AWS Cloud Practitioner Exam Prep for Partners

AWS Training and Certification

Arturo Martínez | AWS Partner Trainer

rturom@amazon.com
 Course Agenda

AWS Cloud & Core Services

Welcome and Introductions
Module 1: Understanding the AWS Cloud
Module 2: Security and Compliance
Module 3: AWS Services
Module 4: Pricing, TCO and Cost Optimization
Module 5: AWS Well Architected Framework
Simulation: CCP prep question

Q&A Session
Module 6: APN Resources to Help You

2
 Welcome

• Guide for the AWS Certified Cloud Practitioner.

• Should not be taken as the sole source of study to perform the exam AWS CCP.

• Consider supporting material to further your studies.

4
.
AWS Certified Cloud Practitioner
Multiple-responses:
About the Exam What are AWS services? :

• 90 minutes ( • ) IAM
( • ) CloudFront
( ) AWS Games
• US$ 100,00 ( ) ForCloud
( ) Discovery Tiers

• Immediate Result
Multiple-Choice:
CloudFront Service Infrastructure:
• Score : 100 to 1000 (Minimum 700 PASS)
( • ) EdgeLocations
( ) Data Centers
• 65 questions ( ) AWS Transceivers
( ) Cloud Content
( ) External DNS

5
 AWS Certified Cloud Practitioner
Exam Topics

https://aws.amazon.com/certification/certified-cloud-practitioner/

6
 How to add 30min (1/2)

Non-native English speaking countries are eligible to add 30min to exam time.

Standard Time: 90min

Extended Time: 120min

 Must be done before exam scheduling.

 Auto approval process.
 1 time only.

How to do this?
Go to certification portal (aws.training/Certification)

7
 How to add 30min (2/2)

8
 AWS Certified Cloud Practitioner
Resources apn-portal.com
• AWS Training (aws.amazon.com/training)
– AWS Business Professional (Digital)
– AWS TCO and Cloud Economics (Digital)

• Whitepapers da AWS
– Overview of Amazon Web Services
– Architecting for the Cloud: AWS Best Practices
– How AWS Pricing Works
– Cost Management in the AWS Cloud
– AWS support plan comparison

9
.
AWS Certified Cloud Practitioner
To Do
• Review this material.

• Go to AWS site and read about the main services https://aws.amazon.com

• Understand Cloud AWS value proposition, principles and advantages.

• Security in the cloud: AUP, SRM, Compliance, IAM, MFA.

• Global AWS Infrastructure, multi-AZ architectures, services scope.

• Pricing models and organizational structure.

10
Module 1:
Understanding the AWS Cloud
 What is Cloud Computing

Cloud computing is the on-demand delivery of compute power, database storage,

applications, and other IT resources through a cloud services platform via the internet
with pay-as-you-go pricing.

13
 Why Customers are Moving to AWS
Trade Capital
Expense for Variable
Expense
Scale Globally

Increase Speed
& Agility
Increase
Streamline & Innovation
Enhance
Infrastructure
Decisions Accelerate Time
to Business
Reduce Value
Expenses
14
 Transitioning from a Self-Managed to a Fully Managed Service

Amazon EC2 Fully Managed

Self-Managed
Service Service

Database DB on EC2 DB on RDS

instance instance

Corporate data AWS Data AWS Data

center Center(s) Center(s)

17
 What Sets AWS Apart?

Enterprise Leadership Service Breadth and Depth Pace of Innovation Global Presence

Building and 65 Availability Zones in 21

managing the cloud Over 160+ services 1957 features in geographic regions
since 2006 2018 around the world

Amazon Culture Security Largest Partner Ecosystem Hybrid Cloud

Broadest set of hybrid

70+ proactive price #1 Priority AWS Marketplace capabilities of any
reductions and APN cloud provider

18
 AWS Global Infrastructure
21 Geographical Regions, 1 Local Region, 65 Availability Zones, 160+ PoPs

Region & Number of Availability Zones (AZs)

GovCloud (US) Europe
US-East (3), US-West (3) Frankfurt (3)
Ireland (3)
US West London (3)
Oregon (4) Paris (3)
Northern California (3) Stockholm (3)

US East Asia Pacific

N. Virginia (6), Ohio (3) Singapore (3), Sydney (3),
Tokyo (4), Osaka-Local (1)*
Canada Seoul (2), Mumbai (2)
Central (2) Hong Kong SAR (3)

South America China

São Paulo (3) Beijing (2), Ningxia (3)

Announced Regions
Four Regions and 12 AZs in Bahrain, Cape Town, Jakarta and Milan

* Available to select AWS customers who request access. Customers wishing to use the Asia Pacific (Osaka) Local Region should speak with their sales representative.
19
1
 AWS Region Design
AWS Regions are comprised of multiple AZs for high availability, high scalability, and
high fault tolerance. Applications and data are replicated in real time and consistent in
the different Azs
AWS Availability Zone (AZ)

AWS Region

Transit AZ

AZ AZ

Transit AZ

A Region is a physical location in the Availability Zones consist of one or more discrete data
world where we have multiple Availability centers, each with redundant power, networking, and
Zones. connectivity, housed in separate facilities.

20
 Amazon CloudFront
Content Delivery Network (CDN)
• Netflix

• Content close to users = less

latency

• Static content (web pages, texts,

images, movies)

Edge Location = Point of presence where the content cache is performed.

21
 AWS Platform Services
Over 160 Services

Advanced
Services
Analytics Artificial Internet of Game AWS
Intelligence Mobile Things Development Marketplace

Business Process
Services
Desktop and App Technical and
Developer Management Business Application
Streaming Business Support
Tools Tools Productivity Services

Foundational
Services
Compute Storage Databases Networking/ Hybrid Cloud Messaging
Cont. Delivery Architecture

22
 Introducing Amazon Enterprise Applications
WorkMail WorkDocs

Productivity

WorkSpaces AppStream 2.0

Desktop & Apps

Amazon Chime Amazon Connect

UC and Customer Service

23
.
Services Availability per Region

Region Table

• Take into account

the availability of
services in each
region.

• Service values
vary by region.
https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/
24
 AWS Marketplace Overview

AWS Marketplace is an
online store that supports:

0
Over 1,400 participating ISVs
1
0
190,000+ active customers
2
0
4,200+ software listings
3
0 Over 570M hours of software per
4 month

25
 AWS Hybrid Architecture Support
79%
Almost every AWS customer with on-premises
01. of existing Enterprise
infrastructure is running a hybrid architecture.
workloads run on VMware*

AWS offers seamless integration with existing on-

02. premises data centers - customers can leverage
existing investments

03. Easily run on VMWare workloads on AWS with

seamless deployment and management

AWS offers the only VMWare-delivered, sold and

04.
supported service available on a leading public cloud

* IDC Worldwide Cloud System Software 2015 Share Snapshot

26
Module 2:
Security and Compliance
 Security Is Our #1 Priority

Compliance and Security at Scale on a Single Platform

Highly Automated Highly Available Highly Accredited

24/7

28
 Customers Benefit from Advanced Security Controls

Over 50 global compliance

certifications and
accreditations
Powerful native
functionality and tools at
little or no cost
Leverage security
enhancements gleaned from
1M+ customer experiences
Security infrastructure built to
satisfy military, global banks,
and other high-sensitivity
organizations
Benefit from AWS industry
leading
security teams 24/7,
365days a year

29
 Shared Responsibility Model

30
 AWS Controls and Responsibilities

Physical and Business Continuity Management AWS Access

Environmental Security Security Security

AWS
AWS Prod
Corporate
Network
Network

Design Principles Configuration AWS Service-Specific

Security Management Security Security

New way
Old way
Code

31
 AWS Built-In Security
Security Focus
Infrastructure Security
Identity and Access Control
Monitoring and Logging
Inventory and Configuration
DDoS Mitigation
Data Encryption
32
Security Services and Features
Amazon VPC
AWS WAF
Encryption in-transit with TLS with all services
AWS Artifact
AWS Identity and Access Management (IAM)
AWS Multi-Factor Authentication
AWS Directory Service
AWS Trusted Advisor
AWS CloudTrail
Amazon CloudWatch
Amazon Macie
Amazon Inspector
AWS Config
AWS CloudFormation
AWS Shield
Auto Scaling
Amazon CloudFront
Amazon Route 53
Encryption with all AWS storage and database services
AWS KMS
AWS CloudHSM
 AWS Trusted Advisor

How it works

https://aws.amazon.com/premiumsupport/technology/trusted-advisor/
33
 AWS Organizations
Root Organization
Master
Root

Master account
BU1_Prod BU2_Prod SS_Prod
(member accounts)

Member accounts
BU1_Test BU2_Test SS_Dev
Organizational unit

BU1_Dev BU2_Dev Service control policy

34
 Introducing AWS Organizations
Policy-based Management for Multiple AWS Accounts Linked accounts are not charged but they
can still see their usage and charges by
going to their AWS Bills pages.

AWS Cost and Usage Reports are not

available to linked accounts.

AWS Cost Explorer are available to all

accounts.

SCP You can only receive billing reports in a

bucket that is owned by master account.

Control AWS services Automate Consolidate billing

for linked accounts account creation and usage reporting
Volume and Reserved Instances discounts
applied to all linked accounts in
consolidated billing.

35
 Amazon Inspector
Vulnerability Assessment Service

• On-Demand Pricing model

Inspector
• CVE & CIS Rules Packages Service

• AWS AppSec Best Practices Report Security Findings

per severity

Inspector Inspector
Agent Agent

EC2 Instance EC2 Instance

https://aws.amazon.com/inspector/
36
 AWS Shield and AWS Shield Advanced
DDoS : Distributed Denial of Service.
Botnets, massive attacks

Provides DDoS protection service

that safeguards your customers’
web applications running on AWS.
• Always-on Detection
• Defend against common attacks
• No Cost for Standard

• DDos Response Team 24x7

• DDos cost protection
• Global availability

37
 AWS Assurance Programs:
58+ Certifications

38 https://aws.amazon.com/compliance/
 On-Demand Access to Compliance Reports

Download Compliance Reports on Demand

AWS Artifact

39
 AWS Security

Security Bulletins

40
Module 3:
AWS Architecture and Services
 Mapping On-premises Services to AWS

Elastic Load
Balancing

LDAP server
AWS Directory
Service
Web Web
server server

Elastic Load
Balancing

SAN
App server App server App server
Amazon
Elastic
Block Store

DB RDS
Amazon DB RDS
Amazon Back-ups on
(Master)
(Master) (Slave)
(Standby) Backups
tapes to
Amazon S3 or
Amazon Glacier

42
 AWS Cloud Hierarchy
Global Services > Regional > VPC > AZ > Host

Route 53 – DNS
CloudFront

Buckets S3
Region
AMI Images

Instances EC2/RDS
AZ Volumes EBS
Conteiners

Host Host applications

Anti-virus, Licenses

43
 Use Multi-AZ Patterns to Increase Reliability

Web app Web server Microsoft

proxy (IIS) SQL Server
Remote
desktop Application
GW server

Public subnet Private subnet

AZ A
Corporate
services
Application 1

Web app Web server Microsoft

proxy (IIS) SQL Server
Remote
desktop Application
Corporate GW Server
network
Public subnet Private subnet
AZ B

44
 Tools for Migrations
• Server Migration
Service
VMware AWS

• Database Migration
Service
Source DB Target DB

• Secure, Fast, Offline transfer

• Snowball • Size: 50TB, 80TB, 100TB.
• Low bandwidth uplinks.
45
 AWS Compute Services
Compute Storage Networking Databases Security Management

Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail

Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer

AWS Direct VPN Amazon EC2

Amazon
Connect connection Systems Manager
Storage
Gateway

46
 AWS Compute Services
How will you deliver the application executables?
• Instances
– Amazon EC2
• Containers
– Amazon ECS, Amazon EKS
– AWS Fargate
• Serverless
– AWS Lambda

47
 Amazon EC2: Virtual servers in the cloud

Guest 1 Guest 2 Guest n

Hypervisor
Host server

Physical servers in
AWS global regions

48
 Amazon EC2
Amazon Elastic Compute Cloud (Amazon EC2)
• Virtual machine instance running on an AWS hypervisor
• Support numerous distributions of Linux or Microsoft Windows
• Complete control of your host operating system with root and administrator accounts
• Responsible for all installed applications
• Multiple types and sizes of instances
• Remote access via SSH or Remote Desktop

https://aws.amazon.com/ec2/

49
 Amazon Machine Image (AMI)
AMI Content
– Defines which OS to use (Linux, Windows)
– Public and private AMI’s
– Defined at instance launch process

EC2 AMI

50
 EC2 instance characteristics

Instance generation
CPU
Memory i3.xlarge
Storage Instance family Instance size

Network perf
Instance type

51
 Amazon EC2 - Instance Types
General Compute Storage and I/O GPU Memory
purpose optimized optimized enabled optimized

M5d C5d D2 P3 X1 & X1e

H1

I3
P2 R5 & R5d
M5 t3 C5

G2 z1d
M4 t2 C4
F1 R4

Burst CPU
52
 Broadest and deepest platform choice
Categories Capabilities Options
Choice of processor
General purpose

175
(AWS, Intel, AMD)
Burstable Fast processors
(up to 4.0 GHz) Amazon Elastic Block Store
Compute intensive
High memory footprint
Memory intensive + (up to 12 TiB) + Elastic Graphics = instance types
Storage (High I/O) Instance storage Elastic Inference for virtually
(HDD and NVMe) every workload
Dense storage
Accelerated computing and business need
GPU compute (GPUs and FPGA)
Graphics intensive Networking
(up to 100
Gbps)
Bare Metal

Size
(Nano to 32xlarge)

53
 AWS Instance Access
Amazon EC2 Instance Launch:

AWS CLI

AWS SDK

54
 AWS CLI
How to use the AWS CLI tool:

• Can be installed on : Windows, Linux, macOS, or Unix

• Requires : Python 2 version 2.6.5+ or Python 3 version 3.3+
• Easy installation method using ‘pip’

Created into an IAM user

programmatic key

IAM > Users > ‘user’ > Security Credentials > Access keys

55
 Amazon EC2 –Remote Access
At the moment of creation of the instance it is defined which key-
pair will be used to access the instance.
AWS
“A key pair consists of a public key that AWS
stores, and a private key file stored by the user.”

SSH – Command Line

TCP port 22

Private Key Public Key

RDP – Remote Desktop
Administrator TCP port 3389

56
 Auto Scaling
Automatically launch or terminate Amazon EC2 instances
• User-defined policies driven by CloudWatch
• Health status checks
• Schedules
• Manually using set-desired-capacity in the CLI

Scale out to meet demand, scale in to reduce costs.

57
 How Does Auto Scaling Work?
What Where When
Auto Scaling
AMI EC2
policy

1 2 Specifies when to increase or

3 decrease Amazon EC2
Launch Auto Scaling instances based on
configuration group CloudWatch alarms.
Auto Scaling group defines:
• Name Scheduled
• Launch configuration name
action
• Min and Max
• AZ or subnet Tells Auto Scaling to perform a
• Load balancer scaling action at a certain time
• Desired capacity
in the future (minimum,
• Etc.
maximum, and desired size for
the ASG).
58
 Auto Scaling Example
Elastic Load
Balancer

CPU Load
alarm

Auto Scaling group

Execute Auto
Scaling Policy
Auto Scaling CloudWatch
59
 Auto Scaling: Maximum Capacity Size
Auto Scaling group: CPU utilization triggers the alarm: capacity is doubled until
CPU utilization drops below 60% or max capacity is reached.
• Minimum = 2
• Maximum = 12

Auto Scaling policy:

• When CPU utilization is
greater than 60%
• Add 100% of group Auto Scaling group
= double the capacity
Availability Zone 1 Availability Zone 2

60
 Amazon Container
Elastic Container Service (ECS)
Elastic Container Service for Kubernetes (EKS)
• AWS runs the EC2 cluster management
• Eliminates the complexity of operating container infrastructure
• Microservices

61 https://aws.amazon.com/ecs/
 AWS Lambda: Serverless Compute

No servers to manage Continuous Scaling Pay only for compute time used

AWS Lambda Video https://www.youtube.com/watch?v=eOBq__h4OJ4 (3:01)

62
 AWS Lambda
Use Cases:
• Building modular, scalable, lightweight applications
• Serverless data processing on demand
• Perform data validation, filtering, sorting, or other transformations.
• Image thumb-nailing, in-app activity, website clicks, or output from devices

63 https://aws.amazon.com/lambda/
 Architecture of a simple serverless web application

users internet

S3 Bucket API
Lambda IAM DynamoDB
Gateway

JavaScript

64
 AWS Storage Services
Compute Storage Networking Databases Security Management

Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail

Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer

AWS Direct VPN Amazon EC2

Amazon
Connect connection Systems Manager
Storage
Gateway

66
 Storage Options

Amazon EC2
Amazon EFS Amazon EBS Instance Store Amazon S3 Amazon Glacier
File Block Object

Data Transfer

AWS Direct AWS S3 Transfer Storage Amazon ISV Connectors

Connect Snowball Acceleration Gateway Kinesis
Firehose
67
 What is Amazon Elastic Block Storage (EBS)?

• Block storage as a service

• Create, attach volumes through an API
EC2 • Service accessed over the network
instance • Volume and instance must be in the
same AZ
• Detach and attach between instances

EBS
Availability Zone
volume

AWS region
68
 EBS Volume Types

SSD HDD

gp2 io1 st1 sc1

General Purpose Provisioned IOPS Throughput Optimized Cold
SSD SSD HDD HDD

69
 EBS Encryption

• Boot and data volumes can be

encrypted
• Attach both encrypted and Encryption
unencrypted
• No volume performance impact
• Supported by all Amazon EBS volume
types
• Snapshots also encrypted

70
 Amazon EBS Snapshot

• Point-in-time backup

• Stored in Amazon S3 (low cost and

high durability backup of data)

Amazon EBS • Snapshots can be used to create new

volume volumes

Amazon EBS
snapshot
71
 Amazon EFS
Amazon Elastic File System
• Fully managed EC2-Inst1 EC2-Inst3
EC2-Inst2
• No hardware, network, file layer
• No need to provision storage in
advance
• Create a scalable file system in
seconds!
• Simple pricing = Pay for actual storage
consumed
• Multiple EC2 instances accessing at File System
the same time as a Service

72
 Amazon S3 – Simple Storage Service
99.999999999% durability and 99.99% availability of objects over a given year

• Storage of any type of file (objects).

• There is no limit on the number of objects or total space.

• Redundantly store your objects on multiple devices

across a minimum of 3 Availability Zones (AZs).

• Uses a bucket concept.

73
 Amazon S3 Features
S3 Features

Event Cross-region S3 Transfer VPC endpoint

notifications replication Acceleration for Amazon S3

Amazon CloudWatch Incomplete multipart

Lifecycle policy Expired object
AWS CloudTrail support upload expiration
delete marker
74
 Faster upload over long distances S3 Transfer Acceleration

Change your endpoint, not your code

No firewall changes or client software Optimized

Throughput!
Longer distance, larger files, more benefit

Faster or free S3 Bucket

AWS Edge
Location
166 global edge locations

Try it at S3speedtest.com Uploader

75
 How fast is S3 Transfer Acceleration?
S3 Transfer Acceleration Public Internet

The longer the distance,

the larger the file
 more benefit
Time [hrs.]

Try it at s3speedtest.com

1 2 3 4 5 6 7 8 9 10 11 12

500 GB upload from these edge locations to a bucket in Singapore

76
 Amazon S3 Storage Classes

Standard – One Zone – Amazon

Standard Infrequent Access Infrequent Access Glacier

Active data Infrequently accessed data Archive data

77
 Storage Tiered to Your Requirements
Durable
99.999999999%

“Hot” Data $0.023/GB per month > 0K ≥ 0 Days

Active and/or
Temporary Data Available
S3
S3: 99.99%
S3-IA: 99.9%
L
if
Performant
e Low Latency
“Warm” Data High Throughput
Infrequently
$0.0125/GB per month ≥ 128K ≥ 30 Days c
Accessed Data
$0.01/GB retrieval y Scalable
S3-IA c Elastic capacity
No preset limits
l
e
“Cold” Data $0.004/GB per month > 0K ≥ 90 Days
Archive and
Compliance Data
$0.01/GB retrieval > 5% 3 – 5 Hrs
78
Glacier
 Amazon S3 Security

• You can control access to buckets and objects with:

– Access Control Lists (ACLs)
– Bucket policies
– Identity and Access Management (IAM) policies
• You can upload or download data to Amazon S3 via SSL encrypted endpoints.
• You can encrypt data using AWS SDKs.

79
 Amazon S3 Glacier
Long term storage solution
• Long term archiving, backup
• Low cost
• Data are extracted by executing retrieval jobs

Ready to download!

 Object ID 001
 Object ID 025 ID ID
ID 150
 Object ID 150 001 025
 Object ID 400 Archive retrieval job
….
 Expedited: 1~5min
ID 400
 Standard: 3~5hs
 Bulk: 5~12hs
80
99.999999999% durability of objects over a given year
 What is AWS Storage Gateway?
Service connecting an on-premises software appliance
with cloud-based storage

Works with your existing applications

Secure and durable storage in AWS

Low-latency for frequently used data

Scalable and cost-effective on-premises storage - $125 per

gateway per month + S3/Glacier storage fees
81
 Storage Gateway VTL (Enterprise Backup Use Case)
• Replace or augment your aging tape infrastructure with durable object storage
• Virtual tapes stored in AWS. Frequently accessed data cached on-premises

Customer data center

AWS Storage
CHANGER

Gateway VM
MEDIA

VT
S
INITIATOR

Backup AWS Gateway-VTL VTS storage

DRIVE
TAPE

Server Cache Upload Storage Gateway storage backed backed by

Storage Buffer
service by Amazon S3 Amazon Glacier

82
 AWS Networking Services
Compute Storage Networking Databases Security Management

Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail

Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer

AWS Direct VPN Amazon EC2

AWS
Connect connection Systems Manager
Storage
Gateway

84
 Amazon VPC
Provision a logically isolated section of the AWS cloud
• Control your virtual networking environment
– Subnets
– Route tables
– Security groups
– Network ACLs
• Connect to your on-premises network via VPN or Direct
Connect
• Control if and how your instances access the Internet

Router Internet Customer Virtual VPN VPC

gateway gateway private connection peering
85
gateway
https://aws.amazon.com/vpc/
 VPCs as Strategy

86
 Security in Your VPC
Security groups instance instance instance instance

• Virtual Firewalls / stateful

• Network access control lists Security Security Security Security
(ACLs) group group group group

Security Group Inbound Rules Subnet Subnet

10.0.0.0/24 10.0.1.0/24
Protocol Port Range Source
Inbound
TCP 443
Rule #
<Source_IPs>
Source
Protocol
Po Allow/ Network ACL Network ACL
IP rt Deny

100 0.0.0.0/0 All All ALLOW

Route table Route table
* 0.0.0.0/0 All All DENY
VPC Router
10.0.0.0/16
Outbound
Po Allow/
Rule # Dest IP Protocol
rt Deny

100 0.0.0.0/0 all all ALLOW

VPN Gateway Internet gateway
87 * 0.0.0.0/0 all all DENY
 Amazon Virtual Private Cloud Corporate Datacenter Connectivity

88
 Amazon Elastic Load Balancing (ELB)
ELB increases application resiliency
• Automatically distributes incoming application traffic
• Health Checks for application high availability
• Integrates with other AWS services
– Route 53 Load balancer
– Internet Gateway
– Identity and Access Management Rule Listener

Target Target
Target Group Health
Check
https://aws.amazon.com/elasticloadbalancing/

89
 Application Load Balancer: How It Works
Load balancer routes request at the Application layer
(HTPP/HTTPS).

Register instances as targets in a

target group, and route traffic to a
Load balancer target group.

Rule Listener Rule Listener Rule

Target Target Target Target Target Target Target

Target Group Health Target Group /api Health Target Group /mobile Health
Check Check Check

90
 Network Load Balancer

• Register instances as targets in a target group,

and route traffic to a target group.
• Load balancer routes request at the Transport
layer (TCP).
Load balancer

Rule Listener

Target Target
Target Group Health
Check

91
 Amazon CloudFront

• Content delivery network (CDN) with optimization

• Distribute content to end users with low latency and high data transfer rates
• Broad, geographic presence beyond AWS Regions
• Accelerate data uploaded from end users
• Use cases:
– Accelerating web application performance
– Caching static web content and frequent database query results
– Offloading TLS termination

https://aws.amazon.com/cloudfront/
92
 How You Configure CloudFront to Deliver Content

Developer

2 Edge
1 3 locations
Objects/ http://d111111abcdef8.cloudfront.
data net
Web 4
distribution
Your
distribution’s
configuration

CloudFront
S3 bucket or HTTP
93
server
 Amazon Route 53

• Global Domain Name System

(DNS) service
• Highly available and scalable
– 100% availability SLA
• Critical tool integrated with
many AWS services

https://aws.amazon.com/route53/

94
 Amazon API Gateway
Serverless

• Streamline API Development

• Performance at Scale
95 • SDK Generation
 AWS Database Services
Compute Storage Networking Databases Security Management

Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail

Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer

AWS Direct VPN Amazon EC2

AWS
Connect connection Systems Manager
Storage
Gateway

97
 Amazon RDS

• Relational databases
• Fully managed and secure
• Fast, predictable performance
Amazon
• Simple and fast to scale
Aurora
Amazon
• Low cost, pay for what you use
RDS

https://aws.amazon.com/rds/
98
 Amazon RDS: Replication and Failover
RDS Multi-AZ Option – Avoid Single Point of Failure

99
 Amazon Aurora
Delivered as a managed service on top of RDS

 Speed and availability of high-end commercial databases

 Up to 64TiB of auto-scaling SSD storage

 Automatic Backup (1 – 35 days)
 Automatic Upgrade

 Drop-in compatibility with MySQL and PostgreSQL

 Simple pay as you go pricing

100
 Amazon DynamoDB
Fully managed NoSQL database
Fast, consistent performance
Highly scalable
Flexible
Event-driven programming
Fine-grained access control

101
 Amazon ElastiCache
A fully-managed in-memory data store or cache environment in
the cloud.
• Improves performance by retrieving data from high-throughput and low-latency, in-
memory data stores.
• Use Cases:
– Gaming
– Ad-Tech
– Financial Services
– Healthcare
– IoT

https://aws.amazon.com/elasticache/

102
 AWS Security Services
Compute Storage Networking Databases Security Management

Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail

Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer

AWS Direct VPN Amazon EC2

AWS
Connect connection Systems Manager
Storage
Gateway

104
 The Layered Security Approach

• Secured Infrastructure
– Secured endpoints
– Compliance alignments and
frameworks
– Certifications and attestations Instance

• VPC Firewall

– Workload isolation
Security group
• Security Group
– Port/protocol filtering Subnet
• Instance Firewall
VPC
– Rule-based protection at the OS
level
105
 AWS Identity & Access Management
A core AWS security service.

Defines administrative profiles.

Who can do what on the AWS console or by the additional management tools.

Admin Group SupportGroup Policy

"Action": [
 Mike "support:*",
 Travis Support Group "acm:DescribeCertificate",
 John "acm:GetCertificate",
 Mike "acm:List*",
"apigateway:GET",
 Sup1 "appstream:Get*",
AdministratorAccess
 Theresa "autoscaling:Describe*",
"aws-marketplace:ViewSubscriptions",
"cloudformation:Describe*",
SupportUsers ...

https://aws.amazon.com/iam/
106
 AWS Principals
Account Owner ID (Root Account)
• Access to all subscribed services.
• Access to billing.
• Access to console and APIs.
• Access to Customer Support.

IAM Users, Groups and Roles

• Access to specific services.
• Access to console and/or APIs.
• Access to Customer Support (Business and Enterprise).

Temporary Security Credentials

• Access to specific services.
• Access to console and/or APIs.

107 https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
 IAM Root Account Best Practices

• 1st account created (email + password)

• Do not use the root user for your everyday tasks

• Securely lock away the root user credentials

– Delete any programmatic keys

– Enable MFA on Root Account

– Change the Root password to a strong password

https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
108
 IAM Roles Best Practices
IAM identity that can be assumable by anyone who needs it.
Ex.: users, applications, services, federated users

Long term passwords

Long term access keys

Temporary security credentials

API Call
Apps.
Assuming IAM Role [credentials]
codes
Create, delete, change bucket

109 EC2 instance S3 bucket

 AWS Directory Service
1. Sign In to AWS Applications and
Services with AD Credentials

2. Manage Amazon EC2 Instances

3. Provide Directory Services to Your

AD-Aware Workloads

4. SSO to Office 365 and Other Cloud

Applications

5. Extend Your On-Premises AD to the

AWS Cloud

6. Share Your Directory to Seamlessly

Join Amazom EC2 Instances to a
Domain Across AWS Accounts

110
 AWS Key Management Service (AWS KMS)
Data encryption with KMS
• Managed service to use encryption keys
• Integrated with many AWS services
• Integrated with AWS CloudTrail
– provide auditable logs of key usage

111 https://aws.amazon.com/kms/
 AWS Web Application Firewall (AWS WAF)

• Protects web applications

• Filter traffic based on custom rules
• Easy to deploy as part of Amazon CloudFront or ELB
• Provides real-time metrics and detailed request data
• Configure manually or via an Amazon API
• Integrate third-party. workload-optimized, AWS WAF configuration rules
• AWS Firewall Manager synchronizes AWF WAF rules across multiple-accounts

https://aws.amazon.com/waf/
112
 AWS Shield (Standard or Advanced)

• Guards against distributed denial of service (DDoS) attacks

• AWS Shield Standard
– Addresses common layer 3-4 DDoS incidents
– Monitors network flows for quick attack detection
– Mitigates service impacts automatically
• AWS Shield Advanced
– Enhanced DDoS detection and response
– Supports customized rules against sophisticated attacks
– Includes AWS DDoS Response Team 24x7
– Covers cost of increased resource utilization due to attack

https://aws.amazon.com/shield/
113
 AWS Management Services
Compute Storage Networking Databases Security Management

Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail

Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer

AWS Direct VPN Amazon EC2

AWS
Connect connection Systems Manager
Storage
Gateway

114
 AWS CloudWatch

• Monitoring service for AWS cloud resources and applications

• Collect and track metrics, monitor log files, and set alarms
• Gain visibility into resource utilization, application performance, and
operational health
• Set alarms to send notifications or take other automated actions
• Supports custom dashboards
• Use cases:
– Cost management; billing alerts

https://aws.amazon.com/cloudwatch/

115
 AWS CloudWatch Alarms

Amazon
CloudWatch

AWS resources Amazon Amazon SNS

CPUUtilization
that support CloudWatch email
alarm notification
CloudWatch
StatusCheckFailed

PageViewCount
Available
statistics
CloudWatch Metrics
Custom Auto Scaling
Application-
Specific Metrics

AWS Statistics
Management Consumer
Console
116
 AWS CloudTrail
CloudTrail provides the event history of AWS account activity
Who did
• Permits governance, compliance, audit.
that?!
• Logs API calls.
• Security analysis.
• Tracking of resource changes.
• Problems solution.

118
 Benefits of AWS CloudFormation

• Create stacks in multiple

regions from the same
template.
• Update and delete stacks easily.
• Document your infrastructure.
• Maintain your infrastructure as
a code artifact
– Use a code repository such
as AWS CodeCommit or
GitHub
• Sample templates available for
multiple workloads.

119
 AWS Config
Managed service for tracking AWS inventory and configuration, and
configuration change notification.

AWS Config
Amazon Amazon
EC2 EBS

Amazon AWS
VPC CloudTrail

Security Audit Change

Troubleshooting Discovery
analysis compliance management

120
 AWS Backup

Centralized backup Meet business and regulatory Simple and

management service backup compliance requirements cost-effective

Common way to protect Central console and set of APIs

application data in the AWS for protecting your application
Cloud and on-premises data across AWS services

121
 AWS Backup: Features

Policy- and tag- Automated backup Automated backup Backup access

based scheduling retention policies
backup solution management

Centralized backup activity Lifecycle backups Backup encryption

monitoring and logs to cold storage (independent of source
resource)

122
Module 4:
Pricing, TCO and Cost Optimization on
AWS
 Cloud Value Framework

Cost Savings Staff Operational Business

(TCO) Productivity Resilience Agility

What is it? Infrastructure cost

savings / avoidance from
Efficiency improvement
by function on a task by
Benefit of improving
SLAs & reducing
Deploying new features /
applications faster and
moving to the Cloud. task basis. unplanned outage. reducing errors.

Examples 50%+ reduction in

TCO (GE)
Over 500 hours per year
of server configuration
Critical workloads run in
multiple AZs & Regions
Launch of new
products 75% faster
time saved (Sage) for robust DR (Expedia) (Unilever)

Typical Most Compelling

Focus Cloud Benefits

126
 TCO the way customers typically see it
illustrative
Software - OS, Virtualization Licenses
1 Server Costs Hardware – Server, (+Maintenance)
(+Maintenance)

2 Storage Costs Hardware – Storage Disks

Network Hardware – LAN Switches, Load Balancer

3 Network Costs Bandwidth costs

4 IT Labor Costs Server Admin Virtualization Admin

127
 TCO the way it really is Overhead
On-prem.
Colocation
illustrative
Hardware – Server, Rack Software - OS, Facilities Cost
1 Server Costs Chassis PDUs, ToR Switches Virtualization Licenses
(+Maintenance) (+Maintenance) Space Power Cooling

Hardware – Storage Disks, Facilities Cost

2 Storage Costs SAN/FC Switches
Software - Backup
Business Value:
Space Power Cooling

Cost of delays
Network Hardware – LAN Facilities Cost Risk premium
Software – Network
3 Network Costs Switches, Load Balancer
Monitoring Space Power Cooling
Competitive abilities
Bandwidth costs
Governance
Etc.

4 IT Labor Costs Server Admin, Virtualization Admin, Storage Admin, Network Admin, Support Team

Project planning, Advisors, Legal, Contractors, Managed Services,

5 Extras Training, Cost of capital

128
 Resources to get started

AWS TCO Calculator

https://awstcocalculator.com

AWS Economics Center

http://aws.amazon.com/economics/

Case Studies and Research

http://aws.amazon.com/solutions/case-studies

129
 Tools for Cost Visibility
Cost Explorer TAGs

• Monthly Spend by Service View • Identify and organize your AWS resources
• Monthly Spend by Linked Account View • Integrated with multi AWS Services
• Daily Spend View • EC2, RDS, S3, Glaciers, Redshift, etc...

130
 AWS Pricing Philosophy

01 02 03

Pay Only for Low Cost No Up-Front

What You Use Capital Expense

131
 Amazon EC2 Instance
General Purpose Compute Optimized Memory Optimized

Accelerated Computing Storage Optimized

R3
M4

M5 T2
M3
T3 X1
R4
C5 C3
C4
P2

132
 On-Demand and Reserved
Instance Type Benefits When to Position Workloads

On-Demand Billing by the second Customer seeking to Short-Term/Fluctuates

(new as of 10/2/17) avoid long contracts Desired to Run to
and upfront payments Completion
Modify compute Dev/Test
capacity

Standard - 50%-70% less than Customer able to Steady-state

Reserved On-Demand instances commit to 1yr, 3 year applications
Instance term

133
 Convertible Reserved Instances
Instance Type Benefits When to Position Workloads

Convertible – Reserved Reduced price during For customers lacking Steady-state but can
Instance Reserved Instance understanding of future change
term workloads
Change Reserved
Instance family, type, Example
OS, or tenancy

C3 RI C4 RI

134
 Spot Instances
Instance Type Benefits When to Position Workloads

Spot Fleet Discounts compared to When workloads can Batch processing,

Unused EC2 instance that is
available for less than the On-
Demand price.
on-demand pricing continue after Hadoop workflow, HPC
Run continuously for interruptions; for grid
a set duration at lower diversification across Encoding, rendering,
pricing multiple instance types modeling, analysis, or
and AZs continuous integration

135
.

Dedicated Instances and Dedicated Hosts

Instance Type Benefits When to Position Workloads

Dedicated Instance
Instances run on For workloads that Data isolation required
hardware dedicated to require dedicated
you only hardware to meet
unique security and
compliance needs

Customer must pay an hourly instance fee Customer must pay a dedicated per region fee

Dedicated Host Instances run on For existing server- Data isolation required
hardware dedicated to bound software License dependent
you only licenses that are bound applications or
License portability to VMs, sockets, or services
Fine grain control of physical cores
hardware

136
 Billing Comparison
N.Virginia, 30thJan2019.

Reserved

Convertible

137
 Estimating Cost Savings
Simple Monthly Calculator

138
Module 5:
AWS Well-Architected Framework
 The AWS Well-Architected Framework

Design Principles
• Stop guessing your capacity needs
• Test systems at production scale
• Automate to make architectural experimentation easier
• Allow for evolutionary architectures
• Data-Driven Architectures
• Improve through game days

140
 Pillars of AWS Well-Architected

Operational Security Reliability Performance Cost

Excellence Efficiency Optimization

141
 Operational Excellence

The ability to run and monitor systems to deliver business value and continually improve supporting
processes and procedures.

Principles
• Perform operations with code
• Align operations processes to business objectives
• Make regular, small, incremental changes
• Test for responses to unexpected events
• Learn from operational events and failures
• Keep operations procedures current
Coverage Area
• Preparation
• Operation
• Response

142
 Operational Excellence: AWS Services

Prepare
• AWS Config rules
Operate
• Amazon CloudWatch
Evolve
• Amazon ElastiSearch Services (Amazon ES)

143
 Applying Operational Excellence
Availability Zone A
Public Web Tier App Tier Data Tier 2. Use of CodeStar
1. Use of Subnet (Private (Private
Subnet) Subnet)
Amazon to deploy
CloudWatch to users
x.x.x.x/x
Aurora
x.x.x.x/x x.x.x.x/x Infrastructure as
achieve visibility Example
Services: Code
in the cloud RDGW
NAT Reserved Reserved
ISD/WAF

On-Demand On-Demand

replication
Auto Auto
Scaling Scaling
Group Group

internet Data Tier

Public Web Tier App Tier
Subnet (Private (Private Amazon
x.x.x.x/x Subnet) Subnet)
x.x.x.x/x x.x.x.x/x Aurora
Example
Services:
RDGW
Reserved Reserved
NAT
IDS/WAF
admin
Web App DB
On-Demand Security On-Demand Security Security
Group Group Group

Availability Zone B

144
 Security

The ability to protect information, systems, and assets while delivering business value through risk
assessments and mitigation strategies.
Principles
• Apply security at all layers
• Enable traceability
• Implement a principle of least privilege
• Focus on securing your system
• Automate security best practices
Coverage Areas
• Identity and access management
• Detective controls
• Infrastructure protection
• Data protection
• Incident response
145
 Security: AWS Services

Identity and Access Management

• IAM, MFA
Detective Controls
• Cloud Trail, AWS Config, CloudWatch
Infrastructure Protection
• Amazon VPC
Data Protection
• ELB, Amazon EBS, Amazon S3, Amazon RDS, Amazon Macie, AWS KMS,
Incident Response
• AWS CloudFormation

146
 Applying Security Best Practices
Security
3. The use of CloudTrail
1. Public and private Availability Zone A
and Config to maintain
subnets
Public Web Tier App Tier Data Tier a known infrastructure
• ELB and other edge Subnet (Private (Private Amazon
x.x.x.x/x Subnet) Subnet) state
devices are the only users x.x.x.x/x x.x.x.x/x Aurora
things the public can Example
Services:
reach RDGW
• The application of NAT
ISD/WAF
Reserved Reserved

WAF, and Shield at

the edge to control On-Demand On-Demand
4. Using IAM to create
traffic

replication
Auto Auto roles that ensure that
Scaling Scaling
Group Group only the App tier can
talk to the database
internet
Public Web Tier App Tier Data Tier
Subnet (Private (Private Amazon
x.x.x.x/x Subnet) Subnet)
x.x.x.x/x x.x.x.x/x Aurora
Example
Services:
RDGW
Reserved Reserved
NAT
IDS/WAF
admin
Web App DB
On-Demand Security On-Demand Security Security
Group Group Group
2. The use of IAM (Dive
deep – Understand the Availability Zone B
roles and users.)

147 AWS
CloudFormation
 Reliability

The ability of a system to recover from infrastructure or service failures, dynamically acquire
computing resources to meet demand, and mitigate disruptions such as misconfigurations or
transient network issues.

Principles
• Test recovery procedures
• Automatically recover from failure
• Scale horizontally to increase aggregate system availability
• Stop guessing capacity
• Manage change in automation
Coverage Areas
• Foundations
• Change Management
• Failure Management

148
 Reliability: AWS Services

Foundations
• AWS Trusted Advisor , IAM, Amazon VPC, DirectConnect
Change Management
• AWS CloudTrail, AWS Config, Auto Scaling, CloudWatch
Failure Management
• AWS CloudFormation, Amazon S3, Amazon Glacier, AWS KMS

149
 Applying Reliability
Reliability
Availability Zone A 3. Scalable ELB
Public Web Tier App Tier Data Tier instances
Subnet (Private (Private Amazon • Independent
x.x.x.x/x Subnet) Subnet)
users x.x.x.x/x x.x.x.x/x RDS resource scalability.
Example
Services:
• Independent service
1. Multi-AZ
RDGW recovery – when
NAT
ISD/WAF used with auto-
scaling
2. Database • This will be relevant

replication
replication when we talk about
between the “Performance
two AZs Efficiency” as well.
internet
Public Web Tier App Tier Data Tier
Subnet (Private (Private Amazon
x.x.x.x/x Subnet) Subnet)
x.x.x.x/x x.x.x.x/x RDS
Example
Services:
RDGW
NAT
IDS/WAF
admin

Availability Zone B

150
 Performance Efficiency

The ability to use computing resources efficiently to meet system requirements, and to
maintain that efficiency as demand changes and technologies evolve.

Principles
• Democratize advanced technologies
• Go global in minutes
• Use serverless architectures
• Experiment more often
• Mechanical sympathy
Coverage Areas
• Selection
• Review
• Tradeoffs

151
 Performance Efficiency: AWS Services

Selection
• Compute: Auto Scaling
• Storage: Amazon EBS, Amazon S3
• Database: Amazon RDS, Amazon DynamoDB
• Network: Amazon Route 53, Amazon VPC, AWS Direct Connect
Review
• AWS Blog
Monitoring
• Amazon CloudWatch, AWS Lambda
Tradeoffs
• Amazon ElastiCache, Amazon CloudFront, AWS Snowball, Read replicas for RDS

152
 Applying Performance Efficiency
Availability Zone A
Public Web Tier App Tier Data Tier
Subnet (Private (Private Amazon
x.x.x.x/x Subnet) Subnet)
users x.x.x.x/x x.x.x.x/x Aurora
Example
Services:
RDGW
NAT
ISD/WAF

2. CloudFormation

replication
Auto Auto
Scaling Scaling as a tool to
1. Auto Scaling Group Group
facilitate
groups repeatability and
internet
Web Tier App Tier Data Tier
Public
(Private (Private
global
Subnet Amazon
x.x.x.x/x Subnet)
x.x.x.x/x
Subnet)
x.x.x.x/x Aurora deployment
Example
Services:
RDGW
NAT
IDS/WAF
admin

Availability Zone B

153 AWS
CloudFormation
 Cost Optimization
The ability to avoid or eliminate unneeded cost or suboptimal resources

Principles
• Adopt a consumption model
• Benefit from economies of scale
• Stop spending money on data center operations
• Analyze and attribute expenditure
• Use managed services to reduce cost of ownership
Coverage Areas
• Cost-Effective Resources
• Matching Supply and Demand
• Expenditure Awareness
• Optimizing Over Time

154
 Cost Optimization: AWS Services

Cost-Effective Resources
• AWS Well-Architected Framework
Matching Supply and Demand
• Auto Scaling
Expenditure Awareness
• Amazon CloudWatch, Amazon Simple Notification Services (SNS)
Optimizing Over Time
• AWS Blogs, AWS Trusted Advisor, AWS Cost Explorer

155
 Applying Cost Optimization
Availability Zone A
Public Web Tier App Tier Data Tier
Subnet (Private (Private Amazon
x.x.x.x/x Subnet) Subnet)
users x.x.x.x/x x.x.x.x/x Aurora
Example
Services:
RDGW
NAT Reserved Reserved
ISD/WAF

On-Demand On-Demand
2. The use of

replication
Auto Auto
1. combination of Scaling Scaling Aurora as the
reserved and Group Group
relational
on-demand database layer
internet
instances Public Web Tier App Tier Data Tier
Subnet (Private (Private Amazon
x.x.x.x/x Subnet) Subnet)
x.x.x.x/x x.x.x.x/x Aurora
Example
Services:
RDGW
Reserved Reserved
NAT
IDS/WAF
admin
On-Demand On-Demand

Availability Zone B

156 AWS
CloudFormation
 Value Proposition
Help Customers:
• Consistent approach to reviewing architectures
• Understand and reduce risk in your architecture
• Learn best practices
• Influence future architectures
• Generate additional opportunities

157
Simulation: CPC Prep Test and Discussion
Module 6:
APN Resources to Help You
 APN Program Resources
Monthly Partner-Facing
APN Program Guide APN Personnel Resources
Webinars

Benefits and
Requirements

Training and
Certification APN Blog, Newsletter,
Twitter

APN Portal

Marketing

https://partnercentral.awspartner.com
APN Partner
I
Programs

160
 APN How-To Guides and AWS Events

Sponsorship
AWS How-To Guides AWS Events
Opportunities

Building Your Business AWS Global Summits: AWS Field Programs

With AWS one-day events Free half-day events

500-6,000
50-500

APN Partner Development AWS re-Invent:

Plan four-day events

+50,000

161
 Partner Training
AWS Digital Learning Platform

https://www.aws.training/
Workshops and Bootcamps Videos, Labs, and Classes

Specialty Courses for APN Partners With Business and Technical Tracks

Accreditations Business Track Technical Track

AWS Business Professional AWS Technical Professional

AWS TCO and Cloud Economics AWS TCO and Cloud
AWS Foundations Business Economics
AWS Foundations Technical
Big Data and Analytics on AWS
Well-Architected Framework
Windows on AWS
Windows on AWS
Migration to AWS
Migration to AWS
SAP on AWS
SAP on AWS
Amazon Connect
Amazon Connect
Machine Learning on AWS
Professional Services BootCamp
Introduction to Cloud Adoption
Machine Learning on AWS
Framework

162 https://partnercentral.awspartner.com
 AWS Certification

https://youtu.be/WqUQNp1hAH8

163
 Linking a Partner Account to a Certification Account
Problem: Partners not be credited for employee certifications.

Solution: fill in a new field called "AWS Training and Certification Account Email"

New user registration Existing user update

164
 Class Evaluation and Assessment

Please look for the email link to take the THANK

class evaluation survey.
YOU!

165