Introduction xxvii Assessment Test xxxiv Part I AWS Fundamentals 1 Chapter 1 Introduction to Systems Operations on AWS 3 The AWS Ecosystem 5 The AWS Services Model 6 The AWS Global Presence 7 AWS Managed Services 8 What is Systems Operations? 14 The AWS Shared Responsibility Model 15 The AWS Service Level Agreement 16 The Seven Domains 16 Working with AWS 17 The AWS Management Console 17 The AWS CLI 19 AWS SDKs 19 Technical Support and Online Resources 19 Support Plans 20 Other Support Resources 20 Key Exam Resources 20 Summary 21 Exam Essentials 21 Review Questions 24 Part II Monitoring and Reporting 29 Chapter 2 Amazon CloudWatch 31 Monitoring on AWS 32 Monitoring is Event-Driven 33 Monitoring is Customizable 34 Monitoring Drives Action 36 Basic CloudWatch Terms and Concepts 36 CloudWatch is Metric- and Event-Based 36 Alarms Indicate Notifiable Change 36 Events and CloudWatch Events are Lower Level 37 CloudWatch Events Has Three Components 37 Choosing Between Alarms and Events 37 What''s in a Namespace? 37 To the 10th Dimension 38 Statistics Aggregate Metrics 38 Monitoring Compute 39 EC2 Instance Metrics 39 EC2 EBS Metrics 40 ECS Metrics 41 Monitoring Storage 41 S3 Metrics 42 RDS Metrics 42 DynamoDB2 Metrics 43 CloudWatch Alarms 44 Create an Alarm Threshold 45 Set Off an Alarm 45 Respond to an Alarm 45 CloudWatch Events 46 Events 46 Rules 46 Targets 47 Summary 47 Resources to Review 48 Exam Essentials 48 Exercises 49 Review Questions 56 Chapter 3 AWS Organizations 61 Managing Multiple Accounts 62 AWS Organizations Consolidates User Management 63 AWS Organizations Consolidates Billing 63 Core AWS Organizations Concepts 64 An Organization is a Collection of Accounts 64 Organizations Have a Master Account 65 Manage Organizational Units Across Accounts 65 Apply Service Control Policies 66 AWS Organizations and Consolidated Billing 68 Compliance Benefits 69 Prefer AWS Organizations Over Tagging 69 Summary 69 Exam Essentials 70 Exercises 70 Review Questions 73 Chapter 4 AWS Config 77 Managing Configuration Changes 78 Continuous Everything 79 On-Premises Solutions 80 Configuration in the Cloud 80 AWS Config Use Cases 81 Centralized Configuration Management 81 Audit Trails 83 Configuration as Security 83 AWS Config Rules and Responses 83 Rules are Desired Configurations 83 A Configuration Item Represents a Specific Configuration 84 Rules are Evaluated 85 AWS Config or AWS CloudTrail? 87 Summary 87 Resources to Review 88 Exam Essentials 88 Exercises 89 Review Questions 96 Chapter 5 AWS CloudTrail 101 API Logs are Trails of Data 102 What Exactly is a Trail? 103 The CloudTrail Process 105 CloudTrail as a Monitoring Tool 106 Viewing CloudTrail Logs 106 Connect a CloudTrail Trail to SNS 107 CloudTrail Handles Permissions.Sometimes 108 Summary 108 Resources to Review 108 Exam Essentials 109 Exercises 109 Review Questions 115 Part III High Availability 119 Chapter 6 Amazon Relational Database Service 121 Creating Databases with Amazon RDS 122 Amazon RDS vs. Your Own Instances 123 Supported Database Engines 125 Database Configuration and Parameter Groups 125 Scalability with Amazon RDS 127 Amazon RDS Key Features 128 Scaling Amazon RDS Instances 128 Backing Up Amazon RDS Instances 128 Securing Amazon RDS Instances 129 Multi-AZ Configuration 129 Creating a Multi-AZ Deployment 129 Failing Over to the Secondary Instance 130 Read Replicas 131 Replication to Read Replicas 131 Connecting to Read Replicas 132 Read Replicas'' Requirements and Limitations 132 Amazon Aurora 132 Aurora Volumes 133 Aurora Replicas 133 Summary 133 Resources to Review 134 Exam Essentials 134 Review Questions 136 Chapter 7 Auto Scaling 141 Auto Scaling Terms and Concepts 142 Auto Scaling Groups 143 Scaling In and Scaling Out 143 Scaling More than EC2 144 Minimums, Maximums, and Desired Capacity 145 Auto Scaling Groups Auto Scale 145 Auto Scaling Instances Must Be Maintained 146 Launch Configurations 147 EC2 Instances are Launch Configuration Templates 147 One Auto Scaling Group Has One Launch Configuration 148 Launch Templates: Versioned Launch Configurations 148 Auto Scaling Strategies 149 Manual Scaling 149 Scheduled Scaling 149 Dynamic Scaling 150 Cooldown Periods 150 Instances Terminate in Order 151 When Auto Scaling Fails 152 Summary 153 Resources to Review 153 Exam Essentials 153 Exercises 154 Review Questions 158 Part IV Deployment and Provisioning 163 Chapter 8 Hubs, Spokes, and Bastion Hosts 165 VPC Peering 166 Understanding the Use Case for Hub-and-Spoke Architecture 168 Using a VPC Peering Connection Across Multiple Regions (Interregion Peering) 169 Bastion Hosts 169 Architecting for Bastion Host Use 170 Options for Bastion Hosts 170 Summary 171 Resources to Review 172 Linux Bastion Hosts on the AWS Cloud: 172 Exam Essentials 172 Exercises 173 Review Questions 183 Chapter 9 AWS Systems Manager 187 AWS Systems Manager 188 Communication with AWS Systems Manager 189 AWS Managed Instances 190 AWS Resource Groups 191 Taking Action with AWS Systems Manager 191 Summary 196 Resources to Review 196 Exam Essentials 197 Exercises 197 Review Questions 205 Part V Storage and Data Management 209 Chapter 10 Amazon Simple Storage Service (S3) 211 Object Storage and Amazon S3 212 What''s in a URL? 214 Availability and Durability 215 S3 Storage Classes 216 Securing and Protecting Data in S3 217 Access Control 217 Versioning 220 Encryption 221 Amazon Glacier 222 Amazon Glacier Deep Archive 223 S3 Lifecycle Management 223 Storage Gateways 224 Summary 225 Resources to Review 225 Exam Essentials 226 Exercises 226 Review Questions 232 Chapter 11 Elastic Block Store (EBS) 237 Understanding Block Storage and EBS 238 Types of EBS Storage 239 EBS vs. Instance Stores 241 Encrypting Your EBS Volumes 242 EBS Snapshots 244 Summary 244 Resources to Review 244 Exam Essentials 245 Exercises 245 Review Questions 248 Chapter 12 Amazon Machine Image (AMI) 253 Amazon Machine Images (AMIs) 254 Accessibility of AMIs 255 AMI Storage 257 AMI Security 258 Launch Permissions 258 Encryption 258 Moving AMIs Between Regions 258 AWS Management Console 259 AWS CLI 259 Common AMI Issues 260 Summary 260 Resources to Review 260 Exam Essentials 261 Exercises 261 Review Questions 264 Part VI Security and Compliance 269 Chapter 13 IAM 271 Shared Responsibility Model: A Cloud Security Primer 272 Building Blocks of IAM 273 Users 273 Groups 274 Roles 274 Policies 275 Managing IAM 278 Managing Passwords 278 Managing Access Keys 279 Securing Your AWS Accounts 281 Protecting the Root Account 281 IAM Best Practices 281 Trusted Advisor 282 Other Identity Services 282 Cognito 282 Federation 283 AWS KMS 283 Summary 283 Resources to Review 284 Exam Essentials 284 Exercises 285 Review Questions 290 Chapter 14 Reporting and Logging 295 Reporting and Monitoring in AWS 296 AWS CloudTrail 296 Applying a Trail to All Regions 298 Management Events 298 Data Events 298 But You Said CloudTrail Was Free. 300 Amazon CloudWatch 300 Amazon CloudWatch Alarms 301 Amazon CloudWatch Logs 302 Amazon CloudWatch Events 303 Amazon CloudWatch Dashboard 303 AWS Config 304 Summary 305 Resources to Review 305 Exam Essentials 306 Exercises 306 Review Questions 311 Chapter 15 Additional Security Tools 315 Amazon Inspector 316 Amazon GuardDuty 318 Summary 320 Resources to Review 320 Exam Essentials 320 Exercises 321 Review Questions 326 Part VII Networking 331 Chapter 16 Virtual Private Cloud 333 Understanding AWS Networking 334 Classless Inter-Domain Routing Refresher 335 Virtual Private Cloud 336 Subnets 337 Route Tables 338 Internet Gateways 339 NAT Gateways and Instances 340 VPC Endpoints 342 Connecting to the Outside 344 Securing Your Network 345 Security Groups 345 Network Access Control Lists 346 Troubleshooting Network Issues 347 VPC Flow Logs 347.