Aws Certified Developer Associate Flashcards
Identity and Access Management (IAM)
The security discipline that enables the right individuals to access the right resources at the right times for the right reasons-Universal
User
-End User (think people)-Have no permissions when created
Groups
A collection of users under one set of permissions
Roles
Can create roles and assign them to users
Policies
Documents that define one or more set of permissions
Root Account
- Super user- Always create MFA on root account
On-Demand
allows you to pay a fixed rate by the hour (or by the second) with no commitment
Reserved Instance
provides you with a capacity reservation, providing a significant discount on the charge over 1 or 3 year terms
Spot Instance
Bid (a max price you are willing to pay) for EC2 instance (of specified size & type); price varies based on supply and demand of that instance type and size in a specific availability zone; when price goes above bid price, instance will terminate after a 2 minute warning (stored in the instance metadata - need to keep querying for that so when get the warning you have time to save any current work, state, whatever for the app to do later); nothing launches until price drops to bid price; pay the actual spot price, even if below the bid; can expire the bid if it takes so long and the price isn't met - Compute - AZ
Dedicated Hosts
You can provision your Amazon EC2 resources on Dedicated Hosts, which are physicalservers with EC2 instance capacity fully dedicated to your use. Dedicated Hosts canhelp you address compliance requirements and reduce costs by allowing you to useyour existing server-bound software licenses.
General Purpose SSD
General-purpose SSD volumes offer cost-effective storage that is ideal for a broad range of workloads. They deliver strong performance at a moderate price point that is suitable for a wide range of workloads.A general-purpose SSD volume can range in size from 1 GB to 16 TB and provides a baseline performance of three IOPS per gigabyte provisioned, capping at 10,000 IOPS. For instance, if you provision a 1 TB volume, you can expect a baseline performance of 3,000 IOPS. A 5 TB volume will not provide a 15,000 IOPS baseline, as it would hit the cap at 10,000 IOPS.
Provisioned IOPS SSD
Provisioned IOPS SSD volumes are designed to meet the needs of I/O-intensive workloads, particularly database workloads that are sensitive to storage performance and consistency in random access I/O throughput. While they are the most expensive Amazon EBS volume type per gigabyte, they provide the highest performance of any Amazon EBS volume type in a predictable manner.A Provisioned IOPS SSD volume can range in size from 4 GB to 16 TB. When you provision a Provisioned IOPS SSD volume, you specify not just the size, but also the desired number of IOPS, up to the lower of the maximum of 30 times the number of GB of the volume, or 20,000 IOPS. You can stripe multiple volumes together in a RAID 0 configuration for larger size and greater performance. Amazon EBS delivers within 10 percent of the provisioned IOPS performance 99.9 percent of the time over a given year.
Throughput Optimized HDD (ST1)
Low-cost HDD volume designed for frequently accessed, throughput-intensive workloads
Cold HDD (SC1)
Lowest cost HDD volume designed for infrequently accessed workloads
Magnetic
Previous generation. Can be a boot volume.
Application Load Balancer
When you need a flexible feature set for your web applications with HTTP and HTTPS traffic. Operating at the request level, Application Load Balancers provide advanced routing, TLS termination and visibility features targeted at application architectures, including microservices and containers.
Network Load Balancer
When you need ultra-high performance and static IP addresses for your application. Operating at the connection level, Network Load Balancers are capable of handling millions of requests per second while maintaining ultra-low latencies.
Classic Load Balancer
Using a Classic Load Balancer instead of an Application Load Balancer has the following benefits:- Support for EC2-Classic- Support for TCP and SSL listeners- Support for sticky sessions using application-generated cookies
504 Error
Gateway has timed out. Application is not responding within the timeout period.
X-Forwarded For header
Used to find the IPv4 address of the end user
Least Privilege
Always give your users the minimum amount of access required
Create Groups
Assign your users to groups. Your users will always inherit permissions of the group. The groups permissions are assigned through policy documents
AWS Secret Access Key
- Can only see once- Can delete key-pair and regenerate- Use AWS Configure to regenerate- Create Access Key per developer
IAM role
IAM Entity that is very similar to a user, with permission policies that determine what the identity can and cannot do in AWS.IAM Entity that does not have any credentials (password or access keys) associated with it.IAM Entity that Instead of being uniquely associated with one person, is intended to be assumable by anyone who needs it.
AWS Role
- Allow you to not use Access Keys and Secret Access Keys- Roles are preferred from a security aspect- Roles are controlled by policies- You can change a policy on a role with immediate effect- You can attach and detach roles to EC2 instances without stopping EC2 instance running