Systems Operations Deep Dive Resources
The resources I share with my classroom students to dive deeper into Cloud Ops
Ted Trentler
Amazon Employee
Published Jul 5, 2024
Years ago in the dark days of the late 1900s I was working towards a networking certification and I asked a mentor of mine how to prepare for the exam. She said there is one Acronym you need to know.
RTFM. Read The Freaky Manual.
There are lots of really good self study resources out there. All of those resources are based on someone's interpretation of the documentation. AWS's documentation (https://docs.aws.amazon.com) is second none. Go straight to the source. The docs I've identified below are focused on topics in the AWS SysOps Administrator Associate Exam Guide.
Prerequisites
If you are brand new to the cloud there is a free 10 hour digital training course called Cloud Practitioner Essentials. Take the course and you should be ready to take the CPE foundational certification exam. These are the basics of the AWS cloud. A great intro to the AWS cloud for both technical people and business leaders. You also can also earn a Credly badge at the end of the course.
Important Learning Materials
- [PDF] AWS Ramp-Up Guide: SysOps Administrator - The Official list of good study resources!
- AWS Documentation -EC2 has been available since 2006. Are those results from 20120 the search engine gave you showing the most up to date info? - Want current info on a service? Check out the docs.
- Tagging Best Practices - Tag it all!!
- AWS Free Tier - There are both always free and free for the first 12 Months of your account resources. Pro Tip: Set an AWS budget alert if you pass free tier limits!
Introduction to Systems Operations on AWS
- AWS Well-Architected Framework - The Best Practices for utilizing AWS!
- Operational Excellence Pillar: AWS Well-Architected Framework - The SysOps specific best practices for operating on AWS.
Access Management
- Users, Groups and Roles - The Principles in IAM - Take some time and really learn about roles - You will use them quite a bit - Want to give an instance access to a database? Use a Role. Want to give an Facebook/Apple/Google user access to photos in an app? Use a Role. Want a promotion at work? Maybe implement roles properly. Can't hurt.
- “Policies and permissions in IAM” in the AWS Identity and Access Management User Guide Understanding Policies is a key skill that you will need. They are written in JSON. (JSON is just a text markup that stores data in a format that is easy for both people and machines to read.)
- “Granting a user permissions to pass a role to an AWS service” in the AWS Identity and Access Management User Guide - To get this concept - understanding IAM roles and policies are a prerequisite.
- “Policy evaluation logic” in the AWS Identity and Access Management User Guide - TLDR - Deny is Implicit. Deny always beats Allow. (Like rock beats scissor in Rock Paper Scissor )
- “Get started using permissions with AWS managed policies” in the AWS Identity and Access Management User Guide - Scared of Policies? Start here.
- “IAM Multi-factor authentication” You are doing this. Right‽
- “Rotate credentials regularly” in the AWS Identity and Access Management User Guide: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials
- “Understanding the credential report format” in the AWS Identity and Access Management User Guide
- “Testing IAM policies with the IAM policy simulator” Does that policy you just wrote work? Of course it does. Everything you write always works perfectly the first time.
Me, I need to test before I deploy. - “AWS global condition context keys “ Using Conditions in your IAM Policies. Know that the request context is information about the requesting principle (user/group/role) that can be used as a condition in a policy. You can have a condition to grant/deny access based on things like dates/times/ipaddress ranges.
- “Controlling access to and for IAM users and roles using tags”: Tag Everything!!
- “Installing, updating, and uninstalling the AWS CLI” in the AWS Command Line Interface User Guide The cool kids use the CLI. Are you a cool kid? Want to be cool and learn the CLI easily? Use CodeWhisperer for CLI a Generative AI tool for the command line. It will also help you with bash scripting, git and other commandline tasks you do.
- “AWS Systems Manager Session Manager” in the AWS Systems Manager User Guide https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
- “AWS Config Managed Rules” in the AWS Config Developer Guide http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html
- “Setting Up AWS Config with the Console” https://docs.aws.amazon.com/config/latest/developerguide/gs-console.html
- “Setting Up AWS Config Rules with the Console” https://docs.aws.amazon.com/config/latest/developerguide/setting-up-aws-config-rules-with-console.html
- “JMESPath Tutorial” https://jmespath.org/tutorial.html
“jq” https://stedolan.github.io/jq/ - JQ is a commandline JSON processor.
System Discovery
- “Tagging Best Practices” If you aren't tagging, you're Wrong! Tag it! All of it!
- Using Tags in Policies and then there are Tag Policies in AWS Organizations. Two different concepts that sound similar.
- “What are AWS Resource Groups” in the AWS Resource Groups User Guide
- “What is AWS Control Tower?” Muilti account control with pre-built best practices baked in.
- “Retrieving instance metadata” in the Amazon EC2 User Guide for Linux Instances - The definition of meta is "referring to itself" So instance meta data is data about the instance.
“What is AWS CloudFormation?” Infrastructure as code is a large part of the SYSops exam and working with AWS in general. Master this topic and padawans will journey to your mountaintop seeking enlightenment.
QuickStarts. - Great example CloudFormation scricpts can be found here. Quick Starts can help you deploy popular technologies to AWS in minutes.
- “What Is AWS Service Catalog?” AWS Service Catalog Administrator Guide - Push cloud formation templates to other accounts in you AWS Organization.
- “AWS CloudFormation Templates” Several examples here - Setup a WordPress blog in 5 minutes with Cloud Formation!
Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.