Udemy Questions Flashcards
AWS Systems Manager
AWS Systems Manager allows you to centralize operational data from multiple AWS services and automate tasks across your AWS resources. You can create logical groups of resources such as applications, different layers of an application stack, or production versus development environments.
AWS Service Health Dashboard
AWS Service Health Dashboard publishes most up-to-the-minute information on the status and availability of all AWS services in tabular form for all Regions that AWS is present in. You can check on this page https://status.aws.amazon.com/ to get current status information.
Amazon Inspector
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. Amazon Inspector cannot be used to prevent Distributed Denial-of-Service (DDoS) attack. It cannot provide the status of your AWS resources.
AWS Acceptable Use Policy
The Acceptable Use Policy describes prohibited uses of the web services offered by Amazon Web Services, Inc. and its affiliates (the “Services”) and the website located at http://aws.amazon.com (the “AWS Site”). This policy is present at https://aws.amazon.com/aup/ and is updated on a need basis by AWS.
AWS Trusted Advisor
AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices on cost optimization, security, fault tolerance, service limits, and performance improvement. Whether establishing new workflows, developing applications, or as part of ongoing improvement, recommendations provided by Trusted Advisor regularly help keep your solutions provisioned optimally.
AWS Service Quotas
Service Quotas enables you to view and manage your quotas for AWS services from a central location. Quotas, also referred to as limits in AWS, are the maximum values for the resources, actions, and items in your AWS account. Each AWS service defines its quotas and establishes default values for those quotas.
Route 53 - Simple Routing Policy
Use for a single resource that performs a given function for your domain, for example, a web server that serves content for the example.com website. You can use simple routing to create records in a private hosted zone.
Route 53 - Failover routing policy
Use when you want to configure active-passive failover. You can use failover routing to create records in a private hosted zone.
Route 53 - Geolocation routing policy
Use when you want to route traffic based on the location of your users. You can use geolocation routing to create records in a private hosted zone.
Route 53 - Geoproximity routing policy
Use when you want to route traffic based on the location of your resources and, optionally, shift traffic from resources in one location to resources in another location. You can use geoproximity routing to create records in a private hosted zone.
Route 53 - Latency routing policy
Use when you have resources in multiple AWS Regions and you want to route traffic to the Region that provides the best latency. You can use latency routing to create records in a private hosted zone.
IP-based routing policy
Use when you want to route traffic based on the location of your users, and have the IP addresses that the traffic originates from.
Multivalue answer routing policy
Use when you want Route 53 to respond to DNS queries with up to eight healthy records selected at random. You can use multivalue answer routing to create records in a private hosted zone.
Weighted routing policy
Use to route traffic to multiple resources in proportions that you specify. You can use weighted routing to create records in a private hosted zone.
AWS Organizations Best Practices
Create account per department, Restrict account privileges using Service Control Policies (SCP)
AWS Systems Manager Session Manager
AWS SSM Session Manager is a fully-managed service that provides you with an interactive browser-based shell and CLI experience. It helps provide secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, and manage SSH keys. Session Manager helps to enable compliance with corporate policies that require controlled access to instances, increase security and auditability of access to the instances while providing simplicity and cross-platform instance access to end-users.
AWS Pricing Calculator
AWS Pricing Calculator lets you explore AWS services and create an estimate for the cost of your use cases on AWS. You can model your solutions before building them, explore the price points and calculations behind your estimate, and find the available instance types and contract terms that meet your needs. This enables you to make informed decisions about using AWS. You can plan your AWS costs and usage or price out setting up a new set of instances and services. AWS Pricing Calculator can be accessed at
AWS Organizations Benefits
-Quickly scale your environment by programmatically creating new AWS accounts for your resources and teams at no additional charge
-Simplify user-based permission management to give teams the freedom to build while staying within targeted governance boundries
-Manage and optimize costs across your AWS accounts and resources
-Centrally secure and audit your environment across all of your AWS accounts
Benefits of Elastic Load Balancing
Faullt Tolerant and high Availability
Auto Scaling in EC2
Auto Scaling helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application. You create collections of EC2 instances, called Auto Scaling groups. You can specify the minimum number of instances in each Auto Scaling group, and Amazon EC2 Auto Scaling ensures that your group never goes below this size.
Serverless Computing Services
Lambda and FarGate
AWS Local Zones
AWS Local Zones allow you to use select AWS services, like compute and storage services, closer to more end-users, providing them very low latency access to the applications running locally. AWS Local Zones are also connected to the parent region via Amazon’s redundant and very high bandwidth private network, giving applications running in AWS Local Zones fast, secure, and seamless access to the rest of AWS services.
AWS Instance Store
An instance store provides temporary block-level storage for your EC2 instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for the temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers. Instance storage is temporary, data is lost if instance experiences failure or is terminated. EC2 instance store cannot be used for file sharing between instances.
AWS Macie
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. Macie automatically provides an inventory of Amazon S3 buckets including a list of unencrypted buckets, publicly accessible buckets, and buckets shared with AWS accounts outside those you have defined in AWS Organizations. Then, Macie applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data, such as personally identifiable information (PII).
AWS Glue
AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics. AWS Glue job is meant to be used for batch ETL data processing. It cannot be used to discover and protect your sensitive data in AWS.
AWS Secrets Manager
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. It cannot be used to discover and protect your sensitive data in AWS.
VPC Peering
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region.
VPC Endpoint
VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. You cannot connect two VPCs using a VPC endpoint.
U2F Security Key
Universal 2nd Factor (U2F) Security Key is a device that you can plug into a USB port on your computer. U2F is an open authentication standard hosted by the FIDO Alliance. When you enable a U2F security key, you sign in by entering your credentials and then tapping the device instead of manually entering a code.
Amazon Transcribe
Speech-to-text
Amazon Polly
Text-to-speech
AWS Enterprise
Has Training and self paced labs
AWS OpsWork
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.
AWS Chef and Puppet
Automation platforms that allow you to use code to automate configuration of servers
AWS Batch
A fully managed batch computing service that plans, schedules, and runs your containerized batch ML, simulation, and analytics workloads across the full range of AWS compute offerings, such as Amazon ECS, Amazon EKS, AWS Fargate, and Spot or On-Demand Instances.
S3 Storage Classes - Standard
General purpose storage for frequently accessed data
Low latency and high throughput performance
Designed to deliver 99.99% availability with an availability SLA of 99.9%
S3 Storage Classes - Intelligent Tiering
Automatically reduces storage costs by moving data to the most cost-effective access tier based on frequency. It offers low-latency performance and savings of up to 40% for infrequently accessed data. There are no retrieval charges, and objects can be moved between tiers without additional charges.
S3 Storage Classes - Express One Zone
A high-performance storage class that offers fast data access and reduced costs compared to S3 Standard. It allows you to select a specific Availability Zone within a Region to store your data, optimizing performance and lowering compute costs. It supports services like Amazon SageMaker, Athena, EMR, and Glue Data Catalog for accelerated ML and analytics workloads. S3 Express One Zone automatically scales based on your needs and delivers 99.95% availability.
S3 Storage Classes - Standard Infrequent-Access (IA)
A storage class for data that is accessed less frequently but requires fast access when needed. It offers high durability, throughput, and low latency, making it suitable for long-term storage, backups, and disaster recovery files. S3 Standard-IA has a low storage price and retrieval charge. It provides the same performance as S3 Standard and delivers 99.9% availability with an SLA of 99%.
S3 Storage Classes - One-Zone Infrequent Access (IA)
A storage class for infrequently accessed data that requires fast access. It stores data in a single Availability Zone, costing 20% less than S3 Standard-IA. It offers high throughput, low latency, and 11 nines of durability. S3 One Zone-IA is suitable for secondary backups, easily re-creatable data, and cost-effective storage for replicated data. It delivers 99.5% availability with an SLA of 99%.
