Domain 3: Deployment & Operating Methods
CLF-C02 Exam Domain 3, Task 3.1 | 34% of Scored Content
Learning Objectives
By the end of this section, you will be able to:
- Define methods of deploying and operating in the AWS Cloud (Domain 3, Task 3.1)
- Understand various ways to access AWS services
- Compare one-time operations vs repeatable processes
- Identify cloud deployment models
Overview: Methods of Deploying and Operating in AWS
AWS provides multiple ways to provision, deploy, and operate resources in the cloud. Understanding these methods is crucial for choosing the right approach for your use case.
Key Decision Factors
| Factor | One-Time Operations | Repeatable Processes |
|---|---|---|
| Use Case | Quick testing, learning, small projects | Production deployments, scaling |
| Consistency | Manual configuration | Automated, consistent |
| Efficiency | Faster for simple tasks | Faster for complex deployments |
| Best Practice | For exploration only | For production workloads |
1. AWS Management Console
Overview
The AWS Management Console is a web-based user interface for managing AWS services.
Key Characteristics
| Feature | Description |
|---|---|
| Web-Based | Accessible from any browser |
| User-Friendly | Graphical interface, no coding required |
| Interactive | Click-to-configure resources |
| Best For | Learning, exploration, one-time tasks |
| Not Recommended For | Production deployments at scale |
Console Features
- Service Dashboard: Quick access to all AWS services
- Resource Search: Find resources across services
- Cost Explorer: Monitor spending
- CloudWatch: View metrics and logs
- Billing Dashboard: Track usage and costs
Advantages
- Easy to learn
- Visual feedback
- No coding required
- Great for beginners
Limitations
- Not automated
- Prone to human error
- Difficult to replicate configurations
- Not version-controlled
Use Cases
- Learning AWS services
- Quick resource exploration
- One-time configuration tasks
- Emergency manual interventions
2. Programmatic Access: AWS APIs
Overview
AWS APIs provide programmatic access to AWS services through HTTP requests.
API Types
| API Type | Description | Example |
|---|---|---|
| REST APIs | HTTP-based, stateless | GET https://ec2.amazonaws.com/ |
| Query APIs | HTTP request with query parameters | Older AWS services |
| SOAP APIs | Legacy protocol | Mostly deprecated |
API Request Components
http
POST / HTTP/1.1
Host: ec2.amazonaws.com
X-Amz-Date: 20250111T000000Z
X-Amz-Security-Token: <session-token>
Authorization: AWS4-HMAC-SHA256 Credential=<access-key>/<date>/<region>/ec2/aws4_requestAdvantages
- Full service capability
- Language-agnostic
- Direct control
- Can be automated
Limitations
- Complex authentication
- Verbose code
- Error-prone manual coding
- Requires SDK wrapper for most use cases
3. AWS SDKs (Software Development Kits)
Overview
AWS SDKs provide language-specific APIs that simplify working with AWS services.
Supported Languages
| SDK | Language | Use Cases |
|---|---|---|
| SDK for Python (Boto3) | Python | Most popular, data science, automation |
| SDK for JavaScript | Node.js, Browser | Web applications, Lambda |
| SDK for Java | Java | Enterprise applications |
| SDK for .NET | C#, F# | Windows applications |
| SDK for Go | Go | Cloud-native applications |
| SDK for Ruby | Ruby | Web applications, DevOps |
| SDK for PHP | PHP | Web applications |
| SDK for C++ | C++ | High-performance applications |
| SDK for Rust | Rust | Systems programming |
Boto3 (Python SDK) Example
python
import boto3
# Create EC2 client
ec2 = boto3.client('ec2', region_name='us-east-1')
# Launch instance
response = ec2.run_instances(
ImageId='ami-0c55b159cbfafe1f0',
InstanceType='t2.micro',
MinCount=1,
MaxCount=1
)
instance_id = response['Instances'][0]['InstanceId']
print(f"Launched instance: {instance_id}")SDK Features
| Feature | Description |
|---|---|
| Authentication | Handles credentials and signing |
| Error Handling | Structured exceptions |
| Pagination | Automatic response pagination |
| Type Hints | IDE autocomplete support |
| Documentation | Built-in docstrings |
Advantages
- Simplified API calls
- Language-native patterns
- Error handling built-in
- Widely supported
- Best practice for custom applications
Use Cases
- Custom application development
- Lambda functions
- Automation scripts
- Data processing pipelines
4. AWS CLI (Command Line Interface)
Overview
The AWS CLI provides a unified command-line interface to manage AWS services.
Installation
bash
# Using pip
pip install awscli
# Using bundled installer (Linux/macOS)
# Download from https://aws.amazon.com/cli/
# Using homebrew (macOS)
brew install awscliConfiguration
bash
aws configure
# AWS Access Key ID: YOUR_ACCESS_KEY
# AWS Secret Access Key: YOUR_SECRET_KEY
# Default region name: us-east-1
# Default output format: jsonCLI Command Structure
bash
aws <service> <sub-command> [options]Common CLI Examples
bash
# S3 Operations
aws s3 ls s3://my-bucket/
aws s3 cp file.txt s3://my-bucket/
aws s3 mb s3://my-new-bucket
# EC2 Operations
aws ec2 describe-instances
aws ec2 run-instances --image-id ami-12345 --instance-type t2.micro
aws ec2 stop-instances --instance-ids i-12345
# Lambda Operations
aws lambda list-functions
aws lambda invoke --function-name my-function response.json
# IAM Operations
aws iam list-users
aws iam create-user --user-name johnCLI Features
| Feature | Description |
|---|---|
| Unified Interface | One tool for all services |
| Scriptable | Perfect for shell scripts |
| Output Formats | JSON, text, table, YAML |
| Pagination | Auto-paginated results |
| Waiters | Poll for resource state |
| Shell Completion | Tab completion (bash/zsh) |
Advantages
- Quick commands
- Scriptable
- Consistent across services
- Easy to learn
- No compilation needed
Use Cases
- Shell scripting
- Quick administrative tasks
- CI/CD pipelines
- System administration
- Development workflow
5. Infrastructure as Code (IaC)
Overview
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure through machine-readable definition files rather than physical hardware configuration or interactive configuration tools.
Benefits of IaC
| Benefit | Description |
|---|---|
| Consistency | Same configuration every time |
| Version Control | Track changes with Git |
| Reusability | Templates across environments |
| Documentation | Code serves as documentation |
| Automation | Automated deployments |
| Disaster Recovery | Quick infrastructure rebuild |
AWS IaC Tools
| Tool | Type | Language | Best For |
|---|---|---|---|
| AWS CloudFormation | AWS-native | YAML/JSON | AWS-only deployments |
| AWS CDK | AWS-native | TypeScript, Python, Java, C#, Go | Developers familiar with programming languages |
| Terraform | Multi-cloud | HCL | Multi-cloud or hybrid deployments |
CloudFormation
Overview
AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources.
CloudFormation Concepts
| Concept | Description |
|---|---|
| Template | JSON/YAML file defining infrastructure |
| Stack | Collection of resources as a single unit |
| Change Set | Preview of changes before applying |
| StackSet | Manage stacks across multiple accounts/regions |
CloudFormation Template Example (YAML)
yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: EC2 instance with S3 bucket
Resources:
MyS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-unique-bucket-name
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-0c55b159cbfafe1f0
InstanceType: t2.micro
Tags:
- Key: Name
Value: MyCloudFormationInstance
Outputs:
BucketName:
Description: Name of the S3 bucket
Value: !Ref MyS3Bucket
InstanceId:
Description: ID of the EC2 instance
Value: !Ref MyEC2InstanceCloudFormation Features
| Feature | Description |
|---|---|
| Declarative | Declare desired state, AWS figures out how |
| Rollback | Automatic rollback on failure |
| Drift Detection | Detect manual changes |
| Nested Stacks | Modular templates |
| Macros | Custom template processing |
AWS CDK (Cloud Development Kit)
Overview
AWS CDK is an open-source software development framework to define cloud infrastructure in code.
CDK Advantages
| Advantage | Description |
|---|---|
| Programming Languages | TypeScript, Python, Java, C#, Go |
| Abstractions | Higher-level constructs (L1, L2, L3) |
| Type Safety | Compile-time checking |
| IDE Support | Autocomplete, refactoring |
| Testing | Unit test infrastructure code |
CDK Construct Levels
| Level | Description | Example |
|---|---|---|
| L1 | Direct CloudFormation mapping | CfnBucket |
| L2 | AWS-curated defaults | Bucket (with encryption, lifecycle) |
| L3 | Multi-resource patterns | FullStackRestApi |
CDK Example (TypeScript)
typescript
import * as s3 from 'aws-cdk-lib/aws-s3';
import { Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
export class MyS3Stack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
// L2 construct - AWS-curated defaults
const bucket = new s3.Bucket(this, 'MyBucket', {
versioned: true,
encryption: s3.BucketEncryption.S3_MANAGED,
lifecycleRules: [{
expiration: 30 // days
}]
});
}
}Terraform
Overview
Terraform is an open-source IaC tool by HashiCorp that works with multiple cloud providers.
Terraform Concepts
| Concept | Description |
|---|---|
| Configuration | HCL files defining infrastructure |
| State | Current state of infrastructure |
| Plan | Preview of changes |
| Apply | Execute changes |
| Provider | Plugin for cloud services |
Terraform Configuration Example
hcl
# Configure AWS provider
provider "aws" {
region = "us-east-1"
}
# Create S3 bucket
resource "aws_s3_bucket" "my_bucket" {
bucket = "my-unique-bucket-name"
tags = {
Name = "My Bucket"
Environment = "Dev"
}
}
# Create EC2 instance
resource "aws_instance" "web_server" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
tags = {
Name = "WebServer"
}
}Terraform vs CloudFormation
| Feature | Terraform | CloudFormation |
|---|---|---|
| Cloud Support | Multi-cloud | AWS only |
| Language | HCL (HashiCorp Config Language) | YAML/JSON |
| State Management | Remote state file | AWS-managed |
| Community | Large ecosystem | AWS-only |
| Cost | Free (open source) | Free (AWS service) |
6. Cloud Deployment Models
Overview
Organizations can choose different deployment models based on their requirements.
Deployment Models Comparison
| Model | Description | Example | Best For |
|---|---|---|---|
| Cloud | All resources in AWS | S3, EC2, Lambda | Startups, new applications |
| Hybrid | Cloud + on-premises | AWS + Direct Connect | Migration, data sovereignty |
| On-Premises | Private data center | AWS Outposts | Compliance, latency |
Cloud Deployment (All-in AWS)
Characteristics:
- All resources hosted in AWS
- No on-premises infrastructure
- Full cloud benefits
Use Cases:
- New applications
- Startups
- Greenfield projects
- Bursting workloads
AWS Services: All AWS services available
Hybrid Cloud
Characteristics:
- Resources split between AWS and on-premises
- Connected via dedicated network or VPN
- Gradual migration path
Use Cases:
- Data sovereignty requirements
- Gradual cloud migration
- Bursting for peak demand
- Legacy system integration
AWS Hybrid Services:
| Service | Purpose |
|---|---|
| AWS Direct Connect | Dedicated network connection |
| AWS Site-to-Site VPN | Secure VPN tunnel |
| AWS Storage Gateway | Hybrid storage integration |
| AWS Outposts | AWS infrastructure on-premises |
| AWS Snowball | Physical data transfer device |
On-Premises (Private Cloud)
Characteristics:
- Resources in your own data center
- AWS-managed on-premises hardware
- Same AWS APIs and services
Use Cases:
- Data residency requirements
- Regulatory compliance
- Ultra-low latency needs
- Local data processing
AWS On-Premises Services:
| Service | Description |
|---|---|
| AWS Outposts | Full AWS rack on-premises |
| AWS Snowball | Data transfer appliance |
| AWS Snowball Edge | Compute + storage on edge |
| AWS VMware Cloud | VMware on AWS infrastructure |
7. Choosing the Right Deployment Method
Decision Framework
┌─────────────────────────────────────────────────────────────┐
│ Choose Deployment Method │
├─────────────────────────────────────────────────────────────┤
│ │
│ One-time / Learning? │
│ ├─ Yes → Management Console │
│ └─ No → Need automation? │
│ ├─ Yes → Scripting? │
│ │ ├─ Yes → AWS CLI / SDK │
│ │ └─ No → Infrastructure as Code │
│ │ ├─ AWS-only → CloudFormation │
│ │ ├─ Developer → AWS CDK │
│ │ └─ Multi-cloud → Terraform │
│ └─ No → Manual configuration │
│ │
└─────────────────────────────────────────────────────────────┘Use Case Examples
| Scenario | Recommended Method | Rationale |
|---|---|---|
| Learning AWS | Console | Quick feedback, no coding |
| Automating backups | AWS CLI SDK | Scriptable, language-native |
| Production infrastructure | CloudFormation / CDK | Version control, reproducible |
| Multi-cloud deployment | Terraform | Provider-agnostic |
| Lambda function | SDK | Language-specific integration |
| Quick admin task | AWS CLI | One-liner commands |
| Enterprise application | AWS CDK | Abstractions, testing |
8. Best Practices for Deploying and Operating
Infrastructure as Code Best Practices
- Use Version Control: Store all IaC in Git
- Modularize: Break into reusable components
- Document: Add comments and README files
- Test: Test infrastructure code
- Review: Code review for changes
- Automate: CI/CD pipelines for deployments
- Tag Resources: Cost allocation and organization
Security Best Practices
- Least Privilege: Minimal IAM permissions
- No Secrets in Code: Use Secrets Manager / Parameter Store
- Encrypt Data: At rest and in transit
- Enable Logging: CloudTrail, CloudWatch
- Regular Audits: Review access and configurations
Operational Excellence
- Monitor: CloudWatch alarms and metrics
- Automate Recovery: Auto Scaling, health checks
- Document Runbooks: Incident response procedures
- Test Disaster Recovery: Regular drills
- Tag Everything: Resource organization
Exam Tips - Deployment Methods
High-Yield Topics
Console vs Programmatic:
- Console = Learning, one-time tasks
- Programmatic = Automation, production
SDK vs CLI:
- SDK = For applications (custom code)
- CLI = For scripting/administration
IaC Benefits:
- Consistency, version control, reusability, automation
CloudFormation:
- AWS-native, YAML/JSON templates
- Stacks, Change Sets, Rollback
- Declarative (declare desired state)
AWS CDK:
- Programming languages (TypeScript, Python, etc.)
- L1, L2, L3 constructs
- For developers, familiar patterns
Terraform:
- Multi-cloud, HCL language
- State management, Plan/Apply workflow
- Not AWS-specific
Deployment Models:
- Cloud = All AWS
- Hybrid = AWS + On-premises (Direct Connect, VPN)
- On-premises = Outposts, Snowball
Additional Resources
DigitalCloud Training Cheat Sheets
- AWS Machine Learning Services Cheat Sheet - Comprehensive AI/ML services reference for exam prep
Official AWS Documentation
- AWS Management Console
- AWS CLI Documentation
- AWS SDKs and Tools
- AWS CloudFormation
- AWS CDK Documentation
- AWS Direct Connect
- AWS Snowball
- AWS Outposts
Practice Resources
Next: Compute Services