Topical Cards from Digital Cloud AWS Cert Exam Flashcards
Kinesis Data Analytics
- used for processing and analyzing real-time streaming data from either Firehose or Data streams
- can only output data to S3, RedShift, Elasticsearch and Kinesis Data Streams
- Autoscaling and Managed (no servers)
- Real Time
Kinesis Data Firehose
- the easiest way to deliver data directly to AWS services or servicers like Splunk
- data is NOT stored
- serverless data transforms with lambda functions
- Kinesis Data Streams can be used as the source(s) to Kinesis Data Firehose
- near real-time (1 minute latency)
Kinesis Data Streams
- enables real-time processing of streaming big data
- stores data for later processing by applications (key difference with Firehose which delivers data directly to AWS services)
- partition keys can guarentee ordering
- records accessible from 24 hours (default) to 7 days
- does not deliver it to destinations such as Splunk
- must manage to scaling
- will have to develop code (producer/consumer) to use
Default IAM User Permissions
- By default IAM users are created with no permissions
- an IAM policy must be attached to the user before they can do anything (even view their own access keys)
EBS Encryption
- Data in transit between an instance and an encrypted volume is encrypted
- There is no direct way to change the encryption state of a volume
- All EBS types support encryption
Amazon Glacier Resilience
- 99.999999999% durability of archives
- Data is resilient in the event of one entire AZ destruction
- Data is NOT replicated globally
EBS Instance Store Configuration
- Can only specify the instance store volumes for your instance when you launch the instance
- Cannot add EBS volumes after launch
Default Security Group Settings for a VPC
- Inbound rule that allows all traffic from the security group itself
- Outbound rule that allows all traffic to all addresses
- Custom security groups do not have inbound rules by default (blocking all inbound traffic) and allow all outbound traffic by default
RDS Database Restore
- Can restore up to the last 5 minutes
- default DB security group is applied to the new DB instance
Monitoring ELB Traffic
- Use VPC Flow Logs
- To set up, create a VPC flow log for each network interface associated with an ELB
Network ACL
- tied to subnets
- stateless rules (rules applied to incoming traffic will not be applied to outgoing traffic
- support allow and deny rules
- rules applied in order
- by default inbound rule denying all traffic and outbound rule denying all traffic
Enhanced Networking
-provides higher bandwidth, pakcet-per-second, and lower inter-instance latencies
DynamoDB Auto Scaling
- uses AWS Application Auto Scaling Service to adjust provisted throughput capacity to traffic patterns
- most efficient and cost-effective solution to optimizing cost
CodeDeploy
-automates application deployment to EC2 instances, on-premises instances, serverless lambda.
OpsWorks
-mangaged instances of Chef and Puppet
Beanstalk
- used to quickly deploy and mange applications in the cloud
- beanstalk handles deployment details for applications in Go, Java, Python, Ruby, Node.js, and PHP
Run Command
- designed to support a wide ranbe of enterprise configuration needs on windws machines
- can install software, run scripts, or powershell commnads
- accessible in the AWS Managment Console
AWS Config
-services that lets you assess, audit, and evaluate the configuration of your AWS Resources
POSIX Permissions
-allow you to restrict access from host by user group for EFS
EFS Security Groups
-can act as a fire wall to restrict network traffic for EFS
Direct Connect Gateway
- transitive peering connections for VPC, VPN, and Direct Connect
- can be assoicated with transit gateway when you have mutiple vpcs in the same region
- can be associated with a virtural private gateway
Direct Connect
- establish private connectivity between AWS and your datacenter
- set up a virtual private gateway on vpn and configured hardware connection to datacenter
VPN CloudHub
-hub-and-spoke VPN model to connect your sites
Transit Gateway
-transitive peering connections for VPC, VPN, and Direct Connect
Private Link
- connect services privately form your service VPC to customers VPC
- eliminates the exposure of data to the public Internet
- dosen’t need vpc peering, public internet, NAT gateway, ect
- Must be used with NLB and Elastic Network Interface
VPC Endpoints
-provide private access to aws services within a vpc
Internet Gateway
-provide internet access at VPC level via ipv4 & ipv6
Route Tables
-connect subnets to Interne Gateway, VPC Peering Connections, VPC Endpoints, ect
Nat Instances
- provides internet access to private instances on private subnet
- Managed by user and requires additional set up like disabling source/destination check on the ec2
Network ACL
-Statless, subnet allow and deny rules
Securty Groups
-Stateful, operate at ec2 level
Site to Site VPN
-connect datacenter to vpc over public internet, set up a virtual private gateway on vpn, customer gateway on the DC
AWS DataSync
- Used to move large amounts of data online between on-premises storage and Amazon S3 or Amazon Elastic File System (Amazon EFS
- source datastore can be Server Message Block (SMB) file servers
S3 Standard-IA
- objects are available for millisecond access
- charges a retrieval fee for these objects
- stores the object data redundantly across multiple geographically separated Availability Zone
- resilient to the loss of an Availability Zone
S3 One Zone-IA
- objects are available for millisecond access
- charges a retrieval fee for these objects
- object data in only one Availability Zone
- data is not resilient to the physical loss of the Availability Zone resulting from disasters
Service Control Policy (SCP)
- used to apply restrictions across multiple member accounts in an OU
- use deny rule to block a resource type (ec2 instance type for example) in member accounts
Global Accelerator
- improves the availability and performance of your applications with local or global users
- uses the congestion-free AWS global network to route TCP and UDP traffic to a healthy application endpoint in the closest AWS Region to the user.
- provides static IP addresses that act as a fixed entry point to your application endpoints in a single or multiple AWS Regions to your ALB or NLB
FSx for Windows File Server
- provides fully managed, highly reliable file storage accessible over SMB protocol
- provides a rich set of administrative features that include end-user file restore, user quotas, and Access Control Lists
- supports Distributed File System Replication (DFSR) in both Single-AZ and Multi-AZ deployments
EFS
- file storage for EC2 instances
- only available for Linux instances
Target Tracking AutoScaling
-allows you to specify a target value for a metric to scale off of (CPU for instances)
RedShift
- columnar data warehouse DB that is ideal for running long complex queries.
- RedShift can also improve performance for repeat queries by caching the result and returning the cached result when queries are re-run.
AWS Batch Multi-node parallel jobs
- enable you to run single jobs that span multiple Amazon EC2 instances (model training)
- does not require you to launch, configure, and manage Amazon EC2 resources directly
- supports IP-based, internode communication, such as Apache MXNet, TensorFlow, Caffe2, or Message Passing Interface (MPI)
Scaling Process
- There are two primary process types: Launch and Terminate
- other process are Scheduled Actions, Replace Unhealthy, AZ Rebalance, ect.
- Autoscaling groups can have multiple scaling processes
- Process can be suspened and resumed
EC2 Standby State AutoScaling
- used for performing updates/changes/troubleshooting etc. without health checks being performed or replacement instances being launched
- instance still managed by Auto Scaling
- do not count towards available EC2 instance for workload/application
- health checks are not performe
Aazon DynamoDB Streams
- captures a time-ordered sequence of item-level modifications in DynamoDB table
- stores this information in a log for up to 24 hours
- logs can be accessed in near-real time
Troubleshooting ECS Containers
- Verify that the Docker daemon is running on the container instance.
- Verify that the Docker Container daemon is running on the container instance.
- Verify that the container agent is running on the container instance.
- Verify that the IAM instance profile has the necessary permissions.
Cognito Identity Pools
- provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token.
- used to obtain temporary AWS credentials to access AWS services, such as Amazon S3 and DynamoDB.
Cognito User Pools
- A user pool is a user directory in Amazon Cognito
- Used to provide access to an application (think web app log in via facebook)
