Cloud Practitioner Flashcards
1
Q
AWS Cost Explorer
A
A tool that enables you to visualize, understand, and manage your AWS costs and usage over time.
It includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. For example, you can view resource usage at the hourly level.
2
Q
AWS Budgets
A
Can create budgets to plan your service usage, service costs, and instance reservations.
The information updates three times a day. This helps you to accurately determine how close your usage is to your budgeted amounts or to the AWS Free Tier limits.
You can also set custom alerts when your usage exceeds (or is forecasted to exceed) the budgeted amount.
3
Q
AWS Pricing Calculator
A
Lets you explore AWS services and create an estimate for the cost of your use cases on AWS. You can enter details for your cloud computing requirements and then receive a detailed estimate that can be exported and shared.
4
Q
AWS Artifact
A
A service that enables you to access AWS security and compliance reports and special online agreements.
5
Q
AWS CAF: Operations
A
Helps you to enable, run, use, operate, and recover IT workloads to the level agreed upon with your business stakeholders.
Define how day-to-day, quarter-to-quarter, and year-to-year business is conducted. Align with and support the operations of the business. The AWS CAF helps these stakeholders define current operating procedures and identify the process changes and training needed to implement successful cloud adoption. Includes principles for operating in the cloud by using agile best practices.
Common roles in this Perspective include:
IT operations managers IT support managers
6
Q
AWS CAF: Business
A
Helps you to move from a model that separates business and IT strategies into a business model that integrates IT strategy.
Ensures that IT aligns with business needs and that IT investments link to key business results.
Use this Perspective to create a strong business case for cloud adoption and prioritize cloud adoption initiatives. Ensure that your business strategies and goals align with your IT strategies and goals.
Common roles in this Perspective include:
Business managers Finance managers Budget owners Strategy stakeholders
7
Q
AWS CAF: People
A
Helps Human Resources (HR) employees prepare their teams for cloud adoption by updating organizational processes and staff skills to include cloud-based competencies.
Supports development of an organization-wide change management strategy for successful cloud adoption.
Use this Perspective to evaluate organizational structures and roles, new skill and process requirements, and identify gaps. This helps prioritize training, staffing, and organizational changes.
Common roles in this Perspective include:
Human resources Staffing People managers
8
Q
AWS CAF: Governance
A
Helps you understand how to update the staff skills and organizational processes that are necessary to ensure business governance in the cloud.
Focuses on the skills and processes to align IT strategy with business strategy. This ensures that you maximize the business value and minimize risks.
Use this Perspective to understand how to update the staff skills and processes necessary to ensure business governance in the cloud. Manage and measure cloud investments to evaluate business outcomes.
Common roles in this Perspective include:
Chief Information Officer (CIO) Program managers Enterprise architects Business analysts Portfolio managers
9
Q
AWS CAF: Platform
A
This Perspective includes principles and patterns for implementing new solutions on the cloud, and migrating on-premises workloads to the cloud.
Use a variety of architectural models to understand and communicate the structure of IT systems and their relationships. Describe the architecture of the target state environment in detail.
Common roles in this Perspective include:
Chief Technology Officer (CTO) IT managers Solutions architects
10
Q
AWS CAF: Security
A
This Perspective ensures that the organization meets security objectives for visibility, auditability, control, and agility.
Use the AWS CAF to structure the selection and implementation of security controls that meet the organization’s needs.
Common roles in this Perspective include:
Chief Information Security Officer (CISO) IT security managers IT security analysts
11
Q
Six Core Perspectives of Cloud Adoption Framework (AWS CAF)
A
Business
People
Governance
Platform
Security
Operations
12
Q
Six Benefits of Cloud Computing
A
Trade upfront expense for variable expense
Stop spending money to run and maintain data centers
Stop guessing capacity
Benefit from massive economies of scale
Increase speed and agility
Go global in minutes
13
Q
Six Pillars of Well-Architected Framework
A
Operational excellence
Security
Reliability
Performance efficiency
Cost optimization
Sustainability
14
Q
Pillar: Operational Excellence
A
Ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.
Design principles for this pillar include performing operations as code, annotating documentation, anticipating failure, and frequently making small, reversible changes.
15
Q
Pillar: Security
A
Ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
When considering the security of your architecture, apply these best practices:
- Automate security best practices when possible.
- Apply security at all layers.
- Protect data in transit and at rest.
16
Q
Pillar: Reliability
A
Ability of a system to do the following:
- Recover from infrastructure or service disruptions
- Dynamically acquire computing resources to meet demand
- Mitigate disruptions such as misconfigurations or transient network issues
This includes testing recovery procedures, scaling horizontally to increase aggregate system availability, and automatically recovering from failure.
17
Q
Pillar: Performance Efficiency
A
Ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.
Evaluating the performance efficiency of your architecture includes experimenting more often, using serverless architectures, and designing systems to be able to go global in minutes.
18
Q
Pillar: Cost Optimization
A
Ability to run systems to deliver business value at the lowest price point.
Includes adopting a consumption model, analyzing and attributing expenditure, and using managed services to reduce the cost of ownership.
19
Q
Pillar: Sustainability
A
Ability to run systems to deliver business value at the lowest price point.
Cost optimization includes adopting a consumption model, analyzing and attributing expenditure, and using managed services to reduce the cost of ownership.
20
Q
EC2 Savings Plans
A
Enable you to reduce your compute costs by committing to a consistent amount of compute usage for a 1-year or 3-year term.
This results in savings of up to 72% over On-Demand Instance costs.
Any usage up to the commitment is charged at the discounted Savings Plan rate (for example, $10 an hour). Any usage beyond the commitment is charged at regular On-Demand Instance rates.
21
Q
EC2 Reserved Instances
A
Billing discount that is applied to the use of On-Demand Instances in your account.
You can purchase Standard and Convertible Instances for a one-year or three-year term, and Scheduled Instances for a one-year term.
Unlike Savings Plans, these do not require you to commit to a consistent amount of compute usage over the duration of the contract.
22
Q
EC2 Spot Instances
A
Ideal for workloads with flexible start and end times or that can withstand interruptions. These Instances leverage unused EC2 computing capacity and offer you cost savings at up to 90% of On-Demand Instance prices.
23
Q
EC2 Dedicated Hosts
A
Physical servers with EC2 instance capacity that is fully dedicated to your use.
You can use your existing per-socket, per-core, or per-VM software licenses to help maintain license compliance. You can purchase On-Demand or Reserved. Of all the Amazon EC2 options that were covered in this course, these are the most expensive.
24
Q
AWS Organizations
A
Centrally control permissions for the accounts in your organization by using service control policies (SCPs).
Additionally, you can use the consolidated billing feature in AWS Organizations to combine usage and receive a single bill for multiple AWS accounts.
You can group accounts into organizational units (OUs) to make it easier to manage accounts with similar business or security requirements. When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy.
25
AWS Identity and Access Management (IAM)
Service that you can use to manage access to AWS services and resources.
26
AWS Marketplace
A digital catalog that includes thousands of listings from independent software vendors.
You can use AWS Marketplace to find, test, and buy software that runs on AWS.
27
AWS Support
A resource that can answer questions about best practices and assist with troubleshooting issues.
28
Technical Account Manager (TAM)
A resource that provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications.
29
AWS Trusted Advisor
A web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices.
It compares its findings to AWS best practices in five categories: cost optimization, performance, security, fault tolerance, and service limits. For the checks in each category, this offers a list of recommended actions and additional resources to learn more about AWS best practices.
The guidance provided by this can benefit your company at all stages of deployment. For example, you can use this to assist you while you are creating new workflows and developing new applications. Or you can use it while you are making ongoing improvements to existing applications and resources.
30
DynamoDB
A key-value database service. A key-value database might include data pairs such as “Name: John Doe,” “Address: 123 Any Street,” and “City: Anytown”.
In a key-value database, you can add or remove attributes from items in the table at any time. Additionally, not every item in the table has to have the same attributes.
31
Amazon Relational Database Service (Amazon RDS)
A service that enables you to run relational databases in the AWS Cloud.
A managed service that automates tasks such as hardware provisioning, database setup, patching, and backups. With these capabilities, you can spend less time completing administrative tasks and more time using data to innovate your applications. You can integrate it with other services to fulfill your business and operational needs, such as using AWS Lambda to query your database from a serverless application.
Provides a number of different security options. Many of these database engines offer encryption at rest (protecting data while it is stored) and encryption in transit (protecting data while it is being sent and received).
32
Amazon Aurora
An enterprise-class relational database. It is compatible with MySQL and PostgreSQL relational databases. It is up to five times faster than standard MySQL databases and up to three times faster than standard PostgreSQL databases.
Helps to reduce your database costs by reducing unnecessary input/output (I/O) operations, while ensuring that your database resources remain reliable and available.
Consider if your workloads require high availability. It replicates six copies of your data across three Availability Zones and continuously backs up your data to Amazon S3.
33
Amazon DocumentDB
A document database service that supports MongoDB workloads.
34
Elastic Load Balancing
A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances.
Acts as a single point of contact for all incoming web traffic to your Auto Scaling group. This means that as Amazon EC2 instances are added or removed in response to the amount of incoming traffic, these requests are routed here first and then spread across multiple resources that will handle them.
35
AWS Auto Scaling
A service that monitors your applications and automatically adds or removes capacity from your resource groups in response to changing demand.
36
Amazon CloudWatch
A service that provides data that you can use to monitor your applications, optimize resource utilization, and respond to system-wide performance changes.
You can create alarms that automatically perform actions if the value of your metric has gone above or below a predefined threshold.
37
Amazon ElastiCache
A service that adds caching layers on top of your databases to help improve the read times of common requests.
It supports two types of data stores: Redis and Memcached.
38
AWS Trusted Advisor Categories
Cost Optimization
Performance
Security
Fault Tolerance
Service Limits
39
AWS Command Line Interface (CLI)
Enables you to control multiple AWS services directly from the command line within one tool. For example, you can use commands to start an Amazon EC2 instance, connect an Amazon EC2 instance to a specific Auto Scaling group, and more. This tool is available for users on Windows, macOS, and Linux.
40
Amazon Redshift
Data warehousing service that you can use for big data analytics. It offers the ability to collect data from many sources and help you to understand relationships and trends across your data.
41
Amazon Quantum Ledger Database (Amazon QLDB)
A ledger database service. You can use this to review a complete history of all the changes that have been made to your application data.
42
AWS Snowball Edge Storage Optimized
A device that enables you to transfer large amounts of data into and out of AWS.
Suited for large-scale data migrations and recurring transfer workflows, in addition to local computing with higher capacity needs.
- Storage: 80 TB of hard disk drive (HDD) capacity for block volumes and Amazon S3 compatible object storage, and 1 TB of SATA solid state drive (SSD) for block volumes.
- Compute: 40 vCPUs, and 80 GiB of memory to support Amazon EC2 sbe1 instances (equivalent to C5).
43
AWS Snowball Edge Compute Optimized
A powerful computing resources for use cases such as machine learning, full motion video analysis, analytics, and local computing stacks.
- Storage: 42-TB usable HDD capacity for Amazon S3 compatible object storage or Amazon EBS compatible block volumes and 7.68 TB of usable NVMe SSD capacity for Amazon EBS compatible block volumes.
- Compute: 52 vCPUs, 208 GiB of memory, and an optional NVIDIA Tesla V100 GPU. Devices run Amazon EC2 sbe-c and sbe-g instances, which are equivalent to C5, M5a, G3, and P3 instances.
44
Amazon Route 53
A DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that are hosted in AWS.
Additionally, you can transfer DNS records for existing domain names that are currently managed by other domain registrars, or register new domain names directly within Amazon Route 53.
45
Amazon CloudWatch
Monitor your applications and respond to system-wide performance changes.
46
AWS Quick Starts
Automate the deployment of workloads into your AWS environment
47
AWS Artifact: Agreements
Can review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations. Different types of agreements are offered to address the needs of customers who are subject to specific regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).
48
AWS Artifact: Reports
Provides compliance reports from third-party auditors. These auditors have tested and verified that AWS is compliant with a variety of global, regional, and industry-specific security standards and regulations. Remains up to date with the latest reports released. You can provide the reports to your auditors or regulators as evidence of AWS security controls.
49
Amazon S3 Intelligent Tiering
S3 monitors objects’ access patterns. If you haven’t accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, Amazon S3 Standard-IA. If you access an object in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, Amazon S3 Standard.
50
Amazon S3 Glacier Flexible Retrieval
A low-cost storage class that is ideal for data archiving. You can retrieve objects stored in this storage class within a few minutes to a few hours.
51
Amazon S3 Standard-IA
Ideal for data that is infrequently accessed but requires high availability when needed. Both Amazon S3 Standard and Amazon S3 Standard-IA store data in a minimum of three Availability Zones. Amazon S3 Standard-IA provides the same level of availability as Amazon S3 Standard but at a lower storage price.
52
Amazon S3 One Zone-IA
Ideal for infrequently accessed data that does not require high availability.
53
Amazon S3 Standard
Provides high availability for objects. This makes it a good choice for a wide range of use cases, such as websites, content distribution, and data analytics. Has a higher cost than other storage classes intended for infrequently accessed data and archival storage.
54
Amazon Glacier Instant Retrieval
When you decide between the options for archival storage, consider how quickly you must retrieve the archived objects. You can retrieve objects stored in the Amazon S3 Glacier Instant Retrieval storage class within milliseconds, with the same performance as Amazon S3 Standard.
55
Amazon S3 Glacier Deep Archive
Supports long-term retention and digital preservation for data that might be accessed once or twice in a year. This storage class is the lowest-cost storage in the AWS Cloud, with data retrieval from 12 to 48 hours. All objects from this storage class are replicated and stored across at least three geographically dispersed Availability Zones.
56
Amazon S3 Outposts
Delivers object storage to your on-premises AWS Outposts environment. This is designed to store data durably and redundantly across multiple devices and servers on your Outposts. It works well for workloads with local data residency requirements that must satisfy demanding performance needs by keeping data close to on-premises applications.
57
AWS Lambda
A service that lets you run code without needing to provision or manage servers.
While using AWS Lambda, you pay only for the compute time that you consume. You are charged only when your code is running. With AWS Lambda, you can run code for virtually any type of application or backend service, all with zero administration.
58
Shared Responsibility Model: Customers
Customers are responsible for the security of everything that they create and put in the AWS Cloud.
When using AWS services, you, the customer, maintain complete control over your content. You are responsible for managing security requirements for your content, including which content you choose to store on AWS, which AWS services you use, and who has access to that content. You also control how access rights are granted, managed, and revoked.
The security steps that you take will depend on factors such as the services that you use, the complexity of your systems, and your company’s specific operational and security needs. Steps include selecting, configuring, and patching the operating systems that will run on Amazon EC2 instances, configuring security groups, and managing user accounts.
59
Shared Responsibility Model: AWS
AWS is responsible for security of the cloud.
AWS operates, manages, and controls the components at all layers of infrastructure. This includes areas such as the host operating system, the virtualization layer, and even the physical security of the data centers from which services operate.
AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure includes AWS Regions, Availability Zones, and edge locations.
AWS manages the security of the cloud, specifically the physical infrastructure that hosts your resources, which include:
- Physical security of data centers
- Hardware and software infrastructure
- Network infrastructure
- Virtualization infrastructure
Although you cannot visit AWS data centers to see this protection firsthand, AWS provides several reports from third-party auditors. These auditors have verified its compliance with a variety of computer security standards and regulations.
60
AWS Snowmobile
A service that is used for transferring up to 100 PB of data to AWS. Each one is a 45-foot long shipping container that is pulled by a semi-trailer truck.
61
Amazon Neptune
A graph database service. You can use to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.
62
Amazon CloudFront
A content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world.
63
AWS DeepRacer
An autonomous 1/18 scale race car that you can use to test reinforcement learning models.
64
Amazon GuardDuty
Identifies threats by continually monitoring the network activity and account behavior within your AWS environment.
After you have enabled for your AWS account, it begins monitoring your network and account activity. You do not have to deploy or manage any additional security software. It then continuously analyzes data from multiple AWS sources, including VPC Flow Logs and DNS logs.
If it detects any threats, you can review detailed findings about them from the AWS Management Console. Findings include recommended steps for remediation. You can also configure AWS Lambda functions to take remediation steps automatically in response to its security findings.
65
AWS Shield Standard
A service that automatically protects all AWS customers at no cost. It protects your AWS resources from the most common, frequently occurring types of DDoS attacks.
As network traffic comes into your applications, this uses a variety of analysis techniques to detect malicious traffic in real time and automatically mitigates it.
66
Amazon Inspector
A service that checks applications for security vulnerabilities and deviations from security best practices.
After it has performed an assessment, it provides you with a list of security findings. The list prioritizes by severity level, including a detailed description of each security issue and a recommendation for how to fix it. However, AWS does not guarantee that following the provided recommendations resolves every potential security issue. Under the shared responsibility model, customers are responsible for the security of their applications, processes, and tools that run on AWS services.
67
AWS WAF
A web application firewall that lets you monitor network requests that come into your web applications.
Works together with Amazon CloudFront and an Application Load Balancer. Recall the network access control lists that you learned about in an earlier module. This works in a similar way to block or allow traffic. However, it does this by using a web access control list (ACL) to protect your AWS resources.
68
AWS Shield Advanced
A paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks.
It also integrates with other services such as Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing. Additionally, you can integrate with AWS WAF by writing custom rules to mitigate complex DDoS attacks.
69
Amazon Elastic Kubernetes Service (Amazon EKS)
A fully managed service that you can use to run Kubernetes on AWS. Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale.
Containers provide you with a standard way to package your application's code and dependencies into a single object. Containers are frequently used for processes and workflows in which there are essential requirements for security, reliability, and scalability.
70
Amazon SageMaker
A service that enables you to quickly build, train, and deploy machine learning models.
71
AWS Elastic Beanstalk
You upload your application, and it automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.
72
Amazon Simple Queue Service (Amazon SQS)
A message queuing service. You can send, store, and receive messages between software components at any volume size, without losing messages or requiring other services to be available.
An application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.
73
AWS Outposts
Run infrastructure in a hybrid cloud approach.
74
AWS CloudFormation
Provision resources by using programming languages or a text file.
75
Amazon Virtual Private Cloud (Amazon VPC)
Provision an isolated section of the AWS Cloud to launch resources in a virtual network that you define.
76
The Six R's of Migration
- Rehosting
- Replatforming
- Refactoring/re-architecting
- Repurchasing
- Retaining
- Retiring
77
Rehosting
Also known as “lift-and-shift” involves moving applications without changes.
In the scenario of a large legacy migration, in which the company is looking to implement its migration and scale quickly to meet a business case, the majority of applications are rehosted.
78
Replatforming
Also known as “lift, tinker, and shift,” involves making a few cloud optimizations to realize a tangible benefit. Optimization is achieved without changing the core architecture of the application.
79
Refactoring
(Also known as re-architecting) involves reimagining how an application is architected and developed by using cloud-native features. Driven by a strong business need to add features, scale, or performance that would otherwise be difficult to achieve in the application’s existing environment.
80
Repurchasing
Involves moving from a traditional license to a software-as-a-service model.
For example, a business might choose to implement the repurchasing strategy by migrating from a customer relationship management (CRM) system to Salesforce.com.
81
Retaining
Consists of keeping applications that are critical for the business in the source environment. This might include applications that require major refactoring before they can be migrated, or, work that can be postponed until a later time.
82
Retiring
The process of removing applications that are no longer needed.
83
Developer Support
Customers in this Support plan have access to features such as:
- Best practice guidance
- Client-side diagnostic tools
- Building-block architecture support, which consists of guidance for how to use AWS offerings, features, and services together
84
Business Support
Customers with this plan have access to additional features, including:
- Use-case guidance to identify AWS offerings, features, and services that can best support your specific needs
- All AWS Trusted Advisor checks
- Limited support for third-party software, such as common operating systems and application stack components
85
Enterprise On-Ramp Support
In addition to all the features included in the Basic, Developer, and Business Support plans, customers have access to:
- A pool of Technical Account Managers to provide proactive guidance and coordinate access to programs and AWS experts
- A Cost Optimization workshop (one per year)
- A Concierge support team for billing and account assistance
- Tools to monitor costs and performance through Trusted Advisor and Health API/Dashboard
This plan also provides access to a specific set of proactive support services, which are provided by a pool of Technical Account Managers.
- Consultative review and architecture guidance (one per year)
- Infrastructure Event Management support (one per year)
- Support automation workflows
- 30 minutes or less response time for business-critical issues
86
Enterprise Support
In addition to all features included in the Basic, Developer, Business, and Enterprise On-Ramp support plans, customers with this plan have access to:
- A designated Technical Account Manager to provide proactive guidance and coordinate access to programs and AWS experts
- A Concierge support team for billing and account assistance
- Operations Reviews and tools to monitor health
- Training and Game Days to drive innovation
- Tools to monitor costs and performance through Trusted Advisor and Health API/Dashboard
This plan also provides full access to proactive services, which are provided by a designated Technical Account Manager:
- Consultative review and architecture guidance
- Infrastructure Event Management support
- Cost Optimization Workshop and tools
- Support automation workflows
- 15 minutes or less response time for business-critical issues
87
Instance Store
Ideal for temporary data that does not need to be kept long term.
When an Amazon EC2 instance is stopped or terminated, all the data that has been written to the attached instance store is deleted.
88
Amazon Elastic Block Store (Amazon EBS)
Provides block-level storage volumes that you can use with Amazon EC2 instances.
Volume stores data in a single Availability Zone. To attach an Amazon EC2 instance to volume, both the Amazon EC2 instance and the volume must reside within the same Availability Zone.
Ideal for data that needs to be retained. When an Amazon EC2 instance is stopped or terminated, all of the data on the attached volume is still available.
89
Subnet
A section of a virtual private cloud (VPC) in which you can group resources based on security or operational needs.
90
AWS CloudTrail
View a complete history of user activity and API calls for your applications and resources.
Events are typically updated within 15 minutes after an API call was made. You can filter events by specifying the time and date that an API call occurred, the user who requested the action, the type of resource that was involved in the API call, and more.
91
Amazon Augmented AI (Amazon A2I)
Provides built-in human review workflows for common machine learning use cases, such as content moderation and text extraction from documents. You can also create your own workflows for machine learning models built on Amazon SageMaker or any other tools.
92
Amazon Textract
A machine learning service that automatically extracts text and data from scanned documents.
93
Amazon Lex
A service that enables you to build conversational interfaces using voice and text.
94
AWS Direct Connect
A service that enables you to establish a dedicated private connection between your data center and VPC.
The private connection helps you to reduce network costs and increase the amount of bandwidth that can travel through your network.
95
Internet Gateway
A connection between a VPC and the internet. It allows public traffic from the internet to access a VPC.
96
Virtual Private Gateway
Enables you to establish a virtual private network (VPN) connection between your VPC and a private network, such as an on-premises data center or internal corporate network. Also allows traffic into the VPC only if it is coming from an approved network.
97
Amazon Simple Storage Service (Amazon S3)
A service that provides object-level storage. It stores data as objects within buckets.
98
Security Group
A virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.
By default, denies all inbound traffic and allows all outbound traffic. You can add custom rules to configure which traffic should be allowed or denied.
99
Network Access Control List (ACL)
A virtual firewall that controls inbound and outbound traffic at the subnet level.
100
Availability Zone
A single data center or a group of data centers within a Region.
These are located tens of miles apart from each other. This helps them to provide interconnectivity to support the services and applications that run within a Region.
101
Region
A separate geographical location with multiple locations that are isolated from each other.
102
EC2 General Purpose
Provide a balance of compute, memory, and networking resources. You can use them for a variety of workloads, such as:
- application servers
- gaming servers
- backend servers for enterprise applications
- small and medium databases
103
EC2 Compute Optimized
Ideal for compute-bound applications that benefit from high-performance processors. Like general purpose instances, you can use compute optimized instances for workloads such as web, application, and gaming servers.
However, the difference is these applications are ideal for high-performance web servers, compute-intensive applications servers, and dedicated gaming servers. You can also use compute optimized instances for batch processing workloads that require processing many transactions in a single group.
104
EC2 Memory Optimized
Designed to deliver fast performance for workloads that process large datasets in memory. In computing, memory is a temporary storage area. It holds all the data and instructions that a central processing unit (CPU) needs to be able to complete actions. Before a computer program or application is able to run, it is loaded from storage into memory. This preloading process gives the CPU direct access to the computer program.
105
EC2 Accelerated Computing
Use hardware accelerators, or coprocessors, to perform some functions more efficiently than is possible in software running on CPUs. Examples of these functions include floating-point number calculations, graphics processing, and data pattern matching.
In computing, a hardware accelerator is a component that can expedite data processing. Accelerated computing instances are ideal for workloads such as graphics applications, game streaming, and application streaming.
106
EC2 Storage Optimized
Designed for workloads that require high, sequential read and write access to large datasets on local storage. Examples of workloads suitable for these instances include distributed file systems, data warehousing applications, and high-frequency online transaction processing (OLTP) systems.
In computing, the term input/output operations per second (IOPS) is a metric that measures the performance of a storage device. It indicates how many different input or output operations a device can perform in one second. These instances are designed to deliver tens of thousands of low-latency, random IOPS to applications.
You can think of input operations as data put into a system, such as records entered into a database. An output operation is data generated by a server. An example of output might be the analytics performed on the records in a database. If you have an application that has a high IOPS requirement, this instance can provide better performance over other instance types not optimized for this kind of use case.
107
EC2 On-Demand
Ideal for short-term, irregular workloads that cannot be interrupted. No upfront costs or minimum contracts apply. The instances run continuously until you stop them, and you pay for only the compute time you use.
Sample use cases for these Instances include developing and testing applications and running applications that have unpredictable usage patterns. These Instances are not recommended for workloads that last a year or longer because these workloads can experience greater cost savings using Reserved Instances.
108
Amazon Simple Notification Service (Amazon SNS)
A publish/subscribe service. A publisher publishes messages to subscribers.
Subscribers can be web servers, email addresses, AWS Lambda functions, or several other options.
109
Amazon Elastic Container Service (Amazon ECS)
A highly scalable, high-performance container management system that enables you to run and scale containerized applications on AWS.
Supports Docker containers. Docker is a software platform that enables you to build, test, and deploy applications quickly. AWS supports the use of open-source Docker Community Edition and subscription-based Docker Enterprise Edition. With this, you can use API calls to launch and stop Docker-enabled applications.
110
AWS Fargate
A serverless compute engine for containers. It works with both Amazon ECS and Amazon EKS.
When using, you do not need to provision or manage servers. This manages your server infrastructure for you. You can focus more on innovating and developing your applications, and you pay only for the resources that are required to run your containers.
111
Amazon Elastic File System (Amazon EFS)
A regional service. It stores data in and across multiple Availability Zones.
The duplicate storage enables you to access data concurrently from all the Availability Zones in the Region where a file system is located. Additionally, on-premises servers can access this using AWS Direct Connect.
112
AWS Database Migration Service (AWS DMS)
Enables you to migrate relational databases, nonrelational databases, and other types of data stores.
With this, you move data between a source database and a target database. The source and target databases can be of the same type or different types. During the migration, your source database remains operational, reducing downtime for any applications that rely on the database.
113
Amazon Managed Blockchain
A service that you can use to create and manage blockchain networks with open-source frameworks.
Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority.
114
Amazon DynamoDB Accelerator (DAX)
An in-memory cache for DynamoDB.
It helps improve response times from single-digit milliseconds to microseconds.
115
AWS account root user
When you first create an AWS account, you begin with an identity known as this.
This user is accessed by signing in with the email address and password that you used to create your AWS account. It has complete access to all the AWS services and resources in the account.
Do not use for everyday tasks.
Instead, use to create your first IAM user and assign it permissions to create other users.
Then, continue to create other IAM users, and access those identities for performing regular tasks throughout AWS. Only use this user when you need to perform a limited number of tasks that are only available to the root user. Examples of these tasks include changing your email address and changing your AWS support plan.
116
IAM users
An identity that you create in AWS. It represents the person or application that interacts with AWS services and resources. It consists of a name and credentials.
By default, when you create new ones in AWS, it has no permissions associated with it. To allow it to perform specific actions in AWS, such as launching an Amazon EC2 instance or creating an Amazon S3 bucket, you must grant it the necessary permissions.
We recommend that you create individual ones for each person who needs to access AWS.
Even if you have multiple employees who require the same level of access, you should create individual IAM users for each of them. This provides additional security by allowing each IAM user to have a unique set of security credentials.
117
IAM policies
A document that allows or denies permissions to AWS services and resources.
These enable you to customize users’ levels of access to resources. For example, you can allow users to access all of the Amazon S3 buckets within your AWS account, or only a specific bucket.
Follow the security principle of least privilege when granting permissions.
By following this principle, you help to prevent users or roles from having more permissions than needed to perform their tasks.
For example, if an employee needs access to only a specific bucket, specify the bucket. Do this instead of granting the employee access to all of the buckets in your AWS account.
118
IAM groups
A collection of IAM users. When you assign an IAM policy, all users are granted permissions specified by the policy.
Assigning IAM policies also makes it easier to adjust permissions when an employee transfers to a different job.
119
IAM roles
An identity that you can assume to gain temporary access to permissions.
Before an IAM user, application, or service can assume one, they must be granted permissions to switch to it. When someone assumes it, they abandon all previous permissions that they had under a previous one and assume the permissions of the new.
These are ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term.
120
AWS Key Management Service (AWS KMS)
Enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use this to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.
With this, you can choose the specific levels of access control that you need for your keys. For example, you can specify which IAM users and roles are able to manage keys. Alternatively, you can temporarily disable keys so that they are no longer in use by anyone. Your keys never leave, and you are always in control of them.
121
AWS Free Tier
Enables you to begin using certain services without having to worry about incurring costs for the specified period.
Three types of offers are available:
- Always Free
- 12 Months Free
- Trials
For each free tier offer, make sure to review the specific details about exactly which resource types are included.
122
Billing Dashboard
Used to pay your AWS bill, monitor your usage, and analyze and control your costs.
- Compare your current month-to-date balance with the previous month, and get a forecast of the next month based on current usage.
- View month-to-date spend by service.
- View Free Tier usage by service.
- Access Cost Explorer and create budgets.
- Purchase and manage Savings Plans.
- Publish AWS Cost and Usage Reports.
123
AWS Snowcone
A small, rugged, and secure edge computing and data transfer device.
It features 2 CPUs, 4 GB of memory, and 8 TB of usable storage.
124
Amazon Transcribe
Convert speech to text
125
Amazon Comprehend
Discover patterns in text
126
Amazon Fraud Detector
Identify potentially fraudulent online activities
