AWS Solutions Architect Associate

How does data consistency work for S3?

- Read after write for PUTS of new Objects - Eventual consistency for overwrite PUTS and DELETES (can take some time to propagate)

File size for S3?

0 Bytes to 5 TB

EC2 Instances cant be hibernated for more than _________ days

60

S3 Standard

99.99 availability 99.99999999 durability Stored redundantly across multiple devices in multiple facilities and is designed to withstand the loss of 2 facilities

Which of the following provide the least expensive EBS options? A. Cold (sc1) B. General Purpose (gp2) C. Throughput Optimized (st1) D. Provisioned IOPS (io1)

A & C. HHD volumes will always be less expensive than the SSD types. Cold and Throughput Optimized are HHD

Dedicated Hosts

A Dedicated Host is a physical EC2 server dedicated for your use.Dedicated Hosts can help you reduce costs by allowing you to use your existing server-bound software licenses like Windows server, SQL server etc and also helps you to meet the compliance requirements .Customers who choose Dedicated Hosts have to pay the On-Demand price for every hour the host is active in the account.It supports only per-hour billing and does not support per-second billing scheme.

Groups

A collection of users. Each user in the group will inherit the permissions of the group

SaaS (Software as a Service)

A form of cloud computing where a firm subscribes to a third-party software and receives a service that is delivered online.

Elastic Fabric Adapter (EFA)

A network device your can attach to you EC2 instance to accelerate HPC and ML applications. Lower more consistent latency and higher throughput than the TPC transport traditionally used in cloud-based HPC systems.

Web Application Firewall (WAF)

A special type of firewall that looks more deeply into packets that carry HTTP & HTTPS traffic. Allows you to control access to your content. Layer 7 (Application Layer)

AWS Web Application Firewall (WAF)

Allows all requests except the ones you specify Blocks all requests except the ones you specify Count the requests that match the properties you specify

Elastic Network Adapter (ENI) v. Virtual Function (VF)

Always choose ENA over VF

Reserved Instances

Amazon EC2 Reserved Instances provide you with a discount up to 75% compared to On-Demand Instance pricing.It also provides capacity reservation when used in specific Availability Zone.For applications that have predictable workload, Reserved Instances can provide sufficient savings compared to On-Demand Instances.The predictability of usage ensures compute capacity is available when needed.Customers can commit to using EC2 over a 1- or 3-year term to reduce their total computing costs.

Spot Instances

Amazon EC2 Spot Instances is unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. The Spot price of Amazon EC2 spot Instances fluctuates periodically based on supply and demand.It supports both per hour and per second (only for Linux Instances) billing schemes . Applications that have flexible start and end times and users with urgent computing needs for large scale dynamic workload can choose Amazon EC2 spot Instances.

Amazon FSx for Lustre

Amazon FSx for Lustre is a fully managed service that provides scalable storage for compute workloads. FSx for Lustre offers shared storage with low latencies, up to hundreds of gigabytes per second of throughput, and millions of IOPS. FSx for Lustre offers multiple deployment types, storage types, and throughput performance levels to optimize cost and performance for your workload requirements.Many workloads such as machine learning, high-performance computing (HPC), video rendering, and financial simulations depend on compute instances accessing the same set of data through high-performance shared storage. Powered by Lustre, the world's most popular high-performance file system,

Amazon FSx for Windows

Amazon FSx for Windows File Server provides fully managed file storage that is accessible over the industry-standard Server Message Block (SMB) protocol. Built on Windows Server, Amazon FSx delivers a wide range of administrative features such as data deduplication, end-user file restore, and Microsoft Active Directory (AD) integration. It offers single-AZ and multi-AZ deployment options, fully managed backups, and encryption of data at rest and in transit. With the HDD storage option, Amazon FSx for Windows File Server offers the lowest-cost file storage in the cloud for Windows applications and workloads.

What can you create from snapshots?

Amazon Machine Images (AMI)

Snapshots of encrypted volumes are encrypted __________

Automatically

EBS Volumes will always be in the same ______________ as your EC2 instance.

Availability Zone

All inbound traffic is ______________.

Blocked by default

eventual consistency

Bucket configurations have an eventual consistency model. Specifically: If you delete a bucket and immediately list all buckets, the deleted bucket might still appear in the list. If you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations (PUT or DELETE) on objects in the bucket.

three ways to restrict bucket access

Bucket policies, object policies, IAM users & groups

You _____ share snapshots but only if they are ________

Can, unencrypted

CloudWatch v. CloudTrail

CloudWatch is a Performance Monitoring function (What the network throughput or disk IO on you EC2 instance) v. CloudTrail increases visibility into you user and resource activity by recording AWS Management Console actions and API Calls (Who is provisioning what resources in AWS e.g. S3 or EC2).

EC2 Cluster placement groups

Cluster - packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of HPC applications.

To retrieve instance metadata or userdata you will need to use the following IP Address; A. http://127.0.0.1 B. http://192.168.0.254 C. http://10.0.0.1 D. http://169.254.169.254

D. http://169.254.169.254

We can achieve High Performance Compute through ______?

Data Transfer Compute and Networking Storage Orchestration and automation

S3 Intelligent Tiering

Designed to optimize costs by automatically moving data to the most cost-effective tier without performance impact or operational overload

Root device for an instance launched from the AMI is an amazon EBS volume created from an amazon EBS snapshot

EBS Volume

Where do EBS snapshots live?

EBS snapshots live on S3

Elastic Block Store

EBS volumes behave like raw, unformatted block devices. You can mount these volumes as devices on your instances. EBS volumes that are attached to an instance are exposed as storage volumes that persist independently from the life of the instance. We recommend Amazon EBS for data that must be quickly accessible and requires long-term persistence. EBS volumes are particularly well-suited for use as the primary storage for file systems, databases, or for any applications that require fine granular updates and access to raw, unformatted, block-level storage. Amazon EBS is well suited to both database-style applications that rely on random reads and writes, and to throughput-intensive applications that perform long, continuous reads and writes.

EFS v. FSx Windows v. FSx Lustre

EFS = When you need distributed, highly resilient storage for Linux instances and Linux based application. FSx Windows = When you need certralized storage for Windows-based applications. FSx Lustre = High Speed high capacity storage HPC, Data analytics, financial modeling

EC2

Elastic Compute Cloud. Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Reduces the time required to obtain & boot new server instances to minutes.

EFS

Elastic File Service - elastic file system that lets you share file data without provisioning or managing storage. - Amazon EFS is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, and AWS containers and serverless compute services including Amazon Elastic Container Service (ECS), Amazon Elastic Kubernetes Service (EKS), AWS Fargate, and AWS Lambda, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistent low latencies.

ENI

Elastic Network Interfaces An Elastic Network Interface (ENI) is a virtual network interface that you can attach to an instance in an Amazon VPC. ENIs are only available within an Amazon VPC, and they are associated with a subnet upon creation. They can have one public IP address and multiple private IP addresses. If there are multiple private IP addresses, one of them is primary.

EFA

Elastic fabric adapter a network device that you attach to your AWS EC2 instance to accelerate high performance computing (HPC) and machine learning applications

Users

End users such as people, employees of an organization, etc

EN

Enhanced Networking use single root I/O virtualization (SR-IOV) to provide a high performance networking capability on supported instance types.

Instance Store

Ephemeral storage that Amazon use to use to store AMIs

Standard reserve instances can be moved between regions (T/F)

False. Reserved instance applies to either a specific AZ or a specific region and cannot be moved.

When do you use an Elastic Network Interface (ENI)

For creating a management network. Using network and security appliances in your vpc. Low budget High availability solutions

S3 IA

For data that is access less frequently but requires rapid access when needed. Lower fee than S3 but you will be charged a retrieval fee.

5 versions of Elastic Block Store (EBS)

General Purpose (SSD) Provisioned IOPS (SSD) Throughput optimized hard disk drive Cold hard disk drive Magnetic

S3 Glacier

Glacier is a low cost data archiving solution. Reliably store any amount of data. Retrieval times are configurable from minutes to hours.

What code are you given when your upload to you S3 bucket is successful?

HTTP 200

hardware virtual machine (HVM) virtualization

HVM virtualization uses hardware-assist technology provided by the AWS platform. With HVM virtualization, the guest VM runs as if it were on a native hardware platform, except that it still uses PV network and storage drivers for improved performance. Some instance types support both PV and HVM while others support only one or the other.

When can you attach/replace an IAM role to an EC2 instance?

IAM roles can be attached in the stopped or the running state.

IAM

Identity access management - allows you to manage users and their level of access to the AWS console. Provides centralized control of your AWS account, ID federation, MFA, Supports PCI DSS

When do rule changes in security groups change?

Immediately

On-Demand Instances

In this model, based on the instances you choose, you pay for compute capacity per hour or per second (only for Linux Instances) and no upfront payments are needed. You can increase or decrease your compute capacity to meet the demands of your application and only pay for the instance you use.This model is suitable for developing/testing application with short-term or unpredictable workloads.On-Demand Instances is recommended for users who prefer low cost and flexible EC2 Instances without upfront payments or long-term commitments.

AWS Snapshots are ____________?

Incremental

IOPS

Inputs Outputs Per Second

The root device for an instance launched from the AMI is an instance store created from a template in S3

Instance Store

S3 One Zone IA

Lower cost option for IA data but does not have multiple AZ data resilience

S3 Glacier Deep Archive

Lowest cost solution there is a minimum retrieval time of 12 hours

What permissions are applied to a new IAM User?

None

S3 is ___________ based?

Object based

What is an object in S3?

Object can be thought of as files. They consist of: Key (the name of the object) Value ( the data and is made up of a sequence of bytes) Version ID ( Metadata Subresources: - Access Control Lists - Torrents

EC2 hibernate is available for what types of instances?

On Demand and Reserved instances.

EC2 Pricing Models

On Demand, Reserved, Spot, Dedicated Hosts

EC2 Partition Placement groups

Partition - spreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka. THINK MULTIPLE INSTANCES

CloudWatch

Performance Monitoring at a host level. A service to monitor AWS resources as well as the applications that run on AWS Monitor things like: - EC2 - DynamoDB - RDS DB Instances - Custom metrics generated by applications and services - Any log files your applications generate

Policies

Policies are made up of documents called "policy documents". these documents are in a format called JSON and they give permissions as to what a User/Group/Role is able to do.

Read after write consistency

Read-after-write consistency is the ability to view changes (read data) right after making those changes (write data)

You can select your AMI based on_________

Region OS Architecture (32 or 64 bit) Launch Permissions Storage for the Root Device

Root device volume

Root device volume is where the OS is going to be stored on your EC2 instance

Cross Region Replication

S3 Cross-Region Replication (CRR) is used to copy objects across Amazon S3 buckets in different AWS Regions. CRR can help you do the following: Meet compliance requirements — Although Amazon S3 stores your data across multiple geographically distant Availability Zones by default, compliance requirements might dictate that you store data at even greater distances. Cross-Region Replication allows you to replicate data between distant AWS Regions to satisfy these requirements. Minimize latency — If your customers are in two geographic locations, you can minimize latency in accessing objects by maintaining object copies in AWS Regions that are geographically closer to your users. Increase operational efficiency — If you have compute clusters in two different AWS Regions that analyze the same set of objects, you might choose to maintain object copies in those Regions.

What are the different Storage Classes?

S3 Standard S3 Infrequently Accessed (IA) S3 one zone IA S3 Intelligent tiering Glacier Glacier Deep Archive

universal namespace

S3 bucket must be globally unique. the buckets are actually given a URL/web address

What are the relational databases on AWS

SQL Server, MySQL, Oracle, PostgreSQL, Aurora, MariaDB

S3

Simple Storage Service - provides secure, durable, highly available object storage. Has simple web services interface to store and retrieve any amount of data from anywhere on the web.

How can you get your data into AWS?

Snowball/Snowmobile, AWS Data Sync, AWS Direct Connect

EC2 Spread Placement groups

Spread - strictly places a small group of instances across distinct underlying hardware to reduce correlated failures. THINK INDIVIDUAL INSTANCES

How is S3 Charged?

Storage Requests Storage Management Pricing Data transfer pricing Transfer acceleration Cross Region replication Pricing

EBS Snapshots are backed up to S3 in what manner?

They use incremental back ups.

S3 has what features?

Tiered Storage Available lifecycle management Versioning Encryption MFA Delete Secure your data using ACL and Bucket Policies

T/F Security Groups are statefull.

True

Termination protection is __________ by default.

Turned off

How do you protect against malicious attacks in AWS?

Use WAF and/or Network ACLs

What is a Security Group?

Virtual Firewall that allows/blocks communication from certain ports

paravirtual (PV) virtualization

When you launch an instance from an AMI, it uses either paravirtual (PV) or hardware virtual machine (HVM) virtualization. PV network and storage drivers for improved performance. Some instance types support both PV and HVM while others support only one or the other.

What are the valid underlying hypervisors for EC2?

Xen and Nitro

Can you encrypt your root device upon creation?

Yes

Can spread placement groups be deployed across multiple AZs?

Yes. A SPGs intent is to distribute instances further apart. Cluster placement groups cannot.

Roles

You create roles and then assign them to AWS resources

Power User Access Allows...

access to all AWS services except the management of groups and users within IAM

EBS backed instances ___ be stopped and instance store backed instances ____ be stopped (only _____ )

can, cannot

How do you encrypt and unencrypted root volume?

create a snapshot of the unencrypted root volume create a copy of the snapshot and select the encryption option create an AMI from the encrypted snapshot Use that AMI to launch new encrypted instances

You cannot place a specific ___________ rule on security groups

deny rule. this is because the default is deny all.

Instance store is known as _____ storage, meaning that data will not persist after an instance is deleted. You ___ set this to false, data will _____ be deleted when that instance disappears.

ephemeral, can, not

General Purpose SSD (gp2) use case

general purpose, balances price and performance. Use cases: Most workloads such as virtual desktops, dev and test environments, and low-latency interactive apps.

Provisioned IOPS SSD (io1) use case

highest-performance SSD volume for mission-critical low-latency or high-throughput workloads that require sustained IOPS performance, or more than 16,000 IOPS or 250 MiB/s of throughout per volume. Use cases: Mission-critical applications, large database workloads such as MongoDB, Microsoft SQL Server, Cassandra, Oracle, MySQL, and PostgreSQL

Throughput Optimized HDD (st1) Use case

low-cost HDD volume for frequently accessed workloads with high throughput. Use cases: Streaming workloads, big data, data warehouses, log processing.

Cold HDD (sc1) Use case

lowest cost HDD volume for less-frequently accessed workloads Use cases: Throughput-oriented storage for large volumes of data that is infrequently accessed

Magnetic HDD

now considered a "previous generation".

EC2 Hibernate

preserves the in-memory RAM on persisten storage (EBS) and is faster because you do not need to reload the OS. RAM must be less than 150 GB.

SR-IOV

singe root I/O virtualization provides high performance capabilities on supported instance types. It is a method of device virtualization that provides higher I/O performance and lower CPU utilization when compared to traditional virtualized interfaces.

IAM is universal

you do not have to choose a region for IAM accounts

EC2 Placement Groups

• A logical grouping of instances within a single AZ • Recommended for low latency, high network throughput or both • ALWAYS within 1 AZ • Name must be unique • Must be of type Compute, GPU, Memory, Storage Optimized instances • Can't merge or move instances into them