├── README.md
├── learning-note.md
└── white-papers
    ├── AWS_Blue_Green_Deployments.pdf
    ├── AWS_Cloud_Best_Practices.pdf
    ├── AWS_Security_Best_Practices.pdf
    ├── AWS_Well-Architected_Framework.pdf
    ├── microservices-on-aws.pdf
    ├── optimizing-enterprise-economics-serverless-architectures.pdf
    ├── practicing-continuous-integration-continuous-delivery-on-AWS.pdf
    ├── running-containerized-microservices-on-aws.pdf
    └── serverless-architectures-with-aws-lambda.pdf


/README.md:
--------------------------------------------------------------------------------
 1 | # AWS certification developer associate
 2 | 
 3 | I achieved AWS's developer associate certification on 27/07/2018. This repository contains all my learning materials about the exam. Feel free to fork and contribute.
 4 | 
 5 | [Certification Badge](https://www.certmetrics.com/amazon/public/badge.aspx?i=2&t=c&d=2018-07-27&ci=AWS00572144)
 6 | 
 7 | ## Contributing
 8 | 
 9 | 1.  Fork it (<https://github.com/nerdmax/aws-certification-developer-associate/fork>)
10 | 2.  Create your feature branch (`git checkout -b feature/fooBar`)
11 | 3.  Commit your changes (`git commit -am 'Add some fooBar'`)
12 | 4.  Push to the branch (`git push origin feature/fooBar`)
13 | 5.  Create a new Pull Request
14 | 


--------------------------------------------------------------------------------
/learning-note.md:
--------------------------------------------------------------------------------
  1 | # Learning note
  2 | 
  3 | - [Learning note](#learning-note)
  4 |   - [IAM (Identity and Access Management)](#iam-identity-and-access-management)
  5 |     - [User, Group, Policies](#user-group-policies)
  6 |     - [MFA (multi-factor authentication)](#mfa-multi-factor-authentication)
  7 |     - [Add users](#add-users)
  8 |     - [Apply an IAM password policy](#apply-an-iam-password-policy)
  9 |     - [Roles](#roles)
 10 |   - [EC2 (Amazon Elastic Compute Cloud)](#ec2-amazon-elastic-compute-cloud)
 11 |     - [EC2 features](#ec2-features)
 12 |     - [EC2 types](#ec2-types)
 13 |     - [EBS (Elastic Block Storage)](#ebs-elastic-block-storage)
 14 |       - [EBS Volume Types](#ebs-volume-types)
 15 |     - [Elastic Load Balancers](#elastic-load-balancers)
 16 |     - [Route 53](#route-53)
 17 |     - [CLI](#cli)
 18 |     - [EC2 with S3 Role Lab](#ec2-with-s3-role-lab)
 19 |     - [AWS Database Types](#aws-database-types)
 20 |     - [RDS - BACK UPS, MULTI - AZ & READ REPLICAS](#rds---back-ups-multi---az--read-replicas)
 21 |     - [Elasticache 101](#elasticache-101)
 22 |   - [S3](#s3)
 23 |     - [Brief introduction](#brief-introduction)
 24 |     - [S3 Security](#s3-security)
 25 |     - [S3 Encryption](#s3-encryption)
 26 |     - [CORS](#cors)
 27 |     - [Cloud Front (CDN content delivery network)](#cloud-front-cdn-content-delivery-network)
 28 |     - [S3 Performance Optionization](#s3-performance-optionization)
 29 |   - [Serverless](#serverless)
 30 |     - [Lambda](#lambda)
 31 |     - [API Gateway](#api-gateway)
 32 |     - [Lambda version control](#lambda-version-control)
 33 |     - [Step Functions](#step-functions)
 34 |     - [X - Ray](#x---ray)
 35 |     - [Advanced API Gateway](#advanced-api-gateway)
 36 |   - [DynamoDB](#dynamodb)
 37 |     - [DynamoDB Indexes](#dynamodb-indexes)
 38 |     - [Scan Vs Query](#scan-vs-query)
 39 |     - [DynamoDB Provisioned Throughput](#dynamodb-provisioned-throughput)
 40 |     - [DynamoDB Accellorator (DAX)](#dynamodb-accellorator-dax)
 41 |     - [Elasticache](#elasticache)
 42 |   - [AWS KMS](#aws-kms)
 43 |     - [AWS Key Management Service](#aws-key-management-service)
 44 |     - [KMS API Calls](#kms-api-calls)
 45 |     - [Envelope Encryption](#envelope-encryption)
 46 |     - [SQS](#sqs)
 47 |     - [SNS](#sns)
 48 |     - [SNS VS SES](#sns-vs-ses)
 49 |     - [Elastic Beanstalk](#elastic-beanstalk)
 50 |     - [Updating Elastic Beanstalk](#updating-elastic-beanstalk)
 51 |     - [Advanced Elastic Beanstalk](#advanced-elastic-beanstalk)
 52 |     - [RDS & Elastic Beanstalk](#rds--elastic-beanstalk)
 53 |     - [Kinesis](#kinesis)
 54 |   - [Developer Theory](#developer-theory)
 55 |     - [CI/CD](#cicd)
 56 |     - [AWS CodeCommit](#aws-codecommit)
 57 |     - [AWS CodeDeploy](#aws-codedeploy)
 58 |     - [AWS CodePipeline](#aws-codepipeline)
 59 |     - [CodeDeploy Advanced Settings](#codedeploy-advanced-settings)
 60 |   - [Advanced IAM](#advanced-iam)
 61 |     - [Web Identity Federation](#web-identity-federation)
 62 |     - [Cognito User Pools](#cognito-user-pools)
 63 |     - [Inline Policies vs. Managed Policies vs. Custom Policies](#inline-policies-vs-managed-policies-vs-custom-policies)
 64 |   - [SWF](#swf)
 65 |   - [VPC (Virtual Private Cloud)](#vpc-virtual-private-cloud)
 66 | 
 67 | ## IAM (Identity and Access Management)
 68 | 
 69 | IAM has the following:
 70 | 
 71 | - Users
 72 | - Groups (A way to group our users and apply polices to them collectively)
 73 | - Roles
 74 | - Policy Documents
 75 | 
 76 | ### User, Group, Policies
 77 | 
 78 | 1.  Create groups
 79 | 2.  Assign users to different groups
 80 | 3.  Assign policies to groups
 81 | 
 82 | ### MFA (multi-factor authentication)
 83 | 
 84 | Virtual MFA Applications will let you scan QR code and it will generate one 6 digits code and another 6 digits code after a few seconds.
 85 | 
 86 | ### Add users
 87 | 
 88 | 1.  Programmatic login with Access key ID & Secret access key (Which will not be seen later)
 89 | 2.  Console login with User name & Password
 90 | 
 91 | ### Apply an IAM password policy
 92 | 
 93 | We can set up password policy here.
 94 | 
 95 | ### Roles
 96 | 
 97 | IAM roles are a secure way to grant permissions to entities that you trust .
 98 | 
 99 | ## EC2 (Amazon Elastic Compute Cloud)
100 | 
101 | Virtual server
102 | 
103 | ### EC2 features
104 | 
105 | - On Demand
106 |   - Fix rate by the hour
107 | - Reserved Instances
108 |   - 1 year or 3 years terms
109 | - Spot Instances
110 |   - Only pay what you bid on.
111 |   - Will not be charged if instance is terminated by Amazon EC2, but will be charged if user terminates the instance
112 | - Dedicated Hosts
113 |   - Physical EC2 server, for server-bound software licenses.
114 | 
115 | ### EC2 types
116 | 
117 | - F for FPGA
118 | - I for IOPS
119 | - G - Graphics
120 | - H - High Disk Throughput
121 | - T cheap general purpose (think T2 Micro)
122 | - D for Density
123 | - R for RAM
124 | - M - main choice for general purpose apps
125 | - C for Compute
126 | - P - Graphics (think Pics)
127 | - X - Extreme Memory
128 | 
129 | ### EBS (Elastic Block Storage)
130 | 
131 | Virtual disk.
132 | 
133 | #### EBS Volume Types
134 | 
135 | - SSD
136 |   - General Purpose SSD (GP2)
137 |     - General purpose, balances both price and performance.
138 |     - Ratio of 3 IOPS per GB with up to 10,000 IOPS and the ability to burst up to 3000 IOPS for extended periods of time for volumes at 3334 GiB and above.
139 |   - Provisioned IOPS SSD (I01)
140 |     - Designed for I/O intensive applications such as large relational or NoSql databases.
141 |     - Use if you need more than 10,000
142 | - Magnetic
143 |   - Throughput Optimized HDD (ST1)
144 |     - Low cost HDD volume designed for frequently accessed, throughtput-intensive workloads
145 |     - Big data
146 |     - Data warehouses
147 |     - Log processing
148 |     - Cannot be a boot volume
149 |   - Cold HDD (SC1)
150 |     - Lowest Cost Storage for infrequently accessed workloads
151 |     - File Server
152 |     - Cannot be a boot volume.
153 |   - Magnetic (Standard)
154 |     - Previous Generation. Can be a boot volume.
155 | 
156 | ### Elastic Load Balancers
157 | 
158 | - 3 Types of Load Balancers
159 |   - Application Load Balancers
160 |   - Network Load Balancers
161 |   - Classic Load Balancers
162 | - 504 Error means the gateway has timed out. This means that the application not responding within the idle timeout period.
163 |   - Trouble shoot the application. Is it the Web Server or Database Server?
164 | - If you need the IPv4 address of your end user, look for the X-Forwarded-For header.
165 | 
166 | ### Route 53
167 | 
168 | - Route 53 is Amazon's DNS service
169 | - Allows you to map your domain names to
170 |   - EC2 Instances
171 |   - Load Balancers
172 |   - S3 Buckets
173 | 
174 | ### CLI
175 | 
176 | - Least Privilege - Always give your users the minimum amount of access required.
177 | - Create Groups - Assign your users to groups. Your users will automatically inherit the permissions of the group. The groups permissions are assigned using policy documents.
178 | - Secret Access Key - You will see this only once. If you do not save it, you can delete the Key Pair (Access Key ID and Secret Access Key) and regenerate it. You will need to run aws configure again.
179 | - Do not use just one access key - Do not create just one access key and share that with all your developers. If someone leaves the company on bad terms, then you will needd to delete the key and create a new one and every developer would then need to update their keys. Instead create one key pair per developer.
180 | - You can use the CLI on your PC - You can install the CLI on your Mac, Linux or Windows PC. I personally use S3 to store all my files up in the cloud.
181 | 
182 | ### EC2 with S3 Role Lab
183 | 
184 | - Roles allow you to not use Access Key ID's and Secret Access Keys. Always use roles, not access keys.
185 | - Roles are preferred from a security perspective
186 | - Roles are controlled by policies
187 | - You can change a policy on a role and it will take immediate affect
188 | - You can attach and detach roles to running EC2 instances without having to stop or terminate these instances
189 | - You can encrypt the root device volume (the volume the OS is installed on) using Operation System level encryption
190 | - You can encrypt the root device volume by first taking a snapshot of that volume, and then creating a copy of that snap with encryption. You can then make an AMI of this snap and deploy the encrypted root device volume.
191 | - You can encrypt additional attached volumes using the console, CLI or API.
192 | - If you make an AMI publich, this AMI is immediately available across all regions, by default
193 | 
194 | ### AWS Database Types
195 | 
196 | - RDS - OLTP (online transaction processing)
197 |   - SQL
198 |   - MySQL
199 |   - PostgreSQL
200 |   - Oracle
201 |   - Aurora
202 |   - MariaDB
203 | - DynamoDB - No SQL
204 | - RedShift - OLAP (On-line Analytical Processing)
205 |   - Amazon's data warehousing service
206 | - Elasticache - In Memory Caching
207 |   - Memcached
208 |   - Redis
209 | 
210 | In OLTP database there is detailed and current data, and schema used to store transactional databases is the entity model (usually 3NF). - OLAP (On-line Analytical Processing) is characterized by relatively low volume of transactions. Queries are often very complex and involve aggregations.
211 | 
212 | ### RDS - BACK UPS, MULTI - AZ & READ REPLICAS
213 | 
214 | - Multi - AZ RDS
215 |   - It's for disaster recovery only. It is not primarily used for improving performance. For performance improvement, you need Read Replicas.
216 | - Read Replica Databases
217 |   - Not for DR
218 |   - Used for scaling, not for DR
219 |   - Must have automatic backups turned on in order to deploy a read replica.
220 |   - You can have up to 5 read replica copies of any database.
221 |   - You can have read replicas of read replicas (but watch out for latency.)
222 |   - Each read replica will have its own DNS end point.
223 |   - You can have read replicas that have Multi - AZ.
224 |   - You can create read replicas of Multi - AZ source databases.
225 |   - Read replicas can be promoted to be their own databases. This breaks the replication.
226 |   - You can have a read replica in a second region.
227 | 
228 | ### Elasticache 101
229 | 
230 | - Memcached
231 |   - If not concern about the redundancy
232 |   - Object caching is your primary goal
233 |   - You want to keep things as simple as possible
234 |   - You want to scale your cache horizontally (Scale out)
235 | - Redis
236 |   - You have advanced data types, such as lists, hashes, and sets
237 |   - You are doing data sorting and ranking (such as leader boards)
238 |   - Data Persistence
239 |   - Multi AZ
240 |   - Pub/Sub capabilities are needed
241 | 
242 | Typically, you will be given a scenario where a particular database is under a lot of stress/load. You may be asked which service you should use to alleviate this.
243 | 
244 | Elasticache is a good choice if your database is particularly read-heavy and not prone to frequent changing.
245 | 
246 | Redshift is a good answer if the reason your database is feeling stress is because management keep running OLAP transactions on it etc.
247 | 
248 | ## S3
249 | 
250 | Simple storage system
251 | 
252 | ### Brief introduction
253 | 
254 | - Remember that S3 is Object-based: i.e. allows you to upload files. Object-based storage only (for files)
255 | - Not suitable to install an operation system or running a database on
256 | - Files can be from 0 Bytes to 5 TB.
257 | - There is unlimited storage.
258 | - Files are stored in Buckets.
259 | - S3 is a unviersal namespace. That is, names must be unique globally.
260 | - Read after Write consistency for PUTS of new Objects
261 | - Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate)
262 | - S3 Storage Classes/Tiers:
263 |   - S3 (durable, immediately available, frequently accessed)
264 |   - S3 - IA (durable, immediately available, infrequently accessed)
265 |   - S3 - One Zone IA: Same as IA. However, data is stored in a single Availability Zone only.
266 |   - S3 - Reduced Redundancy Storage (data that is easily reproducible, such as thumbnails, etc.)
267 |   - Glacier - Archived data, where you can wait 3 - 5 hours before accessing
268 | - Remember the core fundamentals of an S3 object:
269 |   - Key (name)
270 |   - Value (data)
271 |   - Version ID
272 |   - Metadata
273 |   - Subresources - bucket-specific configuration:
274 |     - Bucket Policies, Access Control Lists,
275 |     - Cross Origin Resource Sharing (CORS)
276 |     - Transfer Acceleration
277 | - Successful uploads will generate a HTTP 200 status code. - when you use the CLI or API
278 | 
279 | ### S3 Security
280 | 
281 | ### S3 Encryption
282 | 
283 | - Type 1 Encryption In-Transit
284 |   - SSL/TLS(HTTPS)
285 | - Type 2 Encryption At Rest
286 |   - Server Side Encryption
287 |     - SSE-S3 (Keys are managed in S3)
288 |     - SSE-KMS (Key management service)
289 |     - SSE-C (Custom manage keys)
290 |   - Client Side Encryption
291 | - If you want to enforce the use of encryption for your files stored in S3, use an S3 Bucket Policy to deny all PUT requests that don't include the x-amz-server-side-encryption parameter in the request header.
292 | - Default encryption is Advanced Encryption Standard (AES) 256
293 | 
294 | ### CORS
295 | 
296 | - Used to enable cross origin access for your AWS resources
297 | - e.g. S3 hosted website accessing javascript or image files located in another S3 bucket
298 | - By default resources in one bucket cannot access resources located in another
299 | - To allow this we need to configure CORS on the bucket being accessed and enable access for the origin (bucket) attempting to access
300 | - Always use the S3 webiste URL, not the regular bucket URL:
301 |   - website URL: (http://acloudguru.s3-website.eu-west-1.amazonaws.com)
302 |   - regular bucket URL: https://s3-eu-west-1.amazonaws.com/acloudguru
303 | 
304 | ### Cloud Front (CDN content delivery network)
305 | 
306 | - Edge Location - This is the location where content will be cached. This is separate to an AWS Region / AZ.
307 | - Origin - This is the origin of all the files that the CDN will distribute. Origins can be an S3 Bucket, an EC2 Instance, an Elastic Load Balancer, or Route53.
308 | - Distribution - This is the name given the CDN, which consists of a collection of Edge Locations.
309 |   - Web Distribution - Used for Websites, HTTP/HTTPS
310 |   - RTMP Distribution - (Adobe Real Time Messaging Protocol) Used for Media Streaming
311 | - Edge locations are not just READ only - you can WRITE to them, too (i.e. PUT an obect on to them.)
312 | - CloudFront Edge Locations are utilised by S3 Transfer Acceleration to reduce latency for S3 uploads.
313 | - Objects are cached for the life of the TTL (Time To Live.)
314 | - You can clear cached objects, but you will be charged.
315 | 
316 | ### S3 Performance Optionization
317 | 
318 | - Remember the 2 main approaches to Performance Optiomization for S3:
319 |   - GET - Intensive Workloads - Use CloudFront
320 |   - Mixed - Workloads - Avoid sequential key names for your D3 objects. Instead, add a random prefix like a hex hash to the key name to prevent multiple objects from being stored on the same partition.
321 | 
322 | ## Serverless
323 | 
324 | ### Lambda
325 | 
326 | - Lambda scales out (not up) automatically
327 | - Lambda functions are independent, 1 envent = 1 function
328 | - Lambda is serverless
329 | - Know what services are serverless!
330 |   - Lambda is compute service
331 |   - Lambda, API gateway, S3, DynamoDB, etc are serverless
332 |   - RDB is not serverless
333 | - Lambda functions can trigger other lambda functions, 1 enent can = x functions if functions trigger other functions
334 | - Architectures can get extremely complicated, AWS X-ray allows you to debug what is happening.
335 | - Lambda can do things globally, you can use it to back up S3 buckets to other S3 buckets etc
336 | - Know your triggers
337 | 
338 | ### API Gateway
339 | 
340 | - Remember what API Gateway is at a high level
341 | - API Gateway has caching capabilities to increase performance
342 | - API Gateway is low cost and scales automatically
343 | - You can throttle API Gateway to prevent attacks
344 | - You can log results to CloudWatch
345 | - If you are using Javascript/AJAX that uses multiple domains with API Gateway, ensure that you have enabled CORS on API Gateway
346 | - CORS is enforced by the client
347 | 
348 | ### Lambda version control
349 | 
350 | - Can have multiple versions of lambda functions
351 | - Latest version will use $latest
352 | - Qualified version will use $latest, unqualified will not have it
353 | - Versions are immutable (Cannot be changed).
354 | - Can split traffic using aliases to different versions
355 |   - Cannot split traffic with $latest, instead create an alias to latest
356 | 
357 | ### Step Functions
358 | 
359 | - Great way to visualize your serverless application.
360 | - Step Functions automatically triggers and tracks each step.
361 | - Step Functions logs the state of each step so if something goes wrong you can track what went wrong and where.
362 | 
363 | ### X - Ray
364 | 
365 | - The X-Ray SDK provides:
366 |   - Interceptors to add to your code to trace incoming HTTP requests
367 |   - Client handlers to instrument AWS SDK clients that your application uses to call other AWS services
368 |   - An HTTP client to use to instrument calls to other internal and external HTTP web services
369 | - The X-Ray Integrates with the following AWS services:
370 |   - Elastic Load Balancing
371 |   - AWS Lambda
372 |   - Amazon API Gateway
373 |   - Amazon Elastic Compute Cloud
374 |   - AWS Elastic Beanstalk
375 | - The X-Ray Integrates with the following languages:
376 |   - Java
377 |   - Go
378 |   - Node.js
379 |   - Python
380 |   - Ruby
381 |   - .Net
382 | 
383 | ### Advanced API Gateway
384 | 
385 | - Import API's using Swagger 2.0 definition files
386 | - API Gateway can be throttled
387 |   - Default limits area 10,000 RPS or 5000 concurrently
388 | - You can configure API Gateway as a SOAP Webservice passthrough
389 | 
390 | ## DynamoDB
391 | 
392 | - Amazon DynamoDB is a low latency NoSQL database
393 | - Consists of Tables Items and Attributes
394 | - Supports both document and key-value data models
395 | - Supported document formats are JSON, HTML, XML
396 | - 2 types of Primary Key - Partition Key (User id / product id) and combination of Partition Key + Sort Key (Time stamp / date) (Composite Key)
397 | - 2 Consistency models: Strongly Consistent (Most up to date data) / Eventually consistent (The data that is read may not be the latest one)
398 | - Access is controlled using IAM policies
399 | - Fine grained access control using IAM Condition parameter. dynamodb:LeadingKeys to allow users to access only the items where the partition key value matches their user ID
400 | 
401 | ### DynamoDB Indexes
402 | 
403 | - Indexes enable fast queries on specific data columns.
404 | - Give you a different view of your data, based on alternative Partition / Sort Keys
405 | - Important to understand the differences
406 | 
407 | | Local Secondary Index                         | Global Secondary Index                           |
408 | | --------------------------------------------- | ------------------------------------------------ |
409 | | Must be created at when you create your table | Can create any time - at table creation or after |
410 | | Same Partition key as your table              | Different Partition Key                          |
411 | | Different Sort Key                            | Different Sort Key                               |
412 | 
413 | ### Scan Vs Query
414 | 
415 | - A Query operation finds items in a table using only the Primary Key attribute.
416 | - You provide the Primary Key name and a distinct value to search for
417 | - A Scan operation examines every item in the table.
418 |   - By default returns all data attributes.
419 |   - Use the ProjectionExpression parameter to refine the results.
420 | - Query results are always sorted by the Sort Key is there is one.
421 |   - Sorted in ascending order.
422 |   - Set ScanIndexForward parameter to false to reverse the order - queries only.
423 | - Query operation is generally more efficient than a Scan.
424 | - Reduce the impact to a query or scan by setting a smaller page size which uses fewer read operations.
425 | - Isolate scan operations to specific tables and segregate them from your mission-critical traffic.
426 | - Try Parallel scans, rather than the default sequential scan.
427 | - Avoid using scan operations if you can : design tables in a way that you can use the Query, Get, or BatchGetItem APIs.
428 | 
429 | ### DynamoDB Provisioned Throughput
430 | 
431 | - Provisioned Throughput is measured in Capacity Units.
432 | - 1 x Write Capacity Unit = 1 x 1KB Write per second.
433 | - 1 x Read Capacity Unit = 1 x 4KB Strongly Consistent Read OR 2 x 4KB Eventually Consistent Reads per second.
434 | - Calculate Write Capacity Requirements (100 x 512 byte items per second):
435 |   - 512 bytes / 1KB = 0.5
436 |   - Rounded-up to the nearest whole number 1
437 |   - 1 x 100 = 100 Write Capacity Units required
438 | - Calculate Read Capacity Requirements (80 x 3KB items per second):
439 |   - 3KB / 1KB = 0.333333
440 |   - Rounded-up to the nearest whole number 1
441 |   - 1 x 80 = 80 Read Capacity Units required
442 |   - 80 / 2 = 40 if Eventual Consistency is acceptable
443 | 
444 | ### DynamoDB Accellorator (DAX)
445 | 
446 | - Provides in-memory caching for DynamoDB tables
447 | - Improves response times tor Eventually Consistent reads only
448 | - You point your API calls the DAX cluster, instead of your table.
449 | - If the item you are querying is on the cache, DAX will return it; otherwise it will perform an Eventually Consistent GetItem operation to your DynamoDB table.
450 | - Not suitable for write-intensive application or applications that require Strongly Consistent reads.
451 | 
452 | ### Elasticache
453 | 
454 | - In-memory cache sits between your application and database
455 | - 2 different caching strategies: Lazy loading and Write Through
456 | - Lazy Loading only caches the data when it is requested
457 |   - Elasticache Node failures not fatal, just lots of cache misses
458 |   - Cache miss penalty: Initial request, query database, writing to cache
459 |   - Avoid stale data by implementing a TTL
460 | - Write Through strategy writes data into the cache whenever there is a change to the database
461 |   - Data is never stale
462 |   - Write penalty: Each write involves a write to the cache
463 |   - Elasticache node failure means that data is missing until added or updated in the database
464 |   - Wasted resources if most of the data is never used
465 | 
466 | ## AWS KMS
467 | 
468 | ### AWS Key Management Service
469 | 
470 | - The Customer Master Key:
471 |   - CMK
472 |     - alias
473 |     - creation date
474 |     - description
475 |     - key state
476 |     - key material (either customer provided or AWS provided).
477 |   - Can NEVER be exported
478 | - Setup a Customer Master Key:
479 |   - Create Alias and Description
480 |   - Choose material option...
481 |   - Define Key Administrative Permissions
482 |     - IAM users/roles that can administer (but not use) the key through the KMS API.
483 |   - Define Key Usage Permissions
484 |     - IAM users/roles that acn use the key to encrypt and decrypt data.
485 | - Key material options:
486 |   - Use KMS generated key material
487 |   - Your own key material
488 | 
489 | ### KMS API Calls
490 | 
491 | - aws kms encrypt
492 | - aws kms decrypt
493 | - aws kms re-encrypt
494 | - aws kms enable-key-rotation
495 | 
496 | ### Envelope Encryption
497 | 
498 | - The Customer Master Key:
499 |   - Customer Master Key used to decrypt the data key (envelope key)
500 |   - Envelope Key is used to decrypt the data
501 | 
502 | ### SQS
503 | 
504 | - SQS is a distributed message queueing system
505 | - Allows you to decouple the components of an application so that they are independent
506 | - Pull-based, not push-based
507 | - Standard Queues (default) - best-effort ordering; message delivered at least once
508 | - FIFO Queues (First In First Out) - ordering strictly preserved, message delivered once, no duplicates. e.g. good for banking transactions which need to happen in strict order.
509 | - Visibility Timeout
510 |   - Default is 30 seconds - increase if your task takes > 30 seconds to complete
511 |   - Max 12 hours
512 | - Short Polling - returned immediately even if no messages are in the queue
513 | - Long Polling - polls the queue periodically and only returns a response when a message is in the queue or the timeout is reached
514 |   - Maximum time out is 20 seconds
515 | 
516 | ### SNS
517 | 
518 | - SNS is a scalable and highly available notification service which allows you to send push notifications from the cloud
519 | - Variety of message formats supported: SMS text message, email, Amazon Simple Queue Service (SQS) queues, any HTTP endpoint.
520 | - Pub-sub model whereby users subscribe to topics
521 | - It is a push mechanism, rather than a pull(poll) mechanism
522 | 
523 | ### SNS VS SES
524 | 
525 | - Remember that SES is for email only
526 | - It can be used for incoming and outgoing mail
527 | - It is not subscription based, you only need to know the email address
528 | - SNS supports multiple formats (SMS, SQS, HTTP, email)
529 | - You can fan-out messages to large number of recipients, (e.g. multiple clients each with their own SQS queue)
530 | 
531 | ### Elastic Beanstalk
532 | 
533 | - Deploys and scales your web applications including the web application server platform where required
534 | - Supports widely used programming technologies - Java, PHP, Python, Ruby, Go, Docker, .Net, Node.js
535 | - And application server platforms like Tomcat, Passenger, Puma, and IIS
536 | - Provisions the underlying resources for you
537 | - Can fully manage the EC2 instances for you or you can take full administrative control
538 | - Updates, monitoring, metrics and health checks all included
539 | 
540 | ### Updating Elastic Beanstalk
541 | 
542 | - Remember the 4 different deployment approaches:
543 |   - All at Once
544 |     - Service interruption while you update the entire environment at once
545 |     - To roll back, perform a further all at once upgrade
546 |     - Only for test/dev
547 |   - Rolling (Multiple EC2 instances)
548 |     - Reduced capacity during deployment
549 |     - To roll back, perform a further rolling update
550 |   - Rolling with Additional Batch (Multiple EC2 instances)
551 |     - Maintains full capacity
552 |     - To roll back, perform a further rolling update
553 |   - Immutable
554 |     - Preferred option for mission critical production systems
555 |     - Maintains full capacity
556 |     - To roll back, just delete the new instances and autoscaling group
557 |     - Best for production
558 | 
559 | ### Advanced Elastic Beanstalk
560 | 
561 | - You can customize your Elastic Beanstalk environment by adding configuration files
562 | - The files are written in YAML or JSON
563 | - Files have a .config extension
564 | - The .config files are saved to the .ebextensions folder
565 | - Your .ebextensions folder must be located in the top level directory of your application source code bundle
566 | 
567 | ### RDS & Elastic Beanstalk
568 | 
569 | - Two different options for launching your RDS instance:
570 | - Launch within Elastic Beanstalk
571 |   - When you terminate the Elastic Beanstalk environment, the database will also be terminated
572 |   - Quick and easy to add your database and get started
573 |   - Suitable for Dev and Test environments only
574 | - Launch outside of Elastic Beanstalk
575 |   - Additional configuration steps required - Security Group and Connection information
576 |   - Suitable for Production environments, more flexibility
577 |   - Allows connection from multiple environments, you can tear down the application stack without impacting the database
578 | 
579 | ### Kinesis
580 | 
581 | - Know the difference between Kinesis Streams and Kinesis Firehose, You will be given scenario questions and you must choose the most relevant service.
582 |   - Kinesis Streams
583 |     - Video Streams - securely stream video from connected devices to AWS for analytics and machine learning
584 |     - Data Streams - Build custom applications process data in real-time
585 |   - Kinesis Firehose
586 |     - capture, transform, load data streams into AWS data stores for near real-time analytics with BI tools
587 |   - You can configure Lambda to subscribe to a Kinesis Stream and execute a function on your behalf when a new record is detected, before sending the processed data on to its final destination
588 | 
589 | ## Developer Theory
590 | 
591 | ### CI/CD
592 | 
593 | - Continuous Integration is about integrating or merging the code changes frequently - at least once per day, enables multiple devs to work on the same application
594 | - Continuous Delivery is all about automating the build, test, and deployment functions.
595 | - Continuous Deployment fully automates the entire release process, code is deployed into Production as soon as it has successfuly passed through the release pipeline
596 | - AWS CodeCommit - Source Control service (git)
597 | - AWS CodeBuild - compile source code, run tests and package code
598 | - AWS CodeDeploy - Automated Deployment to EC2, on premises systems and Lambda
599 | - AWS CodePipeline - CI/CD workflow tool, fully automates the entire release process (build, test, deployment)
600 | 
601 | ### AWS CodeCommit
602 | 
603 | - AWS CodeCommit
604 |   - Based on Git
605 |   - Centralized repository for all your code, binaries, images, and libraries
606 |   - Tracks and manages code changes
607 |   - Maintains version history
608 |   - Manages updates from multiple sources and enables collaboration
609 | 
610 | ### AWS CodeDeploy
611 | 
612 | - AWS CodeDeploy is a fully managed automated deployment service and can be used as part of a Continuous Delivery or Continuous Deployment process.
613 | - Remember the different types of deployment approach:
614 |   - In-Place or Rolling update - you stop the application on each host and deploy the latest code. EC2 and on premise systems only. To roll back you must re-deploy the previous version of the application
615 |   - Blue / Green - New instances are provisioned and the new application is deployed to these new instances. Traffic is routed to the new instances according to your won schedule. Supported for EC2, on-premise systems and Lambda functions. Roll back is easy, just route the traffic back to the original instances. Blue is the active deployment, green is the new release.
616 | 
617 | ### AWS CodePipeline
618 | 
619 | - Continuous Integration / Continuous Delivery service
620 | - Automates your end-to-end software release process based on a user defined workflow
621 | - Can be configured to automatically trigger your pipeline as soon as a change is detected in your source code repository
622 | - Integrates with other services from AWS like CodeBuild and CodeDeploy as well as third party and custom plugins
623 | 
624 | ### CodeDeploy Advanced Settings
625 | 
626 | - The AppSpec file defines all the parameters needed for the deployment e.g. location of application files and pre/post deployment validation tests to run
627 | - For EC2 / On Premises systems, the appspec.yml file must be placed in the root directory of your revision (the same folder taht contains your application code). Written in YAML
628 | - Lambda supports YAML or JSON
629 | - The run order for hooks in a CodeDeploy deployment:
630 |   - BeforeBlockTraffic -> BlockTraffic -> AfterBlockTraffic
631 |   - ApplicationStop
632 |   - BeforeInstall
633 |   - Install
634 |   - AfterInstall
635 |   - ApplicationStart
636 |   - ValidateService
637 |   - BeforeAllowTraffic -> AllowTraffic -> AfterAllowTraffic
638 | 
639 | ## Advanced IAM
640 | 
641 | ### Web Identity Federation
642 | 
643 | - Federation allows users to authenticate with a Web Identity Provider (Google, Facebook, Amazon)
644 | - The user authenticates first with the Web ID Provider and receives an authentication token, which is wxchanged for temporary AWS credentials allowing them to assume an IAM role.
645 | - Congnito is an Identity Broker which handles interaction between your applications and the web ID provider (You don't need to write your own code to do this.)
646 |   - Provides sign-up, sign-in, and guest user access
647 |   - Syncs user data for a seamless experiences across your devices
648 |   - Cognito is the AWS recommended approach for web ID Federation particularly for mobile apps
649 | 
650 | ### Cognito User Pools
651 | 
652 | - Cognito uses Users Pools to manage user sign-up and sign-in directly or via Web Identity Providers.
653 | - Cognito acts as an Identity broker, handling all interaction with Web Identity Providers.
654 | - Cognito uses Push Synchronization to send a silent push notification of user data updates to multiple device types associated with a user ID
655 | 
656 | ### Inline Policies vs. Managed Policies vs. Custom Policies
657 | 
658 | - Remember the 3 different types of IAM Policies:
659 |   - Managed Policy - AWS-managed default policies
660 |   - Customer Managed Policy - Managed by you
661 |   - Inline Policy - Managed by you and embedded in a single user, group, or role.
662 | - In most cases, AWS recommends using Managed Policies over Inline Policies.
663 | 
664 | ## SWF
665 | 
666 | - Domain
667 |   - You define logical containers called domains for your application resources.
668 | - Workers
669 |   - Workers are programs that interact with Amazon SWF to get tasks, process received tasks, and return the results.
670 | - Decider
671 |   - The decider is a program that controls the coordination of tasks.
672 | 
673 | ## VPC (Virtual Private Cloud)
674 | 
675 | - VPC lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define.
676 | - You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
677 | - Security groups act like a firewall at the instance level whereas Network ACLs are an additional layer of security that act at the subnet level
678 | - In Amazon VPC, an instance retains its private IP
679 | - It is possible to have private subnet in VPC
680 | - A subnet can not be associated with multiple Access Control Lists
681 | - You may only have 1 internet gateway per VPC
682 | - 5 VPCs are allowed in each AWS Region by default
683 | - Only 1 internet gateway can attach to custom VPC
684 | - When create new subnets within acustom VPC, by default they can communicate with each other, across availablilty
685 | 


--------------------------------------------------------------------------------
/white-papers/AWS_Blue_Green_Deployments.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nerdmax/aws-certification-developer-associate/bc43ad116874fd75b444af3915e98d891d62208c/white-papers/AWS_Blue_Green_Deployments.pdf


--------------------------------------------------------------------------------
/white-papers/AWS_Cloud_Best_Practices.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nerdmax/aws-certification-developer-associate/bc43ad116874fd75b444af3915e98d891d62208c/white-papers/AWS_Cloud_Best_Practices.pdf


--------------------------------------------------------------------------------
/white-papers/AWS_Security_Best_Practices.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nerdmax/aws-certification-developer-associate/bc43ad116874fd75b444af3915e98d891d62208c/white-papers/AWS_Security_Best_Practices.pdf


--------------------------------------------------------------------------------
/white-papers/AWS_Well-Architected_Framework.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nerdmax/aws-certification-developer-associate/bc43ad116874fd75b444af3915e98d891d62208c/white-papers/AWS_Well-Architected_Framework.pdf


--------------------------------------------------------------------------------
/white-papers/microservices-on-aws.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nerdmax/aws-certification-developer-associate/bc43ad116874fd75b444af3915e98d891d62208c/white-papers/microservices-on-aws.pdf


--------------------------------------------------------------------------------
/white-papers/optimizing-enterprise-economics-serverless-architectures.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nerdmax/aws-certification-developer-associate/bc43ad116874fd75b444af3915e98d891d62208c/white-papers/optimizing-enterprise-economics-serverless-architectures.pdf


--------------------------------------------------------------------------------
/white-papers/practicing-continuous-integration-continuous-delivery-on-AWS.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nerdmax/aws-certification-developer-associate/bc43ad116874fd75b444af3915e98d891d62208c/white-papers/practicing-continuous-integration-continuous-delivery-on-AWS.pdf


--------------------------------------------------------------------------------
/white-papers/running-containerized-microservices-on-aws.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nerdmax/aws-certification-developer-associate/bc43ad116874fd75b444af3915e98d891d62208c/white-papers/running-containerized-microservices-on-aws.pdf


--------------------------------------------------------------------------------
/white-papers/serverless-architectures-with-aws-lambda.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nerdmax/aws-certification-developer-associate/bc43ad116874fd75b444af3915e98d891d62208c/white-papers/serverless-architectures-with-aws-lambda.pdf


--------------------------------------------------------------------------------