Basics Flashcards
6 Advantages of Cloud Computing
- No upfront costs, pay as you consume
- Economies of Scale
- No need to guess capacity.
- Speed. Only a few clicks to increase size
- No paying for physical data centers
- Global with ease.
Types of Cloud Computing
- Software as a Service (SaaS)
- Office 365, Gmail etc - Platform as a Service (PaaS)
- Heroku etc - Infrastructure as a Service (Iaas)
- AWS, Azure, GCP
Cloud Deployment Models
Cloud - For Startups
Hybrid - For Banks
On-Premise - For Gov and other super sensitive areas like hospitals
What is GovCloud
A region or regions that only allows customers that pass a screening process, and are operated by US citizens on US soil. For government information
The four EC2 Pricing Models
- On-Demand
- Spot
- Reserved Instances (RI) (aka savings plan)
- Dedicated
What is the EC2 pricing model with the least commitment?
On-Demand. It is low-cost and flexible. Pay per hour. Short-term.
Which EC2 pricing model is the best long-term value?
RI. Stead and predictable. Can resell unused RI in the RI Market Place. 1 or 3 year. Payment options. Class offerings (different options for flexibility)
Which EC2 pricing model offers the biggest savings?
Spot. These are discounted because AWS isn’t using them for a regular customer, but once they are needed, AWS can terminate them from you. f
Which EC2 pricing model is the most expensive?
Dedicated. You have dedicated hardware to yourself.
What are the 4 AWS Support Plans?
- Basic - Free
- Developer - $20 /month
- Business - $100 /month
- Enterprise - $15,000/month
Of the 4 AWS Support Plans, which ones have third party support?
Business and Enterprise
Of the 4 AWS Support Plans, which ones have Tech Support via chat or phone 24/7
Business and Enterprise
Of the 4 AWS Support Plans, which ones have a personal concierge and TAM (Technical Account Manager)
Enterprise
Of the 4 AWS Support Plans, which ones have only 7 trusted advisor checks?
Basic and Developer
In the AWS Support Plans, what are the response times for General Guidance?
<24 Hours (All but Basic plan)
In the AWS Support Plans, what are the response times for System Impaired?
<12 Hours (All but Basic plan)
In the AWS Support Plans, what are the response times for Production System Impaired
<4 Hours (Business and Enterprise Only)
In the AWS Support Plans, what are the response times for Production System Down?
<1 Hour (Business and Enterprise Only)
In the AWS Support Plans, what are the response times for Business-Critical System Down?
<15 Minutes (Enterprise Only)
What does the AWS Basic support plan have included?
Email support only for Billing and Account
What are the 5 categories a Trusted Advisor can help you with?
- Cost Optimization
- Security
- Performance
- Fault Tolerance
- Service Limites
What is the AWS Networking Hierarchy?
AWS Account>Region>VPC>Availability Zone>Subnets&Security Group>Services (EC2, RDS etc)
What are the database services?
DynamoDB - NoSQL key/value database
DocumentsDB - NoSQL Document database. MongoDB compatible
RDS (Relational Database Service)
- Aurora - MySQL and PSQL database, fully managed
- Aurora Serverless - only runs when you need it, like lamda
Neptune - managed graph database
Redshift - columnar database, petabyte warehouse
ElastiCache - Redis or Memcached database
What is provisioning?
The allocation or creation of resources and services to a customer
What are some AWS Provisioning services?
Elastic Beanstalk OpsWorks CloudFormation AWS QuickStart AWS Marketplace
AWS Computing Services
EC2 (Elastic Compute Cloud) ECS (Elastic Container Service) Fargate EKS (Kubernetes as a Service) Lamda Elastic Beanstalk AWS Batch
AWS Storage Services
S3 - Simple Storage Service
S3 Glacier - Like S3, but cheaper and much slower
Storage Gateway - Hybrid cloud storage with local caching
EBS (Elastic Block Storage) - virtual harddrive in the cloud you attach to EC2 instances
EFS (Elastic File Storage) - file storage that can attached to multiple EC2 instances at the same time
Snowball - Physically migrate lots of data via a computer suitcase 50-80 TB
- Snowball Edge - better version of snowball 100TB
- Snowmobile - Shipping container, pulled by a semi trailer 100PB
Business Centric Services
Amazon Connect - Call center
WorkSpaces - virtual remote desktop
WorkDocs - Content creation and collaboration service
Chime - online meetings and video conferencing
WorkMail - business email
Pinpoint - marketing, sending targeted email, sms, etc
SES - Simple email service
QuickSight - connect multiple datasources quickly and visualize data in the form of graphs
Enterprise Integration Services
Direct Connect - dedicated gigabit network connection from your premises to AWS
VPN - secure connection to your AWS network
Storage gateway - hybrid storage service that enables you to use your on premises apps to use AWS
Active Directory - enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud
AWS Logging Services
CloudTrail - logs all API calls. Know who did what with the AWS services. (who can we blame?)
CloudWatch - collection of multiple services
- CW Logs - performance data about AWS service
- CW Metrics - time ordered set of data points
- CW Events - trigger event based on condition
- CW Alarms - triggers notification based on metrics
- CW Dashboard - create visualizations based on metrics
Shared Responsibility Model
Customers are responsible for security IN the cloud (data, config).
AWS is responsible for security OF the cloud (hardware, operation of managed services, global infrastructure)
AWS Compliance Programs
Things like HIPPA and PCI
https://aws.amazon.com/compliance/programs/
AWS Artifact
No cost, self service portal for on-demand access to AWS compliance reports
Amazon Inspector
How to prove an EC2 instance is harden. (hardening is the act of eliminating as many security risks as possible). Runs a security benchmark.
AWS WAF
WAF = Web Application Firewall. Can be attached to either CloudFront or an Application Load Balancer. Protects web apps from attacks covered in the OWASP top 10 most dangerous attacks. Can write your own rules or buy a ruleset
AWS Shield
Managed DDoS protection. The standard level is free for all customers and automatically enabled when you route your traffic through route 53 or CloudFront
Shield Advanced is 3000 a year and is used for protection against larger/more sophisticated attacks. Not available for all AWS services like standard is.
https://aws.amazon.com/shield/getting-started/
Penetration Testing
Authorized simulated cyber-attack on a computer system to evaluate security of the system.
GuardDuty
A threat detection service that monitors for suspicious activity.
Key Management Service (KMS)
A managed service that makes it easy for you to create and control the encryption keys used to encrypt your data
- KMS is a multi-tenant HSM (hardware security model)
- Many AWS services are integrated with KMS
- KMS uses envelope encryption
Amazon Macie
Macie is a fully managed service that continuously monitors S3 data access activity for anomalies, and generates detailed alerts when it detects risk of unauthorized access or inadvertent data leaks.
Security Groups vs NACLS
Security Groups - Firewall at instance level. Denies everything unless you say otherwise
NACLs - Firewall at subnet level. You say what is allowed and what isn’t allowed.
AWS VPN
Lets you establish a secure and private tunnel from your network or device to the AWS global network
- Site to Site: connect on-premises network or branch office site to VPC
- Client VPN: connect users to AWS or on-premises networks
Cloud * Services (similar names, different services)
- Cloud Formation: infrastructure as code
- Cloud Trail: logs all api calls (who did what)
- Cloud Front: Content distribution network. Creates a cached copy of your website and copies to servers located near those trying to download your site
- Cloud Watch: Collection of multiple services like logs, metrics, events, alarms, dashboard
- Cloud Search: Search engine you can add
- Connect Services (similar names, different services)
Direct Connect - dedicated fiber optic connection from your datacenter to aws
Amazon Connect - call center service
Media Convert - converts videos to different video types
Elastic Transcoder vs Media Convert
Elastic Transcoder - The old way. Transcodes videos to streaming formats
Media Convert - New way. Also can overlay images, insert video clips. Extracts captions data. Robust UI
SNS vs SQS
Both connect apps via messages
SNS - Simple Notifications Service: Sends notifications to subscribers of topics. Usually plain text emails (but can also do http, sqs, sms). (eg Billing alarms)
SQS - Queues messages. Good for delayed tasks, queuing up emails
Inspector vs Trusted Advisor
Inspector - Audits a single EC2 instance (Generates a report)
Trusted Advisor - Gives holistic view of recommendations across multiple services. (Doesn’t generate a PDF report)
Load Balancers: Application vs Network vs Classic
Application LB: Layer 7 requests. HTTP and HTTPS traffic. Routing Rules to use this one LB for more things. Can attach WAF (web app firewall)
Network LB: Layer 4 protocol data. TCP and TLS traffic. Ultra low latencies while having millions of requests per second. Optimized for sudden & volatile traffic (video games)
Classic LB: Old. Layer 4 and 7. Intended for apps that were built within the EC2-Classic Network. Doesn’t use target groups
SNS vs SES
SNS - Simple Notifications Service: Sends notifications to subscribers of topics. Usually plain text emails (but can also do http, sqs, sms). (eg Billing alarms)
SES - Simple Email Service: Sends html emails, can receive inbound emails. custom domain name. Mostly for professional or marketing emails.
Artifact vs Inspector
Both compile out PDF reports
Artifact - Why should an enterprise trust AWS? Does it have compliance?
Inspector - Runs a script to analyze an EC2 instance then PDF tells you which security checks passed.
Which of the following compute services would you use if you wanted to have control over the OS and be able to manage everything?
A: EC2
B: Lamda
C: Fargate
EC2
Which of the following compute services would you use if you didn’t want to have to worry about control over the OS or any management?
A: EC2
B: Lamda
C: Fargate
Lamda
Which of the following compute services would you use if you wanted to use Docker functions and not worry about managing everything else?
A: EC2
B: Lamda
C: Fargate
Fargate
What is Route 53?
DNS (Domain Name Service). Translates URLs into IP addresses
Can also register domain names
The four Route 53 routing policies are?
Latency-based routing
Geolocation DNS - routed based on user location
Geoproximity routing
Weighted Round Robin
What are block-level storage volumes?
Block-level storage volumes behave like physical hard drives.
An instance store provides temporary block-level storage for an Amazon EC2 instance. An instance store is disk storage that is physically attached to the host computer for an EC2 instance, and therefore has the same lifespan as the instance. When the instance is terminated, you lose any data in the instance store.
What is Amazon Elastic Block Storage (Amazon EBS)?
Amazon Elastic Block Store (Amazon EBS) is a service that provides block-level storage volumes that you can use with Amazon EC2 instances. If you stop or terminate an Amazon EC2 instance, all the data on the attached EBS volume remains available.
To create an EBS volume, you define the configuration (such as volume size and type) and provision it. After you create an EBS volume, it can attach to an Amazon EC2 instance.
Because EBS volumes are for data that needs to persist, it’s important to back up the data. You can take incremental backups of EBS volumes by creating Amazon EBS snapshots.
What are Amazon EBS Snapshots?
An EBS snapshot is an incremental backup. This means that the first backup taken of a volume copies all the data. For subsequent backups, only the blocks of data that have changed since the most recent snapshot are saved.
Incremental backups are different from full backups, in which all the data in a storage volume copies each time a backup occurs. The full backup includes data that has not changed since the most recent backup.
What is Amazon Simple Storage Service (S3)?
Allows you to store objects into buckets
What are the S3 storage classes?
Standard - for frequent data access. Stored in >3 availability zones
Standard Infrequent Access (IA) - Lower storage cost, and higher retrieval costs
Intelligent Tiering - For changing access patterns. additional fee
Glacier - Low cost. Slower to retrieve. For long term, non-needed data
Glacier Deep Archive - Lowest cost. Slowest retrieval time.
Would you host the following on S3 or EBS?
App that compares client photo with millions of other photos to see which animal they look like.
S3 since it’s already web enabled, regionally distributed, cost savings, serverless (no ec2 instance needed)
Would you host the following on S3 or EBS?
You need to edit an 80gb video file
EBS. Since S3 is object storage, a single edit to the video would mean the entire video has to be reuploaded. EBS is block storage, which breaks the video into blocks, and only those blocks that are edited need to be reuploaded
What is Amazon Elastic File System (Amazon EFS)?
File Storage
In file storage, multiple clients (such as users, applications, servers, and so on) can access data that is stored in shared file folders. In this approach, a storage server uses block storage with a local file system to organize files. Clients access data through file paths.
Compared to block storage and object storage, file storage is ideal for use cases in which a large number of services and resources need to access the same data at the same time.
Amazon Elastic File System (Amazon EFS) is a scalable file system used with AWS Cloud services and on-premises resources. As you add and remove files, Amazon EFS grows and shrinks automatically. It can scale on demand to petabytes without disrupting applications.
Comparing Amazon EBS and Amazon EFS
Amazon EBS
An Amazon EBS volume stores data in a single Availability Zone. To attach an Amazon EC2 instance to an EBS volume, both the Amazon EC2 instance and the EBS volume must reside within the same Availability Zone.
Amazon EFS
Amazon EFS is a regional service. It stores data in and across multiple Availability Zones. The duplicate storage enables you to access data concurrently from all the Availability Zones in the Region where a file system is located. Additionally, on-premises servers can access Amazon EFS using AWS Direct Connect.
What is Amazon Relational Database Service (Amazon RDS)?
In a relational database, data is stored in a way that relates it to other pieces of data. Relational databases use structured query language (SQL) to store and query data. This approach allows data to be stored in an easily understandable, consistent, and scalable way. For example, the coffee shop owners can write a SQL query to identify all the customers whose most frequently purchased drink is a medium latte.
Amazon Relational Database Service (Amazon RDS) is a service that enables you to run relational databases in the AWS Cloud.
What is Amazon Aurora?
Amazon Aurora is an enterprise-class relational database. It is compatible with MySQL and PostgreSQL relational databases. It is up to five times faster than standard MySQL databases and up to three times faster than standard PostgreSQL databases.
What is Amazon DynamoDB?
Nonrelational Database.
Serverless
DynamoDB is serverless, which means that you do not have to provision, patch, or manage servers. You also do not have to install, maintain, or operate software.
Automatic Scaling
As the size of your database shrinks or grows, DynamoDB automatically scales to adjust for changes in capacity while maintaining consistent performance. This makes it a suitable choice for use cases that require high performance while scaling.
RDS or DynamoDB?
You have a sales supply chain management system that you have to analyze for weak spots.
RDS. It is built for business analytics.
RDS or DynamoDB?
Anything that doesn’t need complex relationships? ie Employee contact list and their attributes. (id#, address, phone number etc)
DynamoDB. You don’t need to compare id numbers of different employees, so no relation needed.
What is Amazon Redshift?
Amazon Redshift is a data warehousing service that you can use for big data analytics. It offers the ability to collect data from many sources and helps you to understand relationships and trends across your data.
Amazon Database Migration Service (DMS)?
Migrate a database to AWS with no downtime during migration. Can also use to test migrations, replicate databases, or consolidate multiple databases into one.
Amazon DocumentDB
Amazon DocumentDB is a document database service that supports MongoDB workloads. (MongoDB is a document database program.)
Amazon Neptune
Amazon Neptune is a graph database service.
You can use Amazon Neptune to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.
Amazon Quantum Ledger Database (Amazon QLDB)
Amazon Quantum Ledger Database (Amazon QLDB) is a ledger database service.
You can use Amazon QLDB to review a complete history of all the changes that have been made to your application data.
Amazon Managed Blockchain
Amazon Managed Blockchain is a service that you can use to create and manage blockchain networks with open-source frameworks.
Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority.
Amazon ElastiCache
Amazon ElastiCache is a service that adds caching layers on top of your databases to help improve the read times of common requests.
It supports two types of data stores: Redis and Memcached.
Amazon DynamoDB Accelerator
Amazon DynamoDB Accelerator (DAX) is an in-memory cache for DynamoDB.
It helps improve response times from single-digit milliseconds to microseconds.
Shared Responsibility Model
AWS manages the security of the physical infrastructure that hosts your resources, which include:
Physical security of data centers Hardware and software infrastructure Network infrastructure Virtualization infrastructure
AWS Organizations
You can use AWS Organizations to consolidate and manage multiple AWS accounts within a central location.
AWS Organizational Units
In AWS Organizations, you can group accounts into organizational units (OUs) to make it easier to manage accounts with similar business or security requirements. When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy.
AWS Artifact
AWS Artifact is a service that provides on-demand access to AWS security and compliance reports and select online agreements. AWS Artifact consists of two main sections: AWS Artifact Agreements and AWS Artifact Reports.
AWS Key Management Service (AWS KMS)
enables you to perform encryption operations through the use of cryptographic keys.
AWS WAF
a web application firewall that lets you monitor network requests that come into your web applications.
Amazon Inspector
Amazon Inspector helps to improve the security and compliance of applications by running automated security assessments. It checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions.
Amazon GuardDuty
is a service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.
Amazon CloudWatch
is a web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics.
AWS CloudTrail
records API calls for your account. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, and more. You can think of CloudTrail as a “trail” of breadcrumbs (or a log of actions) that someone has left behind them.
AWS Trusted Advisor
is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices.
AWS Cloud Adoption Framework (AWS CAF)
At the highest level, the AWS Cloud Adoption Framework (AWS CAF) organizes guidance into six areas of focus, called Perspectives. Each Perspective addresses distinct responsibilities. The planning process helps the right people across the organization prepare for the changes ahead.
In general, the Business, People, and Governance Perspectives focus on business capabilities, whereas the Platform, Security, and Operations Perspectives focus on technical capabilities.
CAF Business Perspective
The Business Perspective ensures that IT aligns with business needs and that IT investments link to key business results.
Use the Business Perspective to create a strong business case for cloud adoption and prioritize cloud adoption initiatives. Ensure that your business strategies and goals align with your IT strategies and goals.
CAF People Perspective
The People Perspective supports development of an organization-wide change management strategy for successful cloud adoption.
Use the People Perspective to evaluate organizational structures and roles, new skill and process requirements, and identify gaps. This helps prioritize training, staffing, and organizational changes.
CAF Governance Perspective
The Governance Perspective focuses on the skills and processes to align IT strategy with business strategy. This ensures that you maximize the business value and minimize risks.
Use the Governance Perspective to understand how to update the staff skills and processes necessary to ensure business governance in the cloud. Manage and measure cloud investments to evaluate business outcomes.
CAF Platform Perspective
The Platform Perspective includes principles and patterns for implementing new solutions on the cloud, and migrating on-premises workloads to the cloud.
Use a variety of architectural models to understand and communicate the structure of IT systems and their relationships. Describe the architecture of the target state environment in detail.
CAF Security Perspective
The Security Perspective ensures that the organization meets security objectives for visibility, auditability, control, and agility.
Use the AWS CAF to structure the selection and implementation of security controls that meet the organization’s needs.
CAF Operations Perspective
The Operations Perspective helps you to enable, run, use, operate, and recover IT workloads to the level agreed upon with your business stakeholders.
Define how day-to-day, quarter-to-quarter, and year-to-year business is conducted. Align with and support the operations of the business. The AWS CAF helps these stakeholders define current operating procedures and identify the process changes and training needed to implement successful cloud adoption.
Migration Strategies
When migrating applications to the cloud, six of the most common migration strategies that you can implement are:
Rehosting Replatforming Refactoring/re-architecting Repurchasing Retaining Retiring
Rehosting Migration
also known as “lift-and-shift” involves moving applications without changes.
Replatforming Migration
also known as “lift, tinker, and shift,” involves making a few cloud optimizations to realize a tangible benefit. Optimization is achieved without changing the core architecture of the application.
Refactoring/re-architecting Migration
Refactoring (also known as re-architecting) involves reimagining how an application is architected and developed by using cloud-native features. Refactoring is driven by a strong business need to add features, scale, or performance that would otherwise be difficult to achieve in the application’s existing environment.
Repurchasing Migration
Repurchasing involves moving from a traditional license to a software-as-a-service model.
For example, a business might choose to implement the repurchasing strategy by migrating from a customer relationship management (CRM) system to Salesforce.com.
Retaining Migration
Retaining consists of keeping applications that are critical for the business in the source environment. This might include applications that require major refactoring before they can be migrated, or, work that can be postponed until a later time.
Retiring Migration
Retiring is the process of removing applications that are no longer needed.
Snow Family
Snowcone - 8TB
Snowball - 80TB
Snowmobile - 100PB (100,000 TB)
AWS WAF (Well Architected Framework)
helps you understand how to design and operate reliable, secure, efficient, and cost-effective systems in the AWS Cloud. It provides a way for you to consistently measure your architecture against best practices and design principles and identify areas for improvement.
5 Pillars of the WAF
Operational excellence
Security Reliability Performance efficiency Cost optimization
WAF Operational Excellence Pillar
Operational excellence is the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.
Design principles for operational excellence in the cloud include performing operations as code, annotating documentation, anticipating failure, and frequently making small, reversible changes.
WAF Security Pillar
The Security pillar is the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
When considering the security of your architecture, apply these best practices:
Automate security best practices when possible. Apply security at all layers. Protect data in transit and at rest.
WAF Reliability Pillar
Reliability is the ability of a system to do the following:
Recover from infrastructure or service disruptions Dynamically acquire computing resources to meet demand Mitigate disruptions such as misconfigurations or transient network issues
Reliability includes testing recovery procedures, scaling horizontally to increase aggregate system availability, and automatically recovering from failure.
WAF Performance Efficiency Pillar
Performance efficiency is the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.
Evaluating the performance efficiency of your architecture includes experimenting more often, using serverless architectures, and designing systems to be able to go global in minutes.
WAF Cost Optimization Pillar
Cost optimization is the ability to run systems to deliver business value at the lowest price point.
Cost optimization includes adopting a consumption model, analyzing and attributing expenditure, and using managed services to reduce the cost of ownership.
