Introduction to Cloud Foundations Spring Semester
Class Notes April 8th - June 21
Top Links for Spring
Slack Channel for communication | SkillBuilder Link for E-Learning | Pete's Ai "Ask a Question" | 1:1 Office Hours on Demand |
---|---|---|---|
Click Here for Slack | Click here for E-Learning | Click here for Ai Q&A | Click Here for 1:1 Office Hours |
Staring Point for Certified Cloud Practitioner
https://aws.amazon.com/certification/certified-cloud-practitioner/
Exam Prep Enhanced: AWS Certified Cloud Practitioner Course
Click here to access Enhanced Course
Weeks 10 and 11 are time for you to dedicate to preparing for the Certified Cloud Practitioner Exam. As an ACI learner, you have access to the enhanced AWS Cloud Practitioner exam preparation course, created by the AWS Certification team.
To prepare for the exam, it is recommended that you complete the pre-test first. Then, study the domains on which you scored low. After studying the domains, take the Practice Exam to see your improvement and readiness. You can choose to study with any of these sections of the course:
- The domains have review videos, bonus practice questions, and flash cards.
- The labs are hands-on practice for those who prefer hands-on practice.
- The AWS Escape Room is a gamified review experience for those who prefer the CloudQuest experience.
Week 10 & 11 (~ 13 hrs)
- Get to know the exam
- Official Practice Set Questions
- Pre-test
- Domain 1 Cloud Concepts
- Domain 2 Security and Compliance
- Domain 3 Cloud Technology and Services
- Domain 4 Billing, Pricing, and Support
- AWS Escape Room (optional, will be introduced during Fun Friday)
- Practice Exam
- Register for Exam
Passing the Certified Cloud Practitioner Exam is not required for passing the Introduction to Cloud Foundations course.
Weekly Schedule
Learner Overview of ICF
Week 1
Quick Start Guide - https://explore.skillbuilder.aws/pages/95/quick-start-guide
Learner Handbook - https://explore.skillbuilder.aws/pages/84/learner-handbook
Important Calendar Dates - https://explore.skillbuilder.aws/pages/83/program-calendar
FAQ - https://explore.skillbuilder.aws/pages/85/faq
Getting help outside the classroom
Enrollment, Billing, Vouchers, Email Address Issues, Non Academic Issues
ACI Customer Support - https://support.aws.amazon.com/#/contacts/aws-training
Week 2
Play AWS Cloud Quest - https://cloudquest.skillbuilder.aws/
AWS Global Infrastructure - https://aws.amazon.com/about-aws/global-infrastructure/
Detail on AWS AZ's - https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/availability-zones.html
AWS Outposts - https://aws.amazon.com/outposts/rack/hardware-specs/
IAM Best Practices - http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Interacting with AWS - https://docs.aws.amazon.com/whitepapers/latest/aws-overview/accessing-aws-services.html
Configure the AWS CLI - https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html
AWS Command Line Practice
Week 3
Learner Services
https://explore.skillbuilder.aws/pages/82/learner-services
This Thursday April 25th Cloud Chat will be posted as a video replay by 5pm ET with a link to watch.
Design Principles
Marc Petricciani, Sr. Design Architect | CS Fixed
April 25, 2024
Get to know the design principles applied in resume creation.
Assuming an IAM role using AWS CLI
https://www.youtube.com/watch?v=-uogKFE1r60
Disaster Recovery Options
Continuous Integration and Continuous Delivery (CI/CD)
Lab 2 - Using Trusted Advisor
This lab practices the use of Trusted Advisor to review some security findings, one of those findings alerts the user to the fact that some unnecessary ports are exposed and how to fix them.
Security groups are logical firewalls, we will spend more time in the coming weeks showing greater depth on this subject.
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html
Week 4 Compute
Why go from Physical Servers to Virtual Machines ?
Physical Server | Virtual Machine |
---|---|
Large upfront costs | Small upfront costs |
No need for licensing purchase | VM software licenses |
Physical servers and additional equipment take a lot of space | A single physical server can host multiple VMs, thus saving space |
Has a short life-cycle | Supports legacy applications |
No on-demand scalability | On-demand scalability |
Hardware upgrades are difficult to implement and can lead to considerable downtime | Hardware upgrades are easier to implement; the workload can be migrated to a backup site for the repair period to minimize downtime |
Difficult to move or copy | Easy to move or copy |
Poor capacity optimization | Advanced capacity optimization is enabled by load balancing |
EC2 Instances Types Table - https://aws.amazon.com/ec2/instance-types/#instance-type-matrix
How to Choose the right Compute Platform
AWS Article - https://docs.aws.amazon.com/wellarchitected/latest/framework/perf_compute_hardware_select_best_compute_options.html
Typical EC2 Getting Started
AWS Documentation Your Friend
AWS Article User Data Scripts
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html
Week 4 Lab Launching an EC2 Instance using the Console
Staring Lab takes about 5 mins to warm up, Lab can take 90 mins or so to complete
Lab Tasks
Task 1: AWS Console login and Amazon EC2 console overview - (basic navigation of EC2 services page)
Task 2: Configure, launch and review the lifecycle of an EC2 instance - (launch instance, review instance state, STOP it)
Task 3: Modify an EC2 instance (modify instance t.3 micro and increase storage to gp3 - 30GB then terminate instance)
Task 4: Launch an EC2 Instance with additional configuration and test User-data implementation (check success Apache)
Task 5: Explore Reboot and Hibernate instance states - ( reboot may take a few minutes - refresh browser possible)
Task 6: Explore Elastic IP (create and associate Elastic IP - test to make sure it’s working - trouble shooting)
Task 7: Access and Explore the EC2 Instance Virtual Machine (connect and do admin update using CLI)
Task 8: Test Termination Protection
Week 5 Databases
Why go from to storing data in flat files to Databases ?
Databases were invented to provide an efficient and organized way to store, manage, and retrieve large amounts of data. Here are some of the main reasons that led to the development of database systems:
-
Data Redundancy and Inconsistency: Before databases, data was typically stored in flat files or spreadsheets, which often led to redundant and inconsistent data across different files or applications. Databases solved this problem by providing a centralized repository for data, eliminating redundancy and ensuring data consistency.
-
Data Integrity: Databases offer mechanisms to enforce data integrity rules, such as constraints and transactions, ensuring that data remains accurate and reliable even in the face of concurrent access or system failures.
-
Data Security: Databases provide built-in security features, such as user authentication, access control, and data encryption, to protect sensitive information from unauthorized access or modification.
-
Data Sharing and Concurrent Access: Databases enable multiple users or applications to access and manipulate data concurrently, while maintaining data integrity and consistency.
-
Data Independence: Databases separate the logical view of data from its physical storage, allowing changes to be made to the physical storage without affecting the logical structure or applications that access the data.
-
Query and Reporting: Databases offer powerful query languages, such as SQL, that allow users to retrieve, filter, and analyze data efficiently, enabling complex reporting and decision-making processes.
-
Application Development: Databases provide a structured and standardized way to store and access data, simplifying the development of applications that require data management capabilities.
-
Scalability and Performance: Modern database systems are designed to handle large volumes of data and provide efficient storage, indexing, and retrieval mechanisms, ensuring scalability and high performance as data grows.
The invention of databases revolutionized the way data is managed and processed, enabling organizations to leverage their data assets more effectively and make better-informed decisions.
Selecting the right database and database migration plan for your workloads
Decision Tree for AWS Databases
DynamoDB
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. DynamoDB lets you offload the administrative burdens of operating and scaling a distributed database so that you don't have to worry about hardware provisioning, setup and configuration, replication, software patching, or cluster scaling. DynamoDB also offers encryption at rest, which eliminates the operational burden and complexity involved in protecting sensitive data.
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GettingStartedDynamoDB.html
Week 6 Cloud Cost Management
Prompt to AWS Party Rock LLM
I am a new cloud application developer, learning to code on AWS cloud, what is the best way for me to help save money while I use AWS cloud services?
AWS Blog - AWS Cloud Financial Management
https://aws.amazon.com/blogs/aws-cloud-financial-management/cost-optimization-flywheel/
AWS (Amazon Web Services) places a significant emphasis on cost optimization for several reasons:
Cloud computing costs: One of the primary benefits of cloud computing is its pay-as-you-go pricing model, which allows customers to pay only for the resources they consume. However, if not managed properly, cloud costs can quickly escalate, especially for large-scale deployments or workloads with fluctuating resource demands.
Customer satisfaction: Cost optimization is crucial for customer satisfaction. By helping customers optimize their cloud spending, AWS ensures that customers can maximize the value they derive from their cloud investments, leading to higher customer retention and loyalty.
Competitive advantage: In the highly competitive cloud computing market, cost optimization can be a differentiating factor. AWS aims to provide cost-effective solutions that enable customers to achieve their business goals while minimizing unnecessary expenses.
Scalability and flexibility: AWS offers a wide range of services and pricing models, allowing customers to scale their resources up or down based on their needs. Cost optimization helps customers take advantage of this flexibility by identifying the most cost-effective configurations for their workloads.
Sustainability and efficiency: Cost optimization often goes hand-in-hand with resource optimization and efficiency. By optimizing costs, customers can reduce waste, improve resource utilization, and contribute to sustainability efforts.
Continuous improvement: AWS continuously invests in developing new cost optimization tools, features, and best practices. This ongoing effort reflects AWS's commitment to helping customers achieve cost-effective and efficient cloud deployments.
By emphasizing cost optimization, AWS aims to provide customers with a cost-effective and scalable cloud platform, enabling them to focus on their core business objectives while minimizing unnecessary expenses. This approach aligns with AWS's goal of delivering value to customers and maintaining a competitive edge in the cloud computing market.
AWS Pricing Calculator
Lets create an estimate
Here are some simple ways to save money on AWS services:
-
Right-sizing instances: Regularly review your instance types and sizes to ensure they match your workload requirements. Downsizing instances when possible or using Auto Scaling can help reduce costs.
-
Leverage spot instances: Spot instances are unused EC2 instances that AWS offers at a significant discount compared to On-Demand instances. They are suitable for fault-tolerant, flexible workloads.
-
Use reserved instances: For workloads with steady-state or predictable usage, reserved instances can provide significant cost savings compared to On-Demand pricing.
-
Implement auto-scaling: Auto Scaling helps automatically adjust resources based on demand, ensuring you don't pay for underutilized resources.
-
Delete unused resources: Regularly identify and remove unused or idle resources, such as unattached EBS volumes, unused Elastic IPs, or idle EC2 instances.
-
Leverage AWS pricing models: Explore different pricing models like AWS Savings Plans, which can provide discounts for consistent usage over a 1 or 3-year term.
-
Optimize storage: Use appropriate storage classes (S3 Standard, S3 Infrequent Access, or S3 Glacier) based on access patterns, and enable lifecycle policies to automatically transition objects to lower-cost tiers.
-
Implement cost monitoring and alerting: Use AWS Cost Explorer, AWS Budgets, and AWS Cost Anomaly Detection to monitor and receive alerts on unexpected cost spikes.
-
Take advantage of AWS free tier: Leverage the AWS Free Tier for eligible services to experiment and test workloads without incurring charges.
-
Consider AWS Graviton instances: AWS Graviton instances, powered by Arm-based AWS Graviton processors, can provide cost savings for certain workloads compared to x86-based instances.
By implementing these cost optimization strategies, you can significantly reduce your AWS spending while still benefiting from the scalability and flexibility of the cloud.
Amazon CloudWatch Anomaly Detection
https://aws.amazon.com/blogs/aws/new-amazon-cloudwatch-anomaly-detection/
Setup a Cost Monitor
Anomaly Detected
Labology
Setting up your own Personal Account - Ways to monitor savings
https://repost.aws/knowledge-center/free-tier-charges
https://aws.amazon.com/blogs/aws-cloud-financial-management/beginners-guide-to-aws-cost-management/
To effectively monitor and manage spending on your personal AWS account, follow these best practices:
-
Enable AWS Cost Explorer:
- AWS Cost Explorer is a powerful tool that provides detailed insights into your AWS costs and usage.
- It allows you to visualize and analyze your costs by service, linked account, AWS Region, and more.
- Enable Cost Explorer and familiarize yourself with its features to gain visibility into your spending patterns.
-
Set up AWS Budgets:
- AWS Budgets allow you to create custom budgets and receive alerts when your actual or forecasted costs exceed the budgeted amount.
- Set up budgets based on your expected monthly or yearly spending limits.
- Configure alerts to be sent via email or Amazon Simple Notification Service (SNS) when thresholds are breached.
-
Activate AWS Cost Anomaly Detection:
- This service continuously monitors your cost and usage data to identify anomalies and potential cost spikes.
- It can alert you when it detects unusual spending patterns, helping you quickly investigate and take action.
-
Enable AWS Cost Allocation Tags:
- Cost Allocation Tags allow you to categorize and track your AWS costs based on custom tags (e.g., project, environment, department).
- Apply tags consistently across your resources to gain better visibility into cost attribution.
-
Leverage AWS Free Tier:
- AWS Free Tier offers a range of services and resources that are free for 12 months (subject to certain limits).
- Take advantage of the Free Tier for eligible services to minimize costs while experimenting or running small workloads.
-
Review AWS Trusted Advisor:
- AWS Trusted Advisor provides recommendations and best practices across various categories, including cost optimization.
- Review the cost optimization recommendations and implement the suggested actions to optimize your spending.
-
Automate Resource Cleanup:
- Implement automated processes or scripts to identify and terminate unused or idle resources (e.g., EC2 instances, EBS volumes, Elastic IPs).
- Consider using AWS Lambda functions or AWS Systems Manager Automation to automate resource cleanup.
-
Monitor AWS Billing and Cost Management Blog:
- Stay updated with the latest cost optimization tips, best practices, and new AWS cost management features by following the AWS Billing and Cost Management Blog.
By following these best practices, you can gain better visibility into your AWS spending, set appropriate budgets and alerts, and implement cost optimization strategies to effectively manage your personal AWS account costs.
Week 7 Networking
"the idea of cloud computing may have originated with J.C.R. Licklider in the 1960s when he worked on ARPANET to connect people and data from anywhere at any time"
RFC 790 Assigned Numbers
https://datatracker.ietf.org/doc/html/rfc790
The IPv4 range is split using classful addressing into smaller ranges. This architecture divides IPv4 addresses into 5 address classes by using the leading four address bits.
`The Class A range starts at 0.0.0.0 and ends at 127.255.255.255, providing over 2.1 billion IP addresses.
The Class B range starts at 128.0.0.0 and ends at 191.255.255.255, providing a little over 1 billion IP addresses.
The Class C range starts at 192.0.0.0 and ends at 223.255.255.255, providing a little over 2 million IP address.
There are also Class D and Class E IP ranges.`
The classful process was eventually replaced with CIDR. CIDR removes the limitations of being limited to class A, B, and C size networks and adds address space use and routing scalability.
RFC 1918 Private IP addresses
https://datatracker.ietf.org/doc/html/rfc1918
'The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)`
Networking 1 Module is supported by the concept of Virtual Private Cloud (VPC)
As an application developer working with AWS, the important information you need to know about AWS networking includes:
-
Virtual Private Cloud (VPC):
- Understanding the concept of a VPC and its role in providing an isolated virtual network environment for your AWS resources.
- Familiarity with VPC components like subnets, route tables, internet gateways, and network access control lists (NACLs).
-
Subnets:
- Knowledge of public and private subnets, and their use cases.
- Understanding the importance of subnet placement for resources that require internet access or internal-only communication.
-
Security Groups:
- Understanding security groups as virtual firewalls for controlling inbound and outbound traffic to and from your resources.
- Ability to define appropriate security group rules based on your application's networking requirements.
-
Network Address Translation (NAT) Gateways:
- Knowledge of NAT gateways and their role in enabling internet access for resources in private subnets.
- Understanding when and how to configure NAT gateways for your application's architecture.
-
Elastic IP Addresses:
- Familiarity with Elastic IP addresses and their use cases, such as associating them with NAT gateways or EC2 instances in public subnets.
-
Route Tables:
- Understanding the purpose of route tables and their role in controlling traffic flow within and outside your VPC.
- Ability to configure appropriate routes for internet access, VPC peering, or on-premises connectivity.
-
Load Balancing:
- Knowledge of Elastic Load Balancing (ELB) services, such as Application Load Balancers (ALB) and Network Load Balancers (NLB).
- Understanding how to configure load balancers within your VPC for distributing traffic to your application instances.
While there are many advanced networking concepts and services in AWS, having a solid understanding of these fundamental networking components and their role in your application's architecture is crucial for application developers working with AWS.
The Default VPC in each Region
Labology
VPC User Guide
https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
Some Examples of VPC's for different Application Scenarios
Simple VPC for Development and Testing
Deploying a Typical Web based Application with a Database
Private Servers that need other Service reachability
One Diagram for AWS Networking
Week 8 Security
WHY???
As a Python developer working with AWS cloud services, you should care about cloud security for several reasons:
Data Protection:. When you deploy applications and store data in the cloud, you are responsible for ensuring the confidentiality, integrity, and availability of that data. Failing to implement proper security measures can lead to data breaches, unauthorized access, or data loss, which can have severe consequences for your organization and its customers.
Compliance: Depending on your industry and the type of data you handle, you may be subject to various compliance regulations, such as GDPR, HIPAA, or PCI-DSS. Failing to comply with these regulations can result in hefty fines and legal penalties.
Reputation and Trust: Security incidents, such as data breaches or service disruptions, can significantly damage your organization's reputation and erode customer trust. This can lead to loss of business, revenue, and market share.
Cost Implications: Recovering from security incidents can be costly, involving expenses for incident response, forensic investigations, legal fees, and potential regulatory fines. Implementing proper security measures from the outset can help prevent or mitigate these costs.
Shared Responsibility Model: In the cloud, security is a shared responsibility between the cloud provider (AWS) and the customer (you). While AWS is responsible for securing the underlying infrastructure, you are responsible for securing your applications, data, and configurations within the cloud environment.
Top Issues
As a Python developer working with AWS cloud services, you will likely face the following top 5 security issues:
Identity and Access Management (IAM): Ensuring proper access controls and least privilege access to AWS resources is crucial. Misconfigurations or overly permissive IAM policies can lead to unauthorized access and potential data breaches.
Data Protection: Protecting sensitive data, such as credentials, API keys, and customer data, is a critical concern. You need to implement encryption, secure storage, and secure transmission of data to prevent data leaks or unauthorized access.
Secure Coding Practices: As a developer, you need to follow secure coding practices, such as input validation, output encoding, and secure authentication and authorization mechanisms, to prevent vulnerabilities like SQL injection, cross-site scripting (XSS), and other common web application vulnerabilities.
Infrastructure Security: Securing your cloud infrastructure, including virtual private clouds (VPCs), security groups, network ACLs, and other AWS services, is essential to prevent unauthorized access and protect your applications and data.
Monitoring and Logging: Implementing robust monitoring and logging mechanisms is crucial for detecting and responding to security incidents promptly. You need to monitor and log activities, configurations, and events across your AWS resources and applications.
By understanding and addressing these security concerns, you can help protect your applications, data, and infrastructure in the AWS cloud environment, ensuring compliance, maintaining customer trust, and minimizing the risk of security incidents and their associated costs.
IAM Roles
As an application developer working with AWS cloud services, you may encounter the following common IAM (Identity and Access Management) roles:
Developer Role: This role typically grants permissions for developers to access AWS services and resources required for application development and deployment. It may include permissions for services like AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, AWS Lambda, Amazon S3, Amazon DynamoDB, and others, depending on the application's requirements.
CI/CD Role: This role is specifically designed for Continuous Integration and Continuous Deployment (CI/CD) processes. It grants permissions for services like AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, Amazon ECR (Elastic Container Registry), and others, allowing automated build, test, and deployment processes.
Application Role: This role is assumed by your application or service to access other AWS resources on behalf of the application. For example, if your application needs to read data from an Amazon S3 bucket or write logs to Amazon CloudWatch Logs, you would create an application role with the necessary permissions and have your application assume this role.
Monitoring Role: This role grants permissions for monitoring and logging services like Amazon CloudWatch, AWS CloudTrail, and AWS X-Ray. It allows you to access and analyze logs, metrics, and traces for your applications and infrastructure.
Database Role: If your application interacts with AWS database services like Amazon RDS or Amazon DynamoDB, you may create a dedicated role with permissions to access and manage these databases.
Deployment Role: This role is used for deploying your application or infrastructure resources using services like AWS CloudFormation or AWS Elastic Beanstalk. It grants permissions to create, update, and manage the necessary resources during deployment.
Administrator Role: While not recommended for day-to-day development activities, an administrator role with broad permissions may be required for initial setup, configuration, or troubleshooting tasks within your AWS account.
It's important to note that you should follow the principle of least privilege when creating and assigning IAM roles. Each role should have only the necessary permissions required for its specific purpose, and you should regularly review and rotate access keys and credentials for added security.
Additionally, you can leverage AWS managed policies or create custom policies to define the specific permissions required for each role, making it easier to manage and maintain access controls across your AWS resources.
Applications use Roles to gain access
AWS Security Reference
Week 9 Storage
Developer Use Cases
When an AWS developer needs to store data and code, AWS provides several services to choose from, each with its own use cases. Here are some of the common choices and their typical use cases:
Amazon S3 (Simple Storage Service):
Use Case: Object storage for files, documents, images, videos, backups, and static website hosting. Suitable for storing and retrieving large amounts of unstructured data.
Amazon EBS (Elastic Block Store):
Use Case: Block-level storage volumes for EC2 instances. Suitable for storing data that needs to be attached to an EC2 instance, such as databases or file systems.
Amazon EFS (Elastic File System):
Use Case: Scalable file storage for EC2 instances. Suitable for sharing file data across multiple EC2 instances or for applications that require a file system interface.
Amazon RDS (Relational Database Service):
Use Case: Managed relational database service for MySQL, PostgreSQL, Oracle, SQL Server, and Amazon Aurora. Suitable for storing structured data in a relational database.
Amazon DynamoDB:
Use Case: Fully managed NoSQL database service. Suitable for storing and retrieving large amounts of semi-structured or unstructured data with low latency.
AWS CodeCommit:
Use Case: Hosting and managing Git-based version control repositories. Suitable for storing and managing application code and collaborating with other developers.
AWS CodeBuild:
Use Case: Fully managed build service for compiling source code, running tests, and producing software packages. Suitable for building and testing code as part of a continuous integration and deployment (CI/CD) pipeline.
AWS Lambda:
Use Case: Running code without provisioning or managing servers (serverless computing). Suitable for storing and running small pieces of code (functions) in response to events or triggers.
AWS Elastic Container Registry (ECR):
Use Case: Fully managed Docker container registry. Suitable for storing, managing, and deploying Docker container images.
AWS Elastic Container Service (ECS) or AWS Elastic Kubernetes Service (EKS):
Use Case: Deploying and managing containerized applications. Suitable for running and scaling containerized applications, including storing and managing container images and configurations.
The choice of storage service depends on the specific requirements of your application, such as the type of data (structured, semi-structured, or unstructured), access patterns, performance needs, and integration with other AWS services. Additionally, factors like scalability, durability, and cost should also be considered when selecting the appropriate storage solution.
Decision Trees
관련 콘텐츠
- AWS 공식업데이트됨 9달 전
- AWS 공식업데이트됨 2년 전