White Paper Flashcards
Learn aws
What are the 6 advantages of cloud computing
Trade capital expense for variable expenses
Benefit from massive economics of scale
Stop guessing capacity
Increase speed and agility
Stop spending money maintaining data center
Go global in minutes
Types of cloud computing
Saas
End user apps
Entire stack managed for you
PAAS
data
Applications
Iaas O/S Manage middeware Runtime Data Applications
On-premises Network Storage Servers Compute Virtualization o/s Middeware Run intime Data Applications
Deployment Models
Cloud
100% in the cloud
Hybrid
Connect existing resources to cloud based resources
Common to extend existing on premises
And cloud bro grow an organization connect to apis to internal sys
On-premises
Deployment resources on premises with virtualization aka private cloud
Region
Availability zone
R: physical location with availability zones, each region is independent of others
Az: one or more data centers with redundant power, networking, connectivity,
Offer ability to operate production apps, dbs more highly available
Each availability zone is designed to be an independent failure zone. Physically separate
Benefits of aws security
1 keeps data safe
2 meet compliance requirements
3 save money
4 scale quickly
Sdks
Software development kits for your language or platform
Amazon Athena
Serverless Query s3 data with sql
No infrastructure pay as you go
No need for ETL
Out of the box uses aws glue
Don’t have to spin up server
All taken care of
Auto performative
CloudSearch
Manages all server resources need to build and deploy indexes
Search over your data
When search data but don’t want overhead of managing indexes yourself
The Amazon CloudSearch console enables you to easily create, configure, and monitor your search domains, upload documents, and run test searches.
Amazon CloudSearch supports 34 languages and popular search features such as highlighting, autocomplete, and geospatial search.
_ data centers per region
At least 2
Edge locations
Data centers designed to deliver services with the lowest latency possible.
Closer than regions or availability zones
Edge locations are used by:
Cloudfront
Most used cached content in edgeLocations
Route 53
Web application firewall
aws shield
AWS Global Accelerator
Edge locations only used by Amazon’s managed services
Separation of responsibilities
On-premises:
Manage everything
Network, storage, servers, virtualization, o/s, middeware, runtime, data, applications
IAAS:
O/S, middeware, runtime, data, applications
PAAS:
Applications, data
SAAS:
You don’t manage anything
Wavelength zones
5 g
What does an ec2, rds db, redshift need to exist in?
Vpc
S3 bucket is where?
Outside VPC
Security group vs
Nacl
Security group state full, allow rules , instance level
Nacl stateless, deny rule,subnet level
Servers in private network what do you do
Need NAT gateway
Config main route table
VPC spans how far?
Entire region
Ipsec vpn connection
Vpn tunnel In public internet encrypted
High bandwidth low latency
AWS direct connect
High bandwidth low latency
Needs fiber optic laid down to aws partner
Most expensive
Bypass public internet
AWS vpn cloudHub
If you have multiple site to site connections
Connect multiple sites into VPC
Uses spoke-hub model
Uses virtual private gateway of a single vpc
Site to site vpn needs
Need vpn gateway customer gateway
Need to set up route tables
VPN direct connect
Fiber optic cable connection
Virtual interface
Hybrid cloud solution
Peering
Cheeper to communicate over private VPC vs over public internet
Traffic in aws backbone
Can only connect two VPCs together
Transitive routing isn’t allowed in pure peering
AWS VPC endpoint
2 types
Interface endpoints
For support services like sns, cloudwatch, aws config
Gateway endpoints
For S3 or dynamodb
Fir these services the target is the gateway endpoint
Sending traffic to intent from private subnet target is
Nat gateway
AMI
Amazon machine image:
Info of an instance of a virtual server
That has software config for the type (o/s, server)
What is amazon Athena?
Amazon Athena is an interactive Serverless service used to analyze data directly in amazon Simple storage service (s3)
VPC basic 5
1 VPC spans all Az in region
2 Launch services such as EC2
3 Must specify block of range of IPc4 addresses in classless inter-domain routing
4 Add one or more subnets in each Availability zone in the VPC
5 has internet gateway to access resources inside the VPC from outside
Subnet basics 3
1 Is a range of ip addresses in VPC
2 specify ipv4 classless inter-domain routing that is a subset of the VPC cidr block
3 each subnet is entirely in one availably zone
A db instance in a VPC can be accessed by a different ec2 in a different VPC with?
Peering,
Diff VPCs can communicate if they are in the same network.
Can create VPC peering connection between VPCs, VPCs in another account,or VPCs in a different aws region
3 Db instance classes
Standard m
Memory optimized
Burstable (cheapest)
What subnet group is needed for the db?
Db subnet group with private instances
A database will need security group rules that
Allow traffic on the port (tcp) (fourth layer) of the database engine
DynamoDB overall supports:
Key value and document data structures
How can you speed up DynamoDB?
DynamoDB Accelerator for read performance is a caching fully managed in memory cache
Data replicated in at least 3 Availability zones
DynamoDB streams has added
Data for Functionality to allow ways to trigger events
What is private cloud?
Public cloud?
On premises infrastructure but exposes apis that allow self service that can use the aws inhouse that is not public
Public is allowing apis to anyone.
Local zones && wavelength zones are both
Closer to customers
Single digit latency
*Wavelength for mobile phones, for 5g network
Edge locations allow you to
Host content closer to users in a caching approach.
Data centers that have a lot of storage equipment
Reduces latency
Build a CDN with aws cloudfront service
AWS outposts
Brings aws infrastructure on premise
Hardware Racks and servers
Helps to build hybrid
in house
Many companies are just starting or need
Local service like person Identification
Federated users
Are external to aws account access to internal services in aws account
Iam
Identity and Access Management
Allows access to services and resources
Manage users or groups
Use permissions to Allow or deny
Iams 3 services
Identity
Authentication
Authorization
Iam root can
Create multiple Iam users for the account
Can do all services
Must give permissions (Policies) to other iam users, Groups, and Roles
Can make 5000 iam users
Can make iam accounts for apps called identity accounts to
to use credentials to for example use database and read and write to it
Get Iam access by (2)
Username, password
Access key I’d, secret access keys for cli programmatic access or sdks
IAM groups
Different permissions for the different group via permissions Policies
Not an indentiey so can’t login as group
Group is a best practice
IAM Roles
Iam identity that gives set of permissions for service requests
People, users, applications, or services like ec2 can assume the role
Iam role will have trust policy
When a user uses the role it Will have Security token service give temp credentials to the user allowing the user any permissions in the trust policy
Security Token Service
Is a backend fully managed service
Permission policy vs trust policy
The permissions policy grants the user of the role the needed permissions to carry out the intended tasks on the resource. The trust policy specifies which trusted account members are allowed to assume the role.
Types of managed policies
Managed
Custom managed
Inline policies -> 1 person needs this policy etc
Mfa
2 factor authentication with 2 types + either physical device (phone) or virtual device
token
Token lasts 30 seconds
Way to increase security
Add mfa to root user
In real world add mfa tokens for iam users
Scope of STS
Global but can be restricted for regions
Iam users can change password policy for
All of users and enforce users to have specific rules such as forcing them to change their password after x amount of time
VPC enpoints enable _
Private connection to aws supported services
S3, IAM, and DynamoDB are what
Global services
S3 global however bucket is regional (think china and banning things in s3 bucket)
How to login to AWS console?
Username, password
How to secure root user?
Enable multi factor authentication
Directory Service gives
Managed Active Directory give everything allows microsoft SQL authentication
How to get credentials report?
AWS management console can download credentials report to see a list of users and status of various credentials like password, access keys, and mfa devices
Also from cli and aws sdks
If you’re data access pattern is unknown what tier should you choose?
Intelligent tiering (latency access tiers)
Intelligent access has what lifecycle?
30 date standard
90 days glacier
180 days deep glacier
FSx for windows is
Fully managed file storage built on windows server
Access keys are _ term?
Long
For buckets to be replicated from source to destination what must be enabled?
Versioning
Amazon storage gateway is
Is a hybrid cloud storage service that gives on-premises access to virtually unlimited cloud storage
What is difference between EFS and EBS?
Elastic File system can be accessed by different instances at same time
Elastic block store can only he used by one instance at a time
S3 can store how many objects?
Unlimited
Amazon EMR is for?
Amazon elastic map reduce
Service big data platform to process vast amounts of data
Amazon Kinesis is for
Real timr streaming data to gain insights and react to information
What is amazon SQS?
Decoupled architecture Pull based Message order not guaranteed Don't use is order is mandatory SQS qing system holy holds 14 days
Amazon ebs
Elastic block storage Attached to server, can be detached Ssd volume low latency Hdd high throuput SSD relational db, nosql
With multi-attached up to 16 ec2 instances
The ebs and ec2 must be in the same AZ
AWS trusted advisor
Provides recommendations to follow best practices.
Evaluates your account with checks. Finds ways to optimize infrastructure, improve security, performance, reduce costs, monitor service quotas.
5 checks Cost optimization Performance Security Fault tolerance Service limits
Trusted advisor levels
Basic: free
No tech support
Developer: greater than 29$/mo or 3% of monthly usage
Support over email
Business: general guidance < 24 hrs
System impaired: < 12 hrs
Production system impaired <4 hrs
Production system down <1 hr
Price >100$ mo
Enterprise on-ramp:
> $5500 mo
Enterprise:
$15000 mo
Organizations is for
A collection of accounts that are centrally managed together using consolidated billing,
Organized hierarchically with OUs
AWS cost explorer
Visualize, understand, manage your aws costs
AWS well architected tool in general
Free
Evaluate apps
Gives recommends
IDs high risk issues
AWS kms
Key management service
Create, manage cryptographic keys
And control use in a side range of services
Well architected tool pillars
Operational excellence Security Reliability Performance effeminacy Cost optimization Sustainably (not on test)
S3 uses what type of storage?
Object
S3 standard has durability meaning
Kept in 3 az
S3-ia
Have cheaper storage cost but more expensive retrieval cost
S3 glacier retrieve time
Minutes to hours
Amazon EFS
Simple, serverless, set-and-forget, elastic file system
Can be shared to 1000s of ec2 instances
File storage system
Amazon RDS
Relational database Service
Fully managed database service
Save time,
Amazon aurora
Under amazon RDS engines
3 x faster postgres
5x faster mysql
6 copies under the hood
Can also get replication copies
Scalable
S3 is bad for saving relational data because?
Can’t handle computation of join etc
DynamoDB
Handles up to tillions of requests a day
Consistent performance
Single digit millisecond response time
Amazon DMS
Databases migration service
Can migrate db type x to database y type
Or x to x
A EFS stores data in
Multiple AZ
Shared responsibility model
You take care what goes IN the cloud
Patching ec2 instances is who’s responsible
You
IAM empowers you to
Take care of your responsibilities
Roles _
Allow a user to do tasks based on permissions
SCPs can be applied to
OU
Individual account
AWS artifact
Think Compliance
Allows you to check compliance of the cloud
See compliance reports
Accept agreements
Amazon WAF
Sees up address not permitted will block
Web application firewall
Works with Use for application load balancer
Stops sql injection
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that control bot traffic and block common attack patterns, such as SQL injection or cross-site
Amazon Shield
Basic free protection
Paid deeper protection
Dos ddos attacks
Inspector
Automated inspection to make sure
Vulnerability management continually scans aws workloads for vunerabilities
Guard duty
Intelligent threat detection protection of threats
Won’t protect can review
Inspects logs to see if s threat exists
AWS CloudWatch
Metrics in real time
Can config automatic alerts
See if you need to auto scale
Gives Dashboard
AWS CloudTrail
Can backtrack user activities based on api calls
Filter through logs generated
See who stopped what
What did x occur
Why did y change
When did z do that
Trusted advisor
Automatically records information
Then can receive real time guidance for best practices
Makes suggestions
Recommendation in 5 areas
Cost opt. Perform. Securi fault tol. Service limits
Save u $. I in 1 az
Add az
Always free
DynamoDB
Lambda
12 months free overall with limits
S3 standard storage
EC2
Free trial
X time free trial
Ec2 750 free hours
CloudTrail stores it’s info
CloudTrail records api calls sending log files to your s3 bucket
Data for api caller, time of api call, source of ip address, request params
What is it called when amazon script automatically runs ec2 instances
Bootstrapping
Aws lightsail
Is a virtual private server
Easy fast build host server
Compute, storage, networking capacity nd capabilities to deploy
Everything you need to launch quickly
CloudWatch if
If Detailed monitoring is enabled publishes metrics every minute. Metrics can be hypervisor-driven metrics or Simple instance performance measurements.
Amazon CloudWatch EC2 metrics include
information about CPU utilization, disk I/0, network I/O activity, instance status such as start stop information
AWS TCO calculator has been replaced with the
AWS Pricing Calculator
AWS TCO
Compare running workloads on-premises to cloud
AWS Pricing calculator
Let’s you explore AWS services and create an estimate for your use cases on AWS before you ever use
Estimate the cost for your architecture solution
Use cases create estimate model solutions before building them
Which level do NSCLs work?
Subnet level
AWS OpsWorks Stacks
AWA managed Chef and puppet
If you see chief and puppet on exam rhink chief and puppet
Chef and puppet help you perform server configuration automatically
Chief and puppet help you with repetitive tasks
How to backup EC2 instances?
EBS snapshots
AWS cloudFront
Is a CDN that allows you to cache your content at edge locations around the world
Lower latency
Protects against DDos attacks
Built in distributed Denial of service DDos
AWS CodeDeploy
Thinks automates code deployment
Automates deployment of app into production
Coordinates service deployments and updates across a fleet of EF2 instances.
Fully automates
No additional fees just pay for resources needed to run and start application
Including on-premises deployment
Works with any platform
Deploy 1 or 1000s of instances
The use of what AWS feature or service allows companies to track and categorize spending on a detailed level?
Cost allocation tags
Oncw enabled can tack resources and have AWS generated tags and user defined tags
An CloudFront Origin can be a s3 bucket, EC2 instance, Elastic load balancer, or Route 53?
True
Which of the following EC2 options is best for long term workloads with predicable usage patterns?
Reserved instances are the most economical option for long term workloads with predicable patterns
EC2 pricing On-Demand
On-Demand: with on demand instances you pay for compute capacity of instance by hour or second (based on type)
For low cost flexibly of EC2 (no upfront payment)
For short term spike or unpredictable workloads that cannot be interrupted
For apps being developed or tested on amazon first time
EC2 pricing Spot instances pricing
EC2 spot request spare ec2 with 90% discount
For apps that have flexible start/stop time
For apps feasible at low prices
For users with urgent computing needs with large amounts of capacity
EC2 savings plan pricing
for EF2 or Fargate
1 or 3 year term of $x/yr
Dedicated host EC2 price
Dedicated server for you and only you
Can use existing software-bound licenses
Can be purchased on demand (hourly)
Can be purchased as a reservation for up to 70% off the on demand price
AWS artifact is for
Resources for compliance related information
Service organization control reports
Payment card industry reports
Certifications
Aws personal health dashboard
Get personal information on you’re services that are down/ issues
Get notifications
If planned maintenance within your account will tell you
AWS service health dashboard
- global issues within AWS
AWS inspector
Automated
Only works on “EC2” “instances”
Not on account (trick question)
Loose coupling
As a system grows it can be broken into looser, smaller, loosely coupled components
s3 deep glacier retrieval time?
12-48 hours
Local zones
Only w few, like large cities
Physically bring services closer to customers
SQS is a service for __
A system must __
Messages are typically processed by
Message processing
Pull the q to discover events
A single consumer
SNS is a __ /__
__ to a topic can __ to __
Publisher Subscriber System
Publishing. Deliver. Many Subscribers (fan out)
Different types SQS, lambda, email
SNS or SQS
Do other systems care about an event?
If yes _
Do you care about an event?
SNS bc because tell other systems need info.
SQS because you need the data
Aws shield
Standard get Dos, DDos protection
Advanced $3000 get WAF too
Application load balancer
Makes routing decisions at the application layer (http/https)
Can route requests to one or more ports
Applications layer
Http/https
Network load balancer
Makes routing decisions at the transport layer (tcp/ssl)
Can handle millions of requests per second
Attempts to Opens tcp connection forwards request without modifying headers
Transport layer
(tcp/ssl)
Classic load balancer
Makes routing decisions at transport layer (TCP/SSL) or the application layer (http/https)
Gateway load balancer
Allows you to deploy, scale, manage virtual appliances such as firewalls
Operates at 3rd layer (OSI) open system interconnection
Guard duty vs inspector
Guard duty looks in logs to see if there was an attack
Inspector sees what happens when you get an attack
EBS volume types optimized for transactional read write
SSD
EBS volumes optimized for large streaming workloads were dominant performance attribute is throughput
HHD
Storage optimized EC2 instances are good for
Are good for high performance for locally stored data
General purpose EC2 I’d good
If you have a balanced need for different workloads
Good for small/medium databases
Gaming servers
Backend enterprise servers
Use cases for memory optimized EC2
Workloads that need Large amounts of data before running
A high performance database or real time processed of unstructured data
Accelerated compute EC2S use cases
Graphics apps, game streaming, application streaming
EC2 on demand pricing is good for
When testing
On savings offers
Consists $/hr for one or 3 year term
Savings up to 72%
Fargate and lambda included
Reserved 3
Up to 75% discount
Steady state or predicable usage
1-3 year term
Batch workloads could be _ intance
Spot
Batch workloads are containerized, Batch is a perfect fit for Spot Instances. If a workload is interrupted, Batch will automatically spin-up another Spot Instance you’ve specified.
Dedicated 2
Specially for you
Usually for meeting compliance requirements
Aws firewall manager
Security management service
Centrally configure firewall rules
Aws session manager
1 on 1 sessions with ec2
Session Manager is a fully managed aws aws systems manager
Let’s you manage ec2 instances, on-premises instances, and virtual machines through a one click browser based shell or through the AWS CLI
CloudFront features
Reduces latency Improved security traffic encryption AWS shield standard (DDos) Cut cost with consolidated requests CDN
CloudFront has VOD
Video on demand streaming
Resource groups are a __ service
Regional
Work with EC2, S3, DynamoDB, lamdba, etc
Resource Group 4
Logical group to manage resources in the same region.
Can be nested
Create a resource group with tags that are on your resources
To edit resource group Change value of the tags, will no longer be associated with them.
Deleted resource groups will not delete the resources
With basic support you can use discussion forums to
Ask for technical advice
AWS Application Migration Service
AWS (MGN) 4
Automated
Converts source servers to run natively on AWS
Fastest route to the cloud
Is region specific
AppStream2.0
Fully managed streaming service the provides uses with instant access to their desktop application from anywhere
Local zones is an
Extension of an AWS region
Edge locations used by (3)
Route53
Global Accelerator
CloudFront
Amazon SQS allows you to __, __, & __ messages
Between ___
Send
Store
Receive
Components
The message is stored until it’s processed
SQS is where ___ are ___ until___
Messages
Placed
Processed
Sns ___ messages to ___
Sends
Services
Amazon ECS is used for?
Amazon elastic container service is highly scalable high performance container management service that supports Docker containers and allows you to easily run applications
Elastic IP addresses
Is a static Ip4 address designed for dynamic cloud computing
What features of Amazon RDS provide to deliver scalable, available durability?
Multi-AZ RDS creates a replica in another AZ ands synchronously replicates to it.
Read replicas are used for read heavy DB and replication is asynchronous
Amazon ES
Amazon elasticsearch
Let’s you search visualize up to petabytes of unstructured data
Can visualize data and build interactive dashboards
AWS OpenSearch
Search visualize and analyze petabytes of data
AWS Control Tower
Aws Control Tower is intended for organizations with multiple accounts and teams to create new accounts and set up environment at scale
AWS IEM
Infrastructure Event Management
Gives architecture and scaling guidance and operational support during prep and execution of planned events
Holiday shopping season
Prod launch
Migrations
AWS Partner Network Consulting Partners
Professional consulting firms that help customers design, architect, build, migrate, manage aws
AWA CodePipeline
CDCI
automates building, testing, deployment
AWS System Manager
Centralizes operational data from multiple AWS services and automates tasks across AWS resources
AWS Management Console
Broad collection of service consoles for managing AWS resources
ENI
An elastic network interface is a logical networking component in a VPC that represents a virtual network card. It can include the following attributes:
A primary private IPv4 address from the IPv4 address range of your VPC
One or more secondary private IPv4 addresses from the IPv4 address range of your VPC
One Elastic IP address (IPv4) per private IPv4 address
One public IPv4 address
One or more IPv6 addresses
One or more security groups
A MAC address
A source/destination check flag
AWS Batch
AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS. AWS Batch dynamically provisions the optimal quantity and type of compute resources (e.g., CPU or memory optimized instances) based on the volume and specific resource requirements of the batch jobs submitted. With AWS Batch, there is no need to install and manage batch computing software or server clusters that you use to run your jobs, allowing you to focus on analyzing results and solving problems. AWS Batch plans, schedules, and executes your batch computing workloads across the full range of AWS compute services and features, such as AWS Fargate, Amazon EC2 and Spot Instances.
AWS RI Types
Standard: Standard RIs may be exchanged for other RIs within the same family. For example, if you have several T2 RIs, you can exchange them for other RIs in the T2 family. But, your selection must stay within the T2 family.
Convertible: Convertible RIs allow you to exchange RIs with far more flexibility than standard RIs. For example, you can change an RI that is for a T2.large to an R5.xlarge, as long you pay the difference and it’s of greater or equal value.
Scheduled: Scheduled RIs are available to launch within the time windows you reserve. They align your capacity reservation with a predictable, recurring schedule that only requires a fraction of a day, week, or month.
AWS Cost and usage report
The AWS Cost and Usage Reports (AWS CUR) contains the most comprehensive set of cost and usage data available. You can use Cost and Usage Reports to publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own. You can receive reports that break down your costs by the hour, day, or month, by product or product resource, or by tags that you define yourself. AWS updates the report in your bucket once a day in comma-separated value (CSV) format. You can view the reports using spreadsheet software such as Microsoft Excel or Apache OpenOffice Calc, or access them from an application using the Amazon S3 API.
AWS Device Farm
Improve the quality of your web and mobile applications by testing across desktop browsers and real mobile devices hosted in the AWS Cloud
Device Farm is only available in the us-west-2 (Oregon) region.
Bucket policy
Bucket policy and user policies are two ways to access policy options available for granting permission to your S3 bucket
Amazon DocumentDB
Scale JSON workloads with ease using a fully managed document database service
When you absolutely positively must have DynamoDB work mission critical document DB
Aws SDKs simplify using ___ in your application with an __
AWS services
API
An elastic network interface is a
A logical networking component in a vpc
Anelastic network interfaceis a logical networking component in a VPC that represents a virtual network card. It can include the following attributes:
A primary private IPv4 address from the IPv4 address range of your VPC
One or more secondary private IPv4 addresses from the IPv4 address range of your VPC
One Elastic IP address (IPv4) per private IPv4 address
One public IPv4 address
One or more IPv6 addresses
One or more security groups
Amazon EMR
Easily run scale big data workloads apache spark, hive, presto
Interactive sql queries, machine learning apps and frameworks like apache spark, hive, presto
AWS Management Console
AWS Management Console
Access and manage Amazon Web Services through the AWS Management Console, a simple and intuitive
user interface. You can also use the AWS Console Mobile Application to quickly view resources on the go.
Amazon QuickSight
Amazon QuickSight
Amazon QuickSight is a fast, cloud-powered business intelligence (BI) service that makes it easy for you
to deliver insights to everyone in your organization. QuickSight lets you create and publish interactive
dashboards that can be accessed from browsers or mobile devices. You can embed dashboards into your
applications, providing your customers with powerful self-service analytics. QuickSight easily scales to
tens of thousands of users without any software to install, servers to deploy, or infrastructure to manage.
Amazon AppFlow
Amazon AppFlow
Amazon AppFlow is a fully managed integration service that enables you to securely transfer data
between Software-as-a-Service (SaaS) applications like Salesforce, Zendesk, Slack, and ServiceNow, and
AWS services like Amazon S3 and Amazon Redshift, in just a few clicks.
Amazon EventBridge
Amazon EventBridge
Amazon EventBridge is a serverless event bus that makes it easier to build event-driven applications
at scale using events generated from your applications, integrated Software-as-a-Service (SaaS)
applications, and AWS services
Amazon MQ
Amazon MQ
Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it
easy to set up and operate message brokers in the cloud.
Amazon Simple Workflow Service
Amazon Simple Workflow Service
Amazon Simple Workflow Service (Amazon SWF) helps developers build, run, and scale background
jobs that have parallel or sequential steps. You can think of Amazon SWF as a fully-managed state
tracker and task coordinator in the cloud.
Amazon SWF
Simple Workflow Service:
Background jobs in parallel
AWS Application Cost Profiler
AWS Application Cost Profiler
AWS Application Cost Profiler provides you the ability to track the consumption of shared AWS resources
used by software applications and report granular cost breakdown across tenant base. You can achieve
economies of scale with the shared infrastructure model, while still maintaining a clear line of sight to
detailed resource consumption information across multiple dimensions.
With the proportionate cost insights of shared AWS resources, organizations running applications can
establish the data foundation for accurate cost allocation model, and ISV selling applications can better
understand your profitability and customize pricing strategies for your end customers.
AWS Budgets
AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed
(or are forecasted to exceed) your budgeted amount.
AWS App Runner
AWS App Runner — Build and run
containerized applications on a fully managed
service
AWS App Runner —
AWS App Runner — Build and run
containerized applications on a fully managed
service
VMware Cloud on AWS
VMware Cloud on AWS is an integrated cloud offering jointly developed by AWS and VMware delivering a
highly scalable, secure and innovative service that allows organizations to seamlessly migrate and extend
their on-premises VMware vSphere-based environments to the AWS Cloud running on next-generation
Amazon Elastic Compute Cloud (Amazon EC2) bare metal infrastructure
VMware Cloud on AWS is
VMware Cloud on AWS is an integrated cloud offering jointly developed by AWS and VMware delivering a
highly scalable, secure and innovative service that allows organizations to seamlessly migrate and extend
their on-premises VMware vSphere-based environments to the AWS Cloud running on next-generation
Amazon Elastic Compute Cloud (Amazon EC2) bare metal infrastructure
AWS App2Container (A2C)
AWS App2Container (A2C) is a command-line tool for modernizing .NET and Java applications into containerized applications.
AWS Cost and Usage Report
One stop shop for accessing most granular data about AWS cost and usage
Application load balancer supports
Path-based and host based routing
AWS CloudFormation
AWS CloudFormation
Think Template IAAS to automate cloud setup
is a service that helps you model and set up your AWS resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and CloudFormation takes care of provisioning and configuring those resources for you. You don’t need to individually create and configure AWS resources and figure out what’s dependent on what; CloudFormation handles that.
Amazon S3 is optimal for
Storing numerous classes of information that are relatively static and not rapidly changing
AWS services as long as you know the pattern of scope
You don’t need to memorize the scope of all of the AWS services as long as you know the pattern. There are actually only a handful of services that are considered as global services such as IAM, STS, Route 53, CloudFront and WAF. For Zonal services, the examples are EC2 Instance and EBS Volumes where they are tied to the Availability Zone where they were launched. Take note that although EBS Volumes are considered as a zonal service, the EBS snapshots are considered as a regional since it is not tied to a specific Availability Zone. The rest of the services are regional in scope.
CloudEndure, an AWS company
About CloudEndure, an AWS company
CloudEndure accelerates the journey to the AWS cloud with solutions that provide business continuity during the migration process and additional protection once there. CloudEndure Migration simplifies, expedites, and automates large-scale migrations from physical, virtual, and cloud-based infrastructure to AWS. CloudEndure Disaster Recovery protects against downtime and data loss from any threat, including ransomware and server corruption. With CloudEndure it’s business as usual, always.
AWS Migration Hub
Monitor the state of your migrations
AWS Database Migration Service
Migrate databases fast safe to cloud (only not physical)
AWS GroundStation
Control satellites
AWS support plan:
In addition, customers with a Business or Enterprise support plan have access to these features:
- Use-case guidance: what AWS products, features, and services to use to best support your specific needs.
- AWS Trusted Advisor, which inspects customer environments. Then, Trusted Advisor identifies opportunities to save money, close security gaps, and improve system reliability and performance.
- An API for interacting with Support Center and Trusted Advisor. This API allows for automated support case management and Trusted Advisor operations.
- Third-party software support: help with Amazon Elastic Compute Cloud (EC2) instance operating systems and configuration. Also, help with the performance of the most popular third-party software components on AWS.
The AWS Support API provides access to some of the features of the AWS Support Center. This API allows programmatic access to AWS Support Center features to create, manage, and close your support cases, and operationally manage your Trusted Advisor check requests and status. AWS provides this access for AWS Support customers who have a Business or Enterprise support plan. Since the Business support plan is more affordable than the Enterprise, therefore, the most cost-effective support plan to use is Business.
Basic and Developer support plans both don’t
Basic and Developer support plans are incorrect since these types do not have access to the AWS Support API.
SSH keys is only useful if you
SSH keys is incorrect because this is only useful if you want to connect and control your EC2 instances by establishing an SSH connection.
AWS Professional Services
AWS Professional Services organization is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. We work together with your team and your chosen member of the AWS Partner Network (APN) to execute your enterprise cloud computing initiatives.
AWS Sales Representative may
Help you on your infrastructure migration project and help you with costs
Among the following services, which is the most suitable one to use to store the results of I/O-intensive SQL database queries to improve application performance?
Amazon ElastiCache offers fully managed Redis and Memcached. Seamlessly deploy, run, and scale popular open source compatible in-memory data stores. With this service, you can build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores.
The in-memory caching provided by Amazon ElastiCache can be used to significantly improve latency and throughput for many read-heavy application workloads (such as social networking, gaming, media sharing and Q&A portals) or compute-intensive workloads (such as a recommendation engine).
In-memory caching improves application performance by storing critical pieces of data in memory for low-latency access. Cached information may include the results of I/O-intensive database queries or the results of computationally-intensive calculations.
Hence, the correct answer in this scenario is: Amazon ElastiCache.
AWS OptsWorks
AWS OpsWorks is a configuration management service that helps customers configure and operate applications, both on-premises and in the AWS Cloud, using Chef and Puppet.
AWS Identity and Access Management (IAM)
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. IAM has various identities such as IAM Users, IAM Groups, and IAM Roles.
An IAM group is a collection of IAM users. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group. If a new user joins your organization and needs administrator privileges, you can assign the appropriate permissions by adding the user to that group. Similarly, if a person changes jobs in your organization, instead of editing that user’s permissions, you can remove him or her from the old groups and add him or her to the appropriate new groups.
Requirements for ec2 with an EBS Volume
Security group, EBS Root volume, and VPC and subnet specification are all required when launching an EC2 instance.
AWS X-Ray
Debugger, pry
Analyze and debug production, distributed applications
Enterprise support plan offers:
Well-Architected Reviews, Operations Reviews.
Permitted security assessments
- Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers
- Amazon RDS
- Amazon CloudFront
- Amazon Aurora
- Amazon API Gateways
- AWS Lambda and Lambda Edge functions
- Amazon Lightsail resources
- Amazon Elastic Beanstalk environments
There is an incident with your team where an S3 object was deleted using an account without the owner’s knowledge. What can be done to prevent unauthorized deletion of your S3 objects?
By setting up MFA, you add an extra layer of protection for your AWS accounts. This is very useful for preventing unwanted access to your AWS resources. In S3, once versioning is enabled for your objects, you can also set up MFA delete so that deleting objects require an additional MFA authentication.
MFA delete can help prevent accidental bucket deletions by requiring the user who initiates the delete action to prove physical possession of an MFA device with an MFA code and adding an extra layer of friction and security to the delete action. Remember that only the bucket owner (root account) can enable MFA delete.
Hence, the correct answer is: Configure MFA delete on the S3 bucket.
key design principles of the AWS Cloud: (6)
Some key design principles of the AWS Cloud include
scalability, disposable resources, automation, loose coupling managed services instead of servers, flexible data storage options.
Instance metadata
Instance metadata is data about your instance that you can use to configure or manage the running instance. Instance metadata is divided into categories, for example, host name, events, and security groups.
You can also use instance metadata to access user data that you specified when launching your instance. For example, you can specify parameters for configuring your instance, or include a simple script. You can build generic AMIs and use user data to modify the configuration files supplied at launch time. For example, if you run web servers for various small businesses, they can all use the same generic AMI and retrieve their content from the Amazon S3 bucket that you specify in the user data at launch. To add a new customer at any time, create a bucket for the customer, add their content, and launch your AMI with the unique bucket name provided to your code in the user data. If you launch more than one instance at the same time, the user data is available to all instances in that reservation. Each instance that is part of the same reservation has a unique ami-launch-index number, allowing you to write code that controls what to do. For example, the first host might elect itself as the original node in a cluster. For a detailed AMI launch example, see Example: AMI launch index value.
AWS Partner Network Technology Partners
APN Technology Partners provide software solutions that are either hosted on, or integrated with, the AWS platform. Technology Partners include Independent Software Vendors (ISVs), SaaS, PaaS, developer tools, management and security vendors.
Agility
The cloud allows you to innovate faster because you can focus your valuable IT resources on developing applications that differentiate your business and transform customer experiences rather than managing infrastructure and data centers. With cloud, you can quickly spin up resources as you need them, deploying hundreds or even thousands of servers in minutes. The cloud also makes it easy and fast to access a broad range of technology such as compute, storage, databases, analytics, machine learning, and many other services on an as-needed basis. As a result, you can very quickly develop and roll out new applications, and your teams can experiment and innovate more quickly and frequently. If an experiment fails, you can always de-provision resources without risk.
Lambda@Edge
Lambda@Edge is a feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency. With Lambda@Edge, you don’t have to provision or manage infrastructure in multiple locations around the world. You pay only for the compute time you consume - there is no charge when your code is not running.
IAM POLICY
Good for
Policies and permissions in IAM PDF Kindle RSS You manage access in AWS by creating policies and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents. AWS supports six types of policies: identity-based policies, resource-based policies, permissions boundaries, Organizations SCPs, ACLs, and session policies.
IAM policies define permissions for an action regardless of the method that you use to perform the operation. For example, if a policy allows the GetUser action, then a user with that policy can get user information from the AWS Management Console
AWS cognito
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0 and OpenID Connect.
AWS Config
AWS Config continuously evaluates your resources as they are created, changed, or deleted.
AWS Config is a service thatenables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
Where can you back up Amazon EBS volumes?
You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved. This minimizes the time required to create the snapshot and saves on storage costs by not duplicating data. Each snapshot contains all of the information that is needed to restore your data (from the moment when the snapshot was taken) to a new EBS volume.
Well-Architected Framework pillars
The Well-Architected Framework has been developed to help cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications. This is based on five pillars namely:
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
1) Operational Excellence pillar focuses on running and monitoring systems to deliver business value and continually improving processes and procedures.
3) Reliability pillar focuses on the ability to prevent and quickly recover from failures to meet business and customer demand.
4) The performance efficiency pillar focuses on using IT and computing resources efficiently. It focuses on the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.
5) Cost optimization pillar focuses on avoiding un-needed costs by choosing the right services for the job and by right-sizing them.
AWS Well-Architected Framework helps just read
The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make while building systems on AWS. By using this Framework, you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. It provides a way for you to consistently measure your architectures against best practices and identify areas for improvement. The process for reviewing an architecture is a constructive conversation about architectural decisions and is not an audit mechanism. Having well-architected systems greatly increases the likelihood of business success.
The operational excellence pillar focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures. Key topics include managing and automating changes, responding to events, and defining standards to successfully manage daily operations.
Using tools such as AWS CodeDeploy to deploy small, incremental changes to your application ensures that you do not introduce drastic updates that may affect your application entirely. Performing monthly game days allows you to test your environment for different failure scenarios so you can quickly plan out ways to remediate them.
Just read about system manager
AWS Systems Manager is incorrect because although you can remotely operate and deploy packages/scripts to your on-premises servers with this one, this service is still not suitable to be used for deploying your web application. It also doesn’t have a feature to easily rollback your deployments unlike OpsWorks. This service is primarily used to automate maintenance and deployment tasks on Amazon EC2 and on-premises instances, or automatically apply patches, updates, and configuration changes across any resource group.
Which of the following services should you use to deploy and easily rollback a web application from your Git repository to your on-premises server?
AWS offers services that integrate application deployment and management across on-premises and cloud environments for a robust hybrid architecture. Below are the following services that you can use to manage or deploy applications to your servers running on-premises:
OpsWorks – AWS OpsWorks is a configuration management service that helps customers configure and operate applications, both on-premises and in the AWS Cloud, using Chef and Puppet.
CodeDeploy – AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier to rapidly release new features, avoids downtime during application deployment, and handles the complexity of updating applications.
Amazon S3 Transfer Acceleration
Amazon S3 Transfer Acceleration is a bucket-level feature that enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of the globally distributed edge locations in Amazon CloudFront.
AWS Global Accelerator
AWS Global Accelerator is a networking service that improves the performance of your users’ traffic by up to 60% using Amazon Web Services’ global network infrastructure. When the internet is congested, AWS Global Accelerator optimizes the path to your application to keep packet loss, jitter, and latency consistently low.
With Global Accelerator, you are provided two global static public IPs that act as a fixed entry point to your application, improving availability. On the back end, add or remove your AWS application endpoints, such as Application Load Balancers, Network Load Balancers, EC2 Instances, and Elastic IPs without making user-facing changes. Global Accelerator automatically re-routes your traffic to your nearest healthy available endpoint to mitigate endpoint failure.
Think reduces latency
AWS CodeBuild
AWS CodeBuild is a fully managed build service in the cloud. AWS CodeBuild compiles the source code, runs unit tests, and produces artifacts that are ready to deploy. CodeBuild eliminates the need to provision, manage, and scale own build servers. It provides prepackaged build environments for popular programming languages and build tools such as Apache Maven, Gradle, and more. You can also customize build environments in CodeBuild to use your own build tools. CodeBuild scales automatically to meet peak build requests
What are the differences codeBuild and CodeDeploy?
What are the differences?
The main difference between the two is; AWS CodeBuild can be classified as a tool in the Continuous Integration category, while AWS CodePipeline is grouped under Continuous Deployment.
Amazon CognitoSimple
Amazon CognitoSimple and Secure User Sign-Up, Sign-In, and Access Control
Standard Reserved Instance
One-year to three-year term
Enables you to modify Availability Zone, scope, networking type, and instance size (within the same instance type) of your Reserved Instance. For more information, see Modifying Reserved Instances.
Can be sold in the Reserved Instance Marketplace.
Convertible Reserved Instance
Convertible Reserved Instance
One-year to three-year term
Enables you to exchange one or more Convertible Reserved Instances for another Convertible Reserved Instance with a different configuration, including instance family, operating system, and tenancy.
There are no limits to how many times you perform an exchange, as long as the target Convertible Reserved Instance is of an equal or higher value than the Convertible Reserved Instances that you are exchanging. For more information, see Exchanging Convertible Reserved Instances.
Cannot be sold in the Reserved Instance Marketplace.
Amazon Aurora
Amazon Aurora
faster mysql postgresql
self-healing 2 copies of data in differen AZ (in 3 AZ) you have 6 copies data offer 15 low latency replics
Applicaion Load Balancer
functions at application layer (7th layer)
http/https
need listeners checks connection of requests
config listener rules
will route requests to different targets
registering lambda functions
Network Load balacer
Network Load balacer at fourth layer opens TPC ability to handle volitle worklods TPC, UDP, TLS traffic suporst static IP addresses also assign Elastic IP addresses
Amazon ElastiCache
Amazon ElastiCache
Unlock microsecond latency and scale with in-memory caching
Amazon ElastiCache is a fully managed, in-memory caching service supporting flexible, real-time use cases. You can use ElastiCache for caching, which accelerates application and database performance, or as a primary data store for use cases that don’t require durability like session stores, gaming leaderboards, streaming, and analytics. ElastiCache is compatible with Redis and Memcached.
Which of the following do you need to programmatically interact with your AWS environment? (Select TWO.)
You use can AWS SDKs to programmatically interact with your AWS resources. Using access keys, which are unique identifiers for your IAM user, you can connect to your resources in a secure manner.
The AWS Access Key ID and AWS Secret Access Key are your AWS credentials. They are associated with an AWS Identity and Access Management (IAM) user or role that determines what permissions you have.
Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). If you don’t have access keys, you can create them from the AWS Management Console. As a best practice, do not use the AWS account root user access keys for any task where it’s not required. Instead, create a new administrator IAM user with access keys for yourself.
AWS golden AMI
A golden AMI is an AMI that contains the latest security patches, software, configuration, and software agents that you need to install for logging, security maintenance, and performance monitoring.
An AMI includes the following:
- One or more EBS snapshots, or, for instance-store-backed AMIs, a template for the root volume of the instance (for example, an operating system, an application server, and applications).
- Launch permissions that control which AWS accounts can use the AMI to launch instances.
- A block device mapping that specifies the volumes to attach to the instance when it’s launched.
Hence, the correct answer is: Create a golden AMI of the instance and copy it to the other Region.
AWS KMS or Key Management Service
AWS KMS or Key Management Service is incorrect because this is a central repository for encryption keys in your account. It is not used to protect your network from potential security threats. KMS is useful if you have data that you need to encrypt, and you want a central location where you can manage your keys.
IAAS you start at __ and go up?
O/S Middleware Runtime Data Applications
Amazon Simple Storage Service (Amazon S3) details
Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. It is the most cost-effective choice for storing objects since this is its primary purpose. Another advantage you receive from Amazon S3 is volume discounts.
standard design principle
standard design principle
- Design for failure
- Decouple your components
- Implement elasticity
- Think parallel
Amazon Lightsail is a
Amazon Lightsail is a PaaS solution for users who need a simple virtual private server (VPS) solution. Lightsail provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud. Lightsail includes everything you need to launch your project quickly – a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP – for a low, predictable monthly price.
AWS Config is a
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
AWS CodeStar
AWS CodeStar enables you to quickly develop, build, and deploy applications on AWS. AWS CodeStar provides a unified user interface, enabling you to easily manage your software development activities in one place. With AWS CodeStar, you can set up your entire continuous delivery toolchain in minutes, allowing you to start releasing code faster. AWS CodeStar makes it easy for your whole team to work together securely, allowing you to easily manage access and add owners, contributors, and viewers to your projects. Each AWS CodeStar project comes with a project management dashboard, including an integrated issue tracking capability powered by Atlassian JIRA Software. With the AWS CodeStar project dashboard, you can easily track progress across your entire software development process, from your backlog of work items to teams’ recent code deployments. Visit here to learn more.
Neptune
Graph database.
Build and run graph applications with highly connected datasets
AWS Architecture Center
AWS Architecture Center
The AWS Architecture Center provides reference architecture diagrams, vetted architecture solutions, Well-Architected best practices, patterns, icons, and more. This expert guidance was contributed by cloud architecture experts from AWS, including AWS Solutions Architects, Professional Services Consultants, and Partners.
AWS Architecture Center
The AWS Architecture Center provides reference architecture diagrams, vetted architecture solutions, Well-Architected best practices, patterns, icons, and more.
AWS Architecture Center
The AWS Architecture Center provides reference architecture diagrams, vetted architecture solutions, Well-Architected best practices, patterns, icons, and more.
You can use ___ with redshift to query data
Querying external data using Amazon Redshift Spectrum
AWS Quick Starts
AWS Quick Starts are production architecture accelerators that help customers deploy AWS-native services and products from AWS Partners. These accelerators reduce hundreds of manual procedures into just a few steps, so AWS customers can build production environments quickly and start using them immediately.
Restricting access to Amazon S3 content by using an origin access identity (OAI)
Restricting access to Amazon S3 content by using an origin access identity (OAI)
PDF
Kindle
RSS
To restrict access to content that you serve from Amazon S3 buckets, follow these steps:
Create a special CloudFront user called an origin access identity (OAI) and associate it with your distribution.
Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users. Make sure that users can’t use a direct URL to the S3 bucket to access a file there.
After you take these steps, users can only access your files through CloudFront, not directly from the S3 bucket.
AWS cloudHSM
Hardware security model generate and use own crypto keys
