Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Architecting on AWS > 4_EC2 > Flashcards

4_EC2 Flashcards

1
Q

EC2 - Pricing Options

  • On-Demand: allow you to pay a fixed rate by the hour (or by the second) with no commitment
  • Reserved Instances: provide you with a capacity reservation, and offer a significant discount on the hourly charge for an instance. 1 Year or 3 Years Terms. It comes with 3 different types:
    • Standard RI
    • Convertible RI: Change EC2 type
    • Scheduled RI: Specify a time schedule for the instances.
  • Spot Instances: enable you to bid whatever price you want for instance capacity, providing for even greater savings if your applications have flexible start and end times
    • If you terminate the instance, you pay for the hour
    • If AWS terminates the spot instance, you get the hour it was terminated in for free
  • Dedicated Hosts: Physical EC2 server dedicated for your use. Dedicated Hosts can help you reduce costs by allowing you to use your existing server-bound software licenses, such as MSDN subscription licenses
A

EC2 - Pricing Options

  • On-Demand: allow you to pay a fixed rate by the hour with no commitment
  • Reserved Instances: provide you with a capacity reservation, and offer a significant discount on the hourly charge for an instance. 1 Year or 3 Years Terms.
  • Spot Instances: enable you to bid whatever price you want for instance capacity, providing for even greater savings if your applications have flexible start and end times
    • If you terminate the instance, you pay for the hour
    • If AWS terminates the spot instance, you get the hour it was terminated in for free
  • Dedicated Hosts: Physical EC2 server dedicated for your use. Dedicated Hosts can help you reduce costs by allowing you to use your existing server-bound software licenses, such as MSDN subscription licenses
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

EC2 - Instance Types

FIGHT DR MC PXZ AU

  • F - FPGA
  • I - IOPS
  • G - Graphics
  • H - High Disk Throughput
  • T- Cheap general purpose (think T2 micro)
  • D - Density
  • R - RAM
  • M - Main choice for general purpose apps
  • C - Compute
  • P - Graphics (think Pics)
  • X - Extreme memory
  • Z - Extreme memory and CPU
  • A - Arm-based workload
  • U - Bare Metal
A

EC2 - Instance Types

DR MC GIFT PX

  • D for Density
  • R for RAM
  • M - main choice for general purpose apps
  • C for Compute
  • G for Graphics
  • I for IOPS
  • F for FPGA
  • T cheap general purpose (think T2 micro)
  • P - Graphics (think Pics)
  • X - Extreme memory
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

EC2 - Instance Types

A

EC2 - Instance Types

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

EC2 - Launch new instance

  • Termination protection is turned off by default, you must turn it on (flag in Instance Details: Enable termination protection)
  • On an EBS-backed instance, the default action for the root EBS volume is to be deleted when the instance is terminated (flag in Storage: Delete on Termination)
  • EBS root volume of your DEFAULT AMI’s cannot be encrypted. You can use a third party tool to encrypt the root volume or this can be done when creating AMI’s in the AWS console or using the API
  • Additional EBS volume can be encrypted
A

EC2 - Launch new instance

  • Termination protection is turned off by default, you must turn it on (flag: Enable termination protection)
  • On an EBS-backed instance, the default action for the root EBS volume is to be deleted when the instance is terminated
  • EBS root volume of your DEFAULT AMI’s cannot be encrypted. You can use a third party tool to encrypt the root volume or this can be done when creating AMI’s in the AWS console or using the API
  • Additional EBS volume can be encrypted
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Security Groups

  • Security Groups are virtual firewall
  • All Inbound Traffic is blocked by default
  • All Outbound Traffic is allowed by default
  • Changes to Security Groups take effect immediately
  • You can have any number of EC2 instances within a security group
  • You can have multiple security groups attached to EC2 instances
  • Security Groups are STATEFUL
    • If you create an inbound traffic rule allowing traffic in, that traffic is automatically allowed back out again
  • You cannot block specific IP addresses using Security Groups, instead use Network Access Control Lists
  • You can specify allow rules, but not deny rules
A

Security Groups

  • Security Groups are virtual firewall
  • All Inbound Traffic is blocked by default
  • All Outbout Traffic is allowed by default
  • Changes to Security Groups take effect immediately
  • You can have any number of EC2 instances within a security group
  • You can have multiple security groups attached to EC2 instances
  • Security Groups are STATEFUL
    • If you create an inbound traffic rule allowing traffic in, that traffic is automatically allowed back out again
  • You cannot block specific IP addresses using Security Groups, instead use Network Access Control Lists
  • You can specify allow rules, but not deny rules
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

EBS Consists of:

  • General Purpose SSD - GP2 - (Up to 10,000 IOPS)
  • Provisioned IOPS SSD - IO1 - (More than 10,000 IOPS)
  • HDD, Throughput Optimized - ST1 - frequently accessed workloads
  • HDD, Cold - SC1 - less frequently accessed data
  • HDD, Magnetic - Standard - cheap, infrequently accessed storage

You cannot mount 1 EBS volume to multiple EC2 instances, instead use EFS.

A

EBS Consists of:

  • General Purpose SSD - GP2 - (Up to 10,000 IOPS)
  • Provisioned IOPS SSD - IO1 - (More than 10,000 IOPS)
  • HDD, Throughput Optimized - ST1 - frequently accessed workloads
  • HDD, Cold - SC1 - less frequently accessed data
  • HDD, Magnetic - Standard - cheap, infrequently accessed storage

You cannot mount 1 EBS volume to multiple EC2 instances, instead use EFS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

EC2 - EBS

  • General Purpose SSD (GP2)
    • General purpose, balances both price and performance
    • Ratio of 3 IOPS per GB with up to 10,000 IOPS and the ability to burst up to 3,000 IOPS for extended periods of time for volumes under 1 GB
  • Provisionned IOPS SSD (IO1)
    • Designed for I/O intensive applications such as large relational or NoSQL databases
    • Use if you need more than 10,000 IOPS
    • Can provision up to 20,000 IOPS per volume
A

EC2 - EBS

  • General Purpose SSD (GP2)
    • General purpose, balances both price and performance
    • Ratio of 3 IOPS per GB with up to 10,000 IOPS and the ability to burst up to 3,000 IOPS for extended periods of time for volumes under 1 GB
  • Provisionned IOPS SSD (IO1)
    • Designed for I/O intensive applications such as large relational or NoSQL databases
    • Use if you need more than 10,000 IOPS
    • Can provision up to 20,000 IOPS per volume
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

EC2 - EBS

  • Throughput Optimized HDD (ST1)
    • Big Data
    • Data Warehouse
    • Log processing
    • Cannot be a boot volume
  • Cold HDD (SC1)
    • Lowest cost storage for infrequently accessed workloads
    • File server
    • Cannot be a boot volume
  • Magnetic (Standard)
    • Lowest cost per GB of all EBS volume types that is bootable. Magnetic volumes are ideal for workloads where data is accessed infrequently, and applications where the lowest storage cost is important
A

EC2 - EBS

  • Throughput Optimized HDD (ST1)
    • Big Data
    • Data Warehouse
    • Log processing
    • Cannot be a boot volume
  • Cold HDD (SC1)
    • Lowest cost storage for infrequently accessed workloads
    • File server
    • Cannot be a boot volume
  • Magnetic (Standard)
    • Lowest cost per GB of all EBS volume types that is bootable. Magnetic volumes are ideal for workloads where data is accessed infrequently, and applications where the lowest storage cost is important
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Volumes and Snapshots

  • Volumes exist on EBS
    • Volumes = Virtual Hard Disk
  • Snapshots of a Volume exists on S3
  • Snapshots are point in time copies of Volumes
  • Snapshots are incremental, this means that only blocks that have changed since your last snapshot are moved to S3
  • You can create AMI’s from both Volumes and Snapshots
  • You can change EBS volume sizes on the fly, including changing the size and storage type
  • To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot (for consistency reason)
  • However you can take a snapshot while the instance is running.
A

Volumes and Snapshots

  • Volumes exist on EBS
    • Volumes = Virtual Hard Disk
  • Snapshots of a Volume exists on S3
  • Snapshots are point in time copies of Volumes
  • Snapshots are incremental, this means that only blocks that have changed since your last snapshot are moved to S3
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

EBS Volumes in Region

Amazon EBS volumes are created in a specific AZ and can then be attached to any instances in that same AZ

  • To move an EC2 volume from one AZ to another, take a snapshot of it, create an AMI from the snapshot and use the AMI to launch the EC2 instance in a new AZ
  • To move an EC2 volume from one regio to another, take a snapshot of it, create an AMI from the snapshot and then copy the AMI from one region to the other. Then use the copied AMI to launch the new EC2 instance in the new region.
A

EBS Volumes in Region

Amazon EBS volumes are created in a specific AZ and can then be attached to any instances in that same AZ

  • To make a volume available outside of the AZ, you can create a snapshot and restore that snapshot to a new volume anywhere in that region
  • You can copy snapshots to other regions and then restore them to new volumes there
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AMI

Amazon Machine Image (AMI) provides pre-configured operation systems such as Linux and Windows.

AMI’s are regional. You can only launch an AMI from the region in which it is stored. However, you can copy AMI’s to other regions using the console, command line or the Amazon EC2 API.

You can choose an AMI from:

  • Basic Amazon Machine Image (AMI) provided by AWS
  • AWS Marketplace
  • Community AMIs
  • Create your own AMI
  • VM Import/Export
A

AMI

Amazon Machine Image (AMI) provides pre-configured operation systems such as Linux and Windows.

AMI’s are regional. You can only launch an AMI from the region in which it is stored. However, you can copy AMI’s to other regions using the console, command line or the Amazon EC2 API.

You can choose an AMI from:

  • Basic Amazon Machine Image (AMI) provided by AWS
  • AWS Marketplace
  • Community AMIs
  • Create your own AMI
  • VM Import/Export
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You can select your AMI based on:

  • Region (see Regions and Availability Zones)
  • Operating System
  • Architecture (32-bit or 64-bit)
  • Launch Permissions
  • Storage for the Root Device (Root Device Volume)
    • EBS
    • Instance Store (EPHEMERAL STORAGE)
A

Amazon Machine Image (AMI) provides pre-configured operation systems such as
Linux and Windows.

You can select your AMI based on:

  • Region (see Regions and Availability Zones)
  • Operating System
  • Architecture (32-bit or 64-bit)
  • Launch Permissions
  • Storage for the Root Device (Root Device Volume)
    • EBS
    • Instance Store (EPHEMERAL STORAGE)

AMI’s are regional. You can only launch an AMI from the region in which it is stored. However, you can copy AMI’s to other regions using the console, command line or the Amazon EC2 API.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

EBS vs Instance Store

All AMIs are categorized as either backed by Amazon EBS or backed by instance store

EBS Volumes: Network attached, persistent storage. The root device for an instance launched from the AMI is an Amazon EBS volume created from an Amazon EBS snapshot

Instance Store Volumes: Locally attached instance storage. The root device for an instance launched from the AMI is an instance store volume created from a template stored in Amazon S3

A

EBS vs Instance Store

All AMIs are categorized as either backed by Amazon EBS or backed by instance store

For EBS Volumes: The root device for an instance launched from the AMI is an Amazon EBS volume created from an Amazon EBS snapshot

For Instance Store Volumes: The root device for an instance launched from the AMI is an instance store volume created from a template stored in Amazon S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

EBS vs Instance Store

  • Instance Store Volumes are sometimes called Ephemeral Storage
  • Instance Store Volumes cannot be stopped. If the underlying host fails, you will loose your data
  • EBS backed instances can be stopped. You will not loose the data on this instance if it is stopped
  • You can reboot both, you will not loose your data
  • By default, both ROOT volumes will be deleted on termination, however with EBS volumes, you can tell AWS to keep the root device volume (uncheck “Delete on Termination” flag)
A

EBS vs Instance Store

  • Instance Store Volumes are sometimes called Ephemeral Storage
  • Instance Store Volumes cannot be stopped. If the underlying host fails, you will loose your data
  • EBS backed instances can be stopped. You will not loose the data on this instance if it is stopped
  • You can reboot both, you will not loose your data
  • By default, both ROOT volumes will be deleted on termination, however with EBS volumes, you can tell AWS to keep the root device volume (uncheck “Delete on Termination” flag)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

EBS vs Instance Store

In general, Instance Store volumes are ideal for temporary storage of information that is continually changing, such as buffers, caches, scratch data and other temporary content, or for data that is replicated across a fleet of instances. Unlike EBS volumes, Instance Store cannot be detached or attached to another instance.

A

EBS vs Instance Store

In general, Instance Store volumes are ideal for temporary storage of information that is continually changing, such as buffers, caches, scratch data and other temporary content, or for data that is replicated across a fleet of instances. Unlike EBS volumes, Instance Store cannot be detached or attached to another instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ENI vs. ENA vs. EFA [SAA-C02]

  • ENI: For basic networking. Perhaps you need a separate management network to your production network or a separate logging network and you need to do this at low cost. In this scenario use multiple ENIs for each network.
  • Enhanced Network: For when you need speeds between 10Gbps and 100Gbps. Anywhere you need reliable high throughput
  • Elastic Fabric Adaptor: For when you need to accelerate High Performance Computing (HPC) and machine learning applications or if you need to do an OS by-pass. If you see a scenario question mentioning HPC or ML and asking what network adaptor you want, choose EFA
A
17
Q

Encrypted Root Device Volumes - Snapshots

  • Snapshots of encrypted volumes are encrypted automatically
  • Volumes restored from encrypted snapshots are encrypted automatically
  • You can share snapshots, but only if they are unencrypted (the encryption key is tied to your AWS account)
    • These snapshots can be shared with other AWS accounts or made public
  • You can now encrypt root device volumes upon creation of the EC2 instance.
A

Snapshots

  • Snapshots of encrypted volumes are encrypted automatically
  • Volumes restored from encrypted snapshots are encrypted automatically
  • You can share snapshots, but only if they are unencrypted (the encryption key is tied to your AWS account)
    • These snapshots can be shared with other AWS accounts or made public
  • To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot
18
Q

Spot Instances and Spot Fleets [SAA-C02]

  • Spot Instances save up to 90% of the cost of On-Demand Instances
  • Useful for any type of computing where you dont need persistent storage
  • You can block Spot Instances from terminating by using Spot block
  • A Spot Fleet is a collection of Spot Instances and, optionally, On-Demand Instances
A
19
Q

EC2 - Hibernate [SAA-C02]

  • EC2 Hibernate preserves the in-memory RAM on persistent storage (EBS)
  • Much faster to boot up because you do not need to reload the operating system
  • Instance RAM must be less than 150Gb
  • Instance families include C3, C5, C5, M3, M4, M5, R3, R4 and R5
  • Available for Windows, Amazon Linux 2 AMI and Ubuntu
  • Instances can’t be hibernated for more than 60 days
  • Available for On-Demand instances instances and Reserved Instances
A
20
Q

CloudWatch

  • CloudWatch is used for monitoring performance
  • CloudWatch can monitor most of AWS as well as your applications that run on AWS
  • CloudWatch with EC2 can monitor events:
    • Standard Monitoring = every 5 mins
    • Detailed Monitoring = every 1 min
  • You can create CloudWatch Alarms which trigger notifications

CloudWatch VS CloudTrail

  • CloudWatch is for performance monitoring (CPU, Network, Disk, Status Check)
  • CloudTrail monitors API calls in the AWS platform.
A

CloudWatch

  • Standard Monitoring = 5 mins
  • Detailed Monitoring = 1 min
  • CloudWatch is for performance monitoring (CPU, Network, Disk, Status)
  • CloudTrail is for auditing
21
Q

What can I do with CloudWatch

  • Dashboards: Creates awesome dashboards to see what is happening with your AWS environment
  • Alarms: Allows you to set Alarms that notify you when particular threshold are hit
  • Events: CloudWatch Events helps you to respond to state changes in your AWS ressources
  • Logs: CloudWatch Logs helps you to aggregate, monitor and store logs
A

What can I do with CloudWatch

  • Dashboards: Creates awesome dashboards to see what is happening with your AWS environment
  • Alarms: Allows you to set Alarms that notify you when particular threshold are hit
  • Events: CloudWatch Events helps you to respond to state changes in your AWS ressources
  • Logs: CloudWatch Logs helps you to aggregate, monitor and store logs
22
Q

IAM Roles

  • Roles are more secure than storing your access key and secret access key on individual EC2 instances
  • Roles are easier to manage
  • Roles can be assigned to an EC2 instance after it is created, but currently only using the command line
  • Roles are universal, you can use them in any Region
A

IAM Roles

  • Roles are more secure than storing your access key and secret access key on individual EC2 instances
  • Roles are easier to manage
  • Roles can be assigned to an EC2 instance after it is created, but currently only using the command line
  • Roles are universal, you can use them in any Region
23
Q

EC2 Instance Meta-data

  • Used to get information about an instance (such as public IP)
  • Command: curl http://169.254.169.254/latest/meta-data
  • Command: curl http://169.254.169.254/latest/user-data
A

EC2 Instance Meta-data

  • Used to get information about an instance (such as public IP)
  • Not user meta data
  • Command: curl http://169.254.169.254/latest/meta-data
24
Q

EFS

Amazon Elastic File System (Amazon EFS) is a file storage service for Amazon Elastic Compute Cloud (Amazon EC2) instances. Amazon EFS is easy to use and provides a simple interface that allows you to create and configure file systems quickly and easily. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it.

A

EFS

Amazon Elastic File System (Amazon EFS) is a file storage service for Amazon Elastic Compute Cloud (Amazon EC2) instances. Amazon EFS is easy to use and provides a simple interface that allows you to create and configure file systems quickly and easily. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it.

25
Q

EFS - Features

  • Supports the Network File System version 4 (NFSv4) protocol
  • You only pay for the storage you use (no pre-provisioning required)
  • Can scale up to the petabytes
  • Can support thousands of concurrent NFS connections
  • Data is stored across multiple AZ’s within a region
  • Read after write consistency
A

EFS - Features

  • Supports the Network File System version 4 (NFSv4) protocol
  • You only pay for the storage you use (no pre-provisioning required)
  • Can scale up to the petabytes
  • Can support thousands of concurrent NFS connections
  • Data is stored across multiple AZ’s within a region
26
Q

Amazon FSx for Windows and for Lustre [SAA-C02]

  • EFS: When you need distributed, highly resilient storage for Linux instances and Linux-based applications
  • Amazon FSx for Windows: When you need centralised storage for Windows-based applications such as SharePoint, Microsoft SQL Server, Workspaces, IIS Web Server or any other native Microsoft Application
  • Amazon FSx for Lustre: When you need high-speed, high-capacity distributed storage. This will be for applications that do High Performance Compute (HPC), financial modelling etc. Remember that FSx for Lustre can store data directly on S3.
A
27
Q

EC2 - Placement Group

Three types of Placement Groups:

  • Clustered Placement Group: grouping of instances within a single AZ
    • Low Network Latency / High Network Throughput
  • Spread Placement Group: group of instances that are each placed on distinct underlying hardware
    • Individual Critical EC2 instances
  • Partitioned Placement Group: divides each group into logical segments called partitions. Each partition has its own set of racks.
    • Multiple EC2 instances (e.g. HDFS, HBase, and Cassandra clusters)
A
28
Q

EC2 - Placement Group

  • A clustered placement group can’t span mulitple Availibility Zones
  • A spread placement group and partitioned group can.
  • The name you specify for a placement group must be unique within your AWS account
  • Only certain type of instances can be launched in placement group (Compute Optimized, GPU, Memory Optimized, Storage Optimized)
  • AWS recommend homogenous instances within placement groups
  • You can’t merge placement groups
  • You can’t move an existing instance into a placement group. You can create an AMI from your existing instance, and then launch a new instance from the AMI into a placement group
A

EC2 - Placement Group

  • A placement group can’t span mulitple Availibility Zones
  • The name you specify for a placement group must be unique within your AWS account
  • Only certain type of instances can be launched in placement group (Compute Optimized, GPU, Memory Optimized, Storage Optimized)
  • AWS recommend homogenous instances within placement groups
  • You can’t merge placement groups
  • You can’t move an existing instance into a placement group. You can create an AMI from your existing instance, and then launch a new instance from the AMI into a placement group
29
Q

HPC on AWS [SAA-C02]

We cam achieve HPC on AWS through:

  • Data Transfer
    • Snowball
    • AWS DataSync to store on S3, EFS, FSx for Windows, etc.
    • Direct Connect
  • Compute and networking
    • EC2 instances that are GPU or CPU optimized
    • EC2 fleets (Spot Instances or Spot Fleets)
    • Placement groups (cluster placement groups)
    • Enhanced networking single root I/O virtualization (SR-IOV)
    • Elastic Network Adapters or Intel 82599 Virtual Function (VF) interface
    • Elastic Fabric Adapters
  • Storage
    • Instance-attached storage
      • EBS: Scale up to 64,000 IOPS with Provisioned IOPS (PIOPS)
      • Instance Store: Scale to millions of IOPS; low latency
    • Network storage
      • Amazon S3: Distributed object-based storage; not a filesystem
      • Amazon EFS: Scale IOPS based on total size, or use Provisioned IOPS
      • Amazon Fsx for Lustre: HPC-optimized distributed file system; millions of IOPS, which is also backed by S3
  • Orchestration and automation
    • AWS Batch
    • AWS ParallelCluster
A
30
Q

(ARCHIVED)

ELB - Multi-Load Balancer Pattern

  • The behavior (on the load balancer level) for mobile sites and PC sites can be different, even when using the same Amazon EC2 instance
  • Even when multiple SSLs (HTTPS) are used by the same Amazon EC2 instance, you can prepare load balancers for each SSL (ELB supports a single SSL certificate)
  • Session affinity: You bind all the transactions of a session to a specific compute ressource. This is achieved through the “sticky sessions” feature of ELB.
A

ELB - Multi-Load Balancer Pattern

  • The behavior (on the load balancer level) for mobile sites and PC sites can be different, even when using the same Amazon EC2 instance
  • Even when multiple SSLs (HTTPS) are used by the same Amazon EC2 instance, you can prepare load balancers for each SSL (ELB supports a single SSL certificate)
  • Session affinity: You bind all the transactions of a session to a specific compute ressource. This is achieved through the “sticky sessions” feature of ELB.
31
Q

(ARCHIVED)

What is Lambda?

AWS Lambda is a compute service where you can upload your code and create a Lambda function. AWS Lambda takes care of provisioning and managing the servers that you use to run the code. You don’t have to worry about operating systems, patching, scaling etc. You can use Lambda in the following ways:

  • As en event-driven compute service where AWS Lambda runs your code in response to events. These events could be changes to data in an Amazon S3 bucket or an Amazon DynamoDB table
  • As a compute service to run your code in response to HTTP requests using Amazon API Gateway or API calls made using AWS SDKs.
A

What is Lambda?

AWS Lambda is a compute service where you can upload your code and create a Lambda function. AWS Lambda takes care of provisioning and managing the servers that you use to run the code. You don’t have to worry about operating systems, patching, scaling etc. You can use Lambda in the following ways:

  • As en event-driven compute service where AWS Lambda runs your code in response to events. These events could be changes to data in an Amazon S3 bucket or an Amazon DynamoDB table
  • As a compute service to run your code in response to HTTP requests using Amazon API Gateway or API calls made using AWS SDKs.
32
Q

AWS WAF [SAA-C02]

AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront, an Application Load Balancer or API Gateway.

AWS WAF also lets you control access to your content.

Block malicious IP addresses or requests from certain country, with specific strings, with SQL code, script … using AWS WAF.

You can also block IP addresses using Network ACLs.

A

Architecting on AWS (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions