cloud practitioner Flashcards
Five ways to pay for EC2 instanes
- On-Demand
- Savings Plans
- Reserved Instances
- Spot Instances
- Dedicated Hosts
ec2 Free tier
Includes 750 hours of linux and windows.t2.micro instances (t3.micro for regions without t2) each month for one year.
On-Demand payment model
No commitment, by the use instances.
- Low cost and flexibility without upfront pay/commit
- Apps with short-lived spiky or unpredictable work that cannot be interrupted
- Applications being developed or tested on EC2 for first time
Recommend ec2 payment model for: user is is cost sensitive and requires flexibility. User doesn’t want to pay upfront or commit
On-demand
Recommend ec2 payment model for: App is short-lived and spiky or unpredictable work and must not be interrupted
On-demand
Recommend ec2 payment model for: App is being developed and tested for the first time on EC2
On-demand
Spot instance payment model
Request spare Ec2 for up to 90% off demand price. Recommended for
- Applications that have flexible start and end times
- Apps that are only feasible at very low compute prices
- Users with urgent computing needs for large amounts of additional capacity
Recommend ec2 payment model for: App that has flexible start and end times
Spot instances
Recommend ec2 payment model for: Apps that are only feasible at very low compute prices
Spot instances
Recommend ec2 payment model for: Users with urgent computing needs for large amounts of additional capacity
Spot instances
Savings Plans payment model
Flexible pricing model that offers low prices on EC2 and fargate usage. In exchange for a commitment to a consistent amount of usage for a 1 or 3 year term. save up to 72%.
Reserved instances
Significate discount (up to 75%) compared to on-demand instance pricing. when assigned to a specific AZ they provide a capacity reservation giving you additional confidence in ability to launch instances when needed.
- Apps with steady state usage
- Apps that may require reserved capacity
- Customers that can commit to using Ec2 over a 1 or 3 year term to reduce total costs
Recommend ec2 payment model for: Apps with steady state usage
Reserved Instances
Recommend ec2 payment model for: Apps that may require reserved capacity
Reserved instances
Recommend ec2 payment model for: Customers that can commit to using ec2 over 1 or 3 year term
Reserved instances and/or Savings plan.
Savings plan can only do compute or lambda but not rdb or other fancy services
Dedicated Hosts
A dedicated physical ec2 server for your use. Use existing server bound licenses, including windows server, sqlserver and suse linux enterprise server. also good for compliance.
- Can be on-demand (hourly)
- can be purchased as a reservation for up to 70% off the on-demand price
Recommend ec2 payment model for: already have server bound licenses
Dedicated Host
Recommend ec2 payment model for: customer is able to commit to 1 or 3 years of running RDS
Reserved Instance
Recommend ec2 payment model for: Customer is able to commit to 1 or 3 years of running lambda
Savings plan
5 pillars of Well Architected Framework
operational excellence, Security, Reliability, Performance Efficiency, Cost Optimization
Well Architected Framework Pillar: Operational Excellence
biz value
Well Architected Framework Pillar: Security
Protect information and assets
Well Architected Framework Pillar: Reliability
failure tolerance
Well Architected Framework Pillar: Performance
maximize resource to biz value
Well Architected Framework Pillar: Cost
maximize cost to value
AWS Config
provides conformance packs for standards
AWS Artifact
self service access to reports
Amazon GuardDuty
intelligent threat detection
Define IAM
Identity and Access Management
what does Identity federation do
allows external identity provider. through SAML providers including active directory
identity types in IAM
User, group, role
Define IAM: User
a single user (principal) to access AWS resources
Define IAM: Group
manage permissions for a group of users
Define IAM: Roles
allow a user or AWS service to assume permissions for a task
Policies in AWS IAM
json document that defines permissions for an AWS IAM Identity(Principal). defines allowed resource and actions against the resource. Either customer managed or AWS managed.
AWS Storage Gateway
Hybrid on/off prem storage. vm or specific hardware appliance. Integrates with S3 and EBS.
AWS Data Sync
Automated data transfer service
3 types of storage gateway
Tape, volume, file
Storage Gateway: File gateway
cached low-latency local access.
Storage Gateway: Tape gateway
tape backup to cloud
Storage Gateway: Volume Gateway
cloud based iSCSI volumes to local applications
AWS Glue
Managed ETL
Amazon EMR
elastic map reduce using popular tools
AWS Data Pipeline
Data workflow orchestration service across AWS Services.
Amazon Athena
query data stored in s3
Amazon Quicksight
data dashboards
amazon cloud search
managed search service for custom apps
Amazon rekognition
vision (image and video ) as a service. actions come from video. custom labels for business objects
Amazon Translate
text translation - 54 languages, language ident, can work in batch.
Amazon Transcribe
speech to text. subservice for medical. batch and single.
Disaster Recovery Scenarios
Backup/Restore, Pilot, Warm Standby, Multi site
Disaster Recovery: Define RTO
Recovery Time objective
Disaster Recovery: Define RPO
Recovery Point Objective
AWS’s key repository
AWS Secrets Manager. can autorotate creds.
AWS shield
manage DDoS prevention
Amazon Macie
ML data protection for S3. alerts about unusual. dashboard about how data is stored and accessed. detect PI and IP
Amazon Inspector
security assessment for EC2
aws service catalog
catalog of AWS services
AWS marketplace
3rd party services available on AWS