AWS Certified Cloud Practitioner

Ace your homework & exams now with Quizwiz!

IAM Access

AWS Management Console access Programmatic Access via the AWS API, the CLI, and the SDKs.

EC2 : On Demand Instance

Allow you to pay a fixed rate by the hour (or by the second) with no commitment.

Support Plan : Enterprise

- 15K / Month - 24 x 7 phone, email, chat access - 15 minute response - Unlimited contacts, unlimited cases - Technical Account Manager (TAM) - Concierge support

AWS Service : Simple Queue Service (SQS)

- A fast, reliable, scalable, fully managed message queuing service. - Transmit any volume of data, at any level of throughput - Offload the administrative burden of operating a messaging cluster

S3 : Storage Class : S3 Standard-Infrequent Access

- Accessed less frequently, requires rapid access

EC2 : Reserved Instance : Scenario

- Applications with steady state or predictable usage - Applications that require reserved capacity - Upfront payments to reduce total computing costs even further

EC2 : Spot Instance : Scenario

- Apps with flexible start and end times - Apps that are only feasible at very low compute prices - Users with urgent computing needs for large amounts of additional capacity - Pricing moves up and down all the time like the stock market - If bid price is exceeded then computing stops - If bid price is < = spot price THEN computing continues

S3 : Storage Class : S3 Intelligent-Tiering

- Automatically moves objects between two access tiers based on changing access patterns - Small monthly monitoring and auto-tiering fee

EC2 : Reserved Instance : Scheduled RI

- Available to launch within reserved time window. - Match capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month.

EC2 : Reserved Instance

- Capacity reservation - Discounted - 1 Year or 3 Year terms - AURI (all upfront) - PURI (partial upfront) - NURI (no upfront)

AWS Service : OpsWorks

- Configuration management service that provides managed instances of Chef and Puppet. - Define the application's architecture and the specification of each component including package installation, software configuration and resources such as storage - Automation to scale your application based on time or load

S3 : Storage Classes

- Configured at Object level - S3 Lifecycle policy; data will automatically transfer to a different storage class without any changes to application

Accessing AWS

- Console - Command Line - SDK

AWS Service : CloudFront

- Content delivery network - Distribute content to end users with low latency, high data transfer speeds, and no minimum usage commitments - Deliver entire website, including dynamic, static, streaming, and interactive content - Requests for content are automatically routed to the nearest edge location - Origins : S3 bucket, EC2, ELB, domain name (Route 53) - Distribution: collection of edge locations - Optimized to work with other Amazon Web Services - Support for POST/PUT and other HTTP Methods - Use own domain name and own SSL certificate to deliver content over HTTPS - Ability to remove copies of a file from all edge locations. - Map a wildcard domain name to distribution network. - Visitors to your website can access site at the zone apex (or "root domain") - Configure how CloudFront handles error responses for your website.

AWS Service : Identity and Access Management (IAM)

- Control access to AWS services and resources for your users. - Create and manage AWS users, groups, roles. - Users and groups are global - Use permissions to allow and deny access to AWS resources, and control which operations a user can perform. - Assign individual security credentials (i.e., access keys, passwords, and multi-factor authentication devices) - Request temporary security credentials to provide users access to AWS services and resources. - Enable identity federation to allow existing identities (e.g. users)

S3 : Object

- Data being stored - Includes key (name), ID, value, metadata, ACL's - Within bucket. key and version ID uniquely identify an object. - Value can be any sequence of bytes; from zero to 5 TB.

AWS Service : Direct Connect

- Dedicated network connection between network and one of the AWS Direct Connect locations - Works with all AWS services that are accessible over the Internet - 1 Gbps and 10 Gbps connections - Provision multiple connections if more capacity needed - Private virtual interface from on-premise network directly to AWS VPC - Uses industry standard 802.1q VLANs; can be partitioned into multiple virtual interfaces - Establish private connectivity to multiple VPCs using multiple virtual interfaces - Avoid the need to utilize VPN hardware - Reduces network costs into and out of AWS: -- Reduce bandwidth commitment to ISP -- Data transferred over the dedicated connection is charged at the reduced AWS Direct Connect data transfer

AWS Service : Certificate Manager

- Deploy SSL/TLS certificates for use with AWS Services (e.x ELB, CloudFront) - Automatically renews certificates, if desired - Free - Key management is handled by Amazon using "best practices"

Root Account

- EMail address used to set up AWS account - Single sign-in identity that has complete admin access to all AWS services and resources in the account - Not used for actual work - Use MFA to secure root account - Do not give account credentials away - Create user accounts for each individual

AWS Infrastructure : Edge Location

- Endpoints for Cloudfront - Location where content will be cached - This is separate from an AWS Region/AZ

AWS Service : S3 Glacier

- Extremely low-cost cloud archive storage service that provides secure and durable storage for data archiving and online backup. - As little as $0.01 per gigabyte per month - Average annual durability of 99.999999999% (11 9's) for an archive. - Transfer of your data over Secure Sockets Layer (SSL) - Automatically encrypts data at rest using Advanced Encryption Standard (AES) 256-bit symmetric keys - Redundantly stores data in multiple facilities and on multiple devices within each facility. - Use data lifecycle policies to move data between Amazon S3 and Amazon Glacier - Interact using REST Glacier web service, the Java or .NET SDKs, or by using Amazon S3 Lifecycle Policies

AWS Service : DynamoDB

- Fast and flexible NoSQL database service - Consistent, single-digit millisecond latency at any scale. - Fully managed database and supports both document and key-value data models - Great fit for mobile, web, gaming, ad-tech, IoT

AWS Service : Simple Notification Service (SNS)

- Fast, flexible, fully managed push (pub/sub) messaging service - Notifications to Apple, Google, Fire OS, and Windows devices - Deliver notifications by SMS text message or email, to Amazon Simple Queue Service (SQS) queues, or to any HTTP endpoint. - All messages are stored redundantly across multiple availability zones - Publish a message once, and deliver it one or more times. - Direct unique messages to individual Apple, Google or Amazon devices, or broadcast deliveries to many mobile devices with a single publish request. - Group multiple recipients using topics. - A topic is an "access point" for allowing recipients to dynamically subscribe for identical copies of the same notification. - $1.00 to send one million notifications via push messaging.

Support Plans : Basic

- Free - 7 Trusted Advisor checks - Personal Health Dashboard

AWS Service : WorkDocs

- Fully managed service for secure enterprise document storage and sharing - Strong administrative controls and feedback capabilities.

AWS Service : Amazon Simple Workflow (SWF)

- Fully-managed state tracker and task coordinator in the Cloud. - Build, run, and scale background jobs that have parallel or sequential steps. - Separation between the control flow of your background job's step-wise logic and the actual units of work - Redundantly stores the tasks, reliably dispatches - Eliminates the need for developers to manage the infrastructure plumbing of process automation - Write application components and coordination logic in any programming language

Cloudfront : Factors

- Geographic location - Origin (S3, EC2, ELB, Route 53) - Content delivery server

S3 : Bucket Viewing

- Global - Also have buckets in individual regions

AWS Service : Route53

- Highly available and scalable cloud Domain Name System (DNS) web service - Connects user requests to infrastructure running in AWS - Used to route users to infrastructure outside of AWS. - Manage traffic globally through a variety of routing types, including Latency Based Routing, Geo DNS, and Weighted Round Robin—all - Offers Domain Name Registration

AWS Service : Storage Gateway

- Hybrid cloud storage service - On-premises access to virtually unlimited cloud storage. - Connect an on-premises software appliance with cloud-based storage - Transfers your data to AWS over SSL - Encryption at rest in S3 or Glacier using AES-256 - No re-architecture needed - Only uploads data that has changed - Migration, archiving, processing, and disaster recovery use cases.

EC2 : Spot Instance : Pricing

- If terminated by Amazon EC2 then you are not charged for partial hour usage. - If you terminate the instance yourself, you are charged for any hour in which the instance ran.

EC2 : On Demand : Scenario

- Low cost and flexibility of Amazon EC2 without any up-front payment or long-term commitment - Short term, spiky or unpredictable workloads that cannot be interrupted - Applications being developed or tested on Amazon EC2 for the first time.

S3 : Storage Classes : Features

- Low latency, high throughput - Durability of 99.999999999% of objects; multiple AZ's - Designed for 99.99% availability over a given year - Supports SSL for data in transit and encryption of data at rest

S3 : Storage Class : S3 Glacier

- Low-cost storage class for data archiving

S3 : Storage Class : S3 Glacier Deep Archive

- Lowest-cost storage class and supports long-term retention and digital preservation for data that may be accessed once or twice in a year - Retrieval time within 12 hours

AWS Service : CloudSearch

- Managed service that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application. - High throughput, low latency - Supports a rich set of features including language-specific text processing for 34 languages, free text search, faceted search, geospatial search, customizable relevance ranking, highlighting, autocomplete and user configurable scaling and availability options.

AWS Service : WorkSpaces

- Managed, cloud-based desktop experience. - WorkSpaces takes care of managing hardware and software, patching and maintenance, enabling you to deliver a high quality desktop experience to your users.

AWS Service : Mobile Analytics

- Measure app usage and app revenue. - Tracking key trends such as new vs. returning users, app revenue, user retention, and custom in-app behavior events - Make data-driven decisions to increase engagement and monetization for your app. - View key charts in the Mobile Analytics console and automatically export your app event data to Amazon S3 and Amazon Redshift to run custom analysis. - Free up to 100 million events per month; $1 per million events thereafter.

AWS Service : Elastic Transcoder

- Media transcoding service. - Highly scalable, easy to use and cost effective. - Convert (or "transcode") media files from their source format into versions that will playback on devices like smartphones, tablets and PCs.

AWS Service : CloudFormation

- Model entire infrastructure with either a text file or programming languages - Create and manage a collection of related AWS resources - Ordering and dependencies automatically handled - Deploy collection of resources using a 'template'. Templates can be re-used - Free. No additional charge to use. - Describe resource dependencies if needed. - Pass special parameters in at run time. - Template files are JSON or YAML-formatted text files - Publish progress of events using Amazon SNS

IAM : Roles

- More secure than access keys, easier to manage - Apply to EC2 at any time - Global

AWS Service : Redshift

- OLAP - Fast, fully managed, petabyte-scale data warehouse solution - Analyze all data using existing business intelligence tools - Fast query performance by using columnar storage technology - Uses standard PostgreSQL JDBC and ODBC drivers - Automated most of the common administrative tasks - Backups to S3 are continuous, incremental and automatic. - Pay only for the resources you provision

AWS Service : Simple Email Service (SES)

- Outbound-only email-sending service - Pay low charges for the number of emails sent, data transfer fees, and attachments. - Sending statistics and built-in notifications for bounces, complaints, and deliveries - Outgoing messages are stored redundantly across multiple servers and datacenters - Amazon SES takes proactive steps to maximize the percentage of your emails that arrive in your recipients' inboxes - Track your bounces, complaints, and deliveries with Amazon SNS and easily set up DKIM for any domain you manage via Amazon Route 53.

AWS Service : CloudWatch

- Performance monitoring service for AWS resources and applications; covers most services plus applications running on AWS; EC2, ASG, ELB, EBS - Collect and track metrics, collect and monitor log files, and set alarms - Create custom metrics for application or service, and any log file - CPU, network, disk, status - Free to monitor CPU, Data Transfer, and disk usage activity - 5 minutes by default; Detailed Monitoring, 1 minute - Integrate with SNS to expand alarming capabilities

AWS Service : Snowball

- Portable petabyte-scale data transport device - 50TB/80TB - 10GBaseT network connection - Transfer large amounts of data into and out of the AWS - Automatically encrypted with 256-bit encryption keys

AWS Service : Virtual Private Cloud

- Provision a logically isolated section of the Amazon Web Services (AWS) Cloud - Define the entire virtual networking environment - Control IP addresses, subnets, route tables, and network gateways

AWS Service : Elastic MapReduce (EMR)

- Quickly and cost-effectively process vast amounts of data. - Uses Hadoop to distribute data and processing across a resizable cluster of Amazon EC2 instances. - Used cases: log analysis, web indexing, data warehousing, machine learning, financial analysis, scientific simulation, and bioinformatics.

AWS Service : Trusted Advisor

- Real time guidance to help you provision your resources following AWS best practices - Categories: Cost Optimization, Security, Fault Tolerance, Performance, Service Limits - Over 40 Trusted Advisor checks to monitor and improve the deployment of Amazon EC2, Elastic Load Balancing, Amazon EBS, Amazon S3, Auto Scaling, AWS Identity and Access Management, Amazon RDS, Amazon Route 53, and other services - View the overall status of AWS resources and savings estimations on the Trusted Advisor dashboard.

AWS Service : CloudTrail

- Records all AWS API calls for account - Deliver log files via email - Captures API caller, time, source, rqst. parameters, and rsp. elements - Enables security analysis, change tracking, and compliance auditing.

S3 : Replication

- Replicate the contents on one bucket to another bucket automatically - Within same region or across regions

S3 : Storage Classes : Levels

- S3 Standard; general-purpose storage of frequently accessed data - S3 Intelligent-Tiering; unknown or changing access patterns - S3 Standard-Infrequent Access (S3 Standard-IA) && - S3 One Zone-Infrequent Access (S3 One Zone-IA) for long-lived, but less frequently accessed data - S3 Glacier && - S3 Glacier Deep Archive for long-term archive and digital preservation.

S3 : Bucket

- S3 container for storing, grouping objects - Directory on a computer accessible from anywhere in the world - Accessible via console, command line, SDK

AWS Service : Cognito

- Save mobile user data, such as app preferences or game state, in the AWS Cloud - No writing any backend code or managing any infrastructure - Offers mobile identity management and data synchronization across devices. - Save data locally on users' devices allowing your applications to work even when the devices are offline - Synchronize data across a user's devices so that their app experience will be consistent regardless of the device they use

Cloudfront : non-AWS origin servers

- Seamless - Non-AWS web servers that store original, definitive versions of your files

AWS Service : Elastic Beanstalk

- Service for deploying and scaling web applications and services - Java, .NET, PHP, Node.js, Python, Ruby, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. - Upload code and Elastic Beanstalk automatically handles the deployment - full control over the AWS resources powering your application and can access the underlying resources at any time. - No additional charge for Elastic Beanstalk - you pay only for the AWS resources needed

AWS Service : Data Pipeline

- Service that helps reliably process and move data between different AWS compute and storage services as well as on-premise data sources at specified intervals - Access data where it's stored, transform and process it at scale - Efficiently transfer the results to AWS services

AWS Service : ElasticCache

- Service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud. - Supports two open-source in-memory caching engines: Memcached and Redis - Automatically detects and replaces failed nodes

AWS Service : Relational Database Service (RDS)

- Service to quickly provision and scale relational database - SQL/OLTP: MSSQL, MySQL, Oracle, PostgreSQL, Aurora, Maria - Automatically patches the database software and backs up your database according to a policy you set - Can be provisioned with General Purpose (SSD) Storage, Provisioned IOPS (SSD) Storage, or Magnetic Storage - Multi-AZ deployment option; can run mission critical workloads with high availability and built-in automated fail-over - Read replicas NOT available for MS SQL

S3 : Storage Class : S3 One Zone-Infrequent Access

- Single AZ - Costs 20% less than S3 Standard-IA - Designed for 99.5% availability over a given year

Support Plan : Business

- Starts at $100 / month - 24 x 7 phone, email, chat access - 1 hour response - Unlimited contacts, unlimited cases - Full set of Trusted Advisor checks

Support Plan : Developer

- Starts at $29 / month - 12 / 24 Hour response - Business hours access email - 1 primary contact, unlimited cases - 7 Trusted Advisor checks

AWS Service : AppStream

- Stream your existing Windows applications from the cloud - Application will be deployed and rendered on AWS infrastructure and the output is streamed to mass-market devices (e.g. phones, tablets) - Scale computational and storage needs, regardless of the devices your customers are using - Use Amazon SDK for streaming your application from the cloud - Integrate your own custom clients, subscriptions, identity, and storage solution

S3 : Bucket Naming

- Unique across all existing bucket names in Amazon S3. - Comply with DNS naming conventions.

EC2 : Reserved Instance : Convertible RI

- Up to 54% off from On Demand instance $ - Capability to change the attributes of the RI as long as the exchange results in the creation of RI's of equal or greater value. - Change instance families, operating system, tenancy, and payment option - Steady-state usage.

EC2 : Reserved Instance : Standard RI

- Up to 75% off On-Demand instance $. - Steady-state usage.

EC2 : Dedicated Host : Scenario

- Useful for regulatory requirements that may not support multi-tenant virtualization. - Great for licensing which does not support multi-tenacy or cloud deployments. - Can be purchased On-Demand (hourly) - Can be purchased as a Reservation for up to 70% off the On-Demand price.

S3 : Use Cases

Backup and Storage; data backup and storage Application Hosting - deploy, install, and manage web applications. Media Hosting - video, photo, or music uploads and downloads. Software Delivery - software applications for download.

EC2 : Advantage

Reduces time required to obtain and boot new server instances in minutes allowing you to quickly scale capacity up or down as required

Lambda Pricing

Request - Free: 1MM/month - 0.20 per MM thereafter Duration - 400K GB-seconds/month; 3.2 MM seconds of compute time 0.00001667 for GB-second thereafter - Incur costs from using other services

EC2

Resizable compute capacity in the cloud

S3 : Bucket Policies

Restrict access to entire bucket you can make entire s3 buckets public

S3 : ACL's

Restrict access to individual objects (files)

S3 suitability for OS

S3 is not suitable for installing operating systems

S3 : Glacier : Retrieval Options

Standard - within 3 to 5 hours Bulk - within 5 to 12 hours.

S3 : HTTP 200

Status code for successful S3 uploads

S3 : Transfer Acceleration

Upload files to edge locations and AWS transfers the files, over the internal network, to buckets.

Cloudfront : Distribution Types

Web Distribution - websites RTMP - media streaming

CloudFront : Distribution

Collection of content sets with common settings; origin, access, security, cookie or query-string forwarding, geo-restrictions, access logs.

IAM : Policy

Collection of permissions; configured via JSON file Key value pairs { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::example_bucket" } }

Pricing Drivers

Compute Storage Data Outbound

Cloudfront : Requests

Content automatically routed to the nearest edge location, so content is delivered with the best possible performance

Cloudfront : Optimization

Continuously measuring internet connectivity, performance and computing to find the best way to route requests to our network

EC2 Instance Types

FIGHTDRMCPXZ

Snowball Pricing

Fee per job: - 50TB $200 - 80TB $250 Daily: - 10 days free; $15/day after Data Transfer - into S3 free; transfer out is not

CloudFormation Template

Format Version (optional) Description (optional) Metadata (optional) Parameters (optional) Mappings (optional) Conditions (optional) Transform (optional) Resources (required) Outputs (optional)

S3 : Storage Classes : S3 Standard

General-purpose storage of frequently accessed data

AWS Infrastructure : Region

Geographical area; contains 2 or more Availability Zones

Resource Groups

Group of resources with common tags - region, name, employee ID, etc Service specific: - EC2 - public & private IP's - ELB - port configs - RDS - db engine

AWS - Global Services

IAM (users, groups, etc) Route 53 CloudFront SNS SES Regional, with global views - S3

AWS Infrastructure : Availability Zone

One or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities

Pricing

Pay as you go Pay for what you use Pay less as you use more Pay less for when you reserve Custom pricing

EC2 : Dedicated Host

Physical EC2 server dedicated for your use. reduce costs by allowing you to use your existing server-bound software licenses.

What determines Price?

Clock hours of server time Instance type pricing model # of instances Load balancing Detailed Monitoring Auto Scaling Elastic IP's OS, software packages

IAM : Group

Collection of IAM users; specify permissions for multiple users, which can make it easier to manage the permissions for those users.

Support Plan : Case Response Time

Developer : System Impaired -> 12 hours Business: Production System Down -> 1 hour Enterprise: Business Critical System Down -> 15 minutes

EC2 : Spot instance

Enables you to bid whatever price you want for instance capacity, providing for even greater savings if your applications have flexible start and end times.

Glacier Pricing

storage retrieval times

S3 Pricing

storage class storage requests data transfer

EBS Pricing

volumes (gb) snapshots (gb) data transfer


Related study sets

Chapter 3 - Relational Database Model

View Set

speech final exam (chp 12-17,19)

View Set