# Introduction
Thoughts etc based on [AWS Cloud Practitioner curriculum](https://www.aws.training/learningobject/curriculum?id=27076)

- certificationWebsite = "https://www.certmetrics.com/amazon/default.aspx"

## Shuold be able to answer
- What is AWS Cloud?
- What is the AWS Cloud global infrastructure?
- What are the key AWS services and their common usecases?
- What are AWS Cloud architectural principles?
- What are the security and compliance principles of AWS?
- What is the shared security model?
- What are the billing and pricing models?
- How does account management work?
- Where are docs and support located?
- What's the AWS value proposition?
- What are the core characteristics of deploying and operating in AWS?

## Content modules
1. AWS Cloud concepts
2. AWS Cloud core services
3. AWS Cloud security
4. AWS Cloud Architecting
5. Pricing and support

# Core services

## Global Infrastructure
- Regions
- Availability zones
- Edge locations

## Virtual Private Cloud

## Security Groups

## Compute
- Servers
- Lambda - event-driven, serverless computing platform
- Lightsail - Virtual Private Server (VPS)
- EC2 containers

## EC2
- Amazon Machine Instance (AMI)
- Instance type = HW
- Default user = ect-user
- In putty: ssh-auth; requires plk in Windows

## AWS Lambda
- nodejs; python; c#; java
- serverless and microservices
- event driven computing
- HTTP requests
- sdk
- Usecases
    + Automated backups
    + Processing data
    + event based log analysis
    + upload to S3
    + serverless websites
    + Kinesis data streams -> lambda -> DynamoDB

## Elastic Beanstalk
- Platform as a service

## Application load balancer

## Elastic load balancer

## Autoscaling
- Use Cloudwatch
- How can I meet fluctuating performance requirements? -- Scalability
- How can I automate EC2 resource provisioning on demand? Automate as much as possible
- Scaling out/in
- What: Launch config
- Where: Auto scaling group
- When: Auto scaling policy

## Elastic Block Store (ELB)
- Use tags for billing
- Mount and unmount in any EC2 instance in same availability zone

## S3
- App assets, static web hosting, backup and disaster recovery
- Staging area for big data

## Glacier
- Cheap
- For low access archival strage

## Relational Database Service (RDS)
- DB instances
- Read replicas

## DynamoDB
- NoSQL DB
- Online analytical processing (OLAP), for answering multi-dimensional analytical queries swiftly in computing

## Redshift
- Data warehouse
- Columnar storage
- Cluster

## Aurora
- MySQL and PostgreSQL-compatible relational database 
- Online transaction processing (OLTP) is where information systems facilitate and manage transaction-oriented applications, typically for data entry and retrieval transaction processing

## Trusted advisor
- Keep track of resources
- Security
- Fault tolerance
- Performance
- Cost optimisation

# AWS Cloud Practitioner Essentials: Core Services

- Compute
- Storage
- Databases
- Networking
- Security

# Security best practices

- Delete AWS root account access keys and use IAM
- Activate multi-factor authentication
- Give IAM users only the permissions they need
- Use IAM groups
- Apply an IAM password policy
- Use roles for applications
- Use roles instead of sharing credentials
- Rotate credentials regularly
- Remove unnecessary users and credentials
- Use policy conditions for extra security
- Monitor activity in your AWS account

# Architecting

## Well architecting framework five pillars
### Operational excellence
    + Perform operations as code
        * Scripted/automation workload and infrastructure
            - Consistent responses to events
        * Automate documentation update process
            - Annotations as input to operations code
        * Frequence, small, reversible changes
        * Refine procedures frequently
        * Anticipate failures and learn from each one
### Security
    + Implement a strong id foundation
        * Principle of least privilege
            - "Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job"
        * Enforce seperation of duties
    + Enable traceability
    + Apply security at all layers -- defence in depth 
        * Edge network, virt. private cloud, subnet, load balancer, every instance, os, and application
    + Automate security best practices
    + Protect data in transit and at rest
        * Classify data into sensitivity levels
        * Reduce human direct access to data to reduce risk of loss
    + Prepare for security events
        * Institute an incident management process
        * Run incidence response simulations
### Reliability
    + Test recovery procedures
        * Test how system fails and recovery procedures
        * Simulate failure pathways
    + Automatically recover from failure 
        * Monitor for KPI trigger automation when threshold is breeched
    + Scale horizontally
        * Replace large resource with multiple small resources to reduce impact on system
        * Distribute requests across multiple smaller resources to ensure they don't share common point of failure
    + Stop guessing at capacity 
        * Monitor demand and use
        * Automate addition and subtraction of resources
    + Manage changes to automation configuration
### Performance Efficiency
    + Democratise advance technologies
        * Develop services for the team to support advanced tech knowledge (e.g. media transcoding and machine learning)
    + Go global quickly
    + Use serverless architectures
        * E.g. storage services can act as static websites, event services can host code
        * Removes operational burden
        * Lower transactional costs
    + Experiment more options
        * Quickly carry out comparative testing with different configurations
    + Mechanical sympathy
        * Best tech for what is trying to be achieved
### Cost Optimization
    + Consumption model
        * Increase or decrease use based on business requirements (e.g. 8hrs of week of compute)
    + Measure overall efficiency
        * Business output of systems vs costs
    + Analyse and attribute IT costs to business owners
    + Use managed services -- lower cost per transactions

## Fault tolerance

- Fault tolerant
    + Remain operational even when some components fail
- High availability
    + Downtime is minimised without human intervantion

### High availability services
- Elastic load balancers
    + Distributes traffic amongst instances
    + Can send metrics to cloudwatch
- Elastic IP addresses
    + Static IP addresses for cloud computing
    + Mask failure by allowing swapping in replacement resources on failure
- Amazon Route 53
    + Authoritative DNS service
- Auto scaling
    + Launches or terminates instances based on specified conditions
- Cloudwatch
    + Managed monitoring service
    + Create and use custom metrics

### Fault tolerant tools
+ Simple queue service
    * Used as backbone of fault tolerant application
    * Ensure queue is always available
+ S3
    * Built in redundancy
+ Simple DB
    * Scalable and highly available
+ RDS
    * Automated backups
    * Snapshots
    * Multi-AZ deployments

## Web hosting

+ Cost effective
    - On demand provisioning
+ Scalable
+ On-demand provisioning on testing/staging
    * Can simulate traffic

### Tools
- Virt. Private Cloud
- Route 53
- CloudFront
- Elastic load balancing
- Firewall/AWS shield
- Auto scaling
- App servers/EC2 instances
- ElstiCache
- RDS/DynamoDB


## Key Architectural Considerations


- No more physical appliances
- Firewalls everywhere
- Consider multiple data centres
    + Easily deply across many for availability and reliability
- Consider host ephemeral and dynamic