Amazon Web Services | Cloud Academy Blog https://cloudacademy.com/blog/category/amazon-aws-2/ Wed, 06 Mar 2024 08:42:19 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.1 New AWS Certified Data Engineer – Associate (DEA-C01) exam goes live on March 12th, 2024! https://cloudacademy.com/blog/new-aws-certified-data-engineer-associate-dea-c01/ https://cloudacademy.com/blog/new-aws-certified-data-engineer-associate-dea-c01/#respond Wed, 06 Mar 2024 08:39:24 +0000 https://cloudacademy.com/?p=57989 In this blog post, we're going to answer some questions you might have about the new AWS Certified Data Engineer - Associate (DEA-C01) exam.

The post New AWS Certified Data Engineer – Associate (DEA-C01) exam goes live on March 12th, 2024! appeared first on Cloud Academy.

]]>
Hard to believe it was last September when AWS first announced its brand new Data Engineer – Associate (DEA-C01) certification. This announcement was newsworthy for a couple of reasons:

  • It represented the first new Associate-level AWS certification in over a decade! (The Solutions Architect, Developer, and SysOps Administrator Associate exams all debuted with the advent of the AWS global certification program back in 2013.)
  • It signaled the beginning of a shift in the AWS certification landscape. Shortly after announcing the new AWS Certified Data Engineer – Associate certification, AWS also announced that it would be retiring three of its Specialty-level exams: the AWS Certified Data Analytics – Specialty, AWS Certified Database – Specialty, and AWS Certified SAP on AWS – Specialty. With fewer Specialty-level certifications, AWS appears to now be prioritizing job role-based certifications at the foundational, associate, and professional levels.

The AWS Certified Data Engineer – Associate exam was available to sit as a beta between November 27, 2023 and January 12, 2024, and pass-fail results have now been shared with everyone who sat the beta exam during that time. AWS is now ready to release the final version of this exam on March 12, 2024!

In this blog post, I’m going to answer some questions you might have about this brand-new exam, including:

  • Who should take the new DEA-C01 exam?
  • When will the new DEA-C01 exam be available?
  • What is the format of the new DEA-C01 exam?
  • What information will be covered on the new DEA-C01 exam?
  • How can Cloud Academy help me prepare for the new DEA-C01 exam?

Who should take the new DEA-C01 exam?

According to the new DEA-C01 exam guide, the new AWS Certified Data Engineer – Associate (DEA-C01) exam is geared towards individuals with 2-3 years of experience in data engineering and at least 1-2 years of hands-on experience working with AWS services. The exam guide also states that candidates for this certification should understand “the effects of volume, variety, and velocity on data ingestion, transformation, modeling, security, governance, privacy, schema design, and optimal data store design” and promises to validate a candidate’s ability to perform the following tasks:

  • Ingest and transform data, and orchestrate data pipelines while applying programming concepts.
  • Choose an optimal data store, design data models, catalog data schemas, and manage data lifecycles.
  • Operationalize, maintain, and monitor data pipelines.
  • Analyze data and ensure data quality.
  • Implement appropriate authentication, authorization, data encryption, privacy, and governance.

Passing this exam will require experience and expertise as an IT on-premises or cloud data engineer who works with extract, transform, and load (ETL) pipelines, uses data lakes for data storage, and understands how to analyze data and ensure data quality and consistency.

That being said, there are no formal prerequisites for this–or any other–AWS certification exam, so anyone can register for and sit this exam.

When will the new DEA-C01 exam be available?

Registration opens for the DEA-C01 exam on Tuesday, March 12, 2024. The exam will be available to sit beginning that same day.

What is the format of the new DEA-C01 exam?

Like the other three Associate-level AWS certifications, the new AWS Certified Data Engineer – Associate (DEA-C01) exam will cost $150 USD and contains 65 multiple choice and multiple response questions. Most questions will have 4 possible answer options where you must select one correct answer, while others may have 5 or 6 answer options from which you must select two or three correct answers. Of the 65 questions in the exam, only 50 of them will count towards your score. The other 15 questions are used by AWS for evaluation purposes and do not affect your score in any way. There is no way to tell which questions are scored or unscored but there is also no penalty for guessing, so always be sure to answer every question, even if it’s just an educated guess!

The exam has a pass-fail designation and is scored on a scale of 100-1,000, with a minimum score of 720 required to pass, just like the other Associate-level exams.

What information will be covered on the new DEA-C01 exam?

The new DEA-C01 exam guide references four domains, which are shown in the table below.

DEA-C01 Domains

DEA-C01 Domains

Let’s briefly discuss what’s covered within each of these four domains in a little more detail.

DEA-C01 Domain 1: Data Ingestion and Transformation (34%)

This domain accounts for over one-third of the overall exam content and focuses on ingesting, transforming, and processing data, as well as orchestrating ETL pipelines for your data. This includes knowing how to read data from AWS services that stream data such as Kinesis, Redshift, and DynamoDB streams, then transforming it based on your requirements using services like Lambda, EventBridge, and AWS Glue workflows. You’ll also need to understand some basic programming concepts such as infrastructure as code, SQL query optimization, and continuous integration and continuous delivery, or CI/CD, when testing and deploying your data pipelines.

DEA-C01 Domain 2: Data Store Management (26%)

In this domain, you’ll need to know how to store and catalog your data. This involves everything from modeling your data to defining schemas for your data, which could be structured, unstructured, or semi-structured. You should have a thorough understanding of all AWS storage platforms and know how to determine the best data store for your needs based on availability and throughput requirements. You’ll also need to manage the lifecycle of your data in a way that is cost efficient, secure, and resilient to failure.

DEA-C01 Domain 3: Data Operations and Support (22%)

This domain will assess your ability to use AWS services to analyze your data, ensuring data quality as you automate the processing of your data. This includes configuring appropriate monitoring and logging of your data pipelines, using services like CloudTrail and CloudWatch to assist in troubleshooting any issues that may arise. You should also be familiar with AWS Glue DataBrew and understand how it can be used for everything from preparing data to be transformed to defining data quality rules, verifying, and cleaning data.

DEA-C01 Domain 4: Data Security and Governance (18%)

This final domain is all about data privacy, authorization, and compliance. You should understand the role of security within an AWS architecture and understand how to implement security in both your VPC network infrastructure as well as your users with AWS Identity and Access Management. This includes knowing the principle of least privilege and how to apply role-based, attribute-based, and policy-based security when appropriate. You’ll also need to understand encryption and how to leverage the AWS Key Management Service to encrypt and decrypt your data.

How can Cloud Academy help me prepare for the new DEA-C01 exam?

As soon as the new AWS Certified Data Engineer – Associate exam was announced last year, our team here at Cloud Academy began to assess the content in our library to help curate a brand new AWS Certified Data Engineer – Associate (DEA-C01) Certification Preparation course that fully covers all aspects of the new DEA-C01 exam guide.

We also sat the beta version of this exam when it was available (it was very challenging for an Associate-level exam!) and leveraged our collective knowledge and experience to build new and updated lessons, hands-on labs, and assessments covering all of the topics that are emphasized in the new DEA-C01 exam. Our new course is currently available in preview, but will be fully updated and published by March 12, 2024!

To find out the latest information about this exam, as well as to learn more about updates to other AWS certification exams, you can visit the Coming Soon to AWS Certification page. From there, you can review the exam guide for the new DEA-C01 exam.

For training preparation on all AWS certifications, I encourage you to browse our entire library of AWS certification content.

Best of luck with your studying, and keep an eye on this space for more AWS certification updates in the months ahead. If you have any questions, please feel free to reach out to me and I’ll be happy to help!

Danny

The post New AWS Certified Data Engineer – Associate (DEA-C01) exam goes live on March 12th, 2024! appeared first on Cloud Academy.

]]>
0
Why You Should Audit and Rotate Your AWS Credentials Periodically https://cloudacademy.com/blog/why-you-should-audit-and-rotate-your-aws-credentials-periodically/ https://cloudacademy.com/blog/why-you-should-audit-and-rotate-your-aws-credentials-periodically/#respond Thu, 28 Sep 2023 17:59:19 +0000 https://cloudacademy.com/?p=56262 In this post I want to discuss and highlight a security best practice that should be adopted as a part of your security processes and procedures, this being the need to audit and rotate your AWS security credentials on a periodic basis.  As we know, we live in a world...

The post Why You Should Audit and Rotate Your AWS Credentials Periodically appeared first on Cloud Academy.

]]>
In this post I want to discuss and highlight a security best practice that should be adopted as a part of your security processes and procedures, this being the need to audit and rotate your AWS security credentials on a periodic basis. 

As we know, we live in a world where cyber security attacks are all too common, and although there are complex and advanced tools and services we can put in place to reduce the attack surface, we can also introduce and adopt some simple but very effective controls.  One entry point attackers use to gain access to restricted environments is to comprise usernames and passwords, effectively a user’s credentials, which may then grant the attacker privileges to accomplish specific tasks.  So what are some of the ways to reduce this risk? 

By rotating our AWS credentials regularly we don’t leave our account open to long-lived credentials being used which can lead to unnecessary risks of being compromised.  So getting into the habit of using short-term credentials ultimately makes the associated user accounts more secure.

Where possible when accessing AWS resources we should try to use temporary credentials, such as those provided by IAM roles, but this is not always feasible for every use case.  As a result, there will be times, mainly for human user accounts, when you’ll be using credentials within your AWS account.  These accounts should be audited to ensure that they are still being used and if so, highlight which credentials should be rotated to reduce your security risk.  If a set of credentials is compromised it can lead to huge security breaches, denial of access to your legitimate accounts, wide-scale outages, and much more.  In addition to performing regular audits, you should set a password expiration period within your IAM password policy to ensure that the user’s password credentials are forcibly changed on a regular basis.

AWS Credential Report

The AWS credential report provides a great way to audit all of the AWS credentials used within your account.  This report can be generated via the AWS CLI, SDK, or the AWS Management Console, whichever method you use you will be able to obtain a report that will show the credential details of all your users.  This credential report can be downloaded once every 4 hours as a *.CSV file allowing you to review and filter the data.

Using this report, you will be able to see information on the following for each user:

  • The username
  • The Amazon Resource Name (ARN) of the user
  • When the user was first created
  • If a password is enabled for the user
  • When the password was last used
  • When the password was last changed
  • When the password is due to be rotated (based on the password policy settings)
  • If access keys are enabled
  • If multi-factor authentication is configured for the user
  • If the user has active access keys 
  • When the access keys were last used
  • When the access keys were last rotated
  • The region in which the access keys were used
  • The service used in conjunction with the access keys
  • If the user has a 2nd set of access keys (to make key rotation easier)
  • When the 2nd set of access keys was last used
  • When the 2nd set of access keys was last rotated
  • The region in which the 2nd set of access keys was used
  • The service used in conjunction with the 2nd set of access keys
  • If the user has an X.509 signing certificate
  • When the signing certificate was last rotated
  • If the user has a 2nd X.509 signing certificate

As you can see, this is quite an extensive list of parameters regarding the user credentials accessing your AWS account.  Using this data will help you formulate an appropriate policy and process to rotate your credentials on a regular basis. 

Looking at the following small sample taken from a credential report we can identify some key changes that should be made immediately:

User 2, and User 3 have not had their passwords changed for years as seen in the ‘password_last_changed’ column! This is a massive risk to have such long-lived credentials.  

User 5 should also have their password changed as it has been a number of months since the last credential rotation.  

User 2 hasn’t logged into the AWS account for approximately 3 years, so this user should have their password credentials removed altogether.  

User 3 is still an active user as we can see that the last login was in the past few days, indicated by ‘password_last_used’, however their password has not been changed for 7 years! 

To resolve these issues with long-lived credentials being used, the password policy should be edited to ensure that a password expiration is enabled and configured to at least a monthly rotation by setting a 30-day expiration.  

Users 1 and 4 in this scenario do not have access to the AWS Management Console, however, we should also check access keys access, so let’s take a look:

Here we can see that User 1 and User 4 do have programmatic access using access keys as seen by the ‘TRUE’ value under ‘access_key_1_active’.  However, their credentials have not been rotated for a number of years, again this poses a high security risk.  

User 2 does have access keys, however, it is inactive as seen by the ‘FALSE’ value, also, their access keys have NEVER been used.  As a result, these access keys should be deactivated and deleted, and programmatic access removed for this user.

User 3 has active access keys, but again they have not been used for years, so again these should be deleted.  

User 5 does not have any access keys associated.

Rotating access keys

Much like passwords, access keys for users should also be regularly changed to ensure that you are not using long-lived credentials that could be compromised.  These can be changed via the AWS CLI or the AWS Management Console, and instructions on how to achieve this can be found here.

AWS recommends that you rotate your access keys at least once every 90 days, and you can use the AWS credential report to identify users that should be addressed.  You can alternatively use the ‘Access key age’ column within the IAM users dashboard. This will show the number of days since the oldest active access key was created. 

Automatically rotate IAM user access keys at scale with AWS Organizations and AWS Secrets Manager

If you have hundreds or even thousands of users using programmatic access with access keys, then you’ll want to look at more of an automated approach to managing access key rotation.  To understand how this can be achieved using AWS CloudFormation, Amazon CloudWatch Events, AWS Identity and Access Management, AWS Lambda, AWS Organizations, Amazon S3, Amazon SES, and AWS Secrets Manager take a look here.

Learn more about AWS Identity and access management

The AWS Identity and Access Management service, commonly known as IAM is one of the first AWS security services that you will come across when working with AWS. It’s the central service for administering user accounts allowing them to gain access to your AWS resources. From user creation, password policies, access policies, roles, groups, and more, understanding AWS IAM is essential if you are looking to enforce stringent security controls within your AWS accounts.  
To get a solid understanding, and hands-on experience of all things to do with AWS IAM, take a look at our Learning Path: How to manage and secure your environment using AWS Identity & Access Management (IAM).

Upon completion, you will: 

  • Understand what is meant by identity and access management and the difference between authentication, authorization, and access control
  • Learn the components of IAM as well as its reporting features
  • Learn the essentials of users within IAM
  • Understand how to create, manage, and configure users using security best practices
  • Learn how to manage multiple users with IAM User Groups
  • Gain a foundational understanding of IAM roles
  • Understand how to use AWS service roles to access AWS resources on your behalf
  • Learn how to use IAM user roles to grant temporary access to users
  • Understand how to use roles for federated access
  • Understand the different types of IAM policies you can expect to see when working within IAM
  • Learn how to implement policies effectively to build secure and robust access controls for your users
  • Learn how to read IAM policies to understand the permissions they are granting and restricting
  • Learn how policy evaluation logic operates
  • Understand the core principles of cross-account access using IAM

To learn more about our AWS learning paths and certifications or to schedule a demo

The post Why You Should Audit and Rotate Your AWS Credentials Periodically appeared first on Cloud Academy.

]]>
0
AWS Announces New Certified Data Engineer – Associate (DEA-C01) Certification https://cloudacademy.com/blog/aws-announces-new-associate-level-data-engineer-certification/ https://cloudacademy.com/blog/aws-announces-new-associate-level-data-engineer-certification/#respond Wed, 27 Sep 2023 14:21:47 +0000 https://cloudacademy.com/?p=56244 2023 has been a busy year for our team and for AWS certifications! So far this year, we’ve already released learning paths for the updated AWS Certified Developer – Associate (DVA-C02), AWS Certified DevOps Engineer – Professional (DOP-C02), AWS Certified Security – Specialty (SCS-C02), and AWS Certified Cloud Practitioner (CLF-C02)...

The post AWS Announces New Certified Data Engineer – Associate (DEA-C01) Certification appeared first on Cloud Academy.

]]>
2023 has been a busy year for our team and for AWS certifications! So far this year, we’ve already released learning paths for the updated AWS Certified Developer – Associate (DVA-C02), AWS Certified DevOps Engineer – Professional (DOP-C02), AWS Certified Security – Specialty (SCS-C02), and AWS Certified Cloud Practitioner (CLF-C02) exams! And fresh off the release of the newly updated CLF-C02 exam last week, AWS has just announced a brand new Associate-level certification: the AWS Certified Data Engineer – Associate (DEA-C01).

The AWS Certified Data Engineer – Associate (DEA-C01) exam will join the Solutions Architect, Developer, and SysOps Administrator Associate exams as the fourth Associate-level certification from AWS, the 13th AWS certification overall, and the first brand new certification from AWS since the AWS Certified: SAP on AWS – Specialty (PAS-C01) exam was released back in 2022.

According to AWS:

The AWS Certified Data Engineer – Associate (DEA-C01) exam validates skills and knowledge in core data-related AWS services, and emphasizes the ability to implement data pipelines, monitor and troubleshoot issues, and optimize cost and performance in accordance with best practices.

Back in March, AWS began to solicit feedback by surveying individuals with at least 2 years of experience working in data engineering or a similar role, the first signal of their intent to potentially develop a new certification geared towards data engineers. To that end, AWS cites a recent Dice tech jobs report that shows demand for data engineers increasing by 42% in just a single year! This exam fills an important gap when assessing the knowledge and expertise of a data engineer that isn’t well-covered by any of the other current AWS exams.

In this blog post, I’m going to answer some questions you might have about this brand-new exam, including:

  • Who should take the new DEA-C01 exam?
  • When will the new DEA-C01 exam be available?
  • Should I take the beta version of the new DEA-C01 exam or wait for the standard version of the exam instead?
  • What is the format of the new DEA-C01 exam?
  • What information will be covered on the new DEA-C01 exam?
  • Where can I learn the new materials for the new DEA-C01 exam?
  • Where can I find more information on the new DEA-C01 exam?

Who should take the new DEA-C01 exam?

According to the new DEA-C01 exam guide, the new AWS Certified Data Engineer – Associate (DEA-C01) exam is geared towards individuals with 2-3 years of experience in data engineering and at least 1-2 years of hands-on experience working with AWS services. The exam guide also states that candidates for this certification should understand “the effects of volume, variety, and velocity on data ingestion, transformation, modeling, security, governance, privacy, schema design, and optimal data store design” and promises to validate a candidate’s ability to perform the following tasks:

  • Ingest and transform data, and orchestrate data pipelines while applying programming concepts.
  • Choose an optimal data store, design data models, catalog data schemas, and manage data lifecycles.
  • Operationalize, maintain, and monitor data pipelines.
  • Analyze data and ensure data quality.
  • Implement appropriate authentication, authorization, data encryption, privacy, and governance.

Passing this exam will require experience and expertise as an IT on-premises or cloud data engineer who works with extract, transform, and load (ETL) pipelines, uses data lakes for data storage, and understands how to analyze data and ensure data quality and consistency.

That being said, there are no formal prerequisites for this–or any other–AWS certification exam, so anyone can register and sit for this exam.

When will the new DEA-C01 exam be available?

A beta version of the new AWS Certified Data Engineer – Associate (DEA-C01) exam will be available to take between November 27, 2023, and January 12, 2024, at a cost of $75 USD–a 50% discount over the standard exam! Registration for this beta version of the exam opens on October 31, 2023. After the beta period ends in January, registration will open for the standard version of the exam in March 2024. The final, post-beta version of the DEA-C01 exam will be available to sit beginning in April 2024.

Should I take the beta version of the new DEA-C01 exam or wait for the standard version of the exam instead?

The new AWS Certified Data Engineer – Associate (DEA-C01) exam is the first AWS certification exam to feature a beta since the AWS Certified Advanced Networking – Specialty and AWS Certified: SAP on AWS – Specialty exams also had betas back in 2022. AWS will occasionally use beta exams before officially releasing final versions of a new or updated certification exam as a way to test and evaluate exam questions before they are featured in a live exam.

There are some important differences between beta and standard exams that may influence your decision to take one version of the exam over the other, which I will discuss here.

Cost

As I mentioned earlier, the beta version of the new AWS Certified Data Engineer – Associate (DEA-C01) exam will be available at a 50% discount over the standard exam ($75 USD instead of $150 USD). If you are an experienced AWS Data Engineer and you’re ready to sit this exam between November and January, this discount offers you the opportunity to be among the first to earn this certification while also saving some money in the process.

Exam Experience

The beta version of the new AWS Certified Data Engineer – Associate (DEA-C01) exam will feature a total of 85 multiple-choice or multiple-response questions. This is higher than the 65 questions typically featured on AWS Associate-level certification exams, and even higher than the 75 questions typically found on Professional or Specialty-level exams. AWS beta exams contain these additional questions to help AWS ascertain if there are any questions within their question bank that are unclear (if everyone gets the same questions wrong, it’s likely those questions will be edited or removed altogether). Asking a larger number of questions on the beta exam allows AWS to better refine its question bank selection for when the post-beta exam goes GA next April.

While you will have 170 minutes to complete this beta exam (compared with 130 minutes to answer 65 questions on a typical Associate exam), it is common for “exam fatigue” to set in after about 50 questions.

Furthermore, while you would typically receive the pass/fail results of your AWS certification exam within a few days of taking the exam, you won’t receive your official exam results for this beta exam until 90 days after the beta period closes in January. This means you could sit the beta exam in November 2023 and not know whether you passed or failed until April 2024, nearly five months later.

Bragging Rights

If the beta is successful and you end up passing the beta version of this exam, you will be awarded the new AWS Certified Data Engineer – Associate certification and be among the first worldwide to hold it, giving you not only bragging rights but also a huge boost to your career profile. Like all other AWS certifications, this certification will be valid for three years, just as if you passed the post-beta version of the exam.

What is the format of the new DEA-C01 exam?

Like the other three Associate-level AWS certifications, the new AWS Certified Data Engineer – Associate (DEA-C01) exam will consist entirely of multiple choice and multiple response questions. There will not be any hands-on labs as part of this exam.

The beta version of the new DEA-C01 exam will contain 85 questions, while the final version of the exam will contain 65. Most questions will have 4 possible answer options where you must select one correct answer, while others may have 5 or 6 answer options from which you must select two or three correct answers. Of the 65 questions in the post-beta version of the exam, only 50 questions will count towards your score. The other 15 questions are used by AWS for evaluation purposes and do not affect your score in any way. There is no way to tell which questions are scored or unscored but there is no penalty for guessing, so always be sure to answer every question, even if it’s just an educated guess!

The exam has a pass-fail designation and is scored on a scale of 100-1,000, with a minimum score of 720 required to pass, just like the other Associate-level exams.

What information will be covered on the new DEA-C01 exam?

The new DEA-C01 exam guide references four domains, which are shown in the table below.

DEA-C01 Domains

Let’s briefly discuss what’s covered within each of these four domains in a little more detail.

DEA-C01 Domain 1: Data Ingestion and Transformation (34%)

This domain accounts for over one-third of the overall exam content and focuses on ingesting, transforming, and processing data, as well as orchestrating ETL pipelines for your data. This includes knowing how to read data from AWS services that stream data such as Kinesis, Redshift, and DynamoDB streams, then transforming it based on your requirements using services like Lambda, EventBridge, and AWS Glue workflows. You’ll also need to understand some basic programming concepts such as infrastructure as code, SQL query optimization, and continuous integration and continuous delivery, or CI/CD, when testing and deploying your data pipelines.

DEA-C01 Domain 2: Data Store Management (26%)

In this domain, you’ll need to know how to store and catalog your data. This involves everything from modeling your data to defining schemas for your data, which could be structured, unstructured, or semi-structured. You should have a thorough understanding of all AWS storage platforms and know how to determine the best data store for your needs based on availability and throughput requirements. You’ll also need to manage the lifecycle of your data in a way that is cost-efficient, secure, and resilient to failure.

DEA-C01 Domain 3: Data Operations and Support (22%)

This domain will assess your ability to use AWS services to analyze your data, ensuring data quality as you automate the processing of your data. This includes configuring appropriate monitoring and logging of your data pipelines and using services like CloudTrail and CloudWatch to assist in troubleshooting any issues that may arise. You should also be familiar with AWS Glue DataBrew and understand how it can be used for everything from preparing data to be transformed to defining data quality rules, verifying, and cleaning data.

DEA-C01 Domain 4: Data Security and Governance (18%)

This final domain is all about data privacy, authorization, and compliance. You should understand the role of security within an AWS architecture and understand how to implement security in both your VPC network infrastructure as well as your users with AWS Identity and Access Management. This includes knowing the principle of least privilege and how to apply role-based, attribute-based, and policy-based security when appropriate. You’ll also need to understand encryption and how to leverage the AWS Key Management Service to encrypt and decrypt your data.

Where can I learn the new materials for the new DEA-C01 exam?

As soon as the new AWS Certified Data Engineer – Associate exam was announced, our team here at Cloud Academy began to assess the content in our library to help us create a brand new learning path that ensures we fully cover all aspects of the new DEA-C01 exam guide.

Over the coming months, our team will be sitting the beta version of this exam and leveraging our collective knowledge and experience to build new and updated courses, hands-on labs, and assessments covering all of the topics that are emphasized in the new DEA-C01 exam. We will also monitor any updates or changes announced to the DEA-C01 exam from AWS after the beta period for the exam ends in January and before the final version of the exam is released in April 2024 to ensure our content is thorough and comprehensive, giving you the peace of mind you need to know you’ll be ready to pass this brand new exam!

Where can I find more information on the new DEA-C01 exam?

To find out the latest information about this exam, as well as to learn more about updates to other AWS certification exams, you can visit the Coming Soon to AWS Certification page. From there, you can review the exam guide for the new DEA-C01 exam.

For training preparation on all 12 (now soon to be 13!) AWS certifications, I encourage you to browse our entire library of AWS certification content.

Best of luck with your studying and exam preparation! If you have any questions, please feel free to reach out to me or our team of knowledgeable reps.

We’re happy to help.

Danny

The post AWS Announces New Certified Data Engineer – Associate (DEA-C01) Certification appeared first on Cloud Academy.

]]>
0
AWS Global Infrastructure: Availability Zones, Regions, Edge Locations, Regional Edge Caches, Local Zones, Wavelength Zones, and Outposts https://cloudacademy.com/blog/aws-global-infrastructure/ https://cloudacademy.com/blog/aws-global-infrastructure/#comments Thu, 24 Aug 2023 22:34:05 +0000 https://cloudacademy.com/blog/?p=20666 Amazon Web Services is a global public cloud provider, and as such, it has to have a global network of infrastructure to run and manage its many growing cloud services that support customers around the world. In this post, we’ll take a look at the components that make up the...

The post AWS Global Infrastructure: Availability Zones, Regions, Edge Locations, Regional Edge Caches, Local Zones, Wavelength Zones, and Outposts appeared first on Cloud Academy.

]]>
Amazon Web Services is a global public cloud provider, and as such, it has to have a global network of infrastructure to run and manage its many growing cloud services that support customers around the world. In this post, we’ll take a look at the components that make up the AWS Global Infrastructure.

The components are:

  • Availability Zones (AZs)
  • Regions
  • Edge Locations
  • Regional Edge Caches
  • Local Zones
  • Wavelength Zones
  • Outposts

If you are deploying services on AWS, you’ll want to have a clear understanding of each of these components, how they are linked, and how you can use them within your solution to YOUR maximum benefit. Let’s take a closer look.

AWS Global Infrastructure: Availability Zones

Availability Zones and Regions are closely related.

AZs are essentially the physical data centers of AWS. This is where the actual compute, storage, network, and database resources are hosted that we as consumers provision within our Virtual Private Clouds (VPCs). A common misconception is that a single availability zone is equal to a single data center. This is not the case. In fact, it’s likely that multiple data centers located close together form a single availability zone.

Each AZ will always have at least one other AZ that is geographically located within the same area, usually a city, linked by highly resilient and very low latency private fiber-optic connections. However, each AZ will be isolated from the others using separate power and network connectivity that minimizes impact to other AZs should a single AZ fail.

These low latency links between AZs are used by many AWS services to replicate data for high availability and resilience purposes. For example, when RDS (Relational Database Service) is configured for ‘Multi-AZ’ deployments, AWS will use synchronous replication between its primary and secondary database and asynchronous replication for any read replicas that have been created.

Often, there are three, four, or even five AZs linked together via these low latency connections. This localized geographical grouping of multiple AZs, which would include multiple data centers, is defined as an AWS Region.


AWS Availability Zones

Multiple AZs within a region allows you to create highly available and resilient applications and services. By architecting your solutions to utilize resources across more than one AZ ensures that minimal or no impact will occur to your infrastructure should an AZ experience a failure, which does happen).

Anyone can deploy resources in the cloud, but architecting them in a way that ensures your infrastructure remains stable, available, and resilient when faced with a disaster is a different matter. Making use of at least two AZs in a region helps you maintain high availability of your infrastructure and it’s always a recommended best practice.

AWS Global Infrastructure: Regions

As we now know, a Region is a collection of availability zones that are geographically located close to one other. This is generally indicated by AZs within the same city. AWS has deployed them across the globe to allow its worldwide customer base to take advantage of low latency connections. Every Region will act independently of the others, and each will contain at least two Availability Zones.

For example, if an organization based in London was serving customers throughout Europe, there would be no logical sense to deploy services in the Sydney Region simply due to the latency response times for its customers. Instead, the company would select the region most appropriate for them and their customer base, which may be the London, Frankfurt, or Ireland Region.

Having global regions also allows for compliance with regulations, laws, and governance relating to data storage (at rest and in transit). For example, you may be required to keep all data within a specific location, such as Europe. Having multiple regions within this location allows an organization to meet this requirement.

Similarly to how utilizing multiple AZs within a region creates a level of high availability, the same can be applied to utilizing multiple regions. Depending on the level of business continuity you require, you may choose to architect your AWS environment to support your applications and services across multiple regions, should an entire region become unavailable, perhaps due to a natural disaster.

You may want to use multiple regions if you are a global organization serving customers in different countries that have specific laws and governance about the use of data. In this case, you could even connect different VPCs together in different regions. Learn more from AWS about Multiple Region Multi-VPC Connectivity.

To learn more about the AWS certifications offered by Cloud Academy, read our post, The 12 AWS Certifications: Which is Right for You are Your Team, or contact one of our knowledgeable reps for more information.

The number of regions is increasing year after year as AWS works to keep up with the demand for cloud computing services. At the time of publishing this article (August 2023), there are currently 32 Regions and 102 Availability Zones, with 4 additional Regions and 12 additional AZs planned.

Interestingly, not all AWS services are available in every region. This is a consideration that must be taken into account when architecting your infrastructure. Some services are classed as global services, such as AWS Identity & Access Management (IAM) or Amazon CloudFront, which means that these services are not tied to a specific region.  However, most services are region-specific, and it’s down to you to understand which services are available in which region. 

AWS logically groups its Regions into larger geographical areas for ease of management. For example, the N. Virginia and Ohio Regions fall under the geographic location of US East.

Although regions are grouped together in this way, every single region is independent of other regions.

The AWS GovCloud is an isolated region in the U.S. that is only available to U.S. government agencies and organizations in government-regulated industries, which must meet strict requirements. 

Region and Availability Zone Naming Conventions

AWS has a specific naming convention for both Regions and Availability Zones.

Depending on where you are viewing and using the Region name, it can be represented as two different names for the same Region.

Regions have both a ‘friendly’ name, indicating a location that can be viewed within the Management Console and a Code Name that is used when referencing regions programmatically, for example when using the AWS CLI.

As you can see, the name in the first column is easier to associate to than that of the Code Name.

Availability Zones are always referenced by their Code Name, which is defined by the AZs Region Code Name that the AZ belongs to, followed by a letter. For example, the AZs within the eu-west-1 region (EU Ireland), are:

  • eu-west-1a
  • eu-west-1b
  • eu-west-1c

AWS EU Ireland Region

An interesting point to be aware of here is that AWS maps these AZ letter identifiers to different physical AZs for different AWS accounts. This ensures that there is a more even distribution of resources across all AZs within a Region.


AWS EU Ireland Region

If you have multiple AWS accounts and you try to coordinate resources within the same AZ by selecting the same AZ Code Name, this may not necessarily mean that those resources are physically located within the same AZ as you can see in the image above.

AWS Global Infrastructure: Edge Locations

Edge Locations are AWS sites deployed in major cities and highly populated areas across the globe. They far outnumber the number of availability zones available.

While Edge Locations are not used to deploy your main infrastructures such as EC2 instances, EBS storage, VPCs, or RDS resources like AZs, they are used by AWS services such as AWS CloudFront and AWS Lambda@Edge (currently in Preview) to cache data and reduce latency for end-user access by using the Edge Locations as a global Content Delivery Network (CDN).

As a result, Edge Locations are primarily used by end users who are accessing and using your services.

For example, you may have your website hosted on EC2 instances and S3 (your origin) within the Ohio region with a configured CloudFront distribution associated. When a user accesses your website from Europe, they would be re-directed to their closest Edge Location (in Europe) where cached data could be read on your website, significantly reducing latency.

AWS Global Infrastructure: Regional Edge Cache

In November 2016, AWS announced a new type of Edge Location, called a Regional Edge Cache. These sit between your CloudFront Origin servers and the Edge Locations.  A Regional Edge Cache has a larger cache-width than each of the individual Edge Locations, and because data expires from the cache at the Edge Locations, the data is retained at the Regional Edge Caches.

Therefore, when data is requested at the Edge Location that is no longer available, the Edge Location can retrieve the cached data from the Regional Edge Cache instead of the Origin servers, which would have a higher latency.


AWS Global Infrastructure: Regional Edge Cache

AWS Global Infrastructure: Local Zones

In 2022, Amazon announced that it had launched its first 16 Local Zones, a new type of infrastructure deployment designed to place core AWS Compute, Storage, Networking, and Database services near highly populated areas such as major cities that do not already have an AWS Region nearby. For example, the eastern United States has two Regions: us-east-1 in northern Virginia and us-east-2 in Ohio. However, there are also very large metropolitan areas around Boston, New York City, Philadelphia, Atlanta, and Miami, all of which are 100 miles or more from the data centers in that Region’s nearest Availability Zones. AWS Local Zones allow customers in these areas to deploy resources and applications that require single-digit millisecond latency that would otherwise not be attainable given the geographic distance to the nearest Regions.

They are also useful where data residency requirements may dictate that data be stored within certain geographic boundaries.

All AWS Local Zones are connected to a parent Region, allowing you to seamlessly connect to all other AWS services via a secure, dedicated high-speed connection. AWS Local Zones are currently available in a total of 33 metropolitan areas, with an additional 19 planned in the future. To use Local Zones, you must first enable them within your AWS account. After that, all Local Zones will be listed alongside the Availability Zones within that Region and can be selected when deploying everything from VPC subnets, to EC2 instances and EBS volumes, to ECS and EKS clusters.

In August 2023, AWS announced Dedicated Local Zones, which offer dedicated, fully managed infrastructure that is built for the exclusive use of a specific customer or community. Dedicated Local Zones can be deployed in an existing on-premises data center or other locations that may be dictated by a customer or community’s requirements to comply with security or other data sovereignty regulations for mission-critical and other sensitive workloads. These are especially useful in the public sector and other industries where strict governance controls are necessary to comply with local laws and regulations.

AWS Global Infrastructure: Wavelength Zones

Much like AWS Local Zones, AWS Wavelength Zones also place core AWS services closer to large end user bases and are connected to a parent Region via a secure, dedicated high-speed connection. However, AWS Wavelength Zones are embedded within 5G mobile broadband networks and are deployed within the data centers of large telecommunications providers. Deploying AWS resources such as VPC subnets, EC2 instances, and EBS volumes to an AWS Wavelength Zone allows end users to connect to these resources without ever leaving the mobile provider’s network. By reducing the number of network hops and eliminating the need for any traffic to traverse the public internet, developers can offer ultra-low latency and increased reliability for 5G applications such as live video streaming and interactive gaming. AWS Wavelength Zones are currently available through Verizon in the United States, KDDI in Japan, SK Telecom in South Korea, Vodafone in the UK and Germany, and Bell in Canada.

AWS Global Infrastructure: Outposts

AWS Outposts brings the capabilities of the AWS cloud to your on-premises data center. This includes the same hardware used by AWS within their data centers, allowing you to use native AWS services, including the same tools and APIs you would use when running your infrastructure within AWS. Outposts are available as 1U or 2U rack-mountable servers, or as entire 42U racks that can be scaled to deployments of up to 96 racks. Outposts may be connected to AWS using either a Direct Connect or VPN connection. Outposts allow you to run AWS services such as EC2, ECS, EKS, S3, RDS, and EMR on-premises. Customers can also make use of PrivateLink gateway endpoints to securely and privately connect to other services and resources, such as DynamoDB. There are a wide number of EC2 instance types available on AWS Outposts. These include M5, C5, and R5 instances, as well as storage options for EBS volumes, local disks, and local instance storage.

Because AWS Outposts are fully managed, you do not need to maintain a level of patch management across your infrastructure or worry about installing or updating any software. AWS will ensure your Outposts are patched and updated as needed.

I hope that this post has provided some clarity around the AWS global infrastructure of Availability Zones, Regions, Edge Locations, Regional Edge Caches, Local Zones, Wavelength Zones, and Outposts.

Understanding what each of these components can allow you to do will help you architect a resilient, highly available, secure, and low latency solution for you and your customers.

The post AWS Global Infrastructure: Availability Zones, Regions, Edge Locations, Regional Edge Caches, Local Zones, Wavelength Zones, and Outposts appeared first on Cloud Academy.

]]>
1
How to Get Your AWS Certification With Cloud Academy https://cloudacademy.com/blog/how-to-get-your-aws-certification-with-cloud-academy/ https://cloudacademy.com/blog/how-to-get-your-aws-certification-with-cloud-academy/#respond Thu, 10 Aug 2023 22:59:18 +0000 https://cloudacademy.com/?p=55446 Discover the importance of AWS certifications in today's tech landscape. Learn how Cloud Academy guides professionals and teams through the certification journey, ensuring mastery in cloud technology.

The post How to Get Your AWS Certification With Cloud Academy appeared first on Cloud Academy.

]]>
In the dynamic realm of cloud technology, staying updated isn’t just a luxury.

As the digital landscape evolves, AWS consistently introduces new features and services, setting the benchmark for cloud innovations, and both professionals and teams must remain informed to harness the full potential of these advancements.

Cloud Academy is here as your beacon in this journey, guiding you through the intricacies of AWS certifications. Let’s dive a little deeper into the importance of these certifications and how Cloud Academy can help pave your path to reaching your career goals.

Stay current on AWS news and releases

AWS introduces new services and updates at a pace that can be overwhelming, but staying updated with AWS is easier than you might think:

  • Subscribing to the official AWS blog provides firsthand information, straight from the source.
  • Joining active AWS forums fosters community learning, where professionals share insights and experiences.
  • Following AWS on platforms like Twitter and LinkedIn offers real-time updates and expert opinions.

Understanding the latest AWS developments isn’t just about keeping up — it’s about staying ahead. By leveraging the most recent tools and services, you can drive unparalleled efficiency and innovation in your projects, ensuring that your solutions are cutting-edge and competitive.

Want more easy-to-digest AWS insights? Check out our blog on staying current on AWS news and releases.

The value of AWS certifications in today’s market

AWS certifications have become a gold standard in the industry. They validate your skills and knowledge while demonstrating your commitment to staying updated in the fast-paced world of cloud technology.

Employers often look for AWS certifications as a benchmark when hiring, as it assures them of the candidate’s proficiency with the platform. Professionals with AWS certifications often command higher salaries and better job opportunities, making it a valuable investment in your career.

AWS certifications can also be a stepping stone for pros looking to transition into specialized roles, like cloud architects or DevOps engineers, further broadening their career horizons.

Why you (or your team) should get certified

Simply put, AWS certifications are more than just accolades. They’re a testament to a professional’s commitment to excellence and a profound understanding of the platform.

Teams with certified professionals tend to be more agile, making informed decisions swiftly and adapting to changes with ease. Plus, AWS certifications are globally recognized, adding a touch of gold-standard credibility to your profile; AWS’s leadership in cloud services is undisputed. Being certified you’re in sync with the best, always staying a step ahead, and positioning yourself as a sought-after expert in the field.

Get AWS-certified with Cloud Academy

Navigating the vast domain of cloud technology can be daunting. AWS, with its plethora of services and features, is a titan in this landscape. And Cloud Academy is your compass, guiding you through the intricate pathways of AWS, ensuring a smooth and informed journey towards certification.

A holistic approach to learning with Cloud Academy:

Cloud Academy isn’t just another e-learning platform; it’s a comprehensive skill management platform tailored for tech teams of all sizes. The platform offers a unique blend of advanced software and premium content. This synergy offers a holistic experience, blending theoretical knowledge with practical insights. From Cloud to DevOps, Software Development, and beyond, our offerings are designed to cater to a wide spectrum of tech domains, ensuring that no stone is left unturned in your learning journey.

Personalized learning paths:

Every individual or team has unique learning needs. Our adaptive platform understands this and allows users to personalize their learning paths, roles, and skills. This personalization ensures that learning is targeted, efficient, and in line with individual or team objectives.

Hands-on labs & real-world scenarios:

While theoretical knowledge forms the foundation, practical proficiency is what sets professionals apart. Our hands-on labs simulate real-world scenarios, ensuring that learners aren’t just theoretically equipped but also practically proficient. These labs are designed by industry experts, ensuring that they mirror real-world challenges, preparing learners for both the certification exams and on-the-job scenarios.

Content Engine & customization:

Our Content Engine is a game-changer. This feature allows enterprise users to customize the platform’s library, creating their own courses, learning paths, and exams. This level of customization helps you make sure that learning is always aligned with specific organizational needs and objectives.

In conclusion

In the ever-evolving world of cloud technology, staying updated and certified is the name of the game. At Cloud Academy, we offer rich features, adaptive learning paths, and expert-designed content –– making us the ideal partner for anyone looking to conquer the AWS certification landscape.

So dive deep, explore, and let Cloud Academy guide you to AWS mastery, ensuring that you’re always at the forefront of cloud innovation.

The post How to Get Your AWS Certification With Cloud Academy appeared first on Cloud Academy.

]]>
0
Amazon RDS vs DynamoDB: 12 Differences You Should Know https://cloudacademy.com/blog/amazon-rds-vs-dynamodb-12-differences/ https://cloudacademy.com/blog/amazon-rds-vs-dynamodb-12-differences/#respond Fri, 28 Jul 2023 09:08:52 +0000 https://cloudacademy.com/?p=51263 Learn key info about Amazon's main SQL and NoSQL database offerings, including pricing, use cases, and DB instance types.

The post Amazon RDS vs DynamoDB: 12 Differences You Should Know appeared first on Cloud Academy.

]]>
Relational Database Services (RDS) and Dynamo Database (DynamoDB) are both widely-popular cloud-based database services managed and offered by Amazon Web Services (AWS).

So what’s the real difference between the two? And, as a tech leader, how do you know which is best for your business? In this post we will cover these two services and the 12 significant differences between them that you should know about.

To learn more about AWS certification for your team, or for more details on the database fundamentals for AWS courses offered by Cloud Academy, contact us today for a free demo.

1. Type of database

NoSQL vs SQL Databases

SQL databases are relational databases that use structured query language for storing and retrieving data. NoSQL databases are non-relational databases that use various means for storing data.

SQL databases are relational databases that store data in table format. NoSQL databases are non-relational databases that store data in various formats, including JSON, XML, and Binaries.

SQL databases are based on the relational model, which organizes data into tables with rows and columns. NoSQL databases are based on the non-relational or ” NoSQL ” model, which stores data in documents with keys and values.

2. Amazon RDS vs DynamoDB features

RDS vs. DynamoDB

Amazon RDS Features

  • Amazon RDS supports multiple database engines, including Amazon Aurora, MySQL, MariaDB, Oracle, Microsoft SQL Server, and PostgreSQL.
  • Amazon RDS allows you to scale your database instances’ storage size and performance.
  • Amazon RDS makes it easy to set up, operate, and scale a relational database in the cloud.
  • Amazon RDS provides a cost-effective way to manage relational databases in the cloud.

DynamoDB Features

  • Primarily, DynamoDB features flexibility, scalability, and performance. 
  • It offers high availability out of the box with no need for setup or configuration. 
  • DynamoDB automatically replicates your data across multiple Availability Zones within a Region to give you fault tolerance and high availability.

3. Amazon RDS vs DynamoDB storage sizes

Amazon RDS Storage Size

Amazon RDS can use the Amazon Aurora engine, with up to 128 TB and 64 TB of storage space for MySQL, MariaDB, Oracle, and PostgreSQL engines. On the other hand, SQL Server engine requires 16 TB of storage.

DynamoDB Storage Size

It supports tables of virtually any size.

The storage size ranges for General Purpose SSD DB instances are as follows:

  • Database instances for MariaDB, MySQL, Oracle, and PostgreSQL: 20 GiB-64 TiB
  • 20 GiB-16 TiB SQL Server Enterprise, Standard, Web, and Express Editions

4. Amazon RDS vs DynamoDB performances

The main difference between the two services is that Amazon RDS is designed for use with relational databases. In contrast, DynamoDB is intended for use with non-relational databases. RDS is more expensive than DynamoDB but offers more features and flexibility. DynamoDB is less costly but has fewer features and flexibility.

Amazon RDS Performance

RDS performance scales automatically to meet the needs of your application. RDS will automatically add more resources to maintain performance when your application’s load increases. When the load decreases, RDS will remove resources accordingly. This allows you to focus on developing your application rather than managing the infrastructure.

DynamoDB Performance

DynamoDB automatically scales throughput capacity to meet the demands of your applications. As the number of requests increases, DynamoDB increases the number of capacity units allocated to your table. This enables DynamoDB to maintain consistent performance as the size of your data grows.

5. Amazon RDS vs DynamoDB availability and durability

Amazon RDS Availability and Durability

Amazon RDS is a cloud-based relational database service that supports a variety of database engines, including MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, and Amazon Aurora. Amazon RDS makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching, and backups. Amazon RDS is available on Amazon Elastic Compute Cloud (Amazon EC2) and is integrated with Amazon Simple Storage Service (Amazon S3), Amazon Virtual Private Cloud (Amazon VPC), and Amazon CloudWatch, providing a complete solution for database management in the cloud. 

DynamoDB Availability and Durability

DynamoDB is a highly durable and available database. All data is automatically replicated across multiple Availability Zones within AWS Regions to provide built-in redundancy and high availability. Data is automatically replicated to multiple Availability Zones to maintain high availability and durability in the event of an infrastructure outage or failure. DynamoDB uses synchronous replication across all Availability Zones to give you a low-latency read and write experience.

6. Amazon RDS vs DynamoDB scalability

Amazon RDS Scalability

Amazon RDS is a cloud-based relational database service designed to make it easy to set up, operate, and scale a relational database in the cloud. Amazon RDS provides two scalability options to help you manage the growth of your database workloads: vertical scaling and reads replicas. Vertical scaling, also called scaling up, means increasing the compute and storage capacity of your Amazon RDS DB instance. When you scale up, you can improve your DB instance’s CPU, memory, and storage resources. On the other hand, read replicas are copies of your DB instance that can be used to offload read traffic from your primary DB instance.

DynamoDB Scalability

DynamoDB is designed to scale horizontally. This means additional servers can be added to the system to increase capacity and throughput. DynamoDB can also scale vertically, which means that the ability of a single server can be improved.

7. Amazon RDS vs DynamoDB security

Amazon RDS Security

AWS and you both share responsibility for security. This is referred to as cloud security and cloud security in the shared responsibility model.

Cloud security: AWS is in charge of defending the system that powers AWS services on the AWS Cloud. You can use the security services that AWS offers you. As part of the AWS compliance processes, external auditors regularly examine and confirm our security’s efficacy. Visit AWS services in scope by compliance program to learn more about the compliance programs that concern Amazon RDS.

Protection in the cloud The AWS service you utilize will decide your obligation. Other matters, such as the sensitivity of your data, the needs of your company, and any applicable laws, are also your responsibility.

DynamoDB Security

Amazon DynamoDB offers a highly resilient storage system for mission-critical and primary data storage. In an Amazon DynamoDB Region, data is redundantly stored across numerous devices and locations.

Users’ data kept at rest, in transit between on-premises clients and DynamoDB, and between DynamoDB and other AWS services located in the same AWS Region are all protected by DynamoDB.

As a tech leader, you know that security is one of the most significant issues holding back cloud adoption. Cloud Academy’s training library focuses deeply on IT Security, allowing your team to stay up to date on new security breaches and ways to resolve them.

To learn more about how we can help you to secure your cloud environment, or for help on choosing the right AWS security certifications for you and your team, contact us and request a free demo!

8. Amazon RDS vs DynamoDB encryption

Amazon RDS Encryption

Utilize keys that you control with AWS KMS to encrypt your databases. When encryption is turned on, all automated backups, read replicas, and snapshots of the data stored at rest are also encrypted.

Enables transparent data encryption in Oracle and SQL Server.
Enables the secure transmission of data via SSL.

DynamoDB Encryption

By default, DynamoDB encrypts data in transit using encryption keys kept in AWS KMS.

9. Amazon RDS vs DynamoDB backups

Amazon RDS Backup

Point-in-time recovery for your database instance is made possible via the automated backup feature. Database snapshots are user-initiated copies of your instance retained in Amazon S3 until they are specifically deleted.

DynamoDB Backup

Point-in-time recovery (PITR) offers continuous backups of the data in your DynamoDB tables, allowing you to restore the table to any second during the 35 days prior. You can create complete backups of the data in your DynamoDB tables for data archiving using on-demand backups and restore.

10. Amazon RDS vs DynamoDB maintenance

Amazon RDS Maintenance

Amazon RDS will apply the most recent patches to databases. You can choose whether and when your database instance is patched.DynamoDB maintenance.

DynamoDB Maintenance

No maintenance since DynamoDB is server-less.

11. Amazon RDS vs DynamoDB pricing

Amazon RDS Pricing

You can pay for Amazon RDS using Reserved Instances or On-Demand pricing. Utilize the AWS Pricing Calculator to forecast your monthly expenses.

See the price pages for RDS Performance Insights and RDS Proxy for information on Amazon RDS feature-level pricing.

For the Amazon Free Tier, you get the following:

  • Use of the DB.t2.micro, DB.t3.micro, and DB.t4g.micro instances of Amazon RDS Single-AZ running MySQL, MariaDB, and PostgreSQL databases for 750 hours each month. Usage is combined across all instance classes when running multiple instances.
  • Seven hundred fifty hours of Oracle BYOL or SQL Server usage on a single-AZ Amazon RDS DB.t2.micro instance (running SQL Server Express Edition). Use of the Oracle BYOL DB.t3.micro Single-AZ Instance is also available with the free tier of Amazon RDS. Usage is aggregated across Instance classes while running both a DB.t2.micro Single-AZ Instance and a DB.t3.micro Single-AZ Instance on Oracle BYOL.
  • 20 GB of storage for general-purpose (SSD) databases
  • 20 GB of storage for your user-initiated and automated database snapshots.

DynamoDB Pricing

DynamoDB has two capacity modes, which come with specific billing options for processing reads and writes on your tables: on-demand and provisioned:

When you use DynamoDB’s on-demand capacity mode, you will be charged for any data reads and writes that your application makes to your tables. Because DynamoDB automatically adapts to your workloads as they ramp up or down, you do not need to specify the read and write throughput your application is expected to deliver.

When using the provisioned capacity mode, you can specify how many reads and writes per second your application will need. To assure application performance while cutting expenses, you can utilize auto-scaling to dynamically adjust your table’s capacity based on the desired utilization rate.

12. Amazon RDS vs DynamoDB use cases

Amazon RDS Use Cases

Amazon RDS is mostly used in traditional applications, ERP, CRM, and e-commerce. Such applications do not require fetching data in real-time and are used in a relatively large scale.

DynamoDB Use Cases

Amazon DymanoDB is often used in internet-scale applications, real-time bidding, shopping carts, customer Preferences, content management, Personalization, and mobile applications.

Now, that you have a better understanding of these two database services, it’s worth noting that the service you choose will depend on your specific use case and requirements.

For more on Cloud Academy and how we can help you along your cloud journey, contact us today!

The post Amazon RDS vs DynamoDB: 12 Differences You Should Know appeared first on Cloud Academy.

]]>
0
AWS News and Releases: Keeping Your Team Current https://cloudacademy.com/blog/aws-news-and-releases/ https://cloudacademy.com/blog/aws-news-and-releases/#respond Thu, 27 Jul 2023 02:51:40 +0000 https://cloudacademy.com/?p=55416 Explore recent AWS updates and their implications for your cloud journey.

The post AWS News and Releases: Keeping Your Team Current appeared first on Cloud Academy.

]]>
Cloud innovation continues to accelerate, and staying updated with AWS news and releases is increasingly important. This post will guide you through the latest developments and help you understand their impact on the cloud landscape.

New releases from AWS

Every year, AWS introduces an array of new products and updates, each designed to provide better solutions and make cloud computing more accessible and efficient. This constant evolution is a testament to AWS’s commitment to innovation and customer satisfaction.

Why it’s important to stay up-to-date on AWS

Keeping up with AWS news and releases is crucial for several reasons. It allows businesses to leverage the latest technologies and services, leading to more efficient operations and competitive advantages while providing insights into the future direction of cloud computing, helping businesses plan their digital transformation strategies. It also enables IT professionals to expand their skills and knowledge, enhancing their career prospects in the process.

Latest AWS news

Let’s look at some of the recent AWS news and releases:

  • DynamoDB Local Version 2.0: This local, downloadable version of Amazon DynamoDB has migrated to use the jakarta.* namespace, enhancing its compatibility and functionality.
  • Amazon CloudWatch’s cross-account service quotas: This feature lets customers track and visualize resource use and limits across multiple AWS services from multiple AWS accounts using one centralized monitoring account.
  • Increased API throughput limit for AWS Systems Manager Parameter Store: The GetParameter and GetParameters APIs now support up to 10,000 transactions per second (TPS), a significant increase from the former 3,000 TPS limit.
  • Amazon Route 53’s support for additional top-level domains: This update expands the range of top-level domains that can be managed through Amazon Route 53, providing more flexibility for domain management.
  • General availability of Amazon EC2 C7gd, M7gd, and R7gd instances: These new instances offer improved performance and cost-efficiency for a wide range of workloads.
  • AWS Wickr’s federated data retention: This feature allows for federated data retention for both internal and external conversations, enhancing data management and compliance.

Getting certified on new AWS releases

Staying updated with AWS news and releases is one thing, but getting certified on these new releases is another. AWS offers a range of certification exams that validate your knowledge and skills on the latest AWS services and features, boosting your professional credibility and opening up new career opportunities.

In a dedicated article, we highlighted the top 5 ways to get certified on new AWS releases, including Cloud Academy. Our constantly updated AWS training library provides certification practice exams to prepare you or your team for the official AWS certification exam. These exams are designed to help you identify areas where you need improvement and to simulate the actual exam experience, increasing your chances of passing on the first attempt.


Contact us for a free demo to find out how Cloud Academy can help you:

A final look

Staying updated with AWS news and releases is crucial — both for businesses and IT professionals. It enables them to leverage the latest technologies, plan their strategies, and enhance their skills.

So, how are you keeping up with the rapid pace of AWS innovation? How has a recent AWS release impacted your cloud computing strategy? Let us know in the comments or on LinkedIn!

The post AWS News and Releases: Keeping Your Team Current appeared first on Cloud Academy.

]]>
0
Staying on Top of AWS Security Recommendations https://cloudacademy.com/blog/staying-on-top-of-aws-security-recommendations/ https://cloudacademy.com/blog/staying-on-top-of-aws-security-recommendations/#respond Wed, 12 Jul 2023 16:09:59 +0000 https://cloudacademy.com/?p=55015 Security has as always and will be number one on the list of priorities when migrating, managing and running operations within the cloud, whether it be focused on identity and access management, infrastructure protection, data protection, detection, or incident response, it’s always an important factor! So what is the best...

The post Staying on Top of AWS Security Recommendations appeared first on Cloud Academy.

]]>
Security has as always and will be number one on the list of priorities when migrating, managing and running operations within the cloud, whether it be focused on identity and access management, infrastructure protection, data protection, detection, or incident response, it’s always an important factor! So what is the best way to stay on top of AWS security recommendations when technology is always changing so fast and new threats are being uncovered and developed at the same rapid pace? In this post I hope to provide you with a list of options to help you stay in the know when it comes to security.

AWS Security Blog

The AWS security blog is a great way to help keep you ahead of new challenges, changes and developments relating to all things related to AWS security. It is updated regularly with new posts, promoting news, best practices, service features and announcements, technical how-to’s, events and much more.  It provides a vast library of content that you can sift through to keep on top of your security needs. The posts allow you to comment should you have any questions or queries, in addition to sharing a link to the post using social media channels such as FaceBook, LinkedIn, Twitter, or email.

Some examples of the most recent posts include:

If you want to be notified every time a new security post has been published you can subscribe to the RSS feed using any feed reader. 

You can also check out the Cloud Academy Blog for the latest on recent AWS content updates, exam and certification updates and more. For more on how to stay in the know on all things AWS, read our latest post, Top 5 Ways to Get Certified on AWS Releases.

AWS Security Bulletins

AWS Security bulletins only focus on information that contains important information about security and privacy notifications, as a result there are far less bulletin posts compared to AWS Security blog posts. Any security bulletin posted should really be read and understood as it could have a significant impact on the security of your AWS environment.  You can filter the bulletins on the year it was published, in addition to if the content is listed as ‘important’ or ‘informational’.  

Some examples of the most recent bulletins include:

As you can see, these bulletins focus more directly on security issues that could impact your environment.  

The Security Bulletin also has an RSS feed that you can follow to stay up to date.

As a tech leader, you know that security is one of the most significant issues holding back cloud adoption. Cloud Academy’s training library focuses deeply on IT Security, allowing your team to stay up to date on new security breaches and ways to resolve them.

To learn more about how we can help you to secure your cloud environment, or for help on choosing the right AWS security certifications for you and your team, contact us and request a free demo!

AWS Service Documentation

The rate of change to AWS services, features and toolsets can sometimes be difficult to stay on top of, last year alone there were over 2000 updates to their services.  If you subscribe to the AWS Security blog post, then you might want to dive deeper into an announcement that has been made regarding a new security service.  Looking at the Service Documentation will provide you a high-level overview of the service in question.  As expected there is a section for all AWS services, but the area that you’ll likely be interested in can be found under the heading of Security, Identity & Compliance which covers all security services offered by AWS.

Selecting one of these services will give you a single page high-level overview of the service selected, giving you enough information to understand what it does, the benefit it provides, and how it can fit into your architecture to enhance your security posture.

As an example of the kind of document you’ll see, the following extract has been taken from the AWS Key Management Service documentation.  

AWS re:Inforce

Every year AWS hosts a conference specifically aimed at all things security, AWS re:Inforce! This year (2023) it was held in Anaheim, California and was a 2 day event.  This is a fantastic opportunity to connect with industry leaders in this field and attend some great breakout sessions to enhance your knowledge in different areas, relevant for beginners and experts, you will find sessions for all.  By visiting the Expo you’ll be able to interact with AWS experts and receive demonstrations on the latest services and technology.  

It all starts with the Keynote session, which is highly recommended as you will normally be first to hear of new security services and technologies that AWS is launching and making generally available. To find out more about this year’s announcements that were made during the keynote, held by CJ Moses, Chief Information Security Officer (CISO) for AWS, read this post.

The great thing about these AWS conferences is that some of the sessions are recorded, which you can view at a later date via the AWS events YouTube Channel.  This playlist is specifically related to AWS re:Inforce 2023, so feel free to go and take a look!

Other Industry News

Now of course you shouldn’t just rely on AWS blogs and bulletins to enhance your knowledge within the world of security, there are also numerous industry news feeds which cover security as a whole, and these should also be regularly visited and reviewed.  A few of them include, and in no particular order:

As these sites cover a wide scope of security news, you’ll uncover information on topics such as vulnerabilities, data breaches, cyber attacks, threats, risk management, CISO strategies, events and conferences, podcasts, and more! 

Common Vulnerabilities and Exposures List

The Common Vulnerabilities and Exposures List was set up as a program to help everyone identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.  When these vulnerabilities are first discovered by partnered organizations across the globe, they are given a unique CVE record and published.  This allows security professionals to use this extensive list as a source of information to help them mitigate and protect themselves against known threats, and the great thing is that it’s free to use and search!  

Social Media

Most people use one form or another of social media, and it’s a very easy way to keep in the loop on topics of interest. There are a lot of companies and individuals who are leaders in the field of AWS and security, here are just 10 Twitter accounts to get you started! Start following and connect with these people and organizations to ensure their posts appear directly into your daily feed.

Twitter Accounts

  • @awscloud – The official account for Amazon Web Services
  • @AWSSecurityInfo – The official Twitter profile for AWS Security. Infrastructure and services to elevate your security in the cloud
  • @AWS_Security – This is the official twitter account for the AWS Security Team. If you have a pressing security issue, please contact us.
  • @AWSIdentity – The AWS Cloud allows customers to scale & innovate, while securely managing identities, resources & permissions. Follow us for the latest about AWS Identity.
  • @ISC2  – An international nonprofit membership association focused on inspiring a safe and secure cyber world.
  • @CVEnew – Official account maintained by the CVE Program to notify the community of new CVE IDs. cve.org
  • @Werner – CTO @ Amazon
  • @jeffbarr – Chief Evangelist @Amazon Web Services: follow me for AWS updates & chatter
  • @mosescj58 – AWS CISO
  • @TeriRadichel – CEO @2ndSightLab | Cybersecurity Author Instructor Pentester l GSE 240 | IANS Faculty 

To learn more about Cloud Academy and how we can assist you on your journey to the cloud, contact us and request a free demo!

The post Staying on Top of AWS Security Recommendations appeared first on Cloud Academy.

]]>
0
I Lost my MFA Credentials for my AWS Root Account! https://cloudacademy.com/blog/i-lost-my-mfa-credentials-for-my-aws-root-account/ https://cloudacademy.com/blog/i-lost-my-mfa-credentials-for-my-aws-root-account/#respond Thu, 06 Jul 2023 13:29:45 +0000 https://cloudacademy.com/?p=54926 Today I found myself in a bit of a situation, I needed to log into my AWS account as the Root account to enable AWS IAM Identity Center, a simple enough operation, or so I thought!  I navigated to the AWS Management Console login page that is required for root...

The post I Lost my MFA Credentials for my AWS Root Account! appeared first on Cloud Academy.

]]>
Today I found myself in a bit of a situation, I needed to log into my AWS account as the Root account to enable AWS IAM Identity Center, a simple enough operation, or so I thought! 

I navigated to the AWS Management Console login page that is required for root users.

I entered my email address as required and clicked ‘Next’.  I was then presented with the usual captcha security checks, where I am asked to enter the characters shown on the screen, or alternatively listen to an audio version where I have to enter 6 numbers in the audio clip given. 

Next, I was asked to enter my password for the root account, which I did and clicked ‘Sign In’.

So far, so good as I sat there thinking this would only take a few more seconds and I’ll have IAM Identity Center enabled on my Management account of my AWS Organization and I’ll be good to go! 

The final verification step required me to enter my Multi-Factor Authentication (MFA) details.  As security best practice dictates, you should have MFA enabled on your AWS account, especially your Root account due to the elevated security privileges the user has.   

Personally I use the Google Authenticator application on my phone to manage all my MFA credentials, but to my surprise and shock, I didn’t have an entry within my application for the root user for my AWS account! 

To begin with I was sure I was doing something wrong, I checked again, triple checked, until I came to the conclusion that I had either deleted it by accident from the app, or simply forgot to add it on there when I replaced my phone some months ago (more likely the culprit).  

So now I was in a situation where I didn’t have the MFA credentials for my AWS root account.  I had not been in this situation before and was a little stuck as to what to do.  After a quick bit of research there is a process to allow you to gain access to your account as the root user without requiring the preconfigured MFA device that the account is associated with.  Instead, additional verification checks can be made through both email and an automated phone call by AWS! 

Using an alternate verification factor

To resolve this issue, firstly, select ‘Troubleshoot MFA’ and this will direct you to a page which will give you 2 options:

  1. Re-sync with AWS servers
  2. Sign in using alternative factors of authentication

As I didn’t have any record of the MFA account on my application, I had to select the ‘Sign in using alternative factors’.

From here you are presented with a 3-step sign in process.  Step 1 is to verify your details through email.  Confirm that the email address is correct, and then click ‘Send verification email’.  At this point an email will be sent to the email address which will look like the following:

You must verify your email address by clicking on the link within the email, and this will take you to step 2 of the verification process which uses your registered telephone number on the AWS account.

By selecting ‘Call me now’, you will receive an automated phone call from AWS asking you for a 6 digit verification number that will appear once you are connected on the telephone.  

HOWEVER, I got the following error as soon as I clicked on the ‘Call me now’ button! “Phone verification could not be completed”.

Again, another stumbling block! This was however easily rectified.  I logged into my AWS account as an administrator and checked my ‘Contact Information’ under my account settings, in particular where my phone number was entered.  I realized that I hadn’t added my country code and + sign to the beginning of the contact number.  

I edited these contact details, and tried again and this time it was successful.  So that issue was completely my fault as I hadn’t added the details correctly on my account when I set it up about 7 years ago!

From here, I simply clicked on ‘Sign in to the console’ and I was authenticated and able to sign in to my AWS account as the root user.  

To get around this problem from happening again, I removed the associated MFA credentials from the root account from within IAM and reconfigured it again using the Google authenticator application on my phone.  

So, if you ever find yourself in a situation where you do not have access to the MFA device or credentials for your root user account, then don’t fear, you can simply authenticate using other factors which include your email address and your registered contact number (just remember to have the + country code added as a prefix).

The post I Lost my MFA Credentials for my AWS Root Account! appeared first on Cloud Academy.

]]>
0