Book Image

AWS SysOps Cookbook - Second Edition

By : Eric Z. Beard, Rowan Udell, Lucas Chan
Book Image

AWS SysOps Cookbook - Second Edition

By: Eric Z. Beard, Rowan Udell, Lucas Chan

Overview of this book

AWS is an on-demand remote computing service providing cloud infrastructure over the internet with storage, bandwidth, and customized support for APIs. This updated second edition will help you implement these services and efficiently administer your AWS environment. You will start with the AWS fundamentals and then understand how to manage multiple accounts before setting up consolidated billing. The book will assist you in setting up reliable and fast hosting for static websites, sharing data between running instances and backing up data for compliance. By understanding how to use compute service, you will also discover how to achieve quick and consistent instance provisioning. You’ll then learn to provision storage volumes and autoscale an app server. Next, you’ll explore serverless development with AWS Lambda, and gain insights into using networking and database services such as Amazon Neptune. The later chapters will focus on management tools like AWS CloudFormation, and how to secure your cloud resources and estimate costs for your infrastructure. Finally, you’ll use the AWS well-architected framework to conduct a technology baseline review self-assessment and identify critical areas for improvement in the management and operation of your cloud-based workloads. By the end of this book, you’ll have the skills to effectively administer your AWS environment.

Related Content you might be interested in

Current Title:

Small book image
AWS SysOps Cookbook - Second Edition
Eric Z. Beard | Rowan Udell | Lucas Chan
Sep, 2019 | 490 pages
Small book image
AWS Certified Database – Specialty (DBS-C01) Certification Guide
Kate Gawron
May, 2022 | 472 pages
Small book image
Mastering AWS Security
Albert Anthony
Oct, 2017 | 252 pages
Small book image
AWS Security Cookbook
Heartin Kanikathottu
Feb, 2020 | 440 pages
Table of Contents (15 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Sections
Get in touch
Free Chapter
1
AWS Fundamentals
AWS Fundamentals
Signing up for an AWS account
Understanding AWS's global infrastructure
Using the web console
Learning the basics of AWS CloudFormation
Using the command-line interface (CLI)
2
Account Setup and Management
Account Setup and Management
Setting up an automated landing zone with AWS Control Tower
Setting up a master account with AWS Organizations
Creating a member account
Inviting an account
Managing your accounts
Adding a Service Control Policy (SCP)
Setting up consolidated billing
3
AWS Storage and Content Delivery
AWS Storage and Content Delivery
Setting up a secure Amazon S3 bucket
Hosting a static website
Caching a website with CloudFront
Working with network storage provided by EFS
Amazon FSx for Windows File Server
Backing up data for compliance
4
AWS Compute
AWS Compute
Creating a key pair
Launching an instance
Attaching storage
Autoscaling an application server
Creating security groups
Creating a load balancer
Using AWS Systems Manager to log in to instances from the console
Creating serverless functions with AWS Lambda
5
Monitoring the Infrastructure
Monitoring the Infrastructure
AWS Trusted Advisor
Resource tags
AWS CloudWatch
Billing alerts
The ELK stack
AWS CloudTrail
Network logging and troubleshooting
6
Managing AWS Databases
Managing AWS Databases
Creating an RDS database with automatic failover
Creating an RDS database read replica
Promoting an RDS read replica to master
Creating a one-time RDS database backup
Restoring an RDS database from a snapshot
Managing Amazon Aurora databases
Managing Amazon Neptune graph databases
Create a DynamoDB table with a global secondary index
Calculating Amazon DynamoDB capacity
7
AWS Networking Essentials
AWS Networking Essentials
Creating a VPC and subnets
Managing a transit gateway
Creating a Virtual Private Network (VPN)
Setting up NAT gateways
Managing domains with Route 53
8
AWS Account Security and Identity
AWS Account Security and Identity
Administering users with IAM
Deploying Simple Active Directory service
Creating instance roles
Using cross-account roles
Storing secrets
Protecting applications from DDoS
Configuring AWS WAF
Setting up intrusion detection
9
Managing Costs
Managing Costs
Estimating costs with the Simple Monthly Calculator
Estimating costs with the Total Cost of Ownership Calculator
Estimating CloudFormation template costs
Reducing costs by purchasing reserved instances
10
Advanced AWS CloudFormation
Advanced AWS CloudFormation
Creating and populating an S3 bucket with custom resources
Using a macro to create an S3 bucket for CloudTrail logs
Using mappings to specify regional AMI IDs
Using StackSets to deploy resources to multiple regions
Detecting resource drift from templates with drift detection
11
AWS Well-Architected Framework
AWS Well-Architected Framework
Understanding the five pillars of the Well-Architected Framework
Conducting a technology baseline review self-assessment
Using the Well-Architected Tool to evaluate a production workload
12
Working with Business Applications
Working with Business Applications
Creating a place for employees to share files with WorkDocs
Hosting desktops in the cloud and allowing users to connect remotely using WorkSpaces
Giving your users a place to chat and conduct video calls with Chime
Exploring the use of Alexa for Business
Hosting your company's email with WorkMail
13
AWS Partner Solutions
AWS Partner Solutions
Creating machine images with Hashicorp's Packer
Monitoring and optimizing your AWS account with nOps
Using IOPipe to instrument your lambda functions
14
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Using the web console

You have already had some exposure to the AWS administration console at https://console.aws.amazon.com. For some users, the web interface is all they ever need to create and administer their cloud resources. Later in this chapter, we will introduce CloudFormation and the command-line interface (CLI) as worthy options for using a web browser. As good practice for production accounts, we highly recommend automating all of your resource changes with a templating system such as CloudFormation.

However, for routine discovery and education, the web console is an excellent tool, so we will highlight some of its features here. Keep in mind that the UI evolves over time, so the screenshots you see in this section may not exactly match what you see when you log in:

AWS Management Console

The menu bar

Let's start by dissecting that top menu bar and see what it has to offer.

AWS logo

The AWS logo takes you back to the top-level page of the console. It actually ends up being very useful when you decide you want to open a new console window without leaving the page you are currently viewing – just middle-click it or right-click and open the page in a new tab:

The AWS logo

Services

Expand the Services dropdown to see a screen with all the AWS services listed, and a recent history of the services you visited on the left. The search box will end up being the fastest way for you to find the service you are looking for:

Clicking the Services link replaces the page's contents with an exhaustive list of services

Resource Groups

Resource Groups are a way to manage groups of resources – a topic that we will explore in detail in Chapter 9, Managing Costs:

Resource Groups

Pins

Click the pin icon to view a list of service widgets that can be added to the menu bar:

As you can see, I have pinned CloudTrail to give me quick access to that service

Alerts

The bell icon shows alerts and notifications that are relevant to your account:

Keep an eye on the alerts for important notifications from AWS

Click View all alerts to see an event log of all the operational issues that may have affected your account recently.

Account

Click on your username to see links to the various screens related to your AWS account:

The username link

You already spent some time on the My Security Credentials screen when you created your account and set up security for the root login and your first IAM user. We will go into more detail about My Organization, My Billing Dashboard, and Switch Role in Chapter 2, Account Setup and Management and Chapter 9, Managing Costs.

Region and support

Click on the region selector to see all the regions that are available to you in your account:

AWS regions available in your account

Remember that selecting a new region takes you to a completely isolated AWS environment, so any regional resources you had set up in the previous region will no longer be visible. If you ever find yourself in a panic because it looks like one of your resources, such as an RDS database or an EC2 instance, seems to have disappeared, it's probably because you are in the wrong region.

Finally, we have the Support link, which exposes several support resources.

Speaking of support, we should mention another best practice recommendation: all production accounts should have, at a minimum, Business support enabled. A support contract gives you rapid access to help when you need it. Don't skimp on this critical resource!
Previous Section
End of Section 4
Next Section