AWSCertCP: Tools & IDEs - AWS Cloud9, Plugins for IntelliJ, Microsoft Visual Studio, Visual Studio Code, Pycharm , Rider, Code Whisperer, Azure DevOps, WebStorm

AWS Cloud9 

----------

is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. It includes a code editor, debugger, and terminal. Cloud9 comes prepackaged with essential tools for popular programming languages, including JavaScript, Python, PHP, and more, so you don’t need to install files or configure your development machine to start new projects. Since your Cloud9 IDE is cloud-based, you can work on your projects from your office, home, or anywhere using an internet-connected machine. Cloud9 also provides a seamless experience for developing serverless applications enabling you to easily define resources, debug, and switch between local and remote execution of serverless applications. With Cloud9, you can quickly share your development environment with your team, enabling you to pair program and track each other's inputs in real time.

AWS Cloud9 gives you the flexibility to run your development environment on a managed Amazon EC2 instance or any existing Linux server that supports SSH. This means that you can write, run, and debug applications with just a browser, without needing to install or maintain a local IDE. The Cloud9 code editor and integrated debugger include helpful, time-saving features such as code hinting, code completion, and step-through debugging. The Cloud9 terminal provides a browser-based shell experience enabling you to install additional software, do a git push, or enter commands.

CODE TOGETHER IN REAL TIME

AWS Cloud9 makes collaborating on code easy. You can share your development environment with your team in just a few clicks and pair program together. While collaborating, your team members can see each other type in real time, and instantly chat with one another from within the IDE.

DIRECT TERMINAL ACCESS TO AWS

AWS Cloud9 comes with a terminal that includes sudo privileges to the managed Amazon EC2 instance that is hosting your development environment and a preauthenticated AWS Command Line Interface. This makes it easy for you to quickly run commands and directly access AWS services.

AWS Toolkit for IntelliJ IDEA

-----------------------------

The AWS Toolkit for IntelliJ IDEA is an open source plug-in that makes it easier to create, debug, and deploy Java and Python applications on Amazon Web Services. With the AWS Toolkit for IntelliJ IDEA, you can get started faster and be more productive when building applications AWS. The toolkit provides an integrated experience for developing serverless applications, including assistance for getting started, ML-powered code recommendations, step-through debugging, building, and deploying from the IDE.

Features are:

Select a quickstart serverless application template.

Accelerate application development: Build applications faster with automatic code recommendations based on your prior code and plain English comments with Amazon CodeWhisperer.

Deploy from the IDE: Deploy your serverless application in a few clicks.

Debug serverless apps locally: Set breakpoints and debug serverless applications locally.

Access CloudWatch from IDE: View and search for specific error codes or patterns from CloudWatch LogStream 

AWS Toolkit for PyCharm

------------------------

The AWS Toolkit for PyCharm is an open source plug-in for the PyCharm IDE that makes it easier to create, debug, and deploy Python applications on Amazon Web Services. With the AWS Toolkit for PyCharm, you can get started faster and be more productive when building applications with PyCharm on AWS. The toolkit provides an integrated experience for developing serverless applications, including assistance for getting started, ML-powered code recommendations, step-through debugging, and deploying from the IDE.

AWS Toolkit for Visual Studio

----------------------------

The AWS Toolkit for Visual Studio is an extension for Microsoft Visual Studio running on Microsoft Windows that makes it easier for developers to develop, debug, and deploy .NET applications using Amazon Web Services. With the AWS Toolkit for Visual Studio, you'll be able to get started faster and be more productive when building AWS applications.

The AWS Toolkit for Visual Studio is available via the Visual Studio Marketplace and supports Visual Studio 2022, 2019, and 2017. The AWS Toolkit for 2013 and 2015 is contained in the AWS SDK and Tools for .NET install package.

At this time, the AWS Toolkit for Visual Studio does not support Visual Studio for Mac.

AWS Toolkit for Visual Studio Code

----------------------------------

The AWS Toolkit for Visual Studio Code is an open source plug-in for the Visual Studio Code that makes it easier to create, debug, and deploy applications on Amazon Web Services. With the AWS Toolkit for Visual Studio Code, you will be able to get started faster and be more productive when building applications with Visual Studio Code on AWS. The toolkit provides an integrated experience for developing serverless applications, including assistance for getting started, ML-powered code recommendations, step-through debugging, and deploying from the IDE.

AWS Toolkit for Azure DevOps

---------------------------

The AWS Toolkit for Azure DevOps is an extension for hosted and on-premises Microsoft Azure DevOps that make it easy to manage and deploy applications using AWS. If you already use Azure DevOps, the AWS Toolkit for Azure DevOps makes it easy to deploy your code to AWS using either AWS Elastic Beanstalk or AWS CodeDeploy. No changes to your existing build/release pipeline or processes are required to integrate with AWS Services. You can even deploy serverless applications and .NET Core C# functions to AWS Lambda. The AWS Toolkit for Azure DevOps allow you to deploy AWS CloudFormation templates, so you have an easy way to manage, provision, and update a collection of AWS resources from within Azure DevOps. The AWS Toolkit for Azure DevOps provides integration with many AWS services, which make it easy to store build artifacts in Amazon S3, run commands from the AWS Tools for Windows PowerShell and AWS CLI, and manage notifications through Amazon SNS or Amazon SQS queues.

NOTE: Usually these IDEs integrate with BeanStack or Code Deploy to deploy the app 

AWS Toolkit for Rider

--------------------

The AWS Toolkit for Rider is an open source plug-in for the Rider IDE that makes it easier to create, debug, and deploy .NET applications on Amazon Web Services. With the AWS Toolkit for Rider, you can get started faster and be more productive when building applications with Rider on AWS. The toolkit provides an integrated experience for developing serverless applications, including assistance for getting started, step-through debugging, and deploying from the IDE.

AWS Toolkit for WebStorm

------------------------

The AWS Toolkit for WebStorm is an open source plug-in for the WebStorm IDE that makes it easier to create, debug, and deploy Javascript applications on Amazon Web Services. With the AWS Toolkit for WebStorm, you can get started faster and be more productive when building applications with WebStorm on AWS. The toolkit provides an integrated experience for developing serverless applications, including assistance for getting started, ML-powered code recommendations, step-through debugging, and deploying from the IDE.

Amazon CodeWhisperer

--------------------

Amazon CodeWhisperer generates code suggestions ranging from snippets to full functions in real time in the IDE based on your comments and existing code. It also supports CLI completions and natural-language-to-bash translation in the command line.

Supercharge development with expert assistant Amazon Q

Amazon Q is an interactive, generative AI powered assistant available in the IDE via CodeWhisperer that gives you expert guidance through a simple conversational interface. Use Amazon Q in the IDE to:

Explain your code: Start a conversation with Amazon Q to understand your project code, all through natural dialogue.

Transform your code: Upgrade and migrate your application to the latest language version in minutes.

Get personalized code suggestions: Ask and Amazon Q can provide suggestions for adding unit tests, debugging, optimizing code, and more.

ode with confidence

CodeWhisperer can flag or filter code suggestions that resemble publicly available code. Get the associated open-source project’s repository URL and license so that you can more easily review them and add attribution.

Enhance code security

Scan your code to identify hard-to-find security vulnerabilities and get code suggestions to help remediate the identified issues. Generative AI-powered code suggestions are tailored to your application code, so you can quickly accept fixes with confidence and focus on higher-value work.

Use your favorite tools

CodeWhisperer fits the way that you work. Select from 15 programming languages, including Python, Java, and JavaScript, and your favorite integrated development environments (IDEs), including VS Code, IntelliJ IDEA, Visual Studio (preview), AWS Cloud9, the AWS Lambda console, JupyterLab, and Amazon SageMaker Studio, and your favorite CLIs including macOS Terminal, iTerm2, and the built-in VS Code terminal.

Customize CodeWhisperer for even better suggestions

You can customize CodeWhisperer to generate more relevant recommendations by making it aware of your internal libraries, APIs, packages, classes, and methods, significantly accelerating development.

references:

https://aws.amazon.com/codewhisperer/

AWSCertCP: AWS Encryption SDK

AWS Encryption SDK

-------------------

AWS encryption SDK is available for Python, 

The AWS Encryption SDK for Python provides a fully compliant, native Python implementation of the AWS Encryption SDK.

There are four main concepts that you need to understand to use this library:

Cryptographic Materials Managers

Cryptographic materials managers (CMMs) are resources that collect cryptographic materials and prepare them for use by the Encryption SDK core logic.

An example of a CMM is the default CMM, which is automatically generated anywhere a caller provides a master key provider. The default CMM collects encrypted data keys from all master keys referenced by the master key provider.

An example of a more advanced CMM is the caching CMM, which caches cryptographic materials provided by another CMM.

Master Key Providers

Master key providers are resources that provide master keys. An example of a master key provider is AWS KMS.

To encrypt data in this client, a MasterKeyProvider object must contain at least one MasterKey object.

MasterKeyProvider objects can also contain other MasterKeyProvider objects.

Master Keys

Master keys generate, encrypt, and decrypt data keys. An example of a master key is a KMS customer master key (CMK).

Data Keys

Data keys are the encryption keys that are used to encrypt your data. If your algorithm suite uses a key derivation function, the data key is used to generate the key that directly encrypts the data.

The Encryption SDK is available in below programming languages

AWS encryption SDK for C, Python Java, Javascript, .NET. 

AWS Database Encryption SDK 

--------------------------

The AWS Database Encryption SDK is a set of software libraries that enable you to include client-side encryption in your database design. The AWS Database Encryption SDK provides record-level encryption solutions. You specify which fields are encrypted and which fields are included in the signatures that ensure the authenticity of your data. Encrypting your sensitive data in transit and at rest helps ensure that your plaintext data isn’t available to any third party, including AWS. The AWS Database Encryption SDK is provided free of charge under the Apache 2.0 license.

The AWS Database Encryption SDK supports Amazon DynamoDB with attribute-level encryption. Version 3.x of the Java client-side encryption library for DynamoDB is a major rewrite of the DynamoDB Encryption Client for Java. It includes many updates, such as a new structured data format, improved multitenancy support, searchable encryption, and support for seamless schema changes.

Amazon S3 Encryption Client

---------------------------

The Amazon S3 Encryption Client is a client-side encryption library that enables you to encrypt an object locally to ensure its security before passing it to Amazon Simple Storage Service (Amazon S3). Amazon S3 receives your object already encrypted; it does not play a role in encrypting or decrypting it. After you instantiate the Amazon S3 Encryption Client, your objects are automatically encrypted and decrypted as part of your Amazon S3 PutObject and GetObject requests. The Amazon S3 Encryption Client is provided free of charge under the Apache 2.0 license.

The Amazon S3 Encryption Client provides:

A default implementation that adheres to cryptography best practices

By default, the Amazon S3 Encryption Client generates a unique data key for each object that it encrypts. This follows the cryptography best practice of using unique data keys for each encryption operation.

The Amazon S3 Encryption Client encrypts your objects using a secure, authenticated, symmetric key algorithm.

A framework for protecting data keys with wrapping keys

The Amazon S3 Encryption Client protects the data keys that encrypt your objects by encrypting them under a wrapping key. With the Amazon S3 Encryption Client, you define a wrapping key by passing the key to the Amazon S3 Encryption Client, which it uses to optimize its settings.

references:

https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/what-is-database-encryption-sdk.html

AWSCertCP: AWS Cloud SDK, AWS Cloud9, AWS CloudFormation, AWS FIS (Fault Injection Service)

 AWS Cloud Development Kit

AWS Cloud Development Kit (AWS CDK) accelerates cloud development using common programming languages to model your applications.

Use cases:

Improve infrastructure and business logic: Develop applications more efficiently using AWS CDK as the main framework to define cloud infrastructure as code.

Provision your most common infrastructure patterns faster: Migrate complex backend infrastructure more efficiently, while integrating with continuous integration and delivery (CI/CD) pipelines.

Automate AWS service provisioning with Construct Hub: Discover and use AWS CDK constructs created by the developer community to programmatically create new microservices.

Write applications using tools built for the cloud: Accelerate transitions from brand-new to fully deployed infrastructure using TypeScript, Python, Java, .NET, and Go (in Developer Preview).

The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework for defining cloud infrastructure as code (IaC). It allows developers to define cloud resources using familiar programming languages, such as TypeScript, JavaScript, Python, Java, and C#. The primary purpose of AWS CDK is to simplify and streamline the process of provisioning and managing AWS resources.

Key purposes and benefits of the AWS CDK include:

Programmatic Infrastructure as Code (IaC):

AWS CDK enables developers to define cloud infrastructure using the same programming languages they use for application development. This allows for a more programmatic and expressive approach to IaC.

Abstraction and Reusability:

CDK provides a high-level abstraction over AWS CloudFormation, allowing developers to use constructs (pre-built components) to define common patterns and services. This abstraction promotes reusability of code and infrastructure patterns across projects.

Familiar Programming Languages:

Developers can use languages like TypeScript, JavaScript, Python, Java, and C# to define infrastructure. This makes it easier for developers to leverage their existing skills and knowledge, reducing the learning curve associated with IaC.

Improved Developer Productivity:

With AWS CDK, developers can express infrastructure using modern programming paradigms, such as object-oriented programming and functional programming. This can lead to increased developer productivity and the ability to leverage IDE features for code completion, debugging, and refactoring.

Declarative and Imperative Styles:

AWS CDK supports both declarative and imperative styles for defining infrastructure. Developers can choose to define infrastructure using a high-level, declarative approach with constructs, or they can use a lower-level, imperative approach for more fine-grained control.

Seamless Integration with AWS Services:

AWS CDK integrates seamlessly with AWS services, allowing developers to define resources and configurations for a wide range of AWS services. This includes compute resources, databases, networking, security configurations, and more.

Consistency and Avoidance of Configuration Drift:

Since AWS CDK generates AWS CloudFormation templates under the hood, it helps maintain consistency in infrastructure definitions. Developers can apply version control and track changes, reducing the risk of configuration drift.

Ecosystem and Community:

AWS CDK has a growing ecosystem of libraries and constructs contributed by the community. Developers can leverage these reusable components to accelerate development and follow best practices.

AWS Cloud9 

----------

A cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser.

Comes prepackaged with essential tools for popular programming languages, including JavaScript, Python, and PHP.

Quickly share your development environment with your team, enabling you to pair program and track each other's inputs in real time.

Integrated Tools for Serverless Development

AWS Cloud9 allows you to edit and debug AWS Lambda functions locally, which eliminates the need to upload your code to the Lambda console for debugging. The development environment is pre-packaged with SDKs, tools, and libraries needed for serverless application development. 

Broad Selection of Run Configurations

AWS Cloud9 supports over 40 programming languages and application types including JavaScript, Python, PHP, Ruby, Go, and C++. You can choose default run configurations or define custom configurations by specifying environment variables.

Direct Terminal Access to AWS

Terminal access includes sudo privileges to the managed Amazon EC2 instance that is hosting your development environment. This makes it easy for you to quickly run commands and directly access AWS services.

AWS Cloud Formation

-------------------

AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code.

AWS Toolkit for Azure DevOps

----------------------------

The AWS Toolkit for Azure DevOps is an extension for hosted and on-premises Microsoft Azure DevOps that make it easy to manage and deploy applications using AWS. If you already use Azure DevOps, the AWS Toolkit for Azure DevOps makes it easy to deploy your code to AWS using either AWS Elastic Beanstalk or AWS CodeDeploy

The AWS Toolkit for Azure DevOps allow you to deploy AWS CloudFormation templates, so you have an easy way to manage, provision, and update a collection of AWS resources from within Azure DevOps. The AWS Toolkit for Azure DevOps provides integration with many AWS services, which make it easy to store build artifacts in Amazon S3, run commands from the AWS Tools for Windows PowerShell and AWS CLI, and manage notifications through Amazon SNS or Amazon SQS queues.

Key Features are: 

Use Your Existing Azure DevOps Build/Release Process

Deploy .NET Applications Directly to AWS

Deploy Serverless .NET Applications to AWS Lambda

Manage Infrastructure as Code

AWS Fault Injection Service

---------------------------

Part of AWS Resilience Hub, AWS Fault Injection Service (FIS) is a fully managed service for running fault injection experiments to improve an application’s performance, observability, and resilience. FIS simplifies the process of setting up and running controlled fault injection experiments across a range of AWS services, so teams can build confidence in their application behavior.

FIS provides the controls and guardrails that teams need to run experiments in production, such as automatically rolling back or stopping the experiment if specific conditions are met.

Use cases are:

Run a game-day simulation

Simulate previous failures, known process or team weaknesses, or seasonal spikes in demand, and monitor the performance of your system.

Integrate with your delivery pipeline:

Repeatedly test the impact of fault actions, such as injecting task-level container failures, as part of your software delivery process.

Run CPU stress on an instance

Test how your applications handle CPU stress and whether CPU utilization exceeds your specified threshold.

references:

https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf

AWSCertCP: AWS DevOps and Automation Tools

Amazon CodeGuru Security 

------------------------

Amazon CodeGuru Security is a static application security testing (SAST) tool that combines machine learning (ML) and automated reasoning to identify vulnerabilities in your code, provide recommendations on how to fix the identified vulnerabilities, and track the status of the vulnerabilities until closure

Amazon CodeGuru Profiler helps developers find an application’s most expensive lines of code by helping them understand the runtime behavior of their applications, identify and remove code inefficiencies, improve performance, and significantly decrease compute costs. 

Benefits are:

Detect vulnerabilities at any stage of the development workflow

The CodeGuru Security API-based design provides integrate capabilities to use at any stage of the development workflow. Whether your organization adheres to the “shift left“ or “shift right” ideology, CodeGuru Security plugs into your continuous integration and delivery (CI/CD) tooling to help you identify vulnerabilities in your application code.

Start immediately without VM provisioning

There is no need to provision virtual machines (VMs) to run CodeGuru Security. Just integrate CodeGuru Security with your tooling, and it will scale up and down with your workload.

AWS CodeArtifact

-----------------

Secure, scalable, and cost-effective package management for software development

CodeArtifact allows you to store artifacts using popular package managers and build tools like Maven, Gradle, npm, Yarn, Twine, pip, NuGet, and SwiftPM. CodeArtifact can automatically fetch software packages on demand from public package repositories so you can access the latest versions of application dependencies.

AWS CodeCommit

---------------

AWS CodeCommit is a secure, highly scalable, fully managed source control service that hosts private Git repositories.

AWS CodePipeline:

-----------------

AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates.

Define your pipeline structure: Update existing pipelines and provide templates for creating new pipelines with a declarative JSON document.

Receive notifications for events: Monitor events that impact your pipelines with Amazon Simple Notification Service (SNS), which provides a status message and link to the source of the event.

Control and grant access: Manage who can change and control your release workflow with AWS Identity and Access Management (IAM).

Integrate your own custom systems: Register a custom action and hook servers into your pipeline by integrating the CodePipeline open source agent with your servers.

AWS CodeBuild 

---------------

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces ready-to-deploy software packages.

Automate continuous integration and delivery (CI/CD) pipelines

Remove the complexity of managing build servers

Build source code hosted on GitHub

AWS CodeDeploy 

--------------

AWS CodeDeploy is a fully managed deployment service that automates software deployments to various compute services, such as Amazon Elastic Compute Cloud (EC2), Amazon Elastic Container Service (ECS), AWS Lambda, and your on-premises servers. Use CodeDeploy to automate software deployments, eliminating the need for error-prone manual operations.

AWS CodeStar

-------------

This service is being discontinued and now will be replaced with AWS code catalyst 

AWS CodeCatalyst 

----------------

Streamline the development and delivery of scalable apps on AWS with an integrated experience. Amazon CodeCatalyst is a unified software development service that makes it easy for development teams to quickly build and deliver scalable applications on AWS, while adhering to organizational best practices.

Use Amazon Q feature development in CodeCatalyst to go from an idea in an issue to fully-tested, merge-ready application code with just natural language inputs, in just a few clicks.

CodeCatalyst project blueprints automatically set up everything you need to start a new software development project, including CI/CD, deployable code, issue tracking, and AWS services configured according to best practices. With custom blueprints, IT leaders can build their own templates to specify technology to be used by developer teams, control access to project resources and define testing and building methods.

CodeCatalyst Dev Environments are available on-demand in the cloud and are automatically created with branch code and consistent project settings, providing faster setup, development, and testing.

Start creating and assigning issues. Use priorities, estimates, labels, and custom fields to help your team prioritize what’s next. Exchange feedback on issues and pull requests with your team. Access protected resources with SSO without repeated logins and set project access permissions for several team members at a time.

Simplify the creation and customization of automated workflows by configuring pre-defined actions using the visual editor or directly editing the underlying YAML configuration. Along with a collection of CodeCatalyst actions, you can also use any GitHub Action in your workflows.

CodeCatalyst has built-in support for code coverage, software composition analysis, and unit tests. You can view your test results at a glance with automated visual test reporting.

CodeCatalyst makes it easy to deploy your application to AWS services such as AWS Lambda or Amazon ECS. You can deploy application stacks across accounts or AWS Regions by simply listing them as targets in your pipeline.

CodeCatalyst’s notifications and personalized activity feed help you stay updated on relevant project activity such as successful deployments or accepted pull requests.

AWS App Mesh

-------------

AWS App Mesh provides application-level networking so your services can communicate across multiple types of compute infrastructure.

references:

https://aws.amazon.com/developer/tools/

https://codecatalyst.aws/explore

AWSCertCP: AWS Collaboration SDKs

Build real-time communication & collaboration experiences in your applications.

Amazon Chime SDK for JavaScript: 

------------------------------

The Amazon Chime SDK is a set of real-time communications components that developers can use to quickly add messaging, audio, video, and screen sharing capabilities to their web or mobile applications.

Developers can build on AWS's global communications infrastructure to deliver engaging experiences in their applications. For example, they can add video to a health application so patients can consult remotely with doctors on health issues, or create customized audio prompts for integration with the public telephone network.

The Amazon Chime SDK for JavaScript works by connecting to meeting session resources that you create in your AWS account. The SDK has everything you need to build custom calling and collaboration experiences in your web application, including methods to configure meeting sessions, list and select audio and video devices, start and stop screen share and screen share viewing, receive callbacks when media events such as volume changes occur, and control meeting features such as audio mute and video tile bindings.

Amazon Chime SDK for iOS

-----------------------

The Amazon Chime SDK for iOS makes it easy to add collaborative audio calling, video calling, and screen share viewing features to iOS applications by using the same infrastructure services that power meetings on the Amazon Chime service.

This Amazon Chime SDK for iOS works by connecting to meeting session resources that you have created in your AWS account. The SDK has everything you need to build custom calling and collaboration experiences in your iOS application, including methods to: configure meeting sessions, list and select audio devices, switch video devices, start and stop screen share viewing, receive callbacks when media events occur such as volume changes, and manage meeting features such as audio mute and video tile bindings.

Amazon Chime SDK for Android 

----------------------------

The Amazon Chime SDK for Android makes it easy to add collaborative audio calling, video calling, and screen share viewing features to Android applications by using the same infrastructure services that power meetings on the Amazon Chime service.

This Amazon Chime SDK for Android works by connecting to meeting session resources that you have created in your AWS account. The SDK has everything you need to build custom calling and collaboration experiences in your Android application, including methods to: configure meeting sessions, list and select audio devices, switch video devices, start and stop screen share viewing, receive callbacks when media events occur such as volume changes, and manage meeting features such as audio mute and video tile bindings.

references:

https://github.com/aws/amazon-chime-sdk-android/?pg=developertools

AWSCertCP: Amazon Tool Type : Command Line Tools

  

AWS Command Line Interface: 

-------------------------------------

The AWS Command Line Interface (AWS CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

Usage is something like this

 aws ec2 describe-instances

 aws ec2 start-instances --instance-ids i-1348636c

 aws sns publish --topic-arn arn:aws:sns:us-east-1:546419318123:OperationsError --message "Script Failure"

 aws sqs receive-message --queue-url https://queue.amazonaws.com/546419318123/Test

 aws help

 aws autoscaling help

 aws autoscaling create-auto-scaling-group help

 aws s3 ls s3://mybucket

AWS Tools for PowerShell

------------------------

The AWS Tools for PowerShell let developers and administrators manage their AWS services and resources in the PowerShell scripting environment. Now you can manage your AWS resources with the same PowerShell tools you use to manage your Windows, Linux, and MacOS environments.

The AWS Tools for PowerShell lets you perform many of the same actions available in the AWS SDK for .NET. You can use it from the command line for quick tasks, like controlling your Amazon EC2 instances.

PS C:\> Start-EC2Instance -InstanceIds i-10a64379

The PowerShell scripting language lets you compose scripts to automate your AWS service management. The following example loops through a log directory on an EC2 instance, finds files older than one week, and then archives any non-empty ones to Amazon S3 before deleting the old log file from disk.

Lastly, with direct access to AWS services from PowerShell, your management scripts can now take advantage of everything the AWS cloud has to offer.

EC2 AMI tools

-------------

You can use the AMI tools to create and manage instance store-backed Linux AMIs. To use the tools, you must install them on your Linux instance. The AMI tools are available as both an RPM and as a .zip file for Linux distributions that don't support RPM.

ec2-ami-tools-version

Elastic Beanstalk environments with the EB CLI

----------------------------------------------

After installing the EB CLI and configuring your project directory, you are ready to create an Elastic Beanstalk environment using the EB CLI, deploy source and configuration updates, and pull logs and events.

Eb create

Eb status

Eb health

Eb events

Eb logs

Eb open

Eb deploy

Eb config

Eb terminate

ECS command line interface

---------------------------

The Amazon Elastic Container Service (Amazon ECS) command line interface (CLI) provides high-level commands to simplify creating, updating, and monitoring clusters and tasks from a local development environment. The Amazon ECS CLI supports Docker Compose files, a popular open-source specification for defining and running multi-container applications. Use the ECS CLI as part of your everyday development and testing cycle as an alternative to the AWS Management Console.

The latest version of the Amazon ECS CLI only supports the major versions of Docker Compose file syntax versions 1, 2, and 3. The version specified in the compose file must be the string "1", "1.0", "2", "2.0", "3", or "3.0". Docker Compose minor versions are not supported.

ecs-cli --version

ecs-cli configure profile --profile-name profile_name --access-key $AWS_ACCESS_KEY_ID --secret-key $AWS_SECRET_ACCESS_KEY

ecs-cli configure --cluster cluster_name --default-launch-type launch_type --region region_name --config-name configuration_name

AWS Amplify CLI

----------------

Amplify Studio allows you to use all the Amplify CLI's features without the need to configure it with AWS Identity and Access Management (IAM). Changes made in Amplify Studio can be made available in the CLI by running the amplify pull command. Similarly, CLI changes to the data model or auth will be visible in Amplify Studio. For all other categories, Studio provides links to the relevant service consoles in AWS.

npm install -g @aws-amplify/cli

amplify add storage

amplify push

AWS SAM CLI

------------

The AWS Serverless Application Model (SAM) CLI is an open-source CLI tool that helps you develop serverless applications containing Lambda functions, Step Functions, API Gateway, EventBridge, SQS, SNS and more. Some of the features it provides are:

Initialize serverless applications in minutes with AWS-provided infrastructure templates with sam init

Compile, build, and package Lambda functions with provided runtimes and with custom Makefile workflows, for zip and image types of Lambda functions with sam build

Locally test a Lambda function and API Gateway easily in a Docker container with sam local commands on SAM and CDK applications

Sync and test your changes in the cloud with sam sync in your developer environments

Deploy your SAM and CloudFormation templates using sam deploy

Quickly create pipelines with prebuilt templates with popular CI/CD systems using sam pipeline init

Tail CloudWatch logs and X-Ray traces with sam logs and sam traces

AWS Copilot command line interface

----------------------------------

The AWS Copilot command line interface (CLI) commands simplify building, releasing, and operating production-ready containerized applications on Amazon ECS from a local development environment. The AWS Copilot CLI aligns with developer workflows that support modern application best practices: from using infrastructure as code to creating a CI/CD pipeline provisioned on behalf of a user. Use the AWS Copilot CLI as part of your everyday development and testing cycle as an alternative to the AWS Management Console.

AWS Copilot currently supports Linux, macOS, and Windows systems.

References:

https://aws.amazon.com/developer/tools/

AWSCertCP: Differences between AWS LocalZone, AWS Wavelength

 AWS Wavelength Zones and AWS Local Zones are both infrastructure offerings from Amazon Web Services (AWS) designed to bring AWS services closer to end-users in specific geographic locations. However, they have different purposes and use cases:

AWS Wavelength Zones:

Purpose:

AWS Wavelength is designed to enable ultra-low latency applications for mobile and connected devices by deploying compute and storage resources at the edge of telecommunications networks.

Deployment:

Wavelength Zones are integrated into telecommunication providers' data centers, bringing AWS services closer to the edge of the 5G networks.

Use Cases:

Ideal for applications that require extremely low latency, such as augmented reality (AR), virtual reality (VR), gaming, and other real-time applications.

Latency Reduction:

Wavelength Zones aim to reduce the round-trip latency between the mobile or connected device and the application running in the AWS infrastructure.

Networking:

Optimized for applications that take advantage of 5G networks and the increased bandwidth and low latency they provide.

AWS Local Zones:

Purpose:

AWS Local Zones are designed to bring AWS services closer to large population centers, providing lower latency for a broad range of applications.

Deployment:

Local Zones are standalone data centers, separate from the primary AWS regions, located in or near major metropolitan areas.

Use Cases:

Suitable for applications that require lower latency but may not need the extreme low latency provided by Wavelength Zones. Use cases include content distribution, gaming, and various enterprise applications.

Availability:

AWS Local Zones provide a subset of AWS services available in the main AWS regions, offering a balance between lower latency and a wide range of available services.

Networking:

Networking in AWS Local Zones is designed to provide lower-latency access to AWS services compared to connecting to the primary AWS region.

Summary:

Latency Focus:

AWS Wavelength Zones focus on ultra-low latency for specific use cases, especially those leveraging 5G networks.

AWS Local Zones aim to reduce latency for a broader set of applications, providing lower latency access to a variety of AWS services.

Networking Infrastructure:

Wavelength Zones are tightly integrated with telecommunications networks to optimize for 5G connectivity.

Local Zones are standalone data centers designed to provide lower-latency access to AWS services for a range of applications.

Use Case Considerations:

Choose AWS Wavelength for applications with stringent latency requirements, especially those leveraging 5G capabilities.

Choose AWS Local Zones for applications that benefit from lower latency but do not require the extreme low latency provided by Wavelength, offering a broader range of available AWS services.

In summary, the choice between AWS Wavelength Zones and AWS Local Zones depends on the specific latency requirements of your applications and whether they are optimized for 5G networks.

references:

OpenAI

AWSCertCP: What are regions, Availability Zone and Edge locations in AWS , LocalZone, AWS Wavelength, AWS Outposts

There are 7 regions in AWS 

North America

South America 

Europe 

Africa

Middle East

Asia Pacific

Australia and NewZeland

Regions

AWS has the concept of a Region, which is a physical location around the world where we cluster data centers. We call each group of logical data centers an Availability Zone. Each AWS Region consists of a minimum of three, isolated, and physically separate AZs within a geographic area. Unlike other cloud providers, who often define a region as a single data center, the multiple AZ design of every AWS Region offers advantages for customers. Each AZ has independent power, cooling, and physical security and is connected via redundant, ultra-low-latency networks. AWS customers focused on high availability can design their applications to run in multiple AZs to achieve even greater fault-tolerance. AWS infrastructure Regions meet the highest levels of security, compliance, and data protection.

AWS provides a more extensive global footprint than any other cloud provider, and to support its global footprint and ensure customers are served across the world, AWS opens new Regions rapidly. AWS maintains multiple geographic Regions, including Regions in North America, South America, Europe, China, Asia Pacific, South Africa, and the Middle East.

Availability Zones

An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. AZs give customers the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center. All AZs in an AWS Region are interconnected with high-bandwidth, low-latency networking, over fully redundant, dedicated metro fiber providing high-throughput, low-latency networking between AZs. All traffic between AZs is encrypted. The network performance is sufficient to accomplish synchronous replication between AZs. AZs make partitioning applications for high availability easy. If an application is partitioned across AZs, companies are better isolated and protected from issues such as power outages, lightning strikes, tornadoes, earthquakes, and more. AZs are physically separated by a meaningful distance, many kilometers, from any other AZ, although all are within 100 km (60 miles) of each other.

Services

AWS offers a broad set of global cloud-based products including compute, storage, database, analytics, networking, machine learning and AI, mobile, developer tools, IoT, security, enterprise applications, and much more. 

The following core services are included in all Region launches: Amazon API Gateway, AWS Application Auto Scaling, Amazon Aurora, AWS Certificate Manager (ACM), AWS CloudFormation, AWS CloudTrail, Amazon CloudWatch, AWS CodeDeploy, AWS Config, AWS Database Migration Service (AWS DMS), AWS Direct Connect, Amazon DynamoDB, Amazon EC2 Auto Scaling, Amazon Elastic Block Store (Amazon EBS), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Container Registry (Amazon ECR), Amazon Elastic Container Service (Amazon ECS), Elastic Load Balancing (ELB), Amazon EMR, Amazon ElastiCache, Amazon EventBridge, AWS Identity and Access Management (IAM), AWS Key Management Service (AWS KMS), Amazon Kinesis, Data Streams, AWS Lambda, AWS Management Console, AWS Marketplace, Amazon OpenSearch Service, AWS Health Dashboard, Amazon Redshift, Amazon Relational Database Service (Amazon RDS), Amazon Route 53, AWS Security Token Service (AWS STS), Amazon Simple Notification Service (Amazon SNS), Amazon Simple Queue Service (Amazon SQS), Amazon Simple Storage Service (Amazon S3), Amazon Simple Workflow Service (Amazon SWF), AWS Step Functions, AWS Support, AWS Systems Manager, AWS Trusted Advisor, Amazon Virtual Private Cloud (Amazon VPC), and AWS VPN.

AWS Local Zones

AWS Local Zones place compute, storage, database, and other select AWS services closer to end-users. With AWS Local Zones, you can easily run highly-demanding applications that require single-digit millisecond latencies to your end-users such as media & entertainment content creation, real-time gaming, reservoir simulations, electronic design automation, and machine learning.

Each AWS Local Zone location is an extension of an AWS Region where you can run your latency sensitive applications using AWS services such as Amazon Elastic Compute Cloud, Amazon Virtual Private Cloud, Amazon Elastic Block Store, Amazon File Storage, and Amazon Elastic Load Balancing in geographic proximity to end-users. AWS Local Zones provide a high-bandwidth, secure connection between local workloads and those running in the AWS Region, allowing you to seamlessly connect to the full range of in-region services through the same APIs and tool sets.

AWS Wavelength enables developers to build applications that deliver single-digit millisecond latencies to mobile devices and end-users. AWS developers can deploy their applications to Wavelength Zones, AWS infrastructure deployments that embed AWS compute and storage services within the telecommunications providers’ datacenters at the edge of the 5G networks, and seamlessly access the breadth of AWS services in the region. This enables developers to deliver applications that require single-digit millisecond latencies such as game and live video streaming, machine learning inference at the edge, and augmented and virtual reality (AR/VR). AWS Wavelength brings AWS services to the edge of the 5G network, minimizing the latency to connect to an application from a mobile device. Application traffic can reach application servers running in Wavelength Zones without leaving the mobile provider’s network. This reduces the extra network hops to the Internet that can result in latencies of more than 100 milliseconds, preventing customers from taking full advantage of the bandwidth and latency advancements of 5G.

AWS Outposts bring native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility. You can use the same AWS APIs, tools, and infrastructure across on-premises and the AWS cloud to deliver a truly consistent hybrid experience. AWS Outposts is designed for connected environments and can be used to support workloads that need to remain on-premises due to low latency or local data processing needs.

References:

https://aws.amazon.com/about-aws/global-infrastructure/regions_az/

White Labeling iOS App

references:

https://medium.com/@michaelmavris/how-to-create-a-white-label-ios-app-part-1-a8712f4756e1

 

AWSCertCP: Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon OpenSearch

Amazon Managed Streaming for Apache Kafka (Amazon MSK)

Amazon MSK makes it easy to ingest and process streaming data in real time with fully managed Apache Kafka.

Usecases:

Ingest and process log and event streams: Capture events with MSK, and then express your stream processing logic within Apache Zeppelin notebooks to derive insights from data streams in milliseconds.

Run centralized state or data buses: Use Amazon MSK and the Apache Kafka log structure to form real-time, centralized, and privately accessible data buses.

Power your event-driven systems: Ingest and respond to digital changes occurring throughout your applications and business infrastructure in real time.

Eliminate operational overhead, including the provisioning, configuration, and maintenance of highly available Apache Kafka and Kafka Connect clusters.

Use applications and tools built for Apache Kafka out of the box (no code changes required), and scale cluster capacity automatically.

Easily deploy secure, compliant, and production-ready applications using native AWS integrations.

Keep costs low with Amazon MSK. With pay-as-you-go pricing, it is offered as low as 1/13 the cost of other providers using features such as Tiered Storage and Graviton instances.

Amazon OpenSearch

Amazon OpenSearch Service makes it easy for you to perform interactive log analytics, real-time application monitoring, website search, and more. OpenSearch is an open source, distributed search and analytics suite derived from Elasticsearch. Amazon OpenSearch Service offers the latest versions of OpenSearch, support for 19 versions of Elasticsearch (1.5 to 7.10 versions), as well as visualization capabilities powered by OpenSearch Dashboards and Kibana (1.5 to 7.10 versions). Amazon OpenSearch Service currently has tens of thousands of active customers with hundreds of thousands of clusters under management processing hundreds of trillions of requests per month.

Use Cases are: 

Monitor and debug applications and infrastructure: Easily store and analyze data for comprehensive visibility into your system performance with observability logs, metrics, and traces. Set up automated alerts when your system underperforms and find root cause for availability issues.

Manage security and event information (SIEM): Centralize and analyze logs from disparate applications and systems across AWS, on premises, and other clouds for real-time threat detection and incident management.

Enable seamless, personalized search: Help users quickly find relevant data with a fast, personalized search experience within your applications, websites, and data lake catalogs.

Observability: Efficiently find and fix problems, improve application health, and deliver better customer experiences.

What is difference between Amazon Kinesis and Amazon Streaming Service for Apache Kafka

Amazon Kinesis and Amazon Managed Streaming for Apache Kafka (Amazon MSK) are both services designed to handle real-time data streaming, but they differ in their underlying technologies and use cases. Here are the key differences between Amazon Kinesis and Amazon MSK:

Amazon Kinesis:

Purpose:

Amazon Kinesis is a suite of services for real-time data streaming, providing solutions for data ingestion, processing, and analysis.

Components:

Amazon Kinesis Data Streams: Allows you to build custom applications that process and analyze streaming data in real-time.

Amazon Kinesis Data Firehose: Simplifies the process of loading streaming data into AWS data stores and analytics services.

Amazon Kinesis Data Analytics: Enables you to process and analyze streaming data using SQL queries.

Scalability:

Kinesis is designed to handle large-scale, real-time data streams and can scale horizontally to accommodate varying workloads.

Managed Services:

Each component of Amazon Kinesis is a managed service, providing ease of use and reduced operational overhead.

Amazon Managed Streaming for Apache Kafka (Amazon MSK):

Purpose:

Amazon MSK is a fully managed service that makes it easy to set up, operate, and scale Apache Kafka clusters.

Underlying Technology:

Built on Apache Kafka, an open-source distributed event streaming platform widely used for building real-time data pipelines and streaming applications.

Compatibility:

Amazon MSK is designed to be compatible with Apache Kafka, allowing you to use existing Kafka applications seamlessly.

Integration with AWS Services:

Integrates well with other AWS services, allowing you to connect Apache Kafka clusters to various AWS data stores and analytics services.

Managed Cluster:

Amazon MSK handles administrative tasks such as cluster provisioning, configuration, security, and scaling.

Key Considerations:

Technology Stack:

Choose Amazon Kinesis if you are looking for an end-to-end, fully managed solution with components tailored for specific use cases.

Choose Amazon MSK if you are already using or require compatibility with Apache Kafka, a popular and widely adopted streaming technology.

Ease of Use:

Amazon Kinesis is designed for simplicity and ease of use, with fully managed components that abstract much of the underlying complexity.

Amazon MSK provides more control over Kafka clusters and configurations but requires a deeper understanding of Apache Kafka concepts.

Integration:

Both services integrate with various AWS data stores and analytics services, but the choice might depend on your existing technology stack and preferences.

In summary, the choice between Amazon Kinesis and Amazon MSK depends on factors such as your familiarity with Apache Kafka, specific use cases, and preferences for a fully managed versus a more customizable and controlled streaming solution.

references:

OpenAI 

AWSCertCP: AWS Analytics Services, AWS Athena, AWS Data Exchange, Amazon EMR, Amazon Glue, Amazon Kinesis

 - AWS Analytics Services 

- Amazon Athena

- AWS Data Exchange 

- Amazone EMR

- AWS Glue 

- Amazon Kinesis 

Amazon Athena 

Amazon Athena is an interactive query service that makes it easy to analyze data directly in Amazon Simple Storage Service (Amazon S3) using standard SQL. With a few actions in the AWS Management Console, you can point Athena at your data stored in Amazon S3 and begin using standard SQL to run ad-hoc queries and get results in seconds.

Amazon Athena also makes it easy to interactively run data analytics using Apache Spark without having to plan for, configure or manage resources. When running apache spark application on Athena, one need to submit the spark code for processing and receive the results directly. Apache spark applications can be developed using simple notebook experience in Amazon Athena console. 

Athena SQL or Apache Spark are server less so no need to setup infrastructure or manage and we need to pay only pay for the queries we run. Athena also can scale automatically running queries in parallel so the results are fast even with large data set or complex queries. 

A sample Athena console looks like this

AWS Data Exchange:

AWS Data Exchange is a service that allows users to easily share and manage data entitlements from other organizations at scale. It also allows users to quickly identify, subscribe to, and use third-party data

Amazone EMR 

Amazon EMR is the industry-leading cloud big data solution for petabyte-scale data processing, interactive analytics, and machine learning using open-source frameworks such as Apache Spark, Apache Hive, and Presto.

Usecases are:

Perform big data analytics: Run large-scale data processing and what-if analysis using statistical algorithms and predictive models to uncover hidden patterns, correlations, market trends, and customer preferences.

Build scalable data pipelines: Extract data from a variety of sources, process it at scale, and make it available for applications and users.

Process real-time data streams: Analyze events from streaming data sources in real-time to create long-running, highly available, and fault-tolerant streaming data pipelines.

Accelerate data science and ML adoption: Analyze data using open-source ML frameworks such as Apache Spark MLlib, TensorFlow, and Apache MXNet. Connect to Amazon SageMaker Studio for large-scale model training, analysis, and reporting.

AWS Glue 

Preparing your data to obtain quality results is the first step in an analytics or ML project. AWS Glue is a serverless data integration service that makes data preparation simpler, faster, and cheaper. You can discover and connect to over 70 diverse data sources, manage your data in a centralized data catalog, and visually create, run, and monitor ETL pipelines to load data into your data lakes.

Features are: 

- Flexible support for ETL, ELT, batch, streaming and more, with no lock-in

- Petabyte scale, pay-as-you-go billing, any data size

- Support all data users from developers to business users

- Complete data integration capabilities in one serverless service

AWS Glue is a serverless data integration service that makes it easier to discover, prepare, move, and integrate data from multiple sources for analytics, machine learning (ML), and application development.

Glue provides Various tools for data scientists, analyzers for ETL and ELT tasks 

Amazon Kinesis 

Collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information.

Ingest real-time data such as video, audio, application logs, website clickstreams, and IoT telemetry data for machine learning, analytics, and other applications.

Process and analyze data as it arrives and respond instantly instead of having to wait until all your data is collected before the processing can begin.

Use Cases

Build video analytics applications: Securely stream video from camera-equipped devices in homes and public places to AWS and use these video streams for security monitoring, face detection,and other analytics.

Evolve from batch to real-time analytics: Perform real-time analytics on data that has been traditionally analyzed using batch processing. For example, sharing data between different applications and streaming extract-transform-load.

Build real-time applications: Use Kinesis for real-time applications such as application monitoring, fraud detection, and live leader-boards to learn about what your customers and applications are doing right now and react promptly.

Analyze IoT device data: Process streaming data from IoT devices and use the data to send real-time alerts or take other actions programmatically when a sensor exceeds certain operating thresholds.

Basically , mostly all the time encoded data can be injected and analysed. 

It provides APIs also and get the analyzes with the timestamps. Provides video recognition.

 

Amazon Kinesis Data Firehose 

Useful to extract the data and run some JQs to place the data into various storage such as S3 

In this image above, it attempts to create partitions in S3 for storing the data according to a custom data ventilator Id. 

references:

https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf

AWSCertCP: AWS Macie

What is Amazon Macie?

A: Amazon Macie is a data security service that discovers sensitive data using machine learning and pattern matching, provides visibility into data security risks, and enables automated protection against those risks.

All security things found is sent communicated via EventBridge and then listed in the Security Hub 

What are the key benefits of Macie?

A: Macie uses machine learning and pattern matching to discover sensitive data at scale in a cost-efficient way. Macie automatically detects a large and growing list of sensitive data types, including personally identifiable information (PII) such as names, addresses, and credit card numbers. It also gives you constant visibility of your data stored in Amazon Simple Storage Service (Amazon S3). Macie’s setup is simplified with one selection in the AWS Management Console or a single API call. Macie provides multi-account support using AWS Organizations, so you can enable Macie across all of your accounts with a few selections.

How much does Macie cost?

 With Macie, you are charged based on three dimensions: the number of S3 buckets evaluated for bucket inventory and monitoring, the number of S3 objects monitored for automated data discovery, and the quantity of data inspected for automated and targeted sensitive data discovery. 

Is Macie a regional or global service?

Macie is a regional service. Macie must be enabled on a region-by-region basis and helps you view findings across all your accounts within each Region. This verifies that all data analyzed is regionally based and doesn’t cross AWS regional boundaries.

What Regions does Macie support?

The latest on regional availability can be found at the AWS Region Table.

How does Macie support custom data types?

With Macie, you can add custom-defined data types using regular expressions to help Macie discover proprietary or unique sensitive data for your business. For example, you might have a specific format for your employee IDs; a possible format is to have a capital letter, which defines if someone is a full-time or part-time employee, followed by a dash, and then eight numbers (such as F-12345678 for a full-time employee). These custom sensitive data types defined are unique to each customer and are not shared with other customers.

References:

https://aws.amazon.com/macie/faq/#:~:text=A%3A%20Amazon%20Macie%20is%20a,automated%20protection%20against%20those%20risks.

AWSCertCP: AWS Firewall manager FAQs

What are the prerequisites for AWS Firewall Manager?

There are three mandatory pre-requisites and one optional pre-requisite to use AWS Firewall Manager.

AWS Organizations - Your accounts must be part of AWS Organizations and have enabled all features. 

Set the AWS Firewall Manager Administrator Account - Firewall Manager must be associated with the management account of your AWS organization or associated with a member account that has the appropriate permissions. The account that you associate with Firewall Manager is called the Firewall Manager administrator account

Enable AWS Config on accounts - Enable AWS Config for each member account in your organization.

Enable AWS Resource Access Manager (Optional) - To enable Firewall Manager to centrally configure AWS Network Firewalls or associate Amazon Route 53 Resolver DNS Firewall rules across accounts and VPCs, you must first enable sharing of resources using AWS Resource Access Manager.

How do I use AWS Firewall Manager?

First, complete the prerequisites mentioned above.

Second, create a policy type for AWS WAF, AWS Shield Advanced, VPC security group, AWS Network Firewall, or Amazon Route 53 Resolver DNS Firewall.

Third, depending on the policy, specify the set of rules or protections. For example, for a policy for AWS WAF specify the rule groups (custom or managed) that you want to deploy across accounts. Similarly, for a VPC security group policy, reference the security group you want replicated in each resource within accounts. For AWS Network Firewall, specify the rule groups (stateful and stateless) that you want to deploy across VPCs in your accounts. For Amazon Route 53 Resolver DNS Firewall, specify the set of rules (rule groups) you want to associate with your VPCs in your accounts.

Fourth, specify the scope of the policy by choosing the accounts, resource type and, optionally, resource tags, where you want the policy to be deployed.

Finally, you can review and create the policy. Firewall Manager will automatically apply the rules and protections to all resources across accounts. Once complete, Firewall Manager also shows a compliance dashboard indicating any accounts/resources that are non-compliant and those that are compliant.

: Can I create a Firewall Manager policy but not remediate automatically?

Yes, you can configure a Firewall Manager policy in two modes –

Automatic remediation, which allows you to automatically monitor for drift in policy and apply rules on non-compliant resources

Manual remediation, which creates a new policy and the associated rules/protections in each account but does not enforce the rules on the resources in the account. After the policy is created with manual remediation, you can choose to take manual action for each local account, or at any point you can edit the policy to automatically remediate.

 How many accounts can AWS Firewall Manager manage?

Each Firewall Manager policy can be scoped to have at most 2,500 accounts, which is the default limit for number of accounts in AWS Organizations.

 How many resources can AWS Firewall Manager manage?

There is not a limit on the number of resources managed by Firewall Manager at this time.

Can I create security policies across regions?

No, AWS Firewall Manager security policies are region specific. Each Firewall Manager policy can only include resources available in that specified AWS Region. You can create a new policy for each region where you operate.

: Can I exclude accounts or resources from the scope of the policy?

Yes. You can exclude accounts. You can also use tags to specify the resources that should be excluded from the policy scope.

What is a Firewall Manager security policy?

Firewall Manager security policy is a set of configurations that allow customers to specify the accounts and resources that need to be associated a set of firewall rules, with additional configurations customized for each firewall type. Firewall Manager today supports AWS WAF, AWS Shield Advanced, VPC security groups, AWS Network Firewall, Amazon Route 53 Resolver DNS Firewall and AWS Marketplace third-party firewalls.

Does AWS Firewall Manager provide notifications when a resource is non-compliant?

Yes, you can create new SNS notification channels to receive real-time notifications when new non-compliant resources are discovered. Similarly, each account scoped as part of a Firewall Manager policy is notified for non-compliant events on AWS Security Hub.

 How can I view all threats across my organization?

For each Firewall Manager policy created, you can aggregate CloudWatch metrics for each Rule in the Rule Group, indicating how many requests were allowed or blocked across the entire organization. This gives you a central place to set up alerts for threats across your organization.

AWSCertCP: AWS Firewall Manager

AWS Firewall Manager

AWS Firewall Manager is a security management service which allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organization. As new applications are created, Firewall Manager makes it easy to bring new applications and resources into compliance by enforcing a common set of security rules. Now you have a single service to build firewall rules, create security policies, and enforce them in a consistent, hierarchical manner across your entire infrastructure.

What are the key benefits of AWS Firewall Manager ?

AWS Firewall Manager is integrated with AWS Organizations so you can enable AWS WAF rules, AWS Shield Advanced protections, VPC security groups, AWS Network Firewalls, and Amazon Route 53 Resolver DNS Firewall rules across multiple AWS accounts and resources from a single place. Firewall Manager monitors for new resources or accounts created to ensure they comply with a mandatory set of security policies from day one. You can group rules, build policies, and centrally apply those policies across your entire infrastructure. For example, you can delegate the creation of application-specific rules within an account while retaining the ability to enforce global security policies across accounts. Your security team can be notified of threats to the organization so they can respond and rapidly mitigate an attack.

Firewall Manager also integrates with Managed Rules for AWS WAF, which gives you an easy way to deploy pre-configured WAF rules in front of your applications.

Security administrators can leverage Firewall Manager to apply a baseline set of security group rules for EC2 instances, Application Load Balancers and Elastic Network Interfaces (ENIs) in your Amazon VPCs. At the same time, you can also audit any existing security groups in your VPCs for over permissive rules and remediate them from a single place.

You can leverage Firewall Manager to centrally deploy AWS Network Firewall endpoints and associated rules across your VPCs in your organization, to control traffic leaving and entering your network. At the same time, you can also use Firewall Manager to associate your VPCs across your accounts with Route 53 Resolver DNS Firewall rules to block DNS queries made for known malicious domains and to allow queries for trusted domains.

Q: Does AWS Firewall Manager configure VPC security groups or Network ACLs?

Yes, AWS Firewall Manager does support configuration of VPC security groups. However, it does not support Network ACLs today.

Q: What does AWS Firewall Manager configure?

Using AWS Firewall Manager, you can centrally configure AWS WAF rules, AWS Shield Advanced protections, Amazon Virtual Private Cloud (VPC) security groups, AWS Network Firewalls, and Amazon Route 53 Resolver DNS Firewall rules across accounts and resources in your organization.

Q: Which AWS resources can AWS Firewall Manager configure rules on?

Using AWS Firewall Manager, you can 

Easily roll out AWS WAF rules across Application Load Balancer, API Gateways and Amazon CloudFront distributions. 

You can create AWS Shield Advanced protections for your Application Load Balancers, ELB Classic Load Balancers, Elastic IP Addresses and CloudFront distributions. 

You can configure new Amazon Virtual Private Cloud (VPC) security groups and audit any existing security groups for your Amazon EC2, Application Load Balancers (ALBs) and ENI resource types. 

You can also deploy AWS Network Firewalls across accounts and VPCs in your organization.

Finally, with AWS Firewall Manager, you can also associate Amazon Route 53 Resolver DNS Firewall rules across VPCs in your organization.

AWSCertCP: AWS Health , AWS EventBridge

AWS Health , AWS EventBridge

AWS Health provides ongoing visibility into your resource performance and the availability of your AWS services and accounts. You can use AWS Health events to learn how service and resource changes might affect your applications running on AWS. AWS Health provides relevant and timely information to help you manage events in progress. AWS Health also helps you be aware of and to prepare for planned activities. The service delivers alerts and notifications triggered by changes in the health of AWS resources, so that you get near-instant event visibility and guidance to help accelerate troubleshooting.

The AWS Health Dashboard is available for all AWS customers at no additional cost.

All AWS customers can receive AWS Health events through Amazon EventBridge at no additional cost.

If you have a Business, Enterprise On-Ramp, or Enterprise Support plan, you can use the AWS Health API to integrate with in-house and third-party systems.

references:

https://docs.aws.amazon.com/health/latest/ug/what-is-aws-health.html

AWSCertCP: Amazon AWS Security Hub, AWS Systems Manager

AWS Security Hub

Automate AWS security checks and centralize security alerts  

Use AWS Security Hub to automate security best practice checks, aggregate security alerts into a single place and format, and understand your overall security posture across all of your AWS accounts.

Continous Monitoring: Detect deviations from security best practices with a single click.

Security Finding aggregation : Automatically aggregate security findings in a standardized data format from AWS and partner services.

Initiate automated responses : Accelerate mean time to resolution with automated response and remediation actions.

Security Posture : Visualize the security posture of your AWS-based applications.

AWS Systems Manager: AWS Systems Manager is a secure end-to-end management solution for resources on AWS and in multicloud and hybrid environments.

Use cases are: 

Centralize operational data : Aggregate data in a single console and gain actionable insights across AWS services such as Amazon CloudWatch, AWS CloudTrail, and AWS Config, as well as third-party tools.

Automatically resolve application issues: Leverage operational data to easily manage applications and identify issues quickly across associated AWS resource groups.

Simplify resource management : Automate processes such as patching and resource changes across AWS, on premises, and other clouds. Quickly diagnose and remediate operational issues before they affect users.

Remediate security events: Adapt your security and compliance profile and analyze security events after the fact to prevent a future reoccurrence.

AWSCertCP: Amazon Kendra , AWS QuickSight, AWS Glue, AWS Panorama

You can now use Amazon Kendra with Large Language Models (LLMs) to quickly create secure, generative AI-powered conversational experiences for your users on top of your enterprise content.

Facilities are:

Unified Search Experience: Quickly implement a unified search experience across multiple structured and unstructured content repositories.

Highly Accurate Answers : Use natural language processing (NLP) to get highly accurate answers without the need for machine learning (ML) expertise.

Customized Search Results: Fine-tune your search results based on content attributes, freshness, user behavior, and more.

Fast: Deliver ML-powered instant answers, FAQs, and document ranking as a fully managed service.

Amazon QuickSight powers data-driven organizations with unified business intelligence (BI) at hyperscale. With QuickSight, all users can meet varying analytic needs from the same source of truth through modern interactive dashboards, paginated reports, embedded analytics, and natural language queries. With Amazon Q in QuickSight, business analysts and business users can use natural language to build, discover, and share meaningful insights in seconds, turning insights into impact faster.

Amazon Q in QuickSight enhances business productivity using Generative BI capabilities to accelerate decision-making. With new dashboard authoring capabilities in Amazon Q, business analysts can use natural language prompts to build, discover, and share meaningful insights in seconds. Amazon Q makes it easier for business users to understand data with executive summaries, a new context-aware data Q&A experience, and data stories.

QuickSight enables organizations to scale their business analytics capabilities to hundreds of thousands of users, and delivers fast and responsive query performance by using a robust in-memory engine (SPICE).

AWS Glue 

Preparing your data to obtain quality results is the first step in an analytics or ML project. AWS Glue is a serverless data integration service that makes data preparation simpler, faster, and cheaper. You can discover and connect to over 70 diverse data sources, manage your data in a centralized data catalog, and visually create, run, and monitor ETL pipelines to load data into your data lakes.

Below are few benefits 

Support all workloads: Flexible support for ETL, ELT, batch, streaming and more, with no lock-in

Scale On Demand : Petabyte scale, pay-as-you-go billing, any data size

Tailored Tools : Support all data users from developers to business users

All In One: Complete data integration capabilities in one serverless service

AWS Panorama 

AWS Panorama is a collection of machine learning (ML) devices and a software development kit (SDK) that brings CV to on-premises internet protocol (IP) cameras.

references:

https://aws.amazon.com/panorama/

https://aws.amazon.com/glue/