The Self-Taught Cloud Computing Engineer E-Book

The Self-Taught Cloud Computing Engineer

A comprehensive professional study guide to AWS, Azure, and GCP

Dr. Logan Song

BIRMINGHAM—MUMBAI

The Self-Taught Cloud Computing Engineer

Copyright © 2023 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Preet Ahuja

Publishing Product Manager: Suwarna Rajput

Senior Editor: Isha Singh

Technical Editor: Nithik Cheruvakodan

Copy Editor: Safis Editing

Project Coordinator: Shagun Saini

Proofreader: Safis Editing

Indexer: Rekha Nair

Production Designer: Joshua Misquitta

Marketing Coordinator: Rohan Dhobal

First published: August 2023

Production reference: 1240823

Packt Publishing Ltd

Grosvenor House

11 St Paul’s Square

Birmingham

B3 1RB, UK.

ISBN 978-1-80512-370-5

www.packtpub.com

To God, for your amazing grace.

To my mother, Shuiming Tang, and to the memory of my father, Ada Song, for your sacrifices and love.

To my wife, Tracey, for your unconditional love and support.

To my daughter, Nancy, for showing me what talent and hard work can achieve. Congrats on your success at Princeton University and Stanford University.

To my son, Neil, for your strong passion, deep critical thinking, and self-learning. May God bless your life at Yale University.

To my daughter, Nicole, for your compassion and endurance. May God guide you in your future.

Foreword

In today’s fast-paced digital landscape, where technology shapes the way we live and work, cloud computing has emerged as a transformative force. Its power to revolutionize businesses, accelerate innovation, and enable modern technology is immeasurable. As the demand for cloud expertise continues to soar, there is a pressing need for comprehensive resources to equip more individuals with the knowledge and skills in this dynamic realm.

The Self-Taught Cloud Engineer by Logan Song fills this void admirably. As one of the world’s leading Subject Matter Experts (SMEs) in cloud computing, Logan brings forth a wealth of wisdom, insights, and practical guidance in this remarkable book. Within its pages lies an extraordinary learning journey that will empower readers to grasp the intricacies of the three most prominent clouds on Earth: Amazon web services, Google Cloud, and Microsoft Azure.

This book transcends mere technical jargon and dives deep into the essence of cloud computing. Logan begins by laying a solid foundation of cloud computing concepts and services, ensuring readers comprehend the fundamentals before embarking on their transformative journey. The exploration commences with an immersive experience within the AWS cloud. By meticulously unraveling the intricacies of AWS services, ranging from compute and storage to network, database, big data, machine learning, and security, Logan offers invaluable insights into best practices for service design and deployment.

The journey continues to Google Cloud, where Logan expertly highlights its similarities and differences from AWS. Here, readers will explore the bedrock of Google Cloud’s infrastructure services, delve into the realm of data analytics and machine learning, and uncover the robust security services that safeguard organizations’ digital assets. This comparative study equips learners with the necessary mindset to evaluate and leverage the unique strengths of each cloud platform.

No comprehensive cloud education would be complete without an examination of Microsoft Azure, and Logan seamlessly integrates Azure into the learning journey. By collating the knowledge acquired about the previous two clouds, readers gain a holistic understanding of cloud computing. Stepping into the next level, the Azure segment delves into foundational services, data analytics, machine learning, and security features, enabling learners to expand their repertoire of cloud skills and become well-rounded cloud professionals.

But this book goes beyond technical instruction. In its final part, Logan shares his personal cloud journey, where he underwent a profound transformation from a traditional advisory IT infrastructure architect to a chief cloud architect and professor. Through his captivating narrative, he imparts the secret ingredients of his success: a perpetually grateful disposition and an unwavering commitment to lifelong learning. These invaluable lessons, intertwined with his own experiences, will inspire readers to adopt a positive mindset and embrace the challenges and opportunities that lie ahead.

As I reflect on the significance of The Self-Taught Cloud Engineer, I am reminded of the huge potential that lies within each of us. The power to shape our destinies, build successful careers, and contribute meaningfully to the digital era is within our grasp. This book serves as an indispensable guide, empowering individuals to unlock the full potential of cloud computing and become the cloud superheroes our world desperately needs.

Yu Meng, Ph.D.

IEEE Senior Member

MIT App Inventor Certified Expert Trainer

ISEF Grand Prize Judge

Contributors

About the author

Dr. Logan Song is the cloud director and chief cloud architect at Dito LLC, a Google Partner company. With over 25 years of professional experience, Dr. Song is highly skilled in enterprise information technology architecture, specializing in cloud computing and machine learning. Dr. Song has led numerous data center virtualization and cloud projects in Fortune 500 companies and government agencies. He holds numerous cloud certifications in AWS, Azure, and Google Cloud.

Dr. Song holds a Ph.D. in industrial engineering, an MS in computer science, and a BS in electrical engineering. Currently, he is an adjunct professor at the University of Texas in Dallas, teaching graduate courses in cloud computing and machine learning.

I want to thank the Packt team: Isha Singh, Shagun Saini, Suwarna Patil, and the reviewers and editors, who have worked so hard to make this book possible.

I am full of gratitude to all my friends, teachers, classmates, colleagues, and coworkers for the help they have provided to me in my life.

About the reviewers

Dharmesh R. Vaya is a cloud technologist known for his ability to develop enterprise applications on cloud platforms and foster a spirit of innovation among teams, with a rich experience in banking, e-commerce, and media/entertainment, to name a few. In his professional journey, he has close to 17 years of IT experience and works as a solutions architect at Palo Alto Networks, where he specializes in Prisma Cloud, for securing cloud workloads, and is a thought leader around DevSecOps and related technologies.

He is a recognized Google Developer Expert for the Google Cloud Platform & Payments category. He actively speaks at various international conferences, sharing his experience/learnings with the broader tech community.

I would like to thank my colleagues, mentors, and community members for all the guidance and support that have defined me as a professional. Grateful for you folks! I’m forever indebted to my parents for all their support and blessings. I’m super thankful to my family for giving me support and strength through this journey. I owe this to you all.

With over 20 years of experience in software, DevOps, and cloud engineering, Raymond J. Hill has become a trusted authority in the industry. Offering a broad spectrum of expertise, from IT support to leading high-performing engineering teams across various clients, Raymond’s experience is as diverse as it is extensive. This vast technical and leadership experience lends them a unique and insightful perspective on the interplay of technology, management, and client delivery.

I’d like to thank my family and friends, who understand the time and commitment it takes to review books, write code, lead teams effectively, and everything else required to be a tech nerd. None of this would be possible without their support.

Chirag Nayyar has studied the cloud since 2013 and is a solutions consultant for a cloud consulting company. He assists customers in developing their public cloud adoption framework, strategy, and implementation plans.

In addition to his job, he participates in cloud communities as a speaker and co-organizer, and runs a YouTube channel where he provides guidance on various cloud platforms, including how to prepare for certifications.

I want to express my gratitude to my wife for always being there for me.

Table of Contents

Preface

Part 1: Learning about the Amazon Cloud

1

Amazon EC2 and Compute Services

The history of computing

The computer

The data center

The virtual machine

The idea of cloud computing

The computer evolution path

Amazon Global Cloud infrastructure

Building our first EC2 instances in the Amazon cloud

Launching EC2 instances in the AWS cloud console

Launching EC2 instances using CloudShell

Logging in to the EC2 instances

ELB and ASG

AWS compute – from EC2 to containers to serverless

Summary

Practice questions

Answers to the practice questions

Further reading

2

Amazon Cloud Storage Services

Understanding EBS

Understanding EFS

Understanding S3

Understanding Snowball and Snowmobile

Accessing S3 from EC2 instances

Summary

Practice questions

Answers to the practice questions

Further reading

3

Amazon Networking Services

Reviewing computer network basics

IP address

CIDR

The internet

Understanding Amazon Virtual Private Cloud

Part one – creating a VPC with subnets

Part two – Provisioning more cloud resources and connecting them together

Part three – hardening AWS network security

VPC firewalls

VPC endpoints

Understanding Amazon Direct Connect

Understanding Amazon DNS – Route 53

Understanding the Amazon CDN

Summary

Practice questions

Answers to the practice questions

Further reading

4

Amazon Database Services

Database basics

Relational databases

NoSQL databases

In-memory cache databases

Data warehouses

Amazon RDS

Amazon cloud NoSQL databases

Amazon ElastiCache

Amazon cloud data warehouse service

Summary

Practice questions

Answers to the practice questions

Further reading

5

Amazon Data Analytics Services

Understanding the AWS big data pipeline

AWS Glue

Amazon Athena

The Amazon Kinesis family

Amazon QuickSight

Amazon EMR

MapReduce and Hadoop

AWS EMR

Summary

Practice questions

Answers to the practice questions

Further reading

6

Amazon Machine Learning Services

ML basics and ML pipelines

ML problem framing

Data collection and preparation

Feature engineering

ML model development

ML model deployment, testing, and monitoring

Amazon SageMaker

DL basics

Amazon computer vision solutions

Amazon’s NLP solutions

Amazon Comprehend

Amazon Transcribe

Amazon Polly

Amazon Translate

Amazon Lex

Summary

Practice questions

Answers to the practice questions

Further reading

7

Amazon Cloud Security Services

Amazon cloud security model

Amazon IAM

IAM policies

AWS infrastructure security

AWS Organizations

AWS resource security

Amazon data encryption

AWS logging, monitoring, and incident handling

Case study – an AWS threat detection and incident handling ecosystem

Automatic threat detection

Automatic notification

Automatic remediation

Summary

Practice questions

Answers to the practice questions

Further reading

Part 2: Comprehending GCP Cloud Services

8

Google Cloud Foundation Services

Google Cloud resource hierarchy

Google Cloud compute

Google Compute Engine

Google Kubernetes Engine

Google Cloud Storage

Google Cloud networking

Summary

Practice questions

Further reading

9

Google Cloud’s Database and Big Data Services

Google Cloud database services

Google Cloud SQL

Google Cloud Spanner

Google Cloud Firestore

Google Cloud Bigtable

Google Cloud Memorystore

Google Cloud’s big data services

Google Cloud Pub/Sub

Google Cloud BigQuery

Google Cloud Dataflow

Google Cloud Dataproc

Google Cloud Looker

Summary

Practice questions

Answers to the practice questions

Further reading

10

Google Cloud AI Services

Google Cloud Vertex AI

Vertex AI datasets

Dataset labeling

Vertex AI Feature Store

Workbench and notebooks

Vertex AI custom models

Vertex Explainable AI

Vertex AI prediction

Vertex AI Model Monitoring

Vertex AI Pipelines

Vertex AI TensorBoard and Metadata

Vertex AI AutoML

Google Cloud ML APIs

Sight API

Conversational API

Google Cloud generative AI services

Summary

Practice questions

Answers to the practice questions

Further reading

11

Google Cloud Security Services

Google Cloud IAM

Google Cloud users and groups

Google Cloud service accounts

Google Cloud IAM roles

Google Cloud endpoint security

GCE VM security

GCS security

Google Cloud network security

Google Cloud data security

Data classification and data lineage

Data encryption

GCP DLP

Google Cloud Monitoring and Logging

Google Cloud Security Command Center (SCC)

SCC asset discovery

SCC scan findings

SCC integration with Cloud DLP

SHA

The latest SCC features

Summary

Practice questions

Answers to the practice questions

Further reading

Part 3: Mastering Azure Cloud Services

12

Microsoft Azure Cloud Foundation Services

Azure cloud resource hierarchy

Azure cloud compute

Azure cloud VMs

Azure cloud container services

Azure serverless computing

Azure cloud storage

Object storage

File storage

Block storage

Archive storage

Azure cloud networking

Azure Cloud Foundation service implementation

Summary

Practice questions

Answers to the practice questions

Further reading

13

Azure Cloud Database and Big Data Services

Azure cloud data storage

Azure cloud databases

Azure cloud relational databases

Azure cloud NoSQL databases

Azure’s cloud data warehouse

Azure cloud big data services

Azure ADF

Azure HDInsight

Azure Databricks

Summary

Practice questions

Answers to the practice questions

Further reading

14

Azure Cloud AI Services

Azure ML workspaces

Azure Cognitive Services

Azure OpenAI Service

Summary

Practice questions

Answers to the practice questions

Further reading

15

Azure Cloud Security Services

Azure cloud security best practices

Azure Security Center

Azure IAM

Azure cloud VM protection

Azure cloud network protection

Azure data protection

Azure cloud security reference architectures

Azure hybrid cloud infrastructure

Azure SIEM and SOAR

An Azure cloud security case study

Organizational infrastructure security

Networking infrastructure security

Palo Alto networks

Summary

Practice questions

Answers to the practice questions

Further reading

Part 4: Developing a Successful Cloud Career

16

Achieving Cloud Certifications

Reviewing the certification roadmaps

AWS cloud certifications

Google Cloud certifications

Microsoft Azure Cloud certifications

Developing cloud certification strategies

Cloud certification exam practice questions

Google Cloud Digital Leader certification

Google Cloud Associate Engineer certification

JencoBank case study

Company overview

Company background

Solution concept

The existing technical environment

Application – Customer loyalty portal

CEO statement

CTO statement

CFO statement

Google Cloud Professional Security Engineer certification

AWS Cloud Practitioner certification

AWS Data Analytics certification

Microsoft Azure AI Foundations certification

Microsoft Azure AI Engineer certification

Summary

Further reading

17

Building a Successful Cloud Computing Career

The cloud job market

Soft cloud skills

My cloud story

Summary

Index

Other Books You May Enjoy

Preface

Cloud computing came into our world in 2006, about 60 years after the first computer emerged. Cloud computing provides a brand-new concept of computing power services such as elastic, self-provisioning, and on-demand. In a traditional computing data center model, computing infrastructure is conceived as physical hardware with space, compute and network equipment, admin staff, physical security, and capital expenditure – entailing a long procurement cycle, big maintenance costs, and a lumbering structure. The new cloud computing model builds the computing infrastructure as software that matches your business needs: provisioning and terminating computing resources on-demand, scaling the computing resources up and down elastically and automatically, deploying the cloud resources as immutable code with version control, and paying for what you use.

Amazon Web Services (AWS) was the first cloud service, followed by Microsoft Azure and Google Cloud Platform (GCP). These are the three main clouds that are dominating the world, and this book helps you to learn about and master all of them and build a successful career in cloud computing.

Who this book is for

The book is for individuals in the information technology domain, whether you are a beginner looking to start your cloud computing journey or an experienced professional seeking to expand your skills. Our interactive study book is designed to empower you with the knowledge and practical experience necessary to excel in the world of cloud computing. With the detailed roadmap in the book, you will be able to complete a comprehensive cloud learning journey and develop a successful cloud computing career thereafter.

What this book covers

Chapter 1, Amazon EC2 and Compute Services, introduces AWS cloud compute services including EC2, among others.

Chapter 2, Amazon Cloud Storage Services, delves into AWS cloud storage services including EBS, EFS, S3, and so on.

Chapter 3, Amazon Cloud Networking Services, discusses AWS cloud networking services, including VPC, Amazon Direct Connect, Amazon Domain Name Service (DNS), and Content Delivery Network (CDN).

Chapter 4, Amazon Cloud Database Services, covers relational databases, NoSQL databases, and data warehouses in the AWS cloud.

Chapter 5, Amazon Cloud Big Data Services, explores AWS big data services for data ingestion, storing, processing, and visualization in the Amazon cloud.

Chapter 6, Amazon Cloud Machine Learning Services, examines AWS cloud machine learning (ML) services, including SageMaker and AWS ML API services.

Chapter 7, Amazon Cloud Security Services, addresses AWS cloud security services for hardening the Amazon cloud environment.

Chapter 8, Google Cloud Foundation Services, covers Google Compute Engine (GCE), Persistent Disks (PDs), network storage (Filestore), Google Cloud Storage (GCS), Google VPC, and VPC peering.

Chapter 9, Google Cloud Data Services, covers GCP data services such as Cloud SQL, Firestore, Datastore, and Bigtable; and GCP big data services, including BigQuery, Pub/Sub, Dataproc, Dataflow, and so on.

Chapter 10, Google Cloud AI Services, examines GCP ML services, focusing on GCP Vertex AI and AI APIs.

Chapter 11, Google Cloud Security Services, discusses GCP security services including endpoint security, network security, data security, and Security Command Center (SCC), which is the focal point of this chapter.

Chapter 12, Azure Cloud Foundation Services, explores the concepts of Azure cloud virtual machines and disk storage, file storage, Binary Large Object (BLOB) storage, queue storage, table storage, Azure vNets, and peering.

Chapter 13, Azure Cloud Data Services, covers Azure cloud-managed database services such as relational databases (Azure SQL Database), NoSQL databases (Azure Cosmos DB), and cache databases (Azure Cache for Redis), and discusses Azure big data services including Azure Data Factory, Azure Databricks, and Azure HDInsight.

Chapter 14, Azure Cloud AI Services, discusses Azure Machine Learning workspaces and Azure Cognitive Services, including the Azure OpenAI service.

Chapter 15, Azure Cloud Security Services, covers Microsoft Azure cloud security, including Azure security best practices, the Azure cloud security reference architecture, and an Azure security case study of a real-life project.

Chapter 16, Achieving Cloud Certification, reviews cloud certification roadmaps for AWS, Azure, and GCP, develops cloud exam strategies, and analyzes practice questions for seven cloud certification exams.

Chapter 17, Building a Successful Cloud Computing Career, discusses the cloud job market and the soft skills in a cloud career, and I share my own cloud story.

To get the most out of this book

To get the most out of this book, study the chapters to master the basic concepts, learn by doing all the lab examples in the chapters, study the certification exam contents, and go on to achieve cloud certifications.

If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Self-Taught-Cloud-computing-Engineer.

If there’s an update to the code, it will be updated in the GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “Using putty to connect to a Linux instance, install mysql client pkg and connect to the RDS endpoint.”

A block of code is set as follows:

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

Any command-line input or output is written as follows:

Bold: Indicates a new term, an important word, or words that you see on screen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “Click Explore table items.”

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share your thoughts

Once you’ve read The Self-Taught Clooud Engineer, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily

Follow these simple steps to get the benefits:

https://packt.link/free-ebook/978-1-80512-370-5

Part 1: Learning about the Amazon Cloud

This first part kicks off the cloud journey by introducing the Amazon cloud. In this part, we will digest the concept of cloud computing and examine the AWS cloud services, including compute, storage, networking, database, big data, machine learning, and security, aiming for a comprehensive understanding of the Amazon cloud and obtaining hands-on skills in the AWS cloud.

This part comprises the following chapters: