Amazon Web Services (Basics)
EFS Infrequent Access (EFS-IA)
Storage class that is cost-optimized for files not accessed every day • Up to 92% lower cost compared to EFS Standard • EFS will automatically move your files to EFS-IA based on the last time they were accessed
IAM is a Global Service (T/F)
True it is a Global Scope service
EC2 to security groups is a many to many relationship (True/False)
True
Amazon S3 use cases
* Backup & storage * Disaster recovery * Archive * Hybrid Cloud storage * Application hosting * Media hosting * Data lakes & big data analytics * Software delivery * Static website
ECS
*Elastic Container Service* This is a highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS. Eliminates the need for you to install and operate your own container orchestration software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines.
What are problems solved/improved by the Cloud?
- Flexibility: change resource types when needed - Cost-Effectiveness: Pay as you go, for what you use - Scalability: accommodate larger loads by making hardware stronger or adding additional nodes - Elasticity: ability to scale out and scale-in when needed - High-Availability and fault-tolerance: build across data centers
What are the types of Cloud Computing?
- Infrastructure as a Service (IaaS) - Platform as a Service (PaaS) - Software as a Service (SaaS)
Ports to know
- SSH 22: login to linux instance - FTP 20/21: upload via file share - SFTP 22: upload files via SSH - HTTP / HTTPS 80 / 443 - RDP 3389: Login to Remote Windows instance
RDS Read Replicas
- Up to 15 read replicas - Within AZ, Cross AZ or Cross Region - Replication is async so reads are eventually consistent - Replicas can be promoted to their own DB - Applications must update the connection string to leverage read replicas or - read replicas are read-only replicas that allow you to horizontally scale up a read-heavy application - read replicas use asynchronous replication - you must have automatic backups enabled to use read replicas
Amazon DMS (Data Migration Service)
- service to move data into AWS from existing data - supports one time and continual migration - supports popular commercial and open source databases - only pay for computation in migration process
EC2 Instance Types?
1. General Purpose 2. Compute Optimized 3. Memory Optimized 4. Accelerated Computing 5. Storage Optimized
S3 Storage Classes
1. S3 Standard 2. S3 - IA (Infrequently Accessed) 3. S3 One Zone - IA 4. S3 - Intelligent Tiering 5. S3 Glacier 6. S3 Glacier Deep Archive
What are the MFA device options in AWS?
1. Virtual MFA Authenticators e.g. Google Authenticator, Authy 2. Universal 2nd Factor (U2F) Security Key e.g. Yubikey (3rd party) 3. Hardware Key Fob e.g. Gemalto (3rd party) 4. Hardware Key Fob for GovCloud e.g. SurePassID (3rd Party)
Amazon Neptune
A fast, reliable, fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets. - GraphDB use cases e.g. Social Networks, Knowledge sites (wikipedia), Fraud Detection - Query Billions of relations in milliseconds
Amazon Quantum Ledger Database (QLDB)
A fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log owned by a central trusted authority. - Recording Financial transactions - Immutable records -
Elastic Container Registry (ECR)
A fully-managed Docker container registry service. - Makes it easy for developers to store, manage, and deploy Docker container images - Private Docker Registry on AWS - Where you store Docker images so they can be run by ECS or Fargate
Amazon S3 Glacier
A secure, durable, and extremely low-cost storage service for data archiving and long-term backup.
AWS CDK (Cloud Development Kit)
AWS Cloud Development Kit Define your cloud infrastructure using a familiar language and is then made into a template You can therefore deploy infrastructure and application runtime code together - Write infrastructure in your Language - Compiled into Cloud Formation YAML
Elastic Beanstalk
AWS Elastic Beanstalk - Platform as a Service, Managed Service - Free, pay for the services used - fastest and simplest way to get an application up and running on AWS. Developers can simply upload their application code, and the service automatically handles all of the details, such as resource provisioning, load balancing, Auto Scaling, and monitoring.
AWS Glue
AWS Glue is a fully managed ETL service that makes it easy to move data between your data stores. - simplifies and automates the difficult and time-consuming tasks of data discovery, conversion, mapping, and job scheduling. - guides you through the process of moving your data with an easy-to-use console that helps you understand your data sources, prepare the data for analytics, and load it reliably from data sources to destinations. - integrated with s3, RDS, REdshift, connects with Java DB
AWS Lambda
AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume—there is no charge when your code is not running. a service to run code without managing compute resources in response to events and triggers - Event Driven (needs a trigger)
AWS Snowball
AWS Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of AWS address common challenges of large transfer: high network costs, long transfer times, and security concerns or is a service that accelerates transferring large amounts of data into and out of AWS using physical storage appliances, bypassing the Internet.
AWS Snowmobile
AWS Snowmobile is an exabyte-scale data transfer service used to move extremely large amounts of data to AWS up to 100 PB per snowmobile
AWS Batch
Allows for thousands of batch computing jobs on aws. Provisions optimal quantity and type of compute resources based on volume and resource requirements of batch jobs submitted. Plans, schedules, and executes batch computing across full range of AWS compute services
Amazon Athena
Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL - serverless - pay for only the queries you run - Use cases: Business Intelligence, Analytics, reporting, analyze & query VPC Flow Logs, ELB Logs, CloudTrail trails
Explain storage for Amazon EC2 instance.
Amazon EC2 provides many data storage options. Each option has a unique combination of performance and durability. These storages can be used independently or in combination to suit your requirements. There are mainly four types of storages provided by AWS: Amazon EBS Amazon EC2 instance store Amazon S3 Adding storage
What is Route 53?
Amazon Route 53 is a highly available and scalable cloud domain name system (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into numeric IP addresses like 192.0.2.1.1 that computers use to connect to each other.
EBS vs EFS
An Amazon EBS volume stores data in a single Availability Zone. To attach an Amazon EC2 instance to an EBS volume, both the Amazon EC2 instance and the EBS volume must reside within the same Availability Zone. Amazon EFS is a regional service. It stores data in and across multiple Availability Zones. The duplicate storage enables you to access data concurrently from all the Availability Zones in the Region where a file system is located. Additionally, on-premises servers can access Amazon EFS using AWS Direct Connect.
What is Amazon Machine Image? (AMI)
An amazon machine image is a template that contains software configuration (ie an OS, app server, an application). From an AMI, we launch an instance, which is a copy of the AMI running as a virtual server in the cloud.We can launch multiple instances of an AMI.
ELB Types
Application Load Balancer (ALB) - Layer 7 - used for HTTP/HTTPS - much more versatile than Classic - key features: SNI, routing based on path, headers, etc. Network Load Balancer (NLB) - Layer 4 - TCP/UDB/TLS Gateway Load Balancer - Layer 3 Classic Load Balancer (retiring in 2023) - Layers 4 & 7 - used for HTTP/HTTPS ALB, NLB use LCU-hours for billing on top of hourly charges Classic uses GB transferred on top of hourly charges
What is auto-scaling? How does it work?
Autoscaling is a feature of AWS which allows you to configure and automatically provision and spin up new instances without the need for your intervention. You do this by setting thresholds and metrics to monitor.
Which Global Infrastructure identity is composed of one or more discrete data centers with redundant power, networking, and connectivity, and are used to deploy infrastructure?
Availability Zones
What is an AWS region?
Cluster of Data centers: A region is a geographical area that consists of different availability zones. Each region consists of 2 (or more) Availability Zones.
What should you consider when chosing an Region?
Compliance: data governance and legal requirements, data never leaves a region without permission Proximity to customer: reduce latency (faster) Available services: new features and service aren't released in every region Pricing: varies from region to region
EC2 Compute Optimized
Compute intensive tasks: Gaming servers, high-performance computing, scientific modeling. Well suited for batch processing workloads
AWS EMR (Elastic MapReduce)
Creates Hadoop Clusters AWS's Big Data Platform for processing vast amounts of data using open source tools like Apache Spark, Apache Hive, Apache HBase, Apache Flink, and Apache Hudi, and Presto. Allows you to run petabyte-scale analysis at half the cost of on-prem and 3x faster Apache Spark. Use cases: - data processing, machine learning, web indexing, big data
What is Amazon's Shared Responsibility Model?
Customer (You) = Responsibility for the security in the Cloud AWS = Responsibility for the Security of the Cloud
CloudFormation
Declarative way to set up infrastructure 0. IaaC - Infractrusture as Code 1. An easy way to create and manage a collection of related AWS resources - Delete and save money on resources overnight then re-create them in the morning! 2. Provisioning and updating them in an orderly and predictable fashion - CF will provide in correct order 3. Can provision almost every AWS resources
Gateway Load Balancer
Deploy, scale, and manage a fleet of 3rd party network virtual appliances in AWS • Example: Firewalls, Intrusion Detection and Prevention Systems, Deep Packet Inspection Systems, payload manipulation, ... • Operates at Layer 3 (Network Layer) - IP Packets • Combines the following functions: • Transparent Network Gateway - single entry/exit for all traffic • Load Balancer - distributes traffic to your virtual appliances • Uses the GENEVE protocol on port 6081 Newest, Operates at layer 3 (IP). (More important for virtualized networking, rather than applications) This provides both Layer 3 gateway and Layer 4 load balancing capabilities. It is a transparent bump-in-the-wire device that does not change any part of the packet. It is architected to handle millions of requests/second, volatile traffic patterns, and introduces extremely low latency.
Docker vs. Virtual Machines
Docker is "sort of" a virtualization technology, but not exactly • Resources are shared with the host => many containers on one server
Amazon DocumentDB
Document database service that supports MongoDB workloads. (MongoDB is a document database program.)
Auto Scaling Group
EC2 capability that manages a group of EC2 instances that have rules for automated scaling and management which includes health checks for each member of the group or The rules and settings that govern if and when an EC2 instance is automatically provisioned or terminated.
What are AWS Availability Zones? Why have them?
Each region has Availability Zones Usually 3-6 Separate from each other to be isolated from disasters Connected together with High bandwidth, ultra-low latency networking
What is EBS?
Elastic Block Storage - EBS is a durable, block-level storage volumes that you can attach to a running Amazon EC2 instance. The Amazon EBS volume persists independently from the running life of an Amazon EC2 instance. After an EBS volume is attached to an instance, you can use it like any other physical hard drive. EBS supports encryption feature.
What is Amazon EC2 Service?
Elastic Cloud Computing - EC2 is a virtual machine and once one has been created it is called an instance. You can create many EC2 instances to be used as virtual servers as you need, design security, networking, and manage storage. AWS EC2 enables you to scale up or down to handle changes in requirements.
What is Amazon Elastic Load Balancing?
Elastic Load Balancing automatically distributes incoming application traffic across multiple EC2 instances in the cloud. It enables you to achieve greater levels of fault tolerance in your applications, seamlessly providing the required amount of load balancing capacity needed to distribute application traffic.
Use your IAM Access Keys for configuring EC2 (T/F)
FALSE - never use, they will be exposed to anyone with access to the EC2 Instead: add a IAM security role e.g. Ready only access by going to: EC2 -> Action dropdown -> Security -> Modify IAM Role
Amazon Redshift
Fast, Simple, Cost-Effective Data Warehousing or Amazon Redshift is a fast, fully managed, petabyte-scale data warehouse that makes it simple and cost-effective to analyze all your data using your existing business intelligence tools. - Load Data every hour, not seconds - Pay as you go - Massively Parallel Query Execution (MPP), Highly Available - SQL interface for queries - BI Tools: AWS Quicksight, or Tableau
AWS Lightsail
For those with minimal cloud experience allows you to quickly launch all the resources you need for small projects In it a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP are all offered as a package. Whereas in normal case you provision an EC2 instance and then setup the rest of these things
Amazon DynamoDB
Fully managed NoSQL database service - extremely low latency and scaling configuration. - commonly used in a serverless architecture. - millions of requests per second, trillions of rows - Integrated IAM - Low cost and auto scaling capabilities - Stand and Infrequent Access Table Class
Amazon ElastiCache
Fully-managed in-memory data store that supports memcached and Redis engines - Reduce load off the DB for read intensive applications
EC2 General Purpose
Great for a diversity of workloads such as web servers or code repositories; balance between compute, memory, and networking
What is IaaS?
Infrastructure as a Service - Provide building blocks for Cloud IT - Provides networking, computers, data storage space - Highest level of flexibility - Easy parallel with traditional on-premises IT (don't like, too ambiguous, workshop) Amazon EC2
AWS Snow Family
Highly-secure, portable devices to collect and process data at the edge, and migrate data into and out of AWS or Collection of physical devices that help to physically transport up to exabytes of data into and out of AWS
AWS Storage Gateway
Hybrid-cloud storage service that enables companies to take advantage of cloud storage on their local networks AWS Storage Gateway is a service connecting an on-premises software appliance with cloud- based storage to provide seamless and secure integration between an organization's on- premises IT environment and AWS storage infrastructure. The service enables you to store data securely on the AWS cloud in a scalable and cost-effective manner. AWS Storage Gateway supports industry-standard storage protocols that work with your existing applications. It provides low-latency performance by caching frequently accessed data on-premises while encrypting and storing all of your data in Amazon S3 or Amazon Glacier.
What are 2 IAM Security Tools?
IAM Credentials Reports (Account Level) IAM Access Advisor (User Level)
S3 Intelligent Tiering
Ideal for data with unknown or changing access patterns Requires a small monthly monitoring and automation fee per object or Designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. and - Moves between Standard and IA - No movement fee - No retrieval fee - Just an object-based admin fee - Use for uncertain access patterns
What is the IAM service?
Identity & Access Management Global Service Assign Users to Groups, Policies
S3 Bucket Policies
JSON Based policies - Resources - Buckets & Objects - Actions - set of API to Allow or Deny - Effects - Allow/Deny - Principal -- The amount or user to apply the policy to
Lambda vs Batch
Lambda: - Time Limited (15 mins) - Limited Runtimes (Languages) - Limited disk space - Serverless Batch: - No time limited (supported by EC2s) - Any runtimes packaged into a Docker Image - Relies on EBS / Instance store for disk space
Fargate
Launch Docker Containers onto AWS Serverlessly a compute engine for Amazon ECS that allows you to run containers without having to manage servers or clusters.
EC2 Elastic File System
Managed NFS (Network File System) that can be mounted onto 100s of EC2s - Linux EC2s - Multi AZ - Highly available, scalable, Expensive
Amazon RDS
Managed Relational Database Service for MySQL, PostgreSQL, Oracle, SQL Server, and MariaDB, etc. or Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud.It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you up to focus on your applications and business. -Automated provisioning, OS patching -Continuous backups -Monitoring dashboard -Read replicas **Cannot SSH into your instance**
Auto Scaling Group Strategies?
Manual Scaling: Updating yourself Dynamic Scaling: Respnding to changing demands - Simple/Step Scaling: CloudWatch Alarm CPU%>70 add 2 UNITs or CPU%<30% remove 2 units - Target Tracking: AVG CPU to stay at 40% - Schedule Scaling: Antipiciated patterns e.g. high traffic Fridays - Predictive Scaling: AI patterns
In IAM, can Groups be assigned to another Group?
No, Group can only contain Users Users can belong to many groups or no groups
Amazon S3 Objects, what is the value? Key? max upload?
Objects (files) have a Key • The key is the FULL path: • s3://my-bucket/my_file.txt • The key is composed of prefix + object name • s3://my-bucket/my_folder1/another_folder/my_file.txt • There's no concept of "directories" within buckets (although the UI will trick you to think otherwise) *OBJECT VALUES ARE content body, max size is 5tb, max upload is 5gb *objects also incude metadata, tags, and version ID (versioning is enabled at bucket level)
EC2 Purchasing Options
On-Demand, Spot, Reserved (Standard + Convertible + Scheduled), Dedicated Host, Dedicated Instance 1. On-demand Instances: With On-Demand instances, you pay for compute capacity by the hour with no long-term commitments. You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified hourly rate for the instances you use. The use of On-Demand instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs. On-Demand instances also remove the need to buy "safety net" capacity to handle periodic traffic spikes. 2. Reserved Instances: Reserved Instances provide you with a significant discount (up to 75%) compared to On-Demand instance pricing.17 You have the flexibility to change families, operating system types, and tenancies while benefitting from Reserved Instance pricing when you use Convertible Reserved Instances. 3. Spot Instance:—Spot Instances allow you to bid on spare Amazon EC2 computing capacity.18 Since Spot instances are often available at a discount compared to OnDemand pricing, you can significantly reduce the cost of running your applications, grow your application's compute capacity and throughput for the same budget, and enable new types of cloud computing applications.
Which of the following is the definition of Cloud Computing?
On-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user
OLAP?
Online analytical processing ( Analytics & Data warehousing) the manipulation of information to create business intelligence in support of strategic decision making
Docker
Open platform for developers to build, ship, and run distributed applications, whether on laptops, data center VMs, or the cloud. - App runs the same regardless of machine - Scale up and down easily
What are the 3 pricing fundamentals?
Pay as you go: - Compute: paying for computing time - Storage: pay for data stored on the Cloud - Data transfer OUT of the Cloud: Data transfer in is free
What is the pricing model of AWS?
Pay-as-you-go
What is PaaS?
Platform as a Service (PaaS) - is the concept of providing a computing platform and software solution stack as a virtual or cloud-based service. - Removes need for own infrastructure - Allows Focus on deployment and management of applications Amazon Elastic Beanstalk
If you only want to management Applications and Data which Cloud Computing Model would you use?
Platform as a Service Model
Amazon Aurora
Proprietary DB MySQL and PostgreSQL compatible database engine for RDS that was built for the cloud or A MySQL and PostgreSQL compatible relational database engine that combines the speed and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. Costs more but more efficient
EBS Snapshots Recycle Bin
Protects your EBS Snapshots and AMIs from accidental deletion - Create rules for storing them for period 1-365 days to recover them after deletion
Amazon Machine Image (AMI)
Public or private template of a VM; - Add your own software, configuration, OS, then build into a image for faster deployment - Available AMI market place to buy, sell and use - AMI ID is a region-based value, even for standard images; - custom images must be copied to other region before it can be used - Deployment
Amazon QuickSight
Serverless Machine Learning - Creates Analytics Dashboards or Amazon QuickSight is a fast, cloud-powered business analytics service that makes it easy to build visualizations, perform ad-hoc analysis, and quickly get business insights from your data
Elastic Load Balancing?
Service that enables you to distribute traffic across multiple targets (including EC2, ECS, Lambda). --- Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple EC2 instances.56 It enables you to achieve greater levels of fault tolerance in your applications, seamlessly providing the required amount of load balancing capacity needed to distribute application traffic 2 types w/ high availability, auto scaling, and security: 1. CLassic load balancer: routes traffic based on app or network level info 2. Application Load Balancer: routes traffic based on advanced application level info (more advanced)
AWS S3
Simple Storage Service - Object Storage - Infinite Scaling
What is Amazon S3 storage?
Simple Storage Service - Amazon S3 provides access to reliable and inexpensive data storage infrastructure. It is designed to make web-scale computing easier by enabling you to store and retrieve any amount of data, at any time, from within Amazon EC2 or anywhere on the web.
What is the AWS SDK?
Software Development Kit Language Specific APIs (Set of Libraries) Programmatically access AWS Services Embedded into your Application Supports various languages
What is SaaS?
Software as a Service (SaaS) is a derivative of Platform as a Service (PaaS). Software as a Service provides on-demand online access to specific software applications or suites without the need for local installation (or even local hardware and OS requirements in many cases). - Completed product that is run and managed by the provider Amazon Rekognition
What is Amazon EC2 Instance Store?
Storage disk that is attached to the host computer is referred to as instance store. Instance storage provides temporary block-level storage for EC2 instances. The data on an instance store volume persists only during the life of the associated Amazon EC2 instance; if you stop or terminate an instance, any data on the instance volume is lost.
Amazon S3 Encryption - Client-Side Encryption
Use client libraries such as Amazon S3 Client-Side Encryption Library Clients must encrypt data themselves before sending to Amazon S3 Clients must decrypt data themselves when retrieving from Amazon S3 Customer fully manages the keys and encryption cycle
Amazon S3 Security
User-Based • IAM Policies - which API calls should be allowed for a specific user from IAM Resource-Based • Bucket Policies - bucket wide rules from the S3 console - allows cross account • Object Access Control List (ACL) - finer grain (can be disabled) • Bucket Access Control List (ACL) - less common (can be disabled) Note: an IAM principal can access an S3 object if • The user IAM permissions ALLOW it OR the resource policy ALLOWS it • AND there's no explicit DENY Encryption: encrypt objects in Amazon S3 using encryption keys
What is the relation between EC2 Instance and AMI?
We can launch different types of instances from a single AMI. An instance type essentially determines the hardware of the host computer used for your instance. Each instance type offers different compute and memory capabilities.
S3 Encryption
You can encrypt your data at rest on S3 and have S3 manage the encryption using (Server-Side-Encryption) AES. DEFAULT The client could also perform the encryption before sending the object to S3.
Amazon Managed Blockchain
a fully managed service that makes it easy to create and manage scalable blockchain networks using the popular open source frameworks Hyperledger Fabric and Ethereum.
AWS Snowcone
a small, rugged, and secure edge computing and data transfer device. It features 2 CPUs, 4 GB of memory, and 8 TB of usable storage.
EC2 Security Groups?
act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. - IP Address - Ports - Type: SSH, HTTP, etc. - Inbound (default blocked) or Outbound (default authorized/allowed)
Auto Scaling
allows provisional deployment and collection of virtual instances to handle load traffic or Automates the process of adding or removing EC2 instances based on traffic demand for your application
Amazon DynamoDB Accelerator (DAX)
an in-memory cache for DynamoDB. It helps improve response times from single-digit milliseconds to microseconds.
In AWS S3, a unit of storage is called a(n):
bucket
EC2 Instance Store
high-performance hardware disk • Better I/O performance • lose their storage if they're stopped (ephemeral) • Good for buffer / cache / scratch data / temporary content • Risk of data loss if hardware fails • Backups and Replication are your responsibility
EBS Multi-Attach
io1/io2 family • Attach the same EBS volume to multiple EC2 instances in the same AZ • Each instance has full read & write permissions to the volume • Must use a file system that's cluster-aware
Edge Computing
moving processing and data storage away from a centralized location to the "edges" of a network or Provisioning processing resource close to the network edge of IoT devices to reduce latency. or Method of optimizing cloud computing systems by performing some data processing on a set of linked servers at the edge of the network, near the source of the data.
S3 Replication
same-region replication SRR or CRR cross-regio replication - Can replicate objects from one bucket to another. - Copying is asynchronous - Versioning must be enabled on both buckets (source/destination) - Objects automatically existing in bucket will not be replicated automatically - Delete markers are not replicated by default
Scalability vs Elasticity vs Agility
scalability: ability to accommodate a larger load elasticity: auto scalable. agility: ability to provide resources to developers fast.
AWS API Gateway
• AWS Lambda + API Gateway: No infrastructure to manage • Support for the WebSocket Protocol • Handle API versioning (v1, v2...) • Handle different environments (dev, test, prod...) • Handle security (Authentication and Authorization) • Create API keys, handle request throttling • Swagger / Open API import to quickly define APIs • Transform and validate requests and responses • Generate SDK and API specifications• Cache API responses a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale
Amazon S3 Buckets
• Amazon S3 allows people to store objects (files) in "buckets" (directories) • Buckets must have a globally unique name • Buckets are defined at the region level Commonly confused a Global service
EC2 Memory Optimized
• Fast performance for workloads that process large data sets in memory • Use cases: • High performance, relational/non-relational databases • Distributed web scale cache stores • In-memory databases optimized for BI (business intelligence) • Applications performing real-time processing of big unstructured data
EC2 Storage Optimized
• Great for storage-intensive tasks that require high, sequential read and write access to large data sets on local storage Use cases: • High-frequency online transaction processing (OLTP) systems • Relational & NoSQL databases • Cache for in-memory databases (for example, Redis) • Data warehousing applications • Distributed file systems
EBS Volume
• It's a network drive (i.e. not a physical drive) - It uses the network to communicate the instance, which means there might be a bit of latency - It can be detached from an EC2 instance and attached to another one quickly • It's locked to an Availability Zone (AZ) -An EBS Volume in us-east-1a cannot be attached to us-east-1b •-To move a volume across, you first need to snapshot it • Have a provisioned capacity (size in GBs, and IOPS) - You get billed for all the provisioned capacity - You can increase the capacity of the drive over time
Amazon FSx
• Launch 3rd party high-performance file systems on AWS • Fully managed service - Lustre: for High Performance Computing (HPS: Machine learning, Video processing, etc.) (Linux/Cluster = Lustre) - Window File Server - NetApp for ONTAP
EBS Snapshots
• Make a backup (snapshot) of your EBS volume at a point in time • Not necessary to detach volume to do snapshot, but recommended • Can copy snapshots across AZ or Region
S3 Versioning
• Once turned on cannot be turned off • Must update permissions on each object version • Version deleted cannot be restored • Object deleted can be restored (delete marker to permanently delete) or - can preserve, and restore from every version of an object stored - once enabled can't be disabled -delete a delete marker to restore file
EC2 Sizing and Configuration Options?
• Operating System (OS): Linux, Windows or Mac OS • How much compute power & cores (CPU) • How much random-access memory (RAM) • How much storage space: • Network-attached (EBS & EFS) • hardware (EC2 Instance Store) • Network card: speed of the card, Public IP address • Firewall rules: security group • Bootstrap script (configure at first launch): EC2 User Data
Amazon S3 Encryption - SSE-C
• Server-Side Encryption using keys fully managed by the customer outside of AWS • Amazon S3 does NOT store the encryption key you provide • HTTPS must be used • Encryption key must provided in HTTP headers, for every HTTP request made
EC2 Image Builder
• Used to automate the creation of Virtual Machines or container images • => Automate the creation, maintain, validate and test EC2 AMIs • Can be run on a schedule (weekly, whenever packages are updated, etc...) • Free service (only pay for the underlying resources)