AWS Cloud: Design and Administration Fundamentals

This video provides an overview of the entire course.

In order to follow along with the on-screen examples, you should open a free AWS Account. Let's see how to do that. Browse to aws.amazon.com Enter your personal and payment information Verify your identity and choose a support plan

For the first year of your AWS Account, there are many things you can do for free. We will discuss what these are and how to avoid accruing any charges. Check what is free for the first year Avoid monthly charges during your first year Know what you can always get for free on AWS

The aim of this video is to discuss the installation of command-line interface on Windows, Linux, and Mac machines and verify that the installation is proper. Install the Command-Line Interface Perform a test to verify that the installation of command line interface is proper

The AWS Management Console is the easiest way to launch AWS services. In this video, we will show you how to navigate the console, access your billing information, and switch regions. Learn how to log in to the management console Know how to locate the various features and services that AWS provides Understand how to switch regions and how the console changes when you switch

A new AWS account comes with a default Master User. This user has full privileges for all AWS services and cannot be revoked without deleting the entire account. The best way to keep an AWS account from getting compromised is by limiting its use. Do not use the Master User Account except to access Billing Enable multi-factor authentication to require a one-time password for logins Delete access keys that belong to the master user

Unless you have only one person who needs AWS access in your organization, you will need to grant privileges to others to use your AWS Account. AWS provides the Identity and Access Management Service (IAM) to allow you to create Users and Groups and assign permissions to them. Create a permissions policy or use one managed by AWS Create IAM users and optionally assign them to groups Associate permissions policies to users and groups to grant or deny access

Although AWS provides a simple web interface for interacting with their services, many administrators prefer to work from the command line. Also, with the availability of a Command-Line Interface, you can create simple BASH or Shell scripts for automating common administration tasks. IAM credentials are required to sign AWS API requests and can be easily configured The AWS CLI provides a more robust selection of actions than the Management Console Shell scripts using the AWS CLI can automate common administration tasks

Sometimes you may need to give an IAM user temporary access to resources in your account. IAM roles can provide other users, even in other AWS accounts, temporary access. Create a role and assign a permissions policy Identity the users who can use this role in the trust policy Send the role information to the other users

It’s not just people who need permissions for the AWS Service APIs. It’s also your applications that interact with AWS Services. For example, putting an object in S3 or querying a DynamoDB table. Some AWS Services themselves, such as Elastic Beanstalk, need to interact with other services as well. Using IAM User credentials for an application is possible, but not the preferred method Create an IAM role that is assumed by the EC2 Instance upon launch Create IAM roles for services that need access to other services

Many enterprise AWS customers use Active Directory or other LDAP compatible directory services to authenticate users on their network. AWS offers several options for extending Active Directory into AWS environments Users authenticate with existing AD credentials AWS grants temporary credentials and users are automatically logged in to the console

The ease with which infrastructure and services can be configured and deployed on AWS means that sometimes administrators are not completely aware of the configuration changes that are made by other users in their account. This can lead to misconfigurations, compliance issues and outages. Explore CloudTrail that provides detailed logs of the AWS API activity Learn how Config provides an inventory of deployed services and timelines of changes Config Rules can compare your configuration with a set of best practices or custom rules

System administrators need clear visibility into the performance of their AWS resources. Real-time monitoring is needed to take action that can avert system outages before they occur. Understand how CloudWatch monitors important metrics in real time Alarms can be set on metric thresholds Create metrics from logfiles and store them in a centralized repository using CloudWatch

Administrators and security professionals need proof that their infrastructure and data are secure. Fortunately, AWS provides additional logs that record access to our systems and data. VPC Flow Logs will allow you to see accepted and rejected network traffic within a VPC ELB and CloudFront logs record the network requests at those endpoints S3 Access Logs record who accessed your object data and from where

Manual infrastructure deployments are not easily repeatable and are often unreliable. Documenting the infrastructure and maintaining a history of changes can be a laborious process when done manually. Fortunately, CloudFormation provides a way to deploy AWS resources from a text file known as a CloudFormation Template. Create a CloudFormation template in JSON or YAML Execute the template using the CloudFormation Engine and build the stack Publish the templates in Service Catalog

To support automatic launching from services such as Autoscaling and CloudFormation, EC2 instances need to be self-configuring. Learn how Custom AMIs can provide a foundational configuration Provide an additional configuration at launch time using Bootstrapping Update groups of instances with the EC2 Run Command

Deploying updates to applications without disrupting users can be a particular challenge. In this video, we will look at deploying applications. Perform in-place updates without disruption using Auto scaling Perform Blue-Green deployments with Route 53 or ElasticBeanstalk Code Deploy can do both rolling and blue-green deployments

Communications with AWS often takes place over the internet, so transferring data between your data center and AWS requires protections against accidental disclosure, modification, or attacks such as man-in-the-middle. Use a hardware VPN or dedicated fiber to connect to AWS Transfer data in bulk securely using Snowball Use SSL-protected endpoints that will protect data in transit

Many security compliance requirements require data to be stored in the encrypted format. AWS enables several options to make this a simple task. Use built-in server side encryption (SSE) available in several services Choose a key management solution Use client-side encryption for services that don’t offer SSE

The most damaging attacks occur at the application level. There are several exploits commonly used to cripple a web application or gain access to secure data. With application level attacks, encryption is of no help. One solution is to filter out malicious attacks with the help of a Web Application Firewall. Filter malicious attacks at CloudFront or an Application LB using AWS WAF Defend against the DDoS attacks with AWS Shield Find application vulnerabilities using AWS Inspector

This video provides an overview of the entire course.

The aim of this video is to go over a non-serverless architecture diagram and identify the problems with it, and conclude from it what are the benefits of using serverless. Go over a general web architecture in AWS without serverless Review the decision making and maintenance involved Convert to AWS serverless architecture and highlight the benefits

The aim of this video is to review what AWS has to offer in the serverless field and start getting familiar with those services. Define what is a serverless service Review all the AWS serverless services divided into categories Take a closer look at the main services

The aim of this video is to get introduced to the basics of AWS Lambda function, how it works and how to create the first one. Introduce AWS Lambda function details Showcase the creation wizard in AWS console Modify the code of AWS Lambda function

The aim of this video is to implement a API serverless solution using API Gateway and Lambda function. Create and deploy API gateway per environment Create the logic behind the API using Lambda Integrate the two to learn the integration options

Micro-services create a new challenge on how to communicate between services, which we will learn in this video. Understand why micro services is so popular Create micro services with API Gateway and Lambda Review the communication options between services

The aim of this video is to manage dev operations using serverless services. Trigger operation using CloudWatch Review CloudWatch event target options Understand the Lambda function as a DevOps tool

The aim of this video is to create a Dynamic CDN using CloudFront and Lambda. Learn what CDN is Understand why we need dynamic CDN Integrate Lambda with CloudFront

The aim of this video is to get to know how to manage data using serverless solution. List the available services Overview on AWS S3 Discuss about AWS DynamoDB

This video teaches you to handle your S3 data with lambda function by responding to events and utilize the AWS-SDK. Define events in S3 on object changes Trigger Lambda function to handle the changes Use the AWS-SDK to interact with S3 from Lambda function code

This video talks about provision, management, and interaction with DynamoDB. Look at the provision table with DynamoDB Trigger Lambda function on DynamoDB changes Use lambda function for analytics aggregation

Serverless services output both infrastructure and application logs, we need to find a way to manage those logs. This video helps us into doing it. Setup integration between CloudWatch and Lambda function View the logs in CloudWatch and learn how to search it Stream or export the logs the get better capabilities

Once our code is in production, we need to monitor it and get notified once something goes wrong. We will see how to monitor using this video. Explore what metrics are available Define Monitor based on metric Define threshold and what to do once exceed to create an alert

Serverless tend to have multiple components to compose architecture. In this video, we will see the way to trace to communication between them. Integrate the AWS Lambda function with X-ray Review the traces created in X-ray Review the service map created in X-ray