CCP Flashcards
IAM Users
mapped to a physical user, has a password for AWS Console
IAM Groups
Containers users only
IAM Policies
JSON document that outlines permissions for users or groups
IAM Policies
Effect
Whether the statement allows or denies access (Allow, Deny)
IAM Policies
Principal
account/user/role to which this policy applies to
IAM Policies
Action
list of actions this policy allows or denies
IAM Policies
Resource
List of resources to which the actions applied to
IAM Security
MFA + Password Policy
AWS CLI
manage your aws services using a programming language
Access Keys
access AWS services using a programming language
IAM Audit Tools
-IAM Credentials Report (account-level)
-IAM Access Advisor (user-level)
Ports to know
SSH (Secure Shell) - log into Linux instance
Port 22
Ports to know
FTP (File Transfer Protocol) - upload files into a file share
Port 21
Ports to know
SFTP (Secure File Transfer Protocol) - uploading files using SSH
Port 22
Ports to know
HTTP - access unsecured websites
Port 80
Ports to know
HTTPS - access secured websites
Port 433
Ports to know
RDP (Remote Desktop Protocol) - log into a windows instance
Port 3389
What is a EC2 instance made of
AMI (OS) + Instance Size (CPU + RAM) + Storage + security groups + EC2 User Data
What is a security Group
Firewall attached to the EC2 instance
What is EC2 User Data
Script launched at the first start of an instance
EBS Volume
(Elastic Block Storage Volume)
-Network drives attached to one EC2 instance at a time
-Mapped to Availability Zones
-Can use EBS Snapshots for backups / transferring EBS volumes across AZ
AMI
(Amazon Machine Image)
Create Ready to use EC2 instances with our customizations
EC2 Image Builder
Automatically build, test, and distribute AMI’s
EC2 Instance Store
-High performance hardware disk attached to our EC2 instance
-Lost if our instance is stopped / terminated
EFS
(Amazon Elastic File System)
Network file system, can be attached to 100s of instanced ina region
EFS-IA
Cost optimized storage class for infrequent accessed files
FSx for Windows
Network File system for windows servers
FSx for Lustre
High performance computing linux file system
High Availability
Run instances for same application cross multi AZ incase of failure
Scalability
Ability to accommodate a larger load by making the hardware stronger (scale up), or by adding nodes (scale out)
Elasticity
Once a system is scalable, elasticity means that there will be some “auto-scaling” so that the system can scale based on the load. This is “cloud-friendly”: pay per use, match demand, optimize costs
Agility
(not related to scalability - distractor on exam) new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes.
ELB
(Elastic Load Balancers)
-Distribute traffic across backend EC2 instances, can be Multi-AZ
-Supports health checkers
-3 types: Application LB (HTTP - L7), Network LB (TCP - L4), Classic LB (old)
ASG
(Auto Scaling Groups)
-Implement Elasticity for your application, across multiple AZ
-Scale EC2 instances based on the demand on your system, replace unhealthy
-Integrated with the ELB
S3 Buckets
-Globally unique name (across all regions all accounts)
-Created in a region
S3 Objects
-Objects (files) have a key
-The key is the FULL url path
-The key is composed of a prefix + object name
-There’s no concept of directories within buckers although the UI will trick you to think otherwise.
S3 security
IAM policy, S3 Bucket Policy (public access), S3 Encryption
S3 Websites
Host a static website on Amazon S3
S3 Versioning
multiple versions for files, prevent accidental delete
S3 Replication
same-region or cross-region, must enable versioning
S3 Storage classes
Standard, IA, IZ-IA, Intelligent, Glacier (Instant, Flexible, Deep)
SnowFamily
import data onto S3 through a physical device, edge computing
OpsHub
Desktop application to manage Snow Family Devices
Storage Gateway
Hybrid solution to extend on-premises storage to S3
Databases
Relational Databases OLTP SQL
(Online Transactional Processing)
RDS managed service for MySQL, MAriaDB, etc
Aurora (SQL) proprietary database optimized for cloud
Databases
Read Replicas
Scale the read workload of your DB
Can create up to 5 read replicas
Data is only written to main DB
Databases
Multi-AZ
Failover in case of AZ outage (High availability)
Data is only read/written to main database
Can only have 1 other AZ as failover
Databases
Multi-Region
MultiRegion (Read Replicas)
Disaster Recovery in case of region issue
Local performance for global reads
Replication cost
Databases
In-memory Database
ElastiCache
Databases
Key/Value Database
DynamoDB (serverless) & DAX (Cache for DynamoDB)
Databases
Warehouse OLAP
(Online Analytical Processing): Redshift SQL
Databases
Hadoop Cluster
EMR (Elastic MapReduce)
Databases
Athena
Query data on Amazon S3 (serverless & SQL)
Databases
QuickSight
Dashboards on your data (Serverless)
Databases
DocumentDB
“Aurora for MongoDB” (JSON - NoSQL database
Databases
Amazon QLDB
(Quantum Ledger Database)
Financial Transactions Ledger, like centralized blockchain
Databases
Amazon Managed Blockchain
Managed HyperLedger Fabric & Ethereum blockchains`
Databases
Glue
Managed ETL (Extract Transform Load) and Data Catalog service
Databases
DMS
Database Migration
Databases
Neptune
Graph database used websites like wikipedia, facebook
Docker
container technology to run applications
ECS
(Elastic Container Service)
run Docker containers on EC2 instances you provision and maintain
Fargate
-Run Docker containers without provisioning the infrastructure
-Serverless offering (no EC2 instances)
ECR
(Elastic Container Registry)
Private Docker Images Repository
Batch
run batch jobs on AWS across managed EC2 instances
Lightsail
-predictable & low pricing for simple application & DB stacks
-AWS for dummies
Lambda
Lambda is Serverless, Function as a Service, seamless scaling, reactive
Lambda Billing
(pay per call or pay per duration)
By the time run multiplied by the RAM provisioned
By the number of invocations
CloudFormation
(AWS only)
-Infrastructure as Code, works with almost all of AWS resources
-Repeat across Regions & Accounts
Beanstalk
(AWS only)
-Platform as a Service (PaaS), limited to certain programing languages or Docker
-Deploy code consistently with a known architecture
CodeDeploy
(Hybrid)
Deploy & upgrade any app onto servers
Systems Manager
(Hybrid)
patch, configure, and run commands at scale
OpsWorks
(Hybrid)
managed Chef and Puppet in AWS
CodeCommit
Store code in private git repository (version controlled)
GitHub for AWS
CodeBuild
Build & test code in AWS
CodeDeploy
Deploy code on to servers
CodePipeline
Orchestration of pipeline (from code to build to deploy)
CodeArtificat
Store software packaged / dependencies on AWS
CodeStar
Unified view for allowing devs to do CI/CD and code
One stop shop for all Code… services
Cloud9
Cloud IDE like visual code with collab
AWS CDK
Define your cloud infrastructure using a programming language
Route 53
Global DNS
Great to route users to the closet deployment with least latency
Great for disaster recovery strategies
CloudFront
Global Content Delivery Network (CDN)
-Replicate part of our app to AWS Edge Locations decrease latency
-Cache common request improved user experience & decreased latency
S3 Transfer Acceleration
Accelerate global uploads & downloads into Amazon S3
AWS Global Accelerator
Improve global app availability and performance using the AWS global private network
AWS Outposts
Deploy Outposts Racks in your own Data Centers to extend AWS services
AWS WaveLength
Brings AWS services to the edge of the 5G networks
Ultra-low latency applications
AWS Local Zones
Bring AWS resources closer to users in in large populations
Good for latency sensitive applications
CloudWatch Metrics
Monitor the performance of AWS services and billing metrics
CloudWatch Alarms
Automate notification, perform EC2 action, notify to SNS based on metric
CloudWatch Logs
Collect log files from EC2 instances, servers, Lambda functions, etc
CloudWatch Events (or EventBridge)
Collect log files from EC2 instances, servers, Lambda functions, etc
CloudTrail
audit API calls made within your AWS account
CloudTrail Insights
automated analysis of your CloudTrail Events
X-Ray
trace requests made through your distributed applications
Service Health Dashboard
Status of all AWS services across all regions
Personal Health Dashboard
AWS events that impact your infrastructure
Amazon CodeGuru
Automated code reviews and application performance recommendations
VPC
(Virtual Private Cloud)
private regional network to deploy your resources
Subnets
Tied to an AZ, network partition of the VPC
Internet Gateway
at the VPC level, provide internet Access
Nat Gateway (Managed) / Nat Instances (You manage)
give internet access to private subnets
NACL
(Network Access Control List)
Stateless (Allow or Deny) firewall, subnet rules for inbound and outbound
Security Groups
Stateful (Allow), operate at the EC2 instance level or ENL
VPC Peering
Connect two VPC with non overlapping IP ranges, nontransitive
VPC Endpoints
Provide private access to AWS services within VPC
PrivateLink
Privately connect to a service in a 3rd party VPC
VPC Flow Logs
Network traffic logs
Site to Site VPN
VPN over public internet between on-premises DC and AWS
Client VPN
OpenVPN connection from your computer to your VPC
Direct Connect
Direct private connection to AWS
Transit Gateway
Connect thousands of VPC and on-premises networks together
Shield
Automatic DDos Protection + 24/7 support for advanced
WAF
Web Application Firewall to filter incoming requests based on rules
KMS
(Key Management Service)
Encryption keys managed by AWS
CloudHSM
Hardware encryption, customer manages encryption keys
AWS Certificate Manager
provision, manage, and deploy SSL/TLS Certificates
Artifact
Get access to compliance reports such as PCI, ISO, etc
GuardDuty
Find malicious behavior with VPC, DNS, and CloudTrail Logs
Inspector
For EC2 only, install agent and find vulnerabilities
Config
Track config changes and compliance against rules
Macie
Find sensitive data (ex:PII data) in Amazon S3 buckets
CloudTrail
Track API calls made by users within account
AWS Security Hub
Gather security findings from multiple AWS accounts
Amazon Detective
Find the root cause of security issues or suspicious activities
AWS Abuse
report AWS resources used for abusive or illegal purposes
Root user privileges
Change account settings
Close your AWS account
Change or cancel your AWS Support plan
Register as a seller in a Reserved Instance Marketplace
Rekognition
face detection, labeling, celebrity recognition
Transcribe
audio to text (ex: subtitles)
Polly
text to audio
Translate
language translations
Lex
build conversational bots - chatbots
Powers Alexa
Connect
use with lex to create cloud contact center
Comprehend
For Natural Language Processing - NLP
SageMaker
Fully managed service for developers / data scientists to build ML models
Forcast
Machine learning for highly accurate forecasts and predictions
Kendra
Fully managed document search service powered by ML
Personalize
Personalized recommendations, same tech used on amazon.com
Textract
detect text and data in documents
AWS 4 Pricing Models
-Pay as you go
-Save when you reserve
-Pay less by using more
-Pay less as AWS grows
EC2 Pricing
-On-demand, pay as you go
-Reserved, up to 75% off, 1 or 3 years commitment, All upfront, partial upfront, or no upfront
-Spot Instances, Bid for unused capacity, can loose it
-Dedicated Host, on-demand, reservation for 1 or 3 years
-Savings plans save on sustained usage
Lambda and ECS Pricing
-Lambda
Pay per call
Pay per duration
-ECS
EC2 Launch Type Model: No additional fees, you pay for AWS resources stored and created in your application
-Fargate
Fargate Launch Type Model: Pay for vCPU and memory resources allocated to your applications in your containers
Cost and Usage Reports
-Comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, reservations
-Lists AWS usage for each service category used by an account and its IAM users in hourly or daily line items, as well as any tags that you have activated for cost allocation purposes
Cost Explorer
-Virtualize, understand, and manage your AWS costs and usage over time
-Choose an optimal Savings plan (to lower prices on your bill)
-Forecast usage up to 12 months based on previous usage
AWS Budgets
Create budget and send alarms when costs exceeds the budget
Trusted Advisor and categories
High level AWS account assessment tool
-Cost optimization
-Performance
-Security
-Fault tolerance
-Service limits
Trusted Advisor 7 Core Checks
For Basic & Developer Support Plan
-S3 Bucket Permissions
-Security Groups - Specific Ports Unrestricted
-IAM use (one IAM user minimum)
-MFA on Root Account
-EBS Public Snapshots
-RDS Public Snapshots
-Service limits
Trusted Advisor Full Checks
-Full checks available on 5 categories
-Ability to set CloudWatch alarms when reaching limits
-Programmatic Access using AWS Support API
Compute Optimizer
Recommends resources’ configurations to reduce cost using machine learning
Pricing Calculator
Cost of services on AWS
Billing Dashboard
High level overview + free tier dashboard
Cost Allocation Tags
Tag resources to create detailed reports
Cost and Usage Reports
Most comprehensive billing dataset
Cost Explorer
View current usage (detailed) and forecast usage
Billing Alarms
In us-east-1 -track overall and per-service billing
Budgets
more advanced - track usage, costs, RI, and get alerts
Savings Plans
easy way to save based on long-term usage of AWS
IAM
Identity and Access Management inside your AWS account
For users that you trust and belong to your company
Organizations
Manage multiple AWS accounts
STS
(Security Token Service)
Temporary, limited privileges credentials to access AWS resources
Cognito
create a database of users for your mobile & web applications
Directory Services
integrate Microsoft Active Directory in AWS
IAM Identity Center
One login for multiple AWS accounts & applications
Amazon WorkSpaces
-Managed Desktop as a Service (DaaS) solution to easily provision Windows or Linux desktops
-Great to eliminate management of on-premise VDI (Virtual Desktop Infrastructure)
Amazon AppSteam 2.0
-Desktop Application Streaming Service
-The Application is delivered from within a web browser
-Example: Steam and use blender via the browser
Amazon Sumerian
Create and run virtual realty (VR, augmented reality (AR), and 3D applications
AWS IoT Core
Allows you to easily connect IoT devices to the AWS Cloud
Amazon Elastic Transcoder
Used to convert media files stored in S3 into media files in the formats required by consumer playback devices (phones etc.)
AWS AppSync
-Store and sync data across mobile and web apps in real-time
-Makes use of GraphQL (mobile technology from Facebook)
AWS Amplify
A set of tools and services that helps you develop and deploy scalable full stack web and mobile applications
AWS Device Farm
Fully-managed service that tests your web and mobile apps against desktop browsers, real mobile devices, and tablets
AWS Backup
Fully-managed service to centrally manage and automate backups across AWS services
Disaster Recovery Strategies
-Cheapest: Backup and restore
-average: Pilot Light
-Expensive: Warm StandBy
-Most expensive: Multi-site / Hot-site
AWS Elastic Disaster Recovery (DRS)
Quickly and easily Recover your physical, virtual, and cloud-based servers into AWS
AWS DataSync
Replication tasks are incremental after the first full load
AWS Application Discovery Service
Plan migration projects by gathering information about on-premises data centers
Agentless Discovery (AWS Agentless Discovery Connector)
Agent-based Discovery (AWS Application Discovery Agent)
AWS Application Migration Service (MGN)
Lift and shift (rehost) solution which simplify migrating applications to AWS
AWS Fault Injection Simulator (FIS)
Based on Chaos Engineering stressing an application by creating disruptive events (sudden increase of CPu or memory), observing how the system responds, and implementing improvements
AWS Step Functions
-Build serverless visual workflow to orchestrate your Lambda functions
-Features: sequence, parallel, conditions, timeouts, error handling
AWS Ground Station
Fully managed service that lets you control satellite communications, process data, and scale your satellite operations
Amazon Pinpoint
-Scalable 2-way (outbound/inbound) marketing communications service
-Supports email, SMS, push, voice, and in-app messaging
1st Pillar
Operation Excellence
Includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures
-Perform operations as code
-Annotate documentation
-Make frequent, small, reversible changes
-Refine operations procedures frequently
-Anticipate failure
-Learn from all operational failures
2nd Pillar
Security
Includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies
-implement a strong identity foundation
-Enable traceability
-Apply security at all layers
-Automate security best practices
-Protect data in transit and at rest
-Keep people away from data
-Prepare for security events
3rd Pillar
Reliability
Ability of a system to recover from infrastructure or service disruptions dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues
-Test recovery procedures
-automatically recover from failure
-Scale horizontally to increase aggregate system availability
-Stop guessing capacity
-Manage change in automation
4th Pillar
Performance Efficiency
Includes the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve
-Democratize advances technologies
-Go global in minutes
-Use serverless architectures
-Experiment more often
-Mechanical sympathy
5th Pillar
Cost Optimization
Includes the ability to run systems to deliver business value at the lowest price point
-Adopt a consumption mode
-Measure overall efficiency
-Stop spending money on data center operations
-Analyze and attribute expenditure
-Use managed and application level services to reduce cost of ownership
6th Pillar
Sustainability
The sustainability pillar focuses on minimizing the environmental impacts of running cloud workloads.
-Understand your impact
-Establish sustainability goals
-Maximize utilization
-Anticipate and adopt new, more efficient hardware and software offerings
-Use managed services
-Reduce the downstream impacts of your cloud workloads
AWS Professional Services & Partner Network
APN = AWS Partner Network
-APN Technology Partners: Providing hardware, connectivity, and software
-APN Consulting Partners: professional services firm to help build on AWS
-APN Training Partners: Find who can help you learn AWS
-AWS Competency Program: AWS Competencies are granted to APN partners who have demonstrated technical proficiency and proven customer success in specialized solution areas
-AWS Navigate program: help partners become better Partners
AWS IQ
Quickly find a professional help for your AWS projects
