AWS Flashcards
What is AWS?
AWS is a collection of Cloud Computing Services that can work together or independently to run or support a computer program.
What is an Amazon EC2 instance?
An Amazon EC2 instance is a virtual server in Amazon’s Elastic Compute Cloud (EC2) for running applications on the Amazon Web Services (AWS).
EC2 is a service that enables to run application programs in the computing environment. It can serve as a practically unlimited set of virtual machines (VMs)
Elastic - Instances running computing operations can increase or decrease at will
Whats is an Amazon Machine Images (AMI)?
It is a combination of operating system and applications preinstalled.
Amazon updates the image software (but not your instance).
What are Security Groups?
IP-based communication rules for a single or group of EC2 instances. (Firewall between instances - controls which IP’s an instance can talk to and what it can access it)
What is S3?
S3 (Simple Storage Services) provides developers with secure,durable, highly-scalable object storage.
- Object-based - allows to upload files
- Maximum size of 5 terabytes.
- Files are stored in bucket
Features:
- Tiered Storage Available
- Lifecycle Management
- Versioning
- Encryption
- Secure your data using Access Control Lists
What is a Bucket?
A bucket is your root resource to which you can add, remove or modify objects when it comes to Simple Storage Service.
S3 is a universal namespace - that means names must be unique globally
Buckets can:
- Trigger events when objects are added/modified/deleted
- Preserve older versions of objects
- Replicate objects across different regions
What is an example of an S3 Bucket URL?
https://s3-us-west-1.amazonaws.com/okfido.org/img/okfido_logo.png
With the url you can access the objects within them.
When the permissions for objects are modified to allow anonymous access, S3 can be used to host static files as websites.
What is the way to solve latency problems in S3?
With S3 you can automatically replicate files to other regions, but there is a better solution…
with Cloudfront (cdn), you can cache your content at locations around the world.
What is Relational Database Service (RDS)
TODO
What is Route53?
Route53 is Amazon’s service for management of DNS both inside and outside of AWS.
It allows to easily configure domain names to resolve internal AWS services.
What is Lambda?
Lambda provides function code executions as a service. (Serverless or Funciton as a service)
- Executes code
- No server management required
- is also great for small, irregular tasks
Function:
1) Bundle of code with specified execution entry point
2) For a specific platform type like go, node, java
3) has invocation gateways
4) has additional configuration options
What is DynamoDB?
DynamoDB is a managed NoSQL database from Amazon that supports document and key-value models.
- Core structure in DynamoDB is a table (root point of your data storage)
- Stored on SSD storage
- Spread across 3 geographically distinct data centres
- Eventual Consistent Reads (Default) (if data written will not be read within 1 sec) / Strongly Consistent Reads
What is Provisioned Throughput Capacity (DynamoDB)?
Number of Read/Write Units per second to provision the table with.
Read unit is limited to 4kb
Write unit is limited to 1kb
Any requests above those sizes would consume additional read/write units.
What is CloudFront?
CloudFront is a CDN that allows you to serve files globally with very fast connections.
1) You begin by setting up a CloudFront distribution (A distribution defines a set of content to distribute the files from.)
2) Specify an original location of the resource (Like S3 bucket).
3) Once a distribution is created an unique URL will be created.
4) You can also set up configuration options (like Allowed HTTP Methods, Edge Locations, SSL certificates)
What is an Edge Location (CloudFront)?
This is the location where content will be chached. Separate to an AWS Region/AZ
What is the Origin (CloudFront)?
Origin of all the files that the CDN will distribute. This can be an S3 Bucket, EC2 Instance, Elastic Load Balancer or Route53
What is the Distribution (CloudFront)?
Name of the given CDN, which consist of a collection of Edge Locations
How does data consistency work for S3?
- Read after Write consistency for PUTS of new Objects
- Eventual Consistency for overwrite PUTS and DELETES
What is DAX (DynamoDB)?
DAX is a DynamoDB Accelerator.
- It provides fully managed, highly available, in-memory cache
- 10x performance improvement
- Reduces request time from milliseconds to microseconds
- Completely compatible with existing DynamoDB API calls
What are Transactions (DynamoDB)?
- Multilple all-or-nothing operations
- Under the hood DynamoDB performs two underlying reads or writes for transactions - prepare/commit
- Operate up to 25 items or 4 MB of data
What are the properties of On-Demand Backups and Restore (DynamoDB)?
- Full backups at any time either through AWS console or an API call.
- Zero impact on table performance or availability
Point-in-Time Recovery:
- Allows restore to any point in the last 35 days
- Incremental backups
- Lates restorable time (5 mins)
What are Global Tables (DynamoDB)?
- Managed Multi-Master, Multi-Region Replication
- Globally distributed applications
- Based on DynamoDB streams (requires DynamoDB Streams)
- Multi-region redundancy for DR or HA
- Replication latency under one second
What are Cognito User Pools?
User Pools are user directories used to manage sign-up and sign-in functionality for mobile and web applications. Cognito acts as an Identity Broker between the ID provider and AWS. Successful authentication generates a number of JSON Web tokens (JWTs)
What are Identity Pools?
Identity Pools enable you to create unique identities for your users and authenticate them with identity providers. With an identity you can obtain temporary, limited-privilige AWS credentials to access other AWS services
What are API Gateway Security Mechanisms?
1) IAM Authorisers
2) Lambda Authorisers
3) Cognito user pools authorisers
Authorisers are a security feature of API Gateway, that help us to validate the request
Apart from that
- CORS
- SSL client side certificate
- AWS WAF
- Usage plans and API keys
Explain Lambda Authoriser scenario.
Whenever a request is coming into API Gateway, it will be first read by the Authoriser.
In this case it is a lambda, that will execute some operation - request or token validation. If the validation is OK, it will pass the request to the next lambda which contains business logic.
Explain Cognito User Pools Authoriser scenario.
Allow us to customize user pools, so we can control who can call the API.
- Create an Authoriser of Cognito User Pool type.
- Configure method to use this Authoriser.
Flow:
1) When a client wants to use the API, he will get signed in with Cognito first. It will obtain some kind of token or identity.
2) With that, the client can call API Gateway, which will validate that this token is valid.
3) If it’s ok it will proceed to call the lambda.
Explain the IAM Authorisers
- Set up the Authoriser of API Gateway to IAM.
1) The client that wants to use this API needs to login to a user pool
2) get a valid role from Cognito Identity Pools
3) Then, he will execute API Gateway with a valid role
4) Execute the lambda
What is a Hosted Zone?
Hosted Zone is a feature of AWS Route53, it is a container for all of individual records or entries for things in that domain name.
dev. example.com
www. example.com
test. exampe.com
What is a name server record?
Specifies that a DNS Zone (Hosted Zone) is delegated to specific Authoritative name server and provides the address of the name server.
In AWS registration of a Hosted Zone by default creates this record, which contains of total of 4 name servers. This set of name servers is called a delegation set.
What is an A record?
An “A” record is the fundamental type of DNS record. The “A” stands for “Address”. The A record is used to translate the name of the domain to an ip address. For example
http://www.acloud.guru might point to http://123.10.80
What is a CNAME record?
Canonical name, means that for the value of pointer, you do not provide an IP address, but another dns name. When the DNS lookup happens, the end user will get the IP address of that other dns name.
What is an Alias and why is it important?
Alias records are used to map resource record sets in your hosted zone to Elastic Load Balancers Cloudfront distributions or S3 buckets that are configured as websites.
Imagine a situation, that you want to point to above resources. All of those things, have IP addresses that can change, so you do not want to hardcore the IP address to that resources.
“Alias” tells the Route53, to fetch the current IP address of selected resource, that you are targetting.
