AWS training

gistfile1.txt

Focus on automation 

Preso by Gerardo Estaba - AWS solution architect
keyword: on premise
az - multiple data centres close to each other - to allow synchronous replication
global services -> cloudfront, route 53
other services are region based for example: S3, DynamoDB etc
don't wait too long to build - if you have 60% information - start build and iterate on it

lightsail -> easiest way to get started on aws, convinient, not a lot of control
database option - you can self managed using EC2 - or use RDS (relational db service) or DynamoDB (noSQL) which is fully managed

Aurora - mysql / postgres compatible, 6 way replication across 3 zones. up tp 15 read replicas.
DynamoDB - items up to 400kb (!!!), auto scale (just new)

Amazon Cognito - authentication service - users directory - is this alternative of Gigya? is this IDAM? managed federated identities.

the number of users I guess drive the complexity of AWS architecture you need.

load balancer - question: can you load balance across regions? felix: that wouldn't make sense would it?
ELB - elastic load balancer - now become Classic Load balancer -> don't use this, AWS recommends application load balancer

S3 - limit: objects up to 5TB in size (is this per object limit or bucket limit?), answer this is the limit of 1 object size.

ElastiCache -> internal cache oh this redis / memcached - where to use this instead of read replicas?
tips: use DynamoDB or noSQL for user session data - as this is key / value data anyway

When you break things into microservices - how to glue them? 
* you can use SQS (queue system)

Automation:
higher level -> lower 
lightsail, elastic beanstalk, opsworks, cloud formation
opswork uses puppet and chef
cloud formation is suggested as the first thing that you should learn - it's the power house of aws deployment
automating server provisioning

code services:
codecommit - aws's github
codebuild - build system
codedeploy - deployment system 
ci / cd 
aws codestar -> devops in minutes (ci/cd)

other options
use container - docker
serverless w/ lambda and SPA
event driven system

Well architected framework - david williams from polar seven

5 pillars:
security, reliability, performance, cost optimisation, operational excellence

your bill mostly will be ec2 - hehe - you should save money - use reserved instance, the easiest way to save money.
look at cloud formation quick start - these are good examples.
not going to use default VPC - because by default it has public iP address which probably not good idea by default.

VPC
what you set the size of subnet- you're stuck - it's not elastic.
plan your VPC - consider future AWS regition, consider future connectivity, consider subnet design, CIDR cannot be modified after creation
best practice: whitelist your security group of the instances - so for example: when your laptop stolen - ppl can't ssh in to your services.

IAM - best practices -> good stuff

infrastructure as code -> cloud formation

sumologic

outlier detection - intelligent monitoring - this is very interesting - good for detecting fraud maybe?
are we using sumologic in ffx - if so maybe we can leverage that
sumologic is more for the ops - monitoring cloud infra - a bit different to newrelic - which focuses on the app level?

sumologic aggregates hundreds of logs
would be good to use this - how different it is to loggly

log reduce -> to find things when you don't know what to look for - this group the logs into a pattern
_sourceCategory=Labs/Apache/Access | logreduce
you can do log compare - to compare stats before and after a deployment for example - not sure how to specify comparison periods

Sumologic is a SAAS alternative to splunk and ELK (you have to build it yourselves and on premise)

https://www.sumologic.com/learn/certifications/

there is a limit of 5 VPC per account- you need to ask aws for more.
suggestion: use yaml first - it is easier than json.

very important to design VPC correctly in the first place - you have to plan for this first before doing anything else.