Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
145 Cards in this Set
- Front
- Back
-Run all parts of the application in the cloud -Migrate existing applications to the cloud -Design and build new applications in the cloud |
Cloud Based Deployment |
|
-Deploy resources by using virtualization and resource management tools -Increase resource utilization by using application management and virtualization technologies. |
On-Premises Deployment (private cloud deployment) |
|
-Connect cloud-based resources to on-premises infrastructure -Integrate cloud-based resources with legacy IT applications. |
Hybrid Deployment |
|
On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing |
cloud computing |
|
provides secure, resizable compute capacity in Amazon cloud |
Amazon Elastic Compute Cloud (Amazon EC2) |
|
-provision and launch an Amazon EC2 instance within minutes-stop using it when you have finished running a workload -pay only for the compute time you use when an instance is running, not when it is stopped or terminated -save costs by paying only for server capacity that you need or want |
Benefits of Amazon EC2 instance |
|
1. General purpose instances 2. Compute optimized instances 3. Memory optimized instances 4. Accelerated computing instances 5. Storage optimized instances |
Amazon EC2 instance types |
|
provide a balance of compute, memory, and networking resources. You can use them for a variety of workloads, such as application servers, gaming servers, back-end servers for enterprise applications and small to medium databases. |
General purpose instances |
|
Ideal for high-performance web servers, compute-intensive applications servers, and dedicated gaming servers. You can also use this instances for batch processing workloads that require processing many transactions in a single group. |
Compute optimized instances |
|
Designed to deliver fast performance for workloads that process large datasets in memory.This scenario might be a high-performance database or a workload that involves performing real-time processing of a large amount of unstructured data. |
Memory optimized instances |
|
To perform some functions more efficiently than is possible in software running on CPUs.Ideal for workloads such as graphics applications, game streaming, and application streaming. |
Accelerated computing instances |
|
For workloads that require high, sequential read and write access to large datasets on local storage.Examples of workloads suitable for this instances include distributed file systems, data warehousing applications, and high-frequency online transaction processing (OLTP) systems. |
Storage optimized instances |
|
1. On-Demand 2. Amazon EC2 Savings Plans 3. Reserved Instances 4. Spot Instances 5. Dedicated Hosts |
Amazon EC2 pricing |
|
Instances are ideal for short-term, irregular workloads that cannot be interrupted. No upfront costs or minimum contracts apply. The instances run continuously until you stop them, and you pay for only the compute time you use. |
On-Demand |
|
Enables you to reduce compute costs by committing of compute usage for a 1-year or 3-year term. This term commitment results in savings of up to 72% over On-Demand costs. |
EC2 Savings Plans |
|
-Discount applied to On-Demand Instances -Standard Reserved and Convertible Reserved Instances for a 1-year or 3-year term. -Scheduled Reserved Instances for a 1-year term. *On-Demand rates charged until you terminate the instance or ourchase a new Reserved Instance |
Reserved Instances |
|
Ideal for workloads with flexible start and end times, or that can withstand interruptions. They use unused Amazon EC2 computing capacity and offer you cost savings at up to 90% off of On-Demand prices. |
Spot Instances |
|
Physical servers with Amazon EC2 instance capacity that is fully dedicated to your use |
Dedicated Hosts |
|
Involves beginning with only the resources you need and designing your architecture to automatically respond to changing demand |
Scalability |
|
Automatically add or remove Amazon EC2 instances in response to changing application demand with dynamic or predictive scaling |
Amazon EC2 Auto Scaling |
|
AWS service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances |
Elastic Load Balancing |
|
publish/subscribe service that publishes messages to subscribers such as web servers, email addresses and AWS Lambda functions |
Amazon Simple Notification Service (Amazon SNS) |
|
Can send, store, and receive messages between software components, without losing messages or requiring other services to be available |
Amazon Simple Queue Service (Amazon SQS) |
|
Which AWS service is the best choice for publishing messages to subscribers? |
Amazon SNS |
|
Service that lets you run code without needing to provision or manage servers. |
AWS Lambda |
|
Standard way to package your application's code and dependencies into a single object |
AWS Containers |
|
Highly scalable, high-performance container management system that enables you to run and scale containerized applications on AWS. Supports Docker software. |
Amazon Elastic Container Service (Amazon ECS) |
|
-Software platform that enables you to build, test, and deploy applications quickly -Supports the use of open-source Community Edition and subscription-based Enterprise Edition. -Supports API calls to launch and stop supportedapplications. |
Docker (Software) |
|
open-source software that enables you to deploy and manage containerized applications at scale. |
Amazon Elastic Kubernetes Service (Amazon EKS) |
|
Server-less compute engine for containers. It works with both Amazon ECS and Amazon EKS. |
AWS Fargate |
|
1. Compliance with data governance and legal requirements 2. Proximity to your customers 3. Available services within a Region 4. Pricing |
Business factors to select region for AWS Services |
|
Single data center or a group of data centers within a Region and are located tens of miles apart from each other |
Availability Zone |
|
Site that Amazon CloudFront uses to store cached copies of your content closer to your customers for faster delivery. |
Edge location |
|
1. AWS Management Console 2. AWS Command Line Interface (AWS CLI) 3. Software Development Kits (SDKs) |
How to provision AWS resource |
|
Web-based interface for accessing and managing AWS services |
AWS Management Console |
|
-Allows control multiple AWS services directly -Is available for users on Windows, macOS, and Linux |
AWS Command Line Interface |
|
Access AWS services through an API designed for your programming language or platform. Allows you to use AWS services with your existing applications or create entirely new applications that will run on AWS |
Software Development Kits (SDKs) |
|
Deploys the resources necessary to perform the following tasks: -Adjust capacity -Load balancing -Automatic scaling -Application health monitoring |
AWS Elastic Beanstalk |
|
-treats your infrastructure as code -build an environment by writing lines of code instead of using the AWS Management Console to individually provision resources. -provisions your resources in a safe, repeatable manner, enabling you to frequently build your infrastructure and applications without having to perform manual actions or write custom scripts. |
AWS CloudFormation |
|
You attach this to allow public traffic from the internet to access your VPC |
Internet Gateway |
|
Service that lets you launch AWS resources in a logically isolated virtual network that you define. |
Amazon Virtual Private Cloud (Amazon VPC) |
|
Used to access private resources in a Virtual Private Cloud (VPC) |
Virtual Private Gateway |
|
service that enables you to establish a dedicated private connection between your data center and a VPC |
AWS Direct Connect |
|
-Network ACLs perform this -Remember nothing and check packets that cross the subnet border each way: inbound and outbound |
Stateless packet filtering |
|
Virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance |
AWS security group |
|
virtual firewall that controls inbound and outbound traffic at the subnet level |
AWS Network Access Control list (ACL) |
|
Security groups perform these. They remember previous decisions made for incoming packets. |
Stateful packet filtering |
|
AWS DNS web service. It gives developers and businesses a reliable way to route end users to internet applications hosted in AWS. |
Amazon Route 53 |
|
-Block-level storage volumes that behave like physical hard drives. -An instance store provides temporary block-level storage for an Amazon EC2 instance. |
Instance Stores |
|
Service that provides block-level storage volumes that you can use with Amazon EC2 instances. If you stop or terminate an Amazon EC2 instance, all the data on these volumes remains available. Stores data in a single Availability Zone. |
Amazon Elastic Block Store (Amazon EBS) |
|
AWS incremental backup |
AWS EBS snapshot |
|
consists of data, metadata, and a key. |
object storage |
|
provides object-level storage. Stores data as objects in buckets. Unlimited storage space. The maximum file size for an object is 5 TB |
Amazon Simple Storage Service (Amazon S3) |
|
S3 Standard S3 Standard-Infrequent Access (S3 Standard-IA) S3 One Zone-Infrequent Access (S3 One Zone-IA) S3 Intelligent-Tiering S3 Glacier S3 Glacier Deep Archive |
AWS S3 Storage Classes |
|
-Designed for frequently accessed data -Stores data in a minimum of three Availability Zones -Provides high availability for objects -Higher cost |
S3 Standard |
|
-Ideal for infrequently accessed data -Similar to S3 Standard but has a lower storage price and higher retrieval price -Ideal for data infrequently accessed but requires high availability when needed -minimum of three Availability Zones |
S3 Standard-Infrequent Access (S3 Standard-IA) |
|
-Stores data in a single Availability Zone -Has a lower storage price than S3 Standard-IA -Single Availability Zone -You want to save costs on storage -You can easily reproduce your data in the event of an Availability Zone failure. |
S3 One Zone-Infrequent Access (S3 One Zone-IA) |
|
-Ideal for data with unknown or changing access patterns -Requires a small monthly monitoring and automation fee per object -Monitors objects’ access patterns |
S3 Intelligent-Tiering |
|
-Low-cost storage designed for data archiving -Able to retrieve objects within a few minutes to hours |
S3 Glacier |
|
-Lowest-cost object storage class ideal for archiving -Able to retrieve objects within 12 hours |
S3 Glacier Deep Archive |
|
-Scalable file system used with AWS Cloud services and on-premises resources. -Regional service -stores data in and across multiple Availability Zones. |
Amazon Elastic File System (Amazon EFS) |
|
data is stored in a way that relates it to other pieces of data |
relational database |
|
Relational databases use this to store and query data. |
structured query language (SQL) |
|
service that enables you to run relational databases in the AWS Cloud. It automates tasks such as hardware provisioning, database setup, patching, and backups. |
Amazon Relational Database Service (Amazon RDS) |
|
Amazon Aurora PostgreSQL MySQL MariaDB Oracle Database Microsoft SQL Server |
Amazon RDS database engines |
|
Enterprise-class relational database. Compatible with MySQL and PostgreSQL relational databases. Five times faster than standard MySQL databases and three times faster than standard PostgreSQL databases.reduce your database costs by reducing unnecessary input/output (I/O) operations. When you require high availability and continuous backs ups. |
Amazon Aurora |
|
-Uses Tables -“NoSQL databases" -key-value pairs
|
nonrelational database |
|
-key-value database service -single-digit millisecond performance at any scale -Serverless database -Automatic Scaling |
Amazon DynamoDB |
|
Data warehousing service that you can use for big data analytics. Ability to collect data from many sources and helps you to understand relationships and trends across your data |
Amazon Redshift |
|
Used to migrate relational databases, nonrelational databases, and other types of data store. Also used if you need Development and test database migrations, Database consolidation and/or Continuous replication |
AWS Database Migration Service (AWS DMS) |
|
document database service that supports MongoDB workloads. (MongoDB is a document database program.) |
Amazon DocumentDB |
|
A graph database service. Can be used to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs. |
Amazon Neptune |
|
Ledger database service. Can be used to review a complete history of all the changes that have been made to your application data |
Amazon Quantum Ledger Database (Amazon QLDB) |
|
Have open-source frameworks. Is a distributed ledger system that lets multiple parties run transactions and share data without a central authority. |
Amazon Managed Blockchain |
|
Service that adds caching layers on top of your databases to help improve the read times of common requests. It supports two types of data stores: Redis and Memcached |
Amazon ElastiCache |
|
In-memory cache for DynamoDB. It helps improve response times from single-digit milliseconds to microseconds. |
Amazon DynamoDB Accelerator (DAX) |
|
“Security of the Cloud” |
AWS Security responsibility |
|
“Security in the Cloud” |
AWS Customer Security responsibility |
|
Enables you to manage access to AWS services and resources securely. |
AWS Identity and Access Management (IAM) |
|
-First user identity when you first create an AWS account -Should not use this user for everyday tasks -Should only be used when you need to perform a limited number of tasks that are only available to this user |
Root User |
|
-Identity that you create in AWS. -Represents the person or application that interacts with AWS services and resources. -Consists of a name and credentials. -By default t has no permissions associated with it. -You must grant the this user the necessary permissions |
IAM user |
|
-Document that allows or denies permissions to AWS services and resources -Enable you to customize users’ levels of access to resources -Security principle of least privilege when granting permissions should be followed |
IAM policy |
|
-Is a collection of IAM users. -All users in this are granted permissions specified by the policy |
IAM group |
|
-Identity that you can assume to gain temporary access to permissions. -IAM user, application, or service must be assigned permissions to be granted this. -Ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term. |
IAM role |
|
-Used consolidate and manage multiple AWS accounts within a central location -Root is created when you create one of these, which will be the parent container for all the accounts |
AWS Organizations |
|
-Used to centrally control permissions for the accounts in your organization -Applied to Individual Member Accounts and OUs |
service control policies (SCPs) |
|
-Group accounts into these to make it easier to manage accounts with similar business or security requirements. -Applying policies here, all the accounts automatically inherit the permissions specified in the policy |
organizational units (OUs) |
|
Service that provides on-demand access to AWS security and compliance reports and select online agreements. Consists of two main sections: AWS Artifact Agreements and AWS Artifact Reports |
AWS Artifact |
|
With this you can review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations. |
AWS Artifact Agreements |
|
Provide compliance reports from third-party auditors. These auditors have tested and verified that AWS is compliant with a variety of global, regional, and industry-specific security standards and regulations with these reports. |
AWS Artifact Reports |
|
Here you can read customer compliance stories to discover how companies in regulated industries have solved various compliance, governance, and audit challenges |
Customer Compliance Center |
|
Service that protects applications against DDoS attacks. Provides two levels of protection: Standard and Advanced |
AWS Shield |
|
Automatically protects all AWS customers at no cost. Protects AWS resources from the most common, frequently occurring types of DDoS attacks |
AWS Shield Standard |
|
A paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks. Also integrates with other services such as Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing. |
AWS Shield Advanced |
|
Enables you to perform encryption operations through the use of cryptographic keys |
AWS Key Management Service (AWS KMS) |
|
Web application firewall that lets you monitor network requests that come into your web applications. Uses a web access control list (ACL) to block or allow traffic |
AWS WAF |
|
Helps to improve the security and compliance of applications by running automated security assessments. Checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions. |
Amazon Inspector |
|
Service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment. |
Amazon GuardDuty |
|
Web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics. |
Amazon CloudWatch |
|
Alarms that automatically perform actions if the value of your metric has gone above or below a predefined threshold |
CloudWatch alarms |
|
Enables you to access all the metrics for your resources from a single location. |
CloudWatch dashboard |
|
Records API calls for your account. |
AWS CloudTrail |
|
Allows CloudTrail to automatically detect unusual API activities in your AWS account. |
CloudTrail Insights |
|
Web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. |
AWS Trusted Advisor |
|
Always Free 12 Months Free Trials |
AWS Free Tier |
|
Pay for what you use Pay less when you reserve Pay less with volume-based discounts when you use more. |
AWS Price As You Go |
|
Lets you explore AWS services and create an estimate for the cost of your use cases on AWS |
AWS Pricing Calculator |
|
Used to pay your AWS bill, monitor your usage, and analyze and control your costs |
AWS Billing & Cost Management dashboard |
|
Enables you to receive a single bill for all AWS accounts in your organization |
Consolidated billing feature of AWS Organizations |
|
-Create budgets to plan your service usage, service costs, and instance reservations with this. -Information updates three times a day. -Set custom alerts when your usage exceeds (or is forecasted to exceed) the budgeted amount |
AWS Budgets |
|
Tool that enables you to visualize, understand, and manage your AWS costs and usage over time |
AWS Cost Explorer |
|
Basic Developer Business Enterprise |
AWS Support Plans |
|
-Is free for all AWS customers. -Includes access to whitepapers, documentation, and support communities. -You can also contact AWS for billing questions and service limit increases |
AWSBasic Support |
|
-Best practice guidance -Client-side diagnostic tools -Building-block architecture support, which consists of guidance for how to use AWS offerings, features, and services together |
AWS Developer Support |
|
-Use-case guidance to identify AWS offerings, features, and services that can best support your specific needs -All AWS Trusted Advisor checks -Limited support for third-party software, such as common operating systems and application stack components |
AWS Business Support plan |
|
-Application architecture guidance, which is a consultative relationship to support your company’s specific use cases and applications -Infrastructure event management: A short-term engagement with AWS Support that helps your company gain a better understanding of your use cases. This also provides your company with architectural and scaling guidance. -Technical Account Manager |
AWS Enterprise Support Plan |
|
Digital catalog that includes thousands of software listings from independent software vendors. Used to find, test, and buy software that runs on AWS |
AWS Marketplace |
|
Organizes guidance into six areas of focus, called Perspectives |
AWS Cloud Adoption Framework (AWS CAF) |
|
Ensures that IT aligns with business needs and that IT investments link to key business result |
Business Perspective |
|
Supports development of an organization-wide change management strategy for successful cloud adoption |
People Perspective |
|
Focuses on the skills and processes to align IT strategy with business strategy. |
Governance Perspective |
|
Includes principles and patterns for implementing new solutions on the cloud, and migrating on-premises workloads to the cloud |
Platform Perspective |
|
Ensures that the organization meets security objectives for visibility, auditability, control, and agility |
Security Perspective |
|
Helps you to enable, run, use, operate, and recover IT workloads to the level agreed upon with your business stakeholders |
Operations Perspective |
|
1. Rehosting 2. Replatforming 3. Refactoring/re-architecting 4. Repurchasing 5. Retaining 6. Retiring |
AWS Cloud Migration Strategies |
|
“lift-and-shift” involves moving applications without changes |
AWS Rehosting Migration |
|
“lift, tinker, and shift,” involves making a few cloud optimizations to realize a tangible benefit |
AWS Replatforming Migration |
|
Reimagining how an application is architected and developed by using cloud-native features |
AWS Refactoring/re-architecting Migration |
|
Moving from a traditional license to a software-as-a-service model |
AWS Repurchasing Migration |
|
Keeping applications that are critical for the business in the source environment |
AWS Retaining Migration |
|
Process of removing applications that are no longer needed |
AWS Retiring Migration |
|
Collection of physical devices that help to physically transport up to exabytes of data into and out of AWS Composed of AWS Snowcone, AWS Snowball, and AWS Snowmobile |
AWS Snow Family |
|
Small, rugged, and secure edge computing and data transfer device. It features 2 CPUs, 4 GB of memory, and 8 TB of usable storage |
AWS Snowcone |
|
Composed of Snowball Edge Storage Optimized and Snowball Edge Compute Optimized |
AWS Snowball |
|
Well suited for large-scale data migrations and recurring transfer workflows Storage: 80 TB of hard disk drive (HDD) capacity for block volumes and Amazon S3 compatible object storage, and 1 TB of SATA solid state drive (SSD) for block volumes. Compute: 40 vCPUs, and 80 GiB of memory to support Amazon EC2 sbe1 instances (equivalent to C5). |
Snowball Edge Storage Optimized |
|
Powerful computing resources for use cases such as machine learning, full motion video analysis, analytics, and local computing stacks. Storage: 42-TB usable HDD capacity for Amazon S3 compatible object storage or Amazon EBS compatible block volumes and 7.68 TB of usable NVMe SSD capacity for Amazon EBS compatible block volumes. Compute: 52 vCPUs, 208 GiB of memory, and an optional NVIDIA Tesla V100 GPU. Devices run Amazon EC2 sbe-c and sbe-g instances, which are equivalent to C5, M5a, G3, and P3 instances. |
Snowball Edge Compute Optimized |
|
Exabyte-scale data transfer service used to move large amounts of data to AWS.
Can transfer up to 100 petabytes of data per Instance
45-foot long ruggedized shipping container, pulled by a semi trailer truck. |
AWS Snowmobile |
|
Helps you understand how to design and operate reliable, secure, efficient, and cost-effective systems in the AWS Cloud |
AWS Well-Architected Framework |
|
1. Operational excellence 2. Security 3. Reliability 4. Performance efficiency 5. Cost optimization |
5 Pillars of AWS Well-Architected Framework |
|
Ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures |
Operational excellence pillar |
|
Ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies |
Security pillar |
|
Ability of a system to do the following: Recover from infrastructure or service disruptions Dynamically acquire computing resources to meet demand Mitigate disruptions such as misconfigurations or transient network issues |
Reliability pillar |
|
Ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve |
Performance efficiency pillar |
|
Ability to run systems to deliver business value at the lowest price point |
Cost optimization pillar |
|
-Trade upfront expense for variable expense -Benefit from massive economies of scale -Stop guessing capacity -Increase speed and agility -Stop spending money running and maintaining data centers -Go global in minutes. |
Advantages of cloud computing |