Notes

Some Pointers to start:

1Cost Explorer

2Kubernetes deployment

3IAM, Security Groups

4Route 53

5CloudFront.

6-S3

7RDS, DynamoDB

8SNS,SQS

9EC2, AMI

10Load Balancer

11 VPC

12Do's and Dont's of using Cloud

13Best Practices in Cloud

14Cloud Data Life Cycle

15AWS storage services based on cost-benefit analysis.

16Best practises to deploy applications using AWS.

1-On the Cost Explorer dashboard, Cost Explorer shows your estimated costs for the month to date, your forecasted costs for the month, a graph of your daily costs, your five top cost trends, and a list of reports that you recently viewed.

All costs reflect your usage up to the previous day. For example, if today is December 2, the data includes your usage through December 1.

Navigation cost explorer

You can use the icons in the left pane to do the following:

Go to the main Cost Explorer dashboard- See a list of the default Cost Explorer reports-See a list of your saved report-See information about your reservation -See your reservation recommendations



Your Cost Explorer costs

At the top of the Cost Explorer page are the Month-to-date costs and Forecasted month end costs. The Month-to-date costs shows how much you're estimated to have incurred in charges so far this month and compares it to this time last month. The Forecasted month end costs shows how much Cost Explorer estimates that you will owe at the end of the month and compares your estimated costs to your actual costs of the previous month. The Month-to-date costs and the Forecasted month end costs don't include refunds.

The costs for Cost Explorer are only shown in US dollars.



Your Cost Explorer trends

In the this month trends section, Cost Explorer shows your top cost trends. For example, your costs related to a specific service have gone up, or your costs from a specific type of RI have gone up. To see all of your costs trends, choose View all trends in the upper-right corner of the trend section.

To understand a trend in more depth, choose it. You're taken to a Cost Explorer chart that shows the costs that went into calculating that trend.



2-This tutorial shows you how to deploy a containerized application onto a Kubernetes cluster managed by Amazon Elastic Container Service for Kubernetes (Amazon EKS).

Amazon EKS is a fully managed service that makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS. Amazon EKS runs the Kubernetes control plane for you across multiple AWS availability zones to eliminate a single point of failure. Amazon EKS is certified Kubernetes conformant so you can use existing tooling and plugins from partners and the Kubernetes community.



In this tutorial, you will use Amazon EKS to deploy a highly available Kubernetes control plane. You will then configure 'kubectl', an open source command line tool to interact with your Kubernetes infrastructure. Using AWS CloudFormation, you will launch a cluster of worker nodes on Amazon EC2, then launch a containerized guest book application onto your cluster.







3-An IAM user group is a collection of IAM users. User groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a user group called Admins and give that user group typical administrator permissions. Any user in that user group automatically has Admins group permissions. If a new user joins your organization and needs administrator privileges you can assign the appropriate permissions by adding the user to the Admins user group. If a person changes jobs in your organization, instead of editing that user's permissions you can remove them from the old user groups and add them to the appropriate new user groups.

You can attach an identity-based policy to a user group so that all of the users in the user group receive the policy's permissions. You cannot identify a user group as a Principal in a policy (such as a resource-based policy) because groups relate to permissions, not authentication, and principals are authenticated IAM entities.

4-Amazon Route 53 is a highly available and scalable DNS web service. Route 53 connects user requests to internet applications running on AWS or on-premises.



Route 53 Resolver

Get recursive DNS for your Amazon VPC and on-premises networks. Create conditional forwarding rules and DNS endpoints to resolve custom names mastered in Amazon Route 53 private hosted zones or in your on-premises DNS servers.





Route 53 Resolver DNS Firewall

Protect your recursive DNS queries within the Route 53 Resolver. Create domain lists and build firewall rules that filter outbound DNS traffic against these rules.





Route 53 Application Recovery Controller: Readiness Check

Ensure that your resources across Availability Zones or Regions are continually audited for recovery readiness.





Route 53 Application Recovery Controller: Routing Control

Use simple on/off switches, integrated with DNS records of your top-level resources, to failover traffic.





Route 53 Application Recovery Controller: Safety Rules

Make sure that specific rules are followed during failover to protect automated recovery actions from impairing availability.





Traffic flow

Easy-to-use and cost-effective global traffic management: route end users to the best endpoint for your application based on geoproximity, latency, health, and other considerations.





Latency based routing

Route end users to the AWS region that provides the lowest possible latency.





IP-based routing

Fine-tune your DNS routing approach based on the Classless Inter-Domain Routing (CIDR) block that the query-originating IP address belongs to.





Geo DNS

Route end users to a particular endpoint that you specify based on the end user’s geographic location.





Private DNS for Amazon VPC

Manage custom domain names for your internal AWS resources without exposing DNS data to the public Internet.





DNS Failover

Automatically route your website visitors to an alternate location to avoid site outages.





Health Checks and Monitoring

Amazon Route 53 can monitor the health and performance of your application as well as your web servers and other resources.

5-AWS CloudFront is a globally-distributed network offered by Amazon Web Services, which securely transfers content such as software, SDKs, videos, etc., to the clients, with high transfer speed.

Benefits-



Amazon CloudFront offers programmable and secure edge CDN computing capabilities through CloudFront Functions and AWS Lambda@Edge. CloudFront Functions is ideal for high scale and latency sensitive operations like HTTP header manipulations, URL rewrites/redirects, and cache-key normalizations.



The two main components of AWS Cloudfront are content delivery and dynamic content caching.

Why we use it-



While Amazon Cloudfront is a content delivery network (CDN), designed to work with Amazon S3 origins to decrease latency and improve user experience by serving content faster and through the encrypted connection.

6—S3-Amazon Simple Storage Service (Amazon S3) is an object storage service offering industry-leading scalability, data availability, security, and performance. Customers of all sizes and industries can store and protect any amount of data for virtually any use case, such as data lakes, cloud-native applications, and mobile apps. With cost-effective storage classes and easy-to-use management features, you can optimize costs, organize data, and configure fine-tuned access controls to meet specific business, organizational, and compliance requirements.



What can S3 buckets store?





S3 is capable of storing diverse and generally unstructured data, but it's also suited for hierarchical data and all kinds of structured information. Features such as metadata support, prefixes, and object tags allow users to organize data according to their needs.

7–Amazon Relational Database Services (RDS) is a relational database. At the same time, Amazon Dynamo Database (DynamoDB) is a fully managed NoSQL Database, all offered by Amazon Web Services (AWS). . Type of database

NoSQL vs SQL databases

SQL databases are relational databases that use structured query language for storing and retrieving data. NoSQL databases are non-relational databases that use various means for storing data.

SQL databases are relational databases that store data in table format. NoSQL databases are non-relational databases that store data in various formats, including JSON, XML, and Binaries.

SQL databases are based on the relational model, which organizes data into tables with rows and columns. NoSQL databases are based on the non-relational or ” NoSQL ” model, which stores data in documents with keys and values.

2. Amazon RDS vs DynamoDB features

Amazon RDS features

Amazon RDS supports multiple database engines, including MySQL, MariaDB, Oracle, Microsoft SQL Server, and PostgreSQL.-

Amazon RDS allows you to scale your database instances’ storage size and performance.

Amazon RDS makes it easy to set up, operate, and scale a relational database in the cloud.

Amazon RDS provides a cost-effective way to manage relational databases in the cloud.

DynamoDB features

Primarily, DynamoDB features flexibility, scalability, and performance.

It offers high availability out of the box with no need for setup or configuration.

DynamoDB automatically replicates your data across multiple Availability Zones within a Region to give you fault tolerance and high availability.

8-The amazon sample queue service (SQS) and the Amazon (SNS) are important “glue” components for scalable, cloud-based applications (see the Reference Architectures in the AWS to learn more about how to put them to use in your own applications).

One common design pattern is called “fanout.” In this pattern, a message published to an SNS topic is distributed to a number of SQS queues in parallel. By using this pattern, you can build applications that take advantage parallel, asynchronous processing. For example, you could publish a message to a topic every time a new image is uploaded. Independent processes, each reading from a separate SQS queue, could generate thumbnails, perform image recognition, and store metadata about the image:

9- EC2-Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Amazon EC2's simple web service interface allows you to obtain and configure capacity with minimal friction.



this step you will create a new Amazon EC2 instance running Amazon Linux 2, and configure it to automatically mount the EFS file system you just created in

1.Before you can launch and connect to an Amazon EC2 instance, you need to create a key pair, unless you already have one. You can create a key pair using the Amazon EC2 console, and then you can launch your EC2 instance.

To create a key pair

the Amazon EC2 User Guide for Linux Instances to create a key pair. If you already have a key pair, you don't need to create a new one. You can use your existing key pair for this exercise.

To launch the EC2 instance and mount an EFS file system

Open the Amazon EC2 console
Choose Launch Instance.
In Step 1: Choose an Amazon Machine Image (AMI), find an Amazon Linux 2 AMI at the top of the list and choose Select.
In Step 2: Choose an Instance Type, choose Next: Configure Instance Details.
In Step 3: Configure Instance Details, provide the following information:
Leave Number of instances at one.

Leave Purchasing option at the default setting.

For Network, choose the entry for the same VPC that you noted when you created your EFS file system

For Subnet, choose a default subnet in any Availability Zone.

For File systems, make sure that the EFS file system that you created is selected. The path shown next to the file system ID is the mount point that the EC2 instance will use, which you can change..

The User data automatically includes the commands for mounting your Amazon EFS file system.

Choose Next: Add Storage.
Choose Next: Add Tags.
Name your instance and choose Next: Configure Security Group.
In Step 6: Configure Security Group, set Assign a security group to Select an existing security group. Choose the default security group to make sure that it can access your EFS file system.
Choose Review and Launch.
Choose Launch.
Select the check box for the key pair that you created, and then choose Launch Instances.
Once the EC2 instance is created and becomes available, it will be mounted to your EFS file system. At this point, you will be able to transfer files to your EFS file system.
AMI-An Amazon Machine Image (AMI) is a master image for the creation of virtual servers -- known as EC2 instances -- in the Amazon Web Services (AWS) environment. The machine images are like templates that are configured with an operating system and other software that determine the user's operating environment.

10-load balancer-Elastic Load Balancing automatically distributes your incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones. It monitors the health of its registered targets, and routes traffic only to the healthy targets. Elastic Load Balancing scales your load balancer as your incoming traffic changes over time. It can automatically scale to the vast majority of workloads.

Elastic Load Balancing supports the following load balancers: Application Load Balancers, Network Load Balancers, Gateway Load Balancers, and Classic Load Balancers. You can select the type of load balancer that best suits your needs. This guide discusses Application Load Balancers. For more information about the other load balancers,

11 VPC-With Amazon Virtual Private Cloud (Amazon VPC), you can launch AWS resources in a logically isolated virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

The following diagram shows an example VPC. The VPC has one subnet in each of the Availability Zones in the Region, EC2 instances in each subnet, and an internet gateway to allow communication between the resources in your VPC and the internet.

12- do and dont of cloud—



Dos and Don'ts for Cloud Computing in Business

Do test pain points and limitations.

Do prioritize security.

Don't move everything onto the cloud.

Do go with a credible cloud provider.

Don't store all of your data in one place.

Do analyze different cloud computational models.

Do prioritize infrastructure governance.

13

Best practices in cloud-



Cloud Best Practices

With the cloud offering so many benefits, it is natural for you to want to embrace the cloud right away. But is your organization ready for successful cloud implementation? Choosing to implement the cloud for your business is a game-changing move and that’s why best practices related to implementation should not be taken lightly. That said, here are 10 cloud best practices for a successful cloud implementation:

1. Start With an End-to-End Assessment

The first step towards a successful cloud implementation is assessment. Understanding where you are today and where you want to reach through the cloud is critical. Start with assessing your current environment and envisioning the future state; identify organizational readiness, risks, opportunities, and costs with moving to the cloud.

2. Adopt a Cloud-Based-as-a-Service Business Model

With cloud paving the way for an effective as-a-service model, it makes sense to begin your cloud journey by implementing and leveraging business applications as a service – to drive growth. Through the as-a-service model, you can use cloud resources based on your needs and accelerate the use of as-a-service, as your needs grow in the future.

3. Devise an All-Encompassing Adoption Strategy

Devising a robust cloud adoption strategy can aid in a faster implementation with less risk. To build a comprehensive approach to cloud computing across your organization, consider the various aspects that will be impacted by the adoption: namely your business, your people, the governance strategy, security and platform considerations as well as day-to-day operations.

4. Educate and Train Resources as Early as Possible

The success or failure of your cloud implementation also depends on how well-educated your users are. Since it is these users who will be performing day-to-day tasks using the cloud, it is essential you provide them with in-depth training. This is not only to ensure they understand the importance and benefits of cloud adoption but also to reduce potential cloud adoption barriers.

5. Choose the Right Model

Successful cloud implementation also requires you to choose a cloud model that’s right for your business. Given the various models available, it is critical you understand the need and approach for each and select one that best fits your needs. For example, with IaaS, you can get access to virtualized computing resources over the internet. With PaaS, you can have a third-party provider deliver hardware and software tools for application development. And with SaaS, you can access software online via a subscription, rather than buy and install it on individual computers.

14-The data lifecycle is the sequence of stages that a particular unit of data goes through, from its initial generation or capture to its eventual archival and/or deletion at the end of its useful life



The 5 Stages of Data LifeCycle Management. ...

1.Data Creation. ...

Storage. ...
Usage. ...
Archival. ...
5.Destruction.

15-On-premises storage can be costly and complex, with expensive hardware refresh cycles, and data migrations due to system upgrades. It is also difficult to gain insights because your data is in silos from multiple storage systems.

With cloud storage, you adjust on the fly and use what storage you need now, and not get locked into another hardware refresh. Moving to Amazon S3 keeps you agile and reduces costs by eliminating over-provisioning, and provides unlimited scale, while also tearing down data silos to gain insights from data.

Lower your storage costs without sacrificing performance with Amazon S3. Amazon S3 lets you take control of costs and continuously optimize your spend, while building modern, scalable applications. Amazon S3 Storage Classes offer the flexibility to manage your costs, or have it automated for you, by providing different data access levels at corresponding costs, including the lowest cost cloud storage.

16-Best practices for developing and deploying cloud infrastructure with the AWS CDK





Rss

Pdf



With the AWS CDK, developers or administrators can define their cloud infrastructure by using a supported programming language. CDK applications should be organized into logical units, such as API, database, and monitoring resources, and optionally have a pipeline for automated deployments. The logical units should be implemented as constructs including the following:

Infrastructure (such as Amazon S3 buckets, Amazon RDS databases, or an Amazon VPC network)
Runtime code (such as AWS Lambda functions)
Configuration code
Stacks define the deployment model of these logical units. For a more detailed introduction to the concepts behind the CDK

The AWS CDK reflects careful consideration of the needs of our customers and internal teams and of the failure patterns that often arise during the deployment and ongoing maintenance of complex cloud applications. We discovered that failures are often related to "out-of-band" changes to an application that aren't fully tested, such as configuration changes. Therefore, we developed the AWS CDK around a model in which your entire application is defined in code, not only business logic but also infrastructure and configuration. That way, proposed changes can be carefully reviewed, comprehensively tested in environments resembling production to varying degrees, and fully rolled back if something goes wrong.