Knowledge: Class 62nd AWS Trusted Advisor

Class 62nd AWS Trusted Advisor and Project day 1 ,July 8th

What is the trusted advisor?
ACM -Aws certificate manager
What is the AWS ACM?
What are SSL/TLS Certificates?
Types of AWS ACM?
Key features of AWS ACM.
How AWS ACM Works?
Limitations of AWS ACM.

Ticket cases :

Account and Billing related queries

Service limit increases

Technical Assistance

Basic Support -Free Support

Account and Billing related queries yes

Service limit increases yes

Technical Assistance no

No technical assistance from AWS

AWS Developer forums access

Knowledge base articles and AWS docs

Trusted advisor :only core area checks

Developer Support -From 29$ per month Support

Account and Billing related queries yes

Service limit increases yes

Technical Assistance yes

12-24 Local business hours support

Char and email support from cloud support associate

Start from $29/-per month

Trusted advisor :only core area checks

One user can raise ticket

Business Support -From 100$ per month Support

Account and Billing related queries yes

Service limit increases yes

Technical Assistance yes

With in 1hr support available

24*7 support

Cloud engineer provides the help

Email,phone and char support

Trusted advisor:Full area checks

Multiple users can raise tickets

Enterprise Support -From 15000$ per month (Company related only)

$15000/-per month

with in 15 mints support available

Sr. Cloud engineer support

AWS Training and allocate TAM(Technical Account manager)

Annual operational review and architectural reviews

Trusted advisor: Full area checks

Multiple users can raise ticket

AWS trusted advisor

AWS trusted advisor is a cloud optimization service provided by amazon web services(AWS).

It is an essential tools for AWS users who want to ensure their cloud environment is optimized, secure, and cost-effective.

it helps users optimize their AWS infrastructure by offering real-time guidance in five key areas: Cost Optimization, performance, security, fault tolerance, service limits

and Operational excellence.

AWS Trusted Advisor continuously scans you AWS environment, providing insights though a dashboard that displays check and recommendations.

User can then implement these recommendations directly or with the assistance of AWS support.

AWS Trusted advisor

Benefits

Cost savings: By identifying unused or underutilize resources, trusted advisor helps reduce costs.

Improved Security: It ensures that your AWS Environment adheres to security best practices.

Enhances performance: it offers suggestions to improve the performance of you AWS workload.

Increase Fault tolerance: Recommendations are provided to improve the resilience of your architecture.

Practical:

As we are free limitation trusted advisor only few checks perform completely in our account level

(Cost Optimation, performance, Security,Fault tolerance,service limitations,Operation excellence) Recommendation will provide ,below navigation

>Trusted Advisor>Recommendations

Step1:

As see below ,one of the S3 bucket security policy was broken, given public access

Step2: 1 Immediate action,3 for investigation optional case ,0 if you are not security compliance showing here

Some security group ,some issue unrestricted ,ports are enabled All traffic ,need to remove this security group

Step3: After deleted security immediate trusted advisor ,refresh automatically

ACM -AWS Certificate manager

What is the AWS ACM?

What are SSL/TLS certificates?

Types of AWS ACM?

Key Features of AWS ACM.

How AWS ACM Works?

Limitations of AWS ACM.

What is the AWS ACM?(free)

Aws certificate Manage(ACM) is a manager service that allows you to provision, mange, and deploy

SSL/TLS certificates for securing websites and applications running on AWS.

It simplifies the processes of obtaining and renewing certificates, making it easier to enable HTTPS(secure communication) for your domains.

What are SSL/TLS Certificates?

SSL (Secure sockets Layer) and TLS(Transport Layer Security) certificates are digital certificates that secure communication between a web server and a user's browser by encrypting data.

What is an SSL certificate?

SSL Was the original protocol designed to secure internet communication.

it established an encrypted connection between clients(browsers) and servers. However, SSL is now outdated and insecure.

what is a TLS Certificate?

TLS is the modern and more secure replacement for SSL,it provides the same encryption but with stronger security algorithms.

Most people still call them "SSL Certificates" but in reality, today's certificates use TLS encryption

ACM Certificates for internal user only

AWS ACM(Amazon Certificate manager) provides free SSL/TLS certificates for use with AWS services like ALB,cloudfront,and API gateway.

For customer installations(Ec2,On-prem servers),you may need to buy a certificate from thrid-party providers like dificert, Globalsign, or Let's Encrypt(free option).

Are SSL/TLS Certificates Free?

ACM certificates for internal use only

AWS ACM(Amazon Certificate manager) Provides free SSL/TLS Certificates for use with AWS services like ALB,cloudfront,and API Gateway.

For custom installations(Ec2,on-prem servers),you may need to buy a certificate from third-party providers like digicert,globalsign,or Lets encrypt(free option)

Types of AWS ACM ?

AWS Certificate manager(ACM) provides certificates in 2 types

Public and private certificates

Feature : Public Private (internal)

Visibility Trusted globally by all browsers Only Trusted within internal networks

Use case Used for websites,APIs,and external Used for internal services like intranet,VPNS,and Servers private APIs

Issued by Public certificate authorities(CA)like AWS private CA(your own CA)

amazon,digicert

Pricing Free (in AWS ACM) Requires AWS private CA(paid)

validation Doamin validation required No Public validation needed

examples https://yourwebsite.com(accessuble https://internal.yourcompany.com(used within the to the world) company)

Key features of AWS ACM.

Free SSL.TLS certificates

.ACM Provides free SSL/TLS certificates for domains managed within AWS.

These Certificates are issued by Amazon trust services.

Automatic renewal

ACM automatically renews certificates before they expire, eliminating manual efforts

Domain validation(DV)

To get a certifcate,you must verify domain ownership using:

1.Emal validation(sending a verification email to the domain owner)

2.DNS validation(Adding a CNAME record in Route 53)

How AWS ACM Works?

1. Requesting a certificate

In AWS console, go to certificate manager(ACM) >request certificate.

Enter your domain name (eg.example.com)

Choose validation method(Email or DNS)

If using DNS,ACM Provides a CNAME record to add to Route 53

2. Validation Process

If using DNS Validation, ACM checks for the correct CNAME records in Route 53

Once validated,the certificate is issued.

3.Deploying the Certificate

Attach the issued certificate to an application load balancer (ALB),CloudFront, or API Gateway

Configure, a HTTPs listener(port 443) for secure traffic.

limitation of AWS ACM

ACM certificates for internal use only

You cannot download ACM certificates for use outside AWS(e.g on a standardlone server)

To Use and external SSL certificate,you must import it into ACM

On Supports AWS-integrated services

ACM certificates can only be used with AWS service like ALB,cloudFront,and API Gateway.

Cannot be installed on Ec2 instances directly(for that ,use Let's Encrypt or buy a certificate from an external provider)

Regional scope

ACM Certificate are region-specific ,except for cloudfrontm,which uses certificates from ACM in Us-east-1

Pricing:

AWS ACM in free for public SSL/TLS certificates are long as they are used with AWS-intergrated service like:

Application load balancer

CloudFont(CDN)

API Gateway

AWS APP Runner

What costs Money?

Private certificates(issuse via AWS Private CA)

If you need an internal(Private)certificate for internal apps, you must use AWS private cerificate Authority(CA),which is not free

Route 53 Domain registration(optional)

If you domain is registered with route 53,you pay for domain registration(e.g $12 year for .com domains)

CloudFront Usage

ACM certificates are free ,but use them with cloudfront ,you pay for cloudfront data transfer.

Cloud Front S3 Static Page Hosting

Step1:Need to create one S3 Bucket ,With Public Access ccitpublicbucket and upload the static

index.html page

Step2:Give Bucket policy like this

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "Statement2",

"Effect": "Allow",

"Principal": "*",

"Action": "s3:*",

"Resource": "arn:aws:s3:::ccitpublicbucket/*"

}

Step3: Static we can not directly do static page hosted into hosted zone, using cloud front url

we can able to hosted the static page

CloudFront creation

Need to select Origin S3

Click Next select Do not enable security Protections, Click next and create Distribution

Step4: SSL certificate creation

AWS Certificate Manager>Certificate >Request Certificate

Request Public certificate

Give you Domain name For me:vakatisubbu.xyz

click Request

While create request you add enter Cname to Route 53

Route 53 cname enter is created

Step5: Hosted zone give you domain name

Step6:Cname records created ,A record you need add you cloudFront distrinutation endpoint

Step7:After SSL certificate attached to CloudFront

Sep8: Cloud Distribution Validation add Object /* click create optional

Step9: Prior Godaddy website, where you brough the domain ,you need custom dns

nameservers you need enter your NS enters which was exist 4 url add ,after add only ACM will be issued

Step11:After SSL Certificate, Static page opened

Project1

Using all below services

IAM,

KMS, Encrypt the password

VPC,

EC2,(LB,AS,EBS,EFS),

Local to RDS, Completed

DynamoDB,

Lambda,

API Gateway,

S3, Completed

Route53,

ACM

This Local Mysql Project Library :https://github.com/Vakatisubbu/DigitalLibrary.git

Above Project is Local DB Need change this RDS

Step1:Create Aurora DBA Mysql

Aurora DB>Mysql

Template>Free Tier

DB Instance Identifier: Auroradb (any name)

Credential setting>Self managed(master password confirm password)

Instance Configuration >Burastable

Public Access >yes

Click Create database

Using the DB connections detail connect Mysql your local

CREATE DATABASE IF NOT EXISTS digital_library; USE digital_library;

CREATE TABLE IF NOT EXISTS users ( id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(100) NOT NULL, mobile VARCHAR(20) NOT NULL, email VARCHAR(100) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, gender VARCHAR(10), location VARCHAR(100), image VARCHAR(255) );

CREATE TABLE IF NOT EXISTS books ( id INT AUTO_INCREMENT PRIMARY KEY, title VARCHAR(255) NOT NULL, author VARCHAR(255), available BOOLEAN DEFAULT TRUE );

CREATE TABLE IF NOT EXISTS history ( id INT AUTO_INCREMENT PRIMARY KEY, user_id INT, book_id INT, borrow_date DATETIME, return_date DATETIME, FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE, FOREIGN KEY (book_id) REFERENCES books(id) ON DELETE CASCADE );

INSERT INTO books (title, author, available) VALUES ('Wings of Fire', 'A.P.J. Abdul Kalam', TRUE), ('The Guide', 'R.K. Narayan', TRUE), ('Godan', 'Munshi Premchand', TRUE), ('Train to Pakistan', 'Khushwant Singh', TRUE), ('Ignited Minds', 'A.P.J. Abdul Kalam', TRUE), ('Mahabharata', 'Ved Vyasa', TRUE), ('Python Crash Course', 'Eric Matthes', TRUE), ('Digital Fortress', 'Dan Brown', TRUE), ('You Can Win', 'Shiv Khera', TRUE), ('Zero to One', 'Peter Thiel', TRUE);

Db configuration file you need change the connection details ,run the launch the application

C:\Users\Administrator\Desktop\AWS_projects\DigitalLibrary>python app.py

https://github.com/Vakatisubbu/DigitalLibrary.git

Signup with details User tables insert records successfully.