- Introduction to Amazon Web Services (AWS)
- Identity Access Management (IAM)
- IAM Policy
- IAM Authentication
- Elastic Compute Cloud (EC2)
- Elastic Block Storage (EBS)
- Elastic Load Balancer (ELB)
- Auto Scaling Groups and Launch Configurations
- Elastic File System (EFS)
- Elastic Beanstack
- DNS and Route 53
- Elastic Container Service (ECS)
- Storage Gateway
- Virtual Private Clouds (VPC)
- Network Access Control Lists (NACL)
- Security Groups (VPC SG)
- Network Address Translation (NAT) Instances, NAT Gateways, Egress only Internet Gateways and Bastion Hosts
- Simple Storage Service (S3)
- Cloud Watch
- Cloudtrail Logs
- CloudFront CDN
- Cloud Formation
- Relational Database Service (RDS)
- DynamoDB NoSQL key value and document database
- Redshift
- Amazon Aurora RDS
- Elasticache
- AWS Simple Notification Service (SNS)
- Simple Queue Service (SQS)
- Simple Workflow Service (SWF)
- Elastic Transcoder
- API Gateway
- AWS Kinesis
- Security on AWS
- Overview of Security Processes – Summary of the Whitepaper
- Lambda
- Additional Topics
- AWS Well-Architected framework (February 2018 CSAA Exam)
- Architecting for the AWS Cloud – Best Practices
- AWS CSAA – Released February 2018 Exam Questions
- My day at the AWS CSAA (Released February 2018) certification exam
Elastic Block Storage (EBS)
- Block level storage volumes that can be attached to EC2 instances as root/boot or secondary volumes
- HDD and SSD (root and secondary) are supported
- Bootable root volume or secondary volume
- General purpose SSD (code: gp2): You get 3 IOPS/GB credit every second. The volume is burstable to 3,000 IOPS. Each volume receives an initial I/O credit balance of 5.4 million I/O credits, which is enough to sustain the maximum burst performance of 3,000 IOPS for 30 minutes.
- Bootable root volume or secondary volume
The burst duration of a volume is dependent on the size of the volume, the burst IOPS required, and the credit balance when the burst begins. This is shown in the following equation:
(Credit balance)
Burst duration = ------------------------------------
(Burst IOPS) - 3(Volume size in GiB)-
-
- Provisioned IOPS (code: io1): 10,000 and above IOPS provisioned. You pay more based on the provision.
- Magnetic Standard: Magnetic volumes are backed by magnetic drives and are suited for workloads where data is accessed infrequently, and scenarios where low-cost storage for small volume sizes is important. These volumes deliver approximately 100 IOPS on average, with burst capability of up to hundreds of IOPS, and they can range in size from 1 GiB to 1 TiB.
- Secondary Volume only (can’t be used as root volume)
- Throughput optimized HDD (code: st1): Data warehousing, log processing
- COLD HDD (code: sc1): infrequently accessed such as file server
-
- Replicated within the availability zone
- All volumes except standard HDD can be modified/upgraded even while they are attached as root volumes to a running EC2
- Only increase size possible
- Can switch from gp2 to provisioned IOPS io1 and vice versa
- Snapshots
- Saved on S3
- Incremental
- Snapshots of encrypted volumes are encrypted automatically and vice versa
- Can be shared with other accounts only if unencrypted
-
For unencrypted volumes, you can encrypt a volume’s data by means of snapshot CCR (Create/Copy/Resotre)
- Create a snapshot of your unencrypted EBS volume. This snapshot is also unencrypted.
- Copy the snapshot while applying encryption parameters. The resulting target snapshot is encrypted.
- Restore the encrypted snapshot to a new volume, which is also encrypted.
- Convert from unencrypted EC2 boot volume to encrypted boot volume
- Create AMI (Create Image) (unencrypted EC2 –> unencrypted AMI)
- Copy this image and check the Encryption box. Or use the CLI, you would use the
copy-imagemode with the--encryptedflag. (unencrypted AMI -> encrypted AMI) - Re launch a new EC2 from the new encrypted AMI and apply EIP etc and test
- shutdown the old EC2
- EBS and AZs and Regions
- EC2 and its volumes must be in the same AZ. Since latency is important.
- To move an existing volume from AZ1 to AZ2, you need to take a snapshot and restore volume from that snapshot in AZ2
- You can copy a snapshot from Region 1 to Region 2 and then create an image or volume from that snapshot
- AMIs
- AMI’s are region specific.
- AMIs can be created from snapshots or volumes
- You can copy AMI from one region to another and then launch instance from the copied AMI in the new region
- Marketplace AMIs are not encrypted at rest
- Instance Store (Ephemeral storage)
- Instance stores are saved on S3
- Only certain EC2 types such as m class support instance store
- EC2 instances having root instance store volume can’t be started/stopped. Only rebooted or terminated.
- Instance store backed EC2 while terminated, no option to save the volume
- Stop/start of EBS backed EC2 instance will provision the new instance on a different hypervisor/host