Services Flashcards

1
Q

AWS Transfer Family

A

AWS Transfer Family is a fully managed service for transferring files over Secure File Transfer Protocol (SFTP), FTPS, and FTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

EBS

A

Network drive you can attach to your EC2 instance
Data remains even EC2 instance is terminated
Mounted on 1 instance at a time
Bound to an AZ
Move data from 1 instance to another

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

AMI

A

Amazon Machine Image
Launch EC2 instances from an AMI
You can add your s/w, configurations, OS, monitoring into an AMI
Build for a specific region
AMUI also creates an EC2 instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

EFS

A

Network file system (NFS) attached to EC2
It can be attached to more than 1 EC2 instance unlike EBS
EFS works only with your Linux EC2 instances
It works across multiple AZs.
Pay per use and not by capacity
EFS IA = Storage class is going to be cost-optimized for files that you don’t access very often

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Amazon FSx

A

Third party high performance (HPC) file system on AWS
Fully managed service
Build on windows file server
Supports SMB and windows NTFS
Integrated with windows active directory
Accessed from AWS or on Premise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ELB

A

Spread load across more than 1 instance based on incoming traffic
TYPES
1. Application Load Balancer (Layer 7)(HTTP/HTTPS, uses DNS or URL)
2. Network Load Balancer (Layer 4) (TCP/UDP, users Static IP)
3. Gateway Load Balancer (Layer 3, GENEVA, used for intrusion detection and routes to third party security virtual appliances before sending it to EC2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Snow Family

A

SnowCone - 8 and 14 TB, Migrate upto 24TB online and offline
SnowBall Edge - 80 TB, Migrate upto PB offline
SnowMobile - < 100 PB, Migrate upto Exabytes offline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Storage Gateway

A

Exposing S3 data on premises

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

OpsHub

A

Software you install on your computer to manage snow family device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ElastiCache

A

In Memory DB for faster read/write for all databases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

DynamoDB

A

No SQL DB Managed DB
Serverless
Standard and IA Table Class

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

RedShift

A

Serverless(Pay for what you use) and based on Postgre SQL
Only for OLAP and not OLTP
Used for Data warehousing
Uses Massively Paraller Processing Query (MPP)
Integrate with BI tools like AWS QuickSight or Tableau

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

EMR (Elastic Map Reduce)

A

Helps create Hadoop clusters(Big Data)
Clusters are many EC2 instances
Autoscaling and integrated with spot instances
ML, Data Processing, Web Indexng, Big data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Athena

A

Serverless and perform anaytics on S3
Uses SQL
Used for BI, Analytics, Anaylze VPC Flow Logs, CloudTrail, ELB Logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

QuickSight

A

Serverless to create interactive dashboards
Integrated with all DBs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

DocumentDB

A

Aurora for MongoDB
No SQL DB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Neptune

A

Fully Managed Graph DB
Social Media data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

QLDB

A

Quantum Ledger DB
Recording Financial Transactions
To review history of all the changes made to your application data over time
Central authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Managed Blockchain

A

Joins public blockchains like hyperledger fabric or Ethereum
No central authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Glue

A

Serverless and does ETL
Take data from S3 or RDS, Transform and load into RedShift

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

DMS

A

Data Migration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

DynamoDB Accelerator(DAX)

A

In Memory Cache for faster read/write for Dynamo DB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

DynamoDB Global Tables

A

It’s a way for you to make DynamoDB table accessible with low latency in multiple regions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Docker

A

Software development platform to deploy apps
Apps are packaged into containers that can run on any OS
Docker images are stored in docker respositories
-Public docker respository
-Private in Amazon ECS (Elastic container repository)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
ECS
Launch docker container on AWS Provision EC2 instances in advance
26
Fargate
Launch docker container on AWS No need to provision EC2 instances in advance (serverless)
27
ESR
Container registry to store docker images that can be run by ECS or Fargate
28
Lambda
Virtual functions with unlimited CPU and RAM Time limit of 15 mins Limited to some programming languages
29
API Gateway
To create, publish, maintain, monitor and secure API on AWS e.g. Serverless HTTP API supports RESTFul API and WebSocket API
30
Batch
Fully managed Batch Processing at any scale Dynamically launch EC2 instances or Spot instances Run as docker images on ECS No limit of programming languages
31
Lightsail
Standalone services to get virtual storage, db and networking in one place
32
CloudFormation
Reusable template for defining AWS infrastructure Infrastructure as Code (IaaS)
33
CDK
Define cloud infratuture using familiar programming languages like Java, Python, .Net, etc. Code is finally compiled into JSON/YAML (CloudFormation) format Deploy infrature and runtime together
34
Beanstalk
Developer centric view of deploying application on AWS Platform as a service (PaaS)
35
CodeDeploy
Hybrid service to automatically deply your code
36
CodeCommit
Hosts Git respository in AWS to store your code
37
CodeBuild
Compiles source code, run tests, produces packages ready to be deployed by Code Build
38
CodePipeline
Code=>Build=>Test=>Provision=>Deploy=>EBS It orchestrate the steps from code to deployment
39
CodeArtifact
Store code artifacts like dependecies
40
CodeStar
All code related services under one roof with unified UI
41
Cloud9
IDE on Browser
42
SSM
Manage EC2 instances and On premise systems at scale(Hybrid service) -Automatic patching of all your instances -Run commands across entire fleet of services -Store parameter configuration with SSM parameter store
43
SSM Session Manager
Allows to start a secure shell on EC2 instances and on premise servers without SSH access or port 22 access
44
SSM Parameter Store
Store API keys, passwords, configurations (Serverless)
45
OpsWork
Gives managed Chef and Puppet in the cloud Chef and Puppet performs server configurations automatically
46
DNS Route 53
Route users, to the closer to deployment with the least latency Disaster recovery strategies DNS, Health Checks, Routing Policy, Domain Registration
47
CDN CloudFront
Replicate part of our application data into some AWS Edge Locations Cache the common request in CloudFront Uses WAF and Shield to protect from web attacks
48
S3 transfer acceleration
Global uploads and downloads into Amazon S3 Leverages the Edge Locations of AWS.
49
AWS Global Accelerator
Improved global application availability and performance using AWS global network
50
Outposts
Deploy Racks on premise data centre to extend AWS services
51
Wavelength
AWS service within 5G networks
52
Local Zones
Local access closer to users locations Extend VPC to local zones
53
SQS
Serverless service to decouple applications Stores messages from 4 to 14 days FIFO and Standard Queue
54
Kinesis
Real time big data streaming Kinesis data streams, Kinesis fire hose, Kinesis data analytics and Kinesis video streams
55
SNS
Pub Sub integration Sending 1 message to many applications Send message notifications using publish and subscribe model
56
MQ
Managed Brocker Service for Rabbit MQ and Active MQ
57
CloudWatch
Provides metrics of each AWS service Set Alarms at each service reaching a certain threshold
58
CloudWatch logs
Logs are not on by default for AWS service Once on, you can see logs generated by each service here
59
EventBridge
To create a two types of events, cron job or rules to react to a service doing something like EC2 terminate, user logging into AWS console, etc. The output from EventBridge can be sent to trigger a lambda function or SNS/SQS, etc
60
EventBus
Default Event Bus - Events happening inside AWS sent here Partner Event Bus - Events happening outside AWS like zendesk, datadog, etc. sent here Custome Event Bus - Events happening in custom apps sent here
61
CloudTrail
Provides governance, compliance and audit for your AWS accounts This is user action logging and user actions like Console login, using SDK, using CLI, etc. Output is sent to CloudWatch Logs or S3
62
AWS X-Ray
TroubleShooting, Distributed Tracing, Service Graph for distributed applications on AWS
63
CodeGuru
ML powered service for Automated code reviews (Code Guru Reviewer) and Application performance recommendations (Code Guru Profiler) Code Guru Profiler - Checks the runtime code in production and identifies code inefficiences and recommends the performance, memory and cost optimization
64
AWS Health Dashboard
Service History - All regions, all services status Personal Health Dashboard (PHD) - If any AWS events that impact your account (performance and availability of the services), shows up here
65
ElasticIP
It costs even if its not attached to an EC2 instance or EC2 instance is stopped
66
VPC
VPC is linked to a region Withing VPC we have subnets
67
Subnet
Subnet is linked to an AZ Used to partition your VPC Define public and private subnets
68
Route Table
Define access to internet and between subnets
69
CIDR Range
Range of IP addresses allowed in the VPC
70
Internet Gateway
Helps to connect VPC to internet Public subnet routes to internet gateway which connect to internet
71
NAT Gateway & NAT Instances
NAT Gateway (AWS managed) NAT Instances (Self Managed) Allows instances in private subnet to access internet but still remain private
72
Network ACL
Firewall that controls traffic from and to a subnet Define Allow & Deny rules and rules include only IP addresses
73
Security Groups
Firewall that controls traffic from and to a ENI/EC2 instance Define Allow rules only and rules include IP addresses or other SGs
74
VPC Peering
To connect two VPC privately using the network from AWS IP addresses range should not overlap
75
VPC Endpoints
To access AWS services by a private subnet in a private network VPC Endpoint Gateway - Connect to S3 or DynamoDB VPN Endpoint Interface - Connect to all other AWS services
76
AWS PrivateLink
Allows services running in your VPC in AWS to other VPCs privately Add Network Load Balances on premise Add Elastic Network Interface on AWS VPC
77
Site to Site VPN
Connect on premise DC with VPC on AWS over public internet but enctypted Add a Customer Gateway on premise Add Virtual Private Gateway at VPC Connect both using site to site VPN
78
Direct Connect (DX)
Connect on premise DC with VPC on AWS over private network using physical connection
79
Client VPN
Connect your computer to private subnet in VPC on AWS Add AWS client VPN (OpenVPN) on the computer
80
Transit Gateway
To connect different VPCs, client, On premise with one solution
81
AWS Shield Standard
Free and enabled for all customers against DDoS attack Provides Layer 3 and 4 attacks and reflection attacks
82
AWS Shield Advanced
Paid and 24/7 DDoS protection and support
83
AWS WAF(Web Application Firewall)
Filter requests based on rules and placed on Layer 7 like Application Load Balancer, API Gateway and CloudFront. Protection against web exploits Define Web ACL - filter based on IP addresses, HTTP header, body and URI strings, geo matching, rate based rules Protects against SQL Injection and Cross Site Scripting (XSS)
84
CloudFront and Route 53
Provide protection at Edge location when used along with Shield Architecture: Route 53 is protected by shield and routes the requests to CloudFront. CloudFront is also protected by shield and it caches the content on edge location Use AWS WAF at CloudFront to filter the requests based on rules Use Load Balancer on public subnet to scale the load at network level Then behind load balancer user EC2 instances with ASG
85
AWS Network Firewall
Protect VPC overall from Layer 3 to 7. This operates at VPC level unlike Web ACL that operates at subnet level
86
KMS
Key Management Service is the AWS encryption service and keys are managed by AWS
87
CloudHSM(Hardware security module)
AWS only provisions encryption hardware and encryption keys are managed by customer
88
CMK
Customer Master Keys 1. Customer managed CMK 2. AWS managed CMK 3. AWS owned CMK 4. Cloud HSM keys(found under custom key store) For CloudTrail and Glacier S3 encryption is enabled by default
89
Secrets Manager
Store and Rotate passwords (Rotation using custom Lambda function) Integrated with Amazon RDS Encrypted using KMS
90
AWS Artifacts
Portal that provides AWS compliance and AWS agreement documents
91
Amazon GuardDuty
Threat Detective Service Detects anomalies in AWS account Input is from CloudTrail logs, VPC flow logs, DNS logs, S3 logs, EBS logs, Lambda network activity, RDS and Aurora login logs, EKS audit logs and output can be sent to EventBridge to generate SNS or Lambda function
92
Amazon Inspector
Run automated security assessments only on running EC2 instances, Lambda functions and Container images on ECR Check for OS, S/w vulnerabilities and network reachability on EC2 Reports its findings into AWS Security Hub and Amazon Event Bridge
93
AWS Config
Helps auditing and recording compliance of the AWS resources It records the configurations and their changes over time
94
AWS Macie
Fully managed data security and data privacy service uses ML Alert agains PII
95
AWS Security Hub
Dashboard to manage security across several AWS accounts and automate security checks Aggregates alerts from Config, Guard Duty, Inspector, Macie, iAM Access Analyzer, Systems Manager, Firewall, Health, Partnet Network Solutions
96
Amazon Detective
To analyze the root cause of security issues using ML and graphs
97
AWS Abuse
Report suspected AWS resources used for abuse or illegal purpose
98
CloudTrail
Track API calls made by users within the account
99
iAM Access Analyzer
To identify which resources are shared externally outside your zone of trust
100
Amazon Rekognition
To recognize objects, people, text and scene in images and videos using machine learning
101
Amazon Transcribe
Convert Speech To Text
102
Polly
Convert Text to Speech
103
Amazon Translate
Translate text to other language
104
Amazon Lex
Same tech as Alexa. Uses ASR. Speech to Text and natural language understanding (NLU) to recognize the intent of the text Helps to build ChatBots Works with Amazon Connect (Call centre solution)
105
Amazon Comprehend
NLP Analyze customer emails
106
Amazon SageMaker
Fully managed service for developers/data scientists to build machine learning models
107
Amazon Forecast
Fully managed service uses ML to forcast
108
Amazon Kendra
Fully managed document search service uses ML
109
Amazon Personlize
Build apps with real time personlized recommendations
110
Amazon Textracts
Extract text, handwriting, or data from any scanned document and behind the scenes
111
SCP (Service control policies)
Centrally manage all users and roles permissions in your organization Whitelist or Blacklist iAM actions Apply at OU(Org unit) or account level and not at Master Account level You can allow or deny access to your AWS account services to the OU or Account
112
AWS Control Tower
Set up and govern a secure multi-account AWS environment with best practices for your organization Automate the setup of accounts Automate ongoing policy management using guardrails Detect the policy violations and remediate them Monitor your compliance through an interactive dashboard
113
AWS RAM (Resource access manager)
Share resources(owned by your account) with other accounts
114
AWS Service Catalog
Self Service Portal to launch AWS services (pre configured by cloudformation templates) by the users To use pre-defined tracks defined by admins
115
AWS Compute optimizer
Supported resources to suggest cost optimization EC2, EC2 ASG, EBS Volumes and Lambda Fx
116
Pricing Calculator
To estimate cost in AWS and can be used by who does not have AWS account
117
Cost usage report
Used for tracking cost. Shows when, why and how much the cost was incurred Can be integrated with Athena, QuickSight or RedShift
118
Cost Explorer
High level tracking compred to Cost usage report Forcast the bill upto 12 months based on past usage Can suggest Savings plan for reserved instances
119
AWS Budgets
Alarm when cost exceeds the budget or forcast exceeds the budget
120
AWS cost anomaly detection
Uses ML to detect cost anaomaly Monitor cost->Get Alerted->RCA
121
AWS Service Quotas
Notify when you are close to your service quota value threashold Create CloudWatch Alarms Request to increase service quota
122
Trusted Advisor
High level AWS account assessment Recommendation on 5 categories: PCSFS -Cost Optimizations -Performance -Security -Fault Tolerance -Service Limits 7 Core checks for basic and developer plans -S3 bucket permissions - Making sure bucket is not public -Security group, making sure that some ports are not unrestricted, such as SSH. -IAM Use so making sure that we have at least one, -IAM user in our accounts. -Ensuring we don't have any EBS public snapshots -Ensuring we do not have any RDS public snapshots -Looking at service limits in AWS Full Checks for business and enterprise plans - Full checks in all 5 categories above - Set cloudwatch alarms - Programatic access to AWS Support API
123
AWS STS
Security token services is only to provide temporary limited credential services to a AWS services to a user
124
Cognito
Identity for web and mobile application users
125
AWS Directory services
AWS Managed Microsoft AD ((AD users both on prem and AWS) AD Connector (AD Users onpremise) Simple AD (AD users on AWS only)
126
AWS IAM Identity Center (SSO)
127
Amazon Workspaces
Destop as a Service (DaaS) to provision Windows and Linus desktops
128
AppStream
Desktop application streaming service on your web browser (no need of virtual desktop)
129
IoT Core
To connect IoT devices into AWS cloud
130
Elastic Transcoder
Convert media files on S3 to media files as required by the devices like phones, etc.
131
AppSync
To build a backend for your mobile and web application To store and synchronize data for mobile and web applications in real time Makes use of GraphQL
132
Amplify
Helps to develop full stack Web and Mobile applications
133
Device Farm
To test web and mobile apps using real devices and browsers
134
AWS Backup
Automate backups across AWS services into S3 Cross region and cross account backups
135
Disaster recovery strategies
Backup and restore (cheapest) Pilot light Warm standby Multi sites/hot sites
136
AWS Elastic DR
To recover physical, virtual and cloud based servers into AWS Continuous replication of on premise apps, OS and DBs into AWS low cost staging. On failover move to higher cost production enviornment on AWS
137
AWS DataSync
Move large amount of data from on premise to AWS using replication After full load the replication is incremental
138
Application Discovery Service and Migration
Services to migrate on premise to AWS
139
AWS Migration Evaluator
Install Collector on premise to collect all info with regards to data, servers, dependenscies, etc. Input that into AWS Migration Evaluator Output is quick insights into cost and business case
140
AWS Migration Hub
Central location where you can collect server and applications inventory data for the assessment, planning and tracking of migrations to AWS Automate the process of lift and shift Also use AWS Hub Migration Orchestrator to use pre-bulit templates for SAP, SQL Server, etc.
141
AWS Fault Injection Simulator (FIS)
Generate and run experiment templates to create disruptions to the application like suddeb increase in CPU or RAM, etc to see how the application reacts. Monitor using CloudWatch or EventBridge
142
Step Functions
Serverless visual workflow to orchestrate Lambda functions
143
Ground Station
Control Satellite communication
144
AWS Pinpoint
2 way marketing communication service
145
6 Pillars
- Operational Excellence - Security - Reliability - Performance Efficiency - Cost Optimization - Sustainability
146
AWS CAF (Cloud adoption framework)
- White paper that helps you to build and execute a plan for digital transformation using AWS - It groups the capabilities under Business - Business - People - Governance Technical - Platform - Security - Operations
147
AWS CAF Transformation Domains
- Technology - Process - Organization - Product
148
AWS IQ
Help to quickly find a professional to help you with your AWS projects
149
AWS re:Post
Community Forum. AWS managed Q&A service
150
AWS Managed Service
AWS provides a team of AWS exeprts to help you manage and operate your infrastructure for security, reliability and availability