IAM allows managing user access to AWS services by controlling authentication and authorization. It provides centralized control of an AWS account and granular permissions. Key features include identity federation, multifactor authentication, password rotation policies, and support for compliance standards.

1. Identity Access Management
IAM allows you to mange users t levels of access
to AWS console
IAM Provides
Centralized control of yourAWS account
Shared Access to Aws account
Granular Permissions
Identity Federation ex Active Directory
Multifactor authentication
Temp access for users Idevicest services as
necessary
Set up password rotatron policy
Support PCI DSS compliance financial Industry
Critical Terms
Users End users
Groups Collection of users under one set of permissions
Roles erect roles assign torus users
Like assignme Rtw to 53 IEC2
a
Policies Document that defines oneImore permission
Can be to user group or role
Summary
IAM is universal
Root account is theaccount crated when you first
setup AWS account complete Admin Access
New Users have no permissions when f rst crew
New users are assigned Access
key ID SecretAcesstu

2. Not same as passard used an API1cLI
Can only downlod Access key ID 1 secret
Acces
Irey once it you lose them recrate
Always set up MFA on foot
You can create t customize
your own password
rotation policies
Web service that provides resizable computer
capacity in the cloud
EC2 reduces time required to obtain boot new servers
down to minutes greatfor changrn computer
regs
Payonly for used capacity
Provides devs the tools to build future res liar
apps and isolate themselves forcommonfailure seen
Pricing options
On Demand allows you to pay a Fsd rate by
hour or second with no commitment
Reserved Provides with capnotV reservatint
offer discanton hourly chargefor instance
1 3 year tens
Spot Enables you to bid whatever price
you want for instance capacity lotof
Savings
Dedicated Hosts Physical Eca server dedicated
foryour use Reduce cost byusing
Elastic Compute Cloud (EC2)

3. your existing licenses
On Demand
Users that want low cost flexibility of Ecn
without Opfan paymentHongterm
Apps with shortterm spiky or unpredictable
workloads that can't be interrupted
Apps being developed1 test on Ec2forfirst time
Reserved
Apps with steady stale predictable usage
Apps that require reserved capacity
Users can make up front payments toreduce
total costs even further
Standard RI's Cup to 78 off on demo
Convertible RI's up to54 off on demand
fed.se capabilik to change attributes of RF
US Ions as exchange results in Crohn of
reserved in Shri
Scheduled RI's available to Haunch
with
time window
you reserve predictable
recurring schema
Spot
Apps that have flexible shrtlend tons
Apps only fqs.be at very low compote
pus
Users with urgent need for large amount
ofadditind computing capacity

4. Dedicated Hosts
Useful for regulatory requirements that may
not support multi tenant virtualization
Good for licensing Hut does notsupport multi
tenant cloud deployments
Can be purchased On demand hourly
Can be purchusd as a reservoir for upto 704
off on demand price
EC2Instance Types
Elastic Block Storage EBS
Storage volumes to be attached to EC2
Placed in specific avail zones replicated to
protect from failure of single component
TOPS Input IOP notions per second

5. Volume Typos
General Purpose SSD GP2
Balances parcelperformance
Ratio Of 3 Iops per GB with up
to 10,000 tops t ability to buff
up to 3000 tops forextende periods
of tire for Uob ot 3334Gibt ab ve
Provisioned IOPS SSD CIO 1
IO intensive apps such as large
relational NOSQLdb's
More than 10,000 tops
Provison up to 20,00010ps per volume
Throughputoptimized HDD STI
Big Data
Data warehouses
Log processing
Cannotbe bootvolune
a Cold HDD SCI
i Lowest cost storage Fwinfrequently accesd
worldodds
File server
Cannotbe boot volume
Magnetic standard
Lowest cost for bootab
Infrequently accessed

6. Exam Tip
If spot instance terminated by Aws
you will not be charged for portw hour
of If yal terminate instances
Youh will be chart for complete hour
Types of load balance
Application Load Balancers
Network Load Balancers
Classic Load Balancers
Application Load Balances
Best for LoadBalancing HTTP HTTPS
Operate at t application a woe
Intelligent can create advanced request send
specific requests to specific serums
Network Load Balancers
Load Balancing of TCP where extreme performance
is required L4
Capable of handling millions of requestsIsecond
with ultra low latency
Classic Load Balancer
Legacy Elastic load balmier
HTTP HTTPS app t L7 featres lire X Forand
sticky
session also strict 24 for apps out
Elastic Load Balancer

7. need only TCP
Load Balancer Error
Classic Load Balancer
ELB responds with 504 emo
App is having issuers at web server
db layer
X forwarded for header
9
Look here for
ipv4
Types on AWS
SQL server
Oracle
MySQL server
PostgreSQL
Aurora Amazon's own
Maria DB
Non Relational DB
Relational Databases (RDS)

8. Database made up at
Collection Table
Doc Row
K V par Fields
Doesn't needto be predefend
Data Warehousino
Used for Business Intelligence BI
Used at a business level to doqueries forreportngohly
OLTP OLAP
Online Transactor Processing
Orde pull name address
Online Analytics Processing
a Complex
Net profit for EMEA requires multiple games
Elasticache
Makes it easy to deploy opera and scale
an in memory cache in cloudF
Service improves perf of webapps byallowing
to retrieve intro from fest managed in Mem cache
Supports 2 opensource
engines
Memcached
Redis
RDS OLTAP
Redshift OLAP

9. Types of Backup
Automated Backups
Allows you to recover DB to any pointin
time with a retention period
Between I 35 days
Full daily snapshot t store transaction logs
throughout day
It will restore daily bukup t apply transach
logs up to relevant poor2
Recovery time with I second accuracy
Enabled by Default and free storage spa
equal to size of DB
Backups taken in defined window storare IO
might be suspended in Hut fme
DB snapshots
User in it.nu
u stored even after you detut original RDS
instance
Whether you restore Ado torSnapshot restored versa
will be a new RDS enplroom with new DNS
Encryption
Encryption at Rest supported by all DB's
Encryption done using Aws key Mgmt service Kms
Once RDS ienorum data and underlying storage
RDS - Backups, Multi-AZ & Read Replicas

10. and backus are encrypter
Encryption exists DB not supported
Crewe
snap copy then encryot
Multi AZ
Have exact copy of production db un another
availabilitywore
Aws handles replicotyiont failover
Not used for performance improvements
Read Replica
5 Read Replica per productror
bydefault
Scaleout dib to spread load across mult.pk
db's
Achieved with asynchpom replicator from
RDS to read replica
Used nor read heavy db worth'd
Used for scaling't Not recovery
Auto backups must be turned on
Each read replica will hire own DMs andpro
Read R.edu cm have Multi AZ
Cm creole read replica of Multi Arc
Elasticache is a web service that makes it easy
to deploy operate and scale an in memory
cache in the cloud
Elasticache

11. Retrieve info from fast managed in mem cache
Used to significantly improve latency for readheay
apps
Types of Elasticaiche
Memcached
Widely adopted memory obfect cachingsystn
Elasticist is protocol complrort with men
ache so works perfectly
Redis
Open source in memory box valve store
thatsupports sorted setstlisb
Elasticache supports masterlslove replica
multi Az to achieve cross AE redundancy
Multi Az redundancy only on Reds
Elasticache handle's red.s as a RDS
Elustrache handle Memoachted like Autoscaling
MemCached use cases
Object Caching as primary
Simple Caching Model
Large cache nodes win multithreaded perf with
utilot multi cores
Scale cache horizontally
Redis Use cases
More advanced datatypes
Sorting t Runkns datasets in men such as with

12. leaderboars
Persistence of keyshare
Run in multiple Aws Az's with Sailor
Redshift might be betterthan Blasticache if
people run OLAP transactions
S3 provides secure durable soluble obfect storage
on web
S3 is obfect based storage data is spread across
multiple devices facilities
Files can be from O S lb with unlimited storage
Files are stored in Buckets litre a folder
S3 has a universal namespace names mustbe unique
globally
When file is uploaded you get 200 status code on an
Data Consistency Model
Read after write consistency for POTS of new obbeds
Eventual consistency for overwritePUTS Deletes
Means it could take a bit of timeto refk
S3 is a simple key Val store
S3 is object based Obfect consists of following
key name of obfect
Value Data
Version ID
Simple Storage Service (S3)

13. Metadata
Sobresources Bucket specific Config
Bucket potions ACL
CrossOrigin Resource Sharing cops
TransferAcceleration makesushi uploads
Basics
99.99 availability Amazon GUARANTEES IT
AmazonGuarantees 99.99999999999 durability
for S3 11 95
Tiered storage available
Lifecycle management
Versioning
Encryption
Secure access to data
S3 storage TiersKlass
S3 9499 avail 99.99999999999 durability stored
redundant4 across multiple dens on moltok
facilities cansustain loss of 2 facilities once
S3 IA Infrequently fecessed Datu that is accessed
less frequently but requires
rapidaccess Lowerfeethan53
but charged Retrieval Fee
53 OneZoneIA
a
Same as IA but data is stored in single
AZ still 99.99999999999 durability
but only 99.57 availabrh cost is 204

14. less that S3
Reduced Redundancy Storax 99.99 durability t 9999
availability ofoobbat over
a given year
Glacieri very cheap but for archival only Tawes
3 b hours to restore from Glacier
Might
bephased out
Intelligent Tiering
Uknown or uppredictable access patterns
2 tiers
Frequent
Infrequent
Automatically moves clutn to most costeffective
tier based on how frequent4
youaccess a cobber
99.99999999999 Durabruh
Optimizes cost
Nofee foraccessing dutu but fee of
0025 1000obfects per month formonitoring

15. S3 charges
Storage per GB
Requests CGET PUT COPY ele
storage MGMT
Inventory Analytics obnect tags
Data Mgmt pricing
Datu transferred out of Ss
Transfer Acdeleratmon
Use of cloudfront to optimize transfers
Allnewly created buckets are private
You can set up access controls using
Bucket policies Applied BucketLevel
ACL's Applied Obueat lard
S3 buckets can be configure to create access logs
which loogy all regions made to S3 buckets logs
canbe written to another bucket
Encryption Types
In Transit
SSL TLS
At Rest
Server Side Encryptions
S3 Security
S3 Encryption

16. 53 Managed keys SSE S3
Aws key Mgmt hanged tray SSE Hns
Server side ncrpptnwithcuswm.erprovided keys
SSE C
Client Side Encryption
Enforce Encryption on 53 Bucket
Everytime file is uploaded to 53 Potion
If fie is encrypted at upload x ama serverside encryption
parameter will be in request header
2 options available
X ama serverside encryption
AES256 SSE53,53managedkey
X ama serverside encryption amsikmsfssEt.ms KMS managed
When included in header of Pot S3 will
ncryot.comenforce by denying all POT request without
that header
CloudFront is a CDN
CDN Content Delivery Network
System of distributee Sears thatdelivers webpages
andother web contents to user based on geograph
locations origin of webpage andcontentdelivery
server
CloudFront

17. Key Terms
Edge Locations
Locations where content is cachet t canbewritten
Sep run to AWS Renault
Origin
Origin of all files the CDN will drstabor
Could be 53 EC2 ELTB or Rose 83
Distribution
Nome given the CDN consists of collectors of
Edge
web Distribution
Typically used for webs.hr HTTPHTTPS
RTMP Real Time Messaging Protocol
Used for media streams Adobe
Requests for content are routed to nearest edge
locations
Cloudfront works with all Aws services t will
Visual of CDN

18. work with your own server
53 Transfer Acceleration
Fast easy secure trunsfer Ot Mes over long
distances between end users S3 bucket
Use cloudfronts globally distributed edge
location and then clam transferred to Amazo
S3 bucket
53 is designed to supportvery high request rates
If 73800PUT List DELETE or 75800 GET Is
then Optus e
Optimize
GET Intens e
VSC Cloudfrom
Mixed Revier Workload
keyname an impact workload performance
Use random prefix so 53 will drstr.ba
KEYS across multiple partitions
Introduce Random key runes todothis
Like a Hex Hash
Not as needa now
S3 Performance

19. Alexa uses Lambda Lambda is serverless
Its a higher level of abstraction
Lambda is a compote service where you can
Upload yur code cream a Lambda Funk
Lambda takes care of provisionry t
managing the servers thatyou use to run
the code
Used in following
Event Driven Compute Serve where Lambda
runs your code in response to events
As acompute service to run your code in response
to HTTP requests using
Amazon API gateway
on API calls made using Aws SDK's
Languages
Serverless Computing
Lambda

20. Node.US
Java
Python
so
GO
Priced
of requests
First 1 million requests are free
so per 1 million requests
Duration
Time code begins executnr until it retros
or otherwise terminates pounded up to nearer
100ms
Charged 00001667 for every GB secondused
Why Lambda
No servers
Lambda scales out not up automaticwho
Lambda functions are independent 1 event I functas
lambda functions
can trigger otherLambda Funches
Aws X Ray to debug
API is an Application Programming interface
Types of API's
REST API's CREpresentational StateTransfer
API Gateways

21. Uses JSON
SOAP API's simple Obfect Access Protocol
Uses XML
Amazon API Gateway
Easy for devs to publish monitor and secure
API's at any scale
Access code on Aws Lambda EC2
Expose HTTPS endpoints to define a RESTful API
Serverlessly connect toserviceslike lambda DynamoDB
Sendeach API to doff target
Runefficiently with low cost
Scale effortlessti
Truck Control usage by API key
Throttle Requests to prevent DDOS
Connect to Cloudwatch to logall requests for
monitoring
Configure
Define API
Define Resources Nested Resources
For ah resource
select supporter HTTP memo
Set securr I
Choose targe Ec2 lambda
Set Requr t
respire transfernow
Deploy API to a shoe

22. uses API Ganey domain bydeful
Can use custom domain
support Aws art marrow freeSSE
APIcaching
Reduce number of calls to API
Cached for specified TTL period
Same Origin Point
Web browser permits scripts contend in
a first web page to access dam in a
second web pm but
only if both web
Puy's huethe same morn
Prevents cross site script Attack Xss
Enforced
by web bras r
Ignoredby tools 1me Postmen Curl
CrossOrion Resource Sharon y 60ns
One vy server can relax same origin policy
Allowsrestricted resource on
web pure to be
requegu from another domain Gutsr damon
Whoh first resow was send
Browser matras HTTP OPTIAN call W URL
Server Return a respurasswtry approved domains
ErrorOrigin poilu Cnn t be ran
Youneed toenable LO RS

23. Versioning with Lambda YOU can publish one or
more versions of lambda function Youcan work
with with different variations of yourLambda in
der workflow
After you poptosh a version it is immutable
LATEST version you can change
Qualified ARN has Latest at end unqualifieddog
Alias
Create a PROD alias to a version number
litre LATEST and dmae Me alias instan
of manually changing all of it
Condit traffic between versions withaliases
Not with Latest tho
Step Functions allow you to visual.net testyour
serverless apps
Step Functions provide a graphicI console to
arrange visualize the components of app as
a series of steps
Makes simple to build run multistep apps
Step functions auto trigger train each sup t retrig
when there are arms
Step Functors log state ofeachstepfar Easy
Lambda Version Control
AWS Step Functions

24. I
diagnosis
types
Greatway to visualize Serverless applicator
Collects data about request that app sons
1 provides fools to view filter t
gars isight
into duh to fnd issues optimize
Info you can see
Request Respond
Calls app moves to downstream Aws resumes
Microser db's HTTP web APIs
Architecture
XjRgAY
Daenn X Rat API x RayConsole
t
x RAYSDK Scripted Tools
X-Ray

25. X Ray SDK
Provides Interceptor to add to code to trace
HTTP requests
Client hardly to Instrumor Aws SDG
Chat Not your app uses to all other
Aws services
HTTP Clint 10 instrument calls to other
Interni t external HTTP web genres
X Ray Intern X Rut languas
ECB Jun NET
a
Lambda GO
APA Gaterry node.us
EC3 Python
Elastic Baeansu Rob
You can use API Gareau inert to import
API from externs
You can also overrule wa API
Use Swagger for new API
API throttm
steady stone Request limit to 10,000 rps
8000 concurrent within Onc MS
You can use API Gateway as a SOAP web service
Passthrough
Advanced API Gateway

26. Fast Flexible NoSQL db service for all
apps tht need consistent single digit mil second
latency
Fully Managed DB supports documettboy ual
data mode's
stored on SSD
spread across 3 Geographically distry data center
2 consistency type
Eventual consent Dewit
Consistency across an opus ofduh 5 usually
reached within a sewn Best ReadPerformance
Strongly consistent
Returns result Hrt reflect all her to
Shut reciern Successful response priorto rear
Made up of
Tables
Items
Attributes
Suppose key value document
key name
Value voila
Docs can be in JSON HTML or XML
Primary Keys
Stores Retrieves doin based on primary key
DynamoDB

27. 2 Types
Partition key unique attrib
Value d Partition key is input to
internal hash funchs whichdetermines partition
or physical location
No 2 items can hire same primary key
Composite boy Partitionkey Sort keys
Partitionkey User id
softtray timesterm of poor
Jitens may hate the same partition
key but different sort key
Allitems with some portora key
stored town then sortedby sortkey
Access Control
Managed via IAM
Emmate IAM role with temporary access has
Can restrict access only to users react
Index is adata structure that alters
you to
perform fast queries on specific columns
2 Types Of Queries in Dynamo DB
localSecondary Index
Can only be created whencrednyton
Cannot add rear or mod.tl it lair
Indexes

28. some part on
key as original tub's diff
sort key
Goes different urn of dark organs
accordur to an alt sort m
Any queries based on Vhs sort be are
much faster using the index 8hm man tonic
Part.tn trey user 10
Sort key Account craton desc
Global secondary Index
create whenever
Diff port trey t diff sort toy
Query
finds item based on PK distinct val
so user Id 212
Optional Sort boy name value to refine
By default returns attribute but you can
use Profection Expression to return specific
Results are always sorted by sort key
Scan vs Query API Call

29. By default in ascendrr order 1,2 3,4
Reverse Orde by setting Soon IndexForward
Param
By default eventonly consistent can be set to
strongly consists
Scan
Examines every item in table
Returns all dota attribute bydefault
Use Projection Expression to return specific
parameters
Query vs Scan
Query more efficient
San bust dumps then filters
Avoid scan if you can
Set page size to prevent lot of user
Scan by default processes data in Imb sequent
end can goon one partition frm
Youcan set up parallel scans
DynamoDB Provisioned Throughput is measured in
capacity units
When creating table you sporty
I white capacity Ix Ikb wr.ie s
Ix Read on it
DynamoDB Provisioned Throughput

30. Ix strongly consistent rear of 4k61g
or
2x Eventual consistent rewd of 4Kb s deh
Example config
Sx real Caparty Sx rwrite
i
g x 4Kb Strongly 20Kb re or
Even.tw 40Kb
by Hsb writes
Charges apply for reading writing t
storing
With on demand no need to specify
DynamoDB instrHy scales optdru
Great for unpredictable requests
i
Only pay for what you use
Or preset as abri
DAD
Fully managed clustered in mens cache for Dynamo
DynamoDB Pricing Models
DynamoDB Accelerator

31. DB
Up to 10x Read performance improcmar
Microsecond performance for millions of requestsBean
Ideal for read heavy t bursty workloads
DAX is a write through cache serum
Data is written to DB Cachou
DAX allows you to pount DynamoDB calls at
Dax cluster
If not present it performs eventually
consistent Ge.tIiemop
rahrayanstDynanDB.Not suitable for
Strongly consistent reals it is for eventual
constistent only
write intensive
Apps that don't perform manyread ops
Appsthat don't requiremicrosecond response
In memory cache in the cloud
Improves performance of webapps allowing you
to refine info from fast in mom cache rather
than slower disk DB's
sits between app dB
Good if DB is read heavy anddata doesn'tchase
frequently
ElastiCache

32. Frequently accessed data store in mm forlow
latency access
2 types
Memarched
Multithreaded
wide adoption
No multi Az capability
Redis
open source
supports complex data Stud w
supports multi Aatmasterls1w
repticatm.Caoh.nstrategy
Lazy loading
loads data in cache only whennecessary
Add TTL to determinewhen to reload
Writethrough cache
adds or 6Padotes to cache when ur
data is written to DB

33. DAX vs Elasticacha
Dax is only for Dynamo DB
Elasticache is mainly forRDS t for lazyloading
ACID transact Tm Atonic Consistent IsolatedDuran
Read or wrne multiple items across multuretable
as an all or nothy porn
Check for Pre Ref condin before ur inn to a robe
TTL attribk is an
expiry time for data
Expired Items morted for demon
Grout her removing irrelevant or Old data
Session Data
Event logs
Temporary Dwtn
Reduces cost by auto removrardata which is no longer
relevant
DynamoDB Transactions
DynamoDB TTL

34. TTL is EPOCH
T.me eEe of itemlevel modMinustinselt.updwe.de
boys are encryted Rest
twoAccessd using a dedicatedendport
Bydefault Primary key is recordA
Before After Inaynes can becapture
Events recorded in new realtime
APPS take actions based on Conners
Evens source for Lambdin
Execute code based on Dynamo DB lambda even
Exception
Request route is too high for readlwrte
capacity provisioned on Dynamo DB
Kae
SDK auto retry till success at
If not using SDK
Reduce Request Frequency
Use Exponential Badroft
Exponential Bactoff
Progressively lounger waits for improve1
flow control
DynamoDB Streams
Exceptions
Provisioned Throughput Exceeded

35. After I mrntte its afa I
Feature of AN Aws SDK's
KMS is a managed service thatmakes it easy
for you to create control your encrystin ers
Kms is integrated with Mony AWS seravy
Key can NEVER Be exported
CMH customer Master key
alias
creation date
descriptors
Key state
key material customerlaws provided
Aws Kms encrypt
owns Kms decrypt
aws Kms re encrypt
raws Irons enable key rotator rotatetreysevery year
Useenvelope try to
encryptdata
Encrupt the envelope
KMS (Key Management Service)
KMS API Calls
KMS Envelope Encryption

36. Kev until
Use master key to decrypt dumire and use
decruoenvelope key to decrypt data
Oldest Aws service
Webservice that gives you access to a message
que tht cm be used to store messages while
writing to process
Distributed Queue Suan tht Enobe webapps
to quickly treliad queue messages generose in
one AMponent for anork componor
Queue is temp inept for messages a warty procesun
SQS is a poll based systems ec2 alway
pulls looking for fob
SQS messages stay in aveu till pick up
You can decouple component of app so they
run indepernut I for easy message monument
Simple Queue Service (SQS)

37. a component at distributed app on shore messa
in queue up to 286813 Ot text in any font
Any component sun later get messages using Sas
API
Queue acts as buffer between componentthat produces
1 component that sues duh
i Queu resolves issues that orne it producer is
producing work faster than consumer or producent
conswe are only ithtermottrity connectedto network
Types of Queues
Standard Queue default
Default owe tape
Unlimited of transactions Sean
Occasional duetohighlydistributed messages
mightbe delivered out of our
Best effort ordering
a
First In Fist Out FIFO
Exactly once process.us
300 transactions second
Messages senttrecieved in order
Delivered only once

38. s
All capabilities of stendart over
Key Facts
Sas is pull based
Messages are 256 KB in size
Messages in queue from Immute 14days
Default retention period is 4 days
Sas guarantees messages processed
attenege
SQs visibility 1 meat
Amout of time message is invisible in Sas
queue after reader picks p message
If fob processed within true then message deleted
Ftse message become visible again andanotherreaderprocess
message might be delivered twice
Default visibility timeout is 30secondA
Max is 12 hours
SQS Long Pollini
Regular Short poling returns immediately even if
queue is empty long potty doesn't return respas
till messagearrives in Queue or longDolltimes out
As such longpolling can save you money
Web service that makes it easy to set up operate
Simple Notification Service (SNS)

39. and send notifications on the cloud
Provides devs with a highly scalable flexible
cost effective capability to publish messages from
an app t
immediately delur them to subscribers
or other apps
SNS cm also delver to SMS SQs or HTTPendports
SNS can also trigger Lambdafundus
When lambda is involved it is invoked with
Payload of published message
Lambda relieves payload as input t can
manipulate info in message publish to another
Sws topo or send to other AWS S3 etc
SNS allows you to group multiple recipeints usingtopic
Topic is an access point forallowing recipientsto
dynamically subscribe for identical copies of same noftifican
Onetopic can support delivery to multiple endpoint
types
When you publish to atopic SNs delivers
appropriately formatted copies of message to each
subscriber
To prevent loss all messages stored redundant't
in multiple AZ's
SNS Benefits
Instantaneous Polling Based delivery
Simple API t easy integration with APD

40. Flexiple Message delivery over multiple transpur
Protocols
Inexpensive pay as
you go model
Webhoused Aws mgmt
SNS vs Sas
SMS push
SQS Pull Polls
SNS pricing
40.50 per 1 mil Amazon SNS request
0.06 per 100,000 Notifiedn deliveries over HTTP
0.75 per 100 Notinfronton deliveries over SMS
2.00 Per 100,000 Notifiedn deliveries over mail
SNS follows the publish Subscribe pubSob
messaging paradigm with notifications being delud
to clients oxy pus
SNS gives devs easy mechanism to incorporate
a powerful notification system withy AND
Highly scalable highlyavailable emaiserne
designed to help marketing teams app devs
send mats with pay as you go nude
Can also be used to recieve emails into an 83 Suchet
Mails can beused to 7h8mn Lambda SNS notified
use cases

41. Automated
Emails
Purchase confirmutra Shopping order Udpchl
Service to deploy 1 Scale web apps built in
Java PHP Python GO
i
Net Node.es Ruby Docker
and utilize on platforms lire Tomcat Ngok
Passenger
Its
Devs can write on code and not worry about Infra
Upload code Elastic Beanstalk handles all resourcemgmt
You only pal for resources required to stretronapp
Monitor mane app v a dashboard
Options for Processing deploymentupdates
All at once
Deploys new version to all instances simultaneously
Elastic Beanstalk
Updating Elastic Beanstalk

42. All of your instances are out of service whole
deployment takes place
Outage will occur Omedeployment takes place
If updue fails you roll buds by redeploying
oldverses to all instances
Rolling Deployment
Deploys new version in batches
Batch of instances taken out white deployment
in place
Environment capacity will be reduced by
of instances in batch while deployment takes
place
Notideal for performance sensotuesystems
If update fouls you need to perform an
additional rolling updateto roll backthe
changes
Rolling withadditional batchpolicy
Launches additional botch of instances
Deploys new version in batches
Maintains full capacity during deployment
If update fouls you need to perform an
additional rolling updateto roll backthe
changes
Good for performance sens tie
Immutable Deployment policy

43. Deploys new version to fresh group of instances
in own autoscalmer group
When new instances pass they move to Existry
autoscaling group toldinstance is terminated
Maintains full capacity doing deployment
Impact of failed update less fostroh back
byterminating new autoscaling group
preferred option for mission crited prod system
You can customize elastic beanstalk by adding
configuration files
YAML or JSON
Files hue confry
saved to doextensions foldr
Must belocatedon ID of APP source
codebundle
You can launch RDS from within ELB console
good for test t dev
Drawback is RDS is tied to deployment
notagood for prod
For Prod decouple RDS from ELB launch it
separately
To dosepartui
Additional security group must be added to
RDS & ELB

44. Environnots auto gating group
Need to provide connech string config into
app senorrs
Streamy data is data generated contrivasa
by thousands of data sorcas data sent sandtrees
andin small sizes order of KB's
Purchase from Amorn
stock Prices
Game doin
Geospatial data
kinesis is a place to send AWS streaming data
too Easy to load analyze data provides ability
for you to build custom apps
Core finesis Services
kinesis streams video1 data streams
Consists of Sherds
Kinesis

45. b transactions persecond for reads up to a
mat total data read none of 2m13Is
1000 recordsIs up to total data wrote
of Imbls
Datu capacity of stream is functon ot
number of shards you specify for
steam Total capacity of stream S sum
ofcapacities of shards
kinesis Firehouse only data streams
Automated send to 83 then send to
Uhuteuer for doin process y
kinesis Analytics

46. Run SQL queries of data from Firehouse
or streams then send it to something else
Contrinous Integration Continouse Delivery1Deploymes
Make small incremental code charges
Can make thousands of changes per day
Automation Good Manual Bud n
Testing charges as they go
Workflow
Shared code Repo
Automated Build
Automated Tests
Codemerged
Prepped for deployment
Masud decidorm todeploy fully
www.DevTools Aws
Codecommit Bitbucket
CodeBuild Ceomples coe runs tests
CodeDeploy Automate code deployment
codePipeline End End build test
and deployapp
Central code repo
Developer Theory
CI/CD
CodeCommit

47. 2 Deployment Approans
In Place
App is stopped on each instance new
rehearse is inshnd
Rollin upduh
Blue Green
New instances with new
deploymentsmade
Blue is active deployment
Green is new release
In Place
Shop app on Froot instra instance will
be Arw so more ELB redroot
CodeDeplowy insists new versa ahu Revision
andinstore cones back into Sem
Roll But
No quick fr
CodeDeploy

48. Redeploy prevers varson
Blue Green
Blue is current verse
Greer is new instrice with new Revision
Use ELB to roll
Roll Ban
Easy
Set ELB to direct traffic ban
to old environment
Deployment using Anp Specific
EC2
YAML file
LAMBDA
YAML JSON
YAML
version
OS
f les configfiles Pachas

49. hooks lifecycle Eventhoots scripts the
need to run at a certain port
Scripts you might Runduring deploynt
U zip files unzip apps
Ron testis
Lifecycleevent hero dealwith load balanad
path to f ie
These are the lifecycle hooks
Typical folder setup
apps c 4mL must be in root
IScripts
Config
1 source
Lifecycle event hoots are
runinaspecificopoter
CodeDeploy Lifecycle Event Hooks

50. known as the Run order
3 distinct Phases
Phase I
De Register instance from load balances
Phase 2
Nuts Bolts of App deployment
Phase 3
ReRegister instances with LoudBalancer
Hook Types
BeforeBlock Traffic
Tasks you wantto run on instances beforethey
are de registered from a Load Balancer
Block traffic
De register instnes from load balancer
After Block Traffic
Tusks you wantto run on instances after they
are de registered from a Load Balancer
Block Traffic
Application Stop
Gracefully stop the application
DownloadBundle
CodeDeploy agent copies app revision files
newversa to temp location
Before Install
Preinsult scripts backing up decreptins

51. s p y p p
Install
Copy app revision files to final loco'm
After Insta
Post install scripts confuse
He perms
Application Stint
Startany services thatwere stopped dry
Appstop
Validate service
Test to validate its worth
AfterBlock Truth
Before Allow Traffic
Tasks you want to run on insting
before they are regised with loud Balmir
Allow Traffe
Regissed Instances with Load Balanced
AfterAllowTrafe
Tasks to run after they are registered
with load Balancer
These steps are for an In Place Deployment

52. Fully Managed CIND service
Orchestrate build test deployment
Automated Release Process
CodePipeline Integrates
Code Goat CodeBoidCodeDwi Github Jeni ns
Elastic
Ban Cloudfont Lumbar ElasticConlan
CodePipeline workflow
Fully managed Contrainer orchestration secure
DockerContainer
CodePipeline
Elastic Container Service

53. Advanturas
Highly Scalable
Fault tolerant
Easy To maintain
ECB
Supports Docker t windows
It is an orchestration platform the Kubternetes
Clusters of UM's
Forgate fer senseless
Serveless E
ECL fr more contm
ECR
Elastic Container Registry
Store container imags
Ecs connects to it to grab ins
Whit uses ECS
Amazon SagemaLr
Amazon Cer

54. Amvzon.com
ECS Alterns
Fargate for serveries
Don't need to worry for EG
ECL
Full conto
Docker command
docker build
dourer
tag
doober push
Other codebuild into
Use boilodspecryn to define build comn not
settzs used by codebuild to run bump
ONernuesettns in buildspe.ynlbyadd.it
Own command when you launch build
It buildfuls chew dogs
CloudFormation is a service thatallows you
to manage configure t provisnn your AWS infra as
code
Resources defined using cloudFormath tempura
CloudFormation interprets tenhutt Mutes approporot
API calls to create resource 40 have dear
CloudFormation

55. Supports YAML JSON
Benefits
Allows you to provision interface is consistent
way
Less time 1 Effort than Mcnelly
Version Controt t Peer Review templates
Free to use Justput for what you crate
Used to manse updub tdependeniy
Can be used to rollbats 1 delete theentree
slack as well
CloudFormation Template
YAML or JSON templore used to describethe
endstufeot the infrastructure
you are epatouison or chano
After creating femolate you upload in to clooodfornutin
using S3
CloudFurman reads the template makes API
calls on your behalf
Resulting Resource are called a
study
pretty much
all fields are
optional

56. Main ones
Parameters
inputcustom Valb
Conditions Provisions resources based on environs
Resources Mundowy Awsrescue to Eros
Mappings Creole custom Mvppins lire Reso
Transwns Reference code located in S3 or
reusablesimpet f GoodFormin Id
Extension to cloudformaton used to define severless
applications
Simplified syntax for definingserverless resoro
API's Lambda Functors DynamoDB tables Ete
Use SAM Cii to package deployment code upload
to 53 t deploy Serverless
application
Commands
Serverless Application Model (SAM)

57. Finds 5AM compatible template Uploads
to specified 83 bucket as package
takes template fates stuck name
capabilities Param allows cloud front to
create IAM use
deploys serverless app
Nested stacks allow re use of CloudFormat
code for common use cases
Instead of copying out code create standard temple
for each common use cue t ref within
CloudFormation template
erase'Etemplose Extra
here in S3 and Proport
Use as templar
sam package
--template-file ./myTemplate.yml
--output-template-file sam-template.yml
--S3-bucket S3-bucket-name
sam deploy
--template-file ./myTemplate.yml
--stack-name mystack
--capabilities CAPABILITY_IAM
CloudFormation Nested Stack

58. lets you give users access to Aws resource after
they have succesfully authenticated with 3rdpartyprourda
Google FB Blah
After successful authenticator user recives authentic's
code from web ID proidor will trade for Aws
security credentials
Amazon Cognito
Provides Web Identity Federation with
Sign Up Sign in of Aps
Access for guest users
Act as id brotherbetween your appt web
ID proders so no additional code
Synchronizes user datafor multiple devices
Recommended approach for web IdentityFederatin
A
No need to embed or Skre Aws credentials
makes seamless experience
Advanced IAM
Web Identity Federation

59. User Pools
User directories used to manage sign up 1 sign in
functonility
Users can sign in to user pod directullindirecty
via FB Gooey
Cognito acts as ID Brow between ID provider
Aws
Successful Authenticutu generals 550N WebTokens
WTs
Identity pools
Create unique identities for your user
authenticate wth Id provers
With ID you can obtan temp limited
provelese AVS credential to access other
Awsservices
Cognito
a
Cognite tracks association between user identity
various devices they sign in from
08Nto uses Push Synchronization to push updatese
Cognito User Pools

60. e
synchronise user data across Moltkedeux
SNS is used to sendsilent push notifickn
to all devices associate with given user
id when data stored in cloud charges
3types of policies
Managed Policies
Customer Managed Policies
Inline Poles
Managed Policy
IAM policy which is created administered by
Aws
Aws provides managed policies for common use
cases based on fob function
Managed Policy can beattached to motta
users groupspoor are
Can't change
perm defined in Aws managed policy
Customer Managed Policy
Standalone policy you create andadminister
within your own account
Copy existing Aws modify scratch
Inline Policy
Policy Embedded within user group or
role to when it apples
IAM Policies - Advanced

61. Can not attain to other users it is 1 t
Once user gone police gone
Managed In line but still useful
STS Security Token Semis
API provided by STS
Returns temp credentials for users rescindexternal
web proud r
For mobile apps cognito is recommodn
Cognito makes these apt calls
This is for regular web apps
user ARN
toreferto
CredentI
Default lasts
1 hour
STS - AssumeRoleWithWebIdentity

62. CloudWatch is monitoring service to monitorAws resources
Apps on AWS
Can Monitor
Autoscaling Gruns EBS volvas
ELD Storage goferv
Rate53 health Cloudfront
t wayMore
Bydefault monitors Host level memos
CPU
Network
Disk Can't see detailedinfo like per VDILBYdefault
Status Check
RAM utilization is a custom metric
Bydefault EC2 monitory is 5 minute if detailed
monitoring it is I minute
How long are Goodwatch Metrics stored
Retrieve data
using Gethetric Stat API on
using 3rd party tools for Awspartners
Store Loco data by default indefinitely
Can refine data from terminated ECHELB
Metric Granularity
Default metrics vary based on service
from 1,3 or b minus 5 min standardforearmpuns
For custom metres the minimum granularity is
CloudWatch

63. I minute
You an creole Alarm to monitor my Amazon Cloudwatu
Metre in your account
Cloudwatch can be used on Premises use 8Mt
doodwaleh
agent
Cloodwatch Mon.tors Performance
Cloudtrail Montrs API calls in Aws platform
AWS config records the state of Avs environment
can notify you of changes
Postpone delivery of new messages to
queofor of second
Messages sent to Delay Queu remain invisible
to consumers for adoration of dewy pent
Defaultdelay is 0 seconds up to 900seconds Bns
Standard Queue
Changing the setting doesn't affect delay
of messages in queue only new messages
FIFO Queue
Changing affects delay of messages in
queue
CloudWatch vs CloudTrail vs Config
Additional Updates
SQS Delay Queues

64. When to use
With large distributed apps you might
need d
Apply delay 10 entire queue of messages
Like delay until order is contrite
Use S3 to manage
Messages 2286Kb E 2GB
Use Amazon Sas Extended Cilient Libra for
Java to manage them
Aws SDK also needa
sSQsextendeCilientLibforJwe.Spo.r 4 messages alway stored in S3
or only messages 286GB
Send message which references messageobject
stored in S3
Get message obyet from S3
Delete message Objectfrom 53
Cannotuse Aws CLI MonaganentConsole SQSAPI
Control number of items included in outat when
Managing Large Messages in SQS

65. CLI command is run
Default page size is 1000
If it is over it mutes API call muttp ima
If you see errors when runny list on large number
because of time our
To fix use
page size
Justdoes more API calls that is now
ah tune
Max items
Return fewer items in CLI command
Testeffects of IAM policies before commitry them
to producten
Validate policy works as expected
Test policies already attached to Exisin users
great for troubleshooting an issue whichis IAM
related
Kinesis data stream is a set of shards
Shard is a sequence of data records in Skream with
uniquenunhror
Per Shard Limits
5 read transactionsscan up to 2m31s
IAM Policy Simulator

66. 1000 write1second up to Imbls
Increase shod to increase reshardnD
Consumers KinesisClientlibraries Ecs
trucks of shards in stream
Transw when new ones are addra
Ensures for every shard there is a record
processor
Manages record processor
toff of Shrdstconsomerv
If only one consumer KCLwith erase all records
on single processor
If multple it will load balance across all of
Them
With KCL ensure instances does not exceed
shards unless for failure
NEVER need multiple more to handle processing load
Of one shard
ONE worker CAN process mutton shirt
Since quite low MB
CPU utilization should drre quartrtity of
consumer instnu
Use autoscaling
group
t base decisions based on loaded
Concurrent Executors
Be aware of concurrent executen limit for Lambdin

67. Safety feat to limit of concurrent executors
across all functions in given accent
Default 1000 per run
TooMay Requests Exeat
HTTP stows code 42g
Rearat throughput lout exceeded
Reserved Concurrency guarantees set number
Of Executus Which will alway be available
for critical funder Also acts as lunit
When you create Lunbdot there is only one
version LATEST
You can create multiple versus offendncode t
use aliases to ref the versa youwant to use
as part of ARN
ALIAS is like a pointer to spec.fr version
of function code
Lambda Versions

68. If you upload new code to Lambert it becomes
latest
Update ARN for new code
Some 05C cases require Lambda to access resources
which are inside a
prairieWPC
Enably Lambaaccess to UPC
Needs
private subnet ID
e
Security Group 40
Lambda uses info to set
up ENIS
using available IP from private subnet
Elastic NetworkInterface
AddUpc info to CLI using Upc configparameter
Ex
determinespare
i p to assign
it to ENI
allow
accesstoUPC
X Ray Overview
X Ray SDK sends data to X Ray daemon
Lambda & VPC Access
Aws lambda update-function-configuration
--function-name myFun --vpc-config
SubnetIds=Subnet-1122aabb,
SecurityGroupIDs=Sg-51530134
X-Ray Config

69. which buffers segments in quev t upload
them to x Ray in baton
Both SDK t Daemon needed
Use SDK 10 instrument app to send
reviquirer duh
Steps to cont r
Install x Ray daemon on Ecal on pm
on own docker container
Annotations I Inderist
Annotatus
Record additional info aboutrequests
KVpairs tht are simple to filter
Elastic Beonstir supports deployment of Doonercontour
Docker container are self contend
Elastic Beonstuhr handles capacity provisioning
toadbalancing scoring t
app hath monitoring
Options
Run single docker on single Eca
Run multiple docket
Docker & Elastic Beanstalk

70. Use Elastic BeansHV to build BCS
cluster t deploy multiple doomer on
Eachinstance
Sometimes you wontcontrol EC2 Instore PlacementGrow
Use Placement Groups
3 strategies for PlacementGroup
Cluster Clusters instances into low latency group
in single AZ
Spread Spread instances across underlying hardware
Max 7 rnstones
per group per AD critical
Apps
Partition Spreads instance across many different
portions which rely on diffrats
within an Ad Scales to 100s of
EC2 instances Per group
Hadoop
Cluster PlacementGrows
Pros Great Networw HO GBP5 bandwith between
instances
Cons If rack fuss all instances fail at same
time
Use case Bigdata Job that needs to complete
fast
App thot need Extremely low latency

71. and high network throughp u
Spread Placement Group
All EC2 instances on diff hardware
Pros
Can span across multiple AZ's
Reduced Risw is simultaneous failure
Eca instances are on diff physical
hardware
Cons
Limited to 7 instances per AZ placement
group
Use case
a
App that needs to maximize high availability
Critical Apps where each unstne must be
isolated from failure from each other
Placement Groups Part.tn
Up to Parti't.rs Per AZ

72. Up to 100s of Ecs instances
Instances in a port.hn do not shoe rains
with instances in other partitions
Partition failure can affect many Ec2s but
not other partitions
EC2 instances getaccess to the partition info
as metadata
Use cases Distributed Big Data App
Personal Data Center
Gives complete control over virtual networking
evironment
key Features
UPC are son specific Mars per reg.org
Region comes with desalt NPC
200subnob per UPC
IPUY TIPU f Ciel blah
Costs nothing
Nat Gater1 UPC Endpoint VPNgan Cason
Gateway casts Mon
DNS hostname turned
off by defund
O.OO.O 10 Default shows all IPadarEss
s.VPCPeering
Allow one UPC to connect one UPC win
AWS Virtual Private Cloud (VPC)

73. unotnr over a direct network route US's
prime AP Adresses
Instances on Peered NPCs behae yost line
they are on the same return
Cornet UPC cross same Id ft Aws accort
regions
Peering uses a star configuration
Of 4 other
J
1 centra
o l
O
No transit're peering must be direct
No overlapping CIDR Blocks
Route Tables
Determine where Network traffic is drench
Each subnet in UPC must be associated
w.sn route table
Subnet can only be associates with one
route table at a tree but an associate
multiple subheb with some route table
Internet Gateway
iAllows UPC access to internet
Does 2 th w
Provide target in your UPC route toble Leon

74. internal rookble truffa
Perform NAT for instances wthPublic IPV 4
Bastion Jumpbox
Intermediate Ec2 to SSH into for Eon's
that are in Private subnet
AVS system Mongager
session Manager replaces need for
Bastion
Direct connect
Dedicated Networks connectns from on proem
to Aws
VERY FAST SO 100M or 1613 or 10GB
favorBnduth Higher Broke
Reduce Network Costs
More consistent Neturh Experian
Set scaling Rules which will automatically
Auto-Scaling Groups

75. launchadditional EC2 Inshore or shutdown as needd
Contents collector of EC2 anstrice that
are treated as group
Can occur via
Capacity settings
Heath Check Replacements
Scaling Policies
Capacity Sett s
Min Minimum Abacus
Max Maqimun
Desired capacity ideal number
Health Check Replacements
Check Eth status it drops below moninas
it spins up
ELB health cheer pings
Scaling Policies
Target Tractry
Munk.rs specific metric at specific Vale
If Cpu Ts go 0A
Simple Salins
Scales when alarm breached
Legacy
Seeing Policies with skis
Scales when alarm breaches Con Escue
based on alarm chrome value

76. EIB Integration
ASG can be associated with ELB when
ASG associated with ELB richer health
checks can be set
ASG use case
I Burst of train
2 Route S3 po.ms to Lawd Bhau
3 Balancer tyros
4 Gray is to ASg
S ASG chews
6 Scilly determis acarun
launch ON prob
Instance conf y temple tht ACG uses
to launch EC2
Same process as Iancu an Ek insta
Lancunch Cont Cannot be did cron
NEW or clone Exigty config and Mcnall
assai in
launch Tendentes
Lunch configurations Vith versonny
Scaling out Add servers
Scaling an Remove Sewers
privately connect Your UPC to other AWS
VPC Endpoints

77. services 1 UPC endpoint Servis
Elin's need for Internet Gateway IN.AT UPN
AWS D ret
Instances in UPC don't require public ID
to communicate with service resoros
Traffic between UPC 1 Other service does
NOT leave Aws near
Hormone'll scald redundant highly
available
Allow secure comms between instness
secure w that addry avail risks of
bwnwdwrcthrestr.cn
Interface Endpoints
Elastic Network Interferes with private
xp
Serve Sentry port for traffic going
to supported device
Endpoints powered by Aws private
t.ph access services hosted securely
by keep's traffic with AWS
Gateway Endpoints
Gateway that is large for a specific rate
in a route table Hatta destrnas fer Aws
Sen e
Wurrently only surepar's S3 t Dynamo DB

78. Free
Must spec fi UPC in which to create
endpoint
An optional layer of security that acts as a
firewall for controlling traffic in t out of subnet
Virtual Firewall Subnet Level
You can Allow Deny traffic inbound andoutbound
Rule order from lowest to highest use increments
of10 100
By default Allow all outbound 1nobound traffic
Subnet can only be assorted with 1 NALL
Logs API calls between AWS services knowwho
to blame
Service that enable governance compliance operational
auditing t risk audits of AWS acout
Identifies
Network Access Control Lists (NACL)
CloudTrail

79. Where Source ID
When EventTime
Who user UserAgent
What Region Resource Action
EventHistory
Logs for 90days urn EventItis wi
790 days you need to create a trail
No GUI so use Amazon ATHEM
Trail can be set to log all regions
Trail can log across all accounts in Org
Encrypt Logs using SSE
toy file validotm to ensure logs haven'tbeentampered
CloudTrail can deliver events to cloudwatch
Management vs Data Events
Management Events turned on by default
Can'tbe turned
off
Ex
Config Security
Registering Devices
Config rules forrout y data
Setting up loggins
Data events
Track specific operations for specific Aws
services
Data events are highvolume logging wit

80. result in additional changes
Turned off by default
2 services
S3
Lambda
PseudoParameters
Parameters predefined by AWS CloudFormation
Usethem same way as parameter argument for
Ref function
Resource Attributes
Creation Policy
Prevent status from reaching create complete
until AWS CloudFormation receives a specified
of success signals timeout periodexceeda
Deletion Policy
Reserve Backup resource when stair is deleted
Opt Delete Retain Snapshot
CloudFormation Additional Info

81. Update Policy
How to handle update forASG Elasticache
Domain or Lambda Alias
UpdateReplace Policy
Retain Backup existing physical instne ofresource
when replaced during stack operation
Opt Delete Retain Snapshot
DependsOn
Resource is created only after creation
of resource specified in DependsON attribute
Intrinsic Function
Assign value to properties that are not available
to runtime
a
Ref
Ref can reference parameters other defined
resources
GetAttr
Allows you to access many diff variables on

82. a resource
Different per resource
WaitConditions
2 Cases
Coordinate Stuck Resource Creation with
confryactionsthat are external to stack creation
Track status of confy process
Similar to CreationPolicy CreotunPolicynecomr
MenMforEc2tASG.CreationPolicy waits on dependent resour
Waitpolicy waits on wait condrtin external
Write Infrastructure as Code using imperalve paradigm using
yourfav language
Transpiler
Turns one source code intoanother
CDK transpiles into CF Templates
Imperative Infrastructure
It's implicit what resources willbe createdin end state
More Flexible Less Certainty Write Less
Ex I want EC2 autofill in all other details
CDK is Imperative
Declarative Infrastructure
It's explicit what resources willbe createdin end state
Cloud Development Kit (CDK)

83. p
Less Flexible More Certainty Write More
Ex I want EC2 and I will giveevery detail
Cloudformation is declarative
CDK used to only be Typescript nowsupports
JS Python Java Net
CDK API's are delayed resource wise
Extension of CloudFormation that lets youdefine serverless
applications
SAM is an AWS CLI 1001 t CloudFormation Macro
Macro allows you to change how code works
Allows you to embed language within language
CloudFormation Allows you to specify macros through
transform attribute
SAM vs CloudFormations
Saves about 504 code
SAM CLI
Easy to run package1 deploy Serverless Apps Lambda
Serverless Application Model (SAM)

84. Buildspec yml
Provides build instructions
Needs to be at root of profeat folder
Parts
Version
a
2 run all build commands in sameinstance
I run each build command in separateinstore
phases
install only for installing in buildenv
pre build commonds run before building
build commands run during build
postbuild commands run after build
artifacts
where we can find the build output
prepares it for 53
Fully managed build pipeline to create temporary
servers to build testcode
CodeBuild

85. Compile source code runs unit tests produce artifacts
todeploy
Provides pre packaged buildenvironments
build your own environments as dockercontainer
Fully managed deploy service in the cloud
Can deploy EC2 on Prem lambda teas
Rapidly release new features
Update AWS Lambda functions
Avoid downtime during app deployment
Perform in place blue green deployments
Integrates with existny CITED Tools
Core Components
Application
Deployment Groups
Deployment
Deployment
Config
Appspec file
Revision
In Place Deployments
Appon each instance is stopped
Latest Apprevision installed started validated
Use loadBalancer to deregism reregister
Only Eca Ion Prem can use in place deployments
CodeDeploy

86. Blue Green Deployments
Auto copy EC2 ASG
Instances provisioned for replacement
Latest App Revision is installed withoptional wattone
Instances in new enviro are registered a th ELB
Oldinstances deregistered
eappsp c.ym I
Lifecycle event hooks are diffstages
Hooks vary based on deployment type
This is for
EC2
Wizard forgetting common application projects setup
You get
Deployment Pipeline
Access Mgmt
Project Dashboard
Like pre config templates abstracts
CodeStar

87. GRDS
Aurora PostgreSQL
MySQL Oracle
MariaDB SQL server
Encryption
Encryption Rest for all RDS engines
Encryption is handled by KMS
Will also encrypt automated backups snapshots
readreplicas
RDS Backups
Automated Backups
Retention Between 1 35 days for free
Storage I O may be suspended duringbackups
Manual snapshots
Taken by user
Persists even if RDs deleted
Backup data never restored on top of existing
instance
Restored will have new DNS endpo.rs
Multi AZ
syncs data to standby
Its a failover
Read Replica
Relational Database Services (RDS)

88. Replica that only allows reads
Asynchronous Replicant
Up to S
cross Region 1 Az replies
Instance Profile is a container for an IAM role
thatyou can use to pass info to an
EC 2 instance
when it starts
AWS CLI Profile which is usedfor switchy to various
profiles
Slow Query log can be set to be generated inRDS
Also Error log is auto generated
ECS Fargate
Launch type
Noneed to manage backend
Just register Instr def.nut n

89. Serverless Infrastructure
CodePipeline
You can add an approval action to stage in pipeline
Elasticaoh Redis is faster than DynamoDB
forsession data
lambda Permissions
logs CreateLogGroup create luggroup wth name
logs CreateLogStream Createlogstream for event
logs PotLogEvents Uploads batch of logs to lagstream
logs CreateExportTask Creaks export task toexport data
from toy 53
Developer Git via SSH use publpriatetree
DynamoDB API things
Get Item
Update Item
Pot Item
Elasticach Red is is IN Memory
Road Replicas are not

90. RecieveMessage API retrieves one Imore
messages from que6,6up to 10
AppSpec 1mi
Specifies Ecs task det for deployment
Revison
Subnet must be in same reggion to be
added to ASGIALB
CloudWatch Custom Metrics
dimensions
What metric is home owl pair
Cloudwatch Events Rule
Respond to state changes in Aws resources
Can self trigger
Alarms watch a single metric
Events respond to Actrons
ECS container Mapping
Set host to 0 and container to desired
for dynamic port mapping
lambda ECS can not use It Place

91. appspec Yeml
Tempcredentials need Dunation Seconds param
DynamoDB has Mar size of 400KB
S3 con store keylual pair
Lambda Hoots
Before Allow Traffic
After Allow Traffic
ECs Hours
Before Insult
AfterTunstall
After NOV Test Trott
Before Allow Traft i
After Allow Truth
Eor Hob
Belmore Insull
After Ihsa
Application start
Validate service

92. Kinesis Data Streams needs Eca
kiness Firehose can store in S3
Amazon Inspector Tool that can asses apps for
vulnerabilities deviates from
best prachi
lambdaSASQueue does not prove send Messa
OAI Origin Access Identity user
Amazon States language used to define States
Machine
With Application Load Balancer you can
route to specific domain name it is the
only ELB in Aws that can do so
Kms generate Datakey
Allows us to general with a green CMN
Kms Creole key
Creates a new CMH
short Polling Wait time of 0
Sas size limit is 256k

93. Tocollect log from ECHOn Panem use
CloudWatch Agent on
Cloudwatch Logs Agen older notpreferred
CloudWatch Events is used to track changes
in the state of Aws resource
lambda on success destinum send async
function code
Batch Get Item up to 100 items
GettraceSummaries used tosearch for segments
Matching Criteria
Lambda Event Source Mapping
Sas
DynamoDB
Kinesis