Other Services Flashcards
How do you deploy resources or make infrastructure changes when using CloudFormation or other IaC?
You deploy resources with code. You can deploy an entire infrastructure with just a JSON or YAML file.
You make changes by editing the deployment code.
Resources created by cloud formation should only be managed through editing your cloud formation configuration files (stacks).
To delete resources remove them from the file, or delete the entire file and cloud formation takes charge of deleting everything in the correct order with no errors.
When do we use cloudformation in the exam?
When we need to repeat an architecture in a different environment, different region, or different AWS Account.
What happens to your existing EC2 instance when in cloud formation you modify an already deployed configuration to for example change the EC2 instance type.
The existing EC2 instance will be replaced with a new one that will “supplant” the previouse instance.
What are cloudformation service roles?
IAM roles that allow cloudformation to create, update or delete stack resources on your behalf.
You can specify an iam role for the creation of a configuration in cloudformation, or you can leave it blank in case you want it to use your users permissions instead.
The iam:PassRole permission is crucial for allowing users to specify a role that CloudFormation can assume. If a user wants to deploy a stack that requires CloudFormation to assume a specific role (like a service role), the user needs to have iam:PassRole permission for that role.
Without iam:PassRole, a user cannot tell CloudFormation to use a service role, even if that role has the necessary permissions to create or modify resources.
A user with passrole can create resources through cloudformation even if the user itself doesn’t have the permission.
What is Amazon SES?
Simple Email Service:
It allows you to send emails globally and at scale.
You can use it in conjunction with applications as an SMTP server to send emails to users.
Similar to zimbra.
What is Amazon Pinpoint?
Marketing communications service.
For sending programmed messages in bulk.
Can create message templates, delivery schedules, and full campaigns.
Supports Email, SMS, Push notifications, voice, in app messaging.
Main use cases if to send SMS messages to customers. Can also receive replies cause its inbound/outbound service.
Use it with other services to automate delivery of sms.
What are the differences between amazon SNS, SES, and Pinpoint?
In SNS and SES you manage the message audience from your app, content of message, and delivery schedule.
With Pinpoint, you can create message templates, delivery schedules,
What is SSM session manager?
Allows you to start an SSH connection to your instances without using port 22 or any other port. This is for better security.
Needs SSM agent installed on instances to work. Amazon AMIs include the ssm agent by default.
What is fleet manager?
The SSM feature that lets you centrally manage all your EC2 instances with the ssm agent intalled. You can update their agent version and do other management tasks.
Which SSM feature lets you manage all your ssm agent instances?
Fleet Manager
Which SSM feature lets you access your instances through SSH without using any port?
Session Manager
What do EC2 instances need to have be managed by SSM?
The SSM Agent. Amazon AMIs include it by default.
And they need an instance role that lets them contact SSM Service.
What is SSM Run Command?
Allows you to run commands or scripts to groups of SSM Agent installed server. These could be EC2 instances but also onpremises servers. This has integrations with IAM, CloudTrail, SNS. and EventBridge for automation of script running.
What is SSM Patch Manager?
Automates the patching process of managed instances. You can patch automatically, or scheduled maintenance. You can generate reports on patch version compliance.
What is SSM Automation?
Configure SSM documents to automate and simplify common tasks in EC2 and in other services too, like restarting instances, creating AMIs, Snapshot your RDS Databases, etc.
Integrated with EventBridge and AWS Config. AWS Config uses ssm automation to remediate.
What is AWS Cost Explorer
To visualize, understand, and manage your AWS Costs and usage over time.
Create custom reports for costs and usage data, like diagrams and graphs.
You can get monthly, weekly, hourly graphs, for granularity.
Gives you a savings plan to help you lower your bill costs.
Gives you a forecast of up to 12 months based o previous usage.
What is AWS Cost Anomaly Detection?
Continuously monitors your usage and uses ML to detect unusual spends in your accounts.
What is AWS Batch?
Fully managed batch processing service.
You can run 10000s of computing batch jobs on aws.
A batch job is a computing job that has a start and an end. So it happens in a time period, for example between 1:00hs and 3:00hs.
Batch will dinamically start EC2 instances and spot instances to accomodate to the load in which you have to run these batch jobs.
Batch can also run serverless with fargate, instead of creating EC2 instances. Batch can also run in EKS.
How does Batch work?
Batch jobs are defined as docker images that run in ECS, that can run on many EC2 instances, in fargate, or in EKS.
You upload your image and specify the resources you want to use for the job and batch runs it as containers, on a scheduled window.
Then you get your results in S3 or other user defined storage.
What other aws service does batch use behind the scenes to run the compute?
ECS. It runs ECS containers either on EC2 instances, fargate, or EKS.
What is Amazon AppFlow?
A service for integration between SaaS applications and AWS.
It allows you to securely transfer data between SaaS apps and AWS. Simplifying the integration.
SaaS apps include Salesforce, Slack, SAP, etc.
Data can be transfered to S3, Redshift, and other services.
What is AWS Amplify?
A web and mobile app fullstack development tool.
It’s a managed service that uses other aws services behind the scenes, like S3, cognito, appsync, apigw, lambda, etc, to build the backend of your app, and then lets you use whichever frontend language.
It can be deployed by using cloudfront.
It’s an elastic beanstalk version for web and mobile apps.
As part of your Disaster Recovery strategy, you would like to make sure your entire infrastructure is code (IaC) so that you can easily re-deploy it in any AWS region. Which AWS service do you recommend?
CloudFormation
Which AWS service allows you to send marketing SMS and push notifications to a large number of customers with personalized messages?
AWS Pinpoint
What is the most secure way to connect to an EC2 instance without exposing the SSH port 22?
SSM Session Manager
Which AWS service allows you to run and schedule hundreds of thousands of computing jobs on AWS such as big data and complex analytics jobs?
AWS Batch
The company you are working on is using Salesforce and Slack internally. For archival and some analytics requirements, you have been tasked to transfer the data in both Salesforce and Slack to AWS in an S3 bucket. Which AWS service is best suited for this scenario?
AWS AppFlow
