AWS Flashcards
(23 cards)
AWS Lambda
vm managed entirely by AWS
AWS Fargate
containers managed entirely by AWS
AWS S3
-unlimited storage
-individual objects up to 500 GBs
-Write once, read only (WORM)
-99.99% durability
AWS EC2 instances
virtual machines
AWS ECS elastic container service
docker containers instead of vms
AWS EKS elastic kubernetes service
docker containers managed by aws kubernetes
AWS SQS
Simple Queue System
AWS SNS
Simple Notification System
AWS EFS (elastic file system)
-Multiple instances can access the data in EFS at the same time
-scales up and down automatically
-Linux file system
-Regional resource
-Can store data across multiple Availability Zones
AWS EBS
-Block storage for EC2 instances
-In order to use EBS you need to be in the same AZ (availability zone)
AWS RDS (Relational Database Service)
-MySQL
-PostgreSQL
-Oracle
-Microsoft SQL Server
lift and shift migration
lift and shift the database from on premise to AWS
-Automated patching
-Backups
-Redundancy
-Failover
-Disaster recovery
Amazon Aurora
-Supports MySQL and PostgeSQL Amazon own Db
-1/10 is the price from commercial db
-continuous backups
Amazon Dynamo DB
Serverless database
-tables
—–items
———-attributes
Milisecond response time
simple flexible schema
evey item can have different attributes
Non-relational No SQL database
Fully managed
Amazon Redshift
Data warehouses
-data warehouses as a service, single SQL against massive data
-
AWS Database Migration Service
Migrate a database between a source and destination
-source db remains fully operational during migration
-downtime is minimized for apps that rely on that database
-the source and target dbs don’t have to be of the same type
Homogenous dbs
- MySQL to Amazon MySQL
-Same db to other Db
-schema struct, data types and database code is compatible
Heterogenous migration
-different schema
-tool for conversion the schema and the code
-migrate from source to destination
development and test database migrations
-test against test data w/o affecting prod users
database consolidation
-have several databases consolidate into 1
continuous database replication
-continuous use rds to perform data replication for disaster recovery
Amazon Document DB, Amazon Neptune, Amazon Managed Blockchain
Document DB - variation of Mongo DB
Neptune -
Managed Blockchain - AWS version of blockchain
AWS Shared Responsibility Model
Part of it is managed by the client
———-platform apps, OS, client side data encryption
Part of it is managed by AWS
————Compute, Storage, Database, Networking
AWS global infra, Regions Edge locations and Availability zones
Users and Permissions
AWS root account user - MFA that account
IAM groups for users
Policies
Roles - associated permissions or associated to temp permissions
AWS organizations
—centalized management
—consolidated billing
—hierarhical groupings of accounts
—-AWS service and API actions access control
DDOS
UDP flood
- makes a request to a server and points the wrong return address to flood that server
- HTTP attacks
- SlowLoris attack - the attacker pretends to have a slow internet connection
-Solutions
———UDP flood -> Security Groups
———slowloris - elastic load balancer, you have to load the entire availability zone
——— custom attacks -> aws shield with aws waf - web app firewall filtering traffic
Additional security services
aws kms service (key management service)
amazon inspector
——-network configuration reachability piece
——–amazon agent
——-security assessment service
amazon guard duty
——- identifies threats by monitoring the network activity and account behavior within aws environment
Amazon CloudWatch
Metrics: Variables tied to your resources
Cloudwatch alarm for a certain resource, integrated with SNS
Benefits
-Access all your metrics from a central location
-Gain visibility into your apps, infrastructure and services
- Reduce MTTR and improve TCO
Amazon CloudTrail
showing trails of interactions with system settings
answering the question what, who, when, how
AWS Trusted Advisor
-Cost optimization
-Performance
-Security
-Fault tolerance
-Service limits
