Book Image

AWS SysOps Cookbook - Second Edition

By : Eric Z. Beard, Rowan Udell, Lucas Chan
Book Image

AWS SysOps Cookbook - Second Edition

By: Eric Z. Beard, Rowan Udell, Lucas Chan

Overview of this book

AWS is an on-demand remote computing service providing cloud infrastructure over the internet with storage, bandwidth, and customized support for APIs. This updated second edition will help you implement these services and efficiently administer your AWS environment. You will start with the AWS fundamentals and then understand how to manage multiple accounts before setting up consolidated billing. The book will assist you in setting up reliable and fast hosting for static websites, sharing data between running instances and backing up data for compliance. By understanding how to use compute service, you will also discover how to achieve quick and consistent instance provisioning. You’ll then learn to provision storage volumes and autoscale an app server. Next, you’ll explore serverless development with AWS Lambda, and gain insights into using networking and database services such as Amazon Neptune. The later chapters will focus on management tools like AWS CloudFormation, and how to secure your cloud resources and estimate costs for your infrastructure. Finally, you’ll use the AWS well-architected framework to conduct a technology baseline review self-assessment and identify critical areas for improvement in the management and operation of your cloud-based workloads. By the end of this book, you’ll have the skills to effectively administer your AWS environment.

Related Content you might be interested in

Current Title:

Small book image
AWS SysOps Cookbook - Second Edition
Eric Z. Beard | Rowan Udell | Lucas Chan
Sep, 2019 | 490 pages
Small book image
AWS Certified Database – Specialty (DBS-C01) Certification Guide
Kate Gawron
May, 2022 | 472 pages
Small book image
Mastering AWS Security
Albert Anthony
Oct, 2017 | 252 pages
Small book image
AWS Security Cookbook
Heartin Kanikathottu
Feb, 2020 | 440 pages
Table of Contents (15 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Sections
Get in touch
Free Chapter
1
AWS Fundamentals
AWS Fundamentals
Signing up for an AWS account
Understanding AWS's global infrastructure
Using the web console
Learning the basics of AWS CloudFormation
Using the command-line interface (CLI)
2
Account Setup and Management
Account Setup and Management
Setting up an automated landing zone with AWS Control Tower
Setting up a master account with AWS Organizations
Creating a member account
Inviting an account
Managing your accounts
Adding a Service Control Policy (SCP)
Setting up consolidated billing
3
AWS Storage and Content Delivery
AWS Storage and Content Delivery
Setting up a secure Amazon S3 bucket
Hosting a static website
Caching a website with CloudFront
Working with network storage provided by EFS
Amazon FSx for Windows File Server
Backing up data for compliance
4
AWS Compute
AWS Compute
Creating a key pair
Launching an instance
Attaching storage
Autoscaling an application server
Creating security groups
Creating a load balancer
Using AWS Systems Manager to log in to instances from the console
Creating serverless functions with AWS Lambda
5
Monitoring the Infrastructure
Monitoring the Infrastructure
AWS Trusted Advisor
Resource tags
AWS CloudWatch
Billing alerts
The ELK stack
AWS CloudTrail
Network logging and troubleshooting
6
Managing AWS Databases
Managing AWS Databases
Creating an RDS database with automatic failover
Creating an RDS database read replica
Promoting an RDS read replica to master
Creating a one-time RDS database backup
Restoring an RDS database from a snapshot
Managing Amazon Aurora databases
Managing Amazon Neptune graph databases
Create a DynamoDB table with a global secondary index
Calculating Amazon DynamoDB capacity
7
AWS Networking Essentials
AWS Networking Essentials
Creating a VPC and subnets
Managing a transit gateway
Creating a Virtual Private Network (VPN)
Setting up NAT gateways
Managing domains with Route 53
8
AWS Account Security and Identity
AWS Account Security and Identity
Administering users with IAM
Deploying Simple Active Directory service
Creating instance roles
Using cross-account roles
Storing secrets
Protecting applications from DDoS
Configuring AWS WAF
Setting up intrusion detection
9
Managing Costs
Managing Costs
Estimating costs with the Simple Monthly Calculator
Estimating costs with the Total Cost of Ownership Calculator
Estimating CloudFormation template costs
Reducing costs by purchasing reserved instances
10
Advanced AWS CloudFormation
Advanced AWS CloudFormation
Creating and populating an S3 bucket with custom resources
Using a macro to create an S3 bucket for CloudTrail logs
Using mappings to specify regional AMI IDs
Using StackSets to deploy resources to multiple regions
Detecting resource drift from templates with drift detection
11
AWS Well-Architected Framework
AWS Well-Architected Framework
Understanding the five pillars of the Well-Architected Framework
Conducting a technology baseline review self-assessment
Using the Well-Architected Tool to evaluate a production workload
12
Working with Business Applications
Working with Business Applications
Creating a place for employees to share files with WorkDocs
Hosting desktops in the cloud and allowing users to connect remotely using WorkSpaces
Giving your users a place to chat and conduct video calls with Chime
Exploring the use of Alexa for Business
Hosting your company's email with WorkMail
13
AWS Partner Solutions
AWS Partner Solutions
Creating machine images with Hashicorp's Packer
Monitoring and optimizing your AWS account with nOps
Using IOPipe to instrument your lambda functions
14
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Storing secrets

A common mistake that new administrators make when getting started with Infrastructure-as-Code is committing secrets (passwords, access keys, and so on) into their repositories. While this makes their infrastructure repeatable, it also makes it much more likely that their credentials will be compromised. Once something is in version control, it's hard and annoying to remove it (that's the point of version control!). Even if you do remove it, it's almost impossible to know if it has already been viewed/copied by someone unintended.

AWS makes it easy to avoid the use of passwords altogether, by assigning roles to resources such as EC2 instances or lambda functions, but there are some instances where you have no other choice but to store credentials somewhere. This is where AWS Secrets Manager comes in. You can store credentials—usernames and...

Previous Section
End of Section 6
Next Section