aws fundamentals

Question 1

Global Resilience

Answer 1

IAM or Route 53. No way for them to go down. Data is replicated throughout multiple regions.

Question 2

Region Resilience

Answer 2

Operate as separate services in each region. Generally replicate data to multiple AZs in that region.

Question 3

AZ Resilience

Answer 3

Run from a single AZ. It is possible for hardware to fail in an AZ and the service to keep running because of redundant equipment, but should not be relied on.

Question 4

AWS Default VPC

Answer 4

VPC is a virtual network inside of AWS. A VPC is within 1 account and 1 region which makes it regionally resilient. A VPC is private and isolated until decided otherwise.

Question 5

EC2

Answer 5

Default compute service. Provides access to virtual machines called instances.

Question 6

EC2 pricing based on

Answer 6

CPU
Memory
Storage
Networking

Question 7

EC2 running state

Answer 7

Running on a physical host using CPU.
Using memory even with no processing.
OS and its data are stored on disk, which is allocated to you.
Networking is always ready to transfer information.

Question 8

EC2 stopped state

Answer 8

No CPU resources are being consumed
No memory is being used
Networking is not running
Storage is allocated to the instance for the OS together with any applications.

Question 9

Terminated state

Answer 9

No charges, deletes the disk and prevents all future charges.

Question 10

AMI (server image)

Answer 10

AMI can be used to create an instance or can be created from an instance. AMIs in one region are not available from other regions.

Question 11

S3

Answer 11

Global Storage platform. Runs from all regions and is a public service. Can be accessed anywhere from the internet with an unlimited amount of users.

Question 12

CloudWatch

Answer 12

Collects and manages operational data on your behalf.

Question 13

High Availability (HA)

Answer 13

Aims to ensure an agreed level of operational performance, usually uptime, for a higher than normal period
Instead of diagnosing the issue, if you have a process ready to replace it, it can be fixed quickly and probably in an automated way.

Question 14

Fault-Tolerance (FT)

Answer 14

System can continue operating properly in the event of the failure of some (one or more faults within) of its components
Fault tolerance is much more complicated than high availability and more expensive. Outages must be minimized and the system needs levels of redundancy.

Question 15

Disaster Recovery (DR)

Answer 15

Set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.
DR can largely be automated to eliminate the time for recovery and errors.

Question 16

Route53

Answer 16

Registers domains
Can host zone files on managed nameservers
This is a global service, no need to pick a region
Globally Resilience
Can operate with failure in one or more regions

Question 17

IAM Identity Policies

Answer 17

Identity Policies are attached to AWS Identities which are IAM users, IAM groups, and IAM roles. These are a set of security statements that ALLOW or DENY access to AWS resources

Question 18

IAM Users

Answer 18

Identity used for anything requiring long-term AWS access

Question 19

IAM Groups

Answer 19

Containers for users. You cannot login to IAM groups They have no credentials of their own. Used solely for management of IAM users.

Question 20

IAM Roles

Answer 20

A single thing that uses an identity is an IAM User; identities that are used by large groups of individuals.

Question 21

AWS Organizations

Answer 21

If you have more than 5 to 10 accounts, you would want to use an org.
Take a single AWS account standard AWS account and create an org. The standard AWS account then becomes the master account. The master account can invite other existing standard AWS accounts. They will need to approve their joining to the org.
When standard AWS accounts become part of the org, they become member accounts. Organizations can only have one master accounts and zero or more member accounts

Question 22

Service Control Policies

Answer 22

Can be used to restrict what member accounts in an org can do.

Question 23

CloudWatch Logs

Answer 23

This allows to store, monitor and access logging data

Question 24

CloudTrail Essentials

Answer 24

Concerned with who did what.