AWS Applications and Services Flashcards
1
Q
DynamoDB
A
Dynamo - dinosaur notebook filled with stickers (you write down what’s happening rn, more real-time), unstructured data, nonSQL data
used in AI/ML for storing real-time data (i.e. what users are clicking on)
supporting storage layer for fast, quick-access needs, but not typically the main storage layer
2
Q
Redshift
A
data warehouse (structured data) - think library where you store/study old notes (vs. dynamo real-time notebook), structured data
relational database, queried with SQL
vs data lake which is unstructured
3
Q
EC2
A
Amazon EC2 (Elastic Compute Cloud) is a web service that provides scalable computing capacity in the cloud. It allows you to rent virtual servers, known as “instances,” to run applications, store data, and perform other tasks. EC2 is flexible and enables you to choose the size, type, and configuration of your instances based on your needs, helping you scale up or down easily as your workload changes. It’s like renting a computer in the cloud that you can customize to meet your specific requirements.
4
Q
AWS Lambda vs EC2
A
EC2 - provides the VMs (instances) for you to run your applications. you manage the servers and decide when you want the instances up and live, you pay for the instance whether it’s running or sitting idle. Best for apps where you need long-running compute power (web hosting, database management, anything with persistent needs)
= manual scaling/configuration
Lambda - serverless computer where you don’t have to manage the underlying infra. You upload your code, and Lambda automatically runs it in response to events (e.g., HTTP requests, file uploads, database changes). You pay based on number of requests and time it takes your code to execute. Only pay for when code is running, not when idle. Ideal for event-driven apps (API calls, image processing)
= auto scaling, event-driven architecture`
5
Q
Write a scenario where Lambda could replace a traditional server for efficiency.
A
Image upload system (or something where you’re uploading to a s3 bucket) - traditional server would require you to manage the infrastructure, you’d have to pay for the compute costs regardless of if images were being uploaded or not, you could either have excess capacity or not enough dependent of flux of demand because you have to scale it, event-driven – only incur costs for actual usage when the function is invoked.
6
Q
Lambda function
A
Lambda function = A tiny program that runs only when something happens (like a new file upload or a new message) and does a specific job (like resizing an image).
7
Q
EC2 Pricing
A
1) on demand pricing (by second)
2) Savings Plan - requires 1 or 3 year commits, but can include other AWS services (fargate, lambda etc so better for diverse workloads). contractually committed, steady state use
3) spot instances - just borrowing spare AWS capacity, they can ask for it back, only really good for batch workloads that can be interrupted
Reserved/dedicated capacity
8
Q
Fargate
A
serverless ECS, you just pay for running containers vs having to pay for EC2 server usage and handle scaling
9
Q
Savings Plans
A
Contractually committed, steady state use, significant cost savings vs on-demand, requires 1 or 3 year commits, but can include other AWS services (fargate, lambda etc so better for diverse workloads).
Compute Savings Plans, EC2 Instance Savings Plans, and Amazon SageMaker Savings Plans
10
Q
Spot Instances
A
Borrow EC2 capacity, up to 90% discount
Good for:
- stateless/fault tolerant - can be stopped, and doesn’t matter if it has a memory of past interactions
- apps that can run on heterogenous (hetero-genius) hardware – aka doesn’t matter if instance jumps around to dif types of hardware
11
Q
stateless
A
Each request or task is independent of others. Think short-memory
applicable both in workloads as well as NACL security features
How it works: These workloads do not store information about past requests
NACLs are about network security rules that don’t track previous traffic, while stateless workloads are about applications that don’t remember past actions.
12
Q
reserved or dedicated capacity
A
reverse = reserve ahead of time
dedicated = physical EC2 server
13
Q
What’s included in a EC2 instance outside of it’s processor?
A
- memory (RAM)
- storage (EBS instance store)
- networking
- security groups
- OS (installed from AMI)
- IAM
- Key pair
- monitoring (cloudwatch)
14
Q
ways to call AWS via API
A
management console, SDK, or CLI
15
Q
What is an instance comprised of?
A
It includes virtualized hardware (CPU, memory, storage, and networking resources) configured for specific use cases.
= the full virtual machine
dif instance types (ie P5, G5) optimized for different workloads.
16
Q
Instance vs processor
A
processor = just one part of the instance. part of the instance’s processor
physical or virtual chip inside the instance responsible for performing computations. Examples include CPUs (e.g., Intel Xeon, AMD EPYC) and GPUs (e.g., NVIDIA H100, H200)
17
Q
What’s in the P5 and P5e/P5en instances?
A
P5:
NVIDIA H100 Tensor Core GPUs
P5e/P5en:
NVIDIA H200 Tensor Core GPUs
Intel Sapphire Rapids CPU
18
Q
Types of CPUs and GPUs
A
- AMD EPYC
- Intel Xeon (Sapphire, icelake, cascade lake)
19
Q
Types of savings plans
A
1 - compute (any type of instance)
2- EC2
3- SageMaker
has committed monthly spend but the flexibility of instance type, geography etc
20
Q
Reserved instance - what attributes?
A
need to match the 5 attributes of EC2 - instance type, region, platform, tenancy
21
Q
multi/shared tenancy
A
EC2 instances shared on physical servers with other customers
22
Q
ODCR - On Demand Capacity Reservations
A
Ability to get capacity at on-demand rates with no commitment
23
Q
Zonal RI
A
Provides capacity within a time zone
24
Q
instance families vs instance types
A
instance family groups instances by workload optimization (i.e. family ‘t’ or ‘m’ for general purpose), instance type = exact size +resource configuration (i.e. m5.large)
25
types of Reserved Instances
1 year vs 3 year
Standard vs convertible (can change instance type, OS, tenancy)
Zonal RI vs. OCDR - includes capacity vs doesn't
26
Reserved Instances
Reserved Instances:
Provide discounts when you commit to using a specific instance type, region, and tenancy for 1 or 3 years.
They are tied to specific configurations but offer flexibility with Convertible RIs, allowing you to change some parameters.
Primarily suited for workloads where you know the exact requirements.
27
Savings Plans
Offer discounts for committing to a specific spend amount per hour over 1 or 3 years, with more flexibility than RIs.
Apply automatically to any instance family, size, and region (in Compute Savings Plans) or to specific EC2 instances (in EC2 Instance Savings Plans).
28
benefits of fargate
serverless, AWS manages the infrastructure, which helps in:
1. scalability - auto scaling, dynamic compute resources
2. ease of management - devs can focus fully on the GenAI app vs server provisioning/network/mainenance
3. pay for what you use
29
compute options for GenAI startups
1. EC2 instances (choose GPUs)
2. EC2 with kubernetes or EC2
3. Fargate (serverless)
30
benefit of containerization for GenAI startups
1) use containerized environments for experimenting and deploying GenAI models
i.e. isolate training environments where they test different variables
2) containers mean GenAI apps can be ported across CSPs/environments, enable consistent environments, parallelism & scale horizontally, optimize resource usage
31
what different configurations are in a EC2 instance / AMI (amazon machine instance)
- amount of CPUs
- memory (RAM)
- network bandwidth
- operating system
- storage (EBS)
----
OS
application server
libraries
any custom configurations
32
what is an Amazon Machine instance
preconfigured configuration of amazon machine
33
how are you charged in serverless services?
only by the time/amount the resources (i.e. amount of time code is running for lambda (code runtime), or number of containers for ECS fargate)
34
edge computing
run workloads outside of networks, close to destination location
push computing to phones, IoT devices, servers not in cloud network
35
difference services for cost and capacity management of computing services
- spot instances, reserve instances, savings plan
- AWS Batch
- compute optimizer
- ASG (auto scaling groups) - adds/removes EC2 servers per traffic
- elastic load balancer (ELB) - reroutes traffic to different EC2 instances in dif based on instance health or AZs
- elastic beanstalk
36
what is a cluster?
ECS cluster is where your containerized applications run
= EC2 instances or fargate tasks
containers are scaled
37
fargate tasks
tasks are the blueprint that tells ECS what containers to run, what resources they need, how interact
Fargate tasks are run without needing EC2 instances
38
benefit of ECS clusters for GenAI
scalable/manageable infrastructure to deploy containers for AI model training, inference, or microservices
allows GenAI apps to run multiple containers across EC2 instances/fargate tasks
cluster allows for autoscaling based on demand; would automatically increase # of containers running in cluster
summarized:
- deploy containerized AI models efficiently
- scale workloads based on demand
- manage containerized services without worrying about the underlying infrastructure
39
examples of containers that GenAI apps would run
difference microservices such as data processing or model inference
40
node
individual EC2 instance or fargate task
41
images in EC2
same as AMI, is a base environment for the instance. It includes the OS, application server, libraries, and any custom configurations you need to start an EC2 instance.
instance then is launched from this image. i
42
image repository
where docker or container images (instructions/contents for a reproducible environment across EC2 instances)
43
custom AMIs
often used for GenAI apps, since these often require a specific set of libraries (TensorFlow, PyTorch) + other dependencies for model training
custom AMI can include these preinstalled so every new EC2 instance is ready to go
44
benefits of AMIs
enables consistency and speed to reproduction
45
significance of being deployed on a VPC
only internal accessible -- ensures network isolation, security, control over routing
46
services not requiring private subnet
anything that is externally accessible/global
s3
cloudfront
SNS/SQS
47
ASG
auto adjusts EC2 instances based on traffic (demand spikes) / load (to CPU/GPU)
48
when would genAI app use savings plan
if using multiple compute resources (EC2, fargate and lambda) , commit to a spend level over 1 or 3 years without being tied to specific instance types
49
Elastic Beanstalk
helps deploy/monitor web applications without having to manage any of the scaling, infrastructure. auto applies auto-scaling and elastic load balancing
is another option from ECS that manages more for you
50
Elastic beanstalk vs fargate
Elastic Beanstalk is a Platform as a Service (PaaS) that automates the deployment, scaling, and management of applications. for building web apps, APIs, software stacks
fargate is a serverless compute engine for containerized workloads. applicable if they're running a microservices architecture
51
what is a library? common libraries for genAI?
A library in the context of EC2 instances refers to a collection of pre-written code that provides functionality to be used by applications running on EC2. Libraries in this context are typically software packages or dependencies that help developers build applications without reinventing the wheel.
popular ones for GenAI models are TensorFlow, PyTorch, Hugging Face
52
microservices
Microservices is a software architectural style where an application is broken down into small, independently deployable services, each of which performs a specific function.
53
how do microservices and containers relate
Microservices can be deployed inside containers to take advantage of the benefits of containerization (such as portability, isolation, and efficiency).
each microservice is often packaged and deployed as a containerized workload
containerized microservices are a common combo
---
containers can also be used in monolithic architecture
54
monolithic vs microservice architecture
monolithic = app built in single, unified unit. all components of the app are tightly coupled and run together in one code base
microservices = application split into small, independent services which perform specific function, communicates with other services over APIs/message queries
55
meaning of instance type
hardware configuration (CPU, memory, storage, and networking capabilities) of an EC2 instance
optimized for dif instances -- ie. memory-optimized, acclerated computer. ex. p5.48xlarge = used for machine learning workloads
56
tenancy
Tenancy determines whether your EC2 instance runs on shared physical hardware (default) or on dedicated hardware (for more isolation).
57
meaning of the platform of a EC2 instance
operating system (windows, linux, mac)
58
reliable vs resilient in AWS services
reliable = service consistently runs without issues/failure over time
resilient = ability to recover from failures and continue functioning w minimum disruption (think normal definition of resilience in humans)
59
service examples of reliable vs resilient: Amazon S3 and EC2 with auto scaling
S3 = reliable for storing/retrieving data without loss
EC2 = resilient because it can launch new instances automatically to replace any that fail, maintaining service availability
60
what does AWS WAF do?
web application firewall
allows you to create custom rules to filter and monitor incoming web traffic, helping to block malicious requests before they reach your application
protect against security attacks
61
common types of security attacks
SQL injection, cross-site scripting (XSS), and DDoS attacks
62
SQL injection vs XSS vs DDoS
SQL Injection (SQLi):
An attack where malicious SQL code is inserted into an input field (e.g., a login form) to access or manipulate a database.
Cross site scripting XSS
An attack where attackers inject malicious scripts (usually JavaScript) into web pages to steal cookies, session tokens, or perform actions on behalf of users
DDoS (Distributed Denial of Service):
An attack that floods a server or network with massive amounts of traffic from multiple sources, overwhelming the system and making it unavailable.
63
AWS ElastiCache
fully managed in-memory data store service that helps improve the performance of your applications by caching frequently accessed data
related: Redis, Memcached
64
Amazon Aurora
fully managed relational database service provided by AWS, designed for high performance and availability. It is compatible with MySQL and PostgreSQL, making it easier to migrate from those databases to Aurorsca
benefits: autoscaling, availability and fault tolerance (split across AZs), performance (2-5x increase from MySQL and PostgreSQL)
65
AWS trusted advisor
Provides insights and recommendations on how to improve your infrastructure's efficiency, security, and cost-effectiveness
66
AWS OpsWorks
managed service to manage configuration and deployment of apps and infrastructure
including configuration, patching, deployment, scaling
67
AWS Config
68
AWS x-ray
service that helps analyze and debug distributed applications by tracking requests, identifying performance issues, errors, and bottlenecks across microservices. It provides insights into how applications perform and visualizes request flows for troubleshooting.
69
operational excellence of the AWS well-architected framework
focuses on monitoring, automating, and improving processes to ensure systems run smoothly. It includes monitoring system health, incident management, automation of tasks, and continuous improvement.
MAPI
70
CloudTrail
71
purpose of encryption
protect data by encrypting it with a key-ensures that sensitive data is unreadable without the appropriate decryption keys.
protecting data at rest or in transit
typically using AWS KMS (key management service)
71
CloudEndure Migration
72
AWS VPN (virtual private network)
encrypted connectivity between your on-premises infrastructure and your VPC
73
VPC
virtualized, isolated environment for your AWS resources. enables network segmentation
allows you to launch resources (like EC2 instances, DBs, within isolated environment)
74
Amazon EMR
ElasticMap Reduce - cloud-native big data platform, allows you to process large amts of data quickly/cost-effectively
handle big data analytics, processing, and storage.
75
Amazon MQ
managed message broker service for setting up/managing message queues
76
AWS X-Ray
focused on tracing application performance
helps with debugging and analyzing distributed applications. It provides insights into the performance of your applications, such as tracing requests as they travel through various services
77
AWS config
tracks configuration changes of AWS resources.
78
hypervisor
software layer allowing a physical computer to run multiple VMs by dividing the physical resources, and isolating each from another
79
What different trusted advisor services are included in dif support plans?
Basic only gives you access to the 7 core trusted advisor checks
Dev/Business/Ent On-Ramp + Ent gives you access to All Trusted Advisor checks
80
What support tier is AMS (AWS Managed services) included in?
What does AMS entail?
Included in business + ent (not basic or dev)
AMS augments existing team, includes a designated cloud service delivery manager, cloud architect, access to AMS security team
81
what support tier includes TAMs?
Enterprise on ramp includes a pool of TAMs
Enterprise includes designated TAMs
82
what support tier include Support API?
business, enterprise on-ramp, enterprise
83
7 Core Trusted Advisor Checks
S3 Bucket Permissions
Security Groups – Specific Ports Unrestricted
IAM Use
MFA on Root Account
EBS Public Snapshots
RDS Public Snapshots
Service Limits
84
What support tier do you get 24/7 phone, email and chat support?
Business and above (not basic and dev)
85
Trusted Advisor check categories
CoOePRSS
Cost optimization
Operational Excellence
Performance
Resilience/Fault tolerance
Security
service limit
86
recommendations on performance increases
optimizing configurations or scaling properly.
87
recommendations on fault tolerance
ensure can handle failures, look @ backups or multi-region
88
recommendations for security
open ports (network ports open to the internet), unused credentials, weak permissions
89
benefits of ASG
properly distributes traffic to ensure efficient use of resources and maximize performance
90
EBS volumes
block-level storage for EC2 instances
91
AWS inspector
automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure
focused on vulnerability management + compliance
think "I" for infrastructure
92
CloudWatch vs Health Dashboard vs Trusted Advisor vs Inspector
CloudWatch = real-time monitoring/auditing of all resources incl. historical logs
Health Dashboard = visual representation of current health of AWS resources
Trusted Advisor = recommendations/issue flagging across cost optimization, performance, resilience/fault tolerance, security, service limit
93
ways to achieve operational excellence in AWS
combines automation, monitoring, and performance optimization with a focus on reducing manual intervention and improving the overall customer experience
94
Route53
AWS's Domain Name System (DNS) service, which helps route internet traffic to the appropriate resources (e.g., web servers, applications) by translating domain names into IP addresses
direct user requests to the nearest CloudFront edge location
95
which AWS support tiers include architectural reviews/guidance?
only business on-ramp/business include tailored architectural reviews (one includes many vs 1 for on-ramp)
business = tailored to use cases only
dev grants you general, basic does none
96
AWS concierge / billing tiers
concierge = custom billing and account analysis
only for enterprise clients
97
AWS systems manager
powerful automation tool that allows you to automate tasks such as patching, software updates, and maintenance for EC2 instances
management and governance tool -- "manage nodes at scale on AWS and in multicloud / hybrid cloud environments"
98
Aws RDS
managed service that takes care of the heavy lifting of database administration tasks, including database patching, backups, replication (backups, multi-AZ deployments etc), and scaling
99
difference in customer/shared responsibility between RDS and running a database on EC2
in EC2, customer is responsible for entire system -- must handle security patching to OS and software
RDS is a managed service -- AWS handles the infra, including patching the database software
100
why would a commercial application best be run in one region, multiple AZs?
lowest latency by keeping in one region,
101
AWS Direct Connect
dedicated, private network connection from your on-premises data center or office to AWS. This connection bypasses the public internet
102
VPN
establishes a secure, encrypted connection over the internet between your on-premises network and your AWS Virtual Private Cloud (VPC). This is a site-to-site VPN that uses the public internet.
103
direct connect gateway
Extends Direct Connect to multiple VPCs (even across regions) through a single connection, simplifying large or multi-region deployments.
104
AWS lightsail
simpler/pre-configured compute resource for websites/apps/DBs with simple interface
105
use cases for S3 vs EBS
since s3 is optimized for web-scale access - can serve thousands/millions of objects, suitable for content delivery, backups, web apps (think full files)
ebs allows for random access, block-level storage, anytime need high performance and low latency -- like databases, storing operating system data
s3 = high scale, web accessible vs. ebs = high performance, low latency (scalability limited by ec2 instances)
106
AWS transit gateway
centralized network management (hub and spoke) simplifies connection between multiple VPC/VPNs/on premise networks. can include a Direct Connect gateway (private connection between onpremise network and VPC)
107
s3 infrequent access
infrequently accessed data that needs to be available quickly
think more medium-term access than standard s3, not as deep achived as glacier. i.e. think daily or weekly backups, archived data for active projects
108
s3 glacier
s3 glacier deep archive
ideal for archival storage and long term retention of data that is rarely accessed. slow retrieval times
i.e. compliance records, long term backups, media archiving
s3 glacier deep archive would be for even rarer access
109
AWS cloudformation
infrastructure-as-code service for defining and provisioning AWS resources
110
111
AWS batch
112
aws snowball
physical data transport solution to transfer large amts of data to AWS via device ("Snowball") // can be used for data migration, backup
113
IAM keys
An Access Key ID and Secret Access Key pair, which act like a username and password for accessing AWS services
114
fault tolerance vs availability vs reliability
fault tolerance - failover, ability to stay up and running if one component fails, designed with redundancy (backups). can handle failures without disruption in performance
availability - uptime. how often is actually up and running
reliability - refers to the consistency: availability and performance over time
115
redundancy vs failover
redundancy = actually having the backups
failover = process of switching over to those backups if resources fail (relies on redundant systems being in place)
116
how are EC2 instances billed?
to the second for usage
117
how does AWS shield work?
detects malicious activity of DDoS closer to the source at edge location to prevent it from reaching the sourceF
118
ElastiCache
in-memory data base, caches frequently access data in-memory to improve performance
data stored temporarily in RAM (memory), lost when instance is terminated unless there are backups (snapshots) taken
119
cloudfront/route 53/CDN
route 53 routes traffic to the right edge location, which is then distributed via CloudFront (which is a CDN)
CDN is a broader term for content delivery technologies from various providers.
CDN/CloudFront improve content delivery by caching data at edge locations closer to users
120
database vs datawarehouse
database best for storing/managing/retrieving data on apps (real-time transactional data). fast read/write
data warehouse best for large historical datasets, and analytics/reporting (BI)
121
ETL
extract transform load
moving data from one system to another, typically for data integration or moving data into a data warehouse
122
Node (general meaning and in dif contexts)
node is an individual unit in compute/storage
-an individual EC2 instance
-in redshift: units of query processing or storage depending on if it's a compute or leader node. specific resources designed for data warehousing/analytics
-storage: unit of storage data (either physical disk or cloud storage) that holds and manages data in a networked environment
-edge: device at edge of network processing data locally
can have dif meanings in kubernetes, storage, blockchain, network, edge, storage
123
parking lot analogy of VPC/networking
VPC = fence/border of parking lot, separates your resources from outside world
internet gateway = exit/entrance. traffic coming in/out from outside world (internet)
subnet = left and right side of parking lot. logically separated areas (normally have different uses.. i.e. one public, one private)
124
private vs public subnet
private - databases so extra layer of security protecting from outside world
public - servers that would host public-facing webpages, internet accessible
125
when setting up EC2 instance, what is the network, subnet, region, etc
region = geographical zone
AZ = datacenters within region
when setting up an ec2 instance, network = VPC. each VPC spans 2 AZs
each subnet is one VPC
126
network
broad term for system of connected devices - includes subnets, private networks, network protocols
126
NAT Gateway, Internet Gateway
Internet gateway: makes your resources in public subnet available to internet
NAT gateway: you connect your private subnet to public subnet so it can then access internet via internet gateway (can get OUT but not get in) -- think Nat/I, we can expand our network (friend circle) out, but won't let others in
126
126
CIDR block
range of IP addresses within a VPC
127
networks ACLs
access control lists
firewall that controls traffic in/out of a subnet. rules for allow or deny based on IP addresses
attached at subnet level. remember: subnets are groups within VPCs, multiple EC2 instances are in each subnet so NACL rules apply to ALL those EC2 instances within a given subnet
128
firewall
like a security guard for your computer/network, protects from unwanted access by checking what comes in and out
129
Border Patrol/Customs vs. Doorman analogy
NACL: border patrol -- controls access in AND out for the greater region (country / subnet)
Sec Group: doorman -- controls access IN only for a smaller region (specific EC2 instance / apt building)
130
security group
firewall that controls access into a EC2 instance, rules for IP addresses or other security group
131
Cost explorer vs. cost and usage reports vs budgets
Cost Explorer = dynamic visualization (think chase spending dashboard), can filter by service/region/etc and see historical
budgets = can set thresholds, get alerts/alarms when approaching
CUR = detailed CSV breakdown (like full CC statement) that can then be analyzed further in BI tools
132
SQS
message queue service for decoupling application components -- stores messages for later processing (often for async workflows), i.e. in an EC2 instance or lambda function
133
AWS Service Health Dashboard
Provides a public view of the status of AWS services across all regions, it is not personalized for your account
134
AWS infrastructure event management
now called countdown -- provides playbooks and recommendations for big initiatives in cloud
"Optimize your business-critical events, product launches, migrations, and modernizations on AWS"
135
personal health dashboard
real time alerts about events specifically impacting your AWS instance
136
Macie
discovers and classifies sensitive data (like PII) -- primarily focused on S3
(think macie manion listening to gong calls to redact PII) - S for storage
137
AWS site to site VPN
connects on prem resources infra (customer gateway) to AWS (via virtual private gateway)
138
AWS client VPN
fully cloud based VPN where users connect to AWS resources via their device
139
which storage can host hierarchical file systems?
Elastic Block Store or EFS
*not S3
140
elasticity vs scalability
scalability = customer's ability to deploy applications that scale up and down the meet variable demand
elasticity= scalability automated
141
transit gateway
142
AWS GuardDuty
focuses on real time threat detection + identifying suspicious activities within AWS CloudTrail, VPC Flow Logs, DNS logs
i.e. unauthorized access, malicious activity
