Cloud Concepts and IAM

Question 1

What is a client-server model?

Answer 1

In computing, a client can be a web browser or desktop application that a person interacts with to make requests to computer servers.

A server can be services, such as Amazon Elastic Compute Cloud (Amazon EC2) – a type of virtual server.

Question 2

What is a cloud-based deployment?

Answer 2

In a cloud-based deployment model, you can migrate existing applications to the cloud, or you can design and build new applications in the cloud.

Question 3

What is an on-premises deployment?

Answer 3

On-premises deployment is also known as a private cloud deployment. In this model, resources are deployed on premises by using virtualization and resource management tools.

Question 4

What is a hybrid development?

Answer 4

In a hybrid deployment, cloud-based resources are connected to on-premises infrastructure and integrates cloud-based resources with legacy IT applications.

Question 5

What are the 3 deployment models for cloud computing?

Answer 5

1. Cloud-based deployment
2. On-premises deployment
3. Hybrid deployment

Question 6

What is Cloud computing?

Answer 6

On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

Question 6

Explain Scalability?

Answer 6

• Scability is manual increasing/decreasing resources to meet the workload

Vertical scaling
- Scaling up: Adding more compute power (CPU or RAM) to support the increased workload
- Scaling down: Reducing compute power (CPU or RAM)

Horizontal Scaling
- Scaling up: Adding Virtual machines to support increased workload
- Scaling down: Reducing Virtual machines

Question 7

What is Elasticity?

Answer 7

Elasticity is the ability to automatically acquire resources as you need them and release resources when you no longer need them (AUTO-SCALING)

Question 8

What is Agility?

Answer 8

Agility is the ability to deploy resources and services in minutes without manual administration of provisioning or de-provisioning processes.

Question 9

What is high availability?

Answer 9

The ability to keep resources and services functioning for long periods of time with very little (planned or unplanned) downtime

Question 10

What is fault tolerance?

Answer 10

Fault tolerance is the ability to maintain system uptime while physical and service component failures happen

Question 11

What are the 6 Advantages of cloud computing?

(To Be Super Innovative, Scale Globally)

Answer 11

• Trade capital expense (CAPEX) for operational expense (OPEX)
  
  • Pay On-Demand: don’t own hardware
  • Reduced Total Cost of Ownership (TCO) & Operational Expense (OPEX)
• Benefit from massive economies of scale
  
  • Prices are reduced as AWS is more efficient due to large scale
• Stop guessing capacity
  
  • Scale based on actual measured usage
• Increase speed and agility
• Stop spending money running and maintaining data centers
• Go global in minutes: leverage the AWS global infrastructure

Question 12

What is IaaS

(I Paint Software)

Answer 12

IaaS (Infrastructure as a Service) – provides the basic infrastructure

• Think of it as the “foundation” or “building blocks” for everything. It provides raw computing resources like servers, storage, and networking.
• You manage: Operating systems, middleware, and applications.

Analogy: Renting a piece of land where you build your own house.

Question 13

What is PaaS

(I Paint Software)

Answer 13

PaaS (Platform as a Service) – provides the platform to build and develop

• Think of it as a “workbench” for developers. It provides the environment to build, run, and manage applications without worrying about the underlying infrastructure.
• You manage: Applications and data.

Analogy: Renting a fully equipped kitchen where you can cook (build) but not worry about appliances or repairs.

Question 14

What is SaaS

(I Paint Software)

Answer 14

SaaS (Software as a Service) – provides the end product ready for use

• Think of it as a “ready-to-use” product. It provides access to software applications over the internet, fully managed by the service provider.
• You manage: Nothing. Just use the software.

Analogy: Eating at a restaurant where everything is prepared and served for you.

Question 15

What are the pricing models for AWS?
For compute, storage and data transfer?

Answer 15

AWS has 3 pricing fundamentals, following the pay-as-you-go pricing model:

• Compute:
  
  • Pay for compute time
• Storage:
  
  • Pay for data stored in the Cloud
• Data transfer OUT of the Cloud:
  
  • Data transfer IN is free

Question 16

What is a Region?

Answer 16

A region is a cluster of data centers, most AWS services are region scoped, names can be us-east-1, eu-west-3 etc

Question 17

What factors do you consider when choosing an AWS Region?

CAPP

Answer 17

C - Compliance with data governance and legal requirements: data never leaves a region without your explicit permission.

A - Available services within a region. New services and features may not be available in every region.

P - Proximity to customers, reduced latency due to closer physical location.

P - Pricing
Pricing varies from region to region and is transparent on the pricing page.

Question 18

What is an availability zone?

Answer 18

Each region has many availability zones (min 3, max 6)
- ap-southeast-2a, ap-southeast-2b, ap-southeast-2c

Each AZ is one or more discrete data centers with redundant power, networking and connectivity.

• each AZ is separate from each other, so that they are isolated from disasters
• they are connected with high bandwidth, ultra-low latency networking

Question 19

What is the Shared responsibility for Customer and AWS?

Answer 19

Customer = Responsibility for the security IN the cloud

AWS = Responsibility for the security OF the cloud

Question 20

Explain
IAM User vs
IAM Groups vs IAM Roles

Answer 20

• IAM Users Represent individuals or applications that interact with AWS resources. IAM policies grant users access to AWS resources, data, and cloud services. It has credentials associated - console password, access keys, SSH keys.
• IAM group is a collection of IAM users
• An IAM role is very similar to a user, in that it is an identity with permission policies that determine what the identity can and cannot do in AWS. However, a role does not have any credentials (password or access keys) associated with it.

Question 21

What are IAM Permissions?

Answer 21

Permissions are JSON document policies that can be assigned to an IAM User or Group

Question 22

3 ways to maintain security in IAM

Answer 22

• Strong password policy
• Use Multi factor Authentication
• Never share IAM Users and access keys

Question 23

Credentials is entire library catalog & AccessAdvisor is personal record

Difference between IAM Credentials report (entire library catalog) and IAM Access Advisor (personal book borrowing history)

Answer 23

IAM Credentials Report: Think of it like the entire library’s catalog, showing all books (credentials) for all users.

IAM Access Advisor: Think of it like your personal borrowing history, showing detailed information on what services a specific user accessed and when.

Question 24

Shared Responsibility Model for IAM - What does AWS do and what do you do ?

• Infrastructure (global network security)
• Configuration and vulnerability analysis
• Compliance validation
• Users, Groups, Roles, Policies management and monitoring
• Enable MFA on all accounts
• Rotate all your keys often
• Use IAM tools to apply appropriate permissions
• Analyze access patterns & review permissions

Answer 24

AWS:
* Infrastructure (global network security)
* Configuration and vulnerability analysis
* Compliance validation

YOU:
* Users, Groups, Roles, Policies management and monitoring
* Enable MFA on all accounts
* Rotate all your keys often
* Use IAM tools to apply appropriate permissions
* Analyze access patterns & review permissions