Your AWS Certification journey

What is Cloud Computing

Section
 How websites work

network

Client Server

Clients have IP addresses

Servers have IP addresses
What is a server composed of?
• Compute: CPU + =
• Memory: RAM

• Storage: Data

• Database: Store data in a structured way

• Network: Routers, switch, DNS server

Traditionally, how to build infrastructure

Home or Garage
Office Data center
Problems with traditional IT approach
• Pay for the rent for the data center
• Pay for power supply, cooling, maintenance
• Adding and replacing hardware takes time
• Scaling is limited
• Hire 24/7 team to monitor the infrastructure
• How to deal with disasters? (earthquake, power shutdown, fire…)

• Can we externalize all this?

What is Cloud Computing?
• Cloud computing is the on-demand delivery of compute power, database storage,
applications, and other IT resources
• Through a cloud services platform with pay-as-you-go pricing
• You can provision exactly the right type and size of computing resources you
need
• You can access as many resources as you need, almost instantly
• Simple way to access servers, storage, databases and a set of application services

• Amazon Web Services owns and maintains the network-connected hardware

required for these application services, while you provision and use what you need
via a web application.
Office The Cloud
You’ve been using some Cloud services

Gmail Dropbox Netflix

• E-mail cloud service • Cloud Storage Service • Built on AWS
• Pay for ONLY your emails • Originally built on AWS • Video on Demand
stored (no infrastructure, etc.)
The Deployment Models of the Cloud
Private Cloud: Public Cloud: Hybrid Cloud:
• Cloud services used by a • Cloud resources owned • Keep some servers on
single organization, not and operated by a third- premises and extend
exposed to the public. party cloud service some capabilities to the
provider delivered over Cloud
• Complete control
the Internet.
• Control over sensitive
• Security for sensitive
applications • Six Advantages of Cloud assets in your private
Computing infrastructure
• Meet specific business
needs • Flexibility and cost-
effectiveness of the
public cloud
The Five Characteristics of Cloud Computing
• On-demand self service:
• Users can provision resources and use them without human interaction from the service
provider
• Broad network access:
• Resources available over the network, and can be accessed by diverse client platforms
• Multi-tenancy and resource pooling:
• Multiple customers can share the same infrastructure and applications with security and privacy
• Multiple customers are serviced from the same physical resources
• Rapid elasticity and scalability:
• Automatically and quickly acquire and dispose resources when needed
• Quickly and easily scale based on demand
• Measured service:
• Usage is measured, users pay correctly for what they have used
Six Advantages of Cloud Computing
• Trade capital expense (CAPEX) for operational expense (OPEX)
• Pay On-Demand: don’t own hardware
• Reduced Total Cost of Ownership (TCO) & Operational Expense (OPEX)
• Benefit from massive economies of scale
• Prices are reduced as AWS is more efficient due to large scale
• Stop guessing capacity
• Scale based on actual measured usage
• Increase speed and agility
• Stop spending money running and maintaining data centers
• Go global in minutes: leverage the AWS global infrastructure
Problems solved by the Cloud
• Flexibility: change resource types when needed
• Cost-Effectiveness: pay as you go, for what you use
• Scalability: accommodate larger loads by making hardware stronger or
adding additional nodes
• Elasticity: ability to scale out and scale-in when needed
• High-availability and fault-tolerance: build across data centers
• Agility: rapidly develop, test and launch software applications
Types of Cloud Computing
• Infrastructure as a Service (IaaS)
• Provide building blocks for cloud IT
• Provides networking, computers, data storage space
• Highest level of flexibility
• Easy parallel with traditional on-premises IT
• Platform as a Service (PaaS)
• Removes the need for your organization to manage the underlying infrastructure
• Focus on the deployment and management of your applications
• Software as a Service (SaaS)
• Completed product that is run and managed by the service provider
 Infrastructure Platform as a Software as a
On-premises as a Service Service Service
(IaaS) (PaaS) (SaaS)
Applications Applications Applications Applications

Data Data Data Data

Runtime Runtime Runtime Runtime

Middleware Middleware Middleware Middleware

O/S O/S O/S O/S

Virtualization Virtualization Virtualization Virtualization

Servers Servers Servers Servers

Storage Storage Storage Storage

Networking Networking Networking Networking

Managed by you Managed by others

Example of Cloud Computing Types
• Infrastructure as a Service:
• Amazon EC2 (on AWS)
• GCP, Azure, Rackspace, Digital Ocean, Linode
• Platform as a Service:
• Elastic Beanstalk (on AWS)
• Heroku, Google App Engine (GCP), Windows Azure (Microsoft)
• Software as a Service:
• Many AWS services (ex: Rekognition for Machine Learning)
• Google Apps (Gmail), Dropbox, Zoom
Pricing of the Cloud – Quick Overview
• AWS has 3 pricing fundamentals, following the pay-as-you-go pricing
model
• Compute:
• Pay for compute time
• Storage:
• Pay for data stored in the Cloud
• Data transfer OUT of the Cloud:
• Data transfer IN is free
• Solves the expensive issue of traditional IT
AWS Cloud History
2002: 2004: 2007:
Internally Launched publicly Launched in
launched with SQS Europe

2003: 2006:
Amazon infrastructure is Re-launched
one of their core strength. publicly with
Idea to market SQS, S3 & EC2
AWS Cloud Number Facts
• In 2019, AWS had $35.02
billion in annual revenue
• AWS accounts for 47% of the
market in 2019 (Microsoft is
2nd with 22%)
• Pioneer and Leader of the
AWS Cloud Market for the
9th consecutive year
• Over 1,000,000 active users

Gartner Magic Quadrant

AWS Global Infrastructure
• AWS Regions
• AWS Availability Zones
• AWS Data Centers
• AWS Edge Locations /
Points of Presence

• https://infrastructure.aws/
IAM Section
IAM: Users & Groups
• IAM = Identity and Access Management, Global service
• Root account created by default, shouldn’t be used or shared
• Users are people within your organization, and can be grouped
• Groups only contain users, not other groups
• Users don’t have to belong to a group, and user can belong to multiple groups

Group: Developers Group: Operations

Group
Audit Team

Alice Bob Charles David Edward Fred

IAM: Permissions {
"Version": "2012-10-17",
• Users or Groups can be "Statement": [
{
assigned JSON documents "Effect": "Allow",
"Action": "ec2:Describe*",
called policies },
"Resource": "*"

• These policies define the {

"Effect": "Allow",
permissions of the users "Action": "elasticloadbalancing:Describe*",
"Resource": "*"

• In AWS you apply the least },

{
privilege principle: don’t give "Effect": "Allow",
"Action": [
more permissions than a user "cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
needs ],
"cloudwatch:Describe*"

"Resource": "*"
}
]
}
Multi Factor Authentication - MFA
• Users have access to your account and can possibly change
configurations or delete resources in your AWS account
• You want to protect your Root Accounts and IAM users
• MFA = password you know + security device you own

Password + => Successful login

Alice

• Main benefit of MFA:

if a password is stolen or hacked, the account is not compromised
 MFA devices options in AWS
Virtual MFA device Universal 2nd Factor (U2F) Security Key

Google Authenticator Authy YubiKey by Yubico (3rd party)

(phone only) (multi-device)

Support for multiple root and IAM users

Support for multiple tokens on a single device.
using a single security key
MFA devices options in AWS
Hardware Key Fob MFA Device Hardware Key Fob MFA Device for
AWS GovCloud (US)

Provided by Gemalto (3rd party) Provided by SurePassID (3rd party)

How can users access AWS ?
• To access AWS, you have three options:
• AWS Management Console (protected by password + MFA)
• AWS Command Line Interface (CLI): protected by access keys
• AWS Software Developer Kit (SDK) - for code: protected by access keys
• Access Keys are generated through the AWS Console
• Users manage their own access keys
• Access Keys are secret, just like a password. Don’t share them
• Access Key ID ~= username
• Secret Access Key ~= password
Example (Fake) Access Keys

• Access key ID: AKIASK4E37PV4983d6C

• Secret Access Key: AZPN3zojWozWCndIjhB0Unh8239a1bzbzO5fqqkZq
• Remember : don’t share your access keys
What’s the AWS CLI?
• A tool that enables you to interact with AWS services using commands in
your command-line shell
• Direct access to the public APIs of AWS services
• You can develop scripts to manage your resources
• It’s open-source https://github.com/aws/aws-cli
• Alternative to using AWS Management Console
IAM Guidelines & Best Practices
• Don’t use the root account except for AWS account setup
• One physical user = One AWS user
• Assign users to groups and assign permissions to groups
• Create a strong password policy
• Use and enforce the use of Multi Factor Authentication (MFA)
• Create and use Roles for giving permissions to AWS services
• Use Access Keys for Programmatic Access (CLI / SDK)
• Audit permissions of your account using IAM Credentials Report & IAM
Access Advisor
• Never share IAM users & Access Keys
EC2 Section
Amazon EC2
• EC2 is one of the most popular of AWS’ offering
• EC2 = Elastic Compute Cloud = Infrastructure as a Service
• It mainly consists in the capability of :
• Renting virtual machines (EC2)
• Storing data on virtual drives (EBS)
• Distributing load across machines (ELB)
• Scaling the services using an auto-scaling group (ASG)

• Knowing EC2 is fundamental to understand how the Cloud works

EC2 sizing & configuration options
• Operating System (OS): Linux, Windows or Mac OS
• How much compute power & cores (CPU)
• How much random-access memory (RAM)
• How much storage space:
• Network-attached (EBS & EFS)
• hardware (EC2 Instance Store)
• Network card: speed of the card, Public IP address
• Firewall rules: security group
• Bootstrap script (configure at first launch): EC2 User Data
EC2 User Data
• It is possible to bootstrap our instances using an EC2 User data script.
• bootstrapping means launching commands when a machine starts
• That script is only run once at the instance first start
• EC2 user data is used to automate boot tasks such as:
• Installing updates
• Installing software
• Downloading common files from the internet
• Anything you can think of
• The EC2 User Data Script runs with the root user
EC2 Instance Types - Overview
• You can use different types of EC2 instances that are optimised for
different use cases (https://aws.amazon.com/ec2/instance-types/)
• AWS has the following naming convention:

m5.2xlarge

• m: instance class
• 5: generation (AWS improves them over time)
• 2xlarge: size within the instance class
EC2 Instance Types – General Purpose
• Great for a diversity of workloads such as web servers or code repositories
• Balance between:
• Compute
• Memory
• Networking
• In the course, we will be using the t2.micro which is a General Purpose EC2
instance

* this list will evolve over time, please check the AWS website for the latest information
EC2 Instance Types – Compute Optimized
• Great for compute-intensive tasks that require high performance
processors:
• Batch processing workloads
• Media transcoding
• High performance web servers
• High performance computing (HPC)
• Scientific modeling & machine learning
• Dedicated gaming servers

* this list will evolve over time, please check the AWS website for the latest information
EC2 Instance Types – Memory Optimized
• Fast performance for workloads that process large data sets in memory
• Use cases:
• High performance, relational/non-relational databases
• Distributed web scale cache stores
• In-memory databases optimized for BI (business intelligence)
• Applications performing real-time processing of big unstructured data

* this list will evolve over time, please check the AWS website for the latest information
EC2 Instance Types – Storage Optimized
• Great for storage-intensive tasks that require high, sequential read and write
access to large data sets on local storage
• Use cases:
• High frequency online transaction processing (OLTP) systems
• Relational & NoSQL databases
• Cache for in-memory databases (for example, Redis)
• Data warehousing applications
• Distributed file systems

* this list will evolve over time, please check the AWS website for the latest information
EC2 Instance Types: example

Storage Network EBS Bandwidth

Instance vCPU Mem (GiB)
Performance (Mbps)
t2.micro 1 1 EBS-Only Low to Moderate
t2.xlarge 4 16 EBS-Only Moderate
c5d.4xlarge 16 32 1 x 400 NVMe SSD Up to 10 Gbps 4,750
r5.16xlarge 64 512 EBS Only 20 Gbps 13,600
m5.8xlarge 32 128 EBS Only 10 Gbps 6,800

t2.micro is part of the AWS free tier (up to 750 hours per month)

Great website: https://instances.vantage.sh

Introduction to Security Groups
• Security Groups are the fundamental of network security in AWS
• They control how traffic is allowed into or out of our EC2 Instances.

Inbound traffic

Security
Group
WWW Outbound traffic EC2 Instance

• Security groups only contain rules

• Security groups rules can reference by IP or by security group
Security Groups
Deeper Dive
• Security groups are acting as a “firewall” on EC2 instances
• They regulate:
• Access to Ports
• Authorised IP ranges – IPv4 and IPv6
• Control of inbound network (from other to the instance)
• Control of outbound network (from the instance to other)
Security Groups
Good to know
• Can be attached to multiple instances
• Locked down to a region / VPC combination
• Does live “outside” the EC2 – if traffic is blocked the EC2 instance won’t see it
• It’s good to maintain one separate security group for SSH access
• If your application is not accessible (time out), then it’s a security group issue
• If your application gives a “connection refused“ error, then it’s an application
error or it’s not launched
• All inbound traffic is blocked by default
• All outbound traffic is authorised by default
Classic Ports to know
• 22 = SSH (Secure Shell) - log into a Linux instance
• 21 = FTP (File Transfer Protocol) – upload files into a file share
• 22 = SFTP (Secure File Transfer Protocol) – upload files using SSH
• 80 = HTTP – access unsecured websites
• 443 = HTTPS – access secured websites
• 3389 = RDP (Remote Desktop Protocol) – log into a Windows instance
EC2 Spot Instances
• Can get a discount of up to 90% compared to On-demand
• Instances that you can “lose” at any point of time if your max price is less than the
current spot price
• The MOST cost-efficient instances in AWS

• Useful for workloads that are resilient to failure

• Batch jobs
• Data analysis
• Image processing
• Any distributed workloads
• Workloads with a flexible start and end time

• Not suitable for critical jobs or databases

EC2 Section – Summary
• EC2 Instance: AMI (OS) + Instance Size (CPU + RAM) + Storage +
security groups + EC2 User Data
• Security Groups: Firewall attached to the EC2 instance
• EC2 User Data: Script launched at the first start of an instance
• SSH: start a terminal into our EC2 Instances (port 22)
• EC2 Instance Role: link to IAM roles
• Purchasing Options: On-Demand, Spot, Reserved (Standard +
Convertible), Dedicated Host, Dedicated Instance
EBS Volume - Example
US-EAST-1A US-EAST-1B

EBS EBS EBS EBS EBS

(10 GB) (100 GB) (50 GB) (50 GB) (10 GB)
unattached
EBS – Delete on Termination attribute

• Controls the EBS behaviour when an EC2 instance terminates

• By default, the root EBS volume is deleted (attribute enabled)
• By default, any other attached EBS volume is not deleted (attribute disabled)
• This can be controlled by the AWS console / AWS CLI
• Use case: preserve root volume when instance is terminated
EBS Snapshots
• Make a backup (snapshot) of your EBS volume at a point in time
• Not necessary to detach volume to do snapshot, but recommended
• Can copy snapshots across AZ or Region

US-EAST-1A US-EAST-1B

EBS Snapshot

EBS snapshot restore EBS

(50 GB) (50 GB)
EBS Snapshots Features
EBS Snapshot EBS Snapshot
Archive
• EBS Snapshot Archive
• Move a Snapshot to an ”archive tier” that is archive
75% cheaper
• Takes within 24 to 72 hours for restoring
the archive

• Recycle Bin for EBS Snapshots EBS Snapshot Recycle Bin

• Setup rules to retain deleted snapshots so
you can recover them after an accidental delete
deletion
• Specify retention (from 1 day to 1 year)
AMI Process (from an EC2 instance)
• Start an EC2 instance and customize it
• Stop the instance (for data integrity)
• Build an AMI – this will also create EBS snapshots
• Launch instances from other AMIs

Custom AMI
US-EAST-1A US-EAST-1B
Launch
Create AMI from AMI
 EFS – Elastic File System
• Managed NFS (network file system) that can be mounted on 100s of EC2
• EFS works with Linux EC2 instances in multi-AZ
• Highly available, scalable, expensive (3x gp2), pay per use, no capacity planning
us-east-1a us-east-1b us-east-1c

EC2 Instances EC2 Instances EC2 Instances

Security Group

EFS FileSystem
EBS vs EFS
Availability Zone 1 Availability Zone 2 Availability Zone 1 Availability Zone 2

EBS EBS
EFS EFS
Mount Mount
Target Target
snapshot restore

EBS Snapshot
EFS
Elastic Load Balancing & Auto
Scaling Groups Section
Scalability & High Availability
• Scalability means that an application / system can handle greater loads
by adapting.
• There are two kinds of scalability:
• Vertical Scalability
• Horizontal Scalability (= elasticity)
• Scalability is linked but different to High Availability

• Let’s deep dive into the distinction, using a call center as an example
Vertical Scalability
• Vertical Scalability means increasing the size
of the instance
• For example, your application runs on a
t2.micro
• Scaling that application vertically means
running it on a t2.large
• Vertical scalability is very common for non
distributed systems, such as a database.
• There’s usually a limit to how much you can
vertically scale (hardware limit)
junior operator senior operator
Horizontal Scalability operator operator operator

• Horizontal Scalability means increasing the

number of instances / systems for your
application

• Horizontal scaling implies distributed systems.

• This is very common for web applications /
modern applications

• It’s easy to horizontally scale thanks the cloud

offerings such as Amazon EC2
operator operator operator
High Availability first building in New York

• High Availability usually goes hand

in hand with horizontal scaling
• High availability means running
your application / system in at
least 2 Availability Zones
• The goal of high availability is to second building in San Francisco

survive a data center loss

(disaster)
High Availability & Scalability For EC2
• Vertical Scaling: Increase instance size (= scale up / down)
• From: t2.nano - 0.5G of RAM, 1 vCPU
• To: u-12tb1.metal – 12.3 TB of RAM, 448 vCPUs

• Horizontal Scaling: Increase number of instances (= scale out / in)

• Auto Scaling Group
• Load Balancer

• High Availability: Run instances for the same application across multi AZ
• Auto Scaling Group multi AZ
• Load Balancer multi AZ
Scalability vs Elasticity (vs Agility)
• Scalability: ability to accommodate a larger load by making the
hardware stronger (scale up), or by adding nodes (scale out)

• Elasticity: once a system is scalable, elasticity means that there will be

some “auto-scaling” so that the system can scale based on the load. This
is “cloud-friendly”: pay-per-use, match demand, optimize costs

• Agility: (not related to scalability - distractor) new IT resources are only

a click away, which means that you reduce the time to make those
resources available to your developers from weeks to just minutes.
What is load balancing?

• Load balancers are servers that forward internet traffic to multiple

servers (EC2 Instances) downstream.

Load Balancer
User 1
User 2
User 3
Why use a load balancer?
• Spread load across multiple downstream instances
• Expose a single point of access (DNS) to your application
• Seamlessly handle failures of downstream instances
• Do regular health checks to your instances
• Provide SSL termination (HTTPS) for your websites
• High availability across zones
Why use an Elastic Load Balancer?
• An ELB (Elastic Load Balancer) is a managed load balancer
• AWS guarantees that it will be working
• AWS takes care of upgrades, maintenance, high availability
• AWS provides only a few configuration knobs
• It costs less to setup your own load balancer but it will be a lot more
effort on your end (maintenance, integrations)
• 4 kinds of load balancers offered by AWS:
• Application Load Balancer (HTTP / HTTPS only) – Layer 7
• Network Load Balancer (ultra-high performance, allows for TCP) – Layer 4
• Gateway Load Balancer – Layer 3
• Classic Load Balancer (retired in 2023) – Layer 4 & 7
What’s an Auto Scaling Group?
• In real-life, the load on your websites and application can change
• In the cloud, you can create and get rid of servers very quickly
• The goal of an Auto Scaling Group (ASG) is to:
• Scale out (add EC2 instances) to match an increased load
• Scale in (remove EC2 instances) to match a decreased load
• Ensure we have a minimum and a maximum number of machines running
• Automatically register new instances to a load balancer
• Replace unhealthy instances
• Cost Savings: only run at an optimal capacity (principle of the cloud)
Auto Scaling Group in AWS
Maximum size

Actual Size / Desired Capacity

Minimum size Scale Out as Needed

EC2 EC2 EC2 EC2 EC2 EC2

Instance Instance Instance Instance Instance Instance

AUTO SCALING GROUP

Auto Scaling Group in AWS
With Load Balancer
Web Traffic

Load Balancer

EC2 EC2 EC2 EC2 EC2 EC2

Instance Instance Instance Instance Instance Instance

AUTO SCALING GROUP

Auto Scaling Groups – Scaling Strategies
• Manual Scaling: Update the size of an ASG manually

• Dynamic Scaling: Respond to changing demand

• Simple / Step Scaling
• When a CloudWatch alarm is triggered (example CPU > 70%), then add 2 units
• When a CloudWatch alarm is triggered (example CPU < 30%), then remove 1
• Target Tracking Scaling
• Example: I want the average ASG CPU to stay at around 40%
• Scheduled Scaling
• Anticipate a scaling based on known usage patterns
• Example: increase the min. capacity to 10 at 5 pm on Fridays
Amazon S3 Section
Section introduction
• Amazon S3 is one of the main building blocks of AWS
• It’s advertised as ”infinitely scaling” storage

• Many websites use Amazon S3 as a backbone

• Many AWS services use Amazon S3 as an integration as well

• We’ll have a step-by-step approach to S3

Amazon S3 Use cases
• Backup and storage
• Disaster Recovery
• Archive Nasdaq stores 7 years of
data into S3 Glacier
• Hybrid Cloud storage
• Application hosting
• Media hosting
• Data lakes & big data analytics
Sysco runs analytics on
• Software delivery its data and gain business
insights
• Static website
Amazon S3 - Buckets
• Amazon S3 allows people to store objects (files) in “buckets” (directories)
• Buckets must have a globally unique name (across all regions all accounts)
• Buckets are defined at the region level
• S3 looks like a global service but buckets are created in a region
• Naming convention
• No uppercase, No underscore
• 3-63 characters long
• Not an IP
• Must start with lowercase letter or number
• Must NOT start with the prefix xn-- S3 Bucket
• Must NOT end with the suffix -s3alias
Amazon S3 - Objects
• Objects (files) have a Key
• The key is the FULL path:
• s3://my-bucket/my_file.txt
• s3://my-bucket/my_folder1/another_folder/my_file.txt Object
• The key is composed of prefix + object name
• s3://my-bucket/my_folder1/another_folder/my_file.txt
• There’s no concept of “directories” within buckets
(although the UI will trick you to think otherwise)
• Just keys with very long names that contain slashes (“/”) S3 Bucket
with Objects
Amazon S3 – Objects (cont.)

• Object values are the content of the body:

• Max. Object Size is 5TB (5000GB)
• If uploading more than 5GB, must use “multi-part upload”
Bucket settings for Block Public Access

• These settings were created to prevent company data leaks

• If you know your bucket should never be public, leave these on
• Can be set at the account level
Amazon S3 – Static Website Hosting
User
• S3 can host static websites and have them accessible on
the Internet
http://demo-bucket.s3-website-us-west-2.amazonaws.com
http://demo-bucket.s3-website.us-west-2.amazonaws.com

• The website URL will be (depending on the region)

• http://bucket-name.s3-website-aws-region.amazonaws.com
OR us-west-2

• http://bucket-name.s3-website.aws-region.amazonaws.com

S3 Bucket
• If you get a 403 Forbidden error, make sure the bucket (demo-bucket)

policy allows public reads!

Amazon S3 - Versioning
User
• You can version your files in Amazon S3
• It is enabled at the bucket level
upload
• Same key overwrite will change the “version”: 1, 2, 3….
• It is best practice to version your buckets
• Protect against unintended deletes (ability to restore a version) S3 Bucket
(my-bucket)
• Easy roll back to previous version
Version 1 Version 2
• Notes: Version 3
• Any file that is not versioned prior to enabling versioning will
have version “null” s3://my-bucket/my-file.docx
• Suspending versioning does not delete the previous versions
S3 Storage Classes
• Amazon S3 Standard - General Purpose
• Amazon S3 Standard-Infrequent Access (IA)
• Amazon S3 One Zone-Infrequent Access
• Amazon S3 Glacier Instant Retrieval
• Amazon S3 Glacier Flexible Retrieval
• Amazon S3 Glacier Deep Archive
• Amazon S3 Intelligent Tiering

• Can move between classes manually or using S3 Lifecycle configurations

S3 Durability and Availability
• Durability:
• High durability (99.999999999%, 11 9’s) of objects across multiple AZ
• If you store 10,000,000 objects with Amazon S3, you can on average expect to
incur a loss of a single object once every 10,000 years
• Same for all storage classes

• Availability:
• Measures how readily available a service is
• Varies depending on storage class
• Example: S3 standard has 99.99% availability = not available 53 minutes a year
S3 Standard – General Purpose
• 99.99% Availability
• Used for frequently accessed data
• Low latency and high throughput
• Sustain 2 concurrent facility failures

• Use Cases: Big Data analytics, mobile & gaming applications, content
distribution…
S3 Storage Classes – Infrequent Access
• For data that is less frequently accessed, but requires rapid access when needed
• Lower cost than S3 Standard

• Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

• 99.9% Availability
• Use cases: Disaster Recovery, backups

• Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

• High durability (99.999999999%) in a single AZ; data lost when AZ is destroyed
• 99.5% Availability
• Use Cases: Storing secondary backup copies of on-premise data, or data you can recreate
Amazon S3 Glacier Storage Classes
• Low-cost object storage meant for archiving / backup
• Pricing: price for storage + object retrieval cost

• Amazon S3 Glacier Instant Retrieval

• Millisecond retrieval, great for data accessed once a quarter
• Minimum storage duration of 90 days
• Amazon S3 Glacier Flexible Retrieval (formerly Amazon S3 Glacier):
• Expedited (1 to 5 minutes), Standard (3 to 5 hours), Bulk (5 to 12 hours) – free
• Minimum storage duration of 90 days
• Amazon S3 Glacier Deep Archive – for long term storage:
• Standard (12 hours), Bulk (48 hours)
• Minimum storage duration of 180 days
S3 Intelligent-Tiering
• Small monthly monitoring and auto-tiering fee
• Moves objects automatically between Access Tiers based on usage
• There are no retrieval charges in S3 Intelligent-Tiering

• Frequent Access tier (automatic): default tier

• Infrequent Access tier (automatic): objects not accessed for 30 days
• Archive Instant Access tier (automatic): objects not accessed for 90 days
• Archive Access tier (optional): configurable from 90 days to 700+ days
• Deep Archive Access tier (optional): config. from 180 days to 700+ days
 S3 Storage Classes Comparison
Intelligent- Glacier Instant Glacier Flexible Glacier Deep
Standard Standard-IA One Zone-IA
Tiering Retrieval Retrieval Archive

Durability 99.999999999% == (11 9’s)

Availability 99.99% 99.9% 99.9% 99.5% 99.9% 99.99% 99.99%

Availability SLA 99.9% 99% 99% 99% 99% 99.9% 99.9%

Availability
>= 3 >= 3 >= 3 1 >= 3 >= 3 >= 3
Zones

Min. Storage
None None 30 Days 30 Days 90 Days 90 Days 180 Days
Duration Charge

Min. Billable
None None 128 KB 128 KB 128 KB 40 KB 40 KB
Object Size

Retrieval Fee None None Per GB retrieved Per GB retrieved Per GB retrieved Per GB retrieved Per GB retrieved

https://aws.amazon.com/s3/storage-classes/
AWS Storage Cloud Native Options

BLOCK FILE OBJECT

Amazon EBS EC2 Instance Amazon EFS Amazon S3 Glacier

Store
Databases Section
Databases Intro
• Storing data on disk (EFS, EBS, EC2 Instance Store, S3) can have its limits
• Sometimes, you want to store data in a database…
• You can structure the data
• You build indexes to efficiently query / search through the data
• You define relationships between your datasets

• Databases are optimized for a purpose and come with different

features, shapes and constraints
Relational Databases
• Looks just like Excel spreadsheets, with links between them!
• Can use the SQL language to perform queries / lookups
Students
Subjects
Student ID Dept ID Name Email
Student ID Subject
1 M01 Joe Miller [email protected]
1 Physics
2 B01 Sarah T [email protected]
1 Chemistry
1 Math
Departments
2 History
Dept ID SPOC Email Phone
2 Geography
M01 Kelly Jones [email protected] +1234567890 2 Economics
B01 Satish Kumar [email protected] +1234567891
NoSQL Databases
• NoSQL = non-SQL = non relational databases
• NoSQL databases are purpose built for specific data models and have
flexible schemas for building modern applications.
• Benefits:
• Flexibility: easy to evolve data model
• Scalability: designed to scale-out by using distributed clusters
• High-performance: optimized for a specific data model
• Highly functional: types optimized for the data model

• Examples: Key-value, document, graph, in-memory, search databases

NoSQL data example: JSON
• JSON = JavaScript Object Notation {
• JSON is a common form of data "name": "John",
"age": 30,
that fits into a NoSQL model "cars": [
"Ford",
• Data can be nested "BMW",
"Fiat"
• Fields can change over time ],
• Support for new types: arrays, etc… "address": {
"type": "house",
"number": 23,
"street": "Dream Road"
}
}
Databases & Shared Responsibility on AWS
• AWS offers use to manage different databases
• Benefits include:
• Quick Provisioning, High Availability, Vertical and Horizontal Scaling
• Automated Backup & Restore, Operations, Upgrades
• Operating System Patching is handled by AWS
• Monitoring, alerting

• Note: many databases technologies could be run on EC2, but you must
handle yourself the resiliency, backup, patching, high availability, fault
tolerance, scaling…
Amazon RDS Overview
• RDS stands for Relational Database Service
• It’s a managed DB service for DB use SQL as a query language.
• It allows you to create databases in the cloud that are managed by AWS
• Postgres
• MySQL
• MariaDB
• Oracle
• Microsoft SQL Server
• IBM DB2
• Aurora (AWS Proprietary database)
Advantage over using RDS versus deploying
DB on EC2
• RDS is a managed service:
• Automated provisioning, OS patching
• Continuous backups and restore to specific timestamp (Point in Time Restore)!
• Monitoring dashboards
• Read replicas for improved read performance
• Multi AZ setup for DR (Disaster Recovery)
• Maintenance windows for upgrades
• Scaling capability (vertical and horizontal)
• Storage backed by EBS
• BUT you can’t SSH into your instances
RDS Solution Architecture

Read/write

Elastic Load Balancer SQL (relational)

Database

EC2 Instances
Possibly in an ASG
Amazon Aurora
• Aurora is a proprietary technology from AWS (not open sourced)
• PostgreSQL and MySQL are both supported as Aurora DB
• Aurora is “AWS cloud optimized” and claims 5x performance improvement
over MySQL on RDS, over 3x the performance of Postgres on RDS
• Aurora storage automatically grows in increments of 10GB, up to 128 TB
• Aurora costs more than RDS (20% more) – but is more efficient
• Not in the free tier
Amazon Aurora Serverless
Client
• Automated database instantiation and
auto-scaling based on actual usage
• PostgreSQL and MySQL are both
supported as Aurora Serverless DB
• No capacity planning needed
Proxy Fleet
• Least management overhead (managed by Aurora)
• Pay per second, can be more cost-
effective
• Use cases: good for infrequent,
intermittent or unpredictable
workloads…
Shared storage Volume
 RDS Deployments: Read Replicas, Multi-AZ
• Read Replicas: • Multi-AZ:
• Scale the read workload of your DB • Failover in case of AZ outage (high availability)
• Can create up to 15 Read Replicas • Data is only read/written to the main database
• Data is only written to the main DB • Can only have 1 other AZ as failover

replication Replication cross AZ

replication

Read Replica Main Read Replica Main Failover DB

read writes read read writes read

Application(s) Application(s) Failover in case of issues

with Main DB
RDS Deployments: Multi-Region
• Multi-Region (Read Replicas)
• Disaster recovery in case of region
issue
• Local performance for global reads
• Replication cost
us-east-2 eu-west-1 ap-southeast-2

replication replication

Read Replica writes Main writes Read Replica

read writes read read

Application(s) Application(s) Application(s)

Amazon ElastiCache Overview
• The same way RDS is to get managed Relational Databases…
• ElastiCache is to get managed Redis or Memcached
• Caches are in-memory databases with high performance, low latency
• Helps reduce load off databases for read intensive workloads

• AWS takes care of OS maintenance / patching, optimizations, setup,

configuration, monitoring, failure recovery and backups
ElastiCache
Solution Architecture - Cache
ElastiCache
In-memory database

Read / write from cache

Fast
EC2 Instances
Possibly in an ASG

Elastic Load Balancer Read / write

From DB
Slower

SQL (relational)
Database
DynamoDB
• Fully Managed Highly available with replication across 3 AZ
• NoSQL database - not a relational database
• Scales to massive workloads, distributed “serverless” database
• Millions of requests per seconds, trillions of row, 100s of TB of storage
• Fast and consistent in performance
• Single-digit millisecond latency – low latency retrieval
• Integrated with IAM for security, authorization and administration
• Low cost and auto scaling capabilities
• Standard & Infrequent Access (IA) Table Class
DynamoDB – type of data
• DynamoDB is a key/value database

https://aws.amazon.com/nosql/key-value/
DocumentDB
• Aurora is an “AWS-implementation” of PostgreSQL / MySQL …
• DocumentDB is the same for MongoDB (which is a NoSQL database)

• MongoDB is used to store, query, and index JSON data

• Similar “deployment concepts” as Aurora
• Fully Managed, highly available with replication across 3 AZ
• DocumentDB storage automatically grows in increments of 10GB

• Automatically scales to workloads with millions of requests per seconds

Docker on an OS

Server (ex: EC2 Instance)

Where Docker images are stored?
• Docker images are stored in Docker Repositories

• Public: Docker Hub https://hub.docker.com/

• Find base images for many technologies or OS:
• Ubuntu
• MySQL
• NodeJS, Java…

• Private: Amazon ECR (Elastic Container Registry)

Cloud Monitoring Section
Amazon CloudWatch Metrics
• CloudWatch provides metrics for every services in AWS
• Metric is a variable to monitor (CPUUtilization, NetworkIn…)
• Metrics have timestamps
• Can create CloudWatch dashboards of metrics
Important Metrics
• EC2 instances: CPU Utilization, Status Checks, Network (not RAM)
• Default metrics every 5 minutes
• Option for Detailed Monitoring ($$$): metrics every 1 minute
• EBS volumes: Disk Read/Writes
• S3 buckets: BucketSizeBytes, NumberOfObjects, AllRequests
• Billing: Total Estimated Charge (only in us-east-1)
• Service Limits: how much you’ve been using a service API
• Custom metrics: push your own metrics
Amazon CloudWatch Alarms
• Alarms are used to trigger notifications for any metric
• Alarms actions…
• Auto Scaling: increase or decrease EC2 instances “desired” count
• EC2 Actions: stop, terminate, reboot or recover an EC2 instance
• SNS notifications: send a notification into an SNS topic
• Various options (sampling, %, max, min, etc…)
• Can choose the period on which to evaluate an alarm
• Example: create a billing alarm on the CloudWatch Billing metric
• Alarm States: OK. INSUFFICIENT_DATA, ALARM
VPC Section
IP Addresses in AWS
• IPv4 – Internet Protocol version 4 (4.3 Billion Addresses)
• Public IPv4 – can be used on the Internet
• EC2 instance gets a new a public IP address every time you stop then start it (default)
• Private IPv4 – can be used on private networks (LAN) such as internal AWS networking
(e.g., 192.168.1.1)
• Private IPv4 is fixed for EC2 Instances even if you start/stop them
• Elastic IP – allows you to attach a fixed public IPv4 address to EC2 instance
• Note: all public IPv4 on AWS will be charged $0.005 per hour (including EIP)
• Free Tier: 750 hours usage per month
• IPv6 – Internet Protocol version 6 (3.4 × 10!" Addresses)
• Every IP address is public in AWS (no private range)
• Example: 2001:db8:3333:4444:cccc:dddd:eeee:ffff
• Free
VPC & Subnets Primer www

• VPC - Vir tual Private Cloud: private

network to deploy your resources
(regional resource)
• Subnets allow you to partition your
network inside your VPC
(Availability Zone resource)
Public Subnet
• A public subnet is a subnet that is
accessible from the internet
• A private subnet is a subnet that is not
accessible from the internet
• To define access to the internet and Private Subnet
between subnets, we use Route Tables.
AZ A
VPC Diagram
AWS Cloud

Region
Availability Zone 1 Availability Zone 2

VPC
VPC CIDR Range:
10.0.0.0/16
Public subnet Public subnet

Private subnet Private subnet

Internet Gateway & NAT Gateways www

• Internet Gateways helps our VPC IGW

instances connect with the internet
• Public Subnets have a route to the
internet gateway. NAT

Public Subnet

• NAT Gateways (AWS-managed) &

NAT Instances (self-managed) allow
your instances in your Private Subnets Private Subnet
to access the internet while remaining
private AZ A
Network ACL & Security Groups
• NACL (Network ACL) VPC

• A firewall which controls traffic from and to Public subnet

subnet
• Can have ALLOW and DENY rules
• Are attached at the Subnet level NACL
• Rules only include IP addresses

• Security Groups
• A firewall that controls traffic to and from an
ENI / an EC2 Instance
• Can have only ALLOW rules
• Rules include IP addresses and other security
groups Security group
Network ACLs vs Security Groups

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Secur
ity.html#VPC_Security_Comparison
VPC Flow Logs
• Capture information about IP traffic going into your interfaces:
• VPC Flow Logs
• Subnet Flow Logs
• Elastic Network Interface Flow Logs
• Helps to monitor & troubleshoot connectivity issues. Example:
• Subnets to internet
• Subnets to subnets
• Internet to subnets
• Captures network information from AWS managed interfaces too: Elastic Load
Balancers, ElastiCache, RDS, Aurora, etc…
• VPC Flow logs data can go to S3, CloudWatch Logs, and Kinesis Data Firehose
VPC Peering
• Connect two VPC, privately using VPC peering
AWS’ network VPC A
Aß àB
VPC B
• Make them behave as if they were
in the same network
• Must not have overlapping CIDR (IP
address range)
VPC C
• VPC Peering connection is not VPC peering VPC peering
transitive (must be established for Aß àC Bß à C

each VPC that need to

communicate with one another)
VPC Endpoints
• Endpoints allow you to connect to AWS VPC
Private subnet
Services using a private network instead
of the public www network
• This gives you enhanced security and VPC Endpoint
lower latency to access AWS services Interface (ENI)

VPC Endpoint
• VPC Endpoint Gateway: S3 & Gateway
DynamoDB
• VPC Endpoint Interface: the rest
S3 DynamoDB CloudWatch
AWS Training
• AWS Digital (online) and Classroom Training (in-person or virtual)
• AWS Private Training (for your organization)
• Training and Certification for the U.S Government
• Training and Certification for the Enterprise

• AWS Academy: helps universities teach AWS

• And your favorite online teacher…

teaching you all about AWS Certifications and more!
AWS Professional Services & Partner Network
• The AWS Professional Services organization is a global team of experts
• They work alongside your team and a chosen member of the APN
• APN = AWS Partner Network
• APN Technology Par tners: providing hardware, connectivity, and software
• APN Consulting Par tners: professional services firm to help build on AWS
• APN Training Par tners: find who can help you learn AWS
• AWS Competency Program: AWS Competencies are granted to APN
Partners who have demonstrated technical proficiency and proven
customer success in specialized solution areas.
• AWS Navigate Program: help Partners become better Partners
AWS re:Post
• AWS-managed Q&A service offering crowd-sourced,
expert-reviewed answers to your technical questions
about AWS that replaces the original AWS Forums
• Part of the AWS Free Tier
• Community members can earn reputation points to
build up their community expert status by providing
accepted answers and reviewing answers from other
users
• Questions from AWS Premium Support customers
that do not receive a response from the community
are passed on to AWS Support engineers
• AWS re:Post is not intended to be used for questions
that are time-sensitive or involve any proprietary
information
AWS re:Post – Knowledge Center
• Contains the most frequent & common questions and requests

https://repost.aws/knowledge-center
AWS Certification Paths – Architecture
Architecture
Solutions Architect
Design, develop, and manage
cloud infrastructure and assets,
work with DevOps to migrate
applications to the cloud
Dive Deep

Architecture
Application Architect
Design significant aspects of
application architecture including
user interface, middleware, and
infrastructure, and ensure
enterprise-wide scalable, reliable,
and manageable systems Dive Deep

https://d1.awsstatic.com/training-and-
certification/docs/AWS_certification_paths.pdf