CLOUD COMPUTING & DEPLOYMENT MODELS Threat Detection

Advantages Benefits Computing Models Business Management - Strategy

- Assurance
- Application
- Global in Minutes - High - IAAS
- No Data Center Spend Availabili - SAAS
- Economies of Scale ty - PAAS Data - Monetization
- Speed and Agility - Elasticity - Science
- Capacity is demand - Agility
based - Durabilit Deployment Models Biz Insight
- Low Capex y
Platform Architecture & - Platform
- Private Engineering - Data
- Public
- Hybrid
Continuous Integration / Continuous Delivery (CI/CD)

REGIONS AND AVAILABILITY ZONES Modern Application Development

Regions Availability Zones Multi-AZ Provisioning and Orchestration

- Global & Made of multiple - Provide Operations Management - Event (AIOPS)

made of > 2 data Centers high - Incident and Problem
AZ availability - Change and Release
- Physical - Performance and
Locations Capacity
- Resource & - Configuration
Service - Patch
Specific - Availability and Continuity
(Isolated) - Application

Observability
EDGE LOCATION LOCAL ZONE

Governance Management - Program and Project

Ensures low latency, with closer Extension of a region to enable
resources real-time Benefits
- Risk
CLOUD ADOPTION FRAMEWORK - Cloud Financial
- Application Portfolio
4 Phases: Envision, Align, Launch, Scale
Data - Governance
Well-Architected Framework
- Curation
- Security
- Cost Optimization
- Reliability People Transformation - Leadership
- Performance Efficiency - Workforce
- Operational Excellence
- Sustainability
Perspectives & Foundational Capabilities Organization - Design
- Alignment

Security Security - Governance

- Assurance Cloud Fluency
- Application

Protection - Infrastructure
- Data

Management - Identity and Access

- Vulnerability

Incident Response
 TCP, UDP metaData Standard Standard-
TLS HighThroughput Infrequent
- Durability (11 Low latency Access
Connecting to an EC2 Instance 9s) Frequently (S3
EC2: ELASTIC COMPUTING - Scalability Accessed data Standard-
- Security IA)
Instance SSH System RDP (Bucket - Intelligen
Pricing Options Description
Connect Manager Policies, t Tiering Accessed Less
Access Automatically moves frequently
On Demand - Low costs, no upfront payment or Control lists) data Rapid Access when
commitments - Versatility Savings needed
Linux Yes Yes Yes
Fixed pricing billed by - Cannot interrupt unpredictable
the second workloads Each Object stored in S3 Unpredictable
- Developing Applications has data, key and access patterns - One Zone-
- Workload running < 1 year metadata Infrequent
Access
Spot - Take advantage - Not concerned with start or stop
of unused EC2 capacity times One AZ
- Can interrupt workload ● Elastic Container Registry (ECR): Store share and deploy Cost Effective
90% off demand prices - Very low compute prices are container software
needed ● Elastic Container Service (ECS): Take from ECR and put into Secondary backup
- Cheapest option containers: Docker and Docker Composed CLI
- Only available when there is ● EKS: Take from ECR and put into containers supports Kubernetes
excess - Glacier
Instant
Reserved Instances - - Steady state usage an can commit Retrieval
Commit to a specific - Pay money upfront EC2 STORAGE OPTIONS
instance type for 1 - 3 - Application requires a capacity Archive Storage
year reservation EBS EFS INSTANCE STORES Instant Retrieval
- Standard (cheaper) VS (Fastest)
Discount up to 72% Convertible (less cheap) - Elastic Block - Elastic - Temporary
Store File Stores - Glacier
- Directly System - High I/O Flexible
Dedicated Hosts - - Bring your own server-bound
attached - Fully Performan Retrieval
Physical Server fully software license like microsoft or
dedicated to running oracle - Persistent Manage ce
Storage d - Temporary Archive Storage
instances - regulatory/corporate compliance
- Highly - Automati Storage Not Immediate but
requirements
Available & c Scaling - No Extra within mins
70% off demand prices
Dedicated Host = Server Durable - Concurre Cost
- Scalable nt - Cache or 1-2 times a year
Dedicated Instance runs on host
- Snapshot Access buffers
Capabilities (Multiple - Glacier
Savings Plans - Good - Savings Plans Deep
for across compute - Flexibility - Encrypted EC2
- Hosting instance Archive
services
relational / s)
No SQL - Growing Archive Storage7
EC2 COMPUTE FEATURES Databases storage years or longer
needs
Volume Types Slow retrieval times
Load Balancers Auto Scaling Compute Optimizer
SSD = High IOPS
(frequent read/ write),
- Classic - Horizont - AWS
General purpose /
(Layer 4/7) al Compute
Provisioned IOPS
- Gateway - Vertical Optimizer
HDD = Throughput
(Layer ¾) - SAAS
Optimized HDD volumes
- Application - PAAS
/ Cold HDD Volumes
(Layer 7) FSx - specially designed Elastic Disaster
HTTP, Recovery
HTTPS, S3 S3 Classes
GRPC
- For Windows - Seamles - Recovery
- Network
Object Storage: Data & - S3 - S3 workloads s for swift
(Layer 4)
 Integrati recovery regions - SQL
on - Built in DDos Server
- Cost protection
Effective - Integrates Neptune Database Migration Service
with other
Storage Gateway AWS Backup AWS
Services - Graph - Crucial for migrating databases with
Database minimal downtime
S3 File Gateway Keeps data in cloud- Centralized Backup Route 53 (DNS) Hybrid Networking with Direct Connect & VPN handling - supports both homogeneous and
native format management data with heterogeneous database migrations,
complex meaning you can migrate databases
Volume Gateway Provides block Automated Backup - Domain - Site-to-Site VPN relationsh from one database engine to another
storage volume scheduling name VPN (Secure ips or from on-premises databases to
Offers stored and registrati connection - Encrypted AWS databases.
cached vollumes on between on- over public
- Geolocati premise internet AWS Schema Conversion Tool (SCT)
on network and - Cost - helps automate the process of
Tape Gateway For archiving data Encryption &
routing a VPC over effective converting database schemas from
compliance
- Scales internet) - Quick & one database engine to another.
automatic - AWS Client easy setup
FSx File Gateway Extend on-premise Cross-region & Account ally VPN (Secure
file system backup remote
access to Direct Connect
DEVELOPMENT, MESSAGING & DEPLOYMENT
AWS VPC) - Large-
scale data
transfer Continuous Integration (CI) Continuous Deployment (CD)
- Consistent
performan - Integrating or merging - Automating the build, test
ce small code changes and deployment functions
- Sensitive frequently (min 1/ day) - Bugs are caught early
Data
- Real time AWS Development Tools

CodeCommit (Source & Version - store and version control

control) their code repositories
DATABASE TECHNOLOGY & SERVICES
securely in the cloud
CONTENT DELIVERY & NETWORKING TECHNOLOGY & SERVICES
Relational No-SQL (DynamoDB) In-memory
CodeBuild (Automated build) - compiles source code, runs
Database (RDS) (MemoryDB REDIS)
AWS CloudFront AWS Global Virtual private cloud tests, and produces
Accelerator (VPC) deployable artifacts. It
- Structure - Flexibility - Ultra fast integrates with popular build
d& with key Data tools and supports custom
- Caching - Improves - Logically Organize value pairs Access build environments,
Content application isolated d - designed for - Auto enabling developers to
in performance section of - Rows & applications replicate automate and streamline
multiple - Traffic the AWS Columns that require data the build process for their
data through cloud for - Complex single-digit across applications.Packages
centers AWS AWS queries millisecond multiple
(edge optimized resources - Transacti latency at AZ
locations) paths CodDeploy (Automated - automates the deployment
onal any scale. - Data
- Videos / - Global user Deployment) of applications to AWS
applicatio - Mobile, Web, durability
Applicatio bases, high instances and on-premises
ns Gaming and - High
n / Data traffic servers
IOT availability
events, Engines: - Auto Scale - Leaderboa
multi-region - MySQL - Allows to rds CodePipeline (Manages Workflow) - continuous integration and
applications - PostgreS build security continuous delivery (CI/CD)
- Simplifies QL sensitive service that orchestrates the
traffic - MariahD applications entire software release
management B process.End-to-End.
across - Oracle
AWS Cloud Shell AWS CLI - Best effort ordering - Strictly preserved queue the same
- Message delivered at - Message delivered once time
least once - No duplicates
- Browser based shell - A command line tool used - Occasional duplicates X-Ray
with AWS CLI pre- to manage AWS services
installed
Short Polling Long Polling
- End to End view of requests as they travel through the application
AWS Cloud9 Pre-Installed Tools - Used for troubleshooting
- Response returned - Periodically polls the queue
immediately even if no and only returns a response
- Browser based IDE - Most popular programming messages are in when a message is in the MIGRATION & TRANSFER TECHNOLOGY SERVICES
languages queue queue or the timeout is
- A cost per response reached Snow Family Transfer Family Database Migration
AWS CodeArtifect 10 TB or more to Service
Simple Email Service (SES) migrate to AWS not File sharing with
over network external parties
- Artifact Repository, easy to find software versions they need
- Artifacts like documentation, complied applications, deployable - Send richly - Marketing - Unlinke - Snowball - Transferred - .Migrates
packages & libraries formatted campaigns SNS, it (>10 TB) in: SFTP databases
- Third-party, or in-house developed HTML or provides - Snowball GET and
- Approved packages and can publish on their own emails confirmation rich content Edge - Transferred analytics
- Automating the build, test and deployment functions from of an order (>10 TB, out: SFTP workloads
- Bugs are caught early application needs to PUT to AWS
s process - Multiple - From EC2,
Decoupling Application Components the data) protocols on-
Amazon EventBridge - Snowmo supported premises
Coupling Tight Coupling Loose Coupling bile (> 10 or RDS.
- Interdepen - Highly - Connected PB)
Event bus service provided by Amazon Web Services (AWS) that makes it - Snowcon Not confusing SCT:
dencies or dependent to each easy to connect different applications and services together using events.
connection on each other but e (Small Convert one type of
s between other. not & database to another
Step Functions CloudFormation ElasticBeanstalk portable,
component Whole dependent
s of a system on each military
system down if one other grade up
- Visualize - Deploy - Deploys
part fails to 14TB)
your AWS and scales
serverless resources web
Simple Notification Service (SNS) application using applications DataSync Application Discovery Application
- Automate Infrastructur & Service migration services
trigger and e as code application
- Send or - Pub-sub - Topic is an track each approach server - Securely - Gathers data - Automated
push model. access step - Resources platform transfer about Lift-and-
notification - Subscribers point, - Log state defined in - Provisions TB of existing on- Shift
s (SMS, must allowing of each template AWS data to premises - AWS
text subscribe to subscribers step written in resources S3, EFS, application replication
messages a topic to receive YAML or for you FSx serves and agent
& Email) notifications JSON - Supports - Supports databases - Migrate
- Quickly popular NFS, - Agent to application
Simple Queue Service (SQS) provision languages SMB or collect the s on
AWS - OS object data or physical,
resources in application stores agentless by virtual
- Distributed - Allows to - Pull-base, - Data can deploying on servers
consistent server
message decouple consumers be VMware other
way with updates &
queuing components pull transferre vCenter cloud
few errors monitoring
system of an messages d from systems providers
- deploy a health
application from queue on- - Server or AWS
complete checks
so they are premises Inventory, accounts
copy of your
independent or configuration or regions
production
environment another , operating
Standard Queues FIFO Queue across cloud system, - AWS
multiple provider capacity migration
regions at - Inflight usage, hup
 encryptio networking data) - Object recognition
n - Used to
- End-to- develop a OpenSearch Managed Streaming QuickSight
end data migration for Apache Kafka AUDITING, MONITORING & LOGGING
validation plan (MSK)
CloudWatch CloudTrail Tags
AWS Migration Hub Int with Application Discovery, Application Migration - Fully - Process - Connect to
and Database migration. Group servers together managed streams of AWS data
logically foir tracking and plaing - Collect - Track - .Helps
Elasticse events from and on-
and Actions over group &
arch hundreds of premises
visualize the course of visualize
- Compatib event data
specific time resources
ARTIFICIAL INTELLIGENCE, MACHINE LEARNING & ANALYTICS le with sources sources
metrics in - Audit logs - Key value
open- - Real-time - Build
a pair:
source data Dashboard
RedShift & RS Kinesis Athena cloudwat project etc.
API streaming s
Serverless ch - Needs
(kibana, applications - Analyze
dashboar tagging
logstash) Sales
- A data - Collect, - Interactive d plan
- Ingest performan
warehous process and query - Alerts - Cloudwatc
data from ce, app
ing analyze service in through h, usage
AWS usage,
service streaming S3 CloudWa reports
services marketing
- Massive data in - Query tch
parallel realtime data Alarms
SageMaker Lex Kendra - Logs
processin - Kinesis stored in
g Streams: S3 using stored
- Serverles Data & std SQL indefinitel
- Import - Conversatio - Add
s has no Video - No y
data from nal Chatbots custom
infra to streams configurati S3, search to
manage - Kinesis on of Athena app System Manager AWS Health Trusted Advisor
- Highly Firehose: infrastruct RedShift - Uses NLP
scalable Captures ure - Help to - Structured
- Huge transforms - Querying - Leverage - Monitor if - One-stop
identify or semi-
amount and loads log files or s Tags to systems are shop for
errorsin structured
of data data generating create offline best
data, bias - Simple
- Online continuously reports resource - Alerts on practice
- Build fact based
Analytics into data from S3 groups resources in advice
model questions
Processi stores data - Paramete account - Basic
- Train the - Descriptiv
ng r Store advice free
model e
(OLAP) ( store - Advance
- Deploy questions
encrypte support
the
d plan is a
Glue Data Exchange Elastic Map Reduce model
secrets) paid plan
(EMR)
Polly Comprehend Textract, transcribe,
Config & Auditing Well-Architected Tool Additional Services
- Prepares - Lets you - Fully translate
data for subscribe to managed
analytics data Big data - Natural - NLP to - As - Backbon - Audit - Amazon
and ML products (Open sounding process text described e of Architecture Connect
- Catalogs from 3rd sourceL speech, - Sentiment Trusted - Access (Call
data parties Apache saved to analysis - Advisor workloads center)
- Extracts - Create your Spark, S3 - Intelligent - Set rules - Access - Amazon
- Transfor own data Presto, - Various search and based on the Workspac
ms products in Hadoop) language check 6 pillars of es
- Loads analytics ML - Petabyte s config in well- (Securely
and decision scale account architected provision
making (parallel - Send framework remote
Rekognition
data data to - Generate desktops)
processing - Trusted action plans - Amazon
and - Image & Video analysis Advisor to achieve Appstream
analysis - Content moderation for reliable and (convert
for str and - Identity recognition operation cost- app into
unstru al reports effective web-
 AWS Budgets allows you to create alarms on forecasted charges as well as
and Audit architecture browser Keys filtered alarms in case you need to include specific Regions or services of
manager based ● EBS & RDS is encrypted by KMS. RDS encryption needs to interest.
for audit SAAS) create a copy first.
reports ● Certificate manager for encryption in transit for TLS certificates
● Parameter Store → keep encrypted secrets
● Secrets Manager → auto Rotating of secrets

SECURITY, COMPLIANCE & GOVERNANCE

Shared Responsibility Model PRICING, BILLING & SUPPORT

CUSTOMER, Customer Data Advantages Benefits Computing Models

responsible for
security IN the Platform, Applications, Identity & Access Management
cloud (IAM) - Trade fixed - High - IAAS
● These three services (Lambda, DynamoDB, and Fargate) are key expense for Availabili - SAAS
Operating System, Network & Firewall Configuration components of a fully serverless architecture and can help the variable ty - PAAS
company build scalable, cost-effective applications without the expense - Elasticity
need for traditional servers or infrastructure management. - Benefit from - Agility
Client-Side Data Server-Side Networking
Encryption & Encryption (File Traffic ● DDOS attack → AWS Shield economies of - Durabilit
Data Integrity System and/or Protection ● SQL injections → Web Application Firewall (WAF) scale y
Authentication Data) (Encryption) ● Inspector → Auto access app vulnerabilities - Stop
● Guard Duty → Threat detection service guessing
AWS, Software capacity
● Key Management Service → control cryptographic keys
responsible for - Increasing
● AWS Detective → helps organizations analyze, investigate,
security OF - Compute speed and
and identify security issues and suspicious activities across
the cloud - Networking agility
their AWS accounts.
- Database - Stop
- Storage ● AWS Macie → discover, classify, and protect sensitive data
spending on
stored in AWS using machine learning
data center
Hardware / AWS Global Infrastructure - Global in
● Cost explorer based on 12 months of data to forecast
minutes
● Pricing calculator is to estimate
Regions Availability Edge Locations
Zones
● Security group → stateful,instance level Services

Well-Architected Framework: Security ● Network ACL → stateless, subnet-level, process rules in

order starting with lowest numbered
● Billing Conductor
- Identity & Access Management (IAM): Least Privilege) ○ Supports billing & reporting workflows by
● AWS Outposts enables you to run AWS infrastructure and services
- Data Stewardship & Encryption customizing billing rates, distributing credits and
on premises while seamlessly connecting to the AWS cloud.
- Network Security fees and shared overhead costs
Hybrid.
- Application Security ● Cost Explorer
● AWS Control Tower automate Best-practices config rules and SCP
- Compliance ○ Visualize and forecast your actual AWS costs
- Security Management ● Pricing Calculator
● Lambda → Ideal for computing tasks under 5 mins and not
○ Cost estimate to fit unique businesses, Total cost of
for consistent application.
ownership.
● IAM policies applied to users, user groups or IAM roles which ●
can be then applied to resources Budgets.
● IAM identity center: leverages SSO , take on an IAM role Support Level
● Common encryption at rest, S3 encrypted by SSE-S3 Managed
 ● Developer
○ Service quota and basic security translate advisor
checks (no phone or chat support)
● Enterprise
○ Enterprise support level is the highest support level
and includes everything from Technical Account
Management, concierge-like billing support, and
Incident Detection and Response.
● Business
○ Business-level support includes a full set of Trusted
Advisor checks.

Well architected framework

● Internet Gateway allows public traffic to the internet from a VPC
● NAT Gateway resides in public subnet, but helps provide internet
access to instances in private subnets
Trusted advisor
Docker & Kubernetes
Cloud adoption framework
Subnet and VPC