Technology Flashcards

Question

Amazon DynamoDB with Global Tables

Answer 1

Global tables replicate data automatically across selected AWS Regions and automatically scale capacity to accommodate your workloads. Offers active-active cross-region support that is needed for the company.

Answer 2

An in-memory cache that delivers fast read performance for your tables at scale by allowing you to use a fully managed in-memory cache. Can improve DynamoDB table read performance by up to 10x. No active-active cross-region configuration. No caching feature.

Answer 3

A fully managed relational database engine that's compatible with MySQL and PostgreSQL, but not NoSQL. Can deliver up to 5x the throughput of MySQL and up to 3x the throughput of PostgreSQL without changes to most existing applications. A well-defined schema is needed. In a multi-master cluster, all DB instances have read/write capability. Not suitable when you need to set up a new DB on short notice.

Answer 4

Allows for setting up a RDB in the cloud. Has cost-efficient and resizable capacity while automating administration tasks. Doesn't support NoSQL. The BYOL (Bring-Your-Own-License) model only applies to the Oracle Engine. A well-defined schema is needed.

Answer 5

Built on top of AWS IAM, it simplifies access management for multiple AWS accounts, applications, and other SAML-enabled cloud applications. Workforce users get a user portal to access their assigned AWS accounts or cloud applications.

Answer 6

Allows for adding user sign-up, sign-in and access control for web and mobile apps. Can authenticate users through social identity providers such as Facebook, Twitter, or Amazon. It has SAML identity solutions, and allows for your own identity system. Great for those building B2C or B2B apps.

Answer 7

Allows you to securely control access to AWS services and resources for your users. Can assign users to groups and use permissions to allow and deny their access for AWS resources. It's free to use.

Answer 8

Can manage multiple AWS services from the command line and automate them through scripts.

Answer 9

A fully-managed source control service that hosts secure Git-based repositories. Makes it easier for teams to collaborate.

Answer 10

A continuous delivery service that allows to model, visualise, and automate the steps required to release your software. Can model the full release process for building your code, deploying to pre-production environments, testing your application and releasing it to production. Integrates with many other AWS services such as AWS CodeCommit, Amazon S3, AWS CodeBuild, AWS CodeDeploy, AWS Elastic Beanstalk, AWS CloudFormation, AWS OpsWorks, Amazon ECS, and AWS Lambda. CodePipeline can't by itself deploy the code.

Answer 11

It helps you identify the optimal AWS resource configurations, such as Amazon EC2 Instances types, Amazon EBS volume configurations, and AWS Lambda function memory sizes. It uses ML to analyse historical utilisation metrics. It doesn't optimise recommendations for S3 and EFS.

Answer 12

It's a Platform as a Service (Paas) that allows you to deploy and scale web applications and services. It handles capacity provisioning, load balancing, auto-scaling, and application health monitoring. It isn't serverless.

Answer 13

These are automated reference deployments built by AWS solutions architects and AWS Partners.

Answer 14

A community forum where people can help each other about AWS.

Answer 15

These are whitepapers written by AWS and the AWS community.

Answer 16

It's for data that is accessed less frequently but needs rapid access when required. This stores data in only one AZ instead of the standard 3 AZ's. Thus, it's 20% cheaper than the standard Amazon S3 Standard-IA. Has retrieval fees.

Answer 17

It's for data that is accessed less frequently but needs rapid access when required. This stores data in the standard of 3 AZ's. It's more expensive than Amazon S3 One Zone (IA). GET requests are more expensive than standard S3 storage type. Might not be best for websites that are visited frequently.

Answer 18

Offers high durability, availability, and performance object storage for frequently accessed data. Doesn't function as a DB. Doesn't support file append operations, as it stores objects. All Amazon S3 buckets are encrypted by default using server-side encryption with Amazon S3 managed keys (SSE-S3). Retrieval time is milliseconds. No retrieval fees.

Answer 19

A secure, durable, and low-cost storage class for data archiving. It's cheaper than Amazon S3 One-Zone-IA, but retrieval time ranges from a minute to hours. It's less cost-optimal than Amazon S3 Glacier Deep Archive. Has retrieval fees.

Answer 20

A fully managed DB service built for the cloud, specifically for building and running graph applications.

Answer 21

A file storage service for use with Amazon EC2. It provides a file system interface, file system access semantics, and concurrently-accessible storage for up to thousands of Amazon EC2 Instances. It uses the Network File system protocol. Can scale on-demand to petabytes without disrupting applications. It isn't encrypted by default, but can be configured to be encrypted. It's a regional service and can't directly connect to CloudFront.

Answer 22

It's a easy-to-use, high-performance block storage service designed for use with Amazon EC2 for both throughput and transaction-intensive workloads at any scale. Useful for relational and non-relational DB's, enterprise applications, containerised applications, big data analytics engines, file systems, and media workflows. EBS isn't encrypted by default. It can't be accessed simultaneously by multiple EC2 Instances. When backing an instance, the following things are needed: 1. Security Group 2. EBS Root volume 3. VPC and subnet specification

Answer 23

It gives temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. This differs from persistent storage (i.e. HDD, SSD, Amazon EFS) Ideal for temporary storage of information that changes frequently or for data that is replicated across a fleet of instances. The data is lost if the Instance experiences failure or is terminated. They can't be accessed simultaneously by multiple EC2 Instances.

Answer 24

A fully managed service that has an interactive browser-based shell and CLI experience. It's for secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, and manage SSH keys. Great for compliance with corporate policies that require controlled access to instances, increase security and auditability of access to the instances while providing simplicity and cross-platform instance access to end-users.

Answer 25

Provides a simple and secure way to connect to your Linux instances using SSH. You use AWS IAM policies and principals to control SSH access to your instances. Thus there's no need to share and manage SSH keys. Port 22 still needs to be open for traffic.

Answer 26

An automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After assessing, it makes a list of security findings prioritised by level of severity. It can't provide secure shell access to EC2 Instances. It can't infrastructure and focuses on security assessment.

Answer 27

A highly available and scalable cloud Domain Name System (DNS) web service. It gives developers and businesses a reliable and cost-effective manner to route end users to internet applications by translating website URL's into IP addresses for the purposes of connecting computers. It can't provide secure shell access to EC2 Instances. Key features - Resolver - Traffic Flow - Latency-based Routing - Geo DNS - Private DNS for Amazon VPC - DNS Failover - Health Checks and Monitoring - Domain Registration

Answer 28

A serverless event bus service that lets you develop event-driven applications. A service that gives real-time access to changes in data in AWS services, your own applications, and SaaS applications without writing code. It's a serverless task scheduler that simplifies creating, executing, and managing millions of schedules across AWS services.

Answer 29

Gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. Can group AWS resources by application. Can view operational data for monitoring and troubleshooting, and take action on your groups of resources. Can automate the patching of managed instances with security and non-security updates. Can't be used to run a process on a schedule.

Answer 30

A highly available, durable, secure, fully managed pub/sub messaging service that allows you to decouple microservices, distributed systems, and serverless applications. Application components can send and receive messages asynchronously. It doesn't provide the current services' status. It relies on other services such as CloudWatch Alarms to forward the actual alarm.

Answer 31

A fully managed service that allows you to build, train, and deploy ML models quickly.

Answer 32

A fully-managed petabyte-scale cloud-based data warehouse product designed for large scale dataset storage and analysis. A well-defined schema is needed. It isn't encrypted by default, but can be configured to be encrypted.

Answer 33

It has the information needed to launch an instance. An AMI must be specified when launching an instance. A single AMI can be used to launch multiple instances. The AMI must be in the same region as the EC2 Instance launched. The AMI can be copied into the region that the EC2 Instance is launched.

Answer 34

The lowest-cost storage class. For long-term retention and digital preservation for data that are accessed very infrequently (i.e. 1-2x per year). For customers in highly-regulated industries, such as Financial Services, Healthcare, and Public Sectors, that retain datasets for 7-10 years or longer to meet regulatory compliance requirements. Has a retrieval time of hours. It can also be used for backup and disaster recovery. Has retrieval fees.

Answer 35

A hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. All data transferred between the gateway and AWS storage is encrypted using SSL. It can't be used for data archiving.

Answer 36

A fully managed data security and data privacy service that uses ML and pattern matching to discover and protect your sensitive data in AWS. Macie automatically provides an inventory of Amazon S3 including a list of unencrypted buckets, publicly accessible buckets, and buckets shared with AWS accounts outside those you have defined in AWS Organizations. Amazon Macie analyses the buckets that you selected and alerts you to sensitive data, such as personally identifiable information (PII).

Answer 37

A fully managed ETL (extract, transform, and load) service that customers prepare and load their data for analytics. It's meant for batch ETL data processing.

Answer 38

Helps protect secrets needed to access your applications, services, and IT resources. Lets you rotate, manage, and retrieve DB credentials.

Answer 39

Where you can monitor the availability and operations of AWS services. Can subscribe to an RSS feed to get notifications of interruptions to each service. Can view the overall status of AWS services.

Answer 40

Provides alert and remediation guidance when AWS is experiencing events that may impact you. Alerts are triggered by changes in the health of your AWS resources.

Answer 41

For optimising costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. It stores objects in two access tiers: one that is optimised for frequent access and another lower-cost tier that is optimised for infrequent access. No retrieval fees.

Answer 42

Lets you select AWS services, like compute and storage services, closer to more end-users, giving them very low latency access to the applications running locally.

Answer 43

It's a site that CloudFront uses to cache copies of the content for faster delivery to users at any location. It provides caching which reduces the load on your origin servers, and it improves application performance by delivering content closer to your users.

Answer 44

Extends the AWS cloud to a global network of 5G edge locations to let developers innovate and build a whole new class of applications that require ultra-low latency.

Answer 45

A cloud service that links your network directly to AWS, bypassing the internet to deliver more consistent, lower-latency performance. When making a new connection, you can choose a hosted connection provided by an AWS Direct Connect Delivery Partner, or choose a decided connection from AWS. Can deploy at over 100 AWS Direct Connect locations around the world. Takes at least a month to establish this connection. Can't be used to interconnect VPC's.

Answer 46

It's an application testing service that lets you improve the quality of your web and mobile apps by testing them across an extensive range of desktop browsers and real mobile devices without having to provision and manage any testing infrastructure.

Answer 47

A platform for full-stack development of web and mobile applications on AWS.

Answer 48

It's a container-native service managed by AWS, for helping developers build, deploy, and scale web applications and API's in a quick manner.

Answer 49

It's a structured programme available to Enterprise Support customers (and Business Support customers for an additional fee) that helps you plan for large-scale events such as product or application launches, infrastructure migrations, and marketing events. Focuses more on business operations.

Answer 50

A global CDN services that accelerates the delivery of your websites, API's, video content, or other web assets to customers worldwide. It retrieves your content from an origin, such as an Amazon S3 bucket, EC2 Instance, or Amazon ELB or your own web server, when it's not already in an edge location. It can be used to deliver your entire website or application, including dynamic, static, streaming, and interactive content. It isn't suitable for dynamic, real-time data, such as gaming and interactive services.

Answer 51

This service provides a managed message queueing service for decoupling and scaling microservices, distributed systems, and serverless applications. It allows the decoupling of application components by allowing them to send and receive message asynchronously without direct communication. Multiple copies of every message are stored redundantly across multiple AZ's so that they're available when needed.

Answer 52

This service provides real-time streaming data processing for big data use cases such as real-time analytics, machine learning, and ETL. It enables the decoupling of application components by allowing to consume and process data from streaming data sources such as IoT devices, social media, and website clickstreams.

Answer 53

It uses CloudTrail logs for analysis and produces an IAM policy based on recognised actions and services. This policy can then be used to refine permissions for an entity by attaching it to an IAM user or role.

Answer 54

A deployment workflow tool that standardises infrastructure and automates the deployment of serverless & container-based applications.

Answer 55

It allows you to manage software licenses from different vendors.

Answer 56

Centralises the configuration data of the user's application. Can store data such as passwords, database strings, AMI ID's, and license codes as parameter values.

Answer 57

Offers fully managed Redis and Memcached. Can deploy, run, and scale popular open source compatible in-memory data stores. Can build data-intensive apps or improve the performance of existing apps by retrieving data from high throughput and low latency in-memory data stores. Great for applications with read-heavy application workloads, such as social networking, gaming, media sharing, etc. Also great for compute-intensive workloads (such as a recommendation engine). In-memory caching improves application performance by storing critical pieces of data in memory for low-latency access. Cached information may include the results of I/O-intensive DB queries or the results of computationally-intensive calculations.

Answer 58

Lets you run local compute, messaging, data caching, sync, and ML inference capabilities on connected devices in a secure manner.

Answer 59

Provides fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery. Can replicate data from source servers to a staging area subnet in your AWS account. Can test the implementation non-disruptively. Can monitor replication and perform recovery and fallback drills periodically. Can launch recovery instances on AWS within minutes if you need to recover applications. Can keep applications on AWS or replicate data back to your primary site.

Answer 60

Great for migrating applications to AWS.

Answer 61

Great for migrating DB's to AWS. It can handle database replication, but not great for disaster recovery.

Answer 62

Lets you restore a DB cluster to a specific time, without restoring data from a backup.

Answer 63

A web service that provides secure, resizable compute capacity in the cloud. It's designed to make web-scale cloud computing easier for developers. You have more control over your EC2 instance, so you can install any DB that you prefer and manage its guest OS, including the required updates and security patches. It's a zonal service.

Answer 64

A data visualisation service. Used mainly for image and video analysis. Can't be used to protect sensitive data.

Answer 65

A petabyte-scale data migration solution that uses hardware devices to transfer large amounts of data into and out of the AWS Cloud.

Answer 66

A fully managed application streamlining service which you can use to centrally manage your desktop applications.

Answer 67

These let you interact with AWS services using language-specific API's, essentially in a programmatic manner.

Answer 68

These are set for each account to help guarantee the availability of AWS resources, and minimise billing risks for new customers. Some limits are raised automatically over time as you use AWS, but most require manually limit increase requests. To increase the limit, create a case in the AWS Support Center page and ask for a service limit increase.

Answer 69

These can be used to automatically move infrequently accessed data to a more cost-effective storage class.

Answer 70

When you upload a single object as a set of parts. Recommended when objects exceed 100 MB in size.

Answer 71

A feature of Amazon CloudFront that lets you run code closer to application users.

Answer 72

There are many best practices, but the most important ones are: 1. Design for failure 2. Decouple your components (no tight dependencies between components) 3. Implement elasticity 4. Think parallel

Answer 73

The main types of volumes are SSD and HHD. SSD (Solid State Drive): - Best for workloads with small, random I/O operations - Can be used as a bootable volume - Best for transactional workloads, critical business applications that need sustained IOPS performance, large database workloads such as MongoDB, Oracle, Microsoft SQL Server and etc. - Moderate/high cost - IOPS (Input/Output Operations per Second) is the dominant performance attribute HDD (Hard Disk Drive): - Best for workloads with large, sequential I/O operations - Can't be used as a bootable volume - Best for large streaming workloads requiring consistent, fast throughput at a low price, big data, data warehouses, log processing, and throughput-oriented storage for large volumes of data that is infrequently accessed - Low cost - Throughput(MiB/s) is the dominant performance attribute

Answer 74

These volumes have low-cost magnetic storage whose performance is defined as throughput, not IOPS. Great for large, sequential workloads such as Amazon EMR, ETL, data warehouses, and log processing.

Answer 75

A cloud big data solution for petabyte-scale data processing, interactive analytics, and ML using open-source frameworks such as Apache Spark, Apache Hive, and Presto.

Answer 76

Used for critical business applications that need sustained IOPS performance.

Answer 77

This volume balances price and performance for a wide variety of workloads. Not suitable for frequently, accessed, throughput-intensive workloads.

Answer 78

The cheapest volume, but mainly suitable for less frequently accessed workloads.

Answer 79

A service that lets you create and run 3D, AR, and VR applications.

Answer 80

A powerful AI service that lets developers build conversational application interfaces. Can create intelligent bots that uses NLP and responds to user requests in a human-like manner. It integrates with AWS Lambda, Amazon DynamoDB, and Amazon S3.

Answer 81

A business intelligence service that lets users create and publish interactive dashboards and reports.

Answer 82

Provides serverless orchestration for modern applications. It centrally manages a workflow by breaking it into multiple steps, adding flow logic, and tracking the input and outputs between the steps. As the applications execute, Step Functions maintains application state, tracking exactly which workflow step your application is in, and stores an event log of data that is passed between application components. If networks fail or components hang, your application can pick up right where it left off.

Answer 83

Can take point-in-time snapshots, which serve as incremental backups. Only the blocks on the device that have changed after your most recent snapshot are sized. Snapshots are store durably in Amazon S3. Instances don't have to be stopped first to start the EBS backup.

Answer 84

An interactive query service that makes it easy to analyse data in AmazonS3 using standard SQL.

Answer 85

It governs how traffic flows inside a VPC, not with external sources.

Answer 86

A service mesh that provides application-level networking to make it easy for your services to communicate with each across multiple types of compute infrastructure.

Answer 87

A cloud-based service that helps protect web applications or API's against attacks by filtering traffic based on rules that you create. It's a global service.

Answer 88

Provides AWS services to data centres, co-location spaces, or on-premises facility. Comes in two families: Rack: - It has the same AWS infrastructure, services, API's, and tools as any data centre or co-location space. An Outpost rack provides AWS compute, storage, DB, and other services locally. - Locally supported services: - Amazon EC2 - Amazon ECS - Amazon EKS - Amazon EBS - Amazon EBS Snapshots - Amazon S3 - Amazon RDS - Amazon Elasticache - Amazon EMR - Amazon ALB - Amazon Route 53 Resolver - VMware Cloud Server: - Has the same AWS infrastructure, services, API's and tools to on-premises and edge locations with limited space or smaller capacity requirements. - Locally supported services: - Amazon EC2 - Amazon ECS - AWS IoT Greengrass - Amazon Sagemaker Edge Manager

Answer 89

It's an AMI with the latest security patches, software, configuration, and software agents that need to be installed for logging, security maintenance, and performance monitoring.

Answer 90

AWS introduces cost reductions each year in their services.

Answer 91

A managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud. It manages the administration and maintenance of ActiveMQ, a popular open-source message broker. Can also get direct access to the ActiveMQ console, API's, and protocols for messaging, including JMS, NMS, AMQP, STOMP, MQTT, and WebSocket.

Answer 92

A communication service where you can meet, chat, and place business calls inside and outside your organisation.

Answer 93

A cloud-based email sending service for helping digital marketers and application developers send marketing, notification, and transactional emails.

Answer 94

A service to manage corporate email infrastructure and removes the need for up-front investments to license and provision on-premises email servers.

Answer 95

A collection of technical resources to help build more effectively and efficiently in the AWS Cloud. Domains: - Analytics & Big Data - Compute & HPC - Containers - Databases - Machine Learning - Migration - Security, Identity & Compliance - Storage

Answer 96

It can speed up content transfers to and from Amazon S3 by 50% - 500% for long-distance transfer of larger objects.

Answer 97

For organisations, IT teams, and managed service providers (MSP's) that need to centralise policies. Can vend and manage AWS resources and services.

Answer 98

A service for creating and visualising real-time operational dashboards.

Answer 99

Can launch and run popular file systems. Examples include Windows File Server, Lustre, NetApp ONTAP, and OpenZFS.

Answer 100

A fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.