IAM

•    IAM : Identity and Access Management

•    a web service that helps you securely control access to AWS resources

•    authenticated (signed in) and authorized (has permissions)

•    AWS account root user

•    don't use the root user for your everyday tasks

https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

https://docs.aws.amazon.com/ko_kr/IAM/latest/UserGuide/id_roles_terms-and-concepts.html

IAM Features

•    Shared access to your AWS account

•    Granular permissions

•    Secure access to AWS resources for applications that run on EC2

•    Multi-factor authentication (MFA) • FIDO ( FastID Online)

•    Identity federation

•    Identity information for assurance • Integrated with many AWS services

https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html https://en.wikipedia.org/wiki/FIDO_Alliance

Term

•    User : user/application

•    Group : group of user

•    Roles : temp deligate permission • Policy : group of permission • Permission :

https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html

Database

•     RDBMS

•     RDS

•     Aurora

•     Redshift

•     NoSQL

•     DynamoDB

•     ElastiCache

•     DocumentDB

•     Neptune

•     QLDB

•     Keyspace

•     Timestream

https://aws.amazon.com/products/storage/

RDS

•    Relational Database Services

•    DB Engine

•    Aurora Mysql, Aurora PostgreSQL compatitable

•    Oracle, SQL Server, MySQL, PostgreSQL, MariaDB

•    Compared to EC2 hosting • manual install, management

•    RDS hosting

•    Install, DB Upgrade, Backup/Recovery

•    Availability, scalability

•    Can not access to OS, no env change • Can not get db superuser

https://towardsdatascience.com/running-mysql-databases-on-aws-ec2-a-tutorial-for-beginners-4301faa0c247?gi=475061565578

RDS

https://towardsdatascience.com/running-mysql-databases-on-aws-ec2-a-tutorial-for-beginners-4301faa0c247?gi=475061565578

High Availability

•    24x7

•    Up and Running and Accessible

•    <> SPOF

•    Backup/Recovery > Up/Run/Access

•    How to reduce time

•    Redundant

•    Single Master, Active/Standby, Master/Slave ( cf, multi master )

•    Failover with Failover Detection ( Not Active ) • Performance Test > Load Test

https://medium.com/awesome-cloud/aws-difference-between-multi-az-and-read-replicas-in-amazon-rds-60fe848ef53a https://aws.amazon.com/premiumsupport/knowledge-center/rds-fail-over/

RDS HA

https://aws.amazon.com/rds/ha/ https://aws.amazon.com/rds/features/multi-az/

RDS HA

https://medium.com/awesome-cloud/aws-difference-between-multi-az-and-read-replicas-in-amazon-rds-60fe848ef53a

Database HA Failover/SwitchOver

•    FailOver

•    Availability Zone failures

•    Primary DB instance compute node failures

•    Networking issues with the primary DB instance

•    Storage or Amazon Elastic Block Store (Amazon EBS) volume issues

•    Cluster Endpoint

•    FailOver Time • Min 30-60s • Binlog

•    Sync/Async

•    Format : STATEMENT/ROW/MIX

https://docs.aws.amazon.com/ko_kr/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html#Concepts.MultiAZ.Failover https://aws.amazon.com/premiumsupport/knowledge-center/rds-fail-over/ https://severalnines.com/blog/introduction-failover-mysql-replication-101-blog/

https://severalnines.com/blog/database-switchover-and-failover-drupal-websites-using-mysql-or-postgresql/

RDS Backup/Restore

•    Backup

•    Daily Backup, 35 days keep on S3

•    Snapshot

•    User defined

•    Restore ( cf. recovery )

•    From backup

•    From instance

•    Recovery

•    Checkpoint

•    Redolog

•    Point In Time Recovery

•    Last 5 min

https://aws.amazon.com/rds/features/backup/

https://learn.microsoft.com/en-us/answers/questions/214377/recovery-vs-restore

RDS Monitoring

•    CloudTrail, CloudWatch

•    Standard

•    Ehhanced

•    Event Notification

https://docs.aws.amazon.com/ko_kr/vpc/latest/userguide/what-is-amazon-vpc.html https://aws.amazon.com/blogs/architecture/one-to-many-evolving-vpc-design/

RDS Security/Encryption

•    Data In transit

•    Data at rest

•    Encryption

•    Storage

•    Automated Backup

•    Read Replica

•    Standby Replica

•    Snapshot

•    Encryption Key

•    TDE

https://aws.amazon.com/rds/features/backup/

Aurora

•    RDS Use EBS

•    Auror use distibuted storage fleet

•    Share Storage, Cluster Volume, Single Virtual Volume

•    Instance Node <> Data Storage

•    Add storage by 10GB unit

•    Storage Replication

https://www.youtube.com/watch?v=0IeLKyBl3CM

https://www.lastweekinaws.com/blog/aurora-vs-rds-an-engineers-guide-to-choosing-a-database/

https://assets.amazon.science/dc/2b/4ef2b89649f9a393d37d3e042f4e/amazon-aurora-design-considerations-for-high-throughput-cloud-nativerelational-databases.pdf

Cluster Volume

https://aws.amazon.com/blogs/database/amazon-aurora-as-an-alternative-to-oracle-rac/ https://aws.amazon.com/ko/blogs/korea/amazon-aurora-under-the-hood-quorum-and-correlated-failure/

RDS Mysql vs Aurora Mysql

https://medium.com/awesome-cloud/aws-difference-between-amazon-aurora-and-amazon-rds-comparison-aws-aurora-vs-aws-rds-databases-

60a69dbec41f

https://d1.awsstatic.com/events/reinvent/2019/REPEAT_Amazon_Aurora_storage_demystified_How_it_all_works_DAT309-R.pdf

ACID / BASE

•    ACID

•    Atomicity

•    Consistency

•    Isolation

•    Durability

•    BASE

•    Basically Available

•    Soft State

•    Eventually Consistent

https://www.geeksforgeeks.org/acid-model-vs-base-model-for-database/

CAP Theorem / PIE

•    CAP

•    Consistency

•    Availability

•    Partition Tolerence

•    PIE

•    Pattern Flexibility

•    Infinite Scale • Efficiency

https://chbussler.medium.com/database-theorems-444f27f911c6 https://en.wikipedia.org/wiki/CAP_theorem http://eincs.com/2013/07/misleading-and-truth-of-cap-<span s

Distribution

•    Partition : key

•    Split into

•    Sharding : key

•    Split into, manual rebalancing

•    Isolation : model • Gather into

•    Cluster : block

•    Gather into, auto rebalancing

https://chbussler.medium.com/database-theorems-444f27f911c6 https://en.wikipedia.org/wiki/CAP_theorem http://eincs.com/2013/07/misleading-and-truth-of-cap-theorem/ https://learning-notes.kovacevic.dev/Databases/Theory/PIE-Theorem

Redshift

•    DataWarehouse

•    Based on PostgreSQL

•    Columnar Storage

•    Multiple Compute Node • Dense, Leader

•    Data Distributed in Compute Node • EVEN, KEY, ALL

•    Redshift Spectrum

•    Read from S3

https://docs.aws.amazon.com/ko_kr/vpc/latest/userguide/what-is-amazon-vpc.html https://aws.amazon.com/blogs/architecture/one-to-many-evolving-vpc-design/

DynamoDB

•       NoSQL, key-value

•       Collections – Table

•       Atrribute – Column (key-value pair)

•       Item – Row – one or more attribute

•       Partition

•       PrimaryKey, datatype

•       PartitionKey, Hashkey : Primary Key One Partition : Simple Primary Key

•       Sort Key, Range Key = Composite Primary Key

•       Partition Key = Not Unique, Partition Key + Sort Key : Unique

•       Scan, Query

•       Secondary index

•       Global secondary index

•       Local Secondary Index

•       Base table, projected attributes

•       DAX : DynamoDB Accelerator : memory caching https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html

DocumentDB

•    NoSQL

•    Managed service

•    Compatible with MongoDB

•    3 AZ, 6 Replica = 99.99 Availability

•    PITR : Point In Time Recovery, Saved in S3 • Ecryption Support

https://docs.aws.amazon.com/documentdb/latest/developerguide/what-is.html

ElastiCache

•     Caching

•     Mananged Service

•     Redis, Memcached

•     Unser 1 ms

•     Shard = cluster node

•     Every node has same type, same size

•     SSSN : 1 node, no shard

•     SSMN : 1 shard, 6 node ( rw 1node, max 5 read node ) • MSMN : M shard, max 6 node per shard, softlimit 90 node • Multi shard :

https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.html

Neptune

•    Managed Service

•    Graph Database, Germlin, RDF, SPARQL

•   

3 AZ, 6 replica : 99.99 Availability • Eg : social network

https://docs.aws.amazon.com/neptune/latest/userguide/intro.html https://jiwonny.github.io/projects/aws-neptune-1/

https://aws.amazon.com/blogs/database/populating-your-graph-in-amazon-neptune-from-a-relational-database-using-aws-database-migrationservice-dms-part-2-designing-the-property-graph-model/

QLDB

•    Quantum Ledger

•    Journal

•    Blockchain

•    Amazon Ion

•    PartiQL

https://docs.aws.amazon.com/qldb/latest/developerguide/what-is.html https://docs.aws.amazon.com/qldb/latest/developerguide/ledger-structure.html https://amazon-ion.github.io/ion-docs/ https://partiql.org/

Keyspace ( for Apache Cassandra)

•    Managed service

•    Compatible with Apache Cassandra

•    Performance at scale

•    Region service

https://docs.aws.amazon.com/keyspaces/latest/devguide/what-is-keyspaces.html https://www.youtube.com/watch?v=bwGPdj1nLwg

https://www.youtube.com/watch?v=4ZnlZCbbN_A&list=PLORxAVAC5fUVMfzfZSJmroZvnaZWVb1QT&index=9

Timestream

•    Time series Database

https://docs.aws.amazon.com/timestream/latest/developerguide/what-is-timestream.html

Storage Services

•     AMI

•     Instance Store Volume

•     S3

•     Glacier

•     EBS

•     EFS

•     FSx :

•     Storage Gateway

•     Snowball • Datasync

https://aws.amazon.com/products/storage/

AMI

•    Includes OS/env/application server/application

•    Instance store-backed AMI : backup from S3

•    EBS-backed AMI

•    Instance Root device • Instance Root Volume:

•    Booting image

•    OS/env/application server

•    custom application • Block device mapping

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ComponentsAMIs.html

https://medium.com/awesome-cloud/aws-difference-between-ebs-and-instance-store-f030c4407387

Instance Store / EBS

•    Direct connected block device storage to EC2

•    Ephemeral

•    Instance Stop Not supported

•    Local Storage

•    No Snapshopt

•    No Persistent

•    SSD, HDD

https://aws.amazon.com/ko/premiumsupport/knowledge-center/instance-store-vs-ebs/

https://aws.amazon.com/ko/premiumsupport/knowledge-center/create-ami-ebs-backed/

Instance Store-backed

hvm vs paravirtual

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/virtualization_types.html

AWS Solutions Architect

    Colin Kang

EC2 Launch

•    AMI : OS / architecture (x86/Arm)

•    Instance Type : t2.micro ( 1vcpu/1GB ) – x2iden.32xlarge (

128vcpu/4098GB)

•    Keypair

•    Network : VPC/subnet/securitygroup

•    Storage : root + new

•    Advanced

•    IAM/PlacementGroup/Tenancy (shared/dedicated)/Tag

https://docs.aws.amazon.com/efs/latest/ug/gs-step-one-create-ec2-resources.html/

EC2 Launch with Template

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html/

EC2 AMI

Amazon Machine Image

•    Quick Start AMI : Linux/Mac..

•    Marketplace AMI

•    Vendor provide

•    Community AMI

•    Private AMI

•    User defined

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html

EC2 Instance ( vcpu/mem/bandwidh

•    Geneal Purpose : T3, T2, T5, M6, M5, M4, M3

•    Compute Optimize : C5, C4, C3

•    Memory Optimze : X1e, X1, R4, R3

•    Accelerated Computing : GPU : P3, P2, G3, F1

•    Storage Optimized : H1, I3, D2

•    HPC Optimized : High Performance Compuing : Hpc6id, Hpc6a

https://aws.amazon.com/ec2/instance-types/

Network

VPC : • Isolated Network

•    Subnet :

•    VPC sub network

https://en.wikipedia.org/wiki/CAP_theorem

https://www.geeksforgeeks.org/difference-between-shared-nothing-architecture-and-shared-disk-architecture/

PlacementGroup

•    Default : distributed

•    Placement group : interdependent instances

•    Cluster : packs instances close together inside an Availability Zone

•    Partition : spreads one partition do not share the underlying hardware, eg Hadoop

•    Spread : strictly places distinct underlying hardward

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

Storage

EBS volume : SSD, HDD / IOPS

•     Attach multiple EBS storage volume

•     snapshot

•     Instance Store Volume :

•     Ephemeral

•     Speed : Instance Store Volume > EBS

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Storage.html/

Security

VPC ACL

•    SecurityGroup

•    IAM role

•    Keypare

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security.html https://aws.amazon.com/blogs/security/category/compute/amazon-ec2/page/2/

https://aws.amazon.com/blogs/security/how-to-help-prepare-for-ddos-attacks-by-reducing-your-attack-surface/

Auto Scale

Launch Configuration

•    Launch Template

https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html

AWS Solutions Architect Certification

    Colin Kang

AWS Products and Services

https://www.cloudz.co.kr/services/multi-cloud-partners/aws/

Compute

•     EC2 : Elastic Compute Cloud, AMI, Virtualized Machine, VCPU/Mem

•     EC2 Auto Scaling : High Available Architecture, Elastic On-demand, LaunchTemplate, UserData(script)

•     Lambda : run code, function or application, event triggering

•     ECS : EC2 Container Service : Docker Service, ELB, EBS integrated

•     Beanstalk : run web app, provisioning manage

•     Lightsail : VPS : os + app( wordpress, node.js ): storage, network,

computing, dns, ssd, data send, static IP, all in one

•     Batch : serverless batch execute based on docker container image

•     AWS Outpost : on-premises, fully managed and suppored,

https://velog.io/@koo8624/AWS-%EB%B0%B1%EC%84%9C-Computing-Lightsail-Batch-Beanstalk-Lambda

Network & Content Delivery

•      VPC : Virtual Private Cloud

•      Subnet : CIDR

•      Route Table

•      NAT Gateway

•      VPC endpoint

•      VPC Peering

•      Transit Gateway

•      Site to Site VPN

•      Direct Connect : direct secured line network

•      Route 53 : DNS

•      ELB : Elastic Load Balancing : L4, L7

•      EIP : Elastic IP

•      Cloudfront : CDN

Security, Identity, & Compliance

•      IAM : Identity and Access Management

•      Inspector : find vulnerability

•     

Cetificate Manager : manage ssl/tsl certification

•      Directory Service : LDAP, Active Directory

•      WAF : Web Application Firewall : filter web traffic

•      Shield : Ddos protection

•      Cognito : identity management

•      Detective : investigate potential risk

•      Guardduty : threat detection

•      Inspector : vulunarity

•      Macie : sensitive data

•      Cloud HSM : hardware security module

•      Key Management Service

https://julie-tech.tistory.com/125

https://aws.amazon.com/blogs/aws/aws-heroes-putting-aws-security-services-to-work-for-you/

Storage

•    S3 : Simple Shared Storage, eleven nine

•    Glacier : tape backup

•    EBS : Elastic Block Store : for EC2, magnetic or SSD

•    EFS : Elastic File System : NAS

•    Storage Gateway

•    Snowball : import/export service petabytes

•    FSx : fully managed 3p file system : feature rich, high performance

•    Netapp/ZFS/WindowsFS/Lustre

Database

•    RDS : mysql, Oracle, SQL, PostgreSQL, MariaDB : managed

•    Dynamo : NoSQL

•    Redshift : DW : Columnar

•    ElastiCache : Redis, Memcached

•    Aurora : Mysql, PostgreSQL

•    Snowball : import/export service / petabytes

Analytic

•    Athena : serverles SQL – S3

•    EMR : Hadoop, Spark • Elasticsearch :

•    CloudSearch : domain search

•    Data Pipeline : orchestration data pipeline ( N/A Seoul Region)

•    Kinesis : realtime streaming data

•    QuickSight : business analytic

Application

•    API Gateway

•    Step Functions

•    Simple Workflow Service

•    Elastic Transcoder : media transcoding

Developer

•    Code Commit

•    Code Pipeline

•    Code Build

•    Code Deploy

Management

•    CloudFormation : manage resource with templates • Alb target group

•    Service Catalog

•    CloudWatch : monitor resource and application

•    Config : track resource inventory

•    CloudTrail : track user activity and api usage

Messaging

•    SNS : Simple Notification Service : pub/sub

•    SES : Simple Email Service :

•    SQS : Simple Queue Service : queue

Migration

•    Application Discovery Service

•    Database Migration Service

•    Snowball

•    Server Migration

Artificial Intelligence

•    Lex : voice and text chatbot

•    Polly : turn text into speech

•    Rekognition : search and analyze image

•    Machine Learning : N/A

•    Segemaker : build/train/deploy machine learning model

Internet of Things

•    IoT Core : device connect

•    IoT Greengrass : run code on devices

•    IoT Event : detect event from devices

References

•    https://julie-tech.tistory.com/128

•    https://www.examtopics.com/exams/amazon/aws-certifiedsolutions-architect-associate-saa-c03/

AWS Solutions Architect Certification

   Colin Kang

Before we start : What we learn from AWS

•    Architecture

•    Service Design

•    Service Pros/Cons

•    Terminology

•    Invisible Hardware

•    Software/hardware integration

•    Trade off

•    Design Thinking

AWS Benefits

•    Easy to Use : What is mean by easy? API ? CLI ? SDK? Console?

•    Design Principle : Consistency, Reasonable

•    SRP : Single Responsibility Principle : GSSD : Gather for Same, Separate for Different

•    Flexible : Composite, Loose Coupled, various work-around

•    Cost-Effective : On-Demand/Option

•    Reliable : Availability/Backup/Recovery/Managed

•    Scalable and high-performance : Autoscale

•    Secure : enterprise-level proof : Network

https://en.wikipedia.org/wiki/Single-responsibility_principle

Scalability

•    Scale Up/Down : Vertical Limit

•    Scale Out/In : Horizental Expansion • CAP theorem : Consistency/Availability/Partition Tolerence

•    Shared Everything

•    Expensive, High Performance

•    Clusterware

•    Shared Nothing

•    Easy to implement, hard to shard

https://en.wikipedia.org/wiki/CAP_theorem

https://www.geeksforgeeks.org/difference-between-shared-nothing-architecture-and-shared-disk-architecture/

Virtualization

•     Emulation/Simulation

•     Emulator : Game

•     Flight Simulator

•     Emulation/Virtualization

•     Virtual Memory

•     Java Virtual Machine : Emulator : Interpreter

•     Virtual Hardware : Virtual Machine : Image

•     Bare Metal/Hypervisor/Hosting

•     Hypervisor

•     Virtual Machine Supervisor

•     KVM/Xen/MS Hyper-V

•     Full Virtualization / Para-virtualization • Container : Later

https://www.baeldung.com/cs/simulation-vs-emulation

https://velog.io/@skynet/가상화-입문-에뮬레이션-가상머신-컨테이너

Disruptive Technology

•    Human cost > Hardware cost

•    More cost effective than optimization

•    Speed > Cost

•    Winner takes it all

•    Immutable

•    Shared Nothing Win

Cloud Computing

• IaaS, Paas, Saas     

• Public, Hybrid, On-premises(private, IDC)

 SHAPE  \* MERGEFORMAT

https://www.redhat.com/en/topics/cloud-computing/iaas-vs-paas-vs-saas

https://www.researchgate.net/figure/Comparison-among-Public-Private-Hybrid-and-Community-Cloud_tbl1_270958592

Security

•    Network Isolation

•    VPC

•    NAT

•    Whitelist model

•    VPN

•    AAA/IDM/IAM

•    Role/Priviliges

•    Security Group

•    AWS Organizations

AWS Services

https://colinkang.tistory.com/89

AWS Region / Service Type

•     Global/Region/AZ/VPC

•     Total Region :  29 ( 2023 Jan)

•     Seoul Region (launched 2016) : 4 AZ

https://aws.amazon.com/ko/blogs/korea/now-open-fourth-availability-zone-in-the-aws-asia-pacific-seoul-region/ https://aws.amazon.com/about-aws/global-infrastructure/regions_az/

Service Endpoint

•     the URL of the entry point for an AWS web service

•     Regional Endpoint • protocol://service-code.region-code.amazonaws.com

•     Dynamo US West Region Service Endpoint • https://dynamodb.us-west-2.amazonaws.com

•     Single Global Endpoint • organizations.us-east-1.amazonaws.com

•     FIPS endpoint

•     US Federal Information Standard : eg, encryption

•     https://appstream2-fips.us-west-2.amazonaws.com

•     Dual stack endpoint • HTTP / HTTPS

https://docs.aws.amazon.com/general/latest/gr/rande.html

ARNs

•     Amazon Resource Names

•     Use API/CLI/SDK call

•     Format

•     arn:partition:service:region:account-id:resource-type/resource-id

•     arn:partition:service:region:account-id:resource-type:resource-id

•     Example

•     arn:aws:s3:::bucket_name/key_name

•     arn:aws:s3:::examplebucket/developers/design_info.doc

•     arn:aws:s3:::examplebucket/*

•     arn:aws:s3:::*

•     arn:aws:s3:::example?bucket/*

https://docs.aws.amazon.com/ko_kr/general/latest/gr/aws-arns-and-namespaces.html https://colinkang.tistory.com/93

CLI

•    Command Line Interface

•    Example

•    aws s3 cp /tmp/sample.txt s3://mybucket

•   

aws help • aws shell

https://docs.aws.amazon.com/ko_kr/general/latest/gr/aws-arns-and-namespaces.html https://colinkang.tistory.com/93