Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Name Description
Region A geographical area with 2 or more AZs, isolated from other
AWS regions
Availability Zone (AZ) One or more data centers that are physically separate and
isolated from other AZs
Edge Location A location with a cache of content that can be delivered at low
latency to users – used by CloudFront
Regional Edge Cache Also part of the CloudFront network. These are larger caches
that sit between AWS services and Edge Locations
Global Network Highly available, low-latency private global network
interconnecting every data center, AZ, and AWS region
Section 2: AWS Global Infrastructure
Region – eu-west-1
Every region is connected
via a high bandwidth, full
Region – us-east-1
redundant network Availability Availability Availability
Zone Zone Zone
CloudFront Origins
Edge location
Regional
Edge Cache
Edge location
Region
0.0.0.0/0 igw-id
Public subnet
Subnets are
created within AZs
EC2 Instance
Availability Zone
Router Internet
Public subnet gateway
A VPC is a logically isolated
portion of the AWS cloud
EC2 Instance within a region
Section 2: VPC Overview Each VPC has a
different CIDR block
Region
VPC VPC
CIDR 172.31.0.0/16 CIDR 10.0.0.0/16
Region
Main Route Table
Destination Target
VPC 172.31.0.0/16 Local
0.0.0.0/0 igw-id
Availability Zone
Public subnet
EC2 Instance
Availability Zone
Router Internet Internet Client
Public subnet gateway
EC2 Instance
Section 3: Security Group Slide 1
Availability Zone
Public subnet
Availability Zone
Public subnet
Name Description
Public IP address Lost when the instance is stopped
No charge
Data Packets
EC2 Instance
Src: 3.104.75.244
Dest: 172.31.10.10
Linux OS
Association
IGW performs
1:1 NAT
eth0 Private-IP – e.g. 172.31.5.8 Public / Elastic IP – e.g. 3.104.75.244
Internet
gateway
eth1 Private-IP – e.g. 172.31.10.10
Section 3: Public, Private and Elastic IPs - Slide 2
Data Packets
EC2 Instance
Src: 3.104.75.244
Dest: 172.31.10.10
Linux OS
IGW performs
1:1 NAT
eth0 Private-IP – e.g. 172.31.5.8
Internet
eth1 Private-IP – e.g. 172.31.10.10 Public / Elastic IP – e.g. 3.104.75.244 gateway
Association
Section 3: Private Subnets and Bastion Hosts
Region
Destination Target
Availability Zone
172.31.0.0/16 Local
Public subnet
0.0.0.0/0 igw-id
Public-IP
EC2 Instance
Private-IP
Scale up (instance type) manually and use enhanced Elastic scalability up to 45 Gbps
networking
No high availability – scripted/auto-scaled HA possible Provides automatic high availability within an AZ and can be
using multiple NATs in multiple subnets placed in multiple AZs
Use an Elastic IP address or a public IP address with a Choose the Elastic IP address to associate with a NAT gateway at
NAT instance creation
Can implement port forwarding through manual Does not support port forwarding
customisation
Section 3: Private Subnet with NAT Gateway
Region
Destination Target
Availability Zone
172.31.0.0/16 Local
Public subnet
0.0.0.0/0 igw-id
NAT gateway
Elastic-IP
Private-IP
Destination Target
172.31.0.0/16 Local
EC2 Instance
0.0.0.0/0 nat-gateway-id
Section 3: Private Subnet with NAT Instance
Region
Destination Target
Availability Zone
172.31.0.0/16 Local
Public subnet
0.0.0.0/0 igw-id
NAT Instance
Elastic-IP
Private-IP
Destination Target
172.31.0.0/16 Local
EC2 Instance
0.0.0.0/0 nat-instance-id
Section 4: Amazon S3 Overview
Amazon S3
S3 Bucket
http://bucket.s3.aws-region.amazonaws.com
http://s3.aws-region.amazonaws.com/bucket
VPC
Public subnet
Object
Public Internet
EC2 Instance
• Key Internet
• Version ID
gateway
• Value
• Metadata
Private subnet
• Subresources
• Access control information
EC2 Instance
Internet Client
Section 4: IAM Roles
VPC
Public subnet
Assume role
IAM Role
S3 Bucket EC2 Instance
Public subnet
Policy
Section 4: Elastic Load Balancing Concepts
Client 3 is re-routed
to another instance
Availability Zone
Public subnet
Client 1 A single endpoint
(address) for your
application
Client 3
Client 2
Connections are
Client 3
distributed across
targets in multiple
EC2 Web Servers AZs (HA/FT)
Section 4: Elastic Load Balancing (ELB) Types
Application Load Balancer
Region
VPC
Availability Zone
Private-IP
EC2 Instance 1
Public-IPs
TCP, SSL,
HTTP, HTTPS
Availability Zone
Classic Internet Internet Client
Private subnet Public subnet Load gateway
Balancer
Private-IP
Public-IPs
EC2 Instance 2
Section 4: Classic Load Balancer - Multi-tier
Region
VPC
Availability Zone
Private-IPs Private-IP
Internal CLB
Private-IPs Internet- Internet Internet Client
Private subnet Public subnet Facing CLB gateway
Public-IPs
Private-IPs Private-IP
Availability Zone
Section 4: Classic Load Balancer (Internal)
Region
VPC
Availability Zone
EC2 Instance 1
Private-IPs
Internal Client
Internal CLB
Private-IPs
Private subnet Public subnet
Private-IPs
EC2 Instance 2
Availability Zone
Section 4: Network Load Balancer (Internet-Facing)
Region
VPC
Availability Zone
Private-IP
Public-IPs /
EC2 Instance 1
Elastic IP
TCP, TLS
Availability Zone
Network Load Internet Internet Client
Private subnet Public subnet Balancer gateway
Public-IPs /
Private-IP Elastic IP
EC2 Instance 2
Section 4: Application Load Balancer (Internet-Facing)
Region
VPC
Availability Zone
Private-IP
EC2 Instance 1
Public-IPs
HTTP, HTTPS
Availability Zone
Application Internet Internet Client
Private subnet Public subnet Load gateway
Balancer
Private-IP
Public-IPs
EC2 Instance 2
Section 4: Application Load Balancer – Path-based Routing
HTTP, HTTPS
Internet Client
Listener
HTTP, HTTPS
Internet Client
Listener
Rule
Rule (default) (shop.dctlabs.com)
3. ASG launches
ASG replaces failed extra instance
instance
2. CloudWatch
notifies ASG to
scale
Metrics Metrics
EC2 Instances EC2 Instances
Region
VPC
Availability Zone
HTTP, HTTPS
Auto Scaling
group
Availability Zone
Application Internet Internet Client
Private subnet Public subnet Load gateway
Balancer
Section 4: EC2 and ELB Health Checks
If ELB Health Checks
are enabled in ASG,
ELB Health Checks ELB Health Checks
both types are used
Auto Scaling
group
Availability Zone
Public subnet 1. Determine which AZ
has the most instances
VPC
Availability Zone A
Public subnet
16.6%
16.6%
16.6% 50%
ELB Node
Availability Zone B
Elastic Load Balancing Internet Client
Public subnet
25%
25% 50%
ELB Node
Section 4: Cross-Zone Load Balancing - Enabled
VPC
Availability Zone A
Public subnet
20%
20%
20% 60%
ELB Node
Availability Zone B
Elastic Load Balancing Internet Client
Public subnet
20%
20% 40%
ELB Node
Section 4: Cross-Zone Load Balancing - Enabled
VPC
Availability Zone A
Public subnet
33.3%
Selina
33.3%
Santos
66.6%
ELB Node
Availability Zone B
Elastic Load Balancing Internet Client
Public subnet
33.3% 33.3%
Ava
ELB Node
Section 4: Cross-Zone Load Balancing - Disabled
VPC
Availability Zone A
Public subnet
25%
Selina
25%
Santos
50%
ELB Node
Availability Zone B
Elastic Load Balancing Internet Client
Public subnet
50% 50%
Ava
ELB Node
Section 4: Cross-Zone Load Balancing
Instance 3
EC2 Web Servers
Client 1
HTTP, HTTPS
Internet Client
Region
VPC
Availability Zone
NAT gateway
HTTP, HTTPS
Auto Scaling
group
Availability Zone
Application Internet Internet Client
Private subnet Public subnet Load gateway
Balancer
Section 4: Public ALB with Private Instances– Security Groups
VPC Public subnet(s)
Private subnet(s)
Web Front-End
Section 4: Multi-Tier Web Architecture
Region
VPC
Internal ALB
HTTP, HTTPS
Auto Scaling Auto Scaling
group group
Availability Zone Internet Client
Internet
Private subnet Public subnet gateway
Private subnet(s)
Region
VPC
Availability Zone
Public subnet
Bucket
Section 4: CLB - Proxy Protocol and X-Forwarded-For
Region
VPC
Availability Zone
Public subnet
Region
VPC
Availability Zone
Public subnet
Sends client IP
+ Proxy Protocol
EC2 Instance support (L4) Internet Client
Network Load
Balancer
Section 5: Creating a Custom VPC
Region
Public Route Table
VPC
Destination Target
0.0.0.0/0 igw-id
Private subnet Public subnet
NAT gateway
Availability Zone
Private subnet Public subnet
Internet
Route table Route table gateway Private Route Table
Destination Target
Availability Zone 10.0.0.0/16 Local
Custom NACL
Inbound:
Availability Zone
Protocol Port Source Action
Router
All All 0.0.0.0/0 DENY
Private subnet Public subnet
Security Security All All ::/0 DENY
Group B Group A
Outbound:
Security
Group A Protocol Port Source Action
Stateful Stateless
Applies to an instance only if associated with a group Automatically applies to all instances in the subnets its
associated with
Section 5: VPC Peering
Account 1 Account 2
VPC VPC
EC2 Instance
Endpoint
Web Server
Network Load
Balancer
Endpoint Service
Section 5: VPC Flow Logs
VPC
Public subnet
Flow logs
VPC
CIDR: 10.0.0.0/16
Public subnet
CIDR: 192.168.0.0/16
Region
VPC
Corporate data center
AWS Direct Connect location
Public subnet
VPC
Public subnet
Direct Connect
Gateway
AWS Direct Customer / Customer Router
Connect partner router
Region endpoint
Public subnet
Amazon Route 53
.net example.com
.com dctlabs.com
.org
EC2 Instances
Section 6: Route 53 DNS Record Types
CNAME Alias
Supported DNS records Route 53 charges for CNAME queries Route 53 doesn’t charge for alias queries
to AWS resources
• A (address record)
• AAAA (IPv6 address record)
You can’t create a CNAME record at the top You can create an alias record at the zone
• CNAME (canonical name record)
node of a DNS namespace (zone apex) apex (however you can’t route to a CNAME
• Alias (an Amazon Route 53-specific virtual record)
at the zone apex)
• CAA (certification authority authorization)
• MX (mail exchange record)
• NAPTR (name authority pointer record) A CNAME can point to any DNS record that is An alias record can only point to a
• NS (name server record) hosted anywhere CloudFront distribution, Elastic Beanstalk
• PTR (pointer record) environment, ELB, S3 bucket as a static
• SOA (start of authority record) website, or to another record in the same
• SPF (sender policy framework) hosted zone that you’re creating the alias
• SRV (service locator) record in
• TXT (text record)
Section 6: Route 53 - Simple Routing Policy
simple.dctlabs.com A 1.1.1.1 60
2.2.2.2
simpler.dctlabs.com A 3.3.3.3 60
Amazon Route 53
2
Region
DNS query
Section 6: Route 53 - Weighted Routing Policy
1.1.1.1
60%
1
2
Region
20%
3
2.2.2.2
20%
Optional Health
Name Type Value Health Region Checks
latency.dctlabs.com A 1.1.1.1 ID ap-southeast-1
Region – us-east-1
Singapore
New York
Region – ap-southeast-2
Sydney
DNS query
ALB
DNS query
Section 6: Route 53 - Failover Routing Policy Corporate data center
Region – us-east-1
1.1.1.1
Region – ap-southeast-2
DNS query
ALB
Section 6: Route 53 - Geolocation Routing Policy Region – ap-southeast-1
Optional Health
Name Type Value Health Geolocation Checks
geolocation.dctlabs.com A 1.1.1.1 ID Singapore
Region – us-east-1
Singapore
Mexico
Region – ap-southeast-2
New Zealand
DNS query
ALB
DNS query
Section 6: Route 53 - Multivalue Routing Policy
Name Type Value Health Multi Value
2
Region
DNS query
Section 6: Route 53 Resolver – Outbound Endpoints
VPC
1
Amazon Route 53
Public subnet
2
DNS server
Private subnet VPN gateway VPN connection Customer
gateway
VPC
Amazon Route 53
Public subnet
3
Inbound Client
EC2 Instance
Endpoint
Section 7: S3 Gateway Endpoints
Default VPC
VPC
Public subnet
Private subnet
Route Table
Destination Target
pl-6ca54005 (com.amazonaws.ap-southeast-2.s3, 54.231.248.0/22, 54.231.252.0/24, 52.95.128.0/21) vpce-ID
Section 7: Block, Object and File Storage
HDD/SSD On-premises
File system client
REST API: GET, PUT,
POST, SELECT, DELETE Volume
Object
Availability Zone Availability Zone
/efs-mnt /efs-mnt
/dev/xvdf
Private Connection
Amazon S3
Bucket
http://bucket.s3.aws-region.amazonaws.com
http://s3.aws-region.amazonaws.com/bucket
VPC
S3 Gateway Endpoint
Public subnet
Object
Public Internet
EC2 Instance
• Key Internet
• Version ID
gateway
• Value
• Metadata
Private subnet
• Subresources
• Access control information
EC2 Instance
Internet Client
Section 7: Identity-Based and Resource-Based Policies
Example Policy
{
Identity-based policies
"Version": "2012-10-17", Resource-based policy
"Statement": [
{
"Sid": "SeeBucketListInTheConsole",
"Action": ["s3:ListAllMyBuckets"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::*"]
} IAM Role Inline Policy Bucket Policy
]
}
Assume role
Role
ACL John Allow assume
role
Bucket
Section 7: Access Control Lists
• Authenticated Users
S3 Predefined
• All Users
Example ACL Group • Log Delivery Group
… <AccessControlPolicy>
<Owner>
<ID> AccountACanonicalUserID </ID>
<DisplayName> AccountADisplayName </DisplayName>
</Owner>
<AccessControlList>
…
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="CanonicalUser">
<ID> AccountBCanonicalUserID </ID>
<DisplayName> AccountBDisplayName </DisplayName> Bucket ACL AWS Account
</Grantee>
<Permission> WRITE </Permission>
</Grant>
...
</AccessControlList>
</AccessControlPolicy> Object ACL
Section 7: Access Control List Permissions
READ Allows grantee to list the objects in the bucket Allows grantee to read the object data and its metadata
WRITE Allows grantee to create, overwrite, and delete any object Not applicable
in the bucket
READ _ACP Allows grantee to read the bucket ACL Allows grantee to read the object ACL
WRITE_ACP Allows grantee to write the ACL for the applicable bucket Allows grantee to write the ACL for the applicable object
FULL_CONTROL Allows grantee the READ, WRITE, READ_ACP, and Allows grantee the READ, READ_ACP, and WRITE_ACP
WRITE_ACP permissions on the bucket permissions on the object
Section 7: Choosing Access Control Options
• Authenticated Users
S3 Predefined • All Users
Identity-based policies Resource-based policy Group • Log Delivery Group
Bucket Policy
IAM Role Inline Policy
Object ACL
http://bucket.s3.aws-region.amazonaws.com
http://s3.aws-region.amazonaws.com/bucket
http://bucketname.s3-accelerate.amazonaws.com Bucket
http://bucketname.s3-accelerate.dualstack.amazonaws.com
IAM User
Section 7: S3 Encryption
Encryption / Encryption /
decryption decryption
Encryption /
decryption
Region Users
CloudFront Origins
Edge location
Regional
Edge Cache
Edge location
Users
Section 7: CloudFront – Points of Presence
Points of Presence:
• 176 Edge Locations
• 11 Regional Edge Caches
• 69 cities
• 30 countries
Section 7: CloudFront Distribution and Origins
S3 Origin
S3 Bucket Distribution
Custom Origin
Users
Distribution Amazon CloudFront
S3 Static
Website
Web Distribution:
Custom Origin • Static and dynamic content
• HTTP/HTTPS
• Add/update/delete objects + webforms
• Real time live streaming
RTMP Distribution:
EC2 Instance
• Uses Adobe Flash Media RTMP protocol
• Can play media file before downloaded
Application • Must use S3 origin
Load Balancer
EC2 Instance
Section 7: CloudFront with S3 Static Website
Region
Custom Origin
Region
Custom Origin
EC2 Instance
Application Users
Load Balancer Amazon CloudFront
EC2 Instance
Section 7: CloudFront wit Lambda@Edge
Region
Custom Origin
EC2 Instance
Application Users
Load Balancer Amazon CloudFront
EC2 Instance
Section 7: EBS and EFS Overview
Availability Zone
HDD/SSD On-premises
File system client
Volume
Availability Zone A
Amazon S3
Volume
EC2 Instance
Snap A Snap B Snap CB
Availability Zone B
Volume
EC2 Instance
• Can change encryption
Section 7: EBS Copying, Sharing and Encryption key
• Can change AZ
• Encryption state retained Encrypted Encrypted
• Same region Snapshot Volume
Volume Snapshot
• Block devices remain encrypted
Copy • Can be encrypted • Cannot be shared with other
• Can change regions accounts if using AWS CMK
Encrypted Encrypted
Snapshot • Cannot be shared publicly
Unencrypted Snapshot AMI
Snapshot
Copy
• Block devices remain encrypted
• Can change regions
• Can be encrypted
Encrypted AMI Encrypted
• Can change AZ
Unencrypted Volume AMI
Snapshot
• Can change encryption
key
• Cannot be encrypted • Can change AZ
• Can be shared with Encrypted AMI
other accounts EC2 Instance
Unencrypted AMI • Can be shared publicly
Snapshot • Can change encryption
state
Copy • Can change encryption • Can change AZ
Unencrypted
key AMI EC2 Instance
• Can change regions
Encrypted Encrypted
Snapshot Snapshot
Section 7: EFS Overview
Region
VPC
Availability Zone
On-premises
EFS File system VPN or Direct client
Note: Linux only Connect connection
NFS v1
ECS Cluster
ECS Service
Image Image
Task Definition
Auto Scaling group
{
"containerDefinitions": [
{ ECS Container ECS Container
"name": "wordpress",
"links": [ instance instance
"mysql"
],
"image": "wordpress",
"essential": true,
"portMappings": [
{
"containerPort": 80, Task Task Task Task
"hostPort": 80
}
],
"memory": 500,
"cpu": 10
}
Section 9: ECS Terminology
Task Definition Blueprint that describes how a docker container should launch
Service Defines long running tasks – can control task count with Auto
Scaling and attach an ELB
Section 9: Launch Types – EC2 and Fargate
Registry: Registry:
ECR, Docker Hub, Self-hosted ECR, Docker Hub
Task Task
ECS Service
Availability Zone
Private subnet Public subnet
MySQL Wordpress
HTTP (80)
NAT gateway
MySQL Wordpress Host port: 32601
HTTP (80)
Host port: 32400
MySQL Wordpress
Section 9: ECS with Application Load Balancer (ALB)
ECS Cluster
Public subnet
nginx Apache
Container port: 80 Container port: 80
NAT gateway
nginx Apache
Section 9: Elastic Container Registry
Amazon Elastic Container
Registry
Public subnet
Registry
Task
Section 9: Elastic Kubernetes Service
Region
VPC
Availability Zone Availability Zone Availability Zone
Public subnet Public subnet Private subnet
EKS Cluster
CPU RAM Disk NIC CPU RAM Disk NIC CPU RAM Disk NIC
Section 10: Comparing Compute Options
EC2 ECS (EC2 Launch Type) ECS (Fargate Launch Type) Lambda
You manage the operating You manage container instance You manage the containers (tasks) You manage the code
system (EC2) and the containers (tasks)
Scale vertically – more Manually add container instances or AWS scales the cluster automatically Lambda automatically scales
CPU/Mem/HDD or scale use ECS Services and EC2 Auto concurrent executions up to default
horizontally (automatic) with Scaling limit (1000)
Auto Scaling
Use for traditional applications Use for microservices and batch use Use for microservices and batch use Use for ETL, infrastructure
and long running tasks cases where you need containers cases automation, data validation,
and need to retain management of mobile backends
underlying platform
No timeout issues No timeout issues No timeout issues Limited to 900 seconds execution
time for single execution (3 second
default)
Pay for instance run time based Pay for instance run time based on Pay for container run time based on Pay only for execution time based
on family/type family/type allocated resources on memory allocation
Section 10: AWS Lambda – Hello World
Region
Event written to
CloudWatch Logs Run test event
Users
Amazon CloudWatch AWS Lambda
Section 10: AWS Lambda – S3 Event Source Mapping
Region
Event written to
CloudWatch Logs
S3 notifies Lambda Jpg image upload
Region
Lambda polls
DynamoDB Item updated
Users
AWS Lambda Amazon DynamoDB
Event written to
CloudWatch Logs
Note: Supported poll-based
services are DynamoDB, Kinesis,
and SQS
Amazon CloudWatch
Section 10: API Gateway Overview
Region
VPC
Private subnet
Website
EC2 Instance
AWS Cloud
Key benefits:
Edge-optimized endpoint: • Reduced latency for requests from
around the world
Region
Key benefits:
Regional endpoint: • Reduced latency for requests that
originate in the same region
• Can also configure your own CDN
Services in and protect with WAF
Amazon API Gateway
same region
Region
Request sent to
REST API request
Lambda
Mobile
client or
other client Amazon API Gateway AWS Lambda
DELETE, GET,
POST, PUT
Amazon DynamoDB
Section 11: Database Types – Relational vs Non-Relational
Key differences are how data are managed and how data are stored
Relational Non-Relational
Organized by tables, rows and columns Varied data storage models
Supports complex queries and joins Unstructured, simple language that supports any
kind of schema
ACID (Atomicity, Consistency, Isolation, Performance is typically prioritised
Durability) compliance typically enforced
Amazon RDS, Oracle, MySQL, IBM DB2, Amazon DynamoDB, MongoDB, Redis, Neo4j
PostgreSQL
Section 11: Types of Non-Relational DB
Key-value – e.g. Amazon DynamoDB
Key differences are use cases and how the database is optimized
Relational examples: Amazon RDS, Oracle, IBM DB2, Relational examples: Amazon RedShift, Teradata, HP Vertica
MySQL
Non-relational examples: MongoDB, Cassandra, Neo4j, Non-relational examples: Amazon EMR, MapReduce
HBase
Section 11: Databases –Architecture Discussion
Only database engine on primary instance is active All read replicas are accessible and can be used for
read scaling
Automated backups are taken from standby No backups configured by default
Always span two Availability Zones within a single Can be within an Availability Zone, Cross-AZ, or
Region Cross-Region
Database engine version upgrades happen on Database engine version upgrade is independent
primary from source instance
Automatic failover to standby when a problem is Can be manually promoted to a standalone database
detected instance
Section 11: Amazon RDS Multi-AZ
Endpoint address:
digitalcloud.cp4nicjx1son.ap-southeast-2.rds.amazonaws.com
Region
VPC
Availability Zone
Synchronous
replication
Availability Zone
Region
VPC
Availability Zone
RDS Replica
EC2 App Server EC2 App Server
Synchronous Reads and writes
replication
Availability Zone Reads only
DB compatibility Compatible with existing MySQL and PostgreSQL open source databases
Aurora Replicas In-region read scaling and failover target – up to 15 (can use Auto Scaling)
Cross-region cluster with read scaling and failover target – up to 5 (each can have up to 15
MySQL Read Replicas
Aurora Replicas)
Cross-region cluster with read scaling (fast replication / low latency reads). Can remove
Global Database
secondary and promote
Multi-Master Scales out writes within a region. In preview currently and will not appear on the exam
On-demand, autoscaling configuration for Amazon Aurora - does not support read replicas
Serverless
or public IPs (can only access through VPC or Direct Connect - not VPN)
Section 11: Amazon RDS Aurora Replicas
Feature Aurora Replica MySQL Replica
Number of replicas Up to 15 Up to 5
Asynchronous
replication Reads Reads
Asynchronous
replication
Region
Reads Reads
Section 11: Aurora Global Database
Region Region
Primary Region Secondary Region
NoSQL type of database with Name / Value structure Flexible schema, good for when data is not well structured or unpredictable
Horizontal scaling Seamless scalability to any scale with push button scaling or Auto Scaling
Captures a time-ordered sequence of item-level modifications in a DynamoDB table and durably stores the
DynamoDB Streams
information for up to 24 hours. Often used with Lambda and the Kinesis Client Library (KCL)
DynamoDB Accelerator (DAX) Fully managed in-memory cache for DynamoDB that increases performance (microsecond latency)
Transaction options Strongly consistent or eventually consistent reads, support for ACID transactions
Backup Point-in-time recovery down to the second in last 35 days; On-demand backup and restore
AWS Cloud
VPC
Permissions: Permissions:
• Access DynamoDB • Access DynamoDB + DAX
Security group
Asynchronous Asynchronous
replication replication
Feature Memcached Redis (cluster mode disabled) Redis (cluster mode enabled)
Yes, place nodes in multiple AZs. Yes, with auto-failover. Uses read replicas (0-5 Yes, with auto-failover. Uses read replicas (0-
Multi-AZ
No failover or replication per shard) 5 per shard)
Scaling Up (node type); out (add nodes) Single shard (can add replicas) Add shards
Multithreaded Yes No No
Backup and restore No (and no snapshots) Yes, automatic and manual snapshots Yes, automatic and manual snapshots
Section 11: ElastiCache Memcached
Region A
Each node is a
partition of data
Shard
Can failover to a
replica
Primary
Availability Zone
JDBC/ODBC
SQL Client / BI Tools
Snapshot
Amazon DynamoDB
Analytics Tools
Amazon RedShift
Shards
Producers capture and
Amazon EMR
send data to Kinesis
Kinesis Firehose
Shards
Producers capture and Amazon Elasticsearch
send data to Kinesis
Data is loaded
Firehose captures,
continuously to
transforms and loads
destinations
streaming data
Section 12: Amazon Kinesis Firehose Destinations
Amazon Elasticsearch: delivered to ES and optionally to S3
Amazon S3: delivered to S3 bucket, optional backup
Amazon RedShift: delivered to S3 bucket first, then RedShift Splunk: delivered to Splunk and optionally to S3
Section 12: AWS Lambda and Kinesis Stream
Shards
Upload record to stream
Lambda Function Amazon CloudWatch
Availability Zone
Create cluster: Core Hadoop,
HBase, Presto or Spark
Root access to
cluster instances
Optionally attach Create step execution: streaming,
EBS volumes Hive, Pig, Spark, custom JAR
Amazon EMR
Amazon Simple Storage Amazon S3 Glacier Amazon Redshift Amazon DynamoDB Amazon RDS HDFS
Service (S3)
Section 13: Application Integration Services
Lambda
Decoupling
Email
SMS
Text
Section 13: Simple Queue Service
Amazon CloudWatch
Event written to
CloudWatch Logs
Lambda function
Queue
Amazon Simple Notification Topic Amazon Simple Queue Lambda
Service Service
Lambda
polls SQS
Application
Section 13: Simple Queue Service Queue Types
Section 14: Infrastructure as Code and PaaS
Can be used to deploy almost any AWS service Deploys web applications based on Java, .NET, PHP, Node.js,
Python, Ruby, Go, and Docker
Uses JSON or YAML template files Uses ZIP or WAR files (or Git)
CloudFormation can deploy Elastic Beanstalk Elastic Beanstalk cannot deploy using CloudFormation
environments
Similar to Terraform Similar to Google App Engine
Section 14: HA Wordpress using CloudFormation
Section 14: HA WordPress with Elastic Beanstalk and RDS
Region
VPC
Elastic Beanstalk environment
RDS Standby
Section 15: Monitoring and Logging Overview
CloudWatch CloudTrail
Performance monitoring (operations) Auditing (security)
Log events across AWS services – think operations Log API activity across AWS services – think activities
Alarms history for 14 days No native alarming; can use CloudWatch alarms
Section 16: IAM Authentication Methods
Consists of an
Access key ID and
secret access key
Identity-based policies
Region
Type of CMK Can view Can manage Used only for my account
Customer managed CMK Yes Yes Yes
Pricing Upfront cost required ($5000) No upfront cost, pay per hour