A
- accelerated computing instances, 39
- access control
- Amazon DynamoDB, IAM policy and, 732–735
- Amazon EFS (Elastic File System), 776
- Amazon S3
- ACLs (access control lists), 124
- bucket policies, 123
- defense in depth, 124–125
- user policies, 123–124
- ElastiCache, 747
- access keys, 14, 16
- KMI (key management infrastructure), 263
- ACLs (access control lists), 58–61, 105, 124
- AD Connector (Active Directory Connector), 506–507
- AD DS (Active Directory Domain Services), 506
- ADM (Amazon Device Messaging), 537
- Advanced Message Queuing Protocol. See AMQP
- AES-256 (Advanced Encryption Standard), 95, 120, 187, 261, 263, 271, 272, 731
- AFR (annual failure rate), 93
- ALB (Application Load Balancer), 287, 479
- all-at-once deployment, 300
- Amazon API Gateway, 623, 627–628
- Amazon CloudWatch and, 632–633
- API keys, 631
- authorizers, 630
- AWS Lambda, integration, 631
- CORS (cross-origin resource sharing), 631
- definition support, 634
- endpoints, 628
- HTTP methods, 630
- monitoring metrics, 807
- OpenAPI specification, 634
- resources, 629
- RESTful APIs, 631
- security, 633–634
- stages, 630
- Amazon Aurora
- automatic scaling, 848
- databases, 176
- DB clusters, 190–191
- cluster volume, 191
- instances, 191
- global databases, 192
- serverless, 192
- Amazon Aurora Serverless, 642–643
- Amazon CloudFront
- AWS Elastic Beanstalk and, 297–298
- content delivery, 626–627
- Amazon CloudWatch, 189–190
- alarms, 814–817
- Amazon API Gateway and, 632–633
- Amazon SQS, queue monitoring and, 533
- AWS Lambda functions, 602–603
- cases, 800
- cost management and, 867
- dashboards, 817–818
- log aggregation, 811–812
- log processing, 814
- log searches, metric filters, 812–814
- metrics
- aggregations, 804
- Amazon API Gateway, 807
- Amazon DynamoDB, 806
- Amazon EC2, 805
- Amazon Lambda, 807
- Amazon S3, 806
- Amazon SNS, 808
- Amazon SQS, 808
- AWS Auto Scaling groups, 805
- built-in, 802
- custom, 808–810
- data points, 802–803
- Elastic Load Balancing, 804
- repository, 801
- statistics, 803–804
- statistics retrieval, 810–811
- microservices, 521
- monitoring, 798
- performance monitoring, 868
- Amazon Cognito, 498, 505
- Amazon SNS, endpoints, 539
- authentication
- device tracking, 636–637
- identity pools, 639
- multi-factor authentication (MFA), 636
- password policies, 636
- SDK, 639–640
- SMS messages, 636
- UI (user interface) customization, 637–639
- user pools, 634–635
- authorizers, 630
- Amazon Device Messaging (ADM), 537
- Amazon DynamoDB, 569, 664
- access control, fine grained, 214–216
- adding to tables, 692
- atomic counters, 715
- attribute projects, 687–688
- attributes, 197, 198–199, 669
- AWS Auto Scaling, 848
- automatic scaling, 707–711
- backfilling, 693
- backups, on-demand, 216, 737
- base table, 688–689
- best practices, 216–217
- burst capacity, 682, 710
- condition keys, 735–736
- conditional writes, 716–717, 721
- control plane operations, 678
- data plane operations, 679–680
- data retrieval, 209–212
- data types, 669–671
- deleting databases, 694
- encryption, 216
- encryption at rest, 730–732
- error handling, 720, 721
- expressions, 724–729
- global secondary indexes, 686–687
- hash attribute, 665
- IAM and, 214–216
- index key violations, 694
- index name, 688–689
- item attributes, 722–723
- items, 198, 669, 715
- local secondary indexes, 694–700
- managing, 691
- monitoring metrics, 806
- nonrelational database, 177
- NoSQL databases, 177
- object persistent model, 214
- optimistic locking, 713–714
- partition key, 665–668
- partitions, 197, 711–713
- permissions, IAM policy conditions, 732–735
- PITR (point-in-time-recovery), 738–739
- primary key, 199–200, 665–666
- provisioned throughput, 689–690
- queries, 688
- filter expressions, 730
- key condition expressions, 729–730
- read consistency, 730
- range attributes, 666
- read capacity units, 690
- read consistency, 206, 207
- read/write throughput, 207, 672–673
- adaptive capacity, 209
- burst capacity, 209
- on-demand, 208
- provisioned throughput, 208
- RCU (read capacity unit), 207
- reserved capacity, 208
- WCU (write capacity unit), 207–208
- resource allocation, 693
- restore, point-in-time recovery, 216
- restores, on-demand, 737–738
- return values, 680–681
- scanning, 688–689
- secondary indexes, 201, 665, 683
- alternate key, 684
- base table, 683
- configuration, 685
- global secondary indexes, 202–205, 682, 684
- local secondary indexes, 201–202, 204–205, 682, 684
- shards, 668
- sort key, 666
- state, 665, 678
- status in table, 692
- streams, 205
- synchronizing, 689
- tables, 197, 198, 665, 672
- tags, 714–715
- throttle capacity, 682
- throughput, provisioned, 672
- capacity, reads/writes, 672–673
- capacity unit consumption, 674–675
- item sizes, 674–675
- reads capacity unit (RCU) consumption, 675–676
- settings, 674
- writes capacity unit (WCU) consumption, 676–678
- TTL (time to live), 719–720
- version number, 713–714
- write capacity units, 690
- write cost, 690–691
- Amazon DynamoDB Local downloadable database, 214
- Amazon DynamoDB Streams, 665
- API (application programming interface), 705
- AWS Lambda triggers, 706–707
- concurrency, 547
- consumers, 546–547
- cross-region replication, 701
- data, retention limit, 705
- endpoints, 701–702
- Kinesis Adapter, 703–704
- shards, 547
- stream records, 700–701
- streams, 702–704
- use case, 546
- Amazon EBS (Elastic Block Store), 40, 93, 155, 157, 158
- Amazon EFS comparison, 144
- Amazon S3 comparison, 144
- AWS OpsWorks Stacks, layers, 454
- block storage, 87
- Elastic Volumes, 94–95
- encryption, 95–96, 265, 274
- HDD (hard disk drive)-backed volumes, 93
- instance store comparison, 143–144
- performance optimization, 95–97
- snapshots, 95
- SSD (solid-state drive)-backed volumes, 93–94
- storage, persistent, 40–41
- storage optimization, 855–857
- troubleshooting, 97
- use cases, 94
- Amazon EC2 (Elastic Compute Cloud), 38, 67, 91, 158, 235–236, 587
- AD DS (Active Directory Domain Services), 506
- Amazon VPC and, 67
- answers to review questions, 887–890
- Auto Scaling, 847–848
- Availability Zones, 38
- bare-metal access, 38
- elastic network interfaces, 42
- instance store, 97–99, 155
- instance types, 39
- instances
- accelerated computing, 39
- access, 43
- CloudWatch, 50
- compute optimized, 39
- connecting to, 45–46
- families, 39
- general purpose, 39
- key pairs, 43
- lifecycle, 43–44
- memory optimized, 39
- monitoring, 50
- storage optimized, 39
- metadata, IMDS, 47–48
- monitoring metrics, 805
- on-premises AppSpec, 362–366
- on-premises configuration, 359–361
- primary network interfaces, 42
- private IP addresses, 42
- public IP addresses, 42
- RDP (Remote Desktop Protocol) and, 43
- security groups, 42
- users, default, 43
- VPC, default, 42
- webpages, custom, 49–50
- Amazon ECR (Elastic Container Repository), 476, 481, 487
- Amazon ECS (Elastic Container Service), 38, 446
- Amazon ECR, 476, 481
- architecture, 473–474
- AWS CodePipeline and, 321, 482–483
- AWS Fargate, 475–476, 484
- clusters, 472–475, 486
- container agent, 481
- containers, 476
- deployment, 471–472
- task definition, 477–478
- Docker, 471, 473, 474, 484
- Docker containers, 476, 481
- images, 476, 481
- overview, 472
- service limits, 482
- services, 478–479
- task definition, 476–478
- task scheduling, 479–480
- Amazon ECS Service Discovery, 480
- Amazon EFS (Elastic File System), 136–137, 157, 773
- access control, 776
- Amazon EBS comparison, 144
- Amazon S3 comparison, 144
- authentication, 776
- AWS DataSync, 139–140
- AWS DX (Direct Connect) and, 775–776
- data consistency, 776
- file storage, 87
- file sync, 139
- file system, 137, 778–779
- file system access, 137–139
- IAM, user creation, 777
- performance, 140–141, 779–780
- resources, 777
- scaling, throughput scaling, 780–781
- security, 141–142
- VPC, 773–775
- Amazon EKS (Elastic Container Service for Kubernetes), 38
- Amazon Elastic Container Service, 325
- Amazon ElastiCache. See ElastiCache
- Amazon EMR
- encryption, 267–268
- S3DistCp, 272
- Amazon Kinesis, 86
- Amazon Kinesis Data Analytics, 544–545, 569
- Amazon Kinesis Data Firehose, 151–152, 158, 543–544, 569
- Amazon Kinesis Data Streams, 540, 569
- applications, 541
- consumer options, 543
- data blob, 541
- Fluentd, 542
- Flume, 542
- Kinesis Video Streams, 542
- messages, deleting, 541
- open source tools, 542
- partition key, 541
- producers, 542–543
- real-time analytics, 542
- streams, names, 541
- throughput, 541–542
- Amazon Kinesis Video Streams, 545, 569
- Amazon Lambda, monitoring metrics, 807
- Amazon Lightsail, 38
- Amazon Machine Image. See AMI (Amazon Machine Image
- Amazon MQ, 570
- active/standby broker for high availability, 550
- AMQP (Advanced Message Queuing Protocol), 551
- single-instance broker, 550
- Amazon Neptune, 231–232
- Amazon Polly, , 11–12
- Amazon QLDB (Quantum Ledger Database), ledger database, 177
- Amazon RDS (Relational Database Service), 55, 180, 238, 274
- Amazon Aurora, 190–192
- Amazon CloudWatch, 189–190
- availability, 181–182
- AWS Elastic Beanstalk and, 298
- backups, 181, 185–186
- best practices, 192–194
- configuration, 181
- database migration, 489
- encryption, 187–188, 266–267
- engines, 182–185
- hosting and, 182
- IAM DB authentication, 188–189
- instances, 464
- Multi-AZ, 186–187, 238
- procurement, 181
- relational databases, 177
- security, 181–182
- Amazon Redshift
- 256-abit AES keys, 272
- architecture, 220–222
- AWS CloudHSM cluster master key, 272
- AWS KMS cluster master key, 272–273
- data warehouse, 177
- loading data, 224
- querying data, 224
- Redshift Spectrum, 225–226
- security, 224–225
- snapshots, 224
- table, 222–224
- Amazon Resource Name. See ARN (Amazon Resource Name)
- Amazon Route 53, domain names, 625–626
- Amazon S3 (Simple Storage Service), 10, 64, 157, 747, 782
- access control, 123–125
- Amazon EBS comparison, 144
- Amazon EFS comparison, 144
- authentication, 129
- AWS CLI, 128
- AWS CodePipeline and, 321
- AWS Elastic Beanstalk and, 297
- AWS explorers, 128
- AWS SDKs, 128
- buckets, 99–105, 155–156, 748–760
- consistency model, 114–118, 755–756
- CORS (cross-origin resource sharing), 107–108
- CRR (cross-region replication), 127–128
- data consistency, 156
- data lake architecture, 129–130
- encryption, 156, 264–265, 274
- client-side, 121–123
- data protection, 760
- envelope encryption, 119–120
- server-side, 271, 760
- SSE (Server-Side Encryption), 120–121
- lifecycle configuration, 157
- MFA Delete, 127
- monitoring metrics, 806
- object operations, 108–109, 765–770
- object storage, 87
- object tagging, key-value pairs, 106
- objects, 105, 761–765, 769, 783
- performance, 130–134
- Amazon CloudFront, 133
- GET requests and, 772
- multipart uploads, 133
- object key naming, 131–132
- range GETs, 133
- request rate and, 770–771
- TCP scaling, 133–134
- TCP selective acknowledgment, 133–134
- transfer acceleration, 132–133
- workloads and, 130, 771–772
- presigned URLs, 118
- query string authentication, 125
- pricing, 134
- query string authentication, 125–126
- requests, 129
- serverless applications, 129
- stateless applications, 129
- static website, 126, 156, 623–624
- storage classes, 156
- Amazon S3 Glacier, 111–113
- Amazon S3 Standard, 109–110
- comparison, 114
- frequently access objects, 757–758
- GLACIER, 759
- infrequently access objects, 758
- OneZone_IA, 111
- RRS (Reduced Redundancy Storage), 110
- RTO (recovery time objective), 111
- setting, 759
- Standard_IA, 110
- storage optimization, 853–855
- uses, 155
- values, large attribute, 772
- VPC (virtual private cloud) endpoints, 128
- web server, 622–623
- web traffic logs, 624–625
- Amazon S3 Glacier, 157
- archives, 112–113
- AWS SDKs, 112–113
- encryption, 113
- object storage, 87
- objects, restoring, 113
- RTO (recovery time objective), 111
- Vault Lock, 111–112
- vaults, 111
- Amazon SNS (Simple Notification Service), 325, 534, 569
- Amazon SQS comparison, 540
- API owner operations
- AddPermission, 536
- CreateTopic, 536
- DeleteTopic, 536
- GetTopicAttributres, 536
- ListSubscriptions, 536
- ListSubscriptionsByTopic, 536
- ListTopics, 536
- RemovePermission, 536
- SetTopicAttributes, 536
- API subscriber operations
- ConfirmSubscription, 537
- ListSubscriptions, 537
- Subscribe, 537
- UnSubscribe, 537
- APIs, clean up, 537
- billing, 539–540
- clients, 534–535
- device tokens, 538–539
- DLQ (dead letter queue), 599
- endpoints, 535
- Amazon Cognito, 539
- mobile, 538
- proxy server, 539
- Free Tier, 539–540
- limits, 539–540
- messages, topics, 534
- mobile, 537–539
- monitoring metrics, 808
- registration IDs, 538–539
- restrictions, 539–540
- subscriptions, 534
- topics, 534, 536
- transport protocols
- workflow, 535
- Amazon SQS (Simple Queue Service), 294, 523, 569
- Amazon SNS comparison, 540
- ChangeMessageVisibility action, 527
- consumers, 523
- DelaySeconds action, 528
- DeleteMessage action, 528
- distributed cluster of servers, 525
- DLQ (dead letter queue), 599
- log server, 524
- MessageRetentionPeriod action, 528
- messages
- attributes, 532
- storage, 525–526
- monitoring metrics, 808
- producers, 523
- queue, 525
- Amazon CloudWatch and, 533
- dead-letter, 531–532
- dead-letter queue, 528–530
- dead-letter troubleshooting, 531
- FIFO (first-in, first-out), 526, 529–530
- SSE settings, 533
- standard, 526
- standard queues, 529–530
- ReceiveMessage action, long polling, 526
- ReceiveMessageWaitTimeSeconds action, 527
- responses, 523
- servers, distributed cluster, 525
- VisibilityTimeout action, 526
- WaitTimeSeconds, 527
- Amazon Timestream, time series database, 177
- Amazon VPC (Virtual Private Cloud), 38, 67, 268–269
- CIDR notation, 51
- connection types, 52
- default, 42
- DHCP (Dynamic Host Configuration Protocol), 63
- IP addresses, 52–53
- NAT (network address translation), 61–63
- network ACLs (access control lists), 58–61
- network traffic monitoring, 64
- route tables, 55–56
- security groups, 56–58
- stacks, AWS OpsWorks Stacks, 453
- subnets, 54–55
- AMI (Amazon Machine Image), 41–42, 506, 593
- Amazon EBS and, 97
- AWS Elastic Beanstalk, 306
- AMQP (Advanced Message Queuing Protocol), 551
- AFR (annual failure rate), 93
- API keys, 631
- APIs (application programming interfaces),
- Amazon SNS
- AddPermission, 536
- ConfirmSubscription, 537
- CreateTopic, 536
- DeleteTopic, 536
- GetTopicAttributres, 536
- ListSubscriptions, 536, 537
- ListSubscriptionsByTopic, 536
- ListTopics, 536
- RemovePermission, 536
- SetTopicAttributes, 536
- Subscribe, 537
- UnSubscribe, 537
- answers to review questions, 886–887
- AWS Lambda functions, 589
- AWS STS
- AssumeRole, 503
- AssumeRoleWithSAML, 504
- AssumeRoleWithWebIdentity, 504
- DecodeAuthorizationMessage, 504
- GetCallerIdentity, 504
- GetFederationToken, 504
- GetSessionToken, 505
- control plane, 497
- credentials, 14–15
- endpoints, 10–12, 13
- microservices, 521
- requests,
- responses,
- APNS (Apple Push Notification Service), 537, 538–539
- Application Load Balancer (See ALB (Application Load Balancer)
- applications
- Amazon Kinesis Data Streams, 541–542
- Amazon S3, 129
- AWS OpsWorks Stacks, 459–460
- capacity, 289
- deployment, 288–289
- mapping to AWS database service, 178
- running on instances, 44–50
- serverless, 129, 622
- stateless, 129
- AppSpec configuration file, 299
- architecture
- data lake, 129–130
- three-tier, 282
- versus serverless stack, 640–642
- ARN (Amazon Resource Name), 22–23
- Amazon SNS, 536
- AWS Lambda functions, 600
- attributes, nested, 722–723
- authentication
- Amazon Cognito and, 634–640
- answers to review questions, 905–907
- versus authorization, 496
- control planes, 497
- federation, 496
- IAM, 19–20
- MFA (multi-factor authentication), 15–16, 636
- RDP, 497
- SSH, 497
- authoritative data, 90
- authorization, 497–498
- answers to review questions, 905–907
- versus authentication, 496
- AWS SSO (Single Sign-On), 500–501
- control planes, 497
- cross-account access, 499
- federation, 496
- IAM, 19–20
- permissions policy, 499
- RDP, 497
- source accounts, 499
- SSH, 497
- target accounts, 499
- trust policy, 499
- Auto Scaling, 845–849
- Availability Zones, 705
- Amazon EC2 (Elastic Compute Cloud), 38
- AWS Region, , 10
- AWS (Amazon Web Services)
- cloud services, calling, –9
- resource management,
- SOAP support, 128–129
- AWS Amplify JavaScript library, 128
- AWS ASG (Auto Scaling Group), 383
- AWS Auto Scaling, 289
- groups, 289–290
- groups, monitoring metrics, 805
- microservices, 521
- AWS Budgets, , 866
- AWS CLI (Command Line Interface), , , 128, 382
- AWS Lambda functions, 589
- credentials, assigning, 48
- AWS Cloud, , 86, 176, 284–287
- AWS Cloud9, 66, 334
- AWS CloudFormation, 382
- application deployment, 289
- AWS CloudFormation Designer, 406
- AWS CodePipeline and, 321, 429–432
- change sets, 384, 434–435
- condition functions
- creation policies, 436
- custom resource providers, 406–407
- helper scripts
- cfn-get-metadata, 425
- cfn-hup, 425–426
- cfn-init, 424
- cfn-signal, 424–425
- infrastructure and, 382–384
- intrinsic functions
- Fn::Base64, 395
- Fn::Cidr, 395
- Fn::FindInMap, 395
- Fn::GetAtt, 396
- Fn::GetAZs, 396
- Fn::Join, 396–397
- Fn::Select, 397
- Fn::Split, 397
- Fn::Sub, 397–398
- Ref, 398
- metadata keys
- AWS::CloudFormation::Designer, 405
- AWS::CloudFormation::Init, 399–404
- AWS::CloudFormation::Interface, 404–405
- overview, 382–383
- permissions, 385–386, 435
- resource relationships, 408, 435
- resources, 435, 408–411
- service limits, 429
- stacks, 384
- CREATE_COMPLETE, 411
- CREATE_FAILED, 412
- CREATE_IN_PROGRESS, 412
- DELETE_COMPLETE, 412
- DELETE_FAILED, 412
- DELETE_IN_PROGRESS, 412
- deletion policies, 416–417
- export output, 417–418
- exports, 417
- import output, 417–418
- nested, 417, 418–419
- policies, 420–422
- ROLLBACK_COMPLETE, 412
- ROLLBACK_FAILED, 412
- ROLLBACK_IN_PROGRESS, 412
- UPDATE_COMPLETE, 412
- UPDATE_COMPLETE_CLEANUP_IN_PROGRESS, 412–413
- UPDATE_IN_PROGRESS, 412
- UPDATE_ROLLBACK_COMPLETE, 413
- UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS, 413
- UPDATE_ROLLBACK_IN_PROGRESS, 413
- updates, 413–416, 436
- StackSets, 427–429
- templates, 386–394, 435
- wait conditions, 436
- AWS CloudFormation CLI, 422–423
- AWS CloudHSM, 262, 268–269
- AWS CloudTrail
- AWS Code services, 318
- AWS CodeBuild, 318, 319, 344–345, 373
- AWS CodePipeline and, 321, 352
- build environments, 350–351
- build projects, 345–349
- service limits, 351
- AWS CodeCommit, 292, 318, 319, 332–333, 372, 373
- AWS CodePipeline and, 321, 344
- branches, 341
- commits, 339–340
- credentials, 333–334
- development tools, 334
- files, 337
- migration to, 341–343
- pull requests, 337–338
- repository, 335–337
- service limits, 343
- AWS CodeDeploy, 299, 319, 352–353, 373
- applications, 362
- AppSpec file, 362–369
- AWS CodeDeploy agent, 369–370
- AWS CodePipeline and, 321, 371
- deployment configurations, 359–361
- deployment groups, 356–359
- deployments, 354–356
- in-place deployment, 300
- revision, 353–354
- service limits, 370
- AWS CodePipeline, 318, 319, 372
- actions, 323
- Amazon ECS and, 321
- Amazon S3, 321
- approval actions, 325–238
- artifacts, 326–327
- AWS CloudFormation and, 321, 430–432
- AWS CodeBuild and, 321, 352
- AWS CodeCommit and, 321, 344
- AWS CodeDeploy and, 321, 371
- AWS Elastic Beanstalk and, 321
- AWS Lambda, 321
- AWS OpsWorks Stacks, 321
- build actions, 324
- CI/CD (continuous integration/continuous deployment), 318
- deploy actions, 325
- GitHub and, 324
- invoke actions, 326
- pipelines, 322, 330–332
- revisions, 322–323
- service limits, 329
- source actions, 323–324
- stages, 323
- tasks, 329–332
- test actions, 324
- transactions, 326–327
- workflow, 320
- AWS compute, 17
- AWS Config
- AWS Elastic Beanstalk and, 298
- tagging and, 836
- AWS Cost and Usage Report, cost management and, 866–867
- AWS Cost Explorer, cost management and, 865
- AWS Cost Explorer API, cost management and, 865–866
- AWS Cost Optimization Monitor, cost management and, 867
- AWS Database Migration Service, 176
- AWS database service, application mapping, 178
- AWS DataSync, 86
- AWS Direct Connect, 86, 128, 152–153, 158, 159
- AWS Directory Service, 509
- AWS DMS (Database Migration Service), 177, 233–235
- AWS DX (Direct Connect), 774–776
- AWS EB CLI (Elastic Beanstalk CLI), 296
- AWS Elastic Beanstalk, 38, 290–291, 325. See also AWS EB CLI (Elastic Beanstalk CLI)
- Amazon CloudFront and, 297–298
- Amazon RDS, 298
- Amazon S3 and, 297
- applications, 289, 293
- AWS CodePipeline and, 321
- AWS Config, 298
- components, 307
- deployment, 307
- ebextensions directory, 296–297
- ElastiCache, 298–299
- environment, 293–297
- environment tier, 293–294, 307
- health dashboard, 303–306
- IAM and, 299
- implementation, 291–292
- metrics, 304
- resources, 307
- source repository and, 292–293
- AWS Fargate, 475–476, 484, 486
- AWS Free Tier,
- AWS General Reference, 13
- AWS Import/Export, 146–147, 158
- AWS IoT (Internet of Things), 570
- AWS IoT Device Management
- device shadow, 550
- message broker, 549–550
- MQTT (Message Queuing Telemetry Transport), 547
- OTA (over-the-air) updates, 547
- rules engine, 548–549
- AWS IoT (Internet of Things) Device SDK,
- AWS KMS (Key Management Service), 95, 260–262, 269–270, 760
- AWS Lambda, 38, 586–587
- Amazon API Gateway integration, 631
- Amazon CloudWatch and, metrics, 602–603
- Amazon DynamoDB Streams, 706–707
- AWS CodePipeline and, 321
- AWS X-Ray, 603–604
- environment variables, 599
- functions
- aliases, 600–601
- concurrency, 597–598
- concurrency limits, 598–599
- context object, 595
- creating, 589–590
- descriptions, 596
- DLQ (dead letter queue), 599
- even objects, 595
- execution methods, 590–592
- execution permissions, 592
- function handler, 594
- function package, 593–594
- invocation models, 590–592
- invocation permissions, 593
- InvocationType parameter, 591
- invoking, 601–602
- memory, 596
- network configuration, 596–597
- Nonstreaming Event Source (Push Model), 590–591
- Streaming Event Source (Pull Model), 590, 592
- tags, 596
- timeouts, 596
- versioning, 599–600
- languages supported, 589
- optimization and, 851
- AWS Managed Microsoft AD, 507–508
- AWS Management Console, –4, 12, 303, 590
- access, 15–16
- authentication, multi-factor authentication, 15–16
- AWS Elastic Beanstalk, health dashboard, 303–305
- AWS Lambda functions, 589
- health monitoring, 303–305
- IAM roles, 305–306
- AWS Mobile SDK, , 128
- AWS OpsWorks
- Amazon EC2 auto scaling, 448
- application deployment, 289
- AWS CodePipeline and, 321
- Chef compliance, 448
- code repository, 448
- AWS OpsWorks Agent, lifecycle events, 461–462
- AWS OpsWorks for Chef Automate, 447
- application deployment, 289
- AWS OpsWorks for Puppet Enterprise, 447
- AWS OpsWorks Stacks, 446, 484, 485
- apps, 459–460
- attribute files, 449
- auto healing, 486
- AWS CodePipeline and, 470
- Chef 11, 464–465
- Chef 12, 464–465
- Chef Server, 450
- Chef Solo, 447
- components, 485
- cookbooks, 456, 449–452
- deployment, 470–471
- instances, 456–459, 464, 467–469, 485–486
- layers, 453–456
- lifecycle events, 461–463, 486
- Permissions, 460–461, 486
- recipes, 449–450, 461–462
- resource management
- Amazon EBS volumes, 463
- elastic IP addresses, 464
- service limits, 469
- stacks, 452–453, 471
- templates, custom, 456
- AWS Region, –10, 23
- API endpoints, 10–12
- Availability Zones, , 10
- planned regions,
- samples, 13
- selecting region, 14
- AWS SAM (Serverless Application Model), 643–645
- AWS SAM CLI, 645–647
- AWS SCT (Schema Conversion Tool), 233–235
- AWS SDK for Python, Boto,
- AWS SDKs (software development kits), –4, –12, 128
- AWS Lambda functions, 589
- instances, 48
- AWS Serverless Application Repository, 647
- AWS Signature Version 4,
- AWS Snow family, 86
- AWS Snowball, 147–148, 158
- AWS Snowball Edge, 148–150, 158
- AWS Snowmobile, 150–151, 158
- AWS SSO (Single Sign-On), 500–502
- AWS Step Functions, 570
- Choice Rules, 559–561
- Choice state, 556–557
- end state, 564
- error handling, 564
- input/output, 564–568
- Parallel state, 561–564
- state machines, 551–554
- tasks, 554–556
- use case, 568
- AWS Storage Gateway, 86, 158
- cached volume mode, 146
- encryption, 266
- file gateway, 146
- migration and, 145–146
- stored volume mode, 146
- tape gateway, 146
- volume gateway, 146
- AWS STS (Security Token Service), 18
- APIs, 503–505
- credentials, 48
- AWS Systems Manager Parameter Store, 346
- AWS Tag Editor, 836
- AWS Trusted Advisor
- cost management and, 864
- performance monitoring, 869
- AWS VPN, 158, 775
- AWS X-Ray, 820
- application request tracking, 821–823
- AWS Lambda functions and, 603–604
- monitoring, 798
- use cases, 821
- AWS::CloudFormat::Init, 400, 403–404
- AWS::CloudFormation::Designer, 405
- AWS::CloudFormation::Init, 435
- AWS::CloudFormation::Interface, 404–405
- AWS::CloudFormation::Stack, nesting, 418–419
B
- Baidu Cloud Push, 537
- bare-metal access, 38
- binary scalar types, 670
- BlazeMeter, 324
- BLOB (binary large object) data, 88
- block storage, 86, 91, 155, 782, 852
- Amazon EBS, 87, 93
- Amazon EC2 (Elastic Compute Cloud), instance store, 97–98
- DAS (direct-attached storage), 91
- ERP (enterprise resource planning systems), 91
- NAS (network-attached storage), 91
- SAN (storage area network), 91
- block-level encryption, 265
- blue/green deployment, 301, 310, 355
- Boolean scalar types, 670
- Bouncy Castle, 266
- buckets (Amazon S3), 155–156
- limitations, 99–100
- namespace, universal, 100
- operations, 103–105
- regions, 103
- versioning, 101–103
- buffers, Amazon Kinesis Data Firehose, 544
- build phase of release lifecycle, 283
C
- C# (.NET Core 1.0), AWS Lambda and, 589
- C# (.NET Core 2.0), AWS Lambda and, 589
- C++, AWS SDKs (AWS software development kits),
- canary release, 630
- CAP theorem (consistency, availability, partition tolerance), 115–116
- CD (continuous delivery), 285
- cfn-get-metadata helper script, 425
- cfn-hup helper script, 425–426
- cfn-init helper script, 424
- cfn-signal helper script, 424–425
- Chef, 446, 485
- Chef 11, 464–467
- Chef 12, 464–465
- Chef Client, 447
- Chef Server, 447, 450
- Chef Solo, 447
- Chef Zero, 447
- CI (continuous integration), 285
- CIA (confidentiality, integrity, availability) model, storage and, 91–92
- CI/CD (continuous integration/continuous deployment), 285–286, 318
- AWS CodeBuild, 286
- AWS CodeCommit, 286
- AWS CodeDeploy, 287
- AWS CodePipeline, 286
- CIDR (Classless Inter-Domain Routing) notation, 51
- Classic Load Balancer, 287
- client-side encryption, 121–123
- cloud, database migration, 232–233
- AWS DMS, 233–234
- AWS SCT, 234–235
- cloud services, calling, –9
- CloudBees, 324
- cloud-init directive, 47
- CloudWatch, 50
- CMK (customer master key), 96
- code, configuration as, 446
- cold data, 89
- compliance, AWS KMS, 262
- compute optimized instances, 39
- condition functions, AWS CloudFormation
- configuration
- answers to review questions, 903–905
- Chef, 447–448
- as code, 446
- Puppet, 447–448
- configuration management, 447–448
- containers
- deployments, 302–303
- microservers, 522
- optimization and, 849–850
- continuous delivery, 319
- continuous integration. See CI (continuous integration)
- CI/CD (continuous integration/continuous deployment). See CI/CD
- control planes, 497
- cookbooks, 485
- AWS OpsWorks Stacks
- custom, 456
- dependencies, 451–452
- management, 450–451
- CORS (cross-origin resource sharing), 631
- cost management
- Amazon CloudWatch, 867
- AWS Budgets, 866
- AWS Cost and Usage Report, 866–867
- AWS Cost Explorer, 865
- AWS Cost Explorer API, 865–866
- AWS Cost Optimization Monitor, 867
- AWS Trusted Advisor, 864
- EC2 Right Sizing, 868
- cost optimization, 834
- AWS usage reduction, 836–838
- tagging, 835–836
- critical/regulated data, 90
- cross-origin resource sharing. See CORS
- CRR (cross-region replication), 127–128
- custom builds, identity provider, 499
D
- DAS (direct-attached storage), 91
- data, structure, 88
- data at rest, encryption, 119
- data dimensions, 87–88, 154
- data in transit, encryption, 119
- data lake architecture, 129–130
- data lakes, 86
- data migration, 145, 158
- Amazon Kinesis Data Firehose, 151–152
- AWS Direct Connect, 152–153
- AWS Import/Export, 146–147
- AWS Snowball, 147–148
- AWS Snowball Edge, 148–150
- AWS Snowmobile, 150–151
- AWS Storage Gateway, 145–146
- VPN connections, 153
- data plane, 497
- data protection, 118. See also encryption
- data temperature, 89
- data transfer, 858
- Amazon CloudFront, 858
- Amazon Kinesis, 86
- Amazon S3 transfer acceleration, 858
- AWS DataSync, 86
- AWS Direct Connect, 86
- AWS Snow family, 86
- AWS Storage Gateway, 86
- caching, 858–859
- S3 Transfer Acceleration, 86
- data types
- data value, 89–90
- data warehousing
- Amazon Redshift, 177, 220–226
- architecture, 217–220
- benefits, 217
- data lake comparison, 219
- data mart comparison, 219–220
- database comparison, 218
- databases, 176
- database migration
- Amazon RDS, 489
- AWS DMS (Database Migration Service), 177
- cloud, 232–235
- heterogeneous, 233
- homogenous, 233
- database services, mapping to database types, 176–177
- databases
- Amazon Aurora, 176
- Amazon EC2, 235–236
- answers to review questions, 894–895
- AWS OpsWorks Stacks, deployments, 471
- compliance, IAM, 236–237
- data warehouse, 176
- DAX (Amazon DynamoDB Accelerator), 230
- ElastiCache, 229–230
- graph, 176, 230–232
- IAM (AWS Identity and Access Management), 188–189
- in-memory data stores, 176
- caching, 226–227
- in-memory key-value store, 228
- ledger, 176
- nonrelational, 176, 237
- Amazon DynamoDB, 196–217
- NoSQL, 195–196
- relational, 237, 176, 178–180
- Amazon Aurora, 190–192
- Amazon CloudWatch, 189–190
- Amazon RDS, 177, 180–188
- Amazon RDS best practices, 192–194
- IAM DB authentication, 188–189
- security, IAM, 236–237
- time-series, 176
- DAX (Amazon DynamoDB Accelerator), 230
- dead letter queue). See DLQ (dead letter queue)
- decrypting passwords, Windows, 45–46
- deployment
- all-at-once deployment, 300
- answers to review questions, 897
- applications, 288–290
- AppSpec file, 299
- AWS CloudFormation, AWS CodePipeline and, 430–432
- AWS CodeDeploy, 299
- AWS CodePipeline, CI/CD, 318
- AWS Elastic Beanstalk, 290–291
- container deployments, 302–303
- continuous delivery, 319
- ELB (Elastic Load Balancing)
- Application Load Balancer, 287
- environment variables, 284
- highly available applications, 287–288
- in-place deployment, 300
- rolling, 301–302
- scalable applications, 287–288
- source repository, 292–293
- deployment phase of release lifecycle, 283
- dereference operators, 722–723
- developer tools, AWS Cloud9, 66
- DHCP (Dynamic Host Configuration Protocol), 63
- direct-attached storage. See DAS (direct-attached storage)
- DLQ (dead letter queue), 599
- dm-crypt, 265
- DNS (domain name servers), 63, 506
- Docker containers, 295–296
- Amazon ECR, 481
- CLI tools, 481
- document data types, 671
- domain names, Amazon Route 53, 625–626
- dual-stack mode, IPv6 addresses, 53
E
- ebextensions directory, 296–297, 307
- EC2 Right Sizing, cost management and, 868
- Eclipse, 334
- eCryptfs, 265
- elastic IP addresses, 53
- Elastic Load Balancing
- AWS OpsWorks Stacks, layers, 454
- monitoring metrics, 804
- elastic network interfaces, 42
- Elastic Volumes (Amazon EBS), 94–95
- ElastiCache
- access control, 747
- application state, 739
- AWS Elastic Beanstalk and, 298–299
- backups, snapshots, 746–747
- cache hits, 742–743
- cache misses, 742–743
- clusters, 741–742
- data access patterns, 745
- distributed cache, 740–741
- endpoints, 742
- in-memory data store, 177
- in-memory key-value store, 739
- lazy loading, 744
- Memcached, 229–230, 739
- Multi-AZ replication groups, 746
- nodes, 741
- Redis, 229–230, 739
- replication groups, 742, 746
- scaling, 745
- snapshots, 746–747
- TTL (time to live), 742
- write-through, 744
- ELB (Elastic Load Balancing), 287, 383
- EncFs, 265
- encryption
- Amazon EBS, 95–96, 265–266, 274
- Amazon EMR, 267–268
- Amazon RDS, 266–267
- Amazon S3, 156, 264–265, 271, 274
- answers to review questions, 895–896
- AWS CloudHSM, 262
- AWS KMS (Key Management Services), 95, 260–262, 269–271
- AWS managed, 263, 268–269
- AWS Storage Gateway, 266
- client-side, 122–123
- customer managed, 263, 264–268
- data at rest, 119
- data in transit, 119
- data protection, 760
- dm-crypt, 265
- eCryptfs, 265
- EncFs, 265
- file systems, accessing, 779
- Loop-AES, 265
- server-side, 271, 760
- SSE (Server-Side Encryption), 119
- TrueCrypt, 265
- endpoints
- Amazon SNS, 535
- API regional endpoints, 10–12
- ElastiCache, 742
- envelope encryption, 270
- environment
- AWS Elastic Beanstalk, 293–297
- variables
- AWS Lambda, 599
- deployment, 284
- ERP (enterprise resource planning systems), 91
- exercises
- account sign up, 26
- Amazon API Gateway, running locally, 659
- Amazon Cloud Directory setup, 514–515
- Amazon CloudTrail, 827–828
- Amazon CloudWatch
- alarms, 826–827
- dashboard, 828
- Amazon Cognito setup, 516
- Amazon DynamoDB table
- Amazon DynamoDB user lookup, 253
- Amazon EBS optimization, 877–878
- Amazon EC2 (Elastic Compute Cloud)
- instance connection, 73
- key pairs, 69
- private subnet, 75–76
- as web server, 71–73
- Amazon ECS
- clusters, 488–489
- containers, 488–489
- Amazon EFS, volumes, 787–788
- Amazon Kinesis Data Stream, 575–577
- Amazon RDS
- database migration, 489
- database tier security, 242–243
- endpoint value, 245–246
- removal, 249–250
- Amazon S3
- AWS Lambda function invocation, 615–616
- buckets, uploading to, 788
- event triggers, 616–617
- Amazon S3 buckets, 163
- AWS Lambda functions and, 608
- deleting, 167–169
- emptying, 167–169
- final output, JSON, 608–609
- HTML file edits, 653–655
- object load, 164–166
- Swagger template, 652–653
- unencrypted uploads, 275–276
- verifying buckets, 609–610
- Amazon S3 versioning, 789
- Amazon SNS, SMS text message, 575
- Amazon SQS, 573–574
- Amazon VPC, 70
- application version update, 311–312
- auto scaling groups, 879–880
- AWS CLI
- configuration, 28
- CPU usage alarm, 876–877
- installation, 28
- AWS Cloud9, 77–78
- AWS CloudFormation, 437–439
- AWS CodeBuild project creation, 375–376
- AWS CodeCommit repository, pull request, 374
- AWS CodeDeploy, application creation, 375
- AWS Config rule creation, 878–879
- AWS IAM role creation, 612–614
- AWS KMS
- CMK (customer master key), 277–278
- create/disable key, 276–277
- AWS Lambda
- event source generation, 657
- function creation, 614–615
- function modification, 658–659
- function preparation, 610–612
- function testing, 617
- invocation by Amazon S3, 615–616
- local function definition, 656
- running, 657
- AWS Managed Microsoft AD, 512–514
- AWS OpsWorks Stacks
- auto healing event notification, 490
- environment launch, 488
- AWS SAM template, 655–656
- AWS Step Function, 578–581
- batch processes, writing data, 253–254
- blue/green solution deployment, 310
- cleanup, 78–79
- code samples, downloading, 28–29
- cross-region replication, 791
- deployment, 309
- ElastiCache, Memcached cluster, 786, 787
- environment, AWS Elastic Beanstalk, 310–311
- IAM administrator group creation, 26–27
- IAM administrator user creation, 26–27
- IAM roles, API calls, 71
- instances, private, requests, 76–77
- launch configuration, 879–880
- MariaDB database instance setup, 243–245
- NAT, instances in private subnet, 74–75
- profiles, 30–32
- Python script, API calls, 29
- regions, 29–30
- scaling actions, 879–880
- Simple AD setup, 510–512
- SQL table creation, 246–248
- SQL table queries, 248–249
F
- FaaS (function-as-a-service), 587
- federation, 496, 498–500, 509
- file gateways, 146
- file storage, 86, 91, 155, 853
- file-system encryption, 265
- FIPS (Federal Information Processing Standards), 260
- Fn::Base64, 395
- Fn::Cidr, 395
- Fn::FindInMap, 395
- Fn::GetAtt, 396
- Fn::GetAZs, 396
- Fn::Join, 396–397
- Fn::Select, 397
- Fn::Split, 397
- Fn::Sub, 397–398
- FPGA (Field Programmable Gate Array), 39
- frozen data, 89
- function-as-a-service). See FaaS (function as a service)
G
- GCM (Google Cloud Messaging for Android), 538–539
- general purpose instances, 39
- Ghost Inspector, 324
- GitHub, AWS CodePipeline and, 324
- Go, AWS SDKs (AWS software development kits),
- Go 1.x, AWS Lambda and, 589
- GPU (Graphics Processing Unit), 39
- graph databases, 176–177, 230–232
H
- Hadoop, Amazon EMR, 266
- HDD (hard disk drive)-backed volumes, 93
- helper scripts, AWS CloudFormation, 425–426
- heterogeneous database migration, 233
- highly available applications, deployment, 287–288
- highly structured data, 88
- HIPAA (Health Insurance Portability and Accountability Act), 508
- HMAC (hash message authentication code), 266
- homogenous database migration, 233
- hot data, 89
- HPE (Hewlett Packard Enterprise) Storm Runner Load, 324
- HSM (hardware security module), 260
I
- IaC (infrastructure as code), 382, 434
- IAM (AWS Identity and Access Management), , 13, 14–15, 496
- access keys, 16
- Amazon DynamoDB, 732–736
- authentication, 19–20
- authorization, 19–20
- AWS Elastic Beanstalk and, 299
- condition element, 734
- database security, 236–237
- DB authentication, 188–189
- dev tools, 16
- groups, 16–17
- identities, 19–20
- as IdP (identity provider), 496
- Management Console, 15–16
- many-to-many relationships, users and groups, 16
- metadata, 48
- permissions, 20–21, 733–735
- policies, 20–24
- roles, 17–18, 20, 24
- users, 15, 24
- Amazon EFS, 777
- roles, 20
- identity, 497–498
- identity consumer, 498
- identity provider, 498–499, 505–506
- Microsoft Active Directory, 500
- identity services, federation, 496
- IdP (identity provider), 496, 509
- images
- AMI (Amazon Machine Language), 41–42
- software images, 41–42
- IMDS (instance metadata service), 47–48
- immutable deployment, 301–302
- infrastructure
- answers to review questions, 900–903
- AWS CloudFormation and, 382
- repeatable, 383
- templates and, 384
- versionable, 383
- infrastructure as code. See IaC (infrastructure as code)
- in-memory data stores, 176–177, 226–228
- in-place deployment, 300, 354
- instance metadata service, See IMDS (instance metadata service)
- instance reservations
- EC2 reservations, 841–842
- pricing, 840–841
- RDS reservations, 842
- instance store
- Amazon EBS comparison, 143–144
- Amazon EC2 (Elastic Compute Cloud), 97–99, 155
- volumes, 98
- instances, 38
- accelerated computing, 39
- access, 43
- Amazon EC2 (Elastic Compute Cloud), 45–46, 50
- applications, running on, 44–50
- AWS OpsWorks Stacks, 456–459, 464, 467–469
- CloudWatch, 50
- compute optimized, 39
- families, 39
- general purpose, 39
- memory optimized, 39
- metadata, 67
- storage optimized, 39
- stores, 40–41
- types, 39
- IntelliJ, 334
- intrinsic functions, AWS CloudFormation
- Fn::Base64, 395
- Fn::Cidr, 395
- Fn::FindInMap, 395
- Fn::GetAtt, 396
- Fn::GetAZs, 396
- Fn::Join, 396–397
- Fn::Select, 397
- Fn::Split, 397
- Fn::Sub, 397–398
- Ref, 398
- IOPS (input/output operations per second), 773
- IP addresses, 42, 52–53
- IPv6 addresses, 53
- iSCSI (internet Small Computer System Interface), 145–146
J
- Java, AWS SDKs (AWS software development kits),
- Java 8, AWS Lambda and, 589
- JavaScript, AWS SDKs (AWS software development kits),
- JCE (Java Cryptography Extension), 261
- Jenkins, 324
- JSON (JavaScript Object Notation), identity, 497
K
- key pairs, Amazon EC2 (Elastic Compute Cloud), 43
- KMI (key management infrastructure), 263, 273
L
- latency, 157
- layers, AWS OpsWorks Stacks, 453–456
- LDAP (Lightweight Directory Access Protocol), 506, 508
- ledger databases, 176–177
- lexicon, 11
- lifecycle, release lifecycle, 282–284
- lifecycle configuration, 134–135
- lifecycle policies, 102
- Lightweight Directory Access Protocol. See LDAP (Lightweight Directory Access Protocol)
- load balancers, 287, 479
- local secondary indexes, 201–202, 204–205, 682, 684
- logs, web traffic, 624–625
- Loop-AES, 265
- loosely structured data, 88
M
- Memcached, 229–230
- memory optimized instances, 39
- message infrastructure, refactor to microservices and, 522
- message-oriented middleware. See MoM (message-oriented middleware)
- metadata, 67
- MFA (multi-factor authentication), 15–16, 127, 636
- microservices, 521
- answers to review questions, 907–908
- containers, 522
- monolithic architectures and, 588
- refactor to, 522
- Microsoft Active Directory, 500
- AD Connector (Active Directory Connector), 506–507
- AD DS (Active Directory Domain Services), 506
- AWS Managed Microsoft AD, 505–507, 507–508
- AWS SSO (Single Sign-On) and, 501–502
- migration, 145, 158
- Amazon Kinesis Data Firehose, 151–152
- to AWS CodeCommit, 341–343
- AWS Direct Connect, 152–153
- AWS Import/Export, 146–147
- AWS Snowball, 147–148
- AWS Snowball Edge, 148–150
- AWS Snowmobile, 150–151
- AWS Storage Gateway, 145–146
- VPN connections, 153
- MoM (message-oriented middleware), 523
- monitor phase of release lifecycle, 284
- monitoring, 303, 798
- Amazon CloudWatch, 189–190, 798
- alarms, 814–815, 815–817
- cases, 800
- dashboards, 817–818
- log aggregation, 811, 812
- log processing, 814
- log searches, 812–814
- metrics, 802–811
- metrics repository, 801–811
- microservices, 521
- monitoring, 798
- answers to review questions, 912–914
- AWS CloudTrail, 798
- AWS Management Console, 303–306
- AWS X-Ray, 798, 820–823
- metrics, 799–800
- monolithic architectures versus microservices, 588
- MPNS (Microsoft Push Notification Service) Windows Phone, 538
- multi-factor authentication. See MFA (multi-factor authentication)
- MVC (Model-View-Controller) architecture, 623
N
- namespaces, buckets (Amazon S3), 100–101
- NAS (network-attached storage), 91
- NAT (network address translation), 61–63, 128
- nesting
- attributes, 722–723
- AWS::CloudFormation::Stack, 418–419
- .NET, AWS SDKs (AWS software development kits),
- network ACLs (network access control lists), 58–61, 68
- network address translation. See NAT (network address translation)
- network-attached storage. See NAS (network-attached storage)
- Network Load Balancer, 287
- networks
- Amazon VPC, 51
- connecting to others, 51–52
- connection types, 52
- DHCP (Dynamic Host Configuration Protocol), 63
- IP addresses, 52–53
- NAT (network address translation), 61–63
- network ACLs (access control lists), 58–61
- network traffic monitoring, 64
- primary network interfaces, 42
- route tables, 55–56
- security groups, 56–58
- subnets, 54–55
- virtual, elastic network interfaces, 42
- Node.js 4.3, AWS Lambda and, 589
- Node.js 6.10, AWS Lambda and, 589
- Node.js 8.10, AWS Lambda and, 589
- nonrelational databases, 176, 237
- Amazon Document DB, 177
- Amazon DynamoDB, 196–217
- NoSQL, 177, 195–196
- Nouvola, 324
- null scalar types, 670
- number scalar types, 670
O
- object storage, 86, 91, 155, 782
- Amazon S3, 87, 99–105
- Amazon S3 Glacier, 87
- DEEP_ARCHIVE, 852
- GLACIER, 852
- INTELLIGENT_TIERING, 852
- ONEZONE_IA, 852
- STANDARD_IA, 852
- objects, 99, 108–109, 761–765
- OIDC (OpenID Connect), 498, 500
- OP (OpenID provider), 500
- OpenSSL, 266
- OpsWorks Stacks, 325
- optimistic locking, 713–714
- optimization
- answers to review questions, 914–916
- Auto Scaling, 845–846
- accessing, 848–849
- Amazon Aurora, 848
- Amazon EC2 Auto Scaling, 846–847
- AWS Auto Scaling, 847–848
- DynamoDB, 848
- AWS Lambda and, 851
- containers, 849–850
- cost optimization, 834–838
- costs, 864–868
- data transfer, 858–859
- instance reservations, 841–842
- RDBMS (relational database management system), 859–864
- right sizing, 838–840
- serverless approaches, 850–851
- Spot Instances, 843–845
- storage, 851–857
P
- partitions
- Amazon DynamoDB, 197, 711
- distribution, 711–713
- partition key, 665–668, 712–713
- primary key, 199–200
- sort key, 713
- ARN, 23
- CAP theorem (consistency, availability, partition tolerance), 115–116
- nonrelational databases, 197
- partition key, Amazon Kinesis Data Streams, 541
- passwords, decrypting, Windows, 45–46
- PCI DSS (Payment Card Industry Data Security Standard), 508
- performance monitoring
- Amazon CloudWatch, 868
- AWS Trusted Advisor, 869
- permissions
- Amazon DynamoDB, IAM policy and, 732–735
- AWS CloudFormation, 385–386
- AWS OpsWorks Stacks, 460–461
- wildcards, 22
- persistent storage, 40–41
- PHP, AWS SDKs (AWS software development kits),
- policies, IAM, 20–24
- POSIX (Portable Operating System Interface), 773
- presigned URLs, 118, 125
- primary network interfaces, 42
- private IP addresses, 53
- private subnets, 55, 67
- privileges, IAM policies, 21
- programmatic access, 16
- public IP addresses, 53
- public subnets, 55, 67
- push notifications, Amazon SNS mobile, 537–539
- Python 2.7, AWS Lambda and, 589
- Python 3.6, AWS Lambda and, 589
Q
- query string authentication, 125–126
R
- RDBMS (relational database management system), optimization and, 859–860
- fewer tables, 860
- indexes, 862–863
- NoSQL and, 860
- projections, 863
- query frequency, 863
- related data, 860
- scan operations, 863–864
- sort keys, version control, 862
- workload distribution, 861–862
- RDP (Remote Desktop Protocol), 238
- Amazon EBS, 97
- Amazon EC2 (Elastic Compute Cloud) instances, 43
- data plane, 497
- read consistency, 206–207
- reads per second. See RPS (reads per second)
- Redis, 229–230
- Ref, 398
- refactor to microservices, 522
- regions, ARN, 23
- relational databases, 178–179, 237. See also RDBMS (relational database management system)
- ACID
- atomicity, 179
- consistency, 180
- durability, 180
- isolation, 180
- Amazon Aurora, 190–192
- Amazon CloudWatch, 189–190
- Amazon RDS, 177, 180–189, 238
- Amazon Aurora, 190–192
- Amazon CloudWatch, 189–190
- best practices, 192–194
- columns, 178–179
- data integrity, 179
- fields, 179
- foreign keys, 179
- IAM DB authentication, 188–189
- managed, 176, 180
- nonrelational, Amazon Document DB, 177
- objects, 178
- primary keys, 179
- rows, 179
- SQL (Structured Query Language), 179
- transactions, 179
- unmanaged, 180
- release lifecycle, 282–284
- Remote Desktop Protocol. See RDP (Remote Desktop Protocol)
- repeatable infrastructure, 383
- repositories, deployment and, 292–293
- Representational State Transfer. See REST
- reproducible data, 90
- resource management, security, shared responsibility model, 64–65, 155
- resources, 24
- ARN, 24
- usage reduction, 836–838
- REST (Representational State Transfer), 623
- RESTful APIs, 631
- right sizing, 838–840
- roles, IAM, 17–18
- rolling deployment, 301–302
- route tables, 55
- RPS (reads per second), 88
- Ruby, AWS SDKs (AWS software development kits),
- Runscope, 324
S
- S3 Transfer Acceleration, 86
- S3DistCp, 272
- same-origin policy, 631
- SAML (Security Assertion Markup Language), 498, 499
- SAN (storage area network), 91
- scalable applications, deployment, 287–288
- scalar data types, 670
- SDLC (software development lifecycle), 282
- AWS Cloud, 284–285
- environment variables, 284
- release lifecycle, 282–284
- secondary indexes, 201, 665, 683
- alternate key, 684
- base table, 683
- configuration, 685
- global secondary indexes, 202–205, 682, 684
- local secondary indexes, 201–202, 204–205, 682, 684
- security, shared responsibility model, 64–65, 155
- Security Assertion Markup Language. See SAML (Security Assertion Markup Language)
- security groups, 56–58, 68
- serverless applications, 622
- Amazon Aurora Serverless, 642–643
- Amazon S3, 129
- answers to review questions, 909–910
- AWS SAM (Serverless Application Model), 643–645
- AWS SAM CLI, 645–647
- AWS Serverless Application Repository, 647
- user cases, 647
- serverless compute, 586. See also AWS Lambda
- answers to review questions, 908–909
- serverless stack versus three-tier architecture, 640–642
- server-side encryption, AWS KMS, 271
- service token acts, 406
- services
- ARN, 23
- managed, 65–66
- unmanaged, 65–66
- shared responsibility security model, 64–65, 155
- Simple AD (Simple Active Directory), 507
- snapshots, Amazon EBS, 95
- SOA (service-oriented architecture), 476–477, 798
- SOAP, 128–129
- software
- customization, user data and, 46–47
- images, 41–42
- Solano CI, 324
- source phase of release lifecycle, 283
- source repository, deployment and, 292–293
- Spot Instances, 844–845
- SSD (solid-state drive)-backed volumes, 93
- SSDs (solid-state drives), 665
- SSE (Server-Side Encryption), 119
- SSE-C (customer-provided keys), 120
- SSE-KMS (AWS KMS), 120–121
- SSE-S3 (Amazon S3 managed keys), 120, 760
- SSH (Secure Shell), data plane, 497
- SSL (Secure Sockets Layer), ELB (Elastic Load Balancing), 287
- SSML (Speech Synthesis Markup Language),
- stacks, AWS OpsWorks Stacks, 452–453
- StackSets (AWS CloudFormation), 427–429
- state machines, AWS Step Functions, 551–554
- stateless application pattern, 129, 664
- answers to review questions, 910–912
- static websites, 126
- stop deployments, 355
- storage
- Amazon EBS, 40–41, 94–97, 855–857
- Amazon EFS, 136–142
- Amazon S3, 853–855
- access control, 123–125
- authentication, 129
- AWS CLI, 128
- AWS explorers, 128
- AWS SDKs, 128
- buckets, 99–105
- classes, 109–114, 156
- consistency model, 114–118
- CORS (cross-origin resource sharing), 107–108
- CRR (cross-region replication), 127–128
- data lake architecture, 129–130
- encryption, 118–123
- MFA Delete, 127
- objects, 105–108
- performance, 130–134
- presigned URLs, 118
- pricing, 134
- query string authentication, 125–126
- requests, 129
- serverless applications, 129
- stateless applications, 129
- static websites, 126
- VPC (virtual private cloud) endpoints, 128
- answers to review questions, 890–893
- block, 86, 91, 155, 782
- block storage, 852
- CIA (confidentiality, integrity, availability) model, 91–92
- comparisons, 142–144
- DAS (direct-attached storage), 91
- data dimensions, 87–88
- data lakes, 86
- data temperature, 89
- data transfer, 86
- data value, 89–90
- data volume and, 157
- ERP (enterprise resource planning systems), 91
- file, 86, 91, 155
- file storage, 853
- highly structured data, 88
- item size and, 157
- latency, 157
- loosely structured data, 88
- mental model, 87
- NAS (network-attached storage), 91
- object, 86, 91, 155, 782, 852
- optimization, 851–857
- persistent, 40–41
- products, 142–143
- SAN (storage area network), 91
- shared responsibility model, 91
- temporary, 41
- unstructured data, 88
- storage area network (SAN), 91
- storage optimized instances, 39
- string scalar types, 670
- subnets, 55, 67
- Sun Java JCE, 261
- system-level encryption, 265
T
- tape gateways, 146
- TeamCity, 324
- templates
- AWS CloudFormation, 386–394
- AWS CloudFormation CLI, transforms, 423
- AWS OpsWorks Stacks, custom, 456
- infrastructure, 384
- transforms, AWS CloudFormation CLI, 423
- temporary storage, 41
- test phase of release lifecycle, 283
- three-tier architecture, 282
- versus serverless stack, 640–642
- time series databases, Amazon Timestream, 177
- time-series databases, 176
- TLS (Transport Layer Security), ELB, 287
- transient data, 90
- troubleshooting, 303, 798
- Amazon EBS, 97
- answers to review questions, 912–914
- TrueCrypt, 265
- trust policies, IAM roles, 18
U
- unstructured data, 88
- user data, 46–47, 67
- users, IAM, 15
V
- variables, environment variables
- AWS Lambda, 599
- deployment, 284
- variety, data, 88
- velocity, data, 88
- versionable infrastructure, 383
- versioning, buckets (Amazon S3), 100–101
- virtual networks, interfaces, elastic network interfaces, 42
- Visual Policy Editor, 24
- Visual Studio, 334
- volume, data, 88
- volume gateways, 146
- VPC (virtual private cloud)
- Amazon EFS, 773–775
- endpoints, 128
- VPNs (virtual private networks), 128, 159
W
- warm data, 89
- web servers
- Amazon S3, 622–623
- traffic logs, 624–625
- webpages, custom, Amazon EC2 (Elastic Compute Cloud) and, 49–50
- websites, static, 126
- wildcards, permissions, 22
- Windows, passwords, decrypting, 45–46
- WNS (Windows Push Notification Services), 538
- WORM (Write Once Read Many), 111
- WPS (writes per second), 88
X–Y–Z
- x-amzn-requestid header,
- Xebia Labs, 325
-
- zeroization, 268
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.