AWS for System Administrators

Name: AWS for System Administrators | Build, automate, and operate scalable cloud infrastructure on AWS
Brand: Packt Publishing
Price: 29.99 EUR
Availability: OnlineOnly

Build, automate, and operate scalable cloud infrastructure on AWS

Marcel Neidinger Prashant Lakhera(Autor*in)

Packt Publishing

1. Auflage

Erschienen am 29. Mai 2025

426 Seiten

E-Book

ePUB mit Adobe-DRM

Systemvoraussetzungen

978-1-83546-955-2 (ISBN)

29,99 €inkl. 7% MwSt.

Systemvoraussetzungen

für ePUB mit Adobe-DRM

E-Book Einzellizenz

Als Download verfügbar

Beschreibung

Weitere Details

Inhalt

Cover
FM
Copyright
Dedication
Contributors
Table of Contents
Preface
Part 1: AWS Services and Tools
Chapter 1: Setting Up the AWS Environment
Technical requirements
Setting up the environment
Installing the AWS CLI
Understanding the structure of AWS CLI commands
Introducing the Boto3 SDK for Python
Installing Boto3
The difference between clients and resources
What is CloudFormation?
Writing your first CloudFormation template
Deploying the template
Exploring the AWS CDK
Installing the AWS CDK
Writing and deploying your first CDK project
What is a construct in the CDK?
Introducing Terraform
Installing Terraform
Creating resources in Terraform
Summary
Chapter 2: Protecting Your AWS Account Using IAM
Technical requirements
What is AWS IAM?
What are IAM users?
Types of AWS services and its global infrastructure
Creating a new IAM user using the AWS CLI
What are ARNs?
IAM groups
Understanding IAM policies
Structure of IAM policies
Introduction to AWS managed policies
IAM policy evaluation
Creating an IAM policy using the AWS CLI
Rewriting our policy as least privilege
Introduction to IAM roles
Creating an IAM role with Terraform
Short introduction to AWS STS
Rotating IAM credentials using Boto3
Summary
Part 2: Building Infrastructure
Chapter 3: Creating a Data Center in the Cloud Using a VPC
Technical requirements
A VPC and its components
Creating a VPC using the AWS console
Creating subnets in our VPC
Creating an IGW in our VPC
Creating a route table
Exploring network access control lists
Creating a second VPC using CloudFormation
Setting up the VPC and subnets
Creating an IGW, route table, and subnet association
Interconnecting VPCs via peering and Transit Gateway
Creating a peering between two VPCs
What is AWS Transit Gateway?
Programmatically verifying that VPC flow logs are enabled
Summary
Join the CloudPro Newsletter with 44000+ Subscribers
Chapter 4: Scalable Compute Capacity in the Cloud via EC2
Technical requirements
Setting up EC2 instances
A few EC2 concepts
Using the AWS Console to create an EC2 instance
Using CloudFormation to create an EC2 instance
Creating a cost alert using budgets
Automatically shutting down instances
Identifying unattached EBS Volumes with boto3
Summary
Part 3: Scalability and Elasticity of our Cloud Infrastructure
Chapter 5: Increasing Application Fault Tolerance and Efficiency with Elastic Load Balancing
Technical requirements
Understanding Elastic Load Balancing
What load balancer should I use?
Setting up our environment
Setting up the ALB
Handling HTTPS traffic with our ALB
Setting up a custom domain name for our ALB
Requesting a new TLS certificate for our ALB
Adding an HTTPS listener
Deploying an NLB in front of an ALB
Summary
Chapter 6: Increasing Application Performance Using AWS Auto Scaling
Technical requirements
When should we use auto scaling?
Creating a launch template
Creating a launch template in the AWS console
Creating an ASG in the AWS console
Exploring scaling policies
Creating ASGs in Terraform
Summary
Chapter 7: Scaling a Relational Database in the Cloud Using Amazon Relational Database Service (RDS)
Technical requirements
What is Amazon RDS?
Creating a PostgreSQL database in the AWS Management Console
Deleting a database in RDS
Deploying an RDS instance with Terraform
Summary
Join the CloudPro Newsletter with 44000+ Subscribers
Chapter 8: Managing Secrets and Encryption Keys with AWS Secrets Manager and KMS
Technical requirements
Storing secrets with AWS Secrets Manager
What is AWS Secrets Manager?
Creating secrets in the CDK
Creating secrets in Terraform
Accessing secrets from an AWS Lambda function using Boto3
Integrating Amazon RDS with AWS Secrets Manager to rotate database credentials
Handling encryption keys with AWS KMS
What is KMS?
Changing an S3 bucket to use a CMK
Summary
Part 4: Monitoring, Metrics, and the Backup Layer
Chapter 9: Centralized Logging and Monitoring with Amazon CloudWatch
Technical requirements
An introduction to CloudWatch for metrics
Why do we need log management?
An introduction to CloudWatch for logs
Creating a log group in CloudWatch
Monitoring custom metrics and sending log files using CloudWatch Agent
Introduction to SNS
Creating a CloudWatch metric alert that pushes a notification to SNS
Sending SNS notifications to Slack
Summary
Chapter 10: Centralizing Cloud Backup Solutions
Technical requirements
Backups in AWS
Creating backups with AWS Backup
Automating the creation of backups with Terraform and tags
S3 life cycle policies to transition data into S3 Glacier
S3 storage classes
Exploring bunker accounts for backups
Summary
Chapter 11: Disaster Recovery Options with AWS
Technical requirements
Defining our disaster recovery strategy
RPO and RTO - the key metrics for DR
RPO
RTO
An introduction to disaster recovery strategies
Backup and restore DR strategy
Pilot Light
Warm standby
Multi-site active/active
Summary
Join the CloudPro Newsletter with 44000+ Subscribers
Chapter 12: Testing the Resilience of Your Infrastructure and Architecture with AWS Fault Injection Service
Technical requirements
Introduction to chaos engineering and chaos experiments
AWS FIS for chaos experiments
Summary
Part 5: Deployments at Scale
Chapter 13: Deploying Infrastructure Using CI/CD Pipelines
Technical requirements
A short introduction to CI/CD
Automated deployment with Terraform and AWS CodeBuild
Connecting your GitHub account
Setting up a Terraform backend
Deploying your code
Summary
Chapter 14: Building Reusable Infrastructure-as-Code Components
Technical requirements
An introduction to reusable components
Building reusable components in Terraform
Building reusable components in CDK
Summary
Chapter 15: Ensuring Compliance Using AWS Config and SCPs
Technical requirements
An introduction to SCPs
Setting up an AWS organization
Using AWS Config to detect non-compliant resources
Summary
Join the CloudPro Newsletter with 44000+ Subscribers
Chapter 16: Operating in a Multi-Account Environment
Technical requirements
Designing AWS organizations
Creating an OU in Terraform
Including a previously created OU in Terraform
Attaching an SCP to an OU with Terraform
Adding the exceptions OU
Sharing resources within an organization using Resource Access Manager
Enabling organizational resource sharing in RAM
Sharing subnets in our VPC via Terraform
Enabling resource sharing inside organizations
Sharing resources with Terraform
Cross-account sharing for use cases with small amounts of AWS accounts
Summary
Chapter 17: End-to-End Deployment of an Application
Technical requirements
What we will build in this chapter
Implementing Single Sign-On (SSO) with AWS Identity Center
Setting up the pipeline
Summary
Stay Sharp in Cloud and DevOps - Join 44,000+ Subscribers of CloudPro
Index
Other Books You May Enjoy

Preface

Welcome to the fascinating world of systems operations - or SysOps - in AWS. AWS for System Administrators, Second Edition is your introduction to deploying, automating, and operating workloads in AWS. Over its 17 chapters, this book introduces you to the tools and techniques required to operate workloads in the cloud.

After finishing this book, you'll have explored the world of scalable compute, learned how to automate the deployment of relational databases, set up a multi-account organization, and much more.

Throughout the book, you'll see hands-on examples of automating the deployment of these infrastructure components through the use of Infrastructure-as-Code tools such as Terraform or CloudFormation. You'll get architectural guidance and explanations for the central concepts of operating workloads within AWS.

Who this book is for

This book is designed for technology professionals with some basic cloud experience who aim to understand how to automate and operate software systems and their underlying infrastructure on AWS.

Whether you are a systems administrator, DevOps engineer, or solutions architect looking into getting the most out of AWS, this book will enable you to better understand the challenges and the solutions involved when running applications on AWS.

A basic understanding of cloud concepts and services within AWS as well as some familiarity with IT tools such as Git and Terraform and a programming language such as Python is recommended. But if you don't have these prerequisites, the book offers explanations to bring you up to speed on these concepts.

Use this book to get started on your journey to becoming a systems operator on AWS!

What this book covers

Chapter 1, Setting Up the AWS Environment, introduces you to the basics of setting up an account on AWS as well as the Infrastructure-as-Code (IaC) tools we'll use throughout this book: Terraform, CloudFormation, and AWS Cloud Development Kit (CDK).

Chapter 2, Protecting Your AWS Account Using IAM, explains the concepts of the Identity and Access Management (IAM) service that is used throughout AWS for authentication and authorization.

Chapter 3, Creating a Data Center in the Cloud Using a VPC, covers the basic networking concepts of the virtual private cloud (VPC) - your data center in AWS.

Chapter 4, Scalable Compute Capacity in the Cloud via EC2, looks at concepts of Elastic Compute Cloud (EC2) - the AWS service to provision virtual machines within AWS.

Chapter 5, Increasing Application Fault-Tolerance and Efficiency with Elastic Load Balancing, explains how we can use Elastic Load Balancing (ELB) to route traffic between multiple instances to increase fault-tolerance and efficiency.

Chapter 6, Increasing Application Performance Using AWS Auto Scaling, covers how we can use Auto Scaling Groups in AWS to automatically scale our compute up or down.

Chapter 7, Scaling a Relational Database in the Cloud Using Amazon Relational Database Service (RDS), explains how to deploy an open source Postgres database using the Amazon Relational Database Service (RDS) and explores the concept of managed services.

Chapter 8, Managing Secrets and Encryption Keys with AWS Secrets Manager and KMS, teaches you how to handle secrets such as passwords or access tokens as well as the basic concepts of encryption in the cloud.

Chapter 9, Centralized Logging and Monitoring with Amazon CloudWatch, explains how you can use CloudWatch and SNS for centralized logging, metrics, and alerting on AWS.

Chapter 10, Centralizing Cloud Backup Solutions, explains AWS Backup and how you can use this service to implement backup plans.

Chapter 11, Disaster Recovery Options with AWS, explores the different options available to architect resilient applications on AWS. The chapter also explains the key concepts of Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

Chapter 12, Testing the Resilience of Your Infrastructure and Architecture with AWS Fault Injection Service, introduces you to chaos engineering and AWS Fault Injection Service (FIS) - a service that lets you inject failures into your AWS-deployed applications to test their ability to withstand such failures when they happen in production.

Chapter 13, Deploying Infrastructure Using CI/CD Pipelines, covers the topic of automated infrastructure rollout based on IaC code that is stored in the version control system git.

Chapter 14, Building Reusable Infrastructure-as-Code Components, covers patterns and best practices when building reusable components for your teams to scale IaC usage.

Chapter 15, Ensuring Compliance Using AWS Config and SCPs, introduces two different methods, a proactive and reactive way, to block or detect the creation of infrastructure that is non-compliant with your set of rules and requirements.

Chapter 16, Operating in a Multi-Account Environment, introduces AWS Organizations as a way to set up the multiple AWS accounts usually required when operating a real-world application in the cloud.

Chapter 17, End-to-End Deployment of an Application, uses the tools, techniques, and concepts learned throughout the book to cover the end-to-end deployment of an application. From account setup to deployment pipeline and fault testing, this chapter shows how all the concepts introduced throughout this book fit together.

To get the most out of this book

To make full use of this book, you should have a working knowledge of cloud computing concepts, AWS services, and a basic understanding of computer networking concepts such as subnets, IP addresses, and CIDR ranges.

Throughout this book, we'll use IaC tools such as CloudFormation, Terraform, and CDK to automate the creation of our infrastructure and its maintenance. A working knowledge of at least one of these tools as well as a working knowledge of the Python programming language is beneficial.

You'll also need an AWS account to which you can test the hands-on learning parts of this book. Be advised that the examples in this book will incur a charge for the provisioned infrastructure.

An internet connection is required to interact with AWS and to download and install the required tools (see the following table).

Software/hardware covered in the book

OS requirement

AWS CLI

Windows, Linux, or macOS

Git

Windows, Linux, or macOS

Visual Studio Code (or similar code editor)

Windows, Linux, or macOS

Docker / Docker Desktop

Windows, Linux, or macOS

Python

Windows, Linux, or macOS

Node.js

Windows, Linux, or macOS (optional)

Web browser

Windows, Linux, or macOS

Terraform

Windows, Linux, or macOS

The required software is listed in the Technical requirements section of the applicable chapter.

Download the example code files

You can...

Systemvoraussetzungen

Als PDF speichern Als Link merken