This course provides detail on the AWS Management & Governance services relevant to the AWS Certified Developer - Associate exam.
Want more? Try a lab playground or do a Lab Challenge!
Learning Objectives
- Learn how AWS AppConfig can reduce errors in configuration changes and prevent application downtime
- Understand how the AWS Cloud Development Kit (CDK) can be used to model and provision application resources using common programming languages
- Get a high-level understanding of Amazon CloudWatch
- Learn about the features and use cases of the service
- Create your own CloudWatch dashboard to monitor the items that are important to you
- Understand how CloudWatch dashboards can be shared across accounts
- Understand the cost structure of CloudWatch dashboards and the limitations of the service
- Review how monitored metrics go into an ALARM state
- Learn about the challenges of creating CloudWatch Alarms and the benefits of using machine learning in alarm management
- Know how to create a CloudWatch Alarm using Anomaly Detection
- Learn what types of metrics are suitable for use with Anomaly Detection
- Create your own CloudWatch log subscription
- Learn how AWS CloudTrail enables auditing and governance of your AWS account
- Understand how Amazon CloudWatch Logs enables you to monitor and store your system, application, and custom log files
- Explain what AWS CloudFormation is and what it’s used for
- Determine the benefits of AWS CloudFormation
- Understand what each of the core components are and what they are used for
- Create a CloudFormation Stack using an existing AWS template
- Learn what VPC flow logs are and what they are used for
- Determine options for operating programmatically with AWS, including the AWS CLI, APIs, and SDKs
- Learn about the capabilities of AWS Systems Manager for managing applications and infrastructure
- Understand how AWS Secrets Manager can be used to securely encrypt application secrets
When you type in aws configure for the first time, and set your access keys, your region, and output, you’re specifying the configurations for your default profile. This means that for every command you run, it will fall back on this default profile unless you specify a different profile.
Each profile you create can have different credentials associated with them. This is helpful in case your default credentials limit access to certain services or operations. You can then use a different profile with different credentials to perform those actions.
You can create profiles in several different ways. The first way is by running the command aws configure –profile and then provide a profile name. For example, S3User.
It will then ask for credentials, region, and output. I’ll paste in the access key, and then the secret access key.
Next, I’ll choose the region I work out of. For example, I’ll choose us-east-1. And then my preferred output, say JSON. And I’ve successfully created a profile called S3User.
if you don’t want to copy and paste your access keys, you can choose to import them via a CSV file. This is helpful if you want to import a lot of credentials at one time. I’ll show you an example of one of these files. Here I have a file that specifies the name of the profile as the User Name. In this case, I’m calling the profile EC2User. And then I also specify values for my access key and my secret access key, all separated by commas.
Back in the terminal, I can run the command aws configure import —csv and then specify the file by using file://Downloads/ec2user_credentials.csv. This will then import the profile.
To verify that you’ve created the profiles successfully, you can run the command aws configure list-profiles, which shows both my S3User profile and the EC2User profile that I imported from the CSV file.
If I wanted to see all of the credentials for each of my profiles, I can use the command‘cat ~/.aws/credentials’. Here it shows the access keys for not only my default profile, but also my S3User profile, and the EC2User profile as well.
Now let’s actually use one of these profiles. For example, let’s say I want to list all of my S3 buckets, and I know my S3User has permissions to do that. First, I’ll run the command to list all my buckets, which is aws s3 ls. Notice that if I don’t specify a profile, it falls back to using the credentials for my default profile which does not have permission to list s3 buckets, so the command fails.
To get around this, I’ll need to attach the –profile parameter and provide the name of my profile which is called S3User. Let’s go ahead and do that.
Now, this uses the credentials for my S3User profile to run this command instead of my default profile. And in this case, you can see the command has succeeded, and I get a list of my s3 buckets back.
If I didn’t want to keep using the –profile parameter on every command, I could use an environment variable to set the profile. By using the command ‘export AWS_PROFILE=S3User’, I can set the profile for my shell session. That way, I can list buckets, create a bucket, and then delete the bucket all without specifying the –profile parameter.
That’s all for this one - I’ll see you next time!
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.