Everything Flashcards
idk i just want flashcards
IaaS
Infrastructure as a Service - Most control, most setup
PaaS
Platform as a Service - Middle ground of IaaS and SaaS
SaaS
Software as a Service - Least control, least setup
Regions
Cluster of Data Centers
Availability Zone
Each region has between 3-6, completely isolated from each other.
Shared Responsibility Model
Customer is responsible for security IN the cloud, Amazon is responsible for security of the cloud
Customer Ex: Customer data, access management (IAM), firewall configs, encryption, etc.)
Amazon Ex: Software (compute, storage, db, networking), regions, edge locations, etc.)
IAM
Identity Access Management. How you control users in your AWS account
Groups
Collection of users. Users can belong to multiple groups.
Policies
Policies are applied to users/groups that dictates what they can/can’t do
AWS Management Console
Web interface to manage AWS services and resources
AWS Command Line Interface (CLI)
Alternative to AWS Management Console
AWS Software Dev Kit (SDK)
Language specific API’s
Access Key
~= Username
Secret Access Key
~= Password
IAM Best Practices
One AWS user = one person
Assign perm’s to groups, not individuals
Strong pswd policy + MFA
Access keys for CLI/SDK. Don’t share them!
EC2
Resizable virtual serves in the cloud. Allows for customers to have serverless architecture
Instance Types
General Purpose
Compute Optimized
Memory Optimized
Storage Optimized
Security Groups
Control traffic in/out of EC2 instances (Like firewalls)
Important Ports
21 - FTP
22 - SSH, SFTP
80 - HTTP
443 - HTTPS
3389 - RDP
Reserved Instances
Bought for 1 or 3 years, long-term. Better discounts
On-demand Instances
Good for short work loads, predictable pricing
Convertable Reserved Instances
Like reserved, but can change instance type
Spot Instances
Cheap instances that can be taken over by others willing to pay more. Cheapest, but unreliable
Dedicated Host Instances
Booking an entire instance
EBS (Elastic Block Store) Volume
Block storage for EC2 Instances.
EBS Snapshots
Backup of an EBS Volume. Also how you ‘restore’ (move) EBS Volumes to other regions
AMI (Amazon Machine Image)
Customization of an EC2 instance. Add own software, config, OS, monitoring, etc.)
EC2 Image Builder
Automate creation of virtual machines or container images
EC2 Instance Store
Temporary storage for EC2, data lost on stop or terminate.
EFS (Elastic File System)
Scalable, shared file storage for EC2. Managed network file system, can be mounted to 100’s of EC2 instances ACROSS AZ’s
FSX
Windows native shared file system
Vertical Scalability
Increase size of an instance (non-distributed systems) Building tall in Civ
Horizontal Scalability
Increasing the amount of instances (distributed systems) Building wide in Civ
Elasticity
‘Auto-scaling’ to scale based on usage. Matching performance w/ needs
ELB (Elastic Load Balancer)
ELB directs traffic to available instances downstream to increase performance
4 Types of load balancers
- Applications (Layer 7)
- Network (Layer 4)
- Gateway (Layer 3)
ASG (Auto Scale Groups)
Automatically scales EC2 Instances
ASG Scaling Strategies
- Manual
- Target Tracking - ‘Want average ASG CPU @ 40%’
- Simple/Step - ‘If (x>7) add 2 units
- Scheduled - Increase capacity @ certain time
- Predictive - Uses machine learning to predict future traffic spikes/dips
S3
Scalable object storage for data.
S3 Buckets
Store objects (files) in buckets (directories/folders) on S3
S3 Objects
Files in S3
S3 Security
IAM Policies for users
Bucket policies or ACL (Access control lists) for resources
Bucket Policies
JSON Based
resource - what bucket to apply to
effect - allow/deny actions
principal - bucket to apply policy to
S3 Versioning
Save versions of files that are changed in S3
CRR (Cross-Region Replication) and SSR (Same-Region Replication)
Replicates object across/within region
S3 Storage Classes
6 Classes (Use cases listed for each)
1. General Purpose - Big data analytics, content distribution
2. Infrequent Access - Backups. Rapid access when needed
3. One Zone Infrequent - Secondary Backups
4. Glacier - Data accessed once per quarter
5. Glacier flexibile retrieval - idk
6. Glacier Deep Archive - Infrequent Access
Server-Side Encryption
Server encrypts file after receiving it (on by default)
IAM Access Analyzer for S3
Monitor bucket access
Snow Family
Portable devices to migrate data from on-premise locations to AWS.
Snowcone - Smaller
Snowball Edge - Bigger
Relational DB’s
SQL. Links between DB’s.
Non-Relational
No-SQL. Built for specific data models
RDS
Relational DB for SQL
Aurora
Cloud optimized for PostgreSQL and MySQL. More cost effective than RDS (proprietary)
ElastiCache
Managed in-memory caching service to make RDS databases run faster. Reduces load on main DB.
DynamoDB
NoSQL. Fully managed w/ replication across 3 AZ’s w/ extremely low latency
Redshift
SQL. Managed data WAREHOUSE for big data analytics.
EMR (Elastic MapReduce)
Uses HADOOP to utilize clusters of EC2 instances to analyze data
Athena
Serverless query service for S3 data using SQL.
Quicksight
Create dashboards on data for user insights
DocumentDB
Implementation for MongoDB (NoSQL)
Neptune
Used for graph db’s. (Ex: Wikipedia, social networking, etc.)
Timestream
Time series DB
Amazon QLDB
Ledger for recording financial transactions
Managed Blockchain
Hyperledger & Ethereum
Glue
ETL Service (prepare data for loading)
DMS
DB migration service, migrate DB’s to other DB’s.
Note: If you’re migrating a linux machine that has a DB on it, you wouldn’t use DMS. Instead, use application migration service. (You’re migrating the Linux machine that HAS a DB, but not a DB itself)
Docker
Software dev tool to package apps to run on any OS
ECS (Elastic Container Service)
Launch docker containers on AWS
Fargate
Launch docker containers w/o needing to provision
ECR (Elastic Container Registry)
Store docker images to be run by ECR/Fargate
EKS
Kubernetes service
Lambda
For executing individual functions. Pay per request & compute time.
API Gateway
For if you want to build a serverless HTTP API
Batch
Fully managed batch processing server (Batch = function has a start and an end, not continuous)
Light sail
Pretty much easy option for people who don’t wanna learn AWS. Servers, storage, DB’s, networking, all centralized. For quick projects
Cloudformation
Automatically creates AWS infrastructure from your own templates. Infrastructure as code
CDK (Cloud Development Kit)
Way to write cloud infrastructure in a familiar coding language
Beanstalk
Developer centric view for putting all components together (EC2, ASG, ELR, RDS)
CodeDeploy
Automated deployment of applications to EC2 instances
CodeBuild
Compile, test, run, and output code on cloud for artifacts.
CodePipeline
Orchestrates steps to have code automatically pushed to production
CodeArtifact
Storing and retrieving artifacts (dependancies)
SSM (Systems Manager)
Help manage EC2 and on-premise servers at scale
Session Manager
Start secure shell w/o needing SSH for Ec2/On-prem servers
Route 53
Scalable DNS and domain name registration servers. Good for reducing latency/routing connections
Cloudfront
CACHING. Improves read performance by caching content globally on edge locations
S3 Transfer Acceleration
Increase transfer speed. File –> Edge location –> S3 Bucket
Global Accelerator
No caching, all content is passed through. Makes requests faster
Outposts
AWS infrastructure extension to on-premise environments
Local Zones
Smaller ‘AZ’ like zones, lets you connect to niche areas. Ex: Boston in US-EAST-1
Active-Passive v. Active-Active
Active-Passive. 2 Regions. 1 active, 1 passive (no writes)
Active-Active. 2 Regions 2 Actives (both read and write)
SQS (Simple Queue Service)
DECOUPLE. Serverless app to decouple applications
Kinesis
Real-time big data streaming
SNS
Send message to one SMS topic (hub) that then auto routes to right service
MQ
Managed broker service to get traditional apps running on AWS. (Old weird stuff)
Cloudwatch
Metrics for monitoring stuff like Cost, CPU Utilization, Status Checks, etc.)
CloudWatch logs
Real-time monitoring of logs
EventBridge
Scheduling cron jobs (scheduled scripts)
CloudTrail
Logs and monitors AWS account activity for governance and security
X-Ray
Visual analysis/tracing of applications for debugging
CodeGuru
Automated code reviews and application performance recommendations
Health Dashboard
Shows:
Service History (general info)
Your account (events that impacts you directly)
Can also aggregate data
VPC (Virtual Private Cloud)
Private network to deploy resources
NACL (Network access control list)
Filter traffic in/out of a SUBNET
VPC Flow Log
Captures network traffic data for VPC monitoring and analysis
VPC Peering
Connect two VPC’s to talk to eachother
VPC Endpoints
Private connection between VPC and AWS services w/o using internet
Site-to-site
Connect on premise VPN to AWS (less private, fast)
Direct Connect (DX)
Physical connection to AWS (private, slow)
Client VPN
Connecting personal computer to your private network
Transit Gateway
Way to make a star topology instead of peering
AWS Shield Standard
Managed DDoS protection for applications
Other DDoS Protection
Shield Advanced, CloudFront, Route 53, WAF
AWS Network Firewall
Protect entire VPC (layers 3-7)
Firewall Manager
Managing VPC Security groups across multiple accounts
ACM (Certificate Manager)
Provision/manage SSL/TLS certificates
Secrets Manager
Secret managing in RDS
Artifact
Support internal or external audits. Important for stuff like HIPPA
Macie
Find/Protect sensitive data (PII, HIPPA, etc.)
GuardDuty
Machine learning to analyze various logs to detect/protect (Continuous monitoring)INse
Insepctor
Run automated security assessments on EC2, Lambda functions, or containers
Config
Helps record configuration changes over time
Security Hub
Aggregate alerts into one central hub
Detective
Identify the ROOT of security incidents
Access ANalyzer
Find out what resources are shared externally
Rekognition
Detect people or objects in images/videos
Polly
Turn text into speech
Translate
Translate into different languagesLex
Lex and Connect
Lex helps build chatbots. Connect invokes lambda functions for chatbots to use
Comprehend
NLP (natural Language Proccessing)
Sagemaker
Service to build a Machine Learning model
Forecast
Uses machine earning to report future sales forecasts
Kendra
Document searching to extract data from
Personalize
build apps w/ personalized product recommendations
Textract
Extract text from documents to give as data file
Organizations
Allows management of multiple AWS accounts by linking them together into one Organization. Shared billing and pricing discounts
Control Tower
Setup and govern multiple accounts w/ best practices
AWS RAM (Resource Access Manager)
Share resources across accounts (ex: reserved instances not in use on one account are transferred to another)
Service Catalog
Premade products that users can purchase
Pricing Models (4)
- Pay as you go
- Save when you reserve
- Pay less by using more
- Pay less as AWS grows
EC2 Pricing (Most to least expensive)
Dedicated –> On-Demand –> Reserved –> Spot
Lambda Pricing
Pay per call & duration
Compute Optimizer
Makes recommendations to reduce cost and inc. performance
Pricing Calc
Estimate cost for desired architecture
Billing Dashboard
See your bills
Cost allocation Tag
Apply tags to resources to see cost by category
Cost & Usage Report
Most comprehensive billing report
Trusted Advisor
High level AWS account assessment for cost saving
Support Plans (4)
Basic –> Business (24/7 support) –> Enterprise On-Ramp –> Enterprise (business critical support)
STS (Security Token Service)
Create temporary, limited privilege credentials to access resourcesC
Cognito
Way to manage users for a mobile/web app
Identity Center
SSO (Single Sign On) for all AWS accounts in your organization
Workspaces
Provision Windows or Linux desktops
App Stream 2.0
Deliver applications through web-browswer
AWS IoT Core
Connect IoT devices into AWS CloudE
lastic Transcoder
Convert media files into other formats in S3
AppSync
GraphQL
Amplify
Develop and deploy fullstack web/mobile apps
Application Composer
Visually design and build serverless apps
Device Farm
Test mobile/desktop apps across multitude of devices
Backup
Manage and automate backupsD
Disaster Recovery
Backup and Restore
Elastic Disaster Recovery
Recover DB’s, apps, etc.)
DataSync
Incremental to move on premise to AWS
Application Discovery
Plan migration to AWS
Migration Evaluator
Data-driven business case to migrate to AWS
Migration hub
Central location to collect data
Fault Injection
Purposely try to fuck shit up to see if it still works
Step functions
Build serverless visual workflow
Ground Station
Control sattelites
Pinpoint
Marking and communication service (SMS)
Operational Excellence
Ability to run and monitor continusouyl
Security
Ability to protect information
Reliability
Ability to recover information
Performance Efficency
Ability to meet desired requirements
Cost Optimization
Ability to deliver at the lowest possible price
Sustainability
Ability to minimize environmental impacts and optimize over-time
Well-Architectured Tool
Way to check your architecture against the 6 pillars
AWS CAF (Cloud Adoption Framework)
How to leverage AWS
Business Perspective
Ensure cloud investments help company goals
People Perspective
Bridge between technhology and business
Governance Perspective
Orchestrate cloud strategies
Platform Perspective
Build enterprise, scalable platforms
Security Perspective
Achieve CIA (Confidentiality, Integrity, Availability)
Right Sizing
Start small b/c scaling up is easier than down. Making sure your systems match what performance you need
IQ
Quickly find a professional to help with your AWS projects (Like freelancing)
Re:Post
Forms, like stackoverflow
AMS (Managed Services)
Infrastructure and Application support by Amazon.
