AWS Business Essentials - Tips and Tricks

This is my list of hints and tips for this course. It’s markdown so you can save it, access it or store it anywhere. I might also give you other links that are course specific. I’ll add specific answers to questions I get during the course. I’ll share it with everyone.

Your Instructors

• Ian Falconer https://www.linkedin.com/in/leftbrainstuff/

Cool links

• James Hamilton, AWS SVP, talks about our infrastructure. This should be the first AWS video you watch. Here’s the youtube video. https://www.youtube.com/watch?v=JIQETrFC_SQ There are Youtube videos from more recent ReInvents with some updates too. Here is James in 2016. It’s titled as Global Innovation at Scale. https://www.youtube.com/watch?v=uj7Ting6Ckk
• AWS re:Invent 2017: Scaling Up to Your First 10 Million Users (ARC201). This is like the Tech Essentials course in a single video. Well worth a watch. https://www.youtube.com/watch?v=w95murBkYmU
• Amazon EC2 Instance Types explained in neat tabular comparisons. https://aws.amazon.com/ec2/instance-types/ . Also here’s a third party site that has a table that lets you sort on memory, network performance, cost and instance type. You can also quickly compare costs here too. https://ec2instances.info/
• An external post about S3 data leaks. The AWS Shared Responsibility Model is key to avoiding this misconfiguration. https://aws.amazon.com/compliance/shared-responsibility-model/ Engage with your AWS Solution Architects to get your security right. CIA CIO John Edwards has publicly stated that “it’s the best decision we’ve ever made” and “It’s the most innovative thing we’ve ever done” in reference with the CIA’s partnership with AWS. Here are the links. https://fcw.com/articles/2017/06/14/cia-cloud-aws.aspx and https://www.cio.com/article/2375269/hybrid-cloud/cia-off-and-running-with-amazon-web-services.html
• Latency between AWS regions. Lot’s of good empirical data points. Note these are averages over a 24 hour period. https://www.cloudping.co/
• Latency - Lots of interesting links here. http://highscalability.com/latency-everywhere-and-it-costs-you-sales-how-crush-it
• List of CIDR ranges of AWS regions http://ec2-reachability.amazonaws.com/
• How we handle prime day (DynamoDB) https://www.youtube.com/watch?v=83-IWlvJ__8
• Benchmark tests of EC2 versus other bare metal and cloud servers. AWS keeps innovating relentlessly. https://www.phoronix.com/scan.php?page=article&item=cloud-cpu-36&num=1
• AWS Open Guide on GitHub is a good summary of AWS Documentation https://github.com/open-guides/ We have also open sourced our documentation at https://github.com/awsdocs and the full list of AWS services with their documentation links is at https://docs.aws.amazon.com/index.html#lang/en_us
• You can check the overall health and availability of AWS globally at the Service Health Dashboard (SHD) https://status.aws.amazon.com/ You can also use the AWS Health API to programatically check for service health at https://docs.aws.amazon.com/health/latest/ug/getting-started-api.html
• All AWS quickstarts (aka reference architectures) are now in github https://github.com/aws-quickstart
• Adrian Cockcroft AWS VP of Cloud Architecture Strategy and former CTO of Netflix. Here’s his Youtube playlist with talks about DevOps, migrations, Netflix lessons learned and digital transformation topics. https://www.youtube.com/playlist?list=PL_KXMLr8jNTnwkzV7SePa0jHFUG2qn0MA
• The Network is Reliable and other fallacies. Key performance and reliability concerns of distributed systems. https://blog.acolyer.org/2014/12/18/the-network-is-reliable/
• Architecture reviews are important. The cloud design principles, here is the 2011 AWS Whitepaper https://media.amazonwebservices.com/AWS_Cloud_Best_Practices.pdf and the Well Architected Review are key inputs. https://aws.amazon.com/architecture/well-architected/
• AWS General Reference. https://docs.aws.amazon.com/general/latest/gr/Welcome.html This document is a key reference when architecting and designing AWS solutions.

Ian’s list of links for weekly review of all stuff AWS. (trying to keep up with the firehose)

• Search for AWS and Deep Dive or Ninja and you’ll find lots of great videos or slideshares.
• AWS is continually sharing more good stuff on github. https://github.com/aws
• AWS What’s New: https://aws.amazon.com/new/
• And my favourite the weekly AWS Podcast https://aws.amazon.com/podcasts/aws-podcast/
• The first place to start on any of AWS’ more than 125 services is the the faq pages for each product (this is where I start reading) https://aws.amazon.com/faqs/

https://aws.amazon.com/podcasts/aws-podcast/ and all the faq pages for each product (this is where I start reading)

AWS has released a number of webinars and now has a monthly cadence https://aws.amazon.com/about-aws/events/monthlywebinarseries/

AWS Answers is now available to the public. It contains some interesting links. https://aws.amazon.com/answers/

Get to know your AWS Solution Architects and your Technical Account Manager (TAM). The SAs help you to architect and understand best practice. The TAMs provide support for your applications running on AWS. They can help you prepare for major events like testing and scaling. They can also help troubleshoot and provide visibility into AWS infrastructure metrics for troubleshooting. https://aws.amazon.com/premiumsupport/faqs/

AWS Glossary contains service names and nomenclature https://docs.aws.amazon.com/general/latest/gr/glos-chap.html

Security links

• AWS Compliance mapping to services https://aws.amazon.com/compliance/services-in-scope/
• Norse attack map http://map.norsecorp.com/#/
• Educate yourself on how to use services like Well Architected, Trusted Advisor, Inspector, Macie, Shield, WAF, Partner tooling, etc to get secure. Make sure you are fully conversant and implementing our guidance from https://aws.amazon.com/whitepapers/#essentials and audit your use of AWS services as per https://d1.awsstatic.com/whitepapers/compliance/AWS_Auditing_Security_Checklist.pdf .
• S3 permissions can be on buckets, bucket contents and applied to objects say at upload. https://docs.aws.amazon.com/cli/latest/userguide/using-s3-commands.html for a deeper dive.
• If you search the web for ‘aws deep dive’ AND sa ‘security’ you’ll find some great videos and slide decks from ReInvent, our public bootcamps and from many of AWS SMEs. Here’s one on security goverance https://www.youtube.com/watch?v=xjtSWd8z_bE and here’s another on a service GuardDuty. https://www.youtube.com/watch?v=o2YaIsps5LY
• A useful article on using parameter store to store secrets. https://aws.amazon.com/blogs/mt/the-right-way-to-store-secrets-using-parameter-store/
• Apple are publicaly mentioning their use of S3 in https://images.apple.com/business/docs/iOS_Security_Guide.pdf
• Security Assessments on Github (also AWS Services like Inspector too)
  • https://github.com/awslabs/aws-security-benchmark/blob/master/aws_cis_foundation_framework/CIS_Amazon_Web_Services_Foundations_Benchmark_v1.1.0.pdf
  • https://github.com/Alfresco/prowler
  • Netflix Security Monkey. https://github.com/Netflix/security_monkey
  • Lambda script to install the SSM agent https://github.com/awslabs/amazon-inspector-agent-autodeploy
  • Inspector blog post https://aws.amazon.com/blogs/aws/scale-your-security-vulnerability-testing-with-amazon-inspector/
  • Use Inspector to assess the NIST Quickstart for vulnerabilities
    • https://docs.aws.amazon.com/inspector/latest/userguide/inspector_quickstart.html
    • Install the Inspector agent. https://docs.aws.amazon.com/inspector/latest/userguide/inspector_installing-uninstalling-agents.html
• IAM Ninja and Deep Dives from ReInvents
  • IAM Policy Ninja (300ish level) https://www.youtube.com/watch?v=aISWoPf_XNE
  • Here is an IAM talk from ReInvent 2016 https://www.slideshare.net/AmazonWebServices/aws-reinvent-2016-iam-best-practices-to-live-by-sac317
• Multiple Account Deep Dives
  • AWS re:Invent 2016: NEW SERVICE: Manage Multiple AWS Accounts with AWS Organizations (SAC323) https://www.youtube.com/watch?v=Oeb7PDyiT2A
  • AWS re:Invent 2017: Architecting Security and Governance Across a Multi-Account Stra (SID331) https://www.youtube.com/watch?v=71fD8Oenwxc
• Neat explanation with graphics of signing of urls https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

Databases, ETL and Storage links

• Choosing the right AWS big data services for the right use cases. Here’s a ReInvent Deep Dive on the AWS Big Data ecosystem. AWS re:Invent 2016: Big Data Architectural Patterns and Best Practices on AWS (BDM201) https://www.youtube.com/watch?v=RNrsIlweCno
• AWS Answers contains deployable solutions for common big data problems. Great for prototyping and reverse engineering. These solutions also contain best practices in terms of tagging, nomenclature, applying the rule of least privilege and integrating services. https://aws.amazon.com/answers/big-data/
• AWS Big Data and Analytics Sessions at Re:Invent 2018 which summarizes many of the big data sessions in one page. https://noise.getoto.net/2018/11/14/aws-big-data-and-analytics-sessions-at-reinvent-2018/
• the aws architecture blog also has good articles for lift and shift according to what you’re trying to accomplish… https://aws.amazon.com/blogs/architecture/tag/lift-and-shift/

Migration Best Practice

• Migrating to AWS - Best Practices and Strategies is a good starting point for execs and planners https://d1.awsstatic.com/Migration/migrating-to-aws-ebook.pdf
• AWS Cloud Adoption Framework (CAF) https://aws.amazon.com/professional-services/CAF/
• AWS Cloud Adoption Readiness Tool (CART) https://cloudreadiness.amazonaws.com/#/cart
• AWS Server Migration Service requirements https://docs.aws.amazon.com/server-migration-service/latest/userguide/prereqs.html
• Migrating to AWS https://aws.amazon.com/cloud-migration/
• Cloud stages of adoption in the AWS blog titled Cloud Transformation Maturity Model: Guidelines to Develop Effective Strategies for Your Cloud Adoption Journey https://aws.amazon.com/blogs/publicsector/cloud-adoption-maturity-model-guidelines-to-develop-effective-strategies-for-your-cloud-adoption-journey/
• Stephen Orban’s 2017 post on how Capital One journeyed through the Cloud stages of adoption titled Capital One’s Cloud Journey Through the Stages of Adoption https://medium.com/aws-enterprise-collection/capital-ones-cloud-journey-through-the-stages-of-adoption-bb0895d7772c
• Check out the AWS Migration Hub https://aws.amazon.com/migration-hub/ and related tooling to support your Migrations
  • AWS Database Migration Service Best Practices https://docs.aws.amazon.com/dms/latest/userguide/dms-ug.pdf#CHAP_BestPractices
  • Getting Started with the Migration Hub https://docs.aws.amazon.com/migrationhub/latest/ug/getting-started.html

Continue reading articles in my Amazon Web Services series

• Data Warehousing on AWS
• Migrating to AWS
• AWS Business Essentials
• IAM Demo
• Architecting on AWS
• SysOps on AWS
• S3 Demo
• Predict the Future
• AWS Tech Essentials
• Developing on AWS
• DevOps on AWS
• Advanced Architecting on AWS
• Big Data on AWS
• AWS Deep Dive Toolbox
• Security Engineering on AWS
• Deep Learning on AWS
• AWS List of Services
• Networking on Aws
• AWS Data and Analytics
• Microsoft Immersion Day
• Adelaide Deep Racer Hints and Tips
• Deep Racer Awards
• Windows on AWS
• AWS Ask Me Anything
• Cloudwatch and Systems Manager Workshop
• Containers Immersion Day
• Redshift Immersion Day
• Innovation in Ambiguity
• AWS Contingency Planning
• AWS CLI Examples
• Migrating to Cloud in 2023
• Chaos Engineering Workshop
• Chatgpt Friend or Foe