Architecting on AWS - Tips and Tricks

This is my list of hints and tips for this course. It’s markdown so you can save it, access it or store it anywhere. I might also give you other links that are course specific. I’ll add specific answers to questions I get during the course. I’ll share it with everyone on this page.

Your Instructors

Administrivia

We need to jump through some hoops to get access to the labs and slide decks. Be consistent with the email address you use for all sites. There are three seperate sites you need to access and one bitly link which is this page:

  • Join or login to https://www.aws.training/ to ensure your training and certifications are captured. No we don’t spam you or sell your details.
  • Access Qwiklab (yes it is spelt INCORRECTLY)
    • aws.qwiklabs.com for the labs in this class
    • run.qwiklabs.com for outside of the class or to do other labs at your own pace.
    • NOTE: Some are free others require course credits. Also check out the AWS Professional Developer Series of MOOCs on edX https://www.edx.org/aws-developer-professional-series and there are MOOCs on Coursera too.
  • Access the course notes and slides. You’ll receive two emails. One confirming your attendance at this course and with the following links. The download link seems broken. You can download apps for phones, tablets and laptops. Or use your browser.
  • www.vitalsource.com look for a signup link and download link. Or just go to https://evantage.gilmoreglobal.com/#/user/signin
  • Once you’ve logged into Vitalsource (aka Bookshelf, Gilmore, eVantage) you can redeem your unique course materials code (in a seperate email) and update your book list. You should see a lab guide and student guide for DevOps on AWS, version 2.3 and 2.4. Just pick the latest version as they’ve bundled together by the vitalsource folks.
  • The student guide is the powerpoint decks and notes and the lab guide is the step by step instructions for the labs. The lab guide is included in the labs so this document is somewhat redundant. You can download the Vitalsource Bookshelf app for Windows, Mac, IoS and Android at https://support.vitalsource.com/hc/en-us/articles/201344733-Bookshelf-Download-Page
  • You can probably print the student and lab guides to pdf from the app. You’ll need to confirm this as the vitalsource folks update the app and website each week.

Group and Individual Exercises

What is DevOps?

  • split into groups and agree on a definition of DevOps. Also describe key attributes of a DevOps culture. Also describe issues or challenges with DevOps. What DevOps metrics do you track?
  • Time 20 - 30 minutes max
  • Nominate a spokesperson and spend 2 or 3 minutes describing your findings to the class

Cool links

Best Practice

Migration Best Practice

Compute links

Containers

Database and Storage links

Network links

  • Privately connect to AWS Services without using an Internet gateway, NAT or firewall proxy through a VPC Endpoint. Available AWS services include S3, DynamoDB, Kinesis Streams, Service Catalog, EC2 Systems Manager (SSM), Elastic Load Balancing (ELB) API, Amazon Elastic Compute Cloud (EC2) API, and SNS.
  • DX security concerns (Advanced Networking guide ppgs 255 to 290)

Big Data Links

Migrating Relational Data to RDS and Redshift

Security links

  • S3 Access Control Lists (ACLs) explains how permissions are or can be applied to S3 buckets. This is a tedious read but worth while for anyone interested in simple permission management of cross account access or large number of accounts and say log consolidation to one account or bucket.
  • Educate our customers and show them how to use services like Well Architected, Trusted Advisor, Inspector, Macie, Shield, WAF, Partner tooling, etc to get secure. Make sure your customers are fully conversant and implementing our guidance from https://aws.amazon.com/whitepapers/#essentials and get them to audit their use of our services as per https://d1.awsstatic.com/whitepapers/compliance/AWS_Auditing_Security_Checklist.pdf .
  • We also have people reviewing our services for the upcoming GDPR legislation that will come into effect in Europe in May 2018. Perhaps we could have an update on what that impact will be. (positive for issues like this from my brief conversations)
  • As Werner said ‘dance like nobody is watching and secure like everybody is watching’ [sic].
  • IAM Ninja and Deep Dives from ReInvents
  • Multiple Account Deep Dives

Monitoring

  • Other than VPC Flow Logs what other monitoring options are available on AWS?
  • Amazon GuardDuty analyzes AWS CloudTrail, VPC Flow Logs, and AWS DNS logs. The service is optimized to consume large volumes of data for near real-time processing of security detections. GuardDuty gives you access to built-in detection techniques that are developed and optimized for the cloud and maintained and continuously improved upon by AWS Security. Amazon GuardDuty pulls independent streams of data directly from AWS CloudTrail, VPC Flow Logs, and AWS DNS logs. You don’t have to manage Amazon S3 bucket policies or modify the way you may collect and store your logs. GuardDuty permissions are managed as Service Linked Roles that you can revoke at any time by disabling GuardDuty. This makes it easy to enable the service without complex configuration and it eliminates the risk that an AWS IAM permission modification or S3 bucket policy change will affect the operation of the service. It also makes GuardDuty extremely efficient at consuming high-volumes of data in near real-time without affecting the performance or availability of your account or workloads. Also no performance impact. https://aws.amazon.com/guardduty/faqs/

Visualize your AWS environment

Self paced Learning and Building

Continue reading articles in my Amazon Web Services series