marketplace 167
Creating a Custom AMI 168
Custom Instance Store AMIs 170
Proper AMI Design 171
AMI Build Considerations 173
AMI Best Practices 174
Adopting a Best Practice: Tags 175
Using Launch Templates 176
Changing the Current Instance Type 176
EC2 Pricing 177
Reserved Instances (RI) 178
Reserved Instance Limits 179
Reserved EC2 Instances Types 181
Scheduled Reserved EC2 Instances 182
Spot Instance 182
Spot Fleet 184
Spot Capacity Pools 185
EC2 Fleet 186
EC2 Instance Storage Options 187
Local Instance Storage—SSD or Magnetic Disk 187
EC2 Auto Recovery 189
Ordering an Instance 190
Migrating to AWS 196
 Contents xi

Migration Big-Picture Steps 197

AWS Migration Hub 199
AWS Server Migration Services 200
Server Migration Big Steps 201
Importing and Exporting Virtual Resources 202
Other Ways to Host Workloads at AWS 202
Containers 203
Amazon Elastic Container Service (ECS) 204
AWS Fargate 205
AWS ECS for Kubernetes (EKS) 205
Amazon LightSail 206
Lambda 206
AWS Firecracker 208
In Conclusion 208
Top 10 Big-Picture Discussion Points: Migration and Planning
Considerations 208

5 Planning for Scale and Resiliency 209

The Concept of Monitoring 211
What Is CloudWatch? 213
Monitoring 214
Logging 215
Collecting Data with the CloudWatch Agent 216
CloudWatch Agent Install Steps 217
Planning for Monitoring 217
CloudWatch Integration 219
CloudWatch Terminology 220
Using the Dashboard 224
Creating a CloudWatch Alarm 224
Additional Alarm and Action Settings 225
Actions 226
Monitoring EC2 Instances 226
Automatically Reboot or Recover Instances 226
Elastic Load Balancing Services 227
Redundancy by Design 229
EC2 Health Checks 230
Additional ELB Features 231
xii Contents

Application Load Balancer (ALB) 233

Big-Picture Steps: ALB Creation 234
Rule Choices 237
HTTPS Listener Security Settings 239
Target Group Routing 240
Maintaining User Sessions 241
Sticky Session Support 242
Configuring Health Checks 242
Monitoring Load Balancer Operation 243
Network Load Balancer 244
Scaling Applications 245
EC2 Auto Scaling 245
EC2 Auto Scaling Components 246
Launch Configuration 246
Launch Templates 247
Auto Scaling Groups (ASGs) 248
Scaling Options for Auto Scaling Groups 249
Lifecycle Hooks 251
AWS Auto Scaling 251
In Conclusion 252
Top 10 Big-Picture Discussion Points: Scale, Availability, and
Monitoring Decisions 252

6 Cloud Storage 255

Cloud Storage 256
Which Storage Matches Your Workload? 258
EBS Block Storage 259
EBS Volume Types 260
General-Purpose SSD (gp2) 261
Elastic EBS Volumes 264
Attaching an EBS Volume 264
EBS Volume Encryption 265
EBS Snapshots 266
Tagging EBS Volumes and Snapshots 268
EBS Best Practices 269
 Contents xiii

S3 Storage 269
Buckets, Objects, and Keys 270
S3 Data Consistency 272
S3 Storage Classes 273
S3 Management 274
Versioning 277
S3 Bucket Security 278
Amazon S3 Glacier Archive Storage 280
S3 Glacier Vaults and Archives 281
Shared File Systems at AWS 281
Elastic File System (EFS) 282
EFS Performance Modes 283
EFS Throughput Modes 283
EFS Security 284
Storage Performance Compared 284
Amazon FSx for Windows File Server 286
Relational Database Service (RDS) 287
RDS Database Instances 288
High Availability for RDS 290
Big-Picture RDS Installation Steps 292
Monitoring Database Performance 293
Best Practices for RDS 293
Aurora 294
Aurora Storage 295
Communicating with Aurora 297
DynamoDB 298
Database Design 101 300
DynamoDB Tables 301
Provisioning Table Capacity 302
Adaptive Capacity 304
Data Consistency 305
ACID and DynamoDB 306
Global Tables 307
DynamoDB Accelerator (DAX) 308
Backup and Restore 308
ElastiCache 308
xiv Contents

AWS Data Transfer Options 309

The Snow Family 311
AWS Storage Gateway Family 312
In Conclusion 313
Top 10 Big-Picture Discussion Points: Storage Options and
Considerations 314

7 Security Services 315

Identity and Access Management 317
IAM Policy Defined 319
IAM Authentication 320
Requesting Access to AWS Resources 322
The Authorization Process 323
Actions 324
IAM Users 325
The Root User 326
The IAM User 328
Creating an IAM User 328
IAM User Access keys 329
IAM Groups 332
Signing In as an IAM User 332
IAM Account Details 332
IAM User Account Summary 333
Creating a Password Policy 334
Rotating Access Keys 335
Using Multifactor Authentication (MFA) 337
IAM Policy Types 337
Identity-Based Policies 337
Resource-Based Policies 340
In-Line Policies 340
IAM Policy Creation 341
Policy Elements 342
Reading a Simple JSON Policy 343
Policy Actions 344
Additional Policy Control Options 345
Reviewing the Policy Permissions Applied 348
IAM Policy Versions 349
Using Conditional Elements 350
 Contents xv

Using Tags with IAM Identities 350

IAM Roles 351
When to Use Roles 352
Cross-Account Access to AWS Resources 354
The AWS Security Token Service (STS) 355
Identity Federation 357
IAM Best Practices 358
IAM Security Tools 360
Creating a CloudWatch Trail Event 363
Other AWS Security Services 365
AWS Organizations 365
Resource Access Manager (AWS RAM) 366
Secrets Manager 368
GuardDuty 369
AWS Inspector 370
In Conclusion 371
Top 10 Big-Picture Discussion Points 371

8 Automating AWS Infrastructure 373

Automating with AWS 373
From Manual to Automated Infrastructure with CloudFormation 375
CloudFormation Components 377
CloudFormation Templates 378
Stacks 380
Creating an EC2 Instance with ElP 381
Updating with Change Sets 382
Working with CloudFormation Stack Sets 383
AWS Service Catalog 384
The 12-Factor Methodology 386
Rule 1. Codebase—One Codebase That Is Tracked with Version Control
Allows Many Deploys 386
AWS CodeCommit 387
Rule 2. Dependencies—Explicitly Declare and Isolate
Dependencies 388
Rule 3. Config—Store Config in the Environment 388
Rule 4. Backing Services—Treat Backing Services as Attached
Resources 389
Rule 5. Build, Release, Run—Separate, Build, and Run Stages 389
xvi Contents

Rule 6. Process—Execute the App as One or More Stateless

Processes 390
Rule 7. Port Binding—Export Services via Port Binding 392
Rule 8. Concurrency—Scale Out via the Process Model 392
Rule 9. Disposability—Maximize Robustness with Fast Startup and
Graceful Shutdown 392
Rule 10. Dev/Prod Parity—Keep Development, Staging, and Production
as Similar as Possible 393
Rule 11. Logs—Treat Logs as Event Streams 393
Rule 12. Admin Processes—Run Admin/Management Tasks as One-Off
Processes 393
Elastic Beanstalk 394
Updating Elastic Beanstalk Applications 396
CodePipeline 397
AWS CodeDeploy 399
Serviceless Computing with Lambda 400
API Gateway 402
Building a Serverless Web App 404
Create a Static Website 404
User Authentication 405
Serverless Back-End Components 405
Set Up the API Gateway 406
In Conclusion 407
Top 10 Big-Picture Discussion Points: Moving Toward
Stateless Design 407

Index 409
Companion Videos List

In addition to this book, several hours of companion online training videos are available.
Throughout the chapters, you’ll be invited to watch a video that relates to the topic being
covered in that section.
To access the videos, register this book at www.informit.com/register.

Chapter 1: Learning AWS

Signing up for Amazon Free Tier
Terra Firma

Chapter 2: Designing with AWS Global Services

Availability Zones
Choosing a Region
Planning Compliance
Trusted Advisor
Using the Simple Monthly Calculator

Chapter 3: AWS Networking Services

Create a Custom VPC
Creating CIDR Blocks
Public and Private Subnets
Exploring Route Tables
Creating Security Groups
Network ACLs
VPC Flow Logs
Understanding Endpoints
Adding an Internet Gateway
Creating VPN Connections

Chapter 4: Compute Services: AWS EC2 Instances

Creating a Custom AMI
Creating Reserved Instances
Spot Instances
Creating Instances

Chapter 5: Planning for Scale and Resiliency

Installing the CloudWatch Agent
CloudWatch in Operation
Creating a CloudWatch Alarm
xviii Contents

Deploying EC2 Auto Recovery

Connection Draining
Understanding ELB Features
Creating Listener Rules
Creating a Network Load Balancer
Creating Launch Templates
EC2 Auto Scaling

Chapter 6: Cloud Storage

Creating EBS Volumes
Creating Snapshots
Creating S3 Buckets
S3 Management Features
Creating EFS Storage
FSx Setup for Windows
Ordering RDS
Creating Aurora Databases
Creating DynamoDB Tables
Data Transfer Options at AWS

Chapter 7: Security Services

Creating IAM Users and Groups
Defining a Password Policy
Enabling MFA Protection
Creating IAM Policies
Creating Permission Boundaries
Exploring AWS Security Tools
Exploring CloudTrail Events
Setting up AWS Organizations and RAM

Chapter 8: Automating AWS Infrastructure

Analyzing a CloudFormation Template
Creating EC2 Instances with CloudFormation
Creating Change Sets with CloudFormation
Creating Products with Service Catalog
Deploying Elastic Beanstalk
Updating Elastic Beanstalk with a Blue/Green Deployment
S3 Buckets and Alerts Using Lambda
CloudWatch Alerts and Lambda
Creating Lambda Functions
Using the API Gateway
Preface
Although the Amazon cloud is well-documented, the Internet includes all types of information.
This means you can spend a great deal of time reading AWS technical documentation,
only to find that what seems interesting might be five years old or more. There’s too much
documentation to expect to spend just a couple of evenings researching and getting right up to
speed.

My opportunity to create this technical book for understanding AWS began in April 2018 after Mark
Taber, an acquisitions editor for Pearson Education, pinged me on LinkedIn. I had written technical
books before, and Mark asked if I was interested in writing one on the topic of Amazon Web
Services. I asked, “Do people actually buy paper books?” and he replied quickly, “They sure do.”

So, I thought about it and realized that most of the customers I had consulted with over the past
few years regarding the AWS cloud were smart technical people, but they had been thrown into
a bit of a panic because they had to get ready for moving to the cloud—specifically, the Amazon
cloud. And they were looking for a starting point to ramp up their technical cloud knowledge and
become technically proficient in what was happening in AWS cloud technologies.

I had spent a few years quite involved with AWS cloud services with various clients—including a
major Canadian bank, a major American bank, and several small-to-midsize companies working
in AWS—because their developers had developed applications they were using quite successfully.
The only problem was, they weren’t in the AWS cloud.

I thought about all my customers and realized that what was missing was a foundational book on
AWS that explained how the core AWS services of compute, storage, networking, scale, security,
and automation fit together. I decided to combine a book with a number of videos that would
walk through how to set up each service. This approach would allow my customers, and hopefully
many others, to visualize how AWS could work for their company or their project.

Writing a technical book is ultimately an abundance of research and rounds of testing, breaking,
and fixing until the project comes together. To create a detailed technical overview of Amazon
Web Services and how its cloud services fit together, I decided to review all the relevant AWS
documentation of the compute, storage, networking, and managed services by following the
pattern of reading and testing; then even more reading and testing. I then added some tips
and tricks, and finally summarized this last year’s work into the technical content found in the
chapters of this book. I learned a lot about AWS that I didn’t know—that’s the great thing about
researching and writing a book!

Companion Training Videos

Learning Amazon Web Services (AWS) also has a useful learning companion—several hours of
training videos are bundled with the book that will show you how easy it is to set up the core
services at AWS and grasp the concepts of what the AWS cloud can offer.

Throughout the chapters, you’ll be invited to watch the companion video that relates to the topic
that is being covered in a particular section.
xx Preface

Watching the videos will help you get in technical shape to start deploying your company’s
applications and resources at AWS. The videos take the place of page after page of step-by-step
instructions. This reason for no detailed steps is that in the AWS cloud, the steps to perform any
task are constantly changing, so up-to date videos as a means of teaching makes more sense.
Videos can also be updated easily as changes occur.

The videos can be accessed by registering your copy of this book at www.informit.com/register.
The videos can be watched on most any device as they are formatted in a standard MP4 video
format. And, don’t forget popcorn!
About the Author
Mark Wilkins is an Electronic Engineering Technologist with a wealth of experience in
designing, deploying, and supporting software and hardware technology in the corporate and
small business world. Since 2013, Mark has focused on supporting and designing cloud service
solutions with Amazon Web Services, Microsoft Azure, and the IBM Cloud. He is certified in
Amazon Web Services (Architecture and Sys-Ops). Mark is also a Microsoft Certified Trainer (MCT)
and holds certifications in MCTS, MCSA, Server Virtualization with Windows Server Hyper-V, and
Azure Cloud Services.

Mark worked as a technical evangelist for IBM SoftLayer from 2013 through 2016 and taught
both SoftLayer Fundamentals and SoftLayer Design classes to many Fortune 500 companies
in Canada, the United States, Europe, and Australia. As course director for Global Knowledge,
Mark developed and taught many technical seminars, including Configuring Active Directory
Services, Configuring Group Policy, and Cloud and Virtualization Essentials. Mark also developed
courseware for the Microsoft Official Curriculum 2008 stream, Managing and Maintaining
Windows Server 2008 Network Services, and Active Directory Services.

Mark’s published books include Windows 2003 Registry for Dummies, Administering SMS 3.0, and
Administering Active Directory.
Acknowledgments
A book is not written by a single person; many help along the way. I’d like to thank Ashley
Neace for giving me the opportunity to develop courseware for Global Knowledge way back in
2010 about the AWS cloud, and Rick Morrow, Mark Sluga, and Ryan Dymek for providing their
expertise and knowledge over the years working together at Global Knowledge and as valuable
technical resources. Thanks also to my editors Paul Carlstroem, Kiran Panigrahi, and Mark Taber
for providing support and guidance for this project.
 1
Learning AWS

About This Book

This paper book and companion video library are focused on the Amazon Web Services (AWS)
cloud—and specifically what is called infrastructure as a service (IaaS)—to help you learn about
the cloud services Amazon offers. Services that AWS offers can be broken down into the founda-
tional services of compute, storage, networking, and security—and a big helping of automation.
A handy way to think of AWS is as a massive toolbox with a wide variety of specialized tools that
can carry out an assortment of infrastructure tasks. If you’re a system administrator, developer,
or project manager or you’ve heard about the AWS cloud and want to know more about it, this
book is designed for you as a technical baseline of AWS services, what they can do, the major
concepts, one of the major components, and how to set up the service to function. I estimate
that I reviewed more than 35,000 pages of AWS documentation and summarized all that techni-
cal detail into somewhere between 300–400 pages of AWS information. That doesn’t mean you
won’t read AWS documentation because you most definitely will; but hopefully this book and the
companion video library will catapult your indoctrination into the AWS jungle.

You may also want to get certified; however, this is not a book that is directly focused on AWS
certification. This book is instead focused on the so-called foundational services. All AWS certi-
fication tests are focused on problem-solving based on a particular scenario. Your job is to figure
out the best one or two answers; therefore, knowing the foundational services is key. If you want
to get certified on AWS cloud services, particularly on AWS architecture, you must know the
foundational AWS services inside and out. And you’ll have to spend a few hours doing hands-on
work with AWS services. If you want to develop applications that will be hosted at AWS, you will
need to know the foundational services in even more detail. And forget about learning everything
about AWS in a single book; it’s just not possible, and the reality is that AWS is constantly chang-
ing. That’s a notion you will learn to embrace.

Each chapter in this book attempts to deal with a specific concept or AWS service and provide a
strong detailed technical summary of the AWS service in question. However, there are not pages
and pages of step-by-step solutions because the steps change every couple of months. During the
writing of this book, AWS changed the design of its icons used in its technical documentation
2 Chapter 1 Learning AWS

three times. They also added 600 features and made numerous other changes, from cosmetic to
substantial.

To get around the issue of immediate obsolescence, there is a companion video library associated
with this book that shows you how to set up and install and configure many AWS cloud services.
You can access these videos by registering your book at informit.com/register.

Throughout the remainder of the chapters, you’ll be invited to watch the companion video that
relates to the topic that we are covering. The companion step-by-step videos can be changed and
updated or added to as AWS changes. The beauty of a video is that you can pause or rewind it
as you learn. Let’s begin the journey and see where we end up. This initial chapter includes the
following topics:
■ Defining the public cloud
■ Where AWS fits with IaaS and platform as a service (PaaS)
■ Characteristics of cloud computing according to NIST
■ Considerations for migrating applications to AWS
■ Operational benefits for operating in the cloud
■ The cloud service-level agreement (SLA)
■ Data, application, and network security at AWS
■ Compliance at AWS
■ AWS Well-Architected Framework

Trying to Define the Cloud

The roots of public cloud computing are not new; the public cloud providers Amazon Web
Services and Microsoft Azure have been established for well over a decade with strong IaaS and
PaaS offerings around the world. The Google Cloud Platform (GCP) and the IBM or Oracle Cloud
are other viable alternatives. Gartner’s Magic Quadrant ( www.gartner.com/en/research/
methodologies/magic-quadrants-research) in Figure 1-1 shows four types of technology provider
a company can align their goals and strategies with. In 2018, IaaS market penetration dominated
two of those categories. Under the Leaders quadrant, Amazon Web Services led in that area,
followed by Microsoft and then Google. Google also aligned closely to the Visionaries Quadrant.
Alibaba Cloud, Oracle, and IBM fell in the Niche Players quadrant.

When I started my career as a computer technician back in the 90s, most corporations that I
supported used several computer-based services that were not located on premise. Accounting
services were accessed through a fast (at the time) 1200 baud modem that was connected using
one of those green-screened digital terminals. The serial cable threaded through the drop ceiling
to connect the terminal was strong enough to pull a car.
 Trying to Define the Cloud 3

Challengers Leaders
Ability to Execute

Niche Players Visionaries

Completeness of Vision
Figure 1-1 Top public cloud providers. Gartner, Magic Quadrant for Cloud Infrastructure as a
Service, Worldwide, Dennis Smith et al., 23 May 2018. (Gartner Methodologies, Magic Quadrant,
www.gartner.com/en/research/methodologies/magic-quadrants-research)1

A customer of mine at the time was utilizing a mainframe computer for accounting hosted locally
in town. However, he couldn’t access his accounting services any time he liked; he had his allot-
ted slice of processing time every Tuesday, and that was that. Payroll services were provided by
another remote service called Automatic Data Processing, or ADP for short. Both service compa-
nies and their services are still around today. IBM is continuing to release versions of its z series
mainframe, and ADP payroll services was one of the first software as a service (SaaS) companies
but remains popular today.

In 2015, IBM bought a cloud provider based in Texas called SoftLayer and merged it into its public
cloud offering, today called the IBM Cloud. The z mainframe has ended up being hosted in the
IBM cloud providing hosted mainframe services; in April 2018, IBM announced it was launching
what it called a “skinny mainframe” for cloud computing built around the IBM z 14 mainframe.

1
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not
advise technology users to select only those vendors with the highest ratings or other designation. Gartner
research publications consist of the opinions of Gartner’s research organization and should not be construed as
statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, includ-
ing any warranties of merchantability or fitness for a particular purpose.
4 Chapter 1 Learning AWS

If you work for a bank or financial institution, IBM mainframes probably provide 50% of all your
computing services. This could be great news for companies that don’t want to have a local main-
frame environment to maintain.

Fifty years since the launch of the IBM mainframe, many companies’ mainframes are continuing
to be relevant and are now part of the public cloud landscape.

The reality is that more than 90 of the world’s largest 100 banks, the top 10 insurance companies,
a majority of the 25 largest retailers, and most of the world’s larger airlines still rely on mainframe
computers from IBM.

If you didn’t use mainframes, you probably lived through the deployment cycle of Novell
NetWare and Windows and Active Directory, and virtualization using VMware or Hyper-V. You
likely have a private cloud in your own data centers. You may be wondering why your company
is moving to the public cloud.

The reality these days is that it is expensive to build and maintain data centers. Certainly,
building a data center is going to cost millions or billions of dollars. Maintaining an existing
data center over the long term is expensive as well. Because of virtualization and the rise of
the Internet as a useful communication medium, cloud services have replaced many local data
centers and will continue to do so. Figuring out the capital costs of hosting your applications in
the public cloud instead of running them in your own data center is sometimes categorized as
renting instead of buying, as defined in Figure 1-2.

Operational expenses (OpEX) are all you pay for using cloud services. The capital expenditure
(CapEX) of building a data center does not have to be borne by a single business. Now let’s be
clear: operational expenses are still expensive. You might say to your boss, “I don’t need $800
million for data center construction, but I will need $2 million a year forever.”

CapEX = Buy

OpEX = Rent

Figure 1-2 No long-term capital expenses

The reality is that the cost of running and hosting your applications in the cloud is cheaper once
you add in every expense; however, operating in the cloud is only cheaper if your services being
hosted in the cloud are properly designed. Services and applications don’t run 24/7; they are
turned off or reduced in size when they’re not needed. A concept that you may not yet be familiar
with is automation. Public cloud providers use automated procedures to build, manage, monitor,
 Moving to AWS 5

and scale every cloud service. By the end of this book, you will understand how automation is the
secret sauce for successful cloud deployments. Automated procedures will save you money and
allow you to sleep at night.

Let’s start by defining the public cloud. The cloud is just a collection of data centers. There is no
ownership from the customer’s point of view; the cloud provider owns the services, and you rent
each service as required. You may be thinking that the cloud is all virtual resources, yet the AWS
cloud can provide you bare-metal servers. If you want, Amazon will happily host your applica-
tions and databases on bare-metal servers hosted in its data centers. Of course, more commonly,
AWS will offer you many virtual servers in well over 150 different sizes and designs. Amazon is
also quite happy to allow you to continue to operate your on-premise data centers and coexist
with cloud resources and services operating at AWS. Microsoft Azure will offer to sell you a copy
of its complete Azure cloud operating system to install on your servers in your data centers. As
you can see, it’s hard to define the public cloud these days other than as a massive collection of
compute and storage resources hosted on a network stored in the collection of data centers acces-
sible across the Internet, or by using private connections.

Anything that you host in the public cloud is using compute and storage resources to execute
your software application. And anything that used to be a hardware device, such as a router,
switch, or storage array, can be replaced by a third-party software appliance or an AWS-managed
software service composed of virtual computers, storage, and networking components. This
doesn’t mean that many companies aren’t still using hardware devices. Hardware devices such
as routers and switches have incredible speed and can operate much faster in most cases than a
software router and switch. But what happens if you can run hundreds or thousands of virtual
machines in parallel performing the function of a hardware switch or hardware router device?
Perhaps we don’t need any hardware devices at all. Most of the AWS-managed cloud services are
hosted on virtual machines (defined as EC2 instances, or Elastic Cloud Compute instances), with
massive CPU and RAM resources running in massive server farms with custom-designed applica-
tions, providing the storage arrays, networking services, load-balancing, and auto-scaling services
that we depend on at AWS.

Moving to AWS
Once the decision has been made to move to the AWS cloud, countless moving parts begin to
churn. People need to be trained, infrastructure changes must take place, developers potentially
need to code in a different way, and IT professionals must get up to speed on the cloud provider
that has been chosen; there’s no time to waste. Larger companies will usually attempt to convey
the message of what moving to the cloud means for them. It’s quite common for executives
within the company to have strong opinions about what moving to the cloud will do. Sadly,
these opinions are not usually based on technical knowledge or real hands-on experience with
the cloud provider that has been chosen. Generally, companies utilizing cloud services fall into
several mind-sets:
■ The corporate mentality—You currently have data centers, infrastructure, and virtualized
applications. Ever-increasing infrastructure and maintenance costs are driving you to look
at what options are available in the public cloud.
6 Chapter 1 Learning AWS

■ Born-in-the-cloud mentality—You’re a developer with a great idea, but you don’t want to
maintain a local data center. In fact, you don’t have a local data center, and you want to get
going as soon as possible.
■ The startup mentality—You’ve just lost your job due to a merger or buyout and are
determined to strike out on your own. Your brand-new company has no data center but
plenty of ideas combined with a distinct lack of cash.
■ The government client—You’ve been told that, to save costs, your government department
is moving to the AWS cloud within a defined timeframe.

Each of these starting mind-sets will have differing points of view as to how it should start to
migrate or design its cloud infrastructure and hosted applications. Coming from a corporate
environment or government department, you will probably expect the cloud provider to have
a detailed service-level agreement (SLA) that you can change to match your needs. You will also
probably have expectations about how much detail you expect to be provided about the cloud
provider’s infrastructure and services. In short, you expect to be in control.

If you have started with a public cloud services provider as an individual developer, or you’re
working with a startup, you will probably have no comparison with current on-premise costs;
therefore, the overall costs that you pay for using a cloud provider will be accepted for the short
term but, over time, as your experience grows, your overall cloud costs will be analyzed and
managed to be as optimized and as cheap as possible.

Note
AWS has options for developers who want to craft and deploy applications hosted at AWS.
The site https://aws.amazon.com/startups/ is where you can get further information about
how you might be able to qualify for what is called AWS Promotional Credit. There’s a possibil-
ity of getting up to $15,000 in credits over 2 years, including AWS support and training.

The reality is that moving to the cloud means you will be giving up an element of control. After
all, it’s not your data center. At AWS, you’re not getting deeper into the infrastructure stack than
the subnets that host your applications. Remember, the cloud is a data center; it’s just not your
data center. Let’s start by looking at the available public cloud computing models of IaaS and PaaS
and where AWS fits within these definitions.

Infrastructure as a Service
Most of the services AWS offers fall into the infrastructure as a service (IaaS) definition, as shown
in Figure 1-3. This is certainly the most mature cloud model offering; virtualized servers and
virtualized storage arrays are hosted on a software defined network with each customer’s infra-
structure completely isolated as a private resource. Creating resources at AWS typically starts
with the creation of what is called a virtual private cloud (VPC). Virtual servers, virtual hard drive
volumes, and indeed complete managed services and products can be hosted on your isolated
private network. You have the flexibility to create whatever architectural stack you desire at AWS
using a vast number of services and utilities contained in the IaaS toolbox. Companies moving to
 Moving to AWS 7

the AWS public cloud will typically first start with IaaS because the compute and storage services
closely mirror their current on-premise virtual environment.

Foundational
Services

EC2 VPC Elastic Simple Identity and Access

Block Store (EBS) Storage Service (S3) Management (IAM)

Amazon RDS Amazon AWS CloudTrail AWS CloudFormation AWS Trusted

CloudWatch Advisor
Management
Services

Figure 1-3 Infrastructure as a service at AWS

IaaS cloud services at AWS are bundled with managed services. A managed service is built on
the trio of compute, storage, and networking services and customized software providing some-
thing you want Amazon to manage and maintain rather than your having to do all the work. For
example, AWS offers a managed service called relational database service (RDS). It will build, host,
maintain, back up, fail over, synchronize, and monitor a pair of master/standby database servers
for you, leaving you the single task of managing your data records. Many other managed services
are available at AWS; in fact, many managed services have no additional charges to begin using.
For example, an automation service called CloudFormation allows you to automate the procedure
of building infrastructure stacks complete with the required compute, storage, networks, and load
balancers required for your application stack. In fact, practically anything to do with building,
updating, or deleting your infrastructure stacks at AWS can be automated with CloudFormation.
Another handy service called CloudTrail is provided free of charge. It tracks and records all appli-
cation programming interface (API) calls that are carried out in each of your AWS accounts for
90 days. And yes, you can configure CloudTrail to store your API calls forever in S3 storage.

Your internal applications that are running in your on-premise data centers are probably a vast
soup of proprietary operating systems (HP, AIX, Linux) and of course Windows. Talk to most
departments in a small to midsize corporate environment, and the end users typically express
unhappiness with some of the current applications that they use daily. They have learned to live
with the ongoing issues of each application. Talk to the IT administrators and developers in the
corporate data centers; there very well could be a great deal of unhappiness with the inflexibility
of the existing infrastructure that they have to use and manage.

On top of these issues, perhaps each department has its own IT infrastructure. My company once
provided compute services for a midsized hospital with 25 separate networks. Typically, in a
8 Chapter 1 Learning AWS

larger corporation, compute services can be heavily siloed between departments, or each line of
business gets to make its own decisions.

Most companies with more than 100 employees have some semblance of virtual infrastructure
for their servers typically using VMware. Virtualization was supposed to be the answer to control-
ling a company’s infrastructure costs. However, the cost for virtualization services has become
extremely expensive to host, run, and maintain. Companies now know that capital and licensing
costs are some of the biggest expenses they incur when running an ever-expanding on-premise
private cloud. Replacing VMware with AWS-hosted virtualized servers and services removes a
company’s need for hypervisor administration expertise. And the landscape of applications used
by corporations is now widely available in the public cloud as hosted applications defined as soft-
ware as a service (SaaS) applications. As a result, there is ever-growing interest at the department
level or overall company level in using the public cloud to host applications. And the reality is,
you may not have a choice. If you’re a Microsoft shop, the odds are quite strong that some of your
everyday software applications such as Exchange and Microsoft Office are hosted by Microsoft
Azure and Office 365, allowing you to completely replace some of your in-house software deploy-
ments. For more details on the compute platform at AWS, check out Chapter 4, “Compute
Services: AWS EC2 Instances.”

If your company has no experience working with external cloud providers and you are a medium-
to large-sized corporation, it’s a certainty your company will fit the private cloud model. Most
of your company’s infrastructure will be hosted within several private data centers. For example,
your primary data center may be in Philadelphia, and your second data center could be in
Nashville. (If you’re a large enough company, your data centers may be spread across multiple
continents.) The applications used will number in the hundreds or thousands. You may be lucky
enough to have centralized IT standards, but these standards have become an issue due to the
applications that multiple departments have installed or created over the years. Maybe if you’re
unlucky, one of the central applications used by your company was developed by a summer
student and plunked into production without a second thought.

At AWS, infrastructure resources are spread across the world in 20 different regions. If you are in
a large population center, the odds are that Amazon is close by. If Amazon is not close by, you
still may be able to connect into it through one of the edge locations. More details on regions,
availability zones, and edge locations can be found in Chapter 2, “Designing with AWS Global
Services.”

Platform as a Service
Platform as a service (PaaS) cloud providers enable your developers to create custom appli-
cations on a variety of popular development platforms such as Java, PHP, and Python. The
developers don’t have to manually build the infrastructure components required for each
application per se; the required infrastructure resources are defined at the beginning of the
development cycle and are created and managed by the PaaS cloud provider. After applica-
tions have been developed and tested and are ready for prime time, the application is made
available to end users using public URLs. The PaaS cloud provider will host and scale the
hosted application based on demand. As more users use the application, the infrastruc-
ture resources will scale out or in as required. PaaS environments are installed on the IaaS
resources of the PaaS cloud provider, as shown in Figure 1-4. In fact, IaaS is always behind all
“as a service” monikers. Examples of PaaS providers include Cloud Foundry and Heroku.
 Moving to AWS 9

Applications SaaS

Software Development Environment PaaS

Compute Storage
Networking
Resources Resources
IaaS

Hardware/Hypervisor

Figure 1-4 IaaS hosts the PaaS layer

Expanding upon Cloud Foundry, this PaaS solution is the foundation of development at IBM
Cloud, where the underlying infrastructure is hosted on the IBM public cloud and running a
customized version of the Cloud Foundry platform components. Developers can sign up and
focus on writing applications. All requests will be handled by the PaaS layer interfacing with the
IaaS layer, where the compute, storage, load-balancing, and scaling services operate.

Another popular solution for developing applications in the cloud is Heroku, mentioned in passing
earlier. Heroku allows you to create and run hosted applications using a variety of development
platforms. Just like the IBM cloud, once the application has been written, Heroku hosts, balances,
and auto scales the application as required and sends you a bill for hosting at the end of the month.

If you’re dealing with a PaaS provider, remember that programming languages change from time
to time; therefore, APIs change as well, and usually without warning. If your developers don’t
keep up to date, there can be issues when using a PaaS cloud development platform.

Digging into the details on the Heroku website, under “Security,” the site states that, “Heroku’s
physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize
the Amazon Web services technology.” Heroku is owned by another cloud heavyweight,
Salesforce. Salesforce indicated in 2018 that future expansion was going to be by utilizing
Amazon data center resources. Oh, what a tangled web we weave.

An additional reality is that one cloud provider’s PaaS system is not necessarily compatible with
another cloud provider’s service. Both AWS and Microsoft Azure offer similar cloud services, but
internally each cloud provider operates in a completely different fashion with a completely differ-
ent set of APIs. There is no single standard for defining just what PaaS must be. Compatibility
issues begin to reveal themselves at the lower levels of each vendor’s proposed solution. RESTful
interfaces, manifest file formats, framework configurations, external APIs, and component inte-
gration are not necessarily compatible across cloud vendors. AWS deals with platform services
using Lambda, the API Gateway, and several code deployment tools.

The applications that your company may have been developing and using internally will be
a variety of two- and three-tier architectures with many local dependencies such as network
10 Chapter 1 Learning AWS

storage, local storage, local users, and databases. The overall architecture design may have been
adequate at the beginning but now is straining to function due to the age of the hardware, the
sizing of the hardware, and the lack of any flexibility to change.

The distinct difference with on-premise design when compared to hosting applications at AWS is
that provisioning hardware and waiting for it to be set up and configured is a thing of the past. In
fact, there are many possibilities to consider when designing applications at AWS.

Your choice of language and development framework will determine the PaaS vendor you select.
Do you do a lot of development in Python? Are you a Java developer? Amazon has a PaaS solu-
tion called Elastic Beanstalk that automates the deployment of applications developed in Java,
Python, Ruby, and other development platforms on the required infrastructure components for
each application including E2 instances or Docker containers, with load-balancing, auto scaling,
and monitoring services.

Amazon has several development solutions, shown in Figure 1-5, including CodeBuild,
CodeCommit, Elastic Beanstalk, CodeDeploy. These can be key components in your applica-
tion deployment at AWS. Chapter 8, “Automating AWS Infrastructure,” covers these interesting
managed services and additional details on automating your infrastructure.

CodeBuild CodeCommit

Elastic Beanstalk CodeDeploy

Figure 1-5 Platform options at AWS

Essential Characteristics of AWS Cloud Computing

If you haven’t heard of National Institute of Standards and Technology (NIST), a branch of the
U.S. government, you’re not alone. Around 2010, NIST began documenting the public cloud.
After talking to all the major vendors, it released an initial report in June 2011 defining many
cloud components that were common across all the public cloud vendors. The report’s genius was
in defining what the emerging public cloud actually was (the command components). Over the
years, NIST’s cloud definitions have moved from definitions to becoming standards for how many
companies view working in the public cloud. According to NIST, five key definitions of the public
cloud have really morphed into a definitive standard methodology of operating in the public cloud:

On-demand self-service—We not only expect cloud service to be delivered quickly; we demand
it. All cloud providers offer a self-serve portal as AWS does, as shown in Figure 1-6. You request
a cloud service, and in seconds it’s available in your AWS account ready to configure. Gone are
the days of requesting a virtual server via email and waiting several days until it’s built. At AWS, a
virtual server can be started and operational in seconds. Procuring a software-defined network at
AWS (called a virtual private cloud) is available and operational in seconds. AWS has an expansive
 Essential Characteristics of AWS Cloud Computing 11

self-serve management console that allows you to order and configure many cloud-hosted
services in seconds in any AWS region. Any cloud service that you order from AWS is automati-
cally delivered to you through heavily automated procedures. There are no public cloud providers
that survive without a self-service portal driven by heavy-duty automation in the background.
This NIST definition is now a standard.

Figure 1-6 The AWS management portal

Broad network access—Cloud services can be accessed from almost anywhere across the globe
using the Internet. If you host applications at AWS, perhaps they are public-facing SaaS apps.
AWS also provides HTTPS endpoints to access every cloud service hosted at AWS. However, you
may not want broad network access, which is defined as public network access to your cloud
services. In fact, many companies that are moving to the AWS cloud have no interest in a publicly
accessible software solution. They want their hosted cloud services to remain private, accessible
only by their employees using private connections. Each cloud customer ultimately defines the
real meaning of broad network access. At AWS, applications can be publicly available, or, you can
stay completely private. VPN connections from your place of work to AWS are commonplace;
in fact, you can order Direct Connect and establish a private fiber connection to AWS running
at speeds up to 10 Gbps. Depending on the type of applications you’re using in the cloud, high-
speed network access is essential. We can even use, access, and administer AWS service from our
phone using AWS apps. Certainly, accessing AWS from any device is possible. For more details on
networking, check out Chapter 3, “AWS Networking Services.”

Resource Pooling—Infrastructure resources for public cloud providers are pooled together in
many data centers across the different regions of the world and are dynamically assigned on
demand. A company running an on-premise private cloud would pool its virtual machines,
12 Chapter 1 Learning AWS

memory, processing, and networking capabilities into one or two data centers, and from its own
pool offer limited compute resources. All public cloud providers have a massive pool of resources
to serve our various needs. AWS has clusters of data centers (known as AZs or availability zones),
and each AZ could have over 80,000 bare-metal servers available and online allowing custom-
ers to host their application services with a high level of resiliency and failover. Having many
available online resources also enables AWS to keep the price down. Without a massive pool of
resources, AWS would not be able to offer its cloud services on demand that are able to scale up
and down based on customer demand. Having a massive resource pool is a necessary standard
for all public cloud providers; customers do not expect to run out of resources. Take, for example,
AWS S3 storage, which is unlimited with no defined maximum limit. For more details on regions
and AZs, check out Chapter 2.

Rapid Elasticity—Elasticity in the public cloud, or scaling, is the key feature required by all hosted
cloud applications. Elasticity at AWS is utilized for both compute and storage. Because most
services and applications are built on compute and storage, applications in the AWS cloud have
the capability to automatically scale, as shown in Figure 1-7. And elasticity, or scaling, is only
useful if it’s automated based on demand. Turning off a virtual server, adding RAM, and turning
it back on is not the elasticity that we are interested in; we want horizontal scale—that is, more
application servers—not just a bigger server. Real-time monitoring of a hosted cloud application
at AWS allows us to react almost instantaneously before the application’s performance is close to
degrading. With EC2 Auto Scaling in the background, additional computer resources are auto-
matically ordered and delivered to the application server’s cluster, maintaining the application’s
performance. Rapid elasticity based on demand is only possible with real-time monitoring driving
automated scale. This is why the public cloud is so popular; with a massive pool of available cloud
resources and the ability to automatically scale applications out and in based on demand, at AWS
anybody can easily scale application stacks up and down. For more details on deploying scale and
elasticity with EC2 Auto Scale, check out Chapter 5, “Planning for Scale and Resiliency.”

Application Capacity
User Demand
Resource

Time

Figure 1-7 Applications can scale based on demand in the public cloud

Measured Service—In the cloud, you are only billed for what you use; that’s defined as a
measured service. Cloud providers make their money by charging for everything that you use
 Essential Characteristics of AWS Cloud Computing 13

in their data centers, including data transfer costs. Packet flow inbound to the public cloud is
usually free; outbound packet flow, or traffic between subnets hosted in different data centers, is
usually charged an outbound data transfer fee. Charges are per second, or per minute in the case
of computer services like AWS EC2 compute instances, or they are per gigabyte per month in the
case of storage services like S3 or virtual hard drives, which at AWS are called elastic block storage
(EBS). AWS charges can be broken down into compute, storage, and data transfer charges. If an
AWS service is on, the meter is running. Cost management is one of your most important jobs
when operating in the cloud. AWS has many useful tools to help you control your costs, includ-
ing the AWS Simple Pricing Calculator, AWS Budgets, and the Cost Explorer, as shown in Figure 1-8.
You can find details on these features in Chapter 2. Being billed for consuming cloud services is a
reality that we are all used to. What you also may have to get used to is exactly how you are being
billed. Again, you must understand and carefully monitor compute, storage, and data transfer
costs. For example, you can order a load balancer at AWS for $30 per month. However, there is
an additional charge to be aware of: all the data packets transferred through the load balancer are
charged, and that by itself can be a hefty price.

Figure 1-8 AWS Budgets and Cost Explorer track and alert when costs are over budget
14 Chapter 1 Learning AWS

Operational Benefits of AWS

Operating in the public cloud has certain benefits. Unlimited access to servers and storage and
many management services may make it easier than you expected to operate in the cloud. Table 1-1
summarizes the managed services at AWS that may be able to replace or complement your exist-
ing on-premise services and procedures.

Servers—Underutilized servers in your data center are expensive to run and maintain. Moving
applications to the public cloud will reduce the size of your on-premise data center. Because you
no longer host as many physical servers, your total hosting costs (heating, cooling, and so on)
will be lower as well. You also won’t have to pay for as many software licenses at the processer
level because you’re not responsible for running hypervisor services; that’s Amazon’s job. You
may think that moving to the AWS cloud means virtualized resources and only virtualization.
However, at AWS, you can get a variety of compute options with virtualization of any size and
scale, from a single-core CPU with 512MB of RAM to hundreds of CPU cores and terabytes of
RAM. You can also order a bare-metal server and do whatever you want with it. You can find
further details on compute options in Chapter 4.

Storage—Using cloud storage has huge benefits due to the unlimited amount of storage promised
by cloud providers. Amazon has many options for storage that are similar, but not exactly the
same as your on-premise solutions. For storage area network solutions, Amazon has shareable file
solutions: the elastic file system (EFS) for Linux workloads, and FSx, a shared file service specifi-
cally for Windows File Server workloads. Virtual hard disks are available using EBS. Unlimited
storage, and longer-term archive storage, is provided by S3 and S3 Glacier. Details on all the
storage options at AWS can be found in Chapter 6, “Cloud Storage.”

Managed services—AWS has a variety of managed services, as shown in Table 1-1, that may be
able to replace or complement your existing services and utilities currently used on-premise once
you move to the AWS cloud.

Table 1-1 Managed Services at AWS

IT Operations On-Premise AWS Cloud
Monitoring Nagios, SolarWinds. CloudWatch monitoring providing metrics for every
AWS service. All monitoring and logging data can be
stored in S3. All third-party monitoring solutions can
access S3 to perform their own custom analysis of
log data.
Data backup Backup tools such Any third-party vendor that wants to stay in business
as Commvault and will be supporting AWS; both Veritas and Commvault
NetBackup. have AWS solutions. AWS Storage Gateway can also
be installed to cache required content locally, while
backing up local disk volumes to an S3 bucket.
Backups can be snapshots of local virtual hard disks,
or data files from specific volumes can be targeted.
 Cloud Provider Limitations 15

IT Operations On-Premise AWS Cloud

Scale Add additional virtual Scale horizontally by placing multiple virtual machines
machines or increase/ (instances) behind a load balancer and add auto-
decrease the size of mated scaling based on demand to increase and
each virtual machine’s decrease the required amount of compute power
RAM and CPU cores. using EC2 Auto Scaling.
Testing Provisioning hardware Provisioning resources for short-term testing at AWS
for testing is expensive. is incredibly inexpensive. Signing up for the AWS
free tier allows you to test a variety of AWS services
for one year completely free.
Identity Active Directory Domain Extend on-premise Active Directory to the AWS cloud
management Services for accessing with hosted Directory Services. Utilize AWS single
corporate resources. sign-on services (SSO) for managing access to popu-
lar business applications that third-party cloud provid-
ers are hosting.

Cloud Provider Limitations

Each cloud provider has a published SLA that specifies what services are provided and at what
specific operational level. All public cloud providers make promises about how they will handle
security, compliance, and overall operations and how their methodology will be contained in
the cloud provider’s SLA. The challenge is to live up to that agreement. In the SLA, there will be
details about acceptable outage time and the responsibility of the cloud provider when outages
occur. There also will be statements about not being responsible for events outside the cloud
provider’s control. Another common term typically used in the SLA is “best effort” or “commer-
cially reasonable effort.”

Regardless of the cloud model, the cloud provider is responsible for overall service operation and
deployment, service orchestration, the overall management of the cloud, the security of the cloud
components, and maintenance of customer privacy. The responsibility of how each customer, the
cloud consumer, is to carry out business with the cloud provider will also be described in some
detail in the SLA. Each cloud consumer must fully understand what each cloud service offered
provides; this is exactly what the cloud service will and will not do.

The reality is that every public cloud provider will not have an SLA that you will like, and the
stark reality is that their best effort is the best they can do. This might seem a little harsh, but it’s
reality; according to AWS, “everything fails all the time.” What happens when a key component
of your application hosted in the AWS cloud fails? Is it a disaster, or is it manageable? Is it accept-
able to expect AWS failures from time to time? It’s a reality; AWS is 100% right; everything fails.

Operating in the public cloud means that you must design your hosted application to be able to
continue operating even if compute and storage failures occur. That’s our responsibility.

All public cloud providers really have the same SLA; here it is, summarized in nine short words:
“we are sorry; we will give you a credit.” This SLA summary applies to every public cloud provider.
Here’s another reality check; if you’re down, you will have to prove that you were actually down
by providing network traces and appropriate documentation that leaves no doubt that you were
down because of an AWS cloud issue.
16 Chapter 1 Learning AWS

Oh, and here’s another small detail to be aware of: if you didn’t build redundancy into your appli-
cation design, don’t bother calling for a credit. Application designs that have a single instance
hosting the application with no failover or high-availability design parameters have no SLA. AWS
expects you to be serious about your application design; we need to understand and use the tools
in the AWS toolbox to ensure that your SLA for availability and performance is achieved.

Not every service at AWS even has a defined SLA; there are more than 100 services and only 8
defined SLAs. Remember: all managed services—in fact, all services—are built from the resources
found in Table 1-2.

Table 1-2 SLAs at AWS

AWS Service SLA Summary
CloudFront 99.9% during any monthly billing cycle
DynamoDB Monthly uptime percentage of 99.999% for global tables, or 99.99%
for regular tables
EC2 instances (includes Monthly uptime percentage of at least 99.99%
elastic container service
[ECS] and EBS volumes)
RDS databases Monthly uptime percentage of at least 99.95% for multi-AZ
instances
Route 53 DNS service Commercially reasonable efforts to make Route 53 100% available
during a monthly billing cycle
S3; S3 Glacier object The number of errors calculated during each 5-minute period
storage subtracted from 100%
Lambda functions Monthly uptime percentage of 99.95% during any monthly billing
cycle
AWS Shield (Advanced) Any failure of service commitments provided by CloudFront or Route
53 when being protected by AWS Shield Advanced distributed denial
of service (DDoS) protection

Data Security at AWS

We can lose many things while operating in the cloud: instances fail, EBS volumes crash, services
stop working. But you can’t go to your boss and say we’ve lost some data.

Data security—The reality is that your data is more secure and durable stored in the public
cloud. At AWS, except for S3 Glacier archive storage, which is automatically encrypted, all other
storage mediums at AWS are unencrypted by default. However, EBS volumes—both boot and data
volumes—can be encrypted at rest and at transit using either customer master keys provided by
AWS or keys provided by the customer. Shared storage services such as EFS can also be encrypted
at rest, as can DynamoDB tables. S3 buckets can be encrypted with keys provided by AWS or
supplied by customers, as shown in Figure 1-9. Data durability provides security of a different
nature; all data stored in the cloud is stored in multiple locations; EBS volumes are replicated
 Data Security at AWS 17

within the data center where they reside. S3 objects are replicated across three separate locations
within the selected AWS region, producing a high level of durability. Amazon’s level of S3 dura-
bility is humorously defined like this: for every 1,000 objects stored in an S3 bucket, you will lose
one of those objects every 10 million years. We cannot possibly duplicate this level of durability
and security on-premise.

Figure 1-9 S3 buckets can be encrypted using AES-256 or AWS-KMS managed keys

Data privacy—AWS does not have data storage isolated for individual customers; all storage
arrays at AWS are multitenant in design. This is pretty much the default for all public cloud
providers. Amazon’s job is to make sure your stored data records are isolated per AWS account.

Data control—Customers are in full control of storing and retrieving their data stored in AWS.
All data storage at AWS starts as private, and except for S3 buckets that are changed allowing
public access, storage remains private and is not directly accessible from the outside world.
Customers can choose to make S3 buckets public; it’s the customer’s responsibility to define the
security and accessibility of all data records stored in AWS.

Security controls—As previously mentioned, all data records can be encrypted at AWS. Resource
policies defining the precise level of security and access can be directly attached to resources such
as S3 buckets or EFS shared storage and can be defined by the identity and access management
(IAM) user and group security policy using the IAM service.

IAM identity and trust policies can be defined at a granular level controlling access by users and
roles to all resources at AWS, including any storage medium. Chapter 7, “Security Services,”
provides details on IAM.

You can enable multifactor authentication as an additional security control on S3 buckets to

control when deletion of data records is performed.
18 Chapter 1 Learning AWS

Network Security at AWS

At AWS, networking is managed at the subnet level, and all subnets are created as a private subnet
with no access to the outside world. Subnets reside on your private networks, which are called
a virtual private cloud (VPC) at AWS. Only by adding a gateway service to a VPC will subnets
be able to be accessed from either the Internet or a private VPN connection from an on-premise
network. Chapter 3 has the details on networking at AWS.

It’s important to note that public and private connectivity choices are decisions that are always
carried out by each customer; not AWS.
■ Each subnet’s ingress and egress traffic can be controlled by a subnet firewall called
Network ACLs that define separate stateless rules for both inbound and outbound
packet flow.
■ Each EC2 instance hosted on a subnet is further protected by an additional firewall called a
security group, which defines what traffic is allowed into the instance and where outbound
traffic is directed.

VPC flow logs can be enabled to capture network traffic for the entire VPC, a single subnet, or a
network interface.

Application Security at AWS

Both Web and application servers hosted at AWS should always be located on private subnets.
Private subnets are not directly accessible from the Internet. You may be wondering how to access
what was supposed to be a public-facing application with no direct public access. The solution to
this question is the absolute best practice to follow at AWS: for Web servers that customers across
the Internet access, placing the load balancer on a public subnet, in front of the Web servers,
provides the correct design solution. Customers requesting access to the application will be
directed by DNS to the DNS name of the load balancer. The load balancer directs incoming traffic
from the public subnet to the targeted Web servers hosted in the private subnets.

One load balancer type offered by AWS is the Application Load Balancer, which can perform
authentication and SSL offload services. The end-to-end traffic pattern for a three-tier Web appli-
cation can be designed using many encryption/decryption points, as shown in Figure 1-10 on its
path from source to destination:
■ Web application firewall—A custom traffic filter in front of the Application Load Balancer
protecting against malicious traffic.
■ Elastic Load Balancer (ELB)—Accepts only encrypted HTTPS traffic on port 443; provides
secure sockets layer/transport layer security (SSL/TLS) decryption and, optionally, user
authentication.
■ EC2 instance hosting Web application—EBS boot and data drives can be encrypted.
■ EC2 instance hosting application server—EBS boot and data drives can be encrypted.
■ Database server—EBS boot and data drives and data community can be encrypted, or
Dynamo DB tables can be encrypted.
 Compliance in the AWS Cloud 19

AWS Cloud

Web
eb App
p
Filtering
rule
Database
Elastic Elastic
Load Load
Balancing Balancing
AWS WAF (ELB) (ELB)

Figure 1-10 Encrypted traffic flow at AWS

Compliance in the AWS Cloud

As a worldwide public cloud provider, AWS operates in many different countries and is subject to
a variety of rules and regulations enforced by governments and compliance standards. Depending
on the type of business that you operate, there are possibly many different levels of compliance
you will have to adhere to when operating in the AWS cloud. Financial, health, and government
institutions have strict rules and regulations that must be followed by their clients. In addition,
your own company may have specific internal rules and regulations they want to follow.

Many countries in the world are enacting laws, regulations, and mandates in serious attempts
to protect the privacy of personal data and the security of corporate information and computer
systems. The new data protection laws place the burden of protection and security on the custodian
of that data; that is where the data is stored when the data is transferred from source to destination.

The cloud providers have contractual obligations to ensure that when organizations have data
records hosted in their cloud, they can adhere to the promises and commitments made in the
SLA. Some of the most common compliance regulations that AWS has been successfully audited
against include the compliance standards listed in Table 1-3.

Table 1-3 AWS Supports Many Compliance Standards

Abbreviation Scope of Operation Purpose of Protection Legal Status
HIPPA Healthcare Personal information Law
GLBA Financial industry Personal information Law
SOX Publicly traded companies Shareholder Law
PCI DSS Payment card industry Fraud Industry regulation
GDPR EU Personal information Law
20 Chapter 1 Learning AWS

Health Insurance Portability and Accountability Act—Secures the privacy of individual health
information records in the United States.

Gramm-Leachy-Billy Act—Mandates protection of customer information by financial

industries.

Sarbanes-Oxley—Ensures the integrity of financial operations of publicly traded companies.

PCI DSS—Ensures the processing integrity of credit card data or authentication data.

GDPR—Protects privacy and personal data for all citizens of the EU. Amazon has a decent compli-
ance page at https://aws.amazon.com/compliance/, which has details about all the AWS certifica-
tions and attestations that it has achieved or supports. If you are bound by a specific compliance
standard, one of your first steps should be to review the AWS services that are available for each
compliance standard, as shown in Figure 1-11.

Figure 1-11 Check the AWS compliance page to see what services are supported

Playing in the AWS Sandbox

AWS makes it easy to “try before you buy,” frequently doling out promotional credits to develop-
ers. Even if you are not a developer, every new AWS customer gets limited access to nearly every
AWS service for free (Amazon calls this the “free tier”) during the first year. This is a great way to
experiment with AWS. The only thing you must provide is a credit card that won’t be charged
unless you choose to use resources that the free tier doesn’t cover. After the first year has passed,
you’ll start accruing charges for every service you use; any AWS resources that you built during
the first year remain in your account but start accruing charges.
 Compliance in the AWS Cloud 21

In addition, AWS has several free hands-on labs. You can sign up for QwikLabs at https://run.
qwiklabs.com/home?locale=en and carry out a variety of AWS tasks in the AWS cloud.

Figure 1-12 illustrates some of the learnig and labs that are available from QwikLabs.

QwikLabs Topics

Introduction to Amazon EC2 Instances

S3 Storage Backup with Cross-Region Replication

Managing RDS Deployments

Security, Backup, and Recovery

Figure 1-12 QwikLabs has more than 20 completely free labs for AWS services

Running experiments, and performing labs raises additional questions that will help further your
AWS cloud knowledge and experience.

MAKE SURE TO WATCH THE COMPANION VIDEO “SIGNING UP FOR AWD FREE TIER.”

To access the companion videos, register your book at informit.com/register.

What’s the Problem That Needs to Be Solved?

Typical large organizations run hundreds or thousands of applications on thousands of virtual
servers. Which applications can be moved to AWS? What should be prioritized?

Start with low value/low risk—It’s quite popular to suggest a starting point of high value
and low risk when choosing your first application to move to the AWS cloud. Here’s a reality
check: it’s probably going to take you 6 months or longer to move your application to the cloud.
Choosing an application with low value provides a valuable timeline to do some additional plan-
ning and analysis before finalizing your application in its working form at AWS. I’ve seen many
companies make the pronouncement that applications will be moving to the cloud quickly. It
rarely happens successfully because there are so many things to learn and consider. Start with low
value. Take your time, and select a working application that has been running successfully for a
good time period. Then you can document your lessons learned and what to do differently the
next time. The second and third application moved to the cloud generally will be much faster
than the first application due to the lessons learned and experience gained.
22 Chapter 1 Learning AWS

Create a brand-new application first—The advantage of creating a completely new application

at AWS means you are not constrained by anything, such as the type of database that must be
used, the type of programming language that must be used, or the type of compute that must be
used. Starting anew at AWS allows you to try out some of the new methods to host applications
such as serviceless computing, create a mobile application using stateless components, or use
DynamoDB instead of SQL. This is where the real learning about what the AWS cloud can do for
you will really appear.

Try to solve a single problem—Do you need additional storage? Perhaps that’s a great starting
point for your adventure in the cloud. Archiving files in S3 Glacier could be as simple as ordering
a Snowball device, connecting it up to your network, filling up with files you’d like to archive,
and shipping it back to AWS. This is an excellent first project to start working with AWS support,
archiving records, and saving your company money.

Define a value proposition—Ideally, the move to AWS is long term and successful. Thousands
of companies have been successful moving to AWS; you, too, can be successful. Start off with a
defined value proposition that can be validated quickly, in a matter of months rather than years.
For developing applications, you could sign up for AWS Cloud9, a cloud-hosted IDE that supports
more than 40 programming languages, as shown in Figure 1-13. Armed with a browser, you can
try your hand at developing applications at AWS.

Figure 1-13 Cloud9 IDE at AWS

Access to data records—The number-one problem with larger companies when starting to work
with cloud providers is working through the internal politics to allow access to data from the
Another Random Scribd Document
with Unrelated Content
tea upon it, and expected that it had turned his
stomach. They started off to work, and on the way
Merritt complained of being very thirsty, and went
into a public-house and had some rum-and-water
before they separated for their respective jobs. He
seems, however, to have soon returned home unwell,
as between ten and eleven a neighbour (Mrs. Gillett),
who lived next door, who had been previously called
in by eight o’clock in the morning, saw the deceased
in his house very ill, and the prisoner emptying some
thick gruel into a basin from a saucepan, and pouring
water on it. The gruel had been made from oatmeal
fetched from a corn-chandler’s by the witness’s son,
at the prisoner’s request, who had given as a reason
for making it that her husband had returned so very
thirsty. This gruel the deceased was seen eating at a
quarter past eleven, and very soon after vomiting.
However, at one o’clock, Merritt went out again to
work with his comrade, but soon after felt so sick
and ill that he asked his friend to do his work for
him, and returned home. When his friend returned to
Merritt’s house with his tools, between five and six in
the evening, the prisoner told him to go upstairs and
see “Jem,” as he was very ill, and wanted to see him.
This witness went up to the deceased’s bedroom,
followed by the prisoner, and found Merritt in bed
complaining of being very sick, feeling cramp in his
limbs; at which the deceased said, “he did not
wonder, as what with the weather and the work they
had to do, it was enough to kill a horse.” No more
was seen of the parties until half-past nine at night,
when Mrs. Gillett was again called in by the prisoner,
and found the husband in bed retching violently, and
complaining of a burning pain in his chest and
stomach. Between ten and eleven Mr. Toulmin, the
doctor, was called in, and at half-past twelve the
husband died.[126]

MEDICAL AND ANALYTICAL EVIDENCE.

Mr. Toulmin, a general practitioner at Clapton,

was first examined. He was called in between ten
and eleven on the Thursday night, and found the
deceased in bed sick, complaining greatly of pain in
his stomach and cramps in his legs, his pulse very
weak, and his skin below the natural temperature; he
prescribed for him, and left. Subsequently he made a
post-mortem examination of the body on the 28th,
by the coroner’s order, with the assistance of Mr.
Welch, a neighbouring surgeon, to which the
prisoner at first objected. When the stomach was
opened, it contained a thickish matter slightly pink,
which was poured into a stoppered bottle and sent
with the stomach to Dr. Letheby for analysis. On its
coats there were red spots, such as are observed in
persons who have died of irritant poison.
Dr. Henry Letheby, professor of chemistry at the
London Hospital, to whom the stomach and its
contents had been forwarded, gave the following
evidence, which, in consequence of the dispute
which subsequently arose on his statement as to the
time at which the fatal dose was taken, is given in
full:—
“I first experimented,” said the witness, “on the contents
of the bottle (the fluid found in the stomach), and detected
8½ grains of white arsenic. By one course of experiments I
reproduced the arsenic in a metallic form—it is in this tube
(produced). The earthen jar contained part of a human
stomach. I noticed a peculiar appearance in it, which I have
noticed in cases of poisoning by arsenic—there was a small
portion of whitish powder adhering to the lining of the
stomach, too small a quantity to enable me to ascertain what
it consisted of. I then examined the intestines that were in
the jar; I subjected them to a chemical analysis, and the
result was the detection of a very small quantity of arsenic.
There was also in the jar a part of a human liver. I subjected
about a quarter of a pound of it to experiment, and obtained
a quantity of metallic arsenic (produced); it was too minute a
quantity to weigh. That in the stomach was the only quantity
I weighed; that would be sufficient to cause death. I had the
opportunity of witnessing a case where 2½ grains killed; the
general quantity would be 8 grains; I look upon that as an
average dose. It would generally be fatal. Vomiting is almost
invariably the consequence of arsenic introduced into the
stomach. A person attacked by that would be likely to throw
up a portion of the arsenic. Looking at the quantity I found,
and the parts in which I found it, in my judgment the arsenic
I found had been taken not more than two or three hours
before death, but that is a matter of opinion; a dose might
have been given before. It would depend upon many
circumstances how soon it would find its way into the liver.”
Cross-examined.—Question.—“About two grains of arsenic
you say would cause death; do you mean taken together?”
Answer.—“Yes, or less; 2½ grains have done so. I know
nothing of this transaction but from the examination. I found
a very small portion in the liver, perhaps one tenth of a grain
in a quarter of a pound. A liver weighs about 5 pounds, and
supposing the arsenic to be equally diffused, there would be
twenty times that quantity—equal to 2 grains. My observation
with reference to the time it had been taken was in reference
both to the stomach and the liver.”
Question.—“Are the data at all safe?”
Answer.—“Yes; I will tell you why. I found in the stomach
8½ grains of arsenic, and there was not much in the
intestines. I conclude, therefore, that there had not been time
for it to have passed into the intestines, which would have
been the case if it had been taken long before death. But
there was only a trace in the intestines, so I conclude that it
was taken a very short time before death. That furnishes
datum to me to form a judgment on the subject of hours.
Food remains five hours before it passes into the intestines. I
am able to say that the contents of the stomach pass into the
intestines in four, eight, or ten hours, from experiments I
have performed on living subjects. I have not the least doubt.
I saw the intestines; they were in the jar. They did not appear
to have been influenced by arsenic; they were slightly red,
and there were traces of arsenic. I have reduced something
that was in the intestines into a metallic state. I experimented
on it, and found it was arsenic. It was destroyed in the
experiment to which I was obliged to submit it to prove it was
arsenic. It was not likely that I should find it in the liver
 without some being in the intestines. The time would not
depend on the constitution of the person. Digestion depends
upon the constitution, but I am speaking of the average.
Digestion is more or less rapid according to the constitution of
the person who has received the subject matter. I have heard
of cases in which matters which would not digest have
remained three or four days, but those were solid matters. I
think liquids pass into the stomach (intestines?) under all
circumstances in five hours as (after?) they are imbibed.
There is a valve which prevents solid matters from passing
into the stomach till they are digested. The arsenic was in a
liquid state, all except a little white powder on the side of the
stomach. I am obliged to have recourse to an average to form
an opinion as to how long it would take. We have no means
of dealing with an independent case except by an average.”
By Mr. Bodkin, Q.C.—Question.—“What did the contents of
the stomach look like?”
Answer.—“Thick gruel. They were filtered, and I examined
the filtered portion, and my opinion is that the arsenic had
been taken two or three hours.”[127]

PURCHASE OF POISON BY THE PRISONER.

This was proved by the son of a chemist of the

name of Brown, of whom the prisoner purchased two
pennyworths of arsenic on the 19th of January,
which, at her request, he enclosed in two separate
papers, each marked “poison,” as she said that one
of them was for her sister who lived some distance
off. The papers had something of the appearance of
those of effervescing powders.
 CONDUCT AND STATEMENTS OF THE PRISONER.

Mrs. Gillett gave some remarkable evidence as to

the statements and conduct of the prisoner during
the night of her husband’s fatal illness and after his
death.
“When the prisoner called me in a little after nine in the
evening, I found her husband in bed retching violently, and I
gave him water half-a-dozen times, and then went for Dr.
Toulmin. At five o’clock that day the prisoner said she was
going for the doctor, to tell him to send her husband
something for the bile, but that he did not want her to do so.
A second time during the evening she told me she wanted to
do this, and that he would not let her, and that she had
applied to a neighbouring doctor, but that he had refused to
come, and only sent some pills. After her husband died she
said, ‘How true were Dr. Toulmin’s words,’ that, ‘when her
husband once took to his bed, he would go off like the snuff
of a candle.’” [Dr. Toulmin had no recollection of ever having
made such a statement.] “Next day the secretary of the
Benefit Society to which her husband belonged called and
had some conversation with her. Before that she had spoken
to me about the Benefit Society, and said if her husband died
she should have the full benefit of it. On the day of the post-
mortem she asked me if I had asked Dr. Toulmin what was
the cause of death, and I said, from what I heard, it was
poison; when she said, ‘Do you think I am guilty?’ I replied, ‘I
do not doubt you.’ Then she walked about in an agitated
manner and appeared distressed. On the day of the inquest
she said to me, ‘You know, Mrs. Gillett, that Annie (her little
girl) ate the rest of the gruel.’ I said ‘Don’t say so; I did not
see any of you eat it.’ She said, ‘If I did not Ashby did, and he
ought to be the first witness’ (Ashby said he did not see the
 deceased or anyone eat it). On the day of the adjourned
inquest she asked me if poison had been found, and when I
said ‘Yes’ she said ‘I am innocent; he was a good husband,
and it is not likely I should do such a thing. Dear creature; if
that is the case he has done it with his own hands.’ I replied
‘It is not likely, as he purchased a new pair of boots the
morning before his death.’ Whilst we were talking Andrews,
the summoning officer, came in, and she said to him ‘Mrs.
Gillett knows that I ate the rest of the gruel,’ and I replied ‘I
know nothing about it, or who ate it.’[128] On the 31st of
January in her house she said to me ‘Do you think if I had
any hand in his death I should not have let him live to to-day
and then have received the full benefit from the society.’”[129]
On cross-examination the witness protested that she had
repeated these conversations before, and was almost certain
she had done so before the coroner and the magistrate.
When she said ‘I did not doubt her,’ she meant that she had
not the slightest suspicion of her guilt. The witness had
introduced the subject of the burial club. The prisoner was
kind and affectionate to her husband, and attentive during his
illness, and much distressed. The witness had heard the
deceased complain of the difficulties into which his wife had
plunged him, and on the Monday before he was taken ill they
had quarrelled.

Other statements of a most unfavourable

character were improperly extracted from her by
Coward, the inspector of police. As the Lord Chief
Baron said, with well-deserved reproof, he had
evidently prepared a proceeding, and framed certain
questions, which would enable him to observe the
demeanour of the prisoner when she was confronted
with a witness ready in attendance, in order to give
his own view of her conduct afterwards to the jury.
“I,” said this witness, “saw the prisoner on the 2nd of
February in her house, and told her I had come to ask a few
questions, which she might answer or not as she pleased, but
that it would be my duty to repeat her answers to the
magistrate; that I should like to have some women present to
hear, and accordingly sent for two of her neighbours, and
when they had come I asked her ‘Did she know of any arsenic
being in the house?’ ‘No.’ ‘Did her husband use it in his
business?’ ‘No.’ ‘Had she purchased any lately?’ ‘No.’ Brown
was then brought in, and she turned pale and agitated. I told
her Brown had told me she had, and she said ‘That was true,
and she would tell me what for.’ On the way to the police
court she said ‘she purchased it for herself, but thought better
of it afterwards.’ I asked her what had become of it
afterwards, and she said ‘she had emptied it into one paper.’
She then changed the conversation, and said that her
husband was very fond of soda and acid powders, and that a
woman had told her that he had said he was very troubled in
his mind, and did not know whether he should not jump into
the river or Clapton pond.”
On cross-examination he excused the presence of the
women, on the ground that he wanted to see if Brown could
identify the prisoner; that she wanted to say more but that he
stopt her, and told her to tell the magistrate.

Of this last statement of the inspector, the Lord

Chief Baron added in his charge—
“That it appeared to him to be a piece of hypocrisy, which
accorded with all the rest of his conduct. He wished it to go
forth to the public, and that the police themselves should
 understand, that such proceedings savoured of an excess of
zeal which was perfectly unjustifiable, and which ought not to
be looked on in any other light than discreditable.”

To Clarke, a police constable, she said, whilst in

custody, that “she supposed she should be hung—
they had told so many lies about it—she bought the
arsenic for her husband.” To the female searcher at
the police-station she said that she did not know on
what charge she was brought there; and then, when
told it, added, “I know he was poisoned, but not by
whom.” And when told that Mrs. Gillett was the
principal witness against her, declared that she was
forsworn. On the second examination at the police-
court, she told the gaoler that “she wished the
magistrate to know something about the case. All
she had said was true, except as to not buying the
poison. She had placed it in the same cupboard with
her husband’s powders after taking off the papers
marked ‘poison.’ If he had taken it, it must have been
by mistake, and she threw the remainder of the
poison and all his powders into the fire. She intended
to have taken it herself if he went on as he had
done.”

THE PRISONER’S STATEMENT.

“I have nothing to say except that I never intended my
husband to take the poison. When I bought it I intended to
 take it myself, if he had come home as he had done several
times before. I could not live with him had he gone on so. I
thought no more of it till the Sunday, when I thought he
might have taken it instead of the soda, and then I burnt it.
What I said about hanging was this—‘If I am to be hanged
this moment I am innocent of anything to my husband.’ I
have nothing more to say.”

Mr. Clarkson, for the defence, after alluding to the

difficulties under which he laboured in consequence
of the prisoner not having made any preparations for
her defence, and the brief having only been handed
to him as the case was opened, attacked the
evidence of Coward in language which the Lord Chief
Baron entirely adopted, and asked the jury to dismiss
it from their consideration. He also characterised the
declarations of the prisoner as told by witnesses
clearly unfavourable to her. “With regard to the
testimony of Dr. Letheby, if they relied on it, it would
be necessary,” he said, “to come to the conclusion
that the prisoner had continued administering poison
to the deceased during the whole of the day—as it
was proved that he was ill as early as eight in the
morning. But he asked the jury if her conduct would
justify such a conclusion. Her story might be true,
and if the deceased took the poison through her
culpable negligence in putting it in the cupboard with
his soda powders, the offence would not be murder,
but manslaughter.”
 The strong remarks of the Lord Chief Baron on
the conduct and evidence of Coward have already
been given, and as the remainder of his charge
consisted only of an analysis of the evidence, and its
application to the different points of the case, it is
needless to report it. As was characteristic of this
kind judge, every point that could be made in favour
of the prisoner was brought clearly out in his able
charge. After a brief deliberation, a verdict of guilty,
coupled with a recommendation to mercy on account
of her previously good character, was returned, and
sentence of death was pronounced by the learned
judge.
A medical man of large experience, who was
present during the trial, was so astonished at the
statement of Dr. Letheby as to the time when the
arsenic had been administered, that he
communicated with the sheriffs, who brought the
case before Sir George Grey, by whom it was
referred to Sir Benjamin Brodie, Dr. Billing, Dr.
Leeson, and other medical men of repute. These, it
was understood, agreed that the time of
administration could not be fixed. On this, at the
urgent request of Dr. Pereira, Dr. Letheby wrote to
the Home Secretary that it was his duty to admit that
it was within the range of possibility—nay, even
probable—that the arsenic might have been taken,
as the woman asserted, early in the morning of her
husband’s death, and in consequence the capital
sentence was commuted for one of penal servitude
for life. This case was used by Mr. Bright in his
speech in the House of Commons in favour of the
abolition of capital punishments, as a strong example
of their danger.
How much more satisfactory would it have been
could a court of appeal have reheard such a case
instead of its being left to the Home Secretary’s
judgment of evidence known only to himself.[130]
 CHAPTER VII.

ARSENIC.

The element (arsenicum)—The oxide (white arsenic)—Arsenicum—

Arsenicum trioxide. Forms of: (1) Crystalline—(2) Amorphous—
Solubility. Uses and occurrences: (1) Steeping wheat—(2)
Preservation of skins—(3) Antiseptics—(4) Glass making—(5) Fur
in boilers—(6) Candles—(7) Preservation of wood—(8) Sheep
washes—(9) Scheele’s green and emerald green as pigments in
sweets (case of Franklin and Randall), wall papers, toys, &c.—(10)
Medicinal—(11) For horses—(12) Tooth-stopping—(13) Aniline
dyes—(14) Fireworks—(15) Rat and fly poisons (case of Maria
Gage)—(16) For cleansing metals—(17) Arsenic eaters—(18)
Cosmetics—(19) For bronzing metals—(20) Beer brewed from
glucose—(21) American paper collars—(22) Speculum metal—(23)
Inhalation for asthma and bronchitis—(24) Mineral waters.
Sulphides of Arsenic: (1) Orpiment (case of M. A. Burdock)—(2)
Realgar. Arsenic acid—The arsenates—Arsenic trichloride—
Arseniuretted hydrogen—Methods of extraction—Tests—
Modifications of old processes suggested—Marsh’s test, distinction
of results in arsenic and antimony—Reinsch’s test—Doses—
Antidotes—Physiological effects—Remarks—Did L’Angelier commit
suicide?
 The name “arsenic” is applied to two things: in
chemistry it means the element As; in popular usage
it signifies the oxide As2O3. In our report, the
element will be called arsenicum, the oxide simply
“arsenic” or “white arsenic.”

ARSENICUM,

Symbol As, is an element of steely metallic lustre,

tarnishing to dull dark grey, met with in crystalline
(rhombohedral) fragments, so brittle that they can
be easily reduced to a dark grey powder, insoluble in
water, but slowly absorbing oxygen and dissolving,
insoluble in pure hydrochloric and in vegetal acids,
and in alcohol, soluble (by oxidation) in strong
sulphuric and in nitric acid, in chlorine, in solution of
bleaching powder. Tasteless, and inodorous until
heated, when it sublimes, without melting, at 110°
C. (Guy), and gives a strong odour of garlic. Sp. gr.
5·8. The characters of the metal are utilized in
Marsh’s and other tests, hereafter described. Heated
in air, it oxidizes to white fumes of As2O3. It is
employed chiefly to harden lead in making shot, in
the proportion of 0·3 per cent. The use of these in
cleaning bottles, &c., may contribute a trace of As:
the presence of a larger amount of lead would in this
case indicate the source. Common Britannia metal,
used for teapots, spoons, &c., often contains As. It
occurs also in many minerals.
When oxidized it is poisonous, but pure
arsenicum passes through the body of animals
unaltered (Wagner’s Chem. Technology, trans, by
Crookes, 1872, p. 86). The vapour is very poisonous.
Arsenicum has two oxides, the trioxide and the
pentoxide.

ARSENICUM TRIOXIDE.

Synonyms.—Arsenious oxide, arsenious acid,

arsenious anhydride; popularly, “arsenic,” “flour of
arsenic,” or “white arsenic:” in mining districts it is
sometimes called “mercury:” Latin, acidum
arseniosum.
Chemical formula As2O3, or two atoms (150 parts
by weight) of arsenicum, to three atoms (48 parts by
weight) of oxygen.
Forms.—(1.) Crystalline. By sublimation and slow
condensation on moderately heated surfaces, also by
deposition from solution, we obtain regular
octahedra, often so modified as to appear like
equilateral triangular or hexagonal plates, or even
elongated into triangular prisms, but never in the
form of regular tetrahedra such as tartar emetic
yields. For figures, see Guy and Ferrier’s Forens.
Med., 1881, pp. 440 and 670. The crystals are
transparent and highly refracting. Sp. gr. 3·69.
Volatilizes without melting, except under increased
pressure.
(2.) Amorphous or vitreous. Suddenly cooled,
As2O3 condenses as clear transparent drops, finally
cohering into a glassy mass, sp. gr. 3·74. When kept,
this becomes opaque, perhaps owing to a change
into the crystalline variety, constituting the
“porcellanous” form found in commerce. If the lumps
be broken, layers of still transparent As2O3 will be
seen.
The solubility depends on the variety,
temperature, length of time it is digested, fineness of
powder, &c. So that exact figures cannot be given, as
hardly two authorities agree. It is certain, however,
that the amorphous form is less soluble than the
crystalline.[131] The accepted statement is that given
by Taylor (Med. Juris. 1, 250): that digested with
cold water, from 1/500 to 1/1000 dissolves, equal from
one half to one grain per fluid ounce; if boiled for an
hour and allowed to cool, an average of twelve
grains per fluid ounce remains in solution; if boiled
for a shorter time, less is dissolved. See also
Woodman and Tidy’s Forens. Med., 1877, pp. 133,
134. Organic matter is said to decrease its solubility;
I have not found that it does so to any notable
extent. Dr. Blondlot (Med. Times and Gazette, Feb.
11, 1860) states that fats, such as bacon, diminish
the solubility; this must be by coating the particles
and preventing contact with water. Powdered white
arsenic in all cases refuses for a long time to become
moistened by water, floating on the top, and
collecting in little lumps as if greasy: the appearance
is so peculiar as to have led sometimes to its
detection. Commercial powdered white arsenic is
generally the opaque form pulverized, but it may be
crystalline.
As2O3 is very soluble in potash and soda and their
carbonates, forming arsenites. It is less soluble in
ammonia. In hydrochloric acid it dissolves easily,
forming chloride of arsenic. It is less soluble (1 in
2,000) in alcohol than in water. One part dissolves in
200,000 of chloroform. It is insoluble in pure ether. It
is heavy to feel, tasteless, very faintly acid to test
paper, and so feeble in affinity that its soluble salts
are strongly alkaline, and are decomposed by all
acids with separation of As2O3. The powder and its
vapour are inodorous, but when heated with charcoal
or organic matter it is reduced to arsenicum, with its
odour of garlic.
Uses and Occurrence.—1. As a preservative
against insects and fungi, for steeping seed-wheat.
Many accidents have resulted. Birds poisoned by it
and afterwards eaten by man have occasioned
severe symptoms. From 1830 to 1840 in France 235
accusations of arsenic poisoning occurred, of which
110 were against agricultural persons, proving that
the use of the drug in farming gives dangerous
facilities for crime. Sulphate of copper, or, better, a
mixture of sulphate of soda and lime, are more
effectual as preservatives, and the latter mixture is
not poisonous. (Lancet, 1849, Jan. 20.)
2. For preserving skins and furs (arsenical soap).
This use has also caused serious results in the
operators. Stuffed birds, &c., kept in living rooms
may prejudicially affect the inmates by giving off
arsenical dust.
3. As an antiseptic it is injected in solution
through the vessels of subjects for dissection. Of
course in this case the body would show signs of the
anatomical examination it had undergone. In the trial
of Professor Webster for the murder of Dr. Parkman,
at Boston, U.S., March, 1850, the absence of arsenic
and other preservative substances in the corpse
proved that it had not been a subject for dissection.
4. In glass making and the production of opaque
white enamels. Here most of the vapour passes up
the chimney and is diffused.
5. Some of the patent preparations for preventing
“fur” in boilers have contained alkaline arsenites.
 6. Formerly wicks of candles were steeped in
arsenic solution to prevent a long “snuff” forming.
Moreover, it was incorporated with the candle itself
to improve its appearance. The result was a constant
diffusion of arsenic vapour in the room. Tapers were
also coloured with emerald green (copper aceto-
arsenite), which likewise gave rise to arsenical
fumes. These objectionable practices have been
fortunately given up, owing to the strong
representations of scientific men.
7. Wood is sometimes preserved by a solution of
arsenic, and then tarred. This use would be
practically free from danger, except to the operatives.
8. An alkaline arsenite is used for washing sheep
to destroy vermin. The workmen sometimes suffer.
(Lancet, 1857, p. 281.) Streams have been poisoned,
the solution has been drunk in mistake (Ibid, 1856,
p. 447), and lastly, the sheep themselves have been
killed (Taylor’s Med. Juris., i. 272). Carbolic acid
would probably answer better.
9. Cupric arsenite (Scheele’s green) and aceto-
arsenite (Schweinfurth or emerald green) are used as
pigments. In one case, where a baker’s shelves had
been painted with this colour, emerald green was
found adhering to the bottoms of the loaves (Med.
Times and Gaz., 1854, p. 326). Blancmange (R. v.
Franklin & Randall, Northampton, 1848[132]),
ornaments on cakes (Lancet, 1849, Feb. 17th),
sweets, dresses, and artificial flowers (Husemann,
Jahresbericht, 1872, p. 480), lamp-shades, insides of
pasteboard cigar-holders, toys,[133] wrappings for
chocolate, &c., wafers, water and oil colours, and
wall papers have all been coloured with emerald
green. Whenever such things have been swallowed,
the green colour is seen in the vomit. Boxes of paints
should never be given to young children. Cakes of
emerald green and of other poisonous colours have
often been sucked or eaten with fatal result; they are
the more tempting as they are generally made up
with honey or glycerine. Bright green wall papers
have gone out of fashion, still many of the dull
colours have emerald green in their composition.
Such papers certainly give off arsenical dust, even if
they do not evolve arseniuretted hydrogen or other
arsenical gas, and the symptoms they produce have
been well authenticated. In a new house the papers
should always be tested. Messrs. Woollams, of
Marylebone Lane, were, I believe, the first to disuse
arsenical pigments in paper-hangings.
These arsenites of copper give, with a little
ammonia, a blue solution (due to the copper), in
which a crystal of silver nitrate becomes covered with
a yellow coating of silver arsenite. The As can also
be easily found by the other tests.
 Dr. Raseden of Mersberg finds that arsenical
papers cause rheumatic pains, neuralgia, cough,
lassitude, and emaciation (Lancet, 1849, April 7th).
They also cause skin eruptions. These effects
disappear when the patients are removed. In
Germany the use of these pigments is prohibited; it
should be so in England. Unfortunately no other
permanent green colour is so bright in tint.
The copper arsenites are insoluble in water, but
soluble in acids, hence are dissolved by the gastric
juice, and then absorbed.
10. In medicine, arsenic is used for skin diseases,
ague, and as a tonic; externally for cancer and lupus.
Liquor arsenicalis B.P., Fowler’s solution, or “ague
drops,” is composed of arsenic 80 grains, potass,
carbonate 80 grains, water 1 pint, flavoured with
lavender. It is a solution of potassium arsenite.
Liquor arsenici hydrochloricus is arsenic dissolved in
hydrochloric acid, giving arsenic trichloride, of the
same strength as liquor arsenicalis. Among unofficial
preparations are “Donovan’s Solution of Arsenic,”
containing mercuric and arsenious iodides; strength
0·69 grain arsenicum per fluid ounce: “Davidson’s
Cancer Remedy” equal parts of arsenic and hemlock
(Dr. Paris): “Cancer Paste,” containing 8 per cent. of
arsenic, with cinnabar and dragon’s blood:
“Hydrophobia Pill,” 1/16 to 1/12 grain arsenic, with 1
grain pepper, an absurd remedy much used in the
East Indies. (Blyth’s Pract. Chem., 1879, p. 376.) The
pharmacopœial preparations of arsenic acid will be
described under arsenic pentoxide.
11. It is given by grooms to horses, to render
their coats sleek, and improve their wind, under the
name of “condition balls or powders” (strength 2½
to 5 per cent. of arsenic), also for worms, and as a
tonic.
12. For destroying the nerves of decayed teeth,
about 1/25 grain is placed in the cavity. In the Lancet
a case is recorded in which inflammation and caries
of the jaw followed this practice, which is a very
dangerous one.
13. In the manufacture of some aniline dyes, and
in the reduction of indigo, arsenic is often used. Dyed
stockings, &c., have caused skin irritation, supposed
to be due to arsenic, but more probably owing to the
dye itself.
14. Firework preparations commonly contain
some compound of As, and therefore give poisonous
vapours. “Bengal light” consists of 24 of potass.
nitrate, 7 of sulphur, and 2 of realgar (arsenic
disulphide). See also Blyth, Prac. Chem., p. 379.
15. Rat Poisons:—No. 1. Arsenic 6 per cent.,
made into a paste, with equal parts of flour and suet,
variously coloured and scented. No. 2. Equal parts of
arsenic and carbonate of barium (itself poisonous),
coloured with rose pink, and scented with oils of
anise and rhodium.[134]
Fly Poisons.—“Fly powder,” a grey mixture of As
and As2 O3. “Fly water,” a solution of arsenious acid,
or arsenite of soda or potash, of varying strength,
sweetened with sugar, treacle, or honey. (Med. Times
and Gazette, Sept. 13th, 1851.) Some also contain
orpiment (arsenic trisulphide).
16. For cleansing metals, arsenite of soda has
been used on account of its strong alkalinity. It is an
absurd preparation to use for this purpose, as
washing soda or potash would act better. In
December, 1857, 340 children were poisoned by
water from a boiler that had been “cleaned” by this
compound (Taylor on Poisons, 2nd ed., p. 378). In
1863, a man died from drinking beer out of a pot
which had been thus cleansed (Taylor, Med. Juris., 1,
273).
17. The well-known “arsenic eating” of Styria has
been ridiculed as impossible, but has yet been
authenticated on further examination. A Styrian
wood-cutter was seen by a medical man to eat a
piece of arsenic weighing 4½ grains, and next day
another 5½ grains, yet remaining in his usual health.
It is also eaten by the natives of Ceylon (Med. Times
and Gaz. 1862, p. 454, and 1866, p. 375). Workmen
in arsenic factories often become habituated to its
influence. See a paper by Roscoe, Mem. of Lit. and
Phil. Soc. of Manchester, 1860. I myself can testify to
this fact. A student in the College of Science, Dublin,
was accustomed to take out of the arsenic bottle
little lumps about 3 or 4 grains each and eat them,
without apparent ill effect.
18. As a cosmetic, applied externally, it would
probably be useless. Unless the skin were abraded,
or it remained very long in contact, no absorption,
and hence no poisonous effect, would result, but any
scratch or wound would be dangerous. (See
Christison’s Evidence, case of Madeline Smith, p.
320.) And if in protracted contact with the skin, it will
cause symptoms. (Memoirs of Lond. Med. Soc., ii.,
397, Amer. J. of Med. Science, July, 1851.)
19. A solution of chloride of arsenic has been
employed for “bronzing” metals. The fumes would be
highly pernicious.
20. Ritter, of Rouen, states that glucose or starch-
sugar frequently contains arsenic, derived from the
sulphuric acid employed in its manufacture being
made from arsenical pyrites. He finds that by this
means the arsenic is introduced into beer brewed
with glucose, into confectionery, syrups, liqueurs, &c.
(Reimann’s Färber Zeitung, No. 3, 1878.)
 21. It is said that certain paper collars and cuffs
which are extensively made in America have proved
poisonous from containing a considerable proportion
of arsenic. (Les Mondes, Nov. 11th, 1880.)[135]
22. Speculum Metal, for telescope mirrors, is an
alloy of copper, tin, and 3 per cent. of arsenic.
23. In America, a paper soaked in a solution of
arsenic and other drugs is burnt, and the smoke
inhaled for asthma and bronchitis. (Year Book of
Pharm., 1873, p. 345.)
24. Traces occur in mineral waters.

SULPHIDES OF ARSENIC.

Orpiment, As2S3, Auripigmentum, or King’s Yellow,

trisulphide of arsenic, obtained by precipitating a
solution of arsenic with sulphuretted hydrogen, is a
yellow inodorous powder, insoluble in water and in
hydrochloric acid, but slowly oxidizing in air to
arsenious acid, and therefore poisonous. It is found
native. By heat it melts to a reddish liquid: if air be
excluded, it volatilizes at about 700° C., and
condenses unchanged: if air be present, it is oxidized
to sulphur dioxide and arsenic trioxide, which
condenses in the crystals before-mentioned. It is
soluble in alkalies and their carbonates, and
reprecipitated by hydrochloric acid. Commercial
“King’s Yellow,” formerly used as a pigment, but now
replaced by Chromate of lead, is a very poisonous
mixture of As2 O3 and As2 S3. It is sometimes
employed in printing indigo. A mixture of orpiment,
water and lime is used in the East as “Rasma” (see
page 320) for a depilatory. In a corpse, by
putrefaction, the arsenic is frequently converted into
sulphide.
Realgar, the disulphide, As2 S2, is red, exists as a
mineral, and is also made artificially for fireworks. It
contains about 75 per cent. of arsenic, but varies.
Formerly it was used as a pigment, and in tanning to
remove hair.
These sulphides have rarely been used for
criminal purposes. Orpiment was employed by Mary
Ann Burdock, 1833.[136] Being insoluble, they would
only be absorbed after oxidation into As2 O3.
Ossikovszky (J. Pract. Chem. 2, xxii., 323) finds that
this change happens rapidly in contact with organic
bodies. But the opposite change, by putrefaction and
development of sulphuretted hydrogen, of As2 O3
into As2 S3, is far more likely and frequent.

ARSENIC ACID
 is obtained by oxidizing As2 O3 by nitric acid. It is
a white deliquescent solid, inodorous, very soluble in
water to a syrupy solution, which is corrosive,
strongly acid and metallic in taste. By heat it first
gives the pentoxide, As2 O5, then it breaks up into
As2 O3 and oxygen, finally completely volatilizing. It
is said to be less poisonous than As2 O3. (Wöhler and
Frehrichs, Ann. Chem. Pharm., lxv., 335.)
The arsenates are very like the phosphates. Like
them they give with acid molybdate solution a
yellow, with magnesium sulphate a white crystalline,
precipitate. But with sulphuretted hydrogen, after
acidifying, they give slowly a yellow precipitate of
sulphide of arsenic and sulphur; and with silver
nitrate a liver brown precipitate of silver arsenate.[137]
Sulphurous acid reduces arsenic acid to arsenious.
Sodium arsenate is in the British Pharmacopœia,
and is employed in calico printing. A brominated
solution of potassium arsenate (strength = 1 per
cent. As2 O3) is used in Russia for epilepsy.
“Pearson’s solution” is 1 grain sodium arsenate to 1
oz. water. “Macquir’s neutral arsenical salt” is a
binarsenate of soda. “Papier Moure” consists of
paper soaked in solution of potassium arsenate
(Tidy).
 Fischer (Ber. deutsch. Chem. Gesellschaft, xiii., p.
1778) proposes ferrous chloride as better than
sulphurous acid for reducing arsenic acid to
arsenious (see process for separation, post).
Arsenic Trichloride, As Cl3, is a volatile, colourless
liquid, very pungent, and fuming in air. It has been
discarded from medical use on account of its
dangerous properties. A case of poisoning by it is
mentioned in Taylor (Med. Juris. 1, p. 278). It is
obtained in the process for separation from the
organs. Arsenic Triiodide, a dull red crystalline solid,
is used in ointments.
Arseniuretted hydrogen, As H3, is a colourless gas
of a garlic odour, almost insoluble in water. It burns
with a livid bluish-grey flame, forming water and a
white cloud of As2 O3. By heating to redness it is
decomposed into hydrogen and a deposit of
arsenicum (the “mirror”). It is formed whenever
hydrogen is evolved in contact with arsenic
compounds, hence has caused accidents in making
hydrogen from impure zinc. It is probably the most
deadly compound of As, and proved fatal to its
investigator, Gehlen, and in several other cases.

EXTRACTION AND TESTS.

 If arsenic has been given in the solid form, the
greater part will remain insoluble, and will be found
either in lumps or powder in the stomach, or as a
white powder adhering to its lining. Any substance so
found should be washed with water and tested for
arsenic. It is absurd to say, as Dr. Letheby did in Ann
Merritt’s case (ante, p. 366), that the quantity was
too small for examination: if a white powder can be
seen, it can be tested. In the contents, or in any fluid
food, the heaviness of powdered arsenic will cause it
to readily separate as a sediment. Soot or indigo, the
legal admixtures, should also be sought.
Arsenic is not naturally present in the body
(Sonnenschein, Gerichtlich. Chemie, p. 122; and
others). As it occurs in soils, in cases of disinterment
a portion of the earth surrounding the coffin should
be tested.[138]
When absorbed, it may pass into every part of
the body, but more especially into the liver and
spleen. De Poncy and Livon have supposed that it
was capable of replacing phosphorus in the actual
brain substance (Comptes Rendus, 23, June 9th,
1879), and that it is mainly localized in the brain.
Another author finds it concentrated in the bones.
Prof. E. Ludwig of Vienna, in the case of a woman
who suffered from making artificial flowers coloured
with magenta containing arsenic, found arsenic in
the liver, spleen, kidneys, and stomach, but not in
the bones or urine (Lond. Med. Record, Dec. 15th,
1877, p. 509). He found also that in human beings as
well as dogs poisoned with arsenic, in both acute
and chronic cases, the liver contained the largest
amount, the kidneys sometimes a considerable
quantity, and the bones, brain and urine, only small
traces (Jahresb. für Thierchemie, 1879, 85). These
results have been discussed by Johnson and
Chittenden (American Chem. Journal, 2, 332), who,
in a woman poisoned by arsenic, found, a year and a
half after burial, over 5 grains of As2 O3, almost
evenly distributed. The conclusion to be drawn is,
that, of the absorbed arsenic, the main part will be in
the liver, and the rest in varying proportions in other
tissues, so that as much as possible of the whole
body should be examined.
As the large quantity of organic matter is in the
way of the tests, it has been proposed to get rid of
this by different processes. That of Fresenius and V.
Babo consists in oxidizing the substances by strong
hydrochloric acid and chlorate of potash. There is a
great objection to this, as loss is liable to occur from
volatilization of arsenic trichloride, unless it is done in
a retort, which is practically impossible on account of
the bulk and frothing, and the danger of explosion
from the oxides of chlorine formed.
 The following modification of an old process has
been found by the author to be satisfactory. It may
be used also for antimony and mercury. Weigh the
whole, cut up finely, and grind the matters to a pulp
with water, reserving a weighed portion of about one
third; render strongly alkaline with potash or soda
previously tested for arsenic. Pass in a current of
chlorine, stopping before the alkalinity is destroyed.
Boil the solution down to a low bulk, not to dryness,
till a portion taken out and treated with acetic acid
gives no chlorinous odour, showing that the
hypochlorite has been completely decomposed.
Arsenic trichloride does not escape from alkaline
solutions, so there is no loss. Add sufficient pure
aqueous sulphurous acid, to reduce the arsenic acid
to arsenious. Now transfer to a large retort provided
with a tube-funnel and condenser, the end dipping
into water in a well-cooled tubulated receiver, itself
connected by a tube with a flask containing dilute
potash solution. Through the tube-funnel pour in
pure concent. sulphuric acid in volume about equal
to the liquid, adding it gradually, as there is much
heat and effervescence. Mix well by shaking, and
distil slowly from a sand bath. In distilling a
moderately strong solution of mixed arsenious and
antimonious chlorides in concent. hydrochloric acid, I
have found that the arsenic all comes over in the first
third of the distillate, and that after two-thirds have
passed over, the antimony also begins to distil.
Hence, in the above process the distillation should
not be carried beyond half the volume of the liquid in
the retort, when all the arsenic, in whatever form it
originally existed, will be found as chloride in the
receiver, except a little which may have escaped into
the potash. Test a portion of the potash solution by
Marsh’s or Reinsch’s process as hereafter described:
if any arsenic be present, add the remainder to the
liquid in the receiver, taking care that excess of free
acid is left. Pass into the distillate washed
sulphuretted hydrogen in excess (or add a solution of
the gas in water), warm, cover, and allow to stand.
(The excess of sulphuretted hydrogen may
afterwards be removed by warming and passing in
carbonic acid gas.) If any arsenic be present, a
yellow precipitate of arsenious sulphide, As2S3, will
appear; if the precipitate be pale, it will consist
mainly of sulphur, formed by the action of the
sulphuretted hydrogen on the sulphurous acid which
is present. Some organic matters are also generally
present. Collect the precipitate on a filter, wash with
sulphuretted hydrogen water, dissolve in a dilute
solution of ammonium carbonate, and again
precipitate with hydrochloric acid. The precipitated
arsenious sulphide is now nearly pure: it may be
collected on a small filter, washed rapidly, again
dissolved in ammonia, the solution received in a
porcelain dish, evaporated to a low bulk, transferred
to a weighed porcelain boat, and heated cautiously
in a current of carbon dioxide to a temperature not
above 400° C., sufficient, in fact, just to melt the
arsenious sulphide. [Sulphur boils at 446° C., As2S3
at 700° C.] Any remaining sulphur is thus removed,
and the arsenious sulphide may then be weighed.
The weight multiplied by 0·805 gives the amount of
arsenic trioxide.
A less preferable way is to collect the arsenious
sulphide on a weighed filter, to dry, and dissolve out
any sulphur by carbon disulphide. Yet another
method is to oxidize by nitric acid, evaporate,
precipitate the arsenic acid by a mixture of ammonic
chloride, magnesic sulphate, and strong ammonia
—“magnesia mixture”) as ammonio-magnesic
arsenate, and weigh, either as that salt, or, after
ignition, as pyroarsenate of magnesia. The former,
dried at 100° C., contains 39·57, the latter 48·29 per
cent. of As. Lastly, if the sulphide, oxidized by nitric
acid, be alkalized with ammonia, and warmed to 70°
or 80° C. with a solution of ammonium molybdate in
nitric acid, as used for the ordinary determination of
phosphates (see Fresenius, Qual. Anal., p. 54), a
yellow precipitate of arsenomolybdate of ammonia
appears, which can be weighed: it contains 3·3 per
cent. of As (Bull. Soc. Chem., Jan. 7th, 1877).
But where such importance may hang on
quantities, the use of weighed filters for such small
amounts is simply courting error. When the As2S3 has
been weighed in the porcelain boat, calculate it into
As2O3, or into As (it contains 61 per per cent. of As),
then cover it with a mixture of pure potassic cyanide
and sodium carbonate, place it in a piece of
combustion tubing drawn out at the end into a long
thin point, pass washed dry carbon dioxide over it,
and heat cautiously till all the water is expelled.
Finally raise the temperature to full redness, and
pass a slow continuous current of the gas, keeping
the narrow part of the tube cool with moistened
blotting paper. The sulphide will be reduced to As,
which will deposit in a metallic coating on the narrow
portion. Seal this part, and preserve it as evidence.
It is obvious that the residue in the retort may be
tested for other metals.
The presence of arsenic ascertained, and the
quantity known, it would seem as if nothing more
was necessary. Still, it is useful to confirm results by
the other tests. The reserved portion may now be
divided and used as follows:—
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.

Let us accompany you on the journey of exploring knowledge and

personal growth!

ebooknice.com