Services Flashcards
(150 cards)
1
Q
Cloud Computing Service Model
A
3 main types of cloud service models
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)
- Software as a Service (SaaS)
2
Q
Deployment models
A
3 main types of cloud deployment models
- Public
- Private
- Hybrid
3
Q
Cloud Computing
A
On-demand delivery of compute power, database storage, apps and other IT resources through a cloud services platform with pay as you go pricing.
4
Q
Advantages of cloud computing
A
- Trade capital expense for variable expense (pay as you go)
- Massive economy of scale; we get the cost savings
- Stop guessing capacity
- Increase speed and agility (need foundation)
- Stop spending money through maintaining data centers
- Can expand easily (lower cost of trying new ideas); reduces risks for organizations
5
Q
IaaS
A
- Cloud computing service model
- The provider offers virtualized computing resources over the Internet.
6
Q
PaaS
A
- Cloud computing service model
- The provider offers a platform for developing, testing, and deploying applications over the Internet.
7
Q
SaaS
A
- Cloud computing service model
- The provider offers software applications over the Internet.
8
Q
Regions
A
Geographical areas where AWS provides services.
There’s also data centers here.
6 in the US
25 worldwide
9
Q
Availability Zones
A
- They have 1 or more data centers
- There’s multiple of them included within each AWS region. 2 in a region minimum. 1 has at least 1 data center.
- They are located within a geographic area of an AWS region.
- Has redundant power, networking and connectivity.
24 in the USA
69 worldwide
10
Q
Edge Location
A
AWS data centers that are designed to cache and deliver content to end-users with low latency.
11
Q
Amazon Elastic Compute Cloud (EC2)
A
Web service that provides resizable compute capacity in the cloud.
Can create virtual machines (aka EC2 instances) that can run a variety of operating systems and applications.
12
Q
Elastic Beanstalk
A
A web service that makes it easy to deploy and scale web applications and workloads on EC2
During deployment, it handles provisioning, load balancing and monitoring (reduce maintenance needed)
Leverages existing AWS services (only pay for the other services you leverage)
Deploy app with minimal knowledge of other services
Supports Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker.
13
Q
AWS Lambda
A
A serverless compute service that runs your code in response to events and triggers.
14
Q
Lightsail
A
A simplified compute service that provides virtual private servers, storage, and networking.
15
Q
Amazon Simple Storage Service (S3)
A
A scalable object storage service that provides virtually unlimited storage for data from anywhere on the web, data which you can also retrieve.
Offers feature such as versioning, lifecycle policies and encryption.
16
Q
Elastic Block Store (EBS)
A
A block storage service that provides PERSISTENT storage for EC2 instances.
17
Q
Glacier
A
A low-cost, secure, and durable storage service designed for data archiving and long-term backup.
18
Q
Storage Gateway
A
A hybrid storage service that provides a bridge between on-premises and cloud storage.
19
Q
Amazon Relational Database Service (RDS)
A
Fully managed database service that makes it easy to set up, operate, and scale a relational database in AWS.
Handles provisioning, patching, backup, and recovery of database
Supports deployment across multiple AZs and can be launched into a VPC
Platform supported: MySQL, MariaDB, Oracle Database, SQL Server, Amazon Aurora (MySQL compatible RDBS built for Cloud that is open-sourced database)
20
Q
DynamoDB
A
A fully managed NoSQL database service that provides fast and predictable performance with seamless automated scalability based off usage.
It allows you to store and retrieve any amount of data and serve any level of request traffic.
Provided both key-value and document database
Offers in-memory cache with the DynamoDB Accelerator (DAX)
Handles 10 trillion requests per day (20 million requests per second)
Use Case: Serverless architecture, scale without excessive maintenance
21
Q
Redshift
A
A scalable data warehousing service that provides fast querying and analysis of large data sets.
Leverages high performance disks and columnar storage
Offers the ability to fully encrypt contents through providing isolation with VPCs
Enables querying of exabytes of data in Amazon S3 using Redshift Spectrum
22
Q
Aurora
A
A high-performance fully managed relational database engine that is compatible with MySQL and PostgreSQL.
It provides up to five times better performance than standard MySQL or PostgreSQL databases.
23
Q
Amazon Virtual Private Cloud (VPC)
A
A service that provides a logically isolated section of the AWS Cloud for deploying resources in a virtual network that you define and control.
24
Q
Elastic Load Balancing
A
A service that grows and contracts based on the incoming traffic across multiple targets such as EC2 instances, containers and IP addresses, improving availability and fault tolerance.
Works with EC2, ECS and Lambda
25
Route 53
A Domain Name System (DNS) service that allows you to route internet traffic to your resources, such as EC2 instances or S3 buckets, and to map domain names to specific resources (such as mapping www.example.com to IP addresses 192.0.2.1.
Can reroute users when server is down
26
CloudFront
A content delivery network service that caches and delivers content such as data, videos, applications, and APIs globally to end-users with low latency and high transfer speeds.
Uses edge locations
Uses server closest to user
27
AWS Identity and Access Management (IAM):
A service that let you manage access to AWS services and resources securely.
It allows you to create and manage users and groups, and to assign permissions for specific AWS resources.
28
Amazon Inspector
A security assessment service that helps improve the security and compliance of applications deployed on AWS.
29
Certificate Manager
A service that lets you provision, manage, and deploy SSL/TLS certificates for use with AWS services.
30
Key Management Service (KMS)
A service that makes it easy to create and manage keys
31
Amazon Simple Notification Service (SNS)
A flexible and fully managed messaging service that allows you to send notifications from the cloud to different devices and endpoints.
32
Simple Queue Service (SQS)
A fully managed message queuing service that enables you to decouple and scale micro-services, distributed systems, and serverless applications.
Supports up to 256 Kbs. data payload and allows message to be stored up to 14 days
Provides two types of queues (Standard/FIFO)
33
Amazon Web Services (AWS)
Cloud computing platform that provides a wide range of services and tools to help businesses and individuals build and deploy applications and services.
34
AWS Global Infrastructure
AWS has a global infrastructure that includes regions, availability zones, and edge locations.
35
CloudFormation
Managed service for provisioning infrastructure based on templates
Pay for resources as you go
Templates in YAML and JASON (infrastructure as a code)
Manages dependencies between resources
Provides drift detection to find changes in your infrastructure (can identify changes)
36
CloudWatch
Provides metrics, logs, and alarms for infrastructure
Monitoring and management services
Provides visualizations capabilities for metrics (custom dashboards)
37
AWS CLI (Command Line Interface)
A command-line tool that enables you to interact with AWS services and manage them from your terminal or command prompt.
38
CloudTrail
A service that provides a record of API calls made in your AWS account.
It logs all API activity and makes it easier to track changes and troubleshoot issues.
39
Kinesis
A fully managed service for real-time data processing and analytics.
It allows you to ingest, buffer, and process streaming data at a large scale.
40
Auto Scaling
A service that automatically adjusts the number of EC2 instances in a fleet in response to changes in demand for application resources.
41
Simple Email Service (SES)
A cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails.
42
API Gateway
A service that enables you to create, deploy, and manage APIs for your applications.
Has monitoring and metrics
43
AWS Config
A service that enables you to continuously assess, audit, and evaluate the configurations of your AWS resources
Has configuration history for infrastructure
Works against rules that you can customize or even create custom validation
Includes conformance packs for compliance standards
Work with AWS organization
Provides remediation steps if not meeting criteria
44
Trusted Advisor
A service that provides best practices, guidance, and recommendations for optimizing your AWS infrastructure
Access through the AWS Console
Different checks provided based of support plan tier
All AWS customers get access to 7 core checks
45
What is the value of AWS Cloud?
1. Trade capital expense for variable expense (pay as you go)
2. Massive economy of scale; we get the cost savings
3. Stop guessing capacity
4. Increase speed and agility (need foundation)
5. Stop spending money through maintaining data centers
6. Can expand easily (lower cost of trying new ideas); reduces risks for organizations
46
How does AWS Cloud allow users to focus on business value?
Shift technical resources to revenue-generating activities as opposed to managing infrastructure
47
Total Cost Ownership Calculator
Generates report that evaluate the costs of running their applications on AWS versus running them on-premises
48
OpEx/Operational Expenses
Costs associated with running and maintaining a system or application on the AWS cloud
Typically pay-as-you-go and can be scaled up or down as needed.
49
CapEx/Capital Expenses
Upfront costs associated with purchasing and deploying hardware and infrastructure.
50
Impact of software licensing when moving to the cloud
Organizations can save on software licensing costs.
AWS offers flexible and scalable options for computing resources, allowing organizations to optimize their use and avoid paying for unused capacity.
Additionally, AWS offers various licensing options, such as bring-your-own-license and pay-as-you-go, which can further reduce costs.
51
Five characteristics of a data center
1. Increasing capacity takes time and additional investment (CapEx)
2. Large upfront investments CapEx
3. Forecasting the user demand is difficult so there can be under used capacity/unmet demand
4. Maintaining data centers is expensive
5. Security and compliance maintenance
52
3 types of cloud computing models and the control they have
1. IaaS Infrastructure as a Service: Max Control
2. PaaS Platform as a Service: Medium Control
3. SaaS Software as a Service
53
Public Cloud Deployment Model
Deployed onto a public cloud provider
EX: AWS, Microsoft Azure, Google Cloud
54
On Premise Deployment Model
Deployed in a private data center using cloud-like providers (VMWare)
55
Hybrid Cloud Deployment Model
Deployed with a mix of public cloud and on-premise models, using both a provider like AWS and private
56
Elasticity
The ability to acquire resources as you need them and release resources when you no longer need them.
57
Naming Convention for AWS Availability Zone
Us-east-2a
These 3 make the region piece
- Area
- Sub-area
- Number
This comes at the end
- AZ
OR in other words
(Region - AZ)
58
Cost Explorer
User interface for reviewing AWS costs, forecasting future costs, and providing recommendations for cost optimization
59
Pricing Calculator/ Simple Monthly Calculator
Tool for estimating the cost of running specific AWS infrastructure (can give estimation of future workloads)
60
Resource Tags
Metadata assigned to a specific AWS resource (name and optional value to categorize costs)
61
AWS Organizations
Allows organizations to manage multiple accounts under 1 master account
Consolidated billing for 1 account
Get centralized logging and security standards across accounts
62
AWS Support
1. Enables support from AWS resources for workloads running in the cloud
2. provided in different tiers based on need and scope
3. Includes tools to provide automated answers and recommendations
63
Personal Health Dashboard
Alerts and remediation guidance when AWS is experiencing events that may impact you
64
7 Core Checks of AWS Trusted Advisor
1. Cost Optimization
2. Performance
3. Security
4. Fault Tolerance
5. Service Limits
65
Basic Support Plan
1. All access by AWS customers
2. Access to trusted advisors
3. Access to Personal Health Dashboard
4. No access to support engineers for technical implementations
5. No monthly costs
66
Developer Support Plan:
1. Has all features of basic support
2. Business hours email access to support engineers
3. Limited to 1 primary contact that can file cases
4. $29 a month > ties into AWS usage
67
Business Support Plan
1. Has all features of developer support
2. Full set of Trusted Advisor checks
3. Unlimited contacts can make cases
4. 3rd party software support
5. $100 a month > ties into AWS usage
6. Email, Chat, Phone: 24/7 access to Cloud Support Engineers
68
Enterprise Support Plan: Access to Cloud Support Associates
1. Has all features of business support
2. Includes designated Technical Account Manager
3. Includes concierge support teams
4. Starts at $15,000 per month
5. Email, Chat, Phone: 24/7 access to Senior Cloud Support Engineers
69
Business Support Plan Response Time to Incidents
General incidents: 24 hours
System impaired: 12 hours
Production system impaired: 4 hours
Production system down: 1 hour
70
Developer Support Plan: Response to Incidents
General incidents: 24 business hours
71
Enterprise Support Plan: Response to Incidents
General incidents: 24 hours
System impaired: 12 hours
Production system impaired: 4 hours
Production system down: 1 hour
Business critical system down: 15 minutes
72
AWS QuickStart
Provides step by step deployment instructions for common technology platforms
73
AWS Partner Network Consulting
Partners are 3rd party consultants that can help with cloud implementations
74
AWS Professional Services
Utilize AWS employees for assistance as cloud implementation consultants
75
AWS Console
Users can leverage their browser to configure resources
It is a web and app-based interface for interacting with most of AWS services
It is great to test out AWS services
Root user > person that actually created the account (unrestricted)
IAM user > person that has limited access
76
AWS CLI
Command line access for administering AWS resources
Manage your use of AWS services from the command line
Repeated tasks to automate would be good
Access keys: created and should download key IDs
CLI: 2 versions, Windows > Python
77
AWS SDK
Programmatic access to manage AWS resources (software developer kit)
Automate many aspects of the platform
Help in the backend customization
Repeated tasks to automate would be good
Enables automation of AWS tasks within custom apps (Java, .NET, Node.js, JavaScript, PHP, Python, Ruby, Go, C++)
78
Instance Types in EC2
Defines the processor, memory and storage type
Use for general purpose,
compute/memory/storage optimized, accelerated computing
Need downtime to change
Certain instance types have unique types
Pricing changes over time and varies base on vCPU (virtual centralized processing unit), memory, and linux pricing.
Changes based on the higher the memory, the higher the linux pricing.
79
Root Device Type
Instance store: the data can go away. Ephemeral storage that is physically attached to host virtual server is running on
Elastic Block Store (EBS): can be continual. Persistent storage that exists separately from host virtual server is running on
80
Amazon Machine Image (AMI)
Template for launching an EC2 instance including configuration, operating system, data
AWS provides many of them that can be leveraged
They can be shared across AWS accounts
Can create your own
Commercial ones are available with AWS Marketplace
81
On-Demand Purchase Option
You pay by the second for the instances that are launched
82
Reserved Purchase Option
You purchase at a discount instances in advance for 1-3 years
Standard: All Upfront (high CapEx), Partial Upfront (1/3 cost), No Upfront
Convertible: conversion of attributes for workloads
Scheduled: works for a time window to have various workloads
83
Spot Purchase Option
You can leverage unused EC2 capacity in a region for a large discount
84
Dedicated Purchase Option
Dedicated physical server (most expensive)
May be required for server software licensing or compliance requirement
85
Steps to Launch EC2 Instance
Launch Instance
Select an AMI
Select an Instance Type and Configure Instance Details
Add Storage (can change volume)
Add Tags (if needed)
Configure Security Groups (can be personal with My IP)
86
This is needed to sign into an EC2 instance
Key pair
87
After successfully running an EC2 instance, what can you access?
Public DNS (Domain name system) to check out the web server you created virtually
88
What should you do once you're done using your EC2 instance?
Terminate it to not incur costs
89
How do you launch Elastic Beanstalk?
Get started on Elastic Beanstalk
Create the web app
Choose the platform (software)
Upload code or sample application
Configure more options (can be adjusted)
Create app (will do the initial deployment)
Monitor it on dashboard (if you want)
Terminate when done
90
Content Delivery Network
Logically isolated section of AWS cloud where you can launch AWS resources in a Virtual Network you define
Supports IPv4 and IPv6 address
Can configure the IP address range, subnets, route tables, gateways
Supports public and private subnets
Enables a connection to data center
Can connect to other VPCs and private connections to AWS services
91
AWS Direct Connect
Cloud solution that makes it easy to establish a dedicated connection from data centers to AWS
92
Domain NAme Service
Translates memorized domain names to numeric IP addresses needed for locating and identifying computer services/devices with underlying network protocols
93
Global Accelerator
Sends user's traffic through AWS's global network infrastructure, improving internet user performance by up to 60%
Utilizes IP addresses that route to edge locations
Once requests reaches edge locations, traffic is routed through AWS network
Use Cases: Non-HTTP Protocol (UDP, MQTT, VOIP), Requires Static IP, Instant Failover
94
Performance Improvements when using the AWS Global Accelerator
Distance between user and initial endpoints is minimized with edge locations
Traffic is reduced
Results in improvement of throughput and provides superior fault tolerance by not relying on DNS
95
What are the File storage Services, such as Amazon S3?
Stores files as objects in buckets (provides different storage classes for different use cases)
Stores data across multiple AZs
Enables URL access for files
Configurable rules for data lifecycle/ Static web host
Objects can transition/ expire based on criteria
Transitions can enable objects to move to another storage based on time
96
What does the S3 Standard Non-Archival Storage Class do?
Default storage class
97
What does the S3 Standard IA non-archival storage class do?
Infrequently accessed data with the standard resilience
98
What does the S3 Intelligent-Tiering non archival class do?
Moves data to correct storage class based on usage (frequency)
99
What does the S3 One Zone IA non-archival storage class do?
Infrequent access data that is in one AZ
100
S3 Transfer Acceleration
Feature that can be enabled per bucket that allows for optimized uploading of data using AWS Edge locations as a part of CloudFront
101
What is the process to create and manage an S3 Bucket?
Create bucket
Give it a unique bucket name
Configure options
Manage performance (public/private)
Complete
102
What is the process to upload files in a S3 bucket once its been created?
Upload files into bucket as objects
Manage uploads
Storage classes
Upload (all can access the URL)
Manually set permissions
* To host a website, you need an index.html
103
AWS DataSync
- Leverages the DataSync agent deployed as a VM on your network
- Integrates with S3 EFS and Fix for Windows File Server on AWS
- Greatly improved speed of transfer due to custom protocol and optimizations
- Charged per GB of data transferred
104
ElastiCache
Fully managed in-memory data store
Supports both Memcached and Redis
Provides low latency in response times
Enables scaling and replicas to meet application demand
Handles common use cases including database layer caching, session storage
105
What is App Integration Service, such as amazon SNS (Simple Notification System)?
Fully managed pub-sub messaging service
Enables to create decoupled apps
Organized according to topics (Publish/Subscribe)
Can integrate with multiple AWS services
Provides end user notification across SMS, email, and other notifications
Example: User Signup > SNS Topic > Lambda Function & SQS Queue > Email
106
AWS Step Function
Enables orchestration of workflows through a fully managed service
Supports driverless architectures and complex workflows including error handling
Charged per state transitions along with the other AWS services leveraged
Workflows are defined using Amazon States Language
Integrate with Compute, Database, Messaging, Data Processing and Machine Learning Services
107
What are Management and Governance Services such as AWS CloudTrail used for?
Log, continuously and monitor account activity related to actions across AWS infrastructure
Inserts audit trail in an S3 bucket or into CloudWatch Logs
Logs events in regions which they occur
Meet many compliance requirements (should be enabled for every AWS account)
Use Cases: Forensics Analysis (data breaches), Operational Analysis, Troubleshooting
108
What are Management and Governance Services such as AWS CloudTrail used for?
Log, continuously and monitor account activity related to actions across AWS infrastructure
Inserts audit trail in an S3 bucket or into CloudWatch Logs
Logs events in regions which they occur
Meet many compliance requirements (should be enabled for every AWS account)
Use Cases: Forensics Analysis (data breaches), Operational Analysis, Troubleshooting
109
AWS Systems Manager
UI that can view operational data from AWS architectures
Provides multiple tools to manage infrastructure
Enables automation tasks for common maintenance actions
Gives security to access servers using only AWS credentials
Stores commonly used parameters securely for operational use
110
AWS Systems Manager
UI that can view operational data from AWS architectures
Provides multiple tools to manage infrastructure
Enables automation tasks for common maintenance actions
Gives security to access servers using only AWS credentials
Stores commonly used parameters securely for operational use
111
AWS OpsWork
Configuration management service (defined as code for servers)
Provides managed instances of Chef and Puppet
Works in hybrid cloud architecture for cloud base and on-prem
112
Control Towers
Multi-account environment that centralizes users across all AWS accounts
Create new AWS accounts based on templates and dashboard capabilities
Guardrails - specific protections within child-parental relationships
113
AWS Acceptance Use Policy
Sending unsolicited mass emails is prohibited
Hosting or distributing harmful content is prohibited
Penetration tests are allowed of a list of specific services
114
Shared Responsibilities Model: Security of the Cloud
Access and training for Amazon employees
Security of the cloud infrastructure
Global data centers and underlying network
Hardware for global infrastructure
Configuration management for infrastructure
Patching cloud infrastructures and services
115
Shared Responsibilities: Customer Responsibilities: Security in the Cloud
Customers are responsible for the security of the workloads they run in the cloud, including the operating system, applications, data, security, and identity and access management.
Access to cloud resources and training
Operating system, network and firewall configurations
All code deployed onto cloud infrastructure
0 Patching guest OS and customs applications
116
Fault tolerance
Being able to support the failure of components within your architecture
Service that supports Fault Tolerance: SQS, Route 53
117
Services that help with Compliance?
AWS Config: Provides conformance packs for standards
AWS Artifact: Provides self-service access to reports
Amazon GuardDuty: Provides intelligent threat detection
118
What is Least Privilege Access?
Grants minimum permissions needed to complete their task (Root vs IAM)
119
3 AWS IAM Identities
User: Account for a single individual to access AWS resources
Groups: Allows you to manage permissions for a group of IAM Users
Role: Enables a user or AWS service to assume permissions for a task
120
What are Policies in AWS IAM?
A JSON document that defines permissions for an AWS IAM identity (principal)
Defines both AWS services that the identity can access and what actions can be taken on service
Can be managed by either customer or AWS
121
What are best practices for IAM?
Multi-Factor Authentication: provides additional security through physical/virtual device that generates a token for login (managed from a root user perspective)
Least Privilege Access: granted access to AWS that are required for their tasks
122
What is Amazon Cognito?
User directory service for custom apps (provides UI components for many platforms)
Provides security capabilities to control account access
Enables controlled access to AWS resources and work with social enterprise identity provider
123
What is AWS Glue?
ETL process (store data, pull it out, manipulate it, load)
Serverless execution that supports data in Amazon RDS, DynamoDB, Redshift and S3
124
What is Amazon Elastic Map Reduce (EMR)?
Enables big-data processing on Amazon EC2 and S3
Supports big data, popular open-source frameworks, Apache services and tools
Operates in a clustered environment without additional configuration
Supports Apache Spark, Hive, Base, Flink, Audi, Presto
125
What is an AWS Data Pipeline?
Managed ETL and the workflow through AWS services
Supports all of Glue's functionality and can integrate with on-prem data stores
126
To analyze data, Amazon Athena is used. What is it?
Fully managed serverless service
Enables querying of large-scale data stored within Amazon S3
Queries are written using standard SQL
Charged based on data scanned for query
127
To analyze data, Amazon Quicksight is used. What is it?
Fully managed BI service
Dynamic data dashboard based on data stored in AWS
Charged on per-user and per-session pricing model
Multiple versions based on needs
128
To analyze data, Amazon Cloudsearch is used. What is it?
Fully managed search services of AWS
Supports scaling of search infrastructure to meet demand
Charged per hour and instance type of search infrastructure
Enables developers to integrate search into custom apps
129
To integrate AI and Machine Learning, Amazon Rekognition is used. What is it?
Fully managed images and video recognition deep learning service
Image object detection
Identifies objects and actions in video
Detects specific people using facial analysis
Supports custom labels for your business objects
130
To integrate AI and Machine Learning, Amazon Translate is used. What is it?
Fully managed service for text translation
Can support 54 languages and perform language identification
Works both in batch and real-time
131
What is Disaster Recovery on AWS?
Any event that has a negative impact on a company business continuity or finances
132
What is Pilot Light for Disaster Recovery?
Key infrastructure components are kept running in the cloud
Designed to reduce recovery time over the Backup and Restore approach
Incur cost of this infrastructure continually running in the cloud
AMI's are prepared for additional system and can be launched quickly
133
What is Warm Standby for Disaster Recovery?
Scaled-down version of the full environment is running in the cloud
Critical systems can be running on less capable instance types
Instance types and other systems can be ramped for DR events
Incur continuous run in the cloud
134
What is Multi-Site for Disaster Recovery?
Full environment always running in cloud
Utilizes instance types needed for production not just recovery
Provides a near seamless recovery
Least recovery time but most costly
135
What is the Recovery-Time Objective?
Time to take backup and running from DR event
136
What is the Recovery-Point Objective?
Amount of data loss for a production system during a disaster recovery event
Data loss for an hour in terms of time
137
What is Vertical Scaling?
Scale up instance type to a larger instance type with additional resources
138
What is Horizontal Scaling?
Scale out and add additional instances to handle demand of apps
139
What are auto scaling groups?
Launch template defines the instance configuration for the group
Defines the minimum, maximum, and desired number of instances
Health check performance on each instance
Exists within 1 or more availability zone in a single region
On-demand and spot instances
140
AWS Secret Manager
Secure way to integrate credentials, API keys, token and other content
Integrate with RDS, DocumentDB, and Redshift
Can auto-rotate credentials with integrated services
Enables fine-grained access control to secrets
141
What is the AWS VPN?
Creates an encrypted tunnel into VPC
Can be used to connect your data center or even individual client machines
Supported in two services (Site to Site VPN and Client VPN)
141
What are Security Groups?
Serve as a firewall for EC2 instances (belong to multiple security groups)
Control inbound and outbound traffic (are allowed)
Works at the instance levels (must be explicitly associated with an EC2 instance)
VPCs have default security groups
142
What are Network ACL?
Works at the subnet level with VPC
Enables you to allow and deny traffic
Each VPC has a default ACL that allows both traffic
Custom ACLs deny all traffic until rules are added
143
What is the AWS Shields?
DDOS: type of attack where a server gets traffic than they can handle making the service go down
Has protection for DDOS
Enables ongoing threat detection and migration
Has 2 different standard (Standard/Advance)
144
What is Amazon Macie?
Machine learning to analyze data stored in Amazon S3
Can detect personal info and IP in S3
Provides dashboards that show how the data is being stored and accessed
Enables alerts if it detects unusual data access
145
What is Amazon Inspector
Enables scanning of Amazon EC2 instances for security vulnerabilities
Charged by instance/ assessment run
2 types of rules packages
Network reachability assessment
Host assessment
146
To deploy pre-defined solutions, there is AWS Service Catalog. What is is?
Serve as an organization service catalog for the cloud
Can include single service image to multi-tier custom apps
Enables organizations to leverage services that meet compliance
Supports a lifecycle for services released in the catalog
147
An AWS Developer Service is AWS CodeCommit. What is it?
Managed source control service
Utilizes Git for repositories
Control access with IAM policies
Services as an alternative for GitHub
148
An AWS Developer Service is AWS Code Pipeline. What is it?
Fully managed continuous delivery service
Provides capabilities to automate building, testing and deploying
Integrates with other developer tools like Github as well
149
What are the 3 types of load balancers?
3 types of load balancers
App Load Balancer, Network Load Balancer, Classic Load Balancer
