General notes 1 Flashcards

1
Q

SNS vs SQS

A

SNS
* publish/subscriber pattern
* uses push mechanism to immediately deliver messaged to subscribers
* 1 message set out to multiple consumers via topics
* suited to real-time apps
* does NOT persist messages, it delivers to subcribers that are present and then deletes them

SQS
* queueing system
* messages deleived through long polling (pull) mechanism
* 1 message usually consumed by 1 consumer
* suites to message processing use cases
* messages persist (from 1 minute to 14 days), however you should delete from queue after being consumed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

OSI Model 7 layers

A
  • Layer 7 = application (HTTP, FTP SMTP)
  • Layer 6 = presentation (TLS, SSL)
  • Layer 5 = session (sockets)
  • Layer 4 = transport (TCP, UDP)
  • Layer 3 = network (IP, ICMP, IGMP, IPsec)
  • Layer 2 = data (ethernet, wifi)
  • Layer 1 = physical (fiber)

More info - https://twitter.com/alexxubyte/status/1752001717699592287

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Where can Amazon S3 publish events to such as create/delete operations on S3 data?

A

Amazon S3 supports the following destinations where it can publish events:

– Amazon Simple Notification Service (Amazon SNS) topic (publishes to multiple subscribers of the topic, message is automatically deleted when published)

– Amazon Simple Queue Service (Amazon SQS) queue (one recipient, pull mechanism using long polling, message persists unless deleted/expires)

– AWS Lambda

Take note that Amazon S3 event notifications are designed to be delivered at least once and to one destination only. You cannot attach two or more SNS topics or SQS queues for S3 event notification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

API Gateway - handling traffic spikes globally

A

Amazon API Gateway provides throttling at multiple levels including global and by a service call. Throttling limits can be set for standard rates and bursts. For example, API owners can set a rate limit of 1,000 requests per second for a specific method in their REST APIs, and also configure Amazon API Gateway to handle a burst of 2,000 requests per second for a few seconds.

Amazon API Gateway tracks the number of requests per second. Any requests over the limit will receive a 429 HTTP response. The client SDKs generated by Amazon API Gateway retry calls automatically when met with this response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Aurora Auto Scaling

A

Aurora Auto Scaling is particularly useful for businesses that have fluctuating workloads. It ensures that your database cluster scales up or down as needed without manual intervention. This feature saves time and resources, allowing businesses to focus on other aspects of their operations. Aurora Auto Scaling is also cost-effective, as it helps minimize unnecessary expenses associated with overprovisioning or underprovisioning database resources.

In this scenario, the company can benefit from using Aurora Auto Scaling. This solution allows the system to dynamically manage resources, effectively addressing the surge in read traffic during peak periods. This dynamic management of resources ensures that the company pays only for the extra resources when they are genuinely required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Amazon EFS and NFS operating system support

A

Amazon EFS (Elastic File System) does not support Windows systems, only Linux OS.

Amazon NFS (Network File System) is mainly used for Linux.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How to handle bursts in traffic within seconds

A

The requirement is to handle the burst of traffic within seconds. You should use AWS Lambda in this scenario because Lambda functions can absorb reasonable bursts of traffic for approximately 15-30 minutes.

Lambda can scale faster than the regular Auto Scaling feature of Amazon EC2, Amazon Elastic Beanstalk, or Amazon ECS. This is because AWS Lambda is more lightweight than other computing services. Under the hood, Lambda can run your code to thousands of available AWS-managed EC2 instances (that could already be running) within seconds to accommodate traffic. This is faster than the Auto Scaling process of launching new EC2 instances that could take a few minutes or so. An alternative is to overprovision your compute capacity but that will incur significant costs. The best option to implement given the requirements is a combination of AWS Lambda and Amazon API Gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IAM (Identity & Access Management) database authentication

A

You can authenticate to your DB instance using AWS Identity and Access Management (IAM) database authentication. IAM database authentication works with MySQL and PostgreSQL. With this authentication method, you don’t need to use a password when you connect to a DB instance. Instead, you use an authentication token.

An authentication token is a unique string of characters that Amazon RDS generates on request. Authentication tokens are generated using AWS Signature Version 4. Each token has a lifetime of 15 minutes. You don’t need to store user credentials in the database, because authentication is managed externally using IAM. You can also still use standard database authentication.

IAM database authentication provides the following benefits:
* Network traffic to and from the database is encrypted using Secure Sockets Layer (SSL).
* You can use IAM to centrally manage access to your database resources, instead of managing access individually on each DB instance.
* For applications running on Amazon EC2, you can use profile credentials specific to your EC2 instance to access your database instead of a password, for greater security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Metrics not supports in Cloudwatch for EC2 which need a custom metric creating

A

Custom metrics in Cloudwatch:
* Memory utilization
* Disk swap utilization
* Disk space utilization
* Page file utilization
* Log collection

EC2 supports out of the box the following metrics:
* CPU Utilization
* Disk Reads activity
* Network packets out
* etc…

Note: Enhanced Monitoring is a feature of Amazon RDS, not EC2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cardinality in databases

A

In the context of a database, cardinality is a measure of the uniqueness of values in the data. Low cardinality means few unique values; high cardinality means many unique values.

Remember that the more distinct partition key values your workload accesses, the more those requests will be spread across the partitioned space. Conversely, the less distinct partition key values, the less evenly spread it would be across the partitioned space, which effectively slows the performance.

High cardinality is better for performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AWS Resource Access Manager (RAM)

A

Hence, the correct combination of options in this scenario is:
* Consolidate all of the company’s accounts using AWS Organizations.
* Use the AWS Resource Access Manager (RAM) service to easily and securely share your resources with your AWS accounts.

AWS Resource Access Manager (RAM) is a service that enables you to easily and securely share AWS resources with any AWS account or within your AWS Organization. You can share AWS Transit Gateways, Subnets, AWS License Manager configurations, and Amazon Route 53 Resolver rules resources with RAM.

Many organizations use multiple accounts to create administrative or billing isolation, and limit the impact of errors. RAM eliminates the need to create duplicate resources in multiple accounts, reducing the operational overhead of managing those resources in every single account you own. You can create resources centrally in a multi-account environment, and use RAM to share those resources across accounts in three simple steps: create a Resource Share, specify resources, and specify accounts. RAM is available to you at no additional charge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AWS Shield & AWS Shield Advanced

A

AWS Shield = DDoS protection
AWS WAF = SQL injection, XSS protection.

AWS Shield
AWS Shield is a managed distributed denial of service (DDoS) protection service that safeguards applications running on AWS. It provides dynamic detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection.

AWS Shield Advanced
For higher levels of protection against attacks targeting your applications running on Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing(ELB), Amazon CloudFront, and Amazon Route 53 resources, you can subscribe to AWS Shield Advanced. In addition to the network and transport layer protections that come with Standard, AWS Shield Advanced provides additional detection and mitigation against large and sophisticated DDoS attacks, near real-time visibility into attacks, and integration with AWS WAF, a web application firewall.

AWS Shield Advanced also gives you 24×7 access to the AWS DDoS Response Team (DRT) and protection against DDoS related spikes in your Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing(ELB), Amazon CloudFront, and Amazon Route 53 charges.

Note: Even though AWS WAF can help you block common attack patterns to your VPC such as SQL injection or cross-site scripting, this is still not enough to withstand DDoS attacks. It is better to use AWS Shield in this scenario.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Amazon Macie

A

Amazon Macie = PII / sensetive data security service

Amazon Macie is an ML-powered security service that helps you prevent data loss by automatically discovering, classifying, and protecting sensitive data stored in Amazon S3. Amazon Macie uses machine learning to recognize sensitive data such as personally identifiable information (PII) or intellectual property, assigns a business value, and provides visibility into where this data is stored and how it is being used in your organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AWS Directory Service AD Connector

A

Use AWS Directory Service AD Connector for integration with Active Directory.

Note: AWS Directory Service Simple AD just provides a subset of features offered by AWS Managed Microsoft AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

S3 object lock

A

S3 Object Lock provides two retention modes:
* Governance mode - users with specific IAM permissions can overwrite/delete proected object version during retention period
* Compliance mode - no user can overwirte/delete protected object during retention period

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Redis AUTH

A

Using Redis AUTH command can improve data security by requiring the user to enter a password before they are granted permission to execute Redis commands on a password-protected Redis server

17
Q

AWS Glue

A

AWS Glue is a powerful ETL service that easily moves data between different data stores. By using AWS Glue, you can easily create and manage ETL jobs to transfer data from various sources, such as Amazon S3, Amazon RDS, and Amazon Redshift. Additionally, AWS Glue enables you to transform your data as needed to fit your specific needs. One of the key advantages of AWS Glue is its automatic schema discovery and mapping, which allows you to easily map data from different sources with different schemas.

When working with big data processing, it is often necessary to convert data from one format to another to optimize processing efficiency. Apache Parquet is a columnar storage format that is designed to provide higher efficiency and performance for big data processing. By storing and processing large amounts of data with high compression rates and faster query times, Parquet can offer significant benefits to the company. Fortunately, Parquet is compatible with many data processing frameworks such as Spark, Hive, and Hadoop, making it a versatile format for big data processing. By using AWS Glue and other AWS services, you can easily convert their .csv files to the more efficient Apache Parquet format and store the output files in an S3 bucket, making it easy to access and process large amounts of data.

https://tutorialsdojo.com/aws-glue/

18
Q

S3 Object Lock

A

With S3 Object Lock, you can store objects using a write-once-read-many (WORM) model. Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. You can use Object Lock to help meet regulatory requirements that require WORM storage, or to simply add another layer of protection against object changes and deletion.

19
Q

RDS multi-az replica

A

When you create or modify your RDS database instance to run as a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. Updates to your DB Instance are synchronously replicated across Availability Zones to the standby in order to keep both in sync and protect your latest database updates against DB instance failure.

20
Q

Tracking changes in Aurora database

A

You can invoke an AWS Lambda function from an Amazon Aurora MySQL-Compatible Edition DB cluster with a native function or a stored procedure. This approach can be useful when you want to integrate your database running on Aurora MySQL with other AWS services. For example, you might want to capture data changes whenever a row in a table is modified in your database.

RDS events only provide operational events such as DB instance events, DB parameter group events, DB security group events, and DB snapshot events. What we need in the scenario is to capture data-modifying events (INSERT, DELETE, UPDATE) which can be achieved thru native functions or stored procedures

21
Q

DynamoDB Streams

A

A DynamoDB stream is an ordered flow of information about changes to items in an Amazon DynamoDB table. When you enable a stream on a table, DynamoDB captures information about every modification to data items in the table.

Whenever an application creates, updates, or deletes items in the table, DynamoDB Streams writes a stream record with the primary key attribute(s) of the items that were modified. A stream record contains information about a data modification to a single item in a DynamoDB table. You can configure the stream so that the stream records capture additional information, such as the “before” and “after” images of modified items.

Amazon DynamoDB is integrated with AWS Lambda so that you can create triggers—pieces of code that automatically respond to events in DynamoDB Streams. With triggers, you can build applications that react to data modifications in DynamoDB tables.

DynamoDB Stream is local to DynamoDB. It only captures granular level changes made to DynamoDB tables. But, Kinesis Stream allows consuming and producing large volumes of data from any source. DynamoDB and Kinesis Stream default data retention is only up to 24 hours

22
Q

File gateway

A

A file gateway supports a file interface into Amazon Simple Storage Service (Amazon S3) and combines a service and a virtual software appliance. By using this combination, you can store and retrieve objects in Amazon S3 using industry-standard file protocols such as Network File System (NFS) and Server Message Block (SMB). The software appliance, or gateway, is deployed into your on-premises environment as a virtual machine (VM) running on VMware ESXi, Microsoft Hyper-V, or Linux Kernel-based Virtual Machine (KVM) hypervisor.

The gateway provides access to objects in S3 as files or file share mount points. With a file gateway, you can do the following:
* You can store and retrieve files directly using the NFS version 3 or 4.1 protocol.
* You can store and retrieve files directly using the SMB file system version, 2 and 3 protocol.
* You can access your data directly in Amazon S3 from any AWS Cloud application or service.
* You can manage your Amazon S3 data using lifecycle policies, cross-region replication, and versioning. You can think of a file gateway as a file system mount on S3.

23
Q

AWS Artifact

A

AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).

Note: AWS Macie = PII/security
Amazon Inspector = vulnerability management service

24
Q

EFS lifecyle

A

maximum days for the EFS lifecycle policy is only 90 days

25
Q

AWS Kinesis Streams

A

Kinesis Data Streams integrates seamlessly with AWS Lambda, which can be utilized to transform and anonymize the Personally Identifiable Information (PII) in transit prior to storage