# AWS CLOUD PRACTITIONER CERTIFICATION

## 1. WHAT IS CLOUD COMPUTING?

**SERVER**
* CPU (Compute)
* RAM (Memory)
* Data (Storage) 
* Database (Store data in structured way)
* Network (Cables, routers and servers connected with each other)
* Router (A networking device that forwards data packets between computer networks. They know where to send your packets on the internet)
* Switch (Takes a packet and send it to the correct server/client on your network)

<br>

**PROBLEMS WITH TRADITIONAL IT APPROACH**
* Pay for the rent for the data center
* Pay for power supply, cooling, maintenance 
* Adding and replacing hardware takes time
* Scaling is limited 
* Hire 24/7 team to monitor the infrastructure 
* How to deal with disasters? (earthquake, power shutdown, fire)

<br>

**CLOUD COMPUTING**
* On demand delivery of compute power, database storage, applications, IT services
* Pay-as-you-go pricing  
* Provision exactly the right type and size of computing resources you need
* Access many resources as you need, almost instantly
* Simply way to access servers, storage, databases and set of application services

<br>

**DEPLOYMENT MODELS OF THE CLOUD**
* *PRIVATE CLOUD*: 
  * Cloud used by single organization, not exposed to the public
  * Complete control
  * Security for sensitive application
  * Meet specific business needs
* *PUBLIC CLOUD*:
  * Cloud resources owned and operated by a third-part cloud service provider delivered on the internet
  * 6 advantages of cloud computing  
* *HYBRID CLOUD*:
  * Keep some servers on premises and extend some capabilities to the cloud
  * Control over sensitive assets in your private infrastructure
  * Flexibility and cost effectiveness of the public cloud  

<br>

**THE 5 CHARACTERISTICS OF CLOUD COMPUTING** 
* *On demand self service*: Users can provision resources and use them without human interaction from the service provider
* *Broad network access*: Resources available over the network
* *Multi-tenancy and resource pooling*: Multiple customers can share the same infrastructure with security and privacy and they are serviced from the same physical resources
* *Rapid elasticity and scalability*: Automatically and quickly acquire and dispose resources when needed and easily scale based on demand
* *Measured service*: Usage is measured, users pay correctly for what they have used

<br>

**THE 6 ADVANTAGES OF CLOUD COMPUTING**
* *Trade capital expense (CAPEX) for operational expense (OPEX)*: Pay on demand, don't own hardware and reduce total cost of ownership
* *Benefit from massive economies of scale*: Prices are reduced as AWS is more efficient due to large scale
* *Stop guessing capacity*: Scale based on actual measured usage
* *Increase speed and agility*
* *Stop spending money running and maintaining data centers*
* *Go global in minutes*

<br>

**PROBLEMS SOLVED BY THE CLOUD**
* *Flexibility*: Change resource types when needed
* *Cost-Effectiveness*: Pay as you go for what you use
* *Scalability*: Accomodate larger loads by making hardware stronger or adding additional nodes
* *Elasticity*: Ability to scale out and scale-in when needed
* *High available and fault tolerance*: Build across data centers
* *Agility*: Rapidly develop, test and launch software application

<br>

**TYPES OF CLOUD COMPUTING**
* *Infrastructure as a Service (EC2)*:
  * Provide bulding blocks for cloud IT
  * Provides networking, computers, data storage space
  * Highest level of flexibility
  * Easy parallel with traditional on-premises IT
* *Platform as a Service (Elastic Beanstalk)*:
  * Removes the need for your organization to manage the underlying infrastructure
  * Focus on the deployment and management of your applications
* *Software as a Service (Rekognition, Google Maps)*:
  * Completed product that is run and managed by the service provider

<br>

**PRICING OF THE CLOUD**
* *Compute*: Pay for compute time
* *Storage*: Pay for data stored in the Cloud
* *Data Transfer OUT*: Data transfer IN is free

<br>

**AWS GLOBAL INFRASTRUCTURE**
* *AWS REGION*
  * Region all around the world (us-east-1, eu-west-3)
  * Cluster of data centers
  * Most AWS services are region-scoped (*IAM*, *Route 53*, *WAF*: examples of global services)
  * Choose the region according to the data governance and legal requirements
  * Proximity to customers to reduce latency
  * Available services within a region
  * Pricing which can vary from a region to another

<br>

* *AWS AVAILABILITY ZONES*
  * Each region has many availability zones (min 2, max 6, usually 3)
  * Each AZ is one or more discrete data centers with redundant power
  * They're isolated from disasters
  * They're connected with high bandwidth, ultra-low latency

<br>

* *AWS POINT OF PRESENCE (EDGE LOCATIONS)*
  * Amazon has 216 points of presence in 84 cities and 42 countries
  * Content is delivered to end user with lower latency  




## 2. IAM SECTION

**IAM: Identity and Access Management**
* *USERS*: They are people within your organization and can be grouped. There is a root account created by default and it shouldn't be used or shared.
* *GROUPS*: They only contains users, not other groups and users don't have to belong to a group and can belong to multiple groups.
* *POLICIES*: Users or groups can be assigned JSON documents called policies. These policies define the permission of the users. In AWS you apply the least privilege principle, don't give more permission than a user needs.
* *SECURITY*: Password policy + MFA (Multi Factor Authentication).
* *AWS CLI*: Manage your AWS services by the command line. Direct access to the public APIs of AWS services. Alternative to AWS Management Console.
* *AWS SDK*: Manage your AWS services using a programming language (Software Development Kit) with language specific APIs.
* *Access Keys*: To access AWS using the CLI or SDK. They are generated through the AWS Management Console and they are like a password.
* *IAM ROLES*: They are just like a user but they are intended to be used not by physical people but instead they will be used by AWS services that need to perform actions on your behalf (EC2, Lambda).
* *IAM SECURITY TOOLS*: IAM Credentials Report that lists all your account's users and the status of the various credentials and IAM Access Advisor which shows the service permissions granted to a user and when those services were last accessed. 

## 3. EC2 SECTION

**EC2: Elastic Compute Cloud**

<br>

**EC2**

It mainly consists in the capability of:
* Renting virtual machines (EC2)
* Storing data on virtual drives (EBS)
* Distributing load across machines (ELB)
* Scaling the services using an auto-scaling group (ASG)

**EC2 Configuration**
* Operating System: Linux, Windows or MacOS
* How much compute power & cores (CPU)
* How much random-access memory (RAM)
* How much storage space:
  * Network attached (EBS & EFS)
  * Hardware (EC2 Instance Store)
* Network Card: speed of the card, Public IP address
* Bootstrap script (configure at first launch): EC2 User Data  

**EC2 Instance Types**

* m5.2xlarge (e.g.):
  * *m*: Instance class
  * *5*: Generation (AWS improves over time)
  * *2xlarge*: Size within the instance class
* *General Purpose*: Great for a diversity of workloads such as web servers or code repositories. Balance between compute, memory and networking.
* *Compute Optimized*: Great for compute intensive tasks that require high performance processors as batch processing workloads, scientific model and machine learning or gaming servers.
* *Memory Optimized*: Fast performance for workloads that process large data sets in memory as high perf relational/non-relational databases or distributed web scale cache stores.
* *Storage Optimized*: Great for storage intensive tasks that require high, sequential read and write access to large data sets on local storage as cache for in memory databases (Redis).

**EC2 Security Groups**

Security groups are acting as a firewall on EC2 instances, they control how traffic is allowed into or out our EC2 instances. Security groups only contain allow rules and can reference by IP or by security group. They regulate:

* Access to ports
* Authorized IP ranges - IPv4 and IPv6
* Control of inbound network (from other to instance, blocked by default)
* Control of outbound network (from instance to other, authorized by default)

**EC2 User Data**

It's possible to bootstrap (launching commands when a machine start) our instances using an EC2 User Data script. That script is only run once at the instance first start and it run with the root user. It's used to automate boot tasks such as:
* Installing updates
* Installing software
* Downloading common files from internet
* Anything you can think of

**SSH**

It allows you to control a remote machine, all using the command line. We can configure all the parameters using the free tool "Putty".

**Purchasing Options**

* *EC2 On-Demand Instances*: Linux/Windows billing per seconds after the first minute, otherwise billing per hour. Has the highest cost but no upfront payment. No long-term commitment and recommended for short term and un-interrupted workloads.
* *EC2 Reserved Instances*: Uo to 72% discount (compared to on-demand). You reserve a specific instance attributes (instance type, region, tenancy, OS) with a reservation period of 1 or 3 years with different payment options:
  * No Upfront (+)
  * Partial Upfront (++)
  * All Upfront (+++)
You can reserve an instance scope, regional or zonal and it's recommended for steady-state usage applications (db) and you can buy and sell in the Reserved Instance Marketplace.
* *EC2 Convertible Reserved Instance*: Can change EC2 instance type, instance family, OS, scope and tenancy and you can get up to 66% of discount.
* *EC2 Saving Plans*: Get a discount based on long-term usage and commit to a certain type of usage (e.g. $10/hour for 1/3 years), usage beyond EC2 Saving Plans is billed at the on-demand rate. It's flexible across instance size, OS and tenancy.
* *EC2 Spot Instances*: Instances that you can lose at any point of time if your max price is less than the current spot price. It's the most cost-efficient instances in AWS and you can get a discount of up to 90% compared to on-demand. It's useful for workload that are resilient to failure as batch jobs, data analysis or image processing and it's not suitable for critical jobs or databases.
* *EC2 Dedicated Hosts*: A physical server with EC2 instance capacity fully dedicated to your use, that's the most expensive option. Purchasing option:
  * On-demand: pay per second for active Dedicated Host
  * Reserved: 1 or 3 years (No/Partial/All Upfront)
* *EC2 Dedicated Instances*: Instance run on hardware that's decicated to you, you may share hardware with other instances in same account and there is no control over instance placement (can move hardware after stop/start).  
* *EC2 Capacity Reservations*: Reserve on-demand instances capacity in a specific AZ for any duration. No time commitment or billing discount. You are charged at on-demand rate whether you run instances or not. Suitable for short term, uninterrupted workloads that needs to be in a specific AZ.

**Best Purchasing Option**

* *On-Demand*: Coming and staying in resort whenever we like, we pay the full price
* *Reserved*: Like planning ahead and if we plan to stay for a long time, we may get a good discount.
* *Saving Plans*: Pay a certain amount per hour for certain period and stay in any room type (e.g. King, Suite, Sea View, etc...)
* *Spot Instances*: The hotel allows people to bid for the empty rooms and the highest bidder keeps the rooms. You can get kicked out at any time.
* *Dedicated Host*: We book an entire building of the resort.
* *Capacity Reservations*: You book a room for a period with full price even you don't stay in it.




## 4. EC2 INSTANCE STORAGE SECTION

**EBS VOLUME: Elastic Block Store**
* What is an EBS?
  * It's a network drive you can attach to your instances while they run
  * It allows your instances to persist data, even after termination
  * They can only be mounted to one instance at a time
  * They are bound to a specific availability zone: to move a volume across, you first need to snapshot it
  * Free tier = 30GB of storage (you can increase the capacity of the drive over time)
  * Analogy: Think of them as a "Network USB stick" (not a physical drive) 
* EBS Snapshots
  * *Snapshot* = Backup of your EBS volume at a point in time
  * Not necessary to detach volume to do snapshot but recommended
  * Can copy snapshots across AZ or Region
  * *EBS Snapshot Archive*: move a snapshot to an "archive tier" that is 75% cheaper but it takes within 24 to 72 hours for restoring the archive
  * You can setup rules to retain deleted snapshots so you can recover them after an accidental deletion (you can specify retention from 1 day to 1 year)

**AMI: Amazon Machine Image**
* Ready to use EC2 instances with our customization (own software, configuration, operating system, monitoring)
* AMI are built for a specific region ( and can be copied across regions)
* You can launch EC2 instances from:
  * Public AMI: AWS provided
  * Your own AMI: you make and mantain them yourself
  * AWS Marketplace AMI: AMI someone else made 
* *AMI Process*:
  * Start an EC2 instance and customize it
  * Stop the instance
  * Build an AMI - this will also create an EBS Snapshot
  * Launch instances from other AMIs

**EC2 Image Builder**
* Used to automate the creation of Virtual Machines or container images
* Automate creation, mantain, validate and test of EC2 AMIs
* Can be run on a schedule
* Free service (only pay for the underlying resources)

**EC2 Instance Store**
* EBS volumes are network drives with good but limited performance
* If you need a high performance hardware disk, use *EC2 Instance Store*
* Better I/O performance
* EC2 Instance Store lose their storage if they're stopped
* Risk of data loss if hardware fails
* Good for buffer/cache/scratch data/temporary content

**EFS: Elastic File System**
* Managed NFS (network file system) that can be mounted on 100s of EC2
* EFS works with Linux EC2 instances in multi-AZ
* Highly available, scalable, expensive, pay per use

**EFS-IA: EFS Infrequent Access**
* Storage class that is cost-optimized for files not accessed every day
* Up to 92% lower cost compared to EFS standard
* EFS will automatically move your files to EFS-IA based on last time they were accessed

**Amazon FSx**

Launch 3rd party high-performance file system on AWS
* *Amazon FSx for Windows*
  * A fully managed, highly reliable and scalable Windows native shared file system
  * Build on Windows File Server
  * Supports SMB protocol & windows NTFS
  * Integrated with Microsoft Active Directory
* *Amazon FSx for Lustre*
  * A fully managed, high-performance, scalable file storage for HPC (High Performance Computing)
  * The name "Lustre" derive from "Linux" and "cluster"
  * Machine Learning, Analytics, Video Processing, Financial Modeling...
  * Scales up to 100s GB/s, sub-ms latencies


## 5. ELASTIC LOAD BALANCING & AUTO SCALING GROUPS SECTION

**Scalability vs High Availability**
* *Scalability*
  * It means an application/system can handle greater loads by adapting
  * It's linked but different to High Availability
  * Vertical Scalability
    * It means increase the size of the instance
    * It is very common for non distributed systems, such as database
    * There's usually a limit to how much you can vertically scale (hardware limit)
  * Horizontal Scalability
    * It means increase the number of instances/systems for your application
    * It implies distributed systems
    * This is very common for web applications/modern applications
    * It's easy to horizontally scale thanks the cloud offerings such as Amazon EC2
* *High Availability*
  * It goes hand in hand with horizontal scaling
  * It means running your application in at least 2 AZs
  * The goal of high availability is to survive a data center loss (disaster)

**Scalability vs Elasticity vs Agility**
* *Scalability*: ability to accomodate a larger load by making the hardware stronger (scale up) or by adding nodes (scale out)
* *Elasticity*: once a system is scalable, elasticity means that there will be some auto-scaling so that the system can scale based on the load (cloud friendly)
* *Agility*: (distractor) new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers

**ELB: Elastic Load Balancer**
* Distribute traffic across backend EC2 instances, can be multi AZ
* Expose a single point of access (DNS) to your application
* Do regular health checks to your instances 
* It's a managed load balancer: AWS guarantees that it will be working, takes care of upgrades and maintenance and provides only a few config knobs
* Kind of load balancers offered by AWS:
  * Application Load Balancer: HTTP/HTTPS (Layer 7)
  * Network Load Balancer: ultra high-perf, TCP (Layer 4)
  * Classic Load Balancer: slowly retiring (Layer 4 & 7)

**ASG: Auto Scaling Groups**
* Implement Elasticity for your application, accross multiple AZ
* Scale EC2 instances based on the demand on your system and replace unhealthy
* Integrated with the ELB
* Scaling strategies:
  * Manual scaling: update size manually
  * Simple/Step Scaling: when a CloudWatch alarm is triggered then do something  
  * Target Tracking Scaling: e.g. I want avg ASG CPU to stay at around 40%
  * Scheduled Scaling: anticipate scaling 
  * Predictive Scaling: ML to predict future traffic ahead of time


## 6. AMAZON S3 SECTION

*Amazon S3* is one of the main building blocks of AWS, it's advertised as "infinitely scaling" storage. It has a lot of use cases as backup and storage, disaster recovery, archive, application hosting, big data analytics, software delivery and static website.

**Buckets vs Objects**
* Buckets:
  * Amazon S3 allows people to store objects (files) in "buckets" (directories)
  * They must have a globally unique name 
  * They are at the region level
  * S3 looks like a global service but buckets are created in a region
  * There is a naming convention (no uppercase/underscore, 3-63 chars long, start with lowercase or number, etc...)
* Objects:
  * Object (files) have a key which is a full path (prefix + object name) e.g. s3://my-bucket/my_file.txt
  * There is no concept of directories within buckets
  * Max size is 5000GB and if uploading more than 5GB must use multi part upload
  * Tags: useful for security/lifecycle
  * Version ID: if versioning is enabled

**S3 Security**
* User Based:
  * IAM Policies: which API calls should be allowed for a specific user from IAM
* Resource-Based:
  * Bucket Policies: bucket wide rules from the S3 console - allow cross account
  * Object Access Control List: finer grain
  * Bucket Access Control List: less common
* Note: an IAM principal can access an S3 if 
  * The user IAM permission allow it or the resource policy allows it
  * And there is no explicit deny   
* Policies:
  * JSON based policies
    * Resources: buckets and objects
    * Effect: Allow/Deny
    * Actions: Set of API to allow or deny
    * Principal: The account or user to apply the policy to
  * S3 bucket for policy:
    * Grant public access to the bucket
    * Force objects to be encrypted at upload

**S3 Websites**
* S3 can host a static websites and have them accessible on the internet
* The website URL depend on the bucket name and region         
* 403 forbidden error --> make sure the bucket policy allows public reads

**S3 Versioning**
* You can version files in Amazon S3
* It's enabled at the bucket level
* It's best practice to protect against unintended deletes and easy roll back to previous version

**S3 Replication**
* Must enable versioning in source and destination buckets
* Cross-Region Replication (CRR): lowerlatency access,replication across accounts
* Same-Region Replication (SRR): log aggregation, live replication between production and test accounts

**S3 Storage Classes**
* *S3 Standard - General Purpose*
  * 99.99% availability
  * Used for frequently accessed data
  * Low latency
  * Use case: big data analytics, mobile and game applications
* *S3 Standard - Infrequent Access (IA)*
  * For data less accessed, but requires rapid access when needed
  * Lower cost than S3 standard
  * 99.9% availability
  * Use cases: disaster recovery and backups
* *S3 One-Zone - Infrequent Access*
  * High durability (99.999999%) in a single AZ. Data lost if AZ is destroyed
  * 99.5% availability
  * Use cases: storing secondary backup copiesof on-premises data
* *S3 Glacier Instant Retrieval*
  * Low cost object storage for archiving/backup
  * Milliseconds retrieval
  * Minimum storage duration of 90 days
* *S3 Glacier Flexible Retrieval*
  * Expedited (1-5 minutes), Standard (3-5 hours), Bulk (5-12 hours)
  * Minimum storage duration of 90 days
* *S3 Glacier Deep Archive*
  * Standard (12 hours), Bulk (48 hours)
  * Minimum storage duration of 180 days
* *S3 Intelligent Tiering*
  * Small monthly monitoring and auto tiering fee
  * Moves objects automatically between Access Tiers based on usage

**AWS Snow Family**

Highly-secure, portable devices to collect and process data at the edge, and migrate data into and out of AWS. Offline devices to perform data migrations

* Data Migration:
  * AWS Snowball Edge 
    * Physical data transport solution, move TBs or PBs of data in or out of AWS
    * Altenative to moving data over the network 
    * Pay per data transfer job
    * Types:
      * Snowball Edge Storage Optimized: 80 TB of HDD capacity for block volume
      * Snowball Edge Compute Optimized: 42 TB of HDD capacity for block volume
    * Use cases: large data cloud migrations, disaster recovery  
  * AWS Snowcone
    * Small (2kg), portable computing, secure, withstands harsh environments   
    * Used for edge computing, storage (8 TBs) and data transfer 
    * Use Snowcone when Snowball does not fit (space-constrained)
    * Must provide your own battery
  * AWS Snowmobile
    * Transfer exabytes of data (1 EB = 1K PBs = 1M TBs)
    * Each snowmobile has 100 PB of capacity
    * High security: temperature controlled, GPS, 24/7 video surveillance
    * Better than Snowball if you transfer more than 10 PB
* Edge Computing:
  * Process data while it's being created on an edge location (track, ship, etc...)
  * These location may have no internet access or no easy access to computing power
  * We setup a Snowball Edge/Snowcone device to do edge computing
  * Use cases: Preprocess data, ML at the edge, transcoding media streams
  * Types:
    * Snowcone: 2 CPUs, 4GB of memory
    * Snowball Edge - Compute Optimized: 52 CPUs, 208GB of RAM, optional GPU
    * Snowball Edge - Storage Optimized: 40 CPUs, 80GB of RAM, object storage clustering available

**AWS OpsHub**
  * Historically to use Snow Family devices, you needed a CLI 
  * Today you can use OpsHub, a software you install on your computer, to manage your Snow Family devices

**AWS Storage Gateway**
* Bridge between on-premise data and cloud data in S3
* Hybrid storage service to allow on-premises to seamlessly use the AWS Cloud
* Use cases: disaster recovery, backup & restore, tiered storage      



## 7. DATABASES SECTION

Storing data on disk (EFS, EBS, EC2 Instance Store, S3) can have its limits. Sometimes you want to store data in a database to structure the data and build indexes to efficiently query/search through the data

**Relational Databases**
* AWS RDS (Relational Database Service)
  * It's a managed DB service for DB, it uses SQL as a query language
  * It allows you to create databases in the cloud that are managed by AWS
    * Postgres
    * MySQL
    * MariaDB
    * Microsoft SQL Server
    * AWS Aurora
  * Automatic provisioning and OS patching
  * Continuous backups and restore to specific timestamp
  * Multi AZ for DR (disaster recovery)
  * Scaling capability (vert & horiz)
* AWS Aurora
  * Not open sourced
  * PostgreSQL and MySQL are both supported as Aurora DB
  * Aurora is AWS cloud optimized
  * Aurora storage automatically grows up to 64GB
  * It costs more than RDS (20% more) but it's more efficient
  * Not in the free tier

**ElastiCache**
* Same as RDS but for Redis or Memcached
* Caches are in-memory databases with high performance and low latency
* Helps reduce load off databases for read intensive workloads

**DynamoDB**
* Fully managed highly available with replication across 3 AZ
* NoSQL database
* Scales to massive db, distributed serverless db
* Millions of requests per seconds, trillions of rows, 100s TB of storage
* Single digit milliseconds latency
* Integrated with IAM
* Low cost and auto scaling
* *DynamoDB Accelerator (DAX)*
  * Fully managed in memory cache for DynamoDB
  * 10x performance improvement 
  * Secure, highly scalable and available
  * It's only used for and is integrated with DynamoDB

**Redshift**
* It's based on PostgreSQL but it's not for OLTP (Online Transaction Processing)
* It's OLAP (Online Analytical Processing)
* Load data every hour (not seconds)   
* 10x better performance than other warehouses
* Columnar storage of data (instead of rows)
* Has SQL interface
* BI (business intelligence) tools such as AWS Quicksight or Tableau integrate with it

**Amazon EMR (Elastic MapReduce)**
* EMR helps creating Hadoop clusters (Big Data) to analyze and process vast amount of data
* The cluster can be made of hundreds of EC2 instances
* Also supports Apache Spark, HBase, Presto, etc...
* EMR takes care of all the provisioning and configuration
* Use cases: data processing, ML, web indexing, big data, etc...

**Amazon Athena**
* Serverless query service to analyze data stored in Amazon S3
* Uses standard SQL language to query the files
* Supports CSV, JSON, ORC, Avro, etc...
* Pricing: 5.00$ per TB of data scanned
* Use compressed or columnar data for cost-savings

**Amazon QuickSight**
* Serverless ML powered business intelligence service to create interactive dashboards
* Integrated with RDS, Aurora, Athena, RedShift, S3, etc...

**DocumentDB**
* It's Aurora but for MongoDB (NoSQL database)

**Amazon Neptune**
* Fully managed graph database
* A popular graph database would be a social network, it's great for knowledge graph (wikipedia), fraud detection
* Build and run applications working with highly connected datasets
* Available across 3 AZ, with up to 15 read replicas

**Amazon QLDB (Quantum Ledger Database)**
* A ledger is a book recording financial transactions
* Used to review history of all the changes made to your application data over time
* Immutable system: no entry can be removed or modified, cryptographically verifiable
* 2-3x better performance than common ledger

**Amazon Managed Blockchain**
* Blockchain makes it possible to build applications where multiple parties can execute transactions without the need for a trusted, central authority
* Join public blockchain networks
* Create your own scalable private network
* Compatible with the frameworks Hyperledger Fabric and Ethereum 

**AWS Glue**
* Managed extract, transform and load (ETL) service
* Useful to prepare and transform data for analytics
* Fully serverless service

**DMS (Database Migration Service)**
* Quickly and securely migrate databases to AWS, resilient and self healing
* The source database remains available during the migration
* Also supports heterogeneous migrations (e.g. Microsoft SQL Server to Aurora)


## 8. OTHER COMPUTE SERVICES SECTION

**Docker**
* It's a software development platform to deploy apps
* Apps are packaged in containers that can be run on any OS
* Apps runs the same, regardless of where they run
  * Any machine
  * No compatibility issues
  * Predictable behaviour
  * Less work
  * Works with any languages, any OS, any technology
* Scale containers up and down very quickly (seconds)
* Docker images are stored:
  * Public: DockerHub
  * Private: Amazon ECR (Elastic Container Registry)

**ECS (Elastic Container Service)**
* Launch Docker containers on AWS
* You MUST provision & mantain the infrastructure (the EC2 instances)
* AWS takes care of starting/stopping containers

**Fargate**
* Launch Docker containers on AWS
* You DON'T provision the infrastructure (no EC2 instances to manage) - simpler!
* Serverless offering
* AWS just runs containers for you based on the CPU/RAM you need

**ECR (Elastic Container Registry)**
* Private Docker registry on AWS
* This is where you store your Docker images so they can be run by ECS or Fargate

**AWS Batch**
* Fully managed batch processing at any scale
* A "batch" job is a job with a start and an end (opposed to continuous)
* AWS Batch will dynamically launch EC2 instances or Spot Instances
* AWS Batch provisions the right amount of compute/memory
* Batch jobs are defined as Docker Images and run on ECS

**Amazon Lightsail**
* Predictable and low pricing for simple application & DB stacks
* Great for people with little cloud experience (alternative to EC2, RDS, ELB, EBS, Route 53, etc...)
* Use cases: simple web applications, websites, dev/test environment

**AWS Lambda**
* Virtual functions - no servers to manage!
* Limited by time - short executions
* Run on-demand
* Scaling is automated
* Event-driven: functions get invoked by AWS when needed
* Billing (in general very cheap):
  * By the time run x by the RAM provisioned
  * By the number of invocations
* Language support: Node.js, Python, Java, C#, Ruby, Golang
* API Gateway: expose Lambda functions as HTTP API
* Use cases:
  * Create Thumbnails for images uploaded onto S3
  * Run a Serverless cron job (CloudWatch Events EventBridge ---> (trigger every 1 hour) ---> AWS Lambda function perform a task)



    

## 9. DEPLOYING & MANAGING INFRASTRUCTURE AT SCALE SECTION

**--- DEPLOYMENT ---**

**CloudFormation**
* It's a declarative way of outlining your AWS Infrastructure, for any resources
* E.g. you can create a security group, 2 EC2 instances, a S3 bucket and a load balancer (ELB), the cloudformation creates those for you, in the right order,with the exact configuration that you specify
* AWS CloudFormation has a lot of benefits:
  * *Infrastructure as a code*: no resources are manually created, good for control
  * *Cost*: each resources within the stack is tagged with an identifier so you can easily see how much a stack costs you and you can estimate the cost using CloudFormation template
  * *Productivity*: ability to destroy and create an infrastructure on the cloud on the fly
  * *Don't re-invent the wheel*: leverage existing templates on the web and the documentation

**AWS Elastic Beanstalk**
* It's a developer centric view of deploying an application on AWS
* Platform as a Service (PaaS), limited to certain programming language or Docker
* Deploy code consistently with a know architecture: e.g. ALB+EC2+RDS
* Responsability of the developer: just the application code

**AWS CodeDeploy**
* Deploy our application automatically
* It works with:
  * EC2 instances
  * On-premises servers
  * Hybrid service

**AWS SSM (Systems Manager)**
* Helps you manage your EC2 and on-premises systems at scale  
* Most important features:
  * Patching automation for enhanced compliance
  * Run commands across an entire fleet of servers
  * Store parameters configuration with the SSM Parameter Store

**AWS OpsWorks**
* Managed Chef & Puppet
* Chef & Puppet help you perform server configuration automatically or repetitive actions
* It's an alternative to AWS SSM  

<br>

**--- DEVELOPER SERVICES ---**

**AWS CodeCommit**
* Store code in private git repository (version controlled)
* CodeCommit is the AWS competing product to GitHub

**AWS CodeBuild**
* Compiles source code, run tests, and produces packages that are ready to be deployed 

**AWS CodePipeline**
* Orchestration of pipeline to have the code automatically pushed to production (code -> build -> test -> provision -> deploy)

**AWS CodeArtifact**
* It stores software packages/dependencies on AWS
* Software packages depend on each other to be built (dependencies)
* Developers and CodeBuild can then retrieve dependencies straight from CodeArtifact

**AWS CodeStar**
* Unified UI to easily manage software development activities in one place 

**AWS Cloud9**
* It's a cloud IDE for writing, running and debugging code
* It also allows for code collaboration in real-time (pair programming)

**AWS CDK (Cloud Development Kit)**
* Define your cloud infrastructure using a programming language
* The code is compiled into a CloudFormation template
* You can therefore deploy infrastructure and application runtime code together (great for Lambda functions and Docker containers in ECS)
      


## 10. GLOBAL INFRASTRUCTURE SECTION

**Global AWS Infrastructure**
* A global application is an application deployed in multiple geographies (Regions or Edge Locations) and it's good for decreased latency, disaster recovery and attack protection
* It's composed of:
  * *Regions*: for deploying applications and infrastructure
  * *AZ*: made o multiple data centers
  * *Edge Locations*: for content delivery as close as possible to users

<br>  

**--- GLOBAL APPLICATIONS IN AWS ---**   

**Route 53 - Global DNS**
* Route 53 is a Managed DNS (Domain Name System). DNS is a collection of rules and records which helps clients understand how to reach a server through URLs.
* Great to route users to the closest deployment with least latency
* Great for disaster recovery strategies

**CloudFront - Global CDN (Content Delivery Network)**
* Improves read performance, content is cached at the edge
* Replicate part of your application to AWS Edge Locations - decrease latency
* Cache common requests - improved user experience and decreased latency
* DDoS protection (because worldwide), integration with Shield, AWS Web Application Firewall

**S3 Transfer Acceleration**
* Accelerate global uploads and downloads into Amazon S3

**AWS Global Accelerator**
* Improve global application availability and performance using the AWS global network
* Leverage the AWS internal network to optimize the route to your application (60% improvement)
* 2 Anycast IP are created for your application and traffic is sent through Edge Locations

**AWS Outposts**
* Low latency access to on-premises systems
* Local data processing
* Data residency
* Fully managed service
* Easier migration from on-premises to the cloud

**AWS WaveLength**
* Brings AWS services to the edge of the 5G networks
* Ultra low latency applications

**AWS Local Zones**
* Places AWS compute, storage, database and other selected AWS services closer to end user to run latency-sensitive applications 
* Extend your VPC to more locations - "Extension of an AWS Region"


## 11. CLOUD INTEGRATION SECTION

Synchronous between applications can be problematic if there are sudden spikes of traffic. What if you need to suddenly encode 1000 videos but usually it's 10? In this case is better to decouple your applications using:
* SQS: queue model
* SNS: pub/sub model
* Kinekis: real time data streming model

<br>

"Decouple": IT systems should be designed in a way that reduces interdependencies - a change or failure in one component should not cascade to other components

<br>

**Amazon SQS**
* Queue service in AWS
* Multiple producers,messagers are kept up to 14 days
* Multiple consumers share the read and delete messages when done
* Used to decouple applications in AWS
* From 1 to 10,000 messages per second

**Amazon SNS**
* Notification service in AWS
* Subscribers: Email, Lambda, SQS, HTTP
* Each subscriber to the topic will get all the messages 
* Up to 12,500,000 subscriptions per topic, 100,000 topics limit

**Amazon Kinesis**
* Real-time big data streaming
* Managed service to collect, process and analyze real-time streaming data at any scale

**Amazon MQ**
* It's a managed message broker service for RabbitMQ and ActiveMQ
* SQS and SNS are cloud-native services of AWS
* Traditional applications running from on-premises may use open protocols such as: MQTT, AMQP, STOMP, Openwire
* When migrating to the cloud, instead of re-engineering the applications to use SQS and SNS, we can use Amazon MQ

## 12. CLOUD MONITORING SECTION

**Amazon CloudWatch**

*  **AWS CloudWatch Metrics**
  * It provides metrics for every services in AWS
  * It has timestamps and you can create dashboards of metrics
  * Examples of important metrics:
    * EC2 instances: CPU utilization, Status checks
    * EBS volumes: Disk read/writes
    * S3 buckets: BucketSizeBytes, NumberOfObjects
    * Billing: Total estimated charge

*  **AWS CloudWatch Alarms**
  * It's used to trigger notifications for any metric
  * Examples of alarms actions:
    * Auto scaling: increase or decrease EC2 instances desired count
    * EC2 Actions: stop, terminate, reboot or recover an EC2 instance
    * SNS Notification: send a notification into an SNS topic

* **AWS CloudWatch Logs**
  * Collect log files from EC2 instances, servers, Lambda functions, etc...
  * Enables real time monitoring of logs

* **AWS CloudWatch Events**
  * React to events in AWS, or trigger a rule on a schedule

<br>

**AWS CloudTrail**
* Audit API calls made within your AWS account
* It's enabled by default
* Get an history of events/API calls made by console, SDK, CLI or AWS Services

**AWS X-Ray**
* Trace requests made through your distributed applications
* Understand dependencies in a microservice architecture

**AWS CodeGuru**
* An ML-powered service for automated code reviews and application performance recommendations 

**AWS Service Health Dashboard**
* Shows all regions, all services health
* Shows historical information for each day

**AWS Personal Health Dashboard**
* It provides alerts and remediation guidance when AWS is experiencing events that may impact you


## 13. VPC SECTION

**VPC (Virtual Private Cloud)**
* *VPC*: private network to deploy your resources (regional resource)
* *Subnets*: allow you to partition your network inside your VPC (AZ resource)
* *Internet Gateway*: helps our VPC instances connect with the internet
* *NAT Gateway/Instances*: give internet access to your private subnets
* *NACL*: a firewall which controls traffic from and to subnet with allow and deny rules
* *Security Groups*: a firewall that controls traffic to and from an EC2 instance but can only have allow rules
* *VPC Peering*: connect 2 VPC with non overlapping IP ranges, nontransitive
* *VPC Endpoints*: endpoints allow you to connect to AWS Services using a private network instead of the public www network, lower latency and higher security
* *AWS PrivateLink*: privately connect to a service in a 3rd party VPC. Most secure & scalable way to expose a service to 1000s of VPCs
* *VPC Flow Logs*: network traffic logs
* *Site to site VPN*: connect an on-premises VPN to AWS over the public internet
* *Direct Connect (DX)*: connect an on-premises VPN to AWS over a private network
* *AWS ClientVPN*: connect from your computer using OpenVPN to your private network in AWS and on-premises over public internet
* *Transit Gateway*: connect thousands of VPC and on-premises networks together

## 14. SECURITY & COMPLIANCE SECTION

**AWS Shared Responsability Model**
* AWS responsability - Security of the cloud:
  * Protecting infrastructure that runs all the AWS services (hardware, software, facilities and networking)
  * Managed service like S3, DynamoDB, RDS, etc...
* Customer responsability - Security in the cloud:
  * For EC2 instance, customer is responsible for management of the guest OS, firewall & network configuration, IAM, etc...
  * Encrypting application data

**AWS Shield**
* Automatic DDoS protection + 24/7 support and protection for more sophisticated attack for AWS Shield Advanced

**AWS WAF (Web Application Firewall)**
* Firewall to filter incoming requests based on rules 
* Protects your web apps at layer 7 (HTTP)

**AWS KMS (Key Management Service)**
* It manages the encryption keys for us
* Anytime you hear "encryption" for AWS service , it's most likely KMS

**CloudHSM (Hardware Security Model)**
* AWS provisions encryption hardware
* You manage your own encryption keys entirely

**AWS ACM (Certificate Manager)**
* Let's you easily provision, manage and deploy SSL/TLS Certificates
* Free of charge for public TLS and automatic TLS certificate renewal

**AWS Artifact**
* Portal that provides customers with on-demand access to AWS compliance documentation and AWS agreements

**Amazon GuardDuty**
* Intelligent threat discovery to protect AWS accounts
* Find malicious behaviour with VPC, DNS & CloudTrail Logs
* Uses ML algorithms, anomaly detection, 3rd party data
* Can protect against CryptoCurrency attacks

**Amazon Inspector**
* For EC2 only - Install agent and find vulnerabilities
* A risk score is associated with all vulnerabilities for prioritization

**AWS Config**
* Helps with auditing and recording compliance of your AWS resources
* Helps record configurations and changes over time

**AWS Macie**
* It's a fully managed data security and data privacy service that uses ML and pattern matching to discover and protect your sensitive data in AWS
* It helps identify and alert you to sensitive data, such as personally identifiable information (PII)

**AWS Security Hub**
* Central security tool to manage security across several AWS accounts and automate security checks
* Integrated dashboards showing current security and compliance status to quickly take actions
* Automatically aggregates alerts from various AWS services (GuardDuty, Macie, inspector, IAM Access Analyzer, etc...)

**Amazon Detective**
* It analyzes, investigates and quickly identifies the root cause of security issues or suspicious activities using ML and graphs

**AWS Abuse**
* Report suspected AWS resources used for abusive or illegal purposes
* Abusive behaviors are:
  * Spam
  * DoS or DDoS attacks
  * Intrusion attempts
  * Distributing malware
  
<br>

**ROOT USER PRIVILEGES**
* It's the account owner and has complete access to all AWS services and resources. Don't use the root account for everyday tasks
* Actions that can be performed only by root account:
  * Change account settings
  * View certain tax invoices
  * Close your AWS account
  * Restore IAM permission
  * Change or cancel your AWS Support plan
  * Register as a seller in the Reserved Instance MarketPlace  




## 15.MACHINE LEARNING SECTION

**Amazon Rekognition**
* Face detection, labeling, face search and verification for user verification or people counting

**Amazon Transcribe**
* Automatically convert speech to text
* Uses ASR (Automatic Speech Recognition)
* Automatically remove personally identifiable information (PII)

**Amazon Polly**
* Automatically convert text to audio
* Allowing you to create application that talk

**Amazon Translate**
* Natural and accurate language translation

**Amazon Lex**
* Builds chatbots, call center bots

**Amazon Connect**
* Receive calls, create contact flows, 80% cheaper than traditional contact center solutions. It's a cloud contact center

**Amazon Comprehend**
* Uses Natural Language Processing (NLP)
* Uses ML to find insights and relationships in text 
* Extract key phrases, understand how positive or negative a text is, organizes a collection of text files by topic

**Amazon SageMaker**
* Fully managed service for data scientist to build ML models

**Amazon Forecast**
* Fully managed service that uses ML to deliver highly accurate forecasts
* Reduce forecast time from months to hours

**Amazon Kendra**
* Fully managed document search service powered by ML
* Extract answers from within a document (text, pdf, HTML, FAQs, Word)

**Amazon Personalize**
* Fully managed ML-service to build apps with real time personalized recommendations
* Integrates inot existing websites, applications, SMS, email marketing systems

**Amazon Textract**
* Extracts text, handwriting and data from any scanned documents using ML
* Read and process any type of document (pdf, images, etc...)



## 16. ACCOUNT MANAGEMENT, BILLING & SUPPORT SECTION

**AWS Organizations**
* Allows to manage multiple AWS accounts (Global service)
* Cost benefits: single payment across all accounts and pricing benefits from aggregated usage
* API is available to automate AWS account creation
* You can create accounts per department, per cost center, per dev/test/prod, based on regulatory restrictions, etc...

**SCP (Service Control Policies)**
* Restrict account power 
* Whitelist or blacklist IAM actions
* It's applied to all the users and roles of the account, including root user
* Use cases:
  * Restrict access to certain services 
  * Enforce PCI compliance by explicity disabling services

**AWS Control Tower**
* Easy way to set up and govern a secure and compliant multi-account AWS environment based on best practice
* Benefits:
  * Automate the setup of your environment
  * Automate ongoing policy management using guardrails
  * Detect policy violations and remediate them
  * Monitor compliance through an interactive dashboard

<br>

**----- BILLING -----**

**Pricing Models**
* *Pay as yo go*: pay for what you use, remian agile, meet scale demand
* *Save when you reserve*: minimize risks, predictably manage budgets, comply with long-terms requirements
* *Pay less by using more*: volume based discount
* *Pay less as AWS grows*

**Free Services & Free Tier in AWS**
* IAM
* VPC
* Consolidated billing
* You only pay for the resources created:
  * Elastic Beanstalk
  * CloudFormation
  * Auto Scaling Groups
* Free tier:
  * EC2 t2.micro instance for a year
  * S3, EBS, ELB, AWS data transfer

**Compute Pricing**
* EC2
  * Only charged for what you use
  * Number of instances
  * Instance config: physical capacity, region, OS and software, instance type and size
  * ELB running time and amount of data processed
  * Detailed monitoring
  * *On-demand instances*:
    * Minimum of 60s
    * Pay per second (Linux/Windows) or per hour (other)
  * *Reserved instances*:
    * Up to 75% discount compared to on-demand
    * 1-3 years commitment
    * All upfront, partial upfront, no upfront
  * *Spot instances*:
    * Up to 90% discount compared to on-demand
    * Bid for unused capacity
  * *Dedicated host*:
    * On-demand
    * Reservation for 1-3 years commitment
  * *Savings plans*
* Lambda
  * Pay per call
  * Pay per duration
* ECS
  * No additional fees, you pay for AWS resources stored and created in your application
* Fargate
  * Pay for CPU and memory resources allocated to your applications in your containers

**Storage Pricing**
* S3
  * Storage class: S3 standard, S3 infrequent access, S3 one-zone IA, S3 intelligent tier, S3 glacier
  * Number, size of objects and type of request
  * Data transfer out of the S3 region
  * S3 transfer acceleration
* EBS
  * Volume type
  * Storage volume in GB per month provisioned
  * IOPS
  * Snapshots: added cost per GB per month
  * Data transfer: outbound (inbound is free)

**Database Pricing**
* RDS
  * Per hour billing
  * Db characteristics: engine, size, memory class
  * Purchase type: on-demand, reserved instances (optional upfront)
  * Additional storage (per GB per month)
  * Number of input/output requests per month
  * Deployment type (single AZ or multiple AZ) 
  * Data transfer (outbound, inbound is free)  

**Savings Plan**
* Commit a certain $ amount per hour for 1-3 years, it's the easiest way to setup long-term commitments on AWS
* EC2 Savings Plan
  * Up to 72% discount compared to on-demand
  * Commit to usage of individual instance families in a region
  * All upfront, partial upfront, no upfront
* Compute Savings Plan
  * Up to 66% discount
  * Regardless of family, region, size, OS, tenancy, compute options
  * Compute options: EC2, Fargate, Lambda
* ML Savings Plan
  * SageMaker

**AWS Compute Optimizer**
* Reduce costs and improve performance by  recommending optimal AWS resources for your workloads
* Helps you choose optimal configuration and right-size your workloads
* Uses ML to analyze your resources config and their utilization CloudWatch metrics
* Lower your costs by up to 25%

**AWS Pricing Calculator**
* Estimate the cost of your solution architecture

**AWS Billing Dashboard**
* Tracking costs
* High level overview + free tier dashboard

**Cost Allocation Tags**
* Tracks your AWS costs on a detailed level
* AWS generate tags automatically, they're applied to the resources you create
* Tags can be also defined by the user
* Tags are used for organizing resources and can be used to create Resource Groups

**Cost and Usage Reports**
* The most comprehensive dataset of AWS cost and usage including metadata, pricing and reservations

**Cost Explorer**
* Visualize, understand and manage your AWS costs and usage over time
* Forecast usage up to 12 months based on previous usage

**Billing Alarms**
* Billing data metrics is stored in CloudWatch us-east-1
* Track overall and per-service billing

**AWS Budget**
* Create budget and send alarms when costs exceeds the budget
* Advanced usage tracker
* For reserved instances:
  * Track utilization
  * Supports EC2, ElastiCache, RDS, Redshift
* 2 budgets are free, then $0.02/day/budget

**AWS Trusted Advisor**
* Analyze your AWS accounts and provides recommendation on 5 categories:
  * Cost optimization
  * Performance
  * Security
  * Fault tolerance
  * Service limits

<br>  

**----- AWS SUPPORT PLANS PRICING -----**

**AWS Basic Support Plan**
* *Customer service and communities*: 24x7 access to customer service, documentation, whitepapers and support forums
* *AWS Trusted Advisor*: Access the 7 core Trusted Advisor checks (S3 bucket permission, Security groups, IAM, MFA on root, EBS public snapshot, RDS public snapshot, Service limits) to provision your resources following best practices to increase performance and improve security
* *AWS Personal Health Dashboard*: A personalized view of the health of AWS services and alerts when your resources are impacted

**AWS Developer Support Plan**
* All Basic Support Plan
* Business hours email access to Cloud Support Associated
* Unlimited cases / 1 primary contact
* Case severity / response times:
  * General guidance: < 24 business hours
  * System impaired: < 12 business hours

**AWS Business Support Plan (24/7)**
* Intended to be used if you have production workloads
* Trusted Advisor: full set of checks + API access
* 24x7 phone calls, emails and chat access to cloud support engineers
* unlimited cases/contacts
* Case severity / response times:
  * General guidance: < 24 business hours
  * System impaired: < 12 business hours
  * Production system impaired: < 4 hours
  * Production system down: < 1 hour

**AWS Enterprise On-Ramp Support Plan (24/7)**
* Intended to be used if you have production or business critical workloads
* All Business Support Plan
* Access to a pool of TAM (Technical Account Managers)
* Concierge Support Team (for billing and account best practices)
* Infrastructure Event Management, Weel-Architected and Operations Reviews
* Case severity / response times:
  * General guidance: < 24 business hours
  * System impaired: < 12 business hours
  * Production system impaired: < 4 hours
  * Production system down: < 1 hour
  * Business-critical system down: < 30 minutes

**AWS Enterprise Support Plan (24/7)**
* Intended to be used if you have mission critical workloads
* Access to a designed TAM (Technical Account Managers)
* All AWS Enterprise On-Ramp Support Plan
* Case severity / response times:
  * General guidance: < 24 business hours
  * System impaired: < 12 business hours
  * Production system impaired: < 4 hours
  * Production system down: < 1 hour
  * Business-critical system down: < 15 minutes  





## 17. ADVANCED IDENTITY SECTION

**AWS STS (Security Token Service)**
* Enables you to create temporary, limited-privileges credentials to access your AWS resources
* Short term credentials: you configure expiration period

**AWS Cognito**
* Create a database of users for your mobile and web applications
* Identity for your web and mobile applications users (potentially millions)
* Instead of creating them an IAM user, you create a user in Cognito

**AWS Directory Services**
* Integrate Microsoft Active Directory in AWS

**AWS IAM Identity Center (AWS Single Sign-On)**
* One login for multiple AWS accounts and applications

## 18. OTHER AWS SERVICES SECTION

**AWS WorkSpaces**
* Managed Desktop as a Service (DaaS) solution to easily provision Windows or Linux desktops
* Great to eliminate management of on-premise VDI (Virtual Desktop Infrastructure)

**AWS AppStream 2.0**
* Desktop Application Streaming Service
* The application is delivered from within a web browser

**AWS Sumerian**
* Create and run virtual reality (VR), augmented reality (AR) and 3D applications
* Can be used to quickly create 3D models with animations

**AWS IoT Core (Internet of Things)**
* It allows you to easily connect IoT devices to the AWS Cloud
* Serverless, secure and scalable to billions of devices and trillions of messages

**AWS Elastic Transcoder**
* It's used to convert media files stored in S3 into media files in the formats required by consumer playback devices (phones, etc...)

**AWS AppSync**
* Store and sync data across mobile and web apps in real-time
* Makes use of GraphQL (mobile technology from Facebook)

**AWS Amplify**
* A set of tools and service that helps you develop and deploy scalable full stack web and mobile applications

**AWS Device Farm**
* Fully managed service that tests your web and mobile apps against desktop browsers, real mobile devices and tablets
* Run tests concurrently on multiply devices (speed up execution)

**AWS Backup**
* Fully managed service to centrally manage and automate backups across AWS services
* On-demand and scheduled backups
* Supports PITR (Point in Time Recovery)

**AWS DRS (Elastic Disaster Recovery)**
* Quickly and easily recover your physical, virtual and cloud based servers into AWS

**AWS DataSync**
* Move large amount of data from on-premises to AWS
* Can sync to S3, EFS, FSx for Windows

**AWS Application Discover Service**
* Plan migration projects by gathering infomation about on-premises data centers
* Server utilization data and dependency mapping are important for migration

**AWS MGN (Application Migration Service)**
* Lift and shift solution which semplify migrating applications to AWS
* Converts your physical, virtual and cloud based servers to run natively on AWS

**AWS FIS (Fault Injection Simulator)**
* Fully managed service for running fault injection experiments on AWS workloads
* Based on Chaos Engineering - stressing an application by creating disruptive events (e.g. sudden increase in CPU or memory), observing how the system responds and implementing improvements

**AWS Step Functions**
* Build serverless visual workflow to orchestrate your Lambda functions
* Use cases: order fulfillment, data processing, web apps

**AWS Ground Station**
* Fully managed service that lets you control satellite communications, process data and scale your satellite operations
* Send satellite data to S3 or EC2 instance

**AWS Pinpoint**
* Scalable 2-way (outbound/inbound) marketing communications service

## 19. AWS ARCHITECTING & ECOSYSTEM SECTION

**AWS Best Practices - Design Principles**
* *Scalability*: vertical & horizontal
* *Disposable Resources*: servers should be disposable & easily configured
* *Automation*: serverless, Infrastructure as a Service (IaaS), Auto Scaling
* *Loose Coupling*: 
  * Monolith are applications that do more and more over time, become bigger
  * Break it down into smaller, loosely coupled components
  * A change or a failure in one component should not cascade to other components
* *Services, not Servers*:
  * Don't use just EC2
  * Use managed services, databases, serverless, etc...

**Well Architected Framework - 6 Pillars**
1. *Operational Excellence*
  * Includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures
  * Design Principles:
    * Perform operation as code - Infrastructure as a code
    * Annotate documentation - Automate the creation of annotated documentation after every build
    * Make frequent, small, reversible changes - So that in case of any failure, you can reverse it
    * Refine operations procedures frequently - And ensure that team members are familiar with it
    * Anticipate failure
    * Learn from all operational failures
2. *Security*
  * Includes the ability to protect information, systems and assets, while delivering business value through risk assessments and mitigation strategies
  * Design Principles:
    * Implement a strong identity foundation
    * Enable traceability
    * Apply security at all levels
    * Automate security best practices
    * Protect data in transit and at rest
3. *Reliability*
  * Ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand and mitigate disruptions such as misconfigurations
  * Design Principles:
    * Test recovery procedures
    * Automatically recover from failure
    * Scale horizontally
    * Stop guessing capacity        
4. *Performance Efficienty*
  * Includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve
  * Design Principles
    * Democratize advanced technologies
    * Go global in minutes
    * Use serverless architectures
    * Experiment more often
    * Mechanical sympathy
5. *Cost Optimization*
  * Includes the ability to run systems to deliver business value at the lowest price point
  * Design Principles
    * Adopt a consumption mode - pay only for what you use
    * Measure overall efficiency
    * Stop spending money on data centers operations
    * Analyze and attribute expenditure
    * Use managed and application level services to reduce cost of ownership
6. *Sustainability*
  * The sustainability pillar focuses on minimizing the environmental impacts of running cloud workloads
  * Design Principles
    * Understand your impact
    * Establish sustainability goals
    * Maximize utilization
    * Anticipate and adopt new, more efficient hardware and software offerings
    * Use managed services
    * Reduce the downstream impact of your cloud workloads

**AWS Well-Architected Tool**
* Free tool to review your architectures against the 6 pillars Well-Architected Framework and adopt architectural best practices
* Answer questions and obtain advices

**AWS Right Sizing**
* Right sizing is the process of matching instance types and sizes to your workload performance and capacity requirements at the lowest possible cost
* Scaling up is easy so always start small

**AWS Ecosystem**
* AWS Blogs
* AWS Forums
* AWS Whitepapers & Guides
* AWS Quick Starts
* AWS Solutions

**AWS Marketplace**
* Digital catalog with thousands of software listings from independent software vendors (3rd party)
* E.g. custom AMI, CloudFormation templates, Containers
* You can sell your own solution on the AWS Marketplace

**AWS Training**
* AWS Digital (online) and Classroom Training (in person or virtual)
* AWS Private Training (for your organization)
* Training and Certification for the U.S. Government
* Training and Certification for the Enterprise

**AWS Professional Services & Partner Network**
* The AWS Professional Services organization is a global team of experts, they work alongside your team
* The AWS Partner Network (APN) providing hardware, software, professional services firm to help build on AWS and they can find who can help you learn AWS

**AWS Knowledge Center**
* Contains the most frequent and common questions and requests

**AWS IQ**
* Quickly find professional help for your AWS projects
* Engage and pay AWS Certified 3rd party experts for on-demand project work

**AWS re:Post**
* AWS managed Q&A service offering crowd-sources, expert-reviewed answers to your technical questions about AWS that replaces the original AWS Forums
* Community members can earn reputation points to build up their community expert status by providing accepted answers
* Questions from AWS Premium Support customers that don't receive a response from the community are passed on to AWS Support engineers