diff --git a/README.md b/README.md index 9c81000..cadd0bf 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,8 @@ - [Machine Learning](sections/machine_learning.md) - [Account Management, Billing & Support](sections/account_management_billing_support.md) - [Advanced Identity](sections/advanced_identity.md) +- [Other AWS Services](sections/other_aws_services.md) +- [AWS Architecting & Ecosystem](sections/architecting_and_ecosystem.md) ## Contributors diff --git a/sections/architecting_and_ecosystem.md b/sections/architecting_and_ecosystem.md new file mode 100644 index 0000000..cbb1247 --- /dev/null +++ b/sections/architecting_and_ecosystem.md @@ -0,0 +1,170 @@ +# AWS Architecting & Ecosystem + +- [AWS Architecting & Ecosystem](#aws-architecting--ecosystem) + - [Well Architected Framework General Guiding Principles](#well-architected-framework-general-guiding-principles) + - [AWS Cloud Best Practices - Design Principles](#aws-cloud-best-practices---design-principles) + - [Well Architected Framework 6 Pillars](#well-architected-framework-6-pillars) + - [1. Operational Excellence](#1-operational-excellence) + - [2. Security](#2-security) + - [3. Reliability](#3-reliability) + - [4. Performance Efficiency](#4-performance-efficiency) + - [5. Cost Optimization](#5-cost-optimization) + - [6. Sustainability](#6-sustainability) + - [AWS Well-Architected Tool](#aws-well-architected-tool) + - [AWS Right Sizing](#aws-right-sizing) + - [AWS Ecosystem - Free resources](#aws-ecosystem---free-resources) + - [AWS Ecosystem - AWS Support](#aws-ecosystem---aws-support) + - [AWS Marketplace](#aws-marketplace) + +## Well Architected Framework General Guiding Principles + +- Stop guessing your capacity needs +- Test systems at production scale +- Automate to make architectural experimentation easier +- Allow for evolutionary architectures + - Design based on changing requirements +- Drive architectures using data +- Improve through game days + - Simulate applications for flash sale days + +## AWS Cloud Best Practices - Design Principles + +- **Scalability**: vertical & horizontal +- **Disposable Resources**: servers should be disposable & easily configured +- **Automation**: Serverless, Infrastructure as a Service, Auto Scaling… +- **Loose Coupling**: + - Monolith are applications that do more and more over time, become bigger + - Break it down into smaller, loosely coupled components + - A change or a failure in one component should not cascade to other components +- **Services, not Servers**: + - Don’t use just EC2 + - Use managed services, databases, serverless, etc.. + +## Well Architected Framework 6 Pillars + +1. Operational Excellence +2. Security +3. Reliability +4. Performance Efficiency +5. Cost Optimization +6. Sustainability + +### 1. Operational Excellence + +- Includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures +- Design Principles + - **Perform operations as code** - Infrastructure as code + - **Annotate documentation** - Automate the creation of annotated documentation after every build + - **Make frequent, small, reversible changes** - So that in case of any failure, you can reverse it + - **Refine operations procedures frequently** - And ensure that team members are familiar with it + - **Anticipate failure** + - **Learn from all operational failures** + +### 2. Security + +- Includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies +- Design Principles + - **Implement a strong identity foundation** - Centralize privilege management and reduce (or even eliminate) reliance on long-term credentials - Principle of least privilege - IAM + - **Enable traceability** - Integrate logs and metrics with systems to automatically respond and take action + - **Apply security at all layers** - Like edge network, VPC, subnet, load balancer, every instance, operating system, and application + - **Automate security best practices** + - **Protect data in transit and at rest** - Encryption, tokenization, and access control + - **Keep people away from data** - Reduce or eliminate the need for direct access or manual processing of data + - **Prepare for security events** - Run incident response simulations and use tools with automation to increase your speed for detection, investigation, and recovery + - **Shared Responsibility Mode** + +### 3. Reliability + +- Ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues +- Design Principles + - Test recovery procedures - Use automation to simulate different failures or to recreate scenarios that led to failures before + - Automatically recover from failure - Anticipate and remediate failures before they occur + - Scale horizontally to increase aggregate system availability - Distribute requests across multiple, smaller resources to ensure that they don't share a common point of failure + - Stop guessing capacity - Maintain the optimal level to satisfy demand without over or under provisioning - Use Auto Scaling + - Manage change in automation - Use automation to make changes to infrastructure + +### 4. Performance Efficiency + +- Includes the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve +- Design Principles + - **Democratize advanced technologies** - Advance technologies become services and hence you can focus more on product development + - **Go global in minutes** - Easy deployment in multiple regions + - **Use serverless architectures** - Avoid burden of managing servers + - **Experiment more often** - Easy to carry out comparative testing + - **Mechanical sympathy** - Be aware of all AWS services + +### 5. Cost Optimization + +- Includes the ability to run systems to deliver business value at the lowest price point +- Design Principles + - **Adopt a consumption mode** - Pay only for what you use + - **Measure overall efficiency** - Use CloudWatch + - **Stop spending money on data center operations** - AWS does the infrastructure part and enables customer to focus on organization projects + - **Analyze and attribute expenditure** - Accurate identification of system usage and costs, helps measure return on investment (ROI) - Make sure to use tags + - **Use managed and application level services to reduce cost of ownership** - As managed services operate at cloud scale, they can offer a lower cost per transaction or service + +### 6. Sustainability + +- The sustainability pillar focuses on minimizing the environmental impacts of running cloud workloads. +- Design Principles + - **Understand your impact** – establish performance indicators, evaluate improvements + - **Establish sustainability goals** – Set long-term goals for each workload, model return on investment (ROI) + - **Maximize utilization** – Right size each workload to maximize the energy efficiency of the underlying hardware and minimize idle resources. + - **Anticipate and adopt new, more efficient hardware and software offerings** – and design for flexibility to adopt new technologies over time. + - **Use managed services** – Shared services reduce the amount of infrastructure; Managed services help automate sustainability best practices as moving infrequent accessed data to cold storage and adjusting compute capacity. + - **Reduce the downstream impact of your cloud workloads** – Reduce the amount of energy or resources required to use your services and reduce the need for your customers to upgrade their devices + +## AWS Well-Architected Tool + +- Free tool to **review your architectures** against the 6 pillars Well-Architected Framework and **adopt architectural best practices** +- How does it work? + - Select your workload and answer questions + - Review your answers against the 6 pillars + - Obtain advice: get videos and documentations, generate a report, see the results in a dashboard +- Let’s have a look: + +## AWS Right Sizing + +- EC2 has many instance types, but choosing the most powerful instance type isn’t the best choice, because the cloud is elastic +- Right sizing is the process of matching instance types and sizes to your workload performance and capacity requirements at the lowest possible cost +- Scaling up is easy so always start small +- It’s also the process of looking at deployed instances and identifying opportunities to eliminate or downsize without compromising capacity or other requirements, which results in lower costs +- It’s important to Right Size… + - before a Cloud Migration + - continuously after the cloud onboarding process (requirements change over time) +- CloudWatch, Cost Explorer, Trusted Advisor, 3rd party tools can help + +## AWS Ecosystem - Free resources + +- AWS Blogs: +- AWS Forums (community): +- AWS Whitepapers & Guides: +- AWS Quick Starts: + - Automated, gold-standard deployments in the AWS Cloud + - Build your production environment quickly with templates + - Example: WordPress on AWS + - Leverages CloudFormation +- AWS Solutions: + - Vetted Technology Solutions for the AWS Cloud + - Example - AWS Landing Zone: secure, multi-account AWS environment + - + - “Replaced” by AWS Control Tower + +### AWS Ecosystem - AWS Support + +| DEVELOPER | BUSINESS | ENTERPRISE | +| ------------------------------------------------------- | ------------------------------------------------------------- | --------------------------------------------------------------- | +| Business hours email access to Cloud Support Associates | 24x7 phone, email, and chat access to Cloud Support Engineers | Access to a Technical Account Manager (TAM) | +| General guidance: < 24 business hours | Production system impaired: < 4 hours | Concierge Support Team (for billing and account best practices) | +| System impaired: < 12 business hours | Production system down: < 1 hour | Business-critical system down: < 15 minutes | + +## AWS Marketplace + +- Digital catalog with thousands of software listings from **independent software vendors** (3rd party) +- Example: + - Custom AMI (custom OS, firewalls, technical solutions…) + - CloudFormation templates + - Software as a Service + - Containers +- If you buy through the AWS Marketplace, it goes into your AWS bill +- You can **sell your own solutions** on the AWS Marketplace \ No newline at end of file diff --git a/sections/other_aws_services.md b/sections/other_aws_services.md new file mode 100644 index 0000000..4ff9051 --- /dev/null +++ b/sections/other_aws_services.md @@ -0,0 +1,95 @@ +# Other AWS Services + +- [Other AWS Services](#other-aws-services) + - [Amazon WorkSpaces](#amazon-workspaces) + - [Amazon AppStream 2.0](#amazon-appstream-20) + - [Amazon Sumerian](#amazon-sumerian) + - [AWS IoT Core](#aws-iot-core) + - [Amazon Elastic Transcoder](#amazon-elastic-transcoder) + - [AWS Device Farm](#aws-device-farm) + - [AWS Backup](#aws-backup) + - [AWS Elastic Disaster Recovery (DRS)](#aws-elastic-disaster-recovery-drs) + - [AWS DataSync](#aws-datasync) + - [AWS Fault Injection Simulator (FIS)](#aws-fault-injection-simulator-fis) + +## Amazon WorkSpaces + +- Managed Desktop as a Service (DaaS) solution to easily provision Windows or Linux desktops +- Great to eliminate management of on-premise VDI (Virtual Desktop Infrastructure) +- Fast and quickly scalable to thousands of users +- Secured data – integrates with KMS +- Pay-as-you-go service with monthly or hourly rates + +## Amazon AppStream 2.0 + +- Desktop Application Streaming Service +- Deliver to any computer, without acquiring, provisioning infrastructure +- The application is delivered from within a web browser + +| Amazon AppStream 2.0 | WorkSpaces | +| -------------------------------------------------------------------------- | ---------------------------------------------------------------- | +| Stream a desktop application to web browsers (no need to connect to a VDI) | Fully managed VDI and desktop available | +| Works with any device (that has a web browser) | The users connect to the VDI and open native or WAM applications | +| Allow to configure an instance type per application type (CPU, RAM, GPU) | Workspaces are on-demand or always on | + +## Amazon Sumerian + +- Create and run virtual reality (VR), augmented reality (AR), and 3D applications +- Can be used to quickly create 3D models with animations +- Ready-to-use templates and assets - no programming or 3D expertise required +- Accessible via a web-browser URLs or on popular hardware for AR/VR +- Example: + +## AWS IoT Core + +- IoT stands for “Internet of Things” – the network of internet-connected devices that are able to collect and transfer data +- AWS IoT Core allows you to easily connect IoT devices to the AWS Cloud • Serverless, secure & scalable to billions of devices and trillions of messages +- Your applications can communicate with your devices even when they aren’t connected +- Integrates with a lot of AWS services (Lambda, S3, SageMaker, etc.) +- Build IoT applications that gather, process, analyze, and act on data + +## Amazon Elastic Transcoder + +- Elastic Transcoder is used to **convert media files stored in S3 into media files in the formats required by consumer playback devices (phones etc..)** +- Benefits: + - Easy to use + - Highly scalable – can handle large volumes of media files and large file sizes + - Cost effective – duration-based pricing model + - Fully managed & secure, pay for what you use + +## AWS Device Farm + +- Fully-managed service that tests your web and mobile apps against desktop browsers, real mobile devices, and tablets +- Run tests concurrently on multiple devices (speed up execution) +- Ability to configure device settings (GPS, language, Wi-Fi, Bluetooth, etc.) + +## AWS Backup + +- Fully-managed service to centrally manage and automate backups across AWS services +- On-demand and scheduled backups +- Supports PITR (Point-in-time Recovery) +- Retention Periods, Lifecycle Management, Backup Policies,etc. +- Cross-Region Backup +- Cross-Account Backup (using AWS Organizations) + +## AWS Elastic Disaster Recovery (DRS) + +- Used to be named “CloudEndure Disaster Recovery” +- Quickly and easily **recover** your physical, virtual, and cloud-based servers into AWS +- Example: protect your most critical databases (including Oracle, MySQL, and SQL Server), enterprise apps (SAP), protect your data from ransomware attacks, … +- Continuous block-level replication for your servers + +## AWS DataSync + +- Move large amount of data from on-premises to AWS +- Can synchronize to: Amazon S3 (any storage classes – including Glacier), Amazon EFS, Amazon FSx for Windows +- Replication tasks can be scheduled hourly, daily, weekly +- The replication tasks are incremental after the first full load + +## AWS Fault Injection Simulator (FIS) + +- A fully managed service for running fault injection experiments on AWS workloads +- Based on **Chaos Engineering** – stressing an application by creating disruptive events (e.g., sudden increase in CPU or memory), observing how the system responds, and implementing improvements +- Helps you uncover hidden bugs and performance bottlenecks +- Supports the following AWS services: EC2, ECS, EKS, RDS… +- Use pre-built templates that generate the desired disruptions \ No newline at end of file