| Table of Contents |
|---|
Key Points
- AWS services can come at 3 layers: iaas, paas, saas
- Most references to AWS refer to paas - EC2 instances and the services that run on them
- EC2 instances can be Windows or Linux
- A low-cost iaas option is LightSail - a VPS server that is fixed price, low-cost with internet connectivity etc - easier to plan than EC2 costs
- Effective cost management of AWS resources and services is a HUGE issue for most companies
- EBS - elastic block storage - can be mounted and file system created for use. can be attached to any single instance
References
...
RAC594585551661CAR
AWS and Lightsail
Training Resources
Ed Izzo AWS Tips
Great catching up as always, Jim. Maybe we'll finally meet in person post-vaccination this summer!
...
Certification Overview
https://aws.amazon.com/certification/
AWS Cloud Practitioner
https://aws.amazon.com/certification/certified-cloud-practitioner/
...
There is no better preparation than hands-on experience
Topics covered in AWS Cloud Practitioner
- Understand and use core services of Amazon Web Services (AWS)
- Understand and use Identity & Access Management (IAM)
- Understand and use Virtual Private Cloud (VPC)
- Understand and use Simple Storage Service (S3)
- Understand and use Elastic Cloud Compute (EC2)
- Understand and use RDS/DynamoDB (databases)
- Understand and use Simple Notification Service (SNS)
- Understand and use CloudWatch (monitoring)
- Understand and use Elastic Load Balancing (distributing traffic)
- Understand and use Auto Scaling (scalable & elastic architecture)
- Understand and use Route 53 (domains & DNS)
AWS Associate Architect cert - online multiple choice
https://aws.amazon.com/certification/certified-solutions-architect-associate/
preparation for exam
Abilities Validated by the Certification
- Effectively demonstrate knowledge of how to architect and deploy secure and robust applications on AWS technologies
- Define a solution using architectural design principles based on customer requirements
- Provide implementation guidance based on best practices to the organization throughout the life cycle of the project
Recommended Knowledge and Experience
- Hands-on experience using compute, networking, storage, and database AWS services
- Hands-on experience with AWS deployment and management services
- Ability to identify and define technical requirements for an AWS-based application
- Ability to identify which AWS services meet a given technical requirement
- Knowledge of recommended best practices for building secure and reliable applications on the AWS platform
- An understanding of the basic architectural principles of building on the AWS Cloud
- An understanding of the AWS global infrastructure
- An understanding of network technologies as they relate to AWS
- An understanding of security features and tools that AWS provides and how they relate to traditional services
AWS Exam Preparations Guides
https://aws.amazon.com/certification/certification-prep/
Solutions Architect Associate prep
https://aws.amazon.com/certification/certified-solutions-architect-associate/
Solutions Developer Associate prep
Key Concepts
AWS resources
AWS EC Cloud Documentation
https://docs.aws.amazon.com/ec2/index.html
...
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html
Compute Nodes
https://aws.amazon.com/ec2/pricing/?p=ps
Amazon EC2 is free to try. There are four ways to pay for Amazon EC2 instances: On-Demand, Reserved Instances, and Spot Instances. You can also pay for Dedicated Hosts which provide you with EC2 instance capacity on physical servers dedicated for your use.
Free Tier for 1 year
AWS Free Tier includes 750 hours of Linux and Windows t2.micro instances each month for one year. To stay within the Free Tier, use only EC2 Micro instances.
AMI - Amazon Machine Instance configurations
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
...
One or more EBS snapshots, or, for instance-store-backed AMIs, a template for the root volume of the instance (for example, an operating system, an application server, and applications).
Launch permissions that control which AWS accounts can use the AMI to launch instances.
A block device mapping that specifies the volumes to attach to the instance when it's launched.
Linux AMI Virtualization Types
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/virtualization_types.html
Linux Amazon Machine Images use one of two types of virtualization: paravirtual (PV) or hardware virtual machine (HVM). The main differences between PV and HVM AMIs are the way in which they boot and whether they can take advantage of special hardware extensions (CPU, network, and storage) for better performance.
For the best performance, we recommend that you use current generation instance types and HVM AMIs when you launch your instances. For more information about current generation instance types, see Amazon EC2 Instance Types. If you are using previous generation instance types and would like to upgrade, see Upgrade Paths.
HVM AMIs
HVM AMIs are presented with a fully virtualized set of hardware and boot by executing the master boot record of the root block device of your image. This virtualization type provides the ability to run an operating system directly on top of a virtual machine without any modification, as if it were run on the bare-metal hardware. The Amazon EC2 host system emulates some or all of the underlying hardware that is presented to the guest.
Unlike PV guests, HVM guests can take advantage of hardware extensions that provide fast access to the underlying hardware on the host system. For more information on CPU virtualization extensions available in Amazon EC2, see Intel Virtualization Technology on the Intel website. HVM AMIs are required to take advantage of enhanced networking and GPU processing. In order to pass through instructions to specialized network and GPU devices, the OS needs to be able to have access to the native hardware platform; HVM virtualization provides this access. For more information, see Enhanced Networking on Linux and Linux Accelerated Computing Instances.
All instance types support HVM AMIs.
To find an HVM AMI, verify that the virtualization type of the AMI is set to hvm, using the console or the describe-images command.
EBS - Elastic Block Storage devices
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html
...
EBS volumes are highly available and reliable storage volumes that can be attached to any running instance that is in the same Availability Zone. EBS volumes that are attached to an EC2 instance are exposed as storage volumes that persist independently from the life of the instance. With Amazon EBS, you pay only for what you use. For more information about Amazon EBS pricing, see the Projecting Costs section of the Amazon Elastic Block Store page.
AWS Cost Management Strategies
hire someone who has managed a "limited data" phone plan successfully - same concepts apply here .. needs agressive cost management ( 3rd party app opportunity with alerts / automated responses ??? )
...
https://drive.google.com/open?id=1sHsXhkf83v3vK-3uHhEvl-g8ywuvrf8t
AWS Reserved Instances - RI
The most mature AWS customers are running more than 80% of their EC2 infrastructure covered by RI purchases. A best practice is to not let this number dip below 60% for maximum efficiency.
AWS Cost management can be improved for most companies
...
- Measuring real-time cost analysis between the various cloud providers.
- Providing foundational education for engineering teams.
- Having visualization of cloud architecture, versus cost of those parts of the infrastructure.
- Facilitating robust tag enforcement, with easy ability to export cost and presentation to teams.
- Enabling reporting total spend, cloud spend, service management spend and contract spend, the entire cloud spend picture.
- Achieving container control, network and hardware integration at the scale and speed of cloud."
- Highlighting and fostering conversations around cloud cost management from a behavior change perspective
AWS services
AWS service levels - IAAS, PAAS, FAAS
Amazon Web Services (AWS) provides the infrastructure to host and run your applications at different levels of abstraction.The most obvious solution for hosting code is of course renting a bare metal machine, setting up the operating system andinstalling all necessary software. You can do that with Amazon EC2, although this service is more known for renting virtualmachines that run on physical hosts provided by Amazon. In both solutions you must care about the operating system you areusing and the installation of the server software (e.g. Tomcat).
Beanstalk - PAAS for Web apps
Amazon Beanstalk goes one step further by providing services that take a ready-to-use war file and deploy it on a virtual machinethat was setup by Amazon on behalf of you. As a developer you no longer have to care about the details of setting up the operatingsystem or the server software. If you implement your application such that it is independent of the OS and runs on the providedversion of Apache Tomcat, Amazon can automatically deploy your software and even scale out the number of virtual machinesnecessary to serve all clients without much delay. You just tell Amazon the limits it should operate in and you can concentrateon the implementation.
Serverless function concepts
Containers like Docker provide significant environment isolation and flexibility.
An app in a Docker container only talks to the Docker engine and the configured ports.
...
- locality of reference on data, libraries within a microservice to a high degree when caching is used
- environment agnostic
- easy to scale as a unit independent of other services in other containers
faas - single function deployed as a serverless service
the server is conceptually "invisible" to the developer
...
The most popular serverless platforms--AWS Lambda, Google Cloud Functions, Azure Functions--all present challenges once data gets involved. Want to talk to local AWS services? Dead simple. But once authenticated APIs get involved, it’s more of a pain. Where do you store tokens? How do you handle OAuth redirects? How do you manage users? Quickly that narrow use of serverless can snowball into a pile of other public cloud services … to the point that you’ve swapped the complexity developers know for some new piles of stuff to learn.
AWS Lamba Concepts
https://drive.google.com/open?id=153fxjcVnuov2wtJqoLfeSP55iY5rKQbZ
...
With Amazon Lambda the level of abstraction is put even one step higher. With Lambda you no longer care about virtualmachines and their scale out yourself. All you have to do is to provide Amazon some code (typically in form of a prepared jarfile) and Amazon cares about its execution on behalf of you. In contrast to Amazon Beanstalk you do not care about the numberof virtual machines used for the execution nor the number of load balancers. Amazon promises to execute your code as often as itis requested. And you pay only for the time used for its execution, not for the time your virtual machines are running.
Stateless function programs
Receive all data as parms, return a value.
Good for lower-level, reactive calculations driven by events from an event source
AWS Serverless Java Lambda Tutorial
lambda-java-programming-aws-lambda-cockroach-labs
AWS Serverless Java services - okta
https://developer.okta.com/blog/2020/05/27/serverless-java-aws
...
- Choose Between Java Serverless Options
- Sign Up for AWS Account with Billing
- Create AWS Access Keys
- Install and Configure AWS CLI
- Create AWS Role
- Download the Project from GitHub
- Configure Okta JWT Auth
- Create the Lambda
- Create an AWS API Gateway
- Test Your API Gateway URL
- Generate a JWT Token
- Test the Protected Serverless Function
- Learn More about AWS and Java
Apache OpenWhisk
Cloud Serverless Cost Calculator - AWS, Azure, IBM, GCP
AWS Events - CloudWatch and SNS
AWS Events - CloudWatch and SNS down
https://cloudonaut.io/loosing-trust-in-aws-sns-broken-for-24-days/
https://drive.google.com/file/d/1UKJ4Lo5ZeKDDe9QNTFjvDjPTQqA6Gfq2/view?usp=sharing
AWS Concepts and Terms
AWS SSM - Systems Manager
https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html
AWS Systems Manager Agent (SSM Agent) is Amazon software that can be installed and configured on an Amazon EC2 instance, an on-premises server, or a virtual machine (VM). SSM Agent makes it possible for Systems Manager to update, manage, and configure these resources. The agent processes requests from the Systems Manager service in the AWS Cloud, and then runs them as specified in the request. SSM Agent then sends status and execution information back to the Systems Manager service by using the Amazon Message Delivery Service (service prefix: ec2messages).
SSH connection to EC2 instance at Paramount
| Code Block | ||||
|---|---|---|---|---|
| ||||
---------------------------------------------------- devops access for dev env ---------------------------------------------------- nsf-api.sysopsnetwork.com -------------- 1> create a client key pair w puttygen use puttygen to generate key pair save private key w pass phrase .. jm+ save public key as pem file .. send public key to server to load -------------- 2> connect on openvpn jimstOVOTAtivlp$aKo8wesjim use openvpn connection jim w pwd -------------- 3> open terminal w putty ssh run putty ssh load private key create conenction nsf-api url nsf-api.sysopsnetwork.com -------------- 4> open robo3t connection robo3t connection nsf-api url nsf-api.sysopsnetwork.com 27017 uses ssh prv key - no SSL ( its vpn ) with openvpn no need for ssh tunnel nsf-api.sysopsnetwork.com -------------- 5> postman client import postman lib export and run in postman for nsf-api lib postman api import postman nsf test collection https://documenter.getpostman.com/view/5352743/SzS5v6ok?version=latest then run postman initial test fails GET /accounts HTTP/1.1 Host: localhost:3030 Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6ImFjY2VzcyJ9.eyJpYXQiOjE1ODM3OTcxMTIsImV4cCI6MTU4Mzg4MzUxMiwiYXVkIjoiaHR0cHM6Ly95b3VyZG9tYWluLmNvbSIsImlzcyI6ImZlYXRoZXJzIiwic3ViIjoiNWU2MmMxYTBjYzE5YzAzMGE2YjFjNGNiIiwianRpIjoiNzcxMTg5ZjMtZWM5YS00OThjLTliOWUtN2I2ZjE2MmM0OTM3In0.XrmEn2Sff6Z3U9q7XdleoU0-2YZHKhrcPxUuipb_jV0 cache-control: no-cache Postman-Token: df9ced11-c722-4843-83aa-d9dfe2e6d730 https://blog.postman.com/2018/08/09/postman-release-6-2/ |
Potential Value Opportunities
AWS mainframe integration opportunities ( TCS and IBM i as well )
https://cloudwars.co/amazon/amazon-addresses-critical-blind-spot-mainframe-deal-tcs/
...
- 69% for core business;
- 67% for internal apps;
- 67% for finance apps;
- 61% customer-facing apps; and
- 60% for AI/ML.
Potential Challenges
Candidate Solutions
AWS free tier services
AWS cost planning - Planning Dashboard for systems, services
https://aws.amazon.com/pricing/cost-optimization/
...
https://calculator.s3.amazonaws.com/index.html
Learn About AWS
- What Is AWS?
- What Is Cloud Computing?
- What Is DevOps?
- What Is a Container?
- What Is a Data Lake?
- AWS Cloud Security
- What's New
- Blogs
Resources for AWS
- Getting Started
- Training and Certification
- AWS Solutions Portfolio
- Architecture Center
- Product and Technical FAQs
- Analyst Reports
- AWS Partner Network
AWS Lightsail Cloud Server specs
https://aws.amazon.com/lightsail/pricing/?opdp1=pricing
...
- 1-click RDP access (Windows)
- Powerful API
- Highly available SSD storage
- Server monitoring
AWS Support
Case ID 7197414421 - can I use AWS services from Lightsail?
Lightsail provides a base set of resources available 24x7 in different configurations for compute, storage, memory, network access. From a Lightsail account, console do I have access to normal AWS services as an option?
Step-by-step guide for Example
AWS Management Console
https://console.aws.amazon.com/?nc2=h_m_mc
billing status for free tier
https://console.aws.amazon.com/billing/home?#/
...
https://console.aws.amazon.com/cost-management/home#/dashboard
IAM
https://console.aws.amazon.com/iam/home?region=us-east-1#/home
...
create an admin user acct
If you don't already have an access key for your AWS account root user, don't create one unless you absolutely need to. Instead, use your account email address and password to sign in to the AWS Management Console and create an IAM user for yourself that has administrative permissions.
rjm0g$psyn#pz9
create 2 admins - jmason, smason
user key files downloaded
swt1-aws-new_user_credentials-v1.csv
Created user jmason
Attached policy AdministratorAccess to user jmason
Attached policy AmazonAPIGatewayAdministrator to user jmason
Created access key for user jmason
Created login profile for user jmason
welcome email to jm9g
You now have access to the AWS Management Console for the account ending in 1661. ------
Sign-in URL: https://594585551661.signin.aws.amazon.com/console
User name: jmason
Your password will be provided separately by your AWS account administrator.
welcome email smason
You now have access to the AWS Management Console for the account ending in 1661. ------
Sign-in URL: https://594585551661.signin.aws.amazon.com/console
User name: smason
Your password will be provided separately by your AWS account administrator.
Created an org - swt1
| Info |
|---|
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
Recommended Next Steps
Related articles
| Page Properties | ||
|---|---|---|
| ||
|
...