AWS Certified SysOps Administrator-Associate

Getting Started

The Basics

By scmGalaxy.com

About Me

DevOps@RajeshKumar.XYZ

At a Glance

at a glance for aws

An infrastructure service for the world

Elastic Computing

Cloud Storage

Security

AWS Certification Tracks

aws certification tracks

Prerequisites

aws for prerequisites

Additional Prerequisites

An Understanding of Cloud Computing
Microsoft / Linux Essentials
Networking Essentials
Working Knowledge of Virtualization
Storage Fundamentals

Strategy for Success!

aws for strategy for success

Summary

Course at a glance
AWS Certifications
Prerequisites
Strategy for success

Understanding Virtual Networking on AWS

What Is Virtual Private Cloud (VPC)?

Logically isolated network in the AWS cloud
Control of network architecture
Enhanced security
Internetwork with other organizations
Elastic IP Address (public IPs)
Enable hybrid cloud (site-to-site VPN)
Single tenant dedicated server hardware
VPC cost = $0 / VPN cost is $0.05/hr

AWS Reference Model

aws reference model

aws vpc subnet

vpc for aws

IP Address Blocks

AWS reserves 5 addresses per subnet
Single Region, multi-AZ
CIDR 16 –28
Select IP prefix

VPC Access

Gateway

Internet Gateway (IGW)
- - Ingress and egress
Virtual Private Gateway (VPG)
- - AWS side of secure VPN
Customer Gateway (CG)
- - Customer side of secure VPN

VPN

Direct Connect
- - Dedicated and isolated
- - No internet
- - HA connectivity supported
Hardware-based VPN
- - On-premises to AWS over internet
- - HA connectivity supported
- - 3rd party brands supported

VPC Security

Security Groups

Resource level traffic firewall
- - Instance, ELB, etc…
Ingress and Egress
Stateful
- - Return traffic allowed

Access Control Lists

Source and Protocol filtering
Subnet level traffic firewall
- - Separate inbound and outbound rule set
Stateless
- - Traffic strictly filtered

VPC Peering

vpc peering for aws

VPC Peering

Inter-VPC routing
Same or different AWS account
No overlapping network addresses

Wizard-driven VPC Setup

Wizard-driven VPC Setup for aws

Summary

- What Is VPC?
- VPC Access
- VPC Security
- VPC Peering
- VPC Setup

In-Depth VPC Configuration

VPC manual Configuration

Summary

VPC Manual Configuration

Working with Security Groups and NACLs

Layered Security

layered security for aws

Security Groups and NACLsy

Security Groups

Resource level traffic firewall
- - Instance, ELB, etc…
Ingress and Egress
Stateful
- - Return traffic allowed

Network Access Control Lists

Subnet level traffic firewall
- - Separate inbound and outbound rule set
Source and Protocol filtering
Stateless
- - Traffic strictly filtered

Security Groups and NACLsy

security groups andnacls for aws

Understanding Security Groups

Resource level traffic firewall
SG maximums:
- - Up to 100 security groups per VPC
- - Up to 50 lines in each SG
- - Up to 5 SG per instance
Instances can’t communicate unless allowed
Default SG allows communications from other instances in the same SG
Destination port filtering only (no source port filtering)

Understanding Security Groups

understanding security groups for aws

Security Groups and NACLs

Security Groups and NACLs of aws

Security Groups and NACLs

Deny all inbound until allow
Allow rules only
Allow all outbound until allow
SGs are Stateful -return traffic allowed

Default rule: deny all
Can have permit and deny rules
One NACL per subnet
NACLs are stateless -Traffic strictly filtered

Understanding Network Access Control Lists (NACLs)

understanding network access control lists for aws

Subnet level traffic firewall
Are a list of rules
- Lower numbers are processed first
- Stop on first match
Separate inbound / outbound rules

Summary

Understanding Security Groups
Understanding NACLs

Understanding and Configuring VPC Access

AWS VPC Access

aws vpc access

VPN Types

aws of vpc types

AWS VPC Access

aws vpc access internate

AWS Direct Connect

aws direct connect

AWS Direct Connect

aws direct connect internate

Configuring VPN

AWS Management Console

VPC Peering

aws of vpc peering

VPC Peering

Inter-VPC routing
Same or different AWS account
No overlapping network addresses

Summary

VPN Types
AWS VPC Access
Configuring VPN

EC2 Instance Types

EC2 Instance Types

aws of ec2 instance types

On-Demand Instances

The default type
The most expensive option
No commitment
Prices vary by AWS Region
Billed on an hourly basis

Reserved Instances (RI)

reserved instances for aws

Less expensive
Requires a commitment (1 or 3 years)
Reserved capacity
Lower hourly rate
RI can be sold on the AWS Marketplace
You commit to utilization

Spot Instances

Unused AWS capacity
Very cheap hourly rate
Not guaranteed
Based on a bid
Ideal for raw processing power, grid-like applications
Highly scriptable

EC2 Instance Family

Micro instances		General purpose		Compute optimized
GPU instances		Memory optimized		Storage optimized

Summary

EC2 Instance Types
EC2 Instance Family

Working with Elastic Block Storage

Storage Types

aws for Storage types

Pluralsight course:

Amazon Web Services (AWS) Fundamentals for System Administrators

Elastic Block Storage Characteristics

Billed on storage capacity and I/O
Does not need to be attached to an instance
Can be transferred between AZ
EBS volumes are designed for an annual failure rate (AFR) of between 0.1% -0.2%
EBS volume data is replicated across multiple servers in an Availability Zone
SLA 99.95%

EBS Volume Types

aws for ebs volume types

Amazon EBS Volume Types:

http://aws.amazon.com/ebs/details/

Increasing IOPS Performance

increasing iops performance raid for aws

Multiple stripped gp2 or standard volumes (typically RAID 0)
Multiple striped PIOPS volumes (typically RAID 0)
Function of the guest OS

EBS–Optimized Instances

Dedicated capacity for Amazon EBS I/O
500 Mbps –4,000 Mbps
- http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html
GP-SSD within 10% of baseline and burst performance 99.9% of the time
PIOPS within 10% of provisioned performance 99.9% of the time
EBS-optimized instances are designed for use with all EBS volume types
Additional hourly fee
- - Amazon EC2 pricing page
  http://aws.amazon.com/ec2/pricing/#EBS-Optimized_Instances

Summary

Storage Types
EBS Characteristics
EBS Volume Types
Increasing IOPS Performance
EBS-Optimized Instances

EBS Snapshots and Replication

EBS Snapshots Characteristics

Point-in-time snapshots
Supports incremental snapshots
Billed only for the changed blocks
Deleting a snapshot removes only the data not needed by any other snapshot
EBS leverages S3 for snapshot storage

EBS Snapshots Features

Resizing EBS volumes
Sharing EBS Snapshots
Copying EBS Snapshots across regions
Lazy loading

Pre-Warming EBS Volumes

Pre-Warming on Windows:
- - Format the drive (new volume)
- - Use dd for Windows (drive with data)
- - http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ebs-prewarm.htm
Pre-Warming on Linux:
- - Use dd to write or read
- - http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-prewarm.html

Summary

EBS Snapshots Characteristics
EBS Snapshots Features
Pre-Warming EBS Volumes

Working with Amazon S3

Amazon S3 Characteristics

amazon s3 for aws

It’s not a file system
AWS Region-level storage
Support REST and SOAP APIs
Globally unique S3 bucket names
Server-side encryption of data at rest

Two Types of S3 Storage

two types of s3 storage for aws

Standard storage
- -99.999999999% durability
- - 99.99% availability
Reduced Redundancy Storage (RRS)
- - 99.99% durability (average annual expected loss of 0.01% of objects)
- -99.99% availability

Amazon S3 Replication

amazon s3 replication for aws

S3 stores data in multiple facilities and on multiple devices within each facility
RRS Amazon S3 does not replicate objects as many times as standard Amazon S3
Synchronously stores data across multiple facilities before confirming that the data has been successfully stored
Calculates checksums on all network traffic to detect corruption of data packets

Amazon S3 Features

Versioning
Cross-region replication (CRR)
MFA delete (via API)
Time-limited access to objects
Audit logs
Event notifications
Data lifecycle management
Permissions

Amazon S3 Security

IAM policies
- - User-level security
- - Granular security configuration
Bucket policies
- - Bucket-level security
ACLs
- - Legacy access control mechanism
- - Bucket and object-level security
Query string authentication (Presigned URLs)
- - Grant temporary access to your Amazon S3 resources

Summary

Amazon S3 characteristics
Amazon S3 replication
Amazon S3 features
Amazon S3 security

Amazon S3 Website Hosting

Static Website Hosting

amazon s3 for aws

Host a static website
Associate your domain with your S3 website
- - Route 53
- - Your DNS hosting provider
Accelerate your S3 website
- - Content Delivery Network (CDN)

Summary

Static Website Hosting

Configuring Elastic Load Balancer (ELB)

ELB Characteristics

Region wide load balancer
Can be used internally or externally
SSL termination and processing
Cookie-based sticky session
Integrates with Auto Scaling
ELB EC2 health checks / Amazon Cloud Watch
Integrates with Route 53

aws cloud

aws of cloud

aws of availability

aws of region

Summary

ELB Characteristics
Configuring ELB

Configuring Auto Scaling

Auto Scaling Features

Auto Scaling Features for aws

Auto Scaling for aws

Auto Scaling Components

Auto Scaling components for aws

Summary

Auto Scaling Features
Auto Scaling Components
Configuring Auto Scaling

Understanding AWS Networking, CloudWatch and Auto Scaling

Route 53

DNS is crucial for any environment
Worldwide distributed DNS
Route 53 has a 100% SLA uptime
Route 53 API
Server health checks

Summary

Route 53

Working with Identity and Access Management (lAM)

Identity and Access Management (lAM)

aws for identity and access management (lam)

Users, Groups, Roles, and Policies

Users			Groups
Roles			Policies

Summary

Identity and Access Management (lAM)

Monitoring with Amazon CloudWatch and Trusted Advisor

Amazon CloudWatch Characteristics

Monitoring services for AWS cloud resources
Collect and track metrics / custom metrics
Collect and monitor logs
Set alarms
- - Billing
- - EC2
- - Databases (RDS, DynamoDB)
- - EBS

Trusted Advisor

Automated AWS account audits
- - Cost
- - Performance
- - Security
- - Fault Tolerance
Paid version expands number of areas audited

Summary

Amazon CloudWatch Characteristics

RDS HA and Load Sharing

RDS Characteristics

rds characteristics for aws

Database engine managed by AWS
MySQL, Oracle, Microsoft SQL,PostgreSQL, or Amazon Aurora
Multi-AZ deployment options
On-demand and reserved instance pricing
Magnetic, GP-SSD, or PIOPS

Multi-AZ Failover

Multi-AZ RDS deployment designed for HA
Synchronous replica in secondary AZ
Standby replica RDS instance is invisible
DB snapshots always taken against standby instance
AWS automatically adjusts DNS record when needed
Multi-AZ is different from an RDS read replica

synchronous for aws

synchronous of aws

aws for Synchronous

RDS Read Replicas

rds read replicas for aws

Read replicas designed for workload sharing / offloading
Created from a snapshot of the master instance
Asynchronous replication / Read-only connections
Read-only disaster recovery

Summary

RDS characteristics
Multi-AZ failover
RDS read replicas

Understanding Backup Options

EBS Backup

Point-in-time snapshots to S3
Snapshots can be used to:
- - Resize
- - Copy
- - Share
Deleting snapshots only removes the data not needed by another snapshot
Additional backup options:
- - VPN / Direct Connect
- - Agent-based backup

S3 Backup

99.999999999 durability
Versioning
Glacier

RDS Backup

Automated backup / maintenance:
- - Select backup/maintenance window
DB Snapshot-based backup

Summary

EBS Backup
53 Backup
RDS Backup

Questions?

docker-questions

Thanks for You!