AWS Certified SysOps Administrator Official Study Guide. Cole Stephen
(AWS KMS)
C. Amazon Virtual Private Cloud (Amazon VPC)
D. Active Directory Connector
9. What AWS Cloud service provides a logically isolated section of the AWS Cloud where systems operators can launch AWS resources into a virtual network they defined?
A. Amazon Virtual Private Cloud (Amazon VPC)
B. Amazon Route 53
C. Availability Zones
D. Security Groups
10. You manage a fleet of web servers hosted on Amazon Elastic Compute Cloud (Amazon EC2). Most, if not all, of the websites are static in nature. What AWS Cloud service can host a static website, thus replacing servers?
A. Amazon Elastic Compute Cloud (Amazon EC2)
B. Amazon Simple Storage Service (Amazon S3)
C. Amazon Route 53
D. Amazon API Gateway
Chapter 2
Working with AWS Cloud Services
THE AWS CERTIFIED SYSOPS ADMINISTRATOR – ASSOCIATE EXAM TOPICS COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING:
Domain 4.0 Deployment and Provisioning
✔ 4.2 Demonstrate the ability to provision cloud resources and manage implementation automation.
Content may include the following:
■ How to configure your workstation to manage and deploy AWS resources
Introduction to AWS Cloud Services
As a qualified candidate for the AWS Certified SysOps Administrator – Associate certification, it’s not enough to read the guide – you need to get your hands dirty by digging in. This chapter provides you with a starting point for using several AWS tools that will help you be successful as you learn how to use the cloud in a more effective manner.
It’s likely that you are familiar with the AWS Management Console, the web-based interface to AWS Cloud services. In this study guide, we won’t spend much time instructing you on the basics of the AWS Management Console. You’ve probably been using it already, and we believe there is more value in instructing you, the systems operator, in the tools that will allow you to integrate AWS functionality into the scripting environments in which you are already an expert.
There are several AWS-provided tools available for customers to create, maintain, and delete AWS resources at the command line or in code: the AWS Command Line Interface (AWS CLI), AWS Tools for PowerShell, and AWS Software Development Kits (SDKs). Understanding these tools is an essential part of an effective cloud operations team’s automation and scripting toolkit.
To find instructions on how to install the latest version of the AWS CLI, navigate to http://aws.amazon.com/cli in a web browser. For Windows, you’ll download and install the 32-bit or 64-bit installer that is appropriate for your computer. If you’re using Mac or Linux and have Python and pip installed, installing the latest version of the AWS CLI is as simple as running pip install awscli.
Upgrading the AWS CLI on a Linux or Mac computer is as simple as running pip install – upgrade awscli. For Windows users, you’ll have to download the latest installer and install the latest version.
After installing the AWS CLI, run aws configure to configure it with your credentials. Specifically, you will need an access key and secret key created for your AWS Identity and Access Management (IAM) user. Optionally, you can set a region (for example, us-east-1) and a default output format (for example, JSON) after entering your access key and secret key. The aws configure Command Options are shown in Table 2.1.
TABLE 2.1 The aws configure Command Options
If you ever believe that your credentials are compromised, you should inactivate them immediately.
You can also create multiple profiles by appending -profile profile-name to the aws configure command. This can be handy in a number of different situations. You may want to have separate profiles with separate privileges for development, testing, and production environments. You could also create unique profiles for multiple accounts that you need to access. Creating different profiles will allow you to execute commands using different configurations for each.
After you’ve run aws configure, your credentials are stored in ~/.aws/credentials on Mac or Linux, or in %UserProfile%\.aws/credentials on Windows. Your other configuration parameters are stored in ~/.aws/config on Mac or Linux, or in %UserProfile%\.aws/config on Windows. The AWS CLI will look in these locations for the credentials and configuration information each time it is called to execute a command.
You can specify configuration parameters using environment variables as well, as listed in Table 2.2. This ability can come in handy for making swift changes in scripts or on a temporary basis from the command line.
TABLE 2.2 Environment Variables
How you change the variable depends on the shell you are using. In the bash shell, which is most commonly the default on Linux and Mac systems, you use the format export environment_variable=option to set the new variable.
You can add the option help to the end of nearly every AWS CLI command to determine a list of available options. For example, executing aws help will return a list of all of the services available to use as options. Running aws s3 help will return a list of the valid parameters to pass as part of a command-line call to Amazon Simple Storage Service (Amazon S3).
Support for tab completion– the ability to start typing a command and have a list of valid options to complete your command appear when you press tab – is a feature built into the AWS CLI but not enabled by default. You can enable autocompletion for the bash shell (Linux or Mac) by typing complete – C aws_completer aws.
AWS makes the AWS CLI source code available within the terms of the Apache License, Version 2.0. If you remain within the license, you can review the code before using it or adapt it into a new tool for your own project. There is an active community