AWS Cookbook

Book description

This practical guide provides over 70 self-contained recipes to help you creatively solve common AWS challenges you'll encounter on your cloud journey. If you're comfortable with rudimentary scripting and general cloud concepts, this cookbook provides what you need to address foundational tasks and create high-level capabilities.

Authors John Culkin and Mike Zazon share real-world examples that incorporate best practices. Each recipe includes a diagram to visualize the components. Code is provided so that you can safely execute in an AWS account to ensure solutions work as described. From there, you can customize the code to help construct an application or fix an existing problem. Each recipe also includes a discussion to provide context, explain the approach, and challenge you to explore the possibilities further.

Go beyond theory and learn the details you need to successfully build on AWS. The recipes help you:

  • Redact personal identifiable information (PII) from text using Amazon Comprehend
  • Automate password rotation for Amazon RDS databases
  • Use VPC Reachability Analyzer to verify and troubleshoot network paths
  • Lock down Amazon Simple Storage Service (S3) buckets
  • Analyze AWS Identity and Access Management policies
  • Autoscale a containerized service

Table of contents

  1. Foreword
  2. Preface
    1. Who This Book Is For
    2. What You Will Learn
    3. The Recipes
    4. What You Will Need
    5. Getting Started
    6. Conventions Used in This Book
    7. Using Code Examples
    8. O’Reilly Online Learning
    9. How to Contact Us
    10. Acknowledgments
  3. 1. Security
    1. 1.0. Introduction
    2. 1.1. Creating and Assuming an IAM Role for Developer Access
    3. 1.2. Generating a Least Privilege IAM Policy Based on Access Patterns
    4. 1.3. Enforcing IAM User Password Policies in Your AWS Account
    5. 1.4. Testing IAM Policies with the IAM Policy Simulator
    6. 1.5. Delegating IAM Administrative Capabilities Using Permissions Boundaries
    7. 1.6. Connecting to EC2 Instances Using AWS SSM Session Manager
    8. 1.7. Encrypting EBS Volumes Using KMS Keys
    9. 1.8. Storing, Encrypting, and Accessing Passwords Using Secrets Manager
    10. 1.9. Blocking Public Access for an S3 Bucket
    11. 1.10. Serving Web Content Securely from S3 with CloudFront
  4. 2. Networking
    1. 2.0. Introduction
    2. 2.1. Defining Your Private Virtual Network in the Cloud by Creating an Amazon VPC
    3. 2.2. Creating a Network Tier with Subnets and a Route Table in a VPC
    4. 2.3. Connecting Your VPC to the Internet Using an Internet Gateway
    5. 2.4. Using a NAT Gateway for Outbound Internet Access from Private Subnets
    6. 2.5. Granting Dynamic Access by Referencing Security Groups
    7. 2.6. Using VPC Reachability Analyzer to Verify and Troubleshoot Network Paths
    8. 2.7. Redirecting HTTP Traffic to HTTPS with an Application Load Balancer
    9. 2.8. Simplifying Management of CIDRs in Security Groups with Prefix Lists
    10. 2.9. Controlling Network Access to S3 from Your VPC Using VPC Endpoints
    11. 2.10. Enabling Transitive Cross-VPC Connections Using Transit Gateway
    12. 2.11. Peering Two VPCs Together for Inter-VPC Network Communication
  5. 3. Storage
    1. 3.0. Introduction
    2. 3.1. Using S3 Lifecycle Policies to Reduce Storage Costs
    3. 3.2. Using S3 Intelligent-Tiering Archive Policies to Automatically Archive S3 Objects
    4. 3.3. Replicating S3 Buckets to Meet Recovery Point Objectives
    5. 3.4. Observing S3 Storage and Access Metrics Using Storage Lens
    6. 3.5. Configuring Application-Specific Access to S3 Buckets with S3 Access Points
    7. 3.6. Using Amazon S3 Bucket Keys with KMS to Encrypt Objects
    8. 3.7. Creating and Restoring EC2 Backups to Another Region Using AWS Backup
    9. 3.8. Restoring a File from an EBS Snapshot
    10. 3.9. Replicating Data Between EFS and S3 with DataSync
  6. 4. Databases
    1. 4.0. Introduction
    2. 4.1. Creating an Amazon Aurora Serverless PostgreSQL Database
    3. 4.2. Using IAM Authentication with an RDS Database
    4. 4.3. Leveraging RDS Proxy for Database Connections from Lambda
    5. 4.4. Encrypting the Storage of an Existing Amazon RDS for MySQL Database
    6. 4.5. Automating Password Rotation for RDS Databases
    7. 4.6. Autoscaling DynamoDB Table Provisioned Capacity
    8. 4.7. Migrating Databases to Amazon RDS Using AWS DMS
    9. 4.8. Enabling REST Access to Aurora Serverless Using RDS Data API
  7. 5. Serverless
    1. 5.0. Introduction
    2. 5.1. Configuring an ALB to Invoke a Lambda Function
    3. 5.2. Packaging Libraries with Lambda Layers
    4. 5.3. Invoking Lambda Functions on a Schedule
    5. 5.4. Configuring a Lambda Function to Access an EFS File System
    6. 5.5. Running Trusted Code in Lambda Using AWS Signer
    7. 5.6. Packaging Lambda Code in a Container Image
    8. 5.7. Automating CSV Import into DynamoDB from S3 with Lambda
    9. 5.8. Reducing Lambda Startup Times with Provisioned Concurrency
    10. 5.9. Accessing VPC Resources with Lambda
  8. 6. Containers
    1. 6.0. Introduction
    2. 6.1. Building, Tagging, and Pushing a Container Image to Amazon ECR
    3. 6.2. Scanning Images for Security Vulnerabilities on Push to Amazon ECR
    4. 6.3. Deploying a Container Using Amazon Lightsail
    5. 6.4. Deploying Containers Using AWS Copilot
    6. 6.5. Updating Containers with Blue/Green Deployments
    7. 6.6. Autoscaling Container Workloads on Amazon ECS
    8. 6.7. Launching a Fargate Container Task in Response to an Event
    9. 6.8. Capturing Logs from Containers Running on Amazon ECS
  9. 7. Big Data
    1. 7.0. Introduction
    2. 7.1. Using a Kinesis Stream for Ingestion of Streaming Data
    3. 7.2. Streaming Data to Amazon S3 Using Amazon Kinesis Data Firehose
    4. 7.3. Automatically Discovering Metadata with AWS Glue Crawlers
    5. 7.4. Querying Files on S3 Using Amazon Athena
    6. 7.5. Transforming Data with AWS Glue DataBrew
  10. 8. AI/ML
    1. 8.0. Introduction
    2. 8.1. Transcribing a Podcast
    3. 8.2. Converting Text to Speech
    4. 8.3. Computer Vision Analysis of Form Data
    5. 8.4. Redacting PII from Text Using Comprehend
    6. 8.5. Detecting Text in a Video
    7. 8.6. Physician Dictation Analysis Using Amazon Transcribe Medical and Comprehend Medical
    8. 8.7. Determining Location of Text in an Image
  11. 9. Account Management
    1. 9.0. Introduction
    2. 9.1. Using EC2 Global View for Account Resource Analysis
    3. 9.2. Modifying Tags for Many Resources at One Time with Tag Editor
    4. 9.3. Enabling CloudTrail Logging for Your AWS Account
    5. 9.4. Setting Up Email Alerts for Root Login
    6. 9.5. Setting Up Multi-Factor Authentication for a Root User
    7. 9.6. Setting Up AWS Organizations and AWS Single Sign-On
  12. Fast Fixes
  13. Index
  14. About the Authors

Product information

  • Title: AWS Cookbook
  • Author(s): John Culkin, Mike Zazon
  • Release date: December 2021
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781492092605