Amazon Web Services (AWS)
Objectives
- Core infrastructure services discussion
- Ensure data integrity and data security on AWS technology
- Formulate solution plans and provide guidance on AWS
- Design and deploy scalable, highly available, and fault tolerant systems on AWS
- Decipher the inbound and outbound of data to and from AWS
- Select the appropriate AWS service based on data, compute, database, or security requirements.
- Estimate AWS costs and identify cost control mechanisms
- Identify the lift and shift of an existing on-premises application to AWS
- AWS Architecture best practices
Modules of
the course
-
Module
01: Cloud Computing Overview
-
Module
02: AWS Overview
-
Module
03: Identity and Access Management
-
Module
04: Amazon Simple Storage Service (S3)
-
Module
05: Linux Introduction
-
Module
05: Elastic Compute Cloud (ec2)
-
Module
05: Networking Basics
-
Module
06: Virtual Private Cloud (VPC)
-
Module
07: Amazon Relational Database
-
Module
08: Amazon Route 53
-
Module
09: Security Services
-
Module
10: Application Services
-
Module
11: Amazon CDK and Command Line Interface
-
Module
12: High Availability and Disaster recovery solutions
-
Module
12: Migration Solutions (Server and Database)
-
Module
13: Hybrid Environment solutions
Prerequisites
- Absolute
Beginners. No prior AWS experience is necessary
- Previous
System Administration/ Development Knowledge would be an added advantage.
- Cloud
Computing enthusiasts
AWS Course
Content
- Introduction
to Cloud Computing
o
Introduction
to cloud computing
o
Essential
Characteristics of Cloud Computing
o
Service
Models in Cloud Computing
o
Deployment
models in Cloud Computing
o
Introduction
to AWS
o
AWS
Account creation & free tier limitations overview
-
Identity
Access Management
o
Root
Account Vs IAM user
o
Multi
Factor Authentication for Users
o
IAM
Password Policies
o
Creating
Customer Managed Policies.
o
Policy
generator
o
Auditing
User Activity
-
Storage
o
What
is Simple Storage Service (S3)
o
Storage
Classes
o
Versioning
o
Cross-region
replication / Same Region replication
o
Life
Cycle Management
o
Security
& Encryption
o
KMS
(Key Management Service)
o
Static
Webhosting with S3 bucket
o
Events
configuration on S3 buckets
o
Enabling
cross account access for S3
o
S3
Data management and backup using 3rd Party applications
o
Pre-Signed
URLs
o
Storage
Gateway
o
Direct
Connect and AWS Snowball
-
Linux
Introduction (Free Course)
o
Basics
of Linux for AWS
o
Linux
Installation and Basic commands overview
o
Web
Server and Services Configurations
-
Compute
o
EC2
Instance Launch Wizard with Windows and Linux OS
o
EC2
Instance Types
o
Generating
custom Public Key and Private keys for EC2 instances
o
Security
groups
o
Volumes
and Snapshots
o
Amazon
Data Lifecycle manager (DLM)
o
Creating
customized Amazon Machine Images
o
User
Data and Metadata
o
Elastic
Load Balancers
o
Creating
Billing Alarm and EC2 instance alarms.
o
Auto
Scaling Groups
o
CloudWatch
o
Amazon
Eventbridge
o
Elastic
File System / FSx
o
Elastic
Beanstalk
o
Placement
Groups
o
AWS
CLI and IAM Roles
-
AWS
Systems Manager
o
Run
Command
o
Session
Manager
o
Patch
manager
o
Tag
Editor and Resource Groups
o
AWS
Secrets Manager
-
Route
53
o
DNS
Records overview
o
Routing
Policies
o
Hosting
sample Website and configuring Policies.
§ Simple RP
§ Weighted RP
§ Failover RP
§ Geo Location RP
§ Failover RP
-
VPC
(Virtual Private Cloud)
o
Networking
Basics
§ Public Ips & Private Ips
§ CIDR Range
§ Subnet Calculations
o
Creating
custom VPCs and custom Subnets
o
Network
ACL’s
o
Route
Tables & IGW
o
VPC
Peering
o
Flowlog
creation to S3 and Cloudwatch Logs Group
o
VPC
Endpoints
o
AWS
Transit gateway
o
VPC
Configuration with AWS (OpenVPN/Site-to-site VPN)
-
Databases
o
Launching
a RDS Instances (MySQL, MSSQL & Aurora)
o
Multi-AZ
& Read Replicas for RDS instances
o
DynamoDB
o
Redshift
and Elastichache overview
o
Database
Migration Service
-
Security
Options:
o
CloudTrail
o
AWS
Config
o
Key
Management Services
o
AWS
Certificate Manager
o
AWS
Inspector
o
AWS
Trusted Advisor
o
AWS
Global Accelerator
o
Content
Delivery Networks / CloudFront
o
AWS
Shield and WAF (Web Application Firewall)
-
Application
Services
o
Simple
Email Service
o
Simple
Queue Service
o
Simple
Notification Service
o
Directory
Services and Adding EC2 instance to Domain
o
AWS
Simple Monthly calculator
-
Migration
Services
o
SMS
– Server Migration Service (Migrating server from on-premises to cloud)
o
DMS
– Database Migration Service
-
DevOps
Tools Overview
o
What
is DevOps in Cloud
o
Code
Pipeline
o
Code
Commit
o
Code
Deploy
o
Lambda
o
Cloudformation
o
Amazon
ECS with Fargate (Elastic Container Service)
o
AWS
Backup
-
Monitoring
on AWS:
o
AWS
Budgets
o
AWS
Cost Explorer
o
Creating
Custom Metrics with CloudWatch
-
AWS
Multi Account Management
o
AWS
Organizations
o
Amazon
Single Sign-On
-
Amazon
white papers review
-
Quiz
and Scenario based questions discussion
-
Resume
Key Points and AWS Certifications overview
-
Certification
Exam Question while discussing topics.
NOTES
Day-1: https://youtu.be/AKviWcujI7w
Day-2: https://youtu.be/2NTBUXl2X6Q
Day-3: https://youtu.be/Mk7BHG6i_iU
Day-4: https://youtu.be/nE_n4Hk9LWI
Day-5: https://youtu.be/Q6Whygv03i4
Day-6: https://youtu.be/b4YHtSpckjkbe/AKviWcujI7w
Cloud Computing: Dropbox.. GDrive..
Laptop / Mobile : Uploading the data to GDrive/Dbox.. : we can access this data anywhere from the world.. (Internet) : Another user: Storage
Cloud Computing: Computing resources: (Network, Storage, Servers, Database): Pay-as-you-go: Pay for the resources you actually used
Server: 1 Hr : --> 1 Hr only
Gdrive: 100gb plan / 200 gb / 1 TB
Tendency:
- Shared: underlying h/w shared with another customers
- Dedicated: Underlying h/w won't share with another cust.. Dedicated to same user.
- Public Cloud: Open for all.. ex: aws, azure, gcp, rackspace, ibm cloud..
- maintenance: Service provider
- Private Cloud: Open for individual organisation
- main: dedicated team of org / AMC to 3rd party org
- Community Cloud: Group of Org, they build the infra and only they use the infra..
- main: Dedicated team of one the org / AMC to 3rd party org
- Hybrid Cloud: Combination of one or more cloud platforms.. Ex: Onprem + aws / aws + azure / aws +gcp.. Main: Depends on the infra..
- aws direct connect: Dedicated connection between local network to aws..
- Vpn
- SaaS : Lightsail
- PaaS : Beanstalk
- IaaS : ec2
- Security of the Cloud: AWS Responsibility: DC, Physical Security, Servers
- Security in the Cloud: Customer Responsibility: Encryption, Mfa, Port restrictions.
- Regions: Geographical location / Physical location. contains min of 2 AZs..
- 26 Regions..
- Mumbai: ap-south-1
- hyd : ap-south-2
- Nv: us-east-1
- AZs: one or more data centers with redundant power, network. with in Region. Even regions DC are interconnected each other with highend fiber connectivity for low latency.
- 3 AZs in Mumbai: ap-south-1a, 1b & 1c
- Hyd: ap-south-2a, 2b & 2c
- PoP/Edge Locations: CDN (Content Delivery Network) Endpoint: Cached Location:
- 230+ edge locations across the globe.. : Cloudfront
- Enter the ph no and call me now... XXXX
- call from aws, enter the pin
- Account and Billing Related - 24x7 support
- Technical Support - Depends on SP
- Basic SP: Free, 1&2 Supports.. 7 Core area checks from AWS Trusted Advisor..
- No Technical Support.. Technical Support : AWS Developer Forum. AWS Knowledgebase articles, Re:post..
- Developer SP: Cost: 29$/Month.. 2
- 12 -24 local Business hrs support form Cloud Support Associate.. 7 Core area checks from AWS Trusted Advisor.. 1 Primary contact / Unlimited tickets..
- General Guidance : < 24 Hrs
- System Impaired : < 12 Hrs
- Business SP: 100$/Month.. 2
- 24x7 phone, email and chat support from Cloud Support Engineer.. Full AWS Trusted Advisor checks.. Unlimited users/unlimited tickets
- General Guidance: < 24Hrs
- System Impaired: < 12 Hrs
- Production system impaired: <4 Hrs
- Production System Down: <1 Hr
- Enterprise Sp: 15,000$/Month.. 2
- 24x7 phone, email and chat support from sr. Cloud Support Engineer... Full AWS Trusted Advisor Checks.. Unlimited users/Unlimited ticketes
- Annual Architectural and Operation Reviews from AWS
- Dedicated TAM (technical account manager)
- General Guidance: < 24 Hrs
- System Impaired: < 12 Hrs
- Production system impaired: < 4 Hrs
- Production System Down: < 1 Hr
- Business Critical System Down: < 15 Min
- AWS Login Console: aws.com .. https://aws.amazon.com/console
- Account type:
- programatic Access: CLI: AccessKeyID and SecretAccessKey: aws cli, sdk, cdk, 3rd party app
- Management console access: GUI: Username, Pwd, sign-In URL: Browser
- Permissions: AdministratorAccess
- Create/choose a Group, Add permissions to group, Add this user to group.
- Copy permissions from another user.
- Associate permissions directly to user.
- Policy: Set of Permissions on our aws account. Policy writtens in JSON format.
- AWS Managed - Job Function
- AWS Managed Policy
- Customer Managed Policy
- Add Tags:
- Review and Create IAM User:
- Create a User Avinash_T Associate "AdminAccess", Same user for daily activities.
- Support:
- Account and billing related issues /query
- Technical issues
- Basic SP: Free.. 1 free 24x7 support..
- Developer SP: 29$/Month..
- free 24x7 support..
- 12-24 local business hours support (8AM - 8PM).. Cloud engineer.. Unlimited tickets / 1 user can raise ticket
- Business SP: 100$/Month..
- free 24x7 support..
- 24x7 support, Sr cloud engineer email/phone/chat support.. Unlimited tickets/ any user can raise ticket.. Case seviarity: 1 hour..
- Enterprise SP: 15000$/month..
- free 24x7 support..
- 24x7 support, Sr cloud engineer email/phone/chat support... Unlimited tickets / any user can raise ticket.. Case seviarity: 15 Minutes..
- AWS annual architectural and operationla reviews.. TAM (Technical Account manager).. AWS trainings..
- Requirement:
- IAM user with S3 Full Access: S3Adming:
- IAM user with EC2 Full Access: EC2Admin:
- Policy: Set of permissions on AWS env..
- IAM user with Admin access = root - acc management/changing sp
- Task: Create an IAM user, provide him "AdministratorAccess".. Login as this user and verify his access on billing information.
- provide billing information to the created user.
- Policy: Document contains set of permissions on AWS environment. It written in JSON format.
- AWS managed policy (Based on Service):
- AWS managed policy - Job function (based on standard jobs in market):
- Customer managed Policy:
- https://avinash.s3.amazonaws.com/demo.tx
- https://avinash.s3.amazonaws.com/aws.pdf
- phani@nareshit.com
- avizway@gmail.com
- Task: Activate MFA.
- Task 1: Create an IAM User.. Allocate "AdministratorAccess" policy. Login as IAM user and verify his access on "Billing Dashboard".
- Provide billing access to an IAM user.
- Password policy:
- Policy: Document contains set of permissions writtens in JSON format. Policy provide permissions on AWS resources for users/groups/roles.
- AWS Managed Policy: S3 (full, readonly), ec2 (ec2read, moniroting, full)
- AWS Managed Policy - Job Function: Network Admin, Database Admin
- Customer Managed Policy:
EC2: Elastic Compute Cloud:
Server class: Region specific service
CPU, Memory/RAM, Storage/HDD/SDD,
Network (wifi, bt, NIC/ENI)
Instance = Server = Azure VM =
Compute engine = box
Client Class OS: Win7, Win10
Server Class OS: Windows Server
2008 r2, 2012, 2012 r2, 2016, 2019,
On-Demand ec2 instances: When we have unpredictable
workloads.. Testing our application for the firsttime.. “FREE TIER ELIGIBILITY”
Pricing: /sec (with min of 60 sec)
Reserved ec2 instances: When out workload is stable
and predictable... for longer durations… we can reserve the capacity for
1yr/3yr.. “NO FREE TIER ELIGIBILITY”
Standard
RI: We cannot change config during the period.
Convertible
RI: We can change the config during the period.
Scheduled
RI: if we have persistant/repeated requests. (N V)
Pricing:
Full Upfront: Pay 100% as onetime.
Partial upfront: Pay 30-50% as onetime, Then remaining
amount pay monthly basis with redused hourly price, based on usage.
No upfront: Pay everything monthly basis.
è
AWS Marketplace: We can sell our resources.
Spot instances: When we have flexible start/stop
durations… No Critical data/ application is delivering..!! Test env.. Bid your
price against AWS pricing. If our quoted price is equal or greater than aws
pricing, we will get the instance.
è
High confi server at low cost for temp requ.
“NO FREE TIER ELIGIBILITY”
è
Quoted price is equal or greater than aws
pricing, we will get the instance.
è
If price increased, AWS will terminate (delete)
our instance.
1 hr 50 min: Price increased, AWS Terminated our
Instance: 1 Hr
1 hr 50 Min: Price not increased, You Terminated our
Instance: 1 Hr 50 Min
Task:
Create a policy to Allow an IAM user to work only on specific region
(ap-south-1)
Only on-Demand ec2 instances comes under free tier
eligibility.
** Fix to one region. Ap-south-1
Windows ec2 instance launch:
Step 1: Choose an AMI (Amazon Machine Image) :
Operating System: Windows server 2016 base
Step 2: Choose an Instance type: vCPU, Memory(RAM),
Network perf
è
t2.micro
General Purpose: Stable/balanced performance of
compute, memory and network resources.
Type: t2, t3, t4, m5
Compute Optimized: We will get more CPU performances
from these instances. We will have high perf processors in these instances.
Type: c4, c5, c6 (Compute / CPU)
Memory Optimized: We will get more RAM perf. Workloads
required to process large set of data via memory.
Type: r4, r5, r6, x1, z1, u1 (RAM)
GPU Optimized / Accelerated computing: We will get
more graphic processings, Efficient for data pattern matching, High level
gaming.
Type: p2, p3, p4, g3, g4, f1
Storage optimized: we will get more Storage/ Hard Disk
performance. For the application required more IOPS, we use this types.
Type: d2, d3, i3
m5.large : 2 CPU, 8 RAM
c5.xlarge : 4 cpu, 8 ram
t3.medium: 2 cpu, 4 ram
Maintenance windows: Sat 03 AM IST… : Greenzone window:
CRQ (Change Request)
Step 3: Configure additional settings
VPC,
Roles, userdata
Instance
Termination protection: Enable (Protect against accidental termination)
Shutdown
behaviour: STOP
Step 4: Choose Storage
root
volume: volume that contains operating system: 30gb for windows
Step 5: Add
Tags: Combination of key and value pairs.
Name:
Project:
Platform: Windows/Linux
Cost Center: AAZAA
Step 6: Configure Security Group: Security group acts
as Firewall at Instance level.
OS Ports/protocols: 0 – 65535
Windows: RDP: 3389
Linux: SSH: 22
Webserver: http: 80
Secure web: https: 443
Mysql: 3306
Mssql: 1433
NFS: 2049
Source: From where you want to connect to this
instance.
MyIP: It picks currently connected network ip address.
No one can connect to the server apart from this particular network users.
Custom: We can give any network IPs.
Anywhere: Anyone with valid credentials can connect to
the server. (username and pwd)
Step 7: Review and launch with keypair.
Keypair: key pair contains public key and private key.
(.pem)
AWS Holds the public key. This will be stored in our
launched ec2 instances.
Customer/WE holdes the Private key. Used to
decrypt/generate the password for initial instance connect.
Public IP: Unique across the globe: Use this to
connect to your instance.
Private IP: Unique with in the aws network
Connect to Windows Instance:
è
Open “run” , type “mstsc” , Click enter..
Provide instance “Public IP”.
è
Choose instance “connect”, choose “RDP Client”,
“Download remote desktop file”
MAC: https://apps.apple.com/us/app/microsoft-remote-desktop/id1295203466?mt=12
Start/stop: 10 days work.. 1 month.. : stop, start the
server
Terminate:
Delete the server..
Task: Launch windows ec2 instance and using keypair
get connect to ec2 instance.
Task 2: Change the password of “Administrator”,
Disconnect from the instance. Now try to
login to ec2 instance using “keypair pwd”, “Custom password”.
Task 3:
“Create a new user” in ec2 instance and provide him “Local administrator
rights”, also provide him “Remote desktop permissions”.. Take a session with this user along with
administrator.
FREE TIER: 750 Hrs/Month t2.micro windows instance
(ondemand)
750 Hrs/Month t2.micro Linux instance (ondemand)
1 instance x 24 hrs x 31 days = 744 Hrs à
750 Hrs Free tier
2 instance x
24 hrs x 16 days = 768 Hrs
Task: Connect to Linux instance. Get familiar with Instance launch process.
chmod 400 keypair ==> Works only in Linux. For windows use Github option.
whoami --> tells us as what user we are working.
sudo --> allow user to execute the command with root level permissions
sudo su --> Switch to root user
exit --> Exit from root user to ec2 - user
clear --> Clear the screen
ls --> List the files/folders
ls -a --> List all including hidden files
pwd --> print work directory
mkdir --> create a Directory/Folder
touch --> 0 bytes file/ plain file
cd --> change directory
rmdir --> remove empty directory
rm -rf foldername/ --> Delete a directory that contains files
copy and paste: cp
cut and paste: mv
Book:
Comments
Post a Comment