The AWS Solutions Architect Associate Level Certification
AWS Elastic Compute Cloud
AWS Simple Storage Service
AWS Identity and Access Management
This lecture introduces you to the world of Amazon Web Services (AWS). AWS offers compute and storage resources for you to run your web applications. In addition to these resources, AWS also offers certification for your users to showcase their full knowledge of the AWS services.
You will learn how to navigate the tools dashboard, and come to understand the multiple services including:
- The cornerstone of AWS, Elastic Compute Cloud (EC2), which includes Amazon Machine Images (AMI), instance types, tenancy, user data, and storage options and security
- Storage systems with near-instant access or for long-term archiving
- Access to web content from any part of the AWS network closest to a particular client
- Database applications that are fully compatible with all major SQL standards, as well as noSQL
- Private networks completely shut off from the internet or other VPCs
- Precisely control system access through user and group
- Analytics that provide access to the data pipeline tool allowing for scheduled and controlled moving of data between AWS services
After reviewing these services, you will learn about security group management, load balancers, volumes, and snapshots—everything required to configure and maintain instances.
Finally, you will also learn how to closely track your cost, understanding what your monthly charges are, and where they are being used the most efficiently.
Let's now spend a few minutes on a general overview of the entire Amazon Web Services, AWS, system. Back in 2006 Amazon decided to reallocate some of the excess compute and storage resources left temporarily unused by their retail operation, and make them available for anyone wanting to remotely run their own web applications. In the years since Amazon has added a rich range of Cloud services to their platform making it possible for anyone with internet access to launch and provision just about any network application. This Solutions Architect Certification was created to assure clients that is certified professional administrator is familiar enough with both the full scope of AWS services and with which of them should be use to best serve their project's particular requirements.
Since at the very least the certification requires that you understand the basic function of all AWS services. We should probably start with a brief inventory.
This is a dashboard you'll normally use to access AWS tools. However, realizing that people are going to land on this page with different knowledge, backgrounds and goals, Amazon has given us ultimate views to help open up the system and allow us to do a drill down through various arrangements. The first option will display all services alphabetically in one screen. Below, all AWS services services are organized by general purpose. Let's hover over the compute item. Clicking on EC2 will take you to what can be considered the cornerstone of AWS Cloud.
The Dashboard where you can launch and manage compute instances in create and configure key features like security groups to control both external and internal access to and from each of your instances, volumes for sort storing data and instance images, load balancers to distribute network traffic within multiple instances, key pairs to allow secure access to your instances and autoscaling groups to automatically division higher and lower numbers of instances to meet demand. Lamda is still very new, it's unlikely to play a role in the exam for the foreseeable future.
Storage and content delivery leads the AWS data storage and deployment services. S3, Simple Storage Service provides reasonably inexpensive storage with pretty much instant access. Glacier storage rates are lower than S3's but since access both in and outbound is considerably slower, it's meant more for long term archiving.
CloudFront let's you serve your web content from which ever part of the world wide AWS network is closest to a particular requesting client. Storage gateway enables hybrid data storage solutions, so frequently access data can be kept in your local network and all other data in the much cheaper Amazon Cloud. Database displays links to AWS's database management tools. RDS is a Cloud based relational database application providing full compatibility with all major SQL standards and soon also through Aurora, Amazon's own deeply integrated MySQL compatible SQL application.
DynamoDB is a flexible and efficient noSQL database app. Redshift allows sophisticated computationally intense analytics on huge data sets.
ElastiCache provides a data access and performance through intelligent caching. The networking option shows us VPC Virtual Private Cloud a critically important service from an exam perspective which allows you to create private networks completely shut off from the internet or other VPCs in which to carry out sensitive communications are developed in.
DirectConnect creates dedicated network connection between your local servers and your AWS Cloud resources to increase both security and transfer speeds. And Route53 handles domain configurations for your AWS resources. For our purposes the key services associated with administration and security IAM which lets you precisely control system access through user and group profiles in CloudWatch, AWS's tool for monitoring system events.
Hovering over analytics will provide access to the data pipeline tool that allows for the scheduled and controlled moving of data between AWS services. The application services cluster includes SQS Simple Queue Service for controlling messages sent between application components. SWF Simple Work Flow for programmatic control of application activity and SES Simple Email Service Amazon's industrial strength outgoing email application. Deployment and management includes elastic beanstalk which provides instances with pre-built software stack environments to simplify application deployments and the templates of CloudFormation which create prefabricated instances for common task like LAMP or WordPress server. SNS Simple Notification Service under mobile services makes pushing messages to mobile subscribe as straight forward integrated task.
WorkSpaces and Zocalo from Enterprise Applications are unlikely to show up on this exam. Besides this you must also be familiar with Import/Export allowing the physical movement of data between AWS and your local site, Multi-AZ Deployment for airproof failovers, the Elastic IP to associate instances and other resources with static IP addresses and in general the elements of good Disaster Recovery Preparation. Let's now quickly take another look at compute and move down a level to EC2. We'll click on instances to display the Instances management dashboard where there's currently nothing happening.
From there we can explore security group management, load balancers, volumes and snapshots. In other words everything you will need to properly configure and maintain instances lies at your fingertips through this browser interface. Most AWS services are bound to the Amazon servers in only one geographic region which when used properly can allow for very high levels of fault tolerance and stability.
You can set the region you like to work with at the top right of your dashboard and any services you subsequently launch will launch exclusively into the region that's displayed.
AWS regions are internally isolated from each other, that means that although you can communicate between them over the public internet assuming your security policy is permitted, the built in speed and security of direct internal AWS connections are unavailable. The AWS Dashboard will in most cases display only services associated with the currently active region and the AWS command line can only access the region's resources if that region is specified in its configuration file. External request will often need to identify the resource they're after by adding the regional endpoint. Therefore if I wanted to ping an elastic load balancer from the command line I might use something like this where myname-764077318 is the balancer's name, us-east is its region and 1 is its availability zone.
CloudFront in Route53 make use of geographic edge locations to allow the lowest possible latency levels between your strategically position services and your clients. All amazon resources are either global, regional or associated with an availability zone. This chart displays the region affiliation of EC2 resources.
Note that key pairs are global, AMIs and EBS snapshots are regional and all snapshots can be copied between regions and volumes and instances are tie to specific availability zones. It's worth mentioning that S3 buckets are global. As we mention for some purposes like configuring EC2 instances, availability zones within your current region can be specified. You might in fact want to spread your instances across multiple zones to protect against failures, so that even if one availability zone goes down your servers perhaps running behind the shared load balancer and another zone can pick up at least some of the load. Amazon only bills for the actual resources use.
You can therefore create all the S3 buckets or EC2 security groups you like but you'll only be charge for the data you upload or the instances that you actually run.
You can keep close track to your cost through CloudWatch. Click on billing, then the account billing console link. AWS also provides a very handy cost calculated for estimating the monthly charges associated with possibly usage scenarios. Down the left side of the page or tabs for each of the billable Amazon services. Using the EC2 tab you can add specific services you're considering using by clicking on the tab and adding a new row for instance and another one for EBS volume. Let's say you'd like to try two instances at a 100% usage of the c3.xlarge type running Linux.
The total monthly cost will appear at the top. You can also click on that tab to see a breakdown of your cost. Let's add a role under EBS volumes. We'll go over the single volume of general purpose SSD, 60 gigabytes with say 45 gigabytes of snapshot storage over a month. This assumes you'll use the storage for back up to common usage. Take another look at the total bill, then add 20 gigabytes of Inter-Region Data Transfer Out. Now let's go to S3 and add a hundred gigabytes each of regular storage and reduce redundancy storage. Let's click on the total estimate tab on top and we can see what a useful tool this calculator can be.
David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.
Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.
Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.
His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.