SAA-C02 Flashcards
EC2
ENI Cold Attach = while instance is being launched
ENI Warm Attach = while instance is stopped
ENI Hot Attach = while instance is running
ALB - Application Load Balancer
path-based routing = forward requests based on the URL in the request
host-based routing = forward requests based on the host field in the HTTP header
Failed health check event = ALB stops sending traffic to the instance
RDS
Multi-AZ DB Failover = CNAME is switched from the primary db instance to the secondary
Multi-AZ DB Failover RTO = 1 minute
Multi-AZ DB = Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ)
Keywords: multi-region = cross-region read replica not Multi-AZ option
Security groups
stateful
specify allow rules, but not deny rules
act at the instance level, not the subnet level
can specify separate rules for inbound and outbound traffic
default includes an outbound rule that allows all outbound traffic
You can change the security groups for an instance when the instance is in the running or stopped state.
EKS
Open source
On-premise and in cloud
DynamoDB
Storing metadata for S3 objects
Managing web session data
ECS
Fargate
NACL
stateless
default configuration of the default NACL is Allow
default configuration of a custom NACL is Deny
NACL rules are evaluated by rule number from lowest to highest and executed immediately when a matching rule is found.
CloudTrail
Does not optimize resource utilization
Spot
Flexible start and end times
EBS Volume
Not encrypted by default
Automatically scales the volume size based on usage
volumes will always be in same AZ as EC2
can be used normally while the snapshot is in progress
point-in-time snapshots = back up the data to Amazon S3 + available on short notice
Types: SSD For exam: general purpose = boot OS data (gp2) = general purpose, 3 IOPS per GiB up to max of 16,000 IOPS per volume (gp3) = general purpose = 4x faster than gp2 (io1) = faster performance up to 64k IOPS (large database OLTP, latency sensitive) (io2) = io2 is same price as io1 + higher durability than io1 (database) (OLTP) HDD (Magnetic storage) Low-cost HDD volume (st1) "Throughput Optimized" Cannot be used to boot (big data, data warehouses, ETL) (sc1) Cold hard disk, lowest cost option (cold data fewer scans and low performance. Static images) Cannot be used to boot If talking about big data, warehouses = Throughput = st1 If talking about transactions/transactional DB = (gp2) for lower cost, performance = (io2)
SNS
CloudWatch/EventBridge
automate monitoring and repair - The reboot alarm action is recommended for Instance Health Check failures
When you reboot an instance, it remains on the same physical host, so your instance keeps its public DNS name, private IP address, and any data on its instance store volumes
Trusted Advisor
NLB
EFS
Keywords:
Concurrent read/write
Linux
Subnets
CloudFormation
Templates have version control
Elastic Beanstalk
Easy mode
DAX
DynamoDB cache
DynamoDB milliseconds to microseconds
SQS
Pull model
Standard = Best effort ordering and you might get a message twice
FIFO = max 300 messages per second, no duplicates
FIFO costs more
FIFO is only option for message ordering or message duplication
Keywords:
lengthy processing time = Measure using SQS queue depth metric
backlog per instance metric
Events:
visibility timeout on a message in an SQS queue expires = message will again be available in the queue for processing
Links:
https: //docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html
https: //docs.aws.amazon.com/autoscaling/ec2/userguide/as-using-sqs-queue.html
SNS
Push model
No visibility timeouts No timings Uses Topics for who and where it goes to Subscribers = Kinesis Data Firehose, SQS, Lambda, email, HTTPS, SMS (fanout), platform application endpoints Message size limit = 256 KB Dead letter queue support, only HTTP get retried FIFO or Standard Only SQS subscriber supports FIFO Encryption at rest is option Access Policies support
Keyword: Multiple things need to see events = Add Topic + subscription in the topic
ASG - Auto Scaling groups
On-Demand Instance limits
Lifecycle hooks = run lambda on (startup, before termination, scale out, scale in events)
Scheduled scaling
Events:
Scale in = Selects the Availability Zone with two instances, and terminates the instance that was launched from the oldest launch template or launch configuration
default health checks for an Auto Scaling group are EC2 status checks only. If an instance fails these status checks, the Auto Scaling group considers the instance unhealthy and replaces
Links:
https: //docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html
https: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-scheduled-scaling.html
Reshift
Peta data BI RDS complex analytic queries structured data parallel query execution
STS - Security Token Service
temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users
Cognito
Mobile authentication
S3
Supports S3 notifications for restore operations from Glacier
Restricting Access for a time window
- CloudFront user called an origin access identity (OAI)
- Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users
Glacier Storage class or tier Expedited Standard Bulk
S3 Glacier Flexible Retrieval or S3 Intelligent-Tiering Archive Access 1–5 minutes 3–5 hours 5–12 hours
S3 Glacier Deep Archive or S3 Intelligent-Tiering Deep Archive Access Not available <=12 hours <=48 hours
Links:
https: //aws.amazon.com/s3/storage-classes/
https: //docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-transition-general-considerations.html
https: //docs.aws.amazon.com/AmazonS3/latest/userguide/restoring-objects-retrieval-options.html
https: //docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
Kensis Data Streams
real-time data
Reserved
scheduled reserved = Recurring daily, weekly, or monthly, with a specified start time and duration, for a one-year term
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-scheduled-instances.html
Budgets
Keywords: budget
http://169.254.169.254/latest/meta-data/
instance ID, public keys, and public IP address
EMR - Elastic Map Reduce = ETL
Spawns EC2 instance cluster of opensource tools of Spark, Hive, Hbase, Flink, Hudi and Presto that lives inside the VPC
EMR supports:
• Jupyter to analyze data interactively with live code, narrative text, visualizations, and more. Create and attach notebooks to Amazon EMR clusters running Hadoop, Spark, and Livy. Notebooks run free of charge and are saved in Amazon S3 independently of clusters.
• https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-notebooks.html
Git repositories such as GitHub, GitLab, or Bitbucket to provide version control for notebook code.
Multipart upload
API to upload large objects in parts
Instance Store Volume
Data persists only during the lifetime of its associated instance
Max performance IO file storage
Data loss events: The underlying disk drive fails The instance stops The instance terminates Instance is terminated Hardware disk failure
Data retained events:
Reboot
VPN Connection
connection between an on-premises network and a VPC, using a secure and private connection with IPsec and TLS
Storage Gateway - Data Migration
Allows on-prem resources to be merged with AWS (lift and shift, or long term pairing)
Backs up data to S3
3 Types of Gateways
- File Gateway = NFS or SMB mount (keep a local copy of recently backed up files.)
- Volume Gateway = iSCSI mount (cached or stored mode + create EBS snapshots)
- Tape Gateway = Physicaly tape provider
Keywords:
Hybrid solution, on-prem
On-prem storage low = cached File Gateway (Storage Gateway)
Cached local data
DataSync - Data Migration
Scenario: lift and shift = DataSync
DataSync is agent based
DataSync can sent to S3, EFS, and FS
Keywords:
Automated
Accelerated
One-time migration
Lift and shift
Multi-site
active-active architecture pattern
Highest cost but the quickest failover
Keywords:
very aggressive RTO
cost not being a major factor
ElastiCache - DB Data Caching
Memcached or Redis or both = AWS ElastiCache
Internal to AWS
Memcached
Simple database caching solution
Not a database
No failover or Multi-AZ support
No backups
Redis
No-SQL / Non-relational DB
Can functions as a standalone database
Failover and Multi-AZ support
Supports backups
Snowmobile
Don’t use Snowmobile unless peta bytes are mentioned.
It is ok to order multiple Snowballs to cover 80+ Terabytes.
Route 53
Geolocation routing
Route traffic based on location of users
Geoproximity routing
Route traffic based on location of users and resources
Shift traffic to different resources
Weighted routing policy
Route to multiple resources in proportions that you specify
Links:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html
CloudFront
CloudFront geographic restrictions
Allow your users to access your content only if they’re in one of the approved countries on your allow list.
Prevent your users from accessing your content if they’re in one of the banned countries on your block list.
Caching = CDN to edge locations to reduce costs for hosting S3 static content
Links:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html
WAF
Keywords:
ALB
Restrict country access
Links:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html
Aurora
Does not support SQL Server DB migration
FSx
Keyrwords:
Hybrid on-prem migration
SMB
Windows
Spot Fleet
Variable workloads
MOST cost-effective solution
Placement Group
Reducing network latency in an application
Tight coupling
3 strategies:
Cluster - Grouping of instances within single AZ. Applications that need low latency
Spread - Group of instances on distinct hardware. Critical instances that should be separate.
Partition - Each instance has its own network and powersource. They don’t share the same rack.
Partition is a logic amazon word for dedicate powersource and network.
Links:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html#placement-groups-cluster
IAM Policy
By default, all requests are implicitly denied except root account.
Global Accelerator
Network service to increase performance and deals with IP caching in front of ELB
Global accelerator has weighted groups and pools
Endpoint group = where you add load balancers ( where you can do blue green deployments)
Routes users based on physical location to closest resources
