aws fundamentals Flashcards
Global Resilience
IAM or Route 53. No way for them to go down. Data is replicated throughout multiple regions.
Region Resilience
Operate as separate services in each region. Generally replicate data to multiple AZs in that region.
AZ Resilience
Run from a single AZ. It is possible for hardware to fail in an AZ and the service to keep running because of redundant equipment, but should not be relied on.
AWS Default VPC
VPC is a virtual network inside of AWS. A VPC is within 1 account and 1 region which makes it regionally resilient. A VPC is private and isolated until decided otherwise.
EC2
Default compute service. Provides access to virtual machines called instances.
EC2 pricing based on
CPU
Memory
Storage
Networking
EC2 running state
Running on a physical host using CPU.
Using memory even with no processing.
OS and its data are stored on disk, which is allocated to you.
Networking is always ready to transfer information.
EC2 stopped state
No CPU resources are being consumed
No memory is being used
Networking is not running
Storage is allocated to the instance for the OS together with any applications.
Terminated state
No charges, deletes the disk and prevents all future charges.
AMI (server image)
AMI can be used to create an instance or can be created from an instance. AMIs in one region are not available from other regions.
S3
Global Storage platform. Runs from all regions and is a public service. Can be accessed anywhere from the internet with an unlimited amount of users.
CloudWatch
Collects and manages operational data on your behalf.
High Availability (HA)
Aims to ensure an agreed level of operational performance, usually uptime, for a higher than normal period
Instead of diagnosing the issue, if you have a process ready to replace it, it can be fixed quickly and probably in an automated way.
Fault-Tolerance (FT)
System can continue operating properly in the event of the failure of some (one or more faults within) of its components
Fault tolerance is much more complicated than high availability and more expensive. Outages must be minimized and the system needs levels of redundancy.
Disaster Recovery (DR)
Set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.
DR can largely be automated to eliminate the time for recovery and errors.
Route53
Registers domains
Can host zone files on managed nameservers
This is a global service, no need to pick a region
Globally Resilience
Can operate with failure in one or more regions
IAM Identity Policies
Identity Policies are attached to AWS Identities which are IAM users, IAM groups, and IAM roles. These are a set of security statements that ALLOW or DENY access to AWS resources
IAM Users
Identity used for anything requiring long-term AWS access
IAM Groups
Containers for users. You cannot login to IAM groups They have no credentials of their own. Used solely for management of IAM users.
IAM Roles
A single thing that uses an identity is an IAM User; identities that are used by large groups of individuals.
AWS Organizations
If you have more than 5 to 10 accounts, you would want to use an org.
Take a single AWS account standard AWS account and create an org. The standard AWS account then becomes the master account. The master account can invite other existing standard AWS accounts. They will need to approve their joining to the org.
When standard AWS accounts become part of the org, they become member accounts. Organizations can only have one master accounts and zero or more member accounts
Service Control Policies
Can be used to restrict what member accounts in an org can do.
CloudWatch Logs
This allows to store, monitor and access logging data
CloudTrail Essentials
Concerned with who did what.
