AWS for System Administrators : Build, Automate, and Operate Scalable Cloud Infrastructure on AWS.

Format:

Book

Author/Creator:

Neidinger, Marcel.

Contributor:

Lakhera, Prashant.

Language:

English

Subjects (All):

Amazon Web Services (Firm).

Cloud computing.

Web services.

Physical Description:

1 online resource (427 pages)

Edition:

1st ed.

Place of Publication:

Birmingham : Packt Publishing, Limited, 2025.

Summary:

Build and manage AWS infrastructure using Terraform, AWS CLI, Boto3, and the AWS CDK to automate deployments, enhance reliability, and operate scalable cloud environments Key Features Use a hands-on approach that mirrors real AWS operations with end-to-end examples Use scripting and IaC to handle tasks like infrastructure deployment, credential rotation, backups, and resource cleanup Manage complex environments with reusable code, policy enforcement, and multi-account best practices Purchase of the print or Kindle book includes a free PDF eBook Book Description System administrators adopting AWS often struggle with automation, scalability, and multi-account management. Originally authored by Prashant Lakhera and now thoroughly updated by Senior Solutions Architect Marcel Neidinger, this second edition is your scenario-driven, hands-on guide to efficiently deploying and managing cloud infrastructure using Infrastructure as Code (IaC). This updated edition features new topics like chaos engineering with AWS Fault Injection Simulator, multi-account CI/CD deployments, reusable IaC patterns, and cloud compliance using AWS Config and service control policies--all to help you build modern cloud architectures. You'll set up AWS CLI, Terraform, and CDK to automate deployments, as well as explore cloud networking with VPCs, EC2, and Transit Gateway, followed by auto-scaling and load balancing strategies. The chapters highlight AWS Secrets Manager for securely storing and accessing your secrets, along with CloudWatch for monitoring and observability in the cloud. You'll implement centralized logging and develop backup and disaster recovery strategies. The book guides you through the processes and best practices for setting up a multi-account environment, with real-world scenarios for optimizing costs and ensuring high availability. By the end of this book, you'll have the skills to efficiently deploy, manage, and optimize AWS infrastructure at scale. What you will learn Design and deploy networks in the cloud with VPCs and deploy instances with EC2 Implement auto-scaling and load balancing to optimize application performance Deploy relational databases with Amazon RDS Secure credentials using AWS Secrets Manager Monitor AWS resources using CloudWatch and SNS Test infrastructure resiliency using AWS Fault Injection Simulator Automate backups and implement disaster recovery strategies Set up and manage multiple AWS accounts using AWS Organizations Who this book is for This book is designed for system administrators, DevOps engineers, and IT professionals who want to effectively manage and automate AWS environments. A basic understanding of cloud computing, the Linux operating system, and networking concepts is recommended.

Contents:

Cover

FM

Copyright

Dedication

Contributors

Table of Contents

Preface

Part 1: AWS Services and Tools

Chapter 1: Setting Up the AWS Environment

Technical requirements

Setting up the environment

Installing the AWS CLI

Understanding the structure of AWS CLI commands

Introducing the Boto3 SDK for Python

Installing Boto3

The difference between clients and resources

What is CloudFormation?

Writing your first CloudFormation template

Deploying the template

Exploring the AWS CDK

Installing the AWS CDK

Writing and deploying your first CDK project

What is a construct in the CDK?

Introducing Terraform

Installing Terraform

Creating resources in Terraform

Summary

Chapter 2: Protecting Your AWS Account Using IAM

What is AWS IAM?

What are IAM users?

Types of AWS services and its global infrastructure

Creating a new IAM user using the AWS CLI

What are ARNs?

IAM groups

Understanding IAM policies

Structure of IAM policies

Introduction to AWS managed policies

IAM policy evaluation

Creating an IAM policy using the AWS CLI

Rewriting our policy as least privilege

Introduction to IAM roles

Creating an IAM role with Terraform

Short introduction to AWS STS

Rotating IAM credentials using Boto3

Part 2: Building Infrastructure

Chapter 3: Creating a Data Center in the Cloud Using a VPC

A VPC and its components

Creating a VPC using the AWS console

Creating subnets in our VPC

Creating an IGW in our VPC

Creating a route table

Exploring network access control lists

Creating a second VPC using CloudFormation

Setting up the VPC and subnets

Creating an IGW, route table, and subnet association

Interconnecting VPCs via peering and Transit Gateway.

Creating a peering between two VPCs

What is AWS Transit Gateway?

Programmatically verifying that VPC flow logs are enabled

Join the CloudPro Newsletter with 44000+ Subscribers

Chapter 4: Scalable Compute Capacity in the Cloud via EC2

Setting up EC2 instances

A few EC2 concepts

Using the AWS Console to create an EC2 instance

Using CloudFormation to create an EC2 instance

Creating a cost alert using budgets

Automatically shutting down instances

Identifying unattached EBS Volumes with boto3

Part 3: Scalability and Elasticity of our Cloud Infrastructure

Chapter 5: Increasing Application Fault Tolerance and Efficiency with Elastic Load Balancing

Understanding Elastic Load Balancing

What load balancer should I use?

Setting up our environment

Setting up the ALB

Handling HTTPS traffic with our ALB

Setting up a custom domain name for our ALB

Requesting a new TLS certificate for our ALB

Adding an HTTPS listener

Deploying an NLB in front of an ALB

Chapter 6: Increasing Application Performance Using AWS Auto Scaling

When should we use auto scaling?

Creating a launch template

Creating a launch template in the AWS console

Creating an ASG in the AWS console

Exploring scaling policies

Creating ASGs in Terraform

Chapter 7: Scaling a Relational Database in the Cloud Using Amazon Relational Database Service (RDS)

What is Amazon RDS?

Creating a PostgreSQL database in the AWS Management Console

Deleting a database in RDS

Deploying an RDS instance with Terraform

Chapter 8: Managing Secrets and Encryption Keys with AWS Secrets Manager and KMS.

Technical requirements

Storing secrets with AWS Secrets Manager

What is AWS Secrets Manager?

Creating secrets in the CDK

Creating secrets in Terraform

Accessing secrets from an AWS Lambda function using Boto3

Integrating Amazon RDS with AWS Secrets Manager to rotate database credentials

Handling encryption keys with AWS KMS

What is KMS?

Changing an S3 bucket to use a CMK

Part 4: Monitoring, Metrics, and the Backup Layer

Chapter 9: Centralized Logging and Monitoring with Amazon CloudWatch

An introduction to CloudWatch for metrics

Why do we need log management?

An introduction to CloudWatch for logs

Creating a log group in CloudWatch

Monitoring custom metrics and sending log files using CloudWatch Agent

Introduction to SNS

Creating a CloudWatch metric alert that pushes a notification to SNS

Sending SNS notifications to Slack

Chapter 10: Centralizing Cloud Backup Solutions

Backups in AWS

Creating backups with AWS Backup

Automating the creation of backups with Terraform and tags

S3 life cycle policies to transition data into S3 Glacier

S3 storage classes

Exploring bunker accounts for backups

Chapter 11: Disaster Recovery Options with AWS

Defining our disaster recovery strategy

RPO and RTO - the key metrics for DR

RPO

RTO

An introduction to disaster recovery strategies

Backup and restore DR strategy

Pilot Light

Warm standby

Multi-site active/active

Chapter 12: Testing the Resilience of Your Infrastructure and Architecture with AWS Fault Injection Service

Introduction to chaos engineering and chaos experiments

AWS FIS for chaos experiments.

Summary

Part 5: Deployments at Scale

Chapter 13: Deploying Infrastructure Using CI/CD Pipelines

A short introduction to CI/CD

Automated deployment with Terraform and AWS CodeBuild

Connecting your GitHub account

Setting up a Terraform backend

Deploying your code

Chapter 14: Building Reusable Infrastructure-as-Code Components

An introduction to reusable components

Building reusable components in Terraform

Building reusable components in CDK

Chapter 15: Ensuring Compliance Using AWS Config and SCPs

An introduction to SCPs

Setting up an AWS organization

Using AWS Config to detect non-compliant resources

Chapter 16: Operating in a Multi-Account Environment

Designing AWS organizations

Creating an OU in Terraform

Including a previously created OU in Terraform

Attaching an SCP to an OU with Terraform

Adding the exceptions OU

Sharing resources within an organization using Resource Access Manager

Enabling organizational resource sharing in RAM

Sharing subnets in our VPC via Terraform

Enabling resource sharing inside organizations

Sharing resources with Terraform

Cross-account sharing for use cases with small amounts of AWS accounts

Chapter 17: End-to-End Deployment of an Application

What we will build in this chapter

Implementing Single Sign-On (SSO) with AWS Identity Center

Setting up the pipeline

Stay Sharp in Cloud and DevOps - Join 44,000+ Subscribers of CloudPro

Index

Other Books You May Enjoy.

Notes:

Description based on publisher supplied metadata and other sources.

ISBN:

1-83546-955-8

OCLC:

1521344745