Cover -- Title Page -- Copyright and Credits -- Dedication -- Packt Upsell -- Contributors -- Table of Contents -- Preface -- Chapter 1: Introducing Amazon Web Services -- Technical requirements -- Minimizing complexity -- Conway's law -- Cloud computing -- Architecting for AWS -- Cloud design principles -- Cloud design patterns - CDP -- AWS Cloud Adoption Framework - AWS CAF -- AWS Well-Architected Framework - AWS WAF -- Shared security model -- Identity and Access Management -- User creation -- Designing an access structure -- Create an administration group -- Business case -- Inline policies -- IAM cross-account roles -- Summary -- Further reading -- Chapter 2: AWS Global Infrastructure Overview -- Technical requirements -- Introducing AWS global infrastructure -- Becoming a service company -- Data centers -- 10,000-feet view -- Regions -- 100,000-feet view -- Latency -- Compliance -- Supported services -- Cost -- Connectivity -- Endpoint access -- Global CDN -- Amazon CloudFront -- Single region / multi-region patterns -- Rationale -- Active-active -- Active-passive -- Network-partitioning tolerance -- Complexity -- CloudFront -- Data replication and redundancy with managed services -- Exercise -- Replicating tags -- Replicating ACLs -- Distributed nature of S3 -- Metadata replication -- Encryption replication -- Hosting a static website with S3 and CloudFront -- Summary -- Further reading -- Chapter 3: Elasticity and Scalability Concepts -- Technical requirements -- Sources of failure -- The cause -- Dividing and conquering -- Serial configuration -- Parallel configuration -- Reactive and proactive scalability -- Horizontal scalability -- Vertical scalability -- Exercise -- Virtualization technologies -- LAMP installation -- Scaling the web server -- Resiliency -- EC2 persistence model -- Disaster recovery -- Cascading deletion.

Bootstrapping -- Scaling the compute layer -- Proactive scalability -- Scaling a database server -- Summary -- Further reading -- Chapter 4: Hybrid Cloud Architectures -- Effective migration to the cloud -- Extending your data center -- All in the cloud -- VPC -- Tenancy -- Sizing -- The default VPC -- Public traffic -- Private traffic -- Security groups -- Creating a security group -- Chaining security groups -- Bastion host -- Hybrid deployment -- Software VPNs -- Static hardware VPNs -- Dynamic hardware VPNs -- Direct Connect (DX) -- Storage gateway use cases -- Network filesystems with file gateways -- Block storage iSCSI with volume gateway - stored -- Block storage iSCSI with volume gateway - cached -- Virtual tape library iSCSI with a tape gateway -- The Database Migration Service -- Homogeneous migration -- The AWS Schema Conversion tool -- Heterogeneous migrations -- Summary -- Further reading -- Chapter 5: Resilient Patterns -- Technical requirements -- Route 53 -- Health checks -- Record types -- Summary -- Further reading -- Chapter 6: Event Driven and Stateless Architectures -- Technical requirements -- Web application hosting -- Route 53 -- Serverless application architecture -- Streaming data architecture -- Summary -- Further reading -- Chapter 7: Integrating Application Services -- Technical requirements -- SQS as a reliable broker -- Asynchrony -- Creating a queue -- Security -- Durability -- Message delivery -- Message reception -- Messaging patterns -- Managing 1:N communications with SNS -- Subscriber -- Fanout -- Authenticating your web and mobile apps with Cognito -- Cognito user pools -- Federated identities -- API Gateway integration -- Request flow -- WebSockets in AWS -- AWS IoT -- AWS AppSync -- Web app demo -- Summary -- Further reading -- Chapter 8: Disaster Recovery Strategies -- Technical requirements.

Availability metrics -- The business perspective -- Business impact analysis -- Recovery Time Objective (RTO) -- Recovery Point Objective (RPO) -- Availability monitoring -- Backup and restore -- Preparation phase -- In the case of a disaster -- Trade-offs -- Pilot light -- The preparation phase -- In the case of a disaster -- Trade-offs -- Warm standby -- The preparation phase -- In the case of a disaster -- Trade-offs -- Multi-site active-active -- The preparation phase -- In the case of a disaster -- Trade-offs -- Best practices -- Summary -- Further reading -- Chapter 9: Storage Options -- Technical requirements -- Relational databases -- RDS -- Managed capabilities -- Instances -- Parameter groups -- Option groups -- Snapshots -- Events -- Multi-AZ -- Read replicas -- Caching -- Object storage -- Simple storage service -- Data organization -- Integrity -- Availability -- Cost dimensions -- Reducing cost -- Durability -- Maximum durability -- Limited durability -- Use cases -- Consistency -- Storage optimization -- Creating objects from the CLI -- Copy an existing object -- Using a lifecycle policy -- Lifecycle policies -- Archiving with Glacier -- Retrieval options -- Workflow -- NoSQL -- DynamoDB -- Control plane -- Managed capabilities -- Consistency -- Local secondary index -- Global secondary index -- DynamoDB Streams -- Global tables -- Summary -- Further reading -- Chapter 10: Matching Supply and Demand -- Technical requirements -- Elastic Load Balancing -- Classic Load Balancer - CLB -- Network Load Balancer - NLB -- Application Load Balancer - ALB -- Creating an Application Load Balancer -- ELB attributes -- Stateless versus stateful -- Internet-facing versus internal-facing -- TCP passthrough -- Cross-zone load balancing -- Connection draining -- AWS Auto Scaling -- Alternate flow -- Create a launch configuration -- Auto Scaling groups.

Resiliency -- Summary -- Further reading -- Chapter 11: Introducing Amazon Elastic MapReduce -- Technical requirements -- Clustering in AWS -- High performance computing -- CfnCluster -- Enhanced networking -- Jumbo frames -- Placement groups -- Creating a placement group -- Benchmarking -- Elastic MapReduce -- MapReduce -- Analyzing a public dataset -- Summary -- Further reading -- Chapter 12: Web Scale Applications -- Technical requirements -- AWS Lambda -- Summary -- Further reading -- Chapter 13: Understanding Access Control -- Technical requirements -- Authentication, authorization, and access control -- Authentication -- Authorization -- Access control -- Authenticating via access control methods -- Usernames and passwords -- Multi-factor authentication -- Programmatic access -- Key pairs -- IAM roles -- Cross-account roles -- Web identity and SAML federation -- Federation of access -- Web identity federation -- SAML 2.0 federation -- IAM authorization -- Users -- Groups -- Roles -- Identity-based policies -- Managed policies versus inline policies -- Writing policies from scratch by using a JSON policy editor -- Using the visual editor within IAM -- Copying an existing managed policy -- Inline policies -- Summary -- Further reading -- Chapter 14: Encryption and Key Management -- Technical requirements -- An overview of encryption -- Symmetric key cryptography -- Asymmetric key cryptography -- EBS encryption -- Encrypting a new EBS volume -- Encrypting a new EBS volume during the launch of a new EC2 instance -- Encrypting an existing EBS volume -- Amazon S3 encryption -- Server-side encryption with S3 managed keys (SSE-S3) -- Server-side encryption with KMS managed keys (SSE-KMS) -- Server-side encryption with customer managed keys (SSE-C) -- Client-side encryption with KMS managed keys (CSE-KMS).

Client-side encryption with KMS managed keys (CSE-C) -- RDS encryption -- How to enable encryption -- Steps to encrypt an existing database -- Key Management Service (KMS) -- So, what is KMS? -- Customer master keys -- Data encryption keys (DEK) -- Key policies -- Grants -- Key rotation -- Manual key rotation -- Summary -- Further reading -- Chapter 15: An Overview of Security and Compliance Services -- Technical requirements -- AWS CloudTrail -- Amazon Inspector -- Installing the agent -- Assessment templates, runs, and findings -- AWS Trusted Advisor -- Yellow warning under service limits -- Red warning under service limits -- AWS Systems Manager -- Resource groups -- Creating a resource group -- Actions -- Insights -- Shared resource -- AWS Config -- Configuration item -- Configuration streams -- Configuration history -- Configuration snapshot -- Configuration recorder -- Config rules -- Resource relationship -- High-level process overview -- Summary -- Further reading -- Chapter 16: AWS Security Best Practices -- Technical requirements -- Shared responsibility model -- Data protection -- Using encryption at rest for sensitive data -- Taking advantage of encryption features built into AWS services -- Using encryption in transit for sensitive data -- Protecting against unexpected data loss -- Using S3 MFA delete to prevent accidental deletion -- Using S3 lifecycle policies -- Implementing S3 versioning to protect against unintended actions -- Virtual Private Cloud -- Using security groups to control access at an instance level -- Using NACLs to control access at a subnet level -- Implementing the rule of least privilege -- Implementing layers in your VPC -- Creating Flow Logs to obtain deeper analysis of network traffic -- Identity and Access Management -- Avoid sharing identities -- Using MFA for privileged users -- Using roles -- Password policy.

Assigning permissions to groups instead of to individual users.

With rapid adaptation of the cloud platform, the need for cloud certification has also increased. This is your one stop solution and will help you transform yourself from zero to certified. This guide will help you gain technical expertise in the AWS platform and help you start working with various AWS Services.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2022. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.