Primers-AWS

The AWS Cloud Practitioner course introduces foundational cloud computing and
AWS concepts, suitable for students or professionals across non-technical and
technical roles. Key areas include:

1. Cloud Concepts: Benefits of cloud computing and its cost-effectiveness.

2. AWS Core Services: Compute, storage, networking, databases, security, and
management services.
3. Cloud Security: Shared responsibility model, access management, and
compliance.
4. Billing and Pricing: AWS pricing models, cost management strategies, and
pricing tools.
5. Hands-On Labs: Practical experience with real cloud environments.

Key Topics

1. Cloud Computing Basics

● Definition: Delivery of scalable, virtualized IT resources as services over the

internet.
● Traditional vs. Cloud: Traditional IT relies on owned infrastructure, while
cloud services provide on-demand resources hosted by providers like AWS.

2. Cloud Computing Models

● Infrastructure as a Service (IaaS): Provides infrastructure (e.g., Amazon EC2)

for scalable deployments.
● Platform as a Service (PaaS): Simplifies application deployment by
managing underlying infrastructure (e.g., Elastic Beanstalk).
● Software as a Service (SaaS): Fully managed software solutions (e.g.,
web-based email).

3. Cloud Deployment Models

● Private Cloud: On-premises virtualization for specific organizational needs.

● Public Cloud: Shared resources available to all customers (e.g., AWS).
● Hybrid Cloud: Combines on-premises and cloud resources for flexible
deployments.

Benefits of AWS Cloud

 1. Cost Efficiency:
○ Replace capital expenses with variable expenses.
○ Leverage economies of scale for lower costs.
2. Scalability:
○ Scale resources up/down as needed, avoiding capacity issues.
3. Agility:
○ Reduce setup time from weeks to minutes, fostering innovation.
4. Global Reach:
○ Deploy applications globally with reduced latency.
5. Focus on Core Business:
○ Reduce effort on infrastructure management and focus on innovation.

AWS Global Infrastructure

● Regions: 30 regions with 96 availability zones globally, ensuring fault

tolerance and low latency.
● Edge Locations: Cache content closer to users for faster delivery.
● Regional Considerations: Adhere to laws requiring data storage within
specific regions.

AWS Management Interfaces

1. Management Console: A graphical interface for monitoring, managing

security, and setting up AWS resources.
2. Command Line Interface (CLI): Enables interaction with AWS services
through commands in Linux, Mac, or Windows.
3. Software Development Kits (SDKs): Tools for integrating AWS services into
various programming languages using APIs.

Additional Insights

● AWS offers cost-effective tools and global infrastructure to meet diverse IT

needs.
● Emphasis on compliance, security, and reducing operational complexity for
organizations.

Amazon S3 Overview
 ● Scalable & Durable Object Storage: Store any amount of data in the cloud,
accessible from anywhere on the internet.
● Storage as Objects in Buckets: Files are stored as objects inside buckets.
Each object can be up to 5 TB.
● High Availability: Designed for 99.999999% availability, with redundancy
across multiple facilities.
● Access Control: You can control access through bucket policies, IAM
policies, and manage who can create, delete, or retrieve objects.

Amazon S3 Features

1. Access Control:
○ Default setting: private access for resource owners.
○ Can use AWS features to block or allow public access, grant
permissions to specific users, or use policies (bucket policies or user
policies).
○ S3 Block Public Access feature prevents accidental exposure of data.
2. Bucket Properties:
○ Versioning: Store multiple versions of an object, allowing recovery
from accidental deletions or overwrites.
○ Server Access Logging: Track detailed records of requests made to
the bucket, useful for auditing and security.
○ Object Tagging: Categorize objects with key-value pairs (up to 10 tags
per object).
○ Event Notifications: Automatically trigger actions when specific
events occur (e.g., object upload or deletion).
○ Encryption: Set default encryption for all objects in a bucket to secure
data at rest.
3. Other Storage Options:
○ Transfer Acceleration: Speeds up file transfers using Amazon's global
CloudFront network.
○ Object Lock: Prevents objects from being deleted or overwritten for a
fixed period (WORM model).
○ Requester Pays: Shifts the cost of requests and data downloads to the
requester instead of the bucket owner.
4. Static Website Hosting:
○ S3 can host static websites, serving static content such as HTML,
images, and scripts.

Amazon S3 Glacier
 ● Low-Cost Data Archiving: Ideal for long-term storage where retrieval time of
several hours is acceptable.
● Storage Classes:
○ Standard Retrieval: Takes 3-5 hours.
○ Bulk Retrieval: Takes 5-12 hours.
○ Expedited Retrieval: Available within 1-5 minutes.
● Glacier Deep Archive: Even lower-cost option for infrequently accessed
data, ideal for long-term retention (e.g., 7-10 years).
5. Vault Lock:
○ Allows you to lock a vault with compliance controls, ensuring data
integrity and immutability.
6. Lifecycle Policies:
○ Automate the transition of data between S3 storage classes based on
age or importance, reducing storage costs over time.

S3 Storage Classes

● S3 Standard: For frequently accessed data.

● S3 Intelligent-Tiering: Automatically moves data to the most cost-effective
storage tier.
● S3 Standard-IA: For infrequently accessed data that still requires rapid
access.
● S3 One Zone-IA: Lower-cost option for infrequently accessed data stored in a
single availability zone.
● S3 Glacier: For archiving data with infrequent access and long retrieval times.
● S3 Glacier Deep Archive: The lowest cost storage class for rarely accessed
data.

Data Management

● Use lifecycle policies to automatically move data between storage classes,

helping to reduce overall costs as data becomes less important.

Amazon EC2 Overview:

● Elastic Compute Cloud (EC2) offers scalable compute capacity in the cloud,
similar to traditional physical servers but with cloud benefits such as flexibility,
cost efficiency, and easy scaling.
● Complete Control: EC2 provides full control over instances, including root
access, the ability to start/stop instances, and access to the console output.
● Flexible Cloud Hosting: You can choose different operating systems (Linux,
Windows, macOS) and instance configurations (CPU, memory, storage, etc.)
to match workload requirements.
 ● Elastic Scaling: EC2 supports scaling up or down based on demand using
Auto Scaling, which automatically adjusts the number of running instances.
● Integration: EC2 integrates seamlessly with other AWS services (like S3,
RDS, and VPC) for a complete, secure solution.
● Reliability: EC2 provides highly reliable environments, with the ability to
rapidly launch replacement instances.
● Security: Integrated with VPC for secure networking, and designed to meet
the security needs of sensitive organizations.
● Cost: With EC2, you only pay for the compute capacity that you actually use,
benefiting from AWS's economies of scale.

Amazon EC2 Instance Types:

EC2 instances come in various types, each optimized for specific workloads:

● General Purpose: For websites, development environments, microservices,

etc.
● Compute Optimized: For compute-intensive tasks like web servers,
high-performance computing, and video encoding.
● Memory Optimized: For memory-intensive applications like
high-performance databases, in-memory caches, and big data analytics.
● Accelerated Computing: For GPU-accelerated workloads, like deep
learning, data analysis, and speech recognition.
● Storage Optimized: For high disk throughput and storage-intensive
applications such as distributed file systems or big data workloads.

Instance sizes vary by type and generation. For instance, a "c5.large" instance is
from the 5th generation of compute-optimized instances, with "large" indicating the
instance size.

Amazon Machine Images (AMIs):

● An AMI is a template that defines the OS, applications, and configurations for
launching EC2 instances.
● You can launch multiple instances from a single AMI, ensuring consistency
and scalability across environments.
● Benefits of AMIs:
○ Repeatability: Instances launched from the same AMI are identical.
○ Reusability: AMIs can be used to recreate instances efficiently.
○ Recoverability: AMIs provide an easy way to back up EC2
configurations, aiding in disaster recovery.
○ Backup: You can use AMIs to create backups or replicate EC2
instances across different regions.

Amazon Elastic Block Store (EBS):

 ● Amazon EBS provides block-level storage for EC2 instances, supporting both
throughput- and transaction-intensive workloads.
● Persistence: EBS volumes are persistent and remain intact even if the
associated EC2 instance is stopped or terminated.
● Types of EBS Volumes:
○ SSD-backed: General Purpose (GP2), Provisioned IOPS (IO1)
○ HDD-backed: Throughput Optimized (ST1), Cold HDD (SC1)
● Snapshots: EBS supports incremental backups through EBS snapshots,
which save storage costs by only capturing changes to data.
● Security: EBS volumes can be encrypted at no extra cost, ensuring data
security both in transit and at rest.

With Amazon EC2, you can efficiently build, deploy, and scale applications, while
EBS ensures persistent and scalable storage for your EC2 instances.

What is Amazon Virtual Private Cloud (VPC)?

Amazon VPC allows you to create a logically isolated virtual network within AWS.
This private network can house your AWS resources, such as EC2 instances and
RDS databases. The VPC is isolated from other virtual networks in the AWS cloud,
giving you control over your network’s structure and security settings.

Key features include:

● Control Over Network Design: You can specify your IP address range,
create subnets, and configure route tables and network gateways.
● IPv4 and IPv6 Support: AWS allows the use of both IPv4 and IPv6
addresses for your resources.
● Region-based: VPCs are region-specific, and cannot span multiple regions.

VPC Components and Subnets

When setting up a VPC:

● CIDR Block: Define the IP address range (IPv4 or IPv6) for your VPC using
Classless Inter-Domain Routing (CIDR) notation.
● Subnets: Divide the VPC into smaller subnets, each within a single
availability zone. Subnets help in segmenting your resources by function (e.g.,
public and private subnets).
● Route Tables: By default, a VPC has a main route table, which is used to
direct traffic within the VPC. You can create custom route tables for more
granular control over traffic.

Networking Features
 ● Internet Gateway: Used to allow resources in your VPC to access the
internet. It is horizontally scalable and redundant.
● Network Address Translation (NAT) Gateway: Allows instances in private
subnets to access the internet, while keeping them isolated from inbound
internet traffic. NAT gateways support only IPv4 traffic.
● Elastic IP (EIP): A static public IP address that can be associated with an
EC2 instance to make it reachable from the internet.
● Elastic Network Interface (ENI): A virtual network card that can be attached
to an instance. Multiple ENIs can be used for advanced network
configurations.

Security Features

● Security Groups: Act as virtual firewalls that control inbound and outbound
traffic at the instance level. Security groups are stateful, meaning if you allow
inbound traffic, the corresponding outbound response traffic is automatically
allowed.
○ Example: A web-tier security group allows inbound HTTP/HTTPS
traffic, while an app-tier security group allows inbound traffic only from
the web-tier.
● Network Access Control Lists (NACLs): Operate at the subnet level and
function as an additional layer of security. They are stateless, requiring explicit
inbound and outbound rules for traffic.
○ Default NACLs allow all inbound and outbound traffic, but custom
NACLs block traffic until specific rules are added.

With these features, you can create a secure, scalable, and isolated networking
environment to run applications and manage workloads in AWS.

1. Monitoring AWS Resources

Service: Amazon CloudWatch

● Purpose: Monitoring AWS resources and applications in real-time.

● Features:
○ Track and analyze metrics like CPU usage on Amazon EC2.
○ Set alarms and automate actions (e.g., add/remove instances).
○ Custom metric tracking alongside AWS built-in metrics.
○ System-wide insights into resource usage and operational health.
○ No upfront commitment; pay-as-you-go model.
○ Stores metrics for up to 15 months for historical analysis.
● Benefits:
○ Centralized monitoring for applications and infrastructure.
○ Granular real-time data with 1-second resolution.
○ Visualization tools for better troubleshooting and root cause analysis.
 ○ Improved Mean Time to Resolution (MTTR) and resource optimization.

2. Managing Demand Efficiently with Auto Scaling

Service: Amazon EC2 Auto Scaling

● Purpose: Automatically adjust EC2 instance capacity to meet demand.

● How It Works:
○ Monitors CPU utilization to dynamically add or remove instances.
○ Configures scaling rules with maximum, minimum, and desired
capacities.
○ Scale-out and scale-in events manage resource allocation efficiently.
○ Maintains fault tolerance by replacing unhealthy instances.
● Benefits:
○ Cost-effective scaling based on real-time demand.
○ Maintains application availability and performance.
○ Supports fleet management to ensure healthy instances.

3. Load Balancing for High Availability

Service: Elastic Load Balancer (ELB)

● Purpose: Distribute incoming application traffic across multiple targets.

● Types of Load Balancers:
○ Application Load Balancer (ALB): Layer 7, supports HTTP/HTTPS,
WebSocket, and routing rules.
○ Network Load Balancer (NLB): Layer 4, ideal for high-throughput
TCP traffic.
● Features:
○ Health checks to ensure traffic is routed only to healthy instances.
○ SSL termination for secure connections.
○ Handles millions of requests per second with low latency.
● Benefits:
○ Improves fault tolerance and high availability.
○ Enhances security with SSL/TLS offloading.
○ Real-time performance monitoring via CloudWatch.

4. Database Services

Relational Databases:
 ● Service: Amazon RDS
○ Managed relational database with support for engines like MySQL,
PostgreSQL, Oracle, and SQL Server.
○ Benefits: Automated backups, patching, high availability, and
point-in-time recovery.
● Service: Amazon Aurora
○ Compatible with MySQL and PostgreSQL.
○ Features high throughput, automatic scaling, and 90% cost reduction
compared to commercial databases.

Non-Relational Databases:

● Service: Amazon DynamoDB

○ Managed NoSQL database supporting key-value and document store
models.
○ Features: Automatic scaling, high performance, single-digit millisecond
latency, and serverless architecture.

Specialized Databases:

● Amazon Redshift: Data warehousing for large-scale analytics.

● Amazon Neptune: Graph database for highly connected data.
● Amazon DocumentDB: MongoDB-compatible document database.
● AWS DMS: Database Migration Service for seamless migration with minimal
downtime.

5. Summary

This module highlighted:

● The ability to monitor and manage AWS resources using CloudWatch.

● How to scale applications efficiently with Auto Scaling.
● Ensuring high availability with Elastic Load Balancers.
● Leveraging relational and non-relational database services to build robust
applications.

By combining these tools, AWS enables cost-effective, scalable, and resilient cloud
solutions tailored to diverse workloads and applications.

AWS CloudFormation

● Purpose: Infrastructure as Code (IaC) service for modeling, provisioning, and

managing AWS resources.
● Key Features:
 ○ Use JSON or YAML templates to define infrastructure.
○ Templates can be uploaded locally or stored in an S3 bucket.
○ Visualize and design templates with AWS CloudFormation Designer.
○ Automates safe provisioning and rollback in case of errors.
● Use Cases:
○ Build and replicate environments.
○ Standardize infrastructure for troubleshooting and compliance.

AWS Elastic Beanstalk

● Purpose: Simplifies application deployment by managing the infrastructure,

scaling, and monitoring for you.
● Supported Platforms: PHP, Java, Python, Ruby, Node.js, .NET, Go, Docker.
● Key Features:
○ Auto-scaling and load balancing for high availability.
○ Multiple deployment policies (all-at-once, rolling, immutable,
blue/green).
○ Health monitoring via the Elastic Beanstalk dashboard.
○ Automatic environment updates and compliance with standards like
HIPAA and SOC.
● Ideal Scenarios:
○ Deploy web applications with minimal management overhead.
○ Connect on-premises and cloud resources seamlessly.

AWS Direct Connect

● Purpose: Provides a dedicated private network connection between your data

center and AWS.
● Key Features:
○ Reduces bandwidth costs and improves performance by bypassing the
internet.
○ Offers private connectivity to Amazon VPCs and public AWS services
like S3.
○ Scalable connections from 1 Gbps to 10 Gbps.
● Benefits:
○ Enhanced security and consistent network performance.
○ Partition connections using virtual interfaces for accessing private or
public resources.

Amazon Route 53

● Purpose: Managed DNS service to route internet traffic efficiently.

● Key Features:
○ Domain registration and health checks.
 ○ Configurable to redirect traffic from unhealthy resources.
○ Seamlessly integrates with VPC for DNS resolution.
● Use Cases:
○ Serve as a DNS resolver for applications across cloud and local
environments.
○ Ensure traffic reliability and high availability.

Amazon Elastic File System (EFS)

● Purpose: Fully managed shared file storage for Linux workloads.

● Key Features:
○ Automatic scaling for growing storage needs.
○ Low latency and high throughput for demanding workloads.
○ Multi-AZ access and lifecycle management for cost efficiency.
● Use Cases:
○ Shared storage between EC2 instances and on-premises servers.
○ Reduce costs by transitioning infrequently accessed files to lower-cost
storage tiers.

Optimization with Additional AWS Services

● AWS Lambda: Serverless compute for running code in response to triggers

without managing servers.
● Amazon CloudFront:
○ Delivers content faster using a global network of edge locations.
○ Caches files at edge locations, improving performance and reducing
origin server load.
○ Configurable caching policies for tailored expiration settings.

These AWS services, when combined effectively, can create a robust cloud
architecture tailored for high performance, security, scalability, and cost efficiency. By
leveraging tools like CloudFormation and Elastic Beanstalk, organizations can
standardize deployments, automate operations, and achieve seamless scalability.

Amazon CloudFront

● Purpose: A Content Delivery Network (CDN) service for high-speed,

low-latency delivery of data to users across different geographical locations.
● Workflow:
○ Routing Requests: DNS routes requests to the nearest edge location.
○ Cache Check: If the requested file is in the cache, it's served from the
edge location.
○ Cache Miss: If not cached:
■ File requests are forwarded to the applicable origin server (e.g.,
Amazon S3 or HTTP server).
 ■ The file is returned to the edge location and cached for future
requests.
● Cache Control: Default cache expiration is 24 hours. Cache duration can be
adjusted using Time-To-Live (TTL) settings for optimized performance or
dynamic content serving.
● Advantages:
○ Faster performance.
○ DDoS protection (using AWS Shield).
○ Cost-effective "pay-as-you-go" pricing.

AWS Lambda

● Purpose: Run code without provisioning or managing servers (serverless

computing).
● Key Features:
○ Supports multiple languages (e.g., Java, Node.js, Python, C#).
○ Fault-tolerant and scalable infrastructure.
○ Automated deployment and monitoring (integrated with CloudWatch).
○ Billing based on compute time (100ms increments).
● Use Cases:
○ Orchestrating multiple workflows using AWS Step Functions.
○ Triggered by events (e.g., S3 uploads, SNS messages).

Amazon SNS (Simple Notification Service)

● Purpose: Fully managed pub/sub messaging service for distributed

applications.
● Key Features:
○ Reliability and Durability: Stores messages across multiple
Availability Zones.
○ Scalability: Handles high-throughput messaging with dynamic scaling.
○ Security: Supports access policies, encryption at rest, and in transit.
○ Message Filtering: Ensures subscribers receive only relevant
messages.
○ Use Cases:
■ Service-to-service communication.
■ Asynchronous workflows (e.g., processing user requests or
cancellations).
■ State change notifications (e.g., inventory updates).
Amazon ElastiCache

● Purpose: In-memory data store for high-speed data retrieval.

● Engines: Supports Redis and Memcached.
● Key Workflow:
○ Checks the cache for requested data.
○ Forwards request to the database if data is not in the cache.
● Advantages:
○ Reduces latency and improves application performance.
○ Can be used alongside DynamoDB for managing indices and
authentication tokens.

Amazon S3 + Video Transcoding Use Case

1. Source Upload: Videos are uploaded to a source S3 bucket through

CloudFront.
2. SNS Trigger: S3 events trigger SNS topics, which notify multiple Lambda
functions.
3. Processing:
○ Lambda functions independently transcode the videos to different
bitrates and resolutions.
○ Processed videos are stored in a destination S3 bucket for streaming.
4. Metadata Management:
○ A separate Lambda function extracts metadata from uploaded videos.
○ Metadata is stored in a DynamoDB table, enabling efficient search.
5. Cache Optimization: ElastiCache (Redis) is used to manage content indexes
and authentication tokens, improving search performance.

Amazon CloudFront

● Cost-Effective: No upfront fees or minimum commitment; "pay-as-you-go"

pricing.
● File Delivery Process:
○ Request Routing: DNS routes requests to the nearest edge location.
○ Cache Check: CloudFront serves cached files from the edge location,
if available.
○ Cache Miss:
■ CloudFront identifies the appropriate origin server (e.g., Amazon
S3 for images, HTTP servers for HTML files).
■ Files are retrieved from the origin server and sent to the edge
location for caching and delivery.
 ○ Default Cache Expiry: Files expire after 24 hours, configurable via
TTL (Time-To-Live) settings for better performance or dynamic content
handling.

Amazon ElastiCache

● Purpose: Enhances application performance with faster data retrieval from

in-memory data stores.
● Workflow:
○ Checks the cache for requested data before forwarding the request to
the database.
○ Supports open-source engines like Redis and Memcached.
● Benefits: Reduces latency and load on the database, ensuring high
availability.

Video Transcoding Use Case

1. File Upload: Videos are uploaded to an Amazon S3 source bucket via

CloudFront.
2. SNS Notification:
○ S3 triggers SNS topics, notifying multiple Lambda functions.
○ These functions process videos independently and transcode them into
different bitrates and resolutions.
3. Transcoded Files:
○ Uploaded to a destination S3 bucket for streaming through CloudFront.
4. Metadata Extraction:
○ Another Lambda function extracts metadata from the video files and
stores it in DynamoDB.
5. Search Optimization:
○ ElastiCache for Redis is used to manage content indices and
authentication tokens, improving search performance.

Overall:

Amazon CloudFront

1. Definition: A Content Delivery Network (CDN) to deliver content with low

latency and high transfer speeds.
2. Workflow:
○ Request Routing: DNS routes user requests to the nearest edge
location.
 ○ Cache Check: CloudFront serves the file from the edge cache if it
exists.
○ Cache Miss:
■ CloudFront forwards the request to the appropriate origin
server (e.g., S3 for images, HTTP server for HTML).
■ Retrieves the file from the origin, caches it at the edge location,
and delivers it to the user.
○ Default TTL (Time-To-Live): Files expire after 24 hours, but this can
be extended or reduced for better performance or dynamic content
delivery.
3. Advantages:
○ Fast: Delivers files from nearby edge locations.
○ Cost-Effective: No upfront fees; pay-as-you-go.
○ Secure: Protects against DDoS attacks.

Amazon ElastiCache

1. Purpose: Provides in-memory caching for faster data retrieval and improved
application performance.
2. Supported Engines: Redis and Memcached.
3. Workflow:
○ Checks cache for requested data.
○ If data isn’t in the cache, the request is forwarded to the database.

SNS and Lambda Workflow for Video Transcoding Use Case

1. File Upload: Videos are uploaded to an S3 bucket via CloudFront.

2. Notification:
○ S3 triggers an SNS topic, which sends notifications to multiple
Lambda functions.
○ These functions process and transcode videos to multiple bitrates and
resolutions.
3. Transcoded Files:
○ Stored in a destination S3 bucket for delivery via CloudFront.
4. Metadata Extraction:
○ A separate Lambda function extracts video metadata and stores it in
DynamoDB.
5. Search Optimization:
○ ElastiCache for Redis is used to manage content indices and
authentication tokens, ensuring high search performance.
Key CloudFront Use Case Insights

● Dynamic vs Static Content: Adjust TTL settings for efficient cache handling
(longer TTL = better performance for static content, shorter TTL = better for
dynamic content).
● Edge Locations: Deliver content close to users for reduced latency.

AWS Security Overview

1. Security Priority:
○ AWS prioritizes security with scalable, reliable infrastructure.
○ Core security services (IAM, monitoring, DDoS protection) continuously
evolve.
2. Shared Responsibility Model:
○ AWS Responsibility (Security of the Cloud):
■ Manages global infrastructure (e.g., regions, availability zones,
physical security).
■ Secures AWS services like compute, storage, and networking.
○ Customer Responsibility (Security in the Cloud):
■ Secures deployed data, operating systems, and configurations.
■ Manages access controls and encryption.
3. Managed vs. Unmanaged Services:
○ Unmanaged (e.g., EC2): Customer secures OS, patches, and
configurations.
○ Managed (e.g., S3, DynamoDB): AWS manages infrastructure;
customers handle data and permissions.
4. Key Security Services:
○ AWS IAM: Manage user access, roles, and policies.
○ AWS Shield: DDoS protection service.
○ AWS WAF: Web Application Firewall to protect against web exploits.
○ AWS Secrets Manager: Manages credentials like API keys.
○ AWS Artifact: On-demand compliance and security documentation.
○ Amazon GuardDuty: Threat detection and monitoring.
○ AWS KMS: Encryption key management.
○ Amazon Inspector: Security assessment of deployed applications.
○ AWS SSO: Centralized Single Sign-On for multiple AWS accounts.
5. Authentication & Authorization:
○ Authentication: Validates user identity (via AWS Console, CLI, or
APIs).
■ Credentials include access keys, passwords, and MFA.
○ Authorization: Assigns permissions through IAM policies (JSON
documents).
 ■ Users and roles have no permissions by default—policies grant
access.
6. AWS Compliance Tools:
○ AWS Certificate Manager: SSL/TLS certificate management.
○ Amazon Cognito: User authentication for web and mobile apps.
○ AWS Directory Service: Integration with Active Directory for
workloads.

AWS IAM (Identity and Access Management):

1. IAM Roles:
○ Provide temporary access to AWS resources without long-term
credentials.
○ Ideal for applications (e.g., on EC2) accessing resources like S3
without embedding credentials.
2. Root User Best Practices:
○ Delete root user access keys.
○ Use MFA for added security.
○ Create IAM users with specific permissions for daily tasks.
3. IAM Policies:
○ JSON-based documents defining permissions for users, roles, or
groups.
○ Use policies to assign only the necessary permissions.
4. IAM Best Practices:
○ Rotate credentials periodically.
○ Use roles instead of hard-coded credentials in code.
○ Remove unused credentials and monitor user activities.

Amazon Inspector:

1. Purpose:
○ Automated security assessments for applications on AWS.
○ Identifies vulnerabilities and deviations from best practices.
2. Features:
○ Agent-based and API-driven, integrates into DevOps pipelines.
○ Provides detailed reports on findings, severity, and remediation steps.
3. Benefits:
○ Streamlines compliance with best practices.
○ Enables continuous security testing during development and
deployment.
DDoS Mitigation with AWS Shield:

1. AWS Shield Standard:

○ Free, always-on protection against infrastructure-level attacks.
○ Features include real-time traffic monitoring and automated mitigation.
2. AWS Shield Advanced:
○ Enhanced detection, mitigation, and support from the DDoS Response
Team (DRT).
○ Covers attacks on EC2, ELB, Route 53, and CloudFront.
○ Provides cost protection from usage spikes due to DDoS attacks.
3. Key Tools for DDoS Protection:
○ AWS WAF: Protects against application-layer attacks.
○ CloudWatch: Provides near-real-time attack visibility and notifications.

AWS Security Compliance:

1. Certifications & Audits:

○ Achieved certifications like SOC 1/2/3, ISO 27001/9001, PCI DSS,
HIPAA, FedRAMP, etc.
○ Validated as a secure service provider for various compliance
standards.
2. AWS Artifact:
○ Provides access to compliance documents and reports.
3. Customer Responsibilities:
○ Design and implement controls for compliance.
○ Continuously engage in governance processes and verify key controls.
4. Key Approaches for Compliance:
○ Review and document compliance requirements.
○ Ensure effective operation of controls through regular verification.

AWS Well-Architected Framework Overview

● Purpose:
1. Helps build secure, high-performing, resilient, and efficient cloud-native
architectures.
2. Provides a consistent methodology for evaluating and improving
architectures.
● Six Pillars:
1. Operational Excellence: Processes and monitoring to deliver
business value while continuously improving.
2. Security: Protect information and systems while meeting business
needs.
 3. Reliability: Ensure systems recover quickly and operate as expected
under load or failure.
4. Performance Efficiency: Use resources optimally to maintain desired
performance.
5. Cost Optimization: Minimize costs while balancing security,
performance, and reliability.
6. Sustainability: Reduce environmental impact and improve energy
efficiency.

Design Principles by Pillar

1. Operational Excellence:

● Automate Operations: Perform operations as code to reduce human error.

● Documentation Updates: Automate updates to ensure they align with
changes in the environment.
● Frequent, Small Changes: Design systems to accommodate reversible,
incremental changes.
● Anticipate Failure: Test failure scenarios and refine operations based on
lessons learned.

2. Security:

● Identity and Access Control: Implement strong identity foundations with least
privilege and MFA.
● Traceability: Enable real-time monitoring and integrate logs for automated
responses.
● Layered Security: Apply defense-in-depth across all layers, including edge,
VPC, and applications.
● Protect Data: Use encryption for data in transit and at rest, classify data by
sensitivity, and limit direct access.
● Incident Preparedness: Simulate responses and automate detection and
recovery for security events.

3. Reliability:

● Test Recovery Procedures: Simulate failures to validate recovery strategies.

● Automate Recovery: Use automation to detect and respond to issues based
on KPIs.
● Horizontal Scaling: Use multiple smaller resources instead of one large
resource to reduce risks.
● Capacity Management: Monitor and auto-scale resources based on demand.
● Change Automation: Automate infrastructure changes for consistency.
4. Performance Efficiency:

● Democratize Technology: Leverage cloud-managed services like machine

learning or databases.
● Global Reach: Deploy systems across multiple regions for better
performance and lower latency.
● Serverless Architectures: Use managed services to reduce operational
overhead.
● Frequent Testing: Experiment with different configurations to optimize
performance.
● Mechanical Sympathy: Choose technologies that align with workload
patterns.

5. Cost Optimization:

● Consumption Model: Pay only for resources used (e.g., turn off unused
environments).
● Efficiency Metrics: Measure cost-effectiveness based on system output.
● Managed Services: Reduce costs by using AWS-managed services that
operate at scale.
● Expenditure Analysis: Attribute costs to business owners for accountability
and optimization.

6. Sustainability:

● Energy Efficiency: AWS uses advanced cooling, renewable energy, and

optimized server designs.
● Carbon Neutrality: AWS is working towards carbon neutrality and supports
customer sustainability practices.

AWS Well-Architected Tool

● Purpose:
○ Free tool for reviewing workloads against AWS best practices.
○ Identifies areas for improvement across the six pillars.
● Usage:
○ Define your workload.
○ Answer questions on operational excellence, security, reliability,
performance efficiency, cost optimization, and sustainability.
○ Get recommendations for optimization and scalability.
● Benefits:
○ Ensures workloads align with evolving best practices.
○ Provides actionable insights to enhance cloud architectures.
AWS Pricing Model Overview

● Pay-As-You-Go:
○ Pay only for the specific services and resources you use.
○ No upfront costs, termination fees, or complex licensing.
○ Similar to utility billing (electricity or water).
● Benefits:
○ Scalability: Adjust operations based on demand, minimizing
overprovisioning or capacity shortages.
○ Flexibility: Shifts focus from procurement complexity to innovation.
○ Cost Efficiency: Prevents overspending on unused resources.

AWS Pricing Options

1. On-Demand Instances:
○ Pay per hour or second without upfront payments or long-term
commitments.
○ Ideal for unpredictable workloads or first-time users.
2. Savings Plans:
○ Commit to a consistent usage level for 1 or 3 years to receive
discounts.
○ Compute Savings Plan: Up to 66% savings, applies across instance
types, regions, OS, and tenancy.
○ EC2 Instance Savings Plan: Up to 72% savings for specific instance
families and regions.
3. Reserved Instances (RIs):
○ Save up to 75% compared to On-Demand pricing by committing to a 1-
or 3-year term.
○ Payment Options:
■ All Upfront (AURI): Maximum savings.
■ Partial Upfront (PURI): Moderate upfront cost and savings.
■ No Upfront (NURI): Minimal initial cost, smaller discount.
○ Ideal for predictable workloads.
4. Spot Instances:
○ Use spare EC2 capacity at up to 90% discount compared to
On-Demand pricing.
○ Best suited for fault-tolerant and flexible workloads (e.g., Big Data,
containerized applications).
5. Dedicated Hosts:
○ Physical servers reserved for your use.
○ Enables BYOL (Bring Your Own License) for certain software.
○ Helps with compliance requirements.
AWS Cost Factors

1. Compute Costs:
○ Pay based on instance run time (hour or second).
○ Example: EC2, ECS, Lambda.
2. Storage Costs:
○ Pay per GB stored, based on type and frequency of access.
○ Example: Amazon S3 offers tiered pricing based on usage.
3. Data Transfer Costs:
○ Inbound Data Transfer: Free in most cases.
○ Outbound Data Transfer: Charged per GB, with reduced rates as
volume increases.
4. Service-Specific Pricing:
○ Different AWS services have unique pricing models.
○ Example: Amazon S3 pricing varies by storage class, while EC2
depends on instance type.

AWS Cost Optimization Features

1. Volume Discounts:
○ Tiered pricing for services like Amazon S3 (lower cost per GB with
higher usage).
2. Storage Classes:
○ Match your storage type with frequency of access to optimize costs.
○ Example: S3 Standard for frequent access, S3 Glacier for infrequent.
3. Free Tier:
○ Some services offer a free usage tier for 12 months or always (e.g.,
AWS Lambda, DynamoDB).

AWS Cost Estimation Tools

1. AWS Pricing Calculator:

○ Provides detailed cost estimations for selected services.
2. Billing and Cost Management Dashboard:
○ Tracks monthly costs, identifies spending trends, and allows budget
setting.
3. AWS Cost Explorer:
○ Visualize and manage AWS costs and usage over time.
○ Identify cost-saving opportunities.
 4. Trusted Advisor:
○ Offers cost optimization recommendations.
○ Examples: Underutilized RIs, over-provisioned resources.

Key Advantages

● Efficiency: Optimize resource usage with tools and tiered pricing.

● Scalability: Easily adjust resources to meet growing business demands.
● Flexibility: Supports dynamic pricing models tailored to business
requirements.

Amazon EBS Pricing

1. Factors Affecting EBS Costs:

○ Volumes: Charged based on the GB provisioned per month until the
storage is released.
○ Snapshots: Charges for the amount of space data consumes in
Amazon S3.
○ Data Transfer:
■ Inbound: Free.
■ Outbound: Charged based on the amount of data transferred.

Amazon S3 Pricing

1. Pay-As-You-Go:
○ No minimum fee; charges depend on the location of the S3 bucket and
usage.
2. Storage Classes:
○ S3 Standard: High durability (99.999999%) and availability (99.99%).
○ S3 Standard Infrequent Access (IA): Lower cost for less frequently
accessed data.
○ S3 Intelligent Tiering: Automatically moves data to lower-cost storage
tiers.
○ S3 One Zone IA: Cost-efficient for data that doesn’t need multi-zone
redundancy.
○ S3 Glacier & Glacier Deep Archive: Extremely low-cost storage for
archival data.
3. Cost Components:
○ Storage Volume: Size and number of objects stored.
○ Data Transfer: Outbound transfers are charged; inbound is free.
○ Requests: Charges vary for GET, PUT, COPY, and LIST operations.
Cost Estimation Tools

1. AWS Pricing Calculator:

○ Model solutions, explore cost components, and plan AWS usage
before deployment.
2. AWS Cost Explorer:
○ View and analyze costs/usage trends for up to 13 months.
○ Forecast expenses for the next 3 months.
○ Identify opportunities for cost savings with reserved instances.
3. AWS Trusted Advisor:
○ Provides best practices across five categories:
■ Cost Optimization: Identifies idle/unused resources.
■ Performance: Checks limits and throughput.
■ Security: Flags permissions and gaps.
■ Fault Tolerance: Promotes redundancy and backups.
■ Service Limits: Monitors service utilization rates.

AWS Free Tier

1. Categories:
○ Always Free: Available indefinitely for all AWS customers.
○ 12-Month Free Tier: For new accounts; free usage for specific
services for 12 months.
○ Trials: Short-term offers that expire after first use.
2. Rules:
○ Usage is calculated monthly and does not accumulate across months.
○ Free tier features are region-specific (not available in China regions).

AWS Support Plans

1. Support Levels:
○ Basic (Free): Billing and account-related support, documentation, and
forums.
○ Developer: Includes best practices, architecture guidance, and
diagnostic tools.
○ Business: Adds use case guidance, Trusted Advisor full checks, and
24/7 support.
○ Enterprise: Provides architecture guidance, event management, and a
Technical Account Manager (TAM).
 2. Features Across Plans:
○ All Plans: 24/7 customer service for billing and account issues.
○ Developer & Above: Diagnostic tools and building block architecture
support.
○ Business & Enterprise: Priority case handling and use case-specific
guidance.
○ Enterprise: Application architecture advice and TAM for in-depth
guidance.

Key Learning Objectives Recap

1. AWS Pricing:
○ Pay-as-you-go model enhances flexibility, scalability, and
cost-effectiveness.
○ Reserved capacity (RIs) and Savings Plans reduce costs for
predictable workloads.
2. Cost Estimation Tools:
○ AWS Pricing Calculator for upfront estimates.
○ Cost Explorer and Trusted Advisor for usage analysis and savings
recommendations.
3. AWS Support:
○ Tailored support options for businesses of all sizes.
○ Tools like Trusted Advisor optimize performance and reduce costs.

AWS Pricing

1. Model:
○ Pay-as-you-go: Charges are based on usage with no long-term
contracts.
○ Reserved Instances (RIs): Save up to 75% with upfront payments.
Three payment options:
■ All upfront (highest discount), partial upfront, no upfront
(smallest discount).
○ Savings Plans: Flexible cost-saving plans offering up to 66% discounts
(Compute Savings Plans) or 72% (EC2 Instance Savings Plans).
○ Spot Instances: Use spare EC2 capacity with up to 90% discount for
fault-tolerant workloads.
2. Volume Discounts:
○ Data transfer and S3 storage costs reduce as usage increases.
3. Factors Affecting Cost:
○ Compute: Pay for running instances (hourly/second-based rates).
○ Storage: Charged per GB provisioned or used.
 ○ Data Transfer: Inbound is free; outbound and cross-region transfers
incur charges.

Amazon EBS Pricing

1. Charges:
○ Volume Storage: Based on GB provisioned until storage is released.
○ Snapshots: Billed for data stored in S3.
○ Data Transfer: Free for inbound; charges for outbound and
cross-region transfers.

Amazon S3 Pricing

1. Storage Classes:
○ S3 Standard: High durability and availability.
○ S3 Standard-IA: Lower costs for less-frequent access.
○ S3 Intelligent Tiering: Automatically optimizes costs based on access
patterns.
○ S3 Glacier & Glacier Deep Archive: Cheapest option for archival
data.
2. Cost Factors:
○ Data transfer out (regional rates apply).
○ Requests: Different rates for GET, PUT, COPY, etc.

AWS Free Tier

1. Three Categories:
○ Always Free: Available indefinitely.
○ 12-Month Free: For new customers, usage-limited across services.
○ Trials: Short-term trials for specific services.

Cost Estimation Tools

1. AWS Pricing Calculator:

○ Estimates based on usage.
○ Models solutions before deployment.
2. AWS Cost Explorer:
○ Visualizes 13 months of data and forecasts future costs.
 ○ Identifies unused resources and recommends Reserved Instances.
3. AWS Trusted Advisor:
○ Categories: Cost Optimization, Security, Fault Tolerance, Performance,
Service Limits.

AWS Support Plans

1. Support Levels:
○ Basic (Free): Account/billing queries, service health checks, forums.
○ Developer: Adds architectural guidance and diagnostic tools.
○ Business: Adds 24/7 access, use case guidance, Trusted Advisor
checks.
○ Enterprise: Adds Technical Account Manager (TAM) and event
management.
2. Features:
○ All plans include customer service, service health checks, and basic
support.
○ Developer and above offer detailed guidance and troubleshooting.
○ Enterprise provides dedicated consultative partnerships.
3. AWS Pricing Model
○ Pay-as-you-go, reserved instances, savings plans, spot instances,
volume-based discounts, and flexibility.
4. Amazon EBS & S3 Pricing
○ Storage, snapshot, and data transfer pricing models, including specific
storage classes like S3 Glacier and Intelligent Tiering.
5. AWS Free Tier
○ Always free, 12-month free for new customers, and trials.
6. Cost Estimation Tools
○ AWS Pricing Calculator, AWS Cost Explorer, and forecasting features.
7. AWS Trusted Advisor
○ Recommendations on cost optimization, security, performance, and
fault tolerance.
8. Support Plans
○ Details of basic, developer, business, and enterprise plans with
features like technical account managers, architectural guidance, and
case management.