Back to course
Week 01

summary

Audio Summary

summary - Audio Summary

🎧 Listen to the audio summary for this week's content

Video Lecture

summary - Video Lecture

📺 Watch the video lecture for detailed explanations

Week 1 Summary

Overview

This week introduces the fundamentals of systems operations on Amazon Web Services (AWS). The material covers how to automate infrastructure deployments, core AWS services for networking and compute, security management using AWS Identity and Access Management (IAM), and interacting with AWS programmatically using the AWS Command Line Interface (CLI).

Learning Objectives

  • Describe system operations in the cloud related to automated and repeatable deployments.
  • Explain Amazon Web Services (AWS) Regions and edge locations, and criteria for selecting them.
  • Describe core services related to system operations, including services for network, compute, and access.
  • Explain how AWS Identity and Access Management (IAM) provides security over AWS account resources.
  • Describe AWS Command Line Interface (AWS CLI) features.

Key Concepts

  • Systems Operations: Involves the responsibilities and tasks required to build (create), test, deploy, monitor, maintain, and safeguard complex computing systems.
  • Automation: Replaces manual system building with scripts (such as Linux shell), programs (like Python or Ruby), or templates (like AWS CloudFormation). Automation enables the repeatable, on-demand deployment of infrastructure and the creation of self-describing, well-tested secure systems.
  • Core AWS Services:
    • Amazon VPC (Virtual Private Cloud): The network environment used to configure logically isolated virtual networks where resources like EC2 instances are launched. It features configurable IP ranges, routing, gateways, and security settings.
    • Amazon EC2 (Elastic Compute Cloud): Provides scalable virtual computing environments using Amazon Machine Images (AMIs).
  • AWS Identity and Access Management (IAM): A service that allows you to centrally manage authentication and access to AWS resources. You can manage access through users, groups, roles, and policies.
  • Security Credentials: AWS provides different credential types, including Email/Password for the root account, IAM usernames and passwords for the AWS Management Console, and Access Keys for programmatic access via the CLI, APIs, and SDKs.
  • AWS Command Line Interface (CLI): A tool available for Linux, Windows, and Mac that allows users to expedite administrative tasks by running scripts and automate the creation of infrastructure. The CLI supports three output formats: JSON (the default), ASCII-formatted table, and Tab-delimited text.

Important Processes / Systems

  • IAM Policy Evaluation Logic: When evaluating access, IAM policies process the following logic: 1. Authenticate the principal, 2. Process the request context, 3. Evaluate policies based on type and category, and 4. Allow or deny the request. Importantly, an explicit DENY in a policy overrides any ALLOW.
  • Assuming IAM Roles: IAM users can assume a role to temporarily exchange their original permissions for the permissions assigned to that role. This process is frequently used to provide cross-account access without sharing permanent AWS security credentials.
  • AWS CLI Command Structure: Commands in the AWS CLI follow a specific multi-part format: aws <service> <operation> <parameters> <options>. For example, aws ec2 stop-instances --instance-id i-12345 --output json.
  • Refining AWS CLI Outputs:
    • --filter: A server-side operation used to restrict the result set returned to the client.
    • --query: A client-side operation that limits the specific fields displayed in the result set. Queries are formatted according to the JMESPath specification.
    • --dry-run: Used for testing purposes, this option checks if the required permissions for an action are present without actually making the request.

Key Takeaways

  • IAM Best Practices: You should avoid using root account credentials for daily administration. Instead, delegate administration functions following the principle of least-privilege, use IAM roles to provide cross-account access, and implement Multi-Factor Authentication (MFA) to provide an additional level of account security.
  • EC2 and Roles: IAM roles can be assigned directly to EC2 instances to grant the applications running on them access to other AWS services and resources.
  • Programmatic Access: Access keys are distinct from console passwords and are specifically used to provide programmatic access for the AWS CLI and software development kits (SDKs).
  • Client vs. Server Filtering: When using the CLI, remember that --filter limits what the server returns, while --query limits how much of that returned data is displayed to the user; these options can be used in combination.

Quick Revision

  • Systems Operations: Build, test, deploy, monitor, maintain, and safeguard computing systems.
  • Automation: Use scripts or templates (like CloudFormation) to make infrastructure creation repeatable.
  • Core Services: VPC (Network isolation), EC2 (Virtual compute environments).
  • IAM: Centralised control of authentication and resource access.
  • IAM Best Practices: Lock away root credentials, apply least-privilege, use roles for cross-account access, enable MFA.
  • Policy Logic: An explicit DENY always overrides an ALLOW.
  • CLI Output Formats: JSON (default), Text, Table.
  • CLI Options: --filter (server-side restriction), --query (client-side display limit), --dry-run (permission check only).

Other materials this week

key terms