#AWS DVA-C02 notes
There are some notes that I make during my exam prep
** S3
Can have logs to send all request logs to another bucket.
Encryption Ø Aws:SecureTransport to enfoce HTTP/SSL.
** API Gateway.
RestFul APIs: --> For serversless and webapps. --> JSON
Multiple versions of API
Integrated with cloudwatch.
Import API. --> API definition file. --> OpenAPI known as Swagger.
Legacy protocols. --> SOAP. --> Configure API GW as SOAP webservice passthrough. --> Use API GW to transform XML response to JSON.
Caching. --> Chaching API calls to avoid call backend. --> TTL default of 300 seconds.
Throttling. --> Per region. -> 10,000 req.ps and 5,000 concurrent requests. (default.)
** Lambda:
Alias to an specific version. $LATEST for latest version
Limits: --> 1000 executions per region. Ø TooManyRequestsException Ø HTTP Code 429 Ø Request thx limit exceeded Ø Reserved concurrency is always available, but acts as a limit. Ø By default, cannot access VPC. § Private subnet ID § SG ID § Lambda creates an ENI in the VPC like a vpc interface.
** Step Functions
--> Create a cloudformation stack.
--> Visualize serverless app.
--> Automate trigger and tack ach step.
--> Loggin to track what we have done.
Standard workflow:
--> Up to 1 year
--> Log to 90days after exec.
--> At-most-once-model.
--> Non-idempotent.
Express Workflows
--> Short Lived, up to 5 minutes.
--> At-least-Once
--> Idempotent.
--> Identical request is considered idemptotente
s. Synchronous:
i. Begins a workflow.
ii. Waits for tbe completed.
iii. Returns the result.
t. Asynchronous:
i. Begin a workflow.
ii. Confirms the workflow has started.
iii. Result can be found in Cloudwatch logs.
iv. Great for services that are not hight-dependand of the result.
** X-Ray
Tool to help Dev to analyze and debug distributed apps, mostly serverless. --> Latency. --> HTTP status codes. --> Errors. Integrations: --> AWS Services. --> Own apps. --> API calls using SDK.
Config on EC2 --> Install x-ray agent. --> Configure x-ray sdk. --> Use the x-ray sdk to send traces. --> SDK to interact. --> Daemon that handles the program.
Config on ECS. --> Configure the daemon in the image.
Annotations. --> Key-value pair to record additional info.
CI/CD
** Software best practice. ** Make small changes and automate everything. ** Shared code repository. -> Automate build. -> Automated test. -> After build is merged. -> Prepared for deployment.
CodeCommit. -> Source and version control. -> Integrate and merge code. -> Code, binaries, libraries and images, etc. -> GIT but centralized.
CodeBuild. -> Compiles source code, runs tests and produce Packages ready to deploy. CD
BuildSpec
Codedeploy. -> Automates code deployment to any instance, including -> EC2, lambda and on-premises.
-> In place deployment or Rolling.
Ø Capacity reduced because instance needs to be stopped.
Ø Lambda not supported.
Ø New version is called Revision
§ Instance is online again.
Ø The unique rollback is re-deploy.
-> Blue/green deployment on ECS just for new app.
New instances are created.
No capacity reduced.
Easy to switch between old and new.
More costs because you have to pay for two environments.
AppSpec File.
--> Configuration file that defines the parameter to be used during
A CodeDeploy deployment.
Need to be in the root
YAML for EC2 and on-premises.
JSON and YAML for lambda.
Estructure
Version
OS
Files (config, packages)
Hooks: Scripts to be run at a specific point of the deployment.
Unzip files.
Run tests.
Deal with ALB registration.
Parametres depends of the deploy stage.
The order is called Run Order.
BeforeBlockTraffic
BlockTraffic
AfterBlockTraffic
ApplicationStop
ApplicationStop
DownloadBundle: CodeDeploy agent copies the application revision files to a temporary location.
BeforeInstall
Install
AfterInstall
ApplicationStart
ValidateService
BeforeAllowTraffic
AllowTraffic
AfterAllowTraffic
Codepipeline -> End-to-end solution, build, test and deploy the app every time code is Changed. -> Fully managed CI/CD -> Pipeline is triggered every time there is a change to your code. Orchestrator. -> Automated release process. Integrates with: CC CB CD Github Elastic BNs Cfor Lambda ECS Jenkins
-> Pipeline workflow.
1. CP: Workflow defined and a change is detected.
2. CC: new code appears.
3. CB: Compiles, and test new code.
4. Application is deployed.
CodeArtifact -> Artifact repository that makes it easy for devs to find needed software packages they need. Central repository to be used for devs to obtain the correct version of the software packages requiered for her projects.
Ø Artifact repo: Store, publish and share.
Ø Software packages: Used in software development processes.
Ø Including OpenSource: Open-source software from public repos.
Ø Integration with public repos: they can approve this packages.
CodeArtifact domain.
Domain-name:
1. Repo.
2. Upstream repo.
2.1 External connection to the public repo.
3. Dev checks the repository.
** ECS
Container orchestration Instances: EC2 -> More control. Serverless: Fargate. -> Ease of management. ECR: Container registry to store images.
Can deploy docker containers with Elastic Beanstalk.
Can be used with CC in CLI
** Cloudformation.
Ø Manage, configure and provision AWS infrastructure as a code.
Ø Templates in YAML and JSON.
Ø Structure:
○ Parameters: Input values before launch template.
○ Conditions: Test a condition and take action based on the condition.
○ Mappings: User defined value.
○ Transform: Include snippets of code outside main template.
§ S3.
§ Lambda
○ Resources: Obligatory, defines the resources to deploy.
○ Output: Displays on the console.
§ It is possible to export the recently created ID resources to make references
In another stack.
Ø Nested Stacks.
○ Re-use of CloudFormation code
○ Is a Parameter
○ TemplateURL
○ For frecuent configurations.
○ Reference in the resource section of any CloudFormation template using Stack resource type
** SAM Ø Serverless Application Model. ○ Own CLI and commands. ○ Extension of Cloudformation used to define Serverless applications. ○ Resources and transform. ○ Simplified syntax. ○ Sam package command: § Takes a yaml template and export to a sam compatible. ○ Sam deploy command: § Deploy serverless application using CloudFormation.
** Web Identity Federation.
Simplifies authentication and authorization for web applications.
** Cognito Provides web ID federation using temporary credentials. Identity broker. Multiple devices Eliminates the overhead to add adicional code. Highly recommended for mobile apps that use aws services.
User pool: User directories sign-in and sign-up
Identity pool: Enables providing AWS credentials.
Workflow:
Ø User logs in FB.
Ø User pool authorizes the user, app returns a token.
Ø Identity pools gives to the user AWS temporary credentials and a role
Is assigned to access the resource.
Ø Callback URL is the one that’s returned to the user once they have signed.
Ø Integrate multi-factor authentication (MFA) to a user pool in Cognito to protect the identity of your users.
Synchronization across devices.
Push Sync sending a SNS notifications to give devices information when the user information changes.
STS
Ø AssumeRoleWithWebIdentity
Ø Auths using FB
Ø The app returns a token.
Ø STS exhange the token to give AWS temporary credentials.
Ø AssumedRoleUser is used to reference, not IAM role or user.
KMS Ø Envelopment.
CMK
-> Alias > Description > Key Material.
Permissions thru IAM to admin and usage, they need different permissions.
§ Managed: AWS keys integrated with services like kms/s3
§ Customer Managed: Up to 4KB.
§ Data key: Key used to encrypt data.
§ A CMK can be used to generate, encrypt and decrypt data keys.
S3. Parallel scans
** DynamoDB
Ø Global secondary index
Ø Leading keys - aocciate to user.
Ø Scan reads all items in a database
Ø Query needs to be explicitly defined as strongly consistent reads if you want them, is eventually by default, ascendant order, ScanIndexForward parameter to set descendant.
Ø A stream record is available for 24 hours.
Ø Poll based execution limit equals to the AWS service resource.
Ø Push based execition limit is 1000 and its calculated = response time x resources per second.
Ø IAM condition to enable user just to access information related with Leading Keys.
Ø Projection Expression to refine results.
Indexes
Secondary Index for flexible querying and fast on specific columns.
Local:
Ø Same partition key.
Ø Different view with alternative sort key.
Ø Faster queries.
Ø Created when created table.
Global
Ø Created any time.
CLI
Scan: FilterExpression
** DAX
Ø Read-heavy.
Ø Not suitable for strongly consistent reads.
Lambda
Límites:
IAM Alamcenar contrase;as de forma segura.
Kinesis
○ Stream: Real time with Data Streams and Video Streams.
○ Data Firehose: Capture and transform and loading data in near real-time w BI tools.
○ Analytics: Analyze, query and transform data to store the results on AWS data store.
Data Streams.
Ø Default retained 24 hours, maximum 365days.
Ø Shards:
§ 2MB read per second.
§ 1MB write per second.
§ Order of records is maintained, sequence order.
Video Streams.
Ø Video Streams:
§ Video.
Data Firehouse
Ø No data retention.
Ø Lambda optional to retain the data.
Analytics
Ø Run SQL queries to analyze data.
Typically, when you use the KCL, you should ensure that the number of instances does not exceed the number of shards (except for failure standby purposes). Each shard is processed by exactly one KCL worker and has exactly one corresponding record processor, so you never need multiple instances to process one shard. However, one worker can process any number of shards, so it’s fine if the number of shards exceeds the number of instances.