CLF-02-Services & Concepts Flashcards
Memorize AWS Services
Provides block-level storage volumes for Amazon EC2 instances.
Amazon Elastic Block Storage (EBS)
Provides Object-level storage.
Amazon Simple Storage Service (S3)
Is a service that runs code w/o provisioning servers.
AWS Lambda
Is a service that adds chaching layers on top of databases to help improve the read times of common requests.
Amazon ElastiCache
Monitors object acces patterns within 30 days period. Uses Amazon S3 Standard-IA & Amazon S3 std.
Amazon S3 Intelligent-Tiering
Is a low-cost storage class that is ideal for flexible archiving. To retirieve objects within a few minutes to a few hours.
Amazon S3 Glacier Flexible Retrieval
Is ideal for data that is infrequently accesed but requires high availability when needed. Stores data in a min. of 3 AVZs. Is cheaper than Amazon S3 std.
Amazon S3 std-IA
Is ideal for infrequently accessed data that does not require high availability.
Amazon S3 One Zone-IA
A digital catalog that includes thousands of listings from independent SW vendors.
AWS Marketplace
Resource that can answer questions about best practices and assist with troubleshooting issues
AWS Support
Resource that provides guidance, architectural reviews, and ongoing communication with companies as they plan, deploy and optimize their applications
Technical Account Manager (TAM)
An online tool that inspects an AWS environment and provides REAL-TIME guidance in accordance with AWS best practices. It also has a service limit dashboard.
AWS Trusted Advisor
Perspective of the AWS Cloud Adoption Framework (CAF) that includes principles for operating in the cloud by using agile best practices and ensuring that cloud services are delivered at a level that is agreed upon with your business stakeholders.
Operations Perspective
Perspective of the AWS Cloud Adoption Framework (CAF) that helps moves a business from a model that separates business and IT strategies into a business model that integrates IT strategy.
Business Perspective
Perspective of the AWS Cloud Adoption Framework (CAF) that helps Human Resources (HR) employees prepare their teams for cloud adoption by updating organizational processes and staff skills to include cloud-based competencies.
People Perspective
Perspective of the AWS Cloud Adoption Framework (CAF) that provides the capability to update the staff skills and organizational processes that are necessary to ensure business governance in the cloud. Maximizing organizational benefits and minimizing transformation-related risks.
Governance Perspective
Service used for transferring (physically) up to 100 PB of data to AWS.
AWS Smowmobile
Graph DB service. Build and run applications with a highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.
AWS Neptune
Content delivery service to customers through a global network of edge locations.
Amazon Cloudfront
Is an autonomous 1/18 scale race car that tests reinforcement learning models.
AWS DeepRacer
Ideal for temporary data that does not need to be kept long term.
Instance stores
Is a section of a virtual private cloud (VPC) in which you can group resources based on security or operational needs.
Subnet
Run infrastructure in a hybrid cloud approach.
AWS Outposts
Provision resources by using programmig languages or a text file (JSON/YAML).
AWS CloudFormation
Provision an isolated section of the AWS Cloud to launch resources in a virtual network that a person defines.
Virtual Private Cloud (VPC)
Support Plans that provide full features of AWS Trusted Advisor service.
Enterprise & Business
Program that consists of 3 types of offers that allow customers to use AWS services w/o incurring costs: Always free, 12 months free and Trials.
AWS-Free Tier
Resource that atm handles the deployment details of capacity provisioning, load balancing, auto-scaing, and application health-monitoring. NO Templates.
AWS Elastic Beanstalk
Device that transfers large amounts of data into and out of AWS.
AWS Snowball
Service that monitors apps and atm adds or removes capacity from resource groups in response to changing demand.
AWS Auto Scaling
Service that provides data for monitoring apps, optimize resource utilization, and respond to system-wide performance changes.
Amazon CloudWatch
Service that acts a single-point of contact for all incoming web traffic to an Auto Scaling Group.
Load Balancer
Reduces compute costs by committing to a consistent hourly spend for 1-year or 3-year term. Savings up to 72% over On-Demand Instance costs.
EC2 Instance Savings Plans
Billing descount that is applied to the use of On-Demand Instances in an AWS account. It can be Std Reserved and Convertible Reserved. 1-year or 3-year term, NO spend commitment.
Reserved Instances
Ideal for workload with flexible start and end times or that can withstand interruptions. Leverage unused EC2 computing capacity and offer cost savings up to 90% of On-Demand Instance prices.
Spot Instance
Physical servers with EC2 Instance capacity that is fully dedicated to a single customer. Is the most expensive option. A business can use per-socket, per-core, and per-VM SW licences.
Dedicated Hosts
Migration strategy that involves replacing an existing app with a cloud-based version, such as a SW found in AWS Marketplace.
Repurchasing
Migration strategy that involves moving an app to the cloud with LITTLE TO NO modifs. to the app itself. “Lift & Shift”
Rehosting
Migration strategy that involves selectively optimizing aspects of an app to achieve benefits in the cloud w/o changing the core architecture of the app. “Lift, Tinker, & Shift”
Replatforming
Data warehousing service for provideing big data analysis.
Amazon Redshift
Is a ledger db service. To review a complete history of all the changes that have been made to app data.
Amazon Quantum Ledger Database (Amazon QLDB)
Virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance. By default, it DENIES all inbound traffic and allows all outbound traffic. Business can add custom rules.
Security group
Virtual firewall that controls inbound and outbound traffic at the subnet level (of one or more subnets). Is an optional layer of security.
Network Access Control List (NACL)
Connection between a VPC and the internet.
Internet Gateway
Fully managed service that runs Kubernetes in AWS.
Amazon EKS
Provide a std way to package an app’s code and dependencies into a single object
Container
Service that provides the capability to quickly build, train, and deploy machine learning models.
Amazon SageMaker
Identifies threats by continually monitoring the network activity and account behavior within an AWS environment. It analyzes multiple AWS data sources, such as AWS CloudTrail event logs, Amazon VPC Flow Logs, and DNS Logs.
AWS GuardDuty
Service that helps protect apps against distributed denial-of-service (DDoS) attacks.
AWS Shield
Service that checks apps for security vulnerabilities and deviations from security best practices.
Amazon Inspector
Service that monitors network requests for web apps
AWS WebApplication Firewall (WAF)
Business can quickly create CUSTOM REPORTS to analyze their AWS cost and usage data OVER TIME.
AWS Cost Explorer
Lets businesses set custom alerts that will notify individuals when service usage exceeds (or is forecasted to exceed) the amount that has been budgeted.
AWS Budget
Creates an ESTIMATE for the cost of business’ use cases on AWS.
AWS Pricing Calculator
Service that provides access to AWS security and compliance reports and special online agreements
AWS Artifact
Message queuing service. An app developer can send, store, and receive messages between SW components at any volume size, w/o loosing messages or requiring other services to be available.
Amazon SQS
DNS web service.
Amazo Route 53
Businesses centrally control permissions for their accounts by using service control policies (SCP). Additionally, it helps to consolidate billing for multiple AWS accounts.
AWS Organizations.
Service that creates, manages, store, and uses cryptographic keys.
AWS Key Mgmt Service (AWS KMS)
Pillar that focuses on using computing resources efficiently to meet system and business requirements (removing bottlenecks), and to maintain that efficiency as demand changes and technology evolve.
Performance Efficiency
Pillar that includes the ability to run workloads effectively, gain insights, and continually improve supporting processes to deliver business value
Operational Excellence
Pillar that focuses on protecting data, systems, and assets. Also to improve the security of your workoads.
Security
Pillar that focuses on the ability of a workload to consistently and correctly perform its intended functions.
Reliability
Automate the deployment of workloads into an AWS environment.
AWS Quick Starts
Provides built-in human reviews workflows for common ML use cases, such as content moderation and text extraction for documents.
Amazon Augmented AI (amazon A2I)
ML service that atm extracts text and data from scanned documents.
Amazon Textract
Service that builds coversational interfaces using voice and text.
Amazon Lex
A fully isolated portion of the AWS global infrastructure. Is a single datacenter or a group of data centers.
Availability Zone
A separate geographical location with multiple locations that are isolated from each other.
Region
Service that establishes a DEDICATED private connection between an On-Premises data center and VPC.
AWS Direct Connect
Establishes a virtual private network (VPN) connection between a VPC and a private network. It creates an encrypted network path between your on-premises and cloud network by using internet.
Virtual Private Gateway
Is a document DB service that support MongoDB workloads.
Amazon DocumentDB
Are the IAM resource objects that are used to identify and group. These includes users, groups and roles.
Identities
Are the IAM resource that AWS uses for authentication. These includes IAM users, federated users, and assumed IAM roles.
Entities
Organize and group AWS resources. It makes easier to manage and automate tasks on a large numbers of resources at one time.
Resource Groups
Service that helps you provision virtual, cloud-based Microsoft Windows, Amazon Linux, or Ubuntu Linux desktops for your users, is a Desktop as a Service (DaaS)
Amazon WorkSpaces
This level support plan provides one hour or less response time for production level failures.
Business Support
This type of data (public keys, ip address, instance id) is stored in…
Instance Metadata
Structured program available to Enterprise Support level (and Business Support custs. for an extra fee) that helps you plan for large-scale events, such as product or application launches, infrastructure migrations, and marketing events.
AWS Infrastructure Event Management / AWS Countdown
Structured program that give you strategic planning assistance before your event, as well as real-time support during those moments that matter most for your business.
AWS Infrastructure Event Management / AWS Countdown
Is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network.
VPC Peering
Payment method from Reserved Instances term that will save the most money?
All Upfront
Is a resource-based AWS IAM policy. You add it to a bucket to grant other AWS accounts or IAM users access permissions for the buckets and the objects stored in it.
Bucket Policy
You can add rules in an S3 Lifecycle configuration to tell Amazon S3 to transition objects to another Amazon S3 storage class.
S3 Lifecycle Policy
Fully managed source control service that hosts secure Git-based repositories. it makes easy for teams to collab on code in a secure and highle scalable ecosystem.
AWS CodeCommit
Is a cloud-based service for creating, managing, and working with sw development projects on AWS.
AWS CodeStar
Provides alerts and remmediation guidance when AWS is experiencing events that may impact you.
AWS Personal Health Dashboard
Balancer type best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic when extreme performance is required.
Network Load Balancer
An organizational ability to leverage processes to deploy resources to achieve a particular outcome.
Capability (in AWS CAF)
A model for cloud adoption that uses best practices to accelerate business outcomes through digital transformation.
AWS Cloud Adoption Framework (AWS CAF)
The transformation domains of AWS CAF.
Technology, Process, Organization, Product
The key AWS CAF components are:
Transformation Domains, Business Outcomes, Perspectives and Capabilities.
Perspective that helps you achieve the confidentiality, integrity and availability of your data and cloud workloads.
Security Perspective
AWS Cloud best practice: Multipart uploads use multi-threading.
Think Parallel
Tool that lets you test and troubleshoot identity-based policies, IAM permission boundaries, Organizations service control policies, and resource-based policies
IAM Policy Simulator
Resource that provides an end to end view of requests as they travel through your app, and shows a map of your application’s underlaying components.
Amazon X-Ray
Contains the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, and reservations.
AWS Cost and Usage Report
It translates the private IP addresses assigned to your devices to a pulic IP addresses that can be used on the internet. Allows the connection between components within a private subnet to the internet.
AWS Network Address Translation (AWS NAT Gateway)
When working with AWS Command Line Interface (CLI) you need to provide an access key id and a secret access key.
Access key
Fully managed data security and data privacy service that uses ML and pattern matching to discover and protect your sensitive data in AWS.
Amazon Macie
Which AWS services provide atm replication across Availability Zones?
DynamoDB and S3
AWS service that lets you remotely and securely manage the configuration of your managed instances. A managed instance is any EC2 instance or on-premises machine in your hybrid env. that has been configured by the same AWS service.
AWS System Manager Run Command
Fully managed continuos delivery service that helps you automate your release pipelines for fast and reliable app and infrastructure updates. It automates the build, test, and deploy phases of your release process.
AWS CodePipeline
Can be used to migrate DATA from an on-premises db to a db in AWS.
AWS Database Migration Service (AWS DMS)
IS an automated lift-and-shift solution. This solution can migrate physical servers and any db’s or apps that run on them to EC2 instances in AWS.
AWS Application Migration Service (AWS MGN)
Is the primary point of contact for billing or account inquiries (applicable just for Enterprise Support).
Support Concierge Team
Helps you ensure your accounts conform to company-wide policies.
Control Tower
Allows you to manage and retrieve secrets (passwords or keys). It also manage the encryption of EBS volumes for Amazon EC2.
Key Management Service (KMS)
Design principle “Use serverless architectures first” belongs to the pillar:
Performance Efficiency Pillar
Design principle “Deply smaller, reversible changes” belongs to the pillar:
Operational Excellence Pillar
If you notice your AWS account has been compromised, you have to contact…
AWS Trust & Safety team
Service that allows you to assess, audit, and evaluate the configuration of your resources over time. Works with EC2 instances, servers running on-premises, and servers and VMs in environments provided by other cloud providers.
AWS Config
Design principle “Plan for and anticipate failures” belongs to the pillar:
Operational Excellence Pillar
Design principle “Learn from failures and refine” belongs to the pillar:
Operational Excellence Pillar
Design principle “Use multi-region deployments” belongs to the pillar:
Performance Efficiency Pillar
Design principle “Delegate tasks to a cloud vendor” belongs to the pillar:
Performance Efficiency Pillar
Controls access to mobile and web apps
AWS Cognito
Origins: LB, S3, Domain Name cam be for…
AWS CloudFront
Service that helps you enable governance, compliance, and operations and risk audits for your AWS account. Actions that an AWS user, role, or service performs are logged as events in CloudTrail. It tracks the AWS Region and username.
AWS CloudTrail
You can assign metadata to your AWS resources in the form of tags.
Resource Tag
Technology partners provide software solutions. Consulting partners offer professional services.
AWS Partner Network (APN)
Helps you efficiently operate your AWS infrastructure and reduces operational risks and overhead.
Managed Services
Feature that allows you to track AWS costs by labeling resources using a key and value pair.
Cost Allocation Tags
Allows you to select and deploy operating system and sw patches (operational tasks) automatically across your AWS resources
AWS Systems Manager
This API allows you to receive price alerts when prices change
Prices List API
Is a global team of experts that can help you realize your desired business outcomes with AWS.
Professional Services
This service helps you manage data backups across multiple AWS services. You’re able to create a backup plan that includes frequency and retention.
AWS Backup
Text messaging service used for mobile and internet devices and pre-dates cloud sevrices and the internet.
AWS Short Message Service (SMS)
Is an email service that can send HTML-formatted messages from applications.
AWS Simple Email Service (SES)
Is a service that allows apps to send email and text messages.
AWS Simple Notification Service (SNS)
Service that allows you to deploy apps either on-premises or on EC2 instances in AWS Cloud, and it also automates infrastructure management using Chef or Puppet.
AWS OpsWorks
Developer tool that manages the deployment of code to compute services in the cloud or on-premises.
AWS CodeDeploy
Service that has a maximun message size of 256 KB (std queues) or 2 GB (FIFO queues) depending on the queue type. It tries to process messages based on First-In/First-Out but the order is only guaranteed with SQS FIFO queues.
Amazon SQS
Is a natural language processing (NLP) service in which machine learning is used to discover valuable information and connections in texts.
Amazon Comprehend
What are public cloud, private and hybrid?
Cloud Deployment Models
Cost-effectively processes and analyzes streaming data at any scale as a fully managed service.
Amazon Kinesis
Fully managed service that extends AWS infrastructure. AWS services, APIs, and tools to aby datacenter. Is ideal for workloads that require low latency access to on-premises systems, local data processing, or local data storage.
AWS Outposts
You can use this device to collect, process and move data to AWS, either offline by shipping the device or online with AWS DataSync
AWS Snowcone
Is a data migration and edge computing device that comes in two device options: Compute Optimized and Storage Optimized.
AWS Snowball
Is used by developers to create APIs.
API Gateway
Is a form of programmatic access. It provides access to your AWS resources through an app or a tool like CLI.
Application code
What are the following controls? Patch mgmt, Config mgmt, Awareness & Training
Shared Controls (AWS & Customer)
Is a program that allows establishing a secure connection from your local laptop to an EC2 instance
SSH Client
Consisting of a private key and a public key, is a set of security credentials you use to prove your identity when contacting to an instance. You store the private key loaclly.
Pair keys
Which apps monitors the health of your apps and instances?
ELB, Route 53, Elastic Beanstalk
This service offers secure, on-board storage and compute power that can handle local processing and edge computing workloads in disconnected environments.
Snowball Edge Compute-Optimized
Allows you to control access to data using AWS Identity and Access Management (IAM) policies, access control lists (ACLs), and Amazon S3 bucket policies. It also allows to query data in S3 using standard SQL.
Amazon Athena
Is a managed cluster platform that simplifies running big data frameworks, such as Apache Hadoop and Apache Spark , on AWS to process and analyze vast amounts of data.
Amazon EMR (previously called Amazon Elastic MapReduce)
Person or app that uses the AWS account root user, an IAM user or an IAM role to sign in an make requests to AWS.
Principal
Is a fully managed serv. that offers reliability, security, scalability, anda broad set of capabilities that make it convenient and cost-effective to launch, run and scale high-performance file systems in the cloud.
Amazon FSx
AWS BI Tool, can ingest data from the Cost and Usage Report
Amazon Quicksight
Is a virtual private server (VPS) provider and the easiest way to get started with AWS for developers, small businesses, students, and other users who need a solution to develop and maintain their applications in the cloud.
Amazon Lightsail
Are incremental backups that only saves the block on the volume that have changes after your most recent snapshot. The backups are stored redundantly in multiple AVZs using Amazon S3.
EBS Snapshots
Is a command line interface (CLI) that you can use to quickly launch and manage containerized applications on AWS. It simplifies running applications on Amazon Elastic Container Service (ECS), AWS Fargate, and AWS App Runner.
AWS Copilot
Helps you plan your migration to the AWS cloud by collecting usage and configuration data about your on-premises servers and databases. Application Discovery Service is integrated with AWS Migration Hub and AWS Database Migration Service Fleet Advisor.
AWS Application Discovery Service
Automatic speech recognition service that uses machine learning models to convert audio to text. You can use it as a stand-alone transcription service or to add speech-to-text capabilities to any application.
Amazon Transcribe
It is a cloud service that converts text into a very realistic spoken segment.
AWS Polly
Perform media transcoding tasks in the cloud. It is designed as a highly scalable, easy-to-use and cost-effective method for developers and businesses to convert (or “transcode”) media content from its original format to versions that can be played on devices such as smartphones, tablets and PCs.
Amazon Elastic Transcoder
Is a migration assessment service that helps you create a directional business case for AWS cloud planning and migration.
Migration Evaluator
Is a cloud security posture management (CSPM) service that streamlines security operations with automated, continuous, security best practice checks against your AWS resources to help you identify misconfigurations.
AWS Security Hub
