Section 13: Deployment and Management Flashcards
What is AWS CloudFormation
AWS CloudFormation = Infrastructure as code
AWS CloudFormation is a service that helps you model and set up your AWS resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and CloudFormation takes care of provisioning and configuring those resources for you.
AWS CloudFormation components
- Templates = JSON or YAML file that contains the instructions for building out the AWS environment
- Stacks = the entire environment described by the template and created, updated and deleted as a single unit
- StackSets = extends the functionality of Stacks by enabling you to create, update and delete stacks across multiple accounts and regions with a single operation
- Change Sets = a summary of proposed changes to your stack that will allow you to see how those changes might impact your existing resources before implementing them
What is AWS Elastic Beanstalk?
With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without having to learn about the infrastructure that runs those applications.
Elastic Beanstalk reduces management complexity without restricting choice or control. You simply upload your application, and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring.
Elastic Beanstalk supports applications developed in Go, Java, .NET, Node.js, PHP, Python, Ruby and Docker web apps. When you deploy your application, Elastic Beanstalk builds the selected supported platform version and provisions one or more AWS resources, such as Amazon EC2 instances, to run your application.
What is AWS Systems Manager (SSM) Parameter Store
SSM Parameter Store:
* Parameter Store provides secure, hierachical storage for configuration data and secrets
* Store data such as passwords, database strings, licencse codes
* Store vaules as plain text (unencrypted data) or cipher text (encrypted data)
* Reference values by using the unique name you specified when creating the parameter
What is AWS Config?
AWS Config helps you record configuration changes to software within EC2 instances in your AWS account and also virtual machines (VMs) or servers in your on-premises environment. The configuration information recorded by AWS Config includes Operating System updates, network configuration, and installed applications.
AWS Secrets Manager
Secrets Manager:
* Stores and rotates secrets safely without need for code deployments
* automatic rotation of credentials for RDS, Aurora, RedShift and DocumentDB
Different between SSM Parameter Store and Secrets Manager:
* Secrets Manager rotates secrets
* Secrets Manager charges per secret
* SSM Parameter Store does NOT rotate secrets
* SSM Parameter Store is free (charges for advanced features)
What is AWS OpsWorks?
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet.
Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.
RPO and RTO
RPO = Recovery Point Objective
* The maximum acceptable amount of time since the last data recovery point. This determines what is considered an acceptable loss of data.
RTO = Recovery Time Objective
* The maximum acceptable delay between the interruption of service and restoration of service. This determines an acceptable length of time for service downtime.
More details - https://aws.amazon.com/blogs/architecture/disaster-recovery-dr-architecture-on-aws-part-i-strategies-for-recovery-in-the-cloud/
Disaster Recovery Strategies
From least to most costly, and low to high priority:
* Backup and Restore
* Pilot Light
* Warm standby
* Multi-site active/active
More info - https://aws.amazon.com/blogs/architecture/disaster-recovery-dr-architecture-on-aws-part-i-strategies-for-recovery-in-the-cloud/
What format can source files be in for Amazon Elastic Beanstalk?
WAR or ZIP (or Git)
What’s the best way to test updates for a CloudFormation stack before final updates are made?
Execute a change set
The best way to test a change before committing to it is to execute a change set.
AWS Secrets Manager offers automatic rotation for which of the following services?
RDS, Redshift and DocumentDB
AWS OpsWorks provides managed instances of?
Chef and Puppet
Cheat sheets
- CloudFormation - https://digitalcloud.training/aws-cloudformation/
- Beanstalk - https://digitalcloud.training/certification-training/aws-solutions-architect-associate/compute/aws-elastic-beanstalk/
- AWS Config - https://digitalcloud.training/aws-config/
- AWS RAM - https://digitalcloud.training/aws-resource-access-manager/
- AWS Systems Manager - https://digitalcloud.training/aws-systems-manager/
- AWS OpsWorks - https://digitalcloud.training/aws-opsworks/