CPC Exam

¡Supera tus tareas y exámenes ahora con Quizwiz!

what determines price for S3 glacier

o Storage o Data retrieval times

AWS penetration testing

--· is a simulated cyber attack against your computer system to check for exploitable vulnerabilities · You can carry it out against your AWS infrastructure without prior approval for: o Amazon EC2 instances o NAT gateways o Elastic load balancers o Amazon RDS o Cloudfront o Aurora o API Gateway § It allows developers to easily work with the various AWS resources programmatically § Does not reduce cost § Allows the customer's developers to work with resources o Lambda o Lightsail o Elastic Bean Stalk

S3 - IA

*Standard Infrequent Access* S3 storage class for data that is accessed less frequently, but requires rapid access when needed. -- lower fee than S3, but you are charged a retrieval fee

S3

-- provides developers and IT teams with secure, durable, highly-scalable object storage, is easy to use, with a simple web services interface to store and retrieve any amount of data from anywhere on the web o Not just a storage bucket --- requester pays, versioning, hosting static website, object lifecycle management

S3 Standard Storage

99.99% Availability and 99.9999999% Durability because your data is stored on 3 different storage facilities and is designed to with stand the lose of 2 data center facilities.

Amazon QuickSight

=is a fast, cloud-powered business analytics service that makes it easy to build visualizations, perform ad-hoc analysis, and quickly get business insights from your data

cloudfront

A content delivery system (CDN) is a system of distributed servers (network) that delivers webpages and other web content to a user based on the geographic locations of the user, the origin of the webpage, and a content delivery server --- can be used to deliver your entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations, requests for your content are automatically routed to the nearest edge location, so content is delivered with the best possible performance

Relational databases on AWS

Aurora, SQL, Oracle, MySQL, MariaDB, PostgreSQL

Amazon Aurora

enterprise-class relational database mySQL or PostgreSQL compatible continuous backup to S3 -- helps you save time by automating time-consuming tasks such as provisioning, patching, backup, recovery, failure detection, and repair.

DNS

Domain Name System -- transfers domain names to IP addresses

fleet

if your application runs on Amazon EC2 instances

global AWS services

IAM, Route53, CloudFront, SNS, SES

SQL database

Rows contain all the information about one entry, and columns are the attributes that separate the data points. A database schema is fixed: columns must be locked before data entry. You can amend schemas if the database is altered entirely and taken offline. Data in is queried using structure query language (SQL), which can allow for complex queries. Can scale vertically by increasing hardware power. Are commonly used for traditional applications, ERP, CRM, and ecommerce.

global AWS services, but are regional

S3

Amazon cognito

Single user identity and data synchronization service Helps manage and synch app data for users across their mobile devices Create unique identities for users through public login providers (Facebook, google, amazon) and support unauthenticated guests Save any kind of data in the AWS cloud without writing any backend code or managing infrastructure.

Software as a Service (SaaS)

Software that is hosted centrally on the Internet and accessed by users with a Web browser.

advantages of hosting database software on EC2 instances:

You need full control over the database, including SYS/SYSTEM user access, or you need access at the operating system level. • You need to use commercial software features or options that are not currently supported by AWS.

AWS support plans

basic, developer, business, enterprise

groups

collections of users with identical permissions

the drivers of cost:

compute, storage, data outbound

OLTP

databases usually process a large number of small transactions and are often used to provide source data to data warehouses. Amazon RDS

benefits of EC2

elastic web-scale computing, complete control, flexible cloud hosting services, integrated with most AWS services, reliable, secure, inexpensive

Amazon SNS (Simple Notification Service)

fully managed messaging for distributed or serverless applications -- reliable deliver messages with durability, automatically scale workload, no up-front cost, simplify architecture -- enables message filtering to a large number of subscribers

AWS X-Ray

helps developers analyze and debug distributed applications in production or under development, such as those built using a microservices architecture. -- Can understand how the application and its underlying services perform to identify and troubleshoot the root cause of performance issues and errors o Detects performance issues for AWS Lambda applications - sends traces to x-ray, which is further analyzed to generate a performance report

AWS CloudHSM

helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS Cloud securing encryption keys

AWS Database Migration Service

helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, reducing downtime to applications that rely on the database. The AWS DMS can migrate your data to and from most widely used commercial and opensource databases. The source database can be located on premises in Amazon EC2 or in Amazon RDS.

Amazon RDS

provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching, and backups. It frees you to focus on your applications so that you can give them the fast performance, high availability, security, compatibility

Redshift

is a fast, scalable data warehouse that makes it simple and cost effective to analyze all your data across your data warehouse and data lake. delivers 10 times faster performance than other data warehouses by using machine learning, massively parallel query execution, and columnar storage on high performance disks ---o Used for business intelligence o Used to pull in very large and complex data sets, usually used by management to do queries on data (current performance vs targets, etc.) o Use a different type of architecture both from a database perspective and infrastructure layer

AWS Certificate Manager

is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services

ElastiCache

is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache in the cloud. The service improves application performance by allowing developers to retrieve information from fast, managed, in-memory data stores instead of relying on slower disk-based databases. When a read request is sent, the caching layer checks to determine whether it has the answer. If it doesn't, the request is sent to the database. Meeting read requests through the caching layer in this manner is more efficient and delivers higher performance than what can be had from a traditional database alone. It is also more cost-effective. Memcached and Redis

roles

is similar to a user in that it is an AWS identity with permissions that determine what the identity can and cannot do in AWS. it does not have any long-term defined credentials, such as password or access keys, associated with it. Instead, if a user is assigned to it, access keys are created dynamically and provided to the user temporarily. Use them to delegate access to users, applications, or services that don't normally have access to your AWS resources.

resource tag

key value pairs attached to AWS resources, metadata

AWS Key Management Service

makes it easy for you to create and control encryption keys used to encrypt your data integrates with other AWS services --Ideal for S3 objects, database passwords, and API keys stored in systems manager parameter store o Encrypt and decrypt data -- encryption on AWS!!

compute capacity

means functionality traditionally provided by virtual or on-premises physical servers. You get the same functionality as you would from a physical server but with the benefits of hosting it in the cloud.

Dynamo DB

non-relational database -- you simply create a database table, set your target utilization for automatic scaling, and let the service handle the rest. You no longer need to worry about database management tasks, such as hardware or software provisioning, setup and configuration, software patching, operating a distributed database cluster, or partitioning data over multiple instances, as you scale. ---low-latency queries -- integrates with IAM for fine-grained access control of users in your organization -- store JSON documents directly into Amazon DynamoDB tables

business

o $100 a month o 24x7 email, chat, phone o No TAM o Unlimited contacts/ cases o General response times: § General guidance: <24 hours § System impaired: <12 hours § Production system impaired: <4 hours § Production system down: <1 hour

enterprise

o $15k a month o 24x7 email, chat, phone o Yes TAM o Unlimited contacts/ cases o General response times: § General guidance: <24 hours § System impaired: <12 hours § Production system impaired: <4 hours § Production system down: <1 hour § Business-critical system down: <15 minutes

developer

o $29 a month o Business hour access via email o No TAM o 1 person/ unlimited cases o General response times: § General guidance: <24 business hours § System impaired: <12 business hours

what determines price for RDS

o What determines price § Clock hours of server time § Database characteristics /purchase types § Number of database instances § Provision storage § Additional storage § Deployment types § Request § Data transfer

user

§ A person or application that interacts with AWS

Elastic File System (EFS)

o ) is a file storage service for Amazon Elastic compute cloud (EC2) instances o Can be shared across many instances and AZs o Place where you can install databases, but does not come with a set size o Content management system, file systems o Easy to use and provides a simple interface that allows you to create and configure file systems quickly and easily o is elastic § Automatically adjusts file sizes as you add/ remove files

AWS Global Infrastructure

o 25 regions and 80 availability zones, over 150 edge locations

Direct connect

o A cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS o You can establish private connectivity between AWS and your data center, office, or colocation environment, which can reduce your network costs, increase bandwidth throughput and provide a more consistent network experience than internet-based connections o If you need a stronger connection

AWS Lambda

o A compute service where you can upload your code and create a lambda function - takes care of provisioning and managing the servers you use the run the code § You don't have to worry about operating systems, patching, scaling, etc. o An event-driven compute service that can run your code in response to events § Events can be changes to data in an Amazon S3 bucket or Amazon DynamoDB table o A compute service to run your code in response to HTTP requests using Amazon API gateway or API calls made using AWS SDKs SERVERLESS

CodeCommit

o A managed source control service - used as a data store to store source code, o is a fully managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories. eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use it to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools

AWS trusted advisor

o An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment o Provides real time guidance to help you provision your resources following AWS best practices o Will advise you on Cost Optimization, Performance, Security, Fault Tolerance, service limits o Looks at entire AWS environment and gives report on it o Core checks and recommendations o Full trusted advisor - business and enterprise companies only o Related to infrastructure security optimization recommendations

relational database service (RDS)

o Best suited in scenarios where the datasets and forms are consistent such that their data schema is persistently valid - load can be anticipated and is somewhat finite o makes it easy to set up, operate, and scale relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. o It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need o Easily scalable, automatic software patching, automated backups, database snapshots, multi-AZ deployments, automatic host replacement, encryption at rest and in transit

Elastic Block Store

o Block storage volumes § provides persistent block storage volumes for use with Amazon EC2 instances in the AWS cloud § Virtual hard disk in the cloud o Storing operating systems/ databases o Automatically replicated § Each volume is automatically replicated within it's AZ to protect you from component failure, offering high availability and durability o Virtual disk that can be attached to EC2 - size of the disk is changed, but not done automatically o Pay for only what you provision o Typically attached to one EC2 instance at a time and one AZ

secrets manager

o Charge per secret stored and per 10,000 API calls o Automatically rotate secrets o Apply new key/password in RDS for yu o Generate random secrets

what determines EC2 pricing

o Clock hours of server time o Instance type o Pricing model o Number of instances o Load balancing o Detailed monitoring o Autoscaling o Elastic IP Addresses Operating Systems and Software Packages

Parameter store

o Component of AWS Systems Manager (SSM) o Secure serverless storage for configuration and secrets o Passwords o Database connection strings o Stored using encrypted KMS or plaintext o Set TTL to expire values, such as passwords o No cost to use, there's a limit of 10,000 parameters per account

AWS Rekognition

o Converts images into tags/ text o Upload an image and recognition will tell you what it thinks the image is with a certain degree of confidence Can be used with lots of apps

Transcribe

o Converts speech into text o This can be great for generating subtitles or getting transcripts of interviews, speeches and more

Polly

o Converts text to life-like voice o Can choose number of different languages, male or female, what accent you would like the voice to be rendered in

global accelerator

o Create accelerators to improve availability and performance of your applications for local and global users o Direct traffic to optimal endpoints over the AWS global network, this improves the availability and performance of your internet applications that are used by a global audience o Leverages edge locations and edge infrastructure is a networking service that improves the availability and performance of the applications that you offer to your global users · How it works o Uses Amazon's dedicated network § Sends your user's traffic through AWS global network infrastructure, improving your internet user performance by up to 60% § When your internet is congested, automatic routing optimizations will help keep your packet loss, jitter and latency consistently low o Is suitable for applications that are non-HTTP, where CloudFront enhances the performance of HTTP-based content, such as dynamic web applications, images and videos o Does not have the content caching capabilities that Amazon CloudFront does

CodeDeploy

o Deploys code to on-premise web servers is a service that automates code deployments to any instance, including EC2 instances and instances running on premises. makes it easier for you to rapidly release new features, helps you avoid downtime during application deployment, and handles the complexity of updating your applications. You can use it to automate software deployments, eliminating the need for error-prone manual operations. The service scales with your infrastructure so you can easily deploy to one instance or thousands

Identity and Access Management (IAM)

o Enables you to securely control access to AWS services and resources for your users - you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources o You can grant permissions to a user by creating a policy, which is a document in JSON format that explicitly lists permissions to allow or deny access to resources in an AWS account.

in S3...

o Files can be from 0 Bytes to 5 TB o Unlimited storage o Files are stored in buckets (folders in the cloud) o Is a universal namespace, names must be unique globally o When you upload a file to S3, you will receive a HTTP 200 code if the upload was successful o Not suitable to install an operating system on

basic

o Free o No tech support o No TAM o No one can open cases

AWS budgets

o Gives you the ability to set custom budgets that alert you when your costs or usage exceed/ or are forecasted to exceed your budgeted amount o Used to budget costs before they have been incurred o Helps clients plan their service usage, service costs, and get informed alerts when the cost reaches a certain threshold

VPN

o Hardware virtual private network connection between your corporate data center and your VPC, leveraging the AWS cloud as an extension of your corporate data center

cost explorer

o Has an easy to use interface that allows you to visualize, understand and manage your AWS costs and usage over time o Used to explore costs after they have been incurred

AWS Landing zone

o Helps customers more quickly set up a secure, multi-account AWS environment based on AWS best practices

security

o Implement strong security foundation § Centralize privilege management and reduce/ eliminate reliance on long-term credentials o Enable traceability § Monitor, alert, and audit actions and changes to your environment in real time o Apply security at all layers o Automate security best practices o Protect data in transit and at rest o Prepare for security events

cost optimization

o Includes the ability to avoid or reduce unneeded cost or suboptimal resources o Adopt a consumption model § Pay only for the computing resources that you consume and increase or decrease usage depending on business requirements, not by using elaborate forecasting. For example, development and test environments are typically used for only eight hours a day during the work week. You can stop these resources when they are not in use for a potential cost savings of 75 percent (40 hours versus 168 hours). o Measure efficiency o Stop spending money on data center operations o Analyze and attribute expenditure o Used managed services to reduce cost of ownership § In the cloud, managed services remove the operational burden of maintaining servers for tasks like sending email or managing databases. And because managed services operate at cloud scale, they can offer a lower cost per transaction or service.

operational excellence

o Includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures o Perform operations as code § Use scripting and automation to trigger actions in response to events - helps limit human error o Annotate documentation § Seek to automate the documentation update process o Make frequent, small, reversible changes o Refine operations procedures frequently o Anticipate failure o Learn from all operational failures

Athena

o Interactive query service which enables you to analyze and query data located in S3 using standard SQL § Serverless, nothing to provision, pay per query / per TB scanned § No need to set up complex Extract/Transform/Load (ETL) processes § Works directly with data stored in S3 o It can be used for: § Query log files stored in S3 § Generate business reports on data stored in S3 § Analyse AWS cost and usage reports § Run queries on click-stream data o Serverless service

AWS Snowball

o Is a PB-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud o Think of it as the gigantic disk to move your data into AWS cloud o Device shipped to AWS data center

AWS Shield

o Is a managed distributed denial of service (DDoS) protection service that safeguards web applications running on AWS o Provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS support to benefit from DDoS protection o There are two tiers of AWS shield - standard and advanced o Stops DDOS mitigation service o Turned on my default, but you can by advanced

EBS

o allows you to create storage volumes and attaches them to Amazon EC2 instances, once attached you can create a file system on top of these volumes, run a database, or use them in any other way you would use a block device, volumes are placed in a specific Availability Zone, where they are automatically replicated to protect you from the failure of a single component o Virtual disk in the cloud that the virtual servers run off o Creating snapshots of volumes can help ensure that you have a backup of your volume in place Replicated with its AZ to protect you from component failure

AWS organizations

o Is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage o helps you centrally manage and govern your environment as you grow and scale your AWS resources. , you can programmatically create new AWS accounts and allocate resources, group accounts to organize your workflows, apply policies to accounts or groups for governance, and simplify billing by using a single payment method for all of your accounts. o In addition, it is integrated with other AWS services so you can define central configurations, security mechanisms, audit requirements, and resource sharing across accounts in your organization. it is available to all AWS customers at no additional charge.

AWS inspector

o Is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS o Automatically assesses applications for vulnerabilities or deviations from best practices o After performing an assessment, it produces a detailed list of security findings prioritized by level of severity o These findings can be reviewed directly or as part of detailed assessment reports, which are available via the Amazon Inspector Console or API o Installed on EC2 instance

Lex

o Is what powers Amazon's Alexa o A service that allows you to build conversational chatbots o These can be powered either via voice or text o When you hear lex, think chatbot

VPC

o Lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network you define o You have complete control over your virtual networking environment, including selection of your own IP addresses, range, creation of subnets o Virtual data center in the cloud o after selecting a Region, you create a VPC and then specify the full IP address range for all resources that will be hosted within that VPC. The VPC can include resources in any or all Availability Zones within the Region. You can then create subnets within the network you specified for the VPC, choosing whether they'll allow connections to the public internet or remain private.

AWS detective

o Machine learning service that automatically collates log data from all AWS resources

5 Pillars of Well-Architected Framework

o Operational excellence o Security o Reliability o Performance efficiency o Cost optimization

the basic pricing policies

o Pay as you go o Pay less when you reserve o Pay even less per unit by using more o Pay even less as AWS grows o Custom pricing

How to use CloudTrail

o Per AWS account and enabled per region o Can consolidate logs using an S3 bucket: § Turn Cloudtrail on § Create a bucket policy that allows cross-account access § Turn on CloudTrail in the other accounts and use the bucket in the paying account o Best practice is to use a separate account for logging o Unused reserved instances for EC2 are applied across the group o CloudTrail is on a per account and per region basis, but can be aggregated into a single bucket belonging to the paying account

AWS config

o Provides a detailed view of the configuration of AWS resources in your AWS account o This includes how the resources are related to one another and how they were configured in the past, so that you can see how the configurations and relationships change over time o Security group change

Resource Group

o Resource groups in combination with AWS Systems manager allow you to control and execute automation against entire fleets of EC2 instances, all at the push of a button o You can group resources that share one or more tags o Tag editor is a global service that allows us to discover resources and to add additional tags to them as well o Resource groups share one or more tags, collection of resources that are deployed in the same AWS region, and that match the criteria specified in the group's query o Resource groups contain information such as: § Region § Name § Employee ID § Department

AWS Macie

o Security service which uses machine learning and NLP (natural language processing) to discover, classify, and protect sensitive data stored in S3 § Uses AI to recognize if your S3 objects contain sensitive data such as PII § Dashboards, reporting and alerts § Works directly with data stored in S3 § Can also analyze CloudTrail logs § Great for PCI-DSS and preventing ID theft

Cloudformation

o Service that helps you model and set up AWS resources and more time focusing on your applications that run in the AWS - model and provision cloud infrastructure resources o You create a template that describes all the AWS resources that you want (Amazon EC2 or Amazon RDS DB), and it takes care of provisioning and configuring those resources for you o You don't need to individually create and configure AWS resources and figure out what's dependent on what - it handles all of that o AWS Change Set can be used to preview changes to AWS resources when a stack is executed

Opsworks

o Similar to elastic bean stalk o Deploys code to EC2 and on-premise o To use it for servers in customer data centers, the servers should be Linux operating systems with a Stacks agent installed and connectivity to AWS public endpoints o Using it to create Amazon EC2 instances, you can also register it with a Linux stack

what determines price for S3?

o Storage class (standard/ IA) o Storage o Requests (GET, PUT, COPY) o Data transfer

CloudFront pricing

o Traffic distribution o Number of requests o Data transfer out

principle of lease privilege

o Users should be granted permission to access only resources they need to do their assigned job

EC2

o Virtual servers in the cloud o Reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change o Provides resizable compute capacity in the cloud

what determines price for EBS?

o Volumes per GB o Snapshots per GB o Data transfer

AWS WAF - Web Application Firewall

o Web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security or consume excessive resources o Inspects firewall/ inspects what's going on o Stops hackers

edge locations

o are AWS endpoints used for caching content - consists of Cloudfront o there are more than regions - over 150

Security groups

o are virtual firewalls in the cloud - you need to open ports in order to use them - popular ports are SSH 22, HTTP 80, HTTPS 443, RDP 3389 § Outer level of protection that allows outside groups interact with your EC2 instance § Inbound traffic - determines you can interact with your resource § Only 'allow rules', no 'deny' rules § Default values: · No inbound traffic and all outbound traffic allowed § Stateful: allows responses from allowed inbound traffic § For each group, you allow rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic. o Security groups act at the instance level, not the subnet level. Therefore, each resource in a subnet in your VPC could be assigned to a different set of security groups. If you don't specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.

Elastic Load Balancing

o automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault tolerant.

Availability Zone

o data center, building filled with servers, may be several data centers o each data center has its own redundant power, networking, connectivity, housed in separate facilities o physically isolated and connected via a low latency redundant link

region

o geographical area, each region consists of 2 or more availability zones

reliability

o includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions, such as misconfigurations or transient network issues. o Test recovery procedures o Automatically recover from failure o Scale horizontally to increase aggregate system availability § Replace one large resource with multiple small resources to reduce the impact of a single failure on the overall system. Distribute requests across multiple, smaller resources to ensure that they don't share a common point of failure. o Stop guessing capacity o Manage change in automation

performance efficiency

o includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve. o Democratize advanced technologies § Some complex technologies require expertise that is not evenly dispersed across the technical community, such as NoSQL databases, media transcoding, and machine learning. In the cloud, these technologies can become services that your team can consume while focusing on product development instead of resource provisioning and management. o Go global in minutes o Use serverless technologies o Experiment more often o Apply mechanical sympathy § Use the technology approach that aligns best to what you are trying to achieve. For example, consider data access patterns when selecting database or storage approaches.

CloudTrail

o monitors API calls in the AWS platform - tool for auditing o is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With it, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. o provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. In addition, you can use it to detect unusual activity in your AWS accounts. These capabilities help simplify operational analysis and troubleshooting. o Learn more about who terminated EC2 instances o Increases visibility into your user and resource activity by recording AWS management console actions and API calls o You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred o Records everything going on in AWS environment

Personal Health Dashboard

o offers an overview of the AWS services you actually use and whether or not they have any availability issues · Relevant, up to data information o The dashboard displays up to date information on the status of your AWS services and provides proactive notifications as to any scheduled activities · The dashboard displays relevant and timely information to help you manage events in progress, and provides proactive notification to help you plan for scheduled activities. alerts are automatically triggered by changes in the health of AWS resources, giving you event visibility and guidance to help quickly diagnose and resolve issues.

auto scaling and fleet management

o refers to the functionality that automatically replaces unhealthy o instances and maintains your fleet at the desired capacity o Amazon EC2 Auto Scaling fleet management ensures that your application is able to receive traffic and that the instances themselves are working properly. When Amazon EC2 Auto Scaling detects a failed health check, it can replace the instance automatically.

Customer manages

security in the cloud

AWS manages

security of the cloud

Amazon DynamoDB use cases

serverless web applications, microservices data store, mobile backends, adtech, gaming, internet of things

What AWS services can be used on-premise

snowball, snowball edge, storage gateway, codedeploy, codecommit, opsworks

AWS simple monthly calculator

static website on S3, is used to calculate your running costs on AWS on a per month basis -- NOT a comparison tool

NoSQL databases

store data using one of many storage models, including key-value pairs, documents, and graphs. Schemas are dynamic, and information can be added rapidly. Each row doesn't have to contain data for each column. Data in databases is queried by focusing on collections of documents. Databases scale horizontally by increasing servers. Key-value databases are commonly used for internet-scale applications, real-time bidding, shopping carts, and customer preferences.

AWS Artifact

used to retrieve compliant reports

OLAP system

usually process a small number of complex queries that help analyze data. Amazon Redshift

On Demand Instances

§ Allows you to pay a fixed rate by the hour with no commitment § Run continuously until you stop them, not recommended for workloads that last 1+ year § Useful for: · users that want the low cost and flexibility of Amazon EC2 without any up-front payment or long-term commitment · Applications with short-term, spiky, or unpredictable workloads that cannot be interrupted · Developed or tested on EC2 for the first time

free AWS services

§ Amazon VPC --- virtual data center in the cloud § Elastic Beanstalk § CloudFormation § Identity Access Management (IAM) § Auto Scaling § Opsworks § Consolidated Billing

Infrastructure as a Service (IaaS)

§ Basically AWS - you manage the server which can be physical or virtual, as well as the operating system, usually the data center provider will have no access to your server - EC2 § Basic building blocks of cloud IT and typically provides access to networking features, computers and data storage space § Provides highest level of flexibility and management control over IT resources

AWS Quick Start

§ CloudFormation templates, built by AWS solutions architects and partners based on best practices, includes a guide of how to deploy popular technologies on AWS

S3 -- intelligent tiering

§ Designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead, uses machine learning § Delivers automatic cost savings by moving data between two-access tiers - frequent and infrequent access - when access patterns change, and is ideal for data with unknown or changing access patterns

S3 Transfer Acceleration

§ Enabled fast, easy and secure transfers of files over long distances between your end users and an S3 bucket, takes advantage of Amazon Cloudfront's globally distributed edge locations, as the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path § Optimizes performance for data transfer between users & objects in Amazon S3 bucket

Spot Instances

§ Enables you to bid whatever price you want for instance capacity, providing for even greater savings if your applications have flexible start and end times § Can withstand interruptions § Greatest savings - take advantage of unused Amazon EC2 capacity in the cloud § Does not require a contract or a commitment to a consistent amount of compute usage § Useful for: · Applications that have flexible start and end times · That are only feasible at very low compute prices · Urgent computing needs for large amounts of additional capacity

S3 one zone -- IA

§ For when you want a lower-cost option for infrequently accessed data, but do not require the multiple availability zone data resilience

root account

§ Has full administrator access - create users for each individual within your organization § Complete access to all AWS services

AWS total cost of ownership calculator

§ How much it costs to have data on-premise vs on the cloud § Is used to compare costs of running infrastructure on premise vs cloud, it will generate reports that you can give to your C-level execs to make a business case to move to the cloud

what is PII?

§ Personal data used to establish an individual's identity § Data that could be exploited by criminals, used in identity theft and financial fraud · Home address, email address, SSN · Passport number, driver's license number · DOB, phone number, bank account, credit card number

dedicated hosts

§ Physical EC2 servers dedicated for your use - reduces costs by allowing you to use your existing server-bound contracts § Useful for: · Regulatory requirements that may not support multi-tenant virtualization (govt.) · Great for licensing which does not support multi-tenancy or cloud deployments · Can be purchased on-demand, or as a reservation for up to -70% off the on-demand price

Reserved Instances

§ Provides you with a capacity reservation, and offer a significant discount on the hourly charge for an instance - contract terms are 1- or 3-year terms § Useful for: · predictable usage, require reserved capacity, able to make upfront payments to reduce their total computing costs even further

Platform as a Service (PaaS)

§ Removes the need for organizations to manage the underlying infrastructure and allow you to focus on the deployment and management of your applications § Helps you be more efficient as you don't need to worry about resource procurement, capacity planning, software maintenance, patching or any of the undifferentiated heavy lifting involved in running your application

what determines pricing for lambda?

§ Request pricing · Free tier: 1 million requests per month · 0.20 per 1 million requests thereafter § Duration pricing · 400,000 GB-seconds per month free, up to 3.2 million seconds of compute time § Additional charges · If your lambda function uses other AWS services or transfers data · If your lambda function reads and writes data from Amazon S3, you will be billed for the read/ write requests and the data stored in Amazon S3

S3 glacier deep archive

§ S3 glacier deep archive is Amazon S3's lowest cost storage class where a retrieval time of 12 hours is acceptable

S3 glacier

§ Secure, durable, low-cost storage class for data archiving, you can reliably store any amount of data at costs that are competitive with or cheaper than on-premises solutions, retrieval times configurable from minutes to hours § Uses: media asset workflows, healthcare information, compliance archiving, scientific data storage, digital preservation § Can use vaults

access key

§ for programmatic access to AWS · Long-term credentials for IAM user, authenticates requests

application load balancer

§ is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers. Operating at the individual request level (Layer 7), Application Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) based on the content of the request. § Scenarios: the ability to use containers to host your microservices and route to those applications from a single load balancer

network load balancer

§ is best suited for load balancing of TCP traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies. Network Load Balancer is also optimized to handle sudden and volatile traffic patterns. § Latency - how fast the network is § Automatically routes incoming web traffic across a dynamically changing number of instances Your load balancer acts as a single point of contact for all incoming traffic to the instances in your Auto Scaling group. You can automatically increase the size of your Auto Scaling group when demand goes up and decrease it when demand goes down. As the Auto Scaling group adds and removes Amazon EC2 instances, the Network Load Balancer makes sure that the traffic for your application is distributed across all of your instances.

Classic Load Balancer

§ provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. Classic Load Balancer is intended for applications that were built within the EC2-Classic network.

AWS security hub

· A comprehensive view of security alerts across multiple AWS accounts · Provides a single place that aggregates, organizes, and prioritizes your security alerts or findings from multiple AWS services - such as GuardDuty, Inspector, Macie, IAM, Firewall Manager - across multiple AWS accounts

AWS Systems Manager

· Allows you to manage EC2 instances at scale · A piece of software is installed on each VM · Integrates with CloudWatch to give you a dashboard of your entire estate. · Allows users to control their AWS resources by unifying services into a user interface --- one in which they can be able to view, automate and monitor operational tasks · Gives the user the ability to group AWS resources across different AWS regions by application and collectively view their operational data for monitoring purposes · gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. With Systems Manager, you can group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon RDS instances, by application, view operational data for monitoring and troubleshooting, and act on your groups of resources. Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems

AWS trusted advisor services

· Can check for: o Cost optimization o Performance o Security o Fault tolerance o Service limits · To have all of Trusted Advisor unlocked, you must upgrade your support plan to business

Memory Optimized Instance Types

· Deliver fast performance for workloads that process large data sets in memory · Ideal for high performance databases that involves real-time processing of a large amount of unstructured data

Storage Optimized Instance Types

· Designed for workloads that require high, sequential read and write access to large datasets on local storage · Examples include data warehousing, high-frequency online transaction processing systems (OLTP) · Input/output operations per second (IOPS) is a metric that measures the performance of a storage device · Think of it as data put into a system · Ex. records entered into a database · If you have an application that has high IOPS requirements go for storage optimized instances

what to do if your IAM credentials are compromised:

· Determine what resources those credentials have access to · Invalidate the credentials so they no longer can be used to access your account · Consider invalidating any temporary security credentials that might have been issued using credentials · Restore appropriate access · Review access to your AWS account

compute optimized instances

· Ideal for compute-bound applications that benefit from high-performance processors · Ideal for high-performance web servers, compute-intensive applications servers, batch processing workloads that require processing many transactions in a single group and dedicated gaming servers

CloudWatch

· Monitoring service to monitor performance on AWS services and applications that run on AWS o Can monitor things like § Compute · EC2 instances · Autoscaling groups · Elastic load balancers · Route53 health checks § Storage and content delivery · EBS volumes · Storage gateways · CloudFront · You can use it to set high resolution alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to optimize your applications, and ensure they are running smoothly · Benefits: o Access all your metrics from a single platform o Maintain visibility across applications, infrastructure, services -- all about performance

Service Health Dashboard

· Overview of all regions o Shows all regions and the health of AWS in those regions · Daily historical information o You can review all historical information for each AWS service on a per-day basis · RSS feeds o Subscribe to RSS feeds and get immediate notifications if a specific service in a region goes down · General status of AWS services

general purpose instance

· Provides a balance of compute, memory, and networking resources · Use when resources needed are roughly equivalent

AWS control tower

· The easiest way to set up and govern a new, secure multi-account AWS environment · Allows you to provision multiple AWS accounts in minutes · Those accounts conform to company policies Used for large enterprises with multiple AWS accounts

GuardDuty

· Uses machine learning algorithms o Anomaly detection and third-party data to monitor and protect your AWS Account · One click to enable (30 day trial) o Don't need to install software · Input data: o Cloudtrail event logs o VPC flow logs o DNS logs · Enabled across the one account

accelerated computing instances

· Utilizes hardware accelerators or co-processors to perform some functions more efficiently than just using a cpu · Ideal for floating-point number calculations, graphics processing, data pattern matching, graphics applications, game streaming, and application streaming

IAM credential report

· You can generate and download a credential report that lists all the users in your account o Passwords § Whether it was enabled, last used, last changed o Access keys § Whether it is access, last used, last rotated o MFA § Whether it has been enabled

Elastic Beanstalk

· You can quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications - you simply upload your application and elastic beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring -- is ideal if you have a PHP, Java, Python, Ruby, Node.js, .NET, Go, or Docker web application. -- uses core AWS services, such as Amazon EC2, Amazon Elastic Container Service (Amazon ECS), AWS Application Auto Scaling, and Elastic Load Balancing, to support applications that need to scale to serve millions of users. To get started, you upload your application code. The service supports the following operations: • Resource provisioning • Load balancing • Automatic scaling • Monitoring

amazon EC2 auto scaling

· automatically add or remove EC2 instances in response to changing application demand o To scale faster, use both dynamic scaling and predictive scaling together monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost.


Conjuntos de estudio relacionados

World History Quiz Questions for Exams

View Set

CLEP: Government, 3.1: Political Parties

View Set

EMERGENCY: Section 8 - Special Patient Populations (1 of 2)

View Set