Exam 7 services Flashcards
Amazon Managed Service for Prometheus
Fully managed monitoring service
Prometheus - an open-source monitoring and alerting toolkit, similar to CloudWatch.
Cloud-agnostic
Amazon Managed Service for Prometheus
Fully managed visualisation and analysis service
Grafana - open source visualisation and analytics dashboards. Similar to dashboard elements of CloudWatch
Cloud-agnostic
Amazon KeySpaces and Apache Cassandra.
Amazon Keyspaces is a fully managed database service for running Cassandra workload, Cassandra is the Apache Cassandra Database (NoSQL)
Security Hub (4 points)
- Sums security findings for AWS and partner products.
- Continuous checking of AWS resources for best practice
- Auto fix by integrating with lambda and config.
- Main dashboard to view and manage security posture through AWS
Still quite a general tool
AWS proton (4 points)
- fully managed containerization service
- service and environment templates
- AWS Proton service is an instantiation of a service template
- Useful when frequent resource changes.
QuickSight (2 points)
- Business-Intelligence (BI) for interactive dashboards and visualizations. uses ML
- Can intake from Amazon Athena and S3 (for example)
X-ray (1 point)
- Debug and analyse microservices applications by tracing requests so you can find the root cause.
Elastic Map Reduce (3 points)
- Runs big data applications at PETABYTE scale (e.g. Apache Spark)
- Does stuff like data analysis in logs, web indexes, ML
- Sort of similar to Athena and Redshift.
NetApp ONTAP and FSx for ONTAP (4 points)
- NetApp’s ONTAP is a file system.
- FSx for ONTAP - FULLY MANAGED
- supports NFS, SMB and ISCSi
- Single and Multi-AZ deploys.
Netapp SnapMirror (1 point)
-Replication solution for NetApp storage systems.
Compute Optimizer (4 points)
- Suggests ideal AWS resources for your workloads to lower cost and up performance
- supports 1) EC2, 2) EC2 ASG, 3) EBS, 4) Lambda
- Last 14 days
- Opt-in
AWS timestream (3 points)
- fully managed
- Time-series database for IoT and operational apps.
- Store and analyse trillions of events per day cheaper than SQL databases
AWS Lake Formation (3 points)
- S3 based, Integrates with Redshift, EMR, Amazon Athena
- Provides cross-account permissions
- Has tag-based access control
Transfer Family (2 points)
- Fully Managed
- Secure file transfer over protocols such as SFTP, FTPS, and FTP directly into and out of Amazon S3 or Amazon EFS
SNS mobile push (1 point)
send push notifications to mobile devices
DynamoDB streams (2 points)
- capture changes to items, each change is recorded as a stream record, which can be processed asynchronously.
Transfer Accelerator (2 points)
- Sort of the like the upload version of S3 upload version of Global Accelerator
- Speeds up file upload/download by using CF edge locations.
Key Material vs KMS key (1 point)
Key material: The actual cryptographic key for encrypting/decrypting
KMS key: logical container with the key material, metadata and policies for it’s use
Importing the key material is a one time thing.
FSX with OpenZFS
- NFSI only
- Sub mili-second latency and high-performance storage
CloudTrail Lake (2 points)
- Fully managed
- Collect, store, analyze AWS API activity logs in a data lake. It allows for advanced querying and analysis of logs to enhance security and compliance monitoring.
WAF vs NF (2 points in each for what they do)
WAF - APPLICATION SPECIFIC SECURITY
- Layer 7 - XSS and SQL injection
- Rules to control the web traffic pattern access to the app layer
NF - NETWORK PROTECTION
- The network layer
- Filter traffic coming in and out of VPC, i.e. manage IP addresses and ports.
When to use Aurora Serverless Vs Aurora provisioned
Serverless:
- unpredictable
- infrequent
- sporadic
Provisioned:
- predictable
Are Application load balancers in one region?
YES
AWS Systems Manager Automation runbooks
AWS Systems Manager Automation runbooks are predefined procedures designed to automate common tasks and processes
mysqldump (2)
- Back up MySQL databases hosted on Amazon RDS (Relational Database Service) or on EC2 instances
- Dumps stuff needed to recreate the schema and data
PrivateLink (vs VPC endpoint) (5 points - 1 for VPC endpoint, 4 for Private Link)
VPC endpoint - The ENTRY POINT in your VPC that allows you to connect privately to a service.
AWS PrivateLink - A TECHNOLOGY providing connectivity between VPCs and services.
Can be done with without internet and VPC peering
Can be your own services or provided by AWS
What enables Interface endpoints. Allows injection of an ENI
Transparent Data Encryption (2 points)
- Encrypt Data AT REST
- RDS for SQL and Oracle.
static Anycast IP (2 points)
- single IP advertised from multiple locations simultaneously.
- Traffic sent to this IP address is routed to the nearest/best-performing location via shortest path determined by network’s routing protocol.
- Mainly for global accelerator
TCP vs HTTP(S) healthchecks (2 points)
TCP healthcheck only offered by NLB
HTTP(S) health checks are offered by ALB and NLB
Simple Token Service (2 points)
- Supports SAML
- Good for identity federation, cross-account access and IAM roles.
AWS App Mesh (1 point)
connect, secure, and monitor microservices across your infrastructure.
Kubernetes Autoscalers (2)
- Karpenter - Launch appropriately sized compute resources, more sophisticated
- Cluster Autoscaler - adjust number of nodes in node groups, more traditional.
Kinesis data streams - FIFO and durability
FIFO - yes
Data won’t go missing - yes
Service Health vs Personal Health Dashboard
Service Health Dashboard:
General status and health of AWS services worldwide.
Personal Health Dashboard:
Personalized alerts and information related to issues and events affecting your specific AWS account and resources.
Datasync vs Storage Gateway
AWS Storage Gateway: Use for integrating on-premises environments with cloud storage for backup, archival, and hybrid storage solutions.
AWS DataSync: fast, automated transfers and migrations between on-prem and AWS storage services, especially for large datasets or periodic synchronization.
For S3, EFS, FSX for win file server.
Connects to SMB and NFS
Application Discovery Service (2)
CANT DO ACTUAL MIGRATION
Helps organizations discover and analyze their on-premises applications and infrastructure to plan effective migrations to AWS.
AWS migration service (MGN) (1)
- Primary migration service recommended for lift-and-shift migrations. (Suggested over Elastic Disaster Recovery)
AWS Replication Agent (1)
Component used to facilitate data replication for disaster recovery and backup purposes in AWS
AWS Forecast (1)
time-series forecasting service based on machine learning (ML) and built for business metrics analysis
Step function and task assignment (2)
- Tasks are never duplicated
- assigned once - task to only one worker
Things Cloud Watch Alarms can do (3)
- Trigger SNS
- Change EC2 instance state or EC2 ASG
- Trigger System Manager Automation documents
AWS Snowcone (1)
Small - essentially a rugged portable hard drive - up to 8 tb
Cloudfront viewer and origin policies (3 for each)
Viewer policy - from user to cloudfront edge location or regional edge cache
Viewer:
HTTP/HTTPS
HTTP -> HTTPS
HTTPS only
Origin:
HTTP only
HTTPs only
Match viewer
CloudFront can serve content over both HTTP and HTTPS. You can configure CloudFront to accept only HTTPS requests, redirect HTTP to HTTPS, or accept both.
DR Strategies (4)
- Backup and restore : RPO/RTO of hours
- Pilot light: RPO/RTO 10s of minutes
- Warm Standby: RPO/RTO minutes
- Multi-site active/active: RPO/RTO
Lambda encryption (1)
Technically, Lambda encrypts by default using KMS. BUT using default KMS key, meaning anyone with access to Lambda console could see it.
Better to create new KMS key and uses encryption helpers (explained in another flashcard)
Encryption Helpers (1)
Allow client-side encryption of environment variables in lambda.
Where can read-replicas be for RDS read replicas (1)
In the same AZ, Cross AZ, or Cross Region
API Gateway caching (1)
Can do it. Sort of similar to others, has Cache invalidation, TTL, etc.
Aurora auto-scaling - what is being scaled?
The number of read replicas in the DB cluster.
Native functions and stored procedures
Native Functions: Built-in functions provided by the RDS, perform common operations directly in SQL queries. Efficient and predefined.
Stored Procedures: User-defined programs that encapsulate SQL statements and business logic. stored in DB can include complex logic, parameters, and transaction management.
CloudWatch Alarms vs CloudWatch Logs vs CloudWatch Events (EventBridge)
Alarms:
- Monitor metrics and trigger actions based on threshold breaches.
- Detect issues with resources and automatically respond to performance metrics or system health changes.
Logs:
- Collect, store, and analyze log data from various sources
- Troubleshoot applications, maintain compliance, and analyze log data for insights.
Events:
- Respond to system events and automate workflows based on changes in AWS resources
- Automate tasks in response to events, integrate services, and manage event-driven processes.
Key diff:
- EVENTS happens when it’s created or a schedule, alarms need a threshold reached.
- Can emit alarms to events
Kendra
Uses NLP and ML to return specific answers to search questions from your data
Device Farm
Application testing service for web and mobile apps. tests on desktop and mobile devices
Amplify
JavaScript library for Frontend and mobile developers building cloud-enabled applications
S3 transition periods with lifecycle policies
IA: 30 DAYS
1 Zone IA: 30 DAYS
Glacier: No time constraint apparently
Glacier deep archive: No time constraint apparently
CloudFront Geoblocking
Can implement blocking based on geographical location. using allow lists.
Can Inspector scan EBS volume?
No
What can types can EBS be encrypted with?
Customer-managed or AWS-managed key, but not AWS owned key.
