Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS > Set1(16-20) > Flashcards

Set1(16-20) Flashcards

1
Q

Q16: IAM advanced use cases

A
  1. Cross-Account Access Management: You can use IAM to grant access to users in one AWS account to resources in another AWS account. This can be useful for sharing resources between accounts or for managing multiple accounts.
  2. Fine-Grained Access Control: IAM allows you to specify permissions at a granular level, including individual API actions and specific resources. This can help you to enforce the principle of least privilege and limit the scope of access for users and applications.
  3. Resource-Level Permissions: You can use IAM to control access to specific AWS resources, such as S3 buckets or EC2 instances. This allows you to restrict access to sensitive data or critical infrastructure.
  4. IAM Roles for EC2 Instances: You can use IAM roles to grant permissions to applications running on EC2 instances. This eliminates the need to store AWS access keys and secret keys on the instances themselves, reducing the risk of exposure.
  5. IAM Access Analyzer: IAM Access Analyzer is a service that helps you identify resources in your AWS account that are publicly accessible or that can be accessed from outside your AWS account. This can help you to identify potential security risks and tighten your security policies.
  6. IAM Policies for API Gateway: You can use IAM policies to control access to API Gateway resources, such as APIs, stages, and deployments. This allows you to implement fine-grained access control for your APIs and restrict access to sensitive data.
  7. IAM Policies for AWS Lambda: You can use IAM policies to control access to AWS Lambda functions, including permissions for invoking the function, accessing resources, and modifying the function’s configuration.
  8. Federated Access Management: You can use IAM to allow users to access AWS resources using their existing identity from another system, such as an identity provider (IdP) or an Active Directory (AD) domain.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Q17: Amazon Aurora vs Amazon RDS

A

Performance : Amazon Aurora is designed to provide higher performance than Amazon RDS. It uses a distributed storage system that is optimized for performance and low latency. It also uses a number of other techniques, such as caching and parallel query processing, to provide fast query performance. On the other hand, Amazon RDS provides a more traditional relational database system, which may not be as performant as Aurora in some scenarios.

Scalability : Aurora is more scalable than RDS, as it can automatically add read replicas to handle increased read traffic. Aurora can also automatically scale up or down based on the needs of the application. RDS, on the other hand, requires manual scaling.

Compatibility: Aurora is compatible with MySQL and PostgreSQL, whereas RDS supports a wide range of database engines, including MySQL, PostgreSQL, Oracle, Microsoft SQL Server, and Amazon Aurora.

Pricing: Aurora is generally more expensive than RDS, as it offers higher performance and scalability. However, the pricing may vary depending on the specific configuration of the database instance.

Features: Aurora includes some features that are not available in RDS, such as the ability to perform zero-downtime patching and upgrades, and the ability to automatically failover to a replica in the event of a failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Q17: amazon aurora global database

A

Amazon Aurora Global Database is a feature of Amazon Aurora that allows you to create a single database cluster that spans multiple AWS regions. With Aurora Global Database, you can replicate your data across multiple regions with low latency and high availability, providing a global, highly available database solution.

Here are some of the key features of Aurora Global Database:

Global replication: Aurora Global Database replicates your data across multiple AWS regions with low latency and high availability. This allows you to provide a consistent experience for your users, no matter where they are located.

Multi-master replication: Aurora Global Database uses a multi-master replication model, which allows you to write to any replica in any region. This provides low-latency writes and improved application performance.

Global data access: Aurora Global Database provides a single endpoint for your application to access the database, regardless of the region where the data is stored. This provides a consistent and simple way to access your data from anywhere in the world.

Automated failover: Aurora Global Database provides automated failover to a healthy replica in another region in the event of a regional outage or failure. This helps ensure that your application is always available to your users.

Global database management: Aurora Global Database provides a single point of management for your global database, including backups, snapshots, and scaling operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

*Q18: encrypt an unencrypted RDS instance scenario

A

if RDS instance is unencrypted , the read replica as well will be unencrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Q19: NFS

A

The NFS (Network File System) protocol is file-based rather than volume-based. This means that NFS allows clients to access files and directories on a remote server as if they were stored on the client’s local file system. The client can read, write, and execute files and directories over the network as if they were accessing local files. NFS supports file locking, file attributes, and file access control, among other features, and is commonly used for sharing files and data across a network, especially in Unix and Linux environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Q19: AWS Storage Gateway

A

AWS Storage Gateway is a hybrid cloud storage service that connects on-premises applications with AWS cloud storage. It allows you to create a virtual storage gateway that can be used to connect your on-premises applications with AWS storage services such as Amazon S3, Amazon EBS, and Amazon Glacier.

The Storage Gateway service offers three types of gateways: file gateway, volume gateway, and tape gateway.

File Gateway: This gateway enables you to store and retrieve objects in Amazon S3 using NFS and SMB file protocols. This gateway is suitable for use cases such as file sharing, backup, and archiving.

Volume Gateway: This gateway provides block storage volumes that can be used as iSCSI devices by your on-premises applications. You can create snapshots of these volumes, and store them in Amazon S3 for backup and disaster recovery purposes.

Tape Gateway: This gateway provides virtual tape library (VTL) functionality that enables you to backup data to Amazon S3 and Amazon Glacier using existing tape-based backup applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Q20: EFS

A

AWS EFS (Elastic File System) is a scalable, fully-managed, cloud-based file storage service provided by Amazon Web Services (AWS). It provides a simple, scalable, and highly-available way to store and share data across multiple instances in the cloud.

EFS is designed to provide scalable file storage to multiple EC2 instances, making it ideal for applications that require shared access to the same data. It provides a file system that is compatible with NFSv4 and supports both file and directory level permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS (31 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions