CCP Revision Notes Flashcards
What acts as firewall rules around EC2 Instances?
Controlling Inbound and Outbound traffic?
Security Groups
How long can you reserve EC2 instances for?
1 & 3 years
What are EC2 spot-instances?
Allows the users to take advantage of unused EC2 instances at up to 90% discount rates.
Spot instances can be terminated if the on-demand price is higher than what the user has set as their max price that they are willing to pay for the instance.
If user is willing to pay $1/hr and the on-demand pricing is at $2 per hour, the customer paying $2/hr will get this instance.
What are EC2 on-demand?
Normal EC2 available for users to consume.
What is an EBS?
Elastic Block Store that attaches to EC2 while they run.
Similar to a USB stick
EBS are network attached storage and thus suffers latency.
Are EBS bound to availability zones?
Yes.
Replication to another AZ must be done through EBS snapshots.
What is AMI?
Amazon Machine Images are used when deploying EC2s.
What is Image Builder?
Image Builder automates the creation of base VM and container images.
Rather than spinning up and instance and installing software and tools and snapshotting that instance.
Image Builder allows users to define what software and packages needs to be included in the image and this will be a base image available for them.
What is EC2 Instance Store?
Instance Store is the physical storage drive attached to each EC2 instance.
Better performance than EBS - as EBS are network drives.
Instance Store data are lost when EC2s are terminated.
What is EFS?
Elastic File System is a shared network file system that can be used by multiple EC2 instances at a time.
Similar to a network file share.
How does EBS differ to EFS?
EBS is only attached and used by a single EC2 instance.
EFS can be used by multiple EC2 instances at a time.
What is AWS FSx
Offers 3rd party file share service in AWS to mimic the function of Elastic File Share (EFS)
Remember it as File Share xternal
What is Vertical Scaling?
The ability to scale the size of an instance.
From T2.Micro to T2.Large etc.
What is Horizontal Scaling?
The ability to increase the number of instances available for an application.
What is High Availability?
Highly available applications runs in multiple availability zones for fault tolerance and increase resilience.
What are ELBs?
Elastic load balancers are internet facing servers that forwards traffic downstream to EC2 instances.
Manages load of IFE applications.
EC2 instances are placed in “target groups” and ELB forwards traffic to the specified target groups.
If a target group has 4 instances, traffic is split 4-ways, unless stated otherwise
What are the 3 different types of ELBs?
Application LB - Layer 7
Network LB - Layer 4
Gateway LB - Layer 3
What is ASG?
Auto-Scaling Groups
What are the configuration requirements for ASGs?
Minimum Size
Desired Size
Max Size
What is Simple/Step Dynamic Scaling?
Addition or Removal of instances at set states.
If application CPU usage > 70% add 1 instance
If application CPU usage < 30% remove 1 instance
What is Target Dynamic Scaling?
Application scales to hit target CPU utilization.
If target is set at 50% CPU utilization, the application will scale or de-scale to try and hit this target.
What is Schedule Dynamic scaling?
Sets a schedule when the application will scale up and down.
Busy periods - Black Fridays, Pay Days etc.
Quiet Periods - Sundays, holidays etc.
What is Predictive Dynamic Scaling?
Scales based on ML findings and results.
Predictive = ML / AI
Does buckets have to have globally unique names regardless of regions and accounts?
Yes
Files in S3 buckets are stored as what?
Objects
What is the max size for a single object in S3?
5TB
Higher than this and the object must be stored as “multi-part”
The full object file path within an S3 bucket is referred to as what?
Object Key
What is the difference between an IAM role and IAM policy?
IAM Role defines who has access to a resource/account.
IAM Policy determines what they can do within that resource/account.
Example:
IAM Role: Incident Response Access
IAM Policy: Read Only, snapshot, stop instances
What is S3 Versioning?
Objects are saved in versions.
Each object upload is saved as a version of that object.
Filev1.txt
Filev2.txt
etc.
Why would you replicated S3 buckets in multiple regions?
Compliance
Increased performance for S3 access in multiple regions.
Why would you replicate S3 buckets in the same region?
Replication of Test and Prod data.
Review the S3 Standard Classes
S3 Standard – General Purpose
- User for frequently access data.
- Low latency & high throughput
- Use Case: Typical standard use for websites and applications.
S3 Standard – Infrequent Access (IA)
- Less frequently access data compared to S3 general purpose.
- Lower cost than S3 standard.
- Cost associated per retrieval.
Use Case: Disaster Recovery and Backups
S3 Standard One Zone-Infrequent Access
- Similar to IA but only stored in a single Availability Zone
- User Case: Storing Secondary Data backups.
Review the S3 Glacier Classes
S3 Glacier – Instant Retrieval
- Low-cost storage meant for archiving and backup.
- Costs per object retrieval
- Minimum storage duration of 90 days.
- Use Case: Millisecond retrieval, good for backups.
S3 Glacier – Flexible Retrieval
- Tiered data retrieval speeds.
- Can be up to 12 hours for data retrieval.
S3 Glacier – Deep Archive
- Long term storage.
- Minimum storage of 180 days.
What is S3 intelligent tiering?
Objects are moved between tiers as defined by their last accessed dates to save storage costs.
Tiers:
- Frequent Access: Default Tier
- Infrequent Access: Objects not accessed for 30 days.
- Archive Instant Access: Objects not accessed for 90 days.
- Archive Access: Configurable between 90-700+ days
- Deep Archive Access: Configurable between 180-700+ days
How durable is AWS S3?
The expectation of high durability 99.9 11 9s
10m objects, 1 will be lost every 10,000 years.
What IAM Analyzer?
Surfaces resources and accounts in an organization shared with an external entity.
Improves journey towards least privilege.
What is the storage capacity of an AWS Snow Cone?
8TB
What is the storage capacity of an AWS Snowball?
80TB HDD
210TB SDD for storage optimized
What is the storage capacity of AWS SnowMobile?
100PB
What is AWS Snow Ops Hub?
Software to be installe in a physical machine that allows management of AWS Snow devices.
What is Storage Gateway used for?
Offers a hybrid solution to maintain on-prem and cloud storage solutions.
What are relational databases?
A relational database includes tables containing rows and columns
Can be queried using SQL
What are non-relational databases?
NoSQL databases where data can be stored in JSON.
Specific use cases where unstructured can be stored.
What is RDS?
Fully managed SQL relational database service.
What is AWS Aurora?
Fully managed high performance SQL relational database service.
AWS-implementation of PostgreSQL and MySQL databases.
Cloud optimized so have significant improvements over simple RDS.
What is ElastiCache?
Cloud implementation of in-memory databases offering high-performance and low latency.
What is Dynamo-DB?
Fully managed and highly available non-relational NoSQL database
Replication across 3 AZ.
What version of Dynamo-DB will offer even better read performance?
DAX or Dynamo-DB Accelerator is in-memory cache for Dynamo DB
What is Redshift?
Relational databse used for OLAP - Online Analytical Processing.
It’s especially suited to processing analytical queries involving more complex calculations.
Redshift is sometimes referred to as a data warehouse.
What is EMR or Elastic Map Reduce?
Creation of Hadoop Cluster for big data analytics.
Automates the provisioning of instances and services.
What is Athena?
Serverless SQL-query service to query files within S3 buckets.
What do you use to create SQL queries to query files within an S3 bucket?
Athena
What do you use if you want to build a data warehouse for OLAP application?
AWS Redshift
What do you use if you want to improve Dynamo-DB performance?
Use DAX to cache the database in memory.
What do you use if you want to create dashboard in AWS?
AWS Quicksight
What is the AWS implementation of MongoDB?
Document DB
Another example of non-relational No SQL database
MongoDB and DocumentDB is used to store, query and index JSON data.
What do you use if you want to create a graph-style database?
AWS Neptune
A social network is an example of a Graph Database.
A social network is interconnected and creates a graph when plotted.
Wikipedia is an example of a graph database as each article is interconnected.
What do you use to create a iummutable ledger-style databse for financial transactions?
Quantum Ledger Database
Immutable system and each entry cannot be removed or modified – cryptographically verifiable using cryptographic hashes.
What do you use if you want an immutable account of changes made within an application over time?
Quantum Ledger Database
Immutable system and each entry cannot be removed or modified – cryptographically verifiable using cryptographic hashes.
What do you use if you want to create a blockchain system on AWS?
AWS managed block chain
What is AWS Glue?
Managed Extract, Transform and Load (ETL) service.
Useful to prepare and transform data for analytics, a service that standardizes data prior to analysis.
Takes multiple data sources with minimal standardization and outputs them into standardized, more complimentary data ready for analysis.
Glue = Data Standardization prior to analysis
What do you use when you want to standardise data prior to analysis?
AWS Glue
What do you use if you want to migrate a database?
Database Migration Service (DMS)
What do you use if you want to manage your containers in AWS?
ECS - Elastic Container Service
A fully managed container orchestration service that helps you easily deploy, manage, and scale containerized applications
Underlying infrastructure must be deployed and managed by the user
What do you use if you want to launch containers on AWS and not have to worry about the underlying infrastructure?
AWS Fargate
AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances. With Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers.
What is Fargate?
Lazy ECS, no need to manage underlying infrastructure.
AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances. With Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers.
Where can you store container images on AWS?
Elastic Container Registry (ECR)
What is AWS Lambda?
AWS Lambda is a serverless compute service for running code without having to provision or manage servers.
You pay only for the compute time you consume.
How do you communicate to services in AWS that do not have native API functionality built into them?
AWS API gateway
What is AWS Batch?
AWS Batch allows users to efficiently process hundreds of thousands of batch and machine learning computing jobs on AWS.
A “batch” job is categorized as a job that has a defined “start” and “end” points.
AWS Batch will provision the required number of resources to complete the intended batch job.
Lambda vs Batch? Whats the difference?
AWS Lambda short-lived tasks or for event-driven computing use cases.
AWS Batch for long running or computation heavy tasks that is conducted regularly such as data analytics.
What is AWS Lightsail?
Alternative to provisioning individual AWS services and instances.
For users with minimal experience or knowledge of AWS.
What do you use to deploy infrastructure as code?
Cloud Formation
What do you use if you want to deploy infrastructure as code but you want to use a familiar development language like JS or Python?
Cloud Development Kit (CDK)
The code is compiled by CDK into a usable JSON/YAML Cloud Formation format.
Allows to deploy infrastructure and application runtime code together as they can share the same language.
What do you use if you want to be focused on application code only and leave the infrastructure and platform to AWS?
AWS Beanstalk
Beanstalk is a Platform as a Service offering (PaaS)
Beanstalk is free but payment for the underlying services used when deployed.
What do you use if you want to deploy applications stored in S3, Bitbuckets or Git Repos?
AWS Code Deploy
Enables applications to be upgraded automatically.
Instances must have Code Deploy agents installed to enable automatic and centralised upgrade mechanism.
What is an AWS code repository offering like GitHub?
AWS Code Commit
Code Commit is a code repository such as GitHub.
It is a git-based repository which allows versioning functionality.
Repo = Commit
What is used to compile code in AWS?
AWS Code Build
a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy
Build = Compile
What do you use to automate CI/CD in AWS?
Code Pipeline
Continuous delivery service you can use to model, visualize, and automate the steps required to release your software
What do you use if you want to manage sharing of software packages, files, libraries and other dependacies across your organization for software deployments?
AWS Code Artifact
You can use CodeArtifact with popular build tools and package managers such as the NuGet CLI, Maven, Gradle, npm, yarn, pip, and twine.
Librarie, Files and Dlls are all software development artifacts.
What do you use if you want to centrally manage your software development activites in one place?
AWS Code Star
What is an AWS web-based IDE offering?
AWS Cloud9
What do you use if you want to manage cloud and on-prem resources at scale?
AWS SSM or Systems Manager
Allows management:
Patching
Commands and configuration can be deployed across the entire fleet.
Store parameters and configuration with SSM parameter store.
What is SSM Session manager?
Allows the management of instances without needing to SSH into the instance.
Requires an SSM agent to be installed on the host.
What is SSM parameter store?
Allows the storage of secrets using SSM.
Configurable parameters can be stored here for deployment across the estate using SSM.
What do you use if you want to manage CHEF and Puppet on AWS?
AWS Ops Works
Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.
OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.
What is the managed DNS service on AWS?
Route 53
What the content delivery network that improves delivery performance by caching regularly accessed files at edge locations?
AWS Cloud Front
Caching Files at Edge Locations = Cloud Front
What would you use if you want to improve the transfer speed of files into the S3?
AWS Transfer Accelerator
File is transferred onto an Edge Location closest to the user - after that, it is routed through the AWS internal network.
This does not have to go through the public internet which causes latency.
What is the AWS Global Accelerator?
Users connect to their closest Edge location.
Traffic then routes through the internal AWS network to improve connectivity speeds and reduce latency.
What is an AWS Outpost?
AWS Server Racks installed on-premise that allows organizations to offer a hybrid cloud model but still have control over the underlying infrastructure.
Outpost = Server Racks on prem
What would you use if you want to leverage the 4G/5G network for AWS use?
AWS Wavelength
What are AWS Local Zones?
Extensions of AWS regions in densely populated cities - Boston, Miami, Chicago etc.
What would you use if you want to connect IoT devices into AWS using the telecomms network such as:
Connected vehicles
Interactive Video/Gaming Streams
AWS Wavelength
What service would you use if you want to manage a queue service on AWS?
AWS SQS
Simple Queue Service
What would you use if you want to analyze big data streams at any scale?
AWS Kinesis
Big Data Stream on the fly = Kinesis
What would you use if you want to create a simple Sub/Pub service offering on AWS?
AWS SNS
Simple Notification Service
What would you use if you to use a 3rd party provider for SQS and SNS services on AWS?
Message Broker
Allows users to use non-cloud native SNS and SQS type service.
What service provides telemetry and metrics for every instance on AWS?
Cloud Watch logs
What would a user use if they want to an action to trigger on the back of an event?
An event could be a cloud watch metric related event, time based, day based etc.
AWS Event Bridge
Which service would a user use to refer to when they want to check changes made to an account or service?
Cloud Trail
What would a user use if they want to visually present application issues, performance issues, bottlenecks?
AWS X-Ray
AWS X-Ray is a service that collects data about requests that your application serves, and provides tools that you can use to view, filter, and gain insights into that data to identify issues and opportunities for optimization.
What is AWS Code Guru?
Code Guru uses ML for automated code review and application performance recommendations.
What is the difference between Code Guru Profiler and Reviewer?
Code Guru Reviewer is used for static code analysis
Code Guru Profiler is used for run time code analysis
What dashboard would a user refer to if they want to determine the health of regions, AZ, services across AWS?
AWS Health Dashboard
What would a user use if they want to manage multiple accounts at an organization level?
AWS Organizations
What tool can be utilized for restriction of account privileges at an Organization level?
AWS SCP
Service Control Policies
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.
SCPs offer central control over the maximum available permissions for all accounts in your organization.
SCPs help you to ensure your accounts stay within your organization’s access control guidelines.
What is the main benefit of using Consolidated Billing?
Allows for the combined billing of all resources used within an organization across all accounts.
This increases the amount of discount offered to the organization.
i.e. One bill for all EC2 utilization across an organization
How would an organization quickly deploy and provision new approved and standardized accounts that are in line with organizational compliance requirements?
AWS Control Tower
AWS Control Tower enables end users on your distributed teams to provision new AWS accounts quickly, by means of configurable account templates in Account Factory.
What service would alert the organization on accounts that have drifted away from approved templates and best-practices?
AWS Control Tower
What service allows the sharing of used resources within the same organization, perhaps across multiple accounts?
For example two accounts using the same ELB?
AWS Resource Access Manager (RAM)
AWS Resource Access Manager (AWS RAM) helps you securely share your resources across AWS accounts, within your organization or organizational units (OUs) in AWS Organizations, and with IAM roles and IAM users for supported resource types.
You can use AWS RAM to share resources with other AWS accounts.
What service would an organization refer to if they want to enable/disable the use of specific services across accounts or create a template of approved services for use?
i.e. Enable/Disable the use of Kinesis, Athena, Ground Control
AWS Service Catalogue
What would you use if you want to estimate the cost for a solution/architecture on AWS?
Pricing Calculator
