AWS Cloud Management Services

Question 1

Allows you to consolidate multiple AWS accounts into an organization that you create and centrally manage.

Answer 1

AWS Organizations

Question 2

AWS Organizations Feature sets

Answer 2

Consolidated Billing.

All features.

Question 3

AWS Organization Facts

Answer 3

Includes root accounts and organizational units.

Policies are applied to root accounts or OUs.

Question 4

Consolidated billing includes:

Answer 4

Paying Account – independent and cannot access resources of other accounts.

Linked Accounts – all linked accounts are independent.

Question 5

AWS Control Tower

Answer 5

Simplifies the process of creating multi-account environments.

Sets up governance, compliance, and security guardrails for you.

Integrates with other services and features to setup the environment for you including:

AWS Organizations, SCPs, OUs, AWS Config, AWS CloudTrail, Amazon S3, Amazon SNS, AWS CloudFormation, AWS Service Catalog, AWS Single Sign-On (SSO).

Question 6

Examples of guardrails AWS Control Tower can configure for you include:

Answer 6

Disallowing public write access to Amazon Simple Storage Service (Amazon S3) buckets.

Disallowing access as a root user without multi-factor authentication.

Enabling encryption for Amazon EBS volumes attached to Amazon EC2 instances.

Question 7

A fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and regulatory compliance.

You can discover existing and deleted AWS resources, determine your overall compliance against rules, and dive into configuration details of a resource at any point in time. AWS Config enables compliance auditing, security analysis, resource change tracking, and troubleshooting.

Answer 7

AWS Config

Question 8

Allows organizations to create and manage catalogs of IT services that are approved for use on AWS.

Answer 8

AWS Service Catalog

Question 9

AWS Service Catalog Features and Benefits

Answer 9

AWS Service Catalog allows you to centrally manage commonly deployed IT services.

IT services can include virtual machine images, servers, software, and databases and multi-tier application architectures.

Enables users to quickly deploy only the approved IT services they need.

Question 10

AWS Systems Manager

Answer 10

Manages many AWS resources including Amazon EC2, Amazon S3, Amazon RDS etc.

Systems Manager Components:

Automation.
Run Command.
Inventory.
Patch Manager.
Session Manager.
Parameter Store.

Question 11

Provides alerts and remediation guidance when AWS is experiencing events that may impact you.

Answer 11

AWS Personal Health Dashboard

Question 12

AWS Personal Health Dashboard Features and Benefits

Answer 12

Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.

The dashboard displays relevant and timely information to help you manage events in progress.

Also provides proactive notification to help you plan for scheduled activities.

Alerts are triggered by changes in the health of AWS resources, giving you event visibility, and guidance to help quickly diagnose and resolve issues.

You get a personalized view of the status of the AWS services that power your applications, enabling you to quickly see when AWS is experiencing issues that may impact you.

Also provides forward looking notifications, and you can set up alerts across multiple channels, including email and mobile notifications, so you receive timely and relevant information to help plan for scheduled changes that may affect you.

Alerts include remediation details and specific guidance to enable you to take immediate action to address AWS events impacting your resources.

Can integrate with Amazon CloudWatch Events, enabling you to build custom rules and select targets such as AWS Lambda functions to define automated remediation actions.

The AWS Health API allows you to integrate health data and notifications with your existing in-house or third-party IT Management tools.

Question 13

Service Health Dashboard

Answer 13

AWS publishes up-to-the-minute information on service availability.

This information is not personalized to you (unlike Personal Health Dashboard).

Question 14

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet.

Updates include patching, updating, backup, configuration, and compliance management.

Answer 14

AWS OpsWorks

Question 15

An online tool that provides you real time guidance to help you provision your resources following AWS best practices.

Answer 15

AWS Trusted Advisor

Question 16

AWS Trusted Advisor Features and Benefits

Answer 16

Trusted Advisor checks help optimize your AWS infrastructure, improve security and performance, reduce your overall costs, and monitor service limits.

AWS Basic Support and AWS Developer Support customers get access to 6 security checks (S3 Bucket Permissions, Security Groups – Specific Ports Unrestricted, IAM Use, MFA on Root Account, EBS Public Snapshots, RDS Public Snapshots) and 50 service limit checks.

AWS Business Support and AWS Enterprise Support customers get access to all 115 Trusted Advisor checks (14 cost optimization, 17 security, 24 fault tolerance, 10 performance, and 50 service limits) and recommendations.

Question 17

Provides a common language for you to describe and provision all the infrastructure resources in your cloud environment.

Answer 17

AWS CloudFormation

Question 18

AWS CloudFormation Features and Benefits

Answer 18

CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.

This file serves as the single source of truth for your cloud environment.

You can use JSON or YAML to describe what AWS resources you want to create and configure.