Aws

Whati
scl
oudcomput
ing
 Cloudcomputing,oft
enrefer
redtoassimpl
ythecloud,i
son-demand
deli
ver
yofITresourcesandappl
icat
ionsv
iat
heInt
ernetwi
thpay-
as-
you
-gopri
cing.
 Wit
hcloudcomputi
ng,wedon’tneedtomakelar
geup-f
rontinvestments
i
nhardwareandspendal otoftimemanagingthathardware.Inst
ead,
wecanprovi
sionexact
lyt
heri
ghtt y
peandsizeofcomputingresources
weneed.
 Wit
hcloudcomputi
ng,wecanaccessasmanyresour
cesasweneed,
al
mostinst
ant
ly,
andonlypayf
orwhatweuse.
 Cloud comput
ing pr
ovi
desan easywayt o accessserv
ers,storage,
databases,
andabroadsetofappl
i
cat
ionser
vicesovert
heInt
ernet.
 Cloudcomputi
ngprovi
derssuchasAWSownandmai nt
ainthenet
work-
connectedhardwar
erequir
edfortheseappli
cat
ionser
vices,whi
lewe
provi
sionandusewhatweneedforourworkl
oads.
Adv
ant
agesofCl
oudComput
ing
 Lowcost
 Usabi
l
ity
 Bandwi
dth
 Accessi
bil
i
ty
 Di
sast
erRecov
ery
 Secur
e
3way
sofcl
oudcomput
e
3bui
l
dingbl
ockofcl
oudcomput
ingar
e
 Saas
 Paas
I
aas
Saas(
Sof
twar
easaser
vice)
Soft
wareasaser
vicei
stheeasi
estwaytocl
oudcomput
e.
Thesof
tware’
sar
eaccessedovert
hei
nter
net.
Eg.Googl
edoc,
spr
eadsheetet
c.
Adv
ant
ageofsaasi
s
 al
lappl
i
cat
ioni
sfr
eeandpai
dvi
asubscr
ipt
ion.
 Accessi
blef
rom anycomput
er.
Paas(
Plat
for
m asaser
vice)
Prov
ides env
ironment and t
ool f
or cr
eat
ing new onl
i
ne
appl
i
cati
ons
Eg.Googl
eappengi
ne,
sal
esf
orce(
for
ce.
com)
Adv
ant
ages
 Faci
l
itat
ionofhost
ingcapabi
l
iti
es.
 Desi
gni
nganddev
elopi
ngt
heappl
i
cat
ion.
 Pr
ivat
eorpubl
i
cdepl
oyment
.
Di
sadv
ant
age
 Appl
i
cat
ionbui
l
dononev
endorcannotbemov
edt
oanot
her
.
I
aas(
Inf
rast
ruct
ureasaSer
vice)
Al
lowexi
sti
ngapplicat
iont
orunonacl
oudsuppl
i
er’
shar
dwar
e.
I
aascomesin4categor
ies
1.Pr
ivat
ecl
oud
2.Dedi
cat
edhost
3.Hy
bri
dhost
ing
4.Cl
oudhost
ing
Awswor
ksoni
aas.
Adv
ant
ages
 Theappl
i
cat
ioni
shost
edcent
ral
l
y
 Sof
twar
etest
ingt
akespl
aceataf
ast
err
ate
 Reduct
ioni
nIToper
ati
onal
cost
.
Cl
oudt
ypes
 Publ
i
ccl
oud
 Pr
ivat
ecl
oud
 Hy
bri
dcl
oud
 Communi
tycl
oud
Publ
i
ccl
oud
 Serv
ice prov
iders use t
he i
nter
nett
o make r
esour
ces,such as
appl
icat
ions,st
orage
 Examplesofpubl
iccl
oudsincl
udeAmazonwebser vi
ce,IBM’
sBl ue
Cloud,Sun Cl
oud,Googl
e compute engi
ne and Windows Azure
Servi
cesPl
atf
orm.
 Forusers,t
heset y
pesofcloudswillpr
ovidet hebesteconomi esof
scal
e,areinexpensiv
etoset-upbecausehar dware,appl
icati
onand
bandwidthcostsarecover
edbyt hepr ovider.
It
’sapay -per-
usage
modelandt heonlycost
sincurr
edar ebasedont hecapaci t
ythatis
used.
Di
sadv
ant
age
t
hepubl
i
ccl
oudmaynotbet
her
ightf
itf
orev
eryor
gani
zat
ion.The
modelcanlimitconfi
gurati
on,secur
it
y,andSLAspecif
ici
ty,makingi
t
l
ess-
than-
idealforservicesusingsensiti
vedat
at hatissubjectto
compli
ancyregulat
ions
Pr
ivat
ecl
oud
 Pri
vat
e cl
ouds are dat
a cent
erarchi
tect
ures owned by a si
ngl
e
companythatprovi
desfl
exi
bil
i
ty,
scal
abil
it
y,pr
ovisi
oni
ng,aut
omati
on
andmonit
oring.
 Thegoalofapr i
vat
ecl oudisnotsell“as-
a-ser
vice”offeri
ngsto
exter
nalcustomers butinst
ead to gai
nt he benefits ofcloud
archi
tect
urewit
houtgivi
ngupt hecontr
olofmai ntai
ningy ourown
datacenter
.
 Pri
vatecloudscan beexpensive,so mosttypical
l
yusebyl ar
ge
ent
erpri
ses.Priv
atecloudsaredri
venbyconcer nsaroundsecur
it
y
andcompliance,andkeepi
ngasset
swit
hinthef
irewall
.
Hy
bri
dcl
oud
 Byusi nga Hy
bri
dappr oach,compani
escanmai ntai
ncontrolofan
i
nternall
ymanagedpr iv
atecloudwhi
lerel
yi
ngont hepubli
ccloudas
needed. Fori
nstance,dur
ingpeakperi
odsindi
vi
dualappli
cati
ons,or
port
ionsofappli
cati
onscanbemi gr
atedtothePubli
cCloud.
 Thi
swi l
lalso bebenef
ici
alduring pr
edict
ableout
ages:hurr
icane
war
nings,schedul
edmai
ntenancewindows,rol
l
ingbr
own/bl
ackouts.
Communi
tycl
oud
 A communi
tycloud i
sa multi
-t
enanti
nfr
astr
uct
urethatisshar
ed
amongseveralorgani
zat
ionsfr
om aspecif
icgroupwit
hcommon
computi
ngconcer
ns.
WhyAWS
 Thef
reet
ier
.
 Ont
hegopr
ici
ng.
 Per
for
mance.
 Depl
oymentspeed.
 Secur
it
y.
 Fl
exi
bil
i
ty.
AWSHI
STORY
 Amazoni
sini
ti
all
yonl
i
ner
etai
lsel
l
er.
 awsi
slaunchedi
n2006.
 Amazon convert
s the unused stor
age i
nfr
ast
ruct
ure as
busi
ness“
SimpleStor
agewebserv
ice”S3.
 Byt
heendof2006,
Elast
icComput
eCl
oud(
EC2)wasl
aunched.
 TodayAWSpr
ovi
ding70+webser
vicesacr
oss190count
ri
es.
 Amazon Web Serv
ices (AWS)is a secur
e cloud servi
ces
pl
atfor
m,of
fer
ingcomput epower
,databasestorage,cont
ent
deli
ver
yandotherfunct
ional
i
tyt
ohelpbusinessesscaleand
grow.
AWSi
slocat
edi
n16geogr
aphi
cal
"regi
ons"
:
 Nor
thAmer
ica
(6r
egi
ons)
 USEast(
Nor
ther
nVi
rgi
nia)
,wher
ethemaj
ori
tyofAWSser
ver
sar
e
based
 USEast(
Ohi
o)
 USWest(
Oregon)
 USWest(
Nor
ther
nCal
i
for
nia)
 AWS Gov Cloud (US)

,based inthe Nort
hwest
ern Uni
ted St
ates,
provi
dedforU. S.gover
nmentcust
omer s,compl
ementi
ngexisti
ng
governmentagenci
esalr
eadyusi
ngtheUSEastRegi
on
 Canada(
Cent
ral
)
 Sout
hAmer
ica
(1r
egi
on)
 Br
azi
l(SãoPaul
o)
 Eur
ope
/
Middl
eEast
/
Af
ri
ca
(3r
egi
ons)
 EU(
Ir
eland)
 EU(
Frankf
urt
),
Ger
many
 EU(
London)
,
Uni
tedKi
ngdom
 Asi
aPaci
fi
c (
6regi
ons)
 Asi
aPaci
fi
c(Toky
o),

Japan
 Asi
aPaci
fi
c(Seoul
),
Sout
hKor
ea
 Asi
aPaci
fi
c(Si
ngapor
e)
 Asi
aPaci
fi
c(Mumbai
),
I
ndi
a
 Asi
aPaci
fi
c(Sy
dney
),
Aust
ral
i
a
 Chi
na(Beiji
ng)
 Regionisadist
inctgeogr
aphi
clocat
ionwher
eamazonhasi
ts
i
nfrastr
uct
ure
 Al
ltheregi
onsaredesi
gnedtobeindependentofeachother
wi
th separat
e power sour
ces, i
nter
net connect
ivi
ty and
geogr
aphi
clocat
ion
 Anavai
labi
l
ityzoneisaseparatedatacent
erwi t
hinar egi
on.
Amazonhasint
enti
onal
l
ykeptregi
onindependentofeachother
i
fonegoesdownitdoesnothaveef
fectonother.
 Fore.
g.amazonhav
e2AZi
nMumbai
ap-
sout
h-1a,
ap-
sout
h-1b.
 Edgelocati
onarecdnendpoi nts.edgelocat
ionsar
eusedby
cl
oudf r
onttocachef i
l
esneart heuserwhoaccesst hem.For
e.
g.ifauserwant stowat chmov i
eit’
sbettertocachethe
movietolocat
ionneartheuserforlat
ency
 Amazoncl
oudf
rontandamazonr
out
e53ar
eof
fer
edatedge
l
ocat
ion
 Usercansel
ectt
her
egi
ondependi
nguponf
oll
owi
ngcr
it
eri
a
1.Userpr
oxi
mit
y–chooset
hebasecl
osert
otheuser
2.Cost–costmayv
ari
esbasedonr
egi
on
3.Compli
ance–lawsofl
andssuchasdat
apr
otect
ionl
aws
wil
li
nfl
uencey
ourchoi
ceofr
egions.
4.Servi
ceav
ail
abi
l
ity– notal
lser
vicesar
eav
ail
abl
eina
regi
on
Under
standi
ngAWSConsol
e
Awsconsol eprov
idesconveni
entaccessAWSser
vicessuchas
compute,stor
ageandot hercloudresour
ces.Almostal
lwebservi
cesare
accessedatconsol
e.aws.amazon.
com
AWSSERVI
CES
 St
orage
1.Amazonsi
mpl
est
orageser
vice(
s3)
2.Amazongl
aci
er
3.Amazonel
ast
icf
il
esy
stem (
EFS)
4.Amazonel
ast
icbl
ockst
orage(
EBS)
 Comput
e
1.El
ast
iccomput
ecl
oud(
EC2)
2.Amazonv
irt
ual
pri
vat
ecl
oud(
VPC)
3.Aut
oscal
i
ng
 Net
wor
kingandcont
entdel
i
ver
y
1.Rout
e53
2.El
ast
icl
oadbal
ancer
3.Cl
oudf
ront
 Dev
eloper
stool
1.Awscommandl
i
nei
nter
face
 Dat
abase
1.AmazonDy
namoDB
2.AmazonSi
mpl
eDB
3.Amazonr
elat
ional
DB
4.Amazonaur
ora
 Managementt
ool
s
1.AWSCl
oudFor
mat
ion
2.AWSCl
oudWat
ch
 Secur
it
y,i
dent
it
yandcompl
i
ance
1.I
dent
it
yandaccessmanagement(
IAM)
 Messagi
ng
1.Amazonsi
mpl
eQueueSer
vice(
SQS)
2.Amazonsi
mpl
enot
if
icat
ionser
vice(
SNS)
3.Amazonsi
mpl
eemai
lser
vice(
SES)
I
AM
I
AM (Ident
ityandaccessmanagement)all
owsyoutomanage
user
sandt hei
rlevelofaccesst oawsconsol
e.Itprovi
des
mult
if
actor authent
icat
ion.Prov
ides t
empor
ary access f
or
user
s,serv
iceswherenecessar
y.
I
tal
l
owsy
out
oset
upandmai
ntai
npasswor
drot
ati
onpol
i
cy.
 Usi
ngIAM,organi
zat
ionscancreat
eandmanageAWSuser s
andgr
oupsandusepermissi
onstoal
lowanddenyt
hei
raccess
toAWSresour
ces.
RootUser
(
Note:Wheny oufi
rstcreat
eanAWSaccount ,youbeginwithonl
ya
si
ngl
esign-i
npr
inci
palt
hathascompleteaccesst
oallAWSCl oudservi
ces
andr
esourcesi
ntheaccount.Thi
spr
inci
pali
scall
edtherootuser
)
 Therootuseri
ssimilari
nconceptt ot heUNIXr ootor
WindowsAdmini
str
atoraccount—ithasf ul
lpr
ivi
l
egest o
doanythi
ngi
ntheaccount
,incl
udingclosi
ngtheaccount.
 The root user can be used for bot
h consol
e and
progr
ammat i
caccesstoAWSr esour
ces.
I
AM User
s
I
AM usersissimil
artonormaluser
sinLi
nux,t
hisusercan
i
nter
actwi
ththeconsol
eandusetheCLI
.
Cr
eat
ingI
AM USERS
GotoIAM ->user
s->cr
eat
eusers->( nameoft heuser)->
access ty
pe (
AWS Management Console access) -
> set
password.
(Not
e:ifuwanttologi
nthengett
heurlf
rom dashboar
dpast
eit
andgiv
et heuser
nameandpassword)
(
Iti
spossi
blet
ocust
omi
zet
heur
lindashboar
d)
(
SHOW:
Del
eteUser
,Changeuserpasswd,
NewAccesskey
)
1.ARN(Amazonr esourcenameisauniquenameusedf orthe
i
denti
fi
cati
onofuserorgroup,Iti
sthecombi
nati
onofawsaccountid
anduserorgr
oupname)
 Max5000user
sinanawsaccount
.
GROUPS
 Agr
oupi
sthecol
l
ect
ionofuser
shav
ingsi
mil
arr
esponsi
bil
i
ty.
 Youcanusepr
opagat
eper
missi
onst
ouser
s.
 Max100gr
oupsi
nanawsaccount
.
 AnI
AM usercanbememberof10gr
oups.
Cr
eat
inggr
oup
Got
ogr
oup-
>cr
eat
euser-
>done
ROLE
 AnIAM r
ole i
ssi
mi l
artoauser,
inthati
tisanAWSident
it
ywi
th
permissi
onpol i
ciesthatdet
erminewhattheident
it
ycanand
cannotdoi nAWS.
i
nsteadofbei
nguni
quel
yassoci
atedwi
thoneper
son,ar
olei
s
i
ntendedt
obeassumabl
ebyanyonewhoneedsi
t.
3t
ypesofr
oles
1.Amazon ser
v i
ce Rol
es—Gr
ant
ing per
mi ssions t
o
appl
i
cat
ionsrunni
ngonanAmazonEC2i nstance.
2.Cross-
Account Access—Granti
ng per
missions to
usersfrom ot her AWS account
s,whet her y
ou
contr
olthoseaccountsornot
.
3.I
denti
typrovi
deraccess-Grant
ingpermissi
onst
o
user
sauthent
icat
edbyatrust
edexter
nalsyst
em.
 Eachr
olecanhav
eupt
o10pol
i
ciesat
tached.
 Max500r
olesi
nanawsaccount
.
Pol
i
cy
 A pol i
cy is a document that f
ull
y defi
nes a set of
permissions t
o access and mani
pulat
e AWS resour
ces.
Poli
cydocument scont ai
noneormor epermi
ssi
ons,with
eachpermi ssi
ondefi
ning:
1.Ef
fect
—Asi
ngl
ewor
d:Al
l
oworDeny
2.Servi
ce—Forwhatserv
icedoest hisper
mi ssi
onapply?
MostAWS Cl oud ser
vices supportgranti
ng access
thr
oughIAM,i
ncludi
ngIAM it
self.
3.Resource—Ther esour
ceval
uespeci
fiesthespeci
fic
AWSi nfrast
ructureforwhi
chthi
sper
mi ssi
onappli
es.
Thi
sisspecifiedasanAmazonResourceName(ARN) .
I
dent
it
yPr
ovi
der
I
denti
ty prov
ider
s ar
e used t
o def
ine t
rust
ed i
dent
it
y
r
esources.
 Wit
hani dent
it
ypr ovi
der(I
dP),y
oucanmanagey ouruser
i
denti
ti
es out
side ofAWS and givethese ext
ernaluser
i
denti
ti
es per
mi ssi
ons to use AWS resour
ces iny our
account
.Thisisusefuli
fy ourorgani
zational
readyhasi t
s
ownidenti
tysyst
em,suchasacor por
ateuserdirect
ory
.Iti
s
al
so usefulify ou ar
e creati
ng a mobi le app orweb
appli
cat
ionthatr
equi
resaccesstoAWSr esour
ces.
Mul
ti
-Fact
orAut
hent
icat
ion(
MFA)
 Multi-
FactorAuthenti
cation(MFA)canaddanext ralayerof
securit
ytoy ourinfr
astruct
urebyaddi ngasecondmet hodof
authenti
cati
onbey ondj ustapasswor doraccesskey .With
MFA, aut henti
cati
on al so requir
es ent er
ing a One- Ti
me
Passwor d(OTP)f r
om asmal ldev i
ce.TheMFAdev i
cecanbe
ei
therasmal lhardwaredev i
cey oucarrywithyou( f
otexample
SafeNetIDProve100( OTPToken) )orav i
rt
ualdevicevi
aanapp
ony oursmartphone( f
orexampl egoogleauthent
icati
on)
Add MFA:goto act

ivat
e MFA f
orrootaccount-> manage
MFA->v i
rt
ualMFA- >copytheqrt
ogoogleauthent
icat
or->
ty
pe2otp.
Passwor
dPol
i
cy
 A passwordpol
i
cyi sasetofrul
est
hatdef
inet
het
ypeof
passwordanI
AM usercanset
.
(
Not
e:Got
hrought
heopt
ions)
Cr
edent
ial
Repor
t
Itli
stsallyouraccount
'susersandt hestatusofthei
rvar
ious
credent
ialsincl
udi
ngpasswords,
accesskeys,andMFAdevices.
Encr
ypt
ionkey
s
 AWS Key ManagementSer vi
ce (AWS KMS)i s a managed
servi
cet hatmakesi teasyf ory outocr eateandcont rolthe
encrypt
ion keys used t o encryptyourdat a.AWS KMS i s
i
ntegrat
edwi thot herAWSser vi
cesincludingAmazonEl asti
c
BlockSt ore(AmazonEBS) ,AmazonSi mpl eStorageSer vi
ce
(AmazonS3) ,AmazonRedshi ft
,AmazonEl asti
cTr anscoder,
Amazon Wor kMai l
, Amazon Rel at
ional Database Ser vi
ce
(AmazonRDS) ,andot herstomakei tsimpletoencr yptyour
datawithencrypti
onkey sthatyoumanage
 AWS KMS letsyou creat
e masterkeysthatcan nev
erbe
expor
tedfr
om theserv
iceandwhi chcanbeusedtoencry
pt
anddecr
yptdat
abasedonpoli
ciesyoudef
ine.
AmazonEl
ast
icComput
eCl
oud(
AmazonEC2)
 AmazonElast
icComputeCloud(AmazonEC2)pr
ovi
des
scal
abl
ecomputi
ngcapaci
tyint
heAmazonWebServi
ces
(AWS)cl
oud.
 AmazonEC2eli
minatesyourneedtoinvesti
nhardwareup
fr
ont
,soyoucandevelopanddeployappli
cat
ionsfast
er
 AmazonEC2enabl esyout oscal
eupordownt ohandl
e
changesinrequi
rementsorspi
kesinpopul
ari
ty,r
educi
ng
yourneedtofor
ecastt
raff
ic.
Feat
uresofAmazonEC2
 Vi
rt
ual
comput
ingenv
ironment
s, i
nst
knownas ances
 Vari
ousconf i
gurationsofCPU,memor y
,storage,and networki
ng
capaci
tyforyourinstances,knownas i
nstancetypes.
 Securelogininformat i
on foryourinstancesusing keypair
s (AWS
stor
esthepublickey ,andyoustor
ethepr i
vatekeyinasecureplace)
(
creat
eanec2i
nst
anceandexpl
ainabouti
nst
ancef
ami
l
y)
EC2ondemand
1.Gener
alpur
pose.
2.Computeopti
mized
Comput
eint
ensi
veappl
i
cat
ion.
3.Memor
yopt
imi
zed
Dat
abaseandmemor
ycachi
ngappl
i
cat
ion.
4.St
orageopt
imi
zed
Dat
awar
ehousi
ngandpar
all
elcomput
ing.
EC2
Opt
ions
 On-
Demandi
nst
ances
Payf
ortheinst
ancesthaty
ouusebyt hehour
,wi
thno
l
ong-
ter
m commitment
sorup-f
rontpay
ments.
 Reser
vedI
nst
ances
Makeal ow,one-ti
me,up-f
rontpaymentforani nst
ance,
reser
vei tfora one-ort hr
ee-
yeart er
m,and pay a
signi
fi
cant
lylowerhour
lyr
atefort
heseinstances.
 Spoti
nst
ances
Bi
donunusedi nst
ances,whi
chcanr
unaslongast hey
ar
eavail
ableandyourbidisabovet
heSpotpri
ce,ata
si
gni
fi
cantdi
scount
.
 Dedi
cat
edhost
s
Payf
oraphy
sicalhostt
hati
sful
l
ydedi
cat
edt
orunni
ng
yourinst
ances,andbr
ingyourexi
sti
ngper-
socket
,per
-
core,
orper-
VM soft
war
eli
censest
oreducecost
s.
Ondemandv
sReser
vedv
sSpotI
nst
ances
 Ondemand
1.
Userst hatwantthelow costandflexi
bil
i
tyofAmazon
EC2withoutanyupfr
ontpay
mentorl ongt
erm commit
ment
.
2.
Applicati
on with shortt er
m,spi ky
,or unpr
edict
abl
e
workloadsthatcannotbeinter
rupt
ed.
3.
Applicati
onwhichisdev el
opedortestedonAmazonEC2
fort
hef i
rstti
me.
(
not
e:Payperhour
)
 Reser
ved
1.Appl
i
cat
ionwi
thst
eadyst
ateorpr
edi
ctabl
eusage
Eg;
webser
ver
srunni
ngi
nani
nst
ance
2.Appli
cat
iont
hatr
equi
respeci
ficcapaci
ty
3.Usersareabl
etomakeupf rontpaymentt
oreducet
he
total
computi
ngcost
.
 Spot
1.Appl
icati
onthathasflexi
blest
artandendti
me.
2.Appl
icati
onthatarefeasi
bleatveryl
owcomputepri
ces.
3.User
swi thurgentcomput i
ngneedsf orl
argeamountof
addi
tionalcapaci
ty
 Dedi
cat
edHost
1.AnAmazonEC2Dedi
cat
edHosti
saphy
sicalser
verwi
th
EC2i nstancecapacit
yfull
ydedicat
edt oy ouruse.
2.DedicatedHost sall
owy outousey ourexistingper
-socket
,
per
-cor e,orper-
VM softwareli
censes,includingWindows
Ser
ver ,Mi cr
osoftSQLSer ver
,SUSEandLi nuxEnterpr
ise
Ser
ver .
(cr
eateawindowsinst
ance->gotoconnectopti
on-
>downloadthe
r
emotedesktopf
il
e->getpassword-
>choosekeypair-
>gett
hepassword
-
>openremotedeskt
op->entert
hepasswor
d)
PRACTI
CAL
1.Logi
ntoani
nst
ance
Usi
ngSSHi
fiti
saLi
nuxI
nst
ance.
Usi
ng RDP (
Remot
e deskt
op pr
otocol
)ifi
tisa
Wi
ndowsInst
ance
2.Launchmor
eli
ket
his
Got
oinst
ance-
>launchmor
eli
ket
his
(
Note:Thisopti
on doesnotcloney oursel
ected
i
nst
ance,
itonl
yrepl
i
catessomeconf
igurat
iondet
ail
s.
)
3.Ter
minat
ionpr
otect
ion
Sel
ecttheinst
ance->acti
on- >i
nst
ancesett
ing->
change ter
minat
ion oryou can add whil
e cr
eat
ing a
i
nstance.
4.At
tachi
ngr
ole
Select the i nst

ance - > act
ion -
>inst
ance
set
ti
ng->att
ach/
repl
aceiam r
ole
5.Changei
nst
ancet
ype
St
opt heinstance-
>act
ion-
>inst
anceset
ti
ng-
>
changeinst
ancetype
(
not
e:Whenani
nst
ancet
ermi
nat
es,
thedat
aonanyi
nst
ance
st
orev
olumesassoci
atedwi
tht
hati
nst
ancei
sdel
eted.
)
EBS
 AmazonEl ast
icBlockStor
e( AmazonEBS)pr ovi
desblockl
evel
storagevolumesf orusewit
hEC2i nstances.
 EBSv ol
umesar ehighlyav
ail
ableandr eliabl
estoragevol
umes
thatcanbeat tachedtoanyrunni
ngi nstancethati
sinthesame
Availabi
li
tyZone.
STORAGEBACKEDBYEBS
1.EBSGener al Pur
poseSSD(gp2)
2.Provi
sionedI OPSSSD(io1)
3.ThroughputOpt i
mizedHDD( st1)(
cantseeforr
ootadda
newebcv olumeandcheck,
itsnotabootvol
ume)
4.ColdHDD( sc1)
 Gener alPur pose SSD ( gp2)v olumes,y ou can expectbase

performanceof3I OPS/ GiB,witht heabi li
tytoburstt o3,000
IOPSf orext endedper i
odsoft i
me. Gp2 volumesar eidealfora
broadr angeofusecasessuchasbootv olumes,smal land
medi um- size dat abases, and dev elopment and t est
environment s.
Gp2 volumessuppor tupto10, 000IOPSand160
MB/ soft hroughput.
 Provisioned I OPS SSD ( i
o1)v olumes,y ou can provi
sion a
specificl evelofI /O performance. Io1
volumessuppor tupt o
20,000I OPSand320MB/ soft hroughput .Thisall
owsy out o
predictablyscal etotensoft housandsofI OPSperEC2i nstance.
 ThroughputOpt i
mi zed HDD ( st1)v ol
umes pr ov i
de low-cost
magnet ic storage t hat defines per f
or mance i nt erms of
throughputr athert hanI OPS.Wi ththroughputofupt o 500
MiB/ s,t hisv olume t ype i
s a good f i
tf orlarge,sequent ial
wor kloadssuchasAmazonEMR,ETL,dat awar ehouses,and
l
ogpr ocessing.
 ColdHDD ( sc1)v olumespr ov i
del ow-costmagnet i
cst orage
thatdef i
nesper f
or mancei nt er
msoft hroughputrathert han
IOPS.Wi ththroughputofupt o250Mi B/s,
sc1 i
sagoodf iti
deal
for l arge,sequent ial,cold-data wor kloads.I fy ou require
i
nfrequentaccess t oy ourdat a and ar elooking to sav e
cost s,
sc1 providesi nexpensivebl ockstorage.
 EBSv olumesar ecreatedi naspeci fi

cAv ail
abil
it
yZone, andcan
thenbeat tachedtoanyi nstancesi nthatsameAv ai
labil
it
yZone
 Youcanmountmul tiplev ol
umesont hesamei nstance,but
eachv olumecanbeat tachedtoonl yonei nstanceatat ime.
 Tomakeav olumeav ail
ableout si
deoft heAv ail
abil
it
yZone, you
cancr eateasnapshotandr estorethatsnapshott oanew
volumeany whereint hatr egi
on.Youcancopysnapshot sto
otherr egi
onsandt henr est
oret hem t onew v ol
umest here,
making i t easier to l ever
age mul ti
ple AWS r egions for
geographicalexpansi on,datacent ermi grati
on,and di sast
er
recovery.
(Not e:Cr
eate an i
nstance -> att
ach a new vol
ume tothat
i
nst ance->mountt hev olume- >addsomef i
l
es->detach->
attachthevol
umet oanot heri
nstance-
>v eri
fyt
hecont
entsare
present)
PRACTI
CAL
1.At
tachi
ngt
hev
olumet
odi
ff
erenti
nst
ance
addanewv olumetoanexist
ingi
nst
ance-
>mount
i
t- > add some cont
ent-> unmount-> det
ach t
he
vol
ume- >at
tacht
hevol
umetoanotheri
nst
ance-
>mount
andveri
fy
(
donotdet
acht
her
ootv
olume)
2.I
tispossi
blet
oext
endt
hesi
zeofav
olume
Sel
ectthev
olume->act
ion-
>modi
fyv
olume(
itmay
t
akesometimetotakeeff
ect
)
Snapshot
 Youcanbackupt hedat
aony ourEBSv
olumest
oAmazonS3
byt
akingpoi
nt-
in-
ti
mesnapshots.
 Snapshotsar
eincr
ement
albackups,
whichmeanst
hatonlythe
blocksonthedevi
cet
hathavechangedaft
ery
ourmostrecent
snapshotar
esaved
 Forcreat
ingconsistentsnapshotst
opt hevol
umeandtakethe
snapshot
,snapshotcanbet akenwithoutst
oppi
ngthevol
ume
butmaybei nconsistent
.
 Al
lsnapshot
sar
est
oredi
ns3ser
viceofaws.
 Thesesnapshot
scanbeusedt
ocr
eat
emul
ti
pleawsv
olume
acr
ossavail
abi
li
tyzone.
 Snapshot
scanbeshar
edwi
thspeci
fi
cawsaccount
sormade
publ
ic.
PRACTI
CAL
1.Cr
eat
esnapshotf
rom av
olume
Stoptheinst
ance-
>got
ovol
ume-
>act
ion-
>cr
eat
e
snapshot
2.Cr
eat
evol
umef
rom asnapshot
Sel
ectthesnapshot-
>acti
on- >creat
evol
ume-
>
sel
ectt
hedesir
edavai
l
abi
li
tysong.
3.Copy
ingsnapshot
Snapshotcanbecopi
edt
odi
ff
erentr
egi
on,copy
ing
i
nanot herregi
onhel
pst
ocr
eateav ol
umeinthat
regi
on
Selectthesnapshot-
>act
ion-
>copy-
>sel
ectt
he
desiredregi
on
4.Shar
ingsnapshot
Snapshotcanbeshar
edbet
weent
heuser
sormake
i
tpriv
ate.
Sel
ect the snapshot -
> act
ion -
> modi
fy
per
missi
on->publ
i
c
5.Del
etesnapshot
Sel
ectasnapshot-
>act
ion-
>del
ete
AMI
 An AmazonMachi neImage (
AMI )i
saspeci altypeof
vi
rt
ual
appli
ance
that i
s used to create a vi
rt
ual machi ne
wit
hin
the
AmazonEl asti
cComputeCl oud("EC2").Itserv
esast he
basicuni
tofdeploymentf
orserv
icesdeli
veredusingEC2.
LaunchPer
missi
ons
 TheownerofanAMIdet ermi
nesitsavai
labi
l
itybyspecif
ying
l
aunchpermissi
ons.Launchper
missionsf
alli
ntothefol
lowing
cat
egor
ies.
1.Publi
c- >Theownergr antslaunchpermissi
onstoall
AWSaccount s.
2.Expli
cit-> The ownergrantslaunch per
missi
ons t
o
specifi
cAWSaccount s.
3.Implici
t->Theownerhasi mpli
citl
aunchpermi
ssi
ons
foranAMI .
PRACTI
CAL
1.Cr
eat
ingami
Cr
eate and i
nstance wi
th webpage -
>
creat
e snap from volume -> cr
eat
ei mage
fr
om snap->launch
2.Launchper
missi
on
Sel
ect t
he ami -
> modi
fy i
mage
per
missi
on
3.Copy
ingt
heami
Sel
ecttheami- >copy.(
whil
ecopyi
ng
the amit he snapshotwi
llbe copi
ed t
oo
dest
inati
on)
SECURI
TYGROUPS
 A secur
itygroup
acts as a v i
rtualfi
rewallthatcontrol
st he
tr
affi
cforoneormor einstances.
 When y ou l
aunch an instance,y ou associ
ate one ormor e
securi
ty gr
oups witht he instance.You add rules to each
securi
tygroup thatallow t r
affi
ct o orf r
om its associ
ated
i
nstances.
t henewr ulesar eautomatical
l
yappliedt
oal
linst
ancest
hatar
e
associ
atedwi tht hesecuri
tygroup.
 Max500sg.
 Max100r ulesforasg( 50inboundand50out
bound)
 Foreachr ule,y
ouspeci fyt
hef ol
lowi
ng.
1.Type: protocol
2.Protocol: Thepr ot
ocol t
oal l
ow.
3.Portr ange:ForTCP,UDP,oracust om prot
ocol
,the
rangeofpor t
st oallow.Youcanspeci fyasingl
eport
number( forexampl e,
22),orrangeofportnumbers(f
or
exampl e, 7000-8000).
4.Sourceordest inat
ion:Thesour ce(inboundrul
es)or
destination(outboundr ules)forthet
raffi
c
AmazonEC2KeyPai
rs
 Amazon EC2 uses publ ic–keycr ypt

ogr aphyt o encryptand
decr yptl ogini nformati
on.Publ ic–key cr yptography uses a
publickeyt oencr yptapieceofdat a,suchasapasswor d,then
ther eci
pientusest hepri
vatekeyt odecr yptthedat a.Thepubl i
c
andpr i
vatekey sar eknownasa keypai r
.
 Tol ogi nt oy ourinstance,y oumustcr eateakeypai r,specif
y
thenameoft hekeypai rwheny oul auncht hei nst
ance,and
prov i
det hepr i
v at
ekeywheny ouconnectt otheinstance. Li
nux
i
nst anceshav enopasswor d,andy ouuseakeypai rtol ogin
using SSH.
Wi th Windowsi nst
ances,y ou usea keypai rto
obtaint headmi ni
strat
orpasswor dandt henloginusi ngRDP.
 Max5000key pair
.
PRACTI
CAL
1.Del
eti
ngakey
Gotokey
pai
r->sel
ectt
hepr
ivat
ekeyy
ouwantt
o
del
ete
2.I
mpor
tkey
Openput
tygen->creat
epubl
ickey-
>impor
t{wot
userhav
eispriv
atekeyandwhatawshav
eispubl
ic
key)
El
ast
ici
p
 An Elast i
cI P addr ess isa st aticI Pv 4 addr essdesi gned for
dynami ccl oudcomput ing.
 WithanEl asticI P address,y oucanmaskt hef ailureofan
i
nstance orsof t
war e by r apidlyr emappi ng the addr ess to
anotheri nst ancei nyouraccount .
 TouseanEl asti
cI P addr ess,y ouf irstallocateonet oy our
account ,andt henassoci at ei twithy ouri nstanceoranet work
i
nterface.
 Wheny ouassoci ateanEl asticIPaddr esswi thani nstanceor
i
tspr imar ynet wor kinterface, thei nst ance' spubli
cI Pv 4addr ess
(i
fithadone)i sr el
easedbacki ntoAmazon' spoolofpubl i
c
IPv4addr esses.Youcannotr euseapubl i
cI Pv4addr ess.
 Adi sassoci atedEl asticIPaddr essr emai nsal l
ocat edt oy our
accountunt i
ly ouexpl i
cit
lyr eleasei t.
I fan El ast i
cI P address i s notassoci ated wi t
har unning
i
nstance,ori fi tisassoci atedwi thast oppedi nstanceoran
unattachednet worki nterf
acei twi l
l bechar ged.
 AnEl ast i
cI Paddr essi sregi onspeci f i
c.
 Wheny ouassoci ateanEl ast i
cI Paddr esswi thani nst ancethat
previouslyhadapubl icIPv 4addr ess,t hepubl icDNShost name
ofthei nst ancechangest omat cht heEl asti
cI Paddr ess.
 5Elast i
cI Paddr essesperr egi on.
Pr
act
ical
1.Associ
atei
p
Gotoelast
ici
p- >all
ocateanew address->al
l
ocat
e->
act
ions-
>associ
ateaddress->sel
ecti
nst
ance
2.Di
ssoci
atei
p
Sel
ectt
hei
nst
ance-
>di
ssoci
atei
p
3.Rel
easei
p
Sel
ecti
p->r
elease(
onl
yaf
terdi
ssoci
atewecanr
elease)
Net
wor
kint
erf
aces
 Anelasti
cnet workinterf
ace( networ kint
erface)isavi
rtualnet
wor
k
i
nter
facet haty ou can attach to an instancein aVPC.Net wor
k
i
nter
facesareav ai
lableonlyforinst
ancesr unninginaVPC.
 Anetworkinterf
acecani ncludethef oll
owingattr
ibut
es:
1.Apri
mar ypri
vat
eIPv 4address.
2.Oneormor esecondarypri
v at
eIPv4addresses
3.OneElasti
cIPaddress(IPv4)perpri
vat
eIPv 4addr
ess
4.OnepublicI
Pv4address
5.Oneormor eIPv6addresses
 Youcancr eat
eanet worki nterf
ace, attachi ttoaninstance,detachit
from ani nstance,
andat tachi tt
oanot herinstance.
 Wheny oumov eanet worki nterfacef rom onei nstancet oanot her,
net worktraffi
cisredi
rectedt othenewi nstance.
 Ev eryinstance in a VPC has a def aul tnetworki nter
face,cal l
ed
the primarynet workinterface (
eth0) .Youcannotdet achapr i
mar y
net worki nter
face fr
om an i nstance.You can cr eate and attach
addi t
ionalnetworkint
erfaces
(Themaximum numberofnet
wor
kint
erf
acest
haty
oucanusev
ari
es
byinst
ancety
pe).
Pr
act
ical
1.Cr
eat
ingnewnet
wor
kint
erf
aces
Createnetworki
nter
faces-
>adddescr
ipt
ion-
>subnet-
>pr
ivat
e
i
p(def
ault)->secur
it
ygroup
AWSCLI
 TheAWSCommandLi neInterf
ace( CLI
)isaunifi
edtoolt
omanage
yourAWSser vi
ces.Wit
hjustonet oolt
odownloadandconfi
gur
e,you
can contr
olmul t
ipl
e AWS ser v
ices fr
om the command li
ne and
automatethem t
hroughscri
pts.
Pr
act
ical
1.At
tachi
ngs3r
olet
oec2
Cr
eatear ol
eso thatf r
om ec2 i
tispossibl
eto
accesss3->Launchandawsami( nootheramican
access s3 by defaul
t)- > sel
ect t
he rol
e whil
e
creat
ing-
>launcht
heinstance
2.Hel
p
#aws
#awss3hel
p
3.Accessi
ngs3f
rom ec2
#awss3l
s
Cmdt
oli
stal
lbucket
sins3
4.Cr
eat
ingbucket
#awss3mbs3:
//<bucketname>
Cmd t
o cr
eat
ebucketwi
thoutspeci
fyi
ng a
r
egi
on
#awss3apicreat
e-bucket-
-bucket<bucketname>-
-
regionus-east
-1(
cannotcreat
einallregi
onbecauseof
endpoint)
5.Copy
ingt
obucket
Bucketmustapermi
ssi
onsot
hatwecanwr
it
ethe
changestobucket
#awss3cp<F.
N>s3:
//<bucketname>
6.Copy
ingf
rom bucket
#awss3s3:
//<bucketname>/
<F.
N>.
7.Sy
nci
ngBucketwi
thl
ocal
disk
#awss3sy
ncs3:
//<bucketname>.
Cmd t
o sy
ncal
ldat
afr
om buckett
olocal
st
orage
8.Del
eti
ngabucket
#awss3r
bs3:
//<bucketname>
#awss3r
bs3:
//<bucketname>-
-f
orce
Cmdt
oremov
eanon-
empt
ybucket
#awss3api
del
ete-
bucket-
-bucket<bucketname>
(not
e:Mumbair
egi
onbucket
sar
enotsuppor
tedi
n
awscli
)
AWSCLIi
nRHEL
1.I
nstal
lthepython
2.I
nstal
lpip(Bydefaul
tthepackagedoesnotcomes
wit
hr eposi
tory,downl
oad and inst
allpython-
pip
f
rom rpmfi
nd.net,
#yum l
ocal
inst
allpy
thon-
pip)
(pi
p i
s a package managementsyst
em used t
o
i
nstallandmanagesof twar
epackageswri
tt
enin
Python)
3.Checkpipisinstal
l
edornot(#pi
pli
st)
4.Use pip to i nst
allawscl
i( #pi
p inst
allawscli
bot
ocore,botocoreisthepackageawscliusesf
or
al
lit
swor k)
5.Useawscmd( #awss3l s
AWSCLIi
nWI
NDOWS
1.Launchanwi ndowsinst
ance
2.Login
3.Inst
allawscl imsii nst
all
er fr
om aws website
(googl
ef orawscli
forwi
ndows)
4.Opent hecmdpr omptandstar
texecut
ingawscmd.
BOOTSTRAPSCRI
PTS
 Bootst
rapscr
ipt
sareusedforexecuti
ngthesetofcmdsorscr
ipt
sto
runassoonasec2-
inst
ancegoesliveinr
ootlev
el.
 Wecandoaut omat
ionbyusingthescri
pts
Pr
act
ical
Cr
eat
eani
nst
ance-
>redhatami-
>adv
anceddet
ail
->asat
ext
-
>
#!
/bi
n/bash
y
um i
nst
all
-yht
tpd
sy
stemct
lrest
artht
tpd
sy
stemct
lenabl
eht
tpd
echo“
checki
ngf
orboot
str
apscr
ipt
”>/
var
/www/
html
/i
ndex.
html
sy
stemct
lrest
artht
tpd
sy
stemct
lenabl
eht
tpd
-
>addSG(
sshandht
tp)-
>launch-
>wai
tti
l
l
st
atuschecki
s2/
2.
LOADBALANCER
 Elasti
cLoadBal anci
ngdistr
ibut
esincomingappl
icat
iontr
aff
icacross
mul t
ipl
eEC2i nstances,i
nmul t
ipl
eAv ai
l
abil
i
tyZones.Thi
sincreases
thefaultt
oler
anceofy ourappli
cat
ions.
 Theloadbalancerser
vesasasi nglepointofcontactforcl
i
ents,
whichi
ncreasestheav
ailabi
l
ityofyourappli
cat
ion.Youcanaddand
removei
nstancesfr
om yourloadbal
ancer.
Pr
act
ical
1.Cr
eat
ingal
oadbal
ancer
Cr eateani nstance( r
hel )- >installhttpd- >ser v i
cer estart
->cr eateindex. html( anycont ent )- >ser vi
ce- >addht tpf orsg- >
checki tiswor king- >got oloadbal ancer- >basedont hel oad
balancery ouneedsel ectt heloadbal ancer->cl assicl oadbal ancer
->addanameanddef aul tvpc- >sel ectsgwhi chsuppor tsshand
htt
p- >conf i
gureheal thcheck- >r esponset imeout( 5sec:t i
met o
waitwhenr eceiv i
ngar esponsef rom t heheal thcheck)- >i nterval
(amountoft i
mebet weenheal thchecks)- >unheal thyt hreshol d(2
noofconsecut iveheal thcheckf ail
uresbef oredecl aringanEC2
i
nst anceunheal thy ,not e:i n60seci tchecks2t imesi ncei nterval
i
s 30)- > heal thy t hreshol d( no ofconsecut ive heal th check
successesbef or edecl aringanec2i nstanceheal thy )- >addt he
i
nst ance->enabl ecr ossendl oadbal anci ng (
cr oss end l oad
balancing di stribut es t raffi
c ev enly acr oss al ly ourback- end
i
nst ancesinal lav ailablezones)- >enabl econnect i
ondr aining(the
no.ofsect oal lowexi stingt r
af f
ict ocont i
nuef l
owi ng)- > cr eate- >
waitf or1mi nt illitbecomei n-ser vi
ce( statusofi nst ance)- >get
thepubl icdnsofl oadbal ancerandpast ei tint henew t abe. g.
dns/ i
ndex.ht ml
 Wheny oucreat
ealoadbal ancerinaVPC, y
oumustchoosewhet her
to make itan int
ernalload balanceroran I nt
ernet
-f
aci
ng load
bal
ancer.
 The nodes ofan I nter
net-f
acing l
oad balancerhave publi
cI P
addresses.TheDNS nameofanI nter
net
-faci
ng l
oad bal
anceris
publi
clyresol v
abletot hepubl icIPaddressesofthenodes.Ther ef
ore,
I
nternet-facingloadbal ancerscanr outerequest sfrom cl
ientsov er
theInter
net .
 Thenodesofani nternal l
oadbal ancerhaveonlyprivateI
Paddr esses.
TheDNSnameofani nternalloadbalancerispubl i
clyr
esolvablet o
the priv
at eI P addr esses oft he nodes.Ther efore,i
nternalload
balancerscanonl yr out erequestsf r
om client
swi t
haccesst othe
VPCf orthel oadbal ancer.
 Max20l oadbal ancerperr egion.
 Max5SGf orloadbal ancer .
 Max1subnetf orloadbal ancer.
 Deleti
ngal oadbalancerdoesnotaf f
ectit
sEC2i nstance.
PLACEMENTGROUPS(
ONLYTHEORY)
 A placementgroup i
sal ogicalgroupingofi nstanceswi thinasingle
Av ai
labi
li
tyZone.
 Placementgr oupsar erecommendedf orappl icationsthatbenef i
t
from lownetworkl at
ency,highnet workthroughput ,orboth.
I fyoustopani nstanceinapl acementgroupandt henstarti
tagain,i
t
stil
lrunsintheplacementgr oup.Howev er,thest artfai
l
sifthereisn'
t
enoughcapaci t
yfort heinst
ance.
 Apl acementgroupcan' tspanmul t
ipl
eAv ail
abil
i
t yZones.
 Thenamey ouspecifyforapl acementgr oupmustbeuni quewithin
yourAWSaccount .
(not
e:placementgroupconceptismainl
yusedin10Gnet wor k(f
or
connecti
ngDB,10gi gabi
tspersecond(or10bil
li
onbits)checkthe
i
nstance,i t
sav ai
l
ablewithinanAZ becauseit’
snotpossi bleto
connectfr
om oneAZt oanotherAZusi
ngthi
sconnect
ion).
AUTOSCALI
NG
 AutoScalinghel psyouensur ethatyouhavethecorrectnumberof

Amazon EC2 i nstances avail
ableto handlethe l oad foryour
appli
cati
on.
 Coll
ecti
onofec2i nst
anceiscall
edautoscali
nggroups.
 Wecanspeci f
yt hemi nimum andmaximum numberofi nst
ancesin
eachAut oScalinggr oup,andAutoScali
ngensurest hatyourgroup
nevergoesbeloworabov ethi
ssize.
 Wheny oucr eateanAut oScali
nggroup,youmustspeci fyalaunch
confi
gurati
on.
 Max20aut oscalinggroupsperregi
on.
Pr
act
ical
1.Cr
eat
ingaLaunchConf
igur
ati
onGr
oup
A launchconfigur
ati
on i
sat empl at
et hatanAutoScalinggroup
uses t ol aunch EC2 instances.When we cr eateal aunch
confi
gurati
on, wespeci
fyinformationf ortheinst
ancessuchast he
IDoft heAmazonMachi neI mage( AMI),theinst
ancet y
pe,akey
pair
,oneormor esecuri
tygr oups,andabl ockdev i
cemappi ng.I
f
wel aunchedanEC2i nstancebef ore,wecanspeci f
yt hesame
i
nformat i
oninordertol
auncht heinst ance.
Createlaunchconfi
gurati
on->sel
ectthei nst
ance-
>assi
gna
nameandr ol
eifany->addst or
age-
>conf i
gureSGsothati
tcan
accesshtt
pandssh- >assignakeypai
r->launch
2.Cr
eat
inganAut
oScal
i
ngGr
oup
Createanaut oscal inggroupwi thexi stingl aunchconf igurati

on
->assignagr oupname- >gr oupsi zewi th1i nstance- >sel ectthe
defaultnetwor k- > add subnetav ai
lablei nr egi on (subnet
representAZ, ifwesel ectonly1subneti nstancewi llbecr eatedin
thatAZf orfaul ttolerancecreatei nal lavailableAZ)- >usescal i
ng
poli
ciest oadj ustt hecapaci tyoft hisgr oup- >i ncreasegr oup
size->addanewal arm (givey ourmai lidsot hatwewi l
lr ecei
ve
mai li
fcpuut i
lizationr eachesabov et hel i
mi t)- >ls:60%- >per i
od
:1mi n->taket heact i
onadd1i nst ance- >decr easegr oupsi ze->
addanewal arm (gi veyourmai lidsot hatwewi l
lr ecei
v emai lif
cpuut i
li
zati
onr eachesabov ethel i
mi t)->l s:30%- >per i
od:1mi n
->taket heact i
onr emov e1i nstance- >conf i
gurenot if
ication->
addt ags->creat eaut oscal i
nggr oup.
(not
e:f
orveri
fi
cati
onlogi
ntoinst
anceanduse#y
es>/
dev
/nul
l&
or#dd/dev
/null
>/ dev
/nul
l)
.
Cl
oudWat
ch
 AmazonCloudWatchmoni
tor
syourAWSresour
cesandt
he
appl
i
cat
ionsyourunonAWSinrealt
ime.
 WecanuseCl
oudWatcht
ocoll
ectandtr
ackmet r
ics,
whichare
var
iabl
esy
oucanmeasur
eforyourr
esourcesandappli
cat
ions.
 CloudWat
chal
armssendnot
if
icat
ionsorautomati
cal
l
ymake
changest
other
esour
cesyouaremonitor
ingbasedonrul
est
haty
ou
defi
ne.
 2t
ypes
1.Basi
cCl
oudwat
ch–Moni
tor
sinev
ery5mi
n
2.Det
ail
edCl
oudwat
ch-Moni
tor
sinev
ery1mi
n
 Basi
cmoni
tormat
ri
cesar
efr
eef
orEC2,
EBS,
ELB,
RDS.
 Bydef
aul
t,basi
cCl
oudWat
chi
senabl
ed.
Pr
act
ical
1.Det
ail
edCl
oudWat
ch
Wecanenabledetail
edCl
oudWatchei
therwhi
lecreat
ing
ani
nstanceorcl
ickingonact
ion-
>CloudWatch->enable
det
ail
edmonitor
ing
2.Cr
eat
eanal
arm
Cl
oudwat ch- >createanal ar
m- >ec2met ri
cs->per -
i
nstancemet ri
cs->sel ectanalarm( cpuuti
li
zati
on)->
name( highl oadavg)->descr i
pti
on( highloadavg)->
whenev er( cpuut i
li
zationismor ethan80%)- >actions->
whenev ert hisalarm( statei
sALARM)- >sendnot if
icati
on
to(l
oadav g)- >+EC2opt i
on(opti
onal opt
ion)->takethis
acti
on(st opt hisinstance)->period(ifwewantt o
change).
or
selectthei
nstance->act
ion->cl
oudwatch->edi
t/
add
alarm- >cr
eateaalarm->shutdowntheinst
ancewhen
reachingcpuuti
li
zat
ion60%->save.
CREATEABI
LLI
NGCYCLE
 Wecanmoni
torourAWS cost
sbyusi
ngCl
oudWat
ch.Wi
th
CloudWatch,y
oucancr eatebi
ll
ingaler
tsthatnot
if
yuswhen
ourusageofserv
icesexceedsthreshol
dsthatwedefi
ne.
 Wecanspeci fythesethreshol
damount swhenwecr eat
ethe
bil
l
ingaler
ts.
 Whenourusageexceedst heseamount s,AWSsendsusan
emailnoti
fi
cat
ion.
 Wecanal sosignupt
oreceivenot
if
icat
ionswhenAWSprices
change.
PRACTI
CAL
Got o my bil
li
ng dashboard- > al
erts $ noti
fi
cat
ion -
>
receiv
ebi l
l
ingaler
t->managebi l
li
ngalert(i
twi l
ltakeyouto
cloudwat chinN.Vi
rgini
a) ->clickonbill
ing->createal
arm->
exceed( $10)->sendanotif
icat
ionto->newl i
st->giveamaili
d
->createanal ar
m- >checkmailforconfi
rmati
on.
S3
 AmazonSi mpleSt orageSer vice(AmazonS3)i sobj

ectstor
agewitha
simplewebser vicei nterfacetostoreandr etri
eveanyamountofdata
from any whereont heweb.
 S3i sobjectbasedi .e.allowsy outoupl oadf i
l
es.
 Filesarest or
edinbucket .
 Abucketi salogicaluni tofstorageusedt ostoredatai
nS3.Buckets
hav eauni quenamespacef oreachr egion.
 S3i sregionspeci fi
ci .e.dataisstoredi nbotht heAZoftheregi
on.
I tisdesignedt odel iver99.999999999%dur abil
it
y.
 Amazon S3 suppor ts datat r
ansf er over SSL and aut omati
c
encryptionofy ourdat aoncei tisuploaded.
 Filescanbef rom 1by teto5t b.
 Bydef ault,youcancr eateupt o100bucket sineachofy ourAWS
account s.
 A bucket hasno size li
mi t
.Itcanst orenumber sofobject
sofany
si
ze
Fr
eeUsage
1.Free5GBusagestor
age
2.20,000gets
3.2000puts
4.15GBdat atr
ansf
er
(
All
aremont
hlybasi
s)
St
oraget
ype
1.Standar
ds3st or
age
2.Standar
ds3-I nf
requentAccess
3.Reducedredundancy
4.Amazongl aci
er
 Standard s3 st orage: This st orage cl ass i s i deal for

performance- sensiti
veusecasesandf requentlyaccesseddat a.
Itisthedef aultstorageclass;i
fyoudon' tspeci f
ystoragecl ass
atthet i
met hatyouupl oadanobj ect ,AmazonS3assumest he
standardstor ageclass.
 Standards3-I nfr
equentAccess(St andar d-I A):Thisst orage
class(IA,fori nf
requentaccess)i sopt imizedf orlong-li
vedand
l
essf requent l
yaccesseddat a,f
orexampl ebackupsandol der
datawher eofaccesshasdi minished,butt heusecasest il
l
demandshi ghper formance.
 Reducedr edundancy :
TheReducedRedundancySt orage( RRS)
storage class is desi gned fornoncr i
ti
cal,r eproducible dat a
stored atl owerl ev els ofredundancyt han t he STANDARD
storageclass, whichr educesst oragecosts.Thedur abil
itylev el
correspondst oanav erageannualexpect edl ossof0. 01% of
objects.Forexampl e,ifyoust ore10,000obj ectsy oumayl oss
100f i
les.
 Amazon gl acier
:The GLACIER stor
age class is suitabl ef or
archivi
ng dat a wher e data access i si nfrequent.Ar chived
objectsarenotav ail
ableforr eal-ti
meaccess.Youmustf ir
st
restore t he obj ects bef ore y ou can access
them. The GLACI ER storage cl ass uses t he v eryl ow- cost
AmazonGl acierstorageser vi
ce.
(not
e:
ini
tial
lyyoumi ghtupl
oadobjectsusi
ngtheSTANDARD
stor
ageclass,andthenuseabucketli
fecycl
econfi
gurat
ionr
ule
totr
ansit
ionobject
sSTANDARD_ I
AorGLACI ERstorage)
(
not
e:consi
stencymodels3usesr ead-
aft
er-
writ
econsi
stency
forPUTSofnewobject
sandev ent
ualconsi
stencyf
oroverwri
tePUTSand
DELETES)
Cr
eat
ingabucket
1.Cr
eat
ingabucket
Creat
ebucket->sel
ectauni
quename-
>sel
ectt
her
egi
ony
ou
wanttocreat
ebucket
2.Cr
eat
eaf
older
Sel
ectt
hebucket-
>cr
eat
eaf
older
3.Addi
nganobj
ect
Sel
ectt
hebucket-
>upl
oadt
hef
il
e
4.Makepubl
i
c
Sel
ectt
hef
il
e->pr
oper
ti
es-
>makepubl
i
c
Per
missi
on
 Bucketpermissi
ons specif
y who i
s al
lowed access t
othe
object
sinabucketandwhatper missi
onsyouhav egrant
ed
them.
 Youcangranttheper
mi ssi
onfor
:
1.Everyone—Usethi
sgrouptograntanonymousaccess
2.Authenti
cat
edUser s—Thisgr
oupconsi stsofanyusert hat
has an Amazon AWS Account .When y ou grant the
Authenti
cat
ed Usergr oup permissi
on,any v ali
d signed
requestcanper
formt heappr
opri
ateaction.Therequestcan
besignedbyeit
heranAWSAccountorI AM User.
3.LogDeli
very
—Thisgroupgrant
swri
teaccesstoy ourbucket
whenthebucketi
susedtostor
eser
veraccesslogs.
4.Me—Thisgroupref
erstoyourAWSrootaccount,andnotan
I
AM user.
S3VERSI
ONI
NG
 Ver
sioni
ngi
sameansofkeepi
ngmul
ti
plev
ari
ant
sofanobj
ect
i
nthesamebucket .Youcanuseversi
oningtopreserve,r
etr
iev
e,
andrestor
eeveryversi
onofever
yobjectstor
ediny ourAmazon
S3bucket.Withv er
sioni
ng,y
oucaneasi lyrecoverfrom both
uni
ntendeduseracti
onsandappli
cati
onfail
ures.
 Onceweenablev er
sioni
nabucket,i
tcannev erret
urntoan
unversi
onedst
ate.Youcan,howev
er,suspendv er
sioni
ngon
thatbucket
.
Pr
act
ical
(not
e:Beforeenabli
ngv ersiontocreat
eaf i
lef1withany
content(
hi)-
>uploadi t-
>t henremovethecontentandadd
anothercontent(hel
lo)-> u can see the ol
d contenti
s
repl
acedwiththenewcont ent)
1.Enabl
ever
sioni
ng
Sel
ectt
hebucket-
>enabl
ever
sioni
ng
(not
e:dothesameprocessasaboveinv
ersi
ont
abgof
or
showyoucanseeal
lthever
sionoff
il
e)
(
note:itallal
sopossi
blet
or ecovert
hedelet
edfi
legot o
ver
siontab->show-
>delet
ethefil
ehavi
ngthename“del
ete
marker”
)
2.Suspendi
ngv
ersi
oni
ng
Sel
ectt
hebucket-
>suspendv
ersi
oni
ng
Li
fecy
cleManagement
 Youcanmanaget heli
fecycleofobj
ectsbyusing Li
fecycl
erules.
 Lif
ecyclerul
esenableyout oautomati
call
ytransiti
onobject
st o
the St
andard-Infr
equentAccess St
orageClass,and/ orar
chive
objectstot he
Glaci
er
StorageClass,and/orr emov eobjects
afteraspeci
fiedti
meper i
od.
Pr
act
ical
1.Addi
ngaLi
fecy
cler
ule
Createabucket->enablever si
on->gotol ifecycl
e->add
rul
e->addrul
eeithertobucketortothedirector yinabucket
->act
ionsoncurr
entv er
sion->selectt
heopt iony ouwantt o
enabl
e->acti
onsonpr evi
ousv ersi
on(forv
er sioning,whatto
doforfil
ealr
eadyexisti
ng)->r evi
ew->creat eandsav ethe
rul
e.
(note:you can di
rect
lyupload f
il
es to st
andard st
orage,
standardstorage-I
A,reducedredundancy,whil
eselecti
ng
thef i
leforuploadi
ngselectsetdetail
s- >selectstor
age
type).
Rest
ori
ngf
rom gl
aci
er
 Objects ar chived t o Amazon Glacier are not

accessibleinr eal-
ti
me.
 Wemustf i
rsti ni
ti
atearestorerequestandt hen
waituntilat empor ar
ycopyoftheobjecti
sav ai
l
able
forthedur ation(numberofdays)t
haty ouspeci
fyin
therequest .

 AmazonS3pr ocessesonl
yonerest
orer
equestata
ti
meperobject.
 Temporar
yobj ectiscopi
edtoRRSstor
age,sowe
havet
opayf orglaci
eraswel
lasRRS.
Pr
act
ical
Selecttheobj
ect->init
iat
er estore->Speci f
yt he
numberofday st hatyourar chived data wil
lbe
accessi
ble(5,so data wi l
lbe abl et o access
temporari
l
y)-
>selectr
etri
evaloption->restor
e
St
ati
cwebsi
tehost
ing
 Youcanhostast at
icwebsiteonAmazonS3.Onast ati
c
website,
indiv
idualwebpagesincludest
ati
ccontent
.
 To hosty ourst at
ic websi
te,you conf
igur
e an Amazon S3
bucketf orwebsi t
e hosti
ng and then upl
oad yourwebsi
te
contenttothebucket.

Pr
act
ical
1.Cr
eat
ingst
ati
cwebsi
te
Cr
eateabucket->addt hefil
es( i
ndex.ht
ml anderrorpage)
->makepubl i
c->giv epermissi
onf orbuckett oeveryone->
cli
ck on enable website hosting ->index document- >
i
ndex.ht
ml- >errordocument( usedt oshow cust om err
or
messages rather than unreachable er r
or)- > err
or.
html
(i
ncorr
ectwebsite)-
>clickonendpoi nttoview
(
not
e:i
fweent
eri
ncor
rectur
litwi
l
ldi
spl
ayt
hemessage
f
rom er
rorpage)
2.Redi
rectal
lrequestt
oanot
herhost
Redirect
sallr
equestt
o- >ent
erthedomain(
her
ejustgi
ve
gmail
.com toshowhowr edir
ect
ionworks)
Loggi
ng
I nordertot r
ackr equestsforaccesstoyourbucket,y
oucan
enableaccesslogging.
 Eachaccessl ogr ecordpr ov
idesdetai
l
saboutbucketname,
requestt
ime, r
equestact i
on,r
esponsestat
us,
ander r
orcode,
if
any.
 Accesslogi nfor
mat i
oncanbeusef uli
nsecuri
tyandaccess
audit
s.
 Loggingisregi
onspeci f
ic.
Pr
act
ical
1.Enabl
eloggi
ng
Sel
ectbucket->gi
vepermi
ssiontol
ogdel
i
ver
y->logging
->enabled->t ar
getbucket(
bucketnamewher
eyouwant
AmazonS3t osav etheaccesslogsasobj
ect
s)->target
prefi
x(l
ogfil
ename) .
Cr
oss-
regi
onr
epl
i
cat
ion
 Cr
oss-
regi
onr
epl
i
cat
ioni
sabucket
-l
evelf
eat
uret
hatenabl
es
automat i
c,asynchronouscopy i
ngofobjectsacrossbucket sin
diff
erentAWSr egions.
 Theobj ectrepl
icasint hedest i
nat
ionbucketareexactr epli
cas
oft heobjectsint hesour cebucket.Theyhav ethesamekey
namesandt hesamemet adata.
 Existi
ng objects ofsour ce bucketwi l
lnotbe copi ed to
dest i
nat
ionbucket.
 The sour ce and dest inati
on buckets mustbe v ersioni
ng-
enabled.
 Thesour ceanddest i
nat i
onbucketsmustbei ndi f
ferentAWS
regions.
 Youcanr epli
cateobj ectsf r
om asour cebuckett oonl yone
dest i
nat
ionbucket.
Pr
act
ical
1.Cr
eat
ecr
ossr
egi
onr
epl
i
cat
ion
Selectthebucket- >enablev er
sioni
ng- >enablecross
region repl
icati
on -
> source bucket-> desti
nati
on r
egion
(Oregon) - > desti
nation bucket (giv
e any name) - >
Dest i
nati
onst or
ageclass(any
)->createaniam rol
e->save
Ver
if
ybyupl
oadi
ngaf
il
einsour
cebucket
.
(
not
e:v
eri
fyl
ogsaf
tercr
ossr
egi
onr
epl
i
cat
ion)
S3Mul
ti
par
tUpl
oad
 S3multi
par
tal
lowsy outouploadasi ngl
eobjecti
nmul
ti
plepar
t.
Theobj
ecti
sassembl edaf
terall
uploads.
 Par
tscanbeuploadedinparal
lelf
orhighthr
oughput
.
 Upl
oadscanbepausedandr esumed.
 Obj
ect
scanbeupl
oadedandwhi
l
ewear
ecr
eat
ingi
t.
S3Dat
aEncr
ypt
ion
 S3dataencr y
pti
onprovidesaddedsecuri
tyforyourdata.
 Server
-si
deencr y
pti
onencr y
ptsy ourdat
abef orestor
ingiti
nits
datacenteranddecr
y pt
sitwheny ouaccessit
.
 S3uses256- bitAdvancedEncrypti
onStandard( AES)toencr
ypt
yourdata.
Ev
ent
s
 The Amazon S3 noti

fi
cat
ion feat
ure enabl
es you t
orecei
ve
noti
fi
cati
onswhencer
tai
nev ent
shappeninyourbucket
.
 Eventsar
e
1.Anewobjectcr
eatedevent
2.Anobj
ectremovalevent
3.AReducedRedundancyStor
age(
RRS)obj
ectl
ostev
ent
Tags
 Tagsareusedtoident
if
yandcat
egor
iesy
ourawsresour
ces.
 Wecanuset agstoorgani
zeyourAWSbil
ltorefl
ectyourown
costst
ruct
ure.
 Tagsconsi
stsofkeyandval
ue.
(
not
e:mai
nlyusedt
oident
if
yfr
om whi
chbucketbi
l
lishi
gh)
Request
erPay
sbucket
Ingener al
,bucketownerspayf orallAmazonS3st or
ageanddata
transf
ercostsassoci
atedwiththeirbucket.
 Wi t
hRequesterPaysbuckets,therequesterinst
eadoft
hebucket
ownerpay sthecostoft herequestandt hedatadownloadfr
om
thebucket.Thebucketowneral way spay sthecostofstor
ing
data.
 Wecanconf i
gur
ebucket
stobeRequesterPayswhenyouwantt
o
share dat
a but not i
ncur char
ges associ
ated wi
th ot
her
s
accessi
ngthedat
a.
AmazonS3Tr
ansf
erAccel
erat
ion
 Amazon S3 Tr ansferAcceler
ation enables fast,easy ,and
securet ransfersoff ilesoverlong distancesbet ween y our
cl
ientandanS3bucket
 TransferAccel er
ationtakesadvantageofAmazonCl oudFront’s
global
lydi stri
butededgel ocat
ions.Ast hedat aar r
ivesatan
edgel ocation,dataisroutedtoAmazonS3ov eranoptimized
networ kpath.
 When usi ng Tr ansferAcceler
ation,additionaldatat ransfer
chargesmayappl y
.
Use
 customersthatupl
oadtoacentral
izedbucketf
rom allovert
he
wor l
d.
t r
ansfergigabyt
es toter
abytes ofdata on a regularbasi
s
acrossconti
nents.
 underut
il
ize t
he avai
l
abl
e bandwidth overthe I
nternetwhen
uploadi
ngtoAmazonS3
St
orageManagement
 AmazonS3StorageManagementcapabi
l
iti
eshel
psy
oubet
ter
anal
yzeandmanageyourst
orageby
1. S3Obj
ectTaggi
ng
2. S3Anal
yti
cs,
Stor
ageCl
assAnal
ysi
s
3. S3I
nvent
ory
4. S3Cl
oudWat
chMet
ri
cs
 S3Obj ectTagging –WithS3Obj ectTaggi ngy oucanmanage
andcont r
olaccessf orAmazonS3obj ects.S3Obj ectTagsar e
key-valuepairsappl i
edtoS3obj ectswhi chcanbecr eated,
updatedordel et edatanytimedur ingthel if
eti
meoft heobj ect
.
Witht hese,you’l
l havet
heabi l
it
yt ocreateI denti
tyandAccess
Management( I
AM)pol i
cies,setupS3Li f
ecy cl
epolici
es,and
customi zestoragemet ri
cs.Theseobj ect -
leveltagscant hen
managet ransi
tionsbetweenst oragecl assesandexpi reobjects
i
nt hebackgr ound.
 S3 Anal y
t i
cs,St orage Cl ass Anal ysis – Wi th st orage cl ass
anal
y sis,y ou can anal yze st orage access pat terns and
tr
ansitiont her i
ghtdat atot her ightst or agecl ass.Thi snewS3
Analyti
csf eatureaut omat ical l
yi dent i
fiest heopt i
mall if
ecy cl
e
poli
cyt ot ransit
ionlessf r
equent lyaccessedst oraget oSI A.You
canconf igureast or agecl assanal ysispol i
cyt omoni toran
enti
rebucket ,apr efi
x, orobj ectt ag.Onceani nf requentaccess
patt
er ni sobser ved,y oucaneasi lycr eat eanew l ifecycleage
poli
cy based on t he r esul ts.St or
age cl ass anal ysis also
provi
desdai l
yv i
sualizationsofy ourst or ageusagei nt heAWS
ManagementConsol e.Youcanexpor ttheset oanS3buckett o
anal
y zeusi ngt hebusi nessi nt ell
igencet oolsofy ourchoi ce,
suchasAmazonQui ckSi ght .
 S3 Inv ent ory
– You can si mpl ify and speed up busi ness
workflowsandbi gdat ajobsusi ngS3I nv ent ory,whi chpr ovides
aschedul edal t
ernativ etoAmazonS3’ ssy nchronousLi stAPI .
S3Inv ent oryprov i
desaCSV( CommaSepar atedVal ues)flat-
fi
leout putofy ourobj ectsandt hei rcorrespondi ngmet adataon
adailyorweekl ybasi sf oranS3bucketorashar edpr efi
x.
 S3Cl oudWat chMet rics –Under st andandi mpr ov ethe
perf
or manceofy ourappl icat ionst hatuseAmazonS3by
monitor i
ngandal armi ngon13newS3Cl oudWat chMet ri
cs.
Youcanr ecei v
e1- minut eCl oudWat chMet rics,setCl oudWat ch
al
arms, andaccessCl oudWat chdashboar dst ov iewr eal -
ti
me
operationsandper f
or mancesuchasby tesdownl oadedandt he
4xxHTTPr esponsecountofy ourAmazonS3st orage.Forweb
andmobi l
eappl icati
onst hatdependoncl oudst orage,theselet
youquickl
yi dentifyandactonoper ati
onal i
ssues.Bydef aul
t,1-
minutemet ri
csar eav ai
l
abl eattheS3bucketl evel.Youal so
havetheflexibi
li
tyt odefi
neaf il
terf
orthemet r
icscol l
ected
usingashar edpr efi
xorobj ecttag,al
lowingy out oalignmet r
ics
tospecif
icbusinessappl ications,workfl
ows, orinternal
organi
zati
ons.
(Not AmazonS3br
e: owseri
sawi
ndowscl
i
entt
ool
tomanage
S3.)
PRACTI
CAL
(cr
eat
eabucket-
>per
missi
onev
ery
one-
>upl
oad
asmal
lvi
deo-
>publi
c)
1.Pl
ayi
ngt
hev
ideof
rom s3usi
ngWor
dPr
ess
LaunchanWor dPressi
nst ance->fr
om syslogof
i
nstancelogi
ntoWor dPresswebsi t
ewiththehelp
ofpubli
cip(user
name: user,password:
(getfrom
sysl
og)->cli
ckonpost- >addnewpost- >pastethe
vi
deolinkfr
om s3
2.Pl
ayi
ngt
hev
ideof
rom s3usi
ngFi
l
e
Cr
eat
eaf
il
eaddt
hef
oll
owi
ngcont
ent
<h1>Fr
om S3</
h1>
<v
ideowi
dth="
320"hei
ght
="240"cont
rol
s>
<sour
ce src="
htt
ps:/
/s3.
ap-sout
h-
1.
amazonaws.com/awscdncheck/vi
deopl
ayback.mp4"
ty
pe="
video/mp4">
</
video>
CDN
 Acont entdeli
verynetwor korcont
entdist
ri
butionnetwork(CDN)
i
sasy st
em ofdi str
ibutedserver
st hatdel
iverwebpagesand
otherwebcont entstouserbasedongeogr aphiclocati
onsof
theuser ,
theorigi
noft hewebpageandcont entdeliv
eryserver
 Thegoalofa CDN i
st oservecontenttoend- user
swi t
hhi gh
avail
abili
tyandhighper f
or mance.
AmazonCl
oudFr
ont
 Cloudfr
onti samazoncdn.
 AmazonCl oudFr onti sagl obalcont entdeli
verynet work( CDN)
servi
cet hataccel er at
esdel iveryofy ourwebsi tes,API s,vi
deo
contentorot herwebasset sthr ough CDN cachi ng.
I ti
ntegrateswi thot herAmazonWebSer vi
cespr oductssuchas
S3,ec2,ELB,Rout e53t ogivedev eloper
sandbusi nessesan
easywayt oaccel erat
econt entt oenduser swi t
hnomi ni
mum
usagecommi tment s.
 CloudFrontdel iv
er sy ourcont entt hroughawor l
dwidenet work
ofdatacent erscal lededgel ocat ions.
 When a user r equests cont ent t hat you're serving wi t
h
CloudFront,theuseri sroutedt ot heedgel ocationthatpr ovi
des
thelowestl atency ,sot hatcont entisdeliveredwi tht hebest
possibl
eper formance.I fthecont entisal readyi nt heedge
l
ocation wi th t he l owest l atency ,CloudFr ont delivers it
i
mmedi ately
.I fthe cont
entis notinthatedge locat
ion,
CloudFrontret
ri
evesi
tfrom anAmazonS3bucketoranHTTP
server
.
Cl
oudFr
ontdi
str
ibut
ions
1.Webdi str
ibuti
on– Usest heprotocolHTTP orHTTPSt o
di
str
ibutemedi acontent
2.RTMP di stri
buti
on – An RTMP ( Real
-Ti
me Messaging
Prot
ocol)d i
str
ibut
ionallowsanendusert obeginpl
ayinga
mediafil
ebef orethef i
lehasfi
nisheddownloadi
ngfrom a
Cl
oudFrontedgel ocati
on.
Ter
ms
1.Origi
nDomai nName- TheDNSdomai nnameoft he
AmazonS3bucketorHTTPser verf r
om whi chy ouwant
CloudFrontt ogetobj ect
sfort hisor igi
n
2.Origi
n Pat h -I fy ou wantCl oudFr ontt or equesty our
contentf r
om adi rectoryiny ourAmazonS3bucketor
yourcust om or i
gin,ent ert hedi rectorypat h,begi nning
witha/ .Cl oudFr ontappendst hedi rectorypat ht ot he
valueof OriginDomai nName.
3.Origi
nID-Ast ringt hatuni quelydi sti
nguishest hi
sor i
gin
fr
om otheror iginsint hisdistri
but i
on.
4.Restri
ctBucketAccess( AmazonS3Onl y)-Choose Yes i
f
youwantt or equi r
euser stoaccessobj ectsinanAmazon
S3bucketbyusi ngonl yCloudFr ontURLs, notbyusi ng
AmazonS3URLs.Thenspeci f
yt heappl i
cablev al
ues.
Choose No ify ouwantuser st obeabl etoaccessobj ect s
usingeitherCl oudFr ontURLsorAmazonS3URLs.
5.Viewerpr otocolpol i
cy-Chooset hepr otocolpolicyt hat
you wantv iewer st o use t o access y ourcont enti n
CloudFr
ontedgelocat
ions.
6.All
owedhttpmet hods-SpecifytheHTTPmet hodst
hat
you wantCloudFrontto process and f
orwar
dt oyour
ori
gin:
(note: GET, HEAD, OPTIONS, PUT, POST, PATCH,

DELETE: YoucanuseCloudFronttoget,add,update,and
deleteobject
s,andtogetobj
ectheaders.Inaddit
ion,you
canper f
or m ot
herPOSToper at
ionssuchassubmi tti
ng
datafrom awebf or
m)
7.Cached HTTP met hod -Speci fy whet her y ou want

CloudFr onttocachet her esponsef rom y ouror i
ginwhen
av i
ewersubmi tsan OPTI ONSr equest .CloudFr ontal ways
cachest heresponset o GET and HEAD request s.
8.Forwar dheader-Speci fywhet hery ouwantCl oudFr ontto
forwar dr equestheader st oy ouror igin serv erand t o
cacheobj ectsbasedonheaderv alues.
9.Objectcachi ng–Speci fyhowl ongt heobj ect
sst ayinthe
CloudFr ontcache.
10. Mi nimum TTL-Speci fyt hemi nimum amountof
ti
me,i n seconds,t haty ou wantobj ectst o st ay in
CloudFr ontcaches.Thedef aultv aluef or Mini
mum TTL i
s
0seconds.
11. For ward Cooki es -Speci fy whet her y ou want
CloudFr onttof orwardcooki est oy ouror iginser ver.
12. Quer yStringFor war dingandCachi ng-Cl oudFront
cancachedi fferentv ersionsofy ourcont entbasedont he
valuesofquer yst r
ingpar amet er s.
13. Smoot h St reami ng -Choose Yes i
fy ou wantt o
distr
ibutemedi af i
lesi nt heMi cr osoftSmoot hSt reaming
formatusi ngtheor iginthati sassoci atedwi t
ht hiscache
behav ior.Otherwise, choose No.
14. Rest ri
ctVi ewerAccess-I fy ouwantr equest sfor
object
s t hat match the
Pat
hPatter
n for t
his cache
behaviort
ousepublicURLs,
choose NoElseYes.
15. SSLCer t
if
icat
e– Specif
iestheopt i
ont o access
yourdomai nbyusingdefaul
tscloudfr
ontordomai nor
custom cl
oudfr
ontdomain.
PRACTI
CAL
1.Cr
eat
ingCl
oudFr
ont
cloudfr
ont -> creat
e di str
ibut
ion ->
web->selectori
gindomainname( bucketdnsname)
->v i
ewer protocolpoli
cy (HTTP & HTTPS) - >
all
owedHTTPmet hod(GET,HEAD)- >pri
ceclass
(useal
ledgelocati
on)->cr
eatedi
st r
ibuti
on.
Copy t
he domain name from dist
ri
but
ion and
r
eplacei
tinthef
il
e->waitt
il
lthecdngetsdepl
oyed
(
upto20mins)
2.Cr
eat
ingaCl
oudFr
ontwi
thBI
TNAMI
Usetheexist
ingWordPressinst
ancet
hatwehav
e
l
aunched-
>createpostpast
ethecdnur
l.
(not
e:Forcdnreplacet
hecdndomai
nnamewi
ths3
andhttpswit
hhttp)
3.Cr
eat
ingaCl
oudFr
ontwi
thFi
l
e
Uset
heexi
sti
ngf
il
eadd
<h1>Fr
om CDN</
h1>
<v
ideowi
dth="
320"hei
ght
="240"cont
rol
s>
<source src="
htt
p:/
/s3.
ap-sout
h-
1.
amazonaws.com/awscdncheck/vi
deopl
ayback.mp4"
ty
pe="vi
deo/mp4"
>
</
video>
(
not
e:t
over
if
yvi
deoi
spubl
i
c)
4.Cr
eat
epr
ivat
econt
ent
 Mainly used to securely ser

vet hi
s pri
vate
contentusingCloudFront
 usersaccessy ourpr ivatecontentbyusi ng
specialCloudFrontsi gned URLs orsigned
cookies.
 usersaccessy ourAmazonS3cont entusing
CloudFrontURLs,notAmazonS3URLs.
Cloudfront- > pr
ivate content->
origi
naccessi denti
ty(oai)->creat
eoai( CloudFr
ont
OAIt o object
sS3 bucket )->selecttheexi st
ing
distr
ibut
ion->got oor i
gin- >edit->restri
ctbucket
access ( y
es)- > origi
n access i denti
ty( use an
exist
ingone)- >y ourident i
ti
es(CloudFrontOAIt o
objects S3 bucket)- > grantread permission on
bucket (yes updat e bucket policy)->verif
yt he
bucketpolicyisupdat ebyselecti
ngthebucketcli
ck
onedi tbucketpolicythereyoucanseet heupdated
poli
cy- >selecttheobj ectinthebucket->r emove
“ever
yone”per mission tor estr
ictpubli
c access
from s3->sav e->checkt hefil
ewiths3linkwhich
won’tbeabl etoaccess.
Or
igi
naccessi
dent
it
y
 An or igi
n access i denti
ty is a special
CloudFrontusert haty ou can use t
o giv
e
CloudFrontaccesstoy ourAmazonS3bucket .
 Thisisusefulwheny ouar eusingsi
gnedURLs
orsignedcookiestor estri
ctaccesstopri
vat
e
contentinAmazonS3.
EFS
 AmazonEl
ast
icFi
l
eSy
stem (
AmazonEFS)pr
ovi
dessi
mpl
e,scal
abl
e
f
il
est
oragef
orusewi
thAmazonEC2.

 WithEFS,st
oragecapaci
tyi
selast
ic,gr
owingandshri
nking
automati
cal
lyasyouaddandremov efi
les,
soyourappl
icati
onshav
e
thestor
agetheyneed,whent
heyneedi t
.
 Mul
ti
pleAmazonEC2i
nst
ancescanaccessanEFSf
il
esy
stem att
he
sameti
me,pr
ovi
dingacommondatasourceforwor
kloadsand
appl
i
cat
ionsr
unni
ngonmorethanoneinst
anceorserver
.
 Wi
thAmazonEFS,
youpayonl
yfort
hest
orageusedbyy
ourf
il
e
sy
stem.
 Youdon'
tneedt
opr
ovi
sionst
oragei
nadv
anceandt
her
eisno
mi
nimum f
eeorset
upcost
.
 AmazonEFS
usest
hepr
otocol
V4andV4.
1toshar
ethef
il
esy
stem.
 AmazonEFSf
il
esy
stemsst
oredat
aandmet
adat
aacr
ossmul
ti
ple
Avai
l
abil
it
yZonesinaregi
onandcangr
owt opetabytescale,dr
ive
hi
ghlev
elsoft
hroughput
,andal
lowmassi
velyparal
l
el accessfr
om
AmazonEC2inst
ancestoyourdat
a.
(Note:AmazonEFS isaf i
l
est orageser v
iceforusewi thAmazonEC2.
AmazonEFSpr ovi
desaf i
lesy st
em interf
ace,fi
l
esy stem access
semant i
cs(suchasst rongconsi stencyandfil
elocking),
and
concurrentl
y-
accessibl
est oragef oruptothousandsofAmazonEC2
i
nstanceswher easAmazonS3 i
sanobj ectstor
ageser vi
ce.Amazon
S3makesdat aavail
ablethroughanI nt
ernetAPIthatcanbe
accessedany where.Wecanuseanyazf ormounting.Max128act i
ve
connectionatsamet ime)
Pr
act
ical
1.Cr
eat
ingandaccessi
ngEFS
Createasg( ef
s)->addnf sasi nboundrule->goto
efs->createafi
lesystem ->selectthedefaultvpc->
remov eall
sgandaddef sast hesg- >next-
>createfi
le
system -
>launchanr edhatinstanceunderefssg- >
l
ogin
$sudosu
#y
um updat
e-y&&y
um i
nst
all
-ynf
s-ut
il
s
#sy
stemct
lrest
artnf
s-ser
ver
#sy
stemct
lenabl
enf
s-ser
ver
#mkdi
r/ef
s
#mount-tnfs4<ipofef
s>:
/ / efs(
checkt
he
subnetofi
nstance,t
heninef
scheckthei
pof
corr
espondi
ngsubnet )
#df-
h
STORAGEGATEWAY
 AWSSt or
ageGat
ewayi saserv i
cethatconnectsanon-premises
sof
twareappl
i
ancewi t
hcloud-basedstoragetoprov
ideseaml ess
andsecur
eint
egrati
onbetweeny ouron-premi
sesITenv i
ronment
andtheAWSstorageinfr
astr
ucture.
 Theservi
ceenabl
esyoutosecur
elystor
edat
aint
heAWSCl
oud
forscal
abl
eandcost
-ef
fect
ivest
orage.
(Basi
cal
ly,
iti
sanappli
cat
ionthatweinst
all
onv Spher
eorHy
per
-
Vandassociatewi
thourawsaccount,t
histool
will
asynchr
onousl
ycopyyourdat
at os3)
 4t
ypesofSt
orageGat
eway
1.Fi
l
egat
eway
2.Vol
umegat
eway
3.Tapegat
eway
 Fi
l
egat
eway
a.Fil
esar
estor
edasobjecti
ns3bucketandal
lows
youtost
oreandr
etr
ieveobj
ect
sthroughnf
s.
b.Oncetheobjecti
str
ansferredtos3theycanbe
managedasnat i
ves3objectsowecanappl y
bucketpol
i
cessuchasv ersioni
ng,
li
fecycl
e
management
,cr
ossr
egi
onr
epl
i
cat
ioncanbe
appl
i
eddir
ect
ly.
(i
tismai
nlyusedtocopyyourfi
lest
os3,the
f
il
escanbevideos,
images,documentset
c.)
(
usesnf
sv3or4.
1)
 Vol
umegat
eway
a.Iti
sablockbasedst
oragewhichusesiscsibl
ock
prot
ocolmainl
yusedtostor
eos,appl
icati
ons,db
etc.
b.I
tact
sasav
irt
ual
har
ddi
ski
ncl
oud.
(Basi
cal
l
y,wearet
akingt
heharddi
skonpr
emise
andwebackthem upasavi
rt
ualhddi
ncl
oud)
c.Vol
umegat
ewayar
e2di
ff
erentt
ype
1.Storedvolume:wecanconf i
guretost
ore
theprimarydatalocal
lyandthen
asynchronousl
ybackuppoi nt-
in-
ti
me
snapshotsofthisdatatoAmazonS3.
2.Cachedv olume: westoreourdatainS3

andretainacopyoff requent
lyaccessed
datalocall
y.Cachedv ol
umesof f
era
substanti
al costsavi
ngsonprimary
stor
ageandmi ni
mizetheneedtoscale
yourstorageon- pr
emises.
 Tapegat
eway
a.Al
socal
l
edasv
irt
ual
tapel
i
brar
y(VTL)
.
b.I
toffer
sacost-
eff
ect
iveanddur
abl
ear
chi
ve
backupdat
ainAmazonGlaci
er.
c.Itpr
ovi
desavi
rt
ualt
apeinf
rast
ructur
ethat
scal
esseaml
essl
ywithy
ourbusinessneedsand
el
iminatestheoperati
onal
bur
denofprovi
si
oni
ng,
scali
ng,andmai nt
aini
ngaphy
sical
tape
i
nfrastr
ucture.
DI
RECTCONNECT
 AWSDir
ectConnectmakesiteasyt
oestabl
i
shadedi
cat
ed
net
wor
kconnecti
onfrom y
ourpremisest
oAWS.
 AWSDi r
ectConnectlinksy ouri
nternalnetworkt
oanAWSDi r
ect
Connectl
ocati
onov erast andard1-gigabi
tor10-gigabi
tEther
net
fi
ber
-opti
ccabl
ewhi chpr ovidespri
vateconnecti
v i
tybetween
AWSandy ourdatacenter,offi
ce,orcolocati
onenvironment.
 Oneendofthecablei
sconnect
edt
oyourr
out
er,
theot
hert
oan
AWSDirectConnectr
out
er.
Benef
it
s
 Reducecostwhenusi
ngl
argev
olumesoft
raf
fi
c
I
ncr
easer
eli
abi
l
ity
I
ncr
easebandwi
dtht
hroughput
VPNVSDI
RECTCONNECT
 Vpnconnect i
onscanbeconfiguredi
nmi nut
esandareagood
sol
utionifyouhaveanimmedi at
eneed,havelowtomodest
bandwidthrequi
rementsandcant ol
erat
etheinher
entv
ari
abi
li
ty
i
ninternet-
basedconnect
ivi
ty.
 Dir
ectconnectdoesnoti
nvol
vetheint
ernet
,inst
eadituses
dedi
cated,pr
ivat
enetwor
kconnecti
onsbetweeny ouri
ntr
anetand
amazonv pc.
SNOWBALL
 AWSSnowbal li
saser vicet hataccel eratest ransfer r
ingl ar ge
amount sofdat aint oandoutofAWSusi ngphy sicalst or age
appl iances,by passi ngt heI nternet .
 EachAWSSnowbal l appl iancet ypecant ranspor tdat aatf aster-t
han
i
nt ernetspeeds.Thi st ranspor tisdonebyshi ppingt hedat aint he
appl iancest hroughar egi onalcar ri
er.Theappl iancesar erugged
shippi ngcont ainers, compl etewi t
hEI nkshi ppi nglabel s.
 Wi thaSnowbal l,youcant r
ansf erhundr edsoft eraby tesorpet abytes
ofdat abetweeny ouron- premi sesdat acent ersandAmazonS3.
 AWSSnowbal lusesSnowbal lappl i
ancesandpr ovidespower ful
i
nt erfacest haty oucanuset ocr eatejobs, t
ransf erdat a,andt rackthe
stat usofy ourj obst hrought ocompl eti
on.
 EachSnowbal lispr otect edbyAWSKeyManagementSer vi
ce( AWS
KMS)andmadephy si
cal lyruggedt osecur eandpr otecty ourdata
whi letheSnowbal lisint ransit
.
I nt heUSr egions,Snowbal l
scomei ntwosi zes: 50TBand80TB.Al l
otherr egionshav e80TBSnowbal l
sonl y.
 Oncet hedat ai spr ocessedandv eri
fi
ed, awspr eformsasof tware
erasur eoft hesnowbal lappl i
ance.
(
prev
iousl
ythi
sser
vicewascal
l
edasi
mpor
t/expor
tser
vice)
Usecases
1.Cl
oudmi gr at
ion
2.Di
sasterrecov er
y(fr
om s3toonpr
emi
se)
3.Datacent
erdecommi ssi
ons
4.Contentdistr
ibuti
on
Snowbal
ledge
 AWSSnowball
Edgeisa100TBdat
atransf
erdev
icewi
thon-
boar
dst
orageandcomput
ecapabi
li
ti
es.
(
Note:snowbal
lhasonl
yst
oragenotcomputecapabi
l
iti
es,
whi
chactsasaawsdatacenteri
nbox.I
tisal
sopossibl
etorun
t
helambdafuncti
on)
 WecanuseSnowball
Edgetomovelargeamountsofdatai
nto
andoutofAWS,
asat empor
aryst
orageti
erforl
argel
ocal
dat
asets,
ort
osupportl
ocal
workl
oadsinremoteoroff
li
ne
l
ocati
ons.
 SnowballEdgeconnect stoy ourexi stingappl icati
onsand
i
nfrast
ructureusingst andardst oragei nt erf
aces, streaml i
ning
thedatatransferprocessandmi nimi zingset upandi ntegrati
on.
SnowballEdgecancl ustertogethert of orm alocal storaget i
er
andprocessy ourdataon- premi ses, hel pingensur ey our
appli
cati
onscont inuet orunev enwhent heyar enotabl eto
accessthecloud.
Snowmobi
l
e
 AWSSnowmobi l
ei sanExaby t
e-scal
edat atransferservi
ce
usedt omov eextremelylargeamount sofdat atoAWS.Youcan
transf
erupt o100PBperSnowmobi l
e,a45- footlong
ruggedizedshippingcontainer,pull
edbyasemi -trai
lertr
uck.
Snowmobi l
emakesi teasyt omov emassiv evolumesofdat ato
thecloud,incl
udingvideolibrari
es,imager epositori
es,orevena
compl etedatacentermigration.Transferr
ingdat awi t
h
Snowmobi l
eissecure,fastandcostef f
ective.
 Afteraninit
ialassessment ,aSnowmobi lewill
bet r
anspor t
edto
yourdatacent erandAWSper sonnelwillconfi
gureitfory ouso
i
tcanbeaccessedasanet workstoraget ar
get.Wheny our
Snowmobi leisonsi t
e, AWSper sonnelwillworkwithy ourteam
toconnectar emov able,hi
gh-speednetwor kswitchf r
om
Snowmobi letoy ourl
ocal networkandy oucanbegi ny ourhigh-
speeddat atransferf
rom anynumberofsour ceswi thinyour
datacent
ertotheSnowmobil
e.Aftery
ourdataisl
oaded,
Snowmobilei
sdr i
venbackt
oAWSwher eyourdat
aisimpor
ted
i
nto AmazonS3 or
AmazonGlaci
er.
 Snowmobi l
eusesmul t
iplelay ersofsecuritydesignedt o
protectyourdataincludingdedi cat
edsecur it
yper sonnel
,GPS
tracki
ng,alar
m moni tori
ng, 24/ 7v i
deosurv ei
ll
ance, andan
optionalescortsecuri
tyv ehiclewhi lei
ntransit.Al
l datai
s
encryptedwith256-bitencr yptionkey smanagedt hrough
the AWSKeyManagementSer vi
ce (KMS)anddesi gnedto
ensurebot hsecurit
yandf ul
l chain-of-
custodyofy ourdata.
SQS
I
ntr
oducedi
n2004bef
orest
art
ingaws.
 AmazonSi mpleQueueSer
vice(AmazonSQS)i sawebservi
ce
thatgi
vesyouaccesstoamessagequeuet hatcanbeusedto
storemessageswhil
ewait
ingforacomputertoprocessi
t.
 SQSoffer
sareli
abl
e,highl
y-
scalabl
ehostedqueuef
orstor
ing
messagesastheyt
ravelbetweenappl
icati
onsormi
croser
vices.
 SQSisadist
ri
butedqueuesystem t
hatenabl
eswebservi
ce
appl
i
cati
onstoquickl
yandreli
abl
equeuemessagesthatone
componenti
ntheappli
cati
ongeneratest
obeconsumedby
anot
hercomponent.
 Aqueueisatempor
aryr
eposi
tor
yformessagest
hatar
eawai
ti
ng
pr
ocessi
ng.
 Messagescancont
ain256KBoft
exti
nanyf
ormat
.
 SQSensuresdeli
veryofeachmessageatleastonce,
andsuppor
t
atl
eastonereaderandwriteri
nter
act
ingwit
hthesamequeue.
 Asinglequeuecanbeusedsimult
aneousl
ybymanydistri
but
ed
appl
icati
oncomponent
,withnoneedforthosecomponentst
o
coordi
natewit
heachothertoshar
ethequeue.
 AmazonSQSsuppor tsboth st
andar
d and
FIFOqueues.(A
standar
dqueueall
owsy out ohaveanearl
yunli
mitednumberof
tr
ansacti
onspersecond.Standar
dqueuessuppor tat
-l
east-
once
messagedeli
very)
,Henceitprovi
desaneventualconsist
ency.
(wit
houtwri
ti
ngitIsnotpossibl
etoaccessthecontent).
Wor
king
1.Asy
nchr
onousl
ypul
l
sthet
askmessagesf
rom t
hequeue.
2.Ret
ri
evest
henamedf
il
e.
3.Pr
ocesst
heconv
ersat
ion.
4.Wr
it
est
hei
magebackt
os3.
5.Wr
it
esa“
taskcompl
ete”messaget
oanot
herqueue.
6.Del
etest
heor
igi
nal
taskmessage.
7.Checksf
ormor
emessagesi
nthewor
kqueue.
SQSREQUEST
 Fr or1stonemi
eef l
li
onr
equest
s/mont
h.
 $0.
50peronemi
l
li
ont
her
eaf
ter
.
DATATRANSFER
 Fr
eet
ransf or1st1GB/
eroutf mont
h.
 $0.
12perGB/
mont
h.
SNS
 AmazonSi mpleNot
if
icat
ionSer
vice(
AmazonSNS) i
sawebservi
ce
thatcoor
dinat
esandmanagesthedeli
ver
yorsendi
ngofmessages
tosubscri
beendpoi
ntsorcli
ent
s.
 SNSf ol
l
owpushmechani
sm t
odeli
vert
henoti
fi
cat
iont
othecli
ent
,it
el
iminat
est
heneedofper
iodi
cal
l
ycheckorpol
lnewinf
ormat
ionand
update.
 SNScanpushnot
if
icat
ionst
omobi
l
edev
ices,
emai
l
,oranyht
tp
endpoi
nt.
 Topr
eventthemessagesfrom bei
ngl
ostall
messagespubl
i
shedt
o
SNSarest
oredredundant
lyacr
ossmulti
pleAZ.
 SNSallowsyoutogroupmul
ti
plereci
pient
susingt
opi
cs.Atopi
cis
an“accesspoi
nt”f
orall
owi
ngreci
pientstody
namical
l
ysubscri
befor
i
denti
calcopi
esofthesamenoti
fi
cation.
 Onet
opi
ccansuppor
tdel
i
ver
iest
omul
ti
pleendpoi
nts.
Benef
it
s
1.I
nst
ant
aneous,
pushbaseddel
i
ver
y
2.Si
mpl
eapi
andeasyi
ntegr
ati
onwi
thappl
i
cat
ions.
3.f
lexi
blemessagedel
i
ver
yov
ermul
ti
plet
ranspor
tpr
otocol
.
4.I
nexpensi
ve,
pay
-as-
you-
gomodel
wit
hnoup-
fr
ontcost
s.
 $0.
50per1mi
l
li
onSNSr
equest
.
Pr
act
ical
1.Cr
eat
ingabucket
Got
os3-
>cr
eat
eabucket(
awst
est
event
)
2.Cr
eat
ingandat
tachi
ngasubscr
ipt
ion
Gotosns->topic->createtopic->topicname( event)->
othertopicacti
on->edittopicpoli
cy->adv ancedv iew->
copyandpast ethepoli
cyf rom google(enabli
ngev ent
notif
icati
ons,makethechangessuchasr egi
on, accno, topi
c
name, bucketname)->updat epoli
cy->create
subscript
ion->prot
ocol (
emai l
)->endpoint(entert hemai li
d)
->createsubscri
pti
on.
3.At
tachi
ngt
heev
entt
oBucket
Gotobucket-
>event
s->name(ev
ent
)->ev
ent
s(any
)->
snstopi
c(sel
ectt
heexi
sti
ng)
(
not
e:Bucketandt
opi
cshoul
dbei
nsamer
egi
on)
SES
 AmazonSimpl
eEmai l
Servi
ce( AmazonSES)isanemai
lplat
for
mthat
pr
ovi
desaneasy,cost
-ef
fecti
vewayf oryout
osendandrecei
ve
emai
lusi
ngyourownemai laddressesanddomai
ns.
 Wi
thSES,
yourawsappl
i
cat
ioncansentasmanymai
lasy
ouneedt
o.
 SESisint
egr
atedwi
thawsconsol
esot
hatwecanmoni
tort
hat
sendi
ngacti
vi
ty.
 WecanuseAmazonSESt orecei
vemail
,youcandev el
opsoftware
sol
uti
onssuchasemai lautor
esponder
s,emailunsubscr
ibesyst
ems,
andappl
icat
ionsthatgenerat
ecustomersupportt
icket
sfrom
i
ncomingemai l
s.
(not
e:BOUNCE- >emai l
sendermakesar equesttoSEStosenda
mailtoareci
pienti
ftherequestisvali
ditforwardthemailt
oint
ernet
andtoreci
pient’
sISPifthereci
pientdoesnotexistISPsendsa
bouncenot
if
icat
iont
oaws.
COMPLAINTS- >Thereci
pientswhodon’twantt
orecei
vethe
messageregi
steracomplainttowit
hISP,I
SPforwar
dsthecompl
aint
toawswhichisfor
wardedt osender
)
SWF
 TheAmazonSimpleWorkf
lowServ
ice(AmazonSWF)makesi
teasy
tobui
l
dappli
cat
ionst
hatuseAmazon'scl
oudtocoor
dinat
ewor
k
acr
ossdi
str
ibut
edcomponents.
 SWFenabl est heappl

icat
ionforarangeofusecases,
incl
uding
medi aprocessingwebapplicat
ionbackends,
busi
nessprocess
wor kf
lows,andanalyt
icspipeli
ne,t
obedesignedasacoordinat
eof
tasks.
 Tasksrepresentsi
nvocati
onsofvar
iouspr
ocessi
ngstepsi
nan
appli
cati
onwhi chcanbeperfor
medbyexecutabl
ecode,webser
vice,
cal
ls,humanact i
ons,andscr
ipt
s.
 SWFpresent
sat
askor
ient
edAPI
,wher
easSQSof
fer
samessage-
or
ient
edAPI.
 SWFensur
est
het
aski
sdoneonl
yonceandi
snev
erdupl
i
cat
ed.
 SWFkeepst r
ackofal
l t
hetasksandeventsinanappli
cati
on.Wit
h
SQSy ouneedtoi
mplementy ourownappli
cati
on-l
evel
tracki
ng,
especial
l
yify
ourappl
icati
onusesmulti
plequeues.
VPC
 AmazonVirt
ualPr
ivat
eCloud(
AmazonVPC)enablesyoutol
aunch
AmazonWebSer v
ices(AWS)r
esour
cesi
ntoavi
rtualnet
workthat
you'
vedef
ined.

 VPCi
sav
irt
ual
net
wor
kdedi
cat
edt
oyourAWSaccount
.Iti
slogi
cal
l
y
i
sol
atedf
rom ot
herv
irt
ual
net
wor
ksi
ntheAWScl
oud
 ByVPC, wecanhav ecompl

etecont
roloveryourvi
rt
ualnet
worki
ng
envir
onment,i
ncludi
ngsel
ect
ionofyourownI Paddressr
ange,
creat
ionofsubnets,
andconf
igur
ati
onofr out
etabl
esandnetwork
gateway.
 Toprot
ecttheAWSr esourcesi
neachsubnet
,youcanusemult
ipl
e
l
ayer
sofsecuri
ty,
includi
ngsecuri
tygr
oupsandnetwor
kaccess
cont
rol
li
sts(ACL)
.
2t
ypesofVPC
1.Def
aul
tVPC
2.Cust
om VPC(
nondef
aul
tVPC)
Def
aul
tVPC
1.Def
aul
tVPCisuserf
ri
endl
y,al
l
owi
ngy
out
oimmedi
atel
ydepl
oy
i
nst
ances.
2.I
fyouhaveadefaul
tVPCanddon'tspeci
fyasubnetwhenyou
l
aunchaninst
ance,
thei
nst
anceislaunchedi
ntoyourdef
aultVPC.
3.Al
lsubnet
sindef
aul
tVPChav
eani
nter
netgat
ewayat
tached.
4.EachEC2i
nst
anceunderVPChav
epr
ivat
eandpubl
i
cIPaddr
ess.
5.I
fyoudel
etet
hedef
aul
tVPConl
ywayt
ogeti
tbacki
stocont
act
AWS.
Cust
om VPC
 VPCwhichiscreat
edbytheuseraccor
dingt
othecust
om
conf
igur
ati
oniscall
edcust
om VPC.
 Subnet
sthatyoucreatei
nyournondefaul
tVPCandaddi
ti
onal
subnet
sthatyoucreatei
nyourdef
aultVPCare
cal
l nondef
ed aultsubnet
s.
Subnet
 A subnet
isarangeofI Paddressesiny ourVPC.Youcan
l
aunchAWSr esourcesintoasubnett hatyouselect
.Wecan
useapubl i
csubnetf orresour
cesthatmustbeconnect edto
theInter
net,
andapr ivatesubnetforresourcest
hatwon'tbe
connectedtotheInternet.
Rout
etabl
e
 A r
out
etabl
e cont
ainsasetofrul
es,cal
l r
ed out
es,
thatar
eused
todet
ermi
newherenetworktraff
ici
sdir
ect
ed.
 Eachsubneti
nourVPCmustbeassoci
atedwit
har
out
etabl
e,
thet
ablecont
rol
sther
out
ingf
orthesubnet.
 Asubnetcanonl
ybeassoci
atedwithonerout
etabl
eatati
me,
butwecanassoci
atemul
ti
plesubnetswit
hthesamerout
e
tabl
e.
I
nter
netgat
eway
 AnInter
netgat ewayisahori
zont
all
yscaled,
redundant,and
hi
ghlyavail
ableVPCcomponentt hatal
l
owscommuni cation
bet
weeni nstancesinyourVPCandtheInter
net.

 Ani
nter
netgat
ewaypr
ovi
desar
out
eoutt
othei
nter
net
.
 AnInter
netgatewayser v
est wopurposes:t
oprovideat ar
getin
yourVPCr out
etablesforInter
net-
rout
abletr
aff
ic,andto
perf
orm networkaddresstransl
ati
on(NAT)forinstancesthat
havebeenassignedpublicIPv4addresses.
 ForaVPCy
oucanhav
e1i
nter
netgat
eway
.
NAT
 NetworkAddressTranslat
ion(
NAT)gatewayisusedt oenabl
e
i
nstancesinaprivat
esubnettoconnecttot
heInternetorot
her
AWSser vi
ces,butprev
enttheInt
ernetf
rom i
nit
iat
inga
connecti
onwiththoseinst
ances.
NETWORKACL
 A net
workaccesscont
roll
ist(ACL)
i
sanopti
onallay
erof
securi
tyf
oryourVPCthatactsasafir
ewal
lforcontr
oll
i
ng
tr
affi
cinandoutofoneormor esubnet
s.
 VPCautomaticall
ycomeswi thamodifi
abl
edefaultnet
work
ACL.Bydefault
, i
tal
lowsal
linboundandoutboundIPv4tr
aff
ic
and,i
fappl
i
cabl e,I
Pv6tr
aff
ic.
 Wecancreateacust om net
workACLandassoci
at ei
twit
ha
subnet
.Bydefault
,eachcustom networ
kACLdeniesal
l
i
nboundandout boundtr
affi
cuntily
ouaddrul
es.
 Wecanassoci
ateanet
workACLwi t
hmult
ipl
esubnet
s;
howev
er,
asubnetcanbeassoci
atedwi
thonl
yonenetwor
k
ACLatati
me.
 Anet workACLcont ainsanumber edli

stofrulest
hatwe
evaluateinorder,starti
ngwiththelowestnumberedrul
e,t
o
determinewhet hertraffi
cisall
owedinoroutofanysubnet
associatedwiththenet workACL.Thehi ghestnumbert
hatyou
canusef orarul
ei s32766
VPCpeer
ing
 A VPCpeer
ing
connecti
onisanetworki
ngconnect
ionbetween
twoVPCsthatenablesyoutorout
etraf
fi
cbetweenthem usi
ng
pri
vat
eIPv4addressesorIPv
6addresses
Instancesineit
her
VPCcancommuni cat
ewit
heachotherasi f
theyarewit
hinthesamenet wor
k.
 WecanpeerVPCwi thot
herAWSaccountaswell
aswithot her
VPCi nthesameaccount,butVPCsmustbei
nthesamer egion.
VPN
 Wecanconnecty
ourVPCt
oremot
enet
wor
ksbyusi
ngaVPN
connect
ion.
 Her
eweuseAWShar
dwar
eVPN.
Egr
essonl
yint
ernetgat
eway
 Anegress-
onlyI
nternetgatewayisaVPCcomponentt hat
all
owsoutboundcommuni cat
ionov erI
Pv6fr
om inst
ancesin
yourVPCtotheInternet
,andpr eventst
heInt
ernetfr
om
i
niti
ati
nganIPv6connectionwi t
hy ouri
nst
ances.
DHCPOpt
ionsSet
 TheDynamicHostConfi
gurat
ionPr
otocol
(DHCP)pr
ovi
desa
st
andardf
orpassingconf
igur
ati
oni
nformati
ont
ohostsona
TCP/I
Pnetwork.
VPCendpoi
nt
 AVPCendpoi ntenablesyoutocr
eat
eaprivat
econnecti
on
betweenyourVPCandanot herAWSser
vicewithoutr
equi
ri
ng
accessov
ertheI nt
ernet.
 Anendpointenablesinst
ancesinyourVPCtouset heirpri
vate
I
Paddressestocommuni catewit
hresour
cesinot herser v
ices.
Youri
nstancesdonotr equir
epubli
cIPv4addresses, andy ou
donotneedanI nter
netgateway,aNATdev i
ce,orav i
rtual
pri
vat
egatewayi nyourVPC.
 Weuseendpointpol
i
ciest
ocont
rol
accesst
oresour
cesi
n
ot
herser
vices.
 Traf
fi
cbetweenyourVPCandt
heAWSser
vicedoesnotl
eav
e
theAmazonnetwork.
(
not
e:onl
ys3i
ssuppor
tedasofnow)
VPCRest
ri
cti
ons
1.5el
ast
icI
PperVPC.
2.5i
nter
netgat
eway
sperr
egi
on.
3.5VPCperr
egi
on(
canbei
ncr
easeduponr
equest
).
4.5NATperr
egi
on.
5.5v
irt
ual
pri
vat
egat
eway
sperr
egi
on.
6.50VPNconnect
ionperr
egi
on.
7.50r
ulespersg.
8.50cust
omergat
eway
sperr
egi
on.(
Thecust
omergat
ewayi
sthe
appl
i
anceaty
ourendoft
heVPNconnect
ion)
9.100secur
it
ygr
oupperVPC.
10. 200net
wor
kACLperr
egi
on.
11. 200Rout
etabl
eperr
egi
on.
PRACTI
CAL
1.Cr
eat
eVPC
Forcr
eat
ingVPCwehav
e4conf
igur
ati
ons
1.VPCwi thaSinglePubli
cSubnet:
Theconf igur
ati
onfor
thi
sscenarioincl
udesav i
rt
ualpr
ivat
ecloud( VPC)wit
h
asinglepubli
csubnet,andanInt
ernetgatewayto
enablecommuni cat
ionovertheI
nternet
.
2.VPCwi thPubl
icandPrivateSubnets:The
confi
gurati
onforthi
sscenarioi
ncludesav i
rt
ualpri
vat
e
cloud(VPC)withapubli
csubnetandapr i
vate
subnet.
(
note:Acommonexampl eisamul ti
-t
ier
websit
e, wi
ththewebser v
ersinapubl i
csubnetand
thedatabaseserv
ersinapr i
vat
esubnet )
3.VPCwi t
hPubli
candPriv
ateSubnetsandHar dware
VPNAccess:Theconfi
gurat
ionfort
hisscenari
o
i
ncludesavi
rt
ualpr
ivat
ecloud(VPC)withapublic
subnetandapri
vat
esubnet,andavir
tualpr
ivate
gatewaytoenablecommuni cat
ionwithyourown
networkoveranIPsecVPNt unnel
.(note:
Thi sscenar
io
enablesyoutorunamul t
i-
ti
eredappli
cati
onwi tha
scalabl
ewebf r
ontendinapubl i
csubnet,andt ohouse
yourdatainapriv
atesubnetthati
sconnect edtoyour
networkbyanIPsecVPNconnect ion)
.
(note:IPSec i
sanI nt
ernetEngineeri
ngTaskFor ce
(I
ETF)st andardsuiteofprotocolsthatprovi
desdata
authent i
cat
ion,i
ntegri
ty,andconfidenti
ali
tyasdatai
s
transferr
edbetweencommuni cat
ionpointsacr
ossIP
networ ks.
I
PSec provi
desdat asecurit
yattheIPpacket
l
ev el)
.
4.VPCwi thaPr i
vateSubnetOnl yandHar dwareVPN
Access:Theconf i
gurati
onf orthisscenari
oincl
udesa
vi
rt
ual pr
ivat
ecloud( VPC)wi thasi ngl
epri
vatesubnet,
andav ir
tualpri
vategatewayt oenabl ecommunicati
on
wit
hy ourownnet workov eranI PsecVPNt unnel
.
(not
e:wear
egoi
ngt
ocr
eat
ethesubnetf
rom v
ery
basi
cs)
Sel
ecty ourVPC- >createVPC- >giveanyname- >
CIDR( ClasslessInter-
Domai nRoutingblockisasetof
Inter
netpr otocol(IP)standardst
hati susedtocreate
uniqueident i
fier
sf or
networks
andi ndi
vi
dualdev i
ces)
(ingeneral casewehav e254hosti nan/ wbutInAWS
i
ti s251, 0=uni cast,1=gat eway,2=dns, 3=unknown
and255=br oadcast)->10.0.0.
0/16- >defaul
ttenancy
->create.
2.Cr
eat
esubnet
Got
othesubnetpar
t->cr
eat
esubnet-
>addt
ag(
1a-
public)-
>selectthecust
om VPC- >AZ(1a)->IPV4CIDR
(10.0.1.
0/24)-
>cr eat
esubnet->addtag(1b-
publi
c)->
selectcustom vpc->AZ(1b)->IPV4CIDR(10.0.
2.0/
24)
3.Spi
nni
nganEC2i
nst
ance
(not
e:Nowthesubnett
hatwehavecreatedisapr
ivat
e
subnetsowewon’tbeabl
etoaccessint
ernet)
Creat
eaninst
ance->attachcreatedVPC->selectsubnet
(1b)-
>Autoassi
gnpublicip(evenifyouassi
gnwewon’ t
beablet
oaccess)->defaul
t->addstorage->addtag->
addsg(ssh)-
>launch.
4.Cr
eat
ingar
out
etabl
e
(note:
whenwecr eateaVPCar outetablewil
lbecreated
automati
call
y,byusingtheexi
stingroutetabl
eitwon’tbe
abletoaccessint
ernet)
Sel
ecttheexi
sti
ngroutetabl
e->namei tas
pri
vate->gotosubnet->sel
ect(1b-
pri
vate)-
>got or
out
e
tabl
eoption->edi
t->changetocustom r
oute
tabl
e(pri
vat
e)->save
Createroutet
abl
e->namet ag(publ
i
c)->VPC
(sel
ectcustom VPC)->gotosubnet->selectt
hecustom
subnet(1a-publi
c)-
>gotoroutet
ableoption->edi
t->
changet ocustom r
out
etable(
publi
c)->save
(
not
e:byusi
ngr
out
etabl
ewecanmanagei
nter
nal
traf
fi
c)
5.I
nter
netGat
eway
(not
e:Ev
enifwecreat
eanint
ernetgatewayi
tdoesn’
t
gi
veyouanaccesstoi
nter
net
,ei
theryouneedto
el
ast
icl
oadbal
ancerorel
ast
ici
p)
Createi
nternetgateway->namet ag(nir
mal )-
>att
ach
toVPC- >selecttheVPC- >gotor outetabl
e(publ
ic)-
>
selectr
outes->edit->sel
ecttarget->selectt
he
gateway->destinati
on0.0.0.
0/0->sav e
6.El
ast
icI
P
Cr
eat
eanel
ast
ici
p
7.Spi
nanewi
nst
ance
Creat
eanewi nst
ance->sel
ectthecust
om VPC-
>sel
ect
theavai
l
abi
l
ityzone(1a)-
>launch
8.Associ
ateel
ast
ici
p
Gotoel
ast
ici
p- >associ
ate-
>sel
ectt
hei
nst
ancei
n
publ
i
csubnet
(1a).
9.Connectt
othei
nst
ance
Logi
ntoi
nst
ance
(
not
e:her
ewhenwecheckt
hei
piti
sthepr
ivat
einst
ance)
10. Logi
ntopr
ivat
einst
ance
Usingwi
nscpcopyt
hepubl
ickeyt
opubl
i
cinst
ance-
>
fr
om publ
ici
nst
anceuse-
>
#chmod600<pem f
il
e>
#sshec2-
user
@<pr
ivat
eip>-
I<pem f
il
e>
(
not
e:i
->i
dent
it
yfi
l
e)
11. Tr
ytoi
nst
all
apackage
Tr
yt oinst
all
apackagef
rom t
hei
nst
ancet
over
if
yiti
s
i
nstall
i
ngornot.
(not
e:herepackagewon’tbeinstall
ed,nowwearegoing
touse,byusingNATitispossibletoaccessnet
workfrom
pri
vateinst
ancebutnotpossibletoaccessthei
nst
ance
publi
cly
).
12. Cr
eat
ingNATgat
eway
Cr
eateNAT- >selectt
hepubli
csubnet(1a-publ
ic)-
>
creat
enewel asti
cip->createNATgateway->got o
subnet->selectpubl
icsubnet-
>gotor out
etable->
edit-
>target->givenati
d->desti
nat
ion->0.0.0.
0/0
13. Logi
ntoi
nst
ance
Nowlogintothei
nstancei
npr
ivat
esubnet-
>tr
ytoi
nst
all
anypackageortr
ytopingt
ogoogle.
(
Not
e:i
tshoul
dwor
k)
(Note:publi
csubnet-
>publi
crout
etable->i
gw, pr
ivat
e
subnet->privat
erout
etabl
e->nat
,wear ecreat
ingNATin
publi
cinstanceandatt
achi
ngtopri
vateinst
ance).
14. VPCPeer
ing
Got
opeer
ingconnect
ion-
>cr
eat
epeer
ingconnect
ion-
>
peeringconnect i
onname( Checking)- >VPCREQ.
(custom v pc)->VPCACCEP.( defaultv pc)->creat
epeer
connect i
on- >gotopeer i
ngconnect ionmenu- >accept
thenewr equest->got oroutet
ableofcust om vpc(publ
ic)
->addt hei pv4cidrandtarget(172.31.0.0/16pcx-
3e6a9757connect ionname)ofdef aultv pc->gotorout
e
tableofdef aultv
pc- >addt heipv4ci drandt ar
get
(10.0.0.
0/16connect ionname)ofcust om v pc->save
Nowl aunchani nst

anceindef aul
tVPCandt rytoconnect
tocustom vpcwebser veri
nstance(inthi
sexampl e)usi
ng
pri
vateip,i
twillbepossibl
e,t
hent rytoconnecttoDBS( i
n
thi
sexampl e)itwon’tbepossibletoconnect
,becausewe
haveaddedt heentryonlyi
npubl icrout
etabl
enoti n
pri
vateroutetable.
15. Net
wor
kACLs

(not
e:Net
workACLispr
imar
yform ofsecur
it
y.I
tdoes
thesameact
ivi
tyofSG,
butmult
ipl
eSGcanbeunder
ACL)
Selectt
hecustom acl-
>checkthesubnetswhich
areassociated(
hereitis2,bydefaul
twhatever
changeswedowi ll
beaf f
ectedonboth)-
>inbound->
edit->addanotherrul
e->95- >ty
peSSH- >source
(gi
v etheipyouwanttoallow)->all
ow->save
(
not
e:Denywi
l
lov
err
ideal
l
ow)
16. Endpoi
nt
a.Cr
eat
eanI
AM userwi
thS3f
ull
access
b.Launchanamazoni
nst
ancei
ncust
om v
pcandpr
ivat
e
subnet
c.Logi
nandi
ntegr
atet
heuserbyper
for
ming
#awsconf
igur
e(speci
fyt
hel
ocat
ionasap-
sout
h-1)
d.#awss3l
s(nowwewi
l
lbeabl
etosees3bucket
)
e.Got
opr
ivat
erout
etabl
eandr
emov
enat
.
f
.Check#awss3l
s(wewon’
tbeabl
etoaccess)
g.Cl
i
ckonendpoi
ntandassoci
atet
opr
ivat
erout
etabl
e
h.Gobackt
oinst
anceandper
for
m #awss3l
s(nowwe
wi
ll
beablet
osees3bucket
)
RDS
 A dat
abase
i
sacol l
ecti
onofinf
ormati
onthatisorgani
zedsot
hati
t
canbeeasil
yaccessed,managedandupdated.
 Ther
ear
edi
ff
erentki
ndsofdat
abase
1.Rel
ati
onal
DB
 A r
elat
ionaldatabase i
sacol l
ectionofdat ai
temsorganized
asasetoff ormall
y-descri
bedt ablesfrom whichdat
acanbe
accessedorreassembl edinmanydi ff
erentwayswithout
havi
ngt oreor
ganizethedat abase tabl
es.
 Amazonhav easerv
icecall
edRDS(
rel
ati
onaldat
abase
ser
vice)i
ncl
udi
ng6di f
fer
entdbMySQL,Mari
aDB,Micr
osof
t
SQL,Postgr
es,or
acl
e,Aurora
2.Non-
rel
ati
onal
DB
 Anon- r
elat
ionaldat
abaseisanydatabasethatdoesnot
fol
l
owt herelati
onalmodelprov
idedbytradit
ional
rel
ati
onal
databasemanagementsy stems.
 Dy
namoDBi
sanexampl
e
3.Dat
awar
ehousi
ngDB
 A datawarehouse
exist
sasal ayeront
opof
another
database
or
databases.
 RedShi
fti
sanexampl
e.
El
ast
iCache
 El
ast
iCachei
sawebser
vicet
hatmakesi
teasyt
osetup,
manage,
andscal
eadi
str
ibut
edi
n-memor
ycacheenv
ironmenti
nthecl
oud.
 Theser
vicei
mpr
ovest
heper
for
manceofwebappl
i
cat
ionsby
al
lowingyoutor
etr
ieveinf
ormati
onfr
om f
ast,managed,
In-
memor
y
caches,i
nst
eadofrel
yingent
ir
elyondi
skbasedDB.
 El
ast
iCachesuppor
tst
woopen-
sour
cei
n-memor
ycachi
ngengi
nes
1.Redi
s -af
ast
,opensour
ce,
in-
memor
ydat
ast
oreandcache.
2.Memcached-awi
del
yadopt
edmemor
yobj
ectcachi
ngsy
stem.
AmazonRDSDBI
nst
ance
DBi
 A nst
ance
i
sani
sol
ateddat
abaseenv
ironmentr
unni
ngi
nthe
cl
oud.

 ADBi
nst
ancecancont
ainmul
ti
pleuser
-cr
eat
eddat
abases.
 Wecanhav
eupt
o40AmazonRDSDBi
nst
ances.
 Product
ionenvi
ronmentmainl
yusesmultiAZdepl
oyment
,itpr
ovi
des
enhancedavai
l
abili
tyanddat
adurabi
l
ityf
orinst
ance.
 RDSaut
omati
cal
lyprov
isi
onandmai
ntai
nasy
nchr
onous“
standby
”
repl
i
cai
ndi
ff
erentAZ.
 RDSaut omat i
cal
lyfail
sovertotheup-to-
datestandbydatabase
ensur
ingt hatdatabaseoperat
ionsresumequi ckl
ywithout
administr
atorint
erventi
on,i
ntheeventofpl anneddat
abase
maintenanceorunpl annedservi
cedisr
uption.
ReadRepl
i
ca
Itmakesi
teasyforscal
ingi
tbeyondthecapaci
tyconstr
aint
sofa
singl
eDBinst
anceforread-
heav
ydatabaseworkloads.
 Theycanbeusedf
orser
vingr
eadt
raf
fi
cwhent
hepr
imar
ydat
abase
i
sunavail
abl
e
DBSnapshotandAut
omat
edBackup
 RDSpr
ovi
des2way
sofbacki
ngandr
est
ori
ngy
ouri
nst
ance
1.Snapshot
s
2.Aut
omat
edBackup
 Snapshotsar
eusert
ri
gger
ed(
canbeaut
omat
edv
iascr
iptor
appl
icat
ion)
 Aut
omatedbackupar
eaut
omat
icandgi
vet
heabi
l
ityt
orest
orepoi
nt-
i
n-t
ime.
 Bot
har
ebi
l
labl
eint
ermsofst
orage.
RDSI
nst
ancesTy
pe
 RDSDBi
nst
ancescomei
n2t
ype
1.Reser
vedDBi
nst
ance
2.On-
Demandi
nst
ance
 2i
nst
ancet
ypear
esameexceptbi
l
li
ng.
 On-
demandi
shour
lybasi
s.
 Reser
vedr
equi
rel
owup-
fr
ont
,one-
ti
mef
eeandi
ntur
n
prov
idesasigni
fi
cantdi
scountont
hehour
lyusagechar
ge
fort
heinst
ance.
RDSv
sDBonEC2(
checksl
i
de)
Pr
act
ical
1.Launchi
ngani
nst
ance
Wecanl
auncht
heDBusi
ngEC2ORRDS
1.EC2
Got
oec2-
>launchi
nst
ance-
>rhel
->l
aunch-
>
l
ogi
n
#y
um i
nst
all
-ymar
iadb*
#y
um updat
e-y
#sy
stemct
lrest
artmar
iadb
#sy
stemct
lenabl
emar
iadb
2.RDS
Cr eat easecur it
ygr oup- >SGname
(RDSSecur i
ty)- >Descr i
pt i
on( RDSSecur i
ty)->VPC
(defaul t)->addr ule->my sql/ auror a(3306)- >add
sour ce( copyt heSGi dofec2i nstanceandpast eit
tosour ce, becausewear egoi ngt oal l
owonl ythe
connect ionf rom ec2)- >Got oRDS- >select
Mar iaDB- >dev /test->DBi nst ancecl ass( t2.micro)
->mul ti-
AZdepl oyment( no)- >st oraget ype( ssd)->
all
ocat edst or age( 5G,max6TB)- >DBi nstance
i
dent ifier( nirmal ,gi
veauni quenamet oident if
yDB)
->mast eruser name( nirmal )- >mast erpasswor d
(pragat hi ,giveany8char act er)->conf i
rm passwor d
->VPC( def ault)- >subnet( def ault)->publicly
accessi ble( no, ifsettoy est heRDSwi l
lhav ea
publici psoany onecanaccessf rom outside- >VPC
SG( RDSSecur i
ty ,onethaty oucr eated)->DBName
(Mar iaDB)- >backupr et entionper iod(7day s,max
35day s, maxi mum no. ofday st hesnapshotshoul d
ber etai ned)- >Backupwi ndow( def aul
t,speci f
ying
atwott imet hebackupshoul dbedone)- >Aut o
minorv ersionupgr ade( yes)- >LaunchDBi nstance.
3.
Logi
ntoEC2andconnectt
oRDS
Checkmar
iadbi
swor
kingf
ineornot
->
#my
sql
-ur
oot-
p
I
fwor
king
#mysql
-h(
endpoi
nt,
wit
houtpor
tno)-
P3306-
u
(
user
name)-p
(
checkwhet
herconnect
ioni
shappeni
ngt
o
RDSornot
,thenshowsomebasi
cMar
iaDBcmd)
4.
Rest
ori
ngDB
i
fwerest
orei
tsgoi
ngt
orecr
eat
eanewi
nst
ance
wi
thanewendpoi
nt.
Selectact
ion->gotopointi
nti
me->use
l
atestrestorabl
eti
me( l
atest
)orcust
om r
est
ore
t
ime- >launch.
AmazonAur
ora
 AmazonAur
orai
saf
ull
ymanaged,
MySQL-
compat
ibl
e,
rel
ati
onaldatabaseengi
nethatcombi nesthespeedand
rel
i
abil
it
yofhi gh-
endcommer ci
aldatabaseswiththesi
mpl
i
cit
y
andcost-
effecti
venessofopen-
sourcedatabases
 AmazonAur
orapr
ovi
des5t
imesbet
terper
for
mancet
han
MySQL,atapr
icepoi
ntonetent
hofacommer ci
alDBwhi
l
e
del
i
veri
ngsimi
larper
for
manceandavai
labi
l
ity
.
 AmazonAur
oradef
aul
tsi
zei
s10GBmaxi
tcanscal
eupt
o
64TB.
 Comput
eresour
cecanscal
eupt
o32v
CPUsand244GBof
memor
y.
Dy
namoDB
 AmazonDynamoDBi saful
lymanaged NoSQL
dat
abase
ser
vicethatpr
ovi
desfastandpredi
ctabl
e
per
for
mancewi t
hseamlessscal
abil
it
y.
 WecanuseAmazonDy namoDBt
ocreateadat
abaset
ablethat
canstoreandretr
iev
eanyamountofdata,
andser
veanylevel
ofrequestt
raf
fic.

 AmazonDy namoDBautomat i
call
yspreadsthedataandtr
affi
c
forthetableoverasuf
fi
cientnumberofserverstohandl
ethe
requestcapaci
tyspeci
fi
edbyt hecustomerandt heamountof
datastored,whil
emaint
ainingconsi
stentandfastper
for
mance.
I
tsfl
exi
bledat
amodelandr
eli
abl
eper
for
mancemakeitagreat
f
itf
orthemobil
e,web,
gami
ngandmanyotherappl
i
cat
ions.
I
tal
way
sst
oresonSSDst
oraget
her
eisnomagnet
icst
orage.
 Spr
eadsdat
atomul
ti
pleAZ.
PRACTI
CAL
1.Cr
eat
etabl
e
GotoDy namoDB- >createtabl

e- >tabl
ename( Music)-
>
pri
mar ykey(Arti
st)-
>addsor tkey(Songt i
tle)-
>selectthe
tablename- >gotoit
em ->createit
em - >addarti
ststri
ng
(Eminem)- >songtit
le(notafr
aid)->addnewi t
emsby
cli
ckingon+sy mbol -
>append- >string(Album ti
tl
e)->
stri
ng(recover
y)->addnewi tem ->year(2010)->sav e
(si
mi l
arl
ycreate2mor e).
(
not
e:st
ri
ng
i
sanyf
ini
tesequenceofchar
act
ers)
2.Edi
ttabl
e
Got
oit
em -
>act
ion-
>edi
t->gi
vet
heappr
opr
iat
eval
ue
3.Quer
ythedat
a
Selectt
hetabl
e->it
em -
>clickthedropdownlabel
ed
scan->onthedropdownchanget hescantoquery-
>in
art
istent
erthenameofart
ist->andscan.
Redshi
ft
 AmazonRedshif
tisafastandpowerful
,ful
lymanaged,
pet
abyt
e-scal
edatawarehouseser
vicei
nt hecl
oud.
Itpr
ov i
desasi mpleandcost-ef
fecti
vewaytoanal
yzeal
lyour
datausingexisti
ngBusinessIntel
li
gence(
BI)t
oolandSQL
cli
ents,r
egardlessofthesizeofdata.
I
tisdesi
gnedtohandl
edat
aset
sfr
om f
ewhundr
edgi
gaby
tet
o
apetaby
teormore
 Customerscanstartsmallforj
ust$0.25perhourwithno
commi tmentsorupfr
ontcostandscal etoapetaby
teormor
e
th
for$1000ormor eter
aby t
epery ear
,lessthana10 ofmost
otherdatabasesolut
ion.
 AmazonRedshifthandl
esal
lthedat
awarehousemanagement
act
ivi
ti
esforyou,fr
om pr
ovi
sioni
ngt
heinf
rastr
uct
ureto
aut
omat i
ngongoingadmini
str
ati
vet
askssuchasbackupand
pat
ching.
 AmazonRedshifti
s10t i
mesf asterthant r
adi
ti
onal
warehousi
ngsol
ution,
becausei tstoresthedatai
ncolumnar
for
m( col
umnardatastorage)
.i.e.i
nst eadofst
ori
ngdataasa
ser
iesofrows,
amazonr edshiftorganizedatabycol
umn.
 Datatransfer
redi
nredshi
fti
sencr
ypt
edwi
thSSL,
dat
ast
oredi
s
encry
pt edbyAES256.
(
not
e:weuseBIorsomewebi
nter
facet
ouser
edshi
ft
)
Rout
e53
 DNSisahi erar
chicaldist
ri
butednamingsy
stem f
ormachines
connectedtoanet work,i
tenablest
omapahumanr eadable
namet oamachi nesipaddress.
 Rout
e53i
sDNSser
viceofAWS.
 AmazonRoute53ishi
ghl
yavail
ableandscal
abl
eclouddomai
n
namesyst
em (DNS)webser
vice,namedaft
erpor
t53whichis
theDNSport
.
I
tprovi
dessecur
erout
ingconnect
iont
oawsser
vicesuchas
EC2,ELB,
S3.
 Route53i
snotli
mitedtoAWSinf
rast
ruct
urey
oucanmanage
ourDNSrecor
dthroughRout
e53.
 Rout
e53i
sgl
obal
ser
vice.
Benef
it
s
1.Fast
,Rel
i
abl
eandcostef
fect
ivesi
ncei
tusesedge
l
ocati
on.
2.I
tis100%av
ail
abl
e.
3.I
t’
sapayperuse.
Pr
act
ical
1.Cr
eat
eaWor
dPr
ess
Cr
eateanec2inst
ancewit
hWor dPr
ess->att
achan
el
ast
ici
p->logi
ntowebsi
te->addafil
efrom s3-
>check
whet
herthewebsi
teiswor
kingornot.
2.Logi
ntof
reenom
Gotofr
eenom -
>checkwhethert
henameisavai
lableor
not-
>checktheavai
labl
ename->sel
ect-
>continue->
l
oginusi
nggoogle,
facebookorl
i
ve>competetheform.
3.Rout
e53
Got oRoute53->DNSmanagement- >cr

eatehostedzone
->domainname( ni
rmal.
ga,giv
ethedomainnamef rom
freenom t
hatyouhavecreat
ed)->t
ype(publ
ichosted
zone)->creat
e.
 Ahostedzonei
sacoll
ect
ionofr
esour
cer
ecor
d
set
sforaspeci
fi
eddomain.
 Aresour cerecor
disanentryi
nDNSzonethat
specifi
esinformati
onaboutapar
ti
cul
arnameor
objectinthezone.
4.Got
ofr
eenom
Gotofreenom -
>service-
>mydomai n-
>managedomai n
->managementtools->nameserver->usecust
om name
ser
ver-
>copyt hevaluesf
rom hostedzone-
>pasteitt
o
nameser v
er->changenameser v
er.
(
not
e:i
tmayt
akeawhi
letofort
hedomainnameprov
ider
t
omaptheAWS nameserv
erwitht
hedomainname.
)
5.Conf
igur
ingdomai
nRecor
dSet
Sel
ectt
hehost
edzone->cr
eater
ecordset-
>name
(
www)->val
ue(el
ast
ici
poripoft
heinst
ance)-
>cr
eat
e.
 Resour
cesett
ellt
heDNShowt ohowy
ouwant
tr
aff
ict
oberoutedfort
hatdomai
n.
(note:
hereify oucl
i
ckonali
as->yes,wecansee
ali
astargettherewecanspeci
fyS3,ELB,
CloudFrontetc.)
 RoutingPol
icydet
ermineshowAmazonRout
e 53
respondstoqueri
es.
1.Si
mpl
eRout
ingPol
i
cy:
iti
susedwhenwe
haveasingleresour
cet
hatper
for
msagi
ven
funct
ionforyourdomai
n
2.Wei
ght
edRout
ingPol
i
cyi
:ti
susedwheny
ou
havemult
ipl
eresour
cest
hatper
for
mthe
samefuncti
on.
3.Lat
encyRout
ingPol
i
cy:
iti
susedwhenwe
haver esour
cesinmul ti
pleAmazonEC2dat a
centersthatperf
ormt hesamef uncti
onand
youwantAmazonRout e 53torespondt
oDNS
querieswiththeresourcesthatprovi
det
he
bestlatency.
4.Fai
l
overRout
ingPol
i
cyi
:ti
susedwhenwe
wanttoconfi
gureact
ive-passi
v efai
l
over,i
n
whichoneresour
cetakesal lt
raff
icwhenit'
s
avai
labl
eandtheotherresourcetakesall
tr
affi
cwhenthefir
stresourceisn'
tavai
labl
e.
5.Geol
ocat
ionRout
ingPol
i
cy:
iti
susedwhen
wewantAmazonRout
e 53tor
espondtoDNS
quer
iesbasedont
hel
ocati
onofyouruser
s.
6.Ver
if
ythewebpage
Openat
ab-
>www.
nir
mal
.ga.
7.Heal
thCheck
 Route53healt
hchecksmonit
ortheheal
thand
perf
ormanceofyourappl
i
cati
on'
sserver
s,or
endpoint
s,f
rom anet
workofheal
thchecker
sin
l
ocationsar
oundtheworl
d.
 wecanspecifyeit
heradomai nnameoranIP
addr
essandapor ttocreateHTTP,HTTPS,andTCP
heal
thchecksthatchecktheheal
thoftheendpoi
nt.
 wecanuseRout e53healt
hchecksf ormonit
ori
ng
andaler
ts.Eachheal
thcheckpr
ovidesCloudWatch
metr
icsthatyoucanviewandsetalarmson.
 Wecanal souseRoute53healt
hchecksf orDNS
fai
loverbyassoci
ati
nghealthcheckswithanyRout
e
53DNSr esour
cerecordset
.Thislet
syour out
e
requestsbasedonthehealt
hofy ourendpoint
s.
(
not
e:her
ewear egoi
ngtocr
eat
eheal
thcheckwi
th
r
out
ingpol
icyf
ail
over
).
1.Cr
eat
einst
ance
Create2inst
ancewithhttpdwebser ver
->oneinMumbai (Heal
thCheck1,
content
)andotherindi
fferentregi
on
(Si
ngapore,Heal
thCheck2, content
).
2.Cr
eat
eheal
thcheck
Gotohealthcheck->createhealt
h
check->name
(r
egional
heal
thcheck)->specif
icendpoi
nt
(i
p)->prot
ocol(http)-
>ipaddr s(
ipofthe1st
i
nstance,mumbai )->hostname(webprimary)
->port(
80)-
>pat h(i
ndex
.ht
ml )-
>next->
cloudwat
ch(yes)->cr
eat
eat opi
c->creat
e.
3.Cr
eat
eapr
imar
yrecor
dset
Got ohost edzone- >createarecor dset

->name( www2)- >TTL( 1m)- >value(ipof1st
i
nstance)- >r outingpolicy(Fail
ov er
)->
Fail
ov errecordt ype( pr
imar y)-
>setI D(www2
-pri
mar y,createdbydef ault
)->Associ atewith
healthcheck( yes)->Heal thcheckt o
associ at
e( regi
onal heal
thcheck, onewhi chwe
createprev i
ousl y)->sav erecordset.
(
note:
after5mi
nut
e’scheck
www2.
nir
mal.ga,i
twi
l
ldi
splay“Heal
thCheck
1”
).
Got ohostedzone- >createarecordset

->name( www2)- >TTL( 1m)- >value(pof2nd
i
i
nstance)->routingpolicy(Fail
over)->
Fail
overrecordtype(secondar y)->setID
(www2- Secondary,createdbydef aul
t)->
Associatewithhealthcheck( no)->save
recor
dset .
(note:st
opthe1stinstanceaf
ter5
minute’scheckswww2. nir
mal .
ga,i
twil
l
di
splay“ Healt
hCheck2” ).
Cl
oudFor
mat
ion
 AWSCloudFor
mat i
onal
lowsyoutoqui
ckl
yandeasi
l
ydepl
oyy
our
i
nfr
ast
ruct
ureresour
cesandappl
i
cati
onsonAWS.
I
tsi
mpl
i
fiespr
ovi
sioni
ngandmanagi
ngr
esour
cesonaws.
 Wecancr
eat
etempl
atef
ort
heser
vicesandappl
i
cat
ionsy
ouwantt
o
bui
l
donaws.
 AWSCloudFor
mati
onusest hosetemplatestoquickl
yandr
eli
abl
y
pr
ovi
si
onthoseser
vicesorappli
cati
ons,call
edstacks.
 Wecanuseresour
cesfrom over20awsser
vicessuchasEC2,
VPC,
RDS,
Redshi
ftetci
nCloudFormation.
Pr
act
ical
Got ocl oudformat i
on->createstack->selectasamplestack
(si
ngl
ei nstancesampl e–wor dpressblog)->stackname(sampl e)-
>
DBPasswor d(pragathi)-
>DBRoot Passwor d(pr
agathi)-
>DBUser
(ni
rmal)->instancet ype(t2.micr
o)->key name( sel
ectt
heexist
ing
key)-
>cr eate.
(Her
ewear
egoingt
orepr
esenthowt
ocr
eat
eawebser
veri
nst
ance
bysi
mpl
estack)
AmazonEl
ast
icTr
anscoder
 AmazonEl asticTranscoderl
etsyouconvertmediaf
il
est hatyouhav
e
st
oredi nS3intomedi afil
esi
nt hef
ormatsrequi
redbyconsumer
pl
ay backdevices.
 Paybasedont hemi nut
esthatwetranscodeandtheresoluti
onat
whichwet ranscode.
(
note:Forexample,youcanconver
tlarge,
high-
qual
it
ydi
git
almedi
a
f
il
esintoformatsthatuser
scanplaybackonmobi l
edev
ices,
tabl
ets,
webbrowsers,andconnectedt
elevi
sions.
)
 El
asti
cTranscoderhasfourcomponent
s:
1.Jobs:
Eachjobconver
tsonefi
lei
ntoupt
o30f
ormat
s.
(Forexampl e,ify ouwantt oconv er tamedi af ilei nt osix
differentf ormat s, youcancr eatef i
lesi nal lsixf or mat sby
creat ingasi ngl ejob.
Wheny oucr eat eaj ob, youspeci fyt henameoft hef il
et hat
youwantt ot ranscode, thenamest haty ouwantEl astic
Tr anscodert ogi vet ot het r
anscodedf iles, andsev eral other
set ti
ngs)
2.Pipel i
nes ar equeuest hatmanagey ourt ranscodi ngj obs.A
pipel i
necanpr ocessmor et hanonej obsi mul taneousl y.We
cant empor ar i
lyst oppr ocessi ngj obsbypausi ngi t
(Wheny oucr eat eaj ob, youspeci fywhi chpi pel iney ouwantt o
addt hej obt o.El ast icTr anscoderst artspr ocessi ngt hej obsin
api pel inei ntheor deri nwhi chy ouaddedt hem.I fy ou
conf igur eaj obt ot ranscodei ntomor et hanonef or mat ,Elasti
c
Tr anscodercr eat est hef ilesf oreachf or mati nt heor deri n
whi chy ouspeci fyt hef ormat si nthej ob. )
3.Pr eset s aret empl atest hatcont ainmostoft heset ti
ngsf or
transcodi ngmedi af ilesf r
om onef or matt oanot her .
(Elast icTr anscoderi ncludessomedef aultpr eset sf or
commonf ormat s, f
orexampl e,sever al i
Podandi Phone
ver si
ons. )
4.Not i
fi
cat ions l
ety ouopt i
onal lyconf igur eEl asticTr anscoder
andAmazonSNSt okeepy ouappr isedoft hest at usofaj ob
(whenEl ast i
cTr anscoderst ar t
spr ocessi ngt hej ob, when
Elast i
cTr anscoderf inishest hejob, andwhet herEl astic
Tr anscoderencount er swar ningorer rorcondi tionsdur ing
processi ng.Not ificationsel i
mi natet heneedf orpol l
ingt o
det ermi newhenaj obhasf inished.Youconf igur enot if
ications
wheny oucr eateapi peline.)
Pr
act
ical
Cr
eate2bucketonef orsourceandot herdesti
nati
on->add
avi
deotosourcebucket- >gotoelast
ictranscoderconsol
e
-
>creat
eanewpi pel
ine->pipel
inename- >inputbucket->
i
am rol
e(bydefaultarol
ewi l
lbeattached)->desti
nati
on
bucket- >class( userwish)->createpipeli
ne
Cr eateaj ob- >selecttheexisti
ngpi pel
ine->inputkey
(nameoft hef i
le)->preset(def
inethev ideoresol
ution)-
>
out putkey( namet heoutputfil
e,butatt heendweshoul d
giv e.mp4ext ension)->createjob
Tocheckwhet herjobiscompl etedornotcl i
ckonj obs->
sel ectthepi pel
ine- >cl
ickonsear ch.
Af terthatgot odest i
nati
onbucketandcheckt hevi
deoi s
transcodedornot .
RESOURCEGROUPS
 Resour
ceGr
oupshel
pst
ocr
eat
eacust
om consol
ethator
gani
zes
andconsol
i
datesi
nfor
mat
ionbasedony
ourpr
ojectandt
he
resour
cest
hatweuse.
I
fwemanager
esour
cesi
nmul
ti
pler
egi
ons,
wecancr
eat
ea
resour
cegr
oupt
ovi
ewr
esour
cesf
rom di
ff
erentr
egi
onsont
he
samepage.
 ResourceGr
oupscandi
spl
aymet
ri
cs,
alar
ms,
andconf
igur
ati
on
detai
l
s.
Pr
act
ical
Creat
e2i nstanceindif
fer
entregion->creat
eatagwithsame
keyanddi f
ferentvalue-
>resourcegroup->groupname( sampl
e)
->tags(sel
ectt hekeyandcorrespondi
ngvalues)-
>resourcet
ype
->save.
Lambda
 AWSLambdai
sacomput
eser
vicet
hatr
unsy
ourcodei
nresponset
o
eventsandaut
omat
ical
l
ymanagest
heunder
lyi
ngcomput
eresour
ce
foryou.
I
tcanaut
omat
ical
l
yruncodei
nresponset
omodi
fi
cat
ionst
oobj
ect
s
i
nS3bucket
,messagesar
ri
vi
ngi
nki
nesi
sst
ream,
ort
abl
eupdat
ein
dynamoDB.
 AWSLambdal
etsy
our
uncodewi
thoutpr
ovi
si
oni
ngormanagi
ng
ser
ver
s.
 Youpayonl
yfort
hecomput
eti
mey
ouconsume-t
her
eisnochar
ge
wheny
ourcodei
snotr
unni
ng.
 Justupl
oady
ourcodeandLambdat
akescar
eofev
ery
thi
ngr
equi
red
t
orunandscal
eyourcodewi
thhi
ghav
ail
abi
l
ity
.
 Youcansetupyourcodet
oaut
omat
ical
l
ytr
iggerf
rom ot
herAWS
ser
vicesorcal
li
tdi
rect
lyf
rom anywebormobi
l
eapp.
I
nshor
tlambdai
saser
vicet
oruny
ourcode,
all
youneedi
stosuppl
y
t
hecode.
 Suppor
tedpr
ogr
ammi
ngl
anguagei
sJav
aScr
ipt
.
I
tisdesi
gnedt
opr
ovi
de99.
99%av
ail
abi
l
ity
.
Pr
ici
ng
 Fi
rst1stmi
l
li
onr
equest
sisf
reet
her
eaf
ter$0.
20.
 Durati
oniscalcul
atedfr
om theti
mey ourcodebegins
executi
nguntili
tret
urnsorother
wiseter
minates,
roundedup
tonearest100ms.
 Thepricedependsupontheamountofmemoryyouall
ocat
e
toyourfunct
ion.Youar
echarged$0.
00001667f
oreveryGB
used.
Pr
act
ical
1.Runaser
ver
less“
Hel
l
oWor
ld”
Got ol ambda- >i

nf il
tertype“hell
o-wor l
d-python”- >cr eate->
name( Youcannamey ourlambdaf unctionher e.Fort hi
s
tutorial,ent erhello-world-
python)->Descr iption( Youcanent er
ashor tdescr i
pti
onofy ourfuncti
onher e.Thi si spr e-populated
with Ast arterAWSLambdaFunct ion.)->Runt i
me( Cur rentl
y,
youcanaut hory ourLambdaf uncti
oncodei nJav a, Node. j
s,or
Python2. 7.Forthi stutori
al,l
eavethison Python2. 7 ast he
runtime. )- >Lambdaf unctioncode( youcanr ev i
ewt heexampl e
codeaut hor edinPy thon.)->Handler(isamet hod/ funct i
onin
yourcode, whereAWSLambdacanbegi nexecut ingy ourcode.)
->Role(

Aws

Uploaded by

Copyright:

Available Formats

Aws

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Aws

Uploaded by

Copyright:

Available Formats

Whati

 AWS Gov Cloud (US)

Add MFA:goto act

Select the i nst

 Gener alPur pose SSD ( gp2)v olumes,y ou can expectbase

 EBSv olumesar ecreatedi naspeci fi

 Amazon EC2 uses publ ic–keycr ypt

 AutoScalinghel psyouensur ethatyouhavethecorrectnumberof

Createanaut oscal inggroupwi thexi stingl aunchconf igurati

 AmazonSi mpleSt orageSer vice(AmazonS3)i sobj

 Standard s3 st orage: This st orage cl ass i s i deal for

 Objects ar chived t o Amazon Glacier are not

 The Amazon S3 noti

(note: GET, HEAD, OPTIONS, PUT, POST, PATCH,

7.Cached HTTP met hod -Speci fy whet her y ou want

 Mainly used to securely ser

2.Cachedv olume: westoreourdatainS3

 SWFenabl est heappl

 ByVPC, wecanhav ecompl

 Anet workACLcont ainsanumber edli

Nowl aunchani nst

GotoDy namoDB- >createtabl

Got oRoute53->DNSmanagement- >cr

Got ohost edzone- >createarecor dset

Got ohostedzone- >createarecordset

Got ol ambda- >i

You might also like