book

AWS Cookbook

by John Culkin, Mike Zazon

December 2021

Intermediate to advanced

358 pages

7h 41m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

Includes

Has Sandbox

Who This Book Is ForWhat You Will LearnThe RecipesWhat You Will NeedGetting StartedConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
1.0. Introduction1.1. Creating and Assuming an IAM Role for Developer Access1.2. Generating a Least Privilege IAM Policy Based on Access Patterns1.3. Enforcing IAM User Password Policies in Your AWS Account1.4. Testing IAM Policies with the IAM Policy Simulator1.5. Delegating IAM Administrative Capabilities Using Permissions Boundaries1.6. Connecting to EC2 Instances Using AWS SSM Session Manager1.7. Encrypting EBS Volumes Using KMS Keys1.8. Storing, Encrypting, and Accessing Passwords Using Secrets Manager1.9. Blocking Public Access for an S3 Bucket1.10. Serving Web Content Securely from S3 with CloudFront
2.0. Introduction2.1. Defining Your Private Virtual Network in the Cloud by Creating an Amazon VPC2.2. Creating a Network Tier with Subnets and a Route Table in a VPC2.3. Connecting Your VPC to the Internet Using an Internet Gateway2.4. Using a NAT Gateway for Outbound Internet Access from Private Subnets2.5. Granting Dynamic Access by Referencing Security Groups2.6. Using VPC Reachability Analyzer to Verify and Troubleshoot Network Paths2.7. Redirecting HTTP Traffic to HTTPS with an Application Load Balancer2.8. Simplifying Management of CIDRs in Security Groups with Prefix Lists2.9. Controlling Network Access to S3 from Your VPC Using VPC Endpoints2.10. Enabling Transitive Cross-VPC Connections Using Transit Gateway2.11. Peering Two VPCs Together for Inter-VPC Network Communication
3.0. Introduction3.1. Using S3 Lifecycle Policies to Reduce Storage Costs3.2. Using S3 Intelligent-Tiering Archive Policies to Automatically Archive S3 Objects3.3. Replicating S3 Buckets to Meet Recovery Point Objectives3.4. Observing S3 Storage and Access Metrics Using Storage Lens3.5. Configuring Application-Specific Access to S3 Buckets with S3 Access Points3.6. Using Amazon S3 Bucket Keys with KMS to Encrypt Objects3.7. Creating and Restoring EC2 Backups to Another Region Using AWS Backup3.8. Restoring a File from an EBS Snapshot3.9. Replicating Data Between EFS and S3 with DataSync
4.0. Introduction4.1. Creating an Amazon Aurora Serverless PostgreSQL Database4.2. Using IAM Authentication with an RDS Database4.3. Leveraging RDS Proxy for Database Connections from Lambda4.4. Encrypting the Storage of an Existing Amazon RDS for MySQL Database4.5. Automating Password Rotation for RDS Databases4.6. Autoscaling DynamoDB Table Provisioned Capacity4.7. Migrating Databases to Amazon RDS Using AWS DMS4.8. Enabling REST Access to Aurora Serverless Using RDS Data API
5.0. Introduction5.1. Configuring an ALB to Invoke a Lambda Function5.2. Packaging Libraries with Lambda Layers5.3. Invoking Lambda Functions on a Schedule5.4. Configuring a Lambda Function to Access an EFS File System5.5. Running Trusted Code in Lambda Using AWS Signer5.6. Packaging Lambda Code in a Container Image5.7. Automating CSV Import into DynamoDB from S3 with Lambda5.8. Reducing Lambda Startup Times with Provisioned Concurrency5.9. Accessing VPC Resources with Lambda
6.0. Introduction6.1. Building, Tagging, and Pushing a Container Image to Amazon ECR6.2. Scanning Images for Security Vulnerabilities on Push to Amazon ECR6.3. Deploying a Container Using Amazon Lightsail6.4. Deploying Containers Using AWS Copilot6.5. Updating Containers with Blue/Green Deployments6.6. Autoscaling Container Workloads on Amazon ECS6.7. Launching a Fargate Container Task in Response to an Event6.8. Capturing Logs from Containers Running on Amazon ECS
7.0. Introduction7.1. Using a Kinesis Stream for Ingestion of Streaming Data7.2. Streaming Data to Amazon S3 Using Amazon Kinesis Data Firehose7.3. Automatically Discovering Metadata with AWS Glue Crawlers7.4. Querying Files on S3 Using Amazon Athena7.5. Transforming Data with AWS Glue DataBrew
8.0. Introduction8.1. Transcribing a Podcast8.2. Converting Text to Speech8.3. Computer Vision Analysis of Form Data8.4. Redacting PII from Text Using Comprehend8.5. Detecting Text in a Video8.6. Physician Dictation Analysis Using Amazon Transcribe Medical and Comprehend Medical8.7. Determining Location of Text in an Image

9.0. Introduction9.1. Using EC2 Global View for Account Resource Analysis9.2. Modifying Tags for Many Resources at One Time with Tag Editor9.3. Enabling CloudTrail Logging for Your AWS Account9.4. Setting Up Email Alerts for Root Login9.5. Setting Up Multi-Factor Authentication for a Root User9.6. Setting Up AWS Organizations and AWS Single Sign-On

Content preview from AWS Cookbook

Index

A

Access Analyzer
- list of services supported, Discussion
- using to generate IAM policy based on CloudTrail activity, Solution
access points (S3), configuring application-specific access to buckets with, Problem-Challenge
access policies for common job functions, Steps
- creating policy for secret access, Steps
account management, Introduction-Challenge 2
- enabling CloudTrail logging for AWS account, Problem-Challenge
- modifying tags for many resources at one time with Tag Editor, Problem-Challenge
- setting AWS ACCOUNT ID to bash variable, Fast Fixes
- setting up AWS Organization and AWS Single Sign-On, Problem-Challenge 2
- setting up email alerts for root login, Problem-Challenge
- setting up multi-factor authentication for root user in, Problem-Challenge
- using EC2 Global View for account resource analysis, Problem-Challenge
administrative access for routine development tasks, not recommended, Discussion
administrative capabilities, delegating for IAM using permissions boundaries, Problem-Challenge
administrative IAM user, Discussion
AI/ML, Introduction-Challenge
- computer vision analysis of form data, Problem-Challenge
- converting text to speech, Problem-Challenge
- detecting text in a video, Problem-Challenge
- determining location of text in an image, Problem-Challenge
- physician dictation analysis, Problem-Discussion
- redacting PII from text using Comprehend, Problem-Challenge
- transcribing a podcast, Problem-Challenge
ALBs (see Application Load Balancers)
alerts (email) for root login, setting up, Problem-Challenge ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Serverless Architectures on AWS, Second Edition

Yan Cui, Ajay Nair, Peter Sbarski

AWS Security Cookbook

Heartin Kanikathottu

Terraform Cookbook

Kerim Satirli, Taylor Dolezal

Learning Amazon Web Services (AWS): A Hands-On Guide to the Fundamentals of AWS Cloud

Mark Wilkins

Publisher Resources

ISBN: 9781492092599Errata Page Supplemental Content