Miscellaneous Flashcards
cAWS Acceptable Use Policy
provides info on prohibited actions on the AWS.
AWS Services where users can collect, view, and analyze metrics for every active SNS
Amazon SNS and Amazon CloudWatch
AWS CloudTrail
service logging all API calls made in your AWS account, for compliance and auditing
Which component of the AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery?
Edge Locations
- uses a global network of points of presence PoP (edge locations) worldwide.
AWS Secrets Manager
store, retrieve, monitor secrets centrally.
ex: database credentials
AWS Management Console
used to access and manage AWS through a web-based user interface.
AWS Shield
managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.
AWS Trusted Advisor
recommendations/guidance that help you follow AWS best practices; w/ cost optimization, security, performance.
CloudWatch
monitoring service, collects metrics, can set billing alarms for your AWS resources
AWS Budgets
billing notification when your actual or forecasted costs exceed your budgeted amount
Difference between AWS Budgets and Amazon CloudWatch billing alarms?
Amazon CloudWatch billing alarms alert you only when your actual cost exceeds a certain threshold, while AWS Budgets can be configured to alert you when the actual or FORECASTED cost exceeds a certain threshold.
3 Cloud Computing Models
IaaS
PaaS
Saas
IaaS
Infrastructure as a Service (IaaS) - provides flexibility and management control over your IT resources (EC2 is IaaS)
PaaS
Platform as a Service (PaaS) -
manages infrastructure (hardware and operating systems). you focus on the deployment and management of your applications.
SaaS
Software as a Service (SaaS) provides you with a completed product that is run and managed by the provider.
TAM (Technical Account Manager)
Enterprise customers.
Provides technical expertise of AWS services
Infrastructure Event Management (IEM)
Enterprise customers.
helps you plan for large-scale events
( such as product or application launches )
AWS Cost & Usage Report
most detailed information about your AWS costs and usage.
AWS Pricing Calculator
web service, estimate cost for your AWS monthly bill based on your expected (FUTURE) usage
AWS Systems Manager
view operational data and automate tasks from multiple AWS services
CloudFront
content delivery network (CDN) service that securely delivers data, video, apps TO customers globally with low latency & high speed
CloudFormation
allows you to manage your AWS resources as code in text file
Amazon Kinesis Video Streams
lets you stream videos from devices TO AWS for analytics in real time.
AWS Organizations
helps manage billing and all your AWS accounts;
AWS Config
helps AWS customers audit and monitor all resource change
AWS Artifact
portal to your AWS agreements, security and compliance reports
AWS Certificate Manager
service to manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services
AWS Support Concierge
Enterprise Support plan; assist customers w/ billing and account inquiries
AWS Customer Service
all aws customers have. they help AWS customers with their billing and account inquiries
AWS Operations Support
Enterprise Support plan; provides operations assessments and analysis to identify gaps across the operations lifecycle, as well as recommendations based on best practices.
AWS Health Dashboard
Business Support Plan.
view of the health of AWS services, and alerts when your resources are impacted.
Penetration testing
testing a network or web app to find security vulnerabilities (that an attacker could exploit. security related.)
Amazon ElastiCache
web service helps deploy, scale in-memory data store or cache in the cloud. improves the performance of web apps.
provide ultrafast and inexpensive access to copies of data
AWS Storage Gateway
(bridge) a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage.
Amazon EBS volume
Elastic Block Store
storage option; offer consistent and low-latency performance;
** can only be attached to 1 compute resource at a time
AWS OpsWorks
service that provides managed instances of Chef and Puppet.
Chef and Puppet are automation platforms, use code to automate the configs of your servers
AWS Abuse Team
team can assist you when AWS resources are being used to engage in abusive behavior
AWS Abuse Team
team can assist you when AWS resources are being used in abusive behavior
Amazon Simple Queue Service (SQS)
message queuing service that enables message communication between components of an application.
- enables you to DECOUPLE (build loosely-coupled) and scale microservices
Snowball
petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud.
w/ built-in computing capabilities that allow to process data locally
Amazon VPC
Virtual Private Cloud (Amazon VPC)
Non-managed AWS service you provision an isolated section of the AWS Cloud where you launch AWS resources in a virtual network.
AWS Cost Explorer
tool to visualize your costs and usage.
forecasts your future costs based on your PAST usage
Edge locations
used by CloudFront to cache and distribute content to your global customers with low latency.
Amazon Inspector
security service that helps you improve / test the security and compliance of your apps on AWS.
Amazon Aurora
MySQL and PostgreSQL-compatible relational database built for the cloud. (automatically replicate data across Availability Zones.)e
Amazon Athena
query service to analyze data in Amazon S3 using SQL. (like Amazon Redshift Spectrum)
Auto Scaling
automatically replaces unhealthy nodes and adjusts capacity to maintain app performance
What service does AWS provide to help protect AWS Customers from attacks?
Amazon Route 53, Amazon CloudFront, Elastic Load Balancing, and AWS WAF. These services integrate with AWS Shield
AWS Shield
managed DDoS protection service that provides always-on detection and automatic inline mitigations to safeguard web applications running on AWS.
Cloud9
cloud based IDE
Which cloud computing model is EC2?
IaaS
APN consulting partners
firms that help customers design, architect, build their workloads and apps on AWS.
AWS CLI
control multiple AWS services from the command line & scripts
Route 53
DNS (Domain Name System) config/management.
can perform health checks on Amazon EC2 instances
managing global application traffic
Elasticity
scale the resources dynamically, by adding and removing resources.
ability to scale up or down when needed.
Scalability
adding resources, either making hardware larger (scaling vertically) or adding additional nodes (scaling horizontally).
TCO
Total Cost of Ownership (TCO) financial metric to compare costs of a product
AWS NACL
Network Access Control Lists
used to check the network accessibility of your EC2 instances
Multi-Region Active-Active architecture
your workload is deployed to, and actively serving traffic from, multiple AWS Regions
Multi-Region Active-Passive architecture
your workload is deployed to two AWS Regions
Savings Plans are available for which AWS compute services? (2)
Lambda and EC2
AWS Beanstalk
easy-to-use service for deploying and scaling web apps w/ code
AWS Transit Gateway
simplifies how customers interconnect all of their VPC
AWS Service Catalog
create and manage IT services for AWS
AWS SDK
use AWS services in your apps with API using your programming language
Amazon (EMR)
Elastic MapReduce (AWS-Managed Service)
process large amounts of data sets
High availability
eliminating single points of failure.
- achieved by deploying your app in multiple Availability Zones in a single Region
- A system is highly available when it can withstand the failure components, such as hard disks, servers, and network links.
AWS X-Ray
helps you troubleshoot your app. ex: performance related stuff
AWS CodePipeline
service that helps you automate your pipelines
Amazon ECR
Elastic Container Registry
container registry offering hosting to deploy app images and artifacts.
hypervisor
protect the physical hardware, storage
Patch Manager
automates the process of patching Windows and Linux managed instances
Fault tolerance
enables a system to continue operating properly in the event of the failure
Amazon Redshift
data warehouse service (unlike a database service like Dynamo), a warehouse service is for analytical queries rather than transactional queries
Security groups
-for Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level
Application Load Balancer
best for load balancing of HTTP(S) traffic.
AWS Direct Connect
establish a dedicated network connection from on-premises to AWS
Amazon Machine Image
template that contains a software configuration
Savings Plans
offers low prices on EC2, Lambda, and Fargate
Amazon RDS Read Replicas
provide enhanced performance for database instances
Which AWS offerings are serverless services?
Lambda & DynamoDB (fully managed)
AWS Well-Architected Framework
scaling horizontally
tightly-coupled
monolithic architectures run as a single service
loosely-coupled
microservice architecture. independently run services; components don’t develop on each other.
tightly-coupled
monolithic architecture. all processes run as a single service
3 AWS services that can help you build loosely-coupled applications?
SQS, SNS and EventBridge(CloudWatch Events)
AWS ELB
Elastic Load Balancing .
Used to distribute traffic automatically to, for example: Amazon EC2 instances, Lambda functions….. etc
tags
key-value pairs that allow you to track usage and spending into groups
Greatest impact on cost
Compute, Storage and Data transfer OUT
Amazon Lightsail
- low-cost Virtual Private Server (VPS) in the cloud
-easiest way to launch and manage a site built on WordPress, etc.
AWS Resource Groups
Managing of all AWS resources as a group.
ex: different environments: development, testing, and production, Resource Groups for each environment to view and manage your resources
AWS CodeBuild
service that lets you compile and test your code.
AWS CodeCommit
used to store and version source code
AWS CodeDeploy
used to deploy application code to Amazon EC2, AWS Fargate, AWS Lambda etc
AWS CodePipeline
automates committing code ( to AWS CodeCommit) to deploying it (with AWS CodeDeploy)
Chat access to AWS Support Engineers is available at which tiers?
Business & Enterprise
AWS Global Accelerator
improves the availability and performance of the applications for your global users
AWS KMS
AWS Key Management Service
Lets you create, manage, and control cryptographic keys across your apps
Amazon Macie
Security service, uses machine learning to protect sensitive data in AWS
Amazon Redshift Spectrum
run SQL queries in Amazon S3 (like Athena)
Amazon Comprehend
a Natural Language Processing (NLP) service that uses machine learning to find meaning in text
AWS CloudHSM
Hardware Security Module (HSM) that enables you to generate your own encryption keys
Business Support plan
24x7 access to technical support
AWS WAF
firewall that protect web apps from attacks. you configure rules that BLOCK TRAFFIC based on conditions
Amazon CodeGuru
provides recommendations to improve code quality
Amazon EFS
Amazon Elastic File System
designed for high availability and durability storing data redundantly across multiple Availability Zones
provides scalable, elastic file storage; use with AWS Cloud services and on-premises resources
seven design principles for security in the cloud:
- Implement a strong identity foundation
- Enable traceability
- Apply security at all layers
4.Automate security best practices
5.Protect data in transit and at rest - Keep people away from data
7.Prepare for security events
Amazon ECS launch types (2):
Fargate launch type (serverless, and you have less control)
EC2 launch type (server-based, you have more control).
Inherited Controls
Physical and Environmental controls (Controls which a customer fully inherits from AWS.)
Primary storage service used by Amazon RDS database instances?
EBS (Elastic Block Store)
AWS Cognito
lets you add user sign-up, sign-in, and access control to your apps
Amazon SES
Amazon Simple Email Service.
-cloud-based email sending service designed to help digital marketers and developers send marketing, notification, and transactional emails.
EC2 instance billing
instances billed one second increments, minimum of 1 minute.
What is the primary storage service used by Amazon RDS database instances?
(Amazon EBS) Amazon Elastic Block Store volumes for database storage.
Based on the AWS Shared Responsibility Model, which of the following are the sole responsibility of AWS?
Hardware maintenance
Creating hypervisors
AWS ACM
AWS Certificate Manager
service that lets you manage, SSL/TLS certificates for use with AWS services
Amazon Cloud Directory
directory service to manage your aws resources such as users, groups, locations, devices, and policies
Which AWS services or features support data replication across AWS Regions?
Amazon S3(Cross-Region Replication) and Amazon RDS (read replicas across Regions)
Which Amazon EC2 pricing model adjusts based on supply and demand of EC2 instances
Spot Instance
Savings Plans
flexibility to use the instance configurations that best meet your needs, instead of making a commitment to a specific instance configuration
AWS Professional Services
team of experts that helps customers realize their desired business outcomes when using AWS
Reserved Instance types?
Standard or Convertible (can be changed)
In Amazon RDS databases AWS is responsible for:
1- Managing the underlying infrastructure
2- Managing the operating system.
3- Database setup.
4- Patching and backups.
EBS Pricing based on?
Volumes and Snapshots
Why are Serverless Architectures more economical than Server-based Architectures?
Serverless architectures can reduce costs because you do not have to manage or pay for underutilized servers, or provision redundant infrastructure to implement high availability.
Amazon Connect
cloud-based customer contact center solution.
Amazon DynamoDB
(AWS Managed Service) A NoSQL database. non-relational db. uses a key-valuesto store and retrieve data. does NOT do complex queries
Parallelize tasks
use a load balancer to distribute the incoming requests across multiple instances
Adjusting compute capacity dynamically to reduce cost is an implementation of which AWS cloud best practice?
Implement elasticity, meaning they can instantly grow ( to maintain performance) or shrink ( to reduce costs).
Adjusting compute capacity dynamically to reduce cost is an implementation of which AWS cloud best practice?
Implement elasticity, meaning they can instantly grow ( to maintain performance) or shrink ( to reduce costs).
AWS-Managed Service
AWS Lambda,
Amazon RDS,
Amazon Redshift,
Amazon CloudFront,
Amazon S3,
DyanmoDB,
AWS EMR.
AWS Managed Services (AMS) service
operates AWS on behalf of enterprise customers and partners
The principle “design for failure and nothing will fail” is very important when designing your AWS Cloud architecture. Which of the following would help adhere to this principle?
Elastic Load Balancing
Availability Zones
Which S3 storage class is best for data with unpredictable access patterns?
S3 Intelligent-Tiering
AWS Organizations has five main benefits:
1) Centrally manage access polices across multiple AWS accounts.
2) Automate AWS account creation and management.
3) Control access to AWS services.
4) Consolidate billing across multiple AWS accounts.
5) Configure AWS services across multiple accounts.
Six Pillars of the AWS Well-Architected Framework:
1- Operational Excellence (ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedure)
2- Security (protect information, systems, and assets)
3- Reliability (system to recover from infrastructure or service disruptions)
4- Performance Efficiency ( ability to use computing resources efficiently to meet system requirements)
5- Cost Optimization
6- Sustainability
Which AWS Support Plans gives you 24/7 access to Cloud Support Engineers via email, chat or phone?
Enterprise and Business
Federation
can use single sign-on to access your AWS accounts using credentials from your corporate directory
IAM Permissions
let you specify the desired access to AWS resources. Permissions are granted to IAM entities (users, user groups, and roles), by default these entities start with no permissions.
What does Amazon GuardDuty do to protect AWS accounts and workloads?
continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts
integrates with Amazon CloudWatch Events and AWS Lambda to allow you to set up automated remediation actions against discovered security issues.
services that automatically replicate data across Availability Zones.
S3
Amazon Aurora
services that automatically replicate data across Availability Zones.
S3
Amazon Aurora
AWS provides three pricing models:
1- Pay-as-you-go (NO upfront fee)
2- Save when you commit
3- Pay less by using more
Business Support provides:
full set of Trusted Advisor checks and guidance
AWS Health API i
Which plan provides 15 minutes response-time support if your business critical system goes down
Enterprise
Which plan provides 1 hour response-time support if your business critical system goes down
Business
According to the AWS shared responsibility model, what are the controls that customers fully inherit from AWS?
physical controls and environmental controls.
IAM role
IAM identity that you can create in your account that has specific permissions and is assumable by anyone who needs it
* does not have standard long-term credentials
What can AWS customers do to benefit from the elasticity of the AWS Cloud?
Serverless Computing provides the highest level of elasticity. Serverless enables you to build modern applications with increased agility and lower total cost of ownership.
On-Demand instances
You can increase or decrease your compute capacity depending on the demands of your application and only pay for what you use
Remove the need to buy “safety net” capacity to handle periodic traffic spikes.
good for unpredictable workloads
Amazon SNS
fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P)
