You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Logging provides visibility into your cloud resources and applications. For applications that run in the cloud, you will need access to logging and auditing services to help you proactively monitor your resources and applications.
Logging allows you to answer important questions like:
How is this server performing?
What is the current load on the server?
What is the root cause of an application error that a user is seeing?
Cloud Trail allows you to audit (or review) everything that occurs in your AWS account. Cloud Trail does this by recording all the AWS API calls occurring in your account and delivering a log file to you.
Features
CloudTrail provides event history of your AWS account activity, including:
who has logged in
services that were accessed
actions performed
parameters for the actions
responses returned
This includes actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
Tips
Cloud Trail is found under the Management & Governance section on the AWS Management Console.
CloudTrail shows results for the last 90 days.
You can create up to five trails in an AWS region.
Infrastructure as Code allows you to describe and provision all the infrastructure resources in your cloud environment. You can stand up servers, databases, runtime parameters, resources, etc. based on scripts that you write. Infrastructure as Code is a time-saving feature because it allows you to provision (or stand up) resources in a reproducible way.
AWS Cloud Formation allows you to model your entire infrastructure in a text file template allowing you to provision AWS resources based on the scripts you write.
Tips
Cloud Formation is found under the Management & Governance section on the AWS Management Console.
Cloud Formation templates are written using JSON or YAML.
You can still individually manage AWS resources that are part of a CloudFormation stack.
The AWS CLI (or Command Line Interface) allows you to access and control services running in your AWS account from the command line. To use the CLI, simply download, install, and configure it.
Tips
The AWS CLI allows you to work with AWS services in a programmatic manner
AWS CLI Command
aws --version
aws ec2 describe-instances
aws start-instances --instance-ids i-(IDS of EC2 instance)
aws sns publish --topic-arn arn:aws:sns:ws-east-1:(IDS): --message "Publish in a Command Line"
Cloud Computing is the delivery of IT resources over the Internet.
The cloud is like a virtual data center accessible via the Internet that allows you to manage:
Pay as you go - You pay only for what you use and only when your code runs.
Autoscaling - The number of active servers can grow or shrink based on demand.
Serverless - Allows you to write and deploy code without having worry about the underlying infrastructure.
Types of Cloud Computing
Infrastructure-as-a-Service (IaaS)
The provider supplies virtual server instances, storage, and mechanisms for you to manage servers.
Examples : Amazon Web Services(AWS), DigitalOcean, Rackspace
Platform-as-a-Service (PaaS)
A platform of development tools hosted on a provider's infrastructure.
Example: GoDaddy, Salesforces
Software-as-a-Service (SaaS)
A software application that runs over the internet and is managed by the service provider.
Example : Google's Gmail, Microsoft Office 365
Cloud Deployment Models
Public Cloud
A public cloud makes resource available over the Internet to the general public.
Example : AWS (the largest public cloud provider )
Private Cloud (On-premises)
A private cloud is a proprietary network that supplies services to a limited number of people.
Example :
Hybrid Cloud
A hybrid model contains a combination of both a public and a private cloud.
Example : PII data stored locally and Web application served publically
The hybrid model is a growing trend in the industry for those organizations that have been slow to adopt the cloud due to being in a heavily regulated industry.
The hybrid model gives organizations the flexibility to slowly migrate to the cloud.
Benefits of the Cloud
There are several benefits of the cloud:
Stop guessing about capacity.
Avoid huge capital investments up front.
Pay for only what you use.
Scale globally in minutes.
Deliver faster.
Amazon Web Services is a Market Leader
There are several popular cloud platforms; however, Amazon Web Services (AWS) leads the public cloud infrastructure by currently holding the highest market share and the largest number of data centers and services. AWS routinely adds new services and invests billions of dollars in the overall platform and infrastructure.
A region is considered a geographic location or an area on a map.
Availability Zone
An availability zone is an isolated location within a geographic region and is a physical data center within a specific region.
Edge Location
An edge location is as a mini-data center used solely to cache large data files closer to a user's location.
Additional Information
There are more Availability Zones (AZs) than there are Regions.
There should be at least two AZs per Region.
Each region is located in a separate geographic area.
AZs are distinct locations that are engineered to be isolated from failures.
Elastic Cloud Compute or EC2 is a foundational piece of AWS' cloud computing platform and is a service that provides servers for rent in the cloud.
Pricing Options
There are several pricing options for EC2.
On Demand - Pay as you go, no contract.
Dedicated Hosts - You have your own dedicated hardware and don't share it with others.
Spot - You place a bid on an instance price. If there is extra capacity that falls below your bid, an EC2 instance is provisioned. If the price goes above your bid while the instance is running, the instance is terminated.
Reserved Instances - You earn huge discounts if you pay up fornt and sign a 1-year or 3-year contract.
Tips
EC2 is found under the Compute section of the AWS Management Console.
Spot instances can save you up to 90% off the on-demand pricing
There are several instance types that provide varying combinations of CPU, memory, storage, and networking capacity.
Elastic Block Store (EBS) is a storage solution for EC2 instances and is a physical hard drive that is attached to the EC2 instance to increase storage.
Tips
EBS is found on the EC2 Dashboard.
There are several EBS volume types that fall under the categories of Solid State Drives (SSD) and Hard Disk Drives (HDD).
Benefits
Storage solution for EC2.
Able to persist data after EC2 is terminated.
Automatically replicated in its AZ.
Security
Security in the cloud allows you to have complete control over your virtual networking environment.
Configure your virtual network with public or private facing subnets
Launch your servers in the selected network to secure access
Virtual Private Cloud or VPC allow you to create your own private netowrk in the cloud. You can launch services, like EC2, inside of that private network. A VPC spans all the Availability Zones in the region.
VPC allows you to control your virtual networking environment, which includes:
IP address ranges
subnets
route tables
network gateways
Tips
VPC is found under Networking & Content Delivery section of the AWS Management Console.
The default limit is 5 VPCs per Region. You can request an increase for these limits.
Your AWS resources are automatically provisioned in a default VPC.
There are no additional charges for creating and using the VPC.
You can store data in Amazon S3 and restrict access so that it's only accessible from instances in your VPC.
In this hands-on exercise, you will launch a virtual server in the cloud within a secure network. You will also manage additional storage options for your server.
Prerequisites:
AWS Account
Topics Covered:
By the end of this lab, you will be able to:
Launch a secure EC2 (Elastic Cloud Compute) instance within a VPC (Virtual Private Cloud)
Manage an EBS volume
Steps:
Access VPC service from AWS Management Console
On the AWS Management Console page, type vpc in the Find Services box and then select VPC.
Click the Launch VPC Wizard button and select VPC with a Single Public Subnet.
Important: In the VPC Name text box, enter a name for the VPC, and then select the first AZ from the Availability Zone dropdown. Leave everything else as the defaults.
Select Create VPC button.
You should see the VPC Successfully Created page, click the OK button in the far right.
Important: You should see a table that lists all of the VPCs, make a note of the one just created.
Launch an EC2 instance
Navigate to the EC2 console page, by clicking on Services in the upper left-hand menu. Type EC2 in the text box and click on EC2 found in the search results.
On the EC2 Dashboard page, click on Instances in the left-hand navigation.
Click Launch Instance.
Select the Amazon Linux 2 AMI (HVM), SSD Volume Type Amazon Machine Image (AMI).
Important: You are free to choose a different AMI, but to avoid excessive charges, pick one that says, Free Tier Eligible.
For the Instance Type, select the free-tier instance type of t2.micro.
Click on Next: Configure Instance Details.
Enter the 1 for the Number of Instances.
For Purchasing option, leave unchecked.
For Network, select the VPC that was created in the previous step, and then select the subnet in to which to launch the instance.
Keep the other default settings on this page as is.
Attach an EBS volume
Click on Next: Add Storage to attach an EBS volume.
Important: Here we already see there is a root volume (or device) attached to your instance, this is an EBS volume. We are going to add additional storage.
To attach additional storage, click on Add New Volume.
Select Delete on Termination and keep the other default settings.
Click Review and Launch.
Click Launch Instances.
Generate and download a new key pair and then launch the instance.
Important: This will allow you to SSH into your instance from your local machine. This is a one-time process, so generate and download the new key pair now.
The launch will take a couple of minutes, select View Instances during the wait.
Check the instance state, it should say running.
Congratulations! You’ve launched your first virtual server in the cloud.
Cleanup & Disable EC2 Instance To avoid recurring charges for leaving an instance running, let’s disable the EC2 instance and terminate the VPC
From the EC2 Dashboard, select the instance just created, click Actions, then Instance State, and then select Terminate.
From the VPC Dashboard, select the VPC just created, click Actions, then Delete VPC.
Computer Power in the Cloud
Compute power in the cloud is a faster way to build applications, providing:
no servers to manage (i.e. serverless)
ability to continuously scale
ability to run code on demand in response to events
AWS Lambda provides you with computing power in the cloud by allowing you to execture code without standing up or managing servers.
Tips
Lambda is found under the Compute section on thr AWS Management Console.
Lambda have a time limit of 15 minutes.
The code you run on AWS Lambda is called a "Lambda function."
Lambda code can be triggered by other AWS services.
AWS lambda supports Java, Go, Powershell, Node.js, C#/.Net, Python, and Ruby. There is a Runtime API that allow you to use other programming languages to author your functions.
Lambda code can be authored via the console.
What can trigger a Lambda?
A file upload to AWS S3
A record insert to DynamoDB database
Computer Power in the Cloud (LAB-2)
In this hands-on exercise, you will write your first Lambda function using Node.js.
Prerequisites:
AWS account
Topics Covered:
By the end of this lab, you will be able to:
Author a Lambda function using Node.js via the console
Test a Lambda function via the console
Steps:
Create a Lambda Function
On the AWS Management Console page, type lambda in the Find Services box and then select Lambda.
Click the “Create function” button and select Author from scratch.
Enter a Function name and select Node.js 8.10 as the runtime.
For Permission, click Choose or create an execution role, and select Create a new role with basic Lambda permissions.
Click Create function.
Modify a Lambda Function
Scroll down to the code for the Lambda function.
Replace the code on Line 5 with the statement below:
body: JSON.stringify('Hello ' + event.key1 + ' from Lambda!'),
Click the Save button in the upper right-hand corner.
* Scroll down to the Basic Settings section.
For the Description, enter Udacity Function.
Change the Timeout from 3 seconds to 10 minutes.
Click the Savebutton in the upper right-hand corner.
Test a Lambda Function
Click on the Test button in the upper right-hand corner.
Ensure the Event template is Hello World.
For the Event name enter TestEventImportant: The name cannot contain spaces.
Update the JSON to the statement below, replacing the statement with your name.
{ "key1": "Place your name here" }
Click Create.
Click the Test button in the upper right-hand corner again.
Scroll up to see the output in the Execution Results pane.
Elastic Beanstalks ia an orchestration service that allows you to deploy a web application at the touch of a button by spinning up (or provisioning) all of the services that you need to run your application.
Tips
Elastic Beanstalk if found under the Compute section of the AWS Management Console.
Elastic Beanstalk can be used to deployed web applications developed with Java, .NET, PHP, Node.js, Python, Ruby, Go and Docker.
In this hands-on exercise, you will use Elastic Beanstalk to deploy a web application to the cloud.
Pre-requisites:
+ AWS Account
+ DOWNLOAD THIS: WAR file containing the web application code
Topics Covered:
By the end of this lab, you will be able to:
Deploy a web application to the cloud using Elastic Beanstalk
Steps:
Access Elastic Beanstalk service from AWS Management Console
On the AWS Management Console page, type elastic beanstalk in the Find Services box and then select Elastic Beanstalk.
If this is your first time accessing Elastic Beanstalk, click the Get started button.
Enter an Application name.
Under Platform, click the dropdown for Choose a platform. Select Tomcat.
Under Application code, select Upload your code. Click the Upload button.
Under Upload your code, make sure Local file is selected for Source code origin.
Click Choose File and upload the downloaded WAR file (link above in pre-requisites), AWSElasticBean.war.
Click the Upload button.
Click the Create application button.
Important: It will take about 10 minutes for your application to be created. There are several resources that need to be spun up to support your application. Your application is created once you see a green check mark and the Health of your application is Ok.
After the application is created, copy the application’s URL.
Important: The URL can be found on the top of the page, to the right of your application’s name.
Test the deployed web application in a browser
Navigate to a web browser like Chrome or Safari.
Paste the application URL and append /message on the end of the URL.
Upon successfully accessing that URL, you will see the text Hello World in your browser window.
Inspect the EC2 instance created for you
Navigate to the EC2 console and inspect the instance that was created for you. The instance has the same name as your application. You can administer and manage this EC2 as if you created it yourself.
Cleanup and delete resources
To clean up the resources to avoid recurring charges, navigate back to the Elastic Beankstalk console.
Select your application.
Select the Actions button in the upper-right hand corner.
Select Terminate environment.
Enter the name of the application to be deleted.
Click the Terminate button.
After the application is terminated, you will be brought to the main page for the application.
Click on the Actions button in the upper right-hand corner.
There are often times that users of your applications need to be notified when certain events happen. Notifications, such as text messages or emails can be sent through services in the cloud. The use of the cloud offers benefits like lowered costs, increased storage, and flexibility.
Amazon Simple Notification Service (or SNS) is a cloud service that allows you to send notifications to the users of your applications. SNS allows you to decouple the notification logic from being embedded in your applications and allows notifications to be published to a large number of subscribers.
Features
SNS uses a publish/subscribe model.
SNS can publish messages to Amazon SQS queues, AWS Lambda functions, and HTTP/S webhooks.
Tips
SNS is found under the Application Integration section on the AWS Management Console.
SNS Topic names are limited to 256 characters.
A notification can contain only one message.
Queues
A queue is a data structure that holds requests called messages. Messages in a queue are commonly processed in order, first in, first out (or FIFO).
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that allows you to integrate queuing functionality in your application. SQS offers two types of message queues: standard and FIFO.
Features
send messages
store messages
receive messages
Tips
The Simple Queue Service (SQS) is found under the Application Integration on the AWS Management Console.
FIFO queues support up to 300 messages per second.
FIFO queues guarantee the ordering of messages.
Standard queues offer best-effort ordering but no guarantees.
Standard queues deliver a message at least once, but occasionally more than one copy of a message is delivered.
Containers in the Cloud
Enterprises are adopting container technology at an explosive rate. A container consists of everything an application needs to run: the application itself and its dependencies (e.g. libraries, utilities, configuration files), all bundled into one package.
Each container is an independent component that can run on its own and be moved from environment to environment.
ECS is an orchestration service used for automating deployment, scaling, and managing of your containerized applications. ECS works well with Docker containers by:
launching and stopping Docker containers
scaling your applications
querying the state of your applications
Tips
+ ECS is under the Compute section on the AWS Management Console.
+ You can schedule long-running applications, services, and batch processeses using ECS.
+ Docker is the only container platform supported by Amazon ECS.
Networks reliably carry loads of data around the globe allowing for the delivery of content and applications with high availability. The network is the foundation of your infrastructure.
Route 53 is a cloud domain name system (DNS) service that has servers distributed around the globe used to translates human-readable names like www.google.com into the numeric IP addresses like 74.125.21.147.
Features
scales automatically to manage spikes in DNS queries
allows you to register a domain name (or manage an existing)
routes internet traffic to the resources for your domain
checks the health of your resources
Tips
+ Route 53 is found under the Networking & Content Delivery section on the AWS Management Console.
+ Route 53 allows you to route users based on the user’s geographic location.
Elasticity in the Cloud
One of the main benefits of the cloud is that it allows you to stop guessing about capacity when you need to run your applications. Sometimes you buy too much or you don't buy enough to support the running of your applications.
With elasticity, your servers, databases, and application resources can automatically scale up or scale down based on load.
Vertical Scaling ( Scale Up ) : Vertical scaling by resizing an instamce to add more capacity.
Horizontal Scaling ( Scale out ) : Horizontal scaling by increasing the numbers of servers in the farm.
EC2 Auto Scaling is a service that monitors your EC2 instances and automatically adjusts by adding or removing EC2 instances based on conditions you define in order to maintain application availability and provide peak performance to your users.
Features
Automatically scale in and out based on needs.
Included automatically with Amazon EC2.
Automate how your Amazon EC2 instances are managed.
Tips
EC2 Auto Scaling is found on the EC2 Dashboard.
EC2 Auto Scaling adds instances only when needed, optimizing cost savings.
EC2 predictive scaling removes the need for manual adjustment of auto scaling parameters over time.
Elastic Load Balancing can be found on the EC2 Dashbaoard.
Elastic Load Balancing works with EC2 Instances, containers, IP addresses, and Lambda functions.
You can configure Amazon EC2 instances to only accept traffic from a load balancer.
Redundancy : If you lose a server, the load balancer will send requests to other working servers. This feature maintains continuous operations in an emergency.
Performance: If a server starts having issues or bottlenecks, the load balancer will add more servers to the pool of available servers. Auto scaling automatically adjusts capacity to maintain a steady state.
As adoption of cloud services has increased, so has the need for increased security in the cloud. The great thing about cloud security is that it not only protects data, it also protects applications that access the data. Cloud security even protects the infrastructure (like servers) that applications run on.
The way security is delivered depends on the cloud provider you're using and the cloud security options they offer.
AWS Shield is a managed DDoS (or Distributed Denial of Service) protection service that safeguards web applications running on AWS.
AWS Shield is a service that you get "out of the box", it is always running (automatically) and is a part of the free standard tier. If you want to use some of the more advanced features, you'll have to utilize the paid tier.
Tips
AWS Shield can be found under the Security, Identity, & Compliance section on the AWS Management Console.
AWS Shield Standard is always-on, using techniques to detect malicious traffic.
Identity & Access Management (IAM) is an AWS service that allows us to configure who can access our AWS account, services, or even applications running in our account. IAM is a global service and is automatically available across ALL regions.
Security Concepts
User
IAM Group
IAM Role
Policy
IAM Role : Identify with permissions or a set of privileges.
Policy : Defines granular level permissions.(JSON)
User : A person or service that interacts with services or applications running in your AWS account.
IAM Group : A collection of users.
EC2 Security Group is not a part of IAM security group
Storage and database services in the cloud provide a place for companies to collect, store, and analyze the data they've collected over the years at a massive scale.
Storage & Database Services
Amazon Simple Storage Service (Amazon S3)
Amazon Simple Storage Service (Amazon S3) Glacier
DynamoDB
Relational Database Service (RDS)
Redshift
ElastiCache
Neptune
Amazon DocumentDB
S3 & S3 Glacier
Amazon Simple Storage Service (or S3) is an object storage system in the cloud.
Storage Classes
S3 offers several storage classes, which are different data access levels for your data ar certain price points.
S3 Standard
S3 Glacier
S3 Glacier Deep Archive
S3 Intelligent-Tiering
S3 Standard Infrequent Access
S3 One Zone-Infrequent Access
Tips
S3 is found under the Storage section on the AWS Management Console.
A single object can be up to 5 terabytes in size.
You can enable Multi-Factor Authentication (MFA) Delete on an S3 bucket to prevent accidental deletions.
S3 Acceleration can be used to enable fast, easy, and secure transfers of files over long distances between your data source and your S3 bucket.
DynamoDB is a NoSQL document database service that is fully managed. Unlike traditional databases, NoSQL databases, are schema-less. Schema-less simply means that the database doesn't contain a fixed (or rigid) data structure.
Tips
DynamoDB is found under the Database section on the AWS Management Console.
DynamoDB can handle more than 10 trillion requests per day.
DynamoDB is serverless as there are no servers to provision, patch, or manage.
DynamoDB supports key-value and document data models.
DynamoDB synchronously replicates data across three AZs in an AWS Region.
DynamoDB supports GET/PUT operations using a primary key.
RDS (or Relational Database Service) is a service that aids in the administration and management of databases. RDS assists with database administrative tasks that include upgrades, patching, installs, backups, monitoring, performance checks, security, etc.
Redshift is a cloud data warehousing service to help companies manage big data. Redshift allows you to run fast queries against your data using SQL, ETL, and BI tools. Redshift stores data in a column format to aid in fast querying.
Tips
Redshift can be found under the Database section on the AWS Management Console.
Redshift delivers great performance by using machine learning.
Redshift Spectrum is a feature that enables you to run queries against data in Amazon S3.
Redshift encrypts and keeps your data secure in transit and at rest.
Redshift clusters can be isolated using Amazon Virtual Private Cloud (VPC).
A Content Delivery Network (or CDN) speeds up delivery of your static and dynamic web content by caching content in an Edge Location close to your user base.
CloudFront is used as a global content delivery network (CDN). Cloud Front speeds up the delivery of your content through Amazon's worldwide network of mini-data centers called Edge Locations.
CloudFront works with other AWS services, as shown below, as an origin source for your application:
