Introduction to Developing on AWS Flashcards
Main principle for creating policies in IAM
When you create IAM policies, follow the principle of least privilege—that is, granting only the permissions required to perform a task.
What is needed for using SDK
AWS account
AWS credentials
The four methods to access AWS services
- AWS Management Console
- AWS Command Line Interface (AWS CLI)
- Software Development Kits (SDKs)
- Application programming interface (API)
All four methods are built on a common, REST-like API that serves as the foundation of AWS.
Basic structure of an AWS command line call
- Command
- Subcommand: operation to perform
- Parameters of the operation
- Options
The two API
- Service client API : Low-level API
- Resource API :
Higher-level API
Available on Python
Resource APIs are easier to understand and simpler to use as they provide a higher-level abstraction than client APIs.
How to select region with SDK
- Specify the AWS Region when instantiating the service client or set it soon after the client has been instantiated (AWS SDKs for Java and .NET)
- You must create a separate instance of the service client for every region that you want to work with.
- Other SDKs, such as the AWS SDK for Python (Boto 3), can use the default AWS Region that is set in the ~/.aws/config file.
The two types (xxx series) of error codes
- 400 series: handle error in application (example: 404 means that resource doesn’t exist)
- 500 series: internal error: the operation must be retried. Each AWS SDK implements automatic retry logic.
The three exceptions returned by SDK for Java
AmazonServiceException – This exception (or its subclass) indicates that the request was correctly transmitted to the service. However, the service was not able to process it and returned an error response instead.
AmazonClientException – This exception indicates that a problem occurred inside the Java client code, either while trying to send a request to AWS or while trying to parse a response from AWS.
IllegalArgumentException – This exception is thrown if you pass an illegal argument when performing an operation on a service.
Benefits of Cloud9
- Start projects quickly and code with only a browser
- Code together in real time
- build serverless applications with ease
Best practices for Cloud9
- Use source control and backup your environment frequently
- Perform regular updates of software on your environment
- Turn on AWS CloudTrail in your AWS account
- Share your environment only with trusted users
What does X-Ray provide
X-Ray provides a complete view of requests as they travel through your application, and shows a map of your application’s underlying components.
- Create a service map & dependency tree
- Identify errors and bugs
- Identify performance bottlenecks
- Build your own analysis and visualization apps
What does CloudWatch allow
- Collect and track metrics
- Monitor and store logs
- Set alarms -> react to changes
- View graphs and statistics
CloudWatch is basically a metrics repository
What does CloudTrail do
AWS CloudTrail is an AWS service that generates logs of calls to the AWS API.
You can use the CloudTrail console to view the last 90 days of recorded API activity and events in an AWS Region.
7 best practices for developing cloud applications
- Design applications that are loosely coupled
- Architect for resilience
- Design for failure
- Log metrics and monitor performance
- Implement a strong DevOps model
- Be aware of security and regulatory restrictions
- Implement security in every layer (infrastructure, application, data at transit and at rest, user authentication and authorization)