Revision 1 Flashcards
easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.
imply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring.
can access the underlying resources at any time.
AWS Elastic Beanstalk
To gain greater discounts, which services can be reserved?
-EC2
-Amazon DynamoDB
-Amazon RedShift
-RDS
-ElastiCache
-OpenSearch Service,
-Serverless
-Fully managed NoSQL database
-Supports key-value and document data models.
-Replicates the data across multiple availability zones (AZs)
DynamoDB
attached to a VPC and allows inbound traffic from the internet to access the VPC. It is also used as a target in route tables for outbound internet traffic.
Internet gateway
Generate reports that break down AWS Cloud compute costs by duration, resource, or tags
AWS Cost & Usage Report.
Used for querying data in Amazon S3 using SQL.
Amazon Athena
connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once.
AWS Transit Gateway
Estimate a monthly bill for the AWS Cloud resources that will be used
Pricing Calculator
Types of flow logs
-VPC Flow Logs
-Subnet Flow Logs
-Elastic Network Interface FLow logsELastic
Help to troubleshoot connectivity issues
automated vulnerability management service that continually scans Amazon Elastic Compute Cloud (EC2), AWS Lambda functions, and container workloads for software vulnerabilities and unintended network exposure.
Amazon Inspector
enables you to easily generate and use your own encryption keys on the AWS Cloud.
helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module
AWS CloudHSM
is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.
AWS Storage Gateway
lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.
Amazon Cognito.
Key pairs are used for authenticating to
EC2 instances.
-Estimate savings when comparing the AWS Cloud to an on-premises environment
AWS Total Cost of Ownership (TCO) Calculator
AWS-managed service can be used to process vast amounts of data using a hosted Hadoop framework?
-Amazon EMR Elastic Map Reduce
software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted.
Software as a Service (SaaS)
AWS Trusted Advisor offers a rich set of best practice checks and recommendations across five categories:
-cost optimization
-security
-fault tolerance
-performance
-service limits
plan provides access to architectural and operational reviews, as well as 24/7 access to Cloud Support Engineers through email, online chat, and phone
enterprise
-NoSQL database that supports document data structures.
-Fully managed
-Flexible schema that allows for the data model to evolve
-MongoDB
-Automatically replicates six copies of your data across 3 availability zones to offer a 99.99% availability.
Amazon DocumentDB
A VGW is used for IPSec VPN connections to access a VPC
Virtual Private Gateway
group of protocols that are used together to set up encrypted connections between devices. It helps keep data sent over public networks secure.
IPSec
intelligent threat detection service
Amazon GuardDuty
is an Extract, Transform, and Load (ETL) service.
AWS Glue
you visibility and control of your infrastructure on AWS. provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.
AWS Systems Manager
Controls traffic to and from an EC2
Security Group
-Allow only
-IP or other security groups
-stateful: return traffic automatically allowed
-evaluate rules before deciding if allow
-must be specified at launch or associated
configuration management service that provides managed instances of Chef and Puppet
AWS OpsWorks
Firewall that controls traffic from and to a subnet
NACL Network ACL
-Allow / Deny
-IP addresses
-stateless: return traffic must explicit allow
-process rules in numbered order when deciding weather to allow
-auto applied to all instances in subnet
makes it easy to analyze, investigate, and quickly identify the root cause of security findings or suspicious activities.
Amazon Detective
scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service built for the cloud.
-Amazon QuickSight
fully managed non-persistent application and desktop streaming service.
AppStream 2.0
is a cloud computing model where a third-party provider delivers hardware and software tools to users over the internet. Usually, these tools are needed for application development.
Platform as a Service (PaaS)
Which AWS services can be used as infrastructure automation tools?
-AWS OpsWorks
-AWS CloudFormation
type of cloud-computing service that allows you to execute code in response to events
Function as a Service (FaaS)
Seamless omnichannel experience through a single unified contact center for voice, chat, and task management.
Amazon Connect
Elastic Load Balancers can only serve targets in a single Region
True
used to capture network traffic information,
VPC Flow Logs
used to deploy infrastructure from templates,
CloudFormation
WAF can be used to protect on-premises resources if they are deployed behind an
Application Load Balancer (ALB)
creating a low-latency private connection to an on-premises data center but it cannot be used to extend the VPC.
Direct Connect
-Extend your VPC into the on-premises data center
-Fully managed service that offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any data center, co-location space, or on-premises facility for a truly consistent hybrid experience.
AWS Outposts
Allows instance to connec to the internet while remaining private/
-AWS managed
NAT Gateway
-customer managed : NAT instance
content delivery network (CDN) that caches content around the world for lower latency access.
-improves performance for both cacheable content (such as images and videos) and dynamic content (such as API acceleration and dynamic site delivery).
-good fit for HTTP use cases
Amazon CloudFront
manage the maximum available permissions for AWS Organizations
Applied to account or OU
Service Control Policy (SCP)
Organizational Units or Accounts
AWS Well-Architected
Under the operational excellence pillar the following best practices
-Perform operations as code
-Make frequent, small, reversible changes
-Refine operations procedures frequently
-Anticipate failure
-Learn from all operational failures
Beanstalk is a platform service that leverages the automation capabilities of
CloudFormation
-CloudFormation templates that automate the deployment and a guide that discusses the architecture and provides step-by-step deployment instructions.
-Acelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately.
AWS Quick Starts
A service that is intended for organizations with multiple accounts and teams who are looking for the easiest way to set up their new multi-account AWS environment and govern at scale
AWS Control Tower
collections of users and have policies attached to them.
IAM Group
place the users in the group and then create an IAM policy with the correct permissions and attach it to the group.
each NACL can be applied to one or more subnets, but each subnet is required to be associated with one—and only one—NACL
true
capture information about inbound and outbound IP traffic on network interfaces in a VPC?
VPC Flow Logs
AWS Storage Gateway types of gateways
Tape Gateway
Amazon S3 File Gateway
Amazon FSx File Gateway,
Volume Gateway
serverless event bus that makes it easier to build event-driven applications at scale using events generated from your applications.
Amazon EventBridge
type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis
Infrastructure as a Service (IaaS)
Enables access to your application by leveraging the same Edge Locations as CloudFront and routing connections across the AWS global network.
improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions.
-good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT), or VoIP, as well as for HTTP use cases that require static IP addresses or deterministic, fast regional failover.
AWS Global Accelerator
Each tag consists of a key and a value. For each resource, each tag key must be unique, and each tag key can have only one value.
Add department-specific tags to each resource
This service is also involved with creating and managing encryption keys but does not use dedicated hardware.
AWS Key Management Service (AWS KMS)
Amazon EC2 Auto Scaling Policies Types
-Scheduled scaling
-Predictive scaling
-Target tracking scaling:(ASG keep in target)
-Step scaling:Launch resources in response to demand (waiting time)
set of rules, called routes, that determine where network traffic from your subnet or gateway is directed.
VPC Route Table
fully managed ledger database that provides transparent, immutable, and cryptographically verifiable transactions
Amazon Quantum Ledger Database (QLDB)
-Relational database that is compatible with MySQL and PostgreSQL
-Scale up to 128 TB
-Can deploy replicas for read scaling within and across Regions.
-Offers automated backups.
Amazon Aurora
blazing fast in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications.
Amazon ElastiCache
This service is used for optimizing the network topology of interconnected VPCs and on-premises networks.
AWS Transit Gateway
threat detection and continuous security monitoring for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.
Amazon GuardDuty
outbound internet access for instances running in a private subnet.
NAT gateway
Enable billing alerts to monitor actual AWS costs compared to estimated costs
Amazon CloudWatch.
is used for managing EC2 instances such as installing patches and software.
Systems Manager
