☁️ Cloud Computing Mastery

Topics Covered:

• Cloud computing concepts and benefits
• Service models: IaaS, PaaS, SaaS
• Deployment models: Public, Private, Hybrid
• Canadian data residency and privacy laws

Key Concepts - Canadian Cloud Considerations:

# Canadian Data Residency Requirements
Data_Sovereignty:
  PIPEDA_Compliance: required
  Data_Location: 
    - Canadian data centers preferred
    - Cross-border data transfer regulations
  Government_Requirements:
    - PROTECTED B classification
    - FedRAMP equivalent certifications

Toronto_Cloud_Regions:
  AWS: 
    - ca-central-1 (Canada Central)
    - us-east-1 (for redundancy)
  Azure:
    - Canada Central (Toronto)
    - Canada East (Quebec City)
  GCP:
    - northamerica-northeast1 (Montreal)
    - northamerica-northeast2 (Toronto)

Hands-on Project:

Toronto Smart City Architecture Design - Design a cloud architecture for a smart city initiative that complies with Canadian privacy laws and utilizes Toronto-based cloud regions.

Topics Covered:

• AWS Global Infrastructure and Regions
• Identity and Access Management (IAM)
• Virtual Private Cloud (VPC) and networking
• EC2, S3, RDS core services

Code Example - Launch Toronto-based EC2 Instance:

import boto3
from botocore.exceptions import ClientError

# Initialize EC2 client for Canada Central region
ec2_client = boto3.client('ec2', region_name='ca-central-1')

# Launch EC2 instance in Toronto
def launch_toronto_instance():
    try:
        response = ec2_client.run_instances(
            ImageId='ami-0c02fb55956c7d316',  # Amazon Linux 2 AMI
            MinCount=1,
            MaxCount=1,
            InstanceType='t3.micro',
            KeyName='toronto-keypair',
            SecurityGroupIds=['sg-toronto-web'],
            SubnetId='subnet-toronto-public',
            TagSpecifications=[
                {
                    'ResourceType': 'instance',
                    'Tags': [
                        {'Key': 'Name', 'Value': 'Toronto-Web-Server'},
                        {'Key': 'Environment', 'Value': 'Development'},
                        {'Key': 'Region', 'Value': 'Toronto'},
                        {'Key': 'Compliance', 'Value': 'PIPEDA'}
                    ]
                }
            ]
        )
        
        instance_id = response['Instances'][0]['InstanceId']
        print(f"Launched instance {instance_id} in Toronto region")
        return instance_id
        
    except ClientError as e:
        print(f"Error launching instance: {e}")
        return None

# Create S3 bucket for Toronto data
def create_toronto_s3_bucket():
    s3_client = boto3.client('s3', region_name='ca-central-1')
    
    bucket_name = 'toronto-tech-data-2024'
    
    try:
        s3_client.create_bucket(
            Bucket=bucket_name,
            CreateBucketConfiguration={
                'LocationConstraint': 'ca-central-1'
            }
        )
        
        # Enable encryption for Canadian compliance
        s3_client.put_bucket_encryption(
            Bucket=bucket_name,
            ServerSideEncryptionConfiguration={
                'Rules': [{
                    'ApplyServerSideEncryptionByDefault': {
                        'SSEAlgorithm': 'AES256'
                    }
                }]
            }
        )
        
        print(f"Created encrypted S3 bucket: {bucket_name}")
        
    except ClientError as e:
        print(f"Error creating bucket: {e}")

# Usage
instance_id = launch_toronto_instance()
create_toronto_s3_bucket()

Hands-on Project:

Toronto E-commerce Platform Infrastructure - Build a scalable AWS infrastructure for a Toronto-based e-commerce platform with proper security, backup, and monitoring.

Topics Covered:

• Lambda and serverless architectures
• API Gateway and microservices
• CloudFormation and infrastructure automation
• CloudWatch monitoring and logging

Code Example - Serverless Toronto Weather API:

# AWS Lambda function for Toronto weather data
import json
import boto3
import requests
from datetime import datetime

def lambda_handler(event, context):
    """
    Serverless function to fetch and process Toronto weather data
    """
    
    # Environment Canada API for Toronto weather
    weather_url = "https://api.weather.gc.ca/collections/climate-daily/items"
    toronto_station = "6158355"  # Toronto Pearson International Airport
    
    try:
        # Fetch weather data
        params = {
            'STATION_NAME': toronto_station,
            'LOCAL_DATE': datetime.now().strftime('%Y-%m-%d')
        }
        
        response = requests.get(weather_url, params=params)
        weather_data = response.json()
        
        # Process data for Toronto tech companies
        processed_data = {
            'timestamp': datetime.now().isoformat(),
            'location': 'Toronto, ON',
            'temperature': weather_data.get('MEAN_TEMPERATURE', 'N/A'),
            'conditions': weather_data.get('TOTAL_PRECIPITATION', 'N/A'),
            'data_source': 'Environment Canada',
            'compliance': 'Canadian Government Data'
        }
        
        # Store in DynamoDB
        dynamodb = boto3.resource('dynamodb', region_name='ca-central-1')
        table = dynamodb.Table('toronto-weather-data')
        
        table.put_item(Item=processed_data)
        
        # Return API response
        return {
            'statusCode': 200,
            'headers': {
                'Content-Type': 'application/json',
                'Access-Control-Allow-Origin': '*'
            },
            'body': json.dumps(processed_data)
        }
        
    except Exception as e:
        return {
            'statusCode': 500,
            'body': json.dumps({
                'error': str(e),
                'message': 'Failed to fetch Toronto weather data'
            })
        }

# CloudFormation template for the serverless API
cloudformation_template = """
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Resources:
  TorontoWeatherFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: weather/
      Handler: app.lambda_handler
      Runtime: python3.9
      Environment:
        Variables:
          REGION: ca-central-1
      Events:
        WeatherApi:
          Type: Api
          Properties:
            Path: /weather/toronto
            Method: get
            
  WeatherDataTable:
    Type: AWS::DynamoDB::Table
    Properties:
      TableName: toronto-weather-data
      BillingMode: PAY_PER_REQUEST
      AttributeDefinitions:
        - AttributeName: timestamp
          AttributeType: S
      KeySchema:
        - AttributeName: timestamp
          KeyType: HASH
"""

Hands-on Project:

Toronto Transit API Gateway - Create a serverless API that aggregates TTC real-time data, GO Transit schedules, and bike share information for Toronto commuters.

Topics Covered:

• Azure Resource Manager and subscriptions
• Virtual machines and App Services
• Azure Active Directory integration
• Government and enterprise compliance

Code Example - Deploy Toronto Government App:

# PowerShell script for Azure deployment
# Deploying a Toronto municipal application

# Connect to Azure (Canada Central region)
Connect-AzAccount
Set-AzContext -SubscriptionName "Toronto-Municipal-Subscription"

# Create Resource Group in Canada Central
$resourceGroup = "rg-toronto-municipal-app"
$location = "Canada Central"

New-AzResourceGroup -Name $resourceGroup -Location $location

# Deploy Web App for Toronto city services
$webAppName = "toronto-city-services-$(Get-Random)"
$appServicePlan = "plan-toronto-municipal"

# Create App Service Plan
New-AzAppServicePlan `
    -ResourceGroupName $resourceGroup `
    -Name $appServicePlan `
    -Location $location `
    -Tier "Standard" `
    -NumberofWorkers 2

# Create Web App with Canadian compliance settings
New-AzWebApp `
    -ResourceGroupName $resourceGroup `
    -Name $webAppName `
    -AppServicePlan $appServicePlan `
    -Location $location

# Configure for Canadian government requirements
$webApp = Get-AzWebApp -ResourceGroupName $resourceGroup -Name $webAppName

# Enable HTTPS only (required for government data)
Set-AzWebApp -ResourceGroupName $resourceGroup -Name $webAppName -HttpsOnly $true

# Configure application settings for Canadian compliance
$appSettings = @{
    "DATA_RESIDENCY" = "CANADA"
    "COMPLIANCE_LEVEL" = "PROTECTED_B"
    "ENCRYPTION_REQUIRED" = "true"
    "AUDIT_LOGGING" = "enabled"
    "PRIVACY_FRAMEWORK" = "PIPEDA"
}

Set-AzWebAppSlot -ResourceGroupName $resourceGroup -Name $webAppName -AppSettings $appSettings

Write-Output "Toronto municipal app deployed: https://$webAppName.azurewebsites.net"

Azure SQL Database for Canadian Data:

-- Create Azure SQL Database for Toronto data
-- with Canadian compliance settings

-- Create database in Canada Central region
CREATE DATABASE TorontoCityData
(
    EDITION = 'Standard',
    SERVICE_OBJECTIVE = 'S2',
    MAXSIZE = 250GB
);

-- Enable Transparent Data Encryption (required for gov data)
ALTER DATABASE TorontoCityData
SET ENCRYPTION ON;

-- Create table for Toronto citizen services
CREATE TABLE CitizenServices (
    ServiceID INT IDENTITY(1,1) PRIMARY KEY,
    CitizenID UNIQUEIDENTIFIER NOT NULL,
    ServiceType NVARCHAR(100) NOT NULL,
    RequestDate DATETIME2 DEFAULT GETDATE(),
    Status NVARCHAR(50) DEFAULT 'Pending',
    Ward INT,
    PostalCode NCHAR(7),
    PrivacyConsent BIT NOT NULL DEFAULT 0,
    DataClassification NVARCHAR(20) DEFAULT 'PROTECTED_B',
    CreatedBy NVARCHAR(100),
    LastModified DATETIME2 DEFAULT GETDATE()
);

-- Create audit table for compliance
CREATE TABLE ServiceAudit (
    AuditID INT IDENTITY(1,1) PRIMARY KEY,
    ServiceID INT NOT NULL,
    Action NVARCHAR(50) NOT NULL,
    ActionDate DATETIME2 DEFAULT GETDATE(),
    UserID NVARCHAR(100) NOT NULL,
    IPAddress NVARCHAR(45),
    ComplianceNote NVARCHAR(500)
);

-- Enable row-level security for multi-tenant data
ALTER TABLE CitizenServices ENABLE ROW LEVEL SECURITY;

Hands-on Project:

Ontario Health Data Platform - Design and deploy a secure Azure-based platform for Ontario health data that meets PHIPA requirements and integrates with existing government systems.

Topics Covered:

• GCP AI and ML services overview
• BigQuery for data analytics
• Vertex AI for machine learning
• Cloud Functions and Cloud Run

Code Example - Toronto Traffic ML Pipeline:

# GCP Vertex AI pipeline for Toronto traffic prediction
from google.cloud import aiplatform
from google.cloud import bigquery
import pandas as pd
from sklearn.ensemble import RandomForestRegressor
import joblib

# Initialize GCP clients for Toronto region
aiplatform.init(
    project='toronto-smart-city-ml',
    location='northamerica-northeast1'  # Montreal region (closest to Toronto)
)

class TorontoTrafficPredictor:
    def __init__(self):
        self.bq_client = bigquery.Client()
        self.model = None
        
    def extract_toronto_traffic_data(self):
        """
        Extract Toronto traffic data from BigQuery
        """
        query = """
        SELECT
            traffic_volume,
            hour_of_day,
            day_of_week,
            weather_condition,
            special_events,
            construction_zones,
            timestamp
        FROM `toronto-smart-city-ml.traffic.historical_data`
        WHERE location IN ('DVP', '401', 'Gardiner', 'QEW')
        AND timestamp >= TIMESTAMP_SUB(CURRENT_TIMESTAMP(), INTERVAL 1 YEAR)
        """
        
        df = self.bq_client.query(query).to_dataframe()
        return df
    
    def preprocess_data(self, df):
        """
        Preprocess Toronto traffic data for ML model
        """
        # Feature engineering for Toronto-specific patterns
        df['is_rush_hour'] = ((df['hour_of_day'].between(7, 9)) | 
                              (df['hour_of_day'].between(16, 18))).astype(int)
        
        df['is_weekend'] = (df['day_of_week'].isin([0, 6])).astype(int)
        
        # Toronto-specific events
        df['is_leafs_game'] = 0  # Would be populated from events API
        df['is_raptors_game'] = 0
        df['is_tfc_game'] = 0
        
        # Weather impact (Toronto climate considerations)
        weather_mapping = {
            'snow': 3, 'rain': 2, 'cloudy': 1, 'clear': 0
        }
        df['weather_impact'] = df['weather_condition'].map(weather_mapping)
        
        return df
    
    def train_model(self, df):
        """
        Train traffic prediction model for Toronto
        """
        features = [
            'hour_of_day', 'day_of_week', 'weather_impact',
            'construction_zones', 'is_rush_hour', 'is_weekend',
            'is_leafs_game', 'is_raptors_game', 'is_tfc_game'
        ]
        
        X = df[features]
        y = df['traffic_volume']
        
        # Train Random Forest model
        self.model = RandomForestRegressor(
            n_estimators=100,
            max_depth=10,
            random_state=42
        )
        
        self.model.fit(X, y)
        
        # Save model to GCS
        joblib.dump(self.model, 'toronto_traffic_model.pkl')
        
        return self.model
    
    def deploy_to_vertex_ai(self):
        """
        Deploy trained model to Vertex AI
        """
        # Create Vertex AI model
        model = aiplatform.Model.upload(
            display_name='toronto-traffic-predictor',
            artifact_uri='gs://toronto-ml-models/traffic-model/',
            serving_container_image_uri='gcr.io/cloud-aiplatform/prediction/sklearn-cpu.1-0:latest'
        )
        
        # Deploy to endpoint
        endpoint = model.deploy(
            machine_type='n1-standard-2',
            min_replica_count=1,
            max_replica_count=10
        )
        
        return endpoint

# Usage example
predictor = TorontoTrafficPredictor()
traffic_data = predictor.extract_toronto_traffic_data()
processed_data = predictor.preprocess_data(traffic_data)
model = predictor.train_model(processed_data)
endpoint = predictor.deploy_to_vertex_ai()

print("Toronto traffic prediction model deployed to Vertex AI")
print(f"Endpoint name: {endpoint.display_name}")

BigQuery Analytics for Toronto Data:

-- BigQuery analytics for Toronto smart city data
-- Analyzing TTC ridership patterns

WITH toronto_transit_stats AS (
  SELECT 
    DATE(timestamp) as date,
    EXTRACT(HOUR FROM timestamp) as hour,
    route_id,
    station_name,
    SUM(ridership_count) as total_riders,
    AVG(delay_minutes) as avg_delay
  FROM `toronto-smart-city.transit.ridership_data`
  WHERE DATE(timestamp) >= DATE_SUB(CURRENT_DATE(), INTERVAL 90 DAY)
  GROUP BY 1, 2, 3, 4
),

rush_hour_analysis AS (
  SELECT
    route_id,
    station_name,
    CASE 
      WHEN hour BETWEEN 7 AND 9 THEN 'Morning Rush'
      WHEN hour BETWEEN 17 AND 19 THEN 'Evening Rush'
      ELSE 'Off-Peak'
    END as time_period,
    AVG(total_riders) as avg_ridership,
    AVG(avg_delay) as avg_delay_minutes
  FROM toronto_transit_stats
  GROUP BY 1, 2, 3
)

SELECT 
  station_name,
  time_period,
  ROUND(avg_ridership, 0) as average_daily_riders,
  ROUND(avg_delay_minutes, 2) as average_delay_minutes,
  CASE 
    WHEN avg_delay_minutes > 5 THEN 'High Delay'
    WHEN avg_delay_minutes > 2 THEN 'Moderate Delay'
    ELSE 'On Time'
  END as performance_category
FROM rush_hour_analysis
WHERE station_name IN (
  'Bloor-Yonge Station',
  'Union Station',
  'King Station',
  'St. George Station',
  'Dundas West Station'
)
ORDER BY average_daily_riders DESC;

Hands-on Project:

Toronto AI-Powered Urban Planning - Build an end-to-end ML pipeline using GCP services to analyze Toronto urban data and provide insights for city planning decisions.

Topics Covered:

• Terraform fundamentals and best practices
• Multi-cloud infrastructure management
• GitOps workflows and CI/CD integration
• State management and team collaboration

Code Example - Toronto Multi-Cloud Infrastructure:

# Terraform configuration for Toronto tech startup
# Multi-cloud setup: AWS (primary), Azure (backup)

terraform {
  required_version = ">= 1.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.0"
    }
  }
  
  # Remote state in Canadian S3 bucket
  backend "s3" {
    bucket         = "toronto-tech-terraform-state"
    key            = "infrastructure/terraform.tfstate"
    region         = "ca-central-1"
    encrypt        = true
    dynamodb_table = "terraform-locks"
  }
}

# Configure AWS provider for Canada Central region
provider "aws" {
  region = "ca-central-1"
  
  default_tags {
    tags = {
      Environment   = var.environment
      Project       = "Toronto Tech Platform"
      DataResidency = "Canada"
      Compliance    = "PIPEDA"
      Team          = "Infrastructure"
    }
  }
}

# Configure Azure provider for Canada Central region
provider "azurerm" {
  features {}
  
  subscription_id = var.azure_subscription_id
}

# Variables for Toronto deployment
variable "environment" {
  description = "Environment name"
  type        = string
  default     = "production"
}

variable "toronto_vpc_cidr" {
  description = "CIDR block for Toronto VPC"
  type        = string
  default     = "10.0.0.0/16"
}

# AWS VPC for Toronto region
resource "aws_vpc" "toronto_vpc" {
  cidr_block           = var.toronto_vpc_cidr
  enable_dns_hostnames = true
  enable_dns_support   = true
  
  tags = {
    Name = "toronto-tech-vpc"
    Region = "Toronto"
  }
}

# Public subnets for Toronto AZs
resource "aws_subnet" "toronto_public" {
  count = 2
  
  vpc_id                  = aws_vpc.toronto_vpc.id
  cidr_block              = "10.0.${count.index + 1}.0/24"
  availability_zone       = data.aws_availability_zones.available.names[count.index]
  map_public_ip_on_launch = true
  
  tags = {
    Name = "toronto-public-subnet-${count.index + 1}"
    Type = "Public"
  }
}

# Security group for Toronto web applications
resource "aws_security_group" "toronto_web" {
  name_prefix = "toronto-web-"
  vpc_id      = aws_vpc.toronto_vpc.id
  
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  
  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  
  tags = {
    Name = "toronto-web-security-group"
  }
}

# Auto Scaling Group for Toronto application servers
resource "aws_launch_template" "toronto_app" {
  name_prefix   = "toronto-app-"
  image_id      = data.aws_ami.amazon_linux.id
  instance_type = "t3.medium"
  
  vpc_security_group_ids = [aws_security_group.toronto_web.id]
  
  user_data = base64encode(templatefile("${path.module}/userdata.sh", {
    environment = var.environment
    region      = "Toronto"
  }))
  
  tag_specifications {
    resource_type = "instance"
    tags = {
      Name        = "toronto-app-server"
      Environment = var.environment
    }
  }
}

resource "aws_autoscaling_group" "toronto_app" {
  name                = "toronto-app-asg"
  vpc_zone_identifier = aws_subnet.toronto_public[*].id
  target_group_arns   = [aws_lb_target_group.toronto_app.arn]
  health_check_type   = "ELB"
  
  min_size         = 2
  max_size         = 10
  desired_capacity = 3
  
  launch_template {
    id      = aws_launch_template.toronto_app.id
    version = "$Latest"
  }
  
  tag {
    key                 = "Name"
    value               = "toronto-app-asg"
    propagate_at_launch = false
  }
}

# Application Load Balancer for Toronto
resource "aws_lb" "toronto_app" {
  name               = "toronto-app-alb"
  internal           = false
  load_balancer_type = "application"
  security_groups    = [aws_security_group.toronto_web.id]
  subnets            = aws_subnet.toronto_public[*].id
  
  enable_deletion_protection = true
  
  tags = {
    Name = "toronto-app-load-balancer"
  }
}

# Azure Resource Group for backup/DR
resource "azurerm_resource_group" "toronto_backup" {
  name     = "rg-toronto-tech-backup"
  location = "Canada Central"
  
  tags = {
    Environment = var.environment
    Purpose     = "Disaster Recovery"
    DataCenter  = "Toronto"
  }
}

# Output important information
output "toronto_vpc_id" {
  description = "ID of the Toronto VPC"
  value       = aws_vpc.toronto_vpc.id
}

output "load_balancer_dns" {
  description = "DNS name of the Toronto load balancer"
  value       = aws_lb.toronto_app.dns_name
}

output "azure_backup_rg" {
  description = "Azure backup resource group"
  value       = azurerm_resource_group.toronto_backup.name
}

Hands-on Project:

Toronto Fintech Infrastructure - Design and deploy a complete multi-cloud infrastructure for a Toronto fintech startup with high availability, disaster recovery, and regulatory compliance.

Topics Covered:

• Cloud security best practices
• Canadian privacy and data protection laws
• Identity and access management
• Compliance frameworks and auditing

Canadian Compliance Framework:

{
  "canadian_compliance_requirements": {
    "data_residency": {
      "pipeda_compliance": "mandatory",
      "data_location": "Canada",
      "cross_border_transfers": "restricted",
      "consent_required": true
    },
    "government_requirements": {
      "protected_b_classification": "required_for_gov_data",
      "encryption_at_rest": "mandatory",
      "encryption_in_transit": "mandatory",
      "audit_logging": "comprehensive"
    },
    "healthcare_compliance": {
      "phipa_ontario": "applies_to_health_data",
      "phi_protection": "enhanced_security",
      "access_controls": "role_based"
    },
    "financial_services": {
      "osfi_guidelines": "federally_regulated_institutions",
      "pci_dss": "payment_card_data",
      "sox_compliance": "public_companies"
    }
  },
  
  "security_controls": {
    "network_security": {
      "vpc_isolation": "required",
      "security_groups": "least_privilege",
      "nacls": "defense_in_depth",
      "waf": "web_application_protection"
    },
    "data_protection": {
      "encryption_algorithm": "AES-256",
      "key_management": "hardware_security_modules",
      "backup_encryption": "mandatory",
      "data_classification": "automatic_tagging"
    },
    "access_management": {
      "multi_factor_auth": "mandatory",
      "privileged_access": "just_in_time",
      "session_recording": "administrative_activities",
      "regular_access_reviews": "quarterly"
    }
  }
}

Security Implementation Example:

# Python script for Canadian cloud security compliance
import boto3
import json
from datetime import datetime, timedelta

class CanadianCloudCompliance:
    def __init__(self):
        self.aws_client = boto3.client('sts')
        self.s3_client = boto3.client('s3', region_name='ca-central-1')
        self.cloudtrail_client = boto3.client('cloudtrail', region_name='ca-central-1')
        
    def ensure_canadian_data_residency(self, bucket_name):
        """Ensure S3 bucket complies with Canadian data residency"""
        try:
            # Check bucket location
            location = self.s3_client.get_bucket_location(Bucket=bucket_name)
            bucket_region = location.get('LocationConstraint', 'us-east-1')
            
            if bucket_region != 'ca-central-1':
                raise Exception(f"Bucket {bucket_name} not in Canadian region")
            
            # Verify encryption
            encryption = self.s3_client.get_bucket_encryption(Bucket=bucket_name)
            
            # Enable Canadian compliance tags
            self.s3_client.put_bucket_tagging(
                Bucket=bucket_name,
                Tagging={
                    'TagSet': [
                        {'Key': 'DataResidency', 'Value': 'Canada'},
                        {'Key': 'PIPEDACompliant', 'Value': 'true'},
                        {'Key': 'DataClassification', 'Value': 'ProtectedB'},
                        {'Key': 'ComplianceFramework', 'Value': 'Canadian'}
                    ]
                }
            )
            
            return True
            
        except Exception as e:
            print(f"Compliance check failed: {e}")
            return False
    
    def setup_audit_logging(self):
        """Setup comprehensive audit logging for Canadian compliance"""
        trail_name = 'toronto-compliance-audit-trail'
        
        # Create CloudTrail for audit logging
        try:
            self.cloudtrail_client.create_trail(
                Name=trail_name,
                S3BucketName='toronto-audit-logs-bucket',
                IncludeGlobalServiceEvents=True,
                IsMultiRegionTrail=True,
                EnableLogFileValidation=True,
                EventSelectors=[
                    {
                        'ReadWriteType': 'All',
                        'IncludeManagementEvents': True,
                        'DataResources': [
                            {
                                'Type': 'AWS::S3::Object',
                                'Values': ['arn:aws:s3:::toronto-*/*']
                            }
                        ]
                    }
                ]
            )
            
            # Start logging
            self.cloudtrail_client.start_logging(Name=trail_name)
            
            return True
            
        except Exception as e:
            print(f"Failed to setup audit logging: {e}")
            return False
    
    def generate_compliance_report(self):
        """Generate compliance report for Canadian regulations"""
        report = {
            'report_date': datetime.now().isoformat(),
            'compliance_framework': 'PIPEDA + Government of Canada',
            'region': 'Canada Central (Toronto)',
            'checks_performed': []
        }
        
        # Check data residency
        canadian_buckets = []
        try:
            response = self.s3_client.list_buckets()
            for bucket in response['Buckets']:
                bucket_name = bucket['Name']
                if self.ensure_canadian_data_residency(bucket_name):
                    canadian_buckets.append(bucket_name)
            
            report['checks_performed'].append({
                'check': 'Data Residency Verification',
                'status': 'PASS',
                'compliant_buckets': len(canadian_buckets),
                'details': f'All {len(canadian_buckets)} buckets in Canadian region'
            })
            
        except Exception as e:
            report['checks_performed'].append({
                'check': 'Data Residency Verification',
                'status': 'FAIL',
                'error': str(e)
            })
        
        return report

# Usage example
compliance = CanadianCloudCompliance()
report = compliance.generate_compliance_report()
print(json.dumps(report, indent=2))

Hands-on Project:

Toronto Healthcare Data Platform Security - Implement end-to-end security for a healthcare data platform that handles Ontario patient information with PHIPA compliance.