.Now it's time to collect my notes from CBT and move on to the reading portion. Below are some high level notes I've taken:
AWS Infrastructure:
- Uses regions with availability zones, zones are redundant
- Edge Locations are cached Content Delivery Networks (CDNs)
Foundation Services:
- Compute: EC2, LAMDA, Auto-Scaling (Regions)
- Networking: Load-balancing, Route53, VPC (Availability Zones)
- Storage: S3, Block Storage, Glacer, EFS (Edge Locations)
Platform Services:
- Databases: DynamoDB, RDS, Redshift
- Analytics: Kinesis, EMR, Data Pipeline
- Deployment: Elastic Beanstalk, CodeDeploy
- Mobile: Cognito, SNS
Storage Options:
- Instance Store Backed: Physical storage connects directly to instance. Ephemeral so it is not in a permanent location.
- EBS Backed (recommended): Persistent storage using EBS.
Simple Storage Service (S3):
- Account uses bucketes (max 100 buckets)
- Objects are files within buckets (virtually limitless storage)
- Can host static web pages with S3
- Buckets are globally unique names created in a region
- Cannot nest buckets, they can only be Top-level containers
- Objects can be up to 5TB in size
- Bucket+Object+Version maps to unique URL
- Access control can be done at bucket or object level
- Not meant as primary storage for services (i.e. Instances)
- Region specific & supports REST & SOAP
- Server side encryption of data at rest
- Three access controls: IAM, Bucket, and ACLs. You can combine all three methods.
- Standard: most expensive
- Infrequent Access
- Glacier: least expensive
- Reduced Redundancy
- Storage sizes between 1GB - 16TB (1TB for magnetic)
- Can take snapshots into S3 at anytime
- Use for DB's, Applications, & root volumes
- Backups are incremental
- Good for ephemeral temporary storage, is shared between instances
- Similar to a SAN
- Security groups police traffic at instance level
- Network ACLs police traffic at subnet level
- Route tables are similar to VRF's
- Default VPC use subnet 172.31.0.0/16 and IPv6 disabled
- Use NAT Gateway or NAT instance for private to public routing
- Policies are not cumulative, entities give up old permissions when assuming a role
- Three types of policies (Managed, Custom, & Inline)
- Top-level organized into 'Tables'
- Tables contain 'Items'
- Items contain 'Attributes'
- Involves Elastic LB, Cloudwatch (provides info to AS), & Auto Scaling (manages group)
- Auto-Scaling invludes the following:
- Launch Config: Config of EC2 instances to be scaled
- Auto-Scaling group: Defines how much to scale and un-scale
- Scaling life cycle: Defines when to scale out or in, along with hooking events
Elastic Load Balancing (ELB):
- Can load balance across availability zones
- Cross zone load balancing: Allows you to distribute traffic evenly across all zones
- Can be internet facing or internal only
Cloudwatch:
- Has metrics for most AWS products and services
- Can push metrics via REST or CLI
- Can use SNS or Auto-Scaling
CloudFormation:
- Method to create or manage a collection of resources
- Built with JSON or CloudFormer
- Infrastructure as code
- Uses the components called "Resources" and "Parameters"
- GIT is recommended for version control
- Stack will rollback if there's a problem with its config
- Resources are deleted when the stack is deleted
- "WaitCondition" is used to ensure no 'order of operations' issues
