AWS Services Flashcards
1
Q
IAM Credential reports
A
list all account users and their credentials
2
Q
Aws SDK
A
can be used in your code to call aws API
3
Q
Cloud Shell
A
a CLI in the browser with a complete permanentn filesystem
4
Q
A
5
Q
IAM access advisor
A
Shows service permissions given to a user and last access for each service (useful for “least privilege”)
6
Q
EC2 (Elastic Cloud Computing)
A
service to rent VMs, store data on virtual drives (EBS) distribute load on machine (ELB), auto scaling the service (ASG)
7
Q
Security Groups
A
set of rules tha can be attached to EC2 instance. It specify which range of IP i allowe through each port and can reference other security group (even itself) to allow traffic from other EC2 instances of that group)
8
Q
port 22
A
ssh (secure shell for accessing the terminal of EC2 linux instances) or secure file transfer protocol (SFTP)
9
Q
port 21
A
file transfer portocol
10
Q
port 80
A
http
11
Q
port 443
A
https
12
Q
port 3389
A
RDP (remote desktop protocol) used to log in EC2 windows instances
13
Q
AMI (Amazon Machine Image)
A
Bootable image that is used to start an EC2 instance
14
Q
EC2 user data
A
script that you can provide during Ec2 config that is run ONCE at boot up time
15
Q
EC2 Image Builder
A
Automate creation of AMI (it create an EC2 with desire characteristics and user data, creates Amitfrom it, then runs test on the AMI, then it can distribute the AMI across regions. It can be run again to get updated packages. You only pay what you use, not the service itself.
16
Q
EC2 instance store
A
EC2 instance with storage physically attached to the server. But the storage is lost if instance is terminated: good foe cache/temporary content. High performance storage.
17
Q
EFS (Elastic File System)
A
File system that can be attached to 100s of EC2 in the same region to have a synced shared file system. Pay per use. You can also have the infrequent access part where file less sued are moved to save some money.
18
Q
Amazon FSx
A
Service for handling for handling 3rd party file systems
For windows: can be accessed via windows EC2 or on premises;
For Lustre (linux+cluster): can be accessed by aws services or on premises. High performance
19
Q
Application Load Balancer (ALB)
A
for http/gRPC protocols(layer 7), static DNS, can be deployed on 1 or more AZ. It has a security group
20
Q
networl load balancer (NLB)
A
tcp/udp protocol (level 4) high performance, static IP
21
Q
gateway load balancer (GWLB)
A
geneve protocol on ip packets (level3), sends traffic through security servers
22
Q
scaling strategies for LB
A
Manual (set min max e desired number of instances)
dynamic (trigger: ec <70% per 5 min;
scheduled: at specific time create 5 instance
target: keep usage at 50%)
predictive: use ML to
23
Q
s3 standard storage class
A
99.99 availability, cost gb/month, for frequent accessed data
24
Q
s3 infrequent access (IA)
A
instant retrieval but, cheaper but with retrieval fee, used for backup that you need instantly. One-zone IA or multi-zone (standard) IA
25
s3 glacier instant retrieval
retrieval cost, min 90 giorni
26
s3 glacier flex retrieval/deep archive
1 min to 12 h retrieval, min 90gg/ 12-48h retrieval min 180 gg
27
s3 intelligent tiering
auto sihft object between frequent acces, infrequent access (>30gg last access), archive istant access (90gg), archive, deep archive (180-700gg)
28
s3 encryption
server side, on by default. Client side = encrypt file before uploading
29
s3 IAM access analyzer
analyze policies, "object access control lists (ACL)" and tells you the s3 bucket that have been shared or are acessible publicly so you can review your s3 situation
30
snow cone
small 10 TB 4gb ram
31
snow ball
big, 100TB, 100 gb ram, you pay per usage and for data moved OUT of aws
32
AWS storage gateway
for hibrid cloud, use to access s3 proprietary tech by on premise infrastructure
33
RDS (Relational DB Service)
managed service for relational DB. multi AZ setup, backed by EBS
34
Aurora
relational DB, proprietary, cloud optimized, higher performance and cost. Aceept mySQL and POstrgres
Serverless aurora (good for infrequent, unpredictable workloads, no management)
35
rds deploy options: read replicas, multi az replicas, multi region read replica
read replicas: up to 15, no write operations
multi AZ: for high availability, no read/write, just backup
multi region read replica: high avail, better local performance, no write op on replica
36
ElastiCache
To manage IN MEMORY DB. It's like ana extension that can be used together with managed db to keep most used stuff in cache and improved performance.
37
Dynamo DB
SERVERLESS (no setup), noSQL, very fast (ms latency), high available, scalable. Cna set up global tables, so people will access sync replica of you table. Cna improve performace with DAX (Dyn accelerator( to keep stuff in cache, microseconds latancy(
38
DAX (Dynamo accelerator)
like elastichace but for dynamo instead of RD. Microseconds latency
39
Redshift
analytics and data warehousing, OLAP, SQL based (also serverless version)
40
Amazon EMR
HADOOP CLusters (elastic map reduce) for big data analysis , connect to 100s ec2
41
Athena
to analyze/access S3 buckets, serverless
42
Quicksight
serverless dashboard to visualize db for Business Intelligence
43
Neptune
graph DB, social network, wikipedia
44
Document Db
mongo implementation
45
Timestream
Time series data
46
QLDB
quantum ledger, for financial transaction/crypto, inmutable, centralized, cryptographic hash
47
Managed blockchain
Decentralize blockchain networks, hethereum, hyperledger
48
GLUE
for ETL (extraction, transform, load), extract data and prepare it for analysis
49
DMS
migration service from one db to another
50
lambda
SERVERLESS, REACTIVE, FaaS, quick execution. Pay per call and executioin time* RAM
51
ECS
Managed container manager that runs stop containers on ec2
52
FARGATE
run containers SERVERLESS
53
ECR
private container registry to keep your docker images
54
EKS
managed kubernetis clusters
55
Amazon API Gateway
create API to access lambda functions, since they are not public
56
AWS Batch
manages process of batches submitted on docker images: it will run them on ECS (it launches ec2 inside ecs). DIfferent from lambda bcz no time limit, not fully serverless, relies on ecs and works with docker images
57
lightsail
fon non cloud expert, frindly interface to manage servers, DB, networking
58
Cloud Formation
Platfotm as code, free (only pay the used resources). Use yaml/json template to buil and replicate your infrastructure (application composer: visual way)
59
AWS CDK
convert normal code in CF templates. You can deploy app code and infrastructure together
60
Beanstalk
Platform aaS, free, has health monitoring features. You provide the code of you app, the preferences for server (ec2 config, os, security, asg, elb, db..) and it takes care of creating and managing the infrstructure. Just worry about the code
61
CodeDeploy
deploy new code to your servers (on premise or cloud). Hybrid service
62
CodeCommit
host git repo in AWS account
63
CodeBUild
compile code and produce deployable artifact. SERVERLESS
64
CodeArtifacts
artifacts (libraries/dependencies) management service
65
CodePipeline
code (git) -> build -> test -> deploy to beanstalk. Base for CICD continuous integration continuos developent
66
AWS System manger (SSM)
run commands or patch the whole fleet of servers (cloud or on premise)
67
SSM session manager
acces your server's shell w/o port 22 open
68
SSM Parameter Store
store pw, config, keys, strings; encrypted, serverless
69
Route 53
managed DNS, pay for dominio + fixed monthly fee. Routing policies: simple, weighted, latancy, failover
70
CloudFront
GLOBAL, CONTENT DELIVERY NETWORK (CDN). use 216 edge loc (pt of presence) to cache data for better latancy. COntent is not updated live. THe origin can be S3 bucket (secured by Origin Access Control), or any http origin (ec2, s3 website). You can also upload stuff
good for static content available world wide (s3 CRR is good for dinamic content available in some regions)
NB: CF is a new layer btw user and data, it will always be used to access data, and if it is not cached, cf will retrieve it from the origin
71
s3 transfer acceleration
use edge loc network instead of public network to reache the AZ of the s3 (no chachin, just using the net)
72
GLobal accelerator
use edge loc network instead of public network to reache the desired resurces/data (no chachin, just using the net)
73
AWS Outpost
for hybrid busines, request an AWS server rack in your facilities
74
wavelength
5G, ultra low latency, outside aws net, in the internet provider net
75
AWS Local zone
you can unlock a new zone in a specific area for better letancy
76
SQS
DECOUPLE APPS: dont have apps that comunicate directly, use something to organize their comunication. SERVERLESS queue manager. Pull Based. Producer and consumer, (if it's not fifo the order is not guarantess). keep msg in q for upt to 14 days
77
Kinesis
process real time stream of big data
78
SNS
NOTIFICATION, PUBLISH/SUBSCRIBE. Push based, when a msg is published on a topic, all subs receive the msg notification
79
Amazon mq
sns, sqs but for third party protocols
80
CloudWatch
collects metrics from all services and can create dashboards to visualize them. default update every 5 min, can pay to get 1 min. Eg view ec2 utilization (not ram tho)
81
claudwatch alarms
trigger a notification/action when a certain metric of a service metts a condition (eg create new ec2 instance, terminate instance)
82
Claudwatch logs
collects terminal logs of all services (for ec2 you need CW log agent)
83
EventBridge
create rules to trigger events when a certain event happens. EG send msg when ec2 status change, or someone log into your account (you can also schedule events every tot)
84
AWS x-ray
trace and visualize calls btw different part of you infrastructure, useful for analysis, bottlenecks, delays
85
CLouTrails
used to INVESTIGATE/INSPECT/RECORD action of your account. keeps track of all actions, call, made in you account.c
86
codeGuru
ML code review and application performce reccomandation
87
Health dashboard
history of status of all services in all regions (sends alert if a service you use has a problem)
88
VPC
you get one for you when you create an account. COrresponds to a region, and has subnets (range of Ip). Subnet can be private (for db, can access internet via NAT gateways, but not be reached) or public.
each vpc and subnet have a specific CIDR (rang of public ip allocated)
security is managed via network ACL: rules for ip allowed/denied (security groups for ec2)
89
vpc flow log
record ip traffic of net/subnet/service (can be set up for different levels)
90
VPC peering
connect 2 vpc privately, not transitive
91
vpc endpoint interface
used to access service via public net instead of public internet (for s3 and dynamo: you need endpoint gateway)
92
private link
expose app to other vps privately, scalable secure.
93
site to site vpn
to connect on premise with cloud via public internet
94
direct connect (DX)
connect on primise stuff with cloud via phisical dedicate connection
95
client vpn
access stuff in you private vpc from anywhere
96
Transit Gateway
connect 100s of vpc, on premise stuff, vpn, everything, via a sta shaped connection
97
Shield
protect against DDoS attack, layer 3/4,
standard: enabled by default, gratis
advanced: response team, sofisticated
98
WAF (Web app Firewall)
layer 7 (http), define IP rules, protect your app from web ecploit
99
AWS Network firewall
protect the entire VPCfrom all traffic, layer 3 to 7
100
Firewall Manager
manage security groups across all account of the organization
101
penetration/secutiry test
allowed on your infrastructure (only on EC2, RDS, aurora, lambda, ELB, cloud Formation/front)
102
AWS KMS (AWS managed keys)
key manager service; encryption for AWS service. You dont get the keys. It's autoenabled for cloudtrail, S3 glacier
103
AWS HSM
hardware that AWS give you ti manage encription
104
ACM Aws certificate manager
service for inflight encryptionfor https (ssl/tls protocol)
105
Secret manager
manage/rotate credentials, mainly for RDS
106
Aws Artifacts
portal for AWS compliance docs
107
GuardDuty
find vulnerabilities in your account using various logs(trail, dns, vpc flow logs). Can trigger event bridge if it finds something
108
Amazon Inspector
security assesment service that can run on
EC2 (checks os etc), ECR, lambda (checks the code)
can trigger eventbridge
109
AWS config
Check if the config of your resources satisfy some rule that you can define (eg unrestricted ssh access), and record a timeline of compliance
110
Macie
finds sensitive information in s3 buckets
111
AWS security hub
dashboard that shows secutity alert from a lot of security services
112
Detective
find root cause of security alert, using data from various log and ML
113
AWS abuse
report to them if you see stuff in AWS used/abused for illegal matter
114
IAM access analyzer
you define a "zone of trust", and this service tells you which resources are accessible/shared outside of this zone.
115
Rekognition
find object, faces, text in img, videos: for profiling, emotion analysis, sports tracking
116
Transcribe
speech to text, can detect and censor personal info
117
Polly
text to speechr
118
Translate
translate stuff, useful to auto adapt website based on location
119
Lex
base for alexa, specch recognition and language understanding for conversational bot
120
Connect
virtual contact centers for call centers
121
Comprehend
NLP, partition/extract info from docs: analyze reviews etc
122
Sage Maker
help labeling, training, creating, tuning deploying ML models
123
Forecast
given your data, it creates amodel able to predict future data
124
Personalize:
service for recomendatoin based on user data (eg amazon products)
125
Kendra
DOCUMENT SEARCH SERVICE, scans documents for answers
126
Textract
Extract text from scanned/handwritten docs
127
AWS organization
consolidated billings, share of reserved instance, aggregate usage benefits (more you use, less you pay)
128
Service control policies (SCP)
enforce PCi Compliance. enabel access to various services based on account (all blocked by default)
129
COntrol tower
easy organization and SCP setup, guardrail for policies
130
Resource access Manager (RAM)
manage the sharing of resource in your org
131
Service Catalog
portal with template for services (grouped in portfolios), made by the admi, so everyone can use/create new resources even w/o specific knowledge
132
Saving plans
Commit to a certain $/h usage
different saving plans: Ec2, compute saving plans(ec2, fargate, lambda)
ML saving plans for sagemaker
133
AWS compute optimizer
ml to recomend aws resource config based on your workload and reduce cost/optimize performance
134
Pricing calculator
estimate how much a service will cost you by saying how you plan to use it
135
Billing dashboard
high level overview for cost in the month, and month forecast
136
cost and usager report
most detailed cost report, by resource category per hours
137
Cost explorer
visual too with desired granularity for cost analysis, Can forecast up to 12 month
138
billing alarm
set an alarm on the billing metric in cloud watch, most basic, aggregate all costs, no forecat
139
budgets
create one of these to monitor the cost of a group of resoursesand get notified when they exceed the budget (or are forecasted to exceed). 4 typesa: cost, usage, resrvation, saving plans
140
Cost anomaly detection
Ml to find anomalies in cost, or get periodic summary
141
AWS service quotas
get notified whe one of your resource get close to the service quota (limit)
142
Trusted advisor
analyse your account anf gives recomendation on security, service limits, cost performance, fault tolerance
143
support plans
Basic (custom service, healt dashboraed)
Developer : email to cloud support, 12-24h response
BUsiness: fulll trusted advisor, phone to support, 1-4h repsonse
Enterprise on Ramp: tecnical account managers, <30 min response
ENterprise: <15 min, designate technical account manager, Incident detection and response
144
Security Token Service (STS)
create token for short time credential with limited priviliges (for crosss accounto or temporary ec2 permission)
145
Cognito
create million of users for your app, not AWS users
146
AWS directory service
integrate Microsoft active directory in AWS
147
AWS IAM identity Center
Single Sign On for AWS account of same organization. Single pw for multiple accounts
148
design principle for architecture
Scalability, Disposable resources, Loose coupling of components, Think in service, not in servers, automation (serverless, ASG)
149
6 Pillars of good architecture
1) operational excellence
2) Security
3) Performance efficiency
4) Reliability
5) Cost optimization
6) Sustainability
150
Aws well architected tool
revie your architecture against the 6 pillars and give advice
151
Cloud adoption Framework: guide book that identifies capabilities for succesfull cloud transformation and group them into these 6 groups:
Business, people, Governance, platform, Security, Operation
152
Transformation domains (things that you can tranform with cloud)
Things that you can tranform with cloud: Technology, process, organization, product
153
Transformation phases:
envision, align /with 6 pillars), launch, scale
154
aws solution library
list of framework already made and ready for specific usecases
155
AWS professional services and partner network
tech partners, consultin partners, training partners, navigate program
156
AWS IQ
find professional help by asking and reviewing responses of experts
157
AWS repost- knowedge center
like stack overflow, find threads, FAQs and best practices
158
AWS Managed Service (AMS)
team of experts that can manage your infrastructure
