CCP-Rev4..1a GCF SENDV1
CCP-Rev4..1a GCF SENDV1
Guillermo Cabrera
AWS Partner Trainer
[email protected]
Tu retroalimentación es esencial
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Imagenes have a creative commons licencing 3
Agenda
MODULE 6 - RESOURCES
6
2 Foundations
Welcome
• Should not be taken as the sole source of study to perform the exam AWS CCP.
6
AWS Certified Cloud Practitioner
Multiple-answers:
• About the Exam
Which are AWS services? (choose 2)
• Exam code CLF-C01 ( • ) IAM
( • ) CloudFront
• 65 questions
( ) AWS Games
( ) ForCloud
• 90 minutes
( ) Discovery Tiers
• Score : 100 to 1000 (Minimum 700 PASS)
Single-answer:
• Immediate Result
Points of Presence which CloudFront uses to
• US$ 100,00 cache copies of your content:
7.
AWS Certified Cloud Practitioner
• Exam Topics
https://aws.amazon.com/certification/certified-cloud-practitioner/
8
How to register for the exam Select “Certification” in the top bar menu
9
How to add 30min (1/2)
Non-native English speaking countries are eligible to add 30min to exam time.
How to do this?
Go to certification portal (aws.training/Certification)
10
How to add 30min (2/2)
11
AWS Certified Cloud Practitioner Online
English only.
Exam supervised through a webcam.
Use a quiet, private location with a reliable
internet connection.
https://aws.amazon.com/blogs/apn/now-you-can-take-the-aws-certified-cloud-practitioner-exam-at-your-home-or-office-24-7/
12
AWS Certified Cloud Practitioner - Resources of
Study
• Resources
• AWS Training (aws.amazon.com/training) aws.training/LearningLibrary
• AWS Whitepapers
• Overview of Amazon Web Services
• Architecting for the Cloud: AWS Best Practices
• How AWS Pricing Works
• Cost Management in the AWS Cloud
• AWS support plan comparison
13
AWS Certified Cloud Practitioner
To Do
• Review this material.
14
.
Agenda
18
What Sets AWS Apart?
Enterprise Leadership Service Breadth and Depth Pace of Innovation Global Presence
Building and managing the Over 165 services 1,957 Features in 2018 69 Availability Zones in 22
cloud since 2006 1,430 Features in 2017 geographic regions
around the world
19
Amazon Global Infrastructure
20
AWS Global Infrastructure
24 76 216
Geographic Availability Edge
Regions Zones Locations
Announced Regions
3 Regions and 9 AZs in Indonesia, Japan and Spain
- AZs are isolated locations (power, network, flood zone, and so forth) in Regions.
- AZs have one or more data centres (some have 8 data centers).
Each data center building has between
- AZs are designed to offer high availability of services to customers. 50,000 and 80,000 physical servers.
- AZs in one Region have submillisecond latency between them.
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 22
Amazon CloudFront
• Content Delivery Network (CDN)
23
How to build resilient architectures?
24
AWS Platform Services
Over 175 Services
Advanced
Services
Analytics Artificial Internet of Game AWS
Intelligence Mobile Things Development Marketplace
Business Process
Services
Desktop and App Technical and
Developer Management Business Application
Streaming Business Support
Tools Tools Productivity Services
Foundational
Services
Compute Storage Databases Networking/ Hybrid Cloud Messaging
Cont. Delivery Architecture
25
Introducing Amazon Enterprise
Applications
WorkMail WorkDocs
Productivity
26
Services Availability per Region
Region Table
AWS Marketplace is an
online store that supports:
28
AWS Hybrid Architecture Support
79%
Almost every AWS customer with on-premises
01. of existing Enterprise
infrastructure is running a hybrid architecture.
workloads run on VMware*
29
Agenda
24/7
32
Security: The Shared Responsibility Model
Examples
Customer content Customers are • OS patching/update
responsible for their Software compliance
Customer
•
Platform, Applications, Identity & Access Management security and • App./Sw. licensing
compliance IN the • Sw. optimizations
Cloud • DB schema analysis
Operating System, Network & Firewall Configuration • Snap./bkup routines
• Use of encryption
Client-side Data Server-side Data Network Traffic …
Encryption Encryption Protection
AWS
AWS Prod
Corporate
Network
Network
New way
Old way
Code
36
AWS Built-In Security
Security Focus Security Services and Features
Amazon VPC
AWS WAF
Infrastructure Security Encryption in-transit with TLS with all services
AWS Artifact
AWS Identity and Access Management (IAM)
Identity and Access Control AWS Multi-Factor Authentication
AWS Directory Service
AWS Trusted Advisor
AWS CloudTrail
Monitoring and Logging Amazon CloudWatch
Amazon Macie
Amazon Inspector
Inventory and Configuration AWS Config
AWS CloudFormation
AWS Shield
Auto Scaling
DDoS Mitigation Amazon CloudFront
Amazon Route 53
How it works
https://aws.amazon.com/premiumsupport/technology/trusted-advisor/
38
AWS Organizations
Policy Enforcement
Enforcement is based on
stakeholder roles and
responsibilities, and in accordance
with compliance regulations
(e.g.HIPAA, FedRAMP, PCI/DSS).At
each level of the hierarchy the
company can specify which AWS
Services, features, and resources are
approved for use on a
perdepartment, peruser, or
perproject basis.
39
Accounts
Amazon Inspector
• Vulnerability Assessment Service Inspector
Service
https://aws.amazon.com/inspector/
41
Amazon Inspector
• Vulnerability Assessment Service Inspector
Service
https://aws.amazon.com/inspector/
42
Web application firewall
43
AWS Shield and AWS Shield Advanced
Standard
• Always-on Detection
• Defend against common attacks
• No Cost for Standard
Advanced
• DDos Response Team 24x7
• DDos cost protection
• Global availability
44
Benefits of AWS Shield Standard and Shield Advanced
47
https://aws.amazon.com/compliance/
On-Demand Access to Compliance
Reports
Download Compliance Reports on Demand
AWS Artifact
48
Agenda
Route 53 – DNS
CloudFront
Buckets S3
Region
AMI Images
Instances EC2/RDS
AZ Volumes EBS
Conteiners
53
Use Multi-AZ Patterns to Increase
Reliability
Web app Web server Microsoft
proxy (IIS) SQL Server
Remote
desktop GW Application
server
AZ B
54 Application 1
Tools for Migrations
• Server Migration
Service
VMware AWS
• Database Migration
Service
Source DB Target DB
Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail
Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer
56
AWS Compute Services
• How will you deliver the application executables?
• Instances
– Amazon EC2
• Containers
– Amazon ECS, Amazon EKS
– AWS Fargate
• Serverless
– AWS Lambda
57
Amazon EC2
• Amazon Elastic Compute Cloud (Amazon EC2)
• Virtual machine instance running on an AWS hypervisor
• Support numerous distributions of Linux or Microsoft Windows
• Complete control of your host operating system with root and administrator
accounts
• Responsible for all installed applications
https://aws.amazon.com/ec2/
58
Amazon EC2
• Platform
• Virtual machine instance.
• Linux and Microsoft Windows AMI’s.
– Amazon Machine Image: is the image of the
Operating System that will be loaded in the
instance. Window Svr
https://aws.amazon.com/ec2/
59
Amazon Machine Image (AMI)
• AMI Content
• Defines which OS to use (Linux, Windows).
• Public and private AMI’s.
• Defined at instance launch process.
EC2 AMI
60
Broadest and deepest platform choice
CATEGORIES CAPABILITIES OPTIONS
Choice of processor
(AWS, Intel, AMD)
General purpose
Fast processors
(up to 4.0 GHz)
Burstable
High memory footprint MORE THAN
275
Compute intensive (up to 12 TiB)
61
AWS Instance Launch
• Amazon EC2 Instance Launch:
AWS CLI
AWS SDK
63
AWS CLI
• How to use the AWS CLI tool:
IAM > Users > ‘user’ > Security Credentials > Access keys
64
Amazon EC2 –Remote Access
• At the moment of creation of the instance it is defined which key-pair will be used to access the
instance.
AWS
“A key pair consists of a public key that AWS
stores, and a private key file stored by the user.”
Private Key
Public Key
RDP – Remote Desktop
Administrator
TCP port 3389
65
Scalability aspects
• There are different ways to scale a solution
67
How Does Auto Scaling Work?
What Where When
Auto Scaling
AMI EC2
policy
Auto Scaling group: CPU utilization triggers the alarm: capacity is doubled until
CPU utilization drops below 60% or max capacity is reached.
• Minimum = 2
• Maximum = 12
69
Virtual machine versus containers
VM App 2
Hypervisor Docker
Host OS Host OS
70
ECS
Kubectl mycluster.eks.amazonaws.com
AZ 1 AZ 2 AZ 3
EKS Workers
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Fargate
No infrastructure
Manage everything at
container level
Launch quickly
Scale easily
Containers on demand
Resource based pricing
So you want to run a (managed) container on
No servers to manage Continuous Scaling Pay only for compute time used
76
AWS Lambda
• Use Cases:
• Building modular, scalable, lightweight applications
• Serverless data processing on demand
• Perform data validation, filtering, sorting, or other transformations.
• Image thumb-nailing, in-app activity, website clicks, or output from devices
77 https://aws.amazon.com/lambda/
AWS Storage Services
Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail
Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer
78
Storage Options
Amazon EC2
Amazon EFS Amazon EBS Instance Store Amazon S3 Amazon Glacier
File Block Object
Data Transfer
AWS Direct AWS Snowball S3 Transfer Storage Amazon Kinesis ISV Connectors
Connect Acceleration Gateway Firehose
79
What is Amazon Elastic Block Storage (EBS)?
SSD HDD
82
EBS Encryption
83
Amazon EBS Snapshot
• Point-in-time backup
Amazon EBS
snapshot
84
Amazon EFS
EC2-Inst1 EC2-Inst2 EC2-Inst3
• Fully managed
• No hardware, network, file layer
• No need to provision storage in advance
• Create a scalable file system in seconds! File System
• Simple pricing = Pay for actual storage consumed as a Service
• Multiple EC2 instances accessing at the same time
85
Amazon S3 – Simple Storage Service
86
Amazon S3 Features
• S3 Features
88
Amazon S3 Storage Classes
Durable
“Hot” Data 99.999999999
Active and/or $0.023/GB per month %
Temporary Data
S3-Std Available
S3: 99.99%
S3-IA: 99.9%
“Warm” Data S3-IA-1Z: 99.5%
Infrequently $0.0125/GB per month $0.01/GB retrieval
Accessed Data
S3-IA Performant
Low Latency
High Throughput
“Warm” Data $0.0100/GB per month $0.01/GB retrieval
Infr. Accessed Data
Non-critical Data
S3-IA-1Zone Scalable
Elastic capacity
No preset limits
1~5min
“Cold” Data $0.03/GB
3~5hs
Archive and $0.004/GB per month $0.01/GB
Compliance Data 5~12hs
Glacier $0.0025/GB
S3 Intelligent Tiering
S3 Standard S3 Infreq.Access
S3 One Zone-IA
https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html
Amazon S3 Security
92
Amazon S3 Glacier
• Long term storage solution
• Long term archiving, backup.
• Low cost.
Ready to download!
Object ID 001
Object ID 025 ID ID
ID 150
Object ID 150 001 025
Object ID 400 Archive retrieval job
….
Expedited: 1~5min
ID 400
Standard: 3~5hs
Bulk: 5~12hs
93
99.999999999% durability of objects over a given year
Storage Gateway
File Gateway
Customer DC • Cached and Stored modes.
• EBS Snapshots of your data.
Direct Connect • Backup to cloud.
NFS/SMB • Big-Data, ML and Analytics initiatives.
VPC
Volume Gateway
Tape Gateway
• Cached and Stored modes.
• Integrates using iSCSI.
• EBS snapshots of your data.
• Low-effort migration to cloud backup.
• Reduce datacenter infrastructure.
Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail
Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer
95
Amazon VPC
• Provision a logically isolated section of the AWS cloud
• Control your virtual networking environment
– Subnets
– Route tables
– Security groups
– Network ACLs
• Connect to your on-premises network via VPN or Direct
Connect
• Control if and how your instances access the Internet
Archive S3 Lifecycle
Logs Bucket Policies to
Glacier
Users
Test VPC
us-east-1b
NAT
Bastion
Potential use
for security
appliances for
monitoring,
logging, etc.
us-east-1c
101
Network Load Balancer
Rule Listener
Target Target
Target Group Health
Check
102
Amazon CloudFront
https://aws.amazon.com/cloudfront/
103
Amazon Route 53
https://aws.amazon.com/route53/
105
AWS Database Services
Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail
Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer
107
Amazon RDS
• Relational databases
• Fully managed and secure
• Fast, predictable performance
Amazon
• Simple and fast to scale
Aurora
Amazon
• Low cost, pay for what you use
RDS
https://aws.amazon.com/rds/
108
Amazon RDS
Managed relational database service with a choice of six popular database engines
Easily deploy and Data encryption at rest Automatic Multi-AZ Scale compute
maintain hardware, OS and in transit; industry data replication; and storage with a few
and DB software; built- compliance and automated backup, clicks; minimal downtime
in monitoring assurance programs snapshots, failover for your application
109
Amazon RDS: Replication and Failover
RDS Multi-AZ Option – Avoid Single Point of Failure
111
Amazon RDS Read Replicas
Read scaling and disaster recovery
and Oracle
• Relieve pressure on your master node with
additional read capacity
Asynchronous
• Bring data close to your applications replication
in different regions
• Promote a read replica to a master for faster Read only
recovery in the event of disaster
BI/reporting
application server Read replica
112
Amazon Aurora
Delivered as a managed service on top of RDS
114
Amazon DynamoDB
115
Consistently: low latency at scale
PREDICTABLE PERFORMANCE!
Amazon ElastiCache
• A fully-managed in-memory data store or cache environment in the cloud.
https://aws.amazon.com/elasticache/
118
AWS Security Services
Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail
Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer
119
The Layered Security Approach
• Secured Infrastructure
– Secured endpoints
– Compliance alignments and
frameworks
– Certifications and attestations
• VPC
– Workload isolation Instance
Firewall
• Security Group
– Port/protocol filtering
Security group
• Instance Firewall
– Rule-based protection at the OS level Subnet
VPC
120
AWS Identity & Access Management
A core AWS security service.
https://aws.amazon.com/iam/
121
IAM Root Account Best Practices
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
123
IAM Roles Best Practices
IAM identity that can be assumable by anyone who needs it.
Ex.: users, applications, services, federated users
API Call
Apps.
Assuming IAM Role [credentials]
codes
Create, delete, change bucket
126 https://aws.amazon.com/kms/
AWS Management Services
Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail
Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer
129
AWS CloudWatch
https://aws.amazon.com/cloudwatch/
130
AWS CloudTrail
• CloudTrail provides the event history of AWS account activity
• Permits governance, Who did
that?!
compliance, audit.
• Logs API calls.
• Security analysis.
• Tracking of resource changes.
• Problems solution.
133
AWS Config
Managed service for tracking AWS inventory and configuration, and
configuration change notification.
AWS Config
Amazon Amazon
EC2 EBS
Amazon AWS
VPC CloudTrail
135
Agenda
MODULE 6 - RESOURCES
6
2 Foundations
Module 4:
Pricing, TCO and Cost Optimization
on AWS
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 137
Cloud Value Framework
138
TCO the way customers typically see it
illustrative
Software - OS, Virtualization Licenses
1 Server Costs Hardware – Server, (+Maintenance)
(+Maintenance)
139
TCO the way it really is Overhead
On-prem.
Colocation
illustrative
Hardware – Server, Rack Software - OS, Facilities Cost
1 Server Costs Chassis PDUs, ToR Switches Virtualization Licenses
(+Maintenance) (+Maintenance) Space Power Cooling
Cost of delays
Network Hardware – LAN Facilities Cost Risk premium
Software – Network
3 Network Costs Switches, Load Balancer
Monitoring Space Power Cooling
Competitive abilities
Bandwidth costs
Governance
Etc.
4 IT Labor Costs Server Admin, Virtualization Admin, Storage Admin, Network Admin, Support Team
141
Tools for Cost Visibility
Cost Explorer TAGs
• Monthly Spend by Service View • Identify and organize your AWS resources
• Monthly Spend by Linked Account View • Integrated with multi AWS Services
• Daily Spend View • EC2, RDS, S3, Glaciers, Redshift, etc...
142
AWS Pricing Philosophy
01 02 03
143
On-Demand and Reserved
145
Convertible Reserved Instances
Convertible – Reserved Reduced price during For customers lacking Steady-state but can
Instance Reserved Instance term understanding of change
Change Reserved future workloads
Instance family, type,
OS, or tenancy Example
C3 RI C4 RI
146
Spot Instances
147
Dedicated Instances and Dedicated
Hosts
Instance Type Benefits When to Position Workloads
Dedicated Instance Instances run on For workloads that Data isolation required
hardware dedicated to require dedicated
you only hardware to meet
unique security and
compliance needs
Customer must pay an hourly instance fee Customer must pay a dedicated per region fee
Dedicated Host Instances run on For existing server- Data isolation required
hardware dedicated to bound software License dependent
you only licenses that are bound applications or services
License portability to VMs, sockets, or
Fine grain control of physical cores
hardware
148
.
Estimating Cost Savings
New!
• Simple Monthly Calculator AWS Pricing Calculator
150
Agenda
MODULE 6 - RESOURCES
6
2 Foundations
Module 5:
AWS Well-Architected Framework
The AWS Well-Architected Framework
• Design Principles
– Stop guessing your capacity needs
– Test systems at production scale
– Automate to make architectural experimentation easier
– Allow for evolutionary architectures
– Data-Driven Architectures
– Improve through game days
154
Pillars of AWS Well-Architected
155
Applying Operational Excellence
Availability Zone A
2. Use of CodeStar
1. Use of Public Web Tier App Tier Data Tier
Subnet (Private (Private
Amazon to deploy
CloudWatch to x.x.x.x/x Subnet) Subnet)
users x.x.x.x/x x.x.x.x/x Aurora Infrastructure as
achieve visibility Example
Services: Code
in the cloud RDGW
NAT Reserved Reserved
ISD/WAF
On-Demand On-Demand
replication
Auto Auto
Scaling Scaling
Group Group
Availability Zone B
158
Hey, everybody! Get ready for our..
Pop Quiz!
bit.ly/awsCloudPract
Simulation: CPC Prep Test and
Discussion
Agenda
MODULE 6 - RESOURCES
6
2 Foundations
Module 6:
APN Resources to Help You
APN Program Resources
Monthly Partner-Facing
APN Program Guide Webinars
APN Personnel Resources
Benefits and
Requirements
Training and
Certification APN Blog, Newsletter,
Twitter
APN Portal
Marketing
https://partnercentral.awspartner.com
APN Partner
I Programs
176
APN How-To Guides and AWS Events
Sponsorship
AWS How-To Guides AWS Events
Opportunities
500-6,000
50-500
+50,000
177
Partner Training
https://www.aws.training/
Workshops and Bootcamps Videos, Labs, and Classes
Specialty Courses for APN Partners With Business and Technical Tracks
178 https://partnercentral.awspartner.com
Available AWS Certifications
https://youtu.be/WqUQNp1hAH8
179
Class Evaluation and Assessment
Guillermo Cabrera
[email protected]
183