Services Flashcards
1
Q
AWS Transfer Family
A
AWS Transfer Family is a fully managed service for transferring files over Secure File Transfer Protocol (SFTP), FTPS, and FTP
2
Q
EBS
A
Network drive you can attach to your EC2 instance
Data remains even EC2 instance is terminated
Mounted on 1 instance at a time
Bound to an AZ
Move data from 1 instance to another
3
Q
AMI
A
Amazon Machine Image
Launch EC2 instances from an AMI
You can add your s/w, configurations, OS, monitoring into an AMI
Build for a specific region
AMUI also creates an EC2 instance
4
Q
EFS
A
Network file system (NFS) attached to EC2
It can be attached to more than 1 EC2 instance unlike EBS
EFS works only with your Linux EC2 instances
It works across multiple AZs.
Pay per use and not by capacity
EFS IA = Storage class is going to be cost-optimized for files that you don’t access very often
5
Q
Amazon FSx
A
Third party high performance (HPC) file system on AWS
Fully managed service
Build on windows file server
Supports SMB and windows NTFS
Integrated with windows active directory
Accessed from AWS or on Premise
6
Q
ELB
A
Spread load across more than 1 instance based on incoming traffic
TYPES
1. Application Load Balancer (Layer 7)(HTTP/HTTPS, uses DNS or URL)
2. Network Load Balancer (Layer 4) (TCP/UDP, users Static IP)
3. Gateway Load Balancer (Layer 3, GENEVA, used for intrusion detection and routes to third party security virtual appliances before sending it to EC2)
7
Q
Snow Family
A
SnowCone - 8 and 14 TB, Migrate upto 24TB online and offline
SnowBall Edge - 80 TB, Migrate upto PB offline
SnowMobile - < 100 PB, Migrate upto Exabytes offline
8
Q
Storage Gateway
A
Exposing S3 data on premises
9
Q
OpsHub
A
Software you install on your computer to manage snow family device
10
Q
ElastiCache
A
In Memory DB for faster read/write for all databases
11
Q
DynamoDB
A
No SQL DB Managed DB
Serverless
Standard and IA Table Class
12
Q
RedShift
A
Serverless(Pay for what you use) and based on Postgre SQL
Only for OLAP and not OLTP
Used for Data warehousing
Uses Massively Paraller Processing Query (MPP)
Integrate with BI tools like AWS QuickSight or Tableau
13
Q
EMR (Elastic Map Reduce)
A
Helps create Hadoop clusters(Big Data)
Clusters are many EC2 instances
Autoscaling and integrated with spot instances
ML, Data Processing, Web Indexng, Big data
14
Q
Athena
A
Serverless and perform anaytics on S3
Uses SQL
Used for BI, Analytics, Anaylze VPC Flow Logs, CloudTrail, ELB Logs
15
Q
QuickSight
A
Serverless to create interactive dashboards
Integrated with all DBs
16
Q
DocumentDB
A
Aurora for MongoDB
No SQL DB
17
Q
Neptune
A
Fully Managed Graph DB
Social Media data
18
Q
QLDB
A
Quantum Ledger DB
Recording Financial Transactions
To review history of all the changes made to your application data over time
Central authority
19
Q
Managed Blockchain
A
Joins public blockchains like hyperledger fabric or Ethereum
No central authority
20
Q
Glue
A
Serverless and does ETL
Take data from S3 or RDS, Transform and load into RedShift
21
Q
DMS
A
Data Migration
22
Q
DynamoDB Accelerator(DAX)
A
In Memory Cache for faster read/write for Dynamo DB
23
Q
DynamoDB Global Tables
A
It’s a way for you to make DynamoDB table accessible with low latency in multiple regions
24
Q
Docker
A
Software development platform to deploy apps
Apps are packaged into containers that can run on any OS
Docker images are stored in docker respositories
-Public docker respository
-Private in Amazon ECS (Elastic container repository)
25
ECS
Launch docker container on AWS
Provision EC2 instances in advance
26
Fargate
Launch docker container on AWS
No need to provision EC2 instances in advance (serverless)
27
ESR
Container registry to store docker images that can be run by ECS or Fargate
28
Lambda
Virtual functions with unlimited CPU and RAM
Time limit of 15 mins
Limited to some programming languages
29
API Gateway
To create, publish, maintain, monitor and secure API on AWS
e.g. Serverless HTTP API
supports RESTFul API and WebSocket API
30
Batch
Fully managed Batch Processing at any scale
Dynamically launch EC2 instances or Spot instances
Run as docker images on ECS
No limit of programming languages
31
Lightsail
Standalone services to get virtual storage, db and networking in one place
32
CloudFormation
Reusable template for defining AWS infrastructure
Infrastructure as Code (IaaS)
33
CDK
Define cloud infratuture using familiar programming languages like Java, Python, .Net, etc.
Code is finally compiled into JSON/YAML (CloudFormation) format
Deploy infrature and runtime together
34
Beanstalk
Developer centric view of deploying application on AWS
Platform as a service (PaaS)
35
CodeDeploy
Hybrid service to automatically deply your code
36
CodeCommit
Hosts Git respository in AWS to store your code
37
CodeBuild
Compiles source code, run tests, produces packages ready to be deployed by Code Build
38
CodePipeline
Code=>Build=>Test=>Provision=>Deploy=>EBS
It orchestrate the steps from code to deployment
39
CodeArtifact
Store code artifacts like dependecies
40
CodeStar
All code related services under one roof with unified UI
41
Cloud9
IDE on Browser
42
SSM
Manage EC2 instances and On premise systems at scale(Hybrid service)
-Automatic patching of all your instances
-Run commands across entire fleet of services
-Store parameter configuration with SSM parameter store
43
SSM Session Manager
Allows to start a secure shell on EC2 instances and on premise servers without SSH access or port 22 access
44
SSM Parameter Store
Store API keys, passwords, configurations (Serverless)
45
OpsWork
Gives managed Chef and Puppet in the cloud
Chef and Puppet performs server configurations automatically
46
DNS Route 53
Route users, to the closer to deployment with the least latency
Disaster recovery strategies
DNS, Health Checks, Routing Policy, Domain Registration
47
CDN CloudFront
Replicate part of our application data into some AWS Edge Locations
Cache the common request in CloudFront
Uses WAF and Shield to protect from web attacks
48
S3 transfer acceleration
Global uploads and downloads into Amazon S3
Leverages the Edge Locations of AWS.
49
AWS Global Accelerator
Improved global application availability and performance using AWS global network
50
Outposts
Deploy Racks on premise data centre to extend AWS services
51
Wavelength
AWS service within 5G networks
52
Local Zones
Local access closer to users locations
Extend VPC to local zones
53
SQS
Serverless service to decouple applications
Stores messages from 4 to 14 days
FIFO and Standard Queue
54
Kinesis
Real time big data streaming
Kinesis data streams, Kinesis fire hose, Kinesis data analytics and Kinesis video streams
55
SNS
Pub Sub integration
Sending 1 message to many applications
Send message notifications using publish and subscribe model
56
MQ
Managed Brocker Service for Rabbit MQ and Active MQ
57
CloudWatch
Provides metrics of each AWS service
Set Alarms at each service reaching a certain threshold
58
CloudWatch logs
Logs are not on by default for AWS service
Once on, you can see logs generated by each service here
59
EventBridge
To create a two types of events, cron job or rules to react to a service doing something like EC2 terminate, user logging into AWS console, etc.
The output from EventBridge can be sent to trigger a lambda function or SNS/SQS, etc
60
EventBus
Default Event Bus - Events happening inside AWS sent here
Partner Event Bus - Events happening outside AWS like zendesk, datadog, etc. sent here
Custome Event Bus - Events happening in custom apps sent here
61
CloudTrail
Provides governance, compliance and audit for your AWS accounts
This is user action logging and user actions like Console login, using SDK, using CLI, etc.
Output is sent to CloudWatch Logs or S3
62
AWS X-Ray
TroubleShooting, Distributed Tracing, Service Graph for distributed applications on AWS
63
CodeGuru
ML powered service for Automated code reviews (Code Guru Reviewer) and Application performance recommendations (Code Guru Profiler)
Code Guru Profiler - Checks the runtime code in production and identifies code inefficiences and recommends the performance, memory and cost optimization
64
AWS Health Dashboard
Service History - All regions, all services status
Personal Health Dashboard (PHD) - If any AWS events that impact your account (performance and availability of the services), shows up here
65
ElasticIP
It costs even if its not attached to an EC2 instance or EC2 instance is stopped
66
VPC
VPC is linked to a region
Withing VPC we have subnets
67
Subnet
Subnet is linked to an AZ
Used to partition your VPC
Define public and private subnets
68
Route Table
Define access to internet and between subnets
69
CIDR Range
Range of IP addresses allowed in the VPC
70
Internet Gateway
Helps to connect VPC to internet
Public subnet routes to internet gateway which connect to internet
71
NAT Gateway & NAT Instances
NAT Gateway (AWS managed)
NAT Instances (Self Managed)
Allows instances in private subnet to access internet but still remain private
72
Network ACL
Firewall that controls traffic from and to a subnet
Define Allow & Deny rules and rules include only IP addresses
73
Security Groups
Firewall that controls traffic from and to a ENI/EC2 instance
Define Allow rules only and rules include IP addresses or other SGs
74
VPC Peering
To connect two VPC privately using the network from AWS
IP addresses range should not overlap
75
VPC Endpoints
To access AWS services by a private subnet in a private network
VPC Endpoint Gateway - Connect to S3 or DynamoDB
VPN Endpoint Interface - Connect to all other AWS services
76
AWS PrivateLink
Allows services running in your VPC in AWS to other VPCs privately
Add Network Load Balances on premise
Add Elastic Network Interface on AWS VPC
77
Site to Site VPN
Connect on premise DC with VPC on AWS over public internet but enctypted
Add a Customer Gateway on premise
Add Virtual Private Gateway at VPC
Connect both using site to site VPN
78
Direct Connect (DX)
Connect on premise DC with VPC on AWS over private network using physical connection
79
Client VPN
Connect your computer to private subnet in VPC on AWS
Add AWS client VPN (OpenVPN) on the computer
80
Transit Gateway
To connect different VPCs, client, On premise with one solution
81
AWS Shield Standard
Free and enabled for all customers against DDoS attack
Provides Layer 3 and 4 attacks and reflection attacks
82
AWS Shield Advanced
Paid and 24/7 DDoS protection and support
83
AWS WAF(Web Application Firewall)
Filter requests based on rules and placed on Layer 7 like Application Load Balancer, API Gateway and CloudFront.
Protection against web exploits
Define Web ACL - filter based on IP addresses, HTTP header, body and URI strings, geo matching, rate based rules
Protects against SQL Injection and Cross Site Scripting (XSS)
84
CloudFront and Route 53
Provide protection at Edge location when used along with Shield
Architecture:
Route 53 is protected by shield and routes the requests to CloudFront.
CloudFront is also protected by shield and it caches the content on edge location
Use AWS WAF at CloudFront to filter the requests based on rules
Use Load Balancer on public subnet to scale the load at network level
Then behind load balancer user EC2 instances with ASG
85
AWS Network Firewall
Protect VPC overall from Layer 3 to 7.
This operates at VPC level unlike Web ACL that operates at subnet level
86
KMS
Key Management Service is the AWS encryption service and keys are managed by AWS
87
CloudHSM(Hardware security module)
AWS only provisions encryption hardware and encryption keys are managed by customer
88
CMK
Customer Master Keys
1. Customer managed CMK
2. AWS managed CMK
3. AWS owned CMK
4. Cloud HSM keys(found under custom key store)
For CloudTrail and Glacier S3 encryption is enabled by default
89
Secrets Manager
Store and Rotate passwords (Rotation using custom Lambda function)
Integrated with Amazon RDS
Encrypted using KMS
90
AWS Artifacts
Portal that provides AWS compliance and AWS agreement documents
91
Amazon GuardDuty
Threat Detective Service
Detects anomalies in AWS account
Input is from CloudTrail logs, VPC flow logs, DNS logs, S3 logs, EBS logs, Lambda network activity, RDS and Aurora login logs, EKS audit logs and output can be sent to EventBridge to generate SNS or Lambda function
92
Amazon Inspector
Run automated security assessments only on running EC2 instances, Lambda functions and Container images on ECR
Check for OS, S/w vulnerabilities and network reachability on EC2
Reports its findings into AWS Security Hub and Amazon Event Bridge
93
AWS Config
Helps auditing and recording compliance of the AWS resources
It records the configurations and their changes over time
94
AWS Macie
Fully managed data security and data privacy service uses ML
Alert agains PII
95
AWS Security Hub
Dashboard to manage security across several AWS accounts and automate security checks
Aggregates alerts from Config, Guard Duty, Inspector, Macie, iAM Access Analyzer, Systems Manager, Firewall, Health, Partnet Network Solutions
96
Amazon Detective
To analyze the root cause of security issues using ML and graphs
97
AWS Abuse
Report suspected AWS resources used for abuse or illegal purpose
98
CloudTrail
Track API calls made by users within the account
99
iAM Access Analyzer
To identify which resources are shared externally outside your zone of trust
100
Amazon Rekognition
To recognize objects, people, text and scene in images and videos
using machine learning
101
Amazon Transcribe
Convert Speech To Text
102
Polly
Convert Text to Speech
103
Amazon Translate
Translate text to other language
104
Amazon Lex
Same tech as Alexa. Uses ASR. Speech to Text and natural language understanding (NLU) to recognize the intent of the text
Helps to build ChatBots
Works with Amazon Connect (Call centre solution)
105
Amazon Comprehend
NLP
Analyze customer emails
106
Amazon SageMaker
Fully managed service for developers/data scientists to build machine learning models
107
Amazon Forecast
Fully managed service uses ML to forcast
108
Amazon Kendra
Fully managed document search service uses ML
109
Amazon Personlize
Build apps with real time personlized recommendations
110
Amazon Textracts
Extract text, handwriting, or data from any scanned document
and behind the scenes
111
SCP (Service control policies)
Centrally manage all users and roles permissions in your organization
Whitelist or Blacklist iAM actions
Apply at OU(Org unit) or account level and not at Master Account level
You can allow or deny access to your AWS account services to the OU or Account
112
AWS Control Tower
Set up and govern a secure multi-account AWS environment with best practices for your organization
Automate the setup of accounts
Automate ongoing policy management using guardrails
Detect the policy violations and remediate them
Monitor your compliance through an interactive dashboard
113
AWS RAM (Resource access manager)
Share resources(owned by your account) with other accounts
114
AWS Service Catalog
Self Service Portal to launch AWS services (pre configured by cloudformation templates) by the users
To use pre-defined tracks defined by admins
115
AWS Compute optimizer
Supported resources to suggest cost optimization
EC2, EC2 ASG, EBS Volumes and Lambda Fx
116
Pricing Calculator
To estimate cost in AWS and can be used by who does not have AWS account
117
Cost usage report
Used for tracking cost. Shows when, why and how much the cost was incurred
Can be integrated with Athena, QuickSight or RedShift
118
Cost Explorer
High level tracking compred to Cost usage report
Forcast the bill upto 12 months based on past usage
Can suggest Savings plan for reserved instances
119
AWS Budgets
Alarm when cost exceeds the budget or forcast exceeds the budget
120
AWS cost anomaly detection
Uses ML to detect cost anaomaly
Monitor cost->Get Alerted->RCA
121
AWS Service Quotas
Notify when you are close to your service quota value threashold
Create CloudWatch Alarms
Request to increase service quota
122
Trusted Advisor
High level AWS account assessment
Recommendation on 5 categories: PCSFS
-Cost Optimizations
-Performance
-Security
-Fault Tolerance
-Service Limits
7 Core checks for basic and developer plans
-S3 bucket permissions - Making sure bucket is not public
-Security group, making sure that some ports are not unrestricted, such as SSH.
-IAM Use so making sure that we have at least one,
-IAM user in our accounts.
-Ensuring we don't have any EBS public snapshots
-Ensuring we do not have any RDS public snapshots
-Looking at service limits in AWS
Full Checks for business and enterprise plans
- Full checks in all 5 categories above
- Set cloudwatch alarms
- Programatic access to AWS Support API
123
AWS STS
Security token services is only to provide temporary limited credential services to a AWS services to a user
124
Cognito
Identity for web and mobile application users
125
AWS Directory services
AWS Managed Microsoft AD ((AD users both on prem and AWS)
AD Connector (AD Users onpremise)
Simple AD (AD users on AWS only)
126
AWS IAM Identity Center (SSO)
127
Amazon Workspaces
Destop as a Service (DaaS) to provision Windows and Linus desktops
128
AppStream
Desktop application streaming service on your web browser (no need of virtual desktop)
129
IoT Core
To connect IoT devices into AWS cloud
130
Elastic Transcoder
Convert media files on S3 to media files as required by the devices like phones, etc.
131
AppSync
To build a backend for your mobile and web application
To store and synchronize data for mobile and web applications in real time
Makes use of GraphQL
132
Amplify
Helps to develop full stack Web and Mobile applications
133
Device Farm
To test web and mobile apps using real devices and browsers
134
AWS Backup
Automate backups across AWS services into S3
Cross region and cross account backups
135
Disaster recovery strategies
Backup and restore (cheapest)
Pilot light
Warm standby
Multi sites/hot sites
136
AWS Elastic DR
To recover physical, virtual and cloud based servers into AWS
Continuous replication of on premise apps, OS and DBs into AWS low cost staging.
On failover move to higher cost production enviornment on AWS
137
AWS DataSync
Move large amount of data from on premise to AWS using replication
After full load the replication is incremental
138
Application Discovery Service and Migration
Services to migrate on premise to AWS
139
AWS Migration Evaluator
Install Collector on premise to collect all info with regards to data, servers, dependenscies, etc.
Input that into AWS Migration Evaluator
Output is quick insights into cost and business case
140
AWS Migration Hub
Central location where you can collect server and applications inventory data for the assessment, planning and tracking of migrations to AWS
Automate the process of lift and shift
Also use AWS Hub Migration Orchestrator to use pre-bulit templates for SAP, SQL Server, etc.
141
AWS Fault Injection Simulator (FIS)
Generate and run experiment templates to create disruptions to the application like suddeb increase in CPU or RAM, etc to see how the application reacts.
Monitor using CloudWatch or EventBridge
142
Step Functions
Serverless visual workflow to orchestrate Lambda functions
143
Ground Station
Control Satellite communication
144
AWS Pinpoint
2 way marketing communication service
145
6 Pillars
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
- Sustainability
146
AWS CAF (Cloud adoption framework)
- White paper that helps you to build and execute a plan for digital transformation using AWS
- It groups the capabilities under
Business
- Business
- People
- Governance
Technical
- Platform
- Security
- Operations
147
AWS CAF Transformation Domains
- Technology
- Process
- Organization
- Product
148
AWS IQ
Help to quickly find a professional to help you with your AWS projects
149
AWS re:Post
Community Forum. AWS managed Q&A service
150
AWS Managed Service
AWS provides a team of AWS exeprts to help you manage and operate your infrastructure for security, reliability and availability
