AWS Keyword Connect Flashcards
Recommendation, guidance
Trusted Advisor
Multi-account for enterprises through Account vending machine (AVM)
AWS Landing Zones (4 accounts)
Automatic provision new accounts/ uses SSO via service catalog template
AVM
Digital catalog of 1000’s of software listings. Independent vendors. Free/associated charge.
AWS marketplace (SaaS offering/CloudFormation templates/web ACL)
Metadata for organizing AWS resources
Tag
Collection of resources that share 1 or more tags
Resource Group
Protects from web exploits. Attached to Cloudfront or ALB
AWS WAF
Encrypting your encryption key
Envelope Encryption
Ebs
Fully managed. Continuously monitors sensitive data access. Generates alerts for unauthorized access (uses ML)
Amazon Macie
Create and control encryption keys to encrypt data
KMS (Key Management Service)
Threat detection service (IDS). Use ML
GuardDuty
Fully Managed
DynamoDB
2 services
Role
Minimum of 1 year
Reserved instance
Eliminating as many security risks as possible
Hardening
Runs security assessments benchmark audits 1 single ec2 instance
vulnerabilities
AWS Inspector
Premade packages/templates for deployment of functional architecture in <1 hour
Quick start
Authorized simulated attack to Evaluate the security of the system
Pentesting
No cost/self-service for on-demand access to AWS compliance report. Audit
Artifact
Managed DDoS protection. Route53 /CloudFront protection
AWS Shield
Short period, unpredictable
On-Demand Instances
All checks in trusted Advisor
Business, Enterprise
7 core checks in Trusted Advisor
basic
Secures EC2 Instances
Security Groups
number of services migrated
TCO (Total Cost Ownership)
Geographical Location
AWS Region
Data Center
AZ
Isolated section to launch AWS resources.
VPC
Enables access to the internet
Internet Gateway
Determines where network from subnet is directed
Route Table
API activity/call, traceability, account activity. Governance, compliance
CloudTrail
Service activity, health, performance metrics, monitor
CloudWatch
CDN (Content Distribution Network). Copy file to all distribution around the World. High transfer speed. Uses edge locations to cache content
CloudFront
Subnet security/firewall
NACL
Logical partition of IP network in small segments
Subnet
Firewall for instances
Security Group
Distribute loads across instance. If AZ is down, they distribute to next available one. Protects against DDOS
Elastic Load Balancer
Deploy and scale web apps. Health monitoring
Elastic Beanstalk
Config. Management service. Managed instances (chef, puppet)
OpsWorks
Flooding website with large amount of fake traffic
DDoS
Create/terminate instances
AWS Autoscaling
Best/manage monthly payment
Consolidated Billing
Plan your service usage/cost/instance reservation
First 2 budgets free
AWS Billing
Visualize usage of consolidated billing
Cost Explorer
The more you use, the more you save
Volume discounts
Evaluate assess instance
AWS Inspector
Archive 40 terabytes
Glacier
Information about Prohibited actions
AWS Accepted Use Policy
Send notification/alerts/email. Uses email/text format. Subscribers, publishers, topic
SNS
Decouple/scale microservice distributed services. Places messages into a queue. Good for delayed tasks
SQS
Analyze/debug production/troubleshoot
X-Ray
Cost-effective, send email from app. Uses HTML
SES
Outbound inbound marketing campaign communication service
Pinpoint
Hybrid storage solution enables on-premises to use AWS cloud storage. Backup/archive/migration/disaster recovery
Storage gateway
Object level storage
S3
Analyze data in S3, serverless database for S3 query
Athena
enables AWS architects to manage infrastructure as code. JSON/YAML
CloudFormation
Manage EC2 capacity automatically/scale according to needs
benefits: automated provisioning, adjustable capacity, launch template support
Autoscaling group
Function-run up to 15min
Lambda
Call Center
Amazon Connect
Virtual remote desktop
Workspaces
AWS version of Sharepoint/ collaboration service
WorkDoc
Online meeting/ video conferencing
Chime
Managed Business mail
Workmail
BI service. Data visual Connect multiple data sources no programming knowledge(ML)
Quicksight
Search Engine
Cloud search
Dedicated fiber optic connections from datacenter to AWS
Direct Connect
Elastic transcoder. Converts videos to # types
Media Connect
Apps built in EC2 classic network (layer 4 & 7)
CLB (Classic Load Bouncer)
TCP & TLS traffic. Ultra low latency. Sudden/volatile traffic (layer 4)
NLB (Network Load Bouncer)
HTTP HTTPS traffic. Routing rules (layer 7). Can attach WAF
ALB (Application Load Bouncer)
Provision required resources
Cloud Architecture principle of elasticity
Enterprise, primary contact for support needs
TAM
Report suspected resources(illegal/abusive)
Abuse Team
DNS in aws cloud
Route 53
route traffic to multiple resources in proportions that you specify?
Weighted route 53
Short term engagement with AWS support (enterprise)-new product
Infrastructure Event Management
- Personalized view of service health
- Troubleshooting guidance
Personal health benefits
Cost-efficient/unpredictable access. Unlimited storage obj. 5tb/object
S3 Intelligent-tiering
Most frequently accessed data stored. App response time is optimal
Elastic Cache
Ability to remain functional even if some components fail
Fault tolerance system
RDS allowing data redundancy across regions/improve recovery
Read replica
Establish private network connection btw AWS and datacenter
Direct Connect
create a VPS (Virtual Private Server) on the cloud. No cloud experience
Amazon Lightsail
help customers design, architect, build, migrate, and manage their workloads and applications on AWS.
APN Consulting Partners
provide software solutions that are either hosted on or integrated with, the AWS platform
APN Technology Partners
shares a collection of offerings to help you achieve specific outcomes related to enterprise cloud adoption.
AWS Professional Services
Compliance, lower latency access, replication across accounts
Cross Region Replication (CRR)
Log aggregation, live replication btw production & test account
Same Region Replication (SRR)
Software to install on pc to manage snow family devices
opshub
-Bridge between on-premise data & S3 cloud data
Storage Gateway
In-memory database. Redis, memcached
Elasticache
Fully managed in memory cache for dynamoDB
DAX (DynamoDB Accelerator)
Analytics and data warehousing
OLAP (Online Analytical Processing)
Data for analytics, warehouse, columnar storage. MPP(massive parallel query execution)
Redshift
Create Hadoop(big data) analyze data. Supports apache, auscaling, ec2 instances
EMR (Elastic MapReduce)
Financial transaction, immutable(can’t remove/change entries) central
QLDB (Quantum Ledger Database)
Create apps to execute transaction decentralized. Hyperledger, ethereum
Amazon Managed Blockchain
Migrate data
Database Migration Service (DMS)
Extract transform load (ETL)
AWS Glue
Container technology Deploy/run applications
docker
Launch docker on AWS. Provision/maintain infrastructure
ECS (Elastic Container Service)
Docker-no provision-serverless
Fargate
Store docker images
ECR (Elastic Container Registry)
Serverless, create, publish, maintain secure API
API Gateway
Define infrastructure using code and transform in JSON/YAML to CloudFormation
CDK (Cloud Development Kit)
Deploy app automatically/ transition from on-premises to ec2
CodeDeploy
Store code in a repository. (AWS github)
CodeCommit
Build code in the cloud
CodeBuild
Orchestrate # STEPS TO HAVE CODE DEPLOYED
CodePipeline
Store & retrieve dependencies. Artifact management
CodeArtifact
Unify UI manage software dev in 1 place
CodeStar
Cloud IDE
Cloud9
Patch automation
Run command across entire fleet
System Manager (SSM)
Increase transfer speed by transferring file to edge location
S3 Transfer Accelerator
create accelerators, direct traffic to optimal endpoints, improves the availability
and performance
Global Accelerator
Server racks. Customer responsible for security of infrastructure
Outposts
5G network
AWS Wavelength
Allow private subnet to connect to internet while remaining private
NAT Gateway
real-time big data streaming
Kinesis
Automated code review (using machine learning)
CodeGuru
Connect to VPC using a private network
VPC Endpoint
Vpc endpoint for S3 and DynamoDB
VPC Endpoint Gateway
VPC endpoint for rest of services (part from s3 & DynamoDB)
VPC Endpoint Interface
Patch management, configuration management, awareness & training
Shared Responsibility
Data stored/archived on a device
Data at Rest
Data moved from 1 location to another
Data in transit
Encrypt. AWS manages encryption keys
KMS (Key Management Service)
Encrypt. AWS provision encryption hardware
CloudHSM (Hardware Security Module)
HTTPS SSL/TLS Certificates
ACM (AWS Certified Manager)
Store and force rotation secrets
Secrets Manager
Audit/record compliance
Config
Central security tool across multi accounts
Security Hub
Investigate, identifies root cause of security issue
Amazon Detective
Recognize object, people, animals…
Rekognition
Automatically convert speech to text
transcribe
Turn text in speech
polly
Build conversational bots- chatbots
Lex
NLP(natural language Processing)
Amazon comprehend
Fully managed service for developers/data scientists to build ML models
Sagemaker
Use ML to forecast
forecast
Document search service
kendra
ML to build real time recommendations
personalize
Manage multiple accounts Consolidated billing Aggregated usage Automate aws account creation Restrict account privileges => scp (service control policies)
Organization
Set u/govern a multi account environment
Control Tower
Reduce cost & improve performance by providing recommendation
Compute Optimizer
Estimate cost for a solution architecture
Simple Monthly Calculator/ pricing calculator
Create temp., limited credentials to access AWS resources
STS (Security Token Service)
Identity for web mobile app users
Amazon Cognito
Multiple accounts and 3rd party bus. app
SSO
Eliminate management of on-premises. DAAS(desktop as service)
Amazon Workspace
Stream an app to any computer from a web browser
Appstream 2.0
VR, AR, 3D apps
Sumerian
Convert media files in s3 into media files format that consumer can use
Elastic Transcoder
Test web/mobile apps against desktop browsers
Device Farm
Manage and automate backups
AWS Backup
Quickly & easily recover servers in AWS
Cloud Endure
