Section 18 - Account Management, Billing & Support Flashcards
With AWS Organizations, the main account is called the master account and all of the other accounts are called
Grogu accounts
Smaller accounts
Child accounts
Bastard stepchildren accounts
child accounts
All of the following are cost benefits of AWS Organization (choose three)
A - Aggregate costs (volume discounts offered for services for combined accounts)
B - Consolidated bill (one bill to cover the multiple accounts)
C - Annual discount (only charged for 10.5 months)
D - Reserved Instance resource can be shared amongst accounts (pooling of EC2 reserved instances for optimal savings)
E - Discount on RDS and Dynamo DB services
`A, B, & D
AWS Organizations can restrict account privileges usings:
Service Command Protocol (SCP)
Service Control Policy (SCP)
Service Planning Cannery (SPC)
Account Control (AC)
Service Control Policy
With AWS Organization, ___ is available to automate account creation:
API
Cheap labor
JSON scripting
Account Creation Tool (ACT)
API
AWS Organizations - two strategies for multiple accounts are (choose two)
One account with multiple VPCs
Rotating accounts
Slingshot account manuevers
Multiple accounts
one account with multiple VPCs
multiple accounts
AWS multi account strategy (choose two)
enable CloudTrail on just the main account and send logs to central S3 account
send CloudWatch logs to all accounts
send CloudWatch logs to central account
enable Cloudtrail on all accounts and send logs to the central S3 account
send CloudWatch logs to the central account
enable CloudTrail on all accounts and send logs to S3 on just the central account
True or False - When using AWS Organizations, you can nest OUs inside of other OUs
True
True or False:
Service Control Policies can be used to whitelist or blacklist IAM acionts
true
Service Control Policy (SCP) can be applied at the following levels (choose two)
Bottom
Account
OU
Top
Account, OU
Service Control Policy is applied to:
Only the root user
Only the non root users and some roles
all the Users and Roles (including Root)
all the kings horses and all the kings men
all the Users and Roles (including Root)
SCP (Service Control Protocol) (does/does not) affect service-linked roles
does not
Service-linked roles:
enable other AWS services to integrate with AWS Organizations
enable other AWS roles to integrate with bagels and butter
prevent other AWS services from integrating with AWS Organizations
are made of chain metal
enable other AWS services to integrate with AWS Organizations
SCP (Service Control Protocol) (does/does not) apply to the Master Account
does not
What is a typical use case for SCP (Service Control Protocol) - choose two
Enforce PCI compliance by explicitly disabling services
allow access to all services
restrict access to certain services (for example, can’t use EMR)
restrict access to accessing restrictions
enforce PCI compliance by explicitly disabling services
restrict access to certain services (for example, can’t use EMR)
with Service Control Policy, how many levels OU can be created
three
five
two
ten
five
Deny List
Allow List
A - Most restrictive. actions are prohibited by default, and you specify what services and actions are allowed
B - Default setting. which is actions are allowed by default, and you specify what services and actions are prohibited
Deny - B
Allow - A
Deny List
Allow List
A - Most restrictive. actions are prohibited by default, and you specify what services and actions are allowed
B - Default setting. which is actions are allowed by default, and you specify what services and actions are prohibited
Deny - B
Allow - A
Service Control Policies (SCP) apply
apply to internal users and roles and external users
apply to external users only
apply to external users and internal users named Fred
apply to internal users only, not to external users
apply to internal users only, not to external users
By default, AWS Organizations attaches an AWS managed policy called ____ to all roots, OUs, and accounts.
ManagedAll
FullAWSAccess
AWSAccess
ManagedAWSAccess
FullAWSAccess
The _______ deny is when the administrator has selected the Deny option for a permission for a user or group. This Deny takes precedence over all allowed settings
Example: If the administrator has set the Deny Read option on an object for a group, all members of that group are not able to read the object. If the administrator adds a user and gives them the Allow Read permission, if that user is a member of that group, they still are not able to read the object.
Implicit
Implied
Declined
Explicit
Explicit
An _____ deny is when a user or group are not granted a specific permission in the security settings of an object, but they are not explicitly denied either.
Granting permission to an object is done by the administrator adding the user or group to the object’s Access Control List (ACL) and selecting the Allow option for the Read, Modify or Delete permissions. If the administrator does not add the user or group to the object or doesn’t select the Allow or Deny options for any of the permissions, the user or group is ____ denied the permission to the object.
if you have the Management group with Read permission to a file but you want to allow one user in the Management group to Modify the file, you can add the individual user to the files permission and select the Allow option for the Modify permission. Using this method allows the individual user to modify the file even though the group they are in only has the Read permission. An _____ deny only denies a permission until the user or group is allowed to perform the permission.
Implicit
Implied
Declined
Explicit
implicit
Two benefits of Consolidated Billing (choose two)
combined usage (combine usage across all AWS accounts in AWS organization to share volume pricing, Reserved Instances, and Savings Plan discounts.
You get a 30% discount on the total bill
You get a 5% discount on the total bill
You get one bill for all AWS Accounts in the AWS Organization
combined usage (combine usage across all AWS accounts in AWS organization to share volume pricing, Reserved Instances, and Savings Plan discounts.
You get one bill for all AWS Accounts in the AWS Organization
True or False
The management account can turn off Reserved Instances discount sharing for any account in the AWS Organization, including itself.
True
An easy way to set up and govern a secure and compliant multi-account AWS environment based on best practices
AWS Multi
AWS Organizations
AWS Control Tower
AWS MultiAccount
AWS Control Tower
Just fyi - no question involved on this
AWS Control Tower benefits
- automate the set up of your environment in a few clicks
- automate ongoing policy management using guardrails
- detect policy violations and remediate them
- monitor compliance through an interactive dashboard
n/a
Lets you centrally manage your cloud resources to achieve governance at scale of your infrastructure as code (IaC) templates, written in CloudFormation or Terraform. With this service, you can meet your compliance requirements while making sure your customers can quickly deploy the cloud resources they need.
AWS Configure
AWS Monitor
AWS Service Catalog
AWS Guardrail
AWS Service Catalog
Four difference pricing models:
1 - Pay as you go
2 - Save when you reserve
3 - Pay less using more
4 - Pay less as AWS grows
A - volume based discounts
B - pay for what you use, remain agile, responsive, meet scale demands
C - minimize risks, predictably manage budgets, comply with long-term requirements
D - nothing to say here lol
1 - B
2 - C
3 - A
4 - D
Reservations are available for (no correlating question)
EC2 Reserved Instances
DynamoDB Reserved Capacity
ElastiCaste Reserved Nodes
RDS Reserved Instance
Redshift Reserved Nodes
n/a
Free services where you don’t pay for the service but rather, for the resources created by the services (choose three)
Elastic Beanstalk
EC2
CloudFormation
IAM
Auto Scaling Group
VPC
Elastic Beanstalk
CloudFormation
Auto Scaling Group
Two examples of free tier service:
E2 large instance
S3, EBS, ELB, AWS Data transfer (up to a certain amount)
VPC
E2 micro instance
S3, EBS, ELB, AWS Data transfer (up to a certain amount)
E2 micro instance
On-demand instances have a minimum runtime of
1 second
10 seconds
6 seconds
60 seconds
60 seconds
On demand instances of Windows/Linux are charged
per every second
per every minute
per every hour
per every last breath of your dying body
per every second
on demand instances that are not Windows/Linux are charged
per every second
per every minute
per every hour
per every last breath of your dying body
Reserved instances require a commitment of either (choose two)
one year
one week
three months
three years
one year
three years
How much discount it offered on Reserved Instances in comparison to on-demand
10%
33%
75%
25%
75%
How much discount it offered on Spot Instances in comparison to on-demand
90%
33%
75%
25%
90%
This type of instance is where you bid for the instance and could lose the instance should you be outbid by someone offering a higher price.
Reserved Instance
Bid Instance
Blink instance
Spot instance
Spot
Dedicated Host instances require a commitment of either (choose two)
one year
one week
three months
three years
one year
three years
This type of instance runs on hardware dedicated to you
Your Instance
Just4You Instance
Sole instance
Dedicated Host
Dedicated host
This type of instance allows you to user your existing per-socket, or per-VM software license
Dedicated Host
Reserved Instance
Spot Instance
Savings Instance
Dedicated host
Dedicated host uses what type of billing (choose two)
Annual costs
Monthly
On-demand
Reserved for 1 or 3 years
on-demand
reserved for 1 or 3 years
Can both be used to launch EC2 instances onto physical servers that are dedicated for your use (choose two)
Dedication Mode
Dedicated Hosts
Dedicated Instances
Dedicated Nodes
Dedicated Hosts
Dedicates Instances
What are the pay factors for Lambda? (choose TWO)
Per API call
Per duration
Per duration x amount of RAM utilized
Per RAM utilized
per API call
per duration x amount of RAM utilized
What are the pay factors for Fargate?
pay for vCPU and memory resources allocated to your applications
pay per gate
pay per SSD
pay per volume
pay for vCPU and memory resources allocated to your applications
When using A-____ there is no cost but when using a B-____, there is a cost incurred
private IP
default gateway
internet gateway
public IP
A - public IP
B - private IP
What are the three types of Savings Plans
Bridge Savings Plan
EC2 Savings Plan
Compute Savings Plan
Power Savings Plan
Machine Learning Savings Plan
EC2 Savings Plan
Compute Savings Plan
Machine Learning Savings Plan
EC2 Savings Plan offers up to __% discount compared to On-Demand
25%
50%
72%
80%
72%
Commit to a certain $ amount per hour for 1 or 3 years
Capacity Reserved Instance
On-Demand
Reserved Instance
Savings Plan
Savings Plan
Compute Plan offers up to __% discount compared to On-Demand
25%
50%
66%
80%
66%
Between the EC2 and Compute Savings Plan, which is more flexible?
Compute Savings Plan
Which plan pricing is regardless of Family, Region, Size, OS, tenancy, compute options
EC2 Savings Plan
Compute Savings Plan
Versatile Savings Plan
Machine Learning Savings Plan
Compute Savings Plan
Type of savings plan for machine learning services such as SageMaker
Machine Learning Savings Plan
SageMaker Savings Plan
Macho Savings Plan
EC2 Machine Savings Plan
Machine Learning Savings Plan
You can get an estimate pricing for your savings plan at the following URL:
http://awsamazon/savingsplan.com
https://aws.amazon.com/savingsplans/pricing
https://awsamazon/savings-plan-pricing.com
https://aws.amazon.com/savingspricingplan
http://aws.amazon.com/savingsplans/pricing
The Savings Plan is setup from the
AWS Budget
AWS Dashboard
AWS Savings Console
AWS Cost Explorer console
AWS Cost Explorer Console
Reduce costs and improve performance by recommending optimal AWS resources for your workloads. Uses Machine Learning to analyze your resources configurations and their utilization CloudWatch metrics
AWS Analyzer
AWS Deterministic
AWS Compute Optimized
AWS CloudAnalyze
AWS Compute Optimized
URL for AWS Pricing Calculator
https://calculatorawscom.com
https://calculator.aws
https//aws.com/calculator
https://calculator.aws.com
https://calculator.aws/
A way to estimate your costs in the cloud.
AWS Estimator
AWS PricingEstimate
AWS Pricing Calculator
AWS PriceWise
AWS Pricing Calculator
will show you all of the costs incurred for the month, the forecast and month to date
AWS Billing Dashboard
AWS Free Tier Dashboard
AWS Billing Site
AWS Cost Explorer
AWS Billing Dashboard
will show you all of the resources used under the free tier
AWS Billing Dashboard
AWS Free Tier Dashboard
AWS Billing Site
AWS Cost Explorer
AWS Free Tier
Cost and Usage Reports can be integrated and analyzed using (choose three)
Athena
RDS
DynamoDB
Redshift
QuickSight
MSWord
Athena
Redshift
QuickSight
Provides a more granular insight into your costs and usage by running a report that can be integrated and analyzed with Athena, Redshift, or QuickSight
AWS Cost Explorer
AWS Billing Dashboard
AWS Costs and Usage Reports
AWS Free Tier
AWS Cost and Usage Reports
Two types of tags
Resource
Freeze
Merit
Cost Allocation
Resource
Cost Allocation
you can edit resource tags by
Going to “Resource Groups and Tag Editor” and select “Tag Editor”
Go to the Tag Dashboard
Go to the Editor Dashboard
Go to Cost Allocation tags
Going to “Resource Groups and Tag Editor” and select “Tag Editor”
Provides a more granular insight into your costs and usage by using a more visual overlay and including forecasting
AWS Cost Explorer
AWS Billing Dashboard
AWS Costs and Usage Reports
AWS Free Tier Reports
AWS Cost Explorer
True or False
AWS Cost Explorer and AWS Cost and Usage are both very similar but AWS Cost Explorer provides a more visual representation while AWS Cost and Usage allows to run of various report
True
AWS Cost & Usage Reports (and AWS Cost Explorer) can run with which granularities (choose three)?
minute
second
daily
15 minute interval
hourly
monthly
hourly
daily
monthly
If you’re looking for a service that will allow you to forecast your bill for up to 12 months ahead, you would use:
Cost & Usage Reports
Cost Explorer
Budgets
Bill and Chills
Cost Explorer
Cost and Usage Reports take about how long to generate
1 hour
10 minutes
24 hours
60 minutes
24 hours
Billing data metric is stored in which region?
us-west-2
us-central-1
us-east-1
us-north-2
us-east-1
What three types of Budget can be created?
Usage
Cost
Service
Instance
Savings Plan
Reservation
Usage, Cost, Reservation, Savings Plan
How many SNS notifications can be sent per budget?
10
5
1
100
5
What is the price structure for Budgets?
Free Tier
Always Free
2 budgets free, then $.02/day/budget
$10/month
2 budgets free, then $.02/day/budget
Continuously monitors your cost and usage using ML to detect unusual spends
AWS Anomaly
AWS MLAnalysis
AWS Cost Anomaly Detection
AWS ML Anomaly
AWS Cost Anomaly Detection
AWS Cost Anomaly Detection monitors the following (select four)
AWS Services
AWS EC2 instances
Member accounts
S3 buckets
Cost Allocation tag
Cost categories
AWS Services
Member Accounts
Cost Allocation tags
Cost categories
This service monitors all your quotas across AWS, you can get quota alerts via CloudWatch, and you can request quota increases directly from the console
AWS Quotas
AWS Quote Alarm
AWS Service Quotas
AWS Quato Alert
AWS Service Quotas
Service provides high level AWS account assessment. Will analyze your accounts and provide recommendation on 5 categories
AWS Account Assessment
AWS Account Overview
AWS Trusted Advisor
AWS Account Stock
AWS Trusted Advisor
Trust Advisor provides recommendations on five categories (Basic and Developer only get 7 specific checks whereas Business and Enterprise get all five):
Size
Speed
Cost Optimization
Fault Tolerance
Legality
Service Limits
Performance
Profitability
Security
Cost Optimization
Fault Tolerance
Service Limits
Performance
Security
The Basic and Developer level accounts have access to how many Trusted Advisor core checks
1
5
7
10
7
Choose 3 (of the 7) Trusted Advisor core checks from the list below
EBS Public Snapshots
EFS filesystem
Service Limits
RDS integrity
IAM Use (one IAM user minimum)
EBS Public Snapshots
Service Limits
IAM Use (one IAM user minimum)
Choose 3 (of the 7) Trusted Advisor core checks from the list below
Security Groups - specific ports unrestricted (i.e SSH)
EFS filesystem
S3 Bucket permissions
RDS integrity
RDS Public snapshots
Security Groups - specific ports unrestricted
S3 Bucket permissions
RDS public snapshots
Choose 3 (of the 7) Trusted Advisor core checks from the list below
EBS Public Snapshots
EFS filesystem
MFA on Root Account
RDS integrity
IAM Use (one IAM user minimum)
EBS Public Snapshots
MFA on Root Account
IAM Use (one IAM user minimum)
Choose 3 (of the 7) Trusted Advisor core checks from the list below
EBS Public Snapshots
EFS filesystem
MFA on Root Account
RDS public snapshot
Organization integrity
EBS Public Snapshots
MFA on Root account
RDS public snapshot
Business and Enterprise accounts get access to the following from Trusted Advisor (choose three)
The same 7 checks as Basic and Developer accounts
Full checks (200+) available on the 5 categories
12 checks (7 + 5)
Ability to set CloudWatch alarms when reaching limits
CloudTrail alerts
Programmatic Access using AWS Support API
Full checks available on the 5 categories
Ability to set CloudWatch alarms when reaching limits
Programmatic Access using AWS Support API
Which two accounts have access to the AWS Support API
Basic
Developer
Business
Enterprise
Business
Enterprise
How many checks are provided by Trusted Advisor
7
10
20
over 200
over 200
What are the four different AWS support plans you can choose from?
Basic
Standard
Developer
DevOps
Business
Corporate
Enterprise
Basic
Developer
Business
Enterprise
What type of AWS Support does this describe
Free
Basic
Developer
Business
Enterprise On-Ramp
Enterprise
Basic
What type of AWS Support does this describe
Greater of $29 or 3% of monthly AWS charges
Basic
Developer
Business
Enterprise On-Ramp
Enterprise
Developer
What type of AWS Support does this describe
Greater of $100 or
10% of monthly AWS charges for the first $0 - $10K
7% of monthly AWS charges from $10k - $80k
5% of monthly AWS charges from $80k - $250k
3% of monthly AWS charges over $250k
Basic
Developer
Business
Enterprise On-Ramp
Enterprise
Business
What type of AWS Support does this describe
Greater of $5,500 or 10% of monthly AWS charges
Basic
Developer
Business
Enterprise On-Ramp
Enterprise
Enterprise On-Ramp
What type of AWS Support does this describe
Greater of $15,000 or
10% of monthly AWS charges for the first $0 - $150K
7% of monthly AWS charges from $150k - $500k
5% of monthly AWS charges from $500k - $1M
3% of monthly AWS charges over $1M
Basic
Developer
Business
Enterprise On-Ramp
Enterprise
Enterprise
What type of AWS Support does this describe
- Customer Service & Communities - 24x7 access to customer service, documentation, whitepapers, and support forums.
- AWS Trusted Advisor - access to the 7 core checks and guidance to provision your resources following best practices to increase performance and improve security
- Personal Health Dashboard
Basic
Developer
Business
Enterprise On-Ramp
Enterprise
Basic
What type of AWS Support does this describe
- Basic Support Plan +
- Business hours email access to Cloud Support Associates
- Unlimited cases / 1 primary contact
- Case severity / response times
==> general guidance < 24 business hours
==> System impaired: < 12 business hours
Basic
Developer
Business
Enterprise On-Ramp
Enterprise
Developer
What type of AWS Support does this describe
Intended to be used for production workloads
Trusted Advisor - full set of checks & API access
24x7 phone, email, and chat access to Cloud Support Engineers
Unlimited cases / unlimited contacts
Access to infrastructure Event Management for additional fee
- Case severity / response times
==> general guidance < 24 business hours
==> System impaired: < 12 business hours
==> Production system impaired < 4 hours
==> Production system down < 1 hour
Basic
Developer
Business
Enterprise On-Ramp
Enterprise
Business
What type of AWS Support does this describe
Intended to be used for production or business critical workloads
All of Business Support Plan +
Access to a pool of Technical Account Managers (TAM)
Concierge Support Team (for billing and account best practices)
infrastructure Event Management, Well-Architected & Operations Reviews
- Case severity / response times
==> general guidance < 24 business hours
==> System impaired: < 12 business hours
==> Production system impaired < 4 hours
==> Production system down < 1 hour
==> Business-critical system down < 30 minutes
Basic
Developer
Business
Enterprise On-Ramp
Enterprise
Enterprise On-Ramp
Intended to be used for production or mission critical workloads
All of Business Support Plan +
Access to designatedTechnical Account Managers (TAM)
Concierge Support Team (for billing and account best practices)
infrastructure Event Management, Well-Architected & Operations Reviews
- Case severity / response times
==> general guidance < 24 business hours
==> System impaired: < 12 business hours
==> Production system impaired < 4 hours
==> Production system down < 1 hour
==> Business-critical system down < 15 minutes
Basic
Developer
Business
Enterprise On-Ramp
Enterprise
Enterprise
Operate multiple accounts using
AWS Multiple
AWS Accounts
AWS Organizations
AWS ManyAccounts
AWS Organizations
To setup guardrails and restrict power, use
AWS PowerLimit
AWS SCP (service control policies)
AWS Services
AWS Fukitall
AWS SCP (service control policies)
Easily setup multiple accounts with best-practices
AWS Organizations
AWS Clock Tower
AWS MultiAccounts
AWS Legion
AWS Clock Tower
For easy resource management and billing, you can use
Taggers
Allocation Costs
Use Tags & Cost Allocation Tag
Tags, Tags and more Tags
Use Tags & Cost Allocation Tag
Choose four that represent IAM guidelines
password policy
reverse enginerring
MFA
most privilege
least privilege
password rotation
password policy
MFA
least privilege
password rotation
Use this to record all resources configuration & compliance over time
Compliance Config
AWS Config
AWS Comply
AWS Configulrate
AWS Config
A ____ is a collection of AWS resources that you can manage as a single unit.
Bundle
Group
Set
Stack
stack
use to deploy stacks across accounts and regions
AWS Max
AWS ManyMove
AWS Stars
AWS Stacks
AWS Stacks
To record API calls made within your account use
API Manager
CloudTrails
API Clouds
CloudWatch
CloudTrails
If your account is compromised (choose three)
Scream
change root password
delete and recreate account from backup
rotate all passwords/keys
contact AWS Support
change root password
rotate all passwords/keys
contact AWS Support
allows all users to create stacks defined by admins
AWS Service Catalog
AWS Stack Creator
AWS Stack Service
AWS Service Stack
AWS Service Catalog
recommends resources configurations to reduce costs
Compute Minute
Resource Compute
Resource Recommend
Compute Optimizer
Compute Optimizer
Difference between Budget and Cloudwatch alarms
- 3pm
- Budget can alarm you of forecasting over Budget, Cloud Watch can only alert if actually going over
- The cost to use each service
- Cloudwatch can alarm you of forecasting over Budget, Budget can only alert if actually going over
Budget can alarm you of forecasting over Budget, Cloud Watch can only alert if actually going over
