Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
97 Cards in this Set
- Front
- Back
5 Pillars of AWS |
1. Operational Excellence 2. Reliability 3. Performance Efficiency 4. Security 5. Cost Optimization |
|
AWS Command Line |
Sets up AWS services through a CL (including MFA). Can use scripts |
|
AWS Organizations |
Control over users and roles in a group of accounts |
|
AWS Guard Duty |
Gives guidance against security threats and DdoS attacks. Can work with CloudWatch and Lambda to automate remediation actions |
|
Amazon CloudTrail |
Tracks WHO, HOW, WHEN, makes changes |
|
AWS Config |
WHAT changes were made. Asses, audit, and evaluate relationship of resources |
|
Reserved Instances |
1 or 3 year contract for instances. Good for consistent use. |
|
Reserved Instances - Partial Upfront |
Pay partial upfront and discounted rate afterwards |
|
Reserved Instances -No upfront |
Pay no money upfront but pay over time. No discounts |
|
AWS Service Quotas |
Limit on maximum number of service operations on an account Max # can be seen in Trusted Advisor Can change max # by contacting AWS Support |
|
AWS WAF |
Firewall potection for web applications. Monitors HTTP/S requests to Cloudfront, load balancers, and API gateways. Can protect websites NOT hosted on AWS |
|
AWS Lambda |
Runs code with no admin burden Has usage plans Inheritantly elastic |
|
Ec2 instance pricing variables |
1. Buying option 2. Instance type 3. Region 4. Number of instances 5. Load balancing 6. Allocated elastic ip addresses |
|
Amazon RDS |
Relational database service
Allows for multiple AZ deployment Read copies can be deployed across regions |
|
Application load balancer |
Load balancer for HTTP/S requeste |
|
Network Load Balancer |
Used for TCP/UDP applications |
|
CloudFront |
Distributes CACHED (not actually instances or storage) content to edge location NOT Network related
Cost based on Traffic, requests, and data transfer out |
|
Amazon Machine Image |
Image of instance that can be easily created. A template |
|
Amazon Elastic Map Reduce |
A managed cluster platform that simplifies running big data frameworks |
|
AWS ACM |
Certificate manager (SSL) |
|
IAM Policies |
Granular control over what users & roles individual accounts can do |
|
AWS Service Control Policies |
AWS Organizations service policies that are applied to multiplied accounts |
|
Are EC2 instances inheritantly elastic? |
No. They have to be configured to adjust to demand |
|
Are S3 buckets elastic |
Yes. They will scale by default with no prior configuration |
|
Are Lambda scripts elastic? |
Yes. They are elastic by default without configuration |
|
How does S3 protect data at rest? |
Through versioning, permissions, and AWS Macie |
|
AWS Migration evaluator |
Creates business cases for migrating DB's to AWS |
|
S3 One-Zone IA |
Infrequent Access storage that can be accessed rapidly when needed |
|
S3 Standard IA |
Used for backup, but not as cost effective as One Zone |
|
Benefits of Dynamo DB |
Performance at scale/elasticity Server less Highly available and low latency |
|
CloudFormation |
Allows you to manage infrastructure as code. Ci/CD pipelines to setup infrastructure. Can spin up RDS instances |
|
Amazon EBS |
Block storage. Used for frequent and rapid read/write activity
Attached to a single instance. Similar to a hard drive
Not Encrypted by default
Replicated and Stored in a single availability zone through snapshots and AUTOMATED backups |
|
Load Balancer |
Distributes traffic between targets. Checks the health of the target before sending info |
|
AWS Service Catalog |
Simplifies and organized commonly deployed IT services |
|
Amazon VPC |
Private networks within a cloud |
|
AWS Trusted Advisor |
Reduce costs, improve performance, improve security Improve compliance |
|
Virtual Private Gateway |
Gateway to a private VPC |
|
TOC |
Total cost of ownership. Applies to labor, IT, maintanence, power/cooling costs of data centers |
|
Amazon Chime |
Let's you meet, char, and make business calls outside your organization |
|
Is data sovereignty applicable to regions? |
Yes. Data sovereignty is a considerable factor when picking a region |
|
Amazon route 53 |
Service for DNS registration, and health checking web service |
|
AWS Savings plan |
1 or 3 year contract for consistent usage. However, you can use any instance config (#,type, etc of ec2s). Reserved Instances you are locked into an instance confirmation |
|
Amazon SQS |
A queuing system to decouple existing and monolithic systems. |
|
Horizonal scaling |
Adding more instances instead of upgrading them. Always do horizontal scaling (increasing # of instances) over vertical scaling (upgrading computational power) |
|
AWS Support plan order |
1. Basic 2. Developer 3. Business 4. Enterprise |
|
Basic Support Plan |
Free basic Support for every AWS user - 24/7 customer service - Documentation - white papers - Support forms - Limited AWS Trusted Advisor features - AWS personal Healthboard |
|
Developer tier |
Basic Support Tier + can email AWS Support directly and have a max 12 hour response time |
|
Business Support |
Everything in Developer Support + - full AWS Trusted Advisor at a low cost - AWS Health API - Direct phone and live chat access to AWS Support - 4 hour response on delayed prod systems - 1 hour response on downed prod systems |
|
Enterprise support plan |
Everything in business support plan + - personal technical account manager - 15 minute response for critical workload issues |
|
Native Lambda Programming languages |
- C# - Java - Go - PowerShell - Ruby - Python - Can run any language through a runtime api |
|
IAM roles |
Temporary credentials and permissions for AWS accounts. Can be rotated automatically for security reasons |
|
Where are Edge Locations located? |
Outside of regions in multiple cities |
|
AWS Professional Services |
Assists costumers in achieving their desired business outcomes |
|
AWS Cloud Directory |
Web-based directories to organize and manage hierarchy of users, groups, locations, policies, and devices |
|
AWS OpsWorks |
Manages instances of Chef and Puppet Chef and Puppet automate how servers are configured, deployed and managed across EC2 instances |
|
AWS Storage Gateway |
Allows on premise applications to use AWS Storage such as S3, EBS, etc |
|
FIDO Security Key |
MFA device |
|
AWS Outposts |
Hybrid where AWS services, apis, infrastructure, and tools can be used at local data centers |
|
Amazon Connect |
Cloud contact center. Low-cost customer service |
|
AWS Federation |
Used for IdP |
|
AWS Infrastructure Event Manager |
Offers architecture and scaling guidance and operational support |
|
Amazon EMR |
Big Data management |
|
Security credentials for IAM account? |
Username and password |
|
AWS DyamoDB |
NoSQL Database with key-pairing values.
Multi-AZ fault tolerance. Stored SSD and replicated across multiple AZ Scales automatically. RDS does not scale automatically |
|
BYOL |
Bring your own (existing) license. Can be used on only Dedicated hosts. New licenses given on reserved hosts |
|
APN Consulting Partners |
Professional Service to help customers design, architect, build, migrate, and manage workloads for AWS applications |
|
Elasticache |
In-memory data store for read-heavy applications |
|
AWS Identity Center |
Manages SSO connections to your AWS accounts and cloud pplications using SAML 2.0 |
|
AWS Site-to-site |
Securely connects on-prem network or branch office site to AWS using IPSec |
|
AWS Client VPN |
Enables you to securely connect users to AWS or on-prem networks from any location. Uses TLS connection |
|
Amazon S3 |
Storage type. Comes with different usage plans. Good for static content and data stored for long periods of time Up to 5 TB per S3. Unlimited S3 per AWS account |
|
Amazon EFS |
Storage type. Allows multiple instances to access data at the same time.
Regional resource
Automatically scales
Can be used on prem Encrypted by default |
|
S3 Glacier |
Deep storage type. Split into 3 types:
Instant retrieval - retrieves data instantly. Most expensive
Flexible retrieval - retrieves data within 1-5 minutes to 12 hours
Deep - retrieves data in 12 hours |
|
AWS QuickSight |
Generates high-level reports of insightful business intelligence |
|
AWS Personal Health Dashboard |
Alerts/dashboard for AWS service availability and performance that may affect resources deployed |
|
When can you change security groups? |
When the associated instance is in the "running" or "stopped" state |
|
Is instance Savings Plans available everywhere? |
No it is not available in China |
|
Amazon Workspaces |
Manages virtual desktops for remote users |
|
Amazon Inspector |
Provides security inspection on your infrastructure setup |
|
Amazon Neptune |
Graph type AWS managed DB |
|
AWS Elastic Disaster Recovery |
Provides fast, reliable recovery of physical, virtual, and cloud based servers |
|
AWS Cost Explorer |
Dive into your usage Data to identify cost drivers and detect anomalies. Checks from the last 12 months, and forecasts to the next 12. Details Reserved and Dedicated Instance utilization |
|
S3 infrequent access |
Infrequent data, but needs to be accessed immediately. |
|
Amazon Lightsail |
Easy way to launch web servers on aws |
|
AWS CodeBuild |
Compile and test code |
|
Databases that can run on RDS |
1. Amazon Aurora, 2.Postgres, 3.MySQL 4.MariaDB 5.Oracle DB 6. MSSQLS |
|
AWS CloudFormation |
Allows you to build infrastructure with just a text file |
|
Biggest charges in AWS |
Compute charges Data Transfer Out charges |
|
Cloud HSM |
Manages security keys |
|
AWS CloudWatch |
Used to send alarms based on triggers |
|
AWS Ground Station |
Satilites |
|
Amazon Aurora |
Used for MySQL and Postgres DB. High performance and auto data replication |
|
ECS launch types |
Fargate: server less EC2: server-based |
|
5 Pillars of operational Excellence |
1. Perform operations as code 2. Make frequent, small reversible changes 3. Refine operations procedures frequently 4. Anticipate failure 5. Learn from all operational failires |
|
AWS Transit gateway |
Network transit hub they simplifies VPC connections |
|
Inherited controls |
Physical and environmental controls |
|
Shared controls |
Patch management Configuration management Awareness and training |