Technology Flashcards
How is the AWS global infrastructure organised?
Regions, Availability Zones and Edge locations
What is a region?
Physical geographical area consisting of 2 or more AZs
What is an availability zone?
One or more discrete data center with own redundant power, networking and connectivity, housed in separate facilities.
What is an edge location?
Endpoints for AWS used for caching content (typically CloudFront, AWS’s CDN). There are more edge locations than regions
Explain how an edge location works
If someone in London is trying to access a file stored in New York, it will query the edge location. As this is the first time, it will download it from NY. It will be cached here for TTL, meaning the next time someone needs it it will be much quicker
How do you choose which AWS region to select?
1) Data sovereignity laws: data may only be able to reside in certain countries
2) Latency to end user: where are the majority of your customers based?
3) AWS services: US East 1 has the most services, and other regions may be slower to gain access to services
What is the use case for developer support plan?
Experimenting with AWS
What is the use case for business support plan?
Production use of AWS
What is the use case for enterprise support plan?
Mission critical use of AWS
What is special about the enterprise support plan?
Receive a TAM (technical Account Manager). This is 1-1 with an account, and provides proactive guidance and best practices to help plan, develop and run your AWS solution, a support concierge who provides billing and account analysis and supports product launches and promotions
What is a billing alarm?
Sends a notification (SNS) whenever your bill goes over a certain amount. Important, as in the free tier whilst a lot is free, some services are not. Located in CloudWatch
How can you get automatic notifications if your account goes over £1000?
Set up a Billing Alarm in CloudWatch and set an SNS topic to email whenever you go over a threshold
What is IAM
Identity Access Management is a global service
Allows you to create users, groups and roles and give access to different levels
This is done from a root account
1) Activate MFA on your root account (google authenticator)
2) Create individual IAM users
3) User groups to assign permissions
4) Apply an IAM password policy (e.g. 8 letters, 1 capital)
What are the 3 kinds of access for IAM Users?
1) AWS Management Console: enables a password that allows users to sign into the console
2) Programmatic access using Command Line Interface (CLI): enables an access key ID and secret access key for AWS API, CLI, SDK and other development tools
3) SDK (software development kit)
What are user policies?
Always written in JSON format with key value pairs and version. Outlines permissions the user/group is allowed e.g. Admin Access. These can be copies from an existing user or attached directly
What is a root account?
The email address you use to set up your AWS account. This will always have full admin access to credentials should never be shared, instead create a user for each individual. Always secure the root account using MFA
What is a IAM group?
A place to store your users. These will inherit all permissions given to that group eg. HR, finance, sales
What is S3?
Simple Storage Service
One of the longest AWS services, it provides developers and IT teams with secure, durable and highly scalable object storage with a simple web interface to store and retrieve any amount of data from anywhere
Stores flat files (text, pictures, video).
What do objects consist of?
Key (name of the object) Value (data, made up of bytes) Version ID Metadata Sub resource (access control list and Torrent) Files can be 0 bytes - 5TB Unlimited storage
What are S3 buckets and how are they stored
Files are stored in buckets (folder in the cloud). S3 is a universal namespace, meaning names must be unique globally.
Bucket names make up the DNS: s3.region.amazonaws.com/bucket name
What happens when you upload a file to S3
Receive a HTTP200 code if successful
How does data consistency work for S3?
Read after Write Consistency for PUTS of new objects: if you are writing another file (PUTTING it into S3) and read i immediately after, it will be available)
Eventual Consistency for overwrite PUTS and DELETES: if you update/delete an existing file and read it immediately, you may get an older version or may get new version. Takes time to propagate
What is the different between object based storage and block based storage
Object based storage (S3) allows you to upload flat files that don’t change. EBS allows you to install an OS or DB
What guarantees do Amazon offer for S3?
1) Built for 99.99% availability
2) 99.999999999 (11 9s) durability meaning you wont lose access to the file
What are the features of S3?
1) Tiered storage available
2) Lifecycle Management(manage which storage tier it goes to over time)
3) Versionining (if overwritten without authorization, can restore)
4) Encryption
5) Secure data using Access Control Lists and Bucket Policies, or via IAM policies
What is an Access Control List
Access restricted to an individual object
What is a Bucket Policy
Policy of permissions work across all objects within a bucket
What are the 6 S3 Storage classes
1) S3 standard
2) S3 Infrequently Accessed
3) S3 1 Zone IA
4) S3 Intelligent Tiering
5) S3 Glacier
6) S3 Glacier Deep Archive
What is S3 Standard storage class
Stored redundantly, access via multiple devices in multiple facilities and designed to sustain the loss of 2 facilities concurrently
99.99% availability, 11 9’s durability
What is S3 IA
For data that is accessed less frequently, but requires rapid access when needed. Lower fee than S3 but are charged a retrieval fee
What is S3 One Zone IA
For where you want a really low cost option for IA data, but do not require multi-AZ resilience
What is S3 intelligent tiering?
Designed to optimize costs by automatically moving data to the most effective access tier, without performance impact or operational overhead
What is S3 Glacier?
Secure, durable and low-cost storage class for data archiving. You can reliably store any amount of data that is competitive/cheaper than on-prem solutions. Retrieval times configurable from hours to minutes
What is S3 Glacier Deep Archive
Amazon S3 slowest cost storage. Retrieval time of 12 hours
Which S3 classes charge a retrieval fee per GB retrieved?
S3 IA, S3 One Zone IA, S3 Glacier, S3 Glacier Deep Archive
Which S3 classes have a minimum capacity charge per object
S3 IA, S3 One Zone IA, S3 Glacier, S3 Glacier Deep Archive
How are you charged for S3?
1) Storage (per GB)
2) Number of requests
3) Storage Management pricing
4) Data transfer pricing
5) S3 transfer acceleration
6) Cross region replication
What is S3 transfer acceleration?
Enables fast, easy and secure transfer of files over long distances between users and S3 buckets. Takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path. Used for performance
In other words, users want to upload file to bucket hosted in London. If you have enabled Transfer acceleration, users will upload the buckets to edge location nearest to them. Edge location uses Amazons super fast network to upload this to the S3 bucket over their own internal network (not traversing the general internet). Can run a check to see how much quicker this would be (normally faster % if further away)
What is cross region replication?
Files are automatically replicated to another bucket in another region for disaster recover
Is S3 global or regional
Buckets can be viewed globally but are created in a region
What are the 3 ways to restrict bucket access
1) Bucket Policy
2) Access control List (object policy)
3) IAM policies to users and groups
True or False: S3 is serverless?
True
How do you create an S3 website?
Create a bucket and upload index.html and error.html file. Receive HTTP200 message.Ensure permissions are public. Enter into bucket properties and allow static web hosting and select index and error documents. Locate bucket policy and enter a policy. Update bucket name with ARN and access static website via the link
Which websites cannot be hosted on S3?
Websites that require DB connects (e.g. wordpress)
What is CloudFront?
Amazon’s Content Deliver Network: A system/network of distributed servers that deliver webpages and web content to a user based on the geographic location of the user, origin of the webpage and content delivery server. Can be used to deliver entire websites, including dynamic, static, streaming and interactive content. Requests for content are automatically routed to the nearest edge location to improve performance.
Explain the difference between accessing web content with and without CDN
Without: User from Australia trying to access video stored on London Server. They connect to London and download, which can take a long time depending on connection speeds
With: User from Australia trying to access video stored on London Server. First, they query and edge location for a copy of the file. As this is the first time, this will connect to the origin and download, where it is stored and streamed to the user. The second time the edge location is queried, this is cached and can be downloaded from the edge location
A file is cached for a length of time determined by the TTL (given in seconds). Typically 48 hours.
What does edge locations, origin and distribution mean in the context of CloudFront
Edge Location: Location where content is cached
Origin: origin of all the files a CDN will istribute (S3, EC2, ALB or route 53)
Distribution: Name given to CDN which consists of a collection of edge locations
What are the two distribution types
Web distribution: for websites
RTMP: Used for media streaming (Adobe flash). Not commonly used anymore
True or False: Edge locations are read and write
True: you can put and object to edge locations to be uploaded as well as download from them
Can you clear cached objects from edge location?
Yes, but you will be charged
What is EC2
Elastic Cloud Compute. One of the older services, it is a virtual server/s in the cloud and is compute based (not serverless). It is a web service that provides resizable compute capacity in the cloud, reducing the time required to obtain and boot new server instances to minutes, allowing you to scale as requirements change
What are the 4 EC2 pricing models?
1) On demand
2) Reserved
3) Spot
4) Dedicated hosts
What is EC2: on demand pricing model and use case?
Pay fixed rate by hour/second with no commitment
Use case: Users wanting low cost and flexibility without up-front payments and commitment, apps with short term unpredictable workloads that cant be interrupted, or applications being developed/tested for the first time
What is EC2: reserved pricing model and use case?
Provides you with capacity reservation and offer a significant discount. Contracts terms are 1-3 year. Pay less for longer contracts and upfront
Use case: Apps with steady state/predictable usage, applications that require reserved capacity or users able to make upfront payments to reduce costs further
What are the 3 reserved pricing types?
1) Standard reserved instances: offer 75% off on demand instances. May more up front = greater discount
2) Convertible reserved instances: offer 54% off on demand instances. Ability to cange attributes of the RI as long as the exchange results in creation of resered instance of equal or greater value
3) Scheduled reserved instance: Available to launch within the time windows you reserve, to match capacity reservation to predictable recurring schedule e.g. 9-10 every day
What is EC2: spot pricing model and use case?
Enables you to bid the price you want for instance capacity, providing cost savings if your applications have flexible start/end times. When the price is above your bid, you lose the server
Use case: applications with a flexible start and end time, users with urgent computing need for large amounts of additional capacity, or apps only feasible at low computer prices e.g. genomics companies do work in the middle of the night
What is EC2: dedicated host pricing model and use case?
Physical EC2 servers dedicated for your use. Help reduce costs by allowing you to use existing server bound software licenses. Can be purchased on demand (hourly) or reserved (70% off)
Use case: useful for regulatory requirements that may not support multi-tenant virtualisation, licensing which does not support multi tenancy or cloud deployments.
What are the different families of EC2 instances?
FIGHTDRMCPXY F - FPGA I - IOPS (storage) G - Graphics H - High Disk Throughput T - Cheap general purpose (think T2) D - Dense storage R - RAM M - Main choice for general purpose C - Compute P - Graphics (pics)/ general purpose X - Extreme memory Z - Extreme memory and CPU
What is Elastic Block Store (EBS)?
Virtual hard-disk that EC2 uses. Allowsyou to create storage volumes and attach them to EC2 instances. Once attached you can create a file system on top of these volumes, run a DB etc. Amazon EBS volumes are placed in a specific AZ where they automatically replicate to protect you from failure
What are the two types of EBS?
1) SSD
a) General Purpose SSD (GP2) - balance price and performance
b) Provisioed IOPS SSD (IO1) - Highest performance SSD volume for mission critical low latency or high throughput workloads
2) Magnetic
a) Throughput optimised HDD (ST1) - low cost HDD (hard disk drive) volume for frequently accessed, throughput intensive workloads (data warehouse)
b) Cold HDD (SC1) Lowest cost HDD volume for less frequently accessed workloads
c) Magnetic - previous generation
True or False: EC2 is a global feature
False - it is regional
Which 3 EBS types can a root EC2 have?
GP2, IO1 or magnetic
Explain the functions of ports
Allow computers to communicate, be restricting which computers can talk to it. To allow all information in, you can soecify 0.0.0.0/0, or you can restrict it to different ports (e.g. port 80). Different types of computers have different ports:
SSH: Port 22
Microsoft: remote desktop protocol port 3389
HTTP: Port 80
HTTPS: Port 443
What is a key pair
When you provision and EC2 instance you get a key pair, which allows you to log in to the instance. This consists of a public and private key. AWS stores the public key and you store the private key, and together they allow you to connect to your instance securely
True or False: EC2 is serverless?
False - it is compute service and is a virtual server in the cloud
What is a security group
Similar to a firewall in the cloud, it can determine which IP addresses can access the server. E.g. create a security group WebDMZ which only allows Port 80 and Port 22 to access, but all IP addresses from this port
Recap: what are the 3 ways you can interact with AWS
1) Console
2) CLI
3) SDKs
How can you apply roles for security with EC2
Create a role in IAM and attach permission policies (e.g. full S3 access), and attached the role to the EC2 instance. This is much more secure than using access key IDs and secret access keys and are easier to manager
When can you apply roles to EC2
At any time, and are applied immediately
True or False: Roles are regional?
False, roles are universal so you don’t need to specify what region they are in, similar to users (IAM is a global service)
Can you turn your EC2 instance into a web server?
Yes, by installing a programme on EC2 (httpd) and uploading an index file, you can visit the EC2 IP address and see a HTML page
What is a Load Balancer
Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Tey are redundant (spread across multiple AZs)
What are the 3 types of Load Balancers?
1) Application Load Balancer: application aware and can see into layer 7 and make intelligent routing decisions
2) Network load balancer: ultra high performance and static IP addresses
3) Classic Load Balancer: Previous generation and slowly being phased out. Used by Test/Dev to keep costs low
How many AZs do you set up your Load Balancer in?
Several (all of them if possible) for fault tolerance
When setting up multiple EC2 instances to load balance, what is key to remember
Set the up in different AZs so if one goes down there is no outage.
What are relational databases (RDS)
Like a traditional spreadsheet, the actual file is the database consisting of table/s. Within each table is a number of rows and columns. If you add a new column, you have to fill this out for each row (i.e. each value has a document for each factor)
Name RDS’s on AWS (6)
1) SQL Server
2) Oracle
3) MySQL server
4) PostgreSQL
5) Aurora
6) MariaDB
What are two key features of RDS
1) Multi AZ for disaster recovery. An EC2 may point at a primary RDS DB, but if this connection is lost it will be pointed to a secondary DB in a secondary AZ. This is done through turning on RDS Multi AZ
2) Read replicas for performance. Replicas of prod DB and direct traffic to read from the replica rather than the Prod to improve performance
You write to the primary DB, which is replicated to the read replica. If the primary database goes down this is not carried over but will be unable to write. Can have several replicas for increased performance
What are non relational Databases
Consists of a collection (like a table)
Inside is a document (like a row)
Within this is a field (key value pairs) e.g. id: 1234
You can add more fields within a document but this wont affect the other documents, meaning one document can have 5 fields and another have 10
Key features:
- Columns in the table can vary, but this will not affect the other rows allowing for more flexibility
Name a non relational database (noSQL)
Dynamo DB
What is OLTP
Online Transaction Processing, performed by RDS
For example, this pulls a row of data depending on a key value and you receive everything in that row (an extract of the data row)
What is OLAP
Online Analytic Processing performed by RedShift
Used for pulling in a large number of records and performing analytics on this. These queries would normally make a huge hit on performance, hence created data warehousing
OLAP example: To understand the net profit for EMEA and pacific digital records, pull all sales, unit cost, sales price and then do calculation
What is data warehousing
Used for business intelligence, it allows you to do complex tasks without impacting the primary database, usually used by management to do queries on data
What is Amazons data warehousing service and how does it differ to DBs
Redshift
Data warehousing DBs have a different type of architecture at both DB and infrastructure layer
What is ElastiCache
Web service that makes it easy to deploy, operate and scale an in-memory cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches instead of relying entirely on slower disk-based databases
E.g. when you go to amazon.com, it always shows you the most popular products. Instead of sending 10000 queries for the 10000 people on the site, it will query elasticache which caches the most common queries and returns the result much faster. Uncommon queries are still made to the DB, but there is reduces traffic so improved performance
What two open source in memory caching engines does elasticache support
Memcached and Redis
How do you provision an RDS instance
Create and RDS and select its security group
Creat an EC2 instance(from a bootstrap which has wordpress downloaded) and select its security group
Assign the RDS endpoint as the DB host in the EC2
Wordpress will tie the IP adress to the EC2 it was provisioned on. Change this to ALB IP address so that if EC2 is terminated site still works
What does creating an image of an EC2 instance do
Creates a snapshot allowing you to provision the exact same service
Are RDS’s multi AZ?
They are installed locally on the EC2 but wont be Multi AZ unless you do replication between them
How can autoscaling use an EC2 image
Deploy autoscaling from the EC2 image, so that you can deploy 2 identical EC2 instances across 2 AZs for a fault tolerant website. This would scale depending on scaling polciy (e.g. CPU utilization)
What is DNS
Domain Name System is the process computers use to resolve domain names to IP addresses
For example, you can create a DNS and point it at an S3 bucket to create a serverless website
When registering a domain name, what do you need to rememeber
You need to ensure you have an S3 bucket with the same name (with .com at the end). S3 buckets are universally named so will be unique
What is Amazons DNS service called
Route 53
True or False: Amazon DNS is global
True
What is Elastic Beanstalk
Provisions and configures AWS services from code, including security groups, load balancers, health checks, with one click of a button. This removes the hassle of configuration and dependencies, all you have to worry about is the code.
Alike a beanstalk, it grows out the infrastructure beneath you
What is CloudFormation
Turns infrastructure into code, allowing you to deploy services to multiple regions and multiple AWS accounts in minutes
How does CloudFormation work
Create a stack (either your own template, sample template or create a template in designer). This will then provision an environment. The time it takes to configure the environment depends on the complexity of the environment
To clean up, you can delete the whole stack rather than each component individually)
Are elastic beanstalk and CloudFormation free
Yes, they are free services but the resources they provision are not free
What is the difference between elastic beanstalk and CloudFormation
Elastic beanstalk is more limited in what it can configure and is not programmable. It is focused on applications, so you tell it what application you want and it produces the infrastructure beneath it, you dont need to know what you need. CloudFormation can provision almost any AWS service and is complete programmable. You need to know what you need and their dependencies and write this in code (or use a sample template) which you can then deploy easily
Architecting for the cloud best practices: Traditional Computing Vs Cloud Computing
1) IT assets as provisioned resources (rather than purchasing physical servers)
2) Global, available and scalable
3) High level managed services presented as a product, e.g. machine learning
4) Built in security
5) Architecting for costs, to be very cost efficient
6) Operations on AWS: - rearchitecting between EC2 and RDS and serverless
Architecting for the cloud best practices: What are the 5 design principles
1) Scalability
2) Disposable resources instead of a fixed server
3) Automation
4) Loose coupling
5) Services not servers
Architecting for the cloud best practices: What does scalablity mean
Can scale up (increase server size) or scale out (multiple VMs behind an ELB). There are 7 ways to scale out:
1) Stateless applications (lambda within alexa runs an algorithm, returns it and forgets)
2) Distribute load to multiple nodes (e.g. RDS with read replicas)
3) Stateless components. The more you have the easier to scale e.g. storing sign in details as a cookie
4) Stateful components. Store some information e.g. what they are purchasing in a DB rather than as a cookies
5) Implement session affinity (sticky sessions). Put a cookie in a browser, so everytime you visit a site an ALB will detect cookie and send them to the same EC2 instance
6) Distributed processions
7) Implement distributed processing. E.g. elastic map reduce - have a whole fleet of EC2 working to process data, rather than a single EC2
Architecting for the cloud best practices: What does disposable resources instead of fixed servers mean
You dont want to be locked into contracts.
1) Instantiating compute resources using boostrapping or golden images
2) Infrastrcture as code: use CloudFormation to provision resources quickly
Architecting for the cloud best practices: What does automation mean
1) Serverless management and deployment: when you move to a severless env all you nee dot worry about is deployment using code pipeline/ code deploy
2) Infrastructure management and deployment: e.g. elastic beanstalk, systems manager, autoscaling
3) Alarms and events: CloudWatch alarms (exceed threshold) or events (when something happens), AWS lambda sceduled events and AWS WAF security information
Architecting for the cloud best practices: What does loose coupling mean
Well defined interfaces: API Gateway to create APIs and expose them to the internet
Service discovery: point EC2 instance to DB via DNS name with multi AZ turned on
Asynchronous integration: Loosely oupled environments are less likely to fail and give resilience. For example, you can have EC2 pulling jobs from a queue using SNS, but if this fails another EC2 will pull it from the queue
Distributed systems best practices: graceful failure e.g. error page
Architecting for the cloud best practices: What does services not servers mean
Managed services (e.g. lambda, roue 52) and serverless architecture
Architecting for the cloud best practices: What are the 5 database types and anti-patterns (cases where they shouldn’t be used)
1) RDS (Aurora) - scalable, high availability, anti patterns: no need to join or complex transactions
2) Non-RDS/No SQL (Dynamo DB) - scalable, high availabilitu, anti patters: require join or complex transactions
3) Data warehouse (redshift) - scalable, high availability, anti patterns: not meant for OLTP
4) Search (Cloud Search and Elastic Search) - scalable, high availability
5) Graph DB (Neptune) - scalable, high availability
Architecting for the cloud best practices: How do you manage increasing volumes of data
A data lake is an architectural approach that allows you to store massive amounts of data in a central location so that its readily available to be categorized, processed, analyzed and consumed by a diverse group within your ogranisation. Since data can be stored as it, you dont have to convert it to a pre-defined schema and know what questions to ask about your data before hand. Create this in S3 then use athena to run SQL queries
Architecting for the cloud best practices: How do you remove single points of failure
1) Introduce redundancy
2) Introduce mechanism to detect failure
3) Have durable data storage (not one zone S3)
4) Automate multi-data center resilience so if one goes down this doesn’t carry over
5) Fault isolation and traditional horizontal scaling - isolating faults and scaling out (EC2 behind ELB)
Architecting for the cloud best practices: How do you optimise for cost
1) Right size
2) Have elasticity to grow/shrink
3) Take advantage of purchasing options (reserved, spot, on demand etc)
Architecting for the cloud best practices: what are the two types of caching
1) Application caching (using elasticache - cache frequently used queries)
2) Edge caching - CDN applications like CloudFront
Architecting for the cloud best practices: What are features of security
1) Use AWS features for defence in depth
2) Share security responsibility with AWS
3) Reduce privileged access to users
4) Security as code: Create golden environment so use hardened EC2 with securty patces on and refernce these in cloud formation template
5) Real time auditing: AWS inspector and security services
Which AWS services are global? (5)
IAM Route 53 Cloudfront SNS SES
Which services give global view but are regional
S3
What AWS services can be used on-prem?
Snowball Snowball edge Storage gateway Code Deploy OpsWork IOT Greengrass
What is snowball
A PB-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of AWS cloud. Think of it as a gigantic disk to move your data into AWS. You get the disk delivered to HQ (normally 80TB) and unbload data and ship back to Amazon. Speeds up process of uploading large amounts of data to Amazon
What is snowball edge
Similar to snowball but with CPU (basically a computer with storage) and allows you to deploy lambda functions on premise. Used by bowing to do aircraft testing
What is Storage Gateway?
Similar to snowball but stays on prem at all times. Can be physical or virtual. Essentially a way of caching files inside HQ and replicating these to S3. If you lose internet connection you still have them locally
What is Code deploy?
Deploy code to EC2 instances and also to on prem web servers.
What is OpsWork?
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.
What is IOT Greengrass
Build IOT solutions that communicate with the cloud and each other
Which AWS services can be used to deploy applications on premise
CodeDeploy
OpsWorks
What is CloudWatch?
Monitoring service to monitor AWS resources and applications that run in AWS. Can monitor:
Host Level metrics: CPU, Network, Disks, Status checks
Compute: EC2 instances (every 5 mins by default, but can turn on detailed monitoring for every 1 min), autoscaling, ELB, Route 53
Storage: EBS, Storage Gateway, CloudFront
What is the difference between CloudTrail, CloudWatch, AWS Inspector and AWS trusted advisor?
CloudTrail: Logs events within your environment
CloudWatch: Monitors performance of the environment
Inspector: Agent installed that inspects EC2 for vulnerabilities
Trusted Advisor: Online resource to reduce cost, increase performance and improve security in real time
What is AWS Systems Manager?
Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources
Allows you to manage EC2 at scale. E.g. have an EC2 fleet of hundred of instances. If you SSH into each to run an update this will take a lot of time. Instead, deploy EC2 instances with software installed allowing you to connect to Systems Manager and run commands across the whole fleet
Which of the following Route53 policies allows you to
a) route data to a second resource if the first is unhealthy
b) route data to resources that have better performance
1) Failover routing and simple routing
2) Failover Routing and Latency-based routing
3) Geolocation routing and latency-based routing
4) Geoproximity routing and geolocation routing
2) Failover Routing and Latency-based routing
IAM policies are written using….
JSON
Which of the following are types of cloud computing deployments Public Private Mixed Hybrid
Public, private and hybrid
What is an AZ
Distinct location within an AWS region that are engineered to be isolated from failures
How may AZs are there (at least) per AWS region
2
True or false: S3 can be used to host a dynamic website, like one that runs on a LAMP stack
false
Which of the following data archival services is extremely inexpensive, but has a several hour data retrieval window? S3-RRS Glacier S3-IA S3 - 1 Zone - IA S3
Glacier
What is an AWS region
Distinct location within a geographic area designed to provide high availability to a specific geography
True or False: Access Control lists are used to make entire buckets public
False - bucket policies would be used
Which of the following are valid access types for an IAM user
SDK
Emergency access via IAM
Programmatic access via CLI
Security group access via AWS command line
AWS Management Console Access
SDK, CLI, Console
What is a security group
Similar to a firewall, determines what ports can access your server
True or false: there are more regions than AZs
False
Which of the following are support levels offered by AWS? Basic Business Individual Developer Start Up
Basic
Business
Developer
(4th would be enterprise)
Where is CloudFront content cached
Edge locations
What are some features of consolidated billing (3)
1) Charging based per VPC
2) Multiple standalone accounts are combined and may reduce your overall bill
3) A single bill is issue containing all charges for AWS accounts
4) Account charges can be tracked individually
2) Multiple standalone accounts are combined and may reduce your overall bill
3) A single bill is issue containing all charges for AWS accounts
4) Account charges can be tracked individually
What is the document used to grant permissions to uses, groups and roles
Policy
Which is not a valid CloudFormation template section Parameters Options Outputs Resources
Options
What are the 9 valid sections allowed within a CloudFormation template?
Version Description Metadata Parameters Mappings Conditions Transform Resources Outputs
True or false: to restrict access to an entire bucket, you use bucket control lists, and to restrict access to an individual object you use object policies
False. You use bucket policies and access control lists, respectively
Which Support level offers the assistance of a TAM
Enterprise
What is Amazon LightSail?
PAAS
Out of the box cloud that deploys cloud which is then customisable
True or false: Both you and a friend can have an S3 bucket called ‘mytestbucket’
false - S3 bucket names are global and must be unique
True or false: a distribution is what we call a series of edge locations that make up a CDN
True
True or false: S3 is an object storage suitable for storage of flat files
True
Which EC2 option is best for long-term workloads with predictable usage patterns?
Reserved
What does S3 Transfer Accleration use to get your data to AWS quicker
Edge locations
Which are advantages of cloud computing?
1) Variable expense
2) Increase speed and agility
3) Elasticity
4) Ability to go global in minutes
5) requires large amounts of capital
1) Variable expense
2) Increase speed and agility
3) Elasticity
4) Ability to go global in minutes
Which Support levels offer 24/7 support via phone or chat?
Business and Enterprise
What is EBS?
Virtual hard-disk in the cloud
True or false: IAM is regional?
False
Which are steps you should take to secure your AWS account?
1) Create individual IAM users
2) Activate MFA
3) Create Root IAM role
4) Use groups to assign permissions
1) Create individual IAM users
2) Activate MFA
4) Use groups to assign permissions
True or False: Cloudfront origin can be S3, EC2, ELB or Route 53
True
True or false: objects stored in S3 are stored in a single, central location in AWS
False, objects are stored in multiple servers in multiple facilties
What is DMS and SMS?
Database Migration service, used for conventional data migrations
Server Migration Service: Targets virtual machines to replicate virtual machines up to AWS cloud. Can do 50 concurrently at the same time
What is Lamdba
AWS FaaS offering letting you run code without provisioning or managing servers
What is EMR
Elastic Map reduce Web service making it easy to process large amounts of data efficiently (e.g. using EC2 fleets)
What support services do all accounts receive as standard?
Billing support
What is the AWS managed DB and what is the benefit
Aurora- up to 5x faster than traditional MySQL database
What are the 5 pillars of the AWS Well Architected Framework?
1) Operational Excellence - ability to support development and run workload effectively
2) Security - Ability to protect data, systems and assets
3) Reliability- Ability of a workload to perform its intended function correctly and consistently
4) Performance efficiency - To use computing resources efficiently to meet system requirements
5) Cost Optimization - Ability to run systems to deliver business value at lowest price point
When architecting workloads, you make trade-offs between pillars based on your
business context.
What are the general design principles of the AWS Well Architected Framework?
1) Stop guess capacity needs - scale automatically rather than pay for idle capacity
2) Test systems at production scale in test environment
3) Automate to make architectural experimentation easier - create and replicate workloads at low cost to avoid expense of manual effort
4) Allow for evolutionary architectures - Traditional environments, architecture is a static one time event Cloud allows you to evolve
5) Drive architectures using data - collect data on how your architectural choices affect behavior of your workload
6) Improve through game days - test performance by scheduling game days to simulate events in production
What is EFS
Elastic File Storage. Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic Network File System (NFS) for use with AWS Cloud services and on-premises resources.
What is direct connect
Connect your office or physical data centers to AWS using dedicated telephone line rather than internet, e.g. for security reasons or if you need reliable internet connection if you are pushing a lot of internet up or down from AWS
What is Cloud Search
Managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application.
What is Elastic Search
Elasticsearch is an open-source, RESTful, distributed search and analytics engine.
You can send data in the form of JSON documents to Elasticsearch using the API or ingestion tools such as Logstash and Amazon Kinesis Firehose. Elasticsearch automatically stores the original document and adds a searchable reference to the document in the cluster’s index. You can then search and retrieve the document using the Elasticsearch API.
What is kinesis
Streaming and analysis real time data at huge scale and store data per hour, e.g. if you want to analyse social media streams for sentiment analysis
What is data pipeline?
Allows you to move data from one source to another e.g. from S3 to dynamo DB
What is quicksite?
Business analytics tool and create visualisations/ dashboards for data existing in AWS
What is certificate manager?
Gives free SLL certificates for domain name
What is directory service
Use active directory (use with MS) with AWS)
What is service catalog
Designed for larger enterprises, allowing you to build out which services are authorised and which is not
What is step functions
AWS Step Functions is a serverless function orchestrator that makes it easy to sequence AWS Lambda functions and multiple AWS services into business-critical applications. Through its visual interface, you can create and run a series of checkpointed and event-driven workflows that maintain the application state. The output of one step acts as input into the next
SWF simple workflow
Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps. You can think of Amazon SWF as a fully-managed state tracker and task coordinator in the Cloud.
What is API Gateway
Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. APIs act as the “front door” for applications to access data, business logic, or functionality from your backend services. Using API Gateway, you can create RESTful APIs and WebSocket APIs that enable real-time two-way communication applications.
What is Appstream
Amazon AppStream 2.0 is a fully managed application streaming service. You centrally manage your desktop applications on AppStream 2.0 and securely deliver them to any computer.
What is Elastic Transcoder
It is designed to be a highly scalable, easy to use and a cost effective way for developers and businesses to convert (or “transcode”) media files from their source format into versions that will playback on devices like smartphones, tablets and PCs.
What is code commit
Alike GitHub, its a way to store your code
AWS CodeCommit is a version control service hosted by Amazon Web Services that you can use to privately store and manage assets (such as documents, source code, and binary files) in the cloud.
What is code build
AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers. CodeBuild scales continuously and processes multiple builds concurrently, so your builds are not left waiting in a queue.
What is code deploy
automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers
What is code pipeline
fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change
What is mobile hub
Lets you add configure and design features for mobile apps e.g. data storage, analytics, content delivery. Similar to AWS console, Mobile hub is own console for mobile apps
What is Cognito (mobile)
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.
What is Device Farm
AWS Device Farm is an application testing service that lets you improve the quality of your web and mobile apps by testing them across an extensive range of desktop browsers and real mobile devices; without having to provision and manage any testing infrastructure
What is mobile pinpoint
Amazon Pinpoint is a flexible and scalable outbound and inbound marketing communications service. You can connect with customers over channels like email, SMS, push, or voice.
What is work docs
Amazon WorkDocs is a fully managed, secure content creation, storage, and collaboration service. With Amazon WorkDocs, you can easily create, edit, and share content, and because it’s stored centrally on AWS, access it from anywhere on any device.
What is work mail
Exchange for AWS
What is IOT gateway
The Device Gateway serves as the entry point for IoT devices connecting to AWS.
What is alexa
Has lex integrated within it
What is Polly
service that turns text into lifelike speech, allowing you to create applications that talk, and build entirely new categories of speech-enabled products.
What is machine learning
Give AWS dataset and tell it the outcomes based on dataset and Amazon will use machine learnings to predict outcomes in future
What is rekognition
Upload picture and it will tell you what is in the picture and use facial recognition to recognise images
What is SNS
Simple notification service. Notify via email or text
What is SQS
Aids with loosely coupling. Creates a Queue system so you can post jobs to a queue which are pulled down
What is SED (simple email service)
Send and receive emails
What is AWS CloudHSM
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud
What is AWS SSO
AWS Single Sign-On (SSO) makes it easy to centrally manage access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place.
Which of the following use cases is appropriate for Amazon CloudFront (3) Schema generation Security and Encryption Live on-demand video streaming Static asset caching Autoscaling Database back up
Security and encryption
Live on demand video streaming
Static asset caching
What is AWS Health?
AWS Health provides ongoing visibility into your resource performance and the availability of your AWS services and accounts. You can use AWS Health events to learn how service and resource changes might affect your applications running on AWS. AWS Health provides relevant and timely information to help you manage events in progress. AWS Health also helps you be aware of and to prepare for planned activities.
Which services can be used across hybrid AWS Cloud architectures? (Choose two.) A. Amazon Route 53 B. Virtual Private Gateway C. Classic Load Balancer D. Auto Scaling E. Amazon CloudWatch default metrics
A and B
Does RDS automatically scale?
No, it is highly scalable but not automatically
What is Amazon EC2 Instance Store
An instance store provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.
How long are CloudWatch logs stored for
They have adjustable retention times
What is AWS Batch?
AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS
Which AWS service provides a simple and scalable shared file storage solution for use with Linux-based AWS and on-premises servers? A. Amazon S3 B. Amazon Glacier C. Amazon EBS D. Amazon EFS
EFS
Which AWS Cost Management tool allows you to view the most granular data about your AWS bill? A. AWS Cost Explorer B. AWS Budgets C. AWS Cost and Usage report D. AWS Billing dashboard
C. AWS Cost and Usage report: The AWS Cost & Usage Report contains the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, and reservations
Cost explorer: Create cutsom reports o explore your costs over time
Budgets: Get alarms when you exceed budget limits. Helps you predict
Billing dashboard:Shows how much youve spent on a monthly basis
What is AWS Concierge?
Your AWS Concierge is a senior customer service agent who is assigned to your account when you subscribe to an Enterprise
Which of the following features can be configured through the Amazon Virtual Private Cloud (Amazon VPC) Dashboard? (Choose two.) A. Amazon CloudFront distributions B. Amazon Route 53 C. Security Groups D. Subnets E. Elastic Load Balancing
C. Security Groups
D. Subnets
What is Cloud9
AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser
Which of the following CIDR block size ranges applies to IPv4 addresses in Amazon VPC?
1/ to /40
/12 to /32
/8 to /36
/16 to /28
For IPv4 addresses, the VPC CIDR block size can be anywhere from /16 to /28.
You need a managed, low-cost relational database for your e-commerce store. Which of the following should you use?
DynamoDB
AWS ElastiCache
RDS
MySQL on EC2
RDS
Which of the below can be specified as an origin when creating a CloudFront distribution?
An RDS instance
A domain name
An S3 Bucket
An ELB
Domain name
S3 bucket
ELB
What is the default limit for the number of network ACLs in a VPC?
300
100
400
200
200
Which of the following is the name of AWS Regions designed to allow U.S. government agencies and customers to move significantly sensitive workloads into the cloud?
AWS GovRegion
AWS Government Cloud
AWS Government Region
AWS GovCloud
AWS GovCloud
You visit a clients site and get called into a corridor discussion. You are asked to describe the new (2019) URL structure for objects in S3.
HTTPS Bucket name dot AWS S3 regional endpoint slash object name
What benefits can CloudFront bring to your e-commerce website? (3)
Increased application availability
Advanced analytics into customer journeys
Protection against network and application layer attacks via WAF
Scalable managed database which integrates seamlessly with Lambda and EC2
Lower latency for customers of your e-commerce website
Increased application availability
Protection against network and application layer attacks via WAF
Lower latency for customers of your e-commerce website
You need to re-create an EBS volume that you have used previously. How might you go about doing that?
Re-create the volume from a snapshot.
Copy the AMI the volume was based on and spin it up.
Use the copy that lives in the Auto Scaling group.
Use a CloudFormation template to recreate the volume.
Re-create the volume from a snapshot
Which statement is true in relation to data stored within an AWS Region?
Data is always automatically replicated to at least one other availability zone
Data is not replicated outside of a region unless you configure it
Data is automatically archived after 90 days
Data is always replicated to another region
Data stored within an AWS region is not replicated outside of that region automatically. It is up to customers of AWS to determine whether they want to replicate their data to other regions. You must always consider compliance and network latency when making this decision.
Data is not automatically replicated to at least one availability zone – this is specific to each service and you must check how your data is stored and whether the availability and durability is acceptable.
Data is never automatically archived. You must configure data to be archived.
Which of the below are components that can be configured in the VPC section of the AWS management console? (Select TWO.)
EBS volumes Subnet Elastic Load Balancer DNS records Endpoints
Subnets
Endpoints
You can have configured subnets and endpoints within the VPC section of AWS management console
EBS volumes and ELB must be configured in the EC2 section of the AWS management console
DNS records must be configured in Amazon Route 53
With which service can a developer upload code from a Git repository and have the service handle the end-to-end deployment of the resources?
Elastic Beanstalk
An Amazon EC2 instance running the Amazon Linux 2 AMI is billed in what increment?
Second
Which AWS services can be utilized at no cost? (Select TWO.)
Identity and Access Management (IAM) Amazon VPC Amazon S3 Amazon CloudFront Amazon RedShift
VPC
IAM
Which disaster recovery scenario offers the lowest probability of down time? A. Backup and restore B. Pilot light C. Warm standby D. Multi-site active-active
Multi-Site Solution
Backup and Restore: a simple, straightforward, cost-effective method that backs up and restores data as needed. Keep in mind that because none of your data is on standby, this method, while cheap, can be quite time-consuming.
✑ Pilot Light: This method keeps critical applications and data at the ready so that it can be quickly retrieved if needed.
✑ Warm Standby: This method keeps a duplicate version of your business’ core elements running on standby at all times, which makes for a little downtime and an almost seamless transition.
✑ Multi-Site Solution: Also known as a Hot Standby, this method fully replicates your company’s data/applications between two or more active locations and splits your traffic/usage between them. If a disaster strikes, everything is simply rerouted to the unaffected area, which means you’ll suffer almost zero downtime. However, by running two separate environments simultaneously, you will obviously incur much higher costs.
Name the serverless services
Lambda S3 DynamoDB Kinesis API gateway Step SNS Athena
What are the 5 VPC concepts
Virtual private cloud (VPC) — A virtual network dedicated to your AWS account.
Subnet — A range of IP addresses in your VPC.
Route table — A set of rules, called routes, that are used to determine where network traffic is directed.
Internet gateway — A gateway that you attach to your VPC to enable communication between resources in your VPC and the internet.
VPC endpoint — Enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
What is NAT (VPC)
You can use a NAT device to enable instances in a private subnet to connect to the internet (for example, for software updates) or other AWS services, but prevent the internet from initiating connections with the instances. A NAT device forwards traffic from the instances in the private subnet to the internet or other AWS services, and then sends the response back to the instances
What is VPC peering?
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses.
What is AWS Snowmobile?
AWS Snowmobile is an exabyte-scale data transfer service that can move extremely large amounts of data to AWS in a fast, secure, and cost-effective manner.
You can transfer up to 100PB per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration.
