Бесплатные курсы AWS по ML - https://www.amazon.science/latest-news/machine-learning-course-free-online-from-amazon-machine-learning-university

Полезный пост с описанием моментов по созданию мультирегиональных приложений:

https://aws.amazon.com/blogs/architecture/creating-a-multi-region-application-with-aws-services-part-2-data-and-replication/

When building a distributed system, consider the consistency, availability, partition tolerance (CAP) theorem. This theorem states that an application can only pick 2 out of the 3, and tradeoffs should be considered.
▫️ Consistency – all clients always have the same view of data
▫️ Availability – all clients can always read and write data
▫️ Partition Tolerance – the system will continue to work despite physical partitions

#design

​​Weekly Summary on AWS (January 9-15)

🔸 AppSync + cache entry eviction
🔸 AWS Toolkit for JetBrains IDEs + ECS-Exec
🔸 EC2 + Hpc6a instance type
🔸 EC2 Windows Server + Launch Speed Optimizations
🔸 ElastiCache + publish logs (6.2+)
🔸 EMR Studio
• Real-time collaborative notebooks
• SQL Explorer
🔸 IoT SiteWise Edge + Data Upload Prioritization
🔸 Kendra + query language
🔸 Lex + PrivateLink
🔹 Local Zones + Atlanta / Phoenix / Seattle
🔸 Redshift Spectrum + custom data validation rules
🔸 RDS for MySQL + 5.7.36 & 8.0.27
🔸 RDS Performance Insights + GetResourceMetadata, ListAvailableResourceDimensions, ListAvailableResourceMetrics
🔸 SageMaker Feature Store + connector for Spark
🔸 SNS + ABAC (Attribute-based access controls)
🔸 SSM + Command Document
🔹 Well-Architected Framework + Streaming Media Lens

#AWS_week

​​📚 FREE resources to prepare for AWS Certified Solution Architect Associate (SAA-CO2) exam.

1️⃣ AWS Ramp-Up Guide: Architect ✅
https://d1.awsstatic.com/training-and-certification/ramp-up_guides/Ramp-Up_Guide_Architect.pdf

2️⃣ Exam Readiness: AWS Certified Solutions Architect – Associate (Digital) ✅
https://explore.skillbuilder.aws/learn/course/external/view/elearning/125/exam-readiness-aws-certified-solutions-architect-associate-digital

3️⃣ AWS Certification Official Practice Question Sets (English) ✅
https://explore.skillbuilder.aws/learn/course/external/view/elearning/9153/aws-certification-official-practice-question-sets-english

4️⃣ AWS Whitepapers + Well architected Framework + FAQs ✅
https://aws.amazon.com/certification/certified-solutions-architect-associate/

5️⃣ Practice Exams ✅
http://www.koenig-solutions.com/aws

p.s. Original source.

#AWS_certification

Хорошая статья-сравнение параллельного запуска Lambda, App Runner и Fargate:

https://nathanpeck.com/concurrency-compared-lambda-fargate-app-runner/

🔸 Concurrency
🔹 Scaling

Lambda
🔸 Single concurrent request per Lambda function instance, but many separate Lambda function instances
🔹 Fully managed by AWS Lambda, default limit of 1000 concurrent executions. Scale out more function instances in under a second.

App Runner
🔸 Multiple concurrent requests per container, enforces a configurable hard limit such as 100 concurrent reqs/container
🔹 Fully managed by App Runner. Configure a concurrency limit per containerized process. Scale out more container instances in less than 1 min.

Fargate
🔸 Multiple concurrent requests per container, no built-in limits on concurrency per container
🔹 Managed by you. Scale out more container instances based on your desired metric: CPU, concurrency, or a custom metric. Scale out in less than 1 min.

#design

🔶 Recover your AWS account via Customer Support

A Twitter thread on how to get AWS Customer Support to remove MFA from your root account.

https://twitter.com/jrhunt/status/1478935811336798211?s=12

#aws

Билд платформа Playrix (в том числе на спотах) https://youtu.be/RCVZoF8eWXk?list=RDCMUCgoMppmHUHU_3vxMD7oDG7g

AWS CDK Crash Course:

https://www.youtube.com/watch?v=T-H4nJQyMig

00:15 CDK Crash Course Intro
01:13 What we'll cover
02:34 Resources
03:07 CDK Basics
07:34 What are CDK Constructs?
10:15 Level 3 Construct Examples
12:08 Synthesis, Assets, Bootstrapping and Deploy
14:53 CDK Workshop Speedrun - Cloud9 Prep
21:01 CDK Workshop Speedrun - New Project
28:02 CDK Workshop Speedrun - Hello, CDK
35:42 CDK Workshop Speedrun - Writing Constructs
42:26 CDK Workshop Speedrun - Using Construct Libraries
44:14 CDK Workshop Speedrun - Testing Constructs
48:51 Advanced CDK
59:32 More Resources and Thanks!

#CDK #video

​​FREE 🔥 AWS Exam Readiness courses from Tutorials Dojo:

https://portal.tutorialsdojo.com/product-category/aws/aws-digital-courses-2/aws-exam-readiness-courses/

▪️ AWS Certified Solutions Architect Professional (SAP-C01)
▪️ AWS Certified DevOps Engineer Professional (DOP-C01)
▪️ AWS Certified Security Specialty (SCS-C01)
▪️ AWS Certified Database Specialty (DBS-C01)
▪️ AWS Certified Data Analytics Specialty (DAS-C01)
▪️ AWS Certified Machine Learning Specialty (MLS-C01)

#AWS_certification

​​Weekly Summary on AWS (January 16-22)

🔸 CloudWatch Application Insights + Microsoft AD & SharePoint
🔸 DRS (AWS Elastic Disaster Recovery) + failback
🔸 DynamoDB + ReturnConsumedCapacity
🔸 FinSpace + Spark 3.1.2
🔸 FSx for NetApp ONTAP + CloudWatch
🔸 EMR
• Spark SQL to insert data into and update Glue Data Catalog
• Iceberg
🔸 GuardDuty + detection of EC2 credentials used from another AWS account
🔸 Location Service
• Matrix routing
• Request-based pricing for all customer use cases
🔸 Migration Hub Strategy Recommendations + Babelfish for Aurora PostgreSQL
🔸 MQ + RabbitMQ 3.8.26
🔸 Security Hub
• Trusted Advisor adds 111 checks
• Integration with AWS Health
🔸 SSM Automation
• Execute runbooks from Slack
• Outbound webhooks for 3-d party tools
🔸 SageMaker Pipelines
• EMR integration for large scale data processing
• Parallelism Configuration
🔸 AWS Client VPN + banner text and maximum session duration
🔹 Wavelength Zones + Charlotte, Detroit, Los Angeles and Minneapolis

#AWS_week

New AWS white paper with guidance for implementing WAF

#aws #security

​​Using Amazon Cognito to Authenticate Players for a Game Backend Service:

https://aws.amazon.com/blogs/gametech/using-amazon-cognito-to-authenticate-players-for-a-game-backend-service/

A: Game client make REST API call to unauthenticated endpoint to invoke Login Lambda function with username and password in JSON body.
B: Login Lambda function uses username and password to authenticate with Amazon Cognito user pool and obtains IdToken.
C: Login Lambda function sends IdToken back to game client through the API Gateway.
D: Game client makes a REST API call to Amazon API Gateway which will validate the IdToken with the Cognito authorizer. API Gateway will then invoke the backend service Lambda function.

#Cognito

​​Build an observability solution using managed AWS services and the OpenTelemetry standard:

https://aws.amazon.com/blogs/mt/build-an-observability-solution-using-managed-aws-services-and-the-opentelemetry-standard/

We centralized the metrics, traces, and logs collected from workloads running in various AWS accounts using:
▫️ ADOT (AWS Distro for OpenTelemetry)
▫️ Amazon Managed Grafana
▫️ Amazon Managed Service for Prometheus
▫️ Amazon OpenSearch Service.
To visualize these metrics, traces, logs, and to show correlation, we setup:
▫️ OpenSearch dashboard
▫️ Grafana workspace with Amazon Managed Grafana.
This provided us with a native integration with Amazon Managed Service for Prometheus.
We also leveraged a hub-and-spoke architecture for solution scalability.

#observability

Zero-day уязвимости в AWS CloudFormation и AWS Glue.

В середние января Orca Security (израильский стартап в области облачной кибербезопасности с офисом разработке в Минске) опубликовал отчёты о двух найденных критических уязвимостях в инфраструктуре AWS:

1. Ability to gain control plane access to a CloudFormation host and retrieve its AWS credentials:
https://orca.security/resources/blog/aws-cloudformation-vulnerability/

2. Cross-account access via AWS Glue:
https://orca.security/resources/blog/aws-glue-vulnerability/

Обе уязвимости были полностью устранены через несколько дней после сообщения.

Позже были опубликованы Security Bulletins:
https://aws.amazon.com/security/security-bulletins/AWS-2022-001/
https://aws.amazon.com/security/security-bulletins/AWS-2022-002/

​​EFS Replication:

https://aws.amazon.com/blogs/aws/new-replication-for-amazon-elastic-file-system-efs/

🔸 Once configured, replication begins immediately. All replication traffic stays on the AWS global backbone, and most changes are replicated within a minute, with an overall Recovery Point Objective (RPO) of 15 minutes for most file systems. Replication does not consume any burst credits and it does not count against the provisioned throughput of the file system.

🔸 EFS tracks modifications to the blocks (currently 4 MB) that are used to store files and metadata, and replicates the changes at a rate of up to 300 MB per second. Because replication is block-based, it is not crash-consistent; if you need crash-consistency you may want to take a look at AWS Backup.

🔸 You pay the usual storage fees for the original and replica file systems and any applicable cross-region or intra-region data transfer charges.

#EFS

​​Gitlab Runner on EC2

https://aws.amazon.com/blogs/devops/deploy-and-manage-gitlab-runners-on-amazon-ec2/

This article demonstrated how to utilize IaC to efficiently conduct various administrative tasks associated with a Gitlab Runner.
▪️ We deployed Gitlab Runner consistently and quickly across multiple accounts.
▪️ We utilized IaC to enforce guardrails and best practices, such as tracking Gitlab Runner configuration changes, terminating the Gitlab Runner gracefully, and autoscaling the Gitlab Runner to ensure best performance and minimum cost.

#Gitlab

​​S3 console — generating a presigned URL:

https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html#ShareObjectPreSignedURLConsole

The credentials that you can use to create a presigned URL include:

🔸 IAM instance profile: Valid up to 6 hours

🔸 STS: Valid up to 36 hours when signed with permanent credentials, such as the credentials of the AWS account root user or an IAM user

🔸 IAM user: Valid up to 7 days when using AWS Signature Version 4

#S3 #AWS_Console