Cloud Computing Exam 1
What is AWS Billing and Cost Management Service? How can this service be used when managing AWS?
AWS billing and cost management is the service you use to pay your AWS bill, monitor your usage, and budget your costs.
What AWS tool can you use to estimate your total price for AWS services?
AWS pricing calculator
What AWS tools lets you explore AWS services and create an estimate for the cost of your use cases on AWS?
AWS pricing calculator
What's an edge location?
AWS provides a global network of points of presence that measure the internet connection, performance, and computing to efficiently route requests. Requests going through are located to the nearest edge location to lower latency and it caches the content. -reduce latency in the CDN (content delivery network)
A company has an application, which consists of a .NET layer that connects with a mySQL database. They want to move to the cloud and use features such as high availability and automated backups. Which of the following would be an ideal database for this use case
Amazon Aurora (think of this one as the service Amazon wants you to use and it is optimized to the cloud which is why its cloud features work best)
What is AWS Cloudwatch and what it is used for?
Amazon CloudWatch is a monitoring and observability service that monitors your AWS resources in real time. You can use it to collect and track measurements. USES: -You can use CloudWatch events to look for changes in your AWS environment and route them to where they need to go (such as Lambda, EC2 instances, etc.) -can set alarms for metrics based on thresholds
T/F AWS Key Management Service enables you to assess, audit, and evaluate the configurations of your AWS resources
False, it is a service that allows you to create and manage encryption keys (AWS Config allows you to assess, audit, and evaluate your configurations)
you need to allow resources in a private subnet to access the intent, which of the following must be present to enable this access?
NAT gateway
Which of the following are pillars of the AWS well-architected framework
Security, operational excellence, cost optimization (NOT persistence)
Which of these is not a cloud computing model PaaS IaaS SaaS System administration as a service
System administration as a service
What is TCO ? How does Cloud TCO compare to on-premise TCO
TCO: total cost of ownership- financial estimate to help identify direct and indirect costs of a system TCO considers server costs, storage costs, network costs, and IT labor costs. AWS costs are decommissioned no longer in use, which lowers overall costs.
What is the AWS Well Architected framework? Why is it important?
The AWS well architected framework is a guide for designing infrastructures that are -secure -high performing -resilient -efficient We use it as a consistent approach for evaluating/implementing cloud architectures and a way to provide best practices that were developed through lessons learned by reviewing customer architectures
what is defined as the ability for a system to remain operational even if some of the components of that system fail?
fault tolerance
________ means the infrastructure has built-in component redundancy and _____ means that resources dynamically adjust to increases or decreases in capacity requirements
fault tolerant/elastic and scalable
What is AWS Organization and what is it used for?
free account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. used for: -centrally managed access policies -controlled access to AWS services -automated AWS account creation and management -consolidated billing
economies of scale result from
having hundreds of thousands of customers aggregated into the cloud
Which of the following best describes that a system can withstand some measures of degradation, experiences minimal downtime, and requires minimal human intervention?
highly available
Amazon S3 replicates all objects ________
in multiple availability zones within the same region
What is load balancing? How does AWS Elastic Load Balancing support our AWS resources used?
load balancing: distributes incoming application or network traffic across multiple availability zones or multiple targets in a single availability zone - supports AWS resources like EC2 instances, containers, lambda functions, and IP addresses
What happens when you use Amazon VPC to create a new VPC
main route table is created by default
Which of the following are elements of an auto scaling group
min size, max size, desired capacity
What is the focus of the sustainability pillar of the well-architected framework?
minimizing environmental impacts of running cloud networks
How would a system admin add an additional layer of login security to a user's AWS management console
multi factor authentication
AWS highly recommends provisioning your compute resources across ___ availability zones. Multiple single all no
multiple
What is AWS Cloudfront? What does it allow us to do?
secure CDN (content delivery network) that delivers with low latency and high transfer speeds. Allows you to obtain benefits of high performance CDN without negotiated contracts has edge locations and regional edge caches that get the content closest to them. Less popular content goes to regional edge caches
Which of the following can be used to protect Amazon EC2 instances hosted in AWS?
security group (which services as a virtual firewall to control inbound and outbound traffic)
Which of the following are characteristics of Amazon EC2 autoscaling?
responds to changing conditions by adding or terminating instances -launches instances from a specified AMI -enforces a min number of running Amazon EC2 instances
Your web application needs four instances to support steady traffic all of the time and on the last day of the month, the traffic triples. What is the most cost effective way to handle this pattern?
run 4 reserved instances, and then add 8 on-demand the last day of each month
Which of the following must be specified when launching a new EC2 instances
- EC2 instance type AMI
What is true about regions
- a region is a physical location with multiple availability zones -each location in a separate geographic area
In Elastic Load Balancing, when the load balancer determines an unhealthy target, which of the following are true?
- stops routing traffic to that target -routes to healthy target -resumes routing traffic when it is healthy again
Which of the following elements are used to create an Amazon EC2 auto scaling launch configuration
-AMI -instance types -EBS volumes
When creating an AWS IAM policy, what are the two types of access that can be granted to a user
-AWS management console access -programmatic access
Which of the following are features of EBS
-EBS volumes persist when the instance is stopped and is automatically replicated within an availability zone -EBS volumes can be encrypted transparently to workloads on the attached instance
Which should be done by the AWS root user
-changing the AWS support plan
You can use Amazon EFS to
-implement storage for EC2 instances that multiple virtual machines can access at the same time
Which of the following are best practices to secure your account with IAM?
-manage access to AWS resources -define find-grained access rights
in Amazon DynamoDB, what does the query operation enable you to do
-query a table using the partition key and an option sort key filter - query any secondary indexes that exist in a table -efficiently retrieve items from a table or secondary index
With Amazon VPC what is the maximum size IP address range you can have in a VPC
/16
With Amazon VPC, what is the smallest size subnet you can have in a VPC?
/28
You are a solutions architect who works at a large retail company migrating into AWS and recommend they use a custom VPC and when you create it, you assign it 256 IP addresses. How many are available?
251 (bc 5 are reserved)
Regarding Amazon S3 Glacier, what is a Vault?
A container for storing archives
For certain services like EC2 and RDMS you can invest in reserved capacity. What options are available for reserved instances
AURI (all upfront reserved instances) NURI (no upfront reserved instances) PURI (partial upfront reserved instance)
Where can a customer go to get more details about EC2 billing activity that took place 3 months ago?
AWS Cost explorer
You are designing an ecommerce web application that will scale to hundreds of thousands of concurrent users. Which database technology is best suited to hold the session state in this example
Amazon DynamoDB excels at scaling to hundreds of thousands of requests with key/value access to user profile and session
Which of the following AWS tools help your application scale up or down based on demand
Amazon EC2 autoscaling & elastic load balancing
Which AWS cloud service is best suited for analyzing your data by using SQL and existing business intelligence tools
Amazon Redshift
Which service would you use to send alerts based on Amazon CloudWatch alarms?
Amazon simple notification service
After you move to the AWS Cloud, you want to ensure that the right security settings are put in place. Which online tool can assist in security compliance?
Amazon trusted advisor
Which are the 4 support plans offered by AWS support?
Basic, developer, business, enterprise
There is an audit at your company and they need to have a log of all access to AWS resources in the account. Which of the following services can assist in providing these details
CloudTrail
Which of the following services can help you collect important metrics from Amazon RDS and Amazon EC2 instances
CloudWatch
If you are developing an application that requires a database with extreme performance, fast scalability, and flexibility in the database schema, which service should you consider?
DynamoDB
Which of the following is a compute service? -VPC -S3 -EC2 -CloudFront -Amazon Redshift
EC2
Which AWS services and categories are considered core and are available in all regions/availability zones?
EC2 S3 RDS
Why is AWS more economical than traditional data centers for applications with varying compute workloads?
EC2 instances can be launched on demand when needed
now the basics of each and the differences between the following AWS Compute services: -EC2 - Lambda -Elastic Beanstalk
EC2: elastic cloud compute: virtual machines where you choose the OS and resources. IaaS Lamda: zero-administration compute platform. Serverless computing Elastic Beanstalk: PaaS. Facilitates quick deployment of apps by managing OS, servers, infrastructure, etc. and you just focus on the code
What is the service provided by AWS that enables developers to easily deploy and manage applications in the cloud
Elastic Beanstalk
Which of the following can be used as a storage class for an S3 object lifecycle policy
Glacier S3 infrequent access S3 standard access
What is IAM? What is an IAM policy? What are IAM users, groups and roles?
IAM: identity and access management IAM policy: document that defines which resources can be accessed and the level of access to each resource IAM users: person or app that can authenticate with an AWS account IAM group: collection of IAM users with identical authorization IAM role: temporary access to certain resources
Three primary service models: IaaS, PaaS, SaaS
IaaS: infrastructure as a service is the basic building blocks for cloud IT and typically provide you with access to networking features, computers, and data storage. Has highest level of flexibility and management over IT resources. Most similar to existing IT resources our developers are familiar with today PaaS (Platform as a Service): services in this category reduce the need for you to manage the underlying infrastructure (usually hardware and OS) and enable you to focus on the deployment and management of your applications SaaS (software as a service): services provide you with a completed product that the service provider runs and manages. Usually refers to end-user applications. Ex: web based email
What does utility style pricing entail?
It means paying for exactly what you need. 1. pay for what you use 2. pay less when you reserve 3. pay less when you use more 4. pay even less as AWS grows
which of the following services is a server less compute service in AWS?
Lambda
Why is monitoring important? Which AWS services can help us monitor the AWS resources that we are using?
Monitoring is important because it keeps resources secure and data secure as well as helps you keep up with who is doing what/costs associated with your account. Use: AWS CloudWatch: monitors resources and applications and you can scale up or down here AWS cloud trail: monitors activity in AWS environment can see who did what in apps
What is AWS Route 53? What does it allow us to do?
Route 53: DNS that is used to route end users to internet apps by translating names into numeric IP addresses. It has DNS failover to improve the availability of ur apps
you need to find an item in an Amazon DynamoDB using an attribute other than the item's primary key. Which of the following operations should you use?
Scan operation
If your project requires you to run monthly reports that iterate through very large amounts of data, which Amazon EC2 purchasing option should you consider?
Scheduled reserved instances
Describe the AWS Shared Responsibility model. How are responsibilities divided for the different service models - SaaS, PaaS, and IaaS?
Users responsible for what is in the cloud. AWS responsible for the cloud IaaS: customer has more flexibility over configuring networking and storage settings PaaS: customer does not need to manage infrastructure but handles OS, database, firewall, disaster recovery. SaaS: Customer does not need to manage infrastructure that supports the service but need to be careful of data entered
Which AWS networking service enables a company to create a virtual network within AWS
VPC
In Amazon DynamoDB, an attribute is
a fundamental data element
Which of the following must be configured on an Elastic Load Balancing load balancer to expect incoming traffic?
a listener
What is included in an Amazon Machine Image - a template for the root volume for the instance - launch permissions that control which AWS accounts can use the AMI to launch instances - A block device mapping that specifies the volumes to attach to the instance when it is launched - all of the above
all of the above
What are the 3 types of land balancers elastic load balancing offers
application load balancer network load balancer classic load balancer
Which of the following is a principle when designing cloud-based systems?
assume everything will fail
How does Elastic Beanstalk provide PaaS?
by allowing you to focus on code of app while it manages the hardware, OS, etc.
Which of the following use cases is appropriate for using Amazon RDS
complex transactions (would NOT use for simple GET/PUT requests or massive read/write rates)
what should you consider when choosing a database type?
data size, data access period, query frequency, highly available
Which EC2 feature ensures your instances will not share a physical host with instances from any other AWS customer?
dedicated instances
After initial login, what does AWS recommend as the best practice for the AWS Account Root User? (Select the best answer)
delete access keys of AWS account root user
Which component of AWS global infrastructure does Amazon Cloudfront use to ensure low latency delivery
edge locations
T/F by default all data stored in Amazon S3 is viewable by the public
false
T/F containers contain an entire OS
false
T/F: Private subnets have direct access to the Internet
false
Amazon EBS is recommended when data ___ and ___
must be quickly accessible, requiring long-term persistence and requires an encryption solution
Which of the following is an optional security control that can be applied to a subnet layer of a VPC?
network ACL
AWS trusted advisor provides insight regarding which 5 categories of an AWS
performance, cost optimization, security, fault tolerance, service limits
Which of the following is a measure of your system's ability to provide functionality when desired by the user
reliability
Which Amazon EC2 option is best for long-term workloads with predictable usage patterns?
reserved instances
Which of the following is not one of the four areas of the performance efficiency pillar of the AWS well-architected framework
traceability
T/F Amazon S3 is an object storage suitable for the storage of flat files like Microsoft Word documents, photos, etc.
true
T/F amazon RDS automatically patches the database software and backups for your database, storing the backups fro a user-defined retention period
true
T/F when you create a bucket in S3 it is associated with a specific AWS region
true
T/F: AWS organizations enables you to consolidate multiple AWS accounts so that you can centrally manage them
true
Which design principles are recommended when considering performance efficiency
use server less architectures and democratize advance technologies
The name of an S3 bucket must be unique _________. (Select the best answer)
worldwide across all AWS accounts
In the shared responsibility mode, AWS is responsible for providing
security of the cloud (customer is responsible for security IN the cloud)
How is the cloud like traditional IT? How is it different?
- AWS security groups and IAM is the same thing as traditional administrators and firewalls. AWS elastic load balancing and VPC are similar to traditional routers, network pipelines, and switches. AWS Amazon Machine Images (AMIS) and Amazon EC2 are similar to o premises servers. Amazon elastic block store, amazon elastic file system, and amazon simple storage service, and amazon relational database service are similar to direct attached storage (DAS), storage area networks (SANS), and relational database management services.
which of these statements about availability zones is not true? - availability zones are designed for fault isolation -availability zones are made up of one or more data centers - a data center can be used for more than one availability zones - availability zones are connected to each other using high-speed private links
- a data center can be used for more than one availability zones
What are the benefits of using AWS organizations
- ability to create groups of accounts and then attach policies to the group - simplifies automating account creation and management by using APIs
Which of the following are geographic areas that host two or more availability zones?
- regions
Ways to access AWS core services?
-AWS management console -CLI -SKDs
Basics of networking: IP addresses, subnets, routing
-IP addresses: internet protocol address that defines a machine. IT is in numerical label formatted by a decimal and machines convert the decimal to binary internet IP: 0.0.0.0/0 reserved IP addresses in CIDR block: 5 of them reserved -Subnets: range of IP addresses that divide a VPC. Can be public (access to internet) or private (no access to internet) Routing: route tables contain set of rules to direct traffic from your subnet. Each route has a destination and target. Each route table contains a local route for communication within the VPC. Each subnet must be associated with a route table (At most one)
What's the difference between a self-managed and managed database? What should a business consider when choosing between the two?
-Self managed database: must manage how the service responds to changes in load, errors, and situations where resources become unavailable. Benefit: more fine-tuned approach to how your database handles changes in load and errors. -Managed database: require the user to configure them. Ex: S3 is a managed service and would scale, be fault tolerant, and availability would be handled by Amazon
What are the advantages of cloud computing over computing on-premises?
-avoid large capital purchase -use on-demand capacity -go global in mins -increase agility and speed
In the shared responsibility model, which of the following are examples of security in the cloud?
-encryption of data at rest and in transit -security group configurations
Which of the following is the responsibility of AWS under the AWS shared responsibility model? -configuring third party apps -maintaining physical hardware -security application access data -managing custom AMIs
-maintaining physical hardware
Which of the following are not benefits of cloud computing? -multiple procurement cycles -high availability -high latency -temporary and disposable resources -fault-tolerant databases
-multiple procurement cycles -high latency
In general, what economic benefits can be derived from Cloud adoption?
-pricing model lets us match what we use with what we pay (utility pricing) -economies of scale come from using AWS. -You swap out traditional infrastructure costs for scaling up and down and pay for what you use.
What is AWS Trusted Advisor and how does it help you to create applications that follow best practices?
1. AWS trusted advisor is a tool you can use to review your AWS environment. 2. Helps create applications that follow best practices by looking at your entire AWS environment and giving real-time recommendations in 5 categories: - cost optimization - performance - security - fault tolerance - service limits
What are the primary AWS DB services available?
1. Amazon RDS 2. Amazon Dynamo Database Service (RDS) 3. Amazon Redshift 4. Amazon Aurora
RDS: When to use? Types of DBs supported. Considerations for using.
1. Amazon RDS: managed service that sets up and operates a relational database in the cloud 2. When to use: -complex transactions/queries -medium/high query or write rate -no more than a single worker node or shard 3. Types of DBs supported: - MySQL -Amazon Aurora -Microsoft SQL server -PostgreSQL -MariaDB -Oracle 4. Considerations when using: - You manage application optimization -can run an instance of RDS in Amazon VPC if you want to customize your networking -database instances differ in storage and price characteristics so you can pick the perfect one for ur business needs
Redshift: When to use? Types of DBs supported. Considerations for using.
1. Amazon Redshift: fast, fully managed DATA WAREHOUSE that makes it simple to analyze all your data by using SQL and your existing BI tools 2. supported DBS: -SQL -Java Database Connectivity (JDBC) - Open Database Connectivity (ODBC) 3. When to use: - enterprise data warehouse - big data - SaaS -ANALYTICS 4. Considerations when using: - easily scale with no downtown
Aurora: When to use? Types of DBs supported. Considerations for using.
1. Aurora: MySQL and PostgreSQL-compatible relational database that is built for the cloud (combines high-end commercial databases with the simplicity and cost-effectiveness of open source databases) 2. When to use? -When you want highly available data because it stores data cross multiple availability zones with continuous backups 3. considerations when using - multiple levels of security - automatic backups to avoid brown outs (resilient design) - harder to move to other clouds because this is an amazon-specific service
Cost optimization pillar: design principles; foundational questions
1. Cost optimization: avoid unnecessary costs 2. cost optimization design principles: -implement cloud financial management -adopt a consumption model -measure overall efficiency -stop spending money on undifferentiated heavy lifting -analyze and attribute expenditure 3. cost optimization questions: --> practice cloud financial management How do you implement cloud financial management? --> expenditure and usage awareness: how you govern usage, monitor usage and cost, and decommission resources? --> cost effective resources how do you evaluate cost when you select services? how do you meet target costs when you select resource type, size, and number? How do you use pricing models to reduce cost? How do you play for data transfer changes? --> manage demand and supply resources --> optimize over time How do you evaluate new services?
Database review: what is a database? Types of Cloud databases. Relational database concepts.
1. Database: a structured set of data that can be manipulated in certain ways 2. Types of cloud databases: - NO SQL/non-relational databases -relational databases 3. Relational database concepts: -entity (table): an object that exists -fields (columns): specific attributes of an entity -records (rows): instance of an entity
DynamoDB: When to use? Types of DBs supported. Considerations for using.
1. DynamoDB: non-relational databases (any DB that does not follow the relational model provided by RDBMS. NRDB scale horizontally and can work with unstructured and structured data.) OBJECT DATABASE features of Amazon DynamoDB: -no SQL database tables -unlimited storage -items can have differing attributes -low-latency queries -scalable read/write throughput - has 2 primary keys: partition key and sort key (composite primary key) 2. When to use: - mobile, web, gaming, IoT apps, adtech 3. types of DB supported: -NOSQL 3. considerations for using:
Reliability pillar: design principles; foundational questions
1. Reliability pillar: ensure a workload performs its intended function correctly and consistently when it is expected to 2. reliability pillar design principles: - automatically recover from failure -test recovery procedures - scale horizontally to increase aggregate workload availability -stop guessing capacity - manage change in automation 3. foundational questions: --> foundations: how do you manage service quotas and constraints? How do you play your network topology? --> workload architecture: how do you design design your workload service architecture? How do you design interactions in a distributed system to prevent failure, and mitigate/withstand failures? --> change management: how do you monitor workload resources? How do you design your workload to adapt to changes in demand? -->failure management: -how do you backup data? how do you use fault isolation to protect workload? How do you design your workload to withstand component failures? How do you test reliability? How do you plan for disaster recovery?
What are the basic AWS Storage options: S3, EBS, EFS, S3 Glacier? Compare and contrast. When is it appropriate to use each?
1. S3 (simple storage solutions) --> OBJECT. storage solution built to store and retrieve any amount of data from everywhere. stored in Buckets. Objects can be any file such as images or videos [use when staging area for big data, static web hosting, backup and disaster recovery, etc.] -normally would not store software here 2. EBS (elastic block system) --> has persistent storage that retains data after power to that device is cut off (also called non-volatile storage) 3. EFS: implements storage for Ec2 instances that multiple virtual machines can access at the same time. It is implemented as a shared file system that uses NFS protocol. [use for big data/analytics, content management, etc.] 4. S3 Glacier: low cost storage for data archiving, [use when you don't need to access the files often]
What is scaling? What are the different types of scaling - horizontal and vertical? How does auto-scaling help us with our AWS resources?
1. Scaling: ability to increase or decrease compute capacity of application 2. vertical scaling (scaling up) --> replacing existing resources with more efficient one (maybe with more storage or CPU) horizontal scaling (scaling out) --> spreading workload among more resources 3. How autoscaling helps with AWS resource: helps maintain application availability in the cloud such as automatically adding or removing EC2 instances
What are the three fundamental drivers of cost for AWS?
1. compute: charge per hour/second and varies by instance type 2. storage: charged per GB 3. data transfer: outbound is aggregated and charged. In bound has no charge (with some exceptions). Typically charged per GB
What are the various ways that we can interact with an EC2 instance? (console, CLI, SDK). When/why would we use each of these?
1. console: find info about instance such as IP and DNS, subnet IDs, AMI ID, etc. 2. CLI: can launch an Ec2 instance programmatically 3. SDK: already has code ready for you to programmatically launch Ec2 instance
What are some best practices for monitoring Cloud resources?
1. determine which metrics mean most to your organization 2. choose tooling based on core metrics 3. numbers mean nothing without context (need a baseline to compare to) 4. monitor the user experience 5. use monitoring tool to improve testing procedures 6. automate when possible 7. establish targeted alerting
What are the general benefits of moving to the Cloud?
1. elastic and scalable 2. fault tolerance 3. high availability
Operational Excellence pillar: design principles; foundational questions
1. operational excellence - run and monitor systems to deliver business value, and to continually improve supporting processes and procedures 2. design principles: - perform operations as code - make frequent, small, reversible changes - refine operations procedures frequently - anticipate failure - learn from all operational events and failures 3. foundational questions - how do you determine what you priorities are? - How do you structure your organization to support business outcomes? - how do you design your workload so that you can understand its state? - how do you reduce defects, ease remediation, and improve flow into production? - How do you mitigate deployment risks - how do you know that you are ready to support a workload? - how do you understand the health of your workload and operations? - how do you evolve operations?
Performance Efficiency pillar: design principles; foundational question
1. performance efficiency: use resources sparingly to meet system requirements and to maintain that efficiency as demand changes and technologies evolve 2. performance efficiency design principles: - democratize advanced technologies -go global in minutes - user server less architectures -experiment more often -consider mechanical sympathy (technology approach that aligns best to what you are trying to achieve) 3. performance efficiency questions: --> selection: how do you select the best performing architecture, compute solution, storage solution, and database solution? How do you configure your network solution? --> review: how do you evolve your workload to take advantage of new releases? --> monitoring how do you monitor your resources to ensure they are performing? --> tradeoffs: how do you use tradeoffs to improve performance?
Reliability and High Availability
1. reliability: a measure of your systems ability to provide functionality when desired by the user -system means all hardware, firmware, and software -probability entire system will function as intended for a specific period - mean time between failures = total time n service/number of failures 2. availability: normal operation time/total time - % of uptime over time -highly available systems can withstand some measure of -degradation while still remaining available factors that influence -factors that influence availability: 1. fault tolerance 2. scalability 3. recoverability
Security pillar: design principles; foundational questions
1. security pillar: protect systems, assets, and information while delivering business value through risk assessments and mitigation strategies 2. security design principles: - implement a strong identity foundation - enable traceability - apply security at all layers - automate security best practices - protect data in transit and at rest - keep people away from data - prepare for security events 3. foundational questions: --> security: how do you securely operate your workload? --> IAM how do you manage identities/permissions for people and machines? --> Detection how do you detect and investigate security events? --> infrastructure protection how do you protect your network resources and compute resources? --> data protection: how do you classify data and protect it in transit and at rest? --> incident response: how do you anticipate, respond to, and recover from incidents?
What options do you have to choose from when setting up an EC2 instance: AMI, instance type, memory, etc.
1. select an AMI (amazon machine image) which is a template that contains the operating system you want 2. select an instance type that is optimized for specific purposes (general, storage, memory, etc.) 3. network settings such as subnets 4.can attach IAM roles if EC2 instances need to interact w other instances 5. User data scripts are also optional and can customize run time environment 6. storage 7. Tagging to attach meta data to instance that can be filtered 8. Security group settings that control traffic to instance 9. Create key pair that one is public AWS stores and one is private that you store to access ur instance
Primary advantages of Cloud computing
1. trade CAPEX for Variable Expense/ OPEX 2. massive economies of scale 3. stop guessing capacity 4. increase agility and speed 5. stop spending money on running and maintaining data centers. 6. go global in minutes
List some AWS services that are offered at no charge?
1.Amazon VPC 2. AWS identity and access management (IAM) 3. Consolidated billing 4. AWS elastic beanstalk 5. AWS cloud formation: easy way to create a collection of relatable AWS resources and provision them in an orderly way 6. AWS opswork
What does the term "Compute Service" mean?
4 broad categories: - virtual machines that provide IaaS -serverless -container-based -platform as a service (PaaS)
What are the design principles for the Security pillar of the AWS Well Architected Framework? How are these carried out?
?
Be aware of other AWS security related services: Shield, Cognito, etc.
AWS Cognito: adds user sign-up, sign-in, and access control to your web and mobile applications. It is good for highly regulated industries such as healthcare AWS Shield: managed distributed denial of service protection service. Safeguards apps running on AWS. Use to minimize application downtime and latency AWS config: service that enables you to assess, audit, and evaluate configurations of AWS resources. It makes sure you are in compliance with your industry standards
Six perspectives of the Cloud Adoption Framework
CAF: best practices to using cloud -business focus: 1. business 2. people 3. governance -technical capabilities 4. platform 5. security 6. operations
Be able to explain core concepts of: CDN VPC and DNS
CDN: Amazon Cloudfront is a content delivery network that securely delivers content with low latency and high transfer speeds. When you stream a movie, it is in an original file on a server and must make many hops from different networks to reach your request. The distance traveled affects the latency. a CDN is a globally distribute system of caching servers and delivers a local copy of requested content from a nearby edge. Improves latency VPC: provisions a logically isolated section of AWS cloud where you can launch AWS resources in a virtual network that you define. Gives control over virtual networking resources including (selection of IP addresses, creation of subnets, configuration of route tables and network gateways DNS: phonebook of the internet. Amazon Route 53 routes users to internet applications by translating names such as www.amazon.com to an IP address
Three ways that you can work with AWS services: Console, CLI, SDKs
Console: rich graphical interface to a majority of the features offered by AWS (manually typing/clicking on things) CLI: provides a suite of utilities that can be launched from a command script in different OSs (manually typing in things and gives more control over console) SDKs (software development kits): AWS provides packages that enable accessing AWS in a variety of popular programming languages. This makes it easy to use AWS code in your existing apps and lets u create apps that deploy/monitor complex systems entirely through code. Includes API (used when writing software that will connect to the cloud and does automatic CLI commands)
What is a Container? How does this concept change how applications are deployed?
Container: operating system virtualization. Package an app's code, configurations, and dependencies in building blocks. Containers are smaller than virtual machines and do not contain an entire OS Changes how applications are deployed by making sure they deploy quickly, reliably, and consistently regardless or deployment environment. Run containers on docker, and a container has everything a software app needs to run.
T/F edge locations are only located in the same general areas as regions
F
Which is true about the pricing model on AWS? - in most cases, there is a per GB charge for inbound data - storage is typically charged per GB - compute is charged monthly based on instance type - outbound charges are free up to a per account limit
storage is typically charged per GB
What is a VPC and what is it used for?
VPC = virtual private cloud is a service that lets you provision a logically isolated section of the AWS cloud where you can launch your AWS resources. Gives control over subnets, IP address, Config of route tables and network gateways
EBS: When to use? What do you need to consider when setting up EFS?
When to use: when you need faster service and less bandwidth and when you want your data automatically backed up What to consider when setting up: 1. EBS volumes persist independently from instance. Charged per GB/month 2. IOPS: ??? 3. snapshots: added cost of Amazon EBS snapshots to Amazon S3 is per GB/month 4. data transfer: inbound data transfer is free, outbound data transfer across regions incurs charges
definition of a web service
a web service is any piece of software which makes itself available over internet and uses a standardized format such as XML or JSON for the request and the response of an application programming interface (API) interaction
In general, what are the benefits of cloud storage? disadvantages?
cloud storage is more reliable, scalable, and secure than traditional on-prem storage disadvantages: cloud storage is dependent on having an internet connection. Also, some storage is not automatically backed up so if you choose the wrong one you will lose your data
Three main cloud deployment models: Cloud, hybrid, on-premises
cloud: cloud-based applications are fully developed in the cloud, and all parts of the application run in the cloud. Could have been created in the cloud or migrated from existing infrastructure Hybrid: a hybrid deployment is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud. Most common method is connecting on premises infrastructure to the cloud On-premises: deploying resources on premises, using virtualization and resources management tools. Also called a private cloud. Sought for its ability to provide dedicated resources.
security groups vs ACLS
security groups: instance level, stateful, allows rules only, all rules evaluated before decision to allow traffic network ACLs: subnet level, allow and deny rules, stateless, rules evaluated in number order before decision to allow traffic
S3: Common use cases, considerations for setting up, pricing, etc.
common uses: -back up and storage -application hosting -media hosting -software delivery setting up/pricing -pay for what you use in GB per month, transfer OUT to other regions PUT/COPY/POST/LIST/GET requests to estimate S3 storage consider: 1. storage class type (standard storage can hold more than standard infrequent access) 2. amount of storage 3. requests: number and types of requests (GET/PUT/COPY) 4. data transfer
What is a container? What AWS services help us to work with and orchestrate containers?
container: package an app's code, configurations, and dependencies into a single object (operating system virtualization) Amazon Elastic Container Service allows us to work with containers: - orchestrate docker containers
You can run apps and workloads from a region closer to the end users to ___ latency
decrease
As AWS grows, the cost of doing business is reduced and savings are passed back to the customer with lower pricing. What is this optimization called?
economies of scale
Which component of the AWS global infrastructure does amazon cloud front use to ensure low-latency delivery?
edge locations
What does 'serverless' mean? Which AWS service is 'serverless'?
event sources trigger a server to run and then it goes away, service is AWS lambda
T/F to receive the discounted rate associated with reserved instances, you must make a full, upfront payment for the term of the agreement
false
T/F, Unlimited services are available with the AWS Free Tier to new AWS customers for 12 months following their AWS sign-up date.
false (only applies to certain services)
T/F cloud computing provides a simple way to access servers, storage, databases, and a broad set of app services of internet. You own the network-connected hardware required for these services and AWS provisions what you need
false, AWS own the resources
What is an Availability Zone? What should you consider when selecting an Availability Zone?
multiple isolated locations in AWS regions, Each availability zone allows better service than would be possible with a single data center. consider: portioning across availability zones in case of weather or other issues. Also design systems to survive temporary or prolonger failure of an availability zone if a disaster occurs,.
What is an ACL? (Access Control List)
optional layer of security for VPC. It acts as a firewall for controlling traffic in and out of one or more subnets. It has separate inbound and outbound rules, and can either allow or deny traffic. Network ACLs are stateless, which means no info about a request is maintained after a request is processed.
What is the pricing model that enables AWS customers to pay for resources on an as-needed basis
pay as you go
Which is NOT a benefit of cloud computing over on premises computing? -increase speed and agility -pay for racking, stacking, powering servers -eliminate guessing on infrastructure capacity needs -trade CAPEX for variable expense -benefit from massive economies of scale
pay for racking, stacking, powering servers
What is a region? What should you consider when selecting a region?
region is a geographical area that consists of two or more availability zones. consider: 1. data governance, legal requirements 2. proximity to customers (latency) 3. services available within the region. 4. costs vary by region
What is the definition of cloud computing?
the on-demand delivery of compute power, database, storage, applications, and other IT resources via the internet with pay-as-you-go pricing. These resources run on server computers that are located in large data centers around the world. When you use a cloud service provider like AWS, that service provider owns the computer you are using. These resources can be used together like building blocks to build solutions that help meet business goals and satisfy technology requirements.
T/F availability zones within a region are connected through low-latency links
true
T/F networking, storage, compute, and databases are examples of service categories that AWS offers
true
T/F: AWS owns and maintains the network-connected hardware required for application services, while you provision and use what you need
true
MFA and Least Privilege
when enabled, users and systems must provide an MFA token in addition to regular sign in credentials Least privilege: grant minimal user privileges needed
EFS: When to use? What do you need to consider when setting up EFS?
when to use: when many EC2 instances may need to access a file What to consider when setting up: 1. create EC2 instances 2. Create EFS 3. Create mount targets in appropriate subnets 4. connect Amazon EC2 instances to the mount targets 5. verify the resources and protection of AWS account
Glacier: When to use?
when you want to archive data for a long time at a low cost and encrypt data at rest