Cloud Concepts and IAM Flashcards
What is a client-server model?
In computing, a client can be a web browser or desktop application that a person interacts with to make requests to computer servers.
A server can be services, such as Amazon Elastic Compute Cloud (Amazon EC2) – a type of virtual server.
What is a cloud-based deployment?
In a cloud-based deployment model, you can migrate existing applications to the cloud, or you can design and build new applications in the cloud.
What is an on-premises deployment?
On-premises deployment is also known as a private cloud deployment. In this model, resources are deployed on premises by using virtualization and resource management tools.
What is a hybrid development?
In a hybrid deployment, cloud-based resources are connected to on-premises infrastructure and integrates cloud-based resources with legacy IT applications.
What are the 3 deployment models for cloud computing?
- Cloud-based deployment
- On-premises deployment
- Hybrid deployment
What is Cloud computing?
On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing
Explain Scalability?
Scalability is manual increasing/decreasing resources to meet the system workload
Vertical scaling
- Scaling up: Adding more compute power (CPU or RAM) to support the increased workload
- Scaling down: Reducing compute power (CPU or RAM)
Horizontal Scaling
- Scaling up: Adding Virtual machines to support increased workload
- Scaling down: Reducing Virtual machines
What is Elasticity?
Elasticity is the ability to automatically acquire resources as you need them and release resources when you no longer need them (AUTO-SCALING)
Ability to add or remove resources based on demand automatically
What is Agility?
Agility is the ability to quickly develop, build and deploy resources or applications in the cloud
What is high availability?
The ability to keep resources and services functioning for long periods of time with very little (planned or unplanned) downtime
What is fault tolerance?
Fault tolerance is the ability to maintain system uptime while physical and service component failures happen
What are the 6 Advantages of cloud computing?
(To Be Super Innovative, Scale Globally)
- Trade capital expense (CAPEX) for operational expense (OPEX)
- Pay On-Demand: don’t own hardware
- Reduced Total Cost of Ownership (TCO) & Operational Expense (OPEX)
- Benefit from massive economies of scale
- Prices are reduced as AWS is more efficient due to large scale
- Stop guessing capacity
- Scale based on actual measured usage
- Increase speed and agility
- Stop spending money running and maintaining data centers
- Go global in minutes: leverage the AWS global infrastructure
What is IaaS
(I Paint Software)
IaaS (Infrastructure as a Service) – provides the basic infrastructure
- Think of it as the “foundation” or “building blocks” for everything. It provides raw computing resources like servers, storage, and networking.
- You manage: Operating systems, middleware, and applications.
Analogy: Renting a piece of land where you build your own house.
What is PaaS
(I Paint Software)
Platform as a Service provides the platform to build run and manage applications without building or managing the underlying infrastructure
- You manage: Applications and data.
Analogy: Renting a fully equipped kitchen where you can cook (build) but not worry about appliances or repairs.
What is SaaS
(I Paint Software)
SaaS (Software as a Service) – provides the end product ready for use
- Think of it as a “ready-to-use” product. It provides access to software applications over the internet, fully managed by the service provider.
- You manage: Nothing. Just use the software.
Analogy: Eating at a restaurant where everything is prepared and served for you.
What are the pricing models for AWS?
For compute, storage and data transfer?
AWS has 3 pricing fundamentals, following the pay-as-you-go pricing model:
- Compute:
- Pay for compute time
- Storage:
- Pay for data stored in the Cloud
- Data transfer OUT of the Cloud:
- Data transfer IN is free
What is a Region?
A region is a cluster of data centers, most AWS services are region scoped, names can be us-east-1, eu-west-3 etc
What factors do you consider when choosing an AWS Region?
CAPP
C - Compliance with data governance and legal requirements: data never leaves a region without your explicit permission.
A - Available services within a region. New services and features may not be available in every region.
P - Proximity to customers, reduced latency due to closer physical location.
P - Pricing
Pricing varies from region to region and is transparent on the pricing page.
What is an availability zone?
Each region has many availability zones (min 3, max 6)
- ap-southeast-2a, ap-southeast-2b, ap-southeast-2c
Each AZ is one or more discrete data centers with redundant power, networking and connectivity.
- each AZ is separate from each other, so that they are isolated from disasters
- they are connected with high bandwidth, ultra-low latency networking
What is the Shared responsibility for Customer and AWS?
Customer = Responsibility for the security IN the cloud
AWS = Responsibility for the security OF the cloud
Explain
IAM User vs
IAM Groups vs IAM Roles
- IAM Users Represent individuals or applications that interact with AWS resources. IAM policies grant users access to AWS resources, data, and cloud services. It has credentials associated - console password, access keys, SSH keys.
- IAM group is a collection of IAM users
- An IAM role is very similar to a user, in that it is an identity with permission policies that determine what the identity can and cannot do in AWS. However, a role does not have any credentials (password or access keys) associated with it.
What are IAM Permissions?
Permissions are JSON document policies that can be assigned to an IAM User or Group
3 ways to maintain security in IAM
- Strong password policy
- Use Multi factor Authentication
- Never share IAM Users and access keys
Credentials is entire library catalog & AccessAdvisor is personal record
Difference between IAM Credentials report (entire library catalog) and IAM Access Advisor (personal book borrowing history)
IAM Credentials Report: Think of it like the entire library’s catalog, showing all books (credentials) for all users.
IAM Access Advisor: Think of it like your personal borrowing history, showing detailed information on what services a specific user accessed and when.
Shared Responsibility Model for IAM - What does AWS do and what do you do ?
- Infrastructure (global network security)
- Configuration and vulnerability analysis
- Compliance validation
- Users, Groups, Roles, Policies management and monitoring
- Enable MFA on all accounts
- Rotate all your keys often
- Use IAM tools to apply appropriate permissions
- Analyze access patterns & review permissions
AWS:
* Infrastructure (global network security)
* Configuration and vulnerability analysis
* Compliance validation
YOU:
* Users, Groups, Roles, Policies management and monitoring
* Enable MFA on all accounts
* Rotate all your keys often
* Use IAM tools to apply appropriate permissions
* Analyze access patterns & review permissions
What is the difference between Vertical and Horizontal scaling ?
Whenever you see “vertical,” think of a building growing up (taller), and when you see “horizontal,” imagine a row of houses spreading out (wider).
Vertical scaling (Up): Picture a tall building getting taller by adding more floors (like adding resources to a single server).
Making one computer stronger by adding more CPU and RAM
Horizontal scaling (Out): Imagine a row of houses that keeps getting longer as you add more houses side by side (like adding more servers to share the load).
Adding more computers to handle more work - multiplying machines
