Revision 2 Flashcards
Allows to connect to AWS Services using a private network. instead of www
VPC Endpoints
-enhanced security
-lower latency
VPC Endpoint for S3 and Dynamo DB
VPC Endpoint Gateway
VPC Enpoint to connect to the rest of AWS Sercvices
VPC Endpoint Interface
Most secure way to expose a service to 1000s of VPC
Private Link
Necessary for a Private Link
-Service: Network Load Balancer
-Consumer: Elastic Network Interface
Connect on-prem to AWS over the public internet, connection encrypted
Site to Site VPN
Physical connection between on-prem and AWS over the private network , private,secure, fast,
Direct Connect DX
Necessary for a site to site VPN
On-prem: Customer Gateway
AWS: Virtual Private Gateway
Connect computer to EC2 over a private IP
AWS Client VPN
-using Open VPN
-over public internet
-could use the site to site to speak to on-prem
Use with
-A transit gateway when you have multiple VPCs in the same Region
-A virtual private gateway
AWS Direct Connect Gateway
Six Pillars of the Well Architected Framework
-Operational Excellence
-Security
-Reliability
-Performance Efficiency
-Cost Optimization
-Sustainability
Well Architected Framework Genera Guiding Principles
-Stop guessing capacity needs
-Test systems at production scale
- Automate to make architectural experimentation easier
-Allow for evolutionary architectures
-Design based on changing requirements
-Drive architectures using data
-Improve through game days
-stress system
Cloud best practices design principles
-Scalability
-Disposable resources
-Automation
-Loose coupling
-Services not servers
Operational Excellence Design Principles
-Perform operations as code - (Cloud Formation)
-Annotate documentation
-Make frequent, small, reversible changes
-Refine operation procedures frequently
-Anticipate failure
Operational excellence design principles as Services
-Prepare
CloudFormation / Config
-Operate
CloudFormation / Config / CloudTrail / CloudWatch / Xray
-Evolve
CloudFormation / CICD services - Code…
Trace HTTP requests
AWS X-RAY
Security Design Principles
-Strong identity foundation
-Enable traceability
-Apply security at all levels
-Automate security best practices
-Protect data in transit and at rest
-Keep people away from data
-Prepare for security events
Security Design principles in services
-Identity and Access Management
IAM / AWS-STS / MFA Token / AWS Organization
-Detective Controls
Config / Cloud Trail / CloudWatch
-Infrastructure Protection
-Data protection
-Incident Response
-Infrastructure Protection
Reliability Design Principles
-Test recovery procedures
-Automatically recover from failure
-Scale horizontally to increase availability
-Stop guessing capacity
-Manage change in automation
Reliability services
-Foundations
IAM / VPC / Service Limits “Quotas” / Trusted Advisor
-Change Management
-Failure Management
Performance Efficiency Design Principles
-Democratize advanced technologies
-Go global in minutes
-Use serverless architecture
-Experiment more often
Performance Eficiency Services
-Selection
-Review
-Monitoring
-Tradeoffs
Cost Optimization Design Principles
-Adopt a consumption model
-Measure overall efficiency
-Stop spending on data centre operations
-Analyze and attribute expenditure
-Use managed and application-level services to reduce the cost of ownership
Cost Optimization Services
-Expenditure Awareness
-Cost-Effective Resources
-Matching supply and demand
-Optimizing overtime
Sustainability Design Principle
-Understand your impact
-Establish sustainability goals
-Anticipate and adop new, more efficient hardware and software
