AWS Basics and Services

Question 1

SysOps Admin

Answer 1

AWS SysOps administrator is responsible for deploying, Monitoring, Optimizing, Fortifying and Securing AWS systems.

Question 2

Reference Architecture

Answer 2

A Front end Web server layer, An application middle layer, A database layer

Question 3

Front end web layer

Answer 3

Also called as Web tier, is the front end to the application. It accepts the request from the user and passes that request to the Application tier.

Question 4

Application middle layer

Answer 4

Also called as Application tier or middleware tier, where the internal business logic resides. It responds to web tier and communicates directly with the database tier.

Question 5

Database layer

Answer 5

Also called as Database tier, where databases manage the state of the application. This tier can be accessed by Application tier . It process request from Application tier and provides response back to Application tier.

Question 6

Region

Answer 6

Region is separate geographic area, where you have particular AWS service(s) being hosted by AWS.

Question 7

Availability Zones (AZ’s)

Answer 7

Inside every region, there will be two or more Availability Zones (AZ). Inside AZ’s, two or more physical datacenters reside. All AZ’s within a region are connected through low-latency network links. Similarly, all datacenters within AZ’s are connected through low-latency links

Question 8

Hybrid cloud architecture

Answer 8

Integration of on premises with cloud resources

Question 9

Virtual Private Cloud

Answer 9

It is a Virtual network dedicated to your AWS account.

Logically isolated from other networks in the AWS cloud

You can launch your AWS resources such as EC2 instances in your VPC.

Question 10

Amazon Route 53

Answer 10

Highly Available and Scalable cloud Domain Name System (DNS) web service.

Question 11

CloudFront and Edge locations

Answer 11

It is content delivery network (CDN) offered by AWS.

CDN - globally-distributed network of proxy servers which cache content, such as web videos or other bulky media, more locally to consumers, thus improving access speed for downloading the content.

CloudFront delivers your content through a worldwide network of data centres called Edge locations.

Question 12

Services offered at Edge locations

Answer 12

AWS Lambda@Edge, CloudFront, Route53, Shield, WAF services are offered at Edge locations.

Question 13

Internet Gateway

Answer 13

An VPC component that allows communication between instances in your PC and the Internet.

Horizontal scaling is possible.

High availability and redundant.

Question 14

Subnet

Answer 14

Also called as Subnetwork.

Logical Sub-division of an Ip network.

Question 15

Elastic Cloud Compute (EC2)

Answer 15

Provides secure resizable computing capacity in the cloud.

With EC2, you can create multiple instances, we call ‘instances’ as Virtual servers.

Horizontal Scaling and Vertical scaling is possible.

Question 16

Horizontal Scaling (Scale Out)

Answer 16

Horizontal Scaling or Scaling out is nothing but adding same type of resources to the existing pool of resource based on the requirement.

For Example: If you add up new instances to existing set of instances to EC2 set up

Question 17

Vertical Scaling (Scale in/Scale up)

Answer 17

Vertical Scaling is nothing but adding compute capacity (CPU, RAM) to existing resources in the environment.

For example: Adding RAM/CPU for existing EC2 instance.

Question 18

Elastic Load Balancing (ELB)

Answer 18

It automatically distributes incoming application traffic to multiple registered targets such as EC2 instances.

It monitors health of registered targets and routes incoming traffic only to healthy targets.

Two types of ELB

1. Application load balancers
2. Classic load balancers

Question 19

Autoscaling

Answer 19

Purpose of Autoscaling is to maintain Application high availability.

Allows you to scale your EC2 capacity up or down automatically according to conditions you define.

Question 20

Relational Database Service (RDS)

Answer 20

A web service helps you to set up, operate and scale a relational database in the cloud.

Question 21

Dynamo DB

Answer 21

A fully managed No-SQL DB service that provides fast and predictable performance with seamless scalability.

Question 22

Elasticache

Answer 22

Web service used to deploy, operate,scale in memory datastore or cache in the cloud.

Caching is a technique to store frequently accessed information, html pages, images, and other static information in a temporary memory location on the server.

Amazon ElastiCache provides two caching engines, Memcached and Redis.

Question 23

Simple Storage Service (S3)

Answer 23

A scalable, high speed, web based cloud storage service designed for online back up and archiving of data and applications on AWS.

Store the data in the form of objects. Each object is stored as a file with its metadata included and is given an ID number. Applications use this ID number to access objects.

Question 24

Elastic Block Store (EBS)

Answer 24

EBS provides persistent block storage volumes for use with EC2 instances in the AWS cloud.

Question 25

S3 vs EBS

Answer 25

In EBS, data is stored in the form of blocks, where as S3 stores data in the form of objects.

EBS is specifically meant for EC2. Whereas S3 is not limited to EC2.

EBS is not accessible until you mount the volume to one of the EC2 instances and also it is limited to a region, whereas S3 storage can be accessed from anywhere using HTTP clients like web browsers. (Note: S3 requires software to read and write data)

EBS has a limit of 20 volumes, accomodating 1TB per volume. S3 has Standard limit of 100 buckets, but the buckets have unlimited data capacity.

Question 26

Security Groups

Answer 26

A virtual firewall, that controls the traffic for one or more instances.

Question 27

Route table

Answer 27

Set of rules to determine how the datapackets travel over an IP network.

Question 28

Elastic File System (EFS)

Answer 28

EFS provides file storage in AWS Cloud for EC2 instances.

EFS follows linux Filesystem hierarchy, where storage happens in the form of files and directories.

Question 29

Amazon Glacier

Answer 29

A type of S3 service is used for storing infrequently used data or ‘cold’ data.

Primarily used for Archiving or for long term backups.

Available at extremely low cost.

Question 30

Identity and Access Management

Answer 30

Helps you control access to different AWS resources available your users through Authentication (Who can use) and Authorization (what resources users can use in what ways)

Question 31

Active Directory Connector

Answer 31

Helps to establish trusted relationships between your Active Directory and AWS

Question 32

Web identity Fedration

Answer 32

AWS IAM supports identity federation for delegated access to AWS management console or AWS API’s.

With identity federation, external users are granted secure access to AWS resources in your account, without having to create IAM users.

Question 33

CloudWatch

Answer 33

Monitoring service for AWS cloud resources and applications you run on AWS.

Using cloud watch, you can

1. Collect and Track metrics
2. Collect and monitor log files.
3. Set alarms
4. Automatically react to changes in your AWS resources.

Question 34

CloudWatch logs

Answer 34

Logs are used to monitor, store and access your log files from EC2, Cloud trail and other sources.

Question 35

VPC flow logs

Answer 35

A feature, helps you to capture ip traffic going to and from the network interfaces in your VPC.

Flow log data is stored using CloudWatch logs.

Question 36

Inspector

Answer 36

An automated security assessment service that helps to improve security and compliance of applications deployed on AWS.

Inspector automatically assess applications for vulnerabilities or deviations from best practices.

Question 37

S3 access logs

Answer 37

Helps you to track every requests that comes for access to your bucket.

Logs will have details of

1) Bucket name
2) Requester
3) Request time
4) Request action
5) Response status
6) Error code, if any

Question 38

Cloudtrail

Answer 38

A service offered by AWS to record API calls made on your account and delivers log files to S3 bucket.

Question 39

CloudFormation

Answer 39

Helps you to automate creation of AWS resources.

You define all the resources you want AWS to spin up in a blueprint document, click a button, and then AWS magically creates it all.:-)

Question 40

Elastic Beanstalk

Answer 40

Elastic beanstalk(EB) reduces management complexity without restricting choice or control.

All we need to do is upload the application and EB itself handles the details of:

Capacity provisioning

Load balancing

Scaling

Application health monitoring

Question 41

OpsWorks Stacks

Answer 41

AWS OpsWorks Stacks lets you manage applications and servers on AWS and on-premises.

With OpsWorks Stacks, you can model your application as a stack containing different layers, such as load balancing, database, and application server.

Question 42

Serverless Computing

Answer 42

A cloud computing execution model.

Cloud provider dynamically manages the allocation of machine resources.

Bills are based on the actual amount of resources consumed by an application during its runtime, rather than billing based on pre-purchased units of capacity.

Question 43

Lambda (FaaS)

Answer 43

A type of serverless computing works based on Functions called Function as a service.

You simply bring the code in the form of individual functions and your FaaS platform does the rest, regardless of whether you’re developing for web, mobile, or IoT.

Once your function is live, it can be called from your main application, an event-driven gateway API, or from within other functions that you create.

Question 44

Lambda@edge

Answer 44

Allows you to write functions deployed to the AWS network of edge locations in response to CloudFront.

Question 45

Key Management Services (KMS)

Answer 45

Help you to create and control the encryption keys used to encrypt your data from AWS resources.

Question 46

S3 web hosting

Answer 46

Used to host static websites.

On a static website, individual web pages include static content. They may also contain client side scripts.

Do not support Server side scripting.

Question 47

API

Answer 47

API - Application Programming Interface

APIs just allow two different applications to communicate with one another.

Example:

Weather application

Without API- Weather application must open weather.com site and read the details as human does.

With API- Weather application will send a message to weather.com and receives the result and then display it.

Question 48

API Gateway

Answer 48

API Gateway acts as a “front door” for applications to access data, business logic, or functionality from your backend services.

API Gateway handles all the tasks involved in,

Accepting and processing API calls, including traffic management, authorization and access control, monitoring and API version management.

Question 49

Simple Queue Service (SQS)

Answer 49

If you have incoming work requests, then you can queue them up if the existing EC2 instances are pre-occupied, rather than auto-scale up your EC2 resource.

This service works by a new message (in the form of a json file) being created by each incoming work request.

This json file get’s sent to the SQS service. We then configure all our ec2 instances to poll the sqs when they are idle, and process the next json file (if any) that is in the queue.

Question 50

Simple Notification Service (SNS)

Answer 50

Amazon SNS is a web service that manages sending messages to the subscribing endpoint.

Subscribers/Subscribing end point can be web servers, email addresses, Amazon SQS queues and AWS Lambda functions.

Question 51

Web application firewall (WAF)

Answer 51

A web service that gives you control over which traffic to allow or block to your web applications by defining customizing web security rules.

Question 52

Simple Email Service (SES)

Answer 52

Used for sending automated emails, such as order confirmation, shipping notices, order status updates, policy changes, password resets and other messages that keep your customer informed.

Question 53

Shield

Answer 53

A managed Distributed Denial of Service (DDoS) protection service, that safeguards web applications running on AWS.