Cloud Concepts Flashcards
AWS Well-Architected Framework
Purpose is to design and operate reliable, secure, efficient, and cost-effective systems in the cloud.
The six pillars are:
1. Operational Excellence
2. Security
3. Reliability
4. Performance Efficiency
5. Cost Optimization
6. Sustainability
The six design principles are:
1. Stop guessing your capacity needs
2. Test systems at production scale
3. Automate to make architectural experimentation easier
4. Allow for evolutionary architectures
5. Drive architectures using data
6. Improve through game days
AWS Well-Architected Framework: Operational Excellence
Includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.
Recommends Infrastructure as Code (IaC).
In the cloud, you can define your entire workload as code and update it with code. You can implement your operations procedures as code and automate their execution by triggering them in response to events.
Performing monthly game days on your AWS environment is recommended.
AWS Well-Architected Framework: Cost Optimization
Focuses on avoiding un-needed costs. Key topics include understanding and controlling where the money is being spent, selecting the most appropriate and right number of resource types, analysing spend over time, and scaling to meet business needs without overspending.
AWS Well-Architected Framework: Performance Efficiency
Focuses on using IT and computing resources efficiently. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.
AWS Well-Architected Framework: Security
Focuses on protecting information & systems. Key topics include confidentiality and integrity of data, identifying and managing who can do what with privilege management, protecting systems, and establishing controls to detect security events.
AWS Well-Architected Framework: Reliability
Focuses on designing a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle.
AWS Well-Architected Framework: Sustainability
Focuses on the long-term environmental, economic, and societal impact of your business activities.
VPC peering connection
It’s a networking connection between two VPC’s that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your VPC’s, with a VPC in another AWS account, or with a VPC in a different AWS Region.
AWS Site-to-Site VPN
Creates a secure connection between your data centre or branch office and your AWS cloud resources. This connection goes over the public internet.
Can’t be used to interconnect VPC’s.
VPC Endpoint
Lets you privately connect your VPC to supports AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.
Can’t be used to connect two VPC’s.
AWS Partner Network (APN)
The global partner programme for technology and consulting businesses that leverage AWS to build solutions and services for customers.
APN Consulting Partners
Professional service firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their migration to AWS cloud.
APN Technology Partners
Provides hardware, connectivity services, or software solutions that are either hosted on or integrated with, the AWS Cloud.
Can’t help migrate to AWS and manage application on AWS Cloud.
Concierge Support Team
They’re AWS billing and account experts that specialise in working with enterprise accounts. They’ll quickly and efficiently assist you with your billing and account inquiries. Only available for the Enterprise Support plan.
Can’t help with AWS migration and managing applications on AWS Cloud.
Hybrid deployment
A way to connect your on-premises infrastructure to the cloud. Most common method is linking the cloud and existing on-premises infrastructure to extend an organisation’s infrastructure into the cloud while connecting cloud resources to internal systems.
Cloud deployment
In this approach, a cloud-based application is fully deployed in the cloud, and all parts of the application run in the cloud. Applications in the cloud have either been created in the cloud or have been migrated from an existing infrastructure to take advantage of the benefits of cloud computing.
Private Deployment
Resources are deployed on-premises using virtualisation technologies. Doesn’t have many of the cloud computing benefits, but does have dedicated resources.
AWS Cloud Adoption Framework (AWS CAF)
Uses AWS experience and best practices to help you digitally transform and accelerate your business outcomes through innovative use of AWS. It identifies specific organisational capabilities that underpin successful cloud transformations. These capabilities provide best practice guidance that helps you improve your cloud readiness. Helps with assessing the feasibility of cloud migration.
It groups its capabilities in six perspectives: Business, People, Governance, Platform, Security, and Operations.
Common stakeholders include: Chief Technology Officer (CTO), technology leaders, architects, and engineers.
It’s capabilities are: Platform Architecture, Data Architecture, Platform Engineering, Data Engineering, Provisioning & Orchestration, Modern App Development, CI/CD.
The four stages in the cycle are:
1. Envison - see how cloud services can help achieve business goals.
2. Align - identify capability gaps and cross-organisational dependencies.
3. Scale - expand production pilots and business value of your cloud infrastructure.
4. Launch - delivering pilots in production and demonstrating incremental business value.
AWS Auto Scaling
It monitors your applications and automatically adjusts the capacity to maintain steady, predictable performance at the lowest possible cost.
It’s available free of charge, but you do pay for the AWS resources needed to run your applications and Amazon CloudWatch Monitoring fees.
Amazon S3 (Simple Storage Service)
It’s an object storage service that has great scalability, data availability, security, and performance.
Not free and cost is dependent on storage class. Not suited f or rapidly changing data.
When Consolidated Billing is enabled, volume discounts are offered.
Six Advantages of Cloud Computing
- Trade capital expense for variable expense.
- Benefit from massive economies of scale.
- Stop guessing capacity
- Increase speed and agility
- Stop spending money running and maintaining data centres
- Go global in minutes
High Availability
When a system can deliver the designed functionality at a given point in time. Highly available systems can withstand some measure of degradation while still remaining available. Multi-AZ deployment can help achieve high availability.
AWS Acceptable Use Policy
Describes prohibited uses of AWS services and AWS affiliates.
Fault Tolerance
When a system can continue to operate without interruption when one or more of its components fail.
Agility
The ability to access and implement new IT resources.
Serverless Architecture
The native architecture of the cloud. It increases your agility and innovation. You can build and run applications and services without focusing on servers. It removes infrastructure management tasks such as server or cluster provisioning, patching, OS maintenance, and capacity provisioning.
Network Load Balancer
Best for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Transport Layer Security (TLS) traffic where extreme performances is required.
Doesn’t support path-based or host-based routing.
Application Load Balancer
Is the single point of contact for clients. It distributes incoming application traffic across multiple targets, such as EC2 Instances, in multiple AZ’s.
It supports path-based routing, host-based routing, and WebSockets. It also supports containerised applications.
Can register Lambda functions as targets and configure a listener rule to forward requests to the target group for the Lambda Function. When activated, the Lambda function is run and the output is the generated content in JSON format.
IaaS (Infrastructure as a Service)
A cloud computing model where a provider gives fundamental computing resources such as servers, storage, and networking infrastructure to customers.
EC2 is an example.
Vendor manages:
- Virtualization
- Servers
- Storage
- Networking
You manage:
- Applications
- Data
- Runtime
- Middleware
- O/S
PaaS (Platform as a Service)
When a provider delivers a cloud-based platform for developers to build, run, and manage applications.
AWS Elastic Beanstalk is an example.
Vendor manages:
- Middleware
- O/S
- Virtualization
- Servers
- Storage
- Networking
You manage:
- Applications
- Data
- Runtime
SaaS (Software as a Service)
Where a provider delivers software applications over the internet to customers.
Vendor manages:
- Data
- Runtime
- Middleware
- O/S
- Virtualization
- Servers
- Storage
- Networking
You manage:
- Applications
IaC (Infrastructure as Code)
Using code to define and manage resources.
CloudFormation is an example.
EC2 Image Builder
A fully managed AWS service that helps you automate the creation, management, and deployment of customised, secure, and up-to-date server images. Can use the AWS Management Console, AWS CLI, or API’s to create custom images in your AWS account.
AWS Well-Architected Tool
A tool that gives a consistent process for measuring your architecture using AWS best practices and against the AWS Well-Architected Framework.
AWS Launch Wizard
Guides the way of sizing, configuring, and deploying AWS resources for third-party applications.
AWS Migration Hub
Used by customers when migration is already happening. Has a single place to discover existing servers, plan migrations, and track the status of each application migration.
Technical Account Management
A part of AWS Enterprise Support, which provides advocacy and guidance to help plan and build solutions using best practices, coordinate access to subject matter experts and product teams, and proactively keep your AWS environment operationally healthy.
AWS Elastic Load Balancing
It automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 Instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single AZ or across multiple AZ’s.
Need a minimum of 2 AZ’s to build a highly available architecture that can use load balancing.
The main types of load balancers are:
1. Application Load Balancer
2. Network Load Balancer
3. Gateway Load Balancer
Gateway Load Balancer
Has both Layer 3 gateway and Layer 4 load balancing capabilities. It’s a transparent bump-in-the-wire device that doesn’t change any part of the packet. It’s architected to handle millions of requests/second, volatile traffic patterns, and introduces extremely low latency.
Doesn’t support path-based or host-based routing.
AWS Professional Services
It shares a set of offerings to help achieve specific outcomes related to cloud adoption. Each offering has a set of activities, best practices, and documentation reflecting AWS’ experience supporting customers in AWS Cloud adoption.
They created the AWS CAF.
AWS Enterprise Support
Provides 24/7 technical support from high-quality engineers, tools, and technology to automatically manage the health of your environment, consultative architectural guidance delivered in the context of your applications and use-cases, and a designated Technical Account Manager (TAM) to coordinate access to proactive/preventative programmes and AWS subject matter experts.
AWS Artifact
Central resource for compliance-related information that matters to you. Has on-demand access to AWS’ security and compliance reports and select online agreements. Reports available include Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies around the world.
AWS Snowcone
A physical device for edge computing, edge storage, and data transfer, weighing it at 2.1 kg (4.5 lbs) and has 8 TB of usable storage. Great for use beyond a traditional data centre.
Can ship the device to AWS for offline data transfer, or transfer data online with AWS DataSync from edge locations.
AWS Snowmobile
A data truck that can store up to 100 PB of data, can move exabytes of data to AWS in a matter of weeks.
Internet Gateway
A horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet.
It has two purposes:
1. To provide a target in your VPC route tables for internet-routable traffic.
2. To perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.
ELB Health Check
It’s viewable in the ELB dashboard, and shows whether an instance is healthy or not. If the instance is unhealthy under the load balancer, then it won’t receive any traffic.
Amazon VPC (Virtual Private Cloud)
Can launch AWS resources in a logically isolated virtual network that you’ve defined. Similar to a traditional network that you’d operate in your own data centre, with the benefits of using the scalable infrastructure AWS.
It’s a regional service.
VPC Subnet
It’s a range of IP addresses in a VPC. A subnet must be in a single AZ. After you add subnets, you can deploy AWS resources in your VPC.
AWS CAF: Business Perspective
Main capabilities:
1. Strategy Management
2. Product Management
3. Business Insights
4. Portfolio Management
5. Strategic Partnership
6. Data Science
7. Innovation Management
8. Data Monetization
AWS CAF: People Perspective
Main capabilities:
1. Culture Evolution
2. Workforce Transformation
3. Transformational Leadership
4. Change Acceleration
5. Organizational Alignment
6. Cloud Fluency
7. Organization Design
AWS CAF: Governance Perspective
Main Capabilities:
1. Program and Project Management
2. Cloud Financial Management
3. Benefits Management
4. Application Portfolio Management
5. Data Curation
6. Risk Management
7. Data Governance
AWS CAF: Platform Perspective
Main Capabilities:
1. Platform Architecture
2. Data Architecture
3. Platform Engineering
4. Data Engineering
5. Provisioning and Orchestration
6. Modern Application Development
7. Continuous Integration and Continuous Delivery
AWS CAF: Security Perspective
Main Capabilities:
1. Security Governance
2. Threat Detection
3. Data Protection
4. Security Assurance
5. Vulnerability Management
6. Application Security
Identity and Access Management
7. Infrastructure Protection
8. Incident Response
AWS CAF: Operations Perspective
Main Capabilities:
1. Event Management (AiOps)
2. Incident and Problem Management
3. Change and Release Management
4. Performance and Capacity
5. Configuration Management
6. Patch Management
7. Availability and Continuity
8. Application and Management
Storage Device at End of Lifespan
There is a strict decommissioning process, and the device is treated as Critical and high impact.
