Section 13: Deployment and Management

Question 1

What is AWS CloudFormation

Answer 1

AWS CloudFormation = Infrastructure as code

AWS CloudFormation is a service that helps you model and set up your AWS resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and CloudFormation takes care of provisioning and configuring those resources for you.

Question 2

AWS CloudFormation components

Answer 2

• Templates = JSON or YAML file that contains the instructions for building out the AWS environment
• Stacks = the entire environment described by the template and created, updated and deleted as a single unit
• StackSets = extends the functionality of Stacks by enabling you to create, update and delete stacks across multiple accounts and regions with a single operation
• Change Sets = a summary of proposed changes to your stack that will allow you to see how those changes might impact your existing resources before implementing them

Question 3

What is AWS Elastic Beanstalk?

Answer 3

With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without having to learn about the infrastructure that runs those applications.

Elastic Beanstalk reduces management complexity without restricting choice or control. You simply upload your application, and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring.

Elastic Beanstalk supports applications developed in Go, Java, .NET, Node.js, PHP, Python, Ruby and Docker web apps. When you deploy your application, Elastic Beanstalk builds the selected supported platform version and provisions one or more AWS resources, such as Amazon EC2 instances, to run your application.

Question 4

What is AWS Systems Manager (SSM) Parameter Store

Answer 4

SSM Parameter Store:
* Parameter Store provides secure, hierachical storage for configuration data and secrets
* Store data such as passwords, database strings, licencse codes
* Store vaules as plain text (unencrypted data) or cipher text (encrypted data)
* Reference values by using the unique name you specified when creating the parameter

Question 5

What is AWS Config?

Answer 5

AWS Config helps you record configuration changes to software within EC2 instances in your AWS account and also virtual machines (VMs) or servers in your on-premises environment. The configuration information recorded by AWS Config includes Operating System updates, network configuration, and installed applications.

Question 6

AWS Secrets Manager

Answer 6

Secrets Manager:
* Stores and rotates secrets safely without need for code deployments
* automatic rotation of credentials for RDS, Aurora, RedShift and DocumentDB

Different between SSM Parameter Store and Secrets Manager:
* Secrets Manager rotates secrets
* Secrets Manager charges per secret
* SSM Parameter Store does NOT rotate secrets
* SSM Parameter Store is free (charges for advanced features)

Question 7

What is AWS OpsWorks?

Answer 7

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet.

Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.

Question 8

RPO and RTO

Answer 8

RPO = Recovery Point Objective
* The maximum acceptable amount of time since the last data recovery point. This determines what is considered an acceptable loss of data.

RTO = Recovery Time Objective
* The maximum acceptable delay between the interruption of service and restoration of service. This determines an acceptable length of time for service downtime.

More details - https://aws.amazon.com/blogs/architecture/disaster-recovery-dr-architecture-on-aws-part-i-strategies-for-recovery-in-the-cloud/

Question 9

Disaster Recovery Strategies

Answer 9

From least to most costly, and low to high priority:
* Backup and Restore
* Pilot Light
* Warm standby
* Multi-site active/active

More info - https://aws.amazon.com/blogs/architecture/disaster-recovery-dr-architecture-on-aws-part-i-strategies-for-recovery-in-the-cloud/

Question 10

What format can source files be in for Amazon Elastic Beanstalk?

Answer 10

WAR or ZIP (or Git)

Question 11

What’s the best way to test updates for a CloudFormation stack before final updates are made?

Answer 11

Execute a change set

The best way to test a change before committing to it is to execute a change set.

Question 12

AWS Secrets Manager offers automatic rotation for which of the following services?

Answer 12

RDS, Redshift and DocumentDB

Question 13

AWS OpsWorks provides managed instances of?

Answer 13

Chef and Puppet

Question 14

Cheat sheets

Answer 14

• CloudFormation - https://digitalcloud.training/aws-cloudformation/
• Beanstalk - https://digitalcloud.training/certification-training/aws-solutions-architect-associate/compute/aws-elastic-beanstalk/
• AWS Config - https://digitalcloud.training/aws-config/
• AWS RAM - https://digitalcloud.training/aws-resource-access-manager/
• AWS Systems Manager - https://digitalcloud.training/aws-systems-manager/
• AWS OpsWorks - https://digitalcloud.training/aws-opsworks/