Cloud Computing: Traditional vs Cloud

Questions and Answers

Which of the following best describes the benefit of using cloud computing over traditional on-premises computing?

• Eliminates the need for physical hardware maintenance and reduces upfront expenses. (correct)
• Requires higher upfront costs but lower long-term costs.
• Increases the complexity of managing IT infrastructure.
• Offers less flexibility in scaling resources.

A company wants to migrate its applications to the cloud but needs to maintain some resources on-premises. Which cloud deployment model is most suitable for this scenario?

• Cloud
• Hybrid (correct)
• IaaS
• On-Premises (Private Cloud)

Your company needs a solution where they can quickly deploy and scale web applications without managing the underlying infrastructure. Which cloud service model should they use?

• On-Premises
• PaaS (correct)
• IaaS
• SaaS

Which of the following AWS services is analogous to a traditional on-premises server?

Amazon EC2 (C)

Why does cloud computing allow for lower prices through massive economies of scale?

Cloud providers serve many customers, spreading costs across a larger user base. (D)

A company wants to increase its agility by quickly accessing IT resources. How does cloud computing help achieve this?

New IT resources can be accessed in minutes. (B)

What is a key benefit of using web services for application communication?

They are independent of programming languages and operating systems. (B)

Which of the following is a key benefit of using AWS for IT solutions?

Paying only for what you use. (D)

A company needs to run large-scale batch workloads on AWS. Which compute service is most suitable for this?

AWS Batch (C)

Which of the following AWS services allows you to manage and monitor your AWS resources and applications?

AWS CloudWatch (B)

A company wants to ensure they are following AWS best practices in their cloud adoption journey. Which AWS framework should they use?

AWS CAF (A)

Which AWS CAF perspective focuses on aligning cloud initiatives with business goals?

Business (C)

Stakeholders from which AWS CAF perspective would assess organizational structure and identify skill gaps?

People (B)

Which perspective of the AWS CAF focuses on ensuring IT efforts directly contribute to achieving business goals while managing potential risks?

Governance (C)

Which of the following is considered a core element that AWS costs are based on?

Compute, Storage, and Outbound Data Transfer (C)

What AWS pricing concept allows you to receive discounts if you commit to using resources in advance?

Pay less when you reserve (B)

A company wants to save up to 75% on Amazon EC2 costs. Which pricing model should they use?

Reserved Instances (RIs) (C)

Which type of Reserved Instance provides the biggest discount but requires paying everything upfront?

All Upfront (AURI) (C)

What is a key benefit of volume-based discounts in AWS?

Lower costs per unit with increased usage. (B)

AWS offers a free tier for new customers. Which service is available for free use within this tier?

Amazon EC2 T2 micro instance (C)

A company requires full control over their IT infrastructure. Which deployment model is more suitable: on-premises or cloud?

On-premises (A)

What does Total Cost of Ownership (TCO) include when comparing on-premises vs. cloud solutions?

Direct and indirect costs of owning a service (B)

Which tool does AWS provide to help estimate your monthly AWS costs?

AWS Pricing Calculator (D)

Which of the following is considered a 'hard benefit' of moving to the cloud?

Reduced spending on compute, storage, networking, and security (A)

What is the key benefit of using AWS Organizations?

Centralized management of multiple AWS accounts. (D)

In AWS Organizations, what is the top-level container for all accounts and organizational units?

Root (B)

What is the purpose of Service Control Policies (SCPs) in AWS Organizations?

Control access across multiple AWS accounts. (C)

Which AWS billing tool provides a detailed breakdown of your monthly AWS charges?

AWS Bills (C)

Which cost management tool helps you visualize, analyze, and explore your AWS spending patterns over time?

AWS Cost Explorer (C)

Which AWS tool enables you to set custom cost or usage budgets and receive alerts when your spending exceeds the set limits?

AWS Budgets (B)

A company needs proactive management and expert guidance for their mission-critical workloads. Which AWS support plan should they choose?

Enterprise Support Plan (B)

What factor is MOST important to consider when choosing an AWS Region?

The proximity to users to reduce latency (D)

What is the primary purpose of AWS Availability Zones (AZs)?

To provide isolated locations for high availability, fault tolerance, and scalability (B)

What does Amazon CloudFront do to speed up content delivery?

Routes requests to the nearest edge location (D)

Which of the following is a key benefit of the AWS Global Infrastructure?

Built-in redundancy for fault tolerance (B)

Which AWS storage service is ideal for archiving and long-term backups at a low cost?

Amazon S3 Glacier (D)

Which compute service runs code without managing servers and charges only for compute time used?

AWS Lambda (C)

Which AWS database service simplifies setting up, operating, and scaling relational databases?

Amazon RDS (D)

What is AWS responsible for in the shared responsibility model?

Security 'of' the cloud (C)

In the shared responsibility model, what are customers responsible for?

Security 'in' the cloud (D)

Flashcards

What is Cloud Computing?

Renting IT resources over the internet, paying only for what you use.

What is Traditional Computing?

Traditional computing using physical hardware, requiring upfront costs and management.

What is a Key Benefit of Cloud Computing?

Treats infrastructure like software, providing flexibility and scalability.

IaaS (Infrastructure as a Service)

Provides basic IT resources like virtual machines and storage.

PaaS (Platform as a Service)

Manages infrastructure so you can focus on building and deploying applications.

SaaS (Software as a Service)

Provides ready-to-use software managed by the provider.

Cloud Deployment Model

Application runs entirely in the cloud, built or migrated there.

Hybrid Deployment Model

A mix of cloud and on-premises resources.

On-Premises (Private Cloud) Deployment Model

Resources are hosted locally, offering control but lacking cloud benefits.

Trade Capital Expense for Variable Expense

Pay only for what you use, reducing maintenance efforts.

Benefit from Massive Economies of Scale

Lower prices by sharing resources with many users.

Stop Guessing Capacity

Easily scale up or down based on real demand, avoiding waste or shortage.

Increase Speed and Agility

Access resources in minutes, speeding up development.

Stop Spending Money on Data Centers

Focus on growing your business, not maintaining data centers.

Go Global in Minutes

Easily deploy worldwide for better customer experiences at minimal cost.

What is a Web Service?

Software accessed over the internet, using standards like XML or JSON for communication.

What is Amazon Web Services (AWS)?

Secure platform providing on-demand IT resources; compute, storage, networking, and databases.

Flexibility (AWS)

Automatically scale resources up or down.

Cost Efficiency (AWS)

Pay only for what you use; operational expense, not capital expense.

Integration (AWS)

AWS services work together to create scalable solutions.

Amazon EC2

Full control over virtual servers.

AWS Lambda

Run code without managing servers.

AWS Elastic Beanstalk

Automatically deploy and scale web applications.

Amazon Lightsail

Simple cloud hosting for small applications.

AWS Batch

Run large-scale batch workloads.

AWS Outposts

Use AWS infrastructure on-premises.

Amazon ECS / EKS / AWS Fargate

Container management and orchestration.

VMware Cloud on AWS

Migrate on-premises virtualized environments to AWS.

AWS Management Console

A graphical interface for managing AWS services.

AWS Command Line Interface (CLI)

A command-based tool for AWS interaction from the terminal.

AWS SDKs

Libraries to integrate AWS into applications using programming languages.

AWS Cloud Adoption Framework (CAF)

Identifies gaps and provides best practices for cloud adoption.

Business Perspective (AWS CAF)

Aligning cloud with business goals.

People Perspective (AWS CAF)

Developing cloud skills.

Governance Perspective (AWS CAF)

Ensuring policies and compliance.

Platform Perspective (AWS CAF)

Managing cloud infrastructure.

Security Perspective (AWS CAF)

Protecting data and resources.

Operations Perspective (AWS CAF)

Managing day-to-day cloud activities.

Compute (AWS Costs)

Processing power.

Storage (AWS Costs)

Saving data.

Study Notes

Cloud Computing Overview

• Cloud computing involves renting computing resources over the internet, paying only for what is used.
• AWS manages these resources in data centers worldwide, allowing easy application building and running.

Traditional Computing vs. Cloud Computing

• Traditional computing relies on physical hardware, leading to high upfront costs, space requirements, and staffing needs.
• Purchasing and setting up servers traditionally can be slow and requires estimating future needs, leading to potential waste or shortages.
• Cloud computing offers flexibility by treating infrastructure like software, allowing on-demand resource scaling and pay-per-use pricing.

Cloud Computing Service Models

• IaaS (Infrastructure as a Service): Provides basic IT resources with maximum control, similar to traditional IT setups.
• PaaS (Platform as a Service): Manages infrastructure, enabling focus on application building without hardware or OS concerns.
• SaaS (Software as a Service): Provides ready-to-use software managed by the provider, like web-based email.

Cloud Computing Deployment Models

• Cloud: Applications run entirely in the cloud, either newly built or migrated.
• Hybrid: Combines cloud and on-premises resources.
• On-Premises (Private Cloud): Resources are hosted locally, offering control but lacking cloud benefits.

AWS Services and Traditional IT Equivalents

• Security: AWS security groups, network ACLs, and IAM mirror firewalls, access control lists, and administrators.
• Networking: Elastic Load Balancing and Amazon VPC are similar to routers, network pipelines, and switches.
• Compute: Amazon Machine Images (AMIs) and EC2 instances resemble on-premises servers.
• Storage: AWS storage services (EBS, EFS, S3, RDS) are similar to direct attached storage, SAN, NAS, and RDBMS.
• AWS offers added flexibility and scalability compared to traditional data centers.

Advantage 1 – Trade Capital Expense for Variable Expense

• Cloud computing shifts from upfront investments in physical assets to paying only for used resources.
• This saves money, allows quick scaling, and reduces maintenance efforts.

Advantage 2 – Benefit from Massive Economies of Scale

• Cloud computing leverages large-scale infrastructure built by providers like AWS.
• Costs are spread across numerous users, resulting in lower pay-as-you-go prices.

Advantage 3 – Stop Guessing Capacity

• Cloud computing allows easy scaling based on real demand, preventing resource waste or shortages.
• You can access precisely what is needed in minutes, removing guesswork.

Advantage 4 – Increase Speed and Agility

• Cloud computing provides quick access to new IT resources, reducing deployment time from weeks to minutes.
• This accelerates development and experimentation.

Advantage 5 – Stop Spending Money on Running and Maintaining Data Centers

• Cloud computing eliminates the need to maintain physical data centers, focusing resources on business growth and innovation.
• This improves customer experience.

Advantage 6 – Go Global in Minutes

• Cloud computing enables application deployment in multiple AWS Regions worldwide.
• This offers better, lower-latency experiences for customers at minimal cost.

Web Services

• Web services are software accessible over the internet or private networks.
• They use standard formats like XML or JSON for communication through APIs.
• They are independent of OS and programming languages, self-describing, and easily discoverable.

Amazon Web Services (AWS)

• AWS is a secure cloud platform providing on-demand IT resources like compute, storage, networking, and databases.
• These resources can be provisioned in minutes and adjusted as needed.
• Key benefits include flexibility, cost efficiency (operational vs. capital expense), and integration.
• AWS enables building and managing IT solutions quickly and cost-effectively.

AWS Compute Services

• Amazon EC2: Full control over virtual servers.
• AWS Lambda: Run code without managing servers.
• AWS Elastic Beanstalk: Automatically deploy and scale web apps.
• Amazon LightSail: Simple cloud hosting for small applications.
• AWS Batch: Run large-scale batch workloads.
• AWS Outposts: Use AWS infrastructure on-premises.
• Amazon ECS / EKS / AWS Fargate: Container management and orchestration.
• VMware Cloud on AWS: Migrate on-premises virtualized environments to AWS.

Key AWS Service Categories & Examples

• Compute: Amazon EC2, AWS Lambda, Amazon ECS, Amazon EKS.
• Storage: Amazon S3, Amazon EBS, Amazon EFS.
• Database: Amazon RDS, Amazon DynamoDB.
• Networking & Content Delivery: Amazon VPC, AWS CloudFront.
• Security & Identity: AWS IAM, AWS KMS.
• Management & Governance: AWS CloudWatch, AWS Config.
• Cost Management: AWS Cost Explorer.

Ways to Access AWS Services

• AWS Management Console: A graphical interface.
• AWS Command Line Interface (CLI): A command-based tool.
• AWS SDKs: Libraries for programming languages.
• All options use AWS’s underlying API for efficient cloud resource management.

AWS Cloud Adoption Framework (AWS CAF)

• This helps identify gaps in skills, processes, and technology.
• It provides best practices for accelerating cloud adoption.
• It organizes guidance into six perspectives, covering various organizational areas.
• The framework focuses on capabilities within each perspective for smooth transitions.
• It helps organizations set goals, create structured processes, and migrate to the cloud.

AWS CAF Perspectives Overview

• Business, People, and Governance focus on business capabilities.
• Platform, Security, and Operations focus on technical capabilities.
• Business: Aligns cloud with business goals.
• People: Develops cloud skills.
• Governance: Ensures policies and compliance.
• Platform: Manages cloud infrastructure.
• Security: Protects data and resources.
• Operations: Manages day-to-day cloud activities.

Business Perspective Stakeholders

• Business managers, finance managers, budget owners, and strategy stakeholders.
• They build strong business cases for cloud adoption.
• They prioritize cloud initiatives.
• Also ensure alignment between business and IT goals.

People Perspective Stakeholders

• HR, staffing, and people managers.
• They assess organizational structure and roles.
• They identify skill and process gaps.
• They prioritize training, staffing, and organizational changes.

Governance Perspective Stakeholders

• CIO, program managers, and business analysts.
• They align IT and business strategies.
• They maximize business value.
• They minimize risks.

Platform Perspective Stakeholders

• CTO, IT managers, and solutions architects.
• They understand and improve IT systems.
• They describe the target state architecture.
• They apply AWS CAF principles and patterns.

Security Perspective Stakeholders

• CISO and IT security managers.
• They ensure visibility.
• They ensure auditability.
• They ensure control.
• They ensure agility.

Operations Perspective Stakeholders

• IT operations and support managers.
• They define day-to-day operations.
• They align operations with business goals.
• They assess current operating procedures.
• They identify necessary changes and training.

AWS Cost Basis

• AWS costs are mainly based on compute, storage, and outbound data transfer.
• Inbound data transfer is usually free.
• Data transfer within the same AWS region is mostly free, with exceptions.
• Outbound data transfer is charged and billed as AWS Data Transfer Out.

AWS Pricing Model

• AWS follows a pay-as-you-go model, paying only for used resources.
• There are no long-term contracts, and you can start or stop services anytime.
• You pay for what you use, with no upfront costs.
• You pay less when you reserve.
• Further, you pay less when you use more.
• You pay even less as AWS grows.

Avoiding Data Center Costs

• AWS avoids high costs of building and maintaining data centers.
• You pay only for what you use, with no upfront expenses or long-term contracts.
• There is no need to buy servers, software, or rent space.
• This leads to lower costs and more flexibility.
• You can focus on innovation instead of managing infrastructure.
• Also scale up or down as needed with AWS services.

Reserved Instances (RIs)

• RIs for Amazon EC2 and Amazon RDS save up to 75% compared to on-demand pricing.
• All Upfront (AURI) provides the biggest discount.
• Partial Upfront (PURI) provides a lower discount.
• No Upfront (NURI) has the smallest discount.
• RIs save businesses money, manage budgets, and meet commitments.

Volume-Based Discounts

• AWS offers volume-based discounts, meaning the more you use, the less you pay per unit.
• Amazon S3 pricing is tiered.
• Data transfer in is always free.
• Different storage options balance cost, performance, and access frequency.

Continuous Cost Reduction

• AWS continuously works on cutting costs by improving efficiency and optimizing hardware.
• This means lower prices for you.
• Since 2006, AWS has reduced prices 75 times (as of 2019).
• Newer, better resources replace older ones at no extra cost.

Custom Pricing

• AWS offers custom pricing for high-volume or unique projects.
• Businesses can negotiate costs based on their requirements.

AWS Free Tier

• AWS offers a Free Tier for new customers to try cloud services for up to 1 year.
• You can use Amazon EC2 T2 micro instance for free.
• Free usage tiers are available for Amazon S3, EBS, Elastic Load Balancing, and more.

Free AWS Services

• Amazon VPC: Creates a secure, isolated network in AWS.
• IAM: Manages user access and security.
• Consolidated Billing: Combines multiple accounts into one bill.
• AWS Elastic Beanstalk: Simplifies app deployment and management.
• AWS CloudFormation: Automates resource setup.
• Automatic Scaling: Adjusts resources based on demand.
• AWS OpsWorks: Helps deploy and manage applications.

On-Premises vs. Cloud

• On-Premises (Traditional IT): installed locally on company-owned servers with high upfront costs. Scaling is costly and slow.
• Cloud (AWS): hosted by AWS with pay-as-you-go pricing. Scaling is easy.
• Flexibility and lower costs favor cloud solutions.
• Hybrid models are also possible.

Total Cost of Ownership (TCO)

• Compare TCO for on-premises vs. cloud.
• On-premises includes hardware, facilities, licenses, and staff.
• Cloud offers pay-as-you-go pricing with no hardware or maintenance.

Cost Comparison

• On-Premises Costs: include hardware/software, power, storage, floor space, and IT ops.
• Cloud Costs: are upfront and transparent based on usage metrics. Prices are often fixed, making them easier to calculate.

3-Year Cost Comparison Example

• On-Premises Cost (3 years): $167,422
• AWS Cost (3 years): $7,509
• This can result in a 96% savings with AWS, amounting to $159,913 over 3 years.

AWS Pricing Calculator

• This helps you estimate monthly AWS costs.
• It allows cost identification and estimates.
• You can model solutions before building them.
• Explore available price points and instance types.

AWS Pricing Calculator Breakdown

• Total for First 12 Months: Combines upfront and monthly costs for all services.
• Total Upfront: Amount you pay upfront when setting up AWS.
• Total Monthly: Estimated monthly cost to run AWS setup
• Individual service costs can be observed.

Hard vs Soft Benefits

• Hard Benefits is reduced spending on compute, storage, networking, and security
• Savings on hardware and software purchases
• Cloud Total Cost of Ownership (TCO) compares the costs of on-premises infrastructure with cloud infrastructure
• A Return on Investment (ROI) analysis helps determine the overall value by considering both hard benefits (direct cost reductions) and soft savings (intangible but valuable gains).

AWS Organizations: Centralized Account Management

• AWS Organizations is a free service that centrally manages AWS accounts.
• It centrally manages access and controls service access.
• It automates account management and offers consolidated billing.

AWS Organizations: Key Terminology & Structure

• Root: Top-level container.
• Organizational Unit (OU): Container for AWS accounts within the root.
• Accounts: AWS accounts holding cloud resources.
• Policies: Rules applied at any level.

Benefits of AWS Organizations

• Centralized Control: Use Service Control Policies (SCPs).
• Account Grouping: Organize accounts into OUs.
• Automated Account Management: Use APIs for account creation.
• Simplified Billing: Consolidate payments and get volume-based discounts.

AWS Organizations vs. IAM Policies

• IAM Policies: Control access within a single AWS account.
• Service Control Policies (SCPs) in AWS Organizations: Control access across multiple AWS accounts.

Setting Up AWS Organizations: Step-by-Step

• Prerequisites: Two AWS accounts with admin access. Steps:
• Create Your Organization: Invite another AWS account to join.
• Create Organizational Units (OUs): Assign member accounts to the OUs.
• Create Service Control Policies (SCPs): Apply restrictions to limit actions.
• Test Your Policies: Verify the restrictions.

AWS Organizations Naming & Limits

• Names must use Unicode characters and be ≤ 250 characters.
• Number of accounts: Varies.
• Number of roots: 1.
• Number of OUs: 1,000.
• Number of policies: 1,000.
• Max control policy size: 5,120 bytes.
• Max OU nesting depth: 5 levels.
• Invitations per day: 20.
• Concurrent member account creation: 5.
• Policies per entity: Unlimited.

Managing AWS Organizations

• AWS Management Console: Browser-based interface
• AWS CLI (Command Line Interface): Issue commands via command line
• AWS SDKs (Software Development Kits): Libraries and sample code for programming languages
• AWS HTTPS Query API: Programmatic access via HTTPS requests

AWS Billing and Cost Management

• Pay your AWS bill and track usage.
• Monitor and forecast costs.
• Customize reports by setting time periods.
• Analyze data trends with filtering and grouping tools.
• Optimize costs using the AWS Cost and Usage Report Tool.

AWS Billing Dashboard

• Spend Summary: Last month's spending, estimated costs, forecast.
• Month-to-Date Spend by Service: Top services used, proportions.

Accessing Cost Management Tools

• From the Billing Dashboard, access these cost management tools like AWS Bills, AWS Cost Explorer, AWS Budgets, and AWS Cost and Usage Reports.

AWS Bills

• The AWS Bills page provides a detailed breakdown of your monthly costs.
• It also breaks down costs for each service, AWS Region, and linked account.
• This tool offers up-to-date information on AWS costs and usage.

AWS Cost Explorer

• The AWS Cost Explorer is a tool in the AWS Billing console that helps you understand AWS costs.
• It can provide access to reports.
• Key features lets you view cost charts and forecast costs.

AWS Budgets

• It integrates with the Cost Explorer for visualizing costs and forecasting estimated costs.
• Some Key features include creating custom budgets with alerts

AWS Cost and Usage Report

• The AWS Cost and Usage Report provides a detailed breakdown of AWS costs and usage.
• It includes usage for each AWS service and any taxes applied.
• You have the option to publish billing reports to an S3 bucket, with updates once a day.

AWS Support

• AWS Support helps you plan, deploy, and optimize solutions, whether you are new or experienced AWS user.
• The support is designed to meet varying customer needs, from experimentation to production and business-critical usage.
• The service helps customers maximize the potential of AWS.

AWS Support Plans

• Basic Support Plan: Provides 24/7 customer service, documentation, and Trusted Advisor checks.Provides access to the Personal Health Dashboard for resource alerts.
• Developer Support Plan: Suited for testing and non-production workloads.
• Business Support Plan: Suited for workload requiring availability, scalability, and security. Ideal for businesses using multiple AWS services.
• Enterprise Support Plan: Suited for mission-critical workloads with proactive management. Includes a Technical Account Manager (TAM) for expert guidance.

AWS Support Plans: Service Levels

• Critical: Major business disruption, key functions unavailable.
• Urgent: Significant impact, important functions unavailable.
• High: Impaired important functions.
• Normal: Non-critical issues or time-sensitive development questions.
• Low: General questions or feature requests.

AWS Cloud Regions

• AWS Cloud is divided into Regions with multiple Availability Zones.
• Each Region is isolated, so data isn't automatically replicated across them.
• Replication must be done manually if needed.

AWS Region Selection Considerations

• Consider the data governance and legal requirements.
• Consider the Proximity to Users.
• Consider the Service Availability.
• Consider the Cost.

Availability Zones (AZs)

• Each AWS Region has multiple Availability Zones (AZs), which are isolated locations.
• AZs are connected by high-bandwidth, low-latency networking.
• You are responsible for choosing the AZs where your systems will run.

Content Delivery Network(CDN)

• Amazon CloudFront is a CDN that speeds up content delivery by routing requests to the nearest edge location, reducing latency.
• Amazon Route 53 is a DNS service that does the same, ensuring faster access to websites.
• AWS has Points of Presence in major cities globally, improving routing and performance.
• For less frequently accessed content, regional edge caches stores data closer to users, improving access speed.

AWS Global Infrastructure Benefits

• Elastic and Scalable: Resources can automatically adjust to changes in demand.
• Fault Tolerant: Built-in redundancy ensures that operations continue even if a component fails.
• High Availability with Minimal Downtime: Ensures services stay available with minimal disruption.

AWS Global Infrastructure Elements

• Consists of three main elements like Regions, Availability Zones, and Points of Presence (including edge locations).
• It supports wide range of services such as compute, storage, networking, and databases.
• The infrastructure is structured as follows: Foundational Services, Platform Services, and Applications
• The design ensures flexible, scalable, and cost-efficient service delivery.

AWS Service Categories

• AWS offers 23 service categories.
• Compute
• Cost Management
• Database
• Management and Governance
• Networking and Content Delivery
• Security, Identity, and Compliance
• Storage

AWS Storage Services

• Amazon S3: Object storage for scalability, security, and performance. Ideal for data storage in websites, mobile apps, backups, IoT devices, and big data analytics.
• Amazon EBS: High-performance block storage for EC2 instances, supporting workloads like databases and media applications.
• Amazon EFS: Scalable, fully managed NFS file system that automatically adjusts in size, reducing the need for manual capacity management.
• Amazon S3 Glacier: Low-cost, durable storage for archiving and long-term backups, offering high durability and security.

AWS Compute Services

• Amazon EC2: Provides resizable virtual machines for compute capacity in the cloud.
• Amazon EC2 Auto Scaling: Automatically adjusts EC2 instances based on defined conditions.
• Amazon ECS: Scalable container orchestration service for Docker containers.
• Amazon ECR: Managed Docker container registry for storing and deploying container images.
• AWS Elastic Beanstalk: Deploys and scales web apps and services on familiar servers (e.g., Apache, IIS).
• AWS Lambda: Runs code without managing servers, charging only for compute time used.
• Amazon EKS: Simplifies deployment and management of Kubernetes-based containerized apps on AWS.
• AWS Fargate: Run containers without managing servers or clusters, integrated with ECS.

AWS Database Services

• Amazon RDS: Simplifies setting up, operating, and scaling relational databases, with automated tasks like backups and patching.
• Amazon Aurora: A MySQL and PostgreSQL-compatible database, offering up to 5x the speed of MySQL and 3x the speed of PostgreSQL.
• Amazon Redshift: A data warehouse service for running analytic queries on petabytes of local data and exabytes stored in Amazon S3.
• Amazon DynamoDB: A key-value and document database offering single-digit millisecond performance, with built-in security, backups, and in-memory caching.

AWS Networking and Content Delivery Services

• Amazon VPC: Creates isolated cloud environments for your resources.
• Elastic Load Balancing: Distributes traffic across multiple targets (EC2, containers, IPs, Lambda).
• Amazon CloudFront: A global CDN for fast, secure content delivery with low latency.
• AWS Transit Gateway: Connects multiple VPCs and on-premises networks via a single gateway.
• Amazon Route 53: A scalable DNS service that routes users to applications efficiently.
• AWS Direct Connect: Establishes a dedicated private network to AWS for lower costs and higher speeds.
• AWS VPN: Creates secure private tunnels between your network and AWS.

AWS Security, Identity, and Compliance Services

• AWS IAM: Manages secure access to AWS services by defining user and group permissions.
• AWS Organizations: Restricts services and actions across multiple AWS accounts.
• Amazon Cognito: Adds user authentication and access control to apps.
• AWS Artifact: Provides security and compliance reports on demand.
• AWS KMS: Manages encryption keys for secure data protection.
• AWS Shield: Protects applications from DDoS attacks.

AWS Cost Management Services

• AWS Cost and Usage Report: Provides detailed cost and usage data, including metadata on services and pricing.
• AWS Budgets: Lets you set budgets and receive alerts when costs exceed limits.
• AWS Cost Explorer: Helps visualize and analyze AWS costs and usage trends.

AWS Management and Governance Services

• AWS Management Console: Web-based UI for managing AWS resources.
• AWS Config: Tracks resource inventory and changes.
• Amazon CloudWatch: Monitors resources and applications.
• AWS Auto Scaling: Adjusts resources to meet demand.
• AWS CLI: Unified tool to manage AWS services via command line.
• AWS Trusted Advisor: Optimizes performance and security.
• AWS Well-Architected Tool: Helps review and improve workloads.
• AWS CloudTrail: Tracks user activity and API usage.

Shared Security Responsibilities

• AWS secures the cloud itself, including physical infrastructure.
• Customers secure what's in the cloud, like data and access.

AWS Responsibilities

• Physical security, restricts access.
• Hardware security: servers, storage and other critical devices.
• Software security: Operating systems, service applications, and virtualization layers.
• Network security: Prevents unauthorzied access.

Customer Responsibilities

• Securing systems: Configuring firewalls, networks, and security groups.
• Protecting applications: Keeping software updated and properly secured.
• Managing data security
• Controlling access.
• Customers have control over setting security for resources.

Cloud Service Models

• IaaS: Customer manages OS, applications, security configurations.
• PaaS: AWS handles infrastructure security; customer manages data and permissions.
• SaaS: AWS manages all security aspects.

AWS Identity and Access Management (IAM)

• IAM controls who accesses what resources and how.
• Authentication manages identity (users and roles).
• Authorization specifies access permissions.
• IAM allows you to manage access securely, and is part of your account (free to use).

IAM Components

• IAM User: A person who needs to access AWS with unique credentials.
• IAM Group: Collection of users to manage permissions.
• IAM Policy: Actions users/groups can do on AWS resources.
• IAM Role: Temporary access to AWS resources

Authentication Methods

• Access based on AWS API, AWS CLI and AWS Management Console
• For Programmatic Access, access key ID and secret access key are used
• Use browser login with account ID, IAM username, password and MFA

MFA Recommendation

• MFA adds security
• Options include:
  • Virtual MFA apps
  • U2F security key devices
  • Hardware MFA devices

IAM Authorization

• Access must be explicitly permitted. Steps:
• Create a policy.
• Assign the policy to a user, group, or role.
• In short, policies explicitly grant or deny permissions to access AWS resources.

Granting Permissions

• Default deny
• Grant the minimum permissions necessary.
• IAM settings are global.

IAM Policy Types

• Used to control permissions granted to users. Can come in two forms, Identity or Resource based
• There are different managed policies, those being predefined or custom policies

IAM Permission Evaluation

• Deny overrides allow
• Policy simulator tests effects

IAM Group

• Simplified user permission management
• Can contain many users
• Groups cannot be nested
• No default group for all accounts

IAM Role

• Identity with temporary permissions
• No long-term credentials
• Used to delegate access
• Used for external access

Root User Access

• Only used for certain tasks.
• Not recommended for daily tasks.

Securing Root Access

• Create User
• Set MFA
• Secure Credentials

AWS CloudTrail

• Records API calls.
• Enabled by default for 90 days.
• Allows you to create a “trail.”

Billing Reports

• AWS Cost and Usage Report provides details, usage and costs.
• AWS provides various reports.

AWS Organizations Security

• Central management with OUs.
• IAM integration.
• Service Control Policies

Service Control Policies (SCPs)

• Max allows
• Requires all features to be enabled

AWS Key Management Service (AWS KMS)

• Create/control encryption keys.
• HSMs keys using FIPS 140-2.
• Control access to CMKs.

Amazon Cognito

• User Authentication.
• Role based access control.
• It meets certain security standards, such hipaa/pci

AWS Shield

• Managed DDoS protection for AWS.
• Standard and Advanced versions.
• Has free/paid protection

Data Encryption

• Secures digital data
• Only allow certain authorized users access

Data at Rest

• Stored data
• Use AES 256 encryption and can by managed by KMS.

Data In Transit

• Data moving across network
• TLS with AES-256
• SSL use

S3 Access Control

• Permissions set to Private by default
• Tools include:
  • S3 Block Public Access
  • IAM Policies
  • Bucket Policies
  • Access Control Lists (ACLs)

Security and Compliance Resources

• AWS has External compliance audits (ISO/IEC 27001, HIPAA, GDPR) AWS supports a variety of tools:
  • Config: Tracks Changes
  • Artifact: Provides access to reports, and helps manage legal agreements

Computer Networks

• A computer network connects two or more computers to share resources.
• Routers and switches enable communication.
• Networks have subnets.
• An IP enables computer identification

Amazon Virtual Private Cloud (Amazon VPC)

• AWS allows Amazon VPCs
• Offers Networking settings control and supports both IPv4 and IPv6
• Private subnets and Public subnets are options

Private Cloud Customization

• Allows Private Clouds that are configurable to user settings

Virtual Private Clouds (VPCs)

• VPC is dedicated to AWS account.
• Subnets divided into public and private
• Subnets in a single Area Zone

IP Addresses

• VPC assigned a private address
• IP ranges cannot overlap
• IPs in range, subnet’s CIDR

Reserved IP Addresses

• AWS reserves five IP addresses in each subnet, meaning they cannot be used for resources.
• Used for Network Address, VPC router, DNS domain, Future use, broadcast address

IP Address Customization

• With Auto Assigned IP Addresses set for instances

Elastic IP Address

• Static, non-changing
• Dynamic cloud

Elastic Network Interface (ENI)

• A "virtual cable" between instances

Route Table

Rules: Target and Destination

• tells network where to send traffic.
• Has a rule that says where data should go

Route Table Management

• Allows for communication management

Internet Gateway

• Door to access the internet
• Acts as Target via Route Table

NAT Gateway

• One way traffic.
• Private computers access internet, outside access blocked.

Setting Up NAT Gateway

• Use elastic API.
• Then update Route Table.

VPC Sharing

• Sharing VPC while keeping resources separate

VPC Sharing Benefits

• Controlled VPC and improved resources

VPC Peering

• Connect with other private VPC Important Factors include:
• Update IP ranges
• Connections are only be between two VPC

VPN Connection

• Allow Connection with other network using VPC

Setting up VPN connections

• Set up VPN gateways
• Update Route Table
• Establish AWS Site-to-Site VPNs, routing configuration and security

AWS Direct Connect

• Direct connect between company and AWS Data Center Benefits include:
• Better performance
• Lower traffic costs
• Higher bandwidth
• VLAN’s traffic use.

VPC Endpoint

• Internal network for services (without use of internet).
• Stays within AWS network.
• Interface VPC Endpoint for AWS PrivateLink, Gateway connects with AWS services

Security Groups

• Virtual firewalls, only what is allowed.

Inbound and Outbound settings

• Inbound is not allowed unless rules state set is
• Outbound is the inverse

Stateful Nature

• Security Groups that allow traffic to return

Creating Security Groups

• Allow rule creation only
• What is not allowed, is denied

Network Access Control List (NACL)

• Security layer for VPC Management: every subnet requires NACL and has specific rules, however one subnet can only have one NACL at a time

Network ACL (NACL) Rules

• NACL has separate rules for inbound and outbound traffic.
• Default NACL has traffic, allows IPv4 and IPv6
• Stateless
• They are stateless, meaning that they do not remember information about requests once they are processed

Network ACL Customization

• All traffic is denied, until specific rules are set Evaluation: traffic flows based on rule setting traffic is followed Rule Numbering: can incrementally increase to allow for other updates to rules

Comparison of Security

• Security groups are small while NACL have more scope than security groups

DNS traffic management

• Allows for better traffic management using DNS services

Route Service features

• Monitor endpoint health for use
• Delivers fast traffic, while remaining fault tolerant
• Allows for domain registration

Route 53 traffic policies

• Allows for traffic management

High availability

• Setup is needed for traffic

Additional Route settings include:

• Allow for better use