AWS Certified Developer - Associate Guide E-Book

BIRMINGHAM - MUMBAI

AWS Certified Developer - Associate Guide

Copyright © 2017 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: September 2017

Production reference: 2160118

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78712-562-9

www.packtpub.com

Credits

Authors

Vipul Tankariya

Bhavin Parmar

Copy Editors

Juliana Nair

Safis Editing

Reviewer

Gajanan Chandgadkar

Project Coordinator

Judie Jose

Commissioning Editor

Vijin Boricha

Proofreader

Safis Editing

Acquisition Editor

Heramb Bhavsar

Indexer

Aishwarya Gangawane

Content Development Editor

Abhishek Jadhav

Graphics

Kirk D'Penha

Technical Editor

Swathy Mohan

Production Coordinator

Aparna Bhagat

About the Author

Vipul Tankariya has very broad experience in cloud consulting, development, and training. He has worked with a number of customers across the globe, solving real-life business problems in terms of technology and strategy. He is also a public speaker at various AWS events and meetups. He has not only extensively worked on AWS, but is also certified in five AWS certifications:

AWS Certified DevOps Engineer – Professional

AWS Certified Solution Architect – Professional

AWS Certified Developer – Associate

AWS Certified Solution Architect – Associate

AWS Certified SysOps Administrator – Associate

This book combines his AWS experience of solving real-life business problems with his hands-on development experience with various programming languages. Vipul is an accomplished senior cloud consultant and technologist focused on strategic thought leadership concentrated around next-generation cloud-based solutions with more than 21 years of experience.

He has been involved in conceptualizing, designing, and implementing large-scale cloud solutions on a variety of public/private/hybrid clouds. He has also been instrumental in setting up cloud migration strategies for customers, building enterprise-class cloud solutions, Go-To market collateral, and AWS training, as well as cloud pre-sales activities.

Vipul has a wide range of experience working on DevOps, CI/CD, and automation at each level of the delivery life cycle of products, solutions, and services on the cloud, as well as on-premises.

Acknowledgments

There are many people in my personal and professional life who made me what I am today. Though many of the names that I am going to mention in this book may not even know what AWS is, without their support, I would not have even developed many of the basic life skills, let alone the ability to write an AWS book.

First and foremost I would like to thank my father, who taught me how important it is to be a good human being before being anything in life. I will always be indebted to my mother, who taught me how to work hard and what strong willpower is. I would also like to mention my wife, Priya; without her support this book would not have been possible. My son, Arav, also deserves a special mention here, as I have spent some of his share of my time on this book.

I would also like to thank my sisters, Asha and Bina, who taught me what compassion is. I must thank my brother, Vijay, who has always protected me in every aspect of life.

I would also like to thank Badrinarayan Ramanujan, my friend, who has always motivated me and helped me assess my real value. Very special thanks as well to Jaymin Jhala as I don't think my IT career would have started without him.

I must thank my friend, Jay Punjani, my brother from another mother, who has taught me to dream big and understand unspoken words. I would also like to thank Mr BSGK Shastry, my Guru, who cultivated the professional approach in me.

I would also like to thank Mr. Ira Sheinwald, my friend and mentor, who showed confidence in me and gave me a chance to work on my first AWS project. Heartfelt thanks also goes to my friend, Shashikant Kuwar, along with Ira, as we have worked together to solve many technical and strategic challenges on AWS.

I must show my gratitude to Mr. Vivek Raju, my friend and mentor in my AWS journey. My AWS journey would not have been enriched without the support of Varun Dube and Vikas Goel.

My heartfelt thanks also go to my friends Satyajit Das, Jhalak Modi, Appasaheb Bagali, Ajaykumar Kakumanu, Pushpraj Singh, Chandrasekhar Singh, and Rakesh Sing, who have been part of my AWS certification journey. Also, very special thanks to Gajanan Chandgadkar, who has been with me in multiple counts for not only technically reviewing this book, but also for being there in my AWS certification journey. We all worked together for almost a year to get our five AWS certifications.

I would also like to thank Heramb Bhavsar, Abhishek Jadhav, Swathy Mohan, and the entire team at Packt for making this book a reality.

Last but not least, I would like to thank my friend and co-author of this book, Bhavin Parmar, who saw the dream of writing this book with me. If it was not for him, I would not have taken this book as a project.

About the Author

Bhavin Parmar has very broad experience in cloud consulting, development, and training. He actively participates in solving real-life business problems. Bhavin has not only extensively worked on AWS, but he is also certified in AWS and Red Hat:

AWS Certified DevOps Engineer – Professional

AWS Certified Solution Architect – Professional

AWS Certified Developer – Associate

AWS Certified Solution Architect – Associate

AWS Certified SysOps Administrator – Associate

Red Hat Certified Architect

This book combines his AWS experience in solving real-life business problems with his hands-on deployment and development experience. Bhavin is an accomplished technologist and senior cloud consultant focused on strategic thought leadership concentrated around next-generation cloud-based and DevOps solutions with more than 11 years of experience.

He has been involved in conceptualizing, designing, and implementing large-scale cloud solutions on a variety of public/private/hybrid clouds. Bhavin has also been instrumental in setting up cloud migration strategies for customers, building enterprise-class cloud solutions, Go-To market collateral, and AWS training, as well as cloud pre-sales activities.

He has a wide range of experience of working at each level of the delivery life cycle of products, solutions, and services on the cloud as well as on-premises.

About the Reviewer

Gajanan Chandgadkar has more than 12 years of IT experience. He has spent more than 6 years in the USA, helping large enterprises architect, migrate, and deploy applications in AWS. He's been running production workloads on AWS for over 6 years.He is an AWS certified solutions architect professional and a certified DevOps professional with more than seven certifications in trending technologies.Gajanan is also a technology enthusiast who has extensive interest and experience in different topics, such as application development, container technology, and continuous delivery.

Currently, he is working with Happiest Minds Technologies as an Associate DevOps Architect. He has worked with Wipro Technologies Corporation in the past.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Customer Feedback

Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1787125629.

If you'd like to join our team of regular reviewers, you can e-mail us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Table of Contents

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

AWS Certified Developer – Associate Certification

Domain 1.0 – AWS fundamentals

Domain 2.0 – Designing and developing

Domain 3.0 – Deployment and security

Domain 4.0 – Debugging

Frequently asked questions about the exam

Introduction to Cloud Computing and AWS

History of the cloud

Evolution of cloud computing

Basic AWS concepts

Benefits of using AWS over a traditional data center

Accessing AWS services

AWS overview

AWS global infrastructure

Regions and AZs

What are SaaS, PaaS, and IaaS?

Understanding virtualization

Virtualization types based on virtualization software

Virtualization types based on virtualization methods

Elasticity versus scalability

Traditional data center resourcing

Cloud infrastructure resourcing

Comparing AWS cloud and on-premise data centers

Total Cost of Ownership (TCO) versus Return on Investment (ROI)

Creating a new AWS account

Deleting an AWS account

AWS free tier

Root user versus non-root user

AWS dashboard

Components of the AWS dashboard

Core AWS services

Shared security responsibility model

AWS soft limits

Disaster recovery with AWS

Backup and restore

Pilot light

Warm standby

Multi-site

Identity and Access Management

Understanding the AWS root user

Elements of IAM

Users

Access key and secret key

Password policy

Multi-factor authentication (MFA)

Security token-based MFA

Steps for enabling a virtual MFA device for a user

SMS text message-based MFA

Creating an AWS IAM user using the AWS dashboard

Introduction to AWS CLI

Installing AWS CLI

Getting a AWS user access key and secret key

Configuring AWS CLI

AWS CLI syntax

Getting AWS CLI help

Creating an IAM user using AWS CLI

Groups

Creating a new IAM group

Creating an IAM group using CLI

Adding existing users to a group

IAM role

Creating roles for an AWS service

Creating IAM roles using AWS CLI

Policy

Managed policies

Inline policies

Resource-based policies

Example of a resource-based policy

IAM policy simulator

Active Directory Federation Service (ADFS)

Integration between ADFS and the AWS console

Web identity federation

STS

AWS STS and AWS regions

Using temporary credentials in Amazon EC2 instances

Using temporary security credentials with the AWS SDKs

IAM best practices

Exam tips

Virtual Private Clouds

AWS VPCs

Subnets

Private subnets

Public subnets

IP addressing

Private IPs

Public IPs

Elastic IP addresses

Creating a VPC

VPCs with a single public subnet

VPCs with private and public subnets

VPCs with public and private subnets and hardware VPN access

VPCs with private subnet only and hardware VPN access

Security

Security groups

NACLs

Security groups versus NACLs

Flow logs

Controlling access

VPC networking components

ENI

Route tables

IGWs

Egress-only IGWs

NATs

Comparison of NAT instances and NAT gateways

DHCP option sets

DNS

VPC peering

VPC endpoints

ClassicLink

VPC best practices

Getting Started with Elastic Compute Cloud

Introduction to EC2

Pricing for EC2

Per-second billing for EC2 instances and EBS volumes

EC2 instance life cycle

Instance launch

Instance stop and start

Instance reboot

Instance retirement

Instance termination

AMIs

Root device types

EC2 instance virtualization types

Creating an EC2 instance

Changing the EC2 instance type

Connecting to the EC2 instance

Connecting to a Linux EC2 instance from a Microsoft Windows system

Connecting to an EC2 instance using a PuTTY session

Troubleshooting SSH connection issues

EC2 instance metadata and user data

Placement group

Introducing EBS

Types of EBS

General Purpose SSD (gp2)

Provisioned IOPS SSD (io1)

Throughput Optimized HDD (st1)

Cold HDD (sc1)

Encrypted EBS

Monitoring EBS volumes with CloudWatch

Snapshots

EBS optimized EC2 instances

EC2 best practices

Handling Application Traffic with Elastic Load Balancing

Introduction to the Elastic Load Balancer

Benefits of using an ELB

Types of ELB

Classic Load Balancer

Application Load Balancer

Features of an ELB

Step by step – creating a Classic Load Balancer

How an ELB works

The working of a Classic Load Balancer

The working of an Application Load Balancer

ELB best practices

Monitoring with CloudWatch

How Amazon CloudWatch works

Elements of Amazon CloudWatch

Namespaces

Metrics

Dimensions

Statistics

Percentile

Alarms

Creating a CloudWatch alarm

Billing alerts

CloudWatch dashboards

Monitoring types – basic and detailed

CloudWatch best practices

Simple Storage Service, Glacier, and CloudFront

Amazon S3

Creating a bucket

Bucket restriction and limitations

Bucket access control

Bucket policy

User policies

Transfer Acceleration

Enabling Transfer Acceleration

Requester Pay model

Enabling Requestor Pays on a bucket

Understanding objects

Object keys

Object key naming guide

Object metadata

System-metadata

User-defined metadata

Versioning

Enabling versioning on a bucket

Object tagging

S3 storage classes

S3 Standard storage

S3-IA storage

S3 RRS

Glacier

Comparison of S3 storage classes and Glacier

Life cycle management

Life cycle configuration use cases

Defining life cycle policy for a bucket

Hosting a static website on S3

Cross-Origin Resource Sharing (CORS)

Using CORS in different scenarios

Configuring CORS on a bucket

CORS configuration example XML

Enabling CORS on a bucket

Cross-region replication

Enabling cross-region replication

Other AWS Storage Options

Amazon EFS

AWS Storage Gateway

File gateways

Volume gateways

Gateway–cached volumes

Gateway–stored volumes

Tape-based storage solutions

VTL

AWS Snowball

AWS Snowmobile

AWS Relational Database Services

Amazon RDS components

DB instances

Region and AZs

Security groups

DB parameter groups

DB option groups

RDS engine types

Amazon Aurora DB

Comparison of Amazon RDS Aurora with Amazon RDS MySQL

MariaDB

Microsoft SQL Server

MySQL

Oracle

PostgreSQL

Creating an Amazon RDS MySQL DB instance

Monitoring RDS instances

Creating a snapshot

Restoring a DB from a snapshot

Changing an RDS instance type

Amazon RDS and VPC

Amazon RDS and high availability

Connecting to an Amazon RDS DB instance

Connecting to an Amazon Aurora DB cluster

Connecting to a MariaDB instance

Connecting to a MySQL instance

Connecting to an Oracle instance

RDS best practices

AWS DynamoDB - A NoSQL Database Service

Let's first understand what an RDBMS is

What is SQL?

What is NoSQL?

Key-value pair databases

Document databases

Graph databases

Wide column databases

When to use NoSQL databases?

SQL versus NoSQL

Introducing DynamoDB

DynamoDB components

Primary key

Secondary indexes

DynamoDB Streams

Read consistency model

Eventually consistent reads

Strong consistent reads

Naming rules and data types

Naming rules

Data types

Scalar data types

Document types

Set types

Creating a DynamoDB table – basic steps

Adding a sort key while creating a DynamoDB table

Using advanced settings while creating a DynamoDB table

Creating secondary indexes – table settings

Provisioned capacity – table settings

Auto Scaling – table settings

Methods of accessing DynamoDB

DynamoDB console

DynamoDB CLI

Working with API

DynamoDB provisioned throughput

Read capacity units

Write capacity units

Calculating table throughput

DynamoDB partitions and data distribution

Data distribution – partition key

Data Distribution – partition key and sort key

DynamoDB global and LSI

The difference between GSI and LSI

DynamoDB query

Query with AWS CLI

DynamoDB Scan

Reading an item from a DynamoDB table

Writing an item to a DynamoDB table

PutItem

UpdateItem

DeleteItem

Conditional writes

User authentication and access control

Managing policies

DynamoDB API permissions

DynamoDB best practices

Amazon Simple Queue Service

Why use SQS?

How do queues work?

Main features of SQS

Types of queues

Dead Letter Queue (DLQ)

Queue attributes

Creating a queue

Sending a message in a queue

Viewing/deleting a message from a queue

Purging a queue

Deleting a queue

Subscribing a queue to a topic

Adding user permissions to a queue

SQS limits

Queue monitoring and logging

CloudWatch metrics available for SQS

Logging SQS API actions

SQS security

Authentication

SSE

Simple Notification Service

Introduction to Amazon SNS

Amazon SNS fanout

Application and system alerts

Mobile device push notifications

Push email and text messaging

Creating an Amazon SNS topic

Subscribing to an SNS topic

Publishing a message to an SNS topic

Deleting an SNS topic

Managing access to Amazon SNS topics

When to use access control

Key concepts

Architectural overview

Access request evaluation logic

Invoking the Lambda function using SNS notification

Sending Amazon SNS messages to Amazon SQS queues

Monitoring SNS with CloudWatch

SNS best practices

Simple Workflow Service

When to use Amazon SWF

Workflow

Example workflow

Workflow history

How workflow history helps

Actors

Workflow starter

Decider

Activity worker

Tasks

SWF domains

Object identifiers

Task lists

Workflow execution closure

Lifecycle of workflow execution

Polling for tasks

SWF endpoints

Managing access with IAM

SWF – IAM policy examples

AWS CloudFormation

What is a template?

What is a stack?

Template structure

AWSTemplateFormatVersion

Description

Metadata

Parameters

AWS-specific parameters

Mappings

Conditions

Transform

Resources

Outputs

Sample CloudFormation template

CloudFormer

Rolling updates for Auto Scaling groups

CloudFormation best practices

Elastic Beanstalk

Elastic Beanstalk components

Architectural concepts

Web server environment tier

Worker environment tiers

Elastic Beanstalk-supported platforms

Creating a web application source bundle

Getting started using Elastic Beanstalk

Step 1 – signing in to the AWS account

Step 2 – creating an application

Step 3 – viewing information about the recently created environment

Step 4 – deploying a new application version

Step 5 – changing the configuration

Step 6 – cleaning up

Version life cycle

Deploying web applications to Elastic Beanstalk environments

Monitoring the web application environment

Elastic Beanstalk best practices

Overview of AWS Lambda

Introduction to AWS Lambda

What is a Lambda function?

Lambda function invocation types

Writing a Lambda function

Lambda function handler (Node.js)

Lambda function handler (Java)

Lambda function handler (Python)

Lambda function handler (C#)

Deploying a Lambda function

AWS Lambda function versioning and aliases

Environment variables

Tagging Lambda functions

Lambda function over VPC

Building applications with AWS Lambda

Event source mapping for AWS services

Event source mapping for AWS stream-based services

Event source mapping for custom applications

AWS Lambda best practices

Mock Tests

Mock test 1

Mock test 2

Answers to Mock test 1

Answers to Mock test 2

Preface

This book starts with a quick introduction to AWS and the prerequisites to get you started. It gives you a fair understanding of core AWS services and the basic architecture. Next, you get familiar with Identity and Access Management (IAM) along with Virtual Private Cloud (VPC). Moving ahead, you will learn about Elastic Compute Cloud (EC2) and handling application traffic with Elastic Load Balancing (ELB). We will also talk about Monitoring with CloudWatch, Simple Storage Service (S3), Glacier, and CloudFront, along with other AWS storage options. Next, we will take you through AWS DynamoDB – A NoSQL Database Service, Amazon Simple Queue Service (SQS), and get an overview of CloudFormation. Finally, you will learn about Elastic Beanstalk and go through an overview of AWS lambda.

At the end of this book, we will cover enough topics, tips, and tricks, along with mock tests, for you to be able to pass the AWS Certified Developer – Associate exam and deploy as well as manage your applications on the AWS platform.

With the rapid adaptation of the cloud platform, the need for cloud certifications has also increased. This is your one-stop solutions and will help you transform from zero to certified. This guide will help you gain technical expertise in the AWS platform and help you start working with various AWS services.

What this book covers

Chapter 1, AWS Certified Developer – Associate Certification, outlines the AWS Certified Developer – Associate exam and highlights the critical aspects, knowledge area, and services covered in the blueprint.

Chapter 2, Introduction to Cloud Computing and AWS, elaborates the fundamentals of AWS. The chapter starts by giving you a basic understanding of what cloud is and takes you through a brief journey of familiarizing yourself with the basic building blocks of AWS. It highlights some of the critical aspects of how AWS works and provides an overview of the AWS core infrastructure.

Chapter 3,Identity and Access Management, covers all critical aspects of IAM and provides sufficient details to allow you to work with IAM.

Chapter 4, Virtual Private Cloud, explains how you can create a VPC and start building a secure network with a number of the components of AWS networking services.

Chapter 5, Getting Started with Elastic Compute Cloud, describes what EC2 is and how you can start provisioning servers with various Windows and Linux operating system flavors. It also describes how to connect and work with these servers.

Chapter 6, Handling Application Traffic with Elastic Load Balancing, describes how to create an ELB, how it works, and what the critical aspects of an ELB service are.

Chapter 7, Monitoring with CloudWatch, describes how you can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources.

Chapter 8, Simple Storage Service, Glacier, and CloudFront, provides an understanding of Amazon S3, Glacier, and CloudFront services, and takes you through CloudFront, a Content Distribution Network (CDN) service.

Chapter 9, Other AWS Storage Options, touches upon AWS Storage Gateway, which is a network appliance or a server residing on a customer's premises. It provides an overview of AWS Snowball, which is a service that accelerates transferring large amounts of data into and out of AWS using physical storage appliances. It also provides a basic understanding of AWS Snowmobile, which is an Exabyte-scale data transfer service used to move extremely large amounts of data to and from AWS.

Chapter 10, AWS Relation Database Services,provides an understanding of AWS Relation Database Services (RDS). It explains different types of engine supported by AWS RDS and how to efficiently and effectively create and manage RDS instances on AWS cloud.

Chapter 11, AWS DynamoDB – A NoSQL Database Service,describes various components of DynamoDB with the best practices to manage it.

Chapter 12, Amazon Simple Queue Service,provides an understanding of what SQS is and how to create and manage it with relevant examples.

Chapter 13, Simple Notification Service, talks about fully managed messaging service that can be used to send messages, alarms, and notifications from various AWS services such as Amazon RDS, CloudWatch, and S3, to other AWS services, such as SQS and Lambda.

Chapter 14, Simple Workflow Service,provides a basic understanding of SWF, its various components, and how to use them.

Chapter 15, AWS CloudFormation, provides an overview of the AWS CloudFormation service. CloudFormation templates provide a simpler and efficient way to manage your resources on AWS cloud.

Chapter 16, Elastic Beanstalk,introduces Elastic Beanstalk and describes how to create and manage applications using the service.

Chapter 17, Overview of AWS Lambda,provides an overview of Lambda and describes how it runs code in response to events and how it automatically manages the compute resources required by that code.

Chapter 18, Mock Tests,consists of two mock tests for you to test your knowledge. It tries to cover all the topics from the scope of the exam and challenges your understanding of the topics. Each mock test contains 50 questions. You should try to complete a mock test in 90 minutes.

What you need for this book

As the practical examples involve the use of AWS, an AWS account is required.

Who this book is for

This book is for IT professionals and developers looking to clear the AWS Certified Developer – Associate 2017 exam. Developers looking to deploy and manage their applications on the AWS platform will find this book useful too. No prior AWS experience is needed.

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning. Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "For Amazon RDS MySQL DB instances, the default port is3306."

A block of code is set as follows:

mysql -h <endpoit> -p 3306 -u <masteruser> -p

Any command-line input or output is written as follows:

$ pip install --upgrade --user awscli

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "SelectIAMunderSecurity, Identity & Compliancegroup from the AWS dashboard."

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply email [email protected], and mention the book's title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the color images of this book

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/AWSCertifiedDeveloperAssociateGuide_ColorImages.pdf.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title. To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.

Piracy

Piracy of copyrighted material on the internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the internet, please provide us with the location address or website name immediately so that we can pursue a remedy. Please contact us at [email protected] with a link to the suspected pirated material. We appreciate your help in protecting our authors and our ability to bring you valuable content.

Questions

If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.

AWS Certified Developer – Associate Certification

First of all, congratulations on choosing this book and beginning your journey toward earning AWS Certified Developer - Associate certification. As the saying goes, a good beginning is half done. You have set a target and taken the first step toward the target. If you follow the instructions in this book, it will certainly help you in completing the certification exam.

As you begin, you may have a number of questions running through your mind. This chapter covers a number of such questions that are frequently asked by beginners. To begin with, let us understand how you should start preparing for the exam.

Amazon publishes an official blueprint for each certification exam. The blueprint elaborates the scope of the exam, prerequisites for attending the exam, and the knowledge required to successfully complete the exam. This blueprint may change from time to time and you should look out for the latest copy of the blueprint for the exam from Amazon.

This chapter outlines the AWS Certified Developer - Associate exam and highlights critical aspects, knowledge areas, and services covered in the blueprint.

Let's begin with understanding the scope of the exam. The exam scope is divided into four domains as given in the following table with their respective weight in the exam:

Sr. No.

Domain

% Weightage in exam

1.0

AWS fundamentals

10%

2.0

Designing and developing

40%

3.0

Deployment and security

30%

4.0

Debugging

20%

Total

100%

The topics and the content covered in these domains as per the blueprint are given in the following section.

Domain 1.0 – AWS fundamentals

Identify and recognize cloud architecture considerations, such as fundamental components and effective designs. Content may include the following:

How to design cloud services

Database concepts

Planning and design

Familiarity with architectural trade-off decisions, high availability versus cost, Amazon

Relational Database Service

(

RDS

) versus installing your own database on Amazon

Elastic Compute Cloud

(

EC2

)

Amazon

Simple Storage Service

(

S3

), Amazon

Simple Workflow Service

(

SWF

), and Messaging

DynamoDB, AWS Elastic Beanstalk, and AWS CloudFormation

Elasticity and scalability

Domain 2.0 – Designing and developing

Identify the appropriate techniques to code a cloud solution. Content may include the following:

Configuring an

Amazon Machine Image

(

AMI

)

Programming with AWS APIs

Domain 3.0 – Deployment and security

Recognize and implement secure procedures for optimum cloud deployment and maintenance. Content may include the following:

Cloud security best practices

Demonstrate the ability to implement the right architecture for development, testing, and staging environments. Content may include the following:

Shared security responsibility model

AWS platform compliance

AWS security attributes (customer workloads down to physical layer)

Security services

AWS

Identity and Access Management

(

IAM

)

Amazon

Virtual Private Cloud

(

VPC

)

CIA and AAA models, ingress versus egress filtering, and which AWS services and features fit

Domain 4.0 – Debugging

Content may include the following:

General troubleshooting information and questions

Best practices in debugging

If you haven't  worked with Amazon Web Services (AWS) before and cannot understand the topics given in the blueprint, do not worry. This book covers all these domains and each of the blueprint topics in detail. These topics are very carefully elaborated in subsequent chapters. Some of the frequently asked questions are covered in the following pages and will answer most of the queries you may have about the exam and how to get started with preparing for it.

Frequently asked questions about the exam

The following are the questions that are frequently asked:

Are there any prerequisites for AWS Certified Developer - Associate exam?

There are no prerequisites for getting started with AWS Certified Developer - Associate exam preparation; however, it is recommended that the person preparing for this exam have knowledge or training in at least one high-level programming language.

What is the total duration of the exam?

A total of 80 minutes are given to you to complete the exam.

How many questions are asked in the exam?

The exam has around 55 questions that you need to complete in the given time. As per our experience, this number may vary at times.

What types of questions are asked in the exam?

The exam asks multiple-choice questions. It gives a question with multiple answers and you have to choose one or more right answers from the given list of answers.

We have also given mock tests for you to practice and test your knowledge after you have finished reading the book.

Where can I register for the exam?

Amazon has joined with Kryterion for the certification exams. Kryterion centers are spread across the globe. You can go to https://www.webassessor.com and create an account if you do not already have one, or log in with your existing account. After logging in to the site, you can follow the exam registration process given on the site to register for the exam in a Kryterion center near you.

How much does it cost to register for the exam?

There are two types of exam: practice and final. The associate level practice exam costs $20 and the final exam costs $150.

How should I prepare for the exam?

You can refer to all the chapters in this book and follow all the tips and tricks in the book to prepare for the exam. Also, go through the mock tests given at the end of the book. You can also refer to some of the reference materials pointed out in the reference section of the book to explore some topics in greater depth.

What is the passing score for the exam?

AWS does not publish the passing score for the exam as it is set by statistical analysis of the exam. This score is subject to change. Based on our experience, this score currently hovers around 65% to 70%. If more candidates start scoring higher marks, the statistical model may set the minimum marks to a higher limit. Similarly, if more candidates start failing in the exam or scoring lower marks, then minimum passing marks may change based on this statistical data.

How should I answer the questions in the exam?

The exam poses scenario-based questions. There may be more than one right answer, but you have to choose the most suitable answer out of the given answers. We suggest use the elimination theory whenever you face difficulties in answering a question. Start discarding wrong answers first. When you start eliminating the wrong answers, you may automatically be able to find the right answer as eliminated answers will reduce your confusion. Also, do not spend more time on a question if you do not know the answer to it. Instead, mark the question for review. The exam interface keeps track of all the questions marked for review, and you can revisit them before submitting the final exam.

Introduction to Cloud Computing and AWS

Clouds, as we know from our childhood, are tiny droplets of frozen crystals of water that are high in the sky hovering around our planet, Earth. What do these clouds do? They provide a service to the residents of planet Earth. They bring us rain. Something (clouds) that is somewhere (up in the sky) provides us with a service by bringing rain. This same concept of something somewhere can be applied to understanding cloud computing.

Let's understand how we can imagine the concept of something somewhere with respect to cloud computing. In cloud computing, the something is IT services such as compute, database, storage, network, security, and so on. These services are hosted somewhere at a secured place (that is, a data center) and are accessible without us needing to worry and even think about how they are configured and licensed. Thus, cloud computing is a host of services that are hosted at a remote location instead of a local server or personal computer, and they are remotely accessible to us.

Let's look at some simple examples of accessing cloud services:

Fill in a registration form and start using public email services (such as Gmail, Hotmail, Yahoo, and so on). In this case, we start using a service; we don't worry about how the mail services are configured, how the infrastructure is secured, how the software is licensed, whether highly qualified staff are available to maintain the infrastructure, and so on. We just start using email services by providing a secure password.

Another example could be a mobile phone or electricity at home or the office. We just buy a SIM card from a telecom provider or an electrical connection from a local power company, and we don't worry about how the telecom network works or how power is generated and reaches our place. We just use them and pay the bills per month, but only for the services that we have actually consumed.

The AWS cloud can be imagined the same way as a public email, mobile network, or electricity-providing company. AWS is a public cloud, where we can fill in a form and start using the cloud services (that is, IT services). It can be used to host personal, commercial, or enterprise-grade IT infrastructures. Various IT services (such as compute, database, network, storage, NoSQL, and so on) can be used as building blocks to create the desired IT infrastructure to match the business requirement and compliance needs of an enterprise.

At a higher level, clouds are of three types:

Private cloud

: A host of infrastructure, platform, and application services (located in secured remote facilities and providing compute, platform, or other IT services on-demand, accessible and controlled only by a single specific organization) is called a private cloud. It is preferred by companies needing a secure and dedicated data center or hosting space. Constant upgrades of staff skills and the data center infrastructure are required. It is generally very costly and time-consuming to maintain a private cloud.

Public cloud

: A host of infrastructure, platform, and application services (located in secure remote facilities and providing compute, platform, or other IT services on-demand on a shared but isolated platform that is open and accessible to the public for subscription) is called a public cloud. It is preferred by start-ups, MNCs, government organizations, military, scientific, and pharmaceutical companies intending to utilize on-demand cloud computing. Cloud computing enables organizations to focus on their actual business rather than periodically getting engaged in upgrading existing IT infrastructure to design cutting-edge solutions to compete with their competitors in the market. In a public cloud, all services are provided on a

pay as you go

model. Hence, it is easy and economical to try various different architectures to test and finalize the optimum solution to accelerate organizational growth. Another important characteristic of a public cloud is having a virtually unlimited pool of resources as and when it is required to expand IT infrastructure for short or long-term needs.

Hybrid cloud

: Hybrid cloud is a cloud environment that uses a combination of on-premise, private cloud, and public cloud services to fulfill organizational needs. In this model, a private cloud can use a public cloud's resources to meet a sudden spike in resource requirements. Since private data centers have limited resources, these data centers are extended to a third-party service provider's public cloud. Such hybrid models can be used for any reason, such as budgets, unusual requirements, infrastructure constraints, or any organizational need.

History of the cloud

The history of the evolution of the cloud is shown in the following figure:

Evolution of cloud computing

The following table describes how cloud computing has evolved over a period of time:

Event

1950

Mainframe, dumb terminals

1970

Virtual machines (VMs)

1990

Virtual Private Network (VPN)

1997

Cloud defined by Ramnath Chellappa

1999

www.salesforce.com

2000

Amazon's modernized data centers

2000

Google Docs service

2006

Launch of AWS Services

2008

Launch of Google app engine

2010

Launch of Microsoft Azure

The evolution of the cloud started in the 1950s and concepts such as service-oriented architecture, virtualization, and autonomic and utility computing are the stepping stones of today's cloud computing:

In the 1950s, mainframe computers were shared among various users through dumb terminals to save costs and enable the efficient use of resources.

In the 1970s, VMs were developed to overcome the disadvantages of earlier technologies. VMs enabled us to run more than one different operating system simultaneously in isolated environments, providing all essential resources such as CPU, disk, RAM, and NICs individually to all VMs.

In the 1990s, telecom companies started dedicated

point-to-point

data circuits called VPN. These were offered at a fraction of the cost of the then available technologies. This invention made it possible to utilize bandwidth optimally. A VPN made it possible to provide shared access to the same physical infrastructure to multiple users in shared but isolated environments.

In 1997, Professor Ramnath Chellappa defined cloud computing as follows:

In 1999,

https://www.salesforce.com

started delivering enterprise-level application services over the internet. This was one of the major moves in cloud history.

In the early 2000s, Amazon introduced web-based retail services on its modernized data centers. While Amazon was hardly using 10% of its data center capacity, they realized that new cloud computing infrastructure models could make them more efficient and cost-effective.

In the late 2000s, Google introduced its docs services directly to end users. This gave a taste of cloud computing and document sharing to end users.

In 2006, Amazon formally launched EC2 and S3. Subsequently, over the years, Amazon released various cloud services under the name AWS.

In 2008, Google announced the launch of its app engine services as a beta service. This was the beginning of

Google Cloud services

.

In 2010, Microsoft Azure was formally released, followed by a number of cloud services in subsequent years.

Basic AWS concepts

AWS is a public cloud. It provides a range of IT services that can be used as building blocks for creating cutting-edge, robust, and scalable enterprise-grade solutions. It can be used to host everything from simple static websites to complex three-tier architectures, scientific applications to modern ERPs, online training to live broadcasting events (that is, sports events, political elections, and so on).

According to Gartner's Magic Quadrant, AWS is a leader in cloud IaaS (this term is explained further on in this chapter). AWS is way ahead of its competitors after it pioneered the cloud IaaS market in 2006:

The Magic Quadrant (MQ) is a series of market research reports published by Gartner, the United States-based research and advisory firm. It aims to provide a qualitative analysis into a market, its direction, maturity, and participants. Gartner's reports and MQs are respected in industries worldwide.

Benefits of using AWS over a traditional data center

The benefits of AWS are significant and are listed as follows:

Switch Capital Expenditure

(

CapEx

)

to Operational Expenditure

(

OpEx

): No need to bear the huge upfront cost of purchasing hardware or software and making provision CapEx for these in the budget. With AWS, you pay only for what services you use on a monthly basis as OpEx.

Cost benefit from massive economies of scale

: Since AWS purchases everything in bulk, it gives them a cost advantage. AWS passes on the benefit from this cost advantage to their customers by offering the services at low cost. As the AWS cloud becomes larger and larger, these massive economies of scale benefit AWS as well as end customers.

No need to guess required infrastructure capacity

: Most of the time, before actual IT implementation, guessing the IT infrastructure requirement leads to either scarcity of resources or a waste of resources when actual production begins. AWS makes it possible to scale the environment up or down as needed without guessing infrastructure needs.

Increased speed and agility

: While building an on-premise data center, businesses have to wait to get the desired hardware or software from vendors for an extended period of time. With AWS, it becomes easier for the business to quickly get started and provision the required infrastructure on AWS immediately, without depending on third-party vendors. They need neither to raise a purchase order nor wait for delivery; they just log in to their AWS account and have everything at their disposal.

Global access

: AWS has data centers and edge locations across the globe. Take advantage and host your infrastructure near to your target market or at multiple locations across the globe at a very nominal cost.

Accessing AWS services

Users can access AWS services in multiple ways. Individual services or the whole infrastructure can be accessed using any of the following means:

AWS Management Console

: This is a simple to use, browser-based graphical user interface that customers can use to manage their AWS resources.

AWS Command Line Interface

(

CLI

): Mostly used by system administrators to perform day-to-day administration activities. There are individual sets of commands available for each AWS service.

AWS Software Development Kits

(

SDKs

): AWS helps the user take the complexity out of coding by providing SDKs for a number of programming languages including Android, iOS, Java, Python, PHP, .NET, Node.js, Go, Ruby, and so on. These SDKs can be used to create custom applications to meet specific organizational needs.

Query APIs

: AWS provides a number of HTTP endpoints. These endpoints can be used to send

GET

and

PUT

HTTP requests to AWS to obtain the present status and information for various AWS resources.

AWS overview

AWS provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries across the world. The following portion of the chapter provides a high-level overview of the basic AWS concepts that you should understand before you start working with AWS services.

AWS global infrastructure

AWS services are available at multiple locations across the globe. AWS provides these services with their infrastructure spread across the globe. The AWS infrastructure is connected and isolated in the form of Regions, Availability Zones (AZs), and Edge Locations based on geography. Let's understand some basic concepts of the AWS global infrastructure.

Regions and AZs

Each region, as shown in the following screenshot, is a collection of at least two or more AZs. Each region is independent and they are isolated from each other to keep each of them safe from catastrophic events. Such regions actually correlate with geographical areas such as Asia, Europe, and North America:

Each AZ, as shown in the following figure, is separated based on a metropolitan area within a region, but they are internally connected with each other through dedicated low-latency networks within the same region to provide failover architecture:

It is highly recommended you select an AWS region based on distance to the targeted market or based on legal compliance. For example, if a client's e-commerce website is selling goods and services only in the EU then it is suggested you host the website in Frankfurt or Ireland to minimize latency. You should also consider compliance requirements specific to a region while deciding on a region for hosting the application infrastructure. For example, if a client is running a website for betting, it may be illegal in one region, but it could be permitted in another region in line with the legal compliance requirements of the region.

AWS constantly evolves its service offerings. New services are launched in specific regions and then gradually supported in other regions. Due to the gradual approach of AWS in launching a service, there is a chance that not all the services may be available in all regions. It is a best practice to review available services in each region before planning, designing, or proposing any architecture.

What are SaaS, PaaS, and IaaS?

Cloud computing is a broad term and covers many services. Common cloud computing models are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

Let's broadly understand these models:

IaaS

: When a service provider offers virtualized hardware or computing infrastructure as a service, such an offering is called IaaS.

PaaS

: PaaS is a type of cloud service in which a service provider offers application platforms and tools over the cloud, usually to enable application development. In this service model, underlying hardware and software are hosted on the service provider's infrastructure.

SaaS:

In the SaaS model, the service provider offers software or applications as services. Such services are hosted by the providers and the end customer simply consumes this SaaS without worrying about the underlying hosting platform, infrastructure, and maintenance.

The line of responsibilities in IaaS, PaaS, and SaaS is explained in the following figure:

Understanding virtualization

Virtualization is a process of virtually segregating physical hardware resources into a set of virtual resources that can independently work as a computing resource and provide customized and dedicated CPU, RAM, storage, and so on. Each server and its resources is created in an isolated environment. Each isolated environment is abstracted from the physical operating system and underlying hardware configuration. Such resources are called VMs or instances.

Virtualization is achieved using virtualization software that maintains the abstract and virtual layers on top of physical hardware. Let us understand these virtualization software and virtualization types in the following sections.

Virtualization types based on virtualization software

As shown in the following figure, virtualization software can be broadly categorized into two categories, class 1 and class 2:

Class 1 type

: This is also known as the bare metal virtualization type. Very thin (that is of a small size) virtualization software called a hypervisor is installed directly on the physical server. The AWS cloud uses a customized

Xen hypervisor

. Class 1 hypervisors are faster than class 2 hypervisors. Examples of class 1 hypervisors are Xen, OpenStack, Hyper-V, and vSphere.

Class 2 type

: This is also called a hosted hypervisor. These types of hypervisors are installed above the base operating system such as Windows or Linux. Examples of class 2 hypervisors are VMware Workstation, VirtualBox, and Virtual PC.

Virtualization types based on virtualization methods

As shown in the following figure, virtualization can also be categorized as per the virtualization methods, as follows:

OS-level virtualization

: Host machines and VMs have the same OS with the same patch level

Software virtualization

(hypervisor):

Binary translation

: Sensitive instructions from VMs are replaced by hypervisor calls.

Para Virtualization Mode

(

PVM

): Guest OS is modified to deliver performance.

Hardware Assisted Virtual Machine

(

HVM

): Creates an abstract layer between host and guest VMs. Uses special 

CPU

 instruction sets (that is, Intel-VT and AMD-V) to boost guest VM performance.

Elasticity versus scalability

Elasticity and scalability are two important characteristics of cloud computing. They describe the way cloud infrastructure is able to expand and shrink to match the actual dynamic workload and are discussed as follows:

Scalability

: This means adding resources either to the existing instance (scale up) or in parallel to an existing instance (scale out). Scalability is essential to achieve elasticity:

Scale up

: Changing the instance type from small to large (that is, changing to more memory or compute) is called scaling up. It is also called

Vertical Scaling

. It may require stopping the existing and running instance. Usually, scaling up is done to get more compute and memory on the same instance. Scaling up is usually suggested for an application that does not support clustering modes easily such as, RDBMS. Usually, scaling up is achieved manually and requires downtime.

Scale out

: Placing one or more new instances parallel to the existing instance is called scale out. It is also referred to as

Horizontal Scaling

. It gives good performance and availability as instances can be placed across multiple AZs. By having individual resources such as a NIC and disk controller for each instance, much better performance can be achieved compared to scaling up. Usually, scaling out is suggested for clustering-enabled applications such as stateless web servers, big data, and NoSQL. Scaling out generally does not require any downtime.

Elasticity

: In physics, elasticity can be defined as a material's ability to expand and shrink with external parameters. Similarly, in the cloud infrastructure, elasticity can be defined as the ability to automatically provision additional resources to meet a high demand and reduce the extended number of resources when the demand lowers.

Unlike a public cloud, generally, traditional data centers do not have on-demand scalability and elasticity. The following sections compare traditional data centers and cloud infrastructure resourcing.

Traditional data center resourcing

As shown in the following screenshot, in traditional data centers, there may be situations when provisioned infrastructure capacity is either more than what is needed or less than required. When the capacity is more than what is required, it's a waste of CapEx and when it is less than required, it throttles performance:

Cloud infrastructure resourcing

In contrast to traditional data centers, cloud infrastructure can be designed with dynamic scalability and elasticity based on actual workload. As shown in the following screenshot, such flexibility almost nullifies the wasting resources or performance throttling. Until the soft limit is reached, cloud infrastructure can keep scaling out and scaling down based on the actual workload.

To achieve such flexibility, cloud infrastructure has to be designed and automatically provisioned in line with such requirements using various services offered by the respective cloud service providers:

Comparing AWS cloud and on-premise data centers

Whenever an organization thinks of migrating their infrastructure over to a public cloud, the first question that strikes the organization is cost. AWS provides major advantages over on-premise environments as there is no upfront cost from using AWS. Thus, there is no CapEx requirement as AWS works on OpEx. That means a customer pays only on a monthly basis based on actual consumption of AWS resources.

The following table differentiates cost on various counts between AWS and on-premise environments:

Pricing model

One time upfront cost

Monthly cost

Public cloud

On-premise DC

Public cloud

On-premise

DC

Server hardware

0

$$

$$

0

Network hardware

0

$$

0

0

Hardware maintenance

0

$$

0

$

Software OS

0

$$

$

0

Power and cooling

0

$$

$

$

Data center space

0

$$

0

0

Administration

0

$$

0

$$$

Storage

0

$$

$$

0

Network bandwidth

0

$

$

$

Resource management software

0

0

$

$

24x7 support

0

0

$

$

Total Cost of Ownership (TCO) versus Return on Investment (ROI)