A Must-Have Mindset to Successfully use Machine Learning by Google

The great benefit of ML is not only high accuracy, but also Data-Driven & Automatic Action.

ML is a way to use algorithm to derive insights from data and make repeated decisions.

- Define your business goal

- Define what kinds of Machine Learning that help

- Collect relevant data

- Train your ML

- Deploy your ML to real-world application

- Evaluate & Improve your ML


A Quick Review for Continuous Improvement for Existing Solutions

Part 5: Continuous Improvement for Existing Solutions (29% of exam)

  • Logging & Monitoring
  • Reliability & Performance
  • Automated Response to Detection of Security Vulnerabilities
  • Automated Deployment & Rollback Strategy
  • Enable object-level logging in the S3 bucket to automatically track S3 actions using CloudTrail.
  • Set up an Amazon CloudWatch Events rule with an SNS Topic to notify the IT Compliance team when a PutObject API call with public-read permission is detected in the CloudTrail logs.
  • Launch another CloudWatch Events rule that invokes an AWS Lambda function to turn the newly uploaded public object to private.
  • An IAM trust policy that allows the EC2 instance to assume an EC2 instance role.
  • An IAM…

A Quick Review for Cost Control

Part 4: Cost Control (12.5% of exam)

  • Cost Optimization & Monitoring

Only the DEV account benefits from the Reserved Pricing.

Note — The consolidated billing feature of AWS Organizations, for billing purpose, treats all the accounts in the organization as one account. This means that all accounts in the organization can receive the hourly cost benefit of Reserved Instances that are purchased by any other account.

Only instances of same instance type & Availability Zone with Reserved Instances are valid for consolidated billing.

You can turn off Reserved Instance discount sharing on the Preferences page on the Billing and Cost Management console.

https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/ri-behavior.html

https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidatedbilling-other.html

A single AWS…


A Quick Review for Migration Planning

Part 3 : Migration Planning (15% of exam)

  • Migration Assessment
  • Database Migration
  • Server Migration

AWS Application Discovery Service.

Note — Planning data center migrations can involve thousands of workloads that are often deeply interdependent. Server utilization data and dependency mapping are important early first steps in the migration process.

AWS Application Discovery Service collects and presents configuration, usage, and behavior data from your servers to help you better understand your workloads and estimate the Total Cost of Ownership (TCO) of running on AWS and to plan your migration to AWS.

https://aws.amazon.com/application-discovery/

  • Request for an AWS Snowball device. …

A Quick Review to Design for New Solutions

Part 2 : Design for New Solutions (31% of exam)

  • Credentials Management
  • Network & Security
  • Reliability & Performance
  • Deployment & Patch Management Strategy
  1. Create a role in IAM with appropriate permissions.
  2. Record the user’s information in Amazon DynamoDB.
  3. When the user uses his/her mobile app, create temporary credentials using the “AssumeRole” function in STS.
  4. Store these credentials in the mobile app’s memory and use them to access the S3 bucket. Generate new credentials every time the user runs the mobile app.

Note — You should never store long-term credentials inside a mobile app, use temporary credentials created from AWS STS instead.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html

Set up cross-account access with a resource-based policy.


A Quick Review to Design for Organizational Complexity

Part 1 : Design for Organizational Complexity (12.5% of exam)

  • Cross-Account Authentication
  • Multi-Account environment using AWS Organization
  • Network & Security
  • Configure AWS Organizations to group different accounts into separate Organizational Units (OU) depending on the business function.
  • Create a Service Control Policy (SCP) that restricts launching any AWS resources without a tag.
  • Apply the SCP to the OU which will automatically cascade the policy to individual member accounts.

https://aws.amazon.com/premiumsupport/knowledge-center/iam-policy-tags-restrict/

  • Create a new IAM role for the 3rd-party vendor.
  • Add a permission policy that only allows the actions required by the third party application.
  • Add a trust policy with a Condition element for the External ID to ensure that it matches…

A Quick Review to Design Cost-Optimized Architectures

Part 4 : Design Cost-Optimized Architectures (18% of exam)

  • Identify cost-optimized solutions for Compute, Storage, Database & Network.

Use Scheduled Reserved Instances, which provide compute capacity that is always available on the specified recurring schedule.

Scheduled Reserved Instances enable you to purchase capacity reservations that recur on a daily, weekly, or monthly basis, with a specified start time and duration, for a one-year term. You reserve the capacity in advance, so that you know it is available when you need it. You pay for the time that the instances are scheduled, even if you do not use them.

https://aws.amazon.com/blogs/aws/new-scheduled-reserved-instances/

Terminate the Reserved instances as soon as possible to avoid…


A Quick Review to Design Secure Applications and Architectures

Part 3 : Design Secure Applications and Architectures (24% of exam)

  • Design secure access to AWS resources.
  • Design secure Application tiers.
  • Design appropriate Data Security.

NAT Gateway — AWS-managed NAT services with high availability & bandwidth, IPv4 supported.

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html

Egress-only Internet Gateway — a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet, and prevents the internet from initiating an IPv6 connection with your instances.

https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html

Create Access Key for IAM User with necessary permissions.

When you use the AWS Management Console to create a user, you must choose to at least include a console password or access…


A Quick Review to Design High-Performing Architectures

Part 2 : Design High-Performing Architectures (28% of exam)

  • Identify high-performing solutions for Compute, Storage, Database & Network.

The value of Cache-Control max-age or TTL (Time To Live) is set to zero.

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html

Amazon ElastiCache

For sub-millisecond latency caching, ElastiCache is the best choice. In order to address scalability and to provide a shared data storage for sessions that can be accessed from any individual web server, you can abstract the HTTP sessions from the web servers themselves. A common solution for this is to leverage an In-Memory Key/Value store such as Redis and Memcached.

https://aws.amazon.com/caching/session-management/

Increase the number of shards of the Kinesis Data Stream

Amazon Kinesis Data…


A Quick Review to Design Resilient Architectures

Part 1 : Design Resilient Architectures (30% of exam)

  • Design Multi-tier architectures.
  • Design High-available & Fault-tolerance architectures.
  • Design Decoupling mechanisms using AWS services.

By default, records of a stream are accessible for up to 24 hours from the time they are added to the stream.

You can raise this limit to up to 7 days by enabling extended data retention or up to 365 days by enabling long-term data retention.

https://aws.amazon.com/kinesis/data-streams/faqs/

AWS Elastic Beanstalk.

AWS Elastic Beanstalk makes it even easier for developers to quickly deploy and manage applications in the AWS Cloud. …

Pisit J.

Software Engineer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store