1. Course Introduction - AWS Certified Developer Associate

Course Introduction - AWS Certified Developer Associate

The introduction to the AWS Certified Developer Associate course is presented by instructor Stephane Maarek, who outlines the prerequisites and course structure for preparing for the DVA-C02 certification. The course promises to cover over 30 AWS services, catering to both beginners and those with some IT or AWS experience. Maarek emphasizes that having a coding background can be beneficial but is not necessary for passing the developer exam. He also advises those with a prior AWS certification not to skip lectures, highlighting the importance of foundational knowledge. The course aims to make AWS, a leading cloud provider powering major websites like Amazon.com and Netflix, accessible and comprehensible to learners, despite its complexity. Maarek assures a step-by-step learning process to help students become AWS Certified Developers.

Create your AWS Account

This text outlines the process of creating an AWS account. Steps include specifying a root user email and account name, setting and confirming a root user password, specifying account type as personal, entering personal and credit card details, confirming identity via phone, choosing a basic free support plan, and completing the signup. It emphasizes the importance of remembering the email and password, mentions a temporary $1 authorization on the credit card, and reassures that charges will only occur if the Free Tier limits are exceeded. After account activation, which is confirmed via email, users can log into the AWS Management Console with their root user credentials. The text encourages users, suggesting that following the course should keep them within the Free Tier limits.

3. Getting started with AWS

3.1 AWS Cloud Overview - Regions & AZ

The history of AWS Cloud began in 2002 when it was launched internally at Amazon.com, recognizing the potential to offer IT services externally. Its first public offering was SQS in 2004, expanding in 2006 with the addition of S3 and EC2. AWS has since grown to serve global clients including notable names like Dropbox, Netflix, Airbnb, and NASA. As of 2019, AWS led the cloud market with $35 billion in annual revenue and a 47% market share, outpacing competitors like Microsoft and Google. AWS offers a wide range of services enabling the construction of sophisticated and scalable applications across various industries. The platform’s global infrastructure includes regions, availability zones, data centers, edge locations, and points of presence, supporting a vast network that spans the globe. AWS regions are clusters of data centers located worldwide, and when choosing a region for deployment, factors such as compliance, latency, service availability, and pricing must be considered. Each region contains multiple availability zones for redundancy and disaster isolation. AWS also operates over 400 points of presence in 90 cities across 40 countries to minimize latency for end-users. AWS services are primarily region-scoped, with some global services like IAM, Route 53, CloudFront, and WAF available. To check service availability in a specific region, AWS provides a region table for reference.

3.2 Tour of the AWS Console & Services in AWS

The content provides an introductory guide to navigating the AWS Console Home. Key points include:

  • Region Selection: Users are advised to select the AWS region closest to their geographic location to minimize latency. The example mentions Northern Virginia (US East 1) and points out that users in Europe might prefer Ireland (EU West 1), whereas users near Africa might choose the Capetown region.

  • Console Overview: The AWS Console displays a list of recently visited services, which may be empty for new users, and provides information on AWS health issues, account cost and usage, and tutorials.

  • Services Navigation: Users can explore AWS services by clicking on the "Services" tab, which allows browsing either in alphabetical order or by category. A search bar is also available for finding services directly, such as Route 53, and accessing specific features within those services.

  • Global vs. Regional Services: Some AWS services, like Route 53, are classified as "global" and do not require region selection. In contrast, services like EC2 will display resources based on the selected region, emphasizing the importance of consistent region selection throughout the tutorial or course.

  • AWS Global Infrastructure: The document suggests consulting the AWS Global Infrastructure online for information about service availability in different regions, highlighting that not all AWS services are available in every region.

The guide emphasizes the importance of region selection for optimizing latency, familiarizes users with the AWS Console layout and navigation, and introduces the concept of global versus regional services, along with resources for checking service availability by region.

4. IAM & AWS CLI

4.1. IAM Introduction - Users, Groups, Policies

The provided text introduces the concept of Identity and Access Management (IAM) in AWS, emphasizing its role in managing users and their permissions within an organization. IAM is described as a global service that allows the creation of user accounts and groups to organize users. The text illustrates this by mentioning a hypothetical organization with six people, where individuals are assigned to groups based on their roles, such as developers or operations. It’s mentioned that groups can only contain users, not other groups, and a user can be part of multiple groups.

IAM policies, defined through JSON documents, are used to assign specific permissions to users or groups, enabling them to access and use AWS services like EC2, Elastic Load Balancing, and CloudWatch. The text highlights the importance of adhering to the principle of least privilege, ensuring users are granted only the permissions they need to perform their tasks. This approach helps in minimizing security risks and controlling costs. The passage concludes by indicating that the next session will involve practical exercises in creating users and groups within IAM.

4.2. IAM Users & Groups Hands On

The text provides a detailed walkthrough on creating IAM users in AWS. The steps include:

  1. Accessing the IAM service in the AWS console.

  2. Noting that IAM is a global service without a region selection.

  3. The importance of creating IAM users instead of using the root user for better security.

  4. Creating a user named "Stephane" and choosing to make an IAM user rather than using the identity center for simplicity and relevance to the exam.

  5. Setting a custom password for the IAM user and deciding whether the user must change the password at next login.

  6. Adding permissions to the user by creating a group named "admin" with administrator access policy and assigning the user to this group.

  7. Reviewing the user creation steps and adding optional tags to resources, such as assigning a department to the user.

  8. Completing the user creation process, with options to email sign-in instructions or download a CSV file of the user’s credentials.

  9. Exploring the user list and groups in the IAM dashboard, indicating that permissions can be efficiently managed through group membership.

  10. Customizing the AWS account sign-in URL with an account alias for easier access.

  11. Using a private browser window to log in with the new IAM user while keeping the root account logged in another window, showcasing how to operate two sessions simultaneously.

  12. A reminder to securely manage root and admin user credentials to avoid account access issues.

The author emphasizes the significance of using IAM users over the root account for operational security, provides tips for managing user permissions through groups, and illustrates how to manage multiple AWS sessions. The guide is designed to help users understand and implement best practices in AWS account management and security.

4.9. AWS CLI Setup on Mac OS X

The content outlines the steps for installing the AWS CLI version 2 on macOS. It involves downloading a .pkg file from the AWS website, using a graphical installer to install the CLI by following the on-screen prompts (continue, agree, install for all users, install), and then verifying the installation by opening a terminal application (such as the default Terminal or iTerm) and typing aws --version to check the installed version. The successful installation is confirmed by the terminal returning the version of the AWS CLI installed, in this case, AWS CLI 2.0.10. The guide suggests referring to additional documentation in case of issues during the installation process.

4.12. AWS CloudShell

The lecture introduces AWS CloudShell as an alternative to using the terminal for issuing commands to AWS. CloudShell is a browser-based terminal available directly within the AWS console, offering a convenient way to manage AWS resources without needing to configure a local terminal. However, it’s important to note that CloudShell is not available in all regions, so one should check the CloudShell availability in their preferred region first.

Key features and benefits of CloudShell mentioned include:

  1. Pre-installed AWS CLI: CloudShell comes with the AWS CLI pre-installed, enabling users to execute AWS commands right away. The lecturer demonstrates checking the AWS CLI version to highlight this.

  2. Automatic Credential Handling: When using CloudShell, AWS commands are executed with the credentials of the logged-in AWS account, simplifying API calls and credential management.

  3. Persistence of Files: Files created in CloudShell, such as demonstration text files, are persistent across sessions, which means they won’t disappear after logging out or restarting CloudShell.

  4. Customization and Usability Features: Users can customize the CloudShell environment, including font size and theme. It also supports file upload and download, allowing for easy transfer of files between the local environment and CloudShell.

  5. Multiple Tabs: CloudShell supports opening multiple tabs or splitting the view, enabling users to have several terminal sessions open simultaneously for more efficient work.

The lecturer emphasizes that CloudShell is a powerful tool for users who prefer a cloud-based terminal or need a quick way to manage AWS resources without configuring a local environment. However, it’s also noted that using the traditional terminal is still a viable option for those who prefer it or cannot access CloudShell. The choice between using CloudShell or a local terminal depends on the user’s preference, needs, and the availability of CloudShell in their region.

5. EC2 Fundamentals

5.1. AWS Budget Setup

The speaker is providing a guide on how to manage and monitor costs for an AWS account, emphasizing the importance of setting up a budget and alerts to avoid overspending. Initially, they encounter an issue with accessing billing information due to being logged in as an IAM user, which they resolve by enabling IAM user and role access to billing information from the root account. They then explore the billing console, showcasing how to view detailed cost information, including month-to-date costs, forecasted costs, and historical bills. The speaker also highlights the utility of AWS’s free tier and how to monitor usage against it.

To ensure spending does not exceed a certain threshold, they demonstrate how to set up two types of budgets: a zero spend budget that alerts at the first cent spent and a monthly cost budget with a predefined limit (e.g., $10), including email alerts at 85% and 100% spend thresholds, as well as when forecasted spend is expected to reach 100%. The speaker successfully receives an email alert for exceeding the zero spend budget, illustrating the functionality of the alert system.

The tutorial aims to equip viewers with the skills to effectively manage AWS costs, by leveraging budgets, the free tier, and detailed billing information to prevent unexpected charges.

5.2. EC2 Basics

The content provides an introduction to Amazon EC2 (Elastic Compute Cloud), highlighting its significance as a core component of AWS (Amazon Web Services) for providing Infrastructure as a Service (IaaS). EC2 allows users to rent virtual machines (instances), store data on virtual drives (EBS volumes), distribute load using Elastic Load Balancer, and scale services through auto-scaling groups. The discussion also covers the customization options for EC2 instances, including the choice of operating systems (Linux, Windows, macOS), compute power, RAM, storage type (network-attached or hardware-attached), network specifications, and security settings through security groups. It introduces the concept of bootstrapping instances using EC2 User Data for automating tasks at launch, and emphasizes the importance of selecting the appropriate instance type based on the application’s needs, showcasing examples ranging from t2.micro to more powerful instances like c5d.4xlarge. The t2.micro instance, as part of the AWS free tier offering, is highlighted for practical exercises in the course. The introduction promises hands-on learning to deepen understanding of EC2 and its role in cloud computing.

5.3. Create an EC2 Instance with EC2 User Data to have a Website Hands On

In this lecture, the instructor guides students through the process of launching their first Amazon EC2 instance running Amazon Linux. Key steps include:

  1. Launching an EC2 Instance: Using the AWS Management Console, the instructor demonstrates how to launch an EC2 instance, emphasizing the importance of setting a name and tags, choosing Amazon Linux 2 AMI as the base image, and selecting a t2.micro instance type for its eligibility in the AWS Free Tier.

  2. Setting Up Key Pair for SSH Access: The creation of a key pair (EC2 Tutorial) is covered, explaining the necessity of this step for secure SSH access to the instance. Different formats for the key pair are discussed based on the operating system used by the student.

  3. Network Settings and Security Group Configuration: The lecture walks through configuring network settings, assigning a public IP, and setting up a security group (launch-wizard-1) to allow SSH and HTTP traffic.

  4. Storage and Advanced Details: The default storage (8 GB gp2 root volume) is deemed sufficient, and the instructor touches upon advanced settings without delving deeply, focusing instead on the "user data" section where a script is passed to automatically set up a web server on the instance upon its first launch.

  5. Launching the Web Server: After reviewing and launching the instance, the instructor demonstrates how to access the web server running on the EC2 instance using its public IPv4 address, ensuring to use the HTTP protocol in the browser.

  6. Managing the Instance: The process of starting, stopping, and potentially terminating the instance is explained. The instructor highlights the cloud’s flexibility in managing resources and notes that stopping an instance halts billing for it, while terminating it would delete the instance and its associated storage.

  7. Public IP Address Change on Restart: It’s noted that stopping and then starting an instance can result in a change of its public IPv4 address, which is demonstrated when the web server becomes inaccessible due to the IP address change.

The lecture serves as a comprehensive introduction to setting up and managing an Amazon EC2 instance, including deploying a simple web server, with emphasis on practical steps and AWS best practices.

5.5. Security Groups & Classic Ports Overview

The content discusses the importance and functionality of security groups in AWS as a fundamental aspect of network security for EC2 instances. Security groups act as firewalls, controlling inbound and outbound traffic based on rules that specify allowed connections. These rules can reference IP addresses or other security groups, allowing for flexible configuration. By default, security groups block all inbound traffic and allow all outbound traffic. The content also highlights the ability to attach multiple security groups to an EC2 instance and the necessity of creating new security groups when switching regions or VPCs. An advanced feature of security groups is their ability to reference each other, facilitating communication between EC2 instances without relying on IP addresses. The content concludes with an overview of essential ports for the exam, including SSH (port 22) for Linux instances, FTP and SFTP (port 21 and 22 respectively) for file transfers, HTTP (port 80) and HTTPS (port 443) for web access, and RDP (port 3389) for Windows instances.

5.6. Security Groups Hands On

The content explains the concept and practical application of security groups in AWS EC2 instances. It begins by navigating to the security groups section via the AWS console to show how they are associated with EC2 instances, highlighting the presence of default and custom security groups created during the launch of an EC2 instance. Security groups serve as a virtual firewall for instances to control inbound and outbound traffic.

The tutorial specifically delves into inbound rules, demonstrating how they permit external connections to the instance. It shows an example where SSH (port 22) and HTTP (port 80) rules are set up to allow access from any IP address, emphasizing the role of the HTTP rule in enabling web server access. The consequences of removing an HTTP rule are illustrated by a failure to access the web server, showcasing the importance of correct security group configurations to avoid timeouts during connections.

To address connection issues, it’s advised to review and correct security group rules. The process of adding back a rule for HTTP on port 80 is shown, restoring access to the web server. The flexibility in defining inbound rules for different ports and protocols, like HTTPS (port 443), is discussed, along with options for specifying allowed IP ranges or specific IPs for security purposes. However, it warns against potential access issues if the user’s IP changes.

The tutorial also touches upon outbound rules, which by default allow all traffic, ensuring the instance can connect to the internet. It concludes with insights on attaching multiple security groups to a single EC2 instance and the possibility of using a single security group across multiple instances, showcasing the versatility and critical role of security groups in managing EC2 instance accessibility and security.

8. AWS Fundamentals: RDS + Aurora + ElastiCache

8.1. Amazon RDS Overview

The overview provided discusses AWS RDS (Relational Database Service), a managed database service that supports SQL query language for various database engines including PostgreSQL, MySQL, MariaDB, Oracle, Microsoft SQL Server, IBM DB2, and AWS’s proprietary Aurora. The advantages of using RDS over self-managed databases on EC2 instances include automated provisioning, OS patching, continuous backups with point-in-time restore, performance monitoring dashboards, read replicas for enhanced performance, Multi AZ setups for disaster recovery, maintenance windows, scalable storage backed by EBS, and vertical and horizontal scaling options. However, users cannot SSH into RDS instances due to its managed nature. A key feature highlighted is RDS Storage Auto Scaling, which automatically increases storage based on usage, avoiding manual scaling operations. This feature is particularly useful for applications with unpredictable workloads and supports all RDS database engines.

8.2. - RDS Read Replicas vs Multi AZ

This lecture is focused on explaining the differences between Amazon RDS Read Replicas and Multi-AZ deployments to prepare for an exam. It emphasizes the importance of understanding both concepts and their use cases.

Read Replicas:

  • Designed to scale out the read operations of a database.

  • Up to 15 Read Replicas can be created within the same availability zone, across availability zones, or across regions.

  • They use asynchronous replication from the main database instance, leading to eventually consistent reads.

  • Read Replicas can be promoted to become standalone databases.

  • They are particularly useful for offloading read operations, like analytics and reporting, from the primary database to maintain performance.

  • Networking costs for replication within the same region are typically waived, but cross-region replication incurs fees.

Multi-AZ:

  • Primarily used for disaster recovery.

  • Involves synchronous replication to a standby instance in a different availability zone.

  • Offers high availability through automatic failover to the standby instance in case of issues with the primary.

  • Not used for scaling; the standby instance cannot serve read or write operations until it is promoted during failover.

  • Read Replicas can also be configured with Multi-AZ for added disaster recovery capability.

Exam Tips:

  • Switching an RDS database from Single AZ to Multi-AZ is a zero-downtime operation that involves enabling Multi-AZ in the RDS settings. This process involves taking a snapshot of the primary database and restoring it to a new standby database, which then synchronizes with the primary to establish the Multi-AZ setup.

Understanding these concepts is crucial for making informed decisions about scaling and ensuring high availability and disaster recovery for Amazon RDS deployments.

8.3. - Amazon RDS Hands On

The content provides a detailed walkthrough on how to create a MySQL database instance on Amazon RDS, including setting up the instance, configuring it for the free tier, and managing different settings such as availability, security, and backups. It covers selecting the database engine, choosing an instance size within the free tier limits, setting up storage and connectivity options, and configuring security and database access settings. The tutorial also demonstrates how to connect to the newly created database using SQL Electron, a SQL client, and perform basic SQL operations like creating a table and inserting data. Additionally, it touches on monitoring, creating read replicas, taking snapshots, and the process to delete the database instance, emphasizing the managed service benefits of RDS for scalability, availability, and maintenance.

8.4. - Amazon Aurora

Amazon Aurora is a proprietary database technology from AWS designed to be fully compatible with Postgres and MySQL, offering significant performance improvements (5x for MySQL and 3x for Postgres compared to their RDS equivalents). Key features include automatic storage scaling from 10GB to 128TB, up to 15 read replicas with sub 10 ms lag, and instantaneous failover for high availability. Aurora stores six copies of data across three Availability Zones (AZs) for resilience, requiring only four copies for writes and three for reads, allowing it to handle AZ outages gracefully. It also features self-healing capabilities and relies on hundreds of volumes for data storage, reducing risks significantly.

Aurora clusters have a single master instance for writes and can have up to 15 read replicas for handling read workloads, with automatic failover to a new master in under 30 seconds. Aurora supports cross-region replication and offers both writer and reader endpoints to manage connections efficiently, including auto-scaling for read replicas to adjust the number of replicas based on demand.

Additionally, Aurora handles many operational tasks automatically, such as backup and recovery, patching with zero downtime, and advanced monitoring. It also introduces a unique "backtrack" feature, allowing users to restore data to any point in time without relying on backups. Overall, Aurora is positioned as a more efficient, scalable, and high-availability solution compared to traditional RDS, albeit at a roughly 20% higher cost, justified by its performance and scaling capabilities.

8.5. Amazon Aurora - Hands On

The provided text is a detailed guide on creating an Amazon Aurora database, highlighting its cost implications and step-by-step instructions for setting it up. The guide covers selecting a database engine (MySQL-compatible in this case), choosing a version, and configuring the database with options like instance type, storage configuration, and availability features. It also discusses enabling public access, setting up security groups, and configuring additional features like backup retention and encryption. The text explains the use of Aurora’s scalability features, like read replicas and auto-scaling, and introduces advanced functionalities such as cross-region replication and global databases. Finally, it outlines the process for safely deleting the database to avoid unnecessary costs. This guide serves as a comprehensive tutorial for users looking to deploy and manage an Amazon Aurora database, emphasizing the platform’s flexibility, scalability, and cost considerations.

8.7. RDS Proxy

Amazon RDS Proxy is a fully managed, serverless, and highly available database proxy for Amazon RDS that allows applications to pool and share database connections. This setup reduces the number of direct connections to the RDS database instance, thereby improving database efficiency by lessening the load on database resources such as CPU and RAM, and minimizing connection timeouts. The RDS Proxy is capable of auto-scaling, supports multiple database engines including MySQL, PostgreSQL, MariaDB, Microsoft SQL Server, and Aurora for MySQL and PostgreSQL, and requires no code changes in applications to implement. It also enhances security by enforcing IAM authentication, with credentials that can be securely stored in AWS Secrets Manager, and is designed to be accessible only from within a VPC, not publicly over the internet. Additionally, RDS Proxy significantly reduces failover times by up to 66% for RDS and Aurora databases, making it particularly beneficial for AWS Lambda functions, which can rapidly scale and might otherwise overwhelm database connections. This tool is crucial for optimizing database access, security, and reliability, without necessitating direct internet connectivity.

8.8. ElastiCache Overview

Amazon ElastiCache is a managed service that provides Redis or Memcached as in-memory databases for high-performance and low-latency caching solutions. It helps reduce database load by caching common queries, making applications more efficient and potentially stateless by storing application state in the cache. AWS handles maintenance tasks like patching and backups. However, integrating ElastiCache into an application requires significant code changes to query the cache effectively. The architecture involves checking the cache before querying the database to save on database load, implementing cache invalidation strategies to ensure data freshness, and possibly storing user session data to make applications stateless. Redis offers features like Multi-AZ with Auto-Failover, read replicas, data durability, and backup and restore capabilities, making it suitable for situations requiring high availability and data persistence. Memcached, on the other hand, focuses on being a straightforward, distributed cache with no high availability or data persistence features, using a multi-threaded architecture for data partitioning or sharding. The choice between Redis and Memcached depends on specific application needs regarding high availability, data durability, and the nature of the caching requirements.

8.9. ElastiCache Hands On

This passage provides a step-by-step guide on creating and configuring a Redis cache cluster using AWS ElastiCache. It starts by introducing the options to create a Redis cache, emphasizing the choice between a serverless offering for automatic scaling without server management and designing a cache manually for a more hands-on approach to learning AWS caching architecture. The guide opts for a manual design approach, explaining various configuration options like choosing between restoring from a backup or using recommended configurations for different environments (production, dev/test, demo), enabling cluster mode, and setting up a cluster with a single shard and up to five read replicas for simplicity and cost-effectiveness.

The tutorial continues with more detailed settings, including the choice of instance type (highlighting free tier options), deciding on multi-AZ deployment for high availability, encryption options for both data at rest and in transit, backup and maintenance preferences, and logging and tagging for monitoring and management purposes. It also touches on network security through security groups and user access control.

Finally, the guide concludes with the process of deploying the cache, noting the inability to demonstrate connecting to the Redis cache due to the complexity and code requirements. It compares ElastiCache’s management interface and features to RDS, highlighting their similarities and the specific focus on Redis and Memcached for ElastiCache. The passage ends with instructions on deleting the Redis cluster once the user is done with the hands-on exercise, emphasizing the educational purpose of the setup.

8.10. ElastiCache Strategies

The lecture provides an overview of caching strategies, emphasizing the importance of determining whether data is suitable for caching based on its update frequency and structure. It introduces three main caching strategies:

  1. Lazy Loading (Cache-Aside or Lazy Population): This strategy involves checking the cache first and, if the data isn’t present (cache miss), fetching it from the database, then storing it in the cache for future requests. This approach is efficient because only requested data is cached, but it can lead to increased latency due to cache misses and the potential for stale data if the database updates are not reflected in the cache.

  2. Write Through: In this strategy, data is added to the cache simultaneously as it is updated in the database, ensuring cache data is never stale. However, this requires a write penalty, as both the database and cache need to be updated, potentially leading to missing data until the database update occurs. Combining Write Through with Lazy Loading can mitigate some downsides, like cache churn from too much data being added to the cache.

  3. Cache Evictions and Time-to-Live (TTL): This strategy involves automatically removing data from the cache based on certain rules, like least recently used (LRU) data or after a set time period (TTL), to make room for new data. TTL can be highly effective even if set to just a few seconds for frequently requested data.

The lecture emphasizes that caching can significantly improve read performance and reduce latency but requires careful consideration of data update frequency, structure, and the appropriate caching strategy. It also mentions the complexity of caching, highlighting it as a challenging aspect of computer science.

8.11. Amazon MemoryDB for Redis - Overview

Amazon MemoryDB for Redis is a durable, Redis-compatible, in-memory database service designed to offer ultra-fast performance, capable of handling over 160 million requests per second. Unlike Redis, which is primarily used as a cache with some durability features, MemoryDB serves as a full-fledged database with a Redis-compatible API, focusing on data durability with Multi-AZ transaction logs for enhanced data recovery and durability. It can scale from tens of gigabytes to hundreds of terabytes, making it suitable for web and mobile applications, online gaming, media streaming, and more, particularly beneficial for microservices requiring fast, in-memory database access with reliable data storage across multiple availability zones.