AWS Basics and Services Flashcards
Understanding AWS basics and Web Services provided by Amazon over cloud
SysOps Admin
AWS SysOps administrator is responsible for deploying, Monitoring, Optimizing, Fortifying and Securing AWS systems.
Reference Architecture
A Front end Web server layer, An application middle layer, A database layer
Front end web layer
Also called as Web tier, is the front end to the application. It accepts the request from the user and passes that request to the Application tier.
Application middle layer
Also called as Application tier or middleware tier, where the internal business logic resides. It responds to web tier and communicates directly with the database tier.
Database layer
Also called as Database tier, where databases manage the state of the application. This tier can be accessed by Application tier . It process request from Application tier and provides response back to Application tier.
Region
Region is separate geographic area, where you have particular AWS service(s) being hosted by AWS.
Availability Zones (AZ’s)
Inside every region, there will be two or more Availability Zones (AZ). Inside AZ’s, two or more physical datacenters reside. All AZ’s within a region are connected through low-latency network links. Similarly, all datacenters within AZ’s are connected through low-latency links
Hybrid cloud architecture
Integration of on premises with cloud resources
Virtual Private Cloud
It is a Virtual network dedicated to your AWS account.
Logically isolated from other networks in the AWS cloud
You can launch your AWS resources such as EC2 instances in your VPC.
Amazon Route 53
Highly Available and Scalable cloud Domain Name System (DNS) web service.
CloudFront and Edge locations
It is content delivery network (CDN) offered by AWS.
CDN - globally-distributed network of proxy servers which cache content, such as web videos or other bulky media, more locally to consumers, thus improving access speed for downloading the content.
CloudFront delivers your content through a worldwide network of data centres called Edge locations.
Services offered at Edge locations
AWS Lambda@Edge, CloudFront, Route53, Shield, WAF services are offered at Edge locations.
Internet Gateway
An VPC component that allows communication between instances in your PC and the Internet.
Horizontal scaling is possible.
High availability and redundant.
Subnet
Also called as Subnetwork.
Logical Sub-division of an Ip network.
Elastic Cloud Compute (EC2)
Provides secure resizable computing capacity in the cloud.
With EC2, you can create multiple instances, we call ‘instances’ as Virtual servers.
Horizontal Scaling and Vertical scaling is possible.
Horizontal Scaling (Scale Out)
Horizontal Scaling or Scaling out is nothing but adding same type of resources to the existing pool of resource based on the requirement.
For Example: If you add up new instances to existing set of instances to EC2 set up
Vertical Scaling (Scale in/Scale up)
Vertical Scaling is nothing but adding compute capacity (CPU, RAM) to existing resources in the environment.
For example: Adding RAM/CPU for existing EC2 instance.
Elastic Load Balancing (ELB)
It automatically distributes incoming application traffic to multiple registered targets such as EC2 instances.
It monitors health of registered targets and routes incoming traffic only to healthy targets.
Two types of ELB
- Application load balancers
- Classic load balancers
Autoscaling
Purpose of Autoscaling is to maintain Application high availability.
Allows you to scale your EC2 capacity up or down automatically according to conditions you define.
Relational Database Service (RDS)
A web service helps you to set up, operate and scale a relational database in the cloud.
Dynamo DB
A fully managed No-SQL DB service that provides fast and predictable performance with seamless scalability.
Elasticache
Web service used to deploy, operate,scale in memory datastore or cache in the cloud.
Caching is a technique to store frequently accessed information, html pages, images, and other static information in a temporary memory location on the server.
Amazon ElastiCache provides two caching engines, Memcached and Redis.
Simple Storage Service (S3)
A scalable, high speed, web based cloud storage service designed for online back up and archiving of data and applications on AWS.
Store the data in the form of objects. Each object is stored as a file with its metadata included and is given an ID number. Applications use this ID number to access objects.
Elastic Block Store (EBS)
EBS provides persistent block storage volumes for use with EC2 instances in the AWS cloud.
S3 vs EBS
In EBS, data is stored in the form of blocks, where as S3 stores data in the form of objects.
EBS is specifically meant for EC2. Whereas S3 is not limited to EC2.
EBS is not accessible until you mount the volume to one of the EC2 instances and also it is limited to a region, whereas S3 storage can be accessed from anywhere using HTTP clients like web browsers. (Note: S3 requires software to read and write data)
EBS has a limit of 20 volumes, accomodating 1TB per volume. S3 has Standard limit of 100 buckets, but the buckets have unlimited data capacity.
Security Groups
A virtual firewall, that controls the traffic for one or more instances.
Route table
Set of rules to determine how the datapackets travel over an IP network.
Elastic File System (EFS)
EFS provides file storage in AWS Cloud for EC2 instances.
EFS follows linux Filesystem hierarchy, where storage happens in the form of files and directories.
Amazon Glacier
A type of S3 service is used for storing infrequently used data or ‘cold’ data.
Primarily used for Archiving or for long term backups.
Available at extremely low cost.
Identity and Access Management
Helps you control access to different AWS resources available your users through Authentication (Who can use) and Authorization (what resources users can use in what ways)
Active Directory Connector
Helps to establish trusted relationships between your Active Directory and AWS
Web identity Fedration
AWS IAM supports identity federation for delegated access to AWS management console or AWS API’s.
With identity federation, external users are granted secure access to AWS resources in your account, without having to create IAM users.
CloudWatch
Monitoring service for AWS cloud resources and applications you run on AWS.
Using cloud watch, you can
- Collect and Track metrics
- Collect and monitor log files.
- Set alarms
- Automatically react to changes in your AWS resources.
CloudWatch logs
Logs are used to monitor, store and access your log files from EC2, Cloud trail and other sources.
VPC flow logs
A feature, helps you to capture ip traffic going to and from the network interfaces in your VPC.
Flow log data is stored using CloudWatch logs.
Inspector
An automated security assessment service that helps to improve security and compliance of applications deployed on AWS.
Inspector automatically assess applications for vulnerabilities or deviations from best practices.
S3 access logs
Helps you to track every requests that comes for access to your bucket.
Logs will have details of
1) Bucket name
2) Requester
3) Request time
4) Request action
5) Response status
6) Error code, if any
Cloudtrail
A service offered by AWS to record API calls made on your account and delivers log files to S3 bucket.
CloudFormation
Helps you to automate creation of AWS resources.
You define all the resources you want AWS to spin up in a blueprint document, click a button, and then AWS magically creates it all.:-)
Elastic Beanstalk
Elastic beanstalk(EB) reduces management complexity without restricting choice or control.
All we need to do is upload the application and EB itself handles the details of:
Capacity provisioning
Load balancing
Scaling
Application health monitoring
OpsWorks Stacks
AWS OpsWorks Stacks lets you manage applications and servers on AWS and on-premises.
With OpsWorks Stacks, you can model your application as a stack containing different layers, such as load balancing, database, and application server.
Serverless Computing
A cloud computing execution model.
Cloud provider dynamically manages the allocation of machine resources.
Bills are based on the actual amount of resources consumed by an application during its runtime, rather than billing based on pre-purchased units of capacity.
Lambda (FaaS)
A type of serverless computing works based on Functions called Function as a service.
You simply bring the code in the form of individual functions and your FaaS platform does the rest, regardless of whether you’re developing for web, mobile, or IoT.
Once your function is live, it can be called from your main application, an event-driven gateway API, or from within other functions that you create.
Lambda@edge
Allows you to write functions deployed to the AWS network of edge locations in response to CloudFront.
Key Management Services (KMS)
Help you to create and control the encryption keys used to encrypt your data from AWS resources.
S3 web hosting
Used to host static websites.
On a static website, individual web pages include static content. They may also contain client side scripts.
Do not support Server side scripting.
API
API - Application Programming Interface
APIs just allow two different applications to communicate with one another.
Example:
Weather application
Without API- Weather application must open weather.com site and read the details as human does.
With API- Weather application will send a message to weather.com and receives the result and then display it.
API Gateway
API Gateway acts as a “front door” for applications to access data, business logic, or functionality from your backend services.
API Gateway handles all the tasks involved in,
Accepting and processing API calls, including traffic management, authorization and access control, monitoring and API version management.
Simple Queue Service (SQS)
If you have incoming work requests, then you can queue them up if the existing EC2 instances are pre-occupied, rather than auto-scale up your EC2 resource.
This service works by a new message (in the form of a json file) being created by each incoming work request.
This json file get’s sent to the SQS service. We then configure all our ec2 instances to poll the sqs when they are idle, and process the next json file (if any) that is in the queue.
Simple Notification Service (SNS)
Amazon SNS is a web service that manages sending messages to the subscribing endpoint.
Subscribers/Subscribing end point can be web servers, email addresses, Amazon SQS queues and AWS Lambda functions.
Web application firewall (WAF)
A web service that gives you control over which traffic to allow or block to your web applications by defining customizing web security rules.
Simple Email Service (SES)
Used for sending automated emails, such as order confirmation, shipping notices, order status updates, policy changes, password resets and other messages that keep your customer informed.
Shield
A managed Distributed Denial of Service (DDoS) protection service, that safeguards web applications running on AWS.
