Basic Terms Flashcards
What are burstable instances?
Amazon EC2 instances that are designed to provide baseline level of CPI performance w/ ability to burst to higher level when required by workload.
Ideal for workloads that don’t use full CPU often but need to “burst”.
What is the link-local address?
http://169.254.169.254
What is Network ACL (Access Control List) Use Case?
Allows/denies specific inbound/outbound traffic at subnet level.
Rules apply to all instances in subnet.
No charge to use.
What is a subnet?
Availability Zone AWS feature that are range of IP addresses w/in VPC where you can place resources like EC2 instances & can define whether it is public (has internet access) or not (private).
What is an endpoint service?
Design Secure Architectures
Make private connection (w/out public internet) to service in VPC.
Can be connected through interface or gateway endpoint making communication faster & secure.=
How are ACL’s used in AWS?
- Control traffic at Subnet Level
- Can use default network ACL or create custom one.
- Use network ACLs w/ security groups to control access to AWS resources.
What is Ciphertext?
Data Security
Encrypted Data
What is Symmetric Encryption?
Data Security
Only one key (secret key) is used to encrypt & decrypt electronic data.
What is Asymmetric Encryption?
A public key from public/private key pair used to encrupt plaintext, then private key to encrypt ciphertext.
What is OpenSSL?
Software tool that helps you create & manage secure connections over internet & is mainly used for working w/ SSL/TLS certificates.
What is elasticity?
Design Resilient Architectures
Use automation & horizontal scaling to match capacity w/ demand.
What is Synchronous Decoupling?
Design Resilient Architectures
Components that must always be available for proper functionality.
What is Asynchronous Decoupling?
Design Resilient Architectures
Communication between components through durable components.
What is Amazon Kinesis Data Streams?
Design Resilient Architectures
Allows you to collect, process, & analyze real-time data streams at massive scale.
What is RPO?
Design highly available and/or fault-tolerant architectures
Recovery Point Object:
Maximum amount of time since last data recovery point.
Backups taken every so many hours:minutes:seconds based on requirements.
What is RTO?
Design highly available and/or fault-tolerant architectures
Recovery Time Object
Maximum acceptable delay b/w service interruption & service restoration measured in hours:minutes:seconds based on requirements.
What is a Certificate Authority Authorization?
DNS record that allows domain owners to specify which certificate authorities are authorized to issue SSL/TLS certificates for their domain, enhancing security & preventing unauthorized certificate issuance.
What is a principal?
Person/application that can make request for an action/operation on AWS resource.
What are Identity-based policies?
Policies applied to users, groups, & roles.
What are roles?
Identity w/ permissions assigned to it via policy where you can assume role & take on permissions.
What is Security Token Service?
A
Allows for temp credentials be used w/ identity federation, delegation, cross-account access, & IAM roles.
What is instance metadata?
Data about your EC2 instance.
Available at: http://169.254.169.254/latest/meta-data
What is Amazon EC2 User Data?
The code is run when instance starts for first time.
Is encoding automatic w/ console & AWS CLI?
Yes
To what size is user data limited to in raw form b/4 it’s base-64 encoded?
16KB
When does user data run and only run?
First time instance launches.
