Practitioner Definitions Flashcards
Business, People, Governance, Platform, Security, and Operations
6 core perspective of AWS CAF
6 R’s Migration to AWS
Rehosting, Replatforming, Refactoring/Re-Architecting, Repurchasing, Retaining, Retiring
Operational, Security, Reliability, Performance, Cost, Sustainability
Well-Architected Framework pillars
6 Advantages of cloud computing
1, Trade upfront expense for variable expense
2, Benefit from massive economies of scale
3, Stop guessing capacity
4, Increase speed and agility
5, Stop spending money running and maintaining data center
6, Go global in minutes
Amazon CodeWhisperer
Get code recommendations while writing code and identify security issues in your code
Amazon Transcribe
Convert speech to text
Amazon Comprehend
Discover patterns in Text
Amazon Fraud Detector
Identify potentially fraudulent online activities
Amazon Lex
Build voice and text chatbots
Amazon Polly
Convert text to speech
Amazon Rekonition
Allow you to have video and image analysis capabilities in your app.
1, General purpose instances
2, Compute optimized instances
3, Memory optimized instances
4, Accelerated computing instances
5, Storage optimized instaces
5 EC2 instance types
Provide a balance of compute, memory, and networking resources.
application servers
gaming servers
backend servers for enterprise app
small and medium databases
General purpose instance
Ideal for compute-bound applications that benefit from high-performance processors.
Ideal for high-performance web servers, compute-intensive app server, and dedicated gaming servers.
Compute optimized instances
Designed to deliver fast performance for workloads that process large datasets in memory.
Memory optimized instances
Designed for workloads that require high, sequential read and write access to large datasets on local storage.
Examples of workloads: distributed file systems, data warehousing app and high frequency online transaction processing(OLTP) systems.
Storage optimized instances
Accelerated computing instances
Hardware accelerators or coprocessors to perform some functions more efficiently than is possible in software running on CPUs.
5 Pricing categories
1, On-Demand
2, Reserved Instances
3, EC2 Instance Savings Plans
4, Spot Instances
5, Dedicated Hosts
On-Demand
Ideal for short-term, irregular workloads that cannot be interrupted.
use instances include: developing and testing applications and running applications that have unpredictable usage patterns.
Does not recommended for workloads that > 1yr
Reserved Instances
Billing discount applied to the use of On-Demand instances in your account.
Standard reserved instances: know EC2 instance type and size.
Convertible reserved instances: different AZ or different instance types.
Savings plans instances
EC2 instance costs when you make an hourly spend commitment to an instance family and region for 1yr or 3yrs.
72% saving compared to On-Demand rates.
Spot Instances
Ideal for workload with flexible start and end times, or that can withstand interruption.
90% off compared On-Demand price.
Dedicated Hosts
Physical servers with EC2 instance capacity that is fully dedicated to your use
Scalability
Involves beginning with only the resources you need and designing your architecture to auto respond to changing demand by scaling out or in.
EC2 auto scaling
Enables you to auto add or remove EC2 instances in response to changing app demand.
Dynamic scaling - responds to changing demand.
Predictive scaling - auto schedules the right number for EC2 instances based on predicted demand.
Elastic Load Balancing
Automatically distributes incoming app traffic across multiple resources.
Monolithic application
Tightly coupled components. If single component fails, other fail.
components include databases, servers, UI, business logic.
SNS (Simple Notification Service)
publish/subscribe service
can be web servers, email address, lambda functions or several other options
Microservices
Loosely coupled components.
Two services facilitate microservices application integration
SNS (Simple Notification Service)
SQS (Simple Queue Service)
SQS (Simple qQueue Service)
Message queuing service. You can send, store, and received messages between software components, without losing messages or requiring other services to be available.
Lambda
service that lets you run code without needing to provision or manage servers.
Pay only for the compute time that you consume.
ECS (Elastic container service)
highly scalable, high performance container management system that enables you to run and scale containerized app on AWS
Supports Docker container
EKS (Elastic Kubernetes Service)
Fully managed service that you can use to run Kubernetes on AWS
Fargate
Serverless compute engine for containers. it works with both Amazon ECS and EKS.
Pay only for the resources that are required to run your containers.
Four factors to determining the right region for services, data, and app
1, Compliance with data governance and legal requirements
2, Proximity to your customers
3, Available services within a region
4, Pricing
AZ (Availability Zone)
single data center or a group of data center within a region.
Edge location
a site that ClouFront uses to store cached copies of your content closer to your customers for faster delivery.
Elastic Beanstalk
you provide code and configuration setting, and Elastic beanstalk deploys and resources necessary to perform the follow tasks:
- adjust capacity
- load balancing
- auto scaling
- app health monitoring
CloudFormation
you can treat your infrastructure as code. you can build an environment by writing lines of code instead of using AWS management console.
YAML or JSON
AWS Outposts
Extend AWS infrastructure and services to different locations including your on-premises data center
VPC
Virtual private cloud
enables you to provision and isolated section of the AWS Cloud.
Subnet
is a section of a VPC that can contain resources such as EC2 instance
public subnets - EC2 instances
private subnet - Databases
Internet Gateway
allow public traffic from the internet to access your VPC
Virtual private gateway
to access private resources in a VPC
Network ACLs
Virtual firewall that controls inbound and outbound traffic at the SUBNET level
Allow all inbound trafic by default
Stateless
Security Group
Virtual firewall that controls inbound and outbound traffic from an EC2 instance.
Deny all inbound traffic by default
Stateful
Instance stores
Block-level storage volumes behave like physical hard drives
temporary block-level storage attached to an EC2 instance and have same lifespan as the instance.
EBS
separated block-level storage volumes that you can use with EC2 instances.
all data on the attached EBS volume remains available.
Store in 1 AZ
EBS and EC2 must reside within the same AZ
configuration: volume size and type
backup by snapshots
EBS snapshots
is an incremental backup.
S3
service that provides object-level storage
5TB max file size of an object
pay only for what you use
S3 Standard
- Frequently accessed data
- Stores data in a minimum of 3 AZ
S3 Standard-IA
- Infrequently accessed data
- lower storage price and higher retrieval price
- Store minimum of 3 AZ
S3 One Zone-IA
- Store in 1 AZ
- Lower storage price than S3 standard-IA
S3 Intelligent-Tiering
- Ideal for data with unknown changing access patterns
- Requires a small monthly monitoring and automation fee per object.
- haven’t accessed an object for 30 consecutive days. it’ll be move to Standard-IA
- If access an object in the IA tier, it’ll automatically moves to S3 standard
S3 Glacier
- Works well for archived data.
S3 Outposts
- Makes it easier to retrieve, store, and access data on AWS Outposts
File storage
- multiple clients can access data that is stored in shared file folder.
compared to block storage and object storage, file storage is ideal for use cases in which a large number of services and resources need to access the same data at the same time.
EFS
- Stores in and across Multiple AZ
- on-premises servers can access EFS using AWS Direct Connect
RDS
Service that enables you to run relational databases in the AWS Cloud.
- managed service that automates tasks such as hardware provisioning, database setup, patching, and backups.
- RDS database engines offer encryption at rest and encryption in transit.
Amazon Aurora
is an enterprise-class relational database.
- 5x faster than standard MySQL
- Helps reduce database costs by reducing unnecessary (I/O) input/output
- ideal for workloads require high availability. replicates 6 copies of data across 3 AZ and continuously back up data.
DynamoDB
- serverless
- Storing data in a key-value database
- auto scales to adjust for changes in capacity.
Redshift
Data warehousing service that you can use for big data analytics.
- offer ability to collect data from many sources
- helps you to understand relationships and trends across your data.
DMS
Enables you to migrate relational databases, nonrelational databases, and other types of data stores
3 use cases for DMS
- development and test database migrations
- database consolidation
- continuous replication
DocumentDB
is a document database service that supports MongoDB workloads.
MongoDB is document database program
Neptune
is a Graph database service
QLDB
fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log.
- review a complete history of all the changes that have been made to your app data
ElastiCache
service that adds caching layers on top of your databases to help improve the read times of common request.
- supports two types of data stores: Redis and memcached.
managed blockchain
service that you can use to create and manage blockchain networks with open-source frameworks
DynamoDB Accelerator
is an in-memory cache for DynamoDB
IAM policies
Document that allows or denies permissions to AWS service and resources.
IAM
enables you to manage access to AWS services and resources securely.
IAM roles
Identity that you can assume to gain temporary access to permissions
AWS Organizations
consolidate and manage multiple AWS accounts within a central location.
root - parent container for all the accounts in your org.
SCPs
Enable you to place restrictions on the AWS services, resources, and individual API action that users and roles in each account can access.
OUs
Organizational units
easier to manage accounts with similar business or security requirements.
Artifact
Service that provides on-demand access to AWS security and compliance reports and select online agreements.
- Artifact Agreements
- Artifact Reports
Customer compliance center
Contains resources to help you learn more about AWS compliance
AWS Shield
Service that protects app against DDoS attack
standard - free, most common, frequently occurring DDoS
Advance - Paid service, provides detailed attack diagnostics.
KMS
Key Management service
enables you to perform encryption operations through the use of cryptographic keys.
WAF
web app firewall
lets you monitor network requests that come into your web app.
works together with CloudFront and App load balancer.
Amazon Inspector
improve the security and compliance of app by running auto security assessments.
Amazon GuardDuty
Service that provides intelligent threat detection for your infrastructure and resources.ƒ
CloudWatch
web service that enables you to monitor and manage various metrics and configure alarm action based on data from those metrics.
CloudTrail
records API calls for your account.
CloudTrail Insights
allows CloudTrail to automatically detect unusual API activities in you AWS account
Trusted Advisor
web service that inspects your AWS env and provides real-time recommendations in accordance with AWS best practices.
Trusted Advisor 5 categories
- cost optimization,
- performance
- security
- fault tolerance
- service limits
TAM
Technical account manager
primary point of contact at AWS
Enterprise support level
Enterprise support
Pricing Calculator
let your explore services and create an estimate for the cost of your use cases.
Billing and cost management dashboard
pay your AWS bill, monitor your usage, and analyze and control your costs.
Cost Explorer
tool that lets you visualize, understand, and manage your costs and usage over time.
- report top 5 cost accruing services.
SageMaker
helps you to quickly build, train, and deploy machine learning models
Lightsail
Offers low and predictable pricing virtual servers, storage/database options.
Elasticache
Caches with in-memory database with high-performance and low latency
X-Ray
provides detailed data on requests that your app serves.
AWS Glue
is a serverless data integration service that makes it easy for analytics users to discover, prepare, move, and integrate data from multiple sources.
AWS Config
helps you record configuration changes to software within EC2 instances in your AWS account and also virtual machines (VMs) or servers in your on-premises environment. The configuration information recorded by AWS Config includes Operating System updates, network configuration, and installed applications.
Amazon Macie
data security service that uses machine learning (ML) and pattern matching to discover and help protect your sensitive data.
including PII
AWS Transit Gateway
allows you to centralize network connectivity and management, simplifying the process of interconnecting multiple VPCs across different AWS accounts within the same region.
VPC peering
connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses.
AWS control Tower
Provides you with the ability to setup, govern, and manage multiple AWS acounts
Amazon WorkSpaces
Aws Athena
interactive query service that allows you to conveniently analyze data stored in Amazon Simple Storage Service (S3) by using basic SQL.
