Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

2024 ETB - AWS Cloud Key Services > Key Services (Cloud) > Flashcards

Key Services (Cloud) Flashcards

1
Q

Amazon API Gateway

A

Amazon API Gateway is a fully managed serverless service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. APIs act as the “front door” for applications to access data, business logic, or functionality from your backend services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Amazon Athena

A

SQL Query Service

Amazon Athena is a serverless, interactive analytics/query service built on open-source frameworks, supporting open-table and file formats, that makes it easy to analyze data in Amazon S3 using standard SQL. Amazon Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Amazon Aurora

A

Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases. Amazon Aurora is fully managed by Amazon Relational Database Service (RDS), which automates time-consuming administration tasks like hardware provisioning, database setup, patching, and backups. The AWS Product team is responsible for applying patches to the underlying OS for AWS Aurora. You cannot use Amazon Aurora for SQL analysis on S3 based data. Schema change on a relational database is not easy and straight-forward as it is on a NoSQL database. Amazon Aurora does not support flexible schema.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Amazon CloudFront

A

Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. It cannot be used to improve application availability and performance using the AWS global network. It is a global service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Amazon CloudWatch

A

Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. Amazon CloudWatch provides data and actionable insights to monitor applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. This is an excellent service for building Resilient systems. Think resource performance monitoring, events, and alerts; think CloudWatch. Amazon CloudWatch cannot be used to block users from certain geographies. Amazon CloudWatch cannot help in identifying the right AWS services to build solutions on AWS Cloud. It cannot provide the status of your AWS resources. Amazon CloudWatch does not offer any recommendations vis-a-vis AWS best practices for cost optimization, security, and performance improvement. Amazon CloudWatch does not provide the general status of AWS services availability for all Regions. You can create an CloudWatch alarm that sends an email message using Amazon SNS when the alarm changes state from OK to ALARM. The alarm changes to the ALARM state when the average CPU use of an EC2 instance exceeds a specified threshold for consecutive specified periods.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Amazon DocumentDB

A

Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly available, and fully managed native JSON document database service that supports MongoDB workloads. It is easy and cost effective to operate critical document workloads at virtually any scale without managing infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Amazon DynamoDB

A

Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond high-performance at any scale. It’s a fully managed, multi-Region, multi-master, durable, serverless, key-value NoSQL database with built-in security, backup and restore, and in-memory caching for internet-scale applications. You cannot use Amazon DynamoDB for SQL analysis on S3 based data. DynamoDB is not free and you are charged for reading, writing, and storing data in your DynamoDB tables, along with any optional features you choose to enable. Amazon DynamoDB enables customers to offload the administrative burdens of operating and scaling distributed databases to AWS so that they don’t have to worry about hardware provisioning, setup and configuration, throughput capacity planning, replication, software patching, or cluster scaling. You can use Amazon DynamoDB to store recommendation results with the LEAST operational overhead for any scale. Amazon DynamoDB enables developers to build modern, serverless applications that can start small and scale globally to support petabytes of data and tens of millions of read and write requests per second. This enables Amazon DynamoDB to have a flexible schema, so each row can have any number of columns at any point in time. This allows you to easily adapt the tables as your business requirements change, without having to redefine the table schema as you would in relational databases. DynamoDB offers built-in security, continuous backups, automated multi-region replication, in-memory caching, and data export tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Amazon DAX

A

Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available caching service built for Amazon DynamoDB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Amazon EBS

A

Amazon Elastic Block Store (EBS) is an easy to use, high-performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) instances for both throughput and transaction-intensive workloads at any scale. A broad range of workloads, such as relational and non-relational databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS. For the Cloud Practitioner exam, you should consider that an EBS volume can only be mounted to one EC2 instance at a time, so this option is not correct for the given use-case. As a special case, you should note that Amazon EBS Multi-Attach enables you to attach a single Provisioned IOPS SSD (io1 or io2) volume to multiple nitro based instances that are in the same Availability Zone (AZ). It is a block-storage service and not a file storage service. Encryption (at rest and during transit) is an optional feature for EBS and has to be enabled by the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Amazon EC2

A

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the AWS cloud with support for per-second billing, and access to the underlying OS. Hence, it comes under Infrastructure as a Service (IaaS) type of Cloud Computing. EC2 can provision virtual servers on AWS Cloud and access the underlying OS. It is designed to make web-scale cloud computing easier for developers. This is not a free service. You pay for what you use or depending on the plan you choose. You cannot use EC2 to store and deploy docker container images. You cannot use EC2 to plan, schedule and execute your batch computing workloads by provisioning underlying resources. It is NOT a serverless solution. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change. Maintaining the server and its software has to be done by the customer; EC2 cannot handle the application deployment automatically. This is a regional service. EC2 cannot be used to decouple components of a microservices-based application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Amazon ECR

A

Amazon Elastic Container Registry (Amazon ECR) can be used to store, manage, and deploy Docker container images so they can be run by ECS or Fargate. Amazon Elastic Container Registry (Amazon ECR) eliminates the need to operate your container repositories.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Amazon ECS

A

Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast, high-performance container management service that makes it easy to run, stop, and manage Docker containers on a cluster and allows you to easily run applications on a managed cluster of Amazon EC2 instances. You cannot use Amazon ECS to store and deploy docker container images. Amazon ECS allows you to launch Docker containers on AWS, but unlike AWS Fargate, this is not a fully managed service and you need to manage the underlying servers yourself; you must provision and maintain the infrastructure. It is not serverless. Amazon ECS cannot handle the application deployment automatically.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Amazon EFS

A

Amazon Elastic File System (Amazon EFS) is a simple, scalable, elastic, cloud-native fully managed NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on-demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. Amazon EFS is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistent low latencies. It is accessible from Linux instances via the NFS protocol. Amazon EFS supports two forms of encryption for file systems, encryption of data in transit and encryption at rest. This is an optional feature and has to be enabled by user if needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Amazon ElastiCache

A

Amazon ElastiCache is a web service that helps users deploy, manage, and scale in-memory caches in the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Amazon EMR

A

Amazon EMR (formerly Elastic MapReduce) is the industry-leading cloud big data solution for petabyte-scale data processing, interactive analytics, and machine learning using open-source frameworks and tools such as Hadoop, Apache Spark, Apache Hive, Apache HBase, Apache Flink, Apache Hudi, and Presto. Amazon EMR can be used to provision resources to run big data workloads on Hadoop clusters. Amazon EMR provisions EC2 instances to manage its workload. Amazon EMR is not a serverless service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Amazon ETL

A

Amazon Web Services (AWS) ETL (Extract, Transform, Load) is a set of tools and services that helps move data from one system to another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Amazon Eventbridge

A

Amazon EventBridge is a service that provides real-time access to changes in data in AWS services, your own applications, and software as a service (SaaS) applications without writing code. Amazon EventBridge Scheduler is a serverless task scheduler that simplifies creating, executing, and managing millions of schedules across AWS services without provisioning or managing underlying infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Amazon FSx

A

Amazon FSx (File System X) makes it easy and cost effective to launch, run, and scale 3rd party feature-rich, high-performance file systems in the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Amazon FSx for Lustre

A

Amazon FSx for Lustre is a secure and stable Linux distribution specifically designed for use on EC2 instances. For compute-intensive and fast processing workloads, like high-performance computing (HPC), machine learning, EDA, and media processing, Amazon FSx for Lustre, provides a file system that’s optimized for performance, with input and output stored on Amazon S3. There is a one-minute minimum charge for Linux based EC2 instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Amazon FSx for Windows File Server

A

Amazon FSx for Windows File Server provides fully managed, highly reliable, and scalable file storage that is accessible over the industry-standard Service Message Block (SMB) protocol. It is built on Windows Server, delivering a wide range of administrative features such as user quotas, end-user file restore, and Microsoft Active Directory (AD) integration. To support a wide spectrum of workloads, Amazon FSx provides high levels of throughput, IOPS and consistent sub-millisecond latencies. Amazon FSx is accessible from Windows, Linux, and macOS compute instances and devices. For Windows-based applications, Amazon FSx provides fully managed Windows file servers with features and performance optimized for “lift-and-shift” business-critical application workloads including home directories (user shares), media workflows, and ERP applications. It is accessible from Windows and Linux instances via the SMB protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Amazon GuardDuty

A

Amazon GuardDuty is a threat detection service that monitors malicious activity and unauthorized behavior to protect your AWS account. Amazon GuardDuty analyzes billions of events across your AWS accounts from AWS CloudTrail (AWS user and API activity in your accounts), Amazon VPC Flow Logs (network traffic data), and DNS Logs (name query patterns). This service is for AWS account level access, not for instance-level management like an EC2. GuardDuty cannot be used to check OS vulnerabilities. Amazon GuardDuty cannot be used to protect from web exploits such as SQL injection and cross-site scripting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Amazon Inspector

A

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on your Amazon EC2 instances. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API. Amazon Inspector cannot be used to prevent Distributed Denial-of-Service (DDoS) attack. Amazon Inspector cannot provide secure shell access to EC2 instances. It cannot provide the status of your AWS resources. Inspector does not offer any recommendations vis-a-vis AWS best practices for cost optimization, security, and performance improvement. Amazon Inspector cannot be used to protect from web exploits such as SQL injection and cross-site scripting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Amazon Kinesis

A

Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Amazon Kinesis Data Streams

A

Amazon Kinesis Data Streams enables you to build custom applications that process or analyze streaming data for specialized needs. You can continuously add various types of data such as clickstreams, application logs, and social media to an Amazon Kinesis data stream from hundreds of thousands of sources. Within seconds, the data will be available for your Amazon Kinesis Applications to read and process from the stream.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Amazon Lightsail

A

Amazon Lightsail is an easy-to-use cloud platform that offers you everything needed to build an application or website, or launch and manage a virtual private server with AWS. Amazon Lightsail offers several preconfigured, one-click-to-launch operating systems, development stacks, and web applications, including Linux, Windows OS, and WordPress. Lightsail plans include everything you need to jumpstart your project: a virtual machine, SSD- based storage, data transfer, DNS management, and a static IP address. Amazon Lightsail comes with monthly payment plans and does not support per second billing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Amazon Macie

A

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. Macie automatically provides an inventory of Amazon S3 buckets including a list of unencrypted buckets, publicly accessible buckets, and buckets shared with AWS accounts outside those you have defined in AWS Organizations. Then, Macie applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data, such as personally identifiable information (PII). This service is for securing data and has nothing to do with an EC2 security assessment. Macie cannot be used to check OS vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Amazon Managed Blockchain

A

Amazon Managed Blockchain (AMB) is a fully managed service designed to help you build resilient Web3 applications on both public and private blockchains. Amazon Managed Blockchain is a fully managed service that makes it easy to create and manage scalable blockchain networks using the popular open source frameworks Hyperledger Fabric and Ethereum. It allows multiple parties to execute transactions without the need of a trusted, central authority.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Amazon MQ

A

Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers on AWS. Amazon MQ reduces your operational responsibilities by managing the provisioning, setup, and maintenance of message brokers for you. Because Amazon MQ connects to your current applications with industry-standard APIs and protocols, you can easily migrate to AWS without having to rewrite code. If you’re using messaging with existing applications, and want to move the messaging functionality to the cloud quickly and easily, AWS recommends you consider Amazon MQ. It supports industry-standard APIs and protocols so you can switch from any standards-based message broker to Amazon MQ without rewriting the messaging code in your applications. If you are building brand new applications in the cloud, AWS recommends you consider Amazon SQS and Amazon SNS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Amazon Neptune

A

Amazon Neptune is a serverless fully managed graph database service designed for superior scalability and availability. Amazon Neptune Analytics is an analytics database engine for quickly analyzing large volumes of graph data to get insights and find trends from data stored in Amazon S3 buckets or a Neptune database. Amazon Neptune is a fast, reliable, fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets. It’s not the right fit to store recommendation results with the LEAST operational overhead for any scale.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Amazon OpenSearch Service

A

Amazon OpenSearch Service makes it easy for you to perform interactive log analytics, real-time application monitoring, website search, and more. OpenSearch is an open source, distributed search and analytics suite derived from Elasticsearch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Amazon Pinpoint

A

Amazon Pinpoint allows marketers and developers to deliver customer-centric engagement experiences by capturing customer usage data to draw real-time insights. Pinpoint cannot be used to debug performance issues for this serverless application built using a microservices architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Amazon Polly

A

Amazon Polly is a service that turns text into lifelike speech, allowing you to create applications that talk, and build entirely new categories of speech-enabled products. Polly’s Text-to-Speech (TTS) service uses advanced deep learning technologies to synthesize natural sounding human speech.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Amazon Quicksight

A

Amazon QuickSight is a fast, cloud-powered business intelligence (BI) service that makes it easy for you to deliver insights to everyone in your organization. You can create and publish interactive dashboards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Amazon RDS

A

Amazon Relational Database Service (Amazon RDS) is an AWS regional managed cloud database service that helps organizations easily set up, operate, and scale relational databases in the AWS cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. It offers a variety of database engines, including: Amazon Aurora, PostgreSQL, SQL Server, MySQL, MariaDB, Oracle Database, and Amazon RDS on AWS Outposts. RDS can encrypt your database instances. Data that is encrypted at rest includes the underlying storage for DB instances, its automated backups, read replicas, and snapshots. Encryption for RDS is an additional feature and the user needs to enable it. Schema change on a relational database is not easy and straight-forward as it is on a NoSQL database. Amazon RDS does not support flexible schema. Amazon RDS is less operationally efficient than Amazon DynamoDB while building a highly scalable solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Amazon Redshift

A

Amazon Redshift is a fully-managed, petabyte-scale cloud-based data warehouse service designed for large scale data set storage and analysis, that makes it simple and cost-effective to analyze all your data. Amazon Redshift does not support flexible schema. Amazon Redshift is the most popular and fastest cloud data warehouse. Though analytics can be run on Redshift, in the current use case, old data is residing on S3, and Athena is the right choice since analytics can be run directly while data is sitting on S3. You cannot use Amazon Redshift for SQL analysis on S3 based data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Amazon Rekognition

A

Amazon Rekognition is a Software as a Service (Saas) model that can add image and video analysis to your applications using proven, highly scalable, deep learning technology that requires no machine learning expertise. Amazon Rekognition can identify objects, people, text, scenes, and activities in images and videos as well as detect any inappropriate content. Amazon Rekognition also provides highly accurate facial analysis and facial search capabilities that you can use to detect, analyze, and compare faces for a wide variety of user verification, people counting, and public safety use cases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Amazon Route 53

A

Amazon Route 53 provides highly available and scalable cloud Domain Name System (DNS) web service, domain name registration, Routing Policy, and health-checking web services. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. It cannot be used to improve application availability and performance using the AWS global network. Amazon Route 53 cannot provide secure shell access to EC2 instances. You cannot use Amazon Route 53 to connect your on-premises network with AWS Cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Amazon S3

A

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. As S3 is object-based storage, so it cannot be used for file sharing between instances. S3 service is not free and you pay to depend on the storage class you choose for your data. It is not a database service. Amazon S3 is a unique service in the sense that it follows a global namespace but the buckets are regional. You specify an AWS Region when you create your Amazon S3 bucket. This is a regional service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Amazon SNS

A

Amazon Simple Notification Service (Amazon SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications for both application-to-application (A2A) and application-to-person (A2P) communication. The A2A pub/sub functionality provides topics for high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and event-driven serverless applications. Amazon SNS allows applications to send time-critical messages to multiple subscribers through a “push” mechanism, which implies that the receiving applications have to be present and running to receive the messages. Using Amazon SNS topics, your publisher systems can fan-out messages to a large number of subscriber endpoints for parallel processing, including Amazon SQS queues, AWS Lambda functions, and HTTP/S webhooks. Additionally, SNS can be used to fan out notifications to end users using mobile push, SMS, and email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Amazon SQS

A

Amazon Simple Queue Service (Amazon SQS) is a reliable, highly scalable fully managed message queuing service for storing messages as they travel between computers. It enables you to decouple and scale microservices, distributed systems, and serverless applications. Amazon SQS lets you easily move data between distributed application components and helps you build applications in which messages are processed independently (with message-level ack/fail semantics), such as automated workflows. SQS offers two types of message queues - Standard queues vs FIFO queues. SQS cannot be used to monitor CPU utilization for EC2 instances or send emails. It is not a pub/sub messaging service, and it uses a pull-based system. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Amazon SRR

A

Amazon S3 SRR (Same-Region Replication) is an S3 feature that automatically replicates data between buckets within the same AWS Region.

42
Q

Amazon Timestream

A

Amazon Timestream offers fully managed, purpose-built time-series database engines for workloads from low-latency queries to large-scale data ingestion.

43
Q

Amazon Transcribe

A

You can use Amazon Transcribe to add speech-to-text capability to your applications. Amazon Transcribe uses a deep learning process called automatic speech recognition (ASR) to convert speech to text quickly and accurately. Amazon Transcribe can be used to transcribe customer service calls, to automate closed captioning and subtitling, and to generate metadata for media assets.

44
Q

Amazon Translate

A

Amazon Translate is a neural machine translation web service that uses deep learning to deliver more accurate and natural translation than traditional algorithms.

45
Q

Amazon VPC

A

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including the selection of your IP address range, creation of subnets, and configuration of route tables and network gateways. An Amazon Virtual Private Cloud (Amazon VPC) spans all of the Availability Zones (AZ) in the Region. You cannot use Amazon VPC to connect your on-premises network with AWS Cloud.

46
Q

AWS Artifact

A

AWS Artifact is your go-to, central resource for compliance-related information that matters to your organization. It provides on-demand access to AWS security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Different types of agreements are available in AWS Artifact Agreements to address the needs of customers subject to specific regulations. For example, the Business Associate Addendum (BAA) is available for customers that need to comply with the Health Insurance Portability and Accountability Act (HIPAA). It is not a service, it’s a no-cost, self-service portal for on-demand access to AWS compliance reports.

47
Q

AWS Batch

A

AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS. AWS Batch can be used to plan, schedule and execute batch computing workloads across the full range of AWS compute services. AWS Batch dynamically provisions the optimal quantity and type of compute resources (e.g., CPU or memory-optimized instances) and optimizes the job distribution based on the volume and specific resource requirements of the batch jobs submitted.

48
Q

AWS Budgets

A

AWS Budgets gives the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount from the simplest to the most complex use cases. AWS Budgets can set reservation utilization or coverage targets and receive alerts by email or Amazon SNS notification when actual or forecasted cost and usage exceed your budget threshold, or when your actual RI and Savings Plans’ utilization or coverage drops below your desired threshold. Budgets can be created at the monthly, quarterly, or yearly level, and you can customize the start and end dates. You can further refine your budget to track costs associated with multiple dimensions, such as AWS service, linked account, tag, and others. With AWS Budget Actions, you can also configure specific actions to respond to cost and usage status in your accounts, so that actions can be executed automatically or with your approval to reduce unintentional over-spending. Reservation alerts are supported for Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch reservations. You cannot use AWS Budgets to set up consolidated billing and a single payment method for multiple AWS accounts.

49
Q

AWS CAF

A

The AWS Cloud Adoption Framework (AWS CAF) leverages AWS experience and best practices to help you digitally transform and accelerate your business outcomes through innovative use of AWS. AWS CAF identifies specific organizational capabilities that underpin successful cloud transformations. AWS CAF identifies and prioritize transformation opportunities, evaluate and improve your cloud readiness, and iteratively evolve your transformation roadmap. These capabilities provide best practice guidance that helps you improve your cloud readiness. AWS CAF groups its capabilities in six perspectives: Business, People, Governance, Platform, Security, and Operations. Each perspective comprises a set of capabilities that functionally related stakeholders own or manage in your cloud transformation journey. The platform perspective focuses on accelerating the delivery of your cloud workloads via an enterprise-grade, scalable, hybrid cloud environment. It comprises seven capabilities shown in the following figure. Operations perspective helps ensure that your cloud services are delivered at a level that meets the needs of your business. Performance and capacity management under the Operations perspective is part of the AWS CAF. Common stakeholders include Chief Technology Officer (CTO), technology leaders, architects, and engineers.

50
Q

AWS CLI

A

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. CLI cannot be used with language-specific APIs.

51
Q

AWS Cloud Development Kit

A

The AWS Cloud Development Kit (AWS CDK) is an open source software development framework to define your cloud application resources using familiar programming languages.

52
Q

AWS CloudFormation

A

AWS CloudFormation is an infrastructure as code (IaC) service that provides a common language for users easily model, provision, and manage AWS and third-party infrastructure resources needed for your applications across all Regions and accounts in an automated and secure manner by using different programming languages or a simple text file (in YAML or JSON format). In AWS CloudFormation, you have to explicitly specify which resources you want to provision. This is very different from Beanstalk where you just upload your application code and Beanstalk automatically figures out what resources are required to deploy that application. AWS CloudFormation does not provide the general status of AWS services availability for all Regions. You cannot use CloudFormation to track changes to each resource on AWS. CloudFormation cannot auto-scale resources.

53
Q

AWS CloudHSM

A

AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your encryption keys on the AWS Cloud. With CloudHSM, you can manage your encryption keys using FIPS 140-2 Level 3 validated HSMs. It is a fully-managed service that automates time-consuming administrative tasks for you, such as hardware provisioning, software patching, high-availability, and backups. CloudHSM cannot be used to prevent Distributed Denial-of-Service (DDoS) attack. CloudHSM cannot be used for the security assessment of applications deployed on AWS.

54
Q

AWS CloudTrail

A

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. AWS CloudTrail can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. AWS CloudTrail provides the event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services. AWS CloudTrail can record AWS API calls and other activity for your AWS account and save the recorded information to log files in an Amazon Simple Storage Service (Amazon S3) bucket that you choose. By default, the log files delivered by CloudTrail to your S3 bucket are encrypted using server-side encryption with Amazon S3 managed keys (SSE-S3). Think account-specific activity and audit; think CloudTrail. You cannot use CloudTrail to track changes to each resource on AWS. CloudTrail cannot help in identifying the right AWS services to build solutions on AWS Cloud. CloudTrail cannot be used to monitor CPU utilization for EC2 instances or send emails.

55
Q

AWS CloudWatch

A

Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides data and actionable insights to monitor applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. This is an excellent service for building Resilient systems. Think resource performance monitoring, events, and alerts; think CloudWatch. CloudWatch cannot be used to protect from web exploits such as SQL injection and cross-site scripting.

56
Q

AWS CodeArtifact

A

AWS CodeArtifact - AWS CodeArtifact is a fully managed artifact repository (also called code dependencies) service that makes it easy for organizations of any size to securely store, publish, and share software packages used in their software development process.

57
Q

AWS CodeBuild

A

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers, it is serverless.

58
Q

AWS CodeCommit

A

AWS CodeCommit is a secure, highly scalable, managed source control service that makes it easier for teams to collaborate on code. It also provides software version control.

59
Q

AWS CodeDeploy

A

AWS CodeDeploy is a service that automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises.

60
Q

AWS CodePipeline

A

AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates.

61
Q

AWS Compute Optimizer

A

AWS Compute Optimizer is a service that analyzes your AWS resources’ configuration and utilization metrics to provide you with rightsizing optimization recommendations for optimal AWS resources for your workloads to reduce costs and improve performance of your workloads by using machine learning to analyze historical utilization metrics. Over-provisioning resources can lead to unnecessary infrastructure costs, and under-provisioning resources can lead to poor application performance. Compute Optimizer helps you choose optimal configurations for three types of AWS resources: Amazon EC2 instances, Amazon EBS volumes, and AWS Lambda functions, based on your utilization data.

62
Q

AWS Config

A

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. Think resource-specific history, audit, and compliance; think Config.

63
Q

AWS Cost Explorer

A

AWS Cost Explorer is an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. It lets you explore your AWS costs and usage at both a high level and at a detailed level of analysis, and empowering you to dive deeper using many filtering dimensions (e.g., AWS Service, Region, Linked Account). AWS Cost Explorer includes a default report that helps you visualize the costs and usage associated with your top five cost-accruing AWS services, and gives you a detailed breakdown on all services in the table view. The reports let you adjust the time range to view historical data going back up to twelve months to gain an understanding of your cost trends. Cost Explorer does not offer any recommendations vis-a-vis AWS best practices for cost optimization, security, and performance improvement. You cannot use AWS Cost Explorer to set up consolidated billing and a single payment method for multiple AWS accounts. It’s a handy tool to keep track of costs of AWS resources, but auto-scaling is not part of its feature set.

64
Q

AWS CUR

A

The AWS Cost & Usage Report (AWS CUR) contains the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, credit, fees, taxes, discounts, cost categories, Reserved Instances, and Savings Plans. The AWS Cost & Usage Report (AWS CUR) itemizes usage at the account or Organization level by product code, usage type and operation. These costs can be further organized by Cost Allocation tags and Cost Categories. The AWS Cost & Usage Report (AWS CUR) is available at an hourly, daily, or monthly level of granularity, as well as at the management or member account level. The AWS Cost & Usage Report (AWS CUR) cannot provide the estimate of the monthly AWS bill based on the list of AWS services.

65
Q

AWS Database Migration Service

A

AWS Database Migration Service (AWS DMS) is a managed migration and replication service that helps move your database and analytics workloads to AWS quickly, securely, and with minimal downtime and zero data loss. AWS DMS supports migration between 20-plus widely used commercial and open-source databases and analytics engines. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database.

66
Q

AWS Developer Support

A

The AWS Developer Support plan can be used if you are testing or doing early development on AWS and want the ability to get email-based technical support during business hours as well as general architectural guidance as you build and test. This plan only supports general architectural guidance on how services can be used for various use cases, workloads, or applications. This plan provides access to just the core Trusted Advisor checks from the Service Quota and basic Security checks. You do not get access to Infrastructure Event Management with this plan.

67
Q

AWS Direct Connect

A

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS, bypassing the internet to deliver more consistent, lower-latency performance. AWS Direct Connect can establish a private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. When creating a new connection, you can choose a hosted connection provided by an AWS Direct Connect Delivery Partner, or choose a dedicated connection from AWS—and deploy at over 100 AWS Direct Connect locations around the world. AWS Direct Connect provides consistently high bandwidth, low-latency access and it is generally used between on-premises data centers and AWS network. Direct Connect is overkill for the given requirement. AWS Direct Connect can establish a private virtual interface from your on-premise network directly to your Amazon VPC, providing you with a private, high bandwidth network connection between your network and your VPC. This connection is private and does not go over the public internet. It takes at least a month to establish this physical connection.

68
Q

AWS Elastic Beanstalk

A

AWS Elastic Beanstalk is an easy-to-use Platform as a Service (PaaS) model for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. You only manage data and applications. The user uploads code and AWS Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time. There is no additional charge for AWS Elastic Beanstalk - you pay only for the AWS resources needed to store and run your applications. AWS Elastic Beanstalk provisions servers so it is not a serverless service. You cannot use Beanstalk to distribute incoming traffic across multiple targets.

69
Q

AWS Elastic Load Balancing (ELB)

A

AWS Elastic Load Balancing (ELB) automatically distributes incoming application or network traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions that you are running in one or more Availability Zones (AZs). You can use Elastic Load Balancing to manage incoming requests by optimally routing traffic so that no one instance is overwhelmed. Your load balancer acts as a single point of contact for all incoming web traffic to your application. When an instance is added, it needs to register with the load balancer or no traffic is routed to it. When an instance is removed, it must deregister from the load balancer or traffic continues to be routed to it. Elastic Load Balancing (ELB) scales your load balancer as traffic to your application changes over time. It can automatically scale to the vast majority of workloads. Elastic Load Balancing (ELB) cannot be used to improve application availability and performance using the AWS global network. This falls under Horizontal Scaling.

70
Q

AWS Fargate

A

AWS Fargate is a serverless compute engine for (Docker) containers. It works with both Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Service (Amazon EKS). AWS Fargate makes it easy for you to focus on building your applications. AWS Fargate removes the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design. AWS Fargate allocates the right amount of compute, eliminating the need to choose instances and scale cluster capacity. You only pay for the resources required to run your containers, so there is no over-provisioning and paying for additional servers. AWS Fargate runs each task or pod in its kernel providing the tasks and pods their own isolated compute environment. This enables your application to have workload isolation and improved security by design. You don’t need to provision and maintain the infrastructure (=no EC2 instances to manage). It is Serverless.

71
Q

AWS Global Accelerator

A

AWS Global Accelerator is a networking service that improves the availability, performance, and security of your public applications with local or global users, but it cannot be used on S3. It provides two global static public IP addresses that act as a fixed entry point to your application endpoints in a single or multiple AWS Regions, such as your Application Load Balancers, Network Load Balancers, Amazon EC2 instances, and elastic IPs. AWS Global Accelerator uses the AWS global network to optimize the path from your users to your applications, improving the performance of your traffic by as much as 60%.

72
Q

AWS Glue

A

AWS Glue is a fully managed extract, transform, and load (ETL) serverless data integration service that makes it easier to discover, prepare, move, and integrate data from multiple sources for analytics, machine learning (ML), and application development. AWS Glue job is meant to be used for batch ETL data processing. It cannot be used to discover and protect your sensitive data in AWS.

73
Q

AWS Identity and Access Management (AWS IAM)

A

AWS Identity and Access Management (AWS IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM enables security best practices by allowing you to grant unique security credentials to users and groups to specify which AWS service APIs and resources they can access. These features make IAM an important service for the overall security of AWS resources in your account. IAM is secure by default; users have no access to AWS resources until permissions are explicitly granted. IAM is a feature of your AWS account offered at no additional charge. It is a global service.

74
Q

AWS Key Management Service (AWS KMS)

A

AWS Key Management Service (AWS KMS) makes it easy for you to create, manage, and control cryptographic keys and control their use across a wide range of AWS services and in your applications. It is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2 (cryptographic modules standard), or are in the process of being validated, to protect your keys. An AWS KMS key is a logical representation of a cryptographic key. A KMS key contains metadata, such as the key ID, key spec, key usage, creation date, description, and key state. Most importantly, it contains a reference to the key material that is used when you perform cryptographic operations with the KMS key. The KMS keys that you create are customer managed keys (CMK). Customer managed keys are KMS keys in your AWS account that you create, own, and manage. You have full control over these KMS keys, including establishing and maintaining their key policies, IAM policies, and grants, enabling and disabling them, rotating their cryptographic material, adding tags, creating aliases that refer to the KMS keys, and scheduling the KMS keys for deletion.

75
Q

AWS Lambda

A

AWS Lambda is a serverless compute service that lets you run code and build applications without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time and the number of requests you consume for your Lambda function - there is no charge when your code is not running. With AWS Lambda, you can run code for virtually any type of application or backend service - all with zero administration. AWS Lambda runs and scales your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging. The lambda has a maximum execution time of 15 minutes, so it can be used to run this log backup process. You cannot use AWS Lambda to store and deploy docker container images. Lambda cannot be used to monitor CPU utilization for EC2 instances or send emails. AWS Lambda is serverless, so you don’t get access to the underlying OS. AWS Lambda does not support running container applications. Lambda cannot be used to decouple components of a microservices-based application.

76
Q

AWS Organizations

A

AWS Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts. AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Using AWS Organizations, you can automate account creation, create groups of accounts to reflect your business needs, and apply policies for these groups for governance. You can also simplify billing by setting up a single payment method for all of your AWS accounts. AWS Organizations is available to all AWS customers at no additional charge. AWS Organizations cannot help in identifying the right AWS services to build solutions on AWS Cloud.

77
Q

AWS Pricing Calculator

A

AWS Pricing Calculator lets you explore AWS services and create an estimate for the cost of your use cases on AWS. You can model your solutions before building them, explore the price points and calculations behind your estimate, and find the available instance types and contract terms that meet your needs. This enables you to make informed decisions about using AWS. You can plan your AWS costs and usage or price out setting up a new set of instances and services. AWS Pricing Calculator can be accessed at https://calculator.aws/#/.

78
Q

AWS Professional Services

A

The AWS Professional Services organization is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. AWS Professional Services consultants can supplement your team with specialized skills and experience that can help you achieve quick results.

79
Q

AWS Regions

A

AWS Regions are a cluster of data centers, and are geographical constructs composed of two or more Availability Zones.

80
Q

AWS Secrets Manager

A

AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to AWS Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. With Secrets Manager, you pay based on the number of secrets stored and API calls made. It cannot be used to discover and protect your sensitive data in AWS. You cannot use AWS Secrets Manager for creating and using your own keys for encryption on AWS services. Secrets Manager cannot be used as a Hardware Security Module for data encryption operations in AWS Cloud. You cannot use AWS Secrets Manager to set up consolidated billing and a single payment method for multiple AWS accounts. Secrets Manager cannot be used for security assessment of applications deployed on AWS.

81
Q

AWS Shield

A

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of AWS Shield - Standard and Advanced. Shield is general protection against DDos attacks for all resources in the AWS network, and not an instance-level security assessment service. Shield cannot be used to check OS vulnerabilities. AWS Shield cannot be used to block users from certain geographies. AWS Shield cannot be used to handle resource-specific security on AWS.

82
Q

AWS Snow

A

The AWS Snow Family is a service that helps customers who need to run operations in austere, non-data center environments, and in locations where there’s no consistent network connectivity.

83
Q

AWS Snowball Edge

A

Snowball Edge is best-suited to move petabytes of data and offers computing capabilities.

84
Q

AWS Snowcone

A

AWS Snowcone is a small, portable, rugged, and secure edge computing and data transfer device. It provides up to 8 TB of usable storage.

85
Q

AWS Snowmobile

A

Snowmobile is used to move exabytes of data in or out of AWS (1 EB=1,000PBs=1,000,000TBs). You should use Snowmobile if you’d like to move more than 10PBs of data.

86
Q

AWS Software Developer Kit (SDK)

A

AWS Software Developer Kit (SDKs) take the complexity out of coding by providing language-specific APIs and libraries for AWS services. For example, the AWS SDK for JavaScript simplifies the use of AWS Services by providing a set of libraries that are consistent and familiar for JavaScript developers. It provides support for API lifecycle considerations such as credential management, retries, data marshaling, serialization, and deserialization. AWS SDKs are offered in several programming languages to make it simple for developers working on different programming and scripting languages. So, AWS SDK can help with using AWS services from within an application using language-specific APIs. It is not used to deploy infrastructure using familiar programming languages.

87
Q

AWS Step Functions

A

AWS Step Functions service lets you coordinate multiple AWS services into serverless workflows. You can design and run workflows that stitch together services such as AWS Lambda, AWS Glue and Amazon SageMaker. AWS Step Functions cannot be used to decouple components of a microservices-based application. Step Function cannot be used to run a process on a schedule.

88
Q

AWS Storage Gateway

A

AWS Storage Gateway is a hybrid cloud storage service that connects users’ existing on-premises environments to access virtually unlimited cloud storage and AWS storage infrastructure in the cloud, providing a secure and seamless integration between the two. Customers use AWS Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. These include moving tape backups to the cloud, reducing on-premises storage with cloud-backed file shares, providing low latency access to data in AWS for on-premises applications, as well as various migration, archiving, processing, and disaster recovery use cases. AWS Storage Gateway service provides three different types of gateways – Tape Gateway, File Gateway, and Volume Gateway – that seamlessly connect on-premises applications to cloud storage, caching data locally for low-latency access.

89
Q

AWS Systems Manager

A

AWS Systems Manager is the operations hub for AWS. It gives you visibility and control of your infrastructure on AWS. AWS Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. AWS Systems Manager can group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon RDS instances, by application, view operational data for monitoring and troubleshooting, and take action on your groups of resources. Secrets Manager cannot be used to run a process on a schedule. It automates operational tasks for Amazon EC2 instances or Amazon RDS instances. Systems Manager simplifies resource and application management, views operational data for monitoring and troubleshooting, implements pre-approved change workflows, audits operational changes for your groups of resources, shortens the time to detect and resolve operational problems, and makes it easier to operate and manage your infrastructure at scale. It is used for patching systems at scale.

90
Q

AWS Trusted Advisor

A

AWS Trusted Advisor is an online tool that provides real-time guidance to help provision your resources following AWS best practices on cost optimization, security, fault tolerance, service limits, and performance improvement. Whether establishing new workflows, developing applications, or as part of ongoing improvement, recommendations provided by AWS Trusted Advisor regularly help keep your solutions provisioned optimally. All AWS customers get access to the seven core Trusted Advisor checks to help increase the security and performance of the AWS environment. AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: Cost Optimization, Performance, Security, Fault Tolerance, Service Limits. Trusted Advisor does not describe prohibited uses of the web services offered by Amazon Web Services. Trusted Advisor cannot be used for assessing vulnerabilities for applications deployed on AWS. Trusted Advisor cannot be used to prevent Distributed Denial-of-Service (DDoS) attack.

91
Q

AWS Virtual Private Network (VPN)

A

AWS Virtual Private Network (VPN) solutions establish secure connections between on-premises networks, remote offices, client devices, and the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN. Together, they deliver a highly-available, managed, and elastic cloud VPN solution to protect your network traffic.

92
Q

AWS WaveLength

A

AWS Wavelength is an AWS Infrastructure offering optimized for mobile edge computing applications. Wavelength combines the high bandwidth and ultra-low latency of 5G networks with AWS compute and storage services to enable developers to innovate and build a whole new class of applications. AWS Wavelength extends the AWS cloud to a global network of 5G edge locations to enable developers to innovate and build a whole new class of applications that require ultra-low latency. Wavelength Zones provide a high-bandwidth, secure connection to the parent AWS Region, allowing developers to seamlessly connect to the full range of services in the AWS Region through the same APIs and toolsets.

93
Q

AWS Web Application Firewall (AWS WAF)

A

AWS Web Application Firewall (AWS WAF) is a web application firewall that helps protect web applications or APIs by giving you control over how traffic reaches your applications. It gives protection against common web exploits and attacks that may affect availability, compromise security, or consume excessive resources by allowing you to configure security rules that allow, block, or monitor (count) web requests with common attack patterns based on conditions that you define, such as IP addresses, HTTP headers, HTTP body, URI strings, SQL injection, and cross-site scripting. You can configure web access control lists (Web ACLs) on your Amazon CloudFront distributions or Application Load Balancers to filter and block requests based on request signatures. Besides, by using AWS WAF’s rate-based rules, you can automatically block the IP addresses of bad actors when requests matching a rule exceed a threshold that you define. You can use the IP address based match rule to block specific geographies. The accuracy of the IP Address to country lookup database varies by Region. You can also use rate-based rules to mitigate the Web layer DDoS attack. Based on recent tests, AWS mentions that the overall accuracy for the IP address to country mapping is 99.8%. AWS WAF cannot be used to handle resource-specific security on AWS. It lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon API Gateway API, an Amazon CloudFront distribution, or an Application Load Balancer. AWS WAF charges based on the number of web access control lists (web ACLs) that you create, the number of rules that you add per web ACL, and the number of web requests that you receive (it is not a free service).

94
Q

AWS Well-Architected Framework

A

The AWS Well-Architected Framework provides guidance on building secure, high-performing, resilient, and efficient infrastructure for cloud based applications. Based on six pillars — operational excellence, security, reliability, performance efficiency, cost optimization and sustainability — the Framework provides a consistent approach for customers and partners to evaluate architectures, and implement designs that will scale over time.

95
Q

AWS X-Ray

A

AWS X-Ray can analyze and debug serverless and distributed applications such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.

96
Q

Hadoop

A

Apache Hadoop is an open source framework that is used to efficiently store and process large datasets ranging in size from gigabytes to petabytes of data. Instead of using one large computer to store and process the data, Hadoop allows clustering multiple computers to analyze massive datasets in parallel more quickly.

97
Q

HDFS

A

Hadoop Distributed File System (HDFS) is a distributed file system that runs on standard or low-end hardware. HDFS provides better data throughput than traditional file systems, in addition to high fault tolerance and native support of large datasets.

98
Q

IAM Access Advisor

A

Access advisor shows the service permissions granted to a user and when those services were last accessed.

99
Q

IAM Access Analyzer

A

IAM Access Analyzer uses provable security to analyze external access and validate that your policies match your specified corporate security standards.

100
Q

Internet Gateway

A

An Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic and to perform network address translation (NAT) for instances. Internet Gateway cannot be used to privately connect on-premises data center to AWS Cloud. It imposes no availability risks or bandwidth constraints on your network traffic. You cannot use an Internet Gateway to interconnect your on-premises network with AWS Cloud.

2024 ETB - AWS Cloud Key Services (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions