All Section Flashcards

1
Q

Regions

A

22 so far, cluster of data centers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Availability Zones

A

At least 2 per region; has at least 1 data center in it; creates no single point of failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

country-region-region number followed by availability zone

A

AZ naming scheme

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Edge Locations

A

AWS endpoints; consists of CloudFront, Content Delivery Network (CDN), and Route 53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Capital Expenditure

A

upfront investments to obtain fixed asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

operating expenditure

A

day to day expenses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AWS Cost Explorer

A
  • A tool that enables you to visualize, understand, and manage your AWS costs and usage over time
  • breakdown by service or cost tag
  • predictions for next three months
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AWS Budgets

A
  • gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount
  • play and track usage by service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AWS TCO Calculator

A
  • Total Cost Ownership
  • calculator for savings from data center to cloud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Resource tags

A

meta data to group projects when calculating costs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AWS Organizations

A
  • An account management service that enables you to consolidate multiple AWS accounts
  • multiple accounts under master for Consolidated Billing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AWS Pricing Calculator

A
  • lets you explore AWS services, and create an estimate for the cost of your use cases on AWS.
  • deprecated version known as Simple Monthly Calculator
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AWS Support

A
  • Has 2 services: AWS Personal Health Dashboard & AWS Trusted Advisor
  • resource support
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AWS Personal Health Dashboard

A
  • service that provides alerts and remediation for impacting events
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

AWS Trusted Advisor

A
  • service that compares usage against best practice; 7 core checks
  • provides personalized recommendations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Trusted Advisor checks

A

5 checks:
- cost optimization
- performance
- security
- fault tolerance
- service limits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Basic, Developer, Business, Enterprise

A

4 tiers of support

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Support differences

A
  • Communication method
  • Response time
  • Cost
  • Type of guidance offered
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Basic Support

A
  • Support plan with 7 trusted advisor checks, personal health dashboard, docs/support forms
  • NO support engineers
  • Free
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Developer Support

A
  • support plan that includes all in basic support
  • 1 primary contact
  • business hour email access to support engineers
  • starts at $29/mo
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Business Support

A
  • support plan that includes all in basic and developer
  • Full Trusted Advisor Checks
  • 24/7 phone, email, chat access
  • unlimited contacts
  • third part software support
  • starts at $100/mo
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Enterprise Support

A
  • support plan that includes all in basic, developer, and business
  • designed Technical Account Manager (TAM)
  • concierge support team
  • starts at $15k/mo
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Response Times for Developer Plan

A
  • General Guidance: 24 business hours
  • System Impaired: 12 business hours
  • Prod System Impaired: NA
  • Prod System Down: NA
  • Business Critical System Down: NA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Response Times for Business Plan

A
  • General Guidance: 24 total hours
  • System Impaired: 12 total hours
  • Prod System Impaired: 4 hours
  • Prod System Down: 1 hour
  • Business Critical System Down: NA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Response Times for Enterprise Plan
- General Guidance: 24 total hours - System Impaired: 12 total hours - Prod System Impaired: 4 hours - Prod System Down: 1 hour - Business Critical System Down: 15 min
26
AWS Quick Starts
Step by step deployment for common platform
27
AWS Partner Network Consulting Partners
Third party connection tool
28
AWS Professional Services
- a global team of experts that can help you with your desired business outcomes for AWS - help directly with AWS resources
29
Console, CLI, SDK
3 ways to interact with AWS
30
Console
Interaction method good for testing out a service
31
CLI and SDK
Interaction method(s) good for automation
32
SDK
Interaction method for app integration
33
Root and IAM
2 types of AWS users
34
Compute Services
Service to use cloud based VMs; web, DB, data processing
35
EC2
- IaaS service - Elastic Compute Cloud
36
Hosting web server, batch processing, API server, remote desktop
4 use cases for EC2
37
Instance Type
- Defines processor, memory, storage - Cannot change without downtime
38
General purpose, compute, memory, or storage optimized, accelerated computing
3 categories of instance types
39
Root Device Types
- Instance store - Elastic block store (EBS)
40
Instance Store
Ephemeral storage; Physically attached to host
41
Amazon Machine Image
- Provides the information required to launch an instance - Template for EC2 instance like config, OS, data - Can be shared across accounts - Can be custom; commercial ones in AWS marketplace
42
5 types of EC2 purchases
- On-demand - Reserved - Savings plan - Spot - Dedicated - Default is on-demand
43
Reserved
- EC2 purchase type for consistent instances - Discount from on-demand when committing to a specific period of time - Capacity reservation for specific instance type
44
Savings Plan
- Purchase types not limited to EC2 - Is used for EC2, Fargate, Lambda - No reserved capacity - Up to 72% savings compared to on-demand - 1 or 3 year terms
45
Spot
- purchase type mostly used for batch processing - up to 90% savings compared to on-demand - like stock market for instance - instances launch with highest bidder; otherwise, kicked off - 2 minutes notify
46
Dedicated Host
- most expensive purchase type - dedicated physical server - good if you have per server license
47
Elastic Beanstalk
- service that automates deployment & scaling process on EC2 - leverages existing services; only pay for other services - handles provisioning, load balancing, scaling, and monitoring Supports Java, .NET, PHP, Node.js, Python, Ruby, Go, Docker - EC2 customization feature - to deploy apps with minimal knowledge of other services - reduces app maintenance
48
AWS Lambda
- compute service where you are charged on execution time - enables event-driven workflows - primary service for serverless architecture Advantages: reduced maintenance, fault tolerance, scales based on demand
49
6 types of Content and Network Delivery Services
Amazon Route 53, Amazon VPC, AWS Direct Connect, Amazon API Gateway, Amazon CloudFront, Elastic Load Balancing
50
Amazon VPC
- isolated section of the AWS Cloud - supports IPv4 and IPv6; can configure network settings - supports public and private subnets - can utilize Network Address Translation (NAT) for private subnets - enables connections to data center - can connect to other VPCs - supports private connection to other AWS Services
51
AWS Direct Connect
- service for dedicated network connection from data center to AWS
52
Amazon Route 53
- highly available and scalable DNS web service - leverage edge locations - global service; highly available and rare downtimes - global resource routing - can use server fail backups
53
Elastic Load Balancing
- Distributes traffic across multiple targets - integrates with EC2, ECS (Docker Service), Lambda - supports one of more AZs in a region
54
Application Load Balancer, Network Load Balancer, Classic Load Balancer
3 types of load balancers; default is classic (known as ELB)
55
Vertical and Horizontal
2 EC2 scaling types
56
Vertical Scaling
Scaling to better instance types
57
Horizontal scaling
Adding more of the same instance type
58
Amazon CloudFront
- CDN - leverages edge locations - for static and dynamic content - Security features: AWS Shield for DDoS - AWS Web Application Firewall (WAF)
59
Amazon API Gateway
- Fully managed API management service - Can create and manage APIs - Directly integrates with other AWS services - API call monitoring and metrics - Supports VPC and on-premise private applications
60
AWS Global Accelerator
- networking service that improves user performance up to 60% - utilizes IP addresses instead of DNS like CloudFront - once traffic reaches edge locations, traffic is routed through AWS network instead of public internet - can route to AWS resources like load balancers and EC2 instances
61
Global Accelerator
performance improvements from this service by: - minimizing distance between user and endpoint by using edge locations - optimizing traffic using AWS network - improvement of first byte latency, jitter, throughput - superior fault tolerance by not relying on DNS resolution
62
Global Accelerator
use cases for this network service: - using non-http protocols - requiring static IP - instant failover
63
6 types of file storage services
Amazon S3, Amazon S3 Glacier, Amazon Elastic Block Store, Amazon Elastic File System, AWS Snowball, AWS Snowmobile
64
Amazon S3
- storage service used to store files as objects in buckets - storage classes for different use cases - stores data across multiple AZs - URL access for files - configurable rules for data lifecycle - can serve as static web host
65
4 types of S3 non-archival classes
Standard, Intelligent-tiering, Standard-IA, One Zone-IA
66
Standard
- S3 default non-archival storage class - Used for frequently accessed data
67
Intelligent-Tiering
- S3 non-archival storage class - moves data to storage class based on usage based on frequency access
68
Standard-IA
- S3 non-archival storage class - for infrequently accessed data - spread across multiple AZs
69
One Zone-IA
- S3 non-archival storage class - for infrequently accessed data - only in one AZ
70
Lifecycle Policies
For S3: - bucket objects can transition or expire based on criteria - transition based on time not usage - expiration on age - policies can account for versions of an object
71
Transfer Acceleration
Optimized data upload using edge location as a part of CloudFront
72
Glacier & Glacier Deep Archive
- 2 services for archiving data within S3 as separate storage classes - offers configurable retrieval times - can send files directly or through lifecycle rules
73
S3 Glacier
- Service for archival data - 90 day min storage duration change - Retrieved in minutes or hours - Retrieval fee per GB - 5x LESS expensive than S3 standard storage class
74
S3 Glacier Deep Archive
- For archival data - 180 day min storage duration change - Retrieved in hours - Retrieval free per GB - 23x LESS expensive than S3 standard storage class
75
Elastic Block Store
- Persistent storage; separate from host - Persistent block storage for use with a single EC2 instance - Scales to support PB of data & multiple volume types - Redundancy within AZ - Allows snapshots of data - Offers encryptions
76
EBS volume types
1. General purpose SSD 2. Provisioned IOPS SSD; high performance for low latency apps 3. Throughput optimized HDD; frequently accessed data 4. Cold HDD; less frequently accessed workloads
77
Elastic File System (EFS)
- Fully managed Network File System (NFS) - Designed for Linux workloads - Supports PB of data - Stores data across multiple AZs - Provides configurable lifecycles rules
78
Standard, Infrequent Access
2 EBS Storage Classes
79
Amazon FSx for Windows File Server
- fully managed native Windows file system - Utilizes SSDs for low latency - Native Windows features like: - SMB (Server Message Block) support - Active Directory Integration - Windows NTFS
80
AWS Snowball
- large scale data transfer - PB scale transfers - physical device delivered by AWS to office location - connect Snowball to your network and upload data - Device is returned by local carrier to AWS - AWS receives device and loads data into S3
81
AWS Snowmobile
- large scale data transfer - EB scale transfers - shipping container delivered to location - AWS sets up connection to network - loads data onto snowmobile - AWS loads data into S3 when the container is at AWS location - can do multiple trips
82
6 database and utility services
Amazon RDS, Amazon Aurora, Amazon DynamoDB, Amazon Redshift, Elasticache, AWS Database Migration Service
83
Amazon RDS
- Fully managed service for relational databases - Handles provisioning, patching, backups, and recovery - Can deploy across multiple AZs - Supports read replicas for some platforms - Launches into VPC - Provides both GP SSD and provisioned IOPS SSDs
84
6 Amazon RDS supported platforms
MySQL, PostgresSQL, MariaDB, Oracle, SQL Server, Amazon Aurora
85
Amazon DMS (Data Migration Service)
- Service to move data into AWS from existing data - supports one time and continual migration - supports popular commercial and open source databases - only pay for computation in migration process
86
Amazon DynamoDB
- fully managed NoSQL database service - provides key-value and document DB - low latency at any scale - supports automated scaling based on config - offers in-memory cache with DynamoDB Accelerator (DAX) - Handles 20 mil reqs/sec and 10 tril reqs/day
87
Amazon DynamoDB
- NoSQL database service use cases: - scaling without excessive maintenance - serverless applications - implementations that require low latency - data models without BLOB (Binary Large Object) storage
88
Amazon ElastiCache
- fully managed in-memory data store - supports both Memcached and Redis - low latency - enables scaling and replicas to meet demand - handles common use cases: - DB layer caching - session storage
89
Amazon Redshift
- scalable data warehouse service - supports PB scale warehousing - high performance disks and columnar storage - offers full encryption for content - provides isolation with a VPC - enables querying of EB of data in S3 using Redshift Spectrum
90
Amazon Aurora
- relational DB engine compatible with MySQL and PostgreSQL
91
3 app integration service
Amazon SNS (Simple Notification Service), Amazon SQS (Simple Queue Service), AWS Step Functions
92
Amazon SNS
- fully managed publish and subscribe messaging service - can create decoupled application - organized based on topics - integrates with other AWS services - provides end user notification via SMS, email, and push * - short lived messages; if not subbed, completely miss the info
93
Amazon SQS
- like a mailbox - fully managed message queue service - can create decoupled and fault tolerant apps - up to 256KB per message - message can be stored up to 14 days
94
2 types of SQS queues
Standard (cannot guarantee order), FIFO (guarantees order)
95
AWS Step Functions
- orchestration of workflows through fully managed service - supports serverless architecture - supports complex workflows including error handling - charged per state transition and other AWS services used - workflows defined using Amazon States Lanauge (kind of like JSON)
96
AWS Step Function Integrations
- Service integrates with: - Compute services (like lambda) - DB services (like dynamoDB) - Messaging services (SNS & SQS) - ML services
97
6 types of Management and Governance services
AWS CloudTrail, AWS CloudFormation, AWS CloudWatch, AWS Config, AWS Systems Manager, AWS Control Tower
98
AWS CloudTrail
- log, continuously monitor, retain account activity - event history throughout all tools and services - audit trails go to S3 bucket or into CloudWatch logs - logs events in the regions they occur - meets many compliance requirements for auditing * - should be enabled on every AWS account - can consolidate into an Organizational trail using AWS Organizations
99
CloudTrail Use Cases
- Service's use cases: - Compliance requirement - Forensic analysis - Operational analysis - Troubleshooting
100
3 services used to manage infrastructure
Amazon CloudWatch, AWS Config, AWS Systems Manager
101
Amazon CloudWatch
- first class citizen service, meaning it integrates by default - monitoring and management service - collects logs, metrics, and events from most AWS services - enables alarms based on metrics - provides visualization for metrics - can create custom dashboards based on metrics
102
AWS Config
- Continuously monitors and records AWS resource configs - Provides config history - Works with custom rules and custom validation - Has conformance packs for compliance standard including PCI-DSS (used for payment info) - Works with AWS Organizations; both cross-region and cross-account - Provides remediation steps for infrastructure not meeting criteria
103
AWS Systems Manager
- view operational data from AWS services and automate operational tasks across AWS resources - to manage AWS infrastructure - automation for common maintenance actions (like library updates on multiple servers) - secure way to access servers using AWS credentials - stores commonly used params securely for operational use
104
AWS CloudFormation
- service for provisioning infrastructure based on templates - Free - Templates: YAML, JSON - enables infrastructure as code - provides drift detection to find changes in the infrastructure
105
AWS OpsWorks
- configuration management service - managed instances of Chef and Puppet - config defined as code for servers - Chef and Puppet manage lifecycles of config changes with servers - works in hybrid cloud architecture for both cloud-based and on-premise servers
106
3 AWS OpsWorks subservices
Chef Automate, Puppet Enterprise, OpsWorks Stacks
107
AWS Control Tower (with Organizations)
- creates multi-account environments on AWS that follows best practices - centralizes users across all AWS accounts - provides creation of new accounts based on templates - has Guardrails for account, which are like permissions - include dashboard for operational insight
108
Acceptable Use Policy
- sending unsolicited mass emails is prohibited - hosting or distributing harmful content - pen tests are allowed for a list of specific services
109
Least Privilege Access
- only grant permissions to do task and no more - Don't use own root account for daily tasks
110
Shared Responsibility Model
- security and compliance is shared between AWS and user - AWS has responsibility for security OF the cloud - user has responsibility for security IN the cloud
111
AWS Responsibility
- access and training for Amazon employees - global data enter and underlying network - hardware for global infrastructure - configuration management for infrastructure - patching cloud infrastructure and services
112
Customer Responsibility
- individual access to cloud resources and training - data security and encryption (in transit and rest) - OS, network, and firewall config - all code deployed onto cloud infrastrucutre - patching guest OS and custom apps
113
AWS Well-Architected Framework
- collection of best practices across the five pillars: 1. Operation Excellence - running and monitoring systems for business value 2. Security - protecting info and assets 3. Reliability - recovery from disruptions 4. Performance Efficiency - using resources efficiently 5. cost Optimization - minimal costs
114
High Availability
- entire solution is running in an expected manner despite possible issues
115
Fault Tolerance
- supporting component failures
116
High Availability and Fault Tolerance
- Most managed AWS Services provide high availability out of the box - EC2 fault tolerance must be implemented - Multiple AZs should be leveraged - Some services can enable fault tolerance in custom apps: SQS, Route 53
117
Compliance Common Standards
PCI-DSS, HIPAA, SOC 112/3, FedRamp, ISO 27018
118
PCI-DSS
- For processing credit cards - Payment Card Industry Data Security Standard
119
HIPAA
- For healthcare data - Health Insurance Portability and Accountability Act
120
SOC 112/3
- For operational processes
121
FedRamp
- For US government data - Federal Risk and Authorization Management Program
122
ISO 27018
- For personally identifiable info
123
3 Compliance Services
AWS Config, AWS Artifact, Amazon GuardDuty
124
AWS Config
Service that provides conformance packs
125
AWS Artifact
- service that provides access to compliance reports
126
Amazon GuardDuty
- Intelligent threat detection service
127
AWS IAM
- Identity and Access Management - service that controls access to AWS resources - FREE - manages authentication (login) & authorization (permissions) - supports identity federation through SAML provides including Active Directory (external identity provider)
128
3 IAM Identities
Users, Groups, Roles
129
IAM User
A person or application that can authenticate with an AWS account
130
IAM Group
- A collection of users under one set of permissions - Permission per group
131
IAM Role
- Enables user or AWS service to assume permission for a task
132
IAM Policies
- JSON that defines permissions for an AWS IAM Identity - defines accessible services and actions for that service - can be customer managed or AWS managed
133
2 IAM Best Practices
MFA, Least Privilege Access
134
Amazon Cognito
- like IAM but for own apps - service that enables handling of authentication and aspects of authorization for apps via AWS - provides UI for many platforms - provides security features to control account access - enabled controlled access to AWS resources; like IAM - works with social and enterprise identity providers: like Google, Amazon, Facebook, Microsoft Active Directory, SAML 2.0 Provider
135
2 On-Premise Data Integration Services
AWS Storage Gateway, AWS DataSync
136
AWS Storage Gateway
- integrates cloud storage into local network - deployed as VM or specific hardware appliance - integrates with S3 and EBS
137
3 AWS Storage Gateway types
Tape, File, Volume
138
Tape Gateway
- Tape backups process store data in cloud on virtual tapes
139
File Gateway
Stores files on S3 while providing cache low latency local access
140
Volume Gateway
iSCSI (Internet Small Computer System Interface) volumes on cloud to local applications
141
AWS DataSync
- Agent is deployed as VM on local network - Integrates with S3, EFS, FSx for Windows File Server on AWS - Improved transfer speed due to custom protocols and optimizations - Charged per GB of transferred data
142
3 AWS Data Processing Services
AWS Glue, Amazon EMR, AWS Pipeline
143
AWS Glue
- Fully managed Extract, Transform, Load (ETL) service - Supports data in RDS, DynamoDB, Redshift, S3 - Serverless model of execution (manages infrastructure automatically)
144
Amazon EMR
- Elastic Map Reduce - big-data processing on EC2 and S3 - supports popular open-source frameworks and tools - Operates in a clustered environment without additional config - Supports many use cases
145
AWS Data Pipeline
- managed ETL service - manages data workflow through AWS services - support S3, EMR, Redshift, DynamoDB, RDS - able to integrate on-premise data stores
146
3 Data Analysis Services
Amazon Athena, Amazon Quicksight, Amazon CloudSearch
147
Amazon Athena
- fully managed serverless service - enables querying of large-scale data stored in S3 - queries are written in standard SQL - charged based on data scanned for query
148
Amazon Quicksight
- Fully managed BI service - Enables dynamic data dashboard based on stored data - Charged on a per-user & per-session pricing model - Multiple versions provided based on needs
149
Amazon CloudSearch
- fully managed search service - supports scaling of search infrastructure to meet demand - charged per hour and instance type of search infrastructure *- enables developers to integrate search in custom apps
150
3 AI/ML Services
Amazon Rekognition, Amazon Translate, Amazon Transcribe
151
Amazon Rekognition
- fully managed image and video deep learning service - identifies objects in images - identifies objects and actions in videos - can detect specific people using facial recognition - supports custom labels for business objects (cashier-less shopping)
152
Amazon Translate
- fully managed test translator service - currently support 54 languages - language identification both batch and real time
153
Amazon Transcribe
- fully managed speech recognition service - recorded speech converted into text - has sub-service for medical use - supports batch and real time transcription - currently supports 31 languages
154
4 Disaster Recovery Architectures
Backup and Restore, Pilot light, Warm Standby, Multisite
155
Backup and Restore
- production data is backed up into S3 - standard or archival storage class - EBS data can be stored as snapshots in S3 - Disaster Recovery event uses process of launching a new environment - longest recovery time; cheapest
156
Pilot light
- key infrastructure components are kept running in the cloud - to reduce recovery time compared to B&R - cost builds up for running in the cloud - AMIs (Amazon Machine Image) prepared for additional systems and can be launched quickly *- core pieces of the system are always running
157
Warm Standby
- scaled down version of full environment in the cloud - critical systems can run on less capable instance types - instance types and other systems can be upgraded for disaster recovery - cost builds up for running infrastructure in the cloud
158
Multisite
- Full environment running at all times in the cloud - Utilizes instance types needed for production, not just recovery - Near seamless recovery; expensive
159
2 Considerations when selecting a Backup Architecture
Recovery Time Objective (RTO), Recovery Point Objective (RPO)
160
RTO
- Time is takes to get systems back up and running
161
RPO
- Amount of data loss (in terms of time) during disaster recovery
162
2 EC2 Scaling Services
Auto Scaling Group, Elastic Load Balancer
163
Auto Scaling Group
- launch template for the group's instance configuration - define the min, max, and desired number of instances - performs health checks on each instance; status codes - exists within one of more AZs in a region - works with on-demand and spot instances
164
AWS Secrets Manager
- secure way to integrate credentials, API keys, tokens, and other secret content - integrates natively with RDS, DocumentDB, and Redshift - can auto-rotate credentials with integrated services - enables fine-grained access control to secrets
165
3 VPC securities
Security Groups, Network ACLs, AWS VPN
166
Security Groups
- Serves as a firewall for EC2 instances - Control inbound and outbound traffic - Works at instance level; not subnet level - EC2 instances can belong to multiple security groups - VPCs have default security group - Must be explicitly associated with an EC2 instance - Defaulted to allow all outbound traffic
167
Network ACL
- Access Control List - works at subnet level within a VPC - enables you to allow and deny traffic - each VPC has default ACL, which allows all inbound and outbound - custom ACLs deny all traffic until rules are added
168
AWS VPN
- goes over public internet; DirectConnect uses AWS network - encrypted tunnel into VPC - used to connect own data center or individual client machines - support services: Site-to-site VPN, Client VPN
169
3 infrastructure protection services
AWS Shield, Amazon Macie, Amazon Inspector
170
AWS Shield
- Provides protection against DDoS for apps running on AWS - Enables on-going threat detection and mitigation - 2 service levels: standard and advanced
171
Amazon Macie
- Utilizes ML to analyze data stored in S3 - Detects personal info and intellectual property in S3 - Provides dashboards that show how data is being stored and accessed - Alerts if it detects anything unusual about data access
172
Amazon Inspector
- Scanning of EC2 instances for security vulnerabilities - Charged by instance per assessment run
173
Amazon Inspector 2 rules packages
Network Reachability Assessment, Host Assessment
174
Network Reachability Assessment
- Determines what servers provide to the internet
175
Host Assessment
- Vulnerability and config scanning
176
2 Pre-defined Deployment Services
AWS Service Catalog, AWS Marketplace
177
AWS Service Catalog
- Serves as an organizational service catalog for the cloud - Can be single server image to multi-tier custom app - Enables organizations to use services that meet compliance - Supports lifecycles for services in catalog (update notification)
178
AWS Marketplace
- Curated catalog of third-party solutions for customer to run on AWS - Provides AMIs, CloudFormation stacks, and SaaS solutions - Enables different pricing options to overcome licensing in the cloud - Charges appear on AWS bill (but some are free)
179
5 AWS Developer Tools
AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, AWS CodePipeline, AWS CodeStar
180
AWS CodeCommit
- Managed source control service that utilizes Git for repos - Control access with IAM policies - Alternative to GitHub and Bitbucket
181
AWS CodeBuild
- Managed build and continuous integration service on AWS - No worries about infrastructure maintenance - Charged per minute for compute resources utilized
182
AWS CodeDeploy
- Managed deployment service for deploying custom apps -Deploys to EC2, Fargate (container service), Lambda, and on-premise servers - Provides dashboard for deployments in AWS console
183
AWS CodePipeline
- Fully managed continuous delivery service on AWS - Provides capabilities to automate building, testing, and deploying - Integrates with other dev tools and GitHub
184
AWS CodeStar
- Workflow tool that automates the use of the other dev services - Create complete continuous delivery toolchain for custom apps - Charged for the other leveraged services
185
Traditional Data Centers
Cons: - Large investment - difficult demand forecasting - slow to deploy - expensive maintenance - own all security burden
186
Cloud Computing
- On-demand delivery of comp power, db, apps, and IT through internet Pros: - Variable expense not capital - Economies of scale
187
Elasticity
Ability to acquire and release resources efficiently
188
IaaS
The full application and dependencies on the cloud
189
SaaS
Cloud services like email
190
PaaS
Wordpress, Elastic Beanstalks
191
Deployment Models
Public, Private, Hybrid are types of...
192
The 3 elements of the AWS Global Infrastructure
Regions, Availability Zones, Edge Locations