Class 62nd AWS Trusted Advisor and Project day 1 ,July 8th
What is the trusted advisor?
ACM -Aws certificate manager
What is the AWS ACM?
What are SSL/TLS Certificates?
Types of AWS ACM?
Key features of AWS ACM.
How AWS ACM Works?
Limitations of AWS ACM.
Ticket cases :
Account and Billing related queries
Service limit increases
Technical Assistance
Basic Support -Free Support
Account and Billing related queries yes
Service limit increases yes
Technical Assistance no
No technical assistance from AWS
AWS Developer forums access
Knowledge base articles and AWS docs
Trusted advisor :only core area checks
Developer Support -From 29$ per month Support
Account and Billing related queries yes
Service limit increases yes
Technical Assistance yes
12-24 Local business hours support
Char and email support from cloud support associate
Start from $29/-per month
Trusted advisor :only core area checks
One user can raise ticket
Business Support -From 100$ per month Support
Account and Billing related queries yes
Service limit increases yes
Technical Assistance yes
With in 1hr support available
24*7 support
Cloud engineer provides the help
Email,phone and char support
Trusted advisor:Full area checks
Multiple users can raise tickets
Enterprise Support -From 15000$ per month (Company related only)
$15000/-per month
with in 15 mints support available
Sr. Cloud engineer support
AWS Training and allocate TAM(Technical Account manager)
Annual operational review and architectural reviews
Trusted advisor: Full area checks
Multiple users can raise ticket
AWS trusted advisor
AWS trusted advisor is a cloud optimization service provided by amazon web services(AWS).
It is an essential tools for AWS users who want to ensure their cloud environment is optimized, secure, and cost-effective.
it helps users optimize their AWS infrastructure by offering real-time guidance in five key areas: Cost Optimization, performance, security, fault tolerance, service limits
and Operational excellence.
AWS Trusted Advisor continuously scans you AWS environment, providing insights though a dashboard that displays check and recommendations.
User can then implement these recommendations directly or with the assistance of AWS support.
AWS Trusted advisor
Benefits
Cost savings: By identifying unused or underutilize resources, trusted advisor helps reduce costs.
Improved Security: It ensures that your AWS Environment adheres to security best practices.
Enhances performance: it offers suggestions to improve the performance of you AWS workload.
Increase Fault tolerance: Recommendations are provided to improve the resilience of your architecture.
Practical:
As we are free limitation trusted advisor only few checks perform completely in our account level
(Cost Optimation, performance, Security,Fault tolerance,service limitations,Operation excellence) Recommendation will provide ,below navigation
>Trusted Advisor>Recommendations
Step1:
As see below ,one of the S3 bucket security policy was broken, given public access
Step2: 1 Immediate action,3 for investigation optional case ,0 if you are not security compliance showing here
Some security group ,some issue unrestricted ,ports are enabled All traffic ,need to remove this security group
Step3: After deleted security immediate trusted advisor ,refresh automatically
ACM -AWS Certificate manager What is the AWS ACM?
What are SSL/TLS certificates?
Types of AWS ACM?
Key Features of AWS ACM.
How AWS ACM Works?
Limitations of AWS ACM.
What is the AWS ACM?(free)
Aws certificate Manage(ACM) is a manager service that allows you to provision, mange, and deploy
SSL/TLS certificates for securing websites and applications running on AWS.
It simplifies the processes of obtaining and renewing certificates, making it easier to enable HTTPS(secure communication) for your domains.
What are SSL/TLS Certificates?
SSL (Secure sockets Layer) and TLS(Transport Layer Security) certificates are digital certificates that secure communication between a web server and a user's browser by encrypting data.
What is an SSL certificate?
SSL Was the original protocol designed to secure internet communication.
it established an encrypted connection between clients(browsers) and servers. However, SSL is now outdated and insecure.
what is a TLS Certificate?
TLS is the modern and more secure replacement for SSL,it provides the same encryption but with stronger security algorithms.
Most people still call them "SSL Certificates" but in reality, today's certificates use TLS encryption
ACM Certificates for internal user only
AWS ACM(Amazon Certificate manager) provides free SSL/TLS certificates for use with AWS services like ALB,cloudfront,and API gateway.
For customer installations(Ec2,On-prem servers),you may need to buy a certificate from thrid-party providers like dificert, Globalsign, or Let's Encrypt(free option).
Are SSL/TLS Certificates Free?
ACM certificates for internal use only
AWS ACM(Amazon Certificate manager) Provides free SSL/TLS Certificates for use with AWS services like ALB,cloudfront,and API Gateway.
For custom installations(Ec2,on-prem servers),you may need to buy a certificate from third-party providers like digicert,globalsign,or Lets encrypt(free option)
Types of AWS ACM ?
AWS Certificate manager(ACM) provides certificates in 2 types
Public and private certificates
Feature : Public Private (internal)
Visibility Trusted globally by all browsers Only Trusted within internal networks
Use case Used for websites,APIs,and external Used for internal services like intranet,VPNS,and Servers private APIs
Issued by Public certificate authorities(CA)like AWS private CA(your own CA)
amazon,digicert
Pricing Free (in AWS ACM) Requires AWS private CA(paid)
validation Doamin validation required No Public validation needed
examples https://yourwebsite.com(accessuble https://internal.yourcompany.com(used within the to the world) company)
Key features of AWS ACM.
Free SSL.TLS certificates
.ACM Provides free SSL/TLS certificates for domains managed within AWS.
These Certificates are issued by Amazon trust services.
Automatic renewal
ACM automatically renews certificates before they expire, eliminating manual efforts
Domain validation(DV)
To get a certifcate,you must verify domain ownership using:
1.Emal validation(sending a verification email to the domain owner)
2.DNS validation(Adding a CNAME record in Route 53)
How AWS ACM Works?
1. Requesting a certificate
In AWS console, go to certificate manager(ACM) >request certificate.
Enter your domain name (eg.example.com)
Choose validation method(Email or DNS)
If using DNS,ACM Provides a CNAME record to add to Route 53
2. Validation Process
If using DNS Validation, ACM checks for the correct CNAME records in Route 53
Once validated,the certificate is issued.
3.Deploying the Certificate
Attach the issued certificate to an application load balancer (ALB),CloudFront, or API Gateway
Configure, a HTTPs listener(port 443) for secure traffic.
limitation of AWS ACM
ACM certificates for internal use only
You cannot download ACM certificates for use outside AWS(e.g on a standardlone server)
To Use and external SSL certificate,you must import it into ACM
On Supports AWS-integrated services
ACM certificates can only be used with AWS service like ALB,cloudFront,and API Gateway.
Cannot be installed on Ec2 instances directly(for that ,use Let's Encrypt or buy a certificate from an external provider)
Regional scope
ACM Certificate are region-specific ,except for cloudfrontm,which uses certificates from ACM in Us-east-1
Pricing:
AWS ACM in free for public SSL/TLS certificates are long as they are used with AWS-intergrated service like:
Application load balancer
CloudFont(CDN)
API Gateway
AWS APP Runner
What costs Money?
Private certificates(issuse via AWS Private CA)
If you need an internal(Private)certificate for internal apps, you must use AWS private cerificate Authority(CA),which is not free
Route 53 Domain registration(optional)
If you domain is registered with route 53,you pay for domain registration(e.g $12 year for .com domains)
CloudFront Usage
ACM certificates are free ,but use them with cloudfront ,you pay for cloudfront data transfer.
Cloud Front S3 Static Page HostingStep1:Need to create one S3 Bucket ,With Public Access ccitpublicbucket and upload the static
index.html page
Step2:Give Bucket policy like this
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement2",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::ccitpublicbucket/*"
}
Step3: Static we can not directly do static page hosted into hosted zone, using cloud front url
we can able to hosted the static page
CloudFront creation
Need to select Origin S3
Click Next select Do not enable security Protections, Click next and create Distribution
Step4: SSL certificate creation
AWS Certificate Manager>Certificate >Request Certificate
Request Public certificate
Give you Domain name For me:vakatisubbu.xyz
click Request
While create request you add enter Cname to Route 53
Route 53 cname enter is created
Step5: Hosted zone give you domain nameStep6:Cname records created ,A record you need add you cloudFront distrinutation endpoint
Step7:After SSL certificate attached to CloudFront
Sep8: Cloud Distribution Validation add Object /* click create optional
Step9: Prior Godaddy website, where you brough the domain ,you need custom dns
nameservers you need enter your NS enters which was exist 4 url add ,after add only ACM will be issued
Step11:After SSL Certificate, Static page opened
Project1
Using all below services
IAM,
KMS, Encrypt the password
VPC,
EC2,(LB,AS,EBS,EFS),
Local to RDS, Completed
DynamoDB,
Lambda,
API Gateway,
S3, Completed
Route53,
ACM
This Local Mysql Project Library :https://github.com/Vakatisubbu/DigitalLibrary.git
Above Project is Local DB Need change this RDS
Step1:Create Aurora DBA Mysql
Aurora DB>Mysql
Template>Free Tier
DB Instance Identifier: Auroradb (any name)
Credential setting>Self managed(master password confirm password)
Instance Configuration >Burastable
Public Access >yes
Click Create database
Using the DB connections detail connect Mysql your local
CREATE DATABASE IF NOT EXISTS digital_library; USE digital_library;
CREATE TABLE IF NOT EXISTS users ( id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(100) NOT NULL, mobile VARCHAR(20) NOT NULL, email VARCHAR(100) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, gender VARCHAR(10), location VARCHAR(100), image VARCHAR(255) );
CREATE TABLE IF NOT EXISTS books ( id INT AUTO_INCREMENT PRIMARY KEY, title VARCHAR(255) NOT NULL, author VARCHAR(255), available BOOLEAN DEFAULT TRUE );
CREATE TABLE IF NOT EXISTS history ( id INT AUTO_INCREMENT PRIMARY KEY, user_id INT, book_id INT, borrow_date DATETIME, return_date DATETIME, FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE, FOREIGN KEY (book_id) REFERENCES books(id) ON DELETE CASCADE );
INSERT INTO books (title, author, available) VALUES ('Wings of Fire', 'A.P.J. Abdul Kalam', TRUE), ('The Guide', 'R.K. Narayan', TRUE), ('Godan', 'Munshi Premchand', TRUE), ('Train to Pakistan', 'Khushwant Singh', TRUE), ('Ignited Minds', 'A.P.J. Abdul Kalam', TRUE), ('Mahabharata', 'Ved Vyasa', TRUE), ('Python Crash Course', 'Eric Matthes', TRUE), ('Digital Fortress', 'Dan Brown', TRUE), ('You Can Win', 'Shiv Khera', TRUE), ('Zero to One', 'Peter Thiel', TRUE);
Db configuration file you need change the connection details ,run the launch the application
C:\Users\Administrator\Desktop\AWS_projects\DigitalLibrary>python app.py
https://github.com/Vakatisubbu/DigitalLibrary.git
Signup with details User tables insert records successfully.
Login above detail and take some books
History table Records are inserted successfully.
Login image We plan store in S3 bucket, Our ccitpublicbucket existing code need enable ACL
After enable
S3 Images are stored Successfully.
Click the image icon right inspect,get know where image coming , here clearly showing the image coming from S3 bucket.
--Thanks
