Please enable JavaScript.
Coggle requires JavaScript to display documents.
AWS Developer (The AWS Platform (Services) (Developer Exam (Security &…
AWS Developer
The AWS Platform (Services)
Developer Exam
Messaging
SNS
(Simple Notification Service)
Different ways of publishing
publish-subscribe (pub-sub) messaging paradigm
PUSH
to clients :pencil2:
to devices
Apple
Google
Fire OS
Windows
Android
Baidu Cloud Push (China)
also delivering
SMS
Email
messages stored redundantly across multiple availability zones
topics
group multiple reciepient
is an "access point"
dynamically subscripe
delivery to multiple endpoint types
Billing
$0.50 per 1 million requests
$0,06 per 100.000 Notification delvieries over HTTP
$0.75 per 100 Notification deliveries over SMS
$2.00 per 100.000 Noticiation deliveries over Email
Message
Data Type: JSON
Message body
Message attributes
Name
Type
Value
Protocols
HTTP
HTTPS
Email
Email-JSON
Amazon SQS
Application
Messages can be customized for each protocol
SQS
(Simple Queue Service)
Decoupling
application
Queue system
Message Management between components
Message can contain
256KB
of text :pencil2:
works like a buffer
order
FIFO not guaranteed :warning:
place sequencing info for reorder
Timeout
Maximum 12 hours
Default Visibility Time Out is 30 seconds
change with
ChangeMessageVisibility
delivery
at least once
could be more sometimes
billing
old msg size 64kb
4 x 64kb "Chunks"
64kb billed as 1 request
first 1 million requests free
$0.50 per 1 million requests
request contain from 1 to 10 msg
SQS Long Polling
no response until msg arrive
easy and inexpensive to retrieve
Max. Long Poll Time Out = 20 sec
exam
Asynchronously
PULLS
task msg :!: from queue
Retrieves the named file
Processes the conversation
Writes the image back to Amazon S3
Writes a "task complete" msg to another queue
Deletes the original task msg
Checks for more msg in the worker queue
Fanning Out
1
SNS
topic
multiple SQS
queues
1st Service on AWS platform
message-oriented API
needs application-level tracking :pencil2:
SES
(Simple Email Service)
Security & identity
IAM
:lock:
Centralized control of AWS account
Granular Permissions
Shared Access to AWS Account
Identity Federation
Active Directory
Facebook
Linkedin
Multifactor Authentication
Password policy
Integrates with many different AWS services
has no region :check:
it is global
permissions available all over the world
Security Token Service (STS)
users can come from...
Federation
(typically Active Directory)
Options
SAML
1 more item...
Cognito
AWS Microsoft AD
Custom Federation Brokers (
Identity Broker
)
user in IAM not necessary
SSO for AWS console
Federation with Mobile Apps
Facebook
Amazon
Google
other OpenID providers
Cross Account Access
between AWS accounts
access ressources from other account
Key Terms
Federation
users in one domain (such as IAM)
users in another domain
Active Directory
OpenID providers
Identity Broker :pencil2:
take ID from A join it to B
have to be build by your own :red_flag:
LDAP first :!:
then AWS Security Token Service (
STS
)
not out of the box :red_flag:
Application get access
temporary
short lived (1-36 hour)
for AWS Services
Old school (2011)
use other AWS options instead :champagne:
Identity Store
Services like ...
Active Directory
Google
Facebook
etc
Identities
a user of a service
Inspector
Certificate Manager
Free SSL Certificates
Directory Service
Active Directory
WAF (Web Application Firewall)
Artifacts
Dokumentation in Console
Compliance Support
Shared Responsibility Model
Infrastructure Services
AWS
Foundation Services
Global Infrastructure
Endpoints
Customer
Encryption
Protecting Network Traffic
Operation System
Firewall
Plattform & Application Management
Customer Data
Container Service
s
Customer
Customer Data
Firewall
Encryption
Protecting Network Traffic
Abstracted Services
S3, DynamoDB, Lambda
Customer
Customer Data
Client-Side Encryption
Storage
S3 :red_flag:
(Simple Storage Service)
General description
no place to install sth
dropbox use S3
unlimited storage
Simple Key-Value-Store
buckets are like folders
Exam Hint
many exam questions for S3 :fire:
Read S3 FAQ :pencil2:
object based storage :pen:
files
word documents
movies
0 Bytes to
5TB
Storage Class :pen:
:star:
Glacier
extremly slow
no imedately access
3-4 hr to retrieve
store file for compliance reason
archive data
not available in every region
Standard
frequently
accessed
durable
immediately available
Standard - IA
infrequently
accessed
min. object size 128KB
durable
immediately available
Reduced redundancy
RRS
noncritical data
:!!:
durability of 99.99% :star:
less
frequent replication
400 times the durability of a typical disk drive :star:
Files from 0 Bytes to 5 TB
is a universal namespace
names must be unique
globally
DNS-Address for buckets
https://{region}.amazonaws.com/{bucketname}
important for exam :fire:
Data Consitency Model
atomic entries
either get old data or new data
never get partial or corrupted data
new objects (
PUT
)
immediately readable
Read After Write Consistency :pencil2:
largest transfersize is
5GB
Uploads much faster by enabling multipart upload :!:
after that use multipart upload
updates
(overwrite PUTS and DELETES)
Eventual Consistency :pencil2:
can take some time to propagate
you might get the old object after update
Encryption
Client Side (upload encrypted data)
Server Side
with SSE-S3 (Managed Keys)
with SSE-KMS (KMS)
with SSE-C (Customer Provided Keys)
Access Control
two features
:pencil2:
by
Bucket Policies
AWS:Referer key
access restricted to domains
by
ACL
by
default
buckets are
private
CORS
Share between ressources
Bucket Properties
Access Logs
can be configured
log all requests made to the bucket
can be stored in another bucket
Encryption
Transit Encrytion
SSL\TLS
3 Server Side Encryptions
S3 Managed Keys (
SSE-S3
)
most common
just click encrypt, Amazon handle the keys
it uses AES 256
encrypt object with unique key
encrypted masterkey
1 more item...
AWS Key Management Service, Managed Keys (
SSE-KMS
)
like SSE-S3 with additional features
extra charge
with Customer Provided Keys (
SSE-C
)
customer have to manage his keys
AWS provides encryption and decryption mechanism
Client Side Encryption
encrypt data on client side
before uploading to S3
pre-signed URL
s are possible :star:
hint for Route 53
Domainname and bucket name have to be the same
Static Website Hosting
website URL
https://{bucketname}.s3-website-{region}.amazonaws.com
important for exam :fire:
very cheap
serverless
scales automatically
Version Control
once installed: can only be disabled, but not removed :pencil2:
disable it and move data to new bucket
can be enabled for every bucket
Great Backup Tool :pencil2:
restore Version
button "show versions"
delete marker
have to switch to old console
can download every version directly
MFA Delete capability
could be configured
deletion requires 2 factor authentication
additonal layer of security
quite complex to set it up
Cross Region Replication
add replication rule to bucket
All contents
prefix (folder)
destination
in same account
in other account
requires versioning
only new object
s will be replicated :warning:
replicate existing objects by command line (copy)
can not replicate to
multiple
buckets :warning:
deletion markers are replicated
but not the deletion of a deletion marker
Lifecycle Management
& Glacier
lifecycle rules :pencil2:
can be used in conjunction with versioning
can be applied to current versions and previous versions
possible actions
Transition to Standard
Infrequent Access (IA) Storage Class
30 days after creation date
Archive to Glacier Storage Class
30 days after IA
permanent deletion
automate transition to tiered storage
expire objects
Transfer Acceleration
utilises the CloudFront Edge Network
accellerate uploads to S3
not uploading directly to S3
upload directly to an edge location
distinct URL
transfered to S3 in the background
EFS
(Elastic File Service)
block based Storage
shareable volume
could install applications
could install databases
Supports Network File System version 4 (NFSv6) protocol
only pay for the storage in use
no pre-provisioning required
scale up to petabytes
support thousands of concurrent NFS connections
stored across multiple AZ within a region
Read After Write Consistency
Storage Gateway
connects with on premise datacenters
store date in the cloud
VM as virtual image
installed on premise machine
communicates with S3
supported
VMware ESXi
Microsoft Hyper-V
3 Types
File Gateway (NFS)
flat files
e.g. PDF, Word Images, etc.
stored in S3
Volumes Gateway (iSCSI)
block storage
up to 32 TB
e.g. for OS, virtual hard disk
not
stored in S3
but Snapshots stored in S3 :!:
2 types
Stored Volumes
entire Dataset on site
async. backed up to S3
Cached Volumes
entire Dataset on S3
most frequently accessed data on site
Type Gateway (VTL)
virtual Tapes
stored in S3
backup / archive solution
live cycle policy
send to glacier
Snowball
Import/Export
Disk
for large amounts of data
Enterprise Level (TB of data)
bypass the Internet
using Amazon´s high-speed internal network :star:
external disk
Transfer data to cloud
S3
EFS
3 Types
Snowball Edge
piece of aws datacenter take on prem
added compute capacity
added on-board storage
can be clustered
ensure applications continue even when cloud is unavailable
Snowball
Snowmobile
massive Sea Container
for Exabytes of data
pulled by truck
can come with armed protection
EBS
(Elastic Block Store)
replicated
high availibility
Block based storage
Virtual Hard Disk
HDD
SSD
for databases
for operating systems
Management Tools (very high level)
Cloud Watch
for performance monitoring
Standard Monitoring = 5 Minutes
Detailed Monitoring = 1 Minute
Dashboards
Alarms
Events
Logs
Cloud Formation
turn infrastructure into code
document and describe AWS environment
Deployment by Cloud Formation Templates
CF takes care of the right order
JSON or YAML files
CRUD for resources
Elements of a Template
Mandatory Elements :red_flag:
AWS Resources
associated configuration values
Optional Elements :red_flag:
template file format and version
Template Parameters
limit of 60
Output Values
limit of 60
List of data tables
vast topic
read
https://aws.amazon.com/cloudformation/faqs/
most powerful parts of AWS
billing
CF is free
pay for the ressources you provisioned
you are charged for errors
Intrinsic functions
Fn:GetAtt
get
attribute
value
from resource
Syntax
"Fn::GetAtt" : [ "myELB" , "DNSName" ]
in:
Logical Name + Attribute Name
out:
attribute value
Ref
get
parameter
value
in:
parameter name
out:
parameter value
get
resource
value
in:
resource name
out:
resource id
Syntax
"Ref" : "MyEC2Instance"
automatic rollback on error
Stacks can wait for applications using "
WaitCondition
"
Route53 completely supported
new hosted zones
updating zones
IAM Role Creation and Assignment supported
Cloud Trail
Ordering AWS Services
Protocoll of orders and changes
for auditing
Opsworks
Deployment
Config (Manager)
Alerts
Trusted Advisor
Recommendations
Security Fix Hints
Performance Hints
Databases
Dynamo DB
:red_flag:
non-relational database
Collection
Document
Key Value Pairs
very important
for exam
read the FAQ :!!:
high performance
Stored on SSD
Eventual Consistent Reads (Default)
Best read performance
Spread across 3 geographically destinct data centres
Strongly Consistent Reads
garanteed consistent
slower (~1 Sec)
Core Components
Tables
Items (like a row / tuple)
Attributes (like a column)
schemaless
Indexes
Local Secondary Index
SAME
Partition Key
Different sort key
Only created with a table
can not be removed
never removed or modified later
Global Secondary Index
DIFFERENT
Partition key
different sort key
created at table creation or later
Primary Key Types
Single Attribute
Partition Key
Hash Key
like unique ID
Composite
like unique ID & date range
Partition Key and Sort Key
Hash & Range
composed of two attributes
Streams
very new
capture modification of table
snapshot of new added item
before and after image while update
image before deletion
stored max. for 24h
can trigger lambda functions
Operations
Query
finds items in table by primary key
search values
partition attribute name
distinct value to search
optionally
sort key attribute name
value
comparison operator to refine search
result
returns all data for PK by default
ProjectionExpression parameter : :pencil2:
for filtering
sorting
by sort key
2 more items...
ascending by default
ScanIndexForward parameter :pencil2:
reverse order
eventually consistent by default
more efficient than scan
Scan
examines every item in the table
dumps the entire table
avoid on large tables with filter that remove many :warning:
as slower as table grows
can use up provisioned throughput :explode:
Error Code 400
1 more item...
result
all data for every item by default
ProjectionExpression parameter
for filtering : :pencil2:
Batch Operations
BatchGetItem API
1 request retrieve up to 1 MB of data
can retrieve items from multiple tables
Provisioned Throughput
Unit of Read
round up to increments of 4 KB
Eventually Consistent Reads consist of 2 reads per second
Strongly Consistent Reads consist of 1 read per second
Unit of Write
All writes are 1 KB
All writes consist of 1 write per second
Web Identity Provider
Login with google, facebook, twitter, etc.
Authentication Steps
User Authenticates with ID provider (e.g. Facebook)
They are passed a Token by their ID provider
Code calls
AssumeRoleWithWebIdentity
API and provides the providers token an specifies the ARN for the IAM Role
App can now access DynamoDB from between 15 Minutes to 1 hour(default)
Conditional Updates / Writes
Update only if condition is still true
idempotent
change to attribute will only written, if value has not changed while read :star:
Atomic Counter
not idempotent
increments each time you call UpdateItem
uses Key-Value-Pairs :silhouettes:
RDS
(Relational Data Service) :
relational database (SQL)
SQL Server
Oracle
MySQL Server
PostgreSQL
Aurora
MariaDB
not very important for exam
OLTP (Online Transaction Processing)
Redshift
Data Warehouse Solution
big data
run reports
copy production data to redshift
OLAP (Online Analytic Processing)
Elasticache
Scalable Cache in the cloud
e.g. Webshop
top 10 selling icons
static data
no db retrieval anytime
take data out of database
data return much quicker
in-memory caching engines
Memcached
Redis
Networking & Content Delivery
VPC
(Virtual Private Cloud)
Very important
for every exam :fire:
not easy :warning:
you should be able to build a VPC an AWS :fire:
Partion Ressources
separate resources inside
can proteceted from outside
VPN access possible
connect between resources inside
could connect your corporate datacenter
AWS as extension
Hardware VPN
Subnet
private IP adresses
Network ACL
stateless :pencil2:
responses to allowed inbound traffic are subject to the rules of outbound traffic (vice versa).
can specifiy exceptions (e.g. block IP Address)
create
custom network ACLs
Sorting is important
denies inbound and outbound by default
allows inbound and outbound traffic by default
A subnet can only be associated with
1 ACL
A ACL can be associated with
multiple
subnets
extra layer of security at subnet level
Routing Tables
Security Groups
set of
firewall rules
Port configuration
Protocol configuration
Source configuration
custom
1 more item...
Anywhere
1 more item...
MyIP
2 more items...
Inbound
is
blocked
by default
Outbound
is
allowed
by default
Can
not
block specific IP addresses
changes takes effect
immediatley
:pen: :!:
stateful
:pencil2:
anything allowed incoming is automatically allowed outgoing
no exceptions possible
Difference to a n
etwork access control list
, which is stateless
acts like a FW at instance level
1 subnet equals 1 availability zone :pencil2:
within custom VPC subnets can communicate with each other by default
Free Service
max 5 VPC per account
VPC is like a virtual data centre in the cloud
logically isolated section
better security control
virtual network
custom IP address ranges
configurable routing tables between subnets
internet gateway
highly available by default
spread all accross all AZ
only 1 internet gateway could be attacht to a custom VPC
subnet network access control lists (ACLS)
connecting remote networks
AWS Direct Connect
dedicated private connection
Default VPC
user friendly
allows deployment of instances
all subnets have a route to the internet
each EC2 instance has a public and a private IP
comes with default Network ACL
Peering
connects VPCs
direct network route
uses private IP addresses
instances behave as if they were on the same private network
works VPCs from other accounts too
star configuration :pencil2:
1 central VPC peers with 4 others
NO TRANSITIVE PEERING :no_entry:
Network Address Translation (NAT)
two ways
NAT Instances
not
recommended
administration overhead :black_flag:
6 more items...
disable Source/Destination Check on the Instance
must be in public subnet
Needs route from private subnet to NAT instance
traffic capacity depends on instance size (bottleneck)
NAT Gateway
recommended :star:
Amazon takes care of the instances
5 more items...
automatically assigned to public IP
more secure than NAT instances
Route tables have to be updated
Use them in multiple AZ to ensure redundadency
Flow Logs
can be created at 3 levels
VPC
Subnet
Network Interface Level
logs IP traffic flow
can stream logs
Lambda
Elastic Search Service
not for peered VPCs :black_flag:
can not tag a flow log
after configuration no changes are possible :warning:
not all
IP Traffic is monitored :pencil2:
Traffic between intances and Amazon DNS Server
Traffic by a Windows instance for license activation
Traffic to and from 169.254.269.354 for instance metadata
DHCP traffic
Traffic to the reserved IP for default VPC router
Bastions
:lock:
for administration only
for access via
SSH
or
RDP
instead of hardening a fleed of instances use a harden bastion
called "jump boxes"
VPC End Points
2 types
Interface
for traffic
Gateway
for different services
for direct connections
traffic should not leave private network
VPC Clean Up
1.) delete Instances first
2.) detach & delete VPC next
3.) detach Internet Gateway from VPC & delete
Route53
Amazon DNS Service
DNS Basics
Domain Registrars
InterNIC
ICANN
Amazon is a Registrar
SOA
Records (Start of Authority)
Name of the server
Administrator of the zone
current version of data file
seconds to wait before checking for updates, retrying, refreshed, expiring
default for time-to-live (TTL) file
NS (Name Server) Records
used by Topl Level Domain servers
direct traffic to Content DNS server
A (Address) Record
map name to IP address
TTL
record
DNS record cache
lower time to live = faster propagate changes
CNames
(canonical)
map one domain name to another
different domains same target
can not be used for naked domain names
Not for Domains without "www"
zone apex record
Alias Records
map resource record sets to Elastic Load Balancers
provided by Amazon
works like CNAME records
Route53 automatic recognize changes in the record sets
can resolve individual AWS ressources :pencil2:
Port 53
Elastic Load Balancers
do
not have
pre-defined IPv4 addresses :pencil2: :explode:
you always give a
DNS
name :pencil2: never an IP
for naked domain names use Alias records and CNAME
decide between using CNAME or Alias
exam: 9 times out of 10 use Alias :pencil2: :!:
reported states
InService
OutofService
needs at least 2 public subnets (in 2 AZ)
ELB routes traffic to these AZ
3 types
Application LB
:star:
mostly fits
Network LB
for ultra-high performance needs
Classic LB
(obsolete) :no_entry:
Simple Routing Policy
Simple
default routing policy
Weighted
procentual
over an day
Latency
based on lowest network latency
creates a latency resource record for each hosted region
Test with VPN (e.g. vyprvpn)
Failover
for active/passive set up
Route53 will monitor health of primary site
create health check for endpoint
Geolocation
based on geographic location of user
by counties
in US also by states
does not use Key-Value-Pairs :forbidden:
CloudFront
CDN
(Content Delivery Network)
Definiton
deliver webpages and other web content
based on geographic location of...
the user
the origin of the webpage
the content delivery server
system of distributed servers
Cache Assests
Key Terminology
Edge Locaction
:silhouettes:
cached content
loads from origin
TTL
(Time To Live)
in seconds
default
24h
(86400)
if too long, it is hard to remove content from cache
can be cleared manually
chargeable :warning: :!!:
separate to an AWS Region/AZ
all around the world
not for READ only :pencil2:
write to them too
e.g. put an object to them
Origin
origin of all files that the CDN distributed
S3 Bucket
EC2 Instance
Elastic Load Balancer
Route 53
Distribution
the name given to the CDN
consists of a collection of Edge Locations
2 types of distribution
:pencil2:
RTMP
for Media Streaming
Web Distribution
typically for Websites
Geo-Restrictions
:pencil2:
optional
whitelist or blacklist countries
Direct Connect
Connecting Office
Connecting physical datacenter
dedicated telephone line
Compute
EC2
(Elastic Compute Cloud)
simply the virtual machine running on AWS
AMI
(Amazon Machine Image )
customized
AWS Marketplace
Business Intelligence SW
Anti-Virus Scanners
Network Firewall
are regional
onlylaunch inside
region
:pencil2:
copy to other regions via console, command line or EC2 API
API
CreateImage
first step
RegisterImage
final step while creation
describe-images
deregister-image
Additional Features
Auto-Scaling Groups
Elastic IP
max. 5 Elastic IP / region
(default)
Load Balancers
Pricing Model
On Demand
scale up for expected peaks
Spot
minimezed cost
usage when price is low
pay for hour
if amazon terminates the spot instance you get the hour it was terminated for free
got spot until bid price is lower than the current spot price
Reserved
known load without peaks
rent for month and pay upfront
cheaper than on demand
instances can be transfered to other AZ
Dedicated Hosts
for licensing which does not support Multitennant or cloud deployments
Physical
EC2 Server
use existing server-bound software licenses
EC2 Metadata
Instance
curl
http://169.254.169.254/latest/meta-data
Private IP
Public IP
reachable inside instance
User data
curl
http://169.254.169.254/latest/user-data
Special
Meta-Data IP Address
http://169.254.169.254
Instance Types
2018
Not necessary for deveopment certification
:green_cross:
Family
D2
Dense Storage (
Density
)
Fileservers/Data Warehousing/Hadoop
R4
Memory Optimized (
RAM
)
Memory Insentive Apps/DBs
M5
General Purpose (
Main
Choice)
Application Servers
C5
Compute Optimized (
Compute
)
CPU Intensive Apps/DBs
G3
Graphics Intensive (
Graphics
)
Video Encoding/3D Application Streaming
I3
High Speed Storage (
IOPS
)
NoSQL DBs, Data Warehousing, etc.
F1
Field Programmable Gate Array (
FPGA
)
Hardware acceleration for your code
T2
Lowest Cost, General Purpose (
T2 Micro
)
Web Servers/Small DBs
P3
Graphics / General Purpose GPU (
Pics
)
Machine Learning, Bit Coin Mining, etc.
X1
Memory Optimized (
Xtreme
Memory)
SAP HANA/Apache Spark etc
Hint for remembering:
FIGHTDRMCPX
FIGHT DR McPX
Selling pictures from scottland
H1
High Disk Throughput
MapReduce-based workloads, distributet file systems like HDFS and MapR-FS
EBS Volumes required
1 EBS volume for one EC2 instance only :warning:
Use
EFS
for multiple instances
persistent data
root
volume
cannot be encrypted by default :!:
need 3rd Party Tool
deleted :warning:
when instance turned off (default: Delete on Termination)
have to be type
Magnetic
running OS
Additional Volumes
can be encrypted (checkbox)
Termination Protection
turned off by default
Snapshots
stored on S3
:pencil2:
time copies of Volumes
are incremental
share only if unencrypted
root instances have to be stopped before
typically for backup
can be copied to other volumes
can move to aother AZ/Region
can create an
Image
from Snapshot
for new EC2 Instances
encrypted volumes stored encrypted
Security
AWS Credentials
not recommended
local configuration file contains credentials
Roles
recommended
credential not stored localy
can be attached to running instance (NEW) : :fire:
CLI Commands
AWS EC2
RUN
-INSTANCES
create a new instance
AWS EC2
START
-INSTANCES
starts a stopped instance
AWS EC2
DESCRIBE
-INSTANCES
describes all current running instances
AWS EC2
DESCRIBE
-IMAGES
all images that available to the user (caution, it is a lot of information)
EC2 Container Service
supports docker containers
sometimes called ECS
Elastic Beanstalk
Code Deployment (Upload to Beanstalk)
automatic provisoning of underlaying infrastructure
PAAS
Node.js
Nginx
Apache HTTP
PHP
Appache HTTP
Python
Apache HTTP
Ruby
Passenger
Puma
Tomcat
.NET
IIS
Java SE
Go
Packer
Docker
Monitor and scale an application
Is a GUI for developer with no AWS knowledge
Use Cloud Formation for production workloads instead
Applications are the high level structure
either the entire application is one EB application
or each logical component is a EB application :pencil2:
can have multiple environments
single instance or scalable
Application Versions
unique package
each application can have many versions : :pencil2:
can be deployed to environments within an application
Upload as application bundle (.zip)
Databases :pencil2:
create it in AWS seperatly
do not create it with EB
will be deleted when EB deleted :warning:
data is lost
Updates
application update :pencil2:
configuration update :pencil2:
Rollout :pencil2:
1 instance at a time
% of instances
immutable update (new instances)
Billing
EB is free
you pay for the ressources you configure
Lambda
since 2014
revolution in cloud computing
serverless
upload code
code responded to events or requests
event-driven compute service
response to HTTP requests
API Gateway
API Calls (AWS SDK)
Scales
out
automatically :<3:
other serverless services
S3
API Gateway
DynamoDB
Architectures can get extremely complicated :fire:
AWS X-ray for debugging
cornerstone of AWS
Lambda functions are independent (1 event = 1 funtction)
Lambda function can trigger other Lambda functions
max. duration time is
5 minutes :!:
supported programming languages
C#
Java
Nodejs
Python
Lightsail
out of the box cloud
e.g. wordpress site
customisable
for people who don not use how to use AWS
AWS Global Infrastructure
Regions (14 in 2016)
Place where AWS ressources exists
geographical area
consist of 2 (or more AZ)
US East (N. Virgina) = Main Region
new stuff first
every service is available
Availibility Zones [AZ] (38 in 2016)
Is simply a datacenter
close to each other
not dependend to each other
Edge Locations (66 in 2016)
Content Delivery Network (CDN) Endpoint
AWS SDK
Default Region Virginia (US-EAST-1)
Supported Programming Languages
Nodejs
Ruby
Java
PHP
Python
.Net
Solution Architect Exam
Migration
DMS
(Database Migration Services)
migrate dbs inside aws cloud too
move to other regions
migrate into redshift, etc.
could change database product while migrating
no downtime
migrate on-premise dbs to aws
SMS
(Server Migration Services)
migrates Servers
especially VM Servers
replicates to aws cloud
Snowball (see Storage)
Analytics
Athena
SQL Queries on S3
turning flat files into searchable db
EMR
(Elastic Map Reduce)
big data processing
Search Engines
Elastic Search
open source framework
Cloud Search
fully managed service
provieded by AWS
e.g for website
e.g . for application
Kinesis
streaming and analyse real-time data
store terrabytes of data per hour
Data Pipeline
move data
e.g. from dynamo db to s3
Quick Sight
business analytics tool
creates visualisations
enrich dashboards
Application Services
Step Functions
visualisation activites inside application
visualisation of used microservices
new in 2016
SWF
(Simple Workflow Services)
Cornerstone Topic :!:
Coordinate Tasks (automatic and human)
Roles
Decider
coordinates tasks
Workers
program
interact with SWF
get task
process recieved tasks
return results
a task is never dublicated :pencil2:
SWF Domains
Scope (bundle components)
workflow
activity types
workflow excecution
different domains can not communicate
Parameter in JSON format
Max. Worklfow = 1 year (value is measured in seconds)
task-oriented
API
SWF keeps track of all tasks and events :!:
uses Key-Value-Pairs :silhouettes:
API Gateway
Door for apps
Secure API access
e.g. Angular.js in Client-Devices
GW > Lambda funciton > Request
AppStream
Streaming Desktop Application to users
Elastic Transcoder
Changes the video format for different devices
Developer Tools
CodeCommit
basiclly Github
CodeBuild
Compiling Code
pay by minute
CodeDeploy
CodePipeline
Trackable different Versions of code
Mobile Services
Mobile Hub
Add, configure, design Features
own console for mobile apps
Cognito
Signup
Social Identity
Store for authentications
Device Farm
Improve Quality
Testing on physical devices
Mobile Analytics
collect and analyse usage data
Pinpoint
new since 2016
understand & engage mobile users
Business Productivity
WorkDocs
Document Storage like S3
Additional Security
WorkMail
Sending Mail
Recieve Mail
iOT (Internet of Things)
announced 2015
keeping track of iot devices
soon with own certications
Desktop & App Streaming
WorkSpaces
no local OS
AppStream 2.0
Streaming Desktop Applications to users
Artificial Intelligence
The Big Thing to watch in the next 10-20 Years
lex
a
lex
a voice service
Polly
Text to Speech
Multilingual
only in few regions available
Machine Learning
Dataset analyze
Additional informations
Book Supertintelligence
Expert Elon Musk
Rekognition
Compare Faces
Analyze Pictures
ARN
Unique Resource Identifier
Amazon Resource Name
Format
hängt vom Service ab :warning:
arn:partition:service:region:account-
id:resource
arn:partition:service:region:account-
id:resourcetype/resource
arn:partition:service:region:account-
id:resourcetype:resource
History
2003 first concept of Amazon´s own international infrastructure
SQS officially launched in 2004
AWS offically launched in 2006
2010 all of amazon.com moved over
2012 First Re-Invent Converence
2013 Certifications launched
Learning
Web Ressources
https://acloud.guru
Ryan Kroonenburg
AWS Community Hero
AWS Solution Architect
Speaker re:invent
Sam Kroonenburg
https://linkedin.com/in/acloudguru
Twitter
acloudguru
https://www.youtube.com/c/acloudguru
App Exam Guru
http://dev.exam.acloud.guru
Price 20$
Mike Chambers
Reddit
https://reddit.com/r/amazonwebservices
Certificates
Employer Status
Standard Partner
4 Associate Certs
2 Professional Certs
Advanced Partner
2 Associate Certs
0 Professional Certs
Premier Partner
20 Associate Certs
8 Professional Certs
Exames
Associate Tier
Certified Solution Architect Associate
Certified Developer Associate
Blue Print
AWS Fundamentals 10%
Designing and Developing 40%
Deployment and Security 30%
Debugging 20%
80 Minutes
150$ Registration fee
amout of questions changes (around 55 Questions)
pass mark nearly 70% but it changes
Certified Sysops Administrator Associate
Professional Tier
Certified Solution Architect Professional
Devops Professional
Speciality
Security
Advanced Networking
Big Data
Test centre
Register online to test centre
https://www.webassessor.com
arrive up to 15 minutes early
MUST bring your Test Taker Authorization Code
2 forms of identification
photo Government issued ID
credit card
employee ID card
Rescheduling
more then 72 hours before
less then 72 hours
penalty (nearly 50%)
awscertification@amazon.com
https://aws.amazon.com/free/
SSH Terminal
Amazon Route 53 DNS Service
putty
domain name (optional)
Free Tier Account
Technolgies
Authenticating
Data Management
Event Sourcing
Materialized Views
Sharding
CQRS
Serverless Architecture
Pattern
Command Pattern : :star:
decouple caller and reciever
like REST API
Command Lambda calls other Lambdas
Messaging Pattern :star:
SQS
Priority Queue Pattern :star:
multiple queues
queues with different priority
realiability
sender to queue
reciver from queue
Lamda
No direct SQS integration
have to poll (scheduled lambda)
Fan-out pattern :star:
one event invoke multiple Lambda functions
use SNS with multiple
subscribers
parallel operations
Error Handling (Retry Pattern)
Pipes & Filters Pattern :star:
filter
transform data
pipe
pass data to other component
decompose complex processing task
series of services (pipeline)
multiple steps
Architectures
Compute as back end :star:
for web application
for mobile application
API Gateway
Lambda for crud
Legacy API wrapper :star:
add modern protocols and services
extended interoperability
front of legacy services
API Gateway
Lambda
Hybrid :star:
Standalone component
additional data processing
database backups
basic alerting
alongside traditional systems
GraphQL :star:
data query language
by Facebook (2015)
alternative to REST
gives power to the client
aggregates data from multiple sources
Real-time processing :star:
Kinesis Streams
data-intensive Applications
real-time reporting & analytics
Compute as glue :star:
#
glue between services
coordinating
invoking
workflows & pipelines