aws certified solution architect.
6 kelebihan cloud computing.
economic of scale
variable vs capital expense
stop guessing capacity
increase speed and agility
focus on business differentiators
go global in minutes
==================================
deployment model:
all-in cloud
^ semua full di cloud
hybrid
^ ada hubungannya dengan existing resource / datacenter
=====================================
aws -> on demand.
kyk bli listrik di pln langsung
^ kapasitas tergantung yang dibutuhkan dan digunakan.
^ lower cost diawal. scaling gampang.
====================================
exam -> focus di aws global infra dan aws approach to security and compliance
======================================
aws server ada di lebih dari 190 negara.
providing lower latency higher througput
setiap region punya isolated location -> disebut availability zones.
complete isolation antar region!
tapi terhubung via low-latency link.
setiap availability zones terhubung ke tier-1 transit provider.
===================================
security best practice di aws:
SOC / service organization control. ISAE /international standard on assurance engagement 3402, SOC2, SOC3
FISMA / federal information security management act.
DIACAP / departement of defense information assurance certification and accreditation process, and federal risk
and authorization management program
PCI DSS / payment card industry data security standard. level 1
IOS 9001 / international organization for standardization , ISO 27001, ISO 27018
==============================
Access platform:
bisa menggunakan:
1 AWS CLI
- web application buat manage aws service
- bs perform banyak task.
- bs liad informasi account & billing
- bisa control multiple service & automate menggunakan script.
2 AWS SDK ( aws software development kit )
- provide API untuk interaksi dengan web services.
- support banyak programming language.
==============================
// compute and network service
- amazon EC2
provide virtual computing environtment ( virtual server ) in amazon datacenter.
bisa control memory, CPU, storage
bisa milih OS, custom application, manage network access permission
- AWS lambda
0 administration computer platform untuk back end developer. -> jalanin code di AWS cloud ( dijalanin di EC2 ). accross multiple availability zone in region.
^ provide high availability. security, performance, scalability AWS infra.
- auto scalling
memperbolehkan sebuah organisasi untuk membesarkan / mengecilkan skala dari amazon EC2.
^ sesuai dari demand / workload.
^ optimize COST!
- elastic load balancing
auto distribute incoming application traffic accross amazon EC2 instances di cloud.
^ fault tolerance.
^ load balance
- AWS Elastic Beanstalk
^ cara paling simple dan tercepat untuk deploy web application.
auto resource provisioning, loadbalancing, auto scalling,
monitoring.
user tetap memiliki control terhadap resources. dan bisa ngeset resources kapan aj.
^ support php, java, python, ruby, nodejs, .net, go
- amazon VPC ( virtual private cloud )
provision logically isolated section on amazon cloud.
supaya bisa diakses organisasi secara terisolir.
^ selection ip address range, creation subnet, config route table, gateway.
^ bisa extend corporate datacenter network ke aws via VPN / dedicated circuit menggunakan AWS Direct Connect
- AWS Direct Connect
establish dedicated network connection (private) from datacenter to AWS.
^ reduce cost, increase bandwidth througput, more consistent network experience than VPN based connection
- amazon route 53
highly available and scalable DNS.
^ serves as domain registrar allowing purchange and manage domain directly from AWS
==============================
// storage and content delivery
1 amazon simple storage service (S3)
high durable, scalable object storage.
handle virtually unlimited amount of data and concurrent users.
can store any number of object such as :
html page,
source code file, image file, encrypted data, and access using http based protocol.
cost effective.
can be used as backup and recovery,big data analytic, nearline archive, disaster recovery, cloud app, content distribution.
2 amazon cloudfront
amazon CDN / content delivery web service
^ accros the world, low latency, high data transfer, no minimum usage commitments.
^ auto routed to nearest edge location.
^ best possible performance to end user
3 amazon elastic block store (EBS)
provide persistent block-level storage volume for used with EC2 instances.
^ each EBS automatically replicated within availability zone.
^ consistent, low latency
4 amazon glacier
secure durable low cost storage service for data archive and long term backup.
^ buat data yg jarang diakses tp ber giga2. low cost!
5 amazon storage gateway
service connecting on premises software app with cloud based storage to provide seamless and secure intgration between on premis IT environtment and aws infra. ( S3, glacier)
==============================
// database services
petabyte-scale data warehouse solution.
fully managed relational and noSQL db service.
1 amazon RDS / relational database services
fully managed relational database
^ operational task ditanggung oleh amazon.
^ user tinggal fokus ke proses bisnis
^ --backup, software patching, monitoring, scaling , replication
2 amazon DynamoDB
fast, flexible NoSQL database. key, value.
used for: mobile, web gaming, ad-tech, IOT, app.
3 amazon Redshift
fast, full manage, petabyte sclae.
simple cost effective
analyze structure data.
fast query.
allowing automate task with provisioning, configure, monitoring cloud data warehouse
4 amazon elastiCache
in memory cache in the cloud.
allow retreive information from fast, managed in memory cache instead rely on slower disk based database.
^ support memcached & redis cache engines.
========================
// management tools
1 amazon cloudwatch
monitor aws cloud resource.
track metric, monitor log, set alarm.
visibility resource utilization, app performance, operational health
2 amazon cloudformation
manageable by developer & sys admin
define JSON-based templating language that can be used to describe aws resources worklooad
3 AWS cloudtrail
record AWS API calls for account and delover log file for audit and review.
^ identity, time api call, source ip of api caller, request param, response element
4 AWS Config
fully managed service providing:
aws resource inventory
config history
config change & notification
discover aws resource and config detail ( can be exported ).
determine how resources was configured at any time point.
^ used for compliance audit, security analyze, resource change tracking, troubleshooting
========================
// security and identity
1 AWS IAM / identity and access management
secure control and access to aws cloud service for their users.
grouping and user permission!
2 AWS KMS / key management service
create encryption key. use HSM ( Hardware security modules ) to protect security
of the key.
3 AWS Directory service
setup and run microsoft AD on aws cloud.
can connect aws resource with existing on-premises.
4 AWS Certificate Manager
easy privision manage and deploy SSL/TLS certificate used with AWS cloud service.
^ remove time consuming purchase upload renew ssl certificate
5 AWS WAF
protect web app.
apply web security rules!
=======================
// application services
1 amazon API Gateway.
create, publish, maintain, monitor secure API.
pintu depan buat akses data, bisnis logic, backend functionality.
2 amazon elastic transcoder
convert media dari source format ke format yang bisa dimainkan di smartphone, tablets, PC
3 amazon SNS / simple notification service
web service coordinates and manages delivery to recipient.
ada publisher,subscriber.
subscriber consume message dari sebuah topic yg telah disebar oleh publisher.
4 amazon SES / simple email service
cost efecctive email service.
can receive msg deliver to amazon S3 bucket, call custom code via AWS lambda / publish notif ke amazon SNS
5 amazon SWF / simple workflow service
state tracker and task coordinator.
^ ngecek klo semisal aplikasi kelamaan ( 500 ms ). ngecek state.
provide ability to recover / or retry.
6 amazon amazon SQS / simple queue service
message queueing service.
decouple component of cloud app.
can transmit any volume of data, at any level throughput without data loss
================
topic:
global infra
understand regions
understand availability zones
understand hybrid deployment model
No comments:
Post a Comment