1 00:00:12,200 --> 00:00:16,320 Welcome back to Backspace Academy. If you have done all the lectures and 2 00:00:16,320 --> 00:00:20,430 you've done all the labs and you've made it this far give yourself a big pat on 3 00:00:20,430 --> 00:00:26,010 the back. Now AWS, they produce an exam guide which used to be called an exam 4 00:00:26,010 --> 00:00:31,980 blueprint and what it does, it talks about four main domains upon which you 5 00:00:31,980 --> 00:00:37,140 will be assessed in the exam, and those are cloud concepts, security and 6 00:00:37,140 --> 00:00:42,660 compliance, technology, and billing and pricing, and then finally we'll look at 7 00:00:42,660 --> 00:00:47,309 the resources that are available for you. Where you can actually download 8 00:00:47,309 --> 00:00:51,750 this exam guide. Where you can download some sample questions from AWS and other 9 00:00:51,750 --> 00:00:56,210 resources that are going to help you to prepare for the exam. 10 00:00:56,210 --> 00:01:02,940 AWS defines a number of goals which the exam will seek to assess you on. The 11 00:01:02,940 --> 00:01:08,100 first one there is to explain the value of the AWS cloud. Ok what's the advantage 12 00:01:08,100 --> 00:01:13,560 of using the AWS cloud over using your own resources? Understand the shared 13 00:01:13,560 --> 00:01:18,110 responsibility model. We've talked quite a bit about. Then security best practices. 14 00:01:18,110 --> 00:01:22,560 We also need to know about costs. How can we reduce costs? How can we monitor costs? 15 00:01:22,560 --> 00:01:27,390 The economics. Talk about total cost of ownership and that sort of thing. Billing 16 00:01:27,390 --> 00:01:31,770 practices. Where can we get information and support for billing? How can we alert 17 00:01:31,770 --> 00:01:37,920 ourselves to issues with billing? We also need to describe and position the core 18 00:01:37,920 --> 00:01:43,320 AWS services including compute, for example ec2, if its serverless lambda. 19 00:01:43,320 --> 00:01:49,770 Network, understand VPC quite well. CloudFront, databases need to know RDS, 20 00:01:49,770 --> 00:01:56,640 need to know DynamoDB for noSQL and also storage, we've got EBS, EFS and of 21 00:01:56,640 --> 00:02:01,590 course we've got Amazon S3 and Glacier. Understand those as well and also 22 00:02:01,590 --> 00:02:07,200 identify the AWS services that you would use in common use cases, and this is 23 00:02:07,200 --> 00:02:12,590 where you're going to leverage off those Backspace Academy labs. 24 00:02:12,680 --> 00:02:18,330 Again the knowledge required for the exam is broken up into four domains. 25 00:02:18,330 --> 00:02:24,030 Now don't get too hung up on these domains because different services will go into 26 00:02:24,030 --> 00:02:29,490 different domains and multiple domains and it is very vague but it does provide 27 00:02:29,490 --> 00:02:34,380 a little bit of guidance around what areas you need to concentrate on. 28 00:02:34,380 --> 00:02:39,240 The first domain there is cloud concepts, security and compliance, technology and 29 00:02:39,240 --> 00:02:46,440 finally billing and pricing. One thing that a cloud practitioner may need to do 30 00:02:46,440 --> 00:02:53,010 is that they may need to sell the value of AWS to management or to customers and 31 00:02:53,010 --> 00:02:59,130 so we need to understand what that AWS cloud value proposition actually is. 32 00:02:59,130 --> 00:03:03,090 The first thing is that we need to understand those six advantages of cloud 33 00:03:03,090 --> 00:03:08,130 computing and those are defined in the overview of Amazon Web Services white 34 00:03:08,130 --> 00:03:12,090 paper. They're also defined in our business case lecture as well that we 35 00:03:12,090 --> 00:03:17,010 did previously. So those are to trade capital expense for a variable expense. 36 00:03:17,010 --> 00:03:22,440 We're not buying a physical server. We've got a variable expense that is going to 37 00:03:22,440 --> 00:03:27,030 vary according to our needs. We're going to benefit from massive economies of 38 00:03:27,030 --> 00:03:32,370 scale. All of those costs of this AWS cloud are shared amongst millions and 39 00:03:32,370 --> 00:03:37,550 millions of users. We don't need to guess capacity anymore we can have elastic 40 00:03:37,550 --> 00:03:43,260 infrastructures that can expand and contract according to our demand. We can 41 00:03:43,260 --> 00:03:48,810 increase our speed and agility and get to market quickly. We can stop spending 42 00:03:48,810 --> 00:03:54,470 money on running and maintaining data centers. Let's get AWS to do all of that 43 00:03:54,470 --> 00:04:01,020 hard stuff for us, and we're going to go global in minutes. 44 00:04:01,020 --> 00:04:07,620 Also understand that it also allows your business to focus on generating revenue 45 00:04:07,620 --> 00:04:13,710 not on maintaining data centers and the like. It provides a pay-as-you-go pricing 46 00:04:13,710 --> 00:04:19,739 and it does this as a variable cost. So you don't have a fixed costs that you 47 00:04:19,739 --> 00:04:23,250 may be wasting a percentage of that. You're going to have a variable cost 48 00:04:23,250 --> 00:04:25,620 that's going to vary according to your needs. 49 00:04:25,620 --> 00:04:32,190 There is also the AWS marketplace which can provide high quality solutions for us 50 00:04:32,190 --> 00:04:37,350 from a number of third-party vendors as well, and that can provide increased 51 00:04:37,350 --> 00:04:44,370 value over just using the core AWS services. You will need to understand the 52 00:04:44,370 --> 00:04:51,660 economics of using the AWS cloud. Now that not only includes saving the cost 53 00:04:51,660 --> 00:04:57,830 of purchasing a server as opposed to using it on an on-demand basis on ec2, 54 00:04:57,830 --> 00:05:03,570 you need to also take into consideration all of the other costs such as 55 00:05:03,570 --> 00:05:09,720 electricity, such as licensing, such as labor, all of these other costs that go 56 00:05:09,720 --> 00:05:16,770 into the lifecycle cost of owning your own on-premises server, as opposed to 57 00:05:16,770 --> 00:05:22,949 using the AWS cloud. You also need to understand that there is a TCO tool that 58 00:05:22,949 --> 00:05:29,010 is available as well. If you are going to use a number of AWS services and you 59 00:05:29,010 --> 00:05:33,660 would like to get an estimate of that you can use the AWS pricing calculator 60 00:05:33,660 --> 00:05:38,130 and that will allow you to select all of those AWS services that you are going to 61 00:05:38,130 --> 00:05:42,389 be using and how much of those that you are going to be using and you can put 62 00:05:42,389 --> 00:05:47,070 those inputs into the AWS pricing calculator and that will give you the 63 00:05:47,070 --> 00:05:53,350 monthly or yearly cost of using those AWS services. 64 00:05:53,350 --> 00:05:59,060 You will need to understand some design principles for a best practices cloud 65 00:05:59,060 --> 00:06:04,340 architecture. The first one there is designed for failure and making sure 66 00:06:04,340 --> 00:06:10,790 that our architecture is fault tolerant and it is not exposed to single points 67 00:06:10,790 --> 00:06:15,410 of failure and we do that by using architecture that is spanning multiple 68 00:06:15,410 --> 00:06:20,540 availability zones. So if that one availability zone goes down the other 69 00:06:20,540 --> 00:06:24,470 availability zone will still continue to operate and the infrastructure inside 70 00:06:24,470 --> 00:06:29,840 that will continue to operate. We can also have multi region architectures as 71 00:06:29,840 --> 00:06:35,450 well in case a whole region goes down. The next concept there is elasticity and 72 00:06:35,450 --> 00:06:41,780 making sure that our infrastructure can expand and contract depending on demand 73 00:06:41,780 --> 00:06:46,670 and the best way to do that is by using an auto scaling resource. A good example 74 00:06:46,670 --> 00:06:52,340 is the ec2 auto scaling which can add instances when demand is high and can 75 00:06:52,340 --> 00:06:57,560 terminate those instances when demand is low and we can distribute those requests 76 00:06:57,560 --> 00:07:03,440 for those instances through an elastic load balancer. The next concept there is 77 00:07:03,440 --> 00:07:08,990 loose coupling as opposed to tight coupling where we would have multiple 78 00:07:08,990 --> 00:07:13,580 processes that will be linked to each other like a chain and if one of those 79 00:07:13,580 --> 00:07:20,690 processes becomes bogged under with demand then the whole chain will be 80 00:07:20,690 --> 00:07:25,100 affected. Those chain of processes that are linked together will be affected, but 81 00:07:25,100 --> 00:07:30,260 if we put a queue between each one of those processes in that chain of 82 00:07:30,260 --> 00:07:36,260 processes, then we have loose coupling and the variation between the capacity 83 00:07:36,260 --> 00:07:42,320 of those processes in that chain won't affect the entire system and 84 00:07:42,320 --> 00:07:49,040 when that that process is caught up, the queue will go down there are also. Design 85 00:07:49,040 --> 00:07:54,530 principles defined in the AWS well architected framework. First off stop 86 00:07:54,530 --> 00:07:59,690 guessing your capacity needs. Test your systems at production scale. Make sure 87 00:07:59,690 --> 00:08:04,160 that you have a developer or a test or a development environment that you can 88 00:08:04,160 --> 00:08:07,300 test with very high demand, that you would 89 00:08:07,300 --> 00:08:10,600 expect from a high demand production environment and then you can shut it 90 00:08:10,600 --> 00:08:14,670 down after you've finished testing. Automate to make architectural 91 00:08:14,670 --> 00:08:19,630 experimentation easier. So using Cloudformation and these sorts of tools that 92 00:08:19,630 --> 00:08:25,600 can help you to automate things. Allow for evolutionary architectures. Don't 93 00:08:25,600 --> 00:08:31,660 accept your architecture as set in stone. Always continuously improve it. 94 00:08:31,660 --> 00:08:36,190 Drive architectures using data. Take advantage of Cloudwatch logs and this sort of 95 00:08:36,190 --> 00:08:39,990 thing and analyze your data that's coming out of your infrastructure and 96 00:08:39,990 --> 00:08:46,600 improve through game days. Conduct simulations on your environment and 97 00:08:46,600 --> 00:08:53,440 try and forecast what is going to happen with your environment as well. A number 98 00:08:53,440 --> 00:08:57,360 of specific points that you need to know in relation to cloud architecture. 99 00:08:57,360 --> 00:09:02,530 Understand RDS, the different engines are available you've got mySQL, Oracle, 100 00:09:02,530 --> 00:09:08,560 SQL Server, PostgreSQL and MariaDB. Understand that you can have 101 00:09:08,560 --> 00:09:13,000 it as a multiple availability zone. Also understand that you can have cross 102 00:09:13,000 --> 00:09:15,790 region read replicas but that's not available 103 00:09:15,790 --> 00:09:20,680 in all regions and it's not available for Microsoft SQL Server but for the 104 00:09:20,680 --> 00:09:25,810 other engines it is. Understand the difference between a relational and a 105 00:09:25,810 --> 00:09:33,210 noSQL database and of course RDS is relational and DynamoDB is noSQL. 106 00:09:33,210 --> 00:09:41,080 Also remember that ec2 is another option for hosting a database. 107 00:09:41,080 --> 00:09:48,490 So you can actually download and install mySQL on an ec2 server and there you've 108 00:09:48,490 --> 00:09:53,500 got a ec2 hosted database, and so that's another thing to take into consideration. 109 00:09:53,500 --> 00:09:58,240 So if you have a question that may be asking about a relational database and 110 00:09:58,240 --> 00:10:01,570 you can't see a relational database server and there's an option there for 111 00:10:01,570 --> 00:10:07,930 ec2 then remember that you can always use ec2 to run a relational database by 112 00:10:07,930 --> 00:10:13,690 doing it yourself. Also you'll need to be able to recall the AWS well architected 113 00:10:13,690 --> 00:10:18,880 framework five pillars of operational excellence, security, 114 00:10:18,880 --> 00:10:29,200 reliability, performance, efficiency and cost optimization. With 115 00:10:29,200 --> 00:10:34,090 the AWS shared responsibility model you need to understand that AWS is 116 00:10:34,090 --> 00:10:40,540 responsible for security of the cloud and their customers are responsible for 117 00:10:40,540 --> 00:10:45,640 security in the cloud and you need to understand exactly what that means. 118 00:10:45,640 --> 00:10:50,740 AWS they monitor their global infrastructure for different types of 119 00:10:50,740 --> 00:10:56,080 attacks. They make sure that people who are employed by AWS are good people and 120 00:10:56,080 --> 00:11:00,520 have been security checked and that sort of thing, but AWS cannot be held 121 00:11:00,520 --> 00:11:06,820 responsible for any unsecure practices that you do inside of their cloud. 122 00:11:06,820 --> 00:11:13,720 For example you might have a public web site that's hosted on Amazon s3 and that has 123 00:11:13,720 --> 00:11:17,890 some very sensitive information and you accidentally release that to the public. 124 00:11:17,890 --> 00:11:22,720 Now AWS, they're not responsible for that. That is your responsibility. You need to 125 00:11:22,720 --> 00:11:29,650 make sure that you as a customer of AWS secure your use inside of that cloud and 126 00:11:29,650 --> 00:11:35,320 you don't do anything that compromises your own security. Here we can see AWS 127 00:11:35,320 --> 00:11:40,780 is responsible for security of the cloud and we can see there the compute, storage, 128 00:11:40,780 --> 00:11:45,010 database and networking and their global infrastructure. They're responsible for 129 00:11:45,010 --> 00:11:50,650 security of that, but what goes on top of that and, what is used within that cloud, 130 00:11:50,650 --> 00:11:55,840 that is your responsibility. So customers are responsible for their security and 131 00:11:55,840 --> 00:12:01,390 compliance in the cloud. Now one thing that you need to understand is that 132 00:12:01,390 --> 00:12:06,430 this shared responsibility model varies depending on what service you're using. 133 00:12:06,430 --> 00:12:10,990 If you're using ec2 then obviously all of this would be. Everything there in 134 00:12:10,990 --> 00:12:16,210 green would relate to your responsibility if you're using Amazon s3. 135 00:12:16,210 --> 00:12:20,080 Then you're not going to be responsible for the operating system and that sort 136 00:12:20,080 --> 00:12:27,360 of thing. So AWS will take further responsibility over that themselves. 137 00:12:27,410 --> 00:12:32,209 The key areas in relation to cloud security that you need to concentrate on, 138 00:12:32,209 --> 00:12:37,589 obviously virtual private cloud or VPC that's going to be on the exam. 139 00:12:37,589 --> 00:12:41,309 You'll need to understand what a subnet is. Understand the difference between a 140 00:12:41,309 --> 00:12:46,050 private and a public subnet. You'll need to understand what a security group is 141 00:12:46,050 --> 00:12:51,059 and a network access control list. You'll also need to understand the difference 142 00:12:51,059 --> 00:12:56,009 between a security group and that a security group is associated to an ec2 143 00:12:56,009 --> 00:13:02,850 instance and, a network access control list is associated to a VPC subnet. 144 00:13:02,850 --> 00:13:07,170 You'll also need to understand that you can peer through VPC and you can 145 00:13:07,170 --> 00:13:13,980 peer two VPCs together and, there are also flow logs that are available to 146 00:13:13,980 --> 00:13:20,309 track traffic in and out of a subnet as well. You can create a virtual private 147 00:13:20,309 --> 00:13:25,290 network or VPN for short and that will allow you to connect between your VPC 148 00:13:25,290 --> 00:13:30,749 and a remote computer or a remote on-premises data center, and you can do 149 00:13:30,749 --> 00:13:35,999 that over the Internet or you can do it over a Amazon Direct Connect connection, 150 00:13:35,999 --> 00:13:40,049 and one thing that you need to understand is that you need to have a 151 00:13:40,049 --> 00:13:46,139 virtual private gateway on the Amazon side of things, and you need to have a 152 00:13:46,139 --> 00:13:52,139 customer gateway device on your side. So on your side you need the customer 153 00:13:52,139 --> 00:13:57,600 gateway on the Amazon side you need a virtual private gateway. There are 154 00:13:57,600 --> 00:14:02,699 services on AWS that can handle distributed denial of service or DDoS 155 00:14:02,699 --> 00:14:08,429 attacks on your infrastructure. The main one there being AWS Shield and Cloudfront 156 00:14:08,429 --> 00:14:14,329 and also there is the Web Application Firewall or WAF. In relation to 157 00:14:14,329 --> 00:14:19,379 compliance you need to understand that we have an AWS compliance program which 158 00:14:19,379 --> 00:14:25,259 covers all of the regulations and standards and whatever that AWS is 159 00:14:25,259 --> 00:14:30,990 compliant with or can help you to become compliant with. As well we have the AWS 160 00:14:30,990 --> 00:14:36,779 Artifact service which is a repository of all information concerning the AWS 161 00:14:36,779 --> 00:14:40,920 compliance program. So if you're looking for a document related to a 162 00:14:40,920 --> 00:14:45,360 certain compliance, then you can find that probably on the AWS Artifact 163 00:14:45,360 --> 00:14:51,540 service. We also have AWS Config which is a configuration management service which 164 00:14:51,540 --> 00:14:56,579 can alert us to any changes in the configuration of our architecture and 165 00:14:56,579 --> 00:15:05,100 that may impact compliance with any standards. With AWS access and management 166 00:15:05,100 --> 00:15:11,040 capabilities you need to understand the concept of grant least privileged access. 167 00:15:11,040 --> 00:15:16,290 What that means is that you only give people access to the minimum that they 168 00:15:16,290 --> 00:15:20,610 need. Don't give them anything more than that. You grant least privilege. You need 169 00:15:20,610 --> 00:15:25,199 to understand that. You need to understand IAM users, groups of users, 170 00:15:25,199 --> 00:15:29,850 what an IAM role is and how you use it. For example if you wanted someone 171 00:15:29,850 --> 00:15:34,740 outside of your AWS account to be granted limited access and you could do 172 00:15:34,740 --> 00:15:38,839 that through an IAM role and they could assume that role for a temporary period. 173 00:15:38,839 --> 00:15:43,410 You also need to understand what an IAM policy is. You don't need to 174 00:15:43,410 --> 00:15:47,490 understand how to write a policy or the specifics of policies but you need to 175 00:15:47,490 --> 00:15:53,490 understand what a policy is and how they fit in. We also need to understand AWS 176 00:15:53,490 --> 00:15:58,680 organizations and how we can use it to manage multiple AWS accounts for an 177 00:15:58,680 --> 00:16:03,660 organization. You need to understand how multi-factor authentication can increase 178 00:16:03,660 --> 00:16:09,810 the security of an IAM user. We also need to know that there are account password 179 00:16:09,810 --> 00:16:14,339 policies that we can apply to a user or we can put apply to a group of users and 180 00:16:14,339 --> 00:16:19,709 they can define the complexity of the password and also the expiry time on 181 00:16:19,709 --> 00:16:25,680 that password as well. There are two main services for achieving single sign-on. 182 00:16:25,680 --> 00:16:28,470 The first one there is AWS single sign-on, 183 00:16:28,470 --> 00:16:32,730 easy enough to remember, but there is also the AWS directory service that is 184 00:16:32,730 --> 00:16:39,510 specifically for the Microsoft Active Directory. Cloudtrail can be used to 185 00:16:39,510 --> 00:16:45,060 monitor all of the calls to and from our AWS account. So every time someone uses 186 00:16:45,060 --> 00:16:49,649 the management console and accesses our account or someone uses the software 187 00:16:49,649 --> 00:16:53,160 development kit or a command line interface, all of those calls will be 188 00:16:53,160 --> 00:16:57,990 tracked and we can log those calls as a Cloudtrail log as well and we can use 189 00:16:57,990 --> 00:17:02,400 those logs for later on for security analysis or for performance analysis as 190 00:17:02,400 --> 00:17:07,740 well. IAM access keys are used by a user to 191 00:17:07,740 --> 00:17:13,440 access the AWS account from the command line interface or a software development 192 00:17:13,440 --> 00:17:20,780 kit. The access Keys they consist of an access key ID and a secret access key. 193 00:17:20,780 --> 00:17:28,260 Now the IAM access Keys, they are not SSH key pairs, they are a secret key 194 00:17:28,260 --> 00:17:33,810 and an access key ID that allow you, once you're connected to the AWS cloud, 195 00:17:33,810 --> 00:17:39,060 they allow you to have access to certain resources that are defined in an IAM policy. 196 00:17:39,060 --> 00:17:44,940 Don't confuse those with an ec2 SSH key pair. They are something that's 197 00:17:44,940 --> 00:17:49,470 totally different. They are an SSH key pair that is used for you to connect 198 00:17:49,470 --> 00:17:54,560 into an ec2 instance. 199 00:17:55,230 --> 00:18:00,880 Resources for security support. Amazon Inspector, the automated security 200 00:18:00,880 --> 00:18:07,630 assessment service. We also have AWS trusted adviser which provides an audit 201 00:18:07,630 --> 00:18:13,140 of your AWS resources based on not only security but also cost optimization, 202 00:18:13,140 --> 00:18:19,540 performance, security, fault tolerance and also the service limits of AWS as well. 203 00:18:19,540 --> 00:18:26,320 If you have the IP address of someone who is trying to attack your AWS service 204 00:18:26,320 --> 00:18:32,620 then you can always provide that to the AWS support service and you just do that 205 00:18:32,620 --> 00:18:38,830 by filling out a report abuse form. Penetration testing in the past was not 206 00:18:38,830 --> 00:18:43,420 allowed. You needed to actually go to AWS and get permission to conduct any 207 00:18:43,420 --> 00:18:49,540 penetration testing, but now penetration testing for specific activities is 208 00:18:49,540 --> 00:18:56,110 permitted on certain services, such as ec2, RDS, Cloudfront and a few others as 209 00:18:56,110 --> 00:18:59,680 well. One thing that you need to remember is 210 00:18:59,680 --> 00:19:04,270 that not all of these activities. Not all of these penetration activities or 211 00:19:04,270 --> 00:19:11,920 simulated attacks are allowed by AWS. So that includes DDoS or dos attacks. 212 00:19:11,920 --> 00:19:17,020 You cannot do those are they not part of a authorized activity to do on permitted 213 00:19:17,020 --> 00:19:21,120 services or any other AWS services. 214 00:19:24,100 --> 00:19:29,510 Deploying and operating in the AWS cloud. You need to know the services are 215 00:19:29,510 --> 00:19:33,980 available to help you with on-premises architecture and hybrid solutions as 216 00:19:33,980 --> 00:19:40,490 well, such as the snowball service, which allows you to store massive amounts of 217 00:19:40,490 --> 00:19:45,620 data on a snowball device and deliver that to AWS for uploading on an AWS 218 00:19:45,620 --> 00:19:50,870 service. The AWS Storage Gateway which helps us to integrate our on-premises 219 00:19:50,870 --> 00:19:56,330 storage with the AWS storage and also the database migration service which 220 00:19:56,330 --> 00:20:04,760 simplifies migrating on-premises data or databases over to RDS or Aurora. 221 00:20:04,760 --> 00:20:09,350 The options available for us to deploy our software. We have the elastic beanstalk 222 00:20:09,350 --> 00:20:12,860 service which we know quite a bit about. we've used quite a bit. There is 223 00:20:12,860 --> 00:20:18,350 Codecommit which is AWSs GIT repository. We have Codepipeline which provides a 224 00:20:18,350 --> 00:20:22,910 pipeline between our software development and our deployment of our 225 00:20:22,910 --> 00:20:28,460 actual code on an elastic Beanstalk or an ec2 instance or whatever, and we have 226 00:20:28,460 --> 00:20:32,810 Codedeploy which allows us to deploy that and can integrate with 227 00:20:32,810 --> 00:20:38,260 Codepipeline and, we also have Cloudformation which allows us to define our 228 00:20:38,260 --> 00:20:43,400 infrastructure as code in a JSON template and also Opsworks which allows 229 00:20:43,400 --> 00:20:48,040 us to define that also as a Chef recipe, and that's where we need to understand 230 00:20:48,040 --> 00:20:52,330 infrastructure as code. So Cloudformation we can define it as a JSON 231 00:20:52,330 --> 00:20:56,600 template and we can have version control over that or we can define it with 232 00:20:56,600 --> 00:21:01,610 Opsworks as a Chef recipe. You need to understand that there are software 233 00:21:01,610 --> 00:21:04,940 development kits that allow us to develop our own software that can 234 00:21:04,940 --> 00:21:10,460 communicate with AWS, and also the AWS command-line interface which allows us 235 00:21:10,460 --> 00:21:18,830 to issue commands to AWS without using the AWS management console. AWS global 236 00:21:18,830 --> 00:21:22,730 infrastructure. You need to understand what a region is. What an availability 237 00:21:22,730 --> 00:21:28,190 zone and what an edge location is and, what we use them for. You need to 238 00:21:28,190 --> 00:21:32,210 understand the AWS Direct Connect service and how we can use it for a very 239 00:21:32,210 --> 00:21:35,299 high-speed connection between our on-premises data center 240 00:21:35,299 --> 00:21:40,360 and AWS. We also need to understand that there are global and regional 241 00:21:40,360 --> 00:21:47,239 services. For example Amazon s3 cloudfront and route 53 are all global 242 00:21:47,239 --> 00:21:52,190 services. You don't define a region when you're using the AWS management console. 243 00:21:52,190 --> 00:21:57,139 They are a global service as opposed to ec2 where you're launching an instance 244 00:21:57,139 --> 00:22:04,850 into a specific region. The core AWS services that you need to know very well, 245 00:22:04,850 --> 00:22:10,279 the first one there is object storage, that includes Amazon s3 and Amazon 246 00:22:10,279 --> 00:22:15,320 Glacier. What you really need to understand is the redundancy levels for 247 00:22:15,320 --> 00:22:19,429 all of those different types of Amazon s3 and glacier and the durability of 248 00:22:19,429 --> 00:22:23,269 those and also the retrieval time. So obviously Glacier the retrieval time 249 00:22:23,269 --> 00:22:28,759 takes a lot longer than Amazon s3. You need to understand all of that. With ec2, 250 00:22:28,759 --> 00:22:34,789 understand what an AMI is and what is defined within an AMI. Understand the 251 00:22:34,789 --> 00:22:38,179 different storage options that are available to connect to an ec2 instance 252 00:22:38,179 --> 00:22:43,100 and understand the difference between an instance store volume and an EBS volume 253 00:22:43,100 --> 00:22:48,049 and what happens when an instance is terminated with those different types of 254 00:22:48,049 --> 00:22:53,359 storage. Also need to know the main different types of ec2 instances 255 00:22:53,359 --> 00:22:58,220 that are out there and also the burstable types and that sort of thing. 256 00:22:58,220 --> 00:23:02,059 You need to understand that there are three different types of elastic load balancer 257 00:23:02,059 --> 00:23:07,519 being the classic, the application and the network elastic load balance. 258 00:23:07,519 --> 00:23:11,210 We also need to understand Cloudwatch. How we can use it for monitoring our 259 00:23:11,210 --> 00:23:16,369 services and the different types of Cloudwatch we can have detailed 260 00:23:16,369 --> 00:23:20,899 monitoring and standard monitoring. We have alarms and also there are 261 00:23:20,899 --> 00:23:25,629 Cloudwatch logs that can store Cloudwatch information as well. 262 00:23:26,210 --> 00:23:31,140 Other AWS services you need to understand. The difference between a 263 00:23:31,140 --> 00:23:36,960 relational database and a noSQL database. So for relational we've got RDS 264 00:23:36,960 --> 00:23:41,400 and the number of different database engines there that are available. We also 265 00:23:41,400 --> 00:23:46,980 have Amazon Aurora which is only for mySQLor PostgreSQL databases 266 00:23:46,980 --> 00:23:53,370 and the noSQL option there is DynamoDB and we also have a data warehouse 267 00:23:53,370 --> 00:23:58,520 solution there being Redshift and in memory storage as well with ElastiCache. 268 00:23:58,520 --> 00:24:03,710 Be aware that there are serverless offerings as well. We have AWS Lambda and 269 00:24:03,710 --> 00:24:09,530 S3 is part of that serverless offering DynamoDB is a service noSQL database, 270 00:24:09,530 --> 00:24:13,850 SQS simple queuing and simple notification service. They are also 271 00:24:13,850 --> 00:24:18,990 serverless services. Also be aware that we have a machine-learning offering as 272 00:24:18,990 --> 00:24:24,090 well. One of those quite common one there is Amazon Recognition for recognizing 273 00:24:24,090 --> 00:24:29,220 objects within images, and we also have streams there for Kinesis. So be aware of 274 00:24:29,220 --> 00:24:33,590 those services as well they may appear on the exam. 275 00:24:34,090 --> 00:24:38,980 If you run into trouble with an AWS technology there is support available. 276 00:24:38,980 --> 00:24:44,000 AWS has a number of different support plants from free right up to enterprise. 277 00:24:44,000 --> 00:24:47,900 You need to understand what they are. Understand which ones have a Technical 278 00:24:47,900 --> 00:24:52,309 Account Manager? Which ones have phone support? The difference response time for 279 00:24:52,309 --> 00:24:56,840 each one of those plans also. Also understand which ones have trusted 280 00:24:56,840 --> 00:25:04,090 advisor included in those as well The AWS partner network or is a group of 281 00:25:04,090 --> 00:25:10,370 organizations that are approved by AWS to provide technology solutions possibly 282 00:25:10,370 --> 00:25:15,200 in the form of software that can work with AWS or they can also provide 283 00:25:15,200 --> 00:25:20,390 consulting to help you migrate over to AWS. So there are two different types of 284 00:25:20,390 --> 00:25:24,169 AWS partner that are available that being a technology partner or a 285 00:25:24,169 --> 00:25:30,649 consulting partner. The AWS professional services is a group of experts within 286 00:25:30,649 --> 00:25:37,279 AWS that have specialized knowledge on a specific area of AWS and you can use 287 00:25:37,279 --> 00:25:43,870 those in combination with an AWS partner to handle very complicated and difficult solutions. 288 00:25:43,870 --> 00:25:50,000 AWS quick starts are reference deployments normally in the format of a 289 00:25:50,000 --> 00:25:54,529 cloudformation template that you can use to deploy an architecture 290 00:25:54,529 --> 00:25:59,990 automatically. The AWS personal health dashboard. If you go to the management console 291 00:25:59,990 --> 00:26:03,890 and click on the personal health dashboard, that will show you all of the 292 00:26:03,890 --> 00:26:10,480 events that are impacting the AWS cloud that may impact you. 293 00:26:13,570 --> 00:26:19,100 Pricing models for AWS. With ec2 you're going to have to know all of the 294 00:26:19,100 --> 00:26:24,559 different pricing models being on demand, spot, reserved, dedicated hosts. Also 295 00:26:24,559 --> 00:26:28,730 understand what a savings plan is. You'll need to understand that quite well. 296 00:26:28,730 --> 00:26:33,650 You'll also need to understand per second billing and where it applies. 297 00:26:33,650 --> 00:26:40,780 It only applies on on-demand, reserved and spot instances that are running Linux. 298 00:26:42,279 --> 00:26:47,929 AWS billing and pricing account structures. Now if you have got a large 299 00:26:47,929 --> 00:26:53,389 organization that has multiple business units and multiple geographic regions 300 00:26:53,389 --> 00:26:59,090 and whatever, you may want to have those separated in multiple accounts and you 301 00:26:59,090 --> 00:27:04,399 can do that and you can also manage those centrally using AWS organizations. 302 00:27:04,399 --> 00:27:08,000 The big advantage of that as well is that you can have consolidated billing, 303 00:27:08,000 --> 00:27:12,940 so one single bill for all of those multiple accounts and you can also 304 00:27:12,940 --> 00:27:17,720 manage the access and management of all of those multiple accounts centrally as 305 00:27:17,720 --> 00:27:24,470 well by combining those all into an AWS organization. You can also apply cost 306 00:27:24,470 --> 00:27:29,960 allocation tags to all of your resources or some of your resources to keep track 307 00:27:29,960 --> 00:27:35,299 of those resources and can see a bit more fine-grained detail about specific 308 00:27:35,299 --> 00:27:39,980 resources that you've got. So you might want to put a cost allocation tag for 309 00:27:39,980 --> 00:27:44,299 all of the developer's resources and see how much they're costing or you might 310 00:27:44,299 --> 00:27:48,139 want to do it for accounting or whatever. So cost allocation tags are a good 311 00:27:48,139 --> 00:27:55,850 option for giving further granularity to your AWS bill. The support options that 312 00:27:55,850 --> 00:28:00,080 are available for billing. First off we can go to the management console and 313 00:28:00,080 --> 00:28:04,850 have a look at the AWS billing dashboard. From there we can download a cost and 314 00:28:04,850 --> 00:28:10,309 usage report if we want. We can also go into the AWS Cost Explorer and get more 315 00:28:10,309 --> 00:28:14,690 fine-grained detail around what those costs were. If we would like to be 316 00:28:14,690 --> 00:28:20,630 alerted when cost exceed a certain level, we can set up an AWS budget. They can 317 00:28:20,630 --> 00:28:25,340 define exactly what our budgeted costs should be and when that is exceeded we 318 00:28:25,340 --> 00:28:29,659 will be alerted. What we can also do is set up a cloudwatch billing alert as 319 00:28:29,659 --> 00:28:35,360 well were our bill actually exceeds a certain level then we will be alerted 320 00:28:35,360 --> 00:28:41,659 to that, and also if we have any problems with our bill that is free support on 321 00:28:41,659 --> 00:28:45,309 AWS you don't have to pay for that. 322 00:28:45,870 --> 00:28:51,690 A couple of resources that you may want to check out. The first one there is the 323 00:28:51,690 --> 00:28:57,059 about AWS website. So if you go to that you'll see that there are some standard 324 00:28:57,059 --> 00:29:00,870 solutions that you can use and also it will go into a bit more detail about the 325 00:29:00,870 --> 00:29:04,980 global infrastructure. Now nothing in there is not already covered in the 326 00:29:04,980 --> 00:29:08,520 course but you might want to have a quick look at it. The other thing there 327 00:29:08,520 --> 00:29:11,940 is to have a look at the products website. So although you need to know 328 00:29:11,940 --> 00:29:17,010 some products quite well such as ec2 and s3 and and these sorts of products quite 329 00:29:17,010 --> 00:29:23,640 well, you may get a question that is just a very simple question about an obscure 330 00:29:23,640 --> 00:29:27,780 service or product and you just need to know that it exists. For example there 331 00:29:27,780 --> 00:29:34,290 might be some something that says what service do you use to recognize an 332 00:29:34,290 --> 00:29:39,570 object in an image and so you would know that would be AWS recognition and 333 00:29:39,570 --> 00:29:43,260 so if you go to the products website you'll see that there will be just a 334 00:29:43,260 --> 00:29:46,710 very short description, a sentence or two about each one of those services. 335 00:29:46,710 --> 00:29:51,870 That'll help you to understand on a very broad picture about any of those obscure 336 00:29:51,870 --> 00:29:56,790 services as well. Once you're finished your preparation, you can go to the 337 00:29:56,790 --> 00:30:02,820 certification website. Go to AWS website then certification and then certified 338 00:30:02,820 --> 00:30:08,520 cloud practitioner. From there you can download the exam guide and also you can 339 00:30:08,520 --> 00:30:12,420 download some sample questions for free from AWS. One thing to take into 340 00:30:12,420 --> 00:30:15,990 consideration though is that those sample questions, none of those will 341 00:30:15,990 --> 00:30:22,110 appear on the final exam, so they give you a good idea of the sorts of areas 342 00:30:22,110 --> 00:30:27,000 that AWS will be examining you on but they won't be actual questions that will 343 00:30:27,000 --> 00:30:32,670 appear on the final exam. So that brings us to the end of the lecture and 344 00:30:32,670 --> 00:30:35,570 good luck with the exam!