iSarCasm/AWS Developer Associate Certification notes.md

## AWS Developer Associate Certification notes.md

      
    Raw
  

              AWS Developer Associate Certification notes.md
            
          
AWS Developer Associate Certification notes

IAM

Concepts
Features
Service Details


Cognito

Service Details


EC2

EC2 101
EBS (Elastic Block Store)-
EBS Volumes & Snapshots - Upgrading/Moving-
AMIs Types - EBS Root Device Volumes vs Instance Store
EBS Pricing


Elastic Load Balancer
Route53
RDS

Backups vs Snapshots
Encryption
Multi-AZ vs Read Replica


ElastiCache
Parameter Store
S3
Lambda
DynamoDB

Intro
Primary Keys
Scan vs Query-
DAX (DynamoDB Accelerator)
DynamoDB TTL
Provisioned Throughput Calculations
Web Identity Auth to DynamoDB
Other important bits
CLI Commands


KMS
SQS
SNS
SES
Kinesis
CodeCommit, CodeBuild, CodeDeploye, CodePipeline
CodeArtifact
Elastic Container Service (ECS)
CodeStar
Elastic Beanstalk
CloudFormation
CloudWatch
CloudTrail
X-Ray


AWS Developer Associate Certification notes

IAM

Concepts


Users

End users and people


Groups

A collections of users or roles


Roles

Users, Application, or Services
Web Identity Federation

Authentication with 3rd party (Facebook, Google, etc.)
Assume rome with STS API call
Temporary credentials


Cross-Account Acesss


Policy

AWS Managed Policies
Customer Managed Policies
Inline Policies


  Example Policy
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "FirstStatement",
      "Effect": "Allow",
      "Action": ["iam:ChangePassword"],
      "Resource": "*"
    },
    {
      "Sid": "SecondStatement",
      "Effect": "Allow",
      "Action": "s3:ListAllMyBuckets",
      "Resource": "*"
    },
    {
      "Sid": "ThirdStatement",
      "Effect": "Allow",
      "Action": [
        "s3:List*",
        "s3:Get*"
      ],
      "Resource": [
        "arn:aws:s3:::confidential-data",
        "arn:aws:s3:::confidential-data/*"
      ],
      "Condition": {"Bool": {"aws:MultiFactorAuthPresent": "true"}}
    }
  ]
}


Features


Shared access to your AWS account
Granular permissions
Identity federation
PCI DSS Compliance
Integrated with many AWS services
MFA (Multi-Factor Authentication)
Password Rotation

Service Details


Scope: Universal

IAM Users, Groups and Roles are available in all AWS regions


Pricing: Free


Cognito


Cognito acts as an Identity Broker
AWS Best Practice for Web ID Federation
Uses mobile Push Notification (SNS) to sync data across devices
Manages User Pools

User directories for Sign-in and Sign-up


Manages Identity Pools

Temporary credentials to AWS services


Service Details


Scope: User Pools are per-Region
Pricing:

First 50k MAU - free
Over 50k MAU - from $0.00550 to $0.00250


EC2

EC2 101


Elastic Compute Cloud


Pay as you use


Failure resistant


Types:

On Demand - pay fixed rate by hour (more recently to by the second - linux). Good for unpredictable workloads.
Reserved - capacity reservation. pay upfront for discounts. Predicable workloads
Spot - Bid for instance capacity (based on supply/demand). Set bid price (by hour/second). Good for applications with flexible start and end times.
Dedicated hosts - Physical EC2 servers - often used for licensing cost optimization. Not multi-tenant. Good for regulatory requirements.


Instance Types:

General Purpose

Mac - Mac Instances
T - Burtsable General Purpose Instances
M - General Purpose Intel Xeon Instances
A - ARM Instance with cost savings


Compute Optimized

C
Hpc6a


Memory Optimized

R
X
High Memory
z1d


Storage Optimized

H
D
I


Accelerated Computing

VT
F
G
Inf
Trn
DL
P


Read EC2 FAQ

Think of an Elastic IP address as a STATIC public ipv4 address
limited to 5 Elastic IP addresses per region
you can configure the reverse DNS record of your Elastic IP address
One Availability Zone name (for example, us-east-1a) in two AWS customer accounts may relate to different physical Availability Zones.
You can retrieve metrics data for any Amazon EC2 instance up to 2 weeks from the time you started to monitor it. After 2 weeks, metrics data for an Amazon EC2 instance will not be available if monitoring was disabled for that Amazon EC2 instance. If you want to archive metrics beyond 2 weeks you can do so by calling mon-get-stats command from the command line and storing the results in Amazon S3 or Amazon SimpleDB.
Q. Can I use a Spot instance with a paid AMI for third-party software (such as IBM’s software packages)? Not at this time.
Q. What is the difference between Stop and Hibernate interruption behaviors? In the case of Hibernate, your instance gets hibernated and the RAM data persisted. In the case of Stop, your instance gets shutdown and RAM is cleared.
Can I use my existing Windows Server license with EC2. Yes you can. After you’ve imported your own Windows Server machine images using the ImportImage tool, you can launch instances from these machine images on EC2 Dedicated Hosts
NTP endpoint at a link-local IP address (169.254.169.123) accessible from any instance running in a VPC


EBS (Elastic Block Store)-


EBS (Elastic Block Storage)
Storage of OS, Databases and Applications
Automatically replicated WITHIN an AZ
Types:

General Purpose SSD (GP3/GP2). Balance price/performances. Ratio of 3 IOPS per GB, up to 10000 IOPS, can burst to 3000 IOPS for volumes >= 3334GB
Provisioned IOPS SSD (IO2/IO1). Use if > 10000 IOPS is required, can go up to 20000 IOPS
IO2 Block Express. Up to 64 TB and 256k IOPS per volume. SAN in the cloud performance.
Throughput Optimized HDD (ST1). Log processing, Data warehousing. Good for sequenced data. CANNOT be boot volumes. About 500 MBs
Cold HDD (SC1). Low cost - for infrequently access workloads. CANNOT be a boot volume. About 250 MBs
Magnetic (Standard). Lowest cost per gigabyte. IS bootable.


You CAN NOT mount 1 EBS volume to multiple ECS 2 instances - instead use EFS
Termination Protection is turned OFF by Default
On EBS backed instance, the default for root volume will be deleted when the instance is terminated
Using the default AMI Root volumes on EC2 - they are NOT encrypted. Or create a copy of the AMI, then encrypt the root device volume. Additional volumes (non-root) can be encrypted.
If you take a snapshot of a EBS volume in a RAID array the cached data is not included - You need to take an application consistent snapshot.


EBS Volumes & Snapshots - Upgrading/Moving-


EC2 and it's EBS volume MUST BE in the same AZ


Can modify volumes for everything except Standard Magnetic


To Migrate EBS volume from one AZ to another, must snapshot first then create volume off the snapshot


To Migrate EBS volume from one Region to another, must snapshot then copy to the new region


Image from snapshot makes it bootable


Volumes exist on EBS (Virtual Hard Disk)


Snapshots exist on S3


Snapshots are point in time copies of the Volumes


Snapshots are incremental (only changed blocks moved to S3)


It's recommended that then you snapshot a root EBS volume, SHOULD stop the instance before taking snapshot


However you can take a snap while the instance is running (memory cached data will be lost)


You can create AMI (Amazon Machine Images)'s from both Volumes and Snapshots


You CAN change EBS volumes sizes on the fly, including change the size and storage type


To move an ECS volume from one AZ/Region to another, take a snap or an image of it, then copy it to the new AZ/Region


Security

Snapshots of encrypted volumes, the snapshots are encrypted automatically
Volumes restored from encrypted snapshots are encrypted automatically
You can share snapshots, but only if un-encrypted

Can be shared with other AWS accounts (or made public)


AMIs Types - EBS Root Device Volumes vs Instance Store


AMI's are regional!


You can select your AMI based on:

Region
OS
Architecture (32/64bit)
Launch Permissions
Storage for the Root Device (Root Device Volume)

Instance Store (Ephemeral Storage)
EBS Backed Volumes


All AMIs are categorized as either backed up EBS or backed by Instance store


For EBS volumes: the root device for an instance launched from the AMI is an EBS volume created from an EBS snapshot


For Instance Store Volumes: the root device for an instance launched from the AMI is an instance store volume created from a template stored in S3


Instance Store Volumes are sometimes called Ephemeral Storage


Instance Store volumes CANNOT be stopped If the underlying host fails, you will lose your data


EBS instances can be stopped, and Data will not be lost


By default, both ROOT volumes will be deleted on termination, however with EBS volumes, you can tell AWS to keep the root device volume


EBS Pricing


Pay for Storage, IOPS and Throughput


Elastic Load Balancer


Application Load Balancer

Intelligent balancing for HTTP/HTTPS traffic
X-Forwarded-For HTTP Header


Network Load Balancer

High-performance TCP traffic


Classic Load Balancer

Legacy


Gateway Load Balancer

3rd party AWS virtual appliances


Pricing: Pay for hours and LCU (Load balancer capacity units)

Route53


DNS service
Maps a domain name to EC2, ELB or S3
Concepts:

Hosted Zone - A container for DNS records for your domain
Alias - ilovecloud.com
A Record - Allows to route traffic to a resource using IPv4 address.


RDS


RDS Database Types:

SQLServer, Oracle, MySQL, PostgreSQL, MariaDB, Amazon Aurora


RDS is for OLTP (Online Transactions Processing) Workloads
Not suitable for OLAP (Use other tools like RedShift)

Pricing: Same as EC2
Backups vs Snapshots


Backups

Automated, enabled by default
Snapshots + transaction logs
Retention period of up to 35 days


Snapshots

User-initiated, ad-hoc
Snapshot only
Stored indefinetely (s3)


Encryption


Enable at Creation
Integrated with KMS
To add lated: Snapshot -> Encrypt -> RDS from Snapshot

Multi-AZ vs Read Replica


Multi-AZ

Exact copy of production database
Disaster Recovery


Read Replica

Same AZ, cross-AZ, cross-region
scale read performance


ElastiCache


Memcached (mem-cache-d)

In-memory, key-value data store
No persistance or Multi-AZ


Redis

Supports data sorting and ranking
Advanced data types
Supports Persistance and Multi-AZ


Pricing: per-hour

Parameter Store


Store Confidential Information

Passwords, database connection string, license codes, etc
Plain Text or Encrypted
Referenced in bootstrap scipts
Integrated with AWS services


Pricing

Standart - free;
Advanced - per-parameter or per-API call


S3

API Gateway


Front door to applications running in AWS
Serverless
Throttling (prvents applications from overload)


Lambda

Intro


Extremely cost-effective
Scales out automatically
Event-driven
Independant - each event will trigger a single function. Lambd function can trigger other functions
API Gatewat, DynamoDB, SQS, SNS, etc.

Lambda Versions


$LATEST - is latest version of the lambda function
Custom version aliases are available (e.g. "Prod"). Must be manually updated

Limits


Default limit - 1,000 concurrent executions per second (over = 429 http code).
Limit can be changed by contacting AWS support
You can set reserved concurrency for a function

Lambda and VPCs


You can enable Lambda to access resources in a private VPC

Provide a VPC Config (Private subnet ID, and security group ID)


Lambda configures an ENI, using an IP from the private subnet CIDR range
The security group then allows your function to access resources in VPC

Step Functions


Workflow Types

Standard Workflows

Long-running (up-to 1 year)
At-most-once
Non-Idempotent


Express Workflows

Short-lived (up to 5 minutes)
At-least-once
Idempotent


Synchronous Express Workflows

The workflow must complete before the next step begins
e.g., a customer must provide an addres before order can be complete


Asynchronous Express Workflows

Tasks are not dependant on the completion of the workflow
e.g., a mesaging system


DynamoDB

Intro


Fully managed NoSQL database


Single digit millisecond latency


Document and Key-Value data models


Stored on SSD storage


Spread across 3 geographically distinct data centres


Eventual Consistent Reads (Default)

Consistency is usaully reached within a second (Best Read Performance - app must wait up to 1 second)


Strongly Consistent Reads (SLOWER read performance)

Returns a result that reflects all writes that received a sucessful response response prior to the read. (app cannot wait up to 1 second)


Basics:

Tables
Items (This a row of data in table)
Attributes (Think of a column of data in a table)


Pricing:

Provisioned throughput capacity

Write Throughput $0.0065 per hour for every 10 units
Read Throughput $0.0065 per hours for every 50 units


On-demand capacity

Good for unpredictable traffic
Per-per-use model


First 25 GB stored per month is FREE, then $0.25 per GB (per month) there after.


Primary Keys


2 Types of Primary Keys available


No 2 items in a table can have the same primary key value!


Single Attribute (think unique ID)

Partition Key (aka Hash key) composed of one attribute


Composite (think unique ID and a date range)

Partition Key & Sort Key (aka Range key) composed of two attributes


Partition Key

DynamoDB uses the partition keys value as input to an internal hash function. The output from the hash function determine the partition (this is simply the physical location in which the data is stored)


Partition Key and Sort Key

DynamoDB uses the the partition keys value as input into an internal hash function. The output from the has function determines the partition (this is simply th ephysical location in which the data is stored)
However!, 2 items can have the same partition key, but they MUST have a different sort key
All items with the same partition key are stored together, in sorted order by sort key value


Indexes

Local Secondary Index

Has the SAME partition key, DIFFERENT sort key
Can ONLY created when creating a table. Cannot be removed or modified later.
Max 5 LSI's per table - Limit - https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html


Global Secondary Index

Has DIFFERENT partition key and DIFFERENT sort key
Can be crete at table creation OR added later
Max 5 GSI's per table - Limit - https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html


DynamoDB Streams (Store for a max of 24 hrs)

used to capture any kind of modification of the DynamoDB tables

If a new items is added (captures entire item and it's attributes)
If an item is update (captures the before and after)
If a new item is deleted (captures it prior to deletion)


can trigger a lambda function (e.g. replicate table in another region)


Scan vs Query-


Query


Find items in a table using only primary key attribute values. you must provide a partitiion attribute name and a distinct valye to search for


Can optionally provide a sort key attrivute name and value, and use a comparison operator to refine the search results


By default, a Query returns all the data attributes for items with the specified primary key(s);


However, you can use the ProjectionExpression parameter so that the query only retuns some of the attributes, rather than all


Results will always be sorted by the sort key (if you have one). if the data type of the sort key is a number, the results are returned in numeric order;


otherwise, the results are returned in order of ASCCI char code values.


By default, the sort order is ASCENDING, to reverse order set the ScanIndexForward paramater to false


By default, queries are eventually consistent but chan be changed to be strongly consistent.


Query is MORE efficient than Scan


Scan

Dumps every item in the table
By default, a Scan returns all the data attributes
However, you can use the ProjectionExpression parameter so that the query only retuns some of the attributes, rather than all


For quicker response times, design your tables in a way that can use the:

Query, Get or BatchGetItem APIs
OR - design your application to use Scan in a way that minimizes the impact on your table's request rate.


Optimizing Scans

Use smaller page size
Segregating mission-critical and scan traffic
Using parallel scans
Redesign table


Exam tips

Query find items in a table using only primary key attribute values. You must provide a partition key attribute name and a distinct valye to search for.
Scan examines EVERY item in the table. By default, a Scan returns all of the data attributes for every item; however you can use the ProjectExpression parameter so that the Scan only returns some of the attributes, rather than all.
Query results are always sorted by the sort key in ascending order. Set ScanIndexForward parameter to false to reverse it
Try use Query operation rather than Scan, as query is more efficient


DAX (DynamoDB Accelerator)


In-Memory write-through cache
Improves response times for eventually consistent reads only.
Write operation are also written directly to cache
Point API calls to DAX cluster instead of your table
Cache Hit
Not Suitable for write-intensive applications

DynamoDB TTL


Time To Live

Add an attribute with UNIX timestamp
Tell DynamoDB to treat an attribute as a TTL
Removal can take up to 48 hours after expiration


Use Cases: Great for removing irrelevant or old data
Helps to Save Money

Provisioned Throughput Calculations


Unit of Read provisioned throughput

ALL reads are round up in increments of 4 KB
Eventualy Consistent Reads (default) consist of 2 reads per second.
Strongly Consistent Reads consist of 1 read per second
Formula

Size of Read round to nearest 4KB chunk / 4 KB) x # of items = read throughput
Divide by 2 if eventually consistent


Unit of Write provisioned throughput

All writes are 1KB
All writes conists of 1 write per second


HTTP 400 Status Code - ProvisionedThroughputExceededException

You exceeded your maximum allowed provisioned throughput for a table OR for one or more global secondary indexes.
Use Exponential Backoff by sending retry requests using progressively longer waits (Built-in for AWS SDKs)


Question 1: You have an application that requires to read 10 items of 1 KB per second using eventual consistency. What should you set the read throughput to?

Determine the amount of read units per item we need

1 KB rounded up to the nearest 4 KB increment = 4
4 KB / 4 KB = 1 read unit per item


1 x 10 read items = 10
Using eventual consistency we get 10 / 2 = 5
5 units of read throughput required
(4 / 4) x 10 = 10, 10 / 2 == 5


Question 2: You have an application that requires to read 10 items of 6 KB per second using eventual consistency. What should you set the read throughput too?

Determine the amount of read units per item we need

6KB rounded up to the nearest 4KB increment = 8 KB
8 KB / 4 KB = 2 read units per item


2 x 10 read items = 20
Using eventual consistency we get 20 / 2 = 10
10 units of read throughput required
(8 / 4) * 20 = 2, 20 / 2 == 10


Question 3: You have an application that requires to read 5 items of 10 KB per second using eventual consistency. What whould you set the read throughput too?

Determine the amount of read units per item we need

10 KB rounded up to the nearest 4KB increment = 12 KB
12 KB / 4 KB = 3 read units per item


3 x 5 read items = 15
Using eventual consistency we get 15 / 2 = 7.5
8 units of read throughput required
(12 / 4) * 5 = 15, 15 /2 = 7.5 (round up)


Question 4: You have an application that requires to read 5 items of 10 KB per second using strong consistency. What should you set the read throughput too?

Determine the amount of read units per item we need

10 KB rounded up to the nearest 4KB incement = 12 KB
12 KB / 4KB = 3 read units per item


3 x 5 read items = 15
Using strong consistency we get 15 / 1 = 15
15 units of read throughput required
(12 / 4) * 5 = 15, 15 / 1 = 15


Question 5: You have an application that requires to write 5 items, with ech item being 10 KB in size per second. What should you set the write throughput too?

As write units are 1KB, we need 10 write units per item
We have 5 items, therefore 10 x 5 items = 50
50 units of write throughput required


Question 6: You have an application that requires to write 12 items of 100 KB per item each second. What should you set the write throughput too?

As write units are 1KB, we need 100 write units per item
We have 12 items, therefore 100 x 12 = 1200
1200 units of write throughput required


Web Identity Auth to DynamoDB

Steps to authenticate:
1. User Authenticates with ID provider (OpenID Connect provider such as Facebook/Google)
2. They are passed a Token by their ID provider
3. Your code calls 'AssumeRoleWithWebIdentity' API, and provides the providers token and specifies the ARN for the IAM Role
4. App can now access DynamoDB from between 15 mins to 1 hr (Default is 1 hr)
Other important bits


Conditional Writes

put logic in place as part of the write operation to only update/write if that condition is met.
Example 'If item = $10 then update to $12"

Conditional writes are 'idempotent' - meaning you can send the same conditional write request multiple times, but it will have no further effect on the item after the first rime Dynamo DB erforms the specified update
For example suppose you issue a request to update the price of a book item by 10%, with the expectation that the price is currently $20.
However, before you get a response, a network error occurs and you don't know whether your request was successful or not....
Becuase a conditional update is an 'idempotent' operation, you can send the same request again, and DynamoDB will update the price only if the current price is still $20.


Atomic Counters

DynamoDB support atomic counters
Where you use UpdateItem operation to increment / decrement the value on an existing attribute,
without interfering with other write requests. All write operations are applied in the order in which they were received
For example: a web app might want to maintain a counter per vistor to the site. In this case, the application would need increment this counter regardless of it's current value.
Atomic counter updates are NOT 'idempotent' - meaning that the counter will increment each time you call UpdateItem
If you suspect that a previous request was unsucessful, your application could retry the UpdateItem operation;
However, this would risk updating the counter twice.
This might be acceptable for a web site counter, because you can tolerate with slightly over or under-counting the vistors
However, in a banking application it would be safer to use a conditional update rather than an atomic counter


Batch Operations

If you application needs to read multiple items, you can use the BatchGetItem API.
A single BatchGetItem request can retrieve up to 1 MB of data, which can contain up to 100 items
Also, a single BatchGetItem request can retrieve items from multiple tables


CLI Commands


CreateTable, UpdateTable (e.g. change settings), ListTables, DescribeTable, DeleteTable
PutItem, GetItem (use primary key), UpdateItem, DeleteItem
Scan (read all then filter), Query (uses partition key)


KMS


AWS-Managed Customer Master Keys (CMKs)

Generated by integration with services like S3, SNS, etc.


Customer-managed CMK

Requires Alias, Description and Key Material (Use KMS, provide or Cloud HSM)
Key Administrative Permissions

Users or Roles with Administrative permissions


Key Usage Permissions

Users or Roles with Usage permissions


Usage

CMK is used to encrypt data up to 4KB
CMK can be used to generate data-key
CMK can be used to encrypt data-key (Envelope Encryption)
Envelope Encryption avoids sending all the data to the KMS


API calls

aws kms encrypt
aws kms decrypt
aws kms re-encrypt
aws kms enable-key-rotation
aws kms generate-data-key


SQS


Distributed queue system


Basically a temporary repository for messages that are awaiting processing


Good for decoupling application components


Autoscaling EC2 instances based on SQS queue metrics is available


Web service that gives you access to a message queue, that can be used to store messages whilst awaiting processing


Queue types:

Standard Queues (default)

Nearly unlimited TPS
Guarantee's a message is delivered atleast once, however:
Occasionally (due to distributed arch) more than 1 message may be delivered out of order
Best effort ordering - ensures the messages are generally delivered in the same order they were sent


FIFO (First in First Out) Queues

First-In-First-Out
Gaurantee's order is preserved
No duplicates
Limited to 300 TPS


SQS Settings

Visibility Timeout (ChangeMessageVisiblity)

Items becomes invisible when picked-up then visible after the timeout
Default: 30 seconds
Maximum: 12 hours


Retention Period

Messages can be kept in the queue from 1 minute to 14 days (default is 4 days)


Short polling vs Long polling

Short polling

Returns a response immediately even if the queue is empty
Pay for each response


Short polling

Wait for the message to show-up until timeout
Long poll save you money, by reducing the amount of time polled.
Maximum Long Poll Time Out = 20 seconds


Payload size

SQS can store messages of size up to 256 KB
Messages biggen than 256 KB can be stored in S3
To manipulate S3 messages the AWS SDK for Java is required


SQS Fanning Out (kinda like broadcasting a message)

Create an SNS topic first using SNS. Then create and subscribe multiple SQS queues to the SNS topic
Now whenever a message is sent to the SNS topic, the message will be fanned out to the SWS queues
i.e SNS will deliver the message to all the SQS queues that are subscribed to the topic


SNS


Instant, push-based delivery
Uses Pub / Sub model

Consumers need to subscribe to a topic


Supports:

Push notifications, SMS, Email, SQS, HTTP


Fanout

Can fanout messages to a large amount of recipients


SES


Simple Email Service
Used for incoming and outgoing emails
Not Subscription-based

Knowing an email is enough to start sending emails


Kinesis


Streaming Data - generated continuously by thousands of data sources, sending records simultaneously, and generally small sizes

Stock Prices
Game data (as they play)
Social network data
Geospatial data (think uber - continuous driver position data)
IoT sensor data


'Producers' (e.g. EC2, phone, etc) send data to Kinesis


'Consumers' (e.g. EC2 - then store in S3, DB etc)


Kinesis

Streams

Capture and store streaming video and data for real-time processing and analysis
Consumer applications process and analyse the data in real-time
Consists of Shards (default storage is 24hrs, can be increased to 7 days)
Can have multiple Shards in a streams
Best practice to have # consumers <= # of shards. Extra consumers for fail-over cases
Can setup autoscaling group based on CPu utilization for situation when adding more Shards


Firehose

Capture, transform and load data continiously into AWS data stores
BI apps and tools for near real-time analysis
'Automated' in comparison with Streams
Don't need to manage shards (doesn't have them) / retention
Analysis via Lambda
Results to S3, then onwards to Redshift, etc.


Analytics

Uses data from Kinesis Data Streams or Kinesis Data Firehose
Real-time analytics using SQL
Results to S3, Redshift or Elasticsearch Cluster


CodeCommit, CodeBuild, CodeDeploye, CodePipeline

CodeArtifact

Elastic Container Service (ECS)

CodeStar

Elastic Beanstalk


Basically just upload your code (for ppl that are not very with AWS - or want low management overhead)


You can deploy, monitor and scale an application quickly


Provides developers/end users with the ability to provision application infrastructure in an almost transparent way


It has a highly abstract focus towards infrastructure, focusing on compoents and performance - not configuration and specifications


Attempts to remove, or significantly simplify infrastructure management, allowing applocations to be deployed into infrastructure environments easily.


Customizing Configuration

Amazon Linux 1

Using the .ebextensions folder

Applicable for Amazon Linux 1
Located in the top-level application directory
Files need to have .config extension
YAML or JSON can be used


Amazon Linux 2

Using Buildfile

Root level file
Suitable for operations which exit upon completion


Using Procfile

Suitable for long-running processes. For instance, custom command to start application


Platform Hooks

Various scripts to run at different stages of EC2 provisioning
.platform/hooks/prebuild
.platform/hooks/predeploy
.platform/hooks/postdeploy


Deployment Types

All at once (worst)

Updates all instances at the same time
Involves service interruption


Rolling

The new colde is deployed in batches
Reduced capacity during deployment
Rolling back requires a further Rolling update


Rolling with Additional Batch

Maintains full capacity
Rolling back requires a further Rolling update.


Immutable (best)

Maintains full capacity
To roll back: delete the new instances and update ELB


Traffic Splitting (best)

Performns Immutable deployment
Splits the traffic between the old and new deployments
Enables Canary Testing


Deploying RDS within Elastic Beanstalk

Inside Beanstalk

Quick and easy
Terminating EB environment also terminsated database
Suitable for Dev and Test envs


Outside Beanstalk

Requires additional configuration steps (Security Group, db connection)
Terminating EB env does not affect the database
Suitable for Prod env


Migration to Elastic Beanstalk

Your Data Center -> Elastic Beanstalk
AWS provided Migration Assistant Tool

Windows Web Application Migration Assistant

Formerly known an .NET migration assistant
Interactive PowerShell Utility
OpenSource and available on GitHub


Exam tips

You can have multiple versions of your applications
Your apps can be split into tiers (Web / App / DB)
You can update your application
you can update your configuration
You CAN SSH/RDP into your instaces
You pay for the resources that you use, EB is free
Language support

Apache Tomcat for Java
Apache HTTP server for PHP
Apache HTTP server for Python
Ngnix / Apache HTTP for Node.js
Passenger / Puma for Ruby
Microsoft IIS 7.5/8.0 and 8.5 for .NET
Java SE
Docker
Go


CloudFormation

CloudWatch


CloudWatch is all about monitoring the performance and health of your system
Gathers performance metrics from EC2 instances:

Default: CPU, Network, Disk and Status check
CloudWatch Agent: Memory Usage, Processes, CPU Idle Time


CloudWatch Logs

Monitors and stores logs
Gathers Logs from all AWS services (e.g. lambda)


CloudWatch Alarms

Alarm to monitor a metric and generate an alert


Concepts:

CloudWatch Metrics

A metric is a variable to monitor (e.g. CPU usage)


CloudWatch Namespaces

Container for cloudwatch metrics (e.g. AWS/EC2 namespace)


CloudWatch Dimensions

Filter metadata (e.g. InstanceID)


CloudWatch Dashboards

Customized homepage


CloudTrail


Records account activity (API calls) regarding creation/deletion of resources
Tracks failed logins

X-Ray


X-Ray helps developers analyze and debug distributed applications.


Service Map

Service Map is a visual representation of your application
Provides information about Latency, Status Codes and Errors


X-Ray Agent

Must be installed on your instance


X-Ray SDK

Instruments application to send traces to X-Ray


X-Ray Exam Tips:

Integrated with AWS Services

DynamoDB, Lambda, API Gateway, etc.


Your applications

Instrument data about HTTP requests using the SDK


Supported Platforms

EC2, Elastic Beanstalk, ECS and on-premises environments


Running X-Ray in ECS

Run the X-Ray daemon in its own Docker image, running alongside application


X-Ray Annotations

Add key-value pairs allowing to filter, index and search (e.g. game_name=TicTacTor, gameId=124)