AWS Certified Cloud Practitioner Exam Flashcards
What is Amazon EC2
Amazon Elastic Compute Cloud - a type of virtual server
Flexible, reliable, scalable (but you have to use a specific server type)
Serverless – you cannot see or access the underlying infrastructure
Amazon EC2: you pay for only the compute time that you use while your instances are running. For some workloads, you can significantly reduce Amazon EC2 costs by using Spot Instances. For example, suppose that you are running a batch processing job that is able to withstand interruptions. Using a Spot Instance would provide you with up to 90% cost savings while still meeting the availability requirements of your workload.
You can find additional cost savings for Amazon EC2 by considering Savings Plans and Reserved Instances.
Benefits of EC2?
no upfront costs, flexibility in scale, and you don’t have to wait to get started
Hypervisor = responsible for managing resources between virtual machines
Multitenancy: sharing underlying hardware between virtual machines
Vertical scaling: making instance bigger with more memory/storage, etc.
CaaS: Compute as a service
Identify the different Amazon EC2 instance types.
Instance Types -> under an instance Family
Family:
General Purpose – balanced resourced
Compute Optimized – compute intensive, gaming servers, high performance compute, scientific modeling
Memory Optimized – memory intensive tasks - workload that requires large amounts of data to be preloaded before running an application
Accelerated Computing – floating point number calculations, graphics processing, data pattern matching, utilize hardware accelerators
Storage Optimized – high performance for locally stored data. Designed for workloads that require high, sequential read and write access to large datasets on local storage.
Differentiate between the various billing options for Amazon EC2.
On-demand – only pay for duration instance pays for
Savings plan – low prices for a commitment for 1 or 3 year term (72% potential savings over on-demand) – pick how much per hour you want to pay for, any above that is charged at on-demand pricing
Reserved instances – predictable usage and specify what instance type you need – 1 or 3 year team, full pay, partial or pay later (75% savings over on-demand)
Spot instances – spare AWS usage (90% off on-demand price) – AWS can claim instance at any time
Dedicated hosts – certain compliance requirements – you lease the entire host all by yourself – most expensive option
Summarize the benefits of Amazon EC2 Auto Scaling.
You don’t have to worry about scaling your assets to demand every hour/day/year, overpay for underutilization or underpay and not be able to service clients at peak times
AWS Service that provides scaling for Amazon EC2 instances is Amazon EC2 Auto Scaling
Dynamic scaling – responds to changing demand
Predictive scaling – automatically schedules the right number of Amazon EC2 instances based on predicted demand
What is scaling up vs scaling out?
Scaling up – add more power to machines that are already running
Scaling out – adding more instances
Summarize the benefits of Elastic Load Balancing.
Properly distribute traffic – high performance, cost-efficient, highly available, automatically scalable
Regional construct – instead of on the individual instances – this makes it highly available
ELB = single URL so you don’t have to manage many to many connections between ordering tier (front-end) and production tier (back end)
Summarize the differences between Amazon Simple Notification Service (Amazon SNS) and Amazon Simple Queue Service (Amazon SQS).
Messaging and queuing – an order buffer if the worker is still working on the previous request, this way the order is not lost
If components directly communicate with each other without a buffer, it’s called – tightly coupled architecture – this is also called a monolithic application
-if a single component fails, the entire system will fail or have issues
Loosely couple architecture – single failure won’t cause cascading failures – microservices approach
What is Amazon SQS
Simple Queue Service - send, store, receive messages between software components at any volume
Payload = data inside a message
What is a Amazon SQS queue
where messages are placed until they are processed
What is Amazon SNS
delivery service:
-publish/subscribe model (pub/sub)
-create a Amazon SNS topic = a channel for messages to be delivered
-add subscribers to the topic
-publish 1 message to a topic, and it will be sent out to all the subscribers
What is AWS Lambda?
– serverless – upload code into a lambda function, configure a trigger, service waits for trigger, function is then automatically run
–configured to run processes of < 15 minutes
–good for quick processing, or handling web requests, etc that are quick, less than 15 min to complete
AWS Lambda: you are charged based on the number of requests for your functions and the time that it takes for them to run. AWS Lambda allows 1 million free requests and up to 3.2 million seconds of compute time per month.
You can save on AWS Lambda costs by signing up for a Compute Savings Plan.
-Compute Savings Plan offers lower compute costs in exchange for committing to a consistent amount of usage over a 1-year or 3-year term. This is an example of paying less when you reserve.
What is AWS ECS?
AWS Elastic Container Service - not serverless – run containerized applications at scale
What is AWS EKS?
AWS Elastic Kubernetes Service - not serverless – similar to ECS, differing tooling/features
–both can run on EC2
–both are container orchestration tools
–container = a Docker container, a package for your code – similar to how VMs work
Cluster = a group of containers across many instances
–container orchestration – monitoring and managing containers
What is AWS Fargate
serverless compute service for ECS or EKS
Describe the basic concept of Availability Zones.
Regions are geographically isolated areas
Each AWS Region has multiple Availability Zones
Availability Zone (AZ) = AWS Data Center or groups of DCs
Best practice = run across at least 2 Availability Zones in a Region
Elastic Load Balancing = a region service = it runs across all Availability Zones in the region
Regionally scoped service = highly available since it spans all Availability Zones in the region
Summarize the benefits of the AWS Global Infrastructure.
Compliance – You can block off data where it lives, for compliance purposes – like leaving Germany business data only in GE
Proximity – be close to your customers – lower latency
Feature Availability – sometimes closest region does not have all features you want
Pricing – some regions are more expensive than others, like gov’t taxes, fees, labor, etc.
Describe the benefits of Amazon CloudFront and edge locations.
CDN = content delivery network:
Amazon Cloudfront = Amazon’s CDN
-a network that delivers content to users based on their geographic region (like Edge locations).
Edge locations = run Amazon Cloudfront to get content closer to your customers and also Amazon Route 53 (Domain Name Service)
An edge location is a site that Amazon CloudFront uses to store cached copies of your content closer to your customers for faster delivery.
What are AWS Outposts?
install a mini-region inside of your own data center
Aws owned and managed physical resources in your physically owned building
Compare different methods for provisioning AWS services.
In AWS, everything is an API
1. AWS management console: the admin dashboard where you control everything
2. AWS Command Line Interface (CLI): make API calls using the terminal on your machine
You can do everything via the CLI as you can do on the GUI of the AWS management console
3. AWS Software Development Kits (SDKs) – create AWS programs using various programming languages
What is AWS Elastic Beanstalk
-service that helps you provision EC2 instances – builds out your environment for you
-helps you focus on business application, not the infrastructure
-you provide code and configuration settings, and Elastic Beanstalk deploys the resources necessary to perform the following tasks:
Adjust capacity
Load balancing
Automatic scaling
Application health monitoring
What is AWS CloudFormation
Infrastructure as code tool used to define a wide variety of AWS resources
-use JSON or YAML text-based documents, called “cloud formation templates”
-helps define what you want, without having specify how you want it built
What is Amazon VPC?
Amazon Virtual Private Cloud - provision a logically isolated section of the AWS cloud where they can be public facing or private
Cashiers interact with Customers, so we put cashiers into a public subnet
Baristas need to focus on working, so put baristas in a private subnet
VPC = basically your own private network within AWS – you can define your IP range for your AWS resources
-you place EC2 instances and ELBs inside your VPC
Subnets are chunks of IP addresses in your VPC that allow you to group resources together
In order to make your VPC public facing, you must attach an Internet Gateway (kinda like a door) to your VPC
What is AWS Direct Connect
VPN and private route, direct fiber connection from your data center to AWS
What is a VPC?
Virtual private cloud - virtual private gateway only allows traffic if they are coming from an approved network, not public traffic
Virtual private gateways (create vpn connection between VPC and internal corporate network) and VPNs still use public traffic routes via the internet and are susceptible to slowdowns, etc.
Describe the difference between public and private networking resources.
Only reason to use subnets in a VPC (virtual private cloud) is to control access to the Internet Gateways (IGWs). Public subnets can access internet, private subnets cannot.
What is a Security Group
Each EC2 instance has Security Groups (like a doorman at a building – only checks entrants) – instance level security. All ports and everything incoming is automatically blocked by default. All traffic is allowed out.
What is a Network ACL?
Every packet that crosses the subnet boundaries gets checked by a Network Access Control List (like passport control - Can keep packets in, or out) - this checks if packet has permissions to enter/leave subnet based on who it was sent from and how it’s trying to communicate. Default of Network Access Control Lists = allow all incoming and outgoing packets
What is difference between Network ACL and Security Group?
Network ACL = Stateless – remembers nothing, checks every packet always
Security Group = Stateful – has a memory, if it has the packet in its memory, it will automatically allow it w/o checking list
Explain a VPG
A virtual private gateway is the VPN endpoint on the Amazon side of your Site-to-Site VPN connection that can be attached to a single VPC.
A virtual private gateway enables you to create a VPN connection between your VPC and a private network, such as your company’s data center. Although this connection is private and encrypted, it travels through the public internet, not through a dedicated connection.
An example of a VPG = the VPC (virtual private cloud), if using VPN, since it is the AWS end-point
What is Amazon Route 53
Domain Name Service
-Website names (www.amazon.com) into IP addresses (192.12.53.32.0)
Routing policies:
-Latency-based routing
-Geolocation DNS – direct traffic based on where the traffic is located (to the closest region, etc., for example)
-Geoproximity routing
-Weighted round robin
What is Amazon CloudFront
serves Edge location – CDN – Content delivery Network
What is a VPN connection and VPN tunnel?
VPN connection: A secure connection between your on-premises equipment and your VPCs.
VPN tunnel: An encrypted link where data can pass from the customer network to or from AWS.
What is AWS Direct Connect
VPN and private route, direct fiber connection from your data center to AWS
Describe the benefit of hybrid deployments
Allowing some traffic to access public – like public facing websites. But keeping sensitive data, like customer info, in a private subnet, to separate it and keep it hidden from public.
Describe the layers of security used in an IT strategy
Network hardening, application security, user identity, authentication and authorization, distributed denial of service prevention, data integrity, encryption
What are Instance Store Volumes
local storage on an AWS host – DO NOT SAVE IMPORTANT DATA TO DRIVES THAN COME WITH EC2
If you lose connection to your host, then you will lose your storage, because it’s likely that you will be sent to another host when your instance restarts.
What is Amazon EBS?
Amazon Elastic Block Store (EBS) – virtual hard drives, called EBS volumes
-block storage = files are broken down into blocks, and only the changes to blocks are saved, not the entire file/object
-not tied to the AWS host that your EC2 instance is running on
-define Size, Type and Configurations
-Volumes attach to EC2 instances – volumes DO NOT automatically scale to give more storage
-need to be in same Availability Zone to attach EC2 instances
Snapshots – incremental backups of your EBS data
What is Amazon S3?
Amazon Simple Storage Service = store and retrieve an unlimited amount of data
-data stored as objects, stored in “buckets”
File = object -> consists of data, metadata and a key
File directory = bucket
Max object size = 5 TB
You can version objects to protect against accidental deletion
You can set object level permissions and create multiple buckets
What are the storage classes of S3?
-Amazon S3 Standard = 11 “9’s” of durability = it has 99.999999999% durability, remain intact after 1 year
-Amazon Static Website Hosting = collection of html files and web assets, enter bucket’s URL and it’s live
-Amazon S3 Standard-Infrequent Access (S3 Standard-IA) = requires infrequent, but rapid access – long term storage, like backups
-Amazon S3 Glacial Flexible Retrieval = this is good for audit files – infrequent and don’t need rapid access – few minutes to few hours. You can create vaults and lock the vaults. You can use WORM (write once/read many) to lock vault from future edits
-Amazon S3 Glacier Deep Archive - objects that are stored can be retrieved within 12 hours.
Amazon S3 Lifecycle Management = Move data automatically between tiers.
-keep in Standard for 30 days, then move to Standard-IA for 60 days, then move to Glacial Flexible retrieval for 1 year, and delete
Explain Block vs Object storage
Block storage = breaks down files into blocks, and only re-uploads/saves the blocks that changed, not the entire object
-good for video editing or micro-edits to large files
Object storage = treats any file as a complete and discreet object. Any time there is a change to the object, the entire object must be re-uploaded/saved. There are no delta updates for objects.
-good for complete objects or only occasional changes to objects
Explain benefits of Amazon EBS vs Amazon S3
Amazon Elastic Block Storage:
-good for micro-edits to large files, since only the blocks changed will be updated and not the entire object/file
-good for complex read-write-change functions
Amazon Simple Storage Service:
-web enabled, every object has its own url and can have permissions on it, regionally distributed (more durable), no need for backup strategies, cost savings vs EBS, serverless – no need for EC2 instances
-good for complete objects or only occasional changes
What is Amazon EFS?
Amazon Elastic File System (Amazon EFS)
-Compared to block storage and object storage, file storage is ideal for use cases in which a large number of services and resources need to access the same data at the same time.
-is a scalable file system used with AWS Cloud services and on-premises resources. As you add and remove files, Amazon EFS grows and shrinks automatically. It can scale on demand to petabytes without disrupting applications.
-managed file system
-multiple instances can access the data in EFS at the same time
-multiple instances reading and writing simultaneously
-linux file system
-Regional resource
-automatically scales, unlike EBS
What DB types does AWS support?
-MySQL
-PostgreSQL
-Oracle
-Microsoft SQL Server
-MariaDB
-Amazon Aurora
What is Amazon RDS?
Amazon Relational Database Service (Amazon RDS) automatically manages (managed service):
-Automated patching
-Backups
-Redundancy
-Failover
-Disaster recovery
What is Amazon Aurora?
Amazon Aurora: most auto-managed RDS solution
-comes in MySQL (5 times faster) or PostgreSQL (3 times faster)
-1/10 the cost of commercial databases
-data replication
-up to 15 read replicas
-continuous backup to Amazon S3
-Point in time backups
-It replicates six copies of your data across three Availability Zones and continuously backs up your data to Amazon S3.
What is Amazon DynamoDB?
Amazon DynamoDB (serverless database and non-relational database):
-create tables, create items in a table
-items (elements) and attributes (describes items)
-replicated across availability zones
-it doesn’t use SQL to query since it’s non-relational
-run queries on “keys” like from a dictionary datatype
-millisecond response time
-fully managed
-highly scalable
