Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Index

A

accelerated computing instances, 39
access control
- Amazon DynamoDB, IAM policy and, 732–735
- Amazon EFS (Elastic File System), 776
- Amazon S3
  - ACLs (access control lists), 124
  - bucket policies, 123
  - defense in depth, 124–125
  - user policies, 123–124
- ElastiCache, 747
access keys, 14, 16
- KMI (key management infrastructure), 263
ACLs (access control lists), 58–61, 105, 124
AD Connector (Active Directory Connector), 506–507
AD DS (Active Directory Domain Services), 506
ADM (Amazon Device Messaging), 537
Advanced Message Queuing Protocol. See AMQP
AES-256 (Advanced Encryption Standard), 95, 120, 187, 261, 263, 271, 272, 731
AFR (annual failure rate), 93
ALB (Application Load Balancer), 287, 479
all-at-once deployment, 300
Amazon API Gateway, 623, 627–628
- Amazon CloudWatch and, 632–633
- API keys, 631
- authorizers, 630
- AWS Lambda, integration, 631
- CORS (cross-origin resource sharing), 631
- definition support, 634
- endpoints, 628
- HTTP methods, 630
- monitoring metrics, 807
- OpenAPI specification, 634
- resources, 629
- RESTful APIs, 631
- security, 633–634
- stages, 630
Amazon Aurora
- automatic scaling, 848
- databases, 176
- DB clusters, 190–191
  - cluster volume, 191
  - instances, 191
- global databases, 192
- serverless, 192
Amazon Aurora Serverless, 642–643
Amazon CloudFront
- AWS Elastic Beanstalk and, 297–298
- content delivery, 626–627
Amazon CloudWatch, 189–190
- alarms, 814–817
- Amazon API Gateway and, 632–633
- Amazon SQS, queue monitoring and, 533
- AWS Lambda functions, 602–603
- cases, 800
- cost management and, 867
- dashboards, 817–818
- log aggregation, 811–812
- log processing, 814
- log searches, metric filters, 812–814
- metrics
  - aggregations, 804
  - Amazon API Gateway, 807
  - Amazon DynamoDB, 806
  - Amazon EC2, 805
  - Amazon Lambda, 807
  - Amazon S3, 806
  - Amazon SNS, 808
  - Amazon SQS, 808
  - AWS Auto Scaling groups, 805
  - built-in, 802
  - custom, 808–810
  - data points, 802–803
  - Elastic Load Balancing, 804
  - repository, 801
  - statistics, 803–804
  - statistics retrieval, 810–811
- microservices, 521
- monitoring, 798
- performance monitoring, 868
Amazon Cognito, 498, 505
- Amazon SNS, endpoints, 539
- authentication
  - device tracking, 636–637
  - identity pools, 639
  - multi-factor authentication (MFA), 636
  - password policies, 636
  - SDK, 639–640
  - SMS messages, 636
  - UI (user interface) customization, 637–639
  - user pools, 634–635
- authorizers, 630
Amazon Device Messaging (ADM), 537
Amazon DynamoDB, 569, 664
- access control, fine grained, 214–216
- adding to tables, 692
- atomic counters, 715
- attribute projects, 687–688
- attributes, 197, 198–199, 669
- AWS Auto Scaling, 848
- automatic scaling, 707–711
- backfilling, 693
- backups, on-demand, 216, 737
- base table, 688–689
- best practices, 216–217
- burst capacity, 682, 710
- condition keys, 735–736
- conditional writes, 716–717, 721
- control plane operations, 678
- data plane operations, 679–680
- data retrieval, 209–212
- data types, 669–671
- deleting databases, 694
- encryption, 216
- encryption at rest, 730–732
- error handling, 720, 721
- expressions, 724–729
- global secondary indexes, 686–687
- hash attribute, 665
- IAM and, 214–216
- index key violations, 694
- index name, 688–689
- item attributes, 722–723
- items, 198, 669, 715
- local secondary indexes, 694–700
- managing, 691
- monitoring metrics, 806
- nonrelational database, 177
- NoSQL databases, 177
- object persistent model, 214
- optimistic locking, 713–714
- partition key, 665–668
- partitions, 197, 711–713
- permissions, IAM policy conditions, 732–735
- PITR (point-in-time-recovery), 738–739
- primary key, 199–200, 665–666
- provisioned throughput, 689–690
- queries, 688
  - filter expressions, 730
  - key condition expressions, 729–730
  - read consistency, 730
- range attributes, 666
- read capacity units, 690
- read consistency, 206, 207
- read/write throughput, 207, 672–673
  - adaptive capacity, 209
  - burst capacity, 209
  - on-demand, 208
  - provisioned throughput, 208
  - RCU (read capacity unit), 207
  - reserved capacity, 208
  - WCU (write capacity unit), 207–208
- resource allocation, 693
- restore, point-in-time recovery, 216
- restores, on-demand, 737–738
- return values, 680–681
- scanning, 688–689
- secondary indexes, 201, 665, 683
  - alternate key, 684
  - base table, 683
  - configuration, 685
  - global secondary indexes, 202–205, 682, 684
  - local secondary indexes, 201–202, 204–205, 682, 684
- shards, 668
- sort key, 666
- state, 665, 678
- status in table, 692
- streams, 205
- synchronizing, 689
- tables, 197, 198, 665, 672
  - creating, 691–692
  - global, 212–213
  - names, 665
  - replica, 213
  - state, 678
- tags, 714–715
- throttle capacity, 682
- throughput, provisioned, 672
  - capacity, reads/writes, 672–673
  - capacity unit consumption, 674–675
  - item sizes, 674–675
  - reads capacity unit (RCU) consumption, 675–676
  - settings, 674
  - writes capacity unit (WCU) consumption, 676–678
- TTL (time to live), 719–720
- version number, 713–714
- write capacity units, 690
- write cost, 690–691
Amazon DynamoDB Local downloadable database, 214
Amazon DynamoDB Streams, 665
- API (application programming interface), 705
- AWS Lambda triggers, 706–707
- concurrency, 547
- consumers, 546–547
- cross-region replication, 701
- data, retention limit, 705
- endpoints, 701–702
- Kinesis Adapter, 703–704
- shards, 547
- stream records, 700–701
  - shards, 703
- streams, 702–704
- use case, 546
Amazon EBS (Elastic Block Store), 40, 93, 155, 157, 158
- Amazon EFS comparison, 144
- Amazon S3 comparison, 144
- AWS OpsWorks Stacks, layers, 454
- block storage, 87
- Elastic Volumes, 94–95
- encryption, 95–96, 265, 274
- HDD (hard disk drive)-backed volumes, 93
  - SSD comparison, 94
- instance store comparison, 143–144
- performance optimization, 95–97
- snapshots, 95
- SSD (solid-state drive)-backed volumes, 93–94
- storage, persistent, 40–41
- storage optimization, 855–857
- troubleshooting, 97
- use cases, 94
Amazon EC2 (Elastic Compute Cloud), 38, 67, 91, 158, 235–236, 587
- AD DS (Active Directory Domain Services), 506
- Amazon VPC and, 67
- answers to review questions, 887–890
- Auto Scaling, 847–848
- Availability Zones, 38
- bare-metal access, 38
- elastic network interfaces, 42
- instance store, 97–99, 155
- instance types, 39
- instances
  - accelerated computing, 39
  - access, 43
  - CloudWatch, 50
  - compute optimized, 39
  - connecting to, 45–46
  - families, 39
  - general purpose, 39
  - key pairs, 43
  - lifecycle, 43–44
  - memory optimized, 39
  - monitoring, 50
  - storage optimized, 39
- metadata, IMDS, 47–48
- monitoring metrics, 805
- on-premises AppSpec, 362–366
- on-premises configuration, 359–361
- primary network interfaces, 42
- private IP addresses, 42
- public IP addresses, 42
- RDP (Remote Desktop Protocol) and, 43
- security groups, 42
- users, default, 43
- VPC, default, 42
- webpages, custom, 49–50
Amazon ECR (Elastic Container Repository), 476, 481, 487
Amazon ECS (Elastic Container Service), 38, 446
- Amazon ECR, 476, 481
- architecture, 473–474
- AWS CodePipeline and, 321, 482–483
- AWS Fargate, 475–476, 484
- clusters, 472–475, 486
- container agent, 481
- containers, 476
  - deployment, 471–472
  - task definition, 477–478
- Docker, 471, 473, 474, 484
- Docker containers, 476, 481
- images, 476, 481
- overview, 472
- service limits, 482
- services, 478–479
- task definition, 476–478
- task scheduling, 479–480
Amazon ECS Service Discovery, 480
Amazon EFS (Elastic File System), 136–137, 157, 773
- access control, 776
- Amazon EBS comparison, 144
- Amazon S3 comparison, 144
- authentication, 776
- AWS DataSync, 139–140
- AWS DX (Direct Connect) and, 775–776
- data consistency, 776
- file storage, 87
- file sync, 139
- file system, 137, 778–779
- file system access, 137–139
- IAM, user creation, 777
- performance, 140–141, 779–780
- resources, 777
- scaling, throughput scaling, 780–781
- security, 141–142
- VPC, 773–775
Amazon EKS (Elastic Container Service for Kubernetes), 38
Amazon Elastic Container Service, 325
Amazon ElastiCache. See ElastiCache
Amazon EMR
- encryption, 267–268
- S3DistCp, 272
Amazon Kinesis, 86
Amazon Kinesis Data Analytics, 544–545, 569
Amazon Kinesis Data Firehose, 151–152, 158, 543–544, 569
Amazon Kinesis Data Streams, 540, 569
- applications, 541
- consumer options, 543
- data blob, 541
- Fluentd, 542
- Flume, 542
- Kinesis Video Streams, 542
- messages, deleting, 541
- open source tools, 542
- partition key, 541
- producers, 542–543
- real-time analytics, 542
- streams, names, 541
- throughput, 541–542
Amazon Kinesis Video Streams, 545, 569
Amazon Lambda, monitoring metrics, 807
Amazon Lightsail, 38
Amazon Machine Image. See AMI (Amazon Machine Image
Amazon MQ, 570
- active/standby broker for high availability, 550
- AMQP (Advanced Message Queuing Protocol), 551
- single-instance broker, 550
Amazon Neptune, 231–232
- graph database, 177
Amazon Polly, 5, 11–12
Amazon QLDB (Quantum Ledger Database), ledger database, 177
Amazon RDS (Relational Database Service), 55, 180, 238, 274
- Amazon Aurora, 190–192
- Amazon CloudWatch, 189–190
- availability, 181–182
- AWS Elastic Beanstalk and, 298
- backups, 181, 185–186
- best practices, 192–194
- configuration, 181
- database migration, 489
- encryption, 187–188, 266–267
- engines, 182–185
- hosting and, 182
- IAM DB authentication, 188–189
- instances, 464
- Multi-AZ, 186–187, 238
- procurement, 181
- relational databases, 177
- security, 181–182
  - implementing, 193–194
Amazon Redshift
- 256-abit AES keys, 272
- architecture, 220–222
- AWS CloudHSM cluster master key, 272
- AWS KMS cluster master key, 272–273
- data warehouse, 177
- loading data, 224
- querying data, 224
- Redshift Spectrum, 225–226
- security, 224–225
- snapshots, 224
- table, 222–224
Amazon Resource Name. See ARN (Amazon Resource Name)
Amazon Route 53, domain names, 625–626
Amazon S3 (Simple Storage Service), 10, 64, 157, 747, 782
- access control, 123–125
- Amazon EBS comparison, 144
- Amazon EFS comparison, 144
- authentication, 129
- AWS CLI, 128
- AWS CodePipeline and, 321
- AWS Elastic Beanstalk and, 297
- AWS explorers, 128
- AWS SDKs, 128
- buckets, 99–105, 155–156, 748–760
- consistency model, 114–118, 755–756
- CORS (cross-origin resource sharing), 107–108
- CRR (cross-region replication), 127–128
- data consistency, 156
- data lake architecture, 129–130
- encryption, 156, 264–265, 274
  - client-side, 121–123
  - data protection, 760
  - envelope encryption, 119–120
  - server-side, 271, 760
  - SSE (Server-Side Encryption), 120–121
- lifecycle configuration, 157
- MFA Delete, 127
- monitoring metrics, 806
- object operations, 108–109, 765–770
- object storage, 87
- object tagging, key-value pairs, 106
- objects, 105, 761–765, 769, 783
- performance, 130–134
  - Amazon CloudFront, 133
  - GET requests and, 772
  - multipart uploads, 133
  - object key naming, 131–132
  - range GETs, 133
  - request rate and, 770–771
  - TCP scaling, 133–134
  - TCP selective acknowledgment, 133–134
  - transfer acceleration, 132–133
  - workloads and, 130, 771–772
- presigned URLs, 118
  - query string authentication, 125
- pricing, 134
- query string authentication, 125–126
- requests, 129
- serverless applications, 129
- stateless applications, 129
- static website, 126, 156, 623–624
- storage classes, 156
  - Amazon S3 Glacier, 111–113
  - Amazon S3 Standard, 109–110
  - comparison, 114
  - frequently access objects, 757–758
  - GLACIER, 759
  - infrequently access objects, 758
  - OneZone_IA, 111
  - RRS (Reduced Redundancy Storage), 110
  - RTO (recovery time objective), 111
  - setting, 759
  - Standard_IA, 110
- storage optimization, 853–855
- uses, 155
- values, large attribute, 772
- VPC (virtual private cloud) endpoints, 128
- web server, 622–623
- web traffic logs, 624–625
Amazon S3 Glacier, 157
- archives, 112–113
- AWS SDKs, 112–113
- encryption, 113
- object storage, 87
- objects, restoring, 113
- RTO (recovery time objective), 111
- Vault Lock, 111–112
- vaults, 111
Amazon SNS (Simple Notification Service), 325, 534, 569
- Amazon SQS comparison, 540
- API owner operations
  - AddPermission, 536
  - CreateTopic, 536
  - DeleteTopic, 536
  - GetTopicAttributres, 536
  - ListSubscriptions, 536
  - ListSubscriptionsByTopic, 536
  - ListTopics, 536
  - RemovePermission, 536
  - SetTopicAttributes, 536
- API subscriber operations
  - ConfirmSubscription, 537
  - ListSubscriptions, 537
  - Subscribe, 537
  - UnSubscribe, 537
- APIs, clean up, 537
- billing, 539–540
- clients, 534–535
- device tokens, 538–539
- DLQ (dead letter queue), 599
- endpoints, 535
  - Amazon Cognito, 539
  - mobile, 538
  - proxy server, 539
- Free Tier, 539–540
- limits, 539–540
- messages, topics, 534
- mobile, 537–539
- monitoring metrics, 808
- registration IDs, 538–539
- restrictions, 539–540
- subscriptions, 534
- topics, 534, 536
- transport protocols
  - email, 537
  - Email-JSON, 537
  - HTTP, 537
  - HTTPS, 537
- workflow, 535
Amazon SQS (Simple Queue Service), 294, 523, 569
- Amazon SNS comparison, 540
- ChangeMessageVisibility action, 527
- consumers, 523
- DelaySeconds action, 528
- DeleteMessage action, 528
- distributed cluster of servers, 525
- DLQ (dead letter queue), 599
- log server, 524
- MessageRetentionPeriod action, 528
- messages
  - attributes, 532
  - storage, 525–526
- monitoring metrics, 808
- producers, 523
- queue, 525
  - Amazon CloudWatch and, 533
  - dead-letter, 531–532
  - dead-letter queue, 528–530
  - dead-letter troubleshooting, 531
  - FIFO (first-in, first-out), 526, 529–530
  - SSE settings, 533
  - standard, 526
  - standard queues, 529–530
- ReceiveMessage action, long polling, 526
- ReceiveMessageWaitTimeSeconds action, 527
- responses, 523
- servers, distributed cluster, 525
- VisibilityTimeout action, 526
- WaitTimeSeconds, 527
Amazon Timestream, time series database, 177
Amazon VPC (Virtual Private Cloud), 38, 67, 268–269
- CIDR notation, 51
- connection types, 52
- default, 42
- DHCP (Dynamic Host Configuration Protocol), 63
- IP addresses, 52–53
- NAT (network address translation), 61–63
- network ACLs (access control lists), 58–61
- network traffic monitoring, 64
- route tables, 55–56
- security groups, 56–58
- stacks, AWS OpsWorks Stacks, 453
- subnets, 54–55
AMI (Amazon Machine Image), 41–42, 506, 593
- Amazon EBS and, 97
- AWS Elastic Beanstalk, 306
AMQP (Advanced Message Queuing Protocol), 551
AFR (annual failure rate), 93
API keys, 631
APIs (application programming interfaces), 2
- Amazon SNS
  - AddPermission, 536
  - ConfirmSubscription, 537
  - CreateTopic, 536
  - DeleteTopic, 536
  - GetTopicAttributres, 536
  - ListSubscriptions, 536, 537
  - ListSubscriptionsByTopic, 536
  - ListTopics, 536
  - RemovePermission, 536
  - SetTopicAttributes, 536
  - Subscribe, 537
  - UnSubscribe, 537
- answers to review questions, 886–887
- AWS Lambda functions, 589
- AWS STS
  - AssumeRole, 503
  - AssumeRoleWithSAML, 504
  - AssumeRoleWithWebIdentity, 504
  - DecodeAuthorizationMessage, 504
  - GetCallerIdentity, 504
  - GetFederationToken, 504
  - GetSessionToken, 505
- control plane, 497
- credentials, 14–15
  - assigning, 48
- endpoints, 10–12, 13
- microservices, 521
- requests, 6
- responses, 7
APNS (Apple Push Notification Service), 537, 538–539
Application Load Balancer (See ALB (Application Load Balancer)
applications
- Amazon Kinesis Data Streams, 541–542
- Amazon S3, 129
- AWS OpsWorks Stacks, 459–460
- capacity, 289
- deployment, 288–289
- mapping to AWS database service, 178
- running on instances, 44–50
- serverless, 129, 622
- stateless, 129
AppSpec configuration file, 299
architecture
- data lake, 129–130
- three-tier, 282
  - versus serverless stack, 640–642
ARN (Amazon Resource Name), 22–23
- Amazon SNS, 536
- AWS Lambda functions, 600
attributes, nested, 722–723
authentication
- Amazon Cognito and, 634–640
- answers to review questions, 905–907
- versus authorization, 496
- control planes, 497
- federation, 496
- IAM, 19–20
- MFA (multi-factor authentication), 15–16, 636
- RDP, 497
- SSH, 497
authoritative data, 90
authorization, 497–498
- answers to review questions, 905–907
- versus authentication, 496
- AWS SSO (Single Sign-On), 500–501
- control planes, 497
- cross-account access, 499
- federation, 496
- IAM, 19–20
- permissions policy, 499
- RDP, 497
- source accounts, 499
- SSH, 497
- target accounts, 499
- trust policy, 499
Auto Scaling, 845–849
Availability Zones, 705
- Amazon EC2 (Elastic Compute Cloud), 38
- AWS Region, 9, 10
AWS (Amazon Web Services)
- cloud services, calling, 5–9
- resource management, 4
- SOAP support, 128–129
AWS Amplify JavaScript library, 128
AWS ASG (Auto Scaling Group), 383
AWS Auto Scaling, 289
- groups, 289–290
- groups, monitoring metrics, 805
- microservices, 521
AWS Budgets, 2, 866
AWS CLI (Command Line Interface), 3, 4, 128, 382
- AWS Lambda functions, 589
- credentials, assigning, 48
AWS Cloud, 2, 86, 176, 284–287
AWS Cloud9, 66, 334
AWS CloudFormation, 382
- application deployment, 289
- AWS CloudFormation Designer, 406
- AWS CodePipeline and, 321, 429–432
- change sets, 384, 434–435
- condition functions
  - FN::AND, 398
  - FN::IF, 398
  - FN::NOT, 398
  - FN::OR, 398
- creation policies, 436
- custom resource providers, 406–407
- helper scripts
  - cfn-get-metadata, 425
  - cfn-hup, 425–426
  - cfn-init, 424
  - cfn-signal, 424–425
- infrastructure and, 382–384
- intrinsic functions
  - Fn::Base64, 395
  - Fn::Cidr, 395
  - Fn::FindInMap, 395
  - Fn::GetAtt, 396
  - Fn::GetAZs, 396
  - Fn::Join, 396–397
  - Fn::Select, 397
  - Fn::Split, 397
  - Fn::Sub, 397–398
  - Ref, 398
- metadata keys
  - AWS::CloudFormation::Designer, 405
  - AWS::CloudFormation::Init, 399–404
  - AWS::CloudFormation::Interface, 404–405
- overview, 382–383
- permissions, 385–386, 435
- resource relationships, 408, 435
- resources, 435, 408–411
- service limits, 429
- stacks, 384
  - CREATE_COMPLETE, 411
  - CREATE_FAILED, 412
  - CREATE_IN_PROGRESS, 412
  - DELETE_COMPLETE, 412
  - DELETE_FAILED, 412
  - DELETE_IN_PROGRESS, 412
  - deletion policies, 416–417
  - export output, 417–418
  - exports, 417
  - import output, 417–418
  - nested, 417, 418–419
  - policies, 420–422
  - ROLLBACK_COMPLETE, 412
  - ROLLBACK_FAILED, 412
  - ROLLBACK_IN_PROGRESS, 412
  - UPDATE_COMPLETE, 412
  - UPDATE_COMPLETE_CLEANUP_IN_PROGRESS, 412–413
  - UPDATE_IN_PROGRESS, 412
  - UPDATE_ROLLBACK_COMPLETE, 413
  - UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS, 413
  - UPDATE_ROLLBACK_IN_PROGRESS, 413
  - updates, 413–416, 436
- StackSets, 427–429
- templates, 386–394, 435
- wait conditions, 436
AWS CloudFormation CLI, 422–423
AWS CloudHSM, 262, 268–269
AWS CloudTrail
- events, 818–820
- monitoring, 798
- trails, 820
AWS Code services, 318
- AWS CodePipeline, 318
AWS CodeBuild, 318, 319, 344–345, 373
- AWS CodePipeline and, 321, 352
- build environments, 350–351
- build projects, 345–349
- service limits, 351
AWS CodeCommit, 292, 318, 319, 332–333, 372, 373
- AWS CodePipeline and, 321, 344
- branches, 341
- commits, 339–340
- credentials, 333–334
- development tools, 334
- files, 337
- migration to, 341–343
- pull requests, 337–338
- repository, 335–337
- service limits, 343
AWS CodeDeploy, 299, 319, 352–353, 373
- applications, 362
- AppSpec file, 362–369
- AWS CodeDeploy agent, 369–370
- AWS CodePipeline and, 321, 371
- deployment configurations, 359–361
- deployment groups, 356–359
- deployments, 354–356
- in-place deployment, 300
- revision, 353–354
- service limits, 370
AWS CodePipeline, 318, 319, 372
- actions, 323
- Amazon ECS and, 321
- Amazon S3, 321
- approval actions, 325–238
- artifacts, 326–327
- AWS CloudFormation and, 321, 430–432
- AWS CodeBuild and, 321, 352
- AWS CodeCommit and, 321, 344
- AWS CodeDeploy and, 321, 371
- AWS Elastic Beanstalk and, 321
- AWS Lambda, 321
- AWS OpsWorks Stacks, 321
- build actions, 324
- CI/CD (continuous integration/continuous deployment), 318
- deploy actions, 325
- GitHub and, 324
- invoke actions, 326
- pipelines, 322, 330–332
- revisions, 322–323
- service limits, 329
- source actions, 323–324
- stages, 323
- tasks, 329–332
- test actions, 324
- transactions, 326–327
- workflow, 320
AWS compute, 17
AWS Config
- AWS Elastic Beanstalk and, 298
- tagging and, 836
AWS Cost and Usage Report, cost management and, 866–867
AWS Cost Explorer, cost management and, 865
AWS Cost Explorer API, cost management and, 865–866
AWS Cost Optimization Monitor, cost management and, 867
AWS Database Migration Service, 176
AWS database service, application mapping, 178
AWS DataSync, 86
AWS Direct Connect, 86, 128, 152–153, 158, 159
AWS Directory Service, 509
AWS DMS (Database Migration Service), 177, 233–235
- database migration, 177
AWS DX (Direct Connect), 774–776
AWS EB CLI (Elastic Beanstalk CLI), 296
AWS Elastic Beanstalk, 38, 290–291, 325. See also AWS EB CLI (Elastic Beanstalk CLI)
- Amazon CloudFront and, 297–298
- Amazon RDS, 298
- Amazon S3 and, 297
- applications, 289, 293
- AWS CodePipeline and, 321
- AWS Config, 298
- components, 307
- deployment, 307
- ebextensions directory, 296–297
- ElastiCache, 298–299
- environment, 293–297
- environment tier, 293–294, 307
- health dashboard, 303–306
- IAM and, 299
- implementation, 291–292
- metrics, 304
- resources, 307
- source repository and, 292–293
AWS Fargate, 475–476, 484, 486
AWS Free Tier, 2
AWS General Reference, 13
AWS Import/Export, 146–147, 158
AWS IoT (Internet of Things), 570
AWS IoT Device Management
- device shadow, 550
- message broker, 549–550
- MQTT (Message Queuing Telemetry Transport), 547
- OTA (over-the-air) updates, 547
- rules engine, 548–549
AWS IoT (Internet of Things) Device SDK, 4
AWS KMS (Key Management Service), 95, 260–262, 269–270, 760
AWS Lambda, 38, 586–587
- Amazon API Gateway integration, 631
- Amazon CloudWatch and, metrics, 602–603
- Amazon DynamoDB Streams, 706–707
- AWS CodePipeline and, 321
- AWS X-Ray, 603–604
- environment variables, 599
- functions
  - aliases, 600–601
  - concurrency, 597–598
  - concurrency limits, 598–599
  - context object, 595
  - creating, 589–590
  - descriptions, 596
  - DLQ (dead letter queue), 599
  - even objects, 595
  - execution methods, 590–592
  - execution permissions, 592
  - function handler, 594
  - function package, 593–594
  - invocation models, 590–592
  - invocation permissions, 593
  - InvocationType parameter, 591
  - invoking, 601–602
  - memory, 596
  - network configuration, 596–597
  - Nonstreaming Event Source (Push Model), 590–591
  - Streaming Event Source (Pull Model), 590, 592
  - tags, 596
  - timeouts, 596
  - versioning, 599–600
- languages supported, 589
- optimization and, 851
AWS Managed Microsoft AD, 507–508
AWS Management Console, 3–4, 12, 303, 590
- access, 15–16
- authentication, multi-factor authentication, 15–16
- AWS Elastic Beanstalk, health dashboard, 303–305
- AWS Lambda functions, 589
- health monitoring, 303–305
- IAM roles, 305–306
AWS Mobile SDK, 4, 128
AWS OpsWorks
- Amazon EC2 auto scaling, 448
- application deployment, 289
- AWS CodePipeline and, 321
- Chef compliance, 448
- code repository, 448
AWS OpsWorks Agent, lifecycle events, 461–462
AWS OpsWorks for Chef Automate, 447
- application deployment, 289
AWS OpsWorks for Puppet Enterprise, 447
AWS OpsWorks Stacks, 446, 484, 485
- apps, 459–460
- attribute files, 449
- auto healing, 486
- AWS CodePipeline and, 470
- Chef 11, 464–465
- Chef 12, 464–465
- Chef Server, 450
- Chef Solo, 447
- components, 485
- cookbooks, 456, 449–452
- deployment, 470–471
- instances, 456–459, 464, 467–469, 485–486
- layers, 453–456
- lifecycle events, 461–463, 486
- Permissions, 460–461, 486
- recipes, 449–450, 461–462
- resource management
  - Amazon EBS volumes, 463
  - elastic IP addresses, 464
- service limits, 469
- stacks, 452–453, 471
- templates, custom, 456
AWS Region, 9–10, 23
- API endpoints, 10–12
- Availability Zones, 9, 10
- planned regions, 9
- samples, 13
- selecting region, 14
AWS SAM (Serverless Application Model), 643–645
AWS SAM CLI, 645–647
AWS SCT (Schema Conversion Tool), 233–235
AWS SDK for Python, Boto, 4
AWS SDKs (software development kits), 3–4, 7–12, 128
- AWS Lambda functions, 589
- instances, 48
AWS Serverless Application Repository, 647
AWS Signature Version 4, 7
AWS Snow family, 86
AWS Snowball, 147–148, 158
AWS Snowball Edge, 148–150, 158
AWS Snowmobile, 150–151, 158
AWS SSO (Single Sign-On), 500–502
AWS Step Functions, 570
- Choice Rules, 559–561
- Choice state, 556–557
- end state, 564
- error handling, 564
- input/output, 564–568
- Parallel state, 561–564
- state machines, 551–554
- tasks, 554–556
- use case, 568
AWS Storage Gateway, 86, 158
- cached volume mode, 146
- encryption, 266
- file gateway, 146
- migration and, 145–146
- stored volume mode, 146
- tape gateway, 146
- volume gateway, 146
AWS STS (Security Token Service), 18
- APIs, 503–505
- credentials, 48
  - temporary, 502–503
AWS Systems Manager Parameter Store, 346
AWS Tag Editor, 836
AWS Trusted Advisor
- cost management and, 864
- performance monitoring, 869
AWS VPN, 158, 775
AWS X-Ray, 820
- application request tracking, 821–823
- AWS Lambda functions and, 603–604
- monitoring, 798
- use cases, 821
AWS::CloudFormat::Init, 400, 403–404
AWS::CloudFormation::Designer, 405
AWS::CloudFormation::Init, 435
AWS::CloudFormation::Interface, 404–405
AWS::CloudFormation::Stack, nesting, 418–419

B

Baidu Cloud Push, 537
bare-metal access, 38
binary scalar types, 670
BlazeMeter, 324
BLOB (binary large object) data, 88
block storage, 86, 91, 155, 782, 852
- Amazon EBS, 87, 93
- Amazon EC2 (Elastic Compute Cloud), instance store, 97–98
- DAS (direct-attached storage), 91
- ERP (enterprise resource planning systems), 91
- NAS (network-attached storage), 91
- SAN (storage area network), 91
block-level encryption, 265
blue/green deployment, 301, 310, 355
Boolean scalar types, 670
Bouncy Castle, 266
buckets (Amazon S3), 155–156
- limitations, 99–100
- namespace, universal, 100
- operations, 103–105
- regions, 103
- versioning, 101–103
buffers, Amazon Kinesis Data Firehose, 544
build phase of release lifecycle, 283

C

C# (.NET Core 1.0), AWS Lambda and, 589
C# (.NET Core 2.0), AWS Lambda and, 589
C++, AWS SDKs (AWS software development kits), 4
canary release, 630
CAP theorem (consistency, availability, partition tolerance), 115–116
CD (continuous delivery), 285
cfn-get-metadata helper script, 425
cfn-hup helper script, 425–426
cfn-init helper script, 424
cfn-signal helper script, 424–425
Chef, 446, 485
Chef 11, 464–467
Chef 12, 464–465
Chef Client, 447
Chef Server, 447, 450
Chef Solo, 447
Chef Zero, 447
CI (continuous integration), 285
CIA (confidentiality, integrity, availability) model, storage and, 91–92
CI/CD (continuous integration/continuous deployment), 285–286, 318
- AWS CodeBuild, 286
- AWS CodeCommit, 286
- AWS CodeDeploy, 287
- AWS CodePipeline, 286
CIDR (Classless Inter-Domain Routing) notation, 51
Classic Load Balancer, 287
client-side encryption, 121–123
cloud, database migration, 232–233
- AWS DMS, 233–234
- AWS SCT, 234–235
cloud services, calling, 5–9
CloudBees, 324
cloud-init directive, 47
CloudWatch, 50
CMK (customer master key), 96
code, configuration as, 446
cold data, 89
compliance, AWS KMS, 262
compute optimized instances, 39
condition functions, AWS CloudFormation
- FN::AND, 398
- FN::IF, 398
- FN::NOT, 398
- FN::OR, 398
configuration
- answers to review questions, 903–905
- Chef, 447–448
- as code, 446
- Puppet, 447–448
configuration management, 447–448
containers
- deployments, 302–303
- microservers, 522
- optimization and, 849–850
continuous delivery, 319
continuous integration. See CI (continuous integration)
CI/CD (continuous integration/continuous deployment). See CI/CD
control planes, 497
cookbooks, 485
- AWS OpsWorks Stacks
  - custom, 456
  - dependencies, 451–452
  - management, 450–451
CORS (cross-origin resource sharing), 631
cost management
- Amazon CloudWatch, 867
- AWS Budgets, 866
- AWS Cost and Usage Report, 866–867
- AWS Cost Explorer, 865
- AWS Cost Explorer API, 865–866
- AWS Cost Optimization Monitor, 867
- AWS Trusted Advisor, 864
- EC2 Right Sizing, 868
cost optimization, 834
- AWS usage reduction, 836–838
- tagging, 835–836
critical/regulated data, 90
cross-origin resource sharing. See CORS
CRR (cross-region replication), 127–128
custom builds, identity provider, 499

D

DAS (direct-attached storage), 91
data, structure, 88
data at rest, encryption, 119
data dimensions, 87–88, 154
data in transit, encryption, 119
data lake architecture, 129–130
data lakes, 86
data migration, 145, 158
- Amazon Kinesis Data Firehose, 151–152
- AWS Direct Connect, 152–153
- AWS Import/Export, 146–147
- AWS Snowball, 147–148
- AWS Snowball Edge, 148–150
- AWS Snowmobile, 150–151
- AWS Storage Gateway, 145–146
- VPN connections, 153
data plane, 497
data protection, 118. See also encryption
data temperature, 89
data transfer, 858
- Amazon CloudFront, 858
- Amazon Kinesis, 86
- Amazon S3 transfer acceleration, 858
- AWS DataSync, 86
- AWS Direct Connect, 86
- AWS Snow family, 86
- AWS Storage Gateway, 86
- caching, 858–859
- S3 Transfer Acceleration, 86
data types
- document, 671
- scalar, 670
data value, 89–90
data warehousing
- Amazon Redshift, 177, 220–226
- architecture, 217–220
- benefits, 217
- data lake comparison, 219
- data mart comparison, 219–220
- database comparison, 218
- databases, 176
database migration
- Amazon RDS, 489
- AWS DMS (Database Migration Service), 177
- cloud, 232–235
- heterogeneous, 233
- homogenous, 233
database services, mapping to database types, 176–177
databases
- Amazon Aurora, 176
- Amazon EC2, 235–236
- answers to review questions, 894–895
- AWS OpsWorks Stacks, deployments, 471
- compliance, IAM, 236–237
- data warehouse, 176
- DAX (Amazon DynamoDB Accelerator), 230
- ElastiCache, 229–230
- graph, 176, 230–232
- IAM (AWS Identity and Access Management), 188–189
- in-memory data stores, 176
  - caching, 226–227
  - in-memory key-value store, 228
- ledger, 176
- nonrelational, 176, 237
  - Amazon DynamoDB, 196–217
  - NoSQL, 195–196
- relational, 237, 176, 178–180
  - Amazon Aurora, 190–192
  - Amazon CloudWatch, 189–190
  - Amazon RDS, 177, 180–188
  - Amazon RDS best practices, 192–194
  - IAM DB authentication, 188–189
- security, IAM, 236–237
- time-series, 176
DAX (Amazon DynamoDB Accelerator), 230
dead letter queue). See DLQ (dead letter queue)
decrypting passwords, Windows, 45–46
deployment
- all-at-once deployment, 300
- answers to review questions, 897
- applications, 288–290
- AppSpec file, 299
- AWS CloudFormation, AWS CodePipeline and, 430–432
- AWS CodeDeploy, 299
- AWS CodePipeline, CI/CD, 318
- AWS Elastic Beanstalk, 290–291
  - implementation, 291, 292
- container deployments, 302–303
- continuous delivery, 319
- ELB (Elastic Load Balancing)
  - Application Load Balancer, 287
- environment variables, 284
- highly available applications, 287–288
- in-place deployment, 300
- rolling, 301–302
- scalable applications, 287–288
- source repository, 292–293
deployment phase of release lifecycle, 283
dereference operators, 722–723
developer tools, AWS Cloud9, 66
DHCP (Dynamic Host Configuration Protocol), 63
direct-attached storage. See DAS (direct-attached storage)
DLQ (dead letter queue), 599
dm-crypt, 265
DNS (domain name servers), 63, 506
Docker containers, 295–296
- Amazon ECR, 481
- CLI tools, 481
document data types, 671
domain names, Amazon Route 53, 625–626
dual-stack mode, IPv6 addresses, 53

E

ebextensions directory, 296–297, 307
EC2 Right Sizing, cost management and, 868
Eclipse, 334
eCryptfs, 265
elastic IP addresses, 53
Elastic Load Balancing
- AWS OpsWorks Stacks, layers, 454
- monitoring metrics, 804
elastic network interfaces, 42
Elastic Volumes (Amazon EBS), 94–95
ElastiCache
- access control, 747
- application state, 739
- AWS Elastic Beanstalk and, 298–299
- backups, snapshots, 746–747
- cache hits, 742–743
- cache misses, 742–743
- clusters, 741–742
- data access patterns, 745
- distributed cache, 740–741
- endpoints, 742
- in-memory data store, 177
- in-memory key-value store, 739
- lazy loading, 744
- Memcached, 229–230, 739
- Multi-AZ replication groups, 746
- nodes, 741
- Redis, 229–230, 739
- replication groups, 742, 746
- scaling, 745
- snapshots, 746–747
- TTL (time to live), 742
- write-through, 744
ELB (Elastic Load Balancing), 287, 383
EncFs, 265
encryption
- Amazon EBS, 95–96, 265–266, 274
- Amazon EMR, 267–268
- Amazon RDS, 266–267
  - AWS KMS, 187–188
- Amazon S3, 156, 264–265, 271, 274
- answers to review questions, 895–896
- AWS CloudHSM, 262
- AWS KMS (Key Management Services), 95, 260–262, 269–271
- AWS managed, 263, 268–269
- AWS Storage Gateway, 266
- client-side, 122–123
- customer managed, 263, 264–268
- data at rest, 119
- data in transit, 119
- data protection, 760
- dm-crypt, 265
- eCryptfs, 265
- EncFs, 265
- file systems, accessing, 779
- Loop-AES, 265
- server-side, 271, 760
- SSE (Server-Side Encryption), 119
- TrueCrypt, 265
endpoints
- Amazon SNS, 535
- API regional endpoints, 10–12
- ElastiCache, 742
envelope encryption, 270
environment
- AWS Elastic Beanstalk, 293–297
- variables
  - AWS Lambda, 599
  - deployment, 284
ERP (enterprise resource planning systems), 91
exercises
- account sign up, 26
- Amazon API Gateway, running locally, 659
- Amazon Cloud Directory setup, 514–515
- Amazon CloudTrail, 827–828
- Amazon CloudWatch
  - alarms, 826–827
  - dashboard, 828
- Amazon Cognito setup, 516
- Amazon DynamoDB table
  - backup, 791
  - creation, 250–251, 789
  - global tables, 790
  - removal, 255
  - restore, 792
  - scanning, 254–255
  - users, 252
- Amazon DynamoDB user lookup, 253
- Amazon EBS optimization, 877–878
- Amazon EC2 (Elastic Compute Cloud)
  - instance connection, 73
  - key pairs, 69
  - private subnet, 75–76
  - as web server, 71–73
- Amazon ECS
  - clusters, 488–489
  - containers, 488–489
- Amazon EFS, volumes, 787–788
- Amazon Kinesis Data Stream, 575–577
- Amazon RDS
  - database migration, 489
  - database tier security, 242–243
  - endpoint value, 245–246
  - removal, 249–250
- Amazon S3
  - AWS Lambda function invocation, 615–616
  - buckets, uploading to, 788
  - event triggers, 616–617
- Amazon S3 buckets, 163
  - AWS Lambda functions and, 608
  - deleting, 167–169
  - emptying, 167–169
  - final output, JSON, 608–609
  - HTML file edits, 653–655
  - object load, 164–166
  - Swagger template, 652–653
  - unencrypted uploads, 275–276
  - verifying buckets, 609–610
- Amazon S3 versioning, 789
- Amazon SNS, SMS text message, 575
- Amazon SQS, 573–574
- Amazon VPC, 70
- application version update, 311–312
- auto scaling groups, 879–880
- AWS CLI
  - configuration, 28
  - CPU usage alarm, 876–877
  - installation, 28
- AWS Cloud9, 77–78
- AWS CloudFormation, 437–439
- AWS CodeBuild project creation, 375–376
- AWS CodeCommit repository, pull request, 374
- AWS CodeDeploy, application creation, 375
- AWS Config rule creation, 878–879
- AWS IAM role creation, 612–614
- AWS KMS
  - CMK (customer master key), 277–278
  - create/disable key, 276–277
- AWS Lambda
  - event source generation, 657
  - function creation, 614–615
  - function modification, 658–659
  - function preparation, 610–612
  - function testing, 617
  - invocation by Amazon S3, 615–616
  - local function definition, 656
  - running, 657
- AWS Managed Microsoft AD, 512–514
- AWS OpsWorks Stacks
  - auto healing event notification, 490
  - environment launch, 488
- AWS SAM template, 655–656
  - local API, 658
- AWS Step Function, 578–581
- batch processes, writing data, 253–254
- blue/green solution deployment, 310
- cleanup, 78–79
- code samples, downloading, 28–29
- cross-region replication, 791
- deployment, 309
- ElastiCache, Memcached cluster, 786, 787
- environment, AWS Elastic Beanstalk, 310–311
- IAM administrator group creation, 26–27
- IAM administrator user creation, 26–27
- IAM roles, API calls, 71
- instances, private, requests, 76–77
- launch configuration, 879–880
- MariaDB database instance setup, 243–245
- NAT, instances in private subnet, 74–75
- profiles, 30–32
- Python script, API calls, 29
- regions, 29–30
- scaling actions, 879–880
- Simple AD setup, 510–512
- SQL table creation, 246–248
- SQL table queries, 248–249

F

FaaS (function-as-a-service), 587
federation, 496, 498–500, 509
file gateways, 146
file storage, 86, 91, 155, 853
- Amazon EFS, 87
file-system encryption, 265
FIPS (Federal Information Processing Standards), 260
Fn::Base64, 395
Fn::Cidr, 395
Fn::FindInMap, 395
Fn::GetAtt, 396
Fn::GetAZs, 396
Fn::Join, 396–397
Fn::Select, 397
Fn::Split, 397
Fn::Sub, 397–398
FPGA (Field Programmable Gate Array), 39
frozen data, 89
function-as-a-service). See FaaS (function as a service)

G

GCM (Google Cloud Messaging for Android), 538–539
general purpose instances, 39
Ghost Inspector, 324
GitHub, AWS CodePipeline and, 324
Go, AWS SDKs (AWS software development kits), 4
Go 1.x, AWS Lambda and, 589
GPU (Graphics Processing Unit), 39
graph databases, 176–177, 230–232

H

Hadoop, Amazon EMR, 266
HDD (hard disk drive)-backed volumes, 93
- SSD comparison, 94
helper scripts, AWS CloudFormation, 425–426
heterogeneous database migration, 233
highly available applications, deployment, 287–288
highly structured data, 88
HIPAA (Health Insurance Portability and Accountability Act), 508
HMAC (hash message authentication code), 266
homogenous database migration, 233
hot data, 89
HPE (Hewlett Packard Enterprise) Storm Runner Load, 324
HSM (hardware security module), 260

I

IaC (infrastructure as code), 382, 434
IAM (AWS Identity and Access Management), 5, 13, 14–15, 496
- access keys, 16
- Amazon DynamoDB, 732–736
- authentication, 19–20
- authorization, 19–20
- AWS Elastic Beanstalk and, 299
- condition element, 734
- database security, 236–237
- DB authentication, 188–189
- dev tools, 16
- groups, 16–17
- identities, 19–20
- as IdP (identity provider), 496
- Management Console, 15–16
- many-to-many relationships, users and groups, 16
- metadata, 48
- permissions, 20–21, 733–735
- policies, 20–24
- roles, 17–18, 20, 24
- users, 15, 24
  - Amazon EFS, 777
  - roles, 20
identity, 497–498
- identity consumer, 498
- identity provider, 498–499, 505–506
- Microsoft Active Directory, 500
identity services, federation, 496
IdP (identity provider), 496, 509
- federation, 496
images
- AMI (Amazon Machine Language), 41–42
- software images, 41–42
IMDS (instance metadata service), 47–48
immutable deployment, 301–302
infrastructure
- answers to review questions, 900–903
- AWS CloudFormation and, 382
- repeatable, 383
- templates and, 384
- versionable, 383
infrastructure as code. See IaC (infrastructure as code)
in-memory data stores, 176–177, 226–228
in-place deployment, 300, 354
instance metadata service, See IMDS (instance metadata service)
instance reservations
- EC2 reservations, 841–842
- pricing, 840–841
- RDS reservations, 842
instance store
- Amazon EBS comparison, 143–144
- Amazon EC2 (Elastic Compute Cloud), 97–99, 155
- volumes, 98
instances, 38
- accelerated computing, 39
- access, 43
- Amazon EC2 (Elastic Compute Cloud), 45–46, 50
- applications, running on, 44–50
- AWS OpsWorks Stacks, 456–459, 464, 467–469
- CloudWatch, 50
- compute optimized, 39
- families, 39
- general purpose, 39
- memory optimized, 39
- metadata, 67
- storage optimized, 39
- stores, 40–41
- types, 39
IntelliJ, 334
intrinsic functions, AWS CloudFormation
- Fn::Base64, 395
- Fn::Cidr, 395
- Fn::FindInMap, 395
- Fn::GetAtt, 396
- Fn::GetAZs, 396
- Fn::Join, 396–397
- Fn::Select, 397
- Fn::Split, 397
- Fn::Sub, 397–398
- Ref, 398
IOPS (input/output operations per second), 773
IP addresses, 42, 52–53
IPv6 addresses, 53
iSCSI (internet Small Computer System Interface), 145–146

J

Java, AWS SDKs (AWS software development kits), 4
Java 8, AWS Lambda and, 589
JavaScript, AWS SDKs (AWS software development kits), 4
JCE (Java Cryptography Extension), 261
Jenkins, 324
JSON (JavaScript Object Notation), identity, 497

K

key pairs, Amazon EC2 (Elastic Compute Cloud), 43
KMI (key management infrastructure), 263, 273

L

latency, 157
layers, AWS OpsWorks Stacks, 453–456
LDAP (Lightweight Directory Access Protocol), 506, 508
ledger databases, 176–177
lexicon, 11
lifecycle, release lifecycle, 282–284
lifecycle configuration, 134–135
lifecycle policies, 102
Lightweight Directory Access Protocol. See LDAP (Lightweight Directory Access Protocol)
load balancers, 287, 479
local secondary indexes, 201–202, 204–205, 682, 684
logs, web traffic, 624–625
Loop-AES, 265
loosely structured data, 88

M

Memcached, 229–230
memory optimized instances, 39
message infrastructure, refactor to microservices and, 522
message-oriented middleware. See MoM (message-oriented middleware)
metadata, 67
MFA (multi-factor authentication), 15–16, 127, 636
microservices, 521
- answers to review questions, 907–908
- containers, 522
- monolithic architectures and, 588
- refactor to, 522
Microsoft Active Directory, 500
- AD Connector (Active Directory Connector), 506–507
- AD DS (Active Directory Domain Services), 506
- AWS Managed Microsoft AD, 505–507, 507–508
- AWS SSO (Single Sign-On) and, 501–502
migration, 145, 158
- Amazon Kinesis Data Firehose, 151–152
- to AWS CodeCommit, 341–343
- AWS Direct Connect, 152–153
- AWS Import/Export, 146–147
- AWS Snowball, 147–148
- AWS Snowball Edge, 148–150
- AWS Snowmobile, 150–151
- AWS Storage Gateway, 145–146
- VPN connections, 153
MoM (message-oriented middleware), 523
monitor phase of release lifecycle, 284
monitoring, 303, 798
- Amazon CloudWatch, 189–190, 798
  - alarms, 814–815, 815–817
  - cases, 800
  - dashboards, 817–818
  - log aggregation, 811, 812
  - log processing, 814
  - log searches, 812–814
  - metrics, 802–811
  - metrics repository, 801–811
  - microservices, 521
  - monitoring, 798
- answers to review questions, 912–914
- AWS CloudTrail, 798
  - events, 818–820
  - trails, 820
- AWS Management Console, 303–306
- AWS X-Ray, 798, 820–823
- metrics, 799–800
monolithic architectures versus microservices, 588
MPNS (Microsoft Push Notification Service) Windows Phone, 538
multi-factor authentication. See MFA (multi-factor authentication)
MVC (Model-View-Controller) architecture, 623

N

namespaces, buckets (Amazon S3), 100–101
NAS (network-attached storage), 91
NAT (network address translation), 61–63, 128
nesting
- attributes, 722–723
- AWS::CloudFormation::Stack, 418–419
.NET, AWS SDKs (AWS software development kits), 4
network ACLs (network access control lists), 58–61, 68
network address translation. See NAT (network address translation)
network-attached storage. See NAS (network-attached storage)
Network Load Balancer, 287
networks
- Amazon VPC, 51
- connecting to others, 51–52
- connection types, 52
- DHCP (Dynamic Host Configuration Protocol), 63
- IP addresses, 52–53
- NAT (network address translation), 61–63
- network ACLs (access control lists), 58–61
- network traffic monitoring, 64
- primary network interfaces, 42
- route tables, 55–56
- security groups, 56–58
- subnets, 54–55
- virtual, elastic network interfaces, 42
Node.js 4.3, AWS Lambda and, 589
Node.js 6.10, AWS Lambda and, 589
Node.js 8.10, AWS Lambda and, 589
nonrelational databases, 176, 237
- Amazon Document DB, 177
- Amazon DynamoDB, 196–217
- NoSQL, 177, 195–196
Nouvola, 324
null scalar types, 670
number scalar types, 670

O

object storage, 86, 91, 155, 782
- Amazon S3, 87, 99–105
- Amazon S3 Glacier, 87
- DEEP_ARCHIVE, 852
- GLACIER, 852
- INTELLIGENT_TIERING, 852
- ONEZONE_IA, 852
- STANDARD_IA, 852
objects, 99, 108–109, 761–765
OIDC (OpenID Connect), 498, 500
OP (OpenID provider), 500
OpenSSL, 266
OpsWorks Stacks, 325
optimistic locking, 713–714
optimization
- answers to review questions, 914–916
- Auto Scaling, 845–846
  - accessing, 848–849
  - Amazon Aurora, 848
  - Amazon EC2 Auto Scaling, 846–847
  - AWS Auto Scaling, 847–848
  - DynamoDB, 848
- AWS Lambda and, 851
- containers, 849–850
- cost optimization, 834–838
- costs, 864–868
- data transfer, 858–859
- instance reservations, 841–842
- RDBMS (relational database management system), 859–864
- right sizing, 838–840
- serverless approaches, 850–851
- Spot Instances, 843–845
- storage, 851–857

P

partitions
- Amazon DynamoDB, 197, 711
  - distribution, 711–713
  - partition key, 665–668, 712–713
  - primary key, 199–200
  - sort key, 713
- ARN, 23
- CAP theorem (consistency, availability, partition tolerance), 115–116
- nonrelational databases, 197
- partition key, Amazon Kinesis Data Streams, 541
passwords, decrypting, Windows, 45–46
PCI DSS (Payment Card Industry Data Security Standard), 508
performance monitoring
- Amazon CloudWatch, 868
- AWS Trusted Advisor, 869
permissions
- Amazon DynamoDB, IAM policy and, 732–735
- AWS CloudFormation, 385–386
  - StackSets, 428–429
- AWS OpsWorks Stacks, 460–461
- wildcards, 22
persistent storage, 40–41
PHP, AWS SDKs (AWS software development kits), 4
policies, IAM, 20–24
POSIX (Portable Operating System Interface), 773
presigned URLs, 118, 125
primary network interfaces, 42
private IP addresses, 53
private subnets, 55, 67
privileges, IAM policies, 21
programmatic access, 16
public IP addresses, 53
public subnets, 55, 67
push notifications, Amazon SNS mobile, 537–539
Python 2.7, AWS Lambda and, 589
Python 3.6, AWS Lambda and, 589

Q

query string authentication, 125–126

R

RDBMS (relational database management system), optimization and, 859–860
- fewer tables, 860
- indexes, 862–863
- NoSQL and, 860
- projections, 863
- query frequency, 863
- related data, 860
- scan operations, 863–864
- sort keys, version control, 862
- workload distribution, 861–862
RDP (Remote Desktop Protocol), 238
- Amazon EBS, 97
- Amazon EC2 (Elastic Compute Cloud) instances, 43
- data plane, 497
read consistency, 206–207
reads per second. See RPS (reads per second)
Redis, 229–230
Ref, 398
refactor to microservices, 522
regions, ARN, 23
relational databases, 178–179, 237. See also RDBMS (relational database management system)
- ACID
  - atomicity, 179
  - consistency, 180
  - durability, 180
  - isolation, 180
- Amazon Aurora, 190–192
- Amazon CloudWatch, 189–190
- Amazon RDS, 177, 180–189, 238
  - Amazon Aurora, 190–192
  - Amazon CloudWatch, 189–190
  - best practices, 192–194
- columns, 178–179
- data integrity, 179
- fields, 179
- foreign keys, 179
- IAM DB authentication, 188–189
- managed, 176, 180
- nonrelational, Amazon Document DB, 177
- objects, 178
- primary keys, 179
- rows, 179
- SQL (Structured Query Language), 179
- transactions, 179
- unmanaged, 180
release lifecycle, 282–284
Remote Desktop Protocol. See RDP (Remote Desktop Protocol)
repeatable infrastructure, 383
repositories, deployment and, 292–293
Representational State Transfer. See REST
reproducible data, 90
resource management, security, shared responsibility model, 64–65, 155
resources, 24
- ARN, 24
- usage reduction, 836–838
REST (Representational State Transfer), 623
RESTful APIs, 631
right sizing, 838–840
roles, IAM, 17–18
rolling deployment, 301–302
route tables, 55
RPS (reads per second), 88
Ruby, AWS SDKs (AWS software development kits), 4
Runscope, 324

S

S3 Transfer Acceleration, 86
S3DistCp, 272
same-origin policy, 631
SAML (Security Assertion Markup Language), 498, 499
SAN (storage area network), 91
scalable applications, deployment, 287–288
scalar data types, 670
SDLC (software development lifecycle), 282
- AWS Cloud, 284–285
- environment variables, 284
- release lifecycle, 282–284
secondary indexes, 201, 665, 683
- alternate key, 684
- base table, 683
- configuration, 685
- global secondary indexes, 202–205, 682, 684
- local secondary indexes, 201–202, 204–205, 682, 684
security, shared responsibility model, 64–65, 155
Security Assertion Markup Language. See SAML (Security Assertion Markup Language)
security groups, 56–58, 68
serverless applications, 622
- Amazon Aurora Serverless, 642–643
- Amazon S3, 129
- answers to review questions, 909–910
- AWS SAM (Serverless Application Model), 643–645
- AWS SAM CLI, 645–647
- AWS Serverless Application Repository, 647
- user cases, 647
serverless compute, 586. See also AWS Lambda
- answers to review questions, 908–909
serverless stack versus three-tier architecture, 640–642
server-side encryption, AWS KMS, 271
service token acts, 406
services
- ARN, 23
- managed, 65–66
- unmanaged, 65–66
shared responsibility security model, 64–65, 155
- storage and, 91
Simple AD (Simple Active Directory), 507
snapshots, Amazon EBS, 95
SOA (service-oriented architecture), 476–477, 798
SOAP, 128–129
software
- customization, user data and, 46–47
- images, 41–42
Solano CI, 324
source phase of release lifecycle, 283
source repository, deployment and, 292–293
Spot Instances, 844–845
SSD (solid-state drive)-backed volumes, 93
- HDD comparison, 94
SSDs (solid-state drives), 665
SSE (Server-Side Encryption), 119
- SSE-C (customer-provided keys), 120
- SSE-KMS (AWS KMS), 120–121
- SSE-S3 (Amazon S3 managed keys), 120, 760
SSH (Secure Shell), data plane, 497
SSL (Secure Sockets Layer), ELB (Elastic Load Balancing), 287
SSML (Speech Synthesis Markup Language), 5
stacks, AWS OpsWorks Stacks, 452–453
StackSets (AWS CloudFormation), 427–429
state machines, AWS Step Functions, 551–554
stateless application pattern, 129, 664
- answers to review questions, 910–912
static websites, 126
- Amazon S3, 156
stop deployments, 355
storage
- Amazon EBS, 40–41, 94–97, 855–857
- Amazon EFS, 136–142
- Amazon S3, 853–855
  - access control, 123–125
  - authentication, 129
  - AWS CLI, 128
  - AWS explorers, 128
  - AWS SDKs, 128
  - buckets, 99–105
  - classes, 109–114, 156
  - consistency model, 114–118
  - CORS (cross-origin resource sharing), 107–108
  - CRR (cross-region replication), 127–128
  - data lake architecture, 129–130
  - encryption, 118–123
  - MFA Delete, 127
  - objects, 105–108
  - performance, 130–134
  - presigned URLs, 118
  - pricing, 134
  - query string authentication, 125–126
  - requests, 129
  - serverless applications, 129
  - stateless applications, 129
  - static websites, 126
  - VPC (virtual private cloud) endpoints, 128
- answers to review questions, 890–893
- block, 86, 91, 155, 782
- block storage, 852
- CIA (confidentiality, integrity, availability) model, 91–92
- comparisons, 142–144
- DAS (direct-attached storage), 91
- data dimensions, 87–88
- data lakes, 86
- data temperature, 89
- data transfer, 86
- data value, 89–90
- data volume and, 157
- ERP (enterprise resource planning systems), 91
- file, 86, 91, 155
- file storage, 853
- highly structured data, 88
- item size and, 157
- latency, 157
- loosely structured data, 88
- mental model, 87
- NAS (network-attached storage), 91
- object, 86, 91, 155, 782, 852
- optimization, 851–857
- persistent, 40–41
- products, 142–143
- SAN (storage area network), 91
- shared responsibility model, 91
- temporary, 41
- unstructured data, 88
storage area network (SAN), 91
storage optimized instances, 39
string scalar types, 670
subnets, 55, 67
Sun Java JCE, 261
system-level encryption, 265

T

tape gateways, 146
TeamCity, 324
templates
- AWS CloudFormation, 386–394
- AWS CloudFormation CLI, transforms, 423
- AWS OpsWorks Stacks, custom, 456
- infrastructure, 384
- transforms, AWS CloudFormation CLI, 423
temporary storage, 41
test phase of release lifecycle, 283
three-tier architecture, 282
- versus serverless stack, 640–642
time series databases, Amazon Timestream, 177
time-series databases, 176
TLS (Transport Layer Security), ELB, 287
transient data, 90
troubleshooting, 303, 798
- Amazon EBS, 97
- answers to review questions, 912–914
TrueCrypt, 265
trust policies, IAM roles, 18

U

unstructured data, 88
user data, 46–47, 67
users, IAM, 15

V

variables, environment variables
- AWS Lambda, 599
- deployment, 284
variety, data, 88
velocity, data, 88
versionable infrastructure, 383
versioning, buckets (Amazon S3), 100–101
virtual networks, interfaces, elastic network interfaces, 42
Visual Policy Editor, 24
Visual Studio, 334
volume, data, 88
volume gateways, 146
VPC (virtual private cloud)
- Amazon EFS, 773–775
- endpoints, 128
VPNs (virtual private networks), 128, 159
- data migration, 153

W

warm data, 89
web servers
- Amazon S3, 622–623
- traffic logs, 624–625
webpages, custom, Amazon EC2 (Elastic Compute Cloud) and, 49–50
websites, static, 126
wildcards, permissions, 22
Windows, passwords, decrypting, 45–46
WNS (Windows Push Notification Services), 538
WORM (Write Once Read Many), 111
WPS (writes per second), 88

X–Y–Z

x-amzn-requestid header, 7
Xebia Labs, 325
zeroization, 268

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Index

Create new playlist

Sign In

Sign Up

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X–Y–Z

Table of Contents for
Index