Uploaded by Eric Guan-Lin Lee

AWS Cloud Practitioner Essentials

advertisement
AWS Cloud Practitioner
Essentials
Created
@October 14, 2022 4:55 PM
Tags
AWS
Cloud
Last edited time
@November 7, 2022 1:36 AM
Status
Done
Module 2: Compute in the cloud
Amazon EC2
Amazon EC2 instance types
Amazon EC2 pricing
On-Demand
Amazon EC2 Saving Plans
Reserved Instances
Spot Instances
Dedicated Hosts
Auto Scaling
Elastic Load Balancing
Messaging and queuing
Amazon SQS
Amazon Simple Queue Service
AWS Cloud Practitioner Essentials
1
a service that enables you to send, store, and receive messages between
software components through a queue.
Amazon SNS
Amazon Simple Notification Service
Serverless computing
AWS Lambda
Amazon ECS
Amazon EKS
AWS Fargate
serverless compute engine for containers.
Module 3: Global infrastructure and
reliability
Region
Factors
Compliance
Latency
Available services
Pricing
Availability Zones
AWS Cloud Practitioner Essentials
2
Edge locations
Amazon CloudFront
Content Delivery Network
,簡稱CDN
Amazon CloudFront is a content delivery service. It uses a network of edge
locations to cache content and deliver content to customers all over the world.
When content is cached, it is stored locally as a copy. This content might be
video files, photos, webpages, and so on.
Amazon Route 53
, Domain Name System
DNS
Aws Outposts
edge devices
AWS Outposts is a service that enables you to run infrastructure in a hybrid cloud
approach.
How to provision AWS resources
AWS Cloud Practitioner Essentials
3
AWS Elastic Beanstalk
PaaS (platform as a service)
provide code and configuration settings, and Elastic Beanstalk deploys the
resources necessary to perform the following tasks:
Adjust capacity
Load balancing
Automatic scaling
Application health monitoring
AWS CloudFormation
infrastructure as code
AWS CloudFormation provisions your resources in a safe, repeatable
manner, enabling you to frequently build your infrastructure and applications
Module 4: Networking
Amazon Virtual Private Cloud
Amazon VPC
Internet gateway
AWS Cloud Practitioner Essentials
4
IGW
Virtual private gateway
VGW
A virtual private gateway enables you to establish a virtual private network (VPN)
connection between your VPC and a private network, such as an on-premises
data center or internal corporate network. A virtual private gateway allows traffic
into the VPC only if it is coming from an approved network.
AWS Direct Connect
AWS Cloud Practitioner Essentials
5
enables you to establish a dedicated private connection between your data
center and virtual private cloud (VPC)
Network access control list (ACL)
subnet level
Security groups
EC2
Module 5: Storage and Database
AWS Cloud Practitioner Essentials
6
Storage
Instances Store Volume
temporary block-level storage
An instance store is disk storage that is physically attached to the host
computer for an EC2 instance
Amazon EBS
Amazon Elastic Block Store
,外接硬碟
availability zone level resource, volumes do not automatically scale
Snapshots: Incremental backups
Amazon S3
Amazon Simple Storage Service
In object storage, each object consists of data, metadata, and a key.
The data might be an image, video, text document, or any other type of file.
Metadata contains information about what the data is, how it is used, the
object size, and so on. An object’s key is its unique identifier.
Amazon S3 Standard
Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
AWS Cloud Practitioner Essentials
7
Amazon S3 Intelligent-Tiering
Amazon S3 Glacier Instant Retrival
Amazon S3 Glacier Flexible Retrieval
幾分鐘到數⼩時不等的存取時間
Amazon S3 Glacier Deep Archive
最低成本的儲存類別,旨在⻑期保留將保留 7-10 年的資料
12 ⼩時內的擷取時間
Amazon S3 Outposts
Amazon EFS
簡單、無伺服器、⼀勞永逸的彈性檔案系統
Amazon Elastic File System
Linux file system, regional resource, auto-scales
Database
Amazon RDS
Amazon Relational Database Service
Amazon Aurora
Amazon DynamoDB
serverless. DynamoDB table
Amazon Redshift
data warehouse as a service for big data analytics
It offers the ability to collect data from many sources and helps you to
understand relationships and trends across your data.
AWS Database migrate service (DMS)
AWS Cloud Practitioner Essentials
8
enables you to migrate relational databases, nonrelational databases, and
other types of data stores
Additional database services
Module 6: Security
AWS Identity and Access Management (IAM)
IAM users
IAM groups
An IAM group is a collection of IAM users.
Roles
temporary permissions to access
IAM policy
AWS Cloud Practitioner Essentials
9
MFA
Multi-factor authentication
AWS Organizations
Suppose that your company has multiple AWS accounts. You can use AWS
Organizations
to consolidate and manage multiple AWS accounts within a central location.
service control policies (SCPs)
SCPs enable you to place restrictions on the AWS services, resources, and
individual API actions that users and roles in each account can access.
In AWS Organizations, you can apply service control policies (SCPs) to the
organization root, an individual member account, or an OU.
Organizational units
organizational units (OUs)
Hierarchical
垂直 groupings of accounts
AWS Artifact
compliable
AWS Cloud Practitioner Essentials
10
AWS Artifact Agreement
AWS Artifact Reports
third-party auditors
DDoS
Distributed denial-of-service attacks
AWS Security group
AWS Shield
AWS Shield Standard
automatically protects all AWS customers at no cost.
AWS Shield Advanced
A paid service that provides detailed attack diagnostics and the ability to
detect and mitigate sophisticated DDoS attacks
It also integrates with other services such as Amazon CloudFront,
Amazon Route 53, and Elastic Load Balancing
AWS WAF
web application firewall to filter inconing traffic
ML for recognize new threats as they evolve
Additional security services
AWS KMS
AWS Key Management Service (AWS KMS)
加密
encryption
operations through the use of cryptographic keys. A
cryptographic key is a random string of digits used for locking (encrypting)
and unlocking (decrypting) data. You can use AWS KMS to create, manage,
and use cryptographic keys.
AWS WAF
AWS Cloud Practitioner Essentials
11
Web
應⽤程式防⽕牆
can be used to prevent SQL injection attacts
Amazon Inspector
automated security assessments. It checks applications for security
vulnerabilities and deviations from security best practices, such as open
access to Amazon EC2 instances and installations of vulnerable software
versions.
Amazon GuardDuty
AWS Cloud Practitioner Essentials
12
Module 7: Monitoring and Analytics
Amazon CloudWatch
dashboard that enables you to monitor matrics and alarm
Metrics
EC2 count, memery and cpu utilizaion, number of requests to Amazon S3
bucket, etc.
Alarms
automatically perform actions if the value of your metric has gone above or
below a predefined threshold
Dashboard
AWS Cloud Practitioner Essentials
13
AWS CloudTrial
records all API calls. Informations includes the identity of the API caller, the time
of the API call, the source IP address of the API caller, and more.
⽅便審計,證明資料以及應⽤符合Compliance,並且沒有被中途更改過
CloudTrail Insights
optional feature allows CloudTrail to automatically detect unusual API
activities in your AWS account.
AWS Cloud Practitioner Essentials
14
AWS Trusted Advisor
automated advisor
Module 8: Pricing and Support
AWS organizations and consolidate billing
AWS Budgets
AWS Cost Explorer
AWS Cloud Practitioner Essentials
15
AWS Pricing Calculator
AWS Support Plans
AWS Marketplace
AWS Marketplace is a digital catalog that includes thousands of software listings
from independent software vendors. You can use AWS Marketplace to find, test,
and buy software that runs on AWS.
Module 9: Migration and Innovation
AWS CAF
AWS Cloud Adoption Framework (AWS CAF).
Adoption guidelines
AWS Cloud Practitioner Essentials
16
Business Perspective
People Perspective
Governance Perspective
Platform Perspective
Security Perspective
Operations Perspective
Migration strategies
The 6 R’s migration strategies
Rehosting
Rehosting also known as “lift-and-shift” involves moving applications without
changes.
In the scenario of a large legacy migration, in which the company is looking to
implement its migration and scale quickly to meet a business case, the
majority of applications are rehosted.
Replatforming
Replatforming, also known as “lift, tinker, and shift,” involves making a few
cloud optimizations to realize a tangible benefit. Optimization is achieved
without changing the core architecture of the application.
Refactoring/re-architecting
Refactoring (also known as re-architecting) involves reimagining how an
application is architected and developed by using cloud-native features.
Refactoring is driven by a strong business need to add features, scale, or
performance that would otherwise be difficult to achieve in the application’s
existing environment.
Repurchasing
Repurchasing involves moving from a traditional license to a software-as-aservice model.
AWS Cloud Practitioner Essentials
17
For example, a business might choose to implement the repurchasing
strategy by migrating from a customer relationship management (CRM)
system to Salesforce.com.
Retaining
Retaining consists of keeping applications that are critical for the business in
the source environment. This might include applications that require major
refactoring before they can be migrated, or, work that can be postponed until
a later time.
Retiring
Retiring is the process of removing applications that are no longer needed.
AWS data migration solutions
AWS Snowcone
features 2 CPUs, 4 GB of memory, and 8 TB of usable storage
AWS Snowball
Snowball Edge Storage Optimized
80 TB
Snowball Edge Compute Optimized
42-TB
AWS Snowmobile
100 PB
Innovation with AWS
Serverless
applications that don’t require you to provision, maintain, or administer
servers
AWS Cloud Practitioner Essentials
18
Artificial intelligence
Convert speech to text with Amazon Transcribe.
Amazon Textract is a machine learning service that automatically
extracts text and data from scanned documents.
Discover patterns in text with Amazon Comprehend.
Identify potentially fraudulent online activities with Amazon Fraud
Detector.
Build voice and text chatbots with Amazon Lex.
Machine learning
AWS offers Amazon SageMaker to remove the difficult work from the
process and empower you to build, train, and deploy ML models quickly.
AWS DeepRacer is an autonomous 1/18 scale race car that you can use
to test reinforcement learning models.
Module 10: Well-Architected Framework
AWS Cloud Practitioner Essentials
19
Something More
AWS Elastic Beanstalk
AWS Elastic Beanstalk deploys web applications so that you can focus on your
business.
capacity provisioning, load balancing, and auto scaling to application health
monitoring.
AWS CloudFormation
Provision resources by using programming languages or a text file
AWS Cloud Practitioner Essentials
20
Download