FlashCards

Question

Ec2 Reserved Instance

Answer 1

Up to 75% discount compared to on demand. Reservation period (1 to 3 years) No upfront, all up front, partial upfront Reserve a specific instance - no changing Recommended for steady state usage application —> think database

Answer 2

Similar to reserved instance but you can change the EC2 instance type Up to a 54% discount

Answer 3

Launch within the time window you reserve When you require a fraction of day/week/month Still have to commit 1 to 3 years

Answer 4

Can get a discount up to 90% Instance you can lose at any point if your max price is less than current spot price Most cost efficient Example Workloads: Batch jobs, Data analysis, image processing, distributed workloads, workloads with flexible start and end times. NOT SUITED FOR CRITICAL WORKLOADS

Answer 5

Its a dedicated physical server to your workload. No sharing with other customers. More expensive Allocated to your account for 3 year reservation period. BYOL For companies with strong regulatory compliance

Answer 6

Elastic Block Store - Network drive you attach to your instance - Can only be attached to one EC2 at a time - bound to a specific AZ - Have to provision Capacity up front

Answer 7

Backup (snapshot) of your EBS volume at a point in time | Can copy snapshots across AZ’s

Answer 8

``` Amazon Machine Image It;s a customization of an EC2 instance Add your own software if you want 3 ways to use: 1. A public AMI - One AWS provided 2. Your own AMI template - you created 3. Buy one from AWS marketplace from another user. ```

Answer 9

High performance disk Why? Better performance I/O EC2 instance store loses their storage if they are stopped Good for buffer/cache/scratch data/temp Backup and replication are user responsibility.

Answer 10

Elastic File System -Managed NFS (Network File System) can be mounted to 100s of instances Shared network file system Only works with EC2 and across multiple AZ Highly available, scalable, expensive, pay per use and NO capacity planning

Answer 11

increases the number of instances for your application | EX: Load balancing by adding more EC2 instances to handle increased utilization

Answer 12

Increasing the size of the instance. EX: Starting with a t2.micro then increasing to a t2.large. Very common for NON distributed systems like databases Limit is on the hardware - dictates how much you can vertically scale.

Answer 13

Running an app in 2 availability zones | Goal of HA is surviving a data center loss.

Answer 14

Ability to accommodate a larger load by making hardware stronger. Either scaling up or out.

Answer 15

Once a system is scalable - Elasticity means that there will be some auto scaling so the system can handle the workload expansions. “Cloud Friendly”. Pay per use so you can match demand and optimize cost.

Answer 16

Not related to elasticity or scalability - Means that new IT resources are just a click away. Reduce time to make resources available to your devs.

Answer 17

they are servers that forward internet traffic to multiple servers (EC2 instances) downstream. Hit the load balancer first then it routes traffic to an instance. Allows you to scale better to spread out the load when traffic comes in.

Answer 18

- Spread the load out amongst instances - Expose a single point of access (DNS) to your application - Seamlessly handle failures of downstream instances - Health checks - HA across AZs - Provide SSL terminations (HTTPS) for your websites.

Answer 19

Application load balancer - layer 7 Network load balancer - Layer 4 Classic Load balancer (Slowly retiring) Layer 4 and 7

Answer 20

This is a managed Load Balancer from AWS. - AWS guarantees it will be working - AWS takes care of upgrades, maintenance, HA - AWS provides only a few config options

Answer 21

Goals of Auto Scaling Group (ASG) - Scale out (add EC2 instances) to match and increase load - Scale in (remove instances) to match decreased load - Ensure we have max/min number of machines running - Automatically register new instances to a load balancer - Replace unhealthy instances

Answer 22

Main building blocks of AWS cloud storage USE CASES: -Back up, DR, Archive, Hybrid cloud storage, app hosting, media hosting, data lakes, software delivery, and static websites.

Answer 23

Many ways - user based IAM policies - Bucket policies - bucket wide rules from S3 console - Object Access control list (ACL) - finer grain - Bucket Access control list (ACL) - bucket level and less common.

Answer 24

You can version files in S3. -enabled in bucket settings Why versioning? -Protect against unintended deletes (ability to restore a previous version) -Easy roll back to a previous version. Note: Suspend versioning does not delete previous versions.

Answer 25

- Asynchronous replication between two buckets - Most enable versioning in source and destination - Cross region replication (CRR) - Same region Replication (SRR) - buckets can be in different accounts - Copying must be ASYNCHRONOUS.

Answer 26

- S3 Standard - general purpose - S3 Standard - Infrequent access - S3 One Zone - infrequent access - S3 Intelligent Tiering - S3 Glacier - S3 Glacier Deep Archive

Answer 27

99.99% availability -used for frequently accessed data -Low latency and high throughput -can sustain 2 concurrent facility failures Use Case: -Big data Analytics -Mobile & Gaming apps -Content distribution

Answer 28

Suitable for data that is less frequently accessed but requires rapids access when needed -lower cost compared to S3 standard but there is a retrieval fee Can sustain 2 facility failures. Use Case: Data store for DR & backups

Answer 29

Same low latency and throughput performance as S3 standard Cost optimized by automatically moving objects between two access tiers based on changing patterns. Frequent and infrequent access. Resilient against events that impact entire AZ.

Answer 30

Same as IA but data is stored in a single AZ. Not moved around for durability 99.5% availability Low latency and high throughput performance Lower cost compared to S3-IA by 20% Use Case: storing secondary backup of on prem & storing data you can recreate

Answer 31

Low cost object storage Meant for archiving/backup Data retention for long term (years) Retrieval times: Glacier - expedited (1 to 5 min), standard (3 to 5 hours), bulk (5 to 12 hours) Glacier Deep archive (CHEAPEST): Standard (12 hours), bulk (48 hrs)

Answer 32

Physical data transport solution that helps move TB or PB’s of data in or out of AWS. Alternative to moving that data over network. Use case: large cloud migrations, DC decommission, DR.

Answer 33

100TB and adds computational capabilities to the device -You can perform processing on the go. -very useful to pre-process data while its moving. Use Case: data migration, image collection, Iot capture, machine learning

Answer 34

Large truck that comes to you and transfers EB or PB of data.

Answer 35

Hybrid cloud storage. Part of infrastructure is on prem and the other part is in the cloud.

Answer 36

Relational Database service It’s a managed DB service and uses SQL as query language Compatible with: Postgres, MySQL, MariaDB Automated provisioning, OS patching, continuous backups (point in time), read replicas for improved read performance, multi AZ set up for DR, scales (Vertically or horizontally)

Answer 37

Aurora is a proprietary DB from AWS (not open sourced) Postgres and MySQL are supported Cloud optimized and is 5x more performance than MySQL on RDS Elastic - can grow Costs more than RDS but more efficient

Answer 38

Cache are in memory databases with high performance and low latency Helps reduce load off DB for read intensive workloads AWS takes care of OS maint/patching, optimizing, setup, config, monitoring and failure recovery and Backup.

Answer 39

Fully managed HA with replication across 3 AZ It’s a NoSQL database - not relational SCales to massive workloads, distributed “serverless” database. Millions of requests per second Fast and consistent performance Single digit millisecond latency

Answer 40

DB based on PostgresSQL but not used for OLTP It;s OLAP - Online analytical Processing Load data once every hour 10x better performance than other data warehouses Scale to PB of data MPP - Massively parallel Query execution BI tools such as quick sight or Tableau integrate with it

Answer 41

Elastic MapReduce Helps create Hadoop clusters (big Data) to analyze and process data Also supports - Apache spark, Hbase, Presto Flink EMR takes care of all the provisioning and configuration Auto scaling and integrated with spot instances.

Answer 42

Fully serverless database with SQL capabilities Used to query data in S3 Pay per Query Output results back to S3 Use Case: One time SQL queries, serverless queries on S3, log analytics

Answer 43

Migrating databases, use this service. The source database is still available during migration Supports: Homogeneous migrations (oracle DB to oracle DB) Heterogeneous migrations: MS SQL to Aurora.

Answer 44

Manage extract, transform and load services (ETL). Useful to prepare and transform data for analytics. Fully serverless

Answer 45

Reference of everything in your databases | Can be used by Athena, redshift, or EMR

Answer 46

Software development platform to deploy apps Package apps into containers that can be run on any OS easily No compatibility issues, any machine, less work, easier to maintain and deploy, works with any language, OS, any technology.

Answer 47

Where all docker images are stored. | Amazon has one - Amazon ECR - Elastic container registry.

Answer 48

Elastic Container Service Launch docker containers on AWS You have to provision infrastructure (EC2 instances) AWS takes care of starting/stopping containers Has integration with the application load balancer.

Answer 49

Launch docker containers on AWS You don’t have to provision instances Fully Serverless AWS just runs the containers for you based on CPU/RAM you need.

Answer 50

S3 DynamoDB Fargate Lambda

Answer 51

Virtual functions - no servers to manage - functions as a service Limited by time - short executions Run on demand Scaling is automated Pay per request and compute time. Integrated with the whole AWS suite of services

Answer 52

Fully managed processing at any scale Efficiently run 100,000s of computing batch jobs on AWS Has a start and end (not continuous) AWS batch provisions the right amount of compute/memory You submit or schedule the batch job and AWS does the rest. batch jobs are defined as docker images and run on ECS.

Answer 53

Virtual servers, storage, database and networking Low and predictable pricing Great for people with little or no cloud experience Use Cases: Simple web apps, websites (DB driven), Dev/test environment Has HA but NO AUTO SCALING - Limited AWS integration

Answer 54

Elastic Container Registry Private docker image repository on AWS. AWS proprietary.

Answer 55

Declarative away of outlining your AWS infrastructure through Code.

Answer 56

Infrastructure as code - changes to infrastructure are reviewed through code review. Cost - Auto tagged when created to track cost Productivity - Declarative programming, there is no need to figure out order or orchestration. Don’t reinvent the wheel Supports almost all AWS resources

Answer 57

Developer centric view of deploying an application on AWS This is a Platform as a Service - just worry about the code Beanstalk is free but you pay for the resources you provision. It’s a managed service

Answer 58

Fully managed deployment service that automates software deployments to a variety of compute services. Deploy application automatically and be able to upgrade our app to the second version.

Answer 59

Systems manager -Helps you manage your fleet of EC2 and on prem systems at scale Hybrid service Operational insights about the state of your infrastructure Features: Patching automation, run commands, store parameter config with SSM parameter store.

Answer 60

It’s a managed Chef and puppet service | Alternative to AWS SSM

Answer 61

Managed DNS (domain name system) Route 53 Routing Policies -simple routing policy - no health checks just IP to a name -Weighted Routing policy - Distributed based on percentage of traffic (has health checks) -Latency routing policy (has health checks)Redirects to the shorted latency per request. Minimize latency for the user. -Failover Routing policy - (has health checks) routes based on if the first place fails. Helps with DR.

Answer 62

Content Delivery Network Content is cached at edge locations around the world. 216 Edge locations Helps with DDoS protection (worldwide), integrates with Shield and AWS WAF.

Answer 63

Increase transfer speed by transferring file to an AWS edge location which will forward the date to the S3 bucket in the target region. use private high speed network - AWS backbone to move data much faster. Only used when you want to upload or download a file that is far away from you.

Answer 64

No caching, proxying packets at the edge applications running in one or more AWS regions.

Answer 65

Amazon Simple Queue Service Something sends messages to the SQS service and it sits in a Queue. Something else comes and takes the message and acts on it. Oldest offering on AWS Fully managed, serverless No limit to how many messages can sit in the Queue

Answer 66

Simple Notification Service You want to send one message to many receivers. they are called SNS topics - Subscribers receive messages.

Answer 67

CloudWatch provides metrics for every service in AWS You can create CloudWatch Dashboard of metrics. Ex: EC2 Utilization, status check, network, ect.

Answer 68

``` Alarms are used to trigger notifications for any metric. Alarm actions include: Auto scaling - increase or decrease EC2 actions - stop/reboot/terminate ect. SNS notifications ```

Answer 69

Can collect from: Elastic Beanstalk ECS collection EC2 - you need a CloudWatch agent on EC2 to push those logs files you want.

Answer 70

Schedule cron jobs every hour. Event pattern: rules to react to a service doing something. IAM root user sign in will trigger a message being sent to SNS. Trigger a lambda function. Eventbridge is new and will replace events.

Answer 71

Provides governance compliance and audit your AWS account Enabled by default Get history of events/API calls within your AWS account. Ex: If a resource was deleted, check cloudtrail because it will tell you who deleted it.

Answer 72

Debugging in production Understanding dependencies in a micro service architecture Pinpoint service issues.

Answer 73

This shows status of ALL AWS services across all the regions

Answer 74

AWS events that impact just your infrastructure.

Answer 75

Virtual Private Cloud - | Private network to deploy your resources (regional resources)

Answer 76

Allow you to deploy your resources inside your VPC - Private subnet is one that is not accessible from the internet - Public subnet is one that is accessible from the internet

Answer 77

These help our VPC instances connect with the internet. | Ex: public subnet have a route to the internet gateway

Answer 78

Firewall which controls traffic to and from a subnet. Can have allow and deny rules At the subnet level Rules only include IP addresses This is STATELESS —> Return traffic must be explicitly allowed by rules

Answer 79

This is at the instance level Firewall that controls traffic to and from and ENI or Instance Can only have ALLOW rules This is STATEFUL —>Return traffic is automatically allowed regardless of rule

Answer 80

Capture information about IP traffic | Helps monitor and troubleshoot connectivity issues

Answer 81

Connect two VPC privately using AWS network Make them behave as they were in the same network VPC peering request setup on both instances that need to communicate to each other.

Answer 82

Endpoints allow you to connect to AWS services using a private network instead of public. Enhanced security

Answer 83

Connects your on prem network to AWS via VPN Connection is automatically encrypted Public Can be set up quickly

Answer 84

Established a physical connection between on prem and AWS. Takes a month and it’s a private connection. Expensive

Answer 85

Connect thousands of VPC and on premise networks together in a hub and spoke connection.

Answer 86

Protects against DDoS attacks for your website and application at no cost. Free and automatically activated for all customers.

Answer 87

Protects against DDoS and more complicated attacks on Ec2, Elastic load balancing. Access to the DDoS response team 24/7 Protect against higher fees during usage spike due to DDoS.

Answer 88

Web Application Firewall - Protects your web app from common web exploits (layer 7 - app layer)

Answer 89

Web Access control list - protect from common attack - SQL injection and cross site scripting.

Answer 90

Key Management service - AWS manages encryption keys.

Answer 91

Dedicated hardware (Hardware Security Model). Device is tamper resistant and FIPS secure.

Answer 92

Newer service, meant for storing secrets. Capability to force rotation of secrets every X days. Integrates with Lambda for automation. Encrypted using KMS

Answer 93

Portal that provides customers with on demand access to AWS compliance documentation.

Answer 94

Intelligent threat discover to protect AWS account. Uses ML. No need to install SW. Input data includes, CloudTrail logs, VPC flow logs, DNS logs.

Answer 95

Automated security assessments for EC2 Instances. Analyze the running OS against known vulnerabilities and network accessibility. Must be installed on OS in EC2 instance.

Answer 96

Helps with Auditing and recording compliance of your AWS resource. Helps record changes in your configuration over time. View compliance of a resource over time. View configuration of a resource over time.

Answer 97

Fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect sensitive data in AWS.

Answer 98

Automatically converts speech to text | Use Cases: Transcribe customer service calls, automate closed captioning, and generate metadata for media assets.

Answer 99

Opposite of Transcribe. Turns text into lifelike speech using deep learning. Allows you to create apps that talk.

Answer 100

Automatic speech recognition (ASR) to convert speech to text. Helps build chat bots and call center bots.

Answer 101

Virtual cloud contact center. Receive calls, create contact flows, cloud based virtual contact center.

Answer 102

For natural language processing - serverless. Uses ML to find insights and relationships in text. Use Case: Analyze customer interactions (via email) to find out if it leads to positive of negative experiences.

Answer 103

Fully managed services for devs to build ML models.

Answer 104

Global service, allows you to manage multiple AWS accounts. The main account is master account. Cost benefit: Consolidated billing, single payment method, Aggregated usage and volume discounts. Pooling reserved instances API is available to automate account creation.

Answer 105

Estimate the savings between on Prem and cloud services. Spits out a 25 page report and tells you cost savings for the major services.

Answer 106

Estimate the cost for your architecture solutions.

Answer 107

High level tool and it shows you free tier Dashboard.

Answer 108

Tag resources to create details on billing reports. You give descriptive tags to explain what you are spending money on.

Answer 109

Most comprehensive billing dataset. Dive deep into cost and usage. Lists AWS usage for each service category used by and account and it’s IAM users in hourly or daily line items. Can be integrated with Athena, redshift, quick sight.

Answer 110

Visual, understand, and manage AWS costs and usage over time. Forecast usage up to 3 months based on previous usage. Can get recommendations on cost savings in the tool.

Answer 111

Billing data metric is stored in CloudWatch US-EAST-1. It’s for actual costs and not projected costs. Intended as a simple alarm and not as powerful as AWS Budgets.

Answer 112

Create budgets and send alarms when costs exceed the budget. | 3 types of budgets: Usage, Cost, Reservations. You can have up to 5 SNS notifications per budget.

Answer 113

High level AWS account Assessment. Analyze your accounts and it provides recommendations in these 5 areas: Cost optimization, Performance, security, Fault Tolerance, Service limits.

Answer 114

Basic, Developer, Business, and Enterprise.

Answer 115

AWS trusted Adivsor -access to the 7 code trusted advisor checks and AWS Personal Health Dashboard - a personalized view of the health of AWS services you are using.

Answer 116

+ Basic plan Business hour email access to cloud support associate Unlimited cases/1 primary contact Case severity and response times: general guidance < 24 hours. Impaired system < 12 business hours.

Answer 117

Everything from Basic and Developer This is intended to be when you have production worlkloads. 24/7 phone, email, chat access to cloud engineers Unlimited cases/unlimited contacts Access to infrastructure event management. SLA: guidance <24 business hours, system impaired < 12 business hours, production system impaired < 4 hours. Production system down < 1 hour.

Answer 118

Mission critical workloads All of the business support plan Access to a TAM Concierge support team (billing and best practices) Case severity/response time: All the ones in business. Business critical system down < 15 min.