You will start by creating and managing users, groups, and permissions. You will then also learn to effectively monitor your AWS environment while working with AWS storage. The course will help you understand and build AWS networking solutions and also apply and implement the right compute option to meet your organization’s needs. Next, you'll be introduced to the serverless architectures and then you'll delve into design considerations, followed by building a serverless application and deploying it on your serverless architecture. We'll cover practical examples of deploying and orchestrating a serverless application using DynamoDB, AWS Lambda, and API Gateway. Towards the end, we will learn about some security considerations in protecting your serverless application.
What am I going to get from this course?
- Get to grips with Identity and Access Management an know how to create users, groups, and roles
- Use Cloud Watch to monitor default and custom key performance metrics
- Understand how to log access and configuration changes for AWS deployments
- Deploy and update your infrastructure and applications in AWS
- Discover techniques to keep your data and applications secure using the newest services from AWS
- Understand the serverless concept, its benefits and challenges
- Design and build an application based on AWS serverless services
- Discover AWS serverless services and their various roles
- Explore the AWS Lambda function in depth
- Understand interconnections between the AWS serverless and microservice concepts
- Monitor and trace serverless applications
Prerequisites and Target Audience
What will students need to know or do before starting this course?
Some knowledge of AWS cloud concepts would be helpful. A basic knowledge of AWS is recommended.
Who should take this course? Who should not?
This course is for administrators, Cloud and DevOps Engineers who are taking the first step towards managing and administering AWS-based deployments. Those preparing for the AWS Certified SysOps Administrator course will also find it useful. This course is targeted at application developers, cloud architects, and engineers.
Module 1: AWS for Administrators
The Course Overview
This video provides an overview of the entire course.
Opening an AWS Account
In order to follow along with the on-screen examples, you should open a free AWS Account. Let's see how to do that.
Browse to aws.amazon.com
Enter your personal and payment information
Verify your identity and choose a support plan
For the first year of your AWS Account, there are many things you can do for free. We will discuss what these are and how to avoid accruing any charges.
Check what is free for the first year
Avoid monthly charges during your first year
Know what you can always get for free on AWS
AWS Command Line Tools
The aim of this video is to discuss the installation of command-line interface on Windows, Linux, and Mac machines and verify that the installation is proper.
Install the Command-Line Interface
Perform a test to verify that the installation of command line interface is proper
The Management Console
The AWS Management Console is the easiest way to launch AWS services. In this video, we will show you how to navigate the console, access your billing information, and switch regions.
Learn how to log in to the management console
Know how to locate the various features and services that AWS provides
Understand how to switch regions and how the console changes when you switch
The Master Account
A new AWS account comes with a default Master User. This user has full privileges for all AWS services and cannot be revoked without deleting the entire account. The best way to keep an AWS account from getting compromised is by limiting its use.
Do not use the Master User Account except to access Billing
Enable multi-factor authentication to require a one-time password for logins
Delete access keys that belong to the master user
Identity and Access Management
Unless you have only one person who needs AWS access in your organization, you will need to grant privileges to others to use your AWS Account. AWS provides the Identity and Access Management Service (IAM) to allow you to create Users and Groups and assign permissions to them.
Create a permissions policy or use one managed by AWS
Create IAM users and optionally assign them to groups
Associate permissions policies to users and groups to grant or deny access
Using the AWS CLI
Although AWS provides a simple web interface for interacting with their services, many administrators prefer to work from the command line. Also, with the availability of a Command-Line Interface, you can create simple BASH or Shell scripts for automating common administration tasks.
IAM credentials are required to sign AWS API requests and can be easily configured
The AWS CLI provides a more robust selection of actions than the Management Console
Shell scripts using the AWS CLI can automate common administration tasks
Sometimes you may need to give an IAM user temporary access to resources in your account. IAM roles can provide other users, even in other AWS accounts, temporary access.
Create a role and assign a permissions policy
Identity the users who can use this role in the trust policy
Send the role information to the other users
Instance and Service Roles
It’s not just people who need permissions for the AWS Service APIs. It’s also your applications that interact with AWS Services. For example, putting an object in S3 or querying a DynamoDB table. Some AWS Services themselves, such as Elastic Beanstalk, need to interact with other services as well.
Using IAM User credentials for an application is possible, but not the preferred method
Create an IAM role that is assumed by the EC2 Instance upon launch
Create IAM roles for services that need access to other services
Many enterprise AWS customers use Active Directory or other LDAP compatible directory services to authenticate users on their network.
AWS offers several options for extending Active Directory into AWS environments
Users authenticate with existing AD credentials
AWS grants temporary credentials and users are automatically logged in to the console
Logging AWS Activity
The ease with which infrastructure and services can be configured and deployed on AWS means that sometimes administrators are not completely aware of the configuration changes that are made by other users in their account. This can lead to misconfigurations, compliance issues and outages.
Explore CloudTrail that provides detailed logs of the AWS API activity
Learn how Config provides an inventory of deployed services and timelines of changes
Config Rules can compare your configuration with a set of best practices or custom rules
System administrators need clear visibility into the performance of their AWS resources. Real-time monitoring is needed to take action that can avert system outages before they occur.
Understand how CloudWatch monitors important metrics in real time
Alarms can be set on metric thresholds
Create metrics from logfiles and store them in a centralized repository using CloudWatch
Administrators and security professionals need proof that their infrastructure and data are secure. Fortunately, AWS provides additional logs that record access to our systems and data.
VPC Flow Logs will allow you to see accepted and rejected network traffic within a VPC
ELB and CloudFront logs record the network requests at those endpoints
S3 Access Logs record who accessed your object data and from where
Infrastructure as Code
Manual infrastructure deployments are not easily repeatable and are often unreliable. Documenting the infrastructure and maintaining a history of changes can be a laborious process when done manually. Fortunately, CloudFormation provides a way to deploy AWS resources from a text file known as a CloudFormation Template.
Create a CloudFormation template in JSON or YAML
Execute the template using the CloudFormation Engine and build the stack
Publish the templates in Service Catalog
AMIs and Bootstrapping
To support automatic launching from services such as Autoscaling and CloudFormation, EC2 instances need to be self-configuring.
Learn how Custom AMIs can provide a foundational configuration
Provide an additional configuration at launch time using Bootstrapping
Update groups of instances with the EC2 Run Command
Deploying updates to applications without disrupting users can be a particular challenge. In this video, we will look at deploying applications.
Perform in-place updates without disruption using Auto scaling
Perform Blue-Green deployments with Route 53 or ElasticBeanstalk
Code Deploy can do both rolling and blue-green deployments
Protecting Data in Transit
Communications with AWS often takes place over the internet, so transferring data between your data center and AWS requires protections against accidental disclosure, modification, or attacks such as man-in-the-middle.
Use a hardware VPN or dedicated fiber to connect to AWS
Transfer data in bulk securely using Snowball
Use SSL-protected endpoints that will protect data in transit
Encrypting Data at Rest
Many security compliance requirements require data to be stored in the encrypted format. AWS enables several options to make this a simple task.
Use built-in server side encryption (SSE) available in several services
Choose a key management solution
Use client-side encryption for services that don’t offer SSE
Protecting Your Applications
The most damaging attacks occur at the application level. There are several exploits commonly used to cripple a web application or gain access to secure data. With application level attacks, encryption is of no help. One solution is to filter out malicious attacks with the help of a Web Application Firewall.
Filter malicious attacks at CloudFront or an Application LB using AWS WAF
Defend against the DDoS attacks with AWS Shield
Find application vulnerabilities using AWS Inspector
Module 2: Design Serverless Architecture with AWS and AWS Lambda
The Course Overview
This video provides an overview of the entire course.
The Rise of Serverless Architecture
The aim of this video is to go over a non-serverless architecture diagram and identify the problems with it, and conclude from it what are the benefits of using serverless.
Go over a general web architecture in AWS without serverless
Review the decision making and maintenance involved
Convert to AWS serverless architecture and highlight the benefits
AWS Serverless Services
The aim of this video is to review what AWS has to offer in the serverless field and start getting familiar with those services.
Define what is a serverless service
Review all the AWS serverless services divided into categories
Take a closer look at the main services
AWS Lambda Function
The aim of this video is to get introduced to the basics of AWS Lambda function, how it works and how to create the first one.
Introduce AWS Lambda function details
Showcase the creation wizard in AWS console
Modify the code of AWS Lambda function
Implementing API using API Gateway and Lambda
The aim of this video is to implement a API serverless solution using API Gateway and Lambda function.
Create and deploy API gateway per environment
Create the logic behind the API using Lambda
Integrate the two to learn the integration options
Micro-services create a new challenge on how to communicate between services, which we will learn in this video.
Understand why micro services is so popular
Create micro services with API Gateway and Lambda
Review the communication options between services
The aim of this video is to manage dev operations using serverless services.
Trigger operation using CloudWatch
Review CloudWatch event target options
Understand the Lambda function as a DevOps tool
CDN Edge Location
The aim of this video is to create a Dynamic CDN using CloudFront and Lambda.
Learn what CDN is
Understand why we need dynamic CDN
Integrate Lambda with CloudFront
The aim of this video is to get to know how to manage data using serverless solution.
List the available services
Overview on AWS S3
Discuss about AWS DynamoDB
Integrating S3 with Lambda Function
This video teaches you to handle your S3 data with lambda function by responding to events and utilize the AWS-SDK.
Define events in S3 on object changes
Trigger Lambda function to handle the changes
Use the AWS-SDK to interact with S3 from Lambda function code
Integrating DynamoDB with Lambda Function
This video talks about provision, management, and interaction with DynamoDB.
Look at the provision table with DynamoDB
Trigger Lambda function on DynamoDB changes
Use lambda function for analytics aggregation
Logs with CloudWatch
Serverless services output both infrastructure and application logs, we need to find a way to manage those logs. This video helps us into doing it.
Setup integration between CloudWatch and Lambda function
View the logs in CloudWatch and learn how to search it
Stream or export the logs the get better capabilities
CloudWatch Metrics and Alerts
Once our code is in production, we need to monitor it and get notified once something goes wrong. We will see how to monitor using this video.
Explore what metrics are available
Define Monitor based on metric
Define threshold and what to do once exceed to create an alert
Tracing with X-ray
Serverless tend to have multiple components to compose architecture. In this video, we will see the way to trace to communication between them.
Integrate the AWS Lambda function with X-ray
Review the traces created in X-ray
Review the service map created in X-ray