Module 10 - The Cloud Journey

Module 10 The Cloud Journey

Learning objectives
In this module, you will learn how to:
Summarize the five pillars of the Well-Architected Framework.  
Explain the six benefits of cloud computing.

The five pillars of the AWS Well-Architected Framework:

1. Operational excellence
2. Security
3. Reliability
4. Performance efficiency
5. Cost optimization

Six advantages of cloud computing:

1. Trade upfront expense for variable expense.
2. Benefit from massive economies of scale.
3. Stop guessing capacity.
4. Increase speed and agility.
5. Stop spending money running and maintaining data centers.
6. Go global in minutes.

Operational excellence
Operational excellence is the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.  
Design principles for operational excellence in the cloud include performing operations as code, annotating documentation, anticipating failure, and frequently making small, reversible changes.

Security
The Security pillar is the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies. 
When considering the security of your architecture, apply these best practices:
Automate security best practices when possible.
Apply security at all layers.
Protect data in transit and at rest.

Reliability
Reliability is the ability of a system to do the following:
Recover from infrastructure or service disruptions
Dynamically acquire computing resources to meet demand
Mitigate disruptions such as misconfigurations or transient network issues
Reliability includes testing recovery procedures, scaling horizontally to increase aggregate system availability, and automatically recovering from failure.

Performance efficiency
Performance efficiency is the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve. 
Evaluating the performance efficiency of your architecture includes experimenting more often, using serverless architectures, and designing systems to be able to go global in minutes.

Cost optimization
Cost optimization is the ability to run systems to deliver business value at the lowest price point. 
Cost optimization includes adopting a consumption model, analyzing and attributing expenditure, and using managed services to reduce the cost of ownership.

Question

1. Which pillar of the AWS Well-Architected Framework focuses on the ability of a workload to consistently and correctly perform its intended functions?

Reliability

The Operational Excellence pillar includes the ability to run workloads effectively, gain insights into their operations, and continuously improve supporting processes to deliver business value.

The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.

The Security pillar includes protecting data, systems, and assets, and using cloud technologies to improve the security of your workloads.

TAKEAWAYS
AWS services
AWS Terminology
6 main benefits of using the AWS cloud

6 ADVANTAGES OF CLOUD COMPUTING:

1. Trade upfront expense for variable expense.
2. Benefit from massive economies of scale.
3. Stop guessing capacity.
4. Increase speed and agility.
5. Stop spending money running and maintaining data centers.
6. Go global in minutes.

Question:
Which process is an example of benefiting from massive economies of scale?
Receiving lower pay-as-you-go prices as the result of AWS customers’ aggregated usage of services

NOTE
Deploying an application in multiple Regions around the world: This process is an example of Go global in minutes.

Paying for compute time as you use it instead of investing upfront costs in data centers: This process is an example of Trade upfront expense for variable expense.

Scaling your infrastructure capacity in and out to meet demand: This process is an example of Stop guessing capacity.

Question
1. Which pillar of the AWS Well-Architected Framework includes the ability to run workloads effectively and gain insights into their operations?

Operational Excellence

NOTE

The Cost Optimization pillar focuses on the ability to run systems to deliver business value at the lowest price point.

The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.

The Reliability pillar focuses on the ability of a workload to consistently and correctly perform its intended functions.

Question 
2. What are the benefits of cloud computing? (Select TWO.)
Increase speed and agility.
Stop spending money running and maintaining data centers.

Product Reference

Which of the following is NOT one of the five areas that make up the security pillar?

Log management

Which AWS service allows you to adhere to security best practices by assigning fine-grained permissions to users and groups?

IAM

Which AWS service is a threat detection service that continuously monitors for malicious activity and unauthorized behavior?

GuardDuty

Which AWS service gives you a single place to aggregate, organize, and prioritize security findings from multiple AWS services?

Security Hub,

Which AWS service uses machine learning to automatically discover, classify, and protect sensitive data in AWS?

Mace

Which security principle calls for fine-grained authorization in which users are permitted to perform only the most minimal functions to complete a specific task?

Least Privilage

Which AWS service allows you to write and enforce company-wide AWS WAF rules across applications to protect them from attacks against your Application Load Balancers and Amazon CloudFront infrastructure?

AWS firewall

Which AWS service allows you to analyze, investigate, and identify the root cause of potential security issues or suspicious activities in your account?

Amazon Detective 

AWS Security, Identity, & Compliance services

Category

Use cases

AWS service

Identity & access management

Securely manage access to services and resources

 AWS Identity & Access Management (IAM)

Cloud single-sign-on (SSO) service

 AWS Single Sign-On

Identity management for your apps

 Amazon Cognito

Managed Microsoft Active Directory

 AWS Directory Service

Simple, secure service to share AWS resources

 AWS Resource Access Manager

Central governance and management across AWS accounts

 AWS Organizations

Detection

Unified security and compliance center

 AWS Security Hub

Managed threat detection service

 Amazon GuardDuty

Analyze application security

 Amazon Inspector

Record and evaluate configurations of your AWS resources

 AWS Config

Track user activity and API usage

 AWS CloudTrail

Security management for IoT devices

 AWS IoT Device Defender

Infrastructure protection

Network security

 AWS Network Firewall

DDoS protection

 AWS Shield

Filter malicious web traffic

 AWS Web Application Firewall (WAF)

Central management of firewall rules

 AWS Firewall Manager

Data protection

Discover and protect your sensitive data at scale

 Amazon Macie

Key storage and management

 AWS Key Management Service (KMS)

Hardware based key storage for regulatory compliance

 AWS CloudHSM

Provision, manage, and deploy public and private SSL/TLS certificates

 AWS Certificate Manager

Rotate, manage, and retrieve secrets

 AWS Secrets Manager

Incident response

Investigate potential security issues

 Amazon Detective

Fast, automated, cost- effective disaster recovery

 CloudEndure Disaster Recovery

Compliance

No cost, self-service portal for on-demand access to AWS’ compliance reports

 AWS Artifact

Continuously audit your AWS usage to simplify how you assess risk and compliance

 AWS Audit Manager