ross-humphrey
/ aws-security-whitepaper-notes.txt
Last active
April 8, 2020 08:13
🔑 AWS Security Whitepaper Notes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Shared Security Model: | |
| > AWS responsible for securing underlying infra | |
| > Customer responsible for anything they put on or connect to cloud | |
| The shared security model reduces the operational burden, and sometmes improves default security | |
| Security features you should always configure: | |
| > Individual user accounts and credentials | |
| > SSL/TLS for data transmissions | |
| > User activity logging |
ross-humphrey
/ aws-storage-services-whitepaper-notes
Last active
January 30, 2020 09:52
AWS Storage Service Whitepaper Notes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Storage Need and AWS Service Solution | |
| Immediate Access - S3 | |
| File System - Amazon EFS | |
| Structured Data with Query - DynamoDB, RDS, CloudSearch | |
| Rapidly Changing Data - EBS, EFS, DynamoDB, RDS, EC2 | |
| Archival Data - Amazon Glacier | |
| Dynamic Website Hosting - EC2, EFS | |
| Temporary Storage - EC2 Local instance store | |
| S3 Notes: |
ross-humphrey
/ aws-well-architected-framework-notes.txt
Last active
January 30, 2020 08:33
AWS Well Architected Framework Notes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Help identify best practices and core strategies for architecting systems in the cloud. | |
| The well architected framework is a set of foundational questions to understand if an architecture | |
| aligns well with cloud best practices. | |
| AWS offers the AWS Well Archicted Tool (AWS WA Tool) that can be used to review and measure your architecture | |
| using the well architected framework.The AWS Well-Architected Labs provides you with a repository of code and | |
| documentation to give experience implementing best practices. | |
| The Five Pillars of the AWS Well-Architected Framework |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SQS vs home grown message queue: | |
| > Hardware maintenance | |
| > Sys admin costs | |
| > Complexity | |
| > Requirement for redundant storage | |
| > SQS has no admin overhead and little configuration | |
| > Works on massive scale, processing billions of messages a day | |
| SQS vs SNS | |
| > SNS allows applications to send time-critical messages to subscribers via push |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > CloudWatch monitors your AWS resources and apps you run on AWS in real time. | |
| > Collect and track metrics | |
| > Homepage automatically displays metrics about every service in use | |
| > Allows you to create custom dashboards on metrics on your custom applications, and metrics on services. | |
| > Alarms can also be set up for metrics you care about and notifications set when thresholds are breached. | |
| Related AWS Services: | |
| > Amazon Simple Notification Service (SNS) - coordinates and manages the delivery of sending of messages to subscribing endpoints or clients. | |
| Use SNS with Cloudwatch to send messages when alarm threshold is reached |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| You can use lifecycle policies to define actions you want S3 to take during an objects lifetime | |
| > Change storage class (Standard-IA, One Zone IA, Glacier, Deep Archive | |
| > Archive objects | |
| > Delete objects | |
| Define lifecycle policy for all objects or a subset of objects by using a shared prefix (i.e start with common string) | |
| Versioning enabled buckets allow you do delete previous versions for example - or actions tied to specific versions. | |
| Transitions Available: |
ross-humphrey
/ vpc-endpoint-services.txt
Created
January 21, 2020 14:49
🔐 VPC Endpoint Services (AWS PrivateLink)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > Create app in VPC and configure as AWS PrivateLink powered service (endpoint service) | |
| > Other AWS principals can create connection from their VPC to endpoint service using interface VPC endpoint | |
| > You are the service provider, AWS principals are consumers. | |
| To connect to on prem data centre use: | |
| > AWS Direct Connect | |
| > AWS Site-to-Stie VPN |
ross-humphrey
/ auto-vs-ec2-auto-scaling.txt
Created
January 16, 2020 11:44
📈 AWS Auto Scaling vs EC2 Auto Scaling
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWS Auto Scaling: | |
| > Manage scaling for multiple resources across multiple services | |
| > Define dynamic scaling policies for multiple EC2 Auto Scaling groups | |
| > Use to create predictive scaling for EC2 resources | |
| EC2 Auto Scaling | |
| > Only need to scale Amazon EC2 auto scaling groups | |
| > Only interested maintaining health of EC2 fleet | |
| > Use to create or configure EC2 auto scaling groups, set up scheduled or step scaling policies | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| What is EC2? | |
| > Web service that provides resizable compute capacity in cloud | |
| What can I do with EC2? | |
| > "Compute" | |
| > Obtain and configure cacpacity with minimal friction | |
| > Complete control of compute resources | |
| > Reduce time required to obtain and boot new server instances to minutes | |
| What can developers do they couldn't before? |
ross-humphrey
/ elastic-load-balancing.txt
Last active
April 8, 2020 09:11
⚖ What is Elastic Load Balancing?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| What is Elastic Load Balancing? | |
| > Distributes incoming application or network traffic across multiple targets | |
| > Across AZs | |
| > Load balancer scales as traffic scales for your workloads | |
| Load Balancer Benefits: | |
| > Increases availability and fault tolerance of applications | |
| > Add remove compute as your need changes without disrupting overall flow of requests | |
| > Configure health checks, monitoring the health of compute resource and only direct traffic to healthy resources. | |
| > Offload encryption and decryption to the ELB so your resources can focus on their main job. |