Governance/Migration Flashcards
What is Organizations?
allows you to create multiple AWS accounts and control them from a single location rather than having to jump from account to account
What is best practice regarding logging over multiple AWS accounts?
Have one account aggregate all the logs (Cloudtrail supports this)
Can Organizations create and destroy AWS accounts?
Yes
Can reserved instances be shared across accounts?
Yes
If you want consolidated billing, what should you use?
Organizations
If you want to set limits to what certain AWS accounts can do, what should you use?
Service Control Policies (SCP) in Organizations
Can SCP’s be applied to the root account?
yes
What is AWS RAM?
A free service that allows you to share AWS resources with other accounts and within your organization
If you don’t want to duplicate copies in different accounts but want to share resources, what should you use?
AWS RAM
When should you use AWS RAM vs VPC peering?
VPC peering is better for across regions, RAM is better for same region
What is cross-account role access?
temporary access to other accounts that is easily controlled
How often should roles be used in order to grant users access to certain resources or accounts?
All the time
How should temporary employees get access to resources?
Through roles
What is Config?
An inventory management and control tool
If you need the ability to be alerted whenever a rule is violated, what should you use?
Config
If you need to enforce standards, what you should you use?
Config
If you want to track deleted AWS resources, what should you use?
Config
What is Directory Service?
a fully managed version of active directory
What is AD Connector?
A tunnel between AWS and your on premises AD
What is Simple AD?
Standalone directory running in AWS
What is Cost Explorer?
an easy to use tool that allows you to visualize your cloud costs?
By what categorization is the common way to get reports from Cost Explorer?
resource tags
If you need to predict money spent for the upcoming month, what should you use?
Cost Explorer
What is AWS Budgets?
allows organizations to track ongoing spending and create alerts to let users know when they’re spending close to thier limit.
What are the 4 types of budgets you can create with Budgets?
Cost, Usage, Reservation, and Saving plans
What is AWS Cost and Usage Reports?
CUR is a service that gives a comprehensive cost and usage report
How often does AWS update the CUR?
daily
Can you use CUR’s within Organizations?
Yes
Where do CUR’s get stored?
S3
If you want a detailed or daily usage report, what should you use?
Cost Usage Report
What is AWS Compute Optimizer?
A service that analyzes the utilizations of AWS resources and provides reports and graphs to help you decide the best way to optimize resource usage
What must you do to get Compute optimizer?
Opt in
What are savings plans?
Ways to get deals on AWS compute, similar to RI’s
What is trusted advisor?
a fully managed best practice auditing tool
What are the 5 areas trusted advisor looks over?
Cost optimization, performance, security, fault tolerance, service limits
Via what service does trusted advisor let you know things need changing?
SNS
How could you automate fixes that trusted advisor tells you you should make?
Eventbridge to trigger lamda functions
What is AWS Control Tower?
An easy way to set up and govern an AWS multi-account environment
If you want to automate account deployments, what should you use?
Control Tower
If you need to set up guardrails against noncompliant actions AWS accounts could do, what should you use?
Control Tower to leverage service control policies
If you need to manage software licenses with different vendors, what should you use?
AWS License Manager
What is AWS Health?
Gain visibility of resource performance and availability of AWS services or accounts
How can automate actions based on AWS Health alerts?
EventBridge
If you wanted to automate the rebooting of EC2 instances, what services would you utilize to do so?
AWS Health and EventBridge
What is AWS service catalogs?
allows organizations to create and manage catalogs of approved IT services
What is AWS Proton?
Creates and managed infrastructure and deployment tooling for users
If you want to automate infrastructure as code, what should you use?
AWS Proton
What is AWS Well-Architected Tool?
provides a consistent process for measuring cloud architectures and guides for making workloads more reliable, secure, efficient, and cost effective
What are the components of a well architected framework?
operational excellence, reliability, security, performance efficiency, cost optimization, sustainability
What two services are used for preventive and detective guardrails within AWS Control Tower?
AWS Config, AWS Organizations (for SCPs)
If you wanted a way to track AWS architecture and check for best practice violations, what should you use?
AWS Config
If you want to consolidate logs across multiple AWS accounts, what service should you use?
Organizations
What are three mediums of a migrating to AWS?
Over the internet, direct connect, or physically bundling it and delivering it to AWS
What is AWS Snow?
A delivery of harddrives meant for migrating your data to AWS
How much can snowcone transfer?
up to 8TB
How much can snowball transfer?
up to 81 TB
How much can snowmobile transfer?
up to 100 PB
Can the snow family bring AWS data to you?
Yes
What is the typical turnaround for AWS Snow?
a week
What is Storage Gateway?
A hybrid cloud storage service that helps you to merge on-prem resources with the cloud
What are typical use cases for Storage Gateway?
a one-time migration or long term pairing of your on prem architecture with AWS
if you want to back up on your on prem data to S3, what should you use?
file gateway
If you want to back up the drives of your on-prem machines to AWS, what should you use?
Volume Gateway
What is DataSync?
allows you to easily move data from on prem NFS and SMB shared to AWS storage solutions
What endpoints are there for DataSync?
S3, EFS, and FSx
What is the AWS Transfer Family?
allows you to easily move files in and out of S3 or EFS using SFTP, FTPS, or FTP
What is the AWS Transfer Family?
allows you to easily move files in and out of S3 or EFS using SFTP, FTPS, or FTP
If you need to bring legacy application storage to the cloud, what should you use?
AWS Transfer Family
What is AWS Migration Hub
A single place to track the progress of your application migration to AWS
What is AWS Application Discovery Service?
AN easy to way to migrate VM’s to the AWS
What does AWS MGN offer?
Application migration service allows an automated lift and shift of migrating infrastructure to AWS
How is RTO measured?
seconds
How is RPO measured?
sub-seconds
What is AWS Database Migrations Service?
AWS DMS
What is AWS Database Migrations Service?
AWS DMS allows for easy migration of relational databases, data warehouses, noSQL databases, and other data stores to AWS
Can AWS DMS migrate data within AWS to another AWS service?
No, only into and out of AWS
Can you do one time migrations or ongoing migrations with AWS DMS?
both
What is AWS SCT?
AWS Schema Conversion Tool can convert database schemas from one engine to another
What is AWS SCT?
AWS Schema Conversion Tool can convert database schemas from one engine to another
What is a full load migration?
all existing data is moved from source to target in parallel
What is a full load and change data capture migration
full load migration plus it loads any changes occurred during the migration
What is change data capture migration?
Only migrate the changes made in the database
What type of migration is the only one to guarantee transactional integrity?
CDC migration
What service would you use to migrate a database from on-premises to RDS?
Database migration service
What would be the best service to utilize to migrate 80T of data into S3 if you have limited bandwidth at your data center?
Snowball
What service would you use for a one time migration of data into AWS if costs are a factor?
AWS DataSync
