AWS Practitioner Certificate Notes

Cloud Computing Definition

on demand delivery of

compute
database
storage
appications
other IT resources

through a cloud services platform
via the internet
with pay-as-you-go pricing

6 Advantages of Cloud Computing (VECSMG)

Variable - Trade Capital Expense For Variable Expense
Economies - Benefit from Economies of Scale
Capacity - Stop guessing Capacity
Speed - Increase speed and agility
Maintenance - Stop spending money running and maintaining data centers
Global - Go Global in Minutes

CLOUD COMPUTING TYPES

IaaS

Servers (EC2)

PaaS

Managed Platform (GoDaddy, LightSail)

SaaS

(GMail)

Deployment Types

Public - AWS, Azure, GCP
Hybrid - Mix
Private - On Premise - Openstack, VMWare

Services Types on AWS for Practitioner Exam

Compute
Storage
Databases
Security Identity & Compliance
AWS Cost Management

Compute

EC2
Lambda

Databases

Relational Database Service (DBS)
DynamoDB (Non Relational Database)

Storage

S3
Glacier

Network

VPC
Route53

Regions (19 + 5) - Geographical Area

Availability Zones (57 + 15) - Data Center

Edge Location (150) - Endpoint used for caching content. Consists of CloudFront, Content Delivery Network (CDN)

How to choose Region? (SSL)

Data Sovereignty Laws
Latency to end users
AWS Services

Free?

EC2 - 750 Hours
QuickSight - 1GB
RDS - 750 Hours
S3 - 5GB
Lambda - 1 Million Requests
Always Free -

Support Plans

*Pricing scales based on usage

Basic - Free - Support Forums, can ask questions
Developer - USD 29 / month* - technical support - 12-24 hours response time
Business - USD 100 / month* - 24x7 support by phone - 1 hour response time
Enterprise - USD 15000 / month* - Technical Account Manager (TAM) - 15 minute response time

Windows Users

Go to EC2 > Go to Network & Security Tab > Go to Key Pairs > Create Key > Download PEM file > Download PuTTY 64 bit > Install > Open > Click on Load > Upload the PEM file downloaded > Save Private Key

Create Billing Alarm from Cloud Watch under Management & Governance

IAM

Definition

It is Global, not region specific
Root Account has full administrative rights

GROUPS

Group stores users and inherit all permissions of the group

POLICIES

Policies are applied to group, it sets the permissions. They are in JSON format
Under Security, Identity & Compliance

S3

Add flat files (files that don't change in the place)
Videos, pictures
NOT database files
Object based Storage
NOT Block based storage that is used in EC2
File Size: 5 terra bytes (TB)
Files are stored in buckets. Buckets are folders
Buckets must be unique globally
https://s3-<region>.amazonaws.com/<bucket name>
Objects in S3 has key and value
On uploading object in S3, HTTP 200 status code is generated
Key is name
Value is the data made up of sequence of bytes
Version ID for versioning
Metadata Data about data that is stored
Subresources

Access Control Lists
A Torrent

Data Consistency in S3

Read after write consistency for PUTS of new objects

New files are immediately available after uploading
Although updating or deleting takes time

Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate)
99.99% - built for
99.9% - Guarantee availability
99.99999999999% (11 nines in total, 9 nines after decimal) durability
Features

Tiered Storage
Lifecycle Management
Versioning
Encryption
Secure data with Access Control Lists (file level) and Bucket Policies (bucket level)

TIERED STORAGE
S3 Standard

Availability 99.99%
Durability 99.999999999%

S3 - IA (Infrequently Accessed)

Infrequently accessed data but rapid access when needed
Lower storage fee than S3 but retrieval fee charged

S3 One Zone - IA (Infrequently Accessed)

Lower Cost Option
Not frequently accessed data
Do NOT require multiple availability zone data resilience

S3 - Intelligent Tiering

uses ML
looks at usage pattern
optimizes cost
moves data to cost effective access tier

S3 Glacier

data archiving
low cost
secure, durable
Retrieval time configurable from minutes to hours

S3 Glacier Deep Archive

Lowest storage cost on AWS
Retrieval time greater than 12 hours

S3 PRICING FACTORS (MR STAR)

Storage
Requests
Storage Management Pricing
Data Transfer Pricing
Transfer Acceleration
Cross Region Replication Pricing

S3 Transfer Acceleration

If this is enabled, users anywhere in the world can upload a file and it will not be sent to the data-center in any region via the internet. Instead, it is sent to a nearby edge location from where it is transfered to our data-center via Amazon's private network which is faster than the internet

Cross Region Replication

On activating it, buckets are replicated in another region

S3 Policies

Bucket Policies

Applied to entire bucket

Object Policies

Applied to Object

IAM Policies to Users & Groups

Applies to Users & Groups

CloudFront

Edge Location - content is cached
Origin - S3 or EC2 or Elastic Load Balancer or Route53
Distribution - Web and RTMP (for Adobe flash streaming)
Comes under Networking and Content Delivery
Content Delivery Network (CDN)
Webpages and other web content are delivered to users from CDN where they are cached
It stands between Servers and Users to quickly deliver cached version of the content
CloudFront is at Edge Locations

Web Distribution - for websites
RTMP - for media such as Adobe Flash

S3 Buckets can be set up for CloudFront Web Distribution

On doing that, the links of the objects are ready to be cached on vatious edge locations if requested by users

EC2

Definition

Elastic Compute Cloud
Virtual Servers
Boots in minutes
Quickly scale up and down

Types

On Demand

Fixed rate

Reserved

Types

Standard
Convertible
Scheduled - Between a given time everyday

Longer contracts
Discount on hourly charge
Best Price - Pay for 3 years and get maximum discount

Spot

Bidding goes on all the time
Flexible start and end times
Good for applications where it is ok to lose the server
If Amazon ends the session of an instance, you WON'T be charged for the hour in which it was stopped
If you stop the session of an instance, in that case you WILL be charged for the hour in which it was stopped

Dedicated Hosts

Physical EC2 Servers dedicated for your use
Reduces cost
Fewer people use it
License terms and conditions there

Instance Types

Compute Optimized
CPU Intensive Apps/Databases

Dense Storage
Data Warehousing, Hadoop

Financial Analytics, Genomics Research

Graphic Intensive
Video Encoding, 3D Application Streaming

High Disk Throughput
MapReduce workloads, distributed file systems such as HDFS & MarpR-FS

High Speed
NoSQL databases, Data Warehousing

General Purpose
application Servers

Graphics/General Purpose GPUs
Machine Learning, Bit coin mining

Memory Optimized
Memory Intensive Apps/Databases

General Purpose
Low Cost
Webservers, small databases

Memory Optimized
SAP HANA, Apache Spark

High Compute Capacity and high memory footprint
Electronic Design Automation, Certain relational database workloads

General Purpose Instances:

T3, M5, P3

Virtual Hardisk
Every server has a disk
Storage attached to EC2
Run file systems, databases, etc. on them
Stored in same availability zone as EC2
Automatically replicated

GP2 - General Purpose SSD

General Purpose

IO1 - Provisioned IOPS SSD

for High performing database

Magnetic

ST1 Throughput Optimized HDD

Low Cost
Frequently accessed
throughput-intensive workload

SC1 - Cold HDD

Lowest Cost
Less frequently accessed workloads

Magnetic

Previous Generation

Common Ports

Linux

SSH
Port 22

Microsoft

Remote Desktop Protocol
Port 3389

HTTP

Port 80

HTTPS

Port 443

Security Group is a Virtual Firewall in the cloud
To allow any IP addresss using 0.0.0.0/0
To just let one IP address we use the IP address followed by /32 (X.X.X.X/32)
Production should have each instance in separate availability zone so that if one goes down other instance can take the load

AWS Command Line

PuTTY is used on Windows to access AWS from my laptop's terminal
User takes Access Key Id and Secret Access Key
Command to configure Terminal with AWS

aws configure
Add access key id
Add secret access key
Add region name

Command to make bucket from AWS terminal

aws s3 mb s3://<bucket-name>

Command to go in created bucket

aws s3 ls

Create a file in EC2

echo "hello world" > hello.txt
ls

Command to copy file from EC2 to S3 Bucket

aws s3 cp hello.txt s3://<bucket-name>

AWS has a secret folder where it stores access key id and secret key. Go to root directory

cd ~
cd .aws
ls
nano credentials

The above commands help you to view the file where access key id and secret key is stored
Try using wrong access key id and secret key

aws configure
enter fake values
aws s3 ls

One can interact with AWS in 3 ways

Web Console
Command Line Interface (CLI)
Software Development Kits (SDKs)

ROLES

Create Role

Go to AWS Web Console
Go to IAM
Go to Roles Tab
Select EC2
Click on Next for Permissions
Select AmazonS3FullAccess
Go to Next
Add Tags
Go Next
Add Name and Description to the Role
Create Role

Connect Role to EC2 Instance

Go to EC2
Go to Instances
Select instance
Click on Actions
Select Instance Settings
Click on Attach/Replace IAM Role
From Drop down select the role just created
Click Apply

The below commands help to remove .aws folder where access key id and secret access key is stored

Go to CLI
Type

ssh ec2-user@<IP address> -i MyPrivateKey.pem
ls
aws s3 ls
cd ~
rm -rf .aws
aws s3 ls

Roles are much better way than using access key id and secret access key

Roles are much more secure

Easier to manage

Can be applied to EC2 anytime and takes effect immediately

Roles are Global. Region need not be specified

Web Server

Go to SSH CLI
sudo su
yum update -y

Install Apache

yum install httpd -y

Turn it on

service httpd start

Let's go to root directory of the website. Any file here will be visible on the IP address

cd /var/www/html
ls

Create a web page

nano index.html
<html><body><h1>Hello World!</h1></body></html>
Ctrl + X
Save? Yes
ls

View Website

Go to browser
Add the public IP address to the address bar and run

LOAD BALANCERS (LB)

Under EC2
Click on Create Load Balancer
Types (CAN)

Application LB - good for applications
Network LB - when high performances and static IP addresses
Classic LB - old and cheap

Choose Application LB
Add a Name
Select all availability zones - one AZ goes down, others are there
Click Next
Configure Routing - add name
Next
Click on the instance and click on Add to registered
Next
Create

Create a new instance

Make sure it has subnet of different availability zone than the previous instance
Click on advanced details
In the text box add the following

#!/bin/bash
yum update -y
yum install httpd -y
service httpd start
chkconfig on
cd /var/www/html
echo "<html><body><h1>Web Server 2</h1></body></html>"

The above lines run at root level when EC2 instance boots up
Next
Next
Add tag
Next
Select an existing Security Group
Launch

Activate Load Balancer for two or more instances

Go to Load Balancing > Target Groups
Click on Targets tab below
Add other instance
Save
Go to Load Balancers
Get DNS name and run repeatedly in browser
You will get both the websites alternatively

DATABASES

RDS - Relational Databases on AWS is called RDS

RDS allows (PA MOMS)

Microsoft SQL Server
Oracle
MySQL
PostgreSQL
Amazon Aurora
MariaDB

2 Key Features of RDS

Multiple Availability Zones

for disaster recovery
lose one and other is used

Read Replicas

for performance
production read copy
can have upto 5 copies

Non Relational Databases

DynamoDB

Each document have different number of fields
Amazon's NoSQL Database is DynamoDB

OLTP vs OLAP

Online Transaction Processing vs

Online Analytics Processing

OLTP

A row of data from database - CRUD

OLAP

Red Shift

A group of data from database based on query - CRUD
Data Warehousing was introduced for this
Data Warehousing is used for Business Intelligence (BI)
Amazon Data warehousing solution is called Redshift

ElastiCache

Definition

web service
makes easy to

deploy
operate
scale

in-memory caching solution in the cloud
It improves performance of web application
by allowing apps to retrieve info from

fast
managed
in-memory caches

ElastiCache caches most common queries
Un common queries are made to database

Caching Engines (Open source and in-memory) that Elasticache supports

Memcached
Redis

AMI

Amazon Machine Image
Created from EC2 Instance
To recreate the same instance again

Auto Scaling

Load Balancing

Route53

Amazon's DNS - Domain Name System
Named after Route 66 - interstate highway across United States
DNS works on Port 53
It is Global, not region specific, just like IAM and S3
Under Networking in AWS services
Provides

DNS Management
Traffic Management
Availability Monitoring
Domain Registration

Used to

direct traffic around the world
register domain name

Elastic Beanstalk (Free)

Definition

quickly deploy and manage applications
in AWS cloud
without worry of the infrastructure
Upload application and
Elastic Beanstalk automatically handles

capacity provisioning
load balancing
scaling
application health monitoring

How?

On a click of button provision EC2, security groups, application load balancers
Only code, rest taken care
Choose stack, upload code and there you go

Name all Compute Services

EC2
LightSail
Elastic Beanstalk
Lambda
etc.

Cloudformation (Free)

Definition

Service
that helps to model
and set up AWS resources
allowing one to spend less time managing resources
Cloudformation takes care of configuration and provisioning
It is free, but resources it deploys may not be free such as EC2, RDS instances

Most powerful AWS tool
Turns infrastructure into code
With this code deploy within minutes
Various templates available
It creates all instances that are required

EC2
Security Group
RDS
etc.

One can design one's own template too
Configures them

Difference between Elastic Beanstalk and CloudFormation

Elastic Beanstalk is limited to what it can provision, CloudFormation can provision almost any AWS service
Elastic Beanstalk is not programmable while CloudFormation is completely programmable

Architecting for the cloud (White paper)

IT Assets as Provisioned Resources
Global, Available, and Scaleable Capacity (GAS Capacity)
Higher Level Managed Services
Built-in-Security

Multi level authentication, etc

Architecting for Cost

Cost efficient

Operations on AWS

Re-architecting, re-factoring

Scalability

Scale Up

Example, t2 micro instance to bigger instance

Scale Out

Example, adding multiple virtual machines behind an elastic load balancer
Types: 6 types of scaling out

Stateless Applications

Example, Alexa is Lambda, stateless

Distributed Load to Multiple Nodes

Example, Multiple Web servers or database servers

Stateless Components

Example, uses cookie

Statefull Components

Example, transactions stored in RDS

Implement Session Affinity

Sticky sessions

Cookie in user's browser
Everytime they and visit your website, Application Load Balancer detects the cookie and sends user back to the same EC2 instance

Implement Distributed Processing

Elastic Map Reduce

Have bunch of EC2
and process large number of jobs
reduce time to complete it

Disposable Resources instead of fixed servers

Instantiating Compute Resources

Bootstrapping

Not manually instantiating

Golden Images

Taking image of instance and use it again and again

Containers
Hybrid

Containers + EC2 instance

Infrastructure as a code

CloudFormation

Automation

Serverless Management & Deployment

AWS Elastic Beanstalk
EC2 autorecovery
AWS Systems Manager
Auto Scaling

Alarms & Events

Amazon CloudWatch alarms
Amazon CloudWatch events

Example, Someone uploads image to S3, lambda adds watermark to the image or creates a thumbnail, etc.

AWS Lambda Scheduled Events

Example, Run a code at midnight

AWS Web Application File (WAF) security automations

automatically respond to people trying to do harm

example SQL injections, Cross site scripting

Loose Coupling

Well Defined Interfaces

Amazon API Gateway

Service Discovery

Example, EC2 instance connecting to RDS instance using DNS name, if multi-AZ is on, then if an RDS instance fails, AWS will switch over to other AZ

Asynchronous Integration
Distributed Systems Best Practices

Graceful failure in prcactice
Example, if a page does not exist, user sees error page

Services and NOT Servers

Managed Services
Serverless Architectures

Databases

Relational Databases (Aurora)

Scalability
High Availability - Multi AZ
Anti Patterns - if no need of joins or complex transactions, use NoSQL

Non-Relational Databases (DynamoDB)

Scalability
High Availability - Multi-AZ
Anti Patterns - if you have joins or complex transactions, use SQL for them OR large binary files like audio, video, images, etc., use S3 for them

Data Warehouses (RedShift)

Scalability
High Availability - Multi-AZ
Anti-Patterns - not meant for Online Transaction Processing (OLTP), more used for Online Analytics Processing (OLAP)

Search (Cloud Search, Amazon Elastic Search)

Scalability
High Availability - Multi-AZ

Graph Databases (Neptune)

Scalability
High Availability - Multi-AZ

Managing Increasing Volume of Data

A data lake

architectural approach
allows to store massive amounts of data
in a central location
so that readily available

to be categorized
processed
analysed
consumed by diverse groups in organization

Data stored as-is
no need to convert it to pre-defined schema
no need to know what questions to ask about your data beforehand
Great place to create data lake is S3
Athena can be used to run SQL queries on this database

Removing Single Point of Failure

Introducing Redunduncy
Detect Failure
Durable Data Storage
Automate Multi-Datacenter Resilience
Fault Isolation and Traditional Horizontal Scaling (Scaling Out)
Sharding (Elastic MapReduce)

Optimize for Cost

Right Sizing
Elasticity

events when higher usage is expected, needs to be provisioned

Take advantage of variety of purchasing options

Spot instances, on demand instances, reserved instances

Caching

Application Caching

Elastic Cache

Edge Caching

CDN Networks like CloudFront

Security

Use AWS features for Defense in Depth
Share Security Responsibility with AWS
Reduce Privileged Access
Security as Code

EC2 instances with security patches on them
CloudFormation Template

Real-Time Auditing

AWS Inspector, AWS CloudTrail, etc.

GLOBAL AWS SERVICES (IRCSS)

IAM
Route53
CloudFront (CDN)
SNS
SES

GLOBAL VIEW BUT REGIONAL

AWS SERVICES ON PREMISE

Snowball

Gigantic Disc to upload data on and ship back to AWS (80 TB min)

Snowball Edge

CPU + Storage
Example, Lambda on Premise
Boeing uses it

Storage Gateway

Caching file on Premise

It replicates to S3

CodeDeploy

Used for deploy to on-premise web service too

OpsWorks

Uses chef for automated deployment to EC2 instance in AWS cloud as well as on premise web server

IoT Greengrass

it is IoT but connects devices up to AWS cloud. has on premise service as well

AWS SERVICES CAN BE USED TO DEPLOY APPLICATIONS ON PREMISE

CodeDeploy

Used for deploy to on-premise web service too

OpsWorks

Uses chef for automated deployment to EC2 instance in AWS cloud as well as on premise web server

CLOUDWATCH 101

Definition

Monitoring Performance Service
to monitor AWS resources
as well as the applications running on AWS
Monitors once every 5 mins

intervals can be reduced to 1 min by turning on detailed monitoring

CloudWatch alarms trigger notifications

CloudWatch monitors

Compute

EC2 instances
Autoscaling Groups
Elastic Load Balancers
Route53 Health Checks

Storage and Content Delivery

EBS Volumes (Virtual Hard disks attached to EC2)
Storage Gateways
CloudFront

Host Level Metrics of :

CPU
Network
Disk
Status Check

AWS SYSTEMS MANAGER

Allows to manage EC2 instances/virtual machines at scale
Run a command on all EC2 instances at once
Under Management and Governance in AWS Console
It also integrates with CloudWatch to give dashboard for entire estate

PRICING

Capex - Capital Expenditure - Pay upfront
Opex - Operational Expenditure - Pay as you use

5 Policies (GRAMC)

Pay as you go
Pay less when you reserve
Pay even less per unit by using more
Pay even less as AWS grows
Custom Pricing

4 Principles & Best Practices (FOFR)

Understand the fundamentals of Pricing

3 Fundamental Drivers of Cost

Compute
Storage
Data Outbound

Start early with cost optimization

Earlier you start with cost optimization, the better it is
Helps grow right than have a complex infrastructure that cannot be optimized easily

Maximize the power of flexibility

AWS services are priced

independently
transparently

No minimum commitment

Use when required, stop when not
This helps save upto 70% than running 24/7

Use the right pricing model for the job

On demand
Reserved
Spot
Dedicated

3 Fundamental Drivers of Cost

Compute
Storage
Data Outbound

7 AWS FREE SERVICES (VECOCAI)

VPC (Virtual Data Center)
Elastic Beanstalk

But NOT services it deploys

CloudFormation

But NOT services it deploys

IAM (users, groups, roles)
Auto Scaling

But NOT services it deploys

OpsWorks

But NOT services it deploys

Consolidated Billing

What determines Price?

EC2 ( MIS PILOT H )

Hours

By second or hour

Type of Instance

T1 micro, etc

Pricing Model

On Demand
Reserved
Spot
Dedicated

Instances Count
Load Balancing

Application LB - less expensive
Network LB - more expensive

Monitoring

Standard - 5 min interval
Detailed - 1 min interval (more expensive)

Scaling Automatically

More EC2 more price to pay

Elastic IP Addresses

Is turned on by default everytime EC2 instance in instantiated, it is chargeable

Operating Systems and Software Packages

Windows more expensive than Linux

Lambda Pricing Determinants

Free upto 1 million requests
USD 0.20 / million requests thereafter
400,000 GB-seconds per month free, upto 3.2million seconds of compute time
USD 0.00001667 for every GB-second thereafter
Other AWS services used by Lambda

EBS Pricing Determinants

Volumes (per GB)
Snapshots (per GB)
Data Transfer

S3 Pricing Determinants

Class of Storage (SIIIGG)

Standard
IA
IA - 1 AZ
Intelligent Tiering
Glacier
Glacier Deep Archive

Storage (GBs)
Requests - Get, Put, Copy
Data Transfer

Glacier Pricing Determinants

Storage (GBs)
Max Data Retrieval Time Period

Expedited

1-5 mins
0.03 USD per GB
0.01 USD per request
100 USD per capacity unit provisioned

Standard

3-5 hours
0.01 USD per GB
0.05 per 1000 requests

Bulk

5-12 hours
0.0025 per GB
0.025 per 1000 requests

Snowball Pricing Determinants

Service Fee per job

50 TB - 200 USD
80 TB - 250 USD

Daily Charge

Free - 10 days
thereafter - USD 15/day

Data Transfer

Inbound - Free
Outbound - NOT

RDS Pricing Determinants

Clock Hours of Server Time
DB Characteristics
DB Purchase Type - size
Number of Instances
Provisioned Storage
Additional Storage used
Requests
Deployment Type
Data Transfer

DynamoDB Pricing Determinants

Provisioned Throughput (write)
Provisioned throughput (read)
Indexed data storage

CloudFront Pricing Determinants

Traffic Distribution
Requests
Data Transfer Out

AWS Budget vs AWS Cost Explorer

Budget is used to budget/predict before they are incurred
Cost Explorer is used to analyse expense after they have been incurred

AWS Support Plans

Basic

Free
No Tech Support, only forums
Nobody can open cases

Developer

29 USD / month
Business hour - email
1 person - unlimited cases
General Guidance: < 24 biz hrs | System Impaired: < 12 biz hrs

Business

100 USD / month
24x7 email, chat, phone
Unlimited Contacts - Unlimited cases

General Guidance: < 24 biz hrs | System Impaired: < 12 biz hrs | Prod System: < 4 hrs | Prod System Down: < 1 hr

Enterprise

15,000 USD / month
24x7 email, chat, phone
Unlimited Contacts - Unlimited cases
Dedicated Technical Account Manager (TAM)

General Guidance: < 24 biz hrs | System Impaired: < 12 biz hrs | Prod System: < 4 hrs | Prod System Down: < 1 hr | Buziness Critical System: < 15 mins

AWS QUICK STARTS

List of Templates of CloudFormation
Deploys solutions on one click
Templates designed by experts
FREE, but resources it provisions could be paid

AWS LANDING ZONE

Allows to setup multi-account setups
Organization level solution templates
Based on Best Practices

AWS COST CALCULATORS

AWS SIMPLE MONTHLY CALCULATOR

Estimations
https://calculator.s3.amazonaws.com/index.html

AWS TOTAL COST OF OWNERSHIP (TCO) CALCULATOR

Estimates and compares to on premise cost of the same operation

SECURITY

AWS Artifact

AWS is compliant to

Global:

SOC 1
SOC 2
SOC 3
PCI DSS Level 1

Payment Card standard

CSA - CLoud Security Alliance
ISO 9001
ISO 27001
ISO 27017
ISO 27018

US:

FISMA - Federal Information Security Management
HIPAA - Protected Health Information

AWS Shared Responsibility Model

AWS is responsible for their Regions, AZs, Edge Locations | Compute, Storage, Database, Networking
Security in the cloud is responsibility of the customer - Configurations, IAM, Customer Data
Amazon responsible upto guest operating system | customers responsible there on
Amazon responsibility is security OF the cloud, customer's responsibility is security IN the cloud
Encryption setting on is customer responsibility, encryption is Amazon's
If key is procided by customer then even encryption is customer's responsibility
RDS patching is Amazon's responsibility

WAF & Shield

WAF stands for Web Application Firewall
Level 7 - Level 1 is hardware, Level 7 is application
WAF in front of Load Balancer,s tops attackers from SQL injections and cross site scripting

Shield is managed Distributed Denial of Service (DDoS) protection service
safeguards web applications
shields from DDoS attacks - such as too much traffic at once directed to the application with an intent to crash it or incur you high billing
Types:

Standard
Advanced

DDoS attack charges are reimbursed by AWS

AWS Inspector vs AWS Trusted Advisor vs CloudTrail vs CloudWatch vs Config (I-T-C)

Inspector (ASSESS)

Inspector is automated security assessment service for vulnerabilities
reports generated
It is installed on EC2 instances

Trusted Advisor (ADVICE)

Online resources
helps to reduce cost, increase performance, and improve security
real-time guidance on best practices

Cost optimization
Performance
Security
Fault Tollerance

On entire AWS account
Core checks on recommendations - FREE
Full Trusted Advisor - Busine and Enterprise only
Global Service

CloudTrail (LOG)

Records everything in AWS environment
Actions and API callls
Logs everything
Saved in S3

CloudWatch (PERFORMANCE)

Monitor AWS Resource Performance

CPU
Network
Disk
Status Check
Custom Scripts

AWS Config (CONFIG)

Configs and relations and settings
Changes made to config

Athena vs Macie

Athena

Interactive Query Service
Query data located in S3 using SQL
Serverless
Pay per query/TB scanned
NO need to set up ETL processes (Extract/Transform/Load)
Can be used to Mining Data Lake, Querying Logs, Generate Business Reports, query click-stream data

PII - Personally Identifiable Information

Personal Data - Credit Card, Bank Account Details, etc.

Macie

Uses AI to identify objects containing sensitive data such as PII
Great for PCI-DSS compliance and preventing ID theft

Vinit Khandelwal