Please enable JavaScript.

Coggle requires JavaScript to display documents.

AWS Whitepaper (Web services (Security, Identity and Compliance (Identity…

- - - - interactive query services for easier data analysis using SQL
      - serverless so no infrastructure to manage
    - - a managed Hadoop framework
      - for big data use cases like machine learning, log analysis and data transformations
    - - lets you add search functions to your applications
      - managed by AWS
    - - makes it easy to deploy and scale Elasticsearch to search, analyse and visualise data in almost real time
      - for operational analytics such as application monitoring, log analytics
    - - Kinesis data firehose
        
        load streaming data into data stores and analytics tools like S3 and Redshift
        
        fully managed
      - Kinesis data analytics
        
        analyse streaming data
        
        scales automatically to match volume and throughput of incoming data
      - Kinesis data streams (KDS)
        
        real-time streaming service from sources like social media feeds and financial transactions
        
        can store results data in S3, DynamoDB or Redshift
      - Kinesis video streams
        
        streams video for machine learning, computer vision and video analytics
    - - data warehouse where analysis of data in your data warehouse and lake can occur
      - data warehouse is for large amount of data; columnar storage
    - - create and publish dashboards on data insights
      - Business Intelligence
    - - allows you to process and move data between different AWS compute and storage services
    - - loads and prepares data for analytics
      - Extract, Transform, Load (ETL) = take data from a source, clean it and put it on destination
    - - lets you set up data lake (= repository of all your data in original and ready-for-analysis form)
      - encrypts data
    - - helps build and run apps that use Apache Kafka (platform for building real-time data streaming pipelines and apps) to process streaming data
      - fully mananged
  - - - coordinate multiple apps into serverless workflow so that you can build and update apps quickly
      - coordinate the components of distributed applications as a series of steps in a visual workflow
    - - message broker service for setting up and operating message brokers which allow apps of different programming languages to communicate to each other
    - - message queueing service that allows you to decouple and scale microservices, distributed systems and serverless apps; uses message queue to decouple; decoupling means there is no dependency on a single component
    - - notification services that allows you to decouple microservices, distributed systems and serverless apps
      - notifications can trigger actions in SQS, Lambda and webhooks
      - for building and integrating loosely-coupled, distributed applications
    - - allows developers to operate and scale background tasks that are sequential
      - coordinate work across distributed app components
  - - - lets you create AR/VR apps without specialised programming or 3D expertise
  - - - interface that allows you to see and manage you costs and usage
    - - allows you to set budgets and alerts you if you exceed
      - alerts can be sent via email or SNS
    - - single location for comprehensive info about cost and usage
      - more detailed than cost explorer
    - - RI utilisation and coverage reports in cost explorer
  - - - lets you create and manage blockchain networks using Ethereum or Hyperledger Fabric (open source frameworks)
      - fully managed
  - - - use Alexa at work as intelligent assistant
    - - enterprise sharing and storage service with admin controls and feedback capabilities
    - - business email and calendar service
      - supports email clients like Outlook
    - - online meetings
  - - - web service that provides scalable compute capacity in the cloud; can back up with snapshots that get stored in S3
      - instance types of reserved (up to 75% cheaper than on-demand), on-demand and spot instances
      - backup using snapshots; deploy os instances; to access public internet, EC2 instance needs public IP address and route to Internet Gateway (NAT instance and NAT gateways are used by EC2's in private subnets); dedicated hosts tenancy model means you get a physical sever for just you and you have visibility on where instances are placed; root storage devices are EBS and instance store (but instance store is ephemeral)
    - - automatically add or remove instances acc to conditions you define
      - needs launch configuration and scaling group; launches in multiples AZs but within a region
    - - Docker container registry for storing, managing and deploying Docker container images (Docker is an OS-level virtualisation software platform; container contains all dependencies and code required to run code in different environments; image contains system libraries, tools, and other files and dependencies for the executable code)
      - fully managed
    - - allows you run containerised apps on AWS
    - - deploy, manage and scale containerised apps using Kubernetes (Kubernetes used for managing containerised workloads and services)
    - - launch and manage private virtual server
      - includes everything you need to launch your project quickly – a virtual machine, managed MySQL db, SSD-based storage, data transfer, DNS management, and a static IP; like Beanstalk but less customisation so for smaller projects and no need for expertise (like knowledge in VPC)
    - - run batch computing jobs
    - - deploying and scaling web apps and services
      - automatic deployment - just provide code
    - - lets you run containers without managing servers or clusters of virtual machines
      - used with ECS through Fargate launch type
    - - run code without provisioning servers (serverless)
      - runs code in response to events (from DynamoDB and S3 or messages added to SQS queue) ie. as functions
    - - quickly deploy code samples, components and complete apps
      - share apps
    - - brings AWS services to on-prem for hybrid deployment model
    - - migrate and extend their on-prem VMWare vSphere-based environments with AWS cloud
  - - - contact center
      - self-service graphical interface for designing contact flows, manage agents and track performance metrics
    - - email sending service for digital marketers and businesses to keep in touch with customers
  - - - MySQL and PostgreSQL compatible (faster than them) and optimised relational db engine
      - fully managed so does patching, hardware provisioning, db setup and backups automatically
      - different to RDS cos greater availability (replicated across 3 AZs)
      - has multi-master feature (not multi-AZ feature) for high aviailability
    - - like RDB but managed by AWS so resizable and automatic hardware provisioning, db setup, patching and bakcups
      - 6 poss db engines: PostgreSQL, MySQL, MariaDB, Oracle, Microsoft SQL server and Aurora
      - supports complex queries and joints; Multi-AZ feature helps with disaster recovery by replicating data; read replicas (using MySQL, PostgreSQL, Aurora or MariaDB engine) feature for db that's experiencing heavy traffic using cross-AZ or within AZ options; can't be scaled without downtime cos RDS is EC2 instances; transactional db, doesn't do analytics; reserved instances possible; PaaS
    - - deploy on-prem VMWare managed dbs using RDS tech so that it's resizable and automatic hardware provisioning, db setup, patching and bakcups
    - - non-relational ie. NoSQL like MongoDB
      - fully managed NoSQL db service; can be scale without downtime
      - replicated across 3 AZs synchronously; pricing can be provisioned or on-demand model; reservations possible
    - - in-memory cache in the cloud
      - data caching helps improve performance
      - supports Memcachced and Redis db engines
    - - fully-managed graph db service
    - - ledger db of transaction log
      - data is immutable
      - serverless
    - - db for IoT and operational apps for data that measures how things change over time + for processing data by time intervals
  - - - cloud desktop service
    - - fully managed application streaming service; centrally manage desktop apps and deliver them to any computer eg. for students of a class that needs x apps
  - - - source control service for scalable git repos; fully managed
    - - build service that compiles source code, runs tests, and produces software packages that are ready to deploy; fully managed
    - - automates code deployment to any instance
    - - continuous delivery service for automating release pipelines every time there is a code change; fully managed; can integrate with Github
    - - manage software development activities on unified user interface
    - - multi-platform OpenJDK for developing and running Java apps on popular OS
    - - cloud-based IDE for writing code on web browser
    - - analyse and debug distributed apps to see how they're performing and troubleshoot
  - - - game servers for session-based multiplayer games
    - - 3D game engine
  - - - monitoring and management service; gives operational data and actionable insights + monitors application performance
      - stores log files from resources in S3 buckets (CloudTrail for auditing); CloudWatch for performance monitoring; shows CPU, disk and network packets related data by default
    - - automatically adjusts capacity
    - - automates the set-up of baseline environment for consistent compliance and security among different users
    - - view operational data from multiple AWS services and automate operational tasks
      - create resource groups (resources associated with a workload) using tags for aggregate data
    - - create, provision and update collection of related resources; deploys infrastructure as code
      - create templates to describe your resources and dependencies; visualise the templates using CloudFormation Designer
    - - records AWS API calls
    - - evaluate and audit config changes; for config change management; can compare to desired config
      - fully managed
    - - configuration management service
      - uses Chef cookbooks and Puppet to automate how servers are configured
    - - create catalog of IT resources approved for use on AWS
    - - for best practice recommendations
      - shows service limits and whether you are approaching them
    - - alerts and guidance when AWS is experiencing events that might affect you
    - - ongoing management of your AWS infrastructure
    - - phone app that combines health dashboard, cloudwatch and billing
    - - compares your workloads to AWS architectural best practices
  - - - track progress of app migrations
    - - helps plan migration by collecting data about on-prem data centers
    - - helps migrate dbs
    - - transfer large amount of data in and out of AWS
    - - transfer even larger amounts of data
    - - automate moving data between on-prem and S3/EFS
    - - transfer files in and out of using Secure File Transfer Protocol (SFTP)
    - - migrate virtual machines from VMware vSphere and Windows Hyper-V to AWS
  - - - provision a logically isolated part of AWS cloud where you can launch AWS resources in a virtual network you define
      - span all AZs within its region
    - - CDN service that delivers data and content
      - can prevent DDoS attacks cos filter requests for valid ones
    - - DNS web service that routes apps to end users through human readable names
      - has health checks for app performance; also does domain registration and traffic management
    - - secures data shared with cloud-based apps by not exposing it to public internet
    - - dedicated network connection from your premises
        to AWS
      - speed of 1 or 10 Gbps
    - - improve availability by using AWS global network instead of public networks
    - - create, maintain and publish APIs
      - CloudFront is public endpoint of API Gateway
    - - discover resources' health by registering all resources of an app
    - - automatically distributes incoming application traffic across multiple targets
      - Application Load Balancer for HTTP/S traffic; Network Load Balancer for TCP traffic; Classic Load Balancer for either so less targeted traffic control
    - - lets you connect to AWS VPC from on-prem data centre
  - - - shows overview high-priority security alerts
    - - directory for organising hierarchies of data
    - - control access to AWS services and resources by users in your org; has Access Advisor that show unnecessary permissions; authentication methods include server certificates and access keys (likewise when using APIs)
      - can assign to user access key and secret access key for programmatic access + password/username for console access
    - - threat detection service that continuously monitors for malicious or unauthorized behavior in your accounts and resources
    - - automated security assessment service that helps improve the security and compliance of applications deployed on AWS
      - agent installed in EC2
    - - uses machine learning to automatically discover, classify, and protect sensitive data in AWS
    - - has info on compliance; go-to for access to AWS’ security and compliance reports and select online agreements
    - - deploy and maintain Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services
      - SSL/TS certificates to establish identity of websites for secure connection
    - - cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud
    - - helps you centrally manage WAF rules over your apps
    - - create and manage keys and control the use of encryption
      - centralised control over encryption keys; integrated in RDS and EBS
    - - centrally managing policies for multiple accounts
      - no charge; best practice to do MFA on root account and to only pay with billing account ie. don't launch instances from it
    - - rotate, manage, and retrieve database credentials, API keys, and other secrets
    - - Distributed Denial of Service (DDoS) protection service for web applications
    - - centrally manage SSO access
        to multiple AWS accounts and business applications
    - - Web application firewall that protects your apps from common web exploits eg. SQL injection can be blocked by creating a custom rule that blocks its attack patterns
      - Operates up to application layer (7)
    - - lets you add user sign up, sign-in and access control to web and mobile apps
  - - - object storage buckets; buckets are region-specific; objects consist of key and value; can create folders
      - designed for 99.999999999% (11 9's) of durability
      - Availability SLAs are: S3 Standard-IA = 99.9%; S3 One Zone-IA = 99%; Amazon Glacier = no SLA; Cross-region replication(CRR) enables automatic, asynchronous copying of objects across buckets in different AWS Regions
    - - persistent block storage volumes for use with Amazon EC2 instances
      - root EBS volume (what OS boots from) deleted but not non-root EBS volume on termination of EC2
      - EBS snapshots stored in S3
    - - file system for Linux-based workloads; connect to storage from on-premise servers using standard file protocols; can be mounted using the NFS protocol to many EC2 instances simultaneously; connect to multiple EC2 instances simultaneously
      - fully managed
    - - file system that is optimized for compute-intensive workloads
      - fully managed
    - - move Windows-based apps that require file storage to AWS with this service's Microsoft Windows file system
      - fully managed
    - - for data archiving and backup cos low cost (but takes longer to retrieve; options of few minutes to hours for retreival)
      - 99.999999999% (11 9's) durability
    - - allows on-prem apps to use AWS storage
- - - - building blocks/infrastructure; about fully controlling hardware
    - - no need to worry about infrastructure (eg. no need for patching, no need to select EC2s) so you can focus on deployment and management; can develop with it eg. APIs
    - - provides completed product; no need to worry about how the service is maintained/no control over how it's configured ie. little customisation; managed
  - - - All parts of application in cloud; fully deployed in cloud
    - - connect infrastructure and applications between cloud-based resources and on-prem resources
    - - Companies' data centers; a kind of a 'private cloud' cos dedicated resources
  - - - Has 1 or more data centres
      - Isolated from other AZs but if in same region, connected with low latency links
      - Independent failure zone ie. physically separated from each other
    - - Has 2 or more AZs
      - Isolated from other regions