Automating with AWS


Course Introduction
RDS vs. EC2
RDS vs. EC2
DynamoDB Accelerator

The course is part of this learning path

Start course
4h 21m

This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the AWS database services relevant to the SAP-C02 exam. We then understand the service options available and learn how to select and apply AWS database services to meet specific design scenarios relevant to the AWS Certified Solutions Architect - Professional exam. 

Want more? Try a Lab Playground or do a Lab Challenge

Learning Objectives

  • Understand the various database services that can be used when building cloud solutions on AWS
  • Learn how to build databases using Amazon RDS, DynamoDB, Redshift, DocumentDB, Keyspaces, and QLDB
  • Learn how to create ElastiCache and Neptune clusters
  • Understand which AWS database service to choose based on your requirements
  • Discover how to use automation to deploy databases in AWS
  • Learn about data lakes and how to build a data lake in AWS

AWS CloudFormation is an automation tool that helps deploy your AWS cloud resources by using a common language like JSON or YAML to describe your architecture. This provides a method to create reusable gold standard templates for common pieces of your environment.

These repeatable templates help to prevent problems associated with manual entry and ad hoc deployments. By creating cloud formation templates, you give yourself the power to document, index, version control, and manage your architecture just like code.

This includes the ability to peer review entire architectures for faults, and implement security audits that detect vulnerabilities just by sending a text file to the appropriate person. That's particularly hard to do in the on premises environment.

In case you have never seen a CloudFormation template here is a very simple example.

Here we are creating an AWS resource called “MyS3Bucket” that is of type- S3 bucket.  If we were to run this through CloudFormation, it would try to create an S3 bucket in whatever region you were currently selected in. As long as the name is available, Cloudformation will go ahead with creation, and fairly quickly you would have your brand new resource created automatically for you.

You can of course create far more complicated templates that build enterprise-level architectures all in one document. However, ideas such as encapsulation and segmentation of your architecture are still important, especially if you move forward with a microservice-based implementation. 

Now let's take a look at a more relevant example where we can deploy an RDS database using CloudFormation. 

As you can see here, there is a little bit more going on than in the previous template.

This CloudFormation template describes a very simple RDS database that allocates 20 gbs for storage, uses a t2.micro instance for the compute, and is running MySQL. 

Now those of you who are more security minded will have noticed a plain text Master user name and password. Leaving this kind of information within a CloudFormation template, or any code for that matter could lead to security breaches and loss of confidential information.

There are a few ways to get around this problem. One of the more common methods is to declare that section as a parameter, where the user will have to enter that information upon the creation of the CloudFormation stack. 

This removes the issue of having a plain text password within the document, but still puts some burden on the user to manually enter one more thing and to remember yet another password and username.

I think it would be super helpful to have the whole password and username business completely automated; Allowing us to remove the extra dependency of the human element out of the equation altogether. 

To accomplish this task, let's take a look at another service called AWS Secrets Manager. Where we will have the power to remove the hardcoded username and password from our CloudFormation template.


Course Introduction - Why Automate? - Keeping Your Environment Secure with AWS Secrets Manager - Creating a Secret - Putting It All Together - Wrap Up

About the Author
Learning Paths

Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.