Cloud Computing Flashcards
What is cloud computing?
Cloud Computing is the on-demand delivery of compute, database, storage, application, and other IT resources.
Name the 5 pillars of a Well-Architected Framework
- Cost Optimization
- Reliability
- Operational Excellence
- Performance Efficiency
- Security
Define a Well-Architected Framework
This framework helps Cloud Architects build secure, fault-resilient, efficient, high-performing IT infrastructure
What are the 6 major advantages of cloud computing?
- Trade capital expense for variable expense
- Benefit from massive economics of scale
- Stop guessing about capacity
- Increase speed & agility
- Stop spending money running & maintaining datacentres
Name 3 types of Cloud Computing;
“___ as a Service”
- Software as a service (SaaS) - Completed product ran & managed by a service provider (GMail)
- Infrastructure as a Service (IaaS) - Building blocks for cloud IT (Physical server)
- Platform as a Service (PaaS) - Deploy & manage apps without worrying about hardware infrastructure (Godaddy, Shopify)
Name 3 Types of Cloud Computing Deployments
- Cloud - Fully deployed on the Cloud
- Hybrid - Mix of cloud & on-prem
- On-Premises - Own data centre
Virtual Network
VPC
Virtual server
EC2 - Elastic Cloud Computing
Balance incoming traffic loads
Elastic Load Balance (ELB)
Object storage
S3 - Simple Storage Solution
Speedy websites - uses Edge Locations
CloudFront
Templates to form cloud services
CloudFormation
Track trails of action/audit logs
CloudTrail
Watch/Monitor AWS
CloudWatch
Route domains to services/IPs
Route 53
Block storage/ Virtual drive
Elastic Block Store
Relational Database (Aurora, Redshift)
RDS = Relational Database Service
Non-relational DB (No SQL)
DynamoDB
Business Intelligence (RDS)
Redshift
Serverless code
Lambda
Provide access
IAM - Identity & Access Management
Web App Firewall
WAF
DDoS Protection
Shield
Automated security assessment for EC2
Inspector
Optimize infrastructure (performance, cost optimization, fault tolerance)
Trusted Advisor
Billing BDBE - TAM
- Basic (Free)
- Developer ($29 per month)
- Business ($100 per month)
- Enterprize ($15 000 per month & TAM)
Design principles: CROPS
C - Cost Optimization R - Reliability O - Operational Excellence P - Performance S - Security
Relational Database - SQL
RDS - Aurora
Redshift (data warehouse, business intelligence)
Non-relational Database - No SQL
Lots of data but no links between the data
DynamoDB (No SQL)
Dynamically monitors & can react to changes / triggers
CloudWatch
Audit logs
CloudTrail
Gateway to connect to on-prem with cloud
Storage Gateway
Transfer huge amounts of data to AWS
Snowball
AWS is responsible for security __ the cloud.
The customer is responsible for security __ the cloud.
AWS is responsible for security OF the cloud.
The customer is responsible for security IN the cloud.
Shared Responsibility Model:
Customer:
- CD
- P, A, IAM
- OS, N & FC
Encryption:
CS Data
SS
NTP
Customer is responsible for security IN the cloud
- Customer Data
- Platform, Apps, Identity & Access Management
- Operating System, Network & Firewall Config
Encryption:
Customer-Side Data Encryption & Integrity
Server-Side Encryption
Network Traffic Protection
Shared Responsibility Model
AWS:
S
- C, S, DB, N
H & GI
- R, AZ, EL
AWS is responsible for security OF the cloud
Software
- Compute, Storage, Database, Networking
Hardware & Global Infrastructure
- Regions, Availability Zones, Edge Locations
SRM
Shared Controls
PM, CM, A&T
Patch Management
Config Management
Awareness & Training
What is fully controlled by AWS?
What is fully controlled by Customer?
AWS - Physical & Environmental Controls
Customer - Service & Comms Protection/Zone Security
What re the 5 security pillars of AWS Well-Architected Framework?
- DC
- IAM
- IP
- DP
- IP
- Detective Controls
- Identity & Access Management
- Infrastructure Protection
- Data Protection
- Incident Response
AWS Cloud Compliance?
- C & A
- L, R, P
- A & F
- Certificates & Attestations
- Laws, Regulations, Privacy
- Alignments & Frameworks
Allows you to provide very granular access permissions to resources within the infrastructure.
Identity & Access Management
Protects your web app from common web exploits that could compromise security, availability & resource consumption of your AWS infrastructure
Web App Firewall
WAF
Protects your wen apps from DDoS attacks with an always-on detection & auto handling of any potential DDoS attcks
AWS Shield
An automated security assessment service to help improve security and compliance of apps deployed on the Cloud
Inspector
Helps you optimize your environment by reducing cost, increasing performance & improving security
Trusted Advisor
Name 3 ways to access AWS
- AWS Management Console
- Command Line (CL)
- Software Developer Kit (SDK)
Provides safe, secure, highly-scalable object based storage on the cloud
Amazon S3 - Simple Storage Solution
With S3, what is CRR (Cross-Region Replication)
For redundancy, you can have contents replicated automatically
What is the availability & durability of S3?
Availability is 99.99%
Durability is 99,.999999999& (eleven 9s)
What is the data consistency mode for S3?
- RAW
- EC
- Read-After-Write Consistency
- Eventual Consistency
Name the 4 Storage Classes of S3:
- S
- S-IA
- OZ-IA
- G
- Standard
- Standard - Infrequently Accessed
- Onezone - Infrequently Accessed
- Glacier
What are the 3 retrieval options if Glacier (S3)?
- ER
- SR
- BR
- Expedited Retrieval (few mins)
- Standard Retrieval ( 3 - 5 hours)
- Bulk Retrieval (5 - 12 hours)
You can upload unlimited no. of files up to 5TB each in size. But you are charged for some things:
- S
- Rq
- Rt
- ED
- SM
- DT
- TA
- BW
- Storage
- Requests
- Retrievals
- Early deletes
- Storage Management
- Data Transfer
- Transfer Acceleration
- Bandwidth
What are the 2 types of Encryption?
CS Encryption SS Encryption - S3 MK - KMS - CPK
Client Side Encryption
Server Side Encryption
- S3 Managed Keys
- Key Management System
- Customer Provided Key
What is the default access control on S3?
All buckets & objects are set to be private
What is a PETABYTE-scale data migration solution to transport A LOT of data from your on-prem environment into the AWS cloud?
Amazon Snowball
A physical device is mailed to you, once you’ve transferred the data you ship it back & the data will be transferred into S3
Name 4 common use cases for Amazon Snowball
- CM
- DR
- DC D
- CD
- Cloud Migration
- Disaster Recover
- Data Centre Decom
- Content Distribution
List the 3 types of Snowball & their sizes
- Snowball (50 TB / 80 TB)
- Snowball Edge (100 TB)
- Snowmobile (100 PB) - truck
What are the 4 tiers to AWS Support Plans and monthly pricing?
- Basic (Free)
- Developer ($29 per month)
- Business ($200 per month)
- Enterprize ($15 000 per month & TAM)
What are the 4 types of charges for AWS Support Plans?
C
S
DO
- Compute
- Storage
- Data Out
Cost Calculators
- Calculates the cost of your entire AWS infrastructure to get a monthly bill?
- Analyze costs & usage data to identify trends, cost drivers & detect anomalies?
- Compare total cost of running your infrastructure on-prem vs on AWS?
- AWS Simple Monthly Calculator
- AWS Cost Explorer
- Total Cost of Ownership Calculator (TCO)
Name the 5 best practices of Trusted Advisor:
- CO
- FT
- P
- SL
- S
- Cost Optimization
- Fault Tolerance
- Performance
- Service Limits
- Security
Name the 5 types of Compute
E E E E L
EC2 - Elastic Cloud Computing EFS - Elastic File System Elastic Beanstalk Elastic Load Balancing Lambda
Name 5 types of storage offered in AWS
E E S S SG
EBS - Elastic Block Storage Elastic File System S3 - Simple Storage Solution Snowball (Data migration) Storage Gateway (Connects on-prem to cloud)
Name 4 types of AWS Databases:
D
DDB
RDS
R
AWS Databases
DynamoDB
Relational Database (RDS)
Redshift (Data Warehouse)
Name the 3 Networking & Content Delivery available on AWS
CF
R53
V
CloudFront
Route 53
Virtual Private Cloud (VPC)
Name the 6 security services offered by AWS:
IAM I SRM S TA W
- Identity & Access Management
- Inspector
- Shared Responsibility Model
- Shield
- Trusted Advisor
- WAF (Web App Firewall)
AWS Storage Gateway is a hybrid cloud storage service that gives you on-prem access to virtually unlimited cloud storage.
Name the 3 types of gateways
Tape Gateway - Backup & restore (virtual tape)
File Gateway - For hybrid cloud workloads
Volume Gateway - Disaster Recovery on AWS
A cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS.
AWS Direct Connect
