Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

AWS Architect Associate > Services - Management and Governance > Flashcards

Services - Management and Governance Flashcards

1
Q

Auto Scaling - Characteristics

A
  • Monitors applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost
  • There’s no charge for using this service
  • From a single UI can configure automatic scaling policies for multiple resources like:
  • EC2 instances and Spot Fleets
  • ECS tasks
  • DynamoDB tables and global secondary indexes
  • Aurora Replicas
  • Can also select to auto-scale an application defined in a CloudFormation stack or in Elastic Beanstalk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Auto Scaling - Steps for CloudFormation application

A
  1. Select the CloudFormation stack used for your application
  2. Auto scaling will identify the supported resource types that can be scaled
  3. Create and review a scaling plan, which is a unit that consists of several resource items
  4. Select a scaling strategy: scale with availability, cost savings, or a balance of both
  5. Based on the scaling strategy, Auto scaling will create the target tracking scaling policies for each resource
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Auto Scaling - Scaling recommendations

A
  • Based on the most popular scaling metrics and thresholds used for auto scaling
  • Also calculate the minimum and maximum limits between which your resources will scale. At any time you can quickly gauge the minimum / maximum performance cost of your environment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Auto Scaling - Scaling strategies

A
  • Availability: a low resource utilization target is used to ensure capacity to absorb spikes on demand
  • Balance strategy: a moderate resource utilization target is used to provide high availability and reduce costs
  • Cost strategy: a high resource utilization target is used to optimize usage and reduce costs
  • Custom strategy: can set your own target resource utilization with your own values
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Auto Scaling - Target tracking scaling policies

A
  • Lets you select a metric and set a target value. So it creates and manage CloudWatch alarms that trigger the scaling policy and calculates the scaling adjustment based on the metric and the target value
  • Adds / removes capacity as required to keep the metric at or close to the specified target value
  • Also it self‑optimizes to adjust to changes in the metric due to a changing load pattern. Therefore, it reduces the fluctuations in the capacity of that target
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Auto Scaling - EC2 scaling options

A
  • Maintain current instance levels at all times: a periodic health check is performed on running instances. When there’s an unhealthy instance, it’s terminated and a new one is created
  • Scale manually: when you specify only the minimum, maximum, or desired capacity of your Auto Scaling group
  • Scale based on a schedule: scaling actions are performed automatically as a function of time and date. Useful when you know when to increase or decrease the number of instances
  • Scale based on demand: using dynamic scaling, lets you define a scaling policy that dynamically resizes your Auto Scaling group to meet changes in demand
  • Predictive scaling: when you want to increase instances in advance of daily and weekly patterns in traffic flows
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Auto Scaling - EC2 auto scaling group characteristics

A
  • Can schedule scaling to increase / decrease capacity at preset times
  • Cooldown period, measured in seconds, is a setting that ensures that the Auto Scaling group doesn’t launch or terminate additional instances before the previous scaling activity takes effect
  • Lifecycle hooks allow to put the instances to be terminated into a wait state. Can perform custom activities during the wait state. The default wait period is 1 hour
  • Termination policy allows to specify which instances to terminate first during scale in
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Backup - Characteristics 1

A
  • It’s a managed service that centralizes and automate data protection across AWS services, in the cloud, and on-premises
  • Supports automatic backups, centralized backup monitoring, and backups retention as long as they are needed
  • Supports cross-region backups, cross-account management and cross-account backups
  • Pay only for the amount of backup storage used and the amount of backup restored per month
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Backup - Characteristics 2

A
  • Integrates with CloudTrail to register activity logs, and SNS for notification delivery
  • Uses backup vaults to offer encryption and resource-based access policies to define who has access to them
  • Supports encryption of backup data, additional to the encryption of the resources being backed up
  • Some AWS resources support incremental backups. A full backup is performed only the first time
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Backup - Policy-based backups

A
  • Can create backup policies, known as backup plans to define backup requirements
  • Can create separate backup plans to meet business and regulatory compliance requirements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Backup - Supported resources

A
  • FSx
  • EFS, EBS
  • RDS databases, Aurora clusters, DynamoDB tables
  • EC2 instances
  • Storage Gateway volumes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Config - Characteristics

A
  • It’s a managed service that enables you to assess, audit, and evaluate the configurations of your AWS resources
  • Continuously monitors and records your resource configuration
  • Payment is based on the number of configuration items recorded, number of active AWS Config rule evaluations, and number of conformance pack evaluations in your account
  • Can also be used to discover existent resources
  • Can help to troubleshoot operational issues by identifying recent configuration changes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Config - How it works

A
  1. A configuration change occurs in any AWS resource
  2. Config records and normalizes changes in a consistent format
  3. Changes history and snapshot files are delivered to a S3 bucket, accessed through Config API, and alerts are optionally generated using SNS or EventBridge
  4. (Optional) Config automatically evaluates recorded configurations against desired configurations
  5. (Optional) Evaluations are displayed on a dashboard, accessed through Config API, and optionally sent via SNS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Config - Rules

A
  • Allow to check if a change to a resource configuration meet a desired configuration
  • Rules types:
  • AWS-managed config rules: defined by AWS
  • Customer-managed config rules: authored by a client, or an AWS Partner using Lambda. Examples: INSTANCES_IN_VPC (Do all EC2 instances belong to a VPC?), ENCRYPTED_VOLUMES (Are all attached EBS volumes encrypted?)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

EventBridge - Characteristics 1

A
  • A serverless event bus service that can connect your applications with data from a variety of sources. Formerly known as CloudWatch Events
  • Delivers a stream of real-time data from applications, SaaS applications, and AWS services to targets such as Lambda, API destinations, or event buses in other AWS accounts
  • Pay for events published on the event bus, events ingested for Schema Discovery, and for Event Replay
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

EventBridge - Characteristics 2

A
  • API destinations are HTTP endpoints that can be set as the target of a rule, in the same way that event data can be set to an AWS service or resource
  • Events can be archived or saved. And then replayed, at a later time, from the archive
17
Q

EventBridge - How it works

A
  • An events bus, events patterns, and rules must be defined first. An event bus is a pipeline that receives events. That bus applies a rule when an event arrives to route it to a specific target
  • Event patterns have the same structure as the events they match
  • Rules uses event patterns or a schedule to select events and send them to targets
  • All events are associated with an event bus. Rules are tied to a single event bus
18
Q

EventBridge - Schema

A
  • Defines the structure of events that are sent to EventBridge
  • EventBridge provides schemas for all events that are generated by AWS services
  • Also can be created, uploaded or inferred directly from events
  • Schema registries collect and organize schemas
19
Q

Organizations - Characteristics

A
  • It’s an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage
  • Includes consolidated billing capabilities to better meet the budgetary, security, and compliance needs
  • It’s offered at no additional charge
20
Q

Organizations - Terminology

A
  • Root: parent container of all accounts
  • Organizational Unit (OU): a container for accounts within a root. Can contain other OUs
  • Account: a standard AWS account. It’s not the same as a “user account”. It typically contain many users and roles
  • Invitation: process of asking an account to join the organization
  • Policies: allow to apply additional types of management to the AWS accounts in your organization
21
Q

Organizations - Account types

A
  • Management account:
  • The account that creates the organization. Can’t be changed
  • Manages invitations. Invites or remove accounts. It’s the payer account
  • Applies policies to entities (roots, OUs, and accounts)
  • Member account:
  • The rest of the accounts
  • Can be member of one organization at a time
22
Q

Organizations - Policy types

A
  • Authorization policies or Service Control Policies (SCPs): help to centrally manage the security of AWS accounts
  • An SCP is also needed to grant / deny permission to a resource in conjunction with an IAM policy
  • Any account has only those permissions allowed / denied by every parent above it. Even if there are SCPs / IAM policies in the upper parents allowing / denying those permissions
  • Management policies: help to centrally configure and manage AWS services and their features. There’s three subtypes:
  • AI service opt-out policies: control data collection for AWS AI services
  • Backup policies: centrally manage and apply backup plans to AWS resources
  • Tag policies: standardize the tags attached to AWS resources
23
Q

Resource Access Manager - Characteristics

A
  • It helps to securely share AWS resources across AWS accounts
  • Can share within your organization or OUs
  • There’s no additional pricing for this service
  • Also can share with IAM roles and IAM users but for specific resource types
  • Eliminates the need to provision duplicate resources in every account
24
Q

Resource Access Manager - Shareable resources

A
  • Aurora clusters
  • EC2 capacity reservations and dedicated hosts
  • S3 on Outposts
  • Resource groups
  • Route 53 rules
  • Prefix lists, subnets, transit gateways
  • License Manager license configurations
25
Q

Systems Manager - Characteristics 1

A
  • It allows to view operational data from multiple AWS services and automate operational tasks across AWS resources (your infrastructure)
  • Formerly Amazon Simple Systems Manager (SSM) and Amazon EC2 Systems Manager (SSM)
  • Some capabilities charge fees based on the functionality they offer such as OpsCenter, AppConfig, Incident Manager, and others
  • Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. Can store passwords, database strings, AMI IDs, and license codes as parameter values
26
Q

Systems Manager - Characteristics 2

A
  • A managed instance is a machine configured for use with Systems Manager
  • Helps you maintain security and compliance by scanning managed instances and reporting on (or taking corrective action on) any policy violations it detects
  • Can associate AWS resources by applying the same identifying resource tag, or can view operational data of these resources as a resource group
27
Q

Systems Manager - Supported machine types for managed instances

A
  • EC2 instances
  • On-premises servers
  • VMs
28
Q

Systems Manager - Capabilities 1

A
  • Quick setup: to configure frequently used AWS services and features with recommended best practices
  • Operations management: to manage AWS resources. Includes Incident Manager, Explorer, OpsCenter, and CloudWatch Dashboards capabilities
  • Application management: to manage applications running in AWS. Includes Application Manager, Resource groups, and AppConfig capabilities
29
Q

Systems Manager - Capabilities 2

A
  • Change management: to provide management of taking action on, or changing your AWS resources. Includes Change Manager, Automation, and Change Calendar
  • Node management: to help when managing EC2 instances, on-premises servers, VMs, and other types of AWS resources (nodes)
  • Shared resources: includes Documents capability that defines the actions that Systems Manager performs
30
Q

Systems Manager - SSM Agent

A
  • It’s an Amazon software that must be installed on each instance to be monitored by System Manager
  • Allows Systems Manager to update, manage, and configure resources
  • Processes requests from Systems Manager in the AWS cloud, then sends status and execution information back to Systems Manager

AWS Architect Associate (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions