- Introduction to Amazon Web Services (AWS)
- Identity Access Management (IAM)
- IAM Policy
- IAM Authentication
- Elastic Compute Cloud (EC2)
- Elastic Block Storage (EBS)
- Elastic Load Balancer (ELB)
- Auto Scaling Groups and Launch Configurations
- Elastic File System (EFS)
- Elastic Beanstack
- DNS and Route 53
- Elastic Container Service (ECS)
- Storage Gateway
- Virtual Private Clouds (VPC)
- Network Access Control Lists (NACL)
- Security Groups (VPC SG)
- Network Address Translation (NAT) Instances, NAT Gateways, Egress only Internet Gateways and Bastion Hosts
- Simple Storage Service (S3)
- Cloud Watch
- Cloudtrail Logs
- CloudFront CDN
- Cloud Formation
- Relational Database Service (RDS)
- DynamoDB NoSQL key value and document database
- Redshift
- Amazon Aurora RDS
- Elasticache
- AWS Simple Notification Service (SNS)
- Simple Queue Service (SQS)
- Simple Workflow Service (SWF)
- Elastic Transcoder
- API Gateway
- AWS Kinesis
- Security on AWS
- Overview of Security Processes – Summary of the Whitepaper
- Lambda
- Additional Topics
- AWS Well-Architected framework (February 2018 CSAA Exam)
- Architecting for the AWS Cloud – Best Practices
- AWS CSAA – Released February 2018 Exam Questions
- My day at the AWS CSAA (Released February 2018) certification exam
Elastic Block Storage (EBS)
- Block level storage volumes that can be attached to EC2 instances as root/boot or secondary volumes
- HDD and SSD (root and secondary) are supported
- Bootable root volume or secondary volume
- General purpose SSD gp2(3 IOPS/GB burstable to 3000 IOPS)
- Provisioned IOPS io1 (10,000 and above IOPS)
- Magnetic Standard
- Secondary Volume only (can’t be used as root volume)
- Throughput optimized HDD (st1): Data warehousing, log processing
- COLD HDD sc1: infrequently accessed such as file server
- Bootable root volume or secondary volume
- Replicated within the availability zone
- All volumes except standard HDD can be modified even while they are attached as root volumes to a running EC2
- Only increase size possible
- Can switch from gp2 to provisioned IOPS io1 and vice versa
- Snapshots
- Saved on S3
- Incremental
- Snapshots of encrypted volumes are encrypted automatically and vice versa
- Can be shared with other accounts only if unencrypted
-
For unencrypted volumes, you can encrypt a volume’s data by means of snapshot copying
- Create a snapshot of your unencrypted EBS volume. This snapshot is also unencrypted.
- Copy the snapshot while applying encryption parameters. The resulting target snapshot is encrypted.
- Restore the encrypted snapshot to a new volume, which is also encrypted.
- Convert from unencrypted EC2 boot volume to encrypted boot volume
- Create AMI (Create Image) (unencrypted EC2 –> unencrypted AMI)
- Copy this image and check the Encryption box. Using the CLI, you would use the
copy-imagemode with the--encryptedflag. (unencrypted AMI -> encrypted AMI) - Re launch a new EC2 from the new encrypted AMI and apply EIP etc and test
- shutdown the old EC2
- EBS and AZs and Regions
- EC2 and its volumes must be in the same AZ. Since latency is important.
- To move an existing volume from AZ1 to AZ2, you need to take a snapshot and restore volume from that snapshot in AZ2
- You can copy a snapshot from Region 1 to Region 2 and then create an image or volume from that snapshot
- AMIs
- AMI’s are region specific.
- AMIs can be created from snapshots or volumes
- You can copy AMI from one region to another and then launch instance from the copied AMI in the new region
- Marketplace AMIs are not encrypted at rest
- Instance Store (Ephemeral storage)
- Instance stores are saved on S3
- Only certain EC2 types such as m class support instance store
- EC2 instances having root instance store volume can’t be started/stopped. Only rebooted or terminated
- Instance store backed EC2 while terminated, no option to save the volume
- Stop/start of EBS backed EC2 instance will provision the new instance on a different hypervisor/host