Overview of AWS

Question 1

What are the six advantages of Cloud Computing?

Answer 1

1. Variable expense rather than capitol expense (Pay for what you need, rather than an upfront expense for everything you might need).
2. Economies of Scale (AWS has hundreds of thousands of customers on their cloud infrastructure, meaning they can achieve better economies of scale, which translates to lower aggregate expenses of customers than if they operated data centers themselves).
3. Stop having to guess capacity needs (AWS is easy to scale, meaning that if your needs exceed your current capacity, you can easily scale up resources in a very short amount of time).
4. Increase speed an agility (Make resources available to developers in just minutes).
5. You do not have to spend money and time maintaining data centers (focus on what your business does best, rather than infrastructure).
6. Go global in minutes (using AWS’s global network, you can deliver content and resources globally with the flip of a switch).

Question 2

What Kinds of EC2 Instances are there?

Answer 2

General Purpose: A good balance of compute, memory, and networking resources. They are good for application servers, gaming servers, enterprise applications, and small to medium databases.

Compute optimized: Focus on compute power. Good for gaming, scientific modeling, high performance computing.

Memory Optimized: Good for high performance Databases.

Accelerated Computing: Use Hardware Accelorators. good for floating point number calculations, Graphics processing, Data Pattern Matching.

Storage Optimise: good for applications that require high performance localized storage.

Question 3

Types of EC2 Pricing

Answer 3

On Demand: Pay for the duration that you instance runs for.

Amazon EC2 Savings Plus: Low prices in exchange for a committment to use a consistent amount of compute resources over a 1-3 year period.

Reserved Instances: Best for steady state usages. You commit to a 1 or 3 year term.

Spot instances: Request spare capacity for up to 90% off the on demand price. AWS can reclaim the instance anytime, if they need it.

Dedicated Hosts: for meeting certain compliance requirments. You will not share resources with other instances.

Question 4

Types of EC2 Auto Scaling and parameters.

Answer 4

Amazon EC2 Auto Scaling enables you to automatically add or remove Amazon EC2 instances in response to changing application demand.

Dynamic Scaling responds to demand.

Predictive Scaling automatically schedules the right number of amazon EC2 instances based on predicted demand.

Minimum capacity, is the number of instances that launch immediately when creating an auto scaling group.

Desired capacity, will be the default number of instances if different from minimum capacity.

Maximum capacity sets a hard limit on how many instances you can have in the group.

Question 5

Load Balancer

Answer 5

A tool that distributes traffic to different EC2 instances. It can scale with EC2 auto scaling groups.

It can serve as a single point of contact between front end and back end instances, as they scale up and down.

Question 6

Amazon Simple Queue Service

Amazon Simple Notification Service

Answer 6

SQS: send, store, receive messages between software components at any volume. This is without losing messages or requiring other services to be available.

SNS: Shares messages through a publish / subscribe model. Create a topic, and then subscribers to that topic will receive messages that are published to that topic. Subscribers can be endpoints like SQS queues, HTTP Web hooks, or even end uses, using SMS, Email and others.

Question 7

AWS Lamda

Answer 7

Serverless compute service. Upload code to a “Lamda Function” and set a trigger. When that that trigger happens the code is run

Question 8

Amazon Elastic Container Service

Amazon Elastic Kubernetes Service.

Amazon Fargate

Answer 8

Container orchestration tools.

Containers carry code or applications with the dependencies and configuration settings to allow them to run.

ECS: Highly Scalable Container Manager. Comparable with Docker.

EKS: Fully managed service that allows you to run Kubernetes on AWS. Kubernetes is maintained by a volunteer community.

Fargate: A serverless compute engine for containers. Works with both ECS and EKS.

Question 9

AWS Edge Locations

Answer 9

You can cache resources in edge locations using Amazon Cloudfront, to be able to deliver them to customers in regions distant from the region your servers are deployed in.

Question 10

AWS Elastic Beanstalk

Answer 10

You can set code and desired resources in a template which can be automatically executed to deploy your environment.

Question 11

AWS Cloudformation

Answer 11

Allows you to treat your infrastructure as code. Build a environment by writing lines of code which can be executed in any Amazon region to have a consistent way of automatically deploying resources.

Question 12

Factors to consider when selecting a region.

Answer 12

Data governance and regulations.

Proximity to customers.

Resource availability.

Cost.

Question 13

VPC

Answer 13

Virtual Private Cloud. Used to group resources in a virtual network with defined traffic and security rules.

You can provision your resources into subnets.

Question 14

Internet Gateway

Virtual Private Gateway

AWS Direct Connect

Answer 14

An internet gateway allows public traffic into and out of your VPC.

A VPC component that allows private traffic into the network from defined sources over the public internet.

Direct Connect allows you to establish a private fiberoptic connection between your data center and your VPC.

Question 15

Network Acess Control List

Answer 15

A list of rules for what can enter and leave a subnet. This is a stateless security check, which checks all traffic passing through.

Question 16

Security Group

Answer 16

A set of rules about what which IP addresses can access which ports on a individual instance. A security group can be applied to multiple instances. This is a stateful security check, which will remember allowed traffic.

Question 17

Amazon Elastic Block Storage

Answer 17

Create Virtual Hard Drive called EBS volumes. They are seperate from instances, and are persistent. You can take backups called snapshots from EBS volumes.

Question 18

Instance Store Volume

Answer 18

Block storage attached to the host that an instance is running on. This will be deleted if you stop and start your instance, because it will be started on a different host with different built in storage. Only use in situation that you can lose the data.

Question 19

Amazon S3

Answer 19

Simple Storage Server. You can store and retrieve unlimited amounts of data in buckets. You can version data, set access permissions, and place data into multiple tiers of accessibility. You can create lifecycle policies, which will autimatically move data between tiers.

Question 20

Amazon S3 Storage Classes

Answer 20

S3 Standard: for frequently accessed data. Stores data in a minimum of three availability zones.

S3 Infrequent Access: Similar to S3 Standard but with a lower storage price and higher retrieval price.

S3 One Zone Infrequent Access: Similar to regular infrequent access but with a lower price and only stores data in a single availability zone.

S3 Intelligent tiering: Best for data with unknown of changing access patterns, but requires a small monthly monitoring fee.

S3 Glacier: Low cost storage for archiving. Slow retrieval with times from minutes to hrs.

S3 Glacier Deep Archive: Lowest cost storage. Can retrieve data in 12 hrs.

Question 21

Amazon Elastic File System.

Answer 21

A Linux file system storage which automatically scales for storage needs, can have multiple instances reading and writing to it, and is a regional resource. Any instance within a region can access it.

Question 22

Amazon Relational Database Service (Amazon RDS)

Amazon Aurora

Answer 22

RDS: A managed service which allows you to run relational databases on the cloud. It automates Harware provisioning, setup, patching, and backups. IT is available with Aurora, Postgre SQL, MySQL, MariaDB, Oracle Database, Microsoft SQL Server.

Aurora: is a managed relational Database, and is compatable with MySQL, and PostgreSQL. It is fast, and stores data across at least three availability zones.

Question 23

Amazon DynamoDB

Answer 23

A serverless, key-value Database. You create Tables. Automatically scales storage, and creates redundancy. It is very fast with a millisecond response times. It is a non-relational database.

Question 24

Amazon Redshift

Answer 24

A managed Data Warehousing service. Data Warehousing is good for backwards looking analytics of massive data sets.

Question 25

Aws Data Migration Service.

Answer 25

Migrate Databases between or to AWS instances. The source DB remains functional during migration.

Homogenous Migrations for source and target the same.

Hetrogenious Migrations for source and target different. This is two step, where you first convert the DB using AWS Schema conversion tool, and then migrate the data to the target.

Can also do development and test migrations for tests without interrupting use.

Can also use it to continuous replication for backup and disaster recovery.

Question 26

Shared Responsibility Model

Answer 26

Both AWS and customers are responsible for aspects of the security. They are responsible for everything they create and put in AWS.

Customers are responsible for security "in the cloud" while AWS is responsible for security "of the cloud". AWS is responsible for things like:
    Physical security of data centers
    Hardware and software infrastructure
    Network infrastructure
    Virtualization infrastructure

Question 27

IAM

IAM user

IAM Groups

IAM Roles

Answer 27

IAM = Identity and Access Management

IAM user = a user profile that you assign specific permissions for within aws.

IAM Groups = you can create a group with a specific set of permissions, and assign users to it.

IAM roles = a set of permissions that can be granted to a user for a limited amount of time.

Question 28

AWS organizations

Answer 28

A way of consolidating multiple AWS accounts in a central location.

They can be broken down into Organizational Units, to control access to resources for sub units in your business.

Question 29

AWS Artifact

Answer 29

A service which provides on-demand access to AWS security and compliance reports and online agreements.

Question 30

Customer Compliance Center

Answer 30

In the Customer Compliance Center, you can read customer compliance stories to discover how companies in regulated industries have solved various compliance, governance, and audit challenges.

You can also access compliance whitepapers and documentation on topics such as:

AWS answers to key compliance questions
An overview of AWS risk and compliance
An auditing security checklist

Question 31

AWS Shield

Answer 31

AWS Shield is a service that protects applications against DDoS attacks.

Two Levels of service.

Standard: Protects against resources from common kinds of attacks for no cost.

Advanced: Paid service which protects against advanced attacks and provides detailed attack diagnostics.

Question 32

AWS Key Management Service

Answer 32

You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.

Question 33

AWS WAF

Answer 33

Web Access Control: a web application firewall that lets you monitor network requests that come into your web applications.

Question 34

Amazon Inspector

Answer 34

Amazon Inspector helps to improve the security and compliance of applications by running automated security assessments. It detects deviations from security best practices.

Question 35

Amazon GuardDuty

Answer 35

a service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.

Question 36

Amazon Cloud Watch

Alarms

Dashboard

Answer 36

A web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics.

Alarms: Automatically performs actions if the value of a parameter goes above or under a threshold.

Dashboard: Provides almost real-time metrics in a single location.

Question 37

AWS Cloudtrail

Cloudtrail Insights

Answer 37

Cloudtrail records API calls for your account. Saves logs securely in S3 buckets.

Insights, can be configured to autimatically detect unusual API activities on your account.

Question 38

AWS Trusted Advisor

Answer 38

An autimated web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices.

It compares your environment against best practices in 5 areas

Cost Optimisation
Performance
Security
Fault Tolorance
Service Limits

It will offer different amount of information based on the level of support you have purchased.

Question 39

AWS Free Tier

Answer 39

AWS Lamda is always free up to 1 million free requests, and 3.2 million seconds of compute time each month.

Dynmo DB allows 25 gb of free storage per month.

After that most services have a 12 month free period.

Some services have a short term trial.

Question 40

AWS Pricing Calculator

Answer 40

Pricing Calculator lets create an estimate for the cost of your use cases on AWS. You can organize your AWS estimates by groups that you define. A group can reflect how your company is organized, such as providing estimates by cost center. You can save these estimates.

Question 41

AWS Billing and Cost Management Dashboard

Answer 41

Allows you to:
Compare your current month-to-date balance with the previous month, and get a forecast of the next month based on current usage.

View month-to-date spend by service.

View Free Tier usage by service.

Access Cost Explorer and create budgets.

Purchase and manage Savings Plans.

Publish AWS Cost and Usage Reports.

Question 42

Consolidated Billing

Answer 42

Using AWS Organizations allows you to roll all expenses from multiple AWS accounts into a single itemized bill.

This allows you to take advantage of bulk pricing, even if you wouldn’t reach the necessary volume in any one account.

Question 43

AWS Budgets

Answer 43

Allow you to create budgets for service usage, costs, and instance reservations. you can create custom alerts for when your usage goes past a certain threshold.

Question 44

AWS Support tiers

Answer 44

Basic- Free for everyone. Access to whitepapers, documentation, and support communities. You can contact AWS for billing questions and service limit increases.

Developer- Also has access to best practice guidlines, Client side diagnostic tools, and block building architecture support, email access to customer support with a 24 hr max response time

Business- all aws trusted advisor checks, Direct phone access to cloud support engineers, Infrastructure level event management.

Enterprise- 15 minute sla for support, Technical Account Manager.

Question 45

AWS Marketplace

Answer 45

A curated digital catalog for third party applications that run on cloud infrastructure.

Allows you to quickly deploy third party solutions with tools that have already been optimized for AWS.

Flexible payment options through AWS.

Question 46

AWS Cloud Migration Framwork

Six core perspectives

Answer 46

Business Perspective- Ensures that IT aligns with business needs - use to create a strong business case for cloud adoption.

People Perspective - supports development of an organization-wide change management strategy - use to evaluate organizational frameworks and roles, new skill and process requirements. Training, staffing, and organizational changes.

Governance perspective - Align IT with business strategy.

Platform Perspective - includes principles and patterns for implementing new solutions on the cloud, and migrating on-premises workloads to the cloud.

Security Perspective - ensures that the organization meets security objectives for visibility, auditability, control, and agility.

Operations Perspective - helps you to enable, run, use, operate, and recover IT workloads to the level agreed upon with your business stakeholders.

Question 47

The six strategies of migration.

Answer 47

Rehosting - Not make changes–pick up the applications and move them to AWS

Replatforming - Shift applications to AWS without making and significant changes, but optimize them for the cloud environment.

Refactoring/re-architecting - Writing new code and starting new applications in order to expand or streamline your operations.

Retire - Stop using applications which are no longer needed. Use the migrations as a critical juncture to end the programs.

Retain - Applications which will be no longer needed, so there is no great need to move them because they will be ended soon.

Repurchase - Move from an application with a traditional license, to a equivalent application on the cloud with a pay-as-you-go license.

Question 48

AWS Snowcone

AWS Snowball

AWS Snowmobile

Answer 48

A collection of physical devices for transferring data into and out of AWS.

Snowcone - 2 CPUs, 4 GB of memory, and 8 TB of usable storage.

Snowball edge - Used for transfering data to AWS or for local computing needs.

Storage optimized - 80 TB HHD and 1 TB SSD

Compute optimized - 42 TB HHD

Snowmobile - A shipping container which can transfer 100 petabytes of data

Question 49

AWS AI applications:

Answer 49

Amazon Transcribe - Speech to text

Comprehend - Detect patterns in text

Fraud Detector - identify potentially fraudulent online activity

Lex - Build voice and textbots.

Question 50

Amazon Machine learning

Answer 50

Amazon SageMaker

Question 51

Amazon Well-Archetected Framwork

The five Pillars

Answer 51

Operational Excellence -is the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.
Design principles for operational excellence in the cloud include performing operations as code, annotating documentation, anticipating failure, and frequently making small, reversible changes.

Security - The Security pillar is the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
When considering the security of your architecture, apply these best practices:
Automate security best practices when possible.
Apply security at all layers.
Protect data in transit and at rest.

Reliability- is the ability of a system to do the following:
Recover from infrastructure or service disruptions
Dynamically acquire computing resources to meet demand
Mitigate disruptions such as misconfigurations or transient network issues
Reliability includes testing recovery procedures, scaling horizontally to increase aggregate system availability, and automatically recovering from failure.

Performance efficiency - is the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.
Evaluating the performance efficiency of your architecture includes experimenting more often, using serverless architectures, and designing systems to be able to go global in minutes.

Cost optimization - is the ability to run systems to deliver business value at the lowest price point.
Cost optimization includes adopting a consumption model, analyzing and attributing expenditure, and using managed services to reduce the cost of ownership.