Exam Prep Flashcards
The 6 Advantages of Cloud Computing
- Trade capital expense for variable expense.
- Benefit from massive economies of scale
- Stop guessing about capacity
- Increase speed and agility
- Stop spending $$ running and maintaining data centers
- Go global in minutes
3 Types of Cloud Computing
- Infrastructure as a service (IaaS)
- Platform as a service (PaaS)
- Software as a service (SaaS)
Infrastructure as a Service (IaaS)
You mange the server, which can be physical or virtual, as well as the operating system. Usually the data center provider will have no access to your server.
Platform as a Service (PaaS)
Someone else manages the underlying hardware and operating systems. You just focus on your applications. Someone else worries about security patches, updates, maintenance, etc.
Software as a Service (SaaS)
All you worry about is the software and how you use it.
Ex) Gmail
3 Types of Cloud Computing DEPLOYMENT
- Public Cloud - AWS, Azure, GCP
- Hyrbid - Mix of public and private
- Private (On Prem) - You manage it in your data center, open stack or VM
Availability Zone
Data Center
Region
Geographical area, 2+ regions per AZ
Edge Location
Endpoint for AWS that cache content
CloudFront, CDN (Content Delivery Network)
Rank:
Availability Zone
Region
Edge
Availability Zone < Region < Edge
How do you chose the right AWS Region?
Data Sovereignty Laws
Latency to End Users
AWS Services
What is S3
Simple Storage Service Provides secure, durable, highly scaleable object storage. Flat files, pictures, video, doc, etc... Object based storage 0 - 5 TB
S3 Namespace
Universal - must be unique globally
What happens on a successful S3 upload
HTTP 200 Code
Consistency for S3
- Read after write for PUTS of new objects
- if write, data is immediately available - Eventual consistency for overwrite of PUTS and DELETES
- Update or delete may get old version
- Takes time to change
S3 Guarantees
Availability 99.9%
Durability 99.999999999% (11 9’s)
Features of S3
- Tiered storage availability
- Lifecycle management
- Versioning
- Encryption
- Security through Access Control Lists and Bucket Policies
S3 Storage Classes
- S3 Standard - Designed to sustain loss of 2 AZ concurrently
- S3 IA - Less frequent but rapid access, lower fee but includes retrieval fee
- S3 One Zone IA - Lower cost
- S3 Intelligent Tiering - Optimize cost by moving data between tiers using ML
- S3 Glacier
- S3 Glacier Deep Archive - Retrieval time of 12+ hours
How are you charged for S3
Storage Requests Storage Management Pricing Data Transfer Transfer Acceleration Cross Region Replication
S3 Transfer Acceleration
Enables fast, easy, and secure transfer of files.
Takes advantage of CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to S3 over an optimized path.
Key Fundamentals of S3
Key (name of the object)
Value (data - made up of a sequence of bytes)
What is CloudFront?
A content delivery network (CDN) is a system of distributed servers (network) that deliver webpages adn other web content to a user based on the geographic locations of the user, the origin of the webpage, anda content delivery server.
What is EC2?
Amazon Elastic Compute Cloud (EC2) is a virtual server in the cloud.
Reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change.
EC2 Pricing Model
- On Demand - fixed rate per hour or second
- Reserved - capacity reservation, 1 to 3 year contracts, significant per hour discount
- Spot - bid on price if flexible start and end times
- Dedicated Hosts - physical EC2 servers, use existing server bound license
On Demand pricing is useful for….
- users who want low cost and flexibility of EC2 without any up front payment or long term commitment
- applications with short term, spiky, or unpredictable workloads that cannot be interrupted
- applications being developed or tested in EC2 for the first time
Reserved pricing is useful for….
- applications with steady state or predictable usage
- applications that require reserved capacity
- users able to make up front payments to reduce their total computing cost even further
Reserved Pricing Types
- Standard Reserved Instance - 75% off on demand, the more you pay up front and the longer the contract, the greater the discount
- Convertible Reserved Instance - 54% off on demand
- Scheduled Reserved Instance - available to launch within window reserved
Spot Pricing is useful for….
- applications that have flexible start and end times
- applications that are only feasible as very low compute prices
- users with urgent computing needs for large amounts of additional capacity
Dedicated Host pricing is useful for….
- regulatory requirements that may not support multi-tenant virtualization
- great for licensing which does not support multi-tenancy or cloud deployments
- can be purchased on demand (Hourly)
- can be purchased as a reservation for up to 70% off the on demand price
What is Amazon EBS?
Allows you to create storage volumes and attach them to EC2 instances. Once attached you can create a file system on top of these volumes, run a database, or use them in any other way you would use a block device. EBS volumes are placed in specific AZ where they are automatically replicated to protect you from failure of a single component.
Types of EBS
SSD
a. General Purpose SSD (GP2) - balances price and performance for a wide variety of workloads
b. Provisioned IOPS SSD (IO1) - highest performance SSD volume for mission critical low latency or high throughput workloads
Magnetic
a. Throughput Optimized HDD (ST1) - low cost HDD volume for frequently accessed throughput, intensive workloads
b. Cold HDD (SCI) - Lowest cost HDD volume for less frequently accessed workloads (file servers)
c. Magnetic - previous generations
If the spot instance is terminated by EC2….
….you will not be charged for a partial hour of usage
If you terminate the EC2 spot instance yourself….
….you will be charged for an hour in which the instance ran
Key Features of Amazon RDS
Multi zone AZ for disaster recovery
Read replicas for performance
Amazon’s Non-Relational Database is called….
DynamoDB
OLTP vs OLAP
Online Transaction Processing (OLTP) differs from Online Analytical Processing (OLAP) in terms of the types of queries ran.
OLTP ex) Order #1234
OLAP ex) Net profit for EMEA and Pacific
Amazon’s data warehouse solution is…
Amazon Redshift
What is ElasticCache
Web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches, instead of relying on slower disk based databases.
ElasticCache supports 2 open sourced in-memory caching engines
- Memcached
2. Redis
Amazon RDS supports what 6 database engines?
- SQL
- MySQL
- PostgreSQL
- Oracle
- Amazon Aurora
- MariaDB
Which AWS Services are global?
- IAM
- Route53
- CloudFront
- SNS
- SES
Some AWS services give global views but are regional. Which are these?
Amazon S3
Which AWS Services can be used on premise?
- Snowball
- Snowball Edge
- Storage Gateway
- CodeDeploy
- Opsworks
- IOT Greengrass
Which AWS Service can use used to deploy applications on premise?
- CodeDeploy
- Opsworks
What is CloudWatch?
A monitoring service to monitor your AWS resources as well as the applications that you run on AWS
- Monitors performance
What can CloudWatch monitor?
Compute
- EC2 Instances
- Autoscaling Groups
- Elastic Load Balancers
- Route53 Health Checks
Storage and Content Delivery
- EBS Volumes
- Storage Gateways
- CloudFront
CloudWatch and EC2 host metrics consist of….
- CPU
- Network
- Disk
- Status check
CloudWatch with EC2 will monitor events every ____ minutes by default
5
You can have 1 minute intervals by turning on detailed monitoring
AWS Systems Manager allows you to ….
….manage your EC2 instances at scale
Piece of software installed on each VM
Inside or on premise
run command used to install, patch, uninstall
integrates with CloudWatch to create dashboard
The 4 types of Support Packages
Basic - Free
Developer - $29+ / month
Business - $100+ / month
Enterprise - $15,000+ / month (get a TAM)
IAM stands for….
….Identity Access Manager
when you create a user/group it is global
How do you access the AWS Platform
- via the Console
- Programmatically using Command Line (CLI)
- using the Software Developers Kit (SDK)
What is the Root account?
the email address used to set up your AWS account. The root account always has full admin access. You should not give these account credentials away to anyone. Instead create a user for each individual within your organization. You should always secure the root account using multi-factor authentication.
A group is….
….a place to store your users. Your users will inherit all permissions that the group has.
Ex) A group is developers, sys admin, finance, HR, etc.
To set permissions in a group….
….you need to apply a policy to that group
A policy is….
….consists of a Java Script object notation (JSON). These are referred to as key value pairs. You have your name then the value
[“name” ; “A Cloud Guru”]
The origin in….
….the origin of all files that the CDN will distribute
S3 Bucket
EC2 Instance
Elastic Load Balancer
Route53
Edge Locations
- Read/Write
- Objects cached for the life of the TTL (Time to Live)
- Can clear cached objects but will be charged
Common Ports
Linux = SSH (Port 22) Microsoft = Remote Desktop Protocol (Port 3389) HTTP = Port 80 HTTPS = Port 443
Firewall Settings
To let everything in 0.0.0.0/0
To let in one IP x.x.x.x/32
Security Groups
Virtual firewall in the cloud
- Need to open up ports to use them
SSH 22
HTTP 80
HTTPS 443
RDP 3389
Always design for….
….FAILURE
Security of roles
Roles are much more secure than using access key id’s and secret access keys are easier to manage.
Roles are universal. You do not need to specify what region they are in
Types of Load Balances
Application Load Balancer - Layer 7 (make intelligent decisions)
Network Load Balancer - Extreme performance / static IP addresses
Classic Load Balancer - Test and develop, keep costs low
Amazon’s Graph Database
Amazon Nepture
- Scalability
- High availability
What is a DNS?
Domain Name System
- process computers use to resolve domain names to IP Addresses
- Route53
- Global
- Direct traffic around the world, register names
What is Elastic Beanstalk?
Quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications. You simply upload your application and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing,scaling, and application health monitoring.
What is AWS Cloud Formation?
Service that helps you model and set up your AWS resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (EC2, RDS, etc.) and AWS Cloud Formation takes care of provisioning and configuring those resources for you. You don’t need to individually create and configure AWS resources and figure out what is dependent on what.
Elastic Beanstalk vs Cloud Formation
Elastic Beanstalk is limited in what it can provision and is not programmable.
Cloud Formation can provision almost any AWS Service and is completely programmable.
What is AWS CloudWatch?
- used for monitoring performance
- can monitor most of AWS as well as your applications that run on AWS
- CloudWatch with EC2 will monitor events every 5 minutes by default
- You can have 1 minute intervals with detailed monitoring
- You can create alarms with trigger notifications
- All about performance
Features of Consolidated Billing
- account charges can be tracked individually
- a single bill is issued containing the charges for all AWS accounts
- multiple standalone accounts are combined and may reduce your bill
9 Sections of the Cloud Formation template?
AWSTemplateFormationVersion Description Metadata Parameters Mappings Conditions Transform Resources (required) Outputs
What does S3 Transfer Acceleration use to get your data into AWS quicker?
Edge Locations
There are at least ____ availability zones per AWS region?
2
IAM Policies are written using….
….JSON
Amazon Lightsail is an example of what?
Platform as a Service (PaaS)
Route53: Simple Routing Policy
used for a single resource that that performs a given function for your domain
Route53: Failover Routing Policy
use when you want to configure active-passive failover
Route53: Geolocation Routing Policy
use when you want to route traffic based on the location of your users
Route53: Geoproximity Routing Policy
use when you want to route traffic based on the location of your resources and optionally shift traffic from resources in one location to resources in another
Route53: Latency Routing Policy
use when you have resources in multiple AWS regions and you want to route traffic to the region that provides the best latency
Route53: Multivalue Answer Routing Policy
use when you want Route53 to respond to DNS queries with up to 8 healthy records selected at random
Route53: Weighted Routing Policy
use to route traffic to multiple resources in proportion that you specify
CapEx vs OpEx
CapEx (Capital Expenditure) - you pay up front. It is a fixed, sunk cost
OpEx (Operational Expenditure) - you pay for what you use. ex) electricity, gas, water, etc
Basics of Cloud Pricing Policy
- pay as you go
- pay less when you reserve
- pay even less per using by using more
- pay even less as AWS grows
- custom pricing
3 Fundamental Drivers of Cost within AWS
Compute
Storage
Data Outbound
AWS 1 year Free Services
Amazon VPC Elastic Beanstalk Cloud Formation IAM Auto Scaling Opsworks Consolidated Billing
What determines the price of EC2
- clock hours of server time
- instance type
- pricing model
- number of instances
- load balancing
- detailed monitoring
- auto scaling
- elastic IP addresses
- operating system and software packages
Amazon Neptune stores data as a….
….node and the relationship between each node
Amazon Aurora supports what instance class?
Burstable Performance
Memory Optimized
Amazon Aurora Security
- Aurora requires both authentication and permissions for users to access tables
- IAM policies can be used to assign permissions to users
- Security groups are used to control access to the database instance
Core components of DynamoDb
Tables, Items, Attributes
Primary Key, Partition Key, Sort Key
Secondary Indexes - Global and Local
DynamoDB Stream - captures data modification events, near real time, order of occurrence
*Can have a table without an index, or have more than one index on a table
Amazon Aurora Pricing Models
On Demand
Reserved
Serverless
Amazon RDS Security
- Amazon VPC is used to isolate your database from internet traffic
- Connections to the database are secured using SSL
- Security groups are used to control access to the database instance
DynamoDB Security
- IAM is used to manage credentials for DynamoDb
- Fully managed encryption at rest is supported
Valid Capacity Models for DynamoDB
On Demand
Provisioned
AWS is responsible for security ___ the cloud
OF
AWS Foundation Services: Compute, Storage, Database, Networking
AWS Global Infrastructure: Availability Zones, Regions, Edge Locations
Customers are responsible for their security ____ the cloud
IN
Customer Data
Platform, Applications, IAM
Operations System, Network and Firewall configuration
Client Side Data Encryption; Server Side Data Encryption: Network Traffic Protection
With EC2, AWS takes care of server infrastructure including network and storage. You are responsible for managing the database which includes….
- scaling and capacity planning
- implementing high availability and fault tolerance
- database backups
- database software patches
- database software installs
- operating system patches
Which tool is required in a heterogenous database migration between on-premises Microsoft SQL Sever to Amazon Aurora MySQL?
AWS Schema Conversion Tool (AWS SCT)
What determines the price for Lambda
Request pricing
- Free Tier: 1 million requests/month
- $0.20 per 1 million requests thereafter
Duration Pricing
- 400,000 GB-seconds per month free, up to 3.2 million seconds of compute time
- $0.000016667 for every GB-second used thereafter
Additional Charges
- You may incur additional charges if your Lambda function uses other AWS services or transfers data. For ex, if your lambda functions reads and writes data to or from S3,you will be billed for the read/write requests
What determines price for EBS?
Volume (per GB)
Snapshots (per GB)
Data Transfer
What determines price for S3?
Storage Class (Standard or IA or 1AZ IA etc)
Storage
Requests (GET,PUT,COPY)
Data Transfer
What determines price for Glacier?
Storage
Data Retrieval Times
What is Snowball?
AWS Snowball is a PB-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud.
While pricing models vary across services, it’s worthwhile to review key principles and best practices that are broadly applicable.
- Understand the fundamentals of pricing
- Start early with cost optimization
- Maximize the power of flexibility
What determines the prices for Snowball?
Service fee per job
- Snowball 50TB $200
- Snowball 80TB $250
Daily Charge
- First 10 days are free, after that it’s $15/day
Data Transfer
- Data transfer in to S3 is free. Data transfer out is not.
What determines the price for RDS?
- Clock hours of server time
- Database characteristics
- Database purchase type
- Number of database instances
- Provisioned storage
- Additional storage
- Requests
- Deployment Type
- Data Transfer
