Udemy course - Sections 1-10 Flashcards
1
Q
2 Benefits of private cloud
A
-complete control of the entire stack
-security - in a few cases, organizations may need to keep all or some of their applications and data in house
2
Q
3 benefits of public cloud
A
-variable expense, instead of capital expense
-economies of scale
-massive elasticity
3
Q
what is a hybrid cloud
A
where a private cloud and public cloud are connected together where you might be connected with either the internet or a private link.
4
Q
Three things the multi cloud can connect?
A
-private cloud (vmWare, openstack)
-public cloud (aws, azure)
-organization
5
Q
what is a region
A
physical locations in the world and independent of others and within a region, there are availability zones (az)
6
Q
what are the different zones with subnets that you can use to connect to a region
A
-Local Zone
-outpost
-wavelength (5g/mobile)
7
Q
what does cloudfront do
A
deliver content like videos through edge locations
8
Q
what is aws responsible for in the responsibility model?
A
Software
-compute
-storage
-datebase
-networking
Hardware
-regions
-availability zones
-edge locations
9
Q
what is the customer responsible for in the responsibility model?
A
-platform, applications, identity & access management
-operating system, network & firewall configurations
-client-side data encryption & data integrity authentication
-server-side encryption (filesystem and/or data)
-networking traffic protection (encryption, integrity, identity)
10
Q
three ways to access cloud services
A
-aws management console (ui)
-command line
-software development kit (ide)
11
Q
example of public services and what does that mean
A
-means you are connecting to services via a public address
-examples: dynamoDB, S3 (storage), route 53, cloudFront
12
Q
what are some private services and what does this mean?
A
-vpc where you have subnets with resources that can be either private or public
-examples: EC2 instance, amazon rds, elastic file system
13
Q
6 advantages of cloud computing
A
-trade capital expense for variable expense
-benefits from massive economies of scale
-stop guessing capacity
-speed and agility
-stop spending money running and maintaining data centers
-go global in minutes
14
Q
3 types of cloud computing model
A
-iaas (MANAGED TO OS)
-PAAS(managed to code)
-saas (pure consumption)
15
Q
4 types of cloud deployment
A
1) public
2) hybrid cloud
3) private cloud
4) multicloud (combo of private/hybrid/etc)
16
Q
fundamentals of pricing
A
-compute
-storage
-outbound data transfer
17
Q
aws global infrastructure is made up of:
A
AWS REGIONS
-region is a geographical area
-each region consists of 2 or more AZ (availability zones)
-isolated from other AWS Regions
Availability Zones (data centers)
-AZ are sep from each other
-AZs span one or more data centers
-each AZ is designed as independent failure zone
Local Zones (fairly new and may not come up on exam
-place compute, storage, db, and other services closer to end user
-extension of aws region where you can run your latency sensitive applications
edge locations and regional edge caches
18
Q
shared responsibility model
A
aws responsible for security of the cloud
-run underlying infrastructure
-hardware,software
user responsible for security in cloud
ec2 includes network level security, etc…
19
Q
what is IAM
A
-identity and access management is a web service that helps you security control access to aws services
20
Q
What does IAM control?
A
who is authenticated and authorized to use resources
21
Q
what are users?
A
individual accounts you log in with
22
Q
what permissions do users have by default
A
none
23
Q
what are groups used for?
A
organizing users and applying policies
24
Q
what do users log into the aws management console with?
A
user name and password
25
what are access keys used for?
programmatic access (think CLI/API)
26
what do access keys consist of?
access key id and secret access key
27
what is a root user?
user that created the account
28
what permissions do root users ahve?
full permissions that cannot be restricted
29
What does multi-factor authentication use?
a second factor in addition to a password (typically code generated on a device)
30
what are service control policies (SCPs)
feature of aws organization and they control the max available permissions in aws account and they do not grant permissions
31
IAM best practices (8)
-locck away your aws account root user access keys
-create individual iam users
-use groups to assign permissions to IAM users
-grant least privileges
-get started using permission with aws managed policies
-use customer managed policies instead of inline policies
-use access levels to review IAM permissions
-configure a strong password policy for your users3
-enable mfa
-use roles for applications that run on amazon ec2 instances
-use roles to delegate permissions
-do not share access keys
-rotate credentials regularly
-remove unnecessary credentials
-use policy conditions for extra security
-monitor activity in aws account
32
what does ARN stand for?
Amazon Resource Name
33
what IAM entity can be used to delegate permissions?
role
34
what is elastic compute cloud?
EC2 that lets you run web services in the cloud (virtual servers)
35
what operating system can EC2 run?
all: linux/windows/mac
36
AMI is used to launch what?
amazon machine image launches an EC2 instance (consists of ebs snapshot, permissions and configurations)
37
what is user data?
data supplied by the user at instance launch in the form of a script
38
what is instance metadata
data about your instance that you can use to configure or manage the running instance
39
are user data/metadata encrypted?
no
40
how can you view meta data?
instance http: address
41
what are access keys used for?
gain permissions to other AWS services
42
how are access keys stored?
plain text
43
what is preferred method over access keys?
iam role and because they are not stored
44
what does aws batch do?
enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs
45
what does aws batch provisions?
optimal quantity and type of computer resources
46
what are some perks about amazon lightsail
great for users who don't have deep tech expertise to provision compute services
-provides pretty much everything you need in cloud
-best suited for projects that require a few dozen instances or fewer
-simple management interface
-good for blogs, website, web applications, e-commerce etc
-can deploy load balancers and attach block storage
47
What is ECS?
elastic compute service
48
what is a task also known as?
containers
49
what is ECS used for?
running docker containers in the cloud
50
EC2 launch types?
managed (you control) unmanaged (fargate- serverless)
51
what is elastic container registry?
private container image registry
52
do ebs volumes data persists?
yes, independently of the lift of the instance
53
Do EBS volumes need to be attached to an instance?
nope
54
Can multiple EBS volumes be attached to an instance?
yes
55
Can you attached multiple instances to a volume?
sort of through multi-attach but has constraints
56
Can EBS volumes be in different AZs as the instances they are attached to?
No, false, they have to be in same AZ
57
what is deleted on termination by default
the root ebs volumes, but any extras you connected will not be.
58
what are snapshhots?
captures point-in-time of an instance
59
where are snapshots stored?
s3
60
what happens with the snapshots as you make periodic snapshots of a volume?
they are incremented
61
Is EBS volumes AZ or region specific?
AZ
62
is snapshots AZ or region speecific?
region
63
What is DLM and what does it do?
data lifecycle manager, automates the creation, retention, and deletion of EBS snapshots and EBS-backed AMI
64
What does DLM help with?
-protects data by enforcing reg back up schedule
-creates standardized AMIs that can be refreshed at intervals
-retains backups as required by auditors and internal compliance
-recue storage costs by deleting outdated backups
-create disaster recovery backup policies that back up data to isolated accounts
65
what are instance store volumes?
high performance local disks physically attached to host comp on which ec2 instance runs
66
is instant stores persistent?
no, they are ephemeral (data lost without power)
67
what is instance stores good for?
temp storage of info that changes frequently, like buffers/caches/scratch data
68
what is EFS
elastic file system that is a file-based storage system, which uses NFS protocol
69
can EFS connect many EC2 instances concurrently?
yes
70
Can EC2 instances connect only to one AZ?
No, they can be connected from multiple AZs
71
Can you connect instances from other VPCS?
YES
72
Is EFS available for windows instances?
no, only available for linux
73
What kind of file can be stored in S3?
any
74
what is the size range of files in S3?
0bytes to 5TB
75
is there a limited storage on s3?
no
76
Can buckets be named the same anywhere in the world?
no, they have to be unique as namespace is universal
77
Where are buckets created?
regions
78
what is a good policy when creating buckets?
create them close to your users so to reduce latency
79
six storage classes?
-s3 standard?
-s3 intelligent tiering
-s3 standard-IA
-s3 one zone-ia
-s3 glacier
-s3 glacier deep archive
80
what is s3 standard
(durable, immediately available, frequently accessed)
81
what is s3 intelligent-tiering?
(automatically moves data to the most cost- effective tier)
82
what is standard-IA
(durable, immediately available, infrequently
accessed)
83
What is s3 one zone-ia
(lower cost for infrequently accessed data with less
resilience)
84
What is s3 glacier
(archived data, retrieval times in minutes or hours)
85
what is glacier deep archive
(lowest cost storage class for long term retention)
86
What are some S3 features
-Transfer acceleration – speeds up uploads using CloudFront
* Requester pays – the account requesting the objects pays
* Events – can trigger notifications to SNS, SQS and Lambda
* Static website hosting – setup a static website
* Encryption – encrypt objects in the bucket
* Replication – replicate within (SRR) or across (CRR) Regions
87
What does versioning mean?
means of keeping multiple variants of an object in the same bucket
88
What is versioning used for?
to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket
89
what does a versioning-enabled bucket enable you to do?
recover objects from accidental deletion or overwrite
90
What are data access times for glacier and deep archive?
Data access time (Glacier) 1-5 minutes 3-5 hours 5-12 hours
Data access time (Deep Archive) N/A 12 hours 48 hours
91
What are two things to know about s3 Glacier
-Extremely low cost and you pay only for what you need with no commitments of upfront fees
- Two classes Glacier and Glacier Deep Archive
92
What are two things to know about s3 object-lock?
-Store objects using a write-once-read-many (WORM) model
-Prevent objects from being deleted or overwritten for a fixed time or indefinitely
93
What are 3 things to know about s3 Glacier vault lock?
* Also used to enforce a WORM model
* Can apply a policy and lock the policy from future edits
* Use for compliance objectives and data retention
94
What is AWS Storage Gateway?
-Hybrid cloud storage service
-Access cloud storage from on-premises applications
-Enables access to proprietary object storage (S3) using standard protocols
95
What are some use cases for aws storage gateway
* Moving backups to the cloud
* Using on-premises file shares backed by cloud storage
* Low latency access to data in AWS for on-premises applications
* Disaster recovery
96
What are the three types of storage gateway?
-file, volume, tape
97
what is file gateway?
provides file system interfaces to on-premises
servers
98
what is volume gateway?
provides block-based access for on premises servers
99
what is tape gateway?
provides a virtual tape library that is compatible with common backup software (block and file interfaces)
100
What is Route 53?
DNS (domain name service) to register ip addresses to common names
101
what are three functions that route 53 does?
*Domain registration – Route 53 allows you to register domain
names
* Domain Name Service (DNS) – Route 53 translates name to IP
addresses using a global network of authoritative DNS servers
* Health checking – Route 53 sends automated requests to your
application to verify that it’s reachable, available and functional
102
What are some route 53 routing policies?
* Simple – IP address associated with name
* Failover – if primary is down, route to secondary
* Geolocation – route based on geographic location of request
* Geoproximity – route to closes Region withing geo area
* Latency – use lowest latency route to resources
* Multivalue answer – returns several IP addresses
* Weighted – relative weights (e.g. 80%/20%)
103
what is amazon ec2 auto scaling?
* automates the scaling of ec2 instances which can be elastic and scalable
* Launches and terminates EC2 instances based on demand
* Helps to ensure that you have the correct number of EC2 instances available to handle the application load
104
what is ASG?
Auto Scaling Group which is collections of EC2 instances
105
What does ASG use in order to scale?
(2)?
status checks and cloudWatch metrics
106
When can EC2 scaling scale (2)?
on-demand and on schedule
107
What are scaling policies?
* Target Tracking – Attempts to keep the group at or close to the
metric
* Simple Scaling – Adjust group size based on a metric
* Step Scaling – Adjust group size based on a metric – adjustments
vary based on the size of the alarm breach
* Scheduled Scaling – Adjust the group size at a specific time
108
What is ELB
Elastic load balancing, which distributes incoming app traffics across multiple targets
109
how does ELB handle traffic over AZs?
Either in a single zone or multiple AZs
110
Why is ELB helpful?
features high availability, automatic scaling, and robust
security necessary to make your applications fault tolerant
111
what are two types of elastic load balancer?
* Application Load Balancer (ALB) – layer 7 load balancer that
routes connections based on the content of the request
* Network Load Balancer (NLB) – layer 4 load balancer that
routes connections based on IP protocol data
112
Can ELB distribute across regions?
ELB cannot distribute connections across regions, only availability zones. To direct traffic across regions use Amazon Route 53
113
what is launch configuration?
A launch configuration is the template used to create new EC2 instances and includes parameters such as instance family, instance type, AMI, key pair and security groups
114
what is a hosted zone?
A hosted zone represents a set of records belonging to a domain
115
are there instances to manage with serverless lambda functions?
no, serverless simply means no infrastructure (OSs or hardware) to manage, therefore no instances)
116
how is provisioning and patching handled on serverless services?
automatically
117
is there automatic scaling and high availability with serverless services?
Yes
118
what are some aws serverless services?
-lambda
-fargate
-eventbridge
-step functions
-SQs
-SNS
-API Gateway
-s3
-dynamoDB
119
benefits of lambda?
* No servers to manage
* Continuous scaling
* Millisecond billing
* Integrates with almost all other AWS services
120
How is payment done with lambda functions
You pay only for the compute time you consume (you pay
nothing when your code is not running)
121
when is lambda functions executed and how are they scaled?
AWS Lambda executes code only when needed and scales
automatically
122
What is SQS and what is it used for? (4 things to keep in mind)
* SQS offers a reliable, highly-scalable, hosted queue for storing messages in transit between computers
* SQS is used for distributed/decoupled applications
* SQS uses a message-oriented API
* SQS uses pull based (polling) not push based
123
What is Amazon MQ and what is it used for (5 things to keep in mind)
* Message broker service
* Similar to Amazon SQS
* Based on Apache Active MQ and RabbitMQ
* Used when customers require industry standard APIs and protocols
* Useful when migrating existing queue-based applications into the cloud
124
What is SNS and what is it used for? (5 things to keep in mind)
* Publisher / subscriber model
* Amazon SNS is used for building and integrating looselycoupled, distributed applications
* Provides instantaneous, push-based delivery (no polling)
* Uses simple APIs and easy integration with applications
* Offered under an inexpensive, pay-as-you-go model with no up-front costs
125
What is AWS step functions? (2 things to keep in mind)
* AWS Step Functions makes it easy to coordinate the components of distributed applications as a series of steps in a visual workflow
* You can quickly build and run state machines to execute the steps of your application in a reliable and scalable fashion
126
What is SWF and what does it do or things to keep in mind? (4 things)
* Amazon Simple Workflow Service
* Coordinate work across distributed application components
* Create distributed asynchronous systems as workflows
* Best suited for human-enabled workflows like an order fulfilment system or for procedural requests
* AWS recommends that for new applications customers consider Step Functions instead of SWF
127
What does amazon event bridge do? (3 things)
* Serverless event bus
* Used for building event-driven architectures
* Ingests data and routes it to target AWS services
128
What are 4 things the amazon api gateway do? (4)
* Publish APIs on AWS
* Create RESTful and WebSocket APIs
* Fully managed service
* Forward connections to AWS services and on-premises
applications
129
what is a VPC dedicated to?
aws account
130
true/false, Not logically isolated form other virtual networks in the aws cloud
flase, it is logically isolated
131
what kind of controls do you have over a vpc?
complete control
132
Can you launch your aws resources into your vpc and if so, whats an example?
yes, EC2 instances can be launched to your VPC
133
what is analogous to having your own DC (data center?) inside aws?
VPC
134
what do you have to specify when you create a vpc?
range of IPv4 addresses for the vpc in form of a cidr (classless inter-domain routing) block,
-ex: 10.0.0.0/16
135
what does a VPC span?
all AZs in a rgion
136
who has control of the aws resources inside a vpc?
you have full controll of access
137
whats the default number of VPCs you can create per region?
5
138
What is the default when talking about a VPC?
default vpc is created in each region with a subnet in each AZ
139
4 things to remember about security groups?
-they are firewalls for EC2 instances
-operate at the instance level
-supports allow rules only
-stateful
140
4 things to remember about network access control lists or NACLs?
-firewall at subnet level
-support allow and deny rules
-stateless
-process rules in order
141
what is lost when instance is stopped?
public IPS
142
what are public IPs?
dynamic
143
can public Is be moved between instances?
no
144
whats attached to all instances?
private IPs
145
are private IPs retained when an instance is stopped?
yes
146
what are elastic IPs?
static public addresses
147
are elastic IPs retained when instance is stopped?
yes
148
what IPs can be moved between instances?
elastic ones
149
how are elastic IPs charged?
when assigned to account and not being used
150
what is used for access the internet from private subnets and where are they deployed?
NAT instances & Gateways and deployed in public subnets
151
where do route tables need to be updated if trying to access public IP addresses from private subnet?
private subnet
152
Does AWS or you manage NAT instances?
You
153
Does AWS or you manage NAT gateways?
AWS
154
what is vpc peering
allows you to route between VPCs using private IP addresseS
155
2 things/benefits about AWS managed VPN?
1) VPN connection between on-premises sites and aws
2) uses the public internet
156
2 things about AWS direct connect
1) private connection from on-premises to aws
2) avoid the public internet
157
AWS transit gateway (2 things)
-connects VPCs and on-premises networks through a central hub
-simplifies network configuration
158
3 things to remember about aws outpost?
-deploy aws infrastructure on-prem and connect AWS servers
-can extend a vpc into the on-prem environment
-supports several AWS services
159
How can an organization create a private hybrid cloud connection between their on-premises data center and the AWS Cloud?
Direct Connect
160
Which AWS-managed network service can be used to enable Internet connectivity for EC2 instances in private subnets?
NAT Gateway
161
What type of information does VPC peering use to route traffic from one VPC to another?
private IP addresses
162
Which services have a Global scope?
AWS IAM, CloudFront, Route 53
163
Which types of Origin does Amazon CloudFront support (2)?
s3 and ec2 instances
164
In Amazon Route 53, what is the name for the configuration item that holds a collection of records belonging to a domain?
hosted zone
165
Which service can assist a developer with quickly deploying and managing a web application on AWS?
beanstalk
166
AWS Elastic Beanstalk is an example of which cloud computing service model?
Paas
167
Which service can be used to automatically create an Amazon VPC and then launch an EC2 instance, Auto Scaling Group and Elastic Load balancer?
cloud formation
