SECTION 2
Lec-4 (10k foot overview part-1)
AWS GLOBAL INFRASTRUCTURE
AWS Global Infrastructure: This is basically the data centers all spread throughout the world.
AWS Region: Is a geographical area Each region consists of 2 or more availability zones.
Availability Zone: Is simply a Data Center. They are in a region but far enough that disaster in one AZ will not affect other AZ in the same region.
Edge Locations: are endpoints for AWS which are used for caching content. Typically, this consists of cloudFront, Amazon’s Content Delivery Network (CDN). There are many more EDGE locations than Regions. Currently over 96 Edge Locations. Edge locations usually caches some information so that it can serve users close to them quickly.
Right now, 16 regions and 44 availability zones as of December 2017. 6 more regions and 17 more availability zones coming online in 2018
Lec-5 (10k foot overview part-2)
COMPUTE
EC2: Elastic compute cloud, essentially just virtual machines inside the AWS platform. We can have physical dedicated machines under EC2 as well. But we will be using virtual machines.
EC2 Container service: This is basically a way we run and manage Dockett containers at scale.
Elastic Beanstalk: is basically for developers who don’t understand AWS and who just upload their code and Elastic Beanstalk then go through and provision things like orders, scaling groups or load balances or EC2 instances etc. So literally all the developers have to focus on is their code. It features very heavily in the developer associate course as well as devOps pro course, not so much in Solution architect associate however.
Lambda: Is code you upload to the cloud and then you control when it executes and you don’t have to worry about any underlying physical or virtual machines. Literally theres nothing to manage, there’s no OS or anything. All you worry is your code. For example, suppose you have a website where people upload images and then want to overlay text on top of it. What you do is you could basically create a lambda function that puts the text over the top and its triggered as soon as somebody uploads an image to website. It senses that this image has been uploaded and then based on the inputs they give you, would write text over that image and outputted. We will learn how to use Lambda API gateway S3 and Polly which will come soon.
Lightsail: Amazon’s VPN service or virtual private service this is basically designed for people who just don’t really want to understand anything about AWS and underlying infrastructure. So essentially this provision you with the server itll give you a fixed IP address that you can log into the server from and will give you either RDP access for windows of SSH for linux and the it comes with the really cool management console you can go it and manage that server unisng the management console.
Batch !: This is used for batch computing in the cloud.
STORAGE
S3: S3 is one of the oldest storage services. Basically you have these things called Buckets and we upload our files into buckets that are in the cloud.
EFS: Elastic File Storage. This is basically a network attached storage so we can go in store files on NTFS volume and mount that to multiple virtual machines.
Glacier: for data archrivals. Which we need to check every year once and we want a place to store it for very cheap price.
Snowball: Is a way to bring in large amounts of data into AWS data center rather than transmitting it over a broadband line or some kind of wifi or whatever if you bringing in terabytes, sometimes its easier just to write it physically to a disc than send it to AWS data center and then import it manually.
Storage Gateway: are essentially virtual appliances. These are virtual machines that you install in your datacenter or in your head office and though replicate information back to S3. There are four different types of storage gateway.
DATABASE
RDS: Relational Database Service.
DynamoDB: for non-relational database service.
Elasticache: Caching service for frequent queried items.
Red Shift: is for data warehousing or business intelligence.
MIGRATION
AWS Migration Hub: is basically a tracking service that allows us to track our application as we migrate to AWS and integrates with other services withing migration framework which will come to in second.
Application Discovery Service: This is an automated set of tools and essentially it not only detects what applications we have but what their dependencies are. Lets say we have a shared point server, it may have dependencies on a SQL server. So it is a way of tracking for dependencies for our application.
Database Migration Service: It’s a very easy way to migrate our DB from an premise into AWS.
Server Migration Service: very similar to DB migration service, it helps us migrate our virtual and physical servers up into AWS cloud.
Snowball:
NETWORKING AND CONTENT DELIVERY
VPC: Virtual Private Cloud or virtual data center, where we can go in and configure things like firewalls, we configure availability zones, network site address ranges, network ACL’s, root table.
CloudFront: is basically amazons content delivery network. If we have users in Australlia and our Media Assets/video files or image files are stored in London what cloud front can do is actually store closer to our users in Australlia.
Route53: is Amazon’s DNS service.
API Gateway: is a way of creating our own API for other services to talk to. big subject for developer associate course.
Direct Connect: is a way of running basically a dedicated line from our either from our corporate head office or from our data center directly into Amazon and it will directly connect into our VPC. Important for Solution Architect.
DEVELOPER TOOLS
CodeStar: it’s a way to project managing our code. It’s a way of collaborating with other devs.
CodeCommit: Source control service. We can basically store our own private GIT repos within code commit.
CodeBuild: Once we go our code ready, it will compile, run tests and produce software ready to deploy.
CodeDeploy: Deployment service, automates apps deployment to our EC2 instances.
CodePipeline: a continuous delivery service and use some sort of model and visualize and automate the steps required to release software.
X-Ray: is used to debug and to analyze our service apps. It has request tracing, so we can go in and find the root causes of issues and performance bottlenecks.
Lec-6 (10k foot overview part-3)
Management Tools
CloudWatch (VVI): Very important for SysOps Administrator associate exam.
CloudFormation (VVI): VVI for Solution Architect Exam. It’s a way of scripting infrastructure. For building systems in past years, Infrastructure Architects has to physically buy servers, firewalls, load balancers and then they had to be delivered to data centers. They had to be wrecked and stacked and then install OS and configure everything. CloudFormation just take all of that and turns it into code. So, we can take a CloudFormation template and deploy wordpress, sharepoint, joomla or anything. And great thing is that we can deploy it inside Sydney, Virginia or anywhere. So, CloudFormation is just turning our infrastructure into code.
Cloudtrail (VVI): Everytime we click inside the management consoled we do something say we are create a S3 Bucket or create a new user or create a new EC2 instance that’s basically using or triggering an API call within the AWS environment and CloudTrail basically logs that so CloudTrail is used to log changes to AWS environment. So, when we create a new thing, CloudTrail capture that. CloudTrail is turned ON by default now but store records for one week. It is highly recommended to turn ON CloudTrail for all accounts across all regions. If we ever get hacked and someone starts bitcoin mining or something, we can figure out how and where they were doing or using that service.
Config: Monitors the configuration of entire AWS environment and it has point in time snapshots. We can move timer backwards and forwards across weeds or days or months and we can see “OHH on March 3rd I had one EC2 instance and by March 4th I suddenly had six of them”. We can visualize AWS environment using AWS Config and see how it is all configured.
OpsWorks: Very similar to ElasticBeanstalk in many ways. But it is a lot more robust. It uses both CHEF and PUPPET. It’s a way of automating our environment.
Service Catalog (No questions in any Exam): Typically, big companies manage a catalog of IT services that are approved for use. This a way of managing catalogs of IT services that are approved to use on AWS. This can be anything from Virtual Machines, images, individual OS, databases. This is basically used by big companies for governance and compliance requirements.
Systems Manager (No questions in any Exam): Its an interface for managing AWS resources. Typically, it is used for EC2. We can use it for patch maintenance for example, if we want to roll out a whole bunch of security patches across thousands of EC2 instances, its easier to use Systems Manager. We can also group all of our resources by different departments or applications. We can group our resources into our sharepoint application or we could do it into the finance department. Not for exam but if we be a system administrator, we need to know it in order to do our job with AWS.
Trusted Advisor: Trusted Advisor will give us advice across multiple different disciplines. It will give advice around security, tell us if we have left ports open that could be a risk. It also tells if we’re not using our AWS service as much as we can or as much as we think we are. So, basically tell us how to save money using AWS. Think of Trusted Advisor like an accountant or an advisor that gives us advice on AWS environment.
Managed Services: If we don’t want to worry about EC2 instances or any of our auto scaling etc.. Managed Services can help us out.
MEDIA SERVICES
The following are new services that will not appear in Exam
Elastic Transcoder: Example: it takes the videos of Ryan and it resizes it so that it will look good on Android, iPhone or on different devices.
MediaConvert: is a file based video transcoding service with broadcast grade features that allows us to create video and demand content for broadcast and multi-screen delivery at scale.
Medialive: is a broadcast grade video processing service. It creates high quality video streams to deliver to broadcast TVs and internet connected devices.
MediaPackage: It protects our videos for delivery over the internet.
MediaStore: It’s a place to store videos. A storage service that’s optimized for media, gives us great performance, very good consistency and low latency to deliver live and on demand video content.
MediaTailor: It allows to do targeted advertising into video streams without sacrificing broadcast level quality of services.
MACHINE LEARNING (NOT IN EXAM)
SageMaker: It make it really easy for developers to use deep learning when basically coding for the environments.
Comprehend: It does sentiment analysis around data so tell you whether or not people saying good/bad things about our products.
DeepLens: Its artificially a web camera so it can actually the camera itself can figure out what it is looking at and its not connecting back to AWS backend. To do this, its actually doing this on the camera itself so we can create an app that would go out and detect somebody coming to our door and whether or not we recognize that person and whether or not the door should open or not. It’s a physical piece of hardware.
Lex: This is what powers the Amaxon Alexa service and lex essentially is a way of communicating with customers. Its an artificially intelligent way of chatting with customers.
Machine Learning: This is normal machine learning so this is different to deep learning which is what SageMaker does. Main difference between Deep and Machine learning is, Deep learning is around neural network whereas machine learning is still very entry level. So, deep learning is more intelligent. The amazon product recommendation is done by machine learning which is based on what other customer bought.
Polly: It basically takes text and turns it into speech.
Rekognition: Is essentially tells you what is in our file. Picture, video etc. If we upload a pic of dog, beach and ball it will tell us there are dog, beach and balls in that file and also give us percentage so that we know accuracy.
Amazon Translate: This is Amazon’s machine translation service.
Amazon Transcribe: It allows us to upload video files or mp3’s and it will basically take what it recognizes in terms of speech and turn that into text.
ANALYTICS
Athena: It allows us to run SQL queries against things in S3 buckets so lets say we have a whole bunch of different excel in S3 bucket and we want to find out specific data. We can actually design a SQL queries which we go through and look at these objects in our bucket and then return result.
EMR: It is used in processing large amount of data.
CloudSearch:
ElasticSearch Service:
Kinesis: This is a huge topic for both big data specialty and solutions architect associate and soln architect professional. Kinesis is a way of ingesting large amount of data into AWS, this could be things like social media feeds or tweets for example. Maybe we want particular hashtag that’s relevant to our company and we have millions of people using that hashtag in a day.
Kinesis Video Streams: it actually sits in the console but then it is on the media services on the landing page. Lets say millions of people streaming a video from their mobile devices. Kinesis video streams allows us o ingest this and then run a whole bunch of processing against it.
QuickSight: It is Amazon’s business intelligence tool at a fraction of the cost of other available tool.
Data PipeLine: is a way of moving data between different AWS services. This comes up in Solutions Architect professional & Developer Associate Exam.
Glue: Used for ETL (Extract Transform and Load)
Lec-7 (10k foot overview part-4)
SECURITY, IDENTITY AND COMPLIANCE
IAM*:
Cognito: is a way of doing device authentication so basically, we authenticate mobile apps using facebook or using gmail or linkedin etc. Once we authenticate, we can use the cognito service to request temporary access to AWS resources. Lets say we have a iPhone app and we want our users to store some data in DynamoDB database and we can give them write access to that database and it might store things like that geographic location. So, its basically an authentication service that gives temporary access to AWS for mobile devices.
GuardDuty: It monitors for malicious activities on AWS account.
Inspector: Is an agent that we install on virtual machines/EC2 instances and then we can run a lot of test against it. So, we can test “Does my EC2 has any security vulnerability?” and we can schedule this weekly/monthly etc. and it will generate this report for us and give us a severity list as to know the vulnerabilities and how severe they are.
Macie: It will scan our S3 buckets and look for things that would contain a personally identifiable information like credit card number, SIN, etc..
Certificate Manager*: We get SSL certificates for free if we are using AWS and we register the domain through route 53 and so certificate manager is a way of managing our SSL certificates.
CloudHSM*: Cloud Hardware Security Module is a dedicated hardware and we use them to store our keys. This could be private keys in public. We use these keys to access EC2 instances for example. We can also store other encryption keys in there. We can use these keys to encrypt objects on AWS, So CloudHSM is dedicated for used to be super expensive but amazon have now released per hour billing. It is $20/hour.
Directory Services*: It’s a way of integrating Microsoft Active Directory services with AWS services.
WAF: Web Application Firewall. Is like a layer 7 firewall stops signs like cross site scripting, SQL injection.
AWS Shield: It is basically DDOS mitigation.
Artifact: This is for audit and compliance. It is a portal for on-demand access to download AWS compliant reports and you can also manage select agreements as well. Basically it’s a way of downloading and inspecting Amazon’s documentation.
MOBILE SERVICES:
Mobile Hub: It’s a management console for mobile app.
PinPoint: It’s a way of using push notifications to drive mobile engagement. We need to use it to push notification to mobile users.
AWS AppSync: It automatically updates the data in web and mobile applications in real time and it also updates for offline users as soon as they reconnect.
Device Farm: Way of actually testing apps on real live devices (android/iPhone etc).
Mobile Analytics: Is an analytic service for mobiles.
AR/VR
APPLICATION INTEGRATION
Step Function: It is used for managing various lambda functions and the different steps to go through it.
Amazon MQ: It’s a way of doing message queues.
SNS: It’s a notification service and we are going to set up a billing alarm in the course.
SQS: is a way of de-coupling of our infrastructure.
SWF: Super Work Flow service.
CUSTOMER ENGAGEMENT
Connect: It is called “contact center as a service”. Think about our own call center in the cloud and it enables us to configure service configuration, dynamic personal and natural customer engagement.
Simple Email Service: It’s a great way of sending large amount of emails highly scalable and very cost effective.
BUSINESS PRODUCTIVITY
Alexa for business: We can use it to dial into a meeting room, we could use it to inform IT that the printer is broken.
Chime: used all the time specially for video conferencing with Amazon employees. Like google hangout. We can record the meeting.
Work Docs: is like a Dropbox for AWS.
WorkMail: This is like office 365
DESKTOP AND APP STREAMING
Workspaces: A VDI solution so its literally way we’re running the actual OS inside the Amazon cloud. So we could be running Windows/Linux etc and streaming down to our device. So the actual desktop environments being running in the cloud but we’re actually using it on our device.
AppStream 2.0: Is a way of streaming the actual applications, the app itself running in the cloud. Only service that has a version.
IOT
GAME DEVELOPMENT
GameLift: A service to help game development.
Leave a Reply