All Flashcards
IAM
Identity Access Management
Starts with a root account by default, that shouldn’t be used.
Groups: contain users, but not other groups
Users: can be part of multiple groups
Policies: can be assigned to users and groups. They define the access permission.
Password and access definition.
All sub items:
- IAM Roles
- IAM Credentials Report
- IAM Access Advisor
IAM Roles
An IAM Role have two elements:
- Policies that define their access
- Trust to define which entity it can be trusted
IAM Credentials Report
List of all users and their credentials
IAM Access Advisor
Show users permissions ad when were last accessed
IAM Best Practices
- Don’t use root account
- One physical user = one AWS user
- Create Groups
- Create Strong password policy
- Enforce MFA
- Create and use Roles
EC2
What are the 8 choices?
Elastic Compute Cloud
Service to host server instances.
Choose:
- OS,
- CPU,
- RAM,
- Storage (EBS and EFS or EC2 Istance Store)
- Network Card,
- Firewall Rules (Security Group),
- Bootstrap script (EC2 User Data)
- Instance Type
EC2 User Data
Script to run ate the boot of EC2
All Commands run as sudo
EC2 Instance Types
How are they named and which are the 4 types?
m5.2xlarge
m: the instance class
5: generation
2xlarge: size inside the class
Types:
- Compute Optimized: for compute intensive tasks
- Memory Optimized: for processing large datasets
- Storage Optimized: for storage intensive tasks: segmental read and write large datasets
- General pupose: balanced
Security Groups
Control traffic into or out of EC2 Instances
Only contain ALLOW rules
Can be attached to multiple instances
Can authorize other security groups
EC2 Instances Purchasing Options (6)
- On Demand
- EC2 Reserved Instances
- EC2 Saving Plans
- EC2 Spot Instances
- EC2 Dedicated Hosts
EC2 On Demand Instance
How is it priced?
- Pay for what you use
- High Cost
EC2 Reserved Instances
- reserve specific attributes: type, region, AZ, tenancy
- you can’t change them for the reserved time: 1 to 3 years
- there is the Convertible Reserved Instance, which you can change some attributes only, but doesn’t have much discount
EC2 Saving Plans
- commit to a base usage that will be charged (10$/ hour for 3 years)
- if the usage is passed, it will be charged as demand
- instance family and region is locked
EC2 Spot Instances
- AWS capacity that is not being used, is selled at a discount price
- you pay for the spot price that changes
- you can set a max price to pay, if the spot price goes above it, the instance will be lost
- ideal for workload resilient to failure
- cheaper option
EC2 Dedicated Hosts
- most expansive purchase option
- physical EC2 fully dedicated
- can be on demand or reserved
- allows for compliance requirements and existing serverbound software licenses
EC2 Capacity Reservations
To make sure one AZ will always have capacity for your On Demand instances, you can reserve it.
EC2 Instance Storage
What are the types (5)?
- EBS (Elastic Block Store) Volume
- AMI (Amazon Machine Image)
- EC2 Instance Store
- EFS (Elastic File System)
- Amazon FSx
EBS Volume
Elastic Block Storage
Is an EC2 Instance Storage type.
A network drive you can attach to your EC2.
Mounted to one instance at a time
Bound to the AZ
Has latency
Must provide capacity beforehand (can in increase over time)
EBS Snapshots:
- backup the volume anytime
- can transfer copy across regions and AZ
- EBS Snapshot Archive: can archive it for a discount, takes longer to restore it
- Recycle Bin: deleted snapshots are retained for specific time
AMI
Amazon Machine Image
A customized EC2 Instance.
Built for specific region (can be copied)
Can get AMI from:
- Public AMI (AWS Provided)
- Your own
- AWS Marketplace AMI (other users)
EC2 Image Builder
- a Wizard to help creating EC2 images
- can run on a schedule -> can automate creation
- FREE , only pay for the created resources
EC2 Instance Store
- better I/O performance (than network storage)
- storage is lost if stopped
- good for temporary content
- risk of data loss
- backup and recovery is user responsability
EFS
Elastic File System
- network file system
- can be mounted to hundreds of EC2
- works with Linux EC2 in multi-AZ
- highly available, scalable and expensive
- pay per use, no capacity planning
- EFS Infrequent Access (EFS-IA):
- cost optmized for files not accessed every day
- cheaper
- EDF move files automatically based on last time accessed (lifecycle policy)
- transparent to applications (no difference)
Amazon FSx
3rd party high-performance file system on AWS
Fully managed service
Amazon FSx for Windows File Server:
- built on Windows File Server
- can be accessed from AWS or on premise
Amazon FSx for Lustre (Linux + Cluster):
- high performance, scalable
- for High Performance Computing (HPC)
- up to 100sGB/s, millions of IOPS, sub-ms latency
ELB
What it does and their types (4)
Elastic Load Balancer
- Spread load across multiple instances
- Do health checks
- High availabilty
- Managed by AWS
Kinds:
- Application Load Balancer (Layer 7 - HTTP/S Routing)
- Network Load Balancer (Layer 4 - TCP/UDP Routing)
- Gateway Load Balancer (Layer 3 - IP Packets)
- Classic Load Balancer (Layer 4, 7)
ASG
What it is and the strategies
Auto Scaling Groups
Scale out and in to match load.
Strategies:
- Manual Strategy: update the size manually
- Dynamic Strategy: according to demand
- Simple/Step scaling: triggered by usage
- Target tracking scaling: keep usage at X %
- Scheduled Scaling: by time of day
- Predictive Scaling: Using ML to predict usage
S3
Overview
Have buckets defined at region level.
Bucket name must be globally unique.
Max size of object is 5TB
Has versioning
Has encryption by KMS
Can do replication:
- Cross region to decrease latency
- Same region for multiple environments (test, prod)
