AWS Fundamentals Flashcards
AWS Public Service
Accessed using public endpoints
AWS Private Service
runs within a VPC only things in the VPC or what is connected to the VPC can access the service
AWS Regions Capabilities
full compute , storage Data base , AI and Analytics
Aws Edge Location
local distribution point storing data is main use
mainly for fast data transfer closer= faster
AWS Region
- geographic separation - isolated fault domain
- Geopolitical separation - Different governance
- Location control - Performance
- services can be placed in multiple availability zones to make them resilient
Globally Resilient
service operates globally it’s one single product and it’s data is replicated across multiple regions(IAM & Route53)
Region Resilient
operates in a single region with one set of data per region. replicates data in multiple AZs in that region
AZ resilient
services that are run in a single availability zone prodded to failure if there are problems in that AZ
How many Default VPC can you have per region?
one per region - can be removed and re-created
Default VPC CIDR for AWS
default VPC CIDR is always 172.31.0.0/16
How is the network default VPC divided between the regions?
/20 subnet in each AZ in the region
subnet assign public IPv4 addresses
How is traffic control in the Default VPC?
- Internet Gateway(IGW), security group(SG) and NACL
- subnet assign public IPv4 addresses
Elastic Compute Cloud (EC2)
- IAAS -provides Virtual machines → instances
- private service by default - use VPC networking
- AZ resilient - instance fail if AZ fails
- Different instance sizes and capabilities
- on-Demand Billing - per second
- Local on-host storage or Elastic block store (EBS)
Virtual Private Clouds(VPC)
- Virtual network inside AWS
- A VPC is within account 1 and 1 region
- Private and isolated unless you decide otherwise
- you can only have 1 default VPC per region (configured by AWS by default)
- you can have many custom VPC per region
Virtual Private Clouds(VPC)
- Virtual network inside AWS
- A VPC is within account 1 and 1 region
- Private and isolated unless you decide otherwise
- you can only have 1 default VPC per region (configured by AWS by default)
- you can have many custom VPC per region
Virtual Private Clouds(VPC)
- Virtual network inside AWS
- A VPC is within account 1 and 1 region
- Private and isolated unless you decide otherwise
- you can only have 1 default VPC per region (configured by AWS by default)
- you can have many custom VPC per region
Running EC2 instance Charges
- CPU
- Memory
- Disk
- Networking
Stopped EC2 instance Charge
- disk (via EBS storage)
Terminated EC2 instance
your not charged for anying
Amazon Machines Image (AMI)
Ami’s can be create from an EC2 instance or can be user to create a EC2 instance
What are the 3 things that make up an AMI ?
- permissions
- Root volume
- Block Device Mapping
EC2 Block Device mapping
Links the volumes to determine if it’s a boot volume and which is a data volume
Root Volume
Drives the OS
What comprises a status check?
System check
checks if the ec2 instance is reachable by traffic
Instance check
The instance operating system is health and ready for traffic
What’s considered a heathy EC2 instance ?
An instance that passes 2/2 checks
S3 Basics
- global storage platform - reginal based/resilient
- public service, unlimited data &multi-user
- Moves, Audio, Photos, Text, and Large data sets
- economically and accessed via UI/CLI/API/HTTP
*
Buckets
containers for objects in s3
Bucket Naming
names have to be unique across All Aws regions(globally unique)
S3 Structure
storage is at the root it has a flat structure not like a file system
folder structures are emulated using prefixes
What are some limitations of s3 ?
you can’t mount an s3 bucket as (k:\ or /images)
S3 is an object store not a file or block storage
What are some advantages of S3?
Great for large scale data storage, distribution or upload
great for “offload”
input and or output to many AWS products
S3 Objects
key : value pair
What does an S3 object contain ?
version ID
Meta data
access control
sub resources
Aws shared responsibility Model
customer responsible for security in the cloud
AWS responsible for security of the cloud
High Availability (HA)
aims to ensure an agreed level of operation performance usually uptime for a higher than normal period
all about maximizing system online time
Fault Tolerance (FT)
a property that enables a system to continue operating properly in the even of failure of some of it’s components
Disaster Recovery (DR)
as set of policies, tool and procedures to enable the recovery of continuation of vital technologies infrastructure and systems following a natural or human-induced disaster
Cloud Formation
Tool that lets you create update and delete infrastructure in AWS using templates
Cloud Formation Resources
tell the template what to do if resources are add and then cloud formation create resources if resources are removed then the cloud formation removes resources
What happens if you delete a Cloud formation stack ?
The resources associated with the stack are also deleted
What is DNS?
- DNS is a discovery service
- Translates machines into human readable addresses and vice-versa
- it is huge so it has to be distributed
- has to accommodate IPv4 and IPv6 address space
DNS Client
your laptop, phone, or PC
Resolver
software on your device or a server which queries DNS on your behalf
Zone
a part of the DNS database(e.g.amazon.com)
Zonefile
physical database for a zone
NameServer
where zonefiles are hosted
Root Hints
configuration that points at the root server IPs and addresses
Root Server
Hosts the DNS root Zone
Root Zone
points at top level domain authoritative servers
GTLD
generic top level domain(.com.org)
CCTLD
Country-code top level domain( .uk .eu etc.)
Route53 and key features
- register domains
- Host Zones managed nameservers
- global service single database
- Globally resilience
What’s the process like for registering a domain ?
- creates a zone file ex: animals4life.org
- creating a number of managed name serves ex: usually a cluster of 4 servers per/ns
- put zone files on servers
- lesion with top level domains to get names address to the top level domain zone that point back at servers
AWS Hosted Zones
zone files in AWS are host on 4 managed name server. Can be public or private linked to VPC(s). Stores records.
What are Text Records used for ?
prove domain ownership and fight spam
DNS TTL(Time to Live)
a numeric value telling others how long records can be cached for.
Virtual Private Clouds(VPC)
- Virtual network inside AWS
- A VPC is within account 1 and 1 region
- Private and isolated unless you decide otherwise
- you can only have 1 default VPC per region (configured by AWS by default)
- you can have many custom VPC per region
