custom-CCP-Rev3 10b

Prévia do material em texto

Welcome to AWS Training and 
Certification
AWS Cloud Practitioner Exam Prep for Partners 
Mário Zakorchini Jr
mzakor@amazon.com
2
Course Agenda
AWS Cloud & Core Services
Welcome and Introductions 
Module 1: Understanding the AWS Cloud 
Module 2: Security and Compliance 
Module 3: AWS Architecture and Services
Module 4: Pricing, TCO and Cost Optimization
Module 5: AWS Well Architected Framework 
Simulation: CCP prep question 
Q&A Session
Module 6: APN Resources to Help You
3
Certification Paths
Updated on May, 2019 
4
• 90 minutes
• US$ 100,00
• Immediate Result
• Score : 100 to 1000 (Minimum 700 PASS)
• 65 questions
AWS Certified Cloud Practitioner
About the Exam
.
What are AWS services? :
( • ) IAM
( • ) CloudFront
( ) AWS Games
( ) ForCloud
( ) Discovery Tiers
Multiple-responses:
CloudFront Service Infrastructure:
( • ) EdgeLocations
( ) Data Centers
( ) AWS Transceivers
( ) Cloud Content
( ) External DNS
Multiple-Choice:
5
AWS Certified Cloud Practitioner
Exam Topics
https://aws.amazon.com/certification/certified-cloud-practitioner/
6
How to add 30min (1/2)
Non-native English speaking countries are eligible to add 30min to exam time.
Standard Time: 90min
Extended Time: 120min
ü Must be done before exam scheduling. 
ü Auto approval process. 
ü 1 time only.
How to do this?
Go to certification portal (aws.training/Certification)
aws.training/Certification
7
How to add 30min (2/2)
8
Linking a Partner Account to a Certification Account
Problem: Partners not be credited for employee certifications.
Solution: fill in a new field called "AWS Training and Certification Account Email" 
New user registration Existing user update
9
• AWS Training (aws.amazon.com/training) 
– AWS Business Professional (Digital)
– AWS TCO and Cloud Economics (Digital)
• Whitepapers da AWS
– Overview of Amazon Web Services
– Architecting for the Cloud: AWS Best Practices 
– How AWS Pricing Works
– Cost Management in the AWS Cloud
– AWS support plan comparison
AWS Certified Cloud Practitioner
Resources apn-portal.com
https://www.aws.training/learningobject/curriculum?id=11787
https://www.aws.training/learningobject/curriculum?id=10743
https://aws.amazon.com/pt/whitepapers/
https://docs.aws.amazon.com/aws-technical-content/latest/aws-overview/introduction.html
https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf
https://d1.awsstatic.com/whitepapers/aws_pricing_overview.pdf
https://d1.awsstatic.com/whitepapers/aws-tco-2-cost-management.pdf
https://aws.amazon.com/premiumsupport/plans/
10
• Review this material.
• Go to AWS site and read about the main services https://aws.amazon.com
• Understand Cloud AWS value proposition, principles and advantages.
• Security in the cloud: AUP, SRM, Compliance, IAM, MFA.
• Global AWS Infrastructure, multi-AZ architectures, services scope.
• Pricing models and organizational structure.
AWS Certified Cloud Practitioner
To Do
.
https://aws.amazon.com/premiumsupport/plans/
https://aws.amazon.com/aispl/aup/
https://aws.amazon.com/compliance/shared-responsibility-model/
https://aws.amazon.com/compliance/
https://aws.amazon.com/iam/
https://aws.amazon.com/iam/details/mfa/
https://aws.amazon.com/about-aws/global-infrastructure/
Module 1:
Understanding the AWS Cloud
12
What is Cloud Computing 
Cloud computing is the on-demand delivery of compute power, 
database storage, applications, and other IT resources through a 
cloud services platform via the internet with pay-as-you-go 
pricing.
Trade capital 
expense for 
variable 
expense
Benefit from 
massive 
economies of 
scale
Stop 
guessing 
capacity
Increase 
speed and 
agility
Stop spending 
money on 
running and 
maintaining data 
centers
Go global 
in minutes
13
Why Customers are Moving to AWS
Scale Globally
Increase 
Innovation
Accelerate Time 
to Business 
ValueReduce 
Expenses
Trade Capital 
Expense for Variable 
Expense
Increase Speed 
& Agility
Streamline & 
Enhance 
Infrastructure 
Decisions
14
Transitioning from a Self-Managed to a Fully Managed Service
Self-Managed Amazon EC2 Service Fully Managed 
Services
Database DB on EC2 
instance RDS
AWS Data 
Center(s)
AWS Data 
Center(s)
Corporate data 
center
Serverless Services
Aurora 
Serverless
AWS Data 
Center(s)
15
What Sets AWS Apart?
Enterprise Leadership
Building and 
managing the cloud 
since 2006
Service Breadth and Depth
Over 165 services
Pace of Innovation
1957 features in
2018
Global Presence
69 Availability Zones in 22 
geographic regions
in the world
Hybrid Cloud
Broadest set of hybrid 
capabilities of any
cloud provider 
Security
#1 Priority
Amazon Culture
73 proactive price
reductions
Largest Partner Ecosystem
AWS Marketplace
and APN
16
AWS Global Infrastructure
22
Geographic 
Regions
69
Availability 
Zones
176
Edge 
Locations
Region
AWS Availability Zone (AZ)
Independent failure zone
Interconnected using 
high-speed private 
links
AZ
AZ
17
• Netflix
• Content close to users = less 
latency
• Static content (web pages, texts, 
images, movies)
Amazon CloudFront
Content Delivery Network (CDN)
Edge Location = Point of presence where the content cache is performed.
18
AWS Platform Services
Over 165 Services
Advanced 
Services
Analytics Artificial 
Intelligence Mobile
Internet of 
Things
Game 
Development
AWS 
Marketplace
Developer 
Tools
Management 
Tools
Business 
Productivity
Application 
Services
Desktop and App 
Streaming
Technical and 
Business Support
Business Process 
Services
Compute Storage Databases Networking/
Cont. Delivery
Hybrid Cloud 
Architecture
Messaging
Foundational 
Services
19
Introducing Amazon Enterprise Applications
WorkSpaces
WorkMail WorkDocs
Productivity
AppStream 2.0
Desktop & Apps
UC and Customer Service
Amazon Chime Amazon Connect
20
Services Availability per Region
.
• Take into account 
the availability of 
services in each 
region.
• Service values 
vary by region.
Region Table
https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/
21
AWS Marketplace Overview
AWS Marketplace is an 
online store that supports:
Over 1,400 participating ISVs
0
1
230,000+ active customers 
0
2
4,800+ software listings
0
3
Over 650M hours of software per 
month
0
4
22
AWS Hybrid Architecture Support
Almost every AWS customer with on-premises 
infrastructure is running a hybrid architecture.
AWS offers seamless integration with existing on-
premises data centers - customers can leverage 
existing investments 
Easily run on VMWare workloads on AWS with 
seamless deployment and management
AWS offers the only VMWare-delivered, sold and 
supported service available on a leading public cloud
01.
79%
of existing Enterprise 
workloads run on VMware* 
02.
03.
04.
* IDC Worldwide Cloud System Software 2015 Share Snapshot 
Module 2: 
Security and Compliance
24
Security Is Our #1 Priority
Highly Automated Highly Available Highly Accredited
24/7
Compliance and Security at Scale on a Single Platform
25
Customers Benefit from Advanced Security 
Controls
Over 50 global compliance 
certifications and 
accreditations
Powerful native 
functionality and tools at 
little or no cost
Security infrastructure built to 
satisfy military, global banks, 
and other high-sensitivity 
organizations
Benefit from AWS industry 
leading 
security teams 24/7, 
365days a yearLeverage security 
enhancements gleaned from 
1M+ customer experiences
26
Shared Responsibility Model
27
AWS Controls and Responsibilities
Physical and
Environmental Security
Business Continuity Management 
Security
AWS Access
Security
AWS Service-Specific
Security
Configuration
Management Security
Design Principles
Security
AWS Prod
Network
AWS
Corporate 
Network
Code
New way
Old way
28
AWS Built-In Security
Security Focus Security Services and Features
Infrastructure Security
Amazon VPC
AWS WAF
Encryption in-transitwith TLS with all services
AWS Artifact
Identity and Access Control
AWS Identity and Access Management (IAM)
AWS Multi-Factor Authentication
AWS Directory Service
Monitoring and Logging
AWS Trusted Advisor
AWS CloudTrail
Amazon CloudWatch
Amazon Macie
Inventory and Configuration
Amazon Inspector
AWS Config
AWS CloudFormation
DDoS Mitigation
AWS Shield
Auto Scaling
Amazon CloudFront
Amazon Route 53
Data Encryption
Encryption with all AWS storage and database services
AWS KMS
AWS CloudHSM
29
AWS Trusted Advisor
How it works
https://aws.amazon.com/premiumsupport/technology/trusted-advisor/
30
AWS Organizations
Root
Master
SS_Prod
SS_Dev
BU1_Prod
BU1_Test
BU1_Dev
BU2_Prod
BU2_Test
BU2_Dev
Organization
Root
Master account
Member accounts
Organizational unit
Service control policy
(member accounts)
31
Introducing AWS Organizations
Control AWS services 
for linked accounts
Policy-based Management for Multiple AWS Accounts
Consolidate billing 
and usage reporting
Automate 
account creation
SCP
Linked accounts are not charged but they 
can still see their usage and charges by 
going to their AWS Bills pages. 
You can only receive billing reports in a 
bucket that is owned by master account.
AWS Cost and Usage Reports are not 
available to linked accounts.
AWS Cost Explorer are available to all 
accounts.
Volume and Reserved Instances discounts 
applied to all linked accounts in 
consolidated billing.
32
• On-Demand Pricing model
• CVE & CIS Rules Packages
• AWS AppSec Best Practices
Amazon Inspector
Vulnerability Assessment Service
Inspector 
Agent
Inspector 
Agent
Report
Inspector 
Service
EC2 Instance EC2 Instance
Security Findings
per severity
https://aws.amazon.com/inspector/
https://aws.amazon.com/inspector/
33
AWS Shield and AWS Shield Advanced
Provides DDoS protection service 
that safeguards your customers’ 
web applications running on AWS.
• Always-on Detection
• Defend against common attacks
• No Cost for Standard
DDoS : Distributed Denial of Service.
Botnets, massive attacks
• DDos Response Team 24x7
• DDos cost protection
• Global availability
34
On-Demand Access to Compliance Reports
Download Compliance Reports on Demand
AWS Artifact
35
AWS Assurance Programs:
58+ Certifications
https://aws.amazon.com/compliance/
36
AWS Security
Security Bulletins
Module 3: 
AWS Architecture and Services
38
Mapping On-premises Services to AWS
DB
(Master)
DB
(Slave)
Back-ups on 
tapes
Web 
server
Web
server
App serverApp server App server
SAN
LDAP server
Elastic Load 
Balancing
Elastic Load 
Balancing
AWS Directory 
Service
Amazon RDS 
(Master)
Amazon RDS 
(Standby) Backups to 
Amazon S3 or 
Amazon Glacier
Amazon 
Elastic 
Block Store
39
AWS Cloud Hierarchy
Global Services > Regional > VPC > AZ > Host 
Route 53 – DNS
CloudFront
Buckets S3
AMI Images
Instances EC2/RDS
Volumes EBS
Conteiners
Host applications
Anti-virus, Licenses
Region
AZ
Host
40
Use Multi-AZ Patterns to Increase Reliability
Corporate 
network
Corporate 
services
Web app
proxy
Remote 
desktop GW
Web server 
(IIS)
Microsoft 
SQL Server
Application 
server
Private subnetPublic subnet
AZ A
Web app
proxy
Remote 
desktop GW
Web server 
(IIS)
Microsoft 
SQL Server
Application 
Server
Private subnet
Application 1
Public subnet
AZ B
41
Tools for Migrations
• Server Migration 
Service
• Database Migration 
Service
• Snowball
VMware AWS
Source DB Target DB
• Secure, Fast, Offline transfer
• Size: 50TB, 80TB, 100TB.
• Low bandwidth uplinks.
42
AWS Compute Services
Amazon 
EC2
Amazon ECS
AWS
Lambda
Auto Scaling
Compute
Amazon
RDS
Amazon
DynamoDB
Amazon
Aurora
Amazon 
ElastiCache
Databases Security
IAM
AWS KMS AWS Shield
AWS WAFElastic Load 
Balancing*
Amazon 
VPC*
Amazon
Route 53
VPN 
connection
Application 
Load 
Balancer
AWS Direct 
Connect
NetworkingStorage
Amazon
S3
Amazon 
Glacier
Amazon EBS Amazon 
CloudWatch
AWS
CloudFormation
AWS
CloudTrail
AWS
Config
Management
Amazon EC2 
Systems Manager
Amazon 
EFS
Amazon 
Storage 
Gateway
43
• Instances
– Amazon EC2
• Containers
– Amazon ECS, Amazon EKS
– AWS Fargate
• Serverless
– AWS Lambda
AWS Compute Services
How will you deliver the application executables?
44
• Virtual machine instance running on an AWS hypervisor
• Support numerous distributions of Linux or Microsoft Windows
• Complete control of your host operating system with root and administrator 
accounts
• Responsible for all installed applications
Amazon EC2
Amazon Elastic Compute Cloud (Amazon EC2)
https://aws.amazon.com/ec2/
https://aws.amazon.com/ec2/
45
• Virtual machine instance.
• Linux and Microsoft Windows AMI’s.
– Amazon Machine Image: is the image of the 
Operating System that will be loaded in the 
instance.
• Client has full control of the Operating System 
and its applications as admin.
• Multiple types and sizes of instances.
• Remote access via SSH or Remote Desktop.
Amazon EC2
Platform
Window Svr
https://aws.amazon.com/ec2/
46
• Defines which OS to use (Linux, Windows).
• Public and private AMI’s.
• Defined at instance launch process.
Amazon Machine Image (AMI)
AMI Content
EC2 AMI
47
Amazon EC2 - Instance Types
General 
purpose
Compute
optimized
C5
Storage and I/O
optimized
H1
GPU
enabled
Memory
optimized
D2
I3
P3
G2
F1
M4 C4
z1d
R4
M5d
M5
t2
t3
C5d X1 & X1e
R5 & R5dP2
Burst CPU 
48
AWS Instance Access
Amazon EC2 Instance Launch:
AWS CLI
AWS SDK
49
AWS CLI
How to use the AWS CLI tool:
• Can be installed on : Windows, Linux, macOS, or Unix
• Requires : Python 2 version 2.6.5+ or Python 3 version 3.3+
• Easy installation method using ‘pip’
Created into an IAM user
programmatic key
IAM > Users > ‘user’ > Security Credentials > Access keys
50
Amazon EC2 –Remote Access
At the moment of creation of the instance it is defined which key-
pair will be used to access the instance.
SSH – Command Line
TCP port 22
RDP – Remote Desktop
TCP port 3389
“A key pair consists of a public key that AWS 
stores, and a private key file stored by the user.”
Private Key
Public Key
AWS
Administrator
51
• User-defined policies driven by CloudWatch
• Health status checks
• Schedules
• Manually using set-desired-capacity in the CLI
Auto Scaling
Automatically launch or terminate Amazon EC2 instances
Scale out to meet demand, scale in to reduce costs.
52
How Does Auto Scaling Work?
Launch 
configuration
1
Auto Scaling 
group
Auto Scaling 
policy
Scheduled 
action
2
3
Auto Scaling group defines:
• Name
• Launch configuration name
• Min and Max
• AZ or subnet
• Load balancer
• Desired capacity
• Etc.
Specifies when to increase or 
decrease Amazon EC2 
instances based on 
CloudWatch alarms.
Tells Auto Scaling to perform a 
scaling action at a certain time
in the future (minimum, 
maximum, and desired size for 
the ASG). 
EC2AMI
What Where When
53
Auto Scaling Example
CloudWatchAuto Scaling
Elastic Load 
Balancer
Auto Scaling group
CPU Load 
alarm
Execute Auto 
Scaling Policy
54
Auto Scaling: Maximum Capacity Size
Auto Scaling group:
• Minimum = 2
• Maximum = 12
Auto Scaling policy:
• When CPU utilization is 
greater than 60%
• Add 100% of group 
= double the capacity
Availability Zone 2Availability Zone 1
Auto Scaling group
CPU utilization triggers the alarm: capacity is doubled until 
CPU utilization drops below 60% or max capacity is reached.
55
• AWS runs the EC2 cluster management
• Eliminates the complexity of operating container infrastructure
• Microservices
Amazon Container
Elastic Container Service (ECS)
Elastic Container Service for Kubernetes (EKS)
https://aws.amazon.com/ecs/
https://aws.amazon.com/ecs/
56
Continuous Scaling
AWS Lambda: Serverless Compute
AWS Lambda Video https://www.youtube.com/watch?v=eOBq__h4OJ4 (3:01)
No servers to manage Pay only for compute time used
57
• Building modular, scalable, lightweight applications• Serverless data processing on demand
• Perform data validation, filtering, sorting, or other transformations.
• Image thumb-nailing, in-app activity, website clicks, or output from devices
AWS Lambda
Use Cases:
https://aws.amazon.com/lambda/
https://aws.amazon.com/lambda/
58
Architecture of a simple serverless web application
API 
Gateway
JavaScript
users internet
Lambda IAM DynamoDBS3 Bucket
59
AWS Storage Services
Amazon 
EC2
Amazon ECS
AWS
Lambda
Auto Scaling
Compute
Amazon
RDS
Amazon
DynamoDB
Amazon
Aurora
Amazon 
ElastiCache
Databases Security
IAM
AWS KMS AWS Shield
AWS WAFElastic Load 
Balancing*
Amazon 
VPC*
Amazon
Route 53
VPN 
connection
Application 
Load 
Balancer
AWS Direct 
Connect
NetworkingStorage
Amazon
S3
Amazon 
Glacier
Amazon EBS Amazon 
CloudWatch
AWS
CloudFormation
AWS
CloudTrail
AWS
Config
Management
Amazon EC2 
Systems Manager
Amazon 
EFS
Amazon 
Storage 
Gateway
60
Amazon EFS
File
Amazon EBS Amazon EC2
Instance Store
Block
Amazon S3 Amazon Glacier
Object
Data Transfer 
AWS Direct 
Connect
AWS 
Snowball
ISV ConnectorsAmazon 
Kinesis 
Firehose
S3 Transfer
Acceleration
Storage
Gateway
Storage Options
What is Amazon Elastic Block Storage (EBS)?
EBS 
volume Availability Zone
AWS region
EC2 
instance
• Block storage as a service
• Create, attach volumes through an 
API 
• Service accessed over the network
• Volume and instance must be in 
the same AZ
• Detach and attach between 
instances
62
• Block storage volumes for use with Amazon EC2 instances
• Persistent storage attached to EC2 instances as native disk
• Formatted using a standard OS file system (e.g. ext4 or NTFS)
• Scalable, high-performance storage for applications
• Use Cases
– Boot/root volumes for EC2 instances
– Data volumes for enterprise applications such as SAP, Microsoft Exchange and 
Microsoft SharePoint. 
– Relational or NoSQL databases supporting millions of users.
Amazon Elastic Block Storage (EBS)
https://aws.amazon.com/ebs/
https://aws.amazon.com/ebs/
63
EBS Volume Types
General Purpose
SSD
gp2
Provisioned IOPS
SSD
io1
Throughput Optimized
HDD
st1
Cold
HDD
sc1
SSD HDD
64
• Boot and data volumes can be encrypted
• Attach both encrypted and unencrypted
• No volume performance impact
• Supported by all Amazon EBS volume types
• Snapshots also encrypted
EBS Encryption
Encryption
65
EBS Snapshot
• Point-in-time backup of modified volume blocks
• Stored in Amazon S3
• Subsequent snapshots are incremental
• Deleting snapshot will only remove data exclusive to 
that snapshot
• Snapshots can be used to create new volumes
• Snapshots of encrypted volumes are also encrypted
66
• Fully managed
• No hardware, network, file layer
• No need to provision storage in advance
• Create a scalable file system in seconds!
• Simple pricing = Pay for actual storage consumed
• Multiple EC2 instances accessing at the same time
Amazon EFS
Amazon Elastic File System
File System 
as a Service
EC2-Inst1 EC2-Inst2 EC2-Inst3
67
Amazon S3 – Simple Storage Service
99.999999999% durability and 99.99% availability of objects over a given year
• Storage of any type of file (objects).
• There is no limit on the number of objects or total space.
• Redundantly store your objects on multiple devices 
across a minimum of 3 Availability Zones (AZs).
• Uses a bucket concept.
68
Amazon S3 Features
S3 Features
Cross-region 
replication
Amazon CloudWatch
AWS CloudTrail support
Event 
notifications
Lifecycle policy
S3 Transfer 
Acceleration
VPC endpoint
for Amazon S3
Expired object 
delete marker
Incomplete multipart 
upload expiration
69
Faster upload over long distances S3 Transfer Acceleration
S3 Bucket
AWS Edge
Location
Uploader
Optimized
Throughput!
Change your endpoint, not your code
No firewall changes or client software
Longer distance, larger files, more benefit
Faster or free 
166 global edge locations
Try it at S3speedtest.com
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Rio De
Janeiro
Warsaw New York Atlanta Madrid Virginia Melbourne Paris Los
Angeles
Seattle Tokyo Singapore
Ti
m
e 
 [h
rs
.]
500 GB upload from these edge locations to a bucket in Singapore
Public Internet
How fast is S3 Transfer Acceleration?
S3 Transfer Acceleration
The longer the distance, 
the larger the file
èmore benefit
Try it at s3speedtest.com
71
Amazon S3 Storage Classes
Standard 
Standard –
Infrequent Access
Amazon 
Glacier
One Zone –
Infrequent Access
Active data Archive dataInfrequently accessed data
72
S3 Storage Classes
Available
S3: 99.99%
S3-IA: 99.9%
S3-IA-1Z: 99.5%
≥ 90 Days
Durable
99.999999999%
> 0K$0.004/GB per month
“Hot” Data
Active and/or 
Temporary Data
“Cold” Data
Archive and 
Compliance Data
≥ 0 Days> 0K$0.023/GB per month
$0.00099/GB per month
S3-IA
Glacier
S3-Std
≥ 30 Days≥ 128K$0.0125/GB per month“Warm” Data
Infrequently 
Accessed Data $0.01/GB retrieval
≥ 30 Days≥ 128K$0.0100/GB per month
$0.01/GB retrieval
“Warm” Data
Infr. Accessed Data
Non-critical Data
S3-IA-1Zone
Performant
Low Latency
High Throughput
Scalable
Elastic capacity 
No preset limits
Glacier Deep Archive
“Cold” Data
Archive and 
Compliance Data
≥ 180 Days> 0K
1~5min $0.03/GB - 3~5hs $0.01/GB - 5~12hs $0.0025/GB
3 – 12 Hrs - $0.02/GB - $0.025/GB
73
Amazon S3 Glacier / Deep Archive
Long term archiving, backup.
Low cost.
Data are extracted by executing retrieval jobs. 
99.999999999% durability of objects over a given year
ü Object ID 001
ü Object ID 025
ü Object ID 150
ü Object ID 400
….
Archive retrieval job
q Expedited: 1~5min
q Standard: 3~5hs
q Bulk: 5~12hs
ID 
001
ID 
025 ID 150
ID 400
Ready to download!
74
S3 Storage Classes
Object Lifecycle Management + Intelligent Tiering
Define rules to transition objects 
from one storage class to another 
to save on storage costs.
S3 Standard S3 Infreq.Access
https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html
S3 Intelligent Tiering
S3 One Zone-IA
https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html
75
What is AWS Storage Gateway?
Works with your existing applications
Secure and durable storage in AWS
Low-latency for frequently used data
Scalable and cost-effective on-premises storage - $125 per 
gateway per month + S3/Glacier storage fees
Service connecting an on-premises software appliance 
with cloud-based storage
76
Storage Gateway VTL (Enterprise Backup Use Case)
• Replace or augment your aging tape infrastructure with durable object storage
• Virtual tapes stored in AWS. Frequently accessed data cached on-premises
Customer data center
VTS storage 
backed by 
Amazon Glacier
AWS Storage 
Gateway VM
Backup
Server
IN
IT
IA
TO
R
AWS
Storage Gateway 
service
M
ED
IA
 
CH
AN
G
ER
Upload
Buffer
Cache
Storage
Gateway-VTL
storage backed
by Amazon S3
VTL VT
S
TA
PE
 
DR
IV
E
78
AWS Networking Services
Amazon 
EC2
Amazon ECS
AWS
Lambda
Auto Scaling
Compute
Amazon
RDS
Amazon
DynamoDB
Amazon
Aurora
Amazon 
ElastiCache
Databases Security
IAM
AWS KMS AWS Shield
AWS WAFElastic Load 
Balancing*
Amazon 
VPC*
Amazon
Route 53
VPN 
connection
Application 
Load 
Balancer
AWS Direct 
Connect
NetworkingStorage
Amazon
S3
Amazon 
Glacier
Amazon EBS Amazon 
CloudWatch
AWS
CloudFormation
AWS
CloudTrail
AWS
Config
Management
Amazon EC2 
Systems Manager
Amazon 
EFS
AWS 
Storage 
Gateway
79
• Control your virtual networking environment
– Subnets
– Route tables
– Security groups
– Network ACLs
• Connect to your on-premises network via VPN or Direct 
Connect
• Control if and how your instances access the Internet
Amazon VPC
Provision a logically isolated section of the AWS cloud
Router Internet 
gateway
Customer 
gateway
Virtual 
private 
gateway
VPN 
connection
VPC 
peering
https://aws.amazon.com/vpc/
https://aws.amazon.com/vpc/© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VPCs as Strategy
Test	VPC
Users
Quick	Start	Design	with	Test,	Production,	and	Development	VPCs
Archive	
Logs	Bucket
S3	Lifecycle	
Policies	to	
Glacier
CloudTrailAWS	Config	
Rules
CloudWatch	
Alarms
NAT
us-east-1b
Bastion
us-east-1c
Potential	use	
for	security	
appliances	for	
monitoring,	
logging,	etc.
81
Amazon Virtual Private Cloud
Corporate Datacenter Connectivity
82
• Virtual Firewalls / stateful
• Network access control 
lists (ACLs) 
Security in Your VPC
Security groups
Subnet
10.0.1.0/24
Internet gatewayVPN Gateway
VPC Router
10.0.0.0/16
Security 
group
Security 
group
Network ACL Network ACL
Route table Route table
instance instance instance instance
Subnet
10.0.0.0/24
Security 
group
Security 
group
Security Group Inbound Rules
Protocol Port Range Source
TCP 443 <Source_IPs>
Inbound 
Rule # Source 
IP Protocol Po
rt 
Allow/ 
Deny 
100 0.0.0.0/0 All All ALLOW
* 0.0.0.0/0 All All DENY
Outbound 
Rule # Dest IP Protocol Po
rt 
Allow/ 
Deny 
100 0.0.0.0/0 all all ALLOW
* 0.0.0.0/0 all all DENY
83
• Automatically distributes incoming application traffic 
• Health Checks for application high availability
• Integrates with other AWS services
– Route 53
– Internet Gateway
– Identity and Access Management
Amazon Elastic Load Balancing (ELB)
ELB increases application resiliency
https://aws.amazon.com/elasticloadbalancing/
Load balancer
ListenerRule
Target Group
Target Target
Health
Check
https://aws.amazon.com/elasticloadbalancing/
84
Register instances as targets in a 
target group, and route traffic to a 
target group.
Application Load Balancer: How It Works
Load balancer routes request at the Application layer 
(HTPP/HTTPS).
Target Group /mobile
Load balancer
Listener ListenerRule Rule Rule
Target Group Target Group /api
Target Target Target Target Target Target Target
Health
Check
Health
Check
Health
Check
85
• Register instances as targets in a target 
group, and route traffic to a target group.
• Load balancer routes request at the 
Transport layer (TCP).
Network Load Balancer
Load balancer
ListenerRule
Target Group
Target Target
Health
Check
86
• Content delivery network (CDN) with optimization 
• Distribute content to end users with low latency and high data transfer rates
• Broad, geographic presence beyond AWS Regions
• Accelerate data uploaded from end users
• Use cases:
– Accelerating web application performance
– Caching static web content and frequent database query results 
– Offloading TLS termination
Amazon CloudFront
https://aws.amazon.com/cloudfront/
https://aws.amazon.com/cloudfront/
87
How You Configure CloudFront to
Deliver Content
Developer
S3 bucket or HTTP 
server
1
Objects/
data
2
Web 
distribution
CloudFront
3
http://d111111abcdef8.cloudfront.
net
Edge 
locations
Your 
distribution’s
configuration
4
88
• Global Domain Name System 
(DNS) service
• Highly available and scalable 
– 100% availability SLA
• Critical tool integrated with 
many AWS services
Amazon Route 53
https://aws.amazon.com/route53/
https://aws.amazon.com/route53/
89
Amazon API Gateway
• Streamline API Development
• Performance at Scale
• SDK Generation
Serverless
91
AWS Database Services
Amazon 
EC2
Amazon ECS
AWS
Lambda
Auto Scaling
Compute
Amazon
RDS
Amazon
DynamoDB
Amazon
Aurora
Amazon 
ElastiCache
Databases Security
IAM
AWS KMS AWS Shield
AWS WAFElastic Load 
Balancing*
Amazon 
VPC*
Amazon
Route 53
VPN 
connection
Application 
Load 
Balancer
AWS Direct 
Connect
NetworkingStorage
Amazon
S3
Amazon 
Glacier
Amazon EBS Amazon 
CloudWatch
AWS
CloudFormation
AWS
CloudTrail
AWS
Config
Management
Amazon EC2 
Systems Manager
Amazon 
EFS
AWS 
Storage 
Gateway
92
• Relational databases
• Fully managed and secure
• Fast, predictable performance
• Simple and fast to scale
• Low cost, pay for what you use
Amazon
RDS
Amazon 
Aurora
Amazon RDS
https://aws.amazon.com/rds/
https://aws.amazon.com/rds/
93
Amazon RDS: Replication and Failover
RDS Multi-AZ Option – Avoid Single Point of Failure
94
Amazon Aurora
R Speed and availability of high-end commercial databases
R Up to 64TiB of auto-scaling SSD storage
R Automatic Backup (1 – 35 days)
R Automatic Upgrade
R Drop-in compatibility with MySQL and PostgreSQL
R Simple pay as you go pricing
Delivered as a managed service on top of RDS 
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Aurora Architecture
Optional (15x)
virtual database storage volume
DB cluster 
data
1+ DB
instances
Transparent data layer.
(Logging + Storage Layer)
(SQL,Transaction,Caching)
Layer
Cluster endpoint | Reader endpoint | Instance endpointHost URL:port
mydbcluster.cluster-123456789012.us-east-1.rds.amazonaws.com:3306
mydbcluster.cluster-ro-123456789012.us-east-1.rds.amazonaws.com:3306
mydbinstance.123456789012.us-east-1.rds.amazonaws.com:3306Query L.B.
64
 T
B
96
Fully managed NoSQL database
Fast, consistent performance
Highly scalable
Flexible
Event-driven programming
Fine-grained access control
Amazon DynamoDB
97
Amazon DynamoDB
DB hosted on premises DynamoDB
Fully managed service 
= automated 
operations
98
• Improves performance by retrieving data from high-throughput and low-latency, in-
memory data stores. 
• Use Cases:
– Gaming
– Ad-Tech
– Financial Services
– Healthcare
– IoT
Amazon ElastiCache
A fully-managed in-memory data store or cache environment in the cloud.
https://aws.amazon.com/elasticache/
https://aws.amazon.com/elasticache/
99
AWS Security Services
Amazon 
EC2
Amazon ECS
AWS
Lambda
Auto Scaling
Compute
Amazon
RDS
Amazon
DynamoDB
Amazon
Aurora
Amazon 
ElastiCache
Databases Security
IAM
AWS KMS AWS Shield
AWS WAFElastic Load 
Balancing*
Amazon 
VPC*
Amazon
Route 53
VPN 
connection
Application 
Load 
Balancer
AWS Direct 
Connect
NetworkingStorage
Amazon
S3
Amazon 
Glacier
Amazon EBS Amazon 
CloudWatch
AWS
CloudFormation
AWS
CloudTrail
AWS
Config
Management
Amazon EC2 
Systems Manager
Amazon 
EFS
AWS 
Storage 
Gateway
100
• Secured Infrastructure
– Secured endpoints
– Compliance alignments and 
frameworks
– Certifications and attestations
• VPC
– Workload isolation
• Security Group
– Port/protocol filtering
• Instance Firewall
– Rule-based protection at the OS 
level
The Layered Security Approach
Subnet
VPC
Security group
Instance 
Firewall
101
AWS Identity & Access Management
https://aws.amazon.com/iam/
Admin Group
ü Mike
ü Travis
ü John
AdministratorAccess
Support Group
ü Mike
ü Sup1
ü Theresa
SupportUsers
SupportGroup Policy
"Action": [ 
"support:*",
"acm:DescribeCertificate",
"acm:GetCertificate",
"acm:List*",
"apigateway:GET",
"appstream:Get*",
"autoscaling:Describe*",
"aws-marketplace:ViewSubscriptions",
"cloudformation:Describe*",
...
A core AWS security service.
Defines administrative profiles.
Who can do what on the AWS console or by the additional management tools.
https://aws.amazon.com/iam/
102
• Access to specific services.
• Access to console and/or APIs.
• Access to Customer Support (Business and Enterprise).
IAM Users, Groups and Roles
• Access to all subscribed services.
• Access to billing.
• Access to console and APIs.
• Access to Customer Support.
Account Owner ID (Root Account)
AWS Principals
• Access to specific services.
• Access to console and/or APIs.
Temporary Security Credentials
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
103
IAM Root Account Best Practices
• 1st account created (email + password)
• Do not use the root user for your everyday tasks
• Securely lock away the root user credentials
– Delete any programmatic keys
– Enable MFA on Root Account
– Change the Root password to a strong password
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html104
IAM Roles Best Practices
IAM identity that can be assumable by anyone who needs it.
Ex.: users, applications, services, federated users
Long term passwords
Long term access keys
Temporary security credentials
EC2 instance
Apps.
codes Assuming IAM Role [credentials] 
S3 bucket
Create, delete, change bucket
API Call
105
AWS Directory Service
•1: Sign In to AWS Applications and 
Services with AD Credentials
•2: Manage Amazon EC2 Instances
•3: Provide Directory Services to Your 
AD-Aware Workloads
•4: SSO to Office 365 and Other Cloud 
Applications
•5: Extend Your On-Premises AD to the 
AWS Cloud
•6: Share Your Directory to Seamlessly 
Join Amazom EC2 Instances to a Domain 
Across AWS Accounts
Security, identity and compliance - User management
106
AWS Key Management Service (AWS KMS)
Data encryption with KMS
https://aws.amazon.com/kms/
• Managed service to use encryption keys
• Integrated with many AWS services
• Integrated with AWS CloudTrail
– provide auditable logs of key usage
https://aws.amazon.com/kms/
107
• Protects web applications
• Filter traffic based on custom rules
• Easy to deploy as part of Amazon CloudFront or ELB
• Provides real-time metrics and detailed request data
• Configure manually or via an Amazon API
• Integrate third-party. workload-optimized, AWS WAF configuration rules
• AWS Firewall Manager synchronizes AWF WAF rules across multiple-
accounts
AWS Web Application Firewall (AWS WAF)
https://aws.amazon.com/waf/
https://aws.amazon.com/waf/
108
• Guards against distributed denial of service (DDoS) attacks
• AWS Shield Standard 
– Addresses common layer 3-4 DDoS incidents
– Monitors network flows for quick attack detection
– Mitigates service impacts automatically
• AWS Shield Advanced
– Enhanced DDoS detection and response
– Supports customized rules against sophisticated attacks
– Includes AWS DDoS Response Team 24x7
– Covers cost of increased resource utilization due to attack
AWS Shield (Standard or Advanced)
https://aws.amazon.com/shield/
https://aws.amazon.com/shield/
109
AWS Management Services
Amazon 
EC2
Amazon ECS
AWS
Lambda
Auto Scaling
Compute
Amazon
RDS
Amazon
DynamoDB
Amazon
Aurora
Amazon 
ElastiCache
Databases Security
IAM
AWS KMS AWS Shield
AWS WAFElastic Load 
Balancing*
Amazon 
VPC*
Amazon
Route 53
VPN 
connection
Application 
Load 
Balancer
AWS Direct 
Connect
NetworkingStorage
Amazon
S3
Amazon 
Glacier
Amazon EBS Amazon 
CloudWatch
AWS
CloudFormation
AWS
CloudTrail
AWS
Config
Management
Amazon EC2 
Systems Manager
Amazon 
EFS
AWS 
Storage 
Gateway
110
• Monitoring service for AWS cloud resources and applications 
• Collect and track metrics, monitor log files, and set alarms
• Gain visibility into resource utilization, application performance, and 
operational health
• Set alarms to send notifications or take other automated actions
• Supports custom dashboards
• Use cases:
– Cost management; billing alerts
AWS CloudWatch
https://aws.amazon.com/cloudwatch/
https://aws.amazon.com/cloudwatch/
111
Amazon CloudWatch Alarms
AWS resources 
that support 
CloudWatch
Amazon 
CloudWatch
Available 
statistics
Statistics 
Consumer
AWS 
Management 
Console
CloudWatch Metrics
CPUUtilization
StatusCheckFailed
Custom 
Application-
Specific Metrics
PageViewCount
Amazon 
CloudWatch 
alarm
Amazon SNS
email
notification
Auto Scaling
112
CloudWatch Metrics Examples 
113
• Permits governance, 
compliance, audit.
• Logs API calls.
• Security analysis.
• Tracking of resource changes.
• Problems solution.
AWS CloudTrail
CloudTrail provides the event history of AWS account activity
Who did 
that?!
114
• Create stacks in multiple regions 
from the same template. 
• Update and delete stacks easily. 
• Document your infrastructure. 
• Maintain your infrastructure as a 
code artifact 
– Use a code repository such as AWS 
CodeCommit or GitHub
• Sample templates available for 
multiple workloads.
Benefits of AWS CloudFormation
115
AWS Config
Managed service for tracking AWS inventory and configuration, and 
configuration change notification.
AW
S 
C
on
fig Amazon 
EC2
Amazon
VPC
Amazon 
EBS
AWS 
CloudTrail
Change 
management
Audit 
compliance
Security 
analysis
Troubleshootin
g Discovery
Module 4: 
Pricing, TCO and Cost Optimization on AWS
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.116
117
Cloud Value Framework
What is it?
Launch of new 
products 75% faster 
(Unilever) 
Critical workloads run in 
multiple AZs & Regions 
for robust DR (Expedia) 
50%+ reduction in 
TCO (GE) 
Over 500 hours per year 
of server configuration 
time saved (Sage) 
Examples
Infrastructure cost 
savings / avoidance from 
moving to the Cloud.
Efficiency improvement 
by function on a task by 
task basis.
Benefit of improving 
SLAs & reducing 
unplanned outage.
Deploying new features / 
applications faster and 
reducing errors.
Typical 
Focus
Most Compelling 
Cloud Benefits
Cost Savings 
(TCO)
Staff 
Productivity
Operational 
Resilience
Business 
Agility
118
IT Labor Costs
TCO the way customers typically see it
Network Costs
Storage Costs
Server Costs Hardware – Server, (+Maintenance) Software - OS, Virtualization Licenses
(+Maintenance)
Hardware – Storage Disks
Network Hardware – LAN Switches, Load Balancer
Bandwidth costs
Server Admin Virtualization Admin4
1
2
3
illustrative
119
TCO the way it really is
Hardware – Server, Rack 
Chassis PDUs, ToR Switches 
(+Maintenance)
Software - OS, 
Virtualization Licenses
(+Maintenance)
Facilities CostHardware – Storage Disks, 
SAN/FC Switches
Software - Backup 
Network Hardware – LAN 
Switches, Load Balancer
Bandwidth costs
Software – Network 
Monitoring 
Server Admin, Virtualization Admin, Storage Admin, Network Admin, Support Team
Space Power Cooling
Project planning, Advisors, Legal, Contractors, Managed Services, 
Training, Cost of capital
Business Value:
Cost of delays
Risk premium
Competitive abilities
Governance
Etc.
IT Labor Costs
Network Costs
Storage Costs
Server Costs
4
1
2
3
Extras5
Facilities Cost
Space Power Cooling
Facilities Cost
Space Power Cooling
illustrative
Overhead
On-prem.
Colocation
AWS overhead costs is included in the publicly listed prices.
120
Resources to get started
AWS TCO Calculator
https://awstcocalculator.com
AWS Economics Center
http://aws.amazon.com/economics/
Case Studies and Research
http://aws.amazon.com/solutions/case-studies
https://awstcocalculator.com/
121
Tools for Cost Visibility
• Monthly Spend by Service View
• Monthly Spend by Linked Account View
• Daily Spend View
Cost Explorer TAGs
• Identify and organize your AWS resources
• Integrated with multi AWS Services
• EC2, RDS, S3, Glaciers, Redshift, etc...
122
AWS Pricing Philosophy
01 02 03
Pay Only for
What You Use
Low Cost No Up-Front
Capital Expense
123
Amazon EC2 Instance 
C4
C3
T2
X1
R4
R3
M4
M3
P2
General Purpose Compute Optimized Memory Optimized
Accelerated Computing Storage Optimized
C5
M5
T3
124
Instance Type Benefits When to Position Workloads
On-Demand Billing by the second 
(new as of 10/2/17)
Modify compute 
capacity
Customer seeking to 
avoid long contracts 
and upfront payments
Short-Term/Fluctuates
Desired to Run to 
Completion
Dev/Test
Standard -
Reserved
Instance
50%-70% less than 
On-Demand instances
Customer able to 
commit to 1yr, 3 year 
term
Steady-state 
applications
On-Demand and Reserved
125
Convertible Reserved Instances
Instance Type Benefits When to Position Workloads
Convertible – Reserved 
Instance
Reduced price during 
Reserved Instance 
term
Change Reserved 
Instance family, type, 
OS, or tenancy
For customers lacking 
understanding of future 
workloads
Steady-state but can 
change
Example
C3 RI C4 RI
126
Spot Instances
Instance Type Benefits When to Position Workloads
Spot Fleet Discounts compared to 
on-demand pricingRun continuously for 
a set duration at lower 
pricing
When workloads can 
continue after 
interruptions; for 
diversification across 
multiple instance types 
and AZs
Batch processing, 
Hadoop workflow, HPC 
grid
Encoding, rendering, 
modeling, analysis, or 
continuous integration
Unused EC2 instance that is 
available for less than the On-
Demand price.
127
Dedicated Instances and Dedicated Hosts
.
Dedicated Host Instances run on 
hardware dedicated to 
you only 
License portability
Fine grain control of 
hardware
For existing server-
bound software 
licenses that are bound 
to VMs, sockets, or 
physical cores
Data isolation required
License dependent 
applications or 
services
Instance Type Benefits When to Position Workloads
Dedicated Instance Instances run on 
hardware dedicated to 
you only 
For workloads that 
require dedicated 
hardware to meet 
unique security and 
compliance needs
Data isolation required
Customer must pay an hourly instance fee Customer must pay a dedicated per region fee
128
Billing Comparison
N.Virginia, 30thJan2019.
Reserved 
Convertible 
129
Estimating Costs
Simple Monthly Calculator
https://calculator.s3.amazonaws.com/index.html
130
Module Questions
There are so many different 
pricing strategies on the cloud. 
How do I ensure I’m most 
effectively using the services 
available? 
01
Name some workloads that are 
more suited to the different 
pricing models
02
What are some of the 
considerations you need to take 
when demonstrating the Simple 
Monthly Calculator and TCO 
tool?
03
Module 5:
AWS Well-Architected Framework
132
• Design Principles
– Stop guessing your capacity needs
– Test systems at production scale
– Automate to make architectural experimentation easier
– Allow for evolutionary architectures
– Data-Driven Architectures
– Improve through game days
The AWS Well-Architected Framework
133
Pillars of AWS Well-Architected
Security Reliability Performance 
Efficiency
Cost 
Optimization
Operational 
Excellence
134
• The ability to run and monitor systems to deliver business value and continually improve 
supporting processes and procedures. 
• Principles
– 1. Perform operations with code
– 2. Align operations processes to business objectives
– 3. Make regular, small, incremental changes
– 4. Test for responses to unexpected events
– 5. Learn from operational events and failures
– 6. Keep operations procedures current
• Coverage Area
– Preparation
– Operation
– Response
Operational Excellence
135
• Prepare
– AWS Config rules
• Operate
– Amazon CloudWatch
• Evolve
– Amazon ElastiSearch Services (Amazon ES)
Operational Excellence: AWS Services
136
Availability Zone A
Public 
Subnet
x.x.x.x/x
Example 
Services:
RDGW
NAT
ISD/WAF
Data Tier 
Amazon
Aurora
App Tier
(Private 
Subnet)
x.x.x.x/x
Web Tier
(Private 
Subnet)
x.x.x.x/x
Availability Zone B
Public 
Subnet
x.x.x.x/x
Example 
Services:
RDGW
NAT
IDS/WAF
Data Tier
Amazon
Aurora
App Tier
(Private 
Subnet)
x.x.x.x/x
Web Tier
(Private 
Subnet)
x.x.x.x/x
users
internet
admin
re
pl
ica
tio
nAuto 
Scaling 
Group
Auto 
Scaling 
Group
On-Demand
Reserved
Reserved
On-Demand
On-Demand
Reserved
Reserved
On-Demand
Web
Security 
Group
App
Security 
Group
DB
Security 
Group
1. Use of 
CloudWatch to 
achieve visibility 
in the cloud
2. Use of CodeStar 
to deploy 
Infrastructure as 
Code 
Applying Operational Excellence
137
• The ability to protect information, systems, and assets while delivering business value through risk 
assessments and mitigation strategies.
• Principles
– 1. Apply security at all layers
– 2. Enable traceability
– 3. Implement a principle of least privilege
– 4. Focus on securing your system
– 5. Automate security best practices
• Coverage Areas
– Identity and access management
– Detective controls
– Infrastructure protection
– Data protection
– Incident response
Security
138
• Identity and Access Management
– IAM, MFA
• Detective Controls
– Cloud Trail, AWS Config, CloudWatch
• Infrastructure Protection
– Amazon VPC
• Data Protection
– ELB, Amazon EBS, Amazon S3, Amazon RDS, Amazon Macie, AWS KMS, 
• Incident Response
– AWS CloudFormation
Security: AWS Services
139
Availability Zone A
Public 
Subnet
x.x.x.x/x
Example 
Services:
RDGW
NAT
ISD/WAF
Data Tier 
Amazon
Aurora
App Tier
(Private 
Subnet)
x.x.x.x/x
Web Tier
(Private 
Subnet)
x.x.x.x/x
Availability Zone B
Public 
Subnet
x.x.x.x/x
Example 
Services:
RDGW
NAT
IDS/WAF
Data Tier
Amazon
Aurora
App Tier
(Private 
Subnet)
x.x.x.x/x
Web Tier
(Private 
Subnet)
x.x.x.x/x
users
internet
admin
re
pl
ica
tio
n
Security
Auto 
Scaling 
Group
Auto 
Scaling 
Group
On-Demand
Reserved
Reserved
On-Demand
On-Demand
Reserved
Reserved
On-Demand
AWS
CloudFormation
Web
Security 
Group
App
Security 
Group
DB
Security 
Group
1. Public and private 
subnets
• ELB and other edge 
devices are the only 
things the public can 
reach
• The application of 
WAF, and Shield at 
the edge to control 
traffic
2. The use of IAM (Dive 
deep – Understand the 
roles and users.)
3. The use of CloudTrail 
and Config to maintain 
a known infrastructure 
state
4. Using IAM to create 
roles that ensure that 
only the App tier can 
talk to the database 
Applying Security Best Practices
140
• The ability of a system to recover from infrastructure or service failures, dynamically acquire 
computing resources to meet demand, and mitigate disruptions such as misconfigurations or 
transient network issues.
• Principles
– 1. Test recovery procedures
– 2. Automatically recover from failure
– 3. Scale horizontally to increase aggregate system availability
– 4. Stop guessing capacity
– 5. Manage change in automation
• Coverage Areas
– Foundations
– Change Management
– Failure Management
Reliability
141
• Foundations
– AWS Trusted Advisor , IAM, Amazon VPC, DirectConnect
• Change Management
– AWS CloudTrail, AWS Config, Auto Scaling, CloudWatch
• Failure Management
– AWS CloudFormation, Amazon S3, Amazon Glacier, AWS KMS 
Reliability: AWS Services
142
Public 
Subnet
x.x.x.x/x
Example 
Services:
RDGW
NAT
ISD/WAF
Data Tier 
Amazon
RDS
App Tier
(Private 
Subnet)
x.x.x.x/x
Web Tier
(Private 
Subnet)
x.x.x.x/x
Public 
Subnet
x.x.x.x/x
Example 
Services:
RDGW
NAT
IDS/WAF
Data Tier
Amazon
RDS
App Tier
(Private 
Subnet)
x.x.x.x/x
Web Tier
(Private 
Subnet)
x.x.x.x/x
users
internet
admin
re
pl
ica
tio
n
Reliability
Availability Zone A
Availability Zone B
3. Scalable ELB 
instances
• Independent 
resource scalability.
• Independent service 
recovery – when 
used with auto-
scaling
• This will be relevant 
when we talk about 
“Performance 
Efficiency” as well. 
1. Multi-AZ
2. Database 
replication 
between the 
two AZs
Applying Reliability
143
• The ability to use computing resources efficiently to meet system requirements, and to 
maintain that efficiency as demand changes and technologies evolve.
• Principles
– 1. Democratize advanced technologies
– 2. Go global in minutes
– 3. Use serverless architectures
– 4. Experiment more often
– 5. Mechanical sympathy
• Coverage Areas
– Selection
– Review
– Tradeoffs
Performance Efficiency
144
• Selection
– Compute: Auto Scaling
– Storage: Amazon EBS, Amazon S3 
– Database: Amazon RDS, Amazon DynamoDB
– Network: Amazon Route 53, Amazon VPC, AWS Direct Connect
• Review
– AWS Blog
• Monitoring
– Amazon CloudWatch, AWS Lambda
• Tradeoffs
– Amazon ElastiCache, Amazon CloudFront, AWS Snowball, Read replicas for RDS
Performance Efficiency: AWS Services
145
Availability Zone A
Public 
Subnet
x.x.x.x/x
Example 
Services:
RDGW
NAT
ISD/WAF
Data Tier 
Amazon
Aurora
App Tier
(Private 
Subnet)
x.x.x.x/x
Web Tier
(Private 
Subnet)
x.x.x.x/x
Availability Zone B
Public 
Subnet
x.x.x.x/x
Example 
Services:
RDGW
NAT
IDS/WAF
Data Tier
Amazon
Aurora
App Tier
(Private 
Subnet)
x.x.x.x/x
Web Tier
(Private 
Subnet)
x.x.x.x/x
users
internet
adminre
pl
ica
tio
nAuto 
Scaling 
Group
Auto 
Scaling 
Group
AWS
CloudFormation
1. Auto Scaling 
groups
2. CloudFormation 
as a tool to 
facilitate 
repeatability and 
global 
deployment
Applying Performance Efficiency
146
• Principles
– 1. Adopt a consumption model
– 2. Benefit from economies of scale
– 3. Stop spending money on data center operations
– 4. Analyze and attribute expenditure
– 5. Use managed services to reduce cost of ownership
• Coverage Areas
– Cost-Effective Resources
– Matching Supply and Demand
– Expenditure Awareness
– Optimizing Over Time
Cost Optimization
The ability to avoid or eliminate unneeded cost or suboptimal resources
147
• Cost-Effective Resources
– AWS Well-Architected Framework
• Matching Supply and Demand
– Auto Scaling
• Expenditure Awareness
– Amazon CloudWatch, Amazon Simple Notification Services (SNS)
• Optimizing Over Time
– AWS Blogs, AWS Trusted Advisor, AWS Cost Explorer 
Cost Optimization: AWS Services
148
Availability Zone A
Public 
Subnet
x.x.x.x/x
Example 
Services:
RDGW
NAT
ISD/WAF
Data Tier 
Amazon
Aurora
App Tier
(Private 
Subnet)
x.x.x.x/x
Web Tier
(Private 
Subnet)
x.x.x.x/x
Availability Zone B
Public 
Subnet
x.x.x.x/x
Example 
Services:
RDGW
NAT
IDS/WAF
Data Tier
Amazon
Aurora
App Tier
(Private 
Subnet)
x.x.x.x/x
Web Tier
(Private 
Subnet)
x.x.x.x/x
users
internet
admin
re
pl
ica
tio
nAuto 
Scaling 
Group
Auto 
Scaling 
Group
On-Demand
Reserved
Reserved
On-Demand
On-Demand
Reserved
Reserved
On-Demand
AWS
CloudFormation
1. combination of 
reserved and 
on-demand 
instances
2. The use of 
Aurora as the 
relational 
database layer
Applying Cost Optimization
149
• Consistent approach to reviewing architectures
• Understand and reduce risk in your architecture 
• Learn best practices 
• Influence future architectures
• Generate additional opportunities
Value Proposition
Help Customers:
Simulation: CPC Prep Test and Discussion
151
First steps
Look for the following documents
aws.amazon.com/certification/
Exam Guide Question Examples
152
AWS Certified Cloud Practitioner (CLF-C01)
About the exam
Downloads here:
https://aws.amazon.com/certification/certified-cloud-practitioner/
153
O que a prova pede
• Definir:
• O que é a cloud AWS e sua infraestrutura
• Princípios básicos de arquitetura (HA, DR, FT)
• Proposta de valor
• Billing, account management e modelos de precificação
• Descrever:
• Principais serviços e seu uso
• Aspectos de segurança e compliance
• Características básicas de implementação e operação
• Definir e Identificar:
• Fontes de documentação e suporte técnico (whitepapers ou support tickets)
154
AWS Certified Cloud Practitioner (CLF-C01)
Sobre o Exame
Cloud Practitioner
Associate Solutions Architect
Professional Solutions Architect
+1 ano
Experiência prática
Identificar e definir
Compreensão
Melhores práticas
>6 meses
Descrever princípios básicos
Conhecer os pilares …
Identificar modelos $, doc , sup.
+2 anos
Experiência prática CLI, API, CF
Projetar e implantar
Migrar aplicativos complexos
Projetar aplicativos (W.A.F.)
U$ 100,00
90min
U$ 150,00
130min
U$ 300,00
170min
155
Support & Services
Developer
Basic
Business
Enterprise
AWS Support Plans
B
E
N
E
F
I
T
S
AWS 
Service 
Levels
Technical 
Account Manager 
(TAM)
Module 6:
APN Resources to Help You
158
APN Program Resources
APN Program Guide
Benefits and 
Requirements
Training and 
Certification
APN Portal
Marketing
APN Partner 
ProgramsI
Monthly Partner-Facing 
Webinars APN Personnel Resources
APN Blog, Newsletter, 
Twitter
https://partnercentral.awspartner.com
159
APN How-To Guides and AWS Events
APN Partner Development 
Plan
Building Your Business 
With AWS
AWS How-To Guides AWS Events
AWS Global Summits:
one-day events
500-6,000
AWS re-Invent:
four-day events
+50,000
Sponsorship 
Opportunities
AWS Field Programs
Free half-day events
50-500
160
Partner Training
Workshops and Bootcamps Videos, Labs, and Classes
Specialty Courses for APN Partners With Business and Technical Tracks 
Accreditations Business Track Technical Track
AWS Business Professional
AWS TCO and Cloud Economics
AWS Foundations Business
Big Data and Analytics on AWS
Windows on AWS
Migration to AWS
SAP on AWS 
Amazon Connect
Machine Learning on AWS
Introduction to Cloud Adoption 
Framework
AWS Technical Professional
AWS TCO and Cloud 
Economics
AWS Foundations Technical
Well-Architected Framework
Windows on AWS
Migration to AWS
SAP on AWS
Amazon Connect
Professional Services BootCamp
Machine Learning on AWS
https://www.aws.training/
https://partnercentral.awspartner.com
AWS Digital Learning Platform
161
Linking a Partner Account to a Certification Account
Problem: Partners not be credited for employee certifications.
Solution: fill in a new field called "AWS Training and Certification Account Email" 
New user registration Existing user update
162
Class Evaluation and Assessment
THANK 
YOU!
Please look for the email link to take the 
class evaluation survey.