Pass Your Amazon AWS Certified Developer Associate Exam Easy!

Amazon AWS Certified Developer Associate AWS Certified Developer Associate (DVA-C01) exam dumps vce, practice test questions, study guide & video training course to study and pass quickly and easily. Amazon AWS Certified Developer Associate AWS Certified Developer Associate (DVA-C01) exam dumps & practice test questions and answers. You need avanset vce exam simulator in order to study the Amazon AWS Certified Developer Associate certification exam dumps & Amazon AWS Certified Developer Associate practice test questions in vce format.

Identity Access Management (IAM)

4. Active Directory Federation

Hello Cloud Gurus, and welcome to this lecture on how to federate Active Directory with the AWS Console. This can come up in the exam in a couple of forms. So I just wanted for you to understand exactly how it's done and in what order it's done. So if we just start off, imagine the users at home. They're working from home, and they need to log into the AWS console, and they're working on their own home network, so they haven't already signed into the work network. What they would do is browse to a URL. And in this case, we have a fully qualified domain name and an adfsls initiated sign on. This is basically an ADFS Web server that sits inside a DMZ, inside someone's corporate network. And you browse to that link, and it will give you a username and password depending on your browser. But basically, it prompts you to sign in using your Active Directory credentials. It's also known as Single Sign-On, or SSO, if you've ever heard that term before. So you type your SSO in there, and you would sign into your Active Directory environment. When you do that, you basically receive Samuel's assertion. Samuel basically stands for Secure Assertive Markup Language, and Samuel assertion is in the form of an authentication response from the ADFS. So you're basically going to get a little cookie that you store inside your browser that says that you've signed on, and then your browser points to the Samuel certificate at the AWS sign-on endpoint for Samuel. Sign in basically uses the assumed role with the Samuel API to request temporary security credentials and then constructs a sign-in URL for the AWS Management Console behind the scenes. And then, basically, you'll be able to login to the Amazon Web console. So what I want you to take away from this lecture are two things, because they're relevant to the exams. The first one is, can you authenticate with Active Directory? The answer is yes, and it's using SAML. So it will ask you, "Using what type of authentication?" So just remember the acronym SAML. And then the other question that can come up is whether or not you're authenticating to Active Directory first and then being given a temporary security credential, or if you get the temporary security credential first, which is then authenticated against Active Directory. And of course, the correct answer is that you always authenticate against Active Directory first, and then you would be assigned the temporary security credential. So that's the two times I've seen it come up in the exam. It comes up in the Solutions Architect Exam specifically around what protocol you use, and then it comes up in the Developer Exam in terms of the order. But a lot of the exam questions between the Solutions Architect Exam and the Developer Exam are basically shared. So I thought I'd just quickly makethis lecture to cover both of. So if you have any questions, please let me know. But if not, feel free to move on to the next section. Thank you.

5. Web Identity Federation

Hello cloud gurus, and welcome to this section on Web Identity Federation with mobile applications. It's going to be a really quick section. Effectively, for the exam, you just need to know that you can authenticate your applications using things like Facebook, LinkedIn, Google, and Amazon's own Amazon account. So to set up your Amazon.com account, for example, you need to do a fair bit of coding. It depends, again, on what environment you're coding it for in this article. web identity federation with mobile applications. If you Google that, it describes it all to you in detail. It is outside the scope of the exam. Basically, you just need to know whether it's possible or not. And then the only other thing I wanted to show you is the actual playground. So if you go into identity access management and then go down to additional information, you'll see the Web Identity Federation playground. And let's just go ahead and log in with Facebook. I'm going to go in here and log in with Facebook, and it's prompted me for my Facebook username and password. So I'm just going to pause it here, and I'm going to enter it in. I don't want the whole world to know my Facebook username or what I used to log into Facebook, but once I've logged in, I'll restart the video. Okay, so I've successfully signed in using Facebook, and you'll see that I've been given an access token, which is in this green text. And that access token is going to expire within 5016 seconds. You actually see a little counter up there that counts down how long it's going to take for that token to expire. Now what's important about this, and this comes up in the exam, is the actual methodology of how you're authenticating. So what we've done is we've gone to Facebook, we've verified our identity with Facebook, and we've been given an access token. Using this access token, we then go into AWS. So we proceed to step two, and we're going to obtain temporary security credentials. So in here, you can see how to obtain temporary security credentials. And using that ID token, we can obtain our temporary security credentials by making an Assumed with Role Web Identity Request. And so this is basically the policy statement that was created. So you can see here Sid, the effect is allowed by principle. And this is basically a JSON policy that's being created. You can go through and read it if you want, but what's important is the provider ID, which is grafted onto Facebook.com as the role ARN. and ARN stands for Amazon Resource Name. And this is the resource name here. and do remember that because ARN can come up in the exam. And then this is the session, and this is my Web identity token. So this is the actual token that I'll use to authenticate against AWS. Proceed to Step Three. The first thing I've got to do is call the role "assume" with web identity. And there we go. So there's my request that's gone through, and this is the response. And now that I've got my token, I'm able to go through and log in, and I'm able to see here all of the different actions that I can perform. So I can list a bucket or get an object. And if I list a bucket, there's the request to list the bucket, and there's the response, which is basically showing me the name of the bucket, which is called a Web Identity Federation Playground bucket. and it's showing me what's inside here. As a result, you can see userfun users, docs, and TXT. So I can actually see the contents of that bucket using the token that I got and my temporary security credentials from Facebook. So really, the key points to take away are that you don't need to know how to do this programmatically for the exam. If you do want to learn how to do it in your language of choice, just visit this blog; there are loads of tutorials and articles on it. But from a higher level, what's really important to understand for the exam is just the process that you go through. And the key thing to remember is that you authenticate first with your identity provider, you then get your temporary security credentials, and then basically, once you've gone and got your temporary security credentials, you call this an "assumed role" with Web Identity. And then once you've done that, you are able to access your AWS resource. So just remember that, and I will put that in the practise quizzes and in the final exam at the end. If you have any questions, please let me know. But if not, feel free to move on to the next lecture. Thanks.

6. IAM – Summary

So we've learned that IAM consists of the following: it consists of users, it consists of groups, and groups are a way to group our users together and apply policies to them collectively. It consists of roles, and it consists of policies, which are made up of policy documents. And essentially, we can take our policy documents and apply them to users, groups, and roles individually. Our policy documents remain universal. Our policy documents are made up of JavaScript-object notation, otherwise referred to as JSON. And essentially, it's a key-value pair. Now that key-value pair consists of an attribute followed by a value. So, if you recall, we saw something like this during our admin administrator access in the lab. So we have our attribute, which is a version, and then our value, which is the date, then our attribute, which is the statement, and then our values. And we can actually start to nest if we use the square brackets. So our attribute is effect, and our value is allow; our attribute is action, and then our value is the wildcard; and then our resource is our attribute, and then again the value is the wildcard. So essentially, we're there saying that you need to allow actions, or any action, on any resource. We're giving administrators access. Now, you don't actually need to know how to read this, and you certainly don't need to know how to programme it to pass the exam. It does help if you can read it. And the way I like to get familiar with JSON is just by going back to the AWS console, clicking on the policy documents, and then clicking through and actually reading what each one does. and it will start to make sense to you after some time. However, it is extremely unlikely that you will be asked to evaluate a policy document; this is more likely to occur in the developer or SysOps administrator exams. So what else have we learned? IAM is universal. It does not apply to regions at this time. So when you create a user, a role, or a group within identity access management, the region that you do it in does not matter. It's completely consistent across the platform. We've learned that the root account is simply the account created when you first set up your AWS account, and it has complete admin access by default. And that is the only account that's going to have complete admin access by default. When you create new users, the opposite is true. They have no access to do anything by default, which is my next slide. So new users have no permissions when first created. We've also learned that new users are assigned an accesskey ID and a secret access key when first created—and that's what we downloaded in our CSV file. Now, it's really important not to confuse them with passwords. You can't use your access key ID and your secret access key to login to the AWS console. That's why we then went on to create a password for our users. What you can use the access key ID and secret accesskey for is to communicate with AWS either via the command line, using the SDK, or using the APIs. And then you pass those credentials to AWS. But it's important to remember that you can't use those credentials to actually go in and log into the console. You only get to use those credentials once. If you lose them, you have to regenerate them. You can't view them again, so you need to download them and save them in a secured location. We also learned that you always have to setup multi-factor authentication on your root account. That's a critical security step. You always want multifactor authentication on your root account; otherwise, you're going to get that warning message down the bottom when you first log into IAM. You can also create and customise your own password rotation policies, which we did right at the end of the lab. So we can say that we want it to be eight characters, we want the password to expire every 90 days, we don't want the password to be reused, et cetera. Okay, so that's it, guys. That's it for Identity Access Management 101. As mentioned, we will come back to this and look at IAM in a bit more detail. But first I want you to get more hands-on with other aspects of the console. And then, towards the end of the course, we'll come back and deep dive into identity access management. You certainly have learned a lot to get started. Okay, so that's it for this section. You've done really well. The next section is where we start getting our hands dirty, and we're going to be looking at EC2, which is one of the main backbones of AWS. So this is where you spin up virtual machines. We're going to go in and provision our own Linux Web servers. We're going to start using the PHP SDK, and you're going to learn an awful lot. So if you've got the time, please join me in the next section. Thank you.

EC2 & Getting Setup

1. EC2 101 - Part 1

What is EC Two? Well, EC2 is a web service that provides resizeable compute capacity in the cloud. Amazon EC2 reduces the time required to obtain and boost new server instances to minutes, allowing you to quickly scale capacity both up and down as your computing requirements change. So what exactly is it? Well, it's virtual machines in the cloud. This is going to be your virtual Linux server or your virtual Windows server, and you provision them on demand. And we'll look at all the different types of EC II instances in a few slides. So if you have worked in IT or tech for a long time, you'll remember times before cloud computing. And it used to be that if I needed, let's say, a database server, what I'd have to do is go to HP or Dell and look at the different rack-mounted servers or blade chassis servers available, and then I'd give them my specifications. So I'd have to tell them how many processors I wanted, how many calls per processor, how much RAM I needed, what my disc size requirements are, and whether I needed tier storage. So did I need SSD drives for an application that was going to be running, but then only magnetic for the operating system? And you basically had to build out this entire specification. So once you decided what server you wanted, you then had to decide for how long you were going to purchase or rent it from HP or Dell. So you could have this for a twelve-month period, a 24-month period, or up to five years, or you could purchase it outright, and then you would basically also choose how to finance it. Would you pay on a monthly basis or would you purchase it outright and pay a high capex cost up front? And then once you've decided all this and actually gotten your purchasing department to sign off on it, you issue a purchase order and give this to the supplier, who accepts the purchase and starts to deliver the actual servers. That could take anywhere from a week to a month for the servers to arrive. And, of course, once they arrive, your DataOperations Center team must rack the server. They have to patch in all the cabling; they need to add in all the backbone networking as well as the Internet connection. And then your SIS administrators have to go in there and make sure that the right operating system is installed and that it's installed according to company security specifications. All the applications and monitoring tools are installed, and eventually the server would be handed over to you and you'd be able to use it. Now, depending on how quick your organisation was, this could be anywhere from a couple of weeks all the way up to six or twelve months down the line. It used to be really frustrating. And then cloud computing came along, and suddenly, with Amazon, you could instantly provision everything using a web portal. And for solutions architects like myself, it was a complete game changer. So no longer would I have to wait for 30 days, 60 days, or up to a year for these servers to arrive. I can go in and start provisioning and experimenting right away. And it really changed all of it because people liked startups like Airbnb and Uber and didn't have to have huge budgets to start experimenting. They could actually just go out and do this and only pay by the hour. And if something doesn't work, you just tear it down. You weren't locked into any 1224-month or 36-month contracts, and it literally changed the world. The entire startup scene could suddenly afford to experiment at a very low cost. And that's why you get all these innovative companies that exist today. They wouldn't have existed without cloud computing. So this is what EC Two essentially is. And this is why it's such an important exam topic because it's one of the main cornerstones of cloud computing. So Amazon EC-2 changes the economics of computing by allowing you to pay only for the capacity that you actually use. EC2 provides developers the tools to build failure-resilient applications and isolate themselves from common failure scenarios. We'll have a look at how we're going to do that in the labs coming up. So let's start with the different EC Two pricing options. So we've just been talking about on demand, and this is basically where you pay a fixed rate by the hour with no commitment. This is what I'm talking about when I'm talking about startups. They could provision servers, pay for them by the hour, then, when they were finished with them, they could just terminate them, and they wouldn't be locked into any sort of long-term contracts. We also have reserved, and this is where maybe you have a baseline capacity that you need to maintain. Maybe you always need two web servers in order to serve a minimum portion of your user base. So in that scenario, it makes more sense to reserve capacity over a significant period of time. We're usually talking about one- or three-year terms, and because you're reserving that capacity and basically guaranteeing to Amazon that you'll be in a one- or three-year contract, you get a significant discount on the hourly charge, for example. So then we have a spot. Now think of spot pricing. just like the stock market. Basically, a stock's price goes up and down all the time depending on different market conditions, based on supply and demand. So Spot enables you to bid whatever price you want, for instance, based on capacity, providing you with even greater savings if your applications have flexible start and end times. So basically, what you do is put in a bid price and see if the bid price is higher than the spot price. And the spot price is the market rate at which you're paying for that particular instance. Then you'll be able to provision that instance. But when the spot price goes higher than your bid price, that instance will then be terminated. We'll talk about that in a couple more slides. So a lot of engineering companies, pharmaceutical companies, and genomics companies will use this, and basically they'll be bidding for excess compute capacity that might be available at 02:00 a.m. on the Eastern Standard Time Zone because nobody is visiting websites at that time or very few people are. So a lot of compute capacity becomes available. It means that they can work on their own computers during those sorts of downtimes and pay a lot less for it than what they're paying for when they're using computers on demand. And then finally, we have dedicated hosts, and these are physical EC Two servers that are actually dedicated for your use Now the really cool thing about this is that you can pay for this by the hour. So again, you can have a dedicated physical machine for yourself, you're only paying an hourly rate, and you're not locked into any long-term commitments. And this can be really useful when it comes to licencing a lot of the legacy licences for applications, or even not-legacy licenses. Some licences today will say that they have to be on a physical kit; they can't be on a virtual machine. So this is where dedicated hosts come in. So let's talk about "on demand." On Demand is where users can get the low cost and flexibility of EC2 without any upfront payment or long-term commitment. This is a common use case for applications with short-term spiky or unpredictable workloads that cannot be interrupted, or in our case, applications being developed or tested for the first time on Amazon EC2. So we're going to be using on-demand instances for the rest of this course. The reason we're using On Demand is because we only want to pay for them when we're doing lapses, and when we finish the lapse, we want to then go in and terminate them because we don't need them re using On DSo moving on to reserved instances, this is for applications with steady-state or predictable usage. So I used the example before of maybe you always have 10,000 active users on your particular site, and you need a minimum of two very large web servers in order to accommodate that. So this is where you've got applications that require steady reserved capacity, and users are able to make upfront payments to reduce their total computing costs even further. So you're locked into a one- or three-year contract, and you can pay upfront, and you get the maximum discount if you pay for three years upfront, for example. So reserve capacity is great if you know what your actual baseline is. And then you could supplement this on demand, for example. So perhaps you always need two Web servers. But during Black Friday sales, you want a minimum of 15 or 20. So you have your two reserved instances, and then you would use on-demand instances for your Black Friday sale. Moving on to Spotlight, think of it like the stock market. There's always the spot price. The same is true with foreign currency markets. So the spot price is simply what the price is for that particular resource or stock today. So all EC-2 instances will have different spot prices. The spot prices will change depending on the region and even depending on the availability zone. And then basically, what you do is set a bid price. So how much do I want to bid for that particular EC-2 instance? Type in that particular region, in that particular availability zone, and as soon as your spot price and bid price are the same, that's when you'll be triggered into purchasing it. And then if your spot price moves above your bid price, or in other words, if the price moves above what you're willing to pay for, that EC2 instance will be terminated. So this is useful for applications that have flexible start and end times and that are only feasible at very low compute prices. And I use the example of a famous example: if you go into the spot pricing section on Amazon's website and you read through the case studies, pharmaceutical companies use this all the time to do really large-scale, high-performance high performance compute.They'll use spot prices, and what would normally cost them one or $2 million might only cost them $40,000 because it's done at a time when there's not a huge demand for compute capacity. Other use cases for users with urgent computing needs for large amounts of additional capacity So let's say an unexpected world event has just happened, like Brexit, for example. Nobody really expected Brexit to actually happen. The pounds are devalued very quickly, and a lot of financial analysts suddenly needed to figure out what this meant for their businesses, and they needed those answers really quickly in order to make decisions. So there's a perfect use case where you have an urgent computing need and need large amounts of additional capacity very quickly. You might use spot instances in that case. moving on to a dedicated host. This is useful for regulatory requirements that may not support multitenant virtualization. There are still quite a few government agencies out there that don't particularly want you to put your infrastructure on the public cloud. They are becoming less and less, especially when you consider that the US federal government uses GovCloud, which is an AWS service. Now the UK government very likely will be moving to asimilar model now that AWS has a region within the UK. By the way, I'm just speculating here; I don't know anything either way, but you'll find more and more governments are now moving on to the public cloud because, actually, security is much easier to achieve in the public cloud than doing it on-premises yourself. It's also great for licensing, which doesn't support multitenancy or cloud deployments. This can be for Microsoft licensing, SQL licensing, or Oracle licensing, for example. So if you've got a particular application that needs dedicated hardware, dedicated hosting is a great option for you. And the great thing about dedicated hosts is that you can pay on demand, so you can pay hourly and still have a physical computer that's dedicated to you. And if you purchase this as a reservation, if you reserve it for one to three years, you can get up to 70% off the on-demand price. So quickly, I'm just going to give you a quick example tip. This is on spot pricing, and this is really the main thing you're going to need to know going into the exam about the different pricing models apart from different use cases. If spot instances are terminated by Amazon, and this will happen when the spot price goes above your bid price, you will not be charged for that partial hour of usage. Okay, so let's say you bid at a dollar and suddenly the spot price goes up to a dollar and $50 and they're going to terminate that EC-2 instance, and it only happens half an hour after you first purchased it. You won't be charged at all for that hour. However, if you terminate the instance yourself because you've been using it, then you're going to be charged for any hour in which the instance ran. So it's really important to understand those two points because you are going to get scenario questions on them. They'll give you an example. They'll give you a scenario where they say you've been running it for an hour and a half hours.Are you going to be charged for 1 hour or 2 hours? And you have to decide based onthe scenario that they give you. So remember the difference between the two. Okay? So now that you understand the different pricing models that are available to us, let's look at the different EC2 instance types. So there are a whole bunch of different families. There are ten currently. There will always be more added all the time.Last year there were seven, and the different families depend on what it is you want to do with them. So D2, for example, is Dentstorage, and this is used for fileservers, data warehousing, Hadoop, et cetera. So D is for density. Two is just one generation. So there was D one s.These have been now replaced by D Two. Now, you're not going to have to remember all of these going into the exams, but it really does help if you understand the different family types, especially in the real world. But it also really helps in the system administrator associate exam, and it really helps at both the professional level and for the specialty certifications. So I'd advise trying to learn these now, and I'll show you a trick to learning them in a second, so I'll quickly cover them off. We've got D for density. We've got R. I like to remember that. as are for Ram. So these are memory-optimized, and these are basically designed for memory-intensive applications and databases. We then obtained four These are general-purpose EC 2 instances. So typically, they're used for application servers. And if you're deploying an application server and you're not really sure what the application server is going to do, this is what you default to. So this is the main choice. That's the way I remember m four.C4 is are compute optimized.So these are the CPU-intensive applications and databases. Your G class is graphics-intensive. So this is for video encoding or 3D application streaming. We then have I, which is for IOPS, and that's high-speed storage. So these are things like NoSQL databases, data warehousing, et cetera. We have one. These are brand new out of Reinvent 2016, and these are field programmable gate arrays. And this is basically where you can actually change the physical hardware underneath to suit the software that you're running on it. If you want to have some interesting reads, just Google FPGA to understand it in a lot more detail than I can explain. But just think of it as hardware acceleration for your code, so you can actually change the underlying hardware to suit your code. And they're brand new and very unlikely to appear in the exam, if I'm honest. We then have two groups. These are low-cost general-purpose BMS, and we're going to be using T and S all the time in this course. It's going to be our default one. So we're always going to be using the T-2 micro, which we will see in the very first lab coming up. And these are typically used for Web servers and small database servers. We then have P (2). P-two is for graphics and general-purpose GPUs. So Amazon says it's for machine learning and other use cases. They never say bitcoin mining on their site, but trust me, if you're going to do bitcoin mining, you probably want to have either a P-2 or a G two.And then we have X of them. So this is memory-optimized, and these are designed for things like SAP Hana or Apache. Sparks are really extreme memory optimizers. And that's the way I remember Xone: you need extreme RAM. You need extreme memory. So how are you going to remember these instant types going into the exam? Well, when there were seven of them, and this was in 2016, I told all my students to remember this image. So this is the Melbourne Cricket Ground, and it's been dug up and is filled with dirt. So we remembered it using dirt.MCG so dirty. MCG unfortunately, they've added in three new instancetypes, so it's ruined my Dirt MCG. So these are the letters we've got to make an anagram out of. So we've still got Dirt MCG, but now we've got FPX as well. So we've got three new instance types. And I put this into a Scrabbleword generator, a couple of them, actually, and I couldn't get anything halfway decent. I actually came up with one myself. And forgive me, this is quite bad, but it makes me remember it. So what I came up with was Doctor McGift. So I want you to imagine a doctor. He's a Scottish doctor, which is why his name is MC. But instead of being a doctor, McDonald, who does burgers, is Dr. McGift, who picks and gives out pictures. So the way I think of a Scottish person is that I grew up on DuckTales, where we saw the Scottish duck. He's clearly a doctor because he's got glasses on. And so Doctor McGift gives out pictures of his homeland in Scotland. So see if you can remember now what these individual letters actually stand for. Go ahead and pause the video and once you'redone, let's go ahead and have a look. So D is for density, R is for RAM, and M is the main choice for general-purpose apps. So, this is where you want performance on your application tier. So if you don't know what your application is going to be doing and you just want a general-purpose virtual machine, you're going to use M for compute and G for graphics. I is for IOPS, and F is for FPGA, which is field programmable. Gate arrays are, again, very new. T is for general-purpose purpose Compute.And we're going to be using T-two micros all the time throughout the rest of this course, so you're going to be very familiar with them. P is for graphics. So just think of Pics. And then X is for extreme memory. So things like SAP Hana need a huge amount of memory. So X is for extreme memory. And there you go, we've got Doctor McGift. If you can come up with a better anagram, let me know and I will rerecord this lecture. But for now, that's the way I'm going to remember it. Now, don't freak out. Where you're going to see this in any of the eight exams is that they're going to give you a scenario, and then they're going to ask you to choose the best instance type in which to work that scenario, and three of the instance types will be completely made up. There'll be an Y instance, for example, or a Q instance, and they just don't exist. So if you remember the acronym "Doctor McGiftpicks," you'll remember all the valid types of EC, two instances, and then you'll be able to choose which ones are actually valid. And then hopefully you'll also remember what the families do, and you'll be able to make a very informed choice. Okay, so we're going to end Part One here. So the things you've learned so far are what EC Two is. We've learnt about the four different pricing modelswe have on demand, we have Spot, wehave Reserved and we have dedicated hosts. And then we've learned about the different instance types, and we've learned that there are ten of them. And Doctor McGift Picks is the acronym that we're going to use to remember this, to go have a coffee, go have a break, see if you can remember all the different options for Doctor McGift Picks, and then come back and we'll start on lecture two. And we're going to cover the EBS volumes. So EBS volumes are just virtual discs that we attach to our EC2 Two in.So if you've got the time, join me for the next lecture. Thank you.

Go to testing centre with ease on our mind when you use Amazon AWS Certified Developer Associate vce exam dumps, practice test questions and answers. Amazon AWS Certified Developer Associate AWS Certified Developer Associate (DVA-C01) certification practice test questions and answers, study guide, exam dumps and video training course in vce format to help you study with ease. Prepare with confidence and study using Amazon AWS Certified Developer Associate exam dumps & practice test questions and answers vce from ExamCollection.