Aws Certified Solutions Architect Flashcards
Elastic Compute Cloud (EC2)
Provides virtual, scalable computing capacity (CPU, mem, storage & network capacity)
Amazon Virtual Private Cloud (VPC)
Defined virtual network in own logically isolated area + subnets
Amazon Machine Images (AMI)
Preconfigured EC2 templates with operating systems and software (common software configurations)
AWS Lambda
event-driven computing cloud service that allows developers to program functions on a pay-per-use basis
AWS Auto scaling
Monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost
Elastic Load Balancing
Automatically distributes incoming application traffic across multiple EC2 instances
AWS Elastic Beanstalk
Orchestration service for deploying infrastructure, which orchestrates various AWS services (EC2, S3, Simple Notification Service (SNS), CloudWatch, autoscaling, and Elastic Load Balancers)
Amazon Simple Storage (S3)
Object Storage accessible via HTTP-based protocols
Amazon Glacier
Extremely low cost data storage for data archiving. Retrieval time is in hours
Amazon Elastic Block Storage
Provides persistent block-level storage volume for use with EC2. Automatically replicated within availability zone
AWS Storage Gateway
Service connecting an on-premise software appliance with cloud-based storage
Amazon Cloudfront
Content delivery network provide a globally-distributed network of proxy servers which cache content for fast access
Amazon Relational Database Service (RDS)
Fully managed relational databases (Include ?)
Amazon DynamoDB
NoSQL database supports document and key/value pairs
Amazon Redshift
Petabyte-scale data warehouse
Amazon Cloudwatch
Monitoring service for AWS resources (collects and tracks metrics and logs, set alarms, and automatically react to changes in your AWS resources
Amazon CloudTrail
provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS servicesCan be stored in an S3 bucket
Amazon CloudFormation
To create and manage a collection of related AWS resources using a JSON-based template
AWS Config
Fully managed service that provides an AWS resource inventory, configuration history and changed notification
AWS Identity and Access Management (IAM)
To securely control access to AWS services.Create AWS users, groups and roles
AWS Key Management Service (KMS)
Create and control encryption keys
AWS Directory Services
Run Microsoft Active Directory on the AWS cloud
AWS Certificate Manager
Easily provision, manage, and deploy secure layer/transport layer security (SSL/TLS) certificate for use with AWS cloud services
AWS Web Application Firewall (WAF)
Define customizable web security rules to protect from web attacks
Amazon API Gateway
securely connect mobile and web applications to business logic hosted on AWS Lambda, APIs hosted on Amazon EC2, or other publicly addressable web services hosted inside or outside of AWS
Amazon Elastic Transcoder
Converts media files to different formats for playback on different devices (smartphones, tables, PCs, etc.)
Amazon Simple Notification Services (SNS)
Send time-critical messages to multiple subscribers through a "push" mechanism, eliminating the need to periodically check or "poll" for updates
Amazon Simple Queue Service (SQS)
Message queue service used by distributed applications to exchange messages through a polling model
Amazon Simple Email Service (SES)
Cost effective email service for transactional or marketing email campaign
Amazon Simple Workflow Service (SWF)
Build, run and scale background jobs in parallel or sequentially
Region
Physical geographic location completely isolated from other regions consisting of a cluster of data centers
Availability zones
One or more data centers within a region - designed to be isolated from failure in another AZ
Elastic block store
Persistent, Highly available block level storage volumes for use with EC2
IAM Principals
Root User, IAM User, Roles/Temp Security Tokens
How a Role Works?
A user or application ASSUMES a role and is given the...
Who uses roles?
1. Application (EC2), 2. User in another account, 3. Federated Identity Providers (IdP) (e.g. Facebook, Google, etc.)
IAM can integrate with two types of outside Identity Providers (IdP)
1. OpenID Connerct (OIDC) (Facebook, etc.)2. Security Assertion Markup Language (SAML) (Active Directory, LDAP, etc.)
How does IAM authenticate (identify) a principal
1. User Name/Password2. Access Key a. Access Key ID (20 chars) b. Access Secret Key ID (40 chars)3. Access Key/Session Token (for Assumed Role)
IAM - What is used to authorize a principal
Policy (JSON)
IAM Policy Parts
1. Effect: Verb (Allow or Deny)2. Service (SID): Service ID3. Resource: Amazon Resource Name (ARN)4. Action: Actions allowed or denied (e.g. read)5. Condition: added restrictions (e.g. IP address)
IAM - How to associate policies with a principal
1. User policy2. Group policy3. Managed user or group policy4. Role
Multi-Factor Authentication (MFA)
Requires identity with something you know and something you have
Amazon Elastic Block Store (EBS)
Provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability
CIDR
Classless Inter-Domain Routing used to specify range of IPv4 addresses for the VPC
VPC vs subnets in Availability Zones in a region
VPC spans all AZs in a region .Subnet resides in only one AZ. It cannot span availability zones!
Public vs Private subnet
If subnet has route to internet gateway then Public subnet. Else Private subnet
Two features to add security to VPC
Security Groups - Control inbound and outbound traffic for your instances,Network ACLs - Control inbound and outbound traffic for your subnets
Security Groups (virtual firewalls) can be controlled by
1. Traffic Type (e.g. HTTP)2. Protocol (e.g. TCP)3. Ports4. Source IP address(es)
EC2 Amazon Machine Image (AMI) vs Instance Type
Software vs Hardware
Amazon EC2 Instance Storage
Temporary block storage volumes forAmazon EC2 instances
AWS Lambda
Event driven serverless compute service
Lambda supported languages
1. Node JS2. Java3. C#4. Pyhton
AWS Lambda Restrictions
1. Max 512 disk space 2. Mem from 128 MB to 1,536 MB3. Max execution time of 5 mins4. Max request and response payloads of 128 KB5. Number of concurrent execution is soft limit
AWS Lambda Billing
1. Number of times code is trigerred 2. Each one millisecond of execution time
AWS use cases
1. Automated backups2. Objects uploaded to S33. Event-driven log analysis4. Event-driven transformations5. IoT 6. Serverless websites
AWS Elastic Beanstalk
Platform as a service (Paas): easy-to-use service for deploying and scaling web applications and services
Iaas vs Paas vs Saas
1. Infrastructure as a service: EC22. Platform as a service: Elastic Beanstalk (don't worry about the underlying OS or host or HTTP service. Only about your code3. Software as a service: Gmail
EC2 Bandwidth Types
1. On-Demand Instances - Pay by the hour with no long-term commitment2. Reserved Instances - Reserve EC2 computing3. Spot Instances - Bid on spare EC2 computing capacity
Amazon Lightsail
Easiest way to launch and manage EC2 server. Lightsail plans include everything you need to jumpstart your project - a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP address - for a low, predictable price.
Amazon Aurora
MySQL and PostgreSQL compatible relational database engine. Provides 5 times the throughput of standard MySQL or twice the throughput of standard PostgreSQL
Amazon RDS
makes it easy to set up, operate, and scale a relational database in the cloud. Has 6 DB engines: Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server
Amazon DynamoDB
NoSQL database service. Supports both document and key-value data models.
Amazon ElastiCache
Web service that simplifies deployment, operation, and scaling of an in-memory cache in the cloud for web applications. Supports Redis and Memcached
Amazon Route 53
Highly available and scalable cloud Domain Name System (DNS) web service
AWS Glue
Fully managed ETL service that makes it easy to move data between your data stores. Integrated with Amazon S3, Amazon RDS, and Amazon Redshift, and can connect to any Java Database Connectivity (JDBC)-compliant data store.
AWS Payment Models (3+)
1. On-demand2. Pay-as-you-go3. Reservation-based4. Dedicated Host (EC2 only)
Three fundamental drivers of cost
1. Compute2. Storage3. Outbound data transfer (In general no cost for inbound data transfers and data transfers between AWS services in the same region)
Elastic IP address
Static IPv4 address designed for dynamic cloud computing.
Amazon RDS Cost Factors
1. Clock hours of server time2. Database characteristics (DB Engine, size, mem)3. Database purchase type (on-demand, Reserved)4. Number of database instances5. Provisioned Storage (When active no chage)6. Additional storage7. Requests (# of inputs and outputs)8. Deployment type (one AZ, multiple AZs)9 Data transfer: inbound is free, outbound costs are tiered
Amazon DynamoDB Cost Factors
1. Provisioned throughput (write)2. Provisioned throughput (read)3. Indexed data storage
Temporary security credentials
Access key ID and secret access key a security token that you must send to AWS when you use temporary security credentials. They expire
Key Pairs - Public and private key
Not related to access keys.Only used for EC2 and Amazon Cloudfront
Free on AWS
1. Amazon VPC2. AWS Elastic Beanstalk3. AWS CloudFormation4. AWS IAM5. Auto Scaling6. AWS OpsWork (Like Chef)