AWS Certified Developer Official Study Guide (Percipio PDF) Flashcards

1
Q

Access key

A

A type of security credential that is associated with an identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Providing Access best practice.

A
  1. Do not use root user to generate access key.
  2. Instead, create IAM user and generate access key from this user.
  3. To provide admin access, add that user to a group that provides admin permissions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IAM user.

A
  1. Can be assigned long-term security credentials.
  2. Create an IAM user when you have a new team member or application that needs to make AWS API calls.
  3. Manage API permission of the user by associating permissions policies with the user or adding the user to a group that has permissions policies associated with it.
  4. Can assign IAM user AWS Management Console Access (username / password) and / or Programmatic Access (Access Key ID / Secret Access Key).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IAM Access

A
  1. IAM users prompted to sign in with either: a) Account ID or b) alias
  2. IAM user names only need to be unique within user account
  3. If MFA (Multi-factor authentication) is enabled, they will need their MFA code to sign in.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AWS Infrastructure services

A
  1. Compute
  2. Storage
  3. Networking
  4. Databases
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AWS Platform capabilities

A
  1. Mobile services
  2. Analytics
  3. Machine Learning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

API

A
  1. Application Programming Interface - allows you to managed all of your resources programmatically.
  2. Ex: Can provision virtual servers on demand in minutes and pay for compute capacity used. Likewise you can de-provision servers by making single API call for resources you no longer need.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AWS Management Console

A
  1. Web interface where you can create, configure, and monitor AWS resources in your account.
  2. Available for iOS and Android.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How to manage your AWS resources.

A
  1. AWS Management Console
  2. AWS CLI
  3. SDKs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SDK languages

A
  1. Java
  2. .NET
  3. JavaScript
  4. PHP
  5. PHP
  6. Python
  7. Ruby
  8. Go
  9. C++
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AWS Specialty SDKs

A
  1. Ex: AWS Mobile SDK

2. AWS Internet of Things (IoT) Device SDK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Amazon Python SDK

A
  1. Called Boto
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

CLI - Install boto3

A

pip install boto3 –upgrade -user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AWS CLI

A
  1. Command Line Interface - allows you to perform similar actions as SDKs but in an interactive environment
  2. Good environment for experimenting w/ AWS features.
  3. If CLI and SDKs are on same server they can share configuration settings
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Other specialty command line tools

A
  1. PowerShell
  2. Elastic Beanstalk
  3. AWS SAM local
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

*Know how to manage AWS resources.

A
  1. AWS SDK, AWS CLI, and AWS Management Console. All manage resources within account.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

*Know importance of AWS Regions

A
  1. Be able to identify the impact of AWS Region Selection on your application code. Such as the relationship between region selection and user latency.
  2. Recognize how region selection impacts API calls and API endpoints.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

*Know about IAM users and IAM roles

A
  1. Know when it is appropriate to use IAM users or IAM roles for a given application that needs to make AWS API calls.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

*Know how to recognize valid IAM policies.

A
  1. Identify valid IAM policies and predict the effects of policy statements.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

AWS region

A
  1. Each AWS Region is located in a separate geographic area and maintains its own, isolated copies of AWS Services.
  2. For many AWS services you are required to select a specific region to process API requests and in which to provision your resources.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

AWS regions are highly available

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Availablity Zones

A
  1. Each AWS Region contains multiple data centers grouped together into Availabilty Zones.
  2. This allows AWS to provide highly available services in a way that differentiates them from traditional architectures with single or multiple data centers.
  3. AZ operate independently and are physically separated.
  4. Connected via low-latency, high throughput redundant networking.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Latency

A
  1. Delay between user’s action and a web application’s response to that action.
24
Q

Throughput

A
  1. Rate of production or the rate at which something is processed.
  2. Ex: In communication = Rate of successful message delivery
25
Q

AWS Cloud
AWS Region
AWS AvailabilityZone

A

In descending order of more specific

26
Q

How to improve resilience of application?

A
  1. AWS customers can deploy a copy of each application to a 2nd Availablity Zone within the same region.
  2. This allows the application to remain available to customers even if entire data center is disrupted.
  3. Many AWS services automatically replicate data across multiple Availability Zones within an AWS Region to provide high availablity and durability of data.
27
Q

Amazon S3

A
  1. Amazon Simple Storage Service
  2. An example of an AWS service that replicates data across Availablity Zones within a region.
  3. Enables you to upload files and store those files as objects within a bucket.
  4. By default, S3 automatically replicates objects across a minimum of 3 Availablity Zones within the region hosting the bucket. (Designed to protect data against the loss of one entire Availablity Zone)
28
Q

Regional API Endpoints

A
  1. Many AWS services expose regional API endpoints.
  2. When making web service calls to regional endpoints, the region can typically be identified in the URL you invoke.
  3. API calls to a regional endpoint usually only affect the resources within the specific AWS Region that corresponds to that endpoint.
29
Q

URL order

A
  1. Ex:
    polly.us-west-2.amazonaws.com/v1/speech
    polly = service
    us-west-2 = region
    /v1/speech = API action
30
Q

CLI Upload polly lexicon to a specific region

A

aws polly put-lexicon – name awsLexicon –content file: //aws-lexicon.xml –region us-west-2

  1. After this Lexicon has been uploaded you can use it
  2. Will only run in this region
  3. Lexicon must be uploaded to each region where it will be used.
  4. AWS does not automatically copy your data for these services to other regions without explicit action.
31
Q

us-east-1

A

US East (N.Virginia)

32
Q

us-west-2

A

US West (Oregon)

33
Q

eu-central-1

A

EU (Frankfurt)

34
Q

eu-west-2

A

EU (London)

35
Q

eu-west-3

A

EU (Paris)

36
Q

ap-northeast-1

A

Asia Pacific (Tokyo)

37
Q

ap-south-1

A

Asia Pacific (Mumbai)

38
Q

ap-southeast-1

A

Asia Pacific (Singapore)

39
Q

Some AWS Services are not limited to a single region.

A
  1. Ex: IAM
  2. When you interact with these, the upper right hand side shows “Global”
  3. API endpoint for IAM is the same regardless of region
40
Q

IAM availablity

A
  1. Since it’s not region-dependent, having IAM resources available in multiple regions is a useful strategy.
  2. IAM provides a way to create API credentials (which means you can have the same set of API credentials regardless of region)
41
Q

*Know the naming conventions for regions

A
us-east-1
us-west-2
eu-central-1
eu-west-2
eu-west-3
ap-northeast-1
ap-south-1
ap-southeast1
42
Q

Things to consider when choosing a region

A
  1. Availablity of services required by your application (each region exposes own AWS Cloud endpoints, not all services are available in all regions)
  2. Latency (Choose a region closer to application users, on-premise servers or other workloads), this allows you to decrease latency of calls
  3. Price (prices are set per region, consider cost when service availability and latency are similar)
  4. Data Residency (choose a region that allows your stay compliant with regulatory or contractual requirements to store data within a specific geographic region)
  5. Business continuity (Choose a pair of regions based on any specific requirements regarding data replication for disaster recovery. Ex: distance of second location from primary AWS region)
43
Q

IAM

A

AWS Identity and Access Management.

  1. Where you create an identity in AWS. (An access key is a type of security credential that is associated with an identity.)
  2. IAM manages authentication and authorization for people or applications.
  3. IAM provides users, groups and roles as identities that you can manage.
  4. IAM authenticates security credentials used to sign an API call to verify request is coming from a known identity.
  5. Then IAM authorizes the request by evaluating the policies associated with the identity and resources affected by the request.
44
Q

*Know when you first log in with email address and password.

A
  1. You are authenticating as the root user for your account.
  2. Few AWS operations require a root user permission.
  3. To protect your account, do not generate an access key based on your root user.
  4. Instead, create an IAM user to generate an access key for that user.
  5. To provide administrator access, add that user to a group that provides administrator privileges.
45
Q

Users

A
  1. IAM users can be assigned long-term security credentials.
  2. Manage the API permissions of the user by associating the permissions policies with the user or adding the user to a group that has permissions policies associated with it.
46
Q

User Access

A
  1. After you create an IAM user, you can assign credentials to allow AWS Management access, programmatic access or both
47
Q

AWS Management Access vs Programmatic Access

A
  1. AWS Management Console Access: User Name + Password

2. Programmatic Access: Access Key ID + Secret Access Key

48
Q

AWS Management Console Access

A
  1. Sign in to the console with IAM user name and password.
  2. Users will be prompted with either account ID or alias, therefore, IAM usernames only need to be unique within your account
49
Q

*Know how to simplify sign-in in Management Console.

A
  1. Use the special sign-in link in the IAM dashboard that prefills the account field in the console sign-in form.
50
Q

Programmatic Access

A
  1. For programmatic access, create an access key for the IAM user.
  2. An AWS access key is composed of 2 distinct parts: Access key ID and secret access key.
51
Q

Ex: When you don’t want to create and manage new sets of long-term credentials for team members

A
  1. In a large company with many employees.
  2. You can use corporate identity store instead of creating new identities and credentials for each team member.
  3. Alternatively, can delegate permissions to an AWS service to perform actions on your behalf
  4. Ex: Common example- when application code is running on an AWS compute service, like EC2 that needs permissions to make AWS Calls, AWS recommends allowing EC2 to manage credentials for each instance.
    * In both these examples, instead of creating a new IAM user, create an IAM role to assign permissions. IAM roles can be assumed for short-term sessions.
52
Q

How to control access to an IAM role

A
  1. define a TRUST POLICY that specifies which PRINCIPALS can assume a role.
  2. Potential principals include AWS services and also users who have authenticated using identity federation.
  3. Principals can also include users who authenticate with web identity federation, IAM users, IAM groups, or IAM roles from OTHER accounts.
53
Q

Instance

A
  1. Provisioned computing environment.
  2. EC2 enables you to provision these environments
  3. Can select hardware, in control of OS and any software that runs on the instance.
54
Q

EC2 instance

A
  1. Runs on a host machine within a specific Availablity Zone.
  2. Instances present an virtualized interface to machine resources to the OS.
  3. This virtualization enables multiple, different guest environments to share the same underlying host machine.
55
Q

Bare-metal access

A
  1. Provides your applications with direct access to the processor and memory resources of the underlying server.
  2. Some EC2 instances offer this service.
56
Q

Instance type - list all

A
  1. General Purpose - balance mix of CPU, RAM and other resources.
  2. Compute Optimized - high amount of CPU (high performing web servers, scientific modeling, video encoding).
  3. Memory optimized - large amount of RAM (in memory DBs, and distrubted web scale in-memory caches)
  4. Storage Optimized - large amount of storage and input/output (I/O) throughput (datawarehousing, analytics, and big data distributed computing)
  5. Accelerated Computing - Dedicated graphics processing unit (GPU) or Field Programmable Gate Array (FPGA) resources (3D rendering, deep learning, genomics resource, real time video processing)
57
Q

Amazon EBS

A
  1. Amazon Elastic Block Store - persistent storage service
  2. Provides block storage devices for Amazon EC2 instances.
  3. Certain instance types enable you to mount volumes based on an instance store (temporary storage local to the host machine)
  4. Can be encrypted
  5. EBS suitable for installing OS and applications for data you want to store persistently