AWS Certified Solutions Architect – Associate (SAA-C02) – Cloud Services Overview

AWS Overview

The Cloud

• Internet-based solution
• Cloud operates on physical servers
• There’s limited knowledge of hardware location and their capabilities
• Clouds may be limited to a single organization (enterprise clouds), or be available to many organizations (public cloud)

Cloud Computing

• On-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user
• Processing on the Internet or a private network where the exact processor location is unknown
• The use of AWS can reduce hardware, operational and deployment costs;

AWS Benefits

Cloud Computing Deployment Methods

1. Full Cloud Deployment/ All-In Cloud Deployment
   • All Components are in the cloud, including databases, processing, storage etc.
   • Nothing is available on-premises
     
     
2. Hybrid Deployment
   • Some resources are internal, while others are in the cloud
     • e.g. long-running processes on the cloud while others internally
     • e.g. archiving on the cloud as data is not needed for fast retrieval
       

Cloud Service Models

1. Infrastructure as a Service (IaaS)
   • The entire infrastructure is in the cloud, servers, network services etc.
   • Platforms and software run on other’s infrastructure
   • You must manage it all
     
     
2. Platform as a Service (PaaS)
   • You don’t manage the infrastructure
   • Applications are deployed onto the platform instead
   • Typical web hosting model
     
     
3. Software as a Service (SaaS)
   1. Someone else develops the software, and you use it from the cloud
   2. Early examples include email services (e.g. Gmail)
      

AWS Foundation Services

Compute	Storage
EC2 – Elastic Compute Cloud; the leading focus service of the exam; this is how to build an instance; manual setup & configuration. Elastic Beanstalk – application-based environments that can be easily spun up; auto-config based specs; Lambda – serverless apps; run code without servers; ECS – Elastic Container Service;	S3 – Simple Storage Service; primary object storage; objects in buckets; EFS – Elastic File System; in relation to EC2 volumes/ drives; Glacier – archives; the least expensive storage option;based on non-frequent access; Storage Gateway – how to access cloud storage locally;

Databases

Migration

RDS – Relational Database Service; a fully managed service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud;  DynamoDB – NoSQL; a key-value and document database that delivers single-digit millisecond performance at any scale;  ElastiCache – a service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud;  Amazon Redshift – a fully managed, petabyte-scale data warehouse service in the cloud;

Amazon Migration Hub  – importing data/ VMs into AWS; a single place to discover your existing servers, plan migrations and track the status of each application migration;  App Discovery Service – helps enterprise customers plan migration projects by gathering information about their on-premises data centers;  Database Migration Service  Server Migration Service  Snowball – service that uses physical storage devices to transfer large amounts of data between S3 and onsite data storage location at faster-than-internet speeds;

Network & Content Delivery

Mgmt & Governance

VPC – Virtual Private Cloud, a virtual network dedicated to an AWS account. It is logically isolated from other virtual networks in the AWS Cloud;  CloudFront – a web service that speeds up distribution of your static and dynamic web content, such as HTML, CSS, JavaScript, and image files, to your users;  Route 53 – a highly available and scalable cloud Domain Name System (DNS) web service.  API Gateway –  management tool to create, configure, and deploy an APIs;  Direct Connect – used to establish private connectivity between AWS and a private data center, office, or the collocated environment;

CloudWatch –  a monitoring and management service that provides data and actionable insights for AWS, hybrid, and on-premises applications and infrastructure resources;  Auto Scaling – a service that lets you build scaling plans that automate how groups of different resources respond to changes in demand;  Organizations – an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage;  CloudFormation – a service that gives developers and businesses an easy way to create a collection of related AWS and third-party resources and provision them in an orderly and predictable fashion;  CloudTrail – a service that enables governance, compliance, operational auditing, and risk auditing of an AWS account;  Trusted Advisor – it helps to observe best practices for the use of AWS by inspecting environment to save money, improve system performance and reliability, and closing security gaps;  Config – a service that enables you to assess, audit, and evaluate the configurations of your AWS resources;

Analytics

Sec & Compliance

Kinesis – a service for processing big data in real-time. It is capable of processing hundreds of terabytes per hour from high volumes of streaming data from sources such as operating logs, financial transactions and social media feed;

IAM – Identity and Access Management; It enables you to manage access to AWS services and resources securely.  Cognito – a simple user identity and data synchronization service that helps you securely manage and synchronize app data for your users across their mobile devices.  Inspector – an automated security assessment service that helps improve the security and compliance of applications deployed on AWS;  CloudHSM –  a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud;  Directory Services – it lets you run Microsoft Active Directory (AD) as a managed service;  WAF – Web Application Firewall;  Shield – a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS;

App Integration	Cost Mgmt
SNS – Simple Notification Service;  a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications;  SQS – Simple Queue Service; a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless application;	AWS Cost Explorer – it lets you visualize, understand, and manage your AWS costs and usage over time;  AWS Budgets – give you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount;

Media Services	End User Computing
Elastic Transcoder – a media transcoding in the cloud;  Kinesis Video Streams – a service that makes it easy to securely stream video from connected devices to AWS for analytics, machine learning (ML), playback, and other processing.	WorkSpaces –  a cloud-based virtual desktop that can act as a replacement for a traditional desktop;  AppStreams 2.0 – a fully managed application streaming service. You centrally manage your desktop applications on AppStream 2.0 and securely deliver them to any computer;

Shared Responsibility Model

AWS customer is responsible for the security of their data and client-side ops, while AWS is responsible for the security of its services and infrastructure.

Regions and Availability Zones

Regions – a physical location or a boundary within AWS that consists of two or more Availability Zones.

Availability Zone – one or more discrete data centers with redundant power and networks; housed in separate facilities;

Edge Areas – endpoints for AWS, which are used for caching content. They are typically consisting of CloudFront, Amazon’s Content Delivery Network (CDN).

Links

AWS Shared Responsibility Model

AWS Regions and Availability Zones