AWS Solutions Architect Test Flashcards
Redshift
- Based on PostgreSQL, but it’s not OLTP
- OLAP = Online Analytical Processing
- Columnar
- Large inserts are much Better
- Data Analitics - Large
Redshift Cluster
- Leader node = query planning, results aggregation
- Compute nodes = performs queries and send results to leader
- Has Multi-AZ Feature for snapshots, can copy automatically to other regions.
Redshift Spectrum
- Query data that is already in S3.
- Must Redshift Cluster enabled.
- Query is send to Redshift Spectrum Nodes.
- Cross reference
Athena
- Serverless query service to analyze data stored in S3
- Standard SQL
- Pay per queries
- BI, Analytics, Reporting, VPC, ELB. Logs
- Columnar.
- Compress data
- Federated Query = Run SQL across data stored in relational, non-relational, object, and custom data sources (on-premises)
- Uses Data Source Connectors
- Store the results back in S3
Placement Groups
- EC2 Instance Placement Strategy
- Cluster = cluster instances into a low-latency group in a single Availability Zone (Same Rack, Same AZ) (Performance)
- Spread = spreads instances across underlying hardware (max 7 instances per group per AZ) (High Availability)
- Partition = spreads instances across many different partitions (different sets of racks) with an AZ. Scales to 100s of EC2 instances per group.
VPC Console Wizard
- 4 Configurations
1- VPC with single public subnet = VPC + Public Subnet + Internet Gateway = Blogs, websites
2- VPC with public an private subnet (NATs) = VPC + Public Subnet + Private Subnet = Web-app on public, but server on private.
3- VPC with public and private subnet and AWS Site-to-Site VPN = VPC + Public Subnet + Private Subnet + VPG = Web-app on public, and private data with connect to VPN.
4- VPC with private subnet and AWS Site-to-Site VPN = VPC + Single Private Subnet + VPG = No internet gateway, extend your network to aws without expose your connection.
A developer needs to implement a Lambda function in AWS account A that accesses an Amazon S3 bucket in AWS account B.
- Create an IAM role for the Lambda function that grants access to the S3 bucket. Set the IAM role as the Lambda function’s execution role. Make sure that the bucket policy also grants access to the Lambda function’s execution role.
Amazon Aurora Global Database
- PostgreSQL and MySQL
- Failover instantaneous
- High Availability + Read Scaling
- More expensive (20%) than RDS, but is more efficient.
- Support Cross Region Replication
- Multiple Replicas
- Low Latency
- DONT SUPPORT MULTI MASTER!!!
- Automatic Backups continuous and incremental
- No performance impact or interruption of database service service occurs as backup data is being written.
If your primary Region suffers a performance degradation or outage, you can promote one of the secondary Regions to take read/write responsibilities. An Aurora cluster can recover in less than 1 minute, even in the event of a complete Regional outage. This provides your application with an effective recovery point objective (RPO) of 1 second and a recovery time objective (RTO) of less than 1 minute, providing a strong foundation for a global business continuity plan.
An Elastic Load Balancer has marked all the EC2 instances in the target group as unhealthy. Surprisingly, when a developer enters the IP address of the EC2 instances in the web browser, he can access the website.
What could be the reason the instances are being marked as unhealthy? (Select two)
- The security group of the EC2 instance does not allow for traffic from the security group of the Application Load Balancer
- The route for the health check is misconfigured
Elastic Load Balancer
- You need to attach Elastic IP to the EC2 instances
- Load balancer has Security Group
Network Load Balancer Routing
- If you specify targets using an instance ID, traffic is routed to instances using the primary private IP address specified in the primary network interface for the instance. The load balancer rewrites the destination IP address from the data packet before forwarding it to the target instance.
- If you specify targets using IP addresses, you can route traffic to an instance using any private IP address from one or more network interfaces. This enables multiple applications on an instance to use the same port. Note that each network interface can have its security group. The load balancer rewrites the destination IP address before forwarding it to the target.
Transit Gateway
- A transit gateway is a network transit hub that you can use to interconnect your virtual private clouds (VPC) and on-premises networks
CloudTrail
- Use CloudTrail to analyze API calls - AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.
A company wants to store business-critical data on EBS volumes which provide persistent storage independent of EC2 instances. During a test run, the development team found that on terminating an EC2 instance, the attached EBS volume was also lost, which was contrary to their assumptions.
The EBS volume was configured as the root volume of the Amazon EC2 instance. On termination of the instance, the default behavior is to also terminate the attached root volume
EBS (Elastic Block Store)
- Network driver attached to EC2
- Can persist data
- By default, root is deleted after termination.
- Bounded do specific Availability Zone
- Need snapshot to move to others regions.
A retail company uses AWS Cloud to manage its IT infrastructure. The company has set up “AWS Organizations” to manage several departments running their AWS accounts and using resources such as EC2 instances and RDS databases. The company wants to provide shared and centrally-managed VPCs to all departments using applications that need a high degree of interconnectivity.
- Use VPC sharing to share one or more subnets with other AWS accounts belonging to the same parent organization from AWS Organizations
- An AWS owner account cannot share the VPC itself with another AWS account
VPC Peering
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. VPC peering does not facilitate centrally managed VPCs.
A startup’s cloud infrastructure consists of a few Amazon EC2 instances, Amazon RDS instances and Amazon S3 storage. A year into their business operations, the startup is incurring costs that seem too high for their business requirements.
Use AWS Cost Explorer Resource Optimization to get a report of EC2 instances that are either idle or have low utilization and use AWS Compute Optimizer to look at instance type recommendations
AWS Cost Explorer
AWS Cost Explorer helps you identify under-utilized EC2 instances that may be downsized on an instance by instance basis within the same instance family, and also understand the potential impact on your AWS bill by taking into account your Reserved Instances and Savings Plans.
AWS Compute Optimizer
Recommends optimal AWS Compute resources for your workloads to reduce costs and improve performance by using machine learning to analyze historical utilization metrics. Compute Optimizer helps you choose the optimal Amazon EC2 instance types, including those that are part of an Amazon EC2 Auto Scaling group, based on your utilization data.
Amazon S3 Analytics Storage Class
Analysis you can analyze storage access patterns to help you decide when to transition the right data to the right storage class. This new Amazon S3 analytics feature observes data access patterns to help you determine when to transition less frequently accessed STANDARD storage to the STANDARD_IA (IA, for infrequent access) storage class. Storage class analysis does not give recommendations for transitions to the ONEZONE_IA or S3 Glacier storage classes
S3 Lifecycle
- The minimum storage duration is 30 days before you can transition objects from S3 Standard to S3 One Zone-IA or S3 Standard-IA.
- The S3 Standard-IA and S3 One Zone-IA storage classes have a minimum 30-day storage charge.
- S3 Standard / Reduced Redundancy = Frequently access, low latency, high throughput.
- S3 Standard - IA = Less frequently access, but need low latency. Disaster recovery
- S3 Intelligent-Tiering = Small monthly monitoring and auto-tiering fee
- S3 One Zone - IA = One zone, backups or data you can recreate.
- S3 Glacier = Minimum 90 days of storage.
- S3 Glacier Deep Archive = Minimum 180 days of storage. Long-term storage.
A Big Data analytics company writes data and log files in Amazon S3 buckets. The company now wants to stream the existing data files as well as any ongoing file updates from Amazon S3 to Amazon Kinesis Data Streams.
- Leverage AWS Database Migration Service (AWS DMS) as a bridge between Amazon S3 and Amazon Kinesis Data Streams
- The given requirement needs the functionality to be implemented in the least possible time. You can use AWS DMS for such data-processing requirements. AWS DMS lets you expand the existing application to stream data from Amazon S3 into Amazon Kinesis Data Streams for real-time analytics without writing and maintaining new code. AWS DMS supports specifying Amazon S3 as the source and streaming services like Kinesis and Amazon Managed Streaming of Kafka (Amazon MSK) as the target. AWS DMS allows migration of full and change data capture (CDC) files to these services. AWS DMS performs this task out of box without any complex configuration or code development. You can also configure an AWS DMS replication instance to scale up or down depending on the workload.
AWS DMS supports Amazon S3 as the source and Kinesis as the target, so data stored in an S3 bucket is streamed to Kinesis. Several consumers, such as AWS Lambda, Amazon Kinesis Data Firehose, Amazon Kinesis Data Analytics, and the Kinesis Consumer Library (KCL), can consume the data concurrently to perform real-time analytics on the dataset. Each AWS service in this architecture can scale independently as needed.
AWS Database Migration Service (DMS)
- AWS DMS enables you to seamlessly migrate data from supported sources to relational databases, data warehouses, streaming platforms, and other data stores in AWS cloud.
- AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. With AWS Database Migration Service, you can continuously replicate your data with high availability and consolidate databases into a petabyte-scale data warehouse by streaming data to Amazon Redshift and Amazon S3.