AWS Cloud Practitioner

Ace your homework & exams now with Quizwiz!

s3 glacier deep dive

storage class that has the lowest cost storage, which is ideal for archiving, retrieve files within 12 hours

s3 intelligent tiering

storage class that is ideal for data with unknown or changing access patterns, requires a small monthly monitoring and automation fee per object. It monitors access patterns and if an object isn't used for 30 days, it'll move to S3 IA. If you access an object in IA, S3 automatically moves it to the S3 Standard.

s3 glacier

storage class that is low cost storage designed for data archiving, able to retrieve objects within a few minutes to hours § EX. Archived customer files, old photos

s3 one zone - infrequent access

storage class with single availability zone, lower storage price that S3 IA. Better than S3 IA if you want to save costs on storage, easily reproduce your data in the event of a availability zone failure.

relational database management system

stores data in a way such that it relates to other pieces of data. o Querying 2 tables together with SQL o You can easily move them to the cloud with a lift and shift and migrate your database to run on EC2. o EX. Coffee shop owners write a SQL query to identify all customers that frequently purchase lattes.

slowloris attack

the attacker pretends to have a horribly slow connection and production servers are standing waiting for them to finish their request. They can exhaust the capacity of the front end with no effect. The solution is ELB.

Cloud Computing

the on-demand delivery of IT resources over the internet with pay as you go pricing

root account user

the owner of the AWS account and has permission to do anything; they can access or control any resource

aws shield with waf

uses web app firewall to filter incoming traffic for the signatures of hackers> it can recognize new threats as they evolve by writing customer rules (filtering by using a web access control list (ACL)).

cloudwatch

web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics. It then uses the metrics to create graphs automatically that show how performance has changed over time.

AWS outposts

where AWS will install a fully operational mini region, right outside your own data center, isolated within your building

aws cloud formation

you can build an environment by writing lines of code instead of using AWS Management Console to individually provision resources; repeatable manner and determines the right operations to perform when managing your stack and rolls back changes automatically if detects errors.

cloudtrail

· a log of actions that records API calls for your accounts. The recorded info includes identity of API caller, time of API call, source of IP address, etc. helps users enable governance, compliance, and operational and risk auditing of their AWS accounts. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface (CLI), and AWS SDKs and APIs.

aws cost explorer

· a tool that enables you to visualize, understand, and manager your AWS costs and usage over time

distributed denial of service

· attack that tries to shut down your applications ability to function by overwhelming the system to the point it can no longer operate. Multiple sources are used to start an attack that aims to make a website or application unavailable. Can come from groups of attackers or a single attacker with bots

denial of service

· attack to make a website or application unavailable to users. o Ex. Attacker floods a website with excessive network traffic so real customers can't use it

customer compliance center

· contains resources to help you better understand AWS compliance. You can read customer compliance stories, access whitepapers, documentation on helpful topics, and an auditor learning path.

amazon guard duty

· service that provides intelligent threat detection for your AWS infrastructure and resources. o Continuously monitors the network activity and account behavior within your AWS environment. If it detects any threats, you can review detailed findings from the AWS Management Console.

aws artifact

· service that provides on demand access to AWS security and compliance reports and select online agreements.

AWS management console

· web-based interface for accessing and managing AWS services. It includes wizards and automated workflows that can simplify the process of completing tasks. This is good for building test environments.

AWS Service Offerings

1. Compute 2. Storage 3. Network Security

elastic load balancing

AWS service that automatically distributes incoming application traffic across multiple resources. It acts as a single point of contact for all incoming web traffic; you can add/remove instances in response to traffic.

Client-Server Model

Client makes a request, and with permissions the server responds to that request

Cloud based deployment model

Cloud deployment model that runs all parts of the app in the cloud, migrate existing applications to the cloud, or you can design and build new applications in the cloud. You can build those applications on low-level infrastructure that requires your IT staff to manage them. Alternatively, you can build them using higher-level services that reduce the management, architecting, and scaling requirements of the core infrastructure. Ex. a company might create an application consisting of virtual servers, databases, and networking components that are fully based in the cloud.

On-Premises Deployment model

Cloud deployment model where resources are deployed on premises by using virtualization and resource management tools. It increases resource utilization by using application management and virtualization technologies. Similar to legacy IT infrastructure Ex. Applications run on technology that's fully kept in your on-premises data center

Compute optimized

EC2 instance type that compute bound apps that benefit from high performance processors. You can use for web, apps, and gaming servers. Also for batch processing workloads that require processing many transactions in a single group

Storage optimized

EC2 instance type that has workloads that require high performance for locally stored data. If you have an application that has a high IOPS requirement, a storage optimized instance can provide better performance over other instance types not optimized for this kind of use case. § Ex. Distributed file systems, data warehousing apps, high frequency online transaction processing systems

General Purpose

EC2 instance type that is a balance of compute, memory, and networking resources. Ex. App servers, gaming servers, backend servers for enterprise apps, and small and medium databases

Memory optimized

EC2 instance type that is designed to deliver fast performance for workloads that process large datasets in memory. Memory is a temporary storage area. It holds all the data and instructions that a CPU needs to complete actions. § Ex. High performance database, unstructured data

Accelerated computing

EC2 instance type that uses hardware accelerators, or coprocessors, to perform functions more efficiently than software on CPUs Ex. Graphics apps, game streaming, app streaming, data pattern matching

On-Demand Delivery (ODD)

Indicates that AWS has the resources you need when you need them.

AWS Trusted Advisor

Inspects your AWS environment and makes recommendations when opportunities may exist to save money, improve system performance or close security gaps. Only checks IAM.

hypervisor

Software that enables a single computer to run multiple operating systems simultaneously; responsible for coordinating this multitenancy and for isolating the virtual machines from each other as they share resources from the host

network access control list (ACL)

The VPC component that checks packet permissions for subnets. It is a virtual firewall that controls inbound and outbound traffic by default allows all inbound/outbound traffic

security group

The VPC component that checks permissions for EC2 instances by default allows all outbound and denies all inbound

EC2

The service you use to access virtual servers

instance store volumes

They provide temporary block level storage for an instance. It is disk storage that is physically attached to the host computer for an instance, therefore has the same lifespan. When the instance is terminated, you lose any data

Benefits of cloud computing

Trade upfront expense for variable expense. Benefit from massive economies of scale. Stop guessing capacity. Increase speed and agility. Stop spending money running and maintaining data centers. Go global in minutes.

simple storage service (s3)

Web Service based object storage. 1 byte to 5 Tb. Unlimited Storage. Stored in Buckets. Names are unique globally. - Storage - Region allows you to store and retrieve an unlimited amount of data at any scale; object level storage in buckets

IAM policy

a JSON document that describes what API calls a user can/cannot make; Only 2 options: allow or deny

document db

a document database service that supports MongoDB workloads. (MongoDB is a document database program.)

amazon neptune

a graph database service that you can use to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs

quantum ledger database

a ledger database service. that you can use to review a complete history of all the changes that have been made to your application data.

block level storage volumes

a place to store files. They behave like physical hard drives

file

a series of bytes that are stored in blocks on a disc

amazon elasticache

a service that adds caching layers on top of your databases to help improve the read times of common requests. It supports two types of data stores: Redis and Memcached

aws direct connect

a service that enables you to establish a dedicated private connection between your data center and VPC. It reduces network costs and increases bandwidth through network.

amazon managed blockchain

a service that you can use to create and manage blockchain networks with open-source frameworks; a distributed ledger system that lets multiple parties run transactions and share data without a central authority.

AWS Lambda

a service to run code without managing compute resources in response to events and triggers

key value pair

a structural approach for non relational databases. Data is organized into items (keys) and they have attributes (values). You can add/remove attributes from items. Tables don't have to have the same attributes for all items.

packet

a unit of data sent over the internet/network

IAM user

an identity and represents the person or application that interacts with services or resources

dynamo db accelerator

an in-memory cache for DynamoDB; It helps improve response times from single-digit milliseconds to microseconds.

Monolithic Application

app with tightly coupled components (databases, servers, user interface, business logic, etc). Because it's tightly coupled, if one component fails, they all do. To help maintain app availability when a single component fails, you can design your app through a microservices approach - components that are loosely coupled. The services that fulfill the app integration are SNS and SQS

udp flood

attack based on helpful parts of the internet. Someone sends a simple request, but gives a fake return address, so someone else's system is flooded and brought to a standstill. The solution is security groups.

http level attacks

attack that is asking for complicated product searches over and over from an army of bots so customers can't get in.

ec2 autoscaling

automatic scaling that enables you to automatically add/remove EC2 instances in response to changing application demand

Reserved instances

billing discount applied to on demand instances. Can purchase standard reserved and convertible reserved for 1yr/3yr, or scheduled instances for 1 yr

service control policies

centrally control permissions for your accounts in your organization Enables you to place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access

Hybrid deployment model

cloud deployment model where cloud-based resources are connected to an on-premises infrastructure. You may want to use this when you have legacy applications that are better maintained on premises or government regulations require your business to keep certain records on premises. Ex: a company wants to use cloud services that can automate batch data processing and analytics. However, the company has several legacy applications that are more suitable on premises and will not be migrated to the cloud. With a hybrid deployment, the company would be able to keep the legacy applications on premises while benefiting from the data and analytics services that run in the cloud.

Cloud Computing Deployment Models

cloud-based, on-premises, and hybrid

Savings Plan

committing to a consistent amount of compute usage for a 1yr/3yr plan. Can save 72% of any usage up to the commitment

identity and access management (IAM)

control access and create IAM users which by default have no permissions. You have to give the user permission to do anything.

amazon redshift

data warehousing for big data analytics. It offers the ability to collect data from many sources sand helps you to understand relationships and trends. o Very scalable, PB sizes, run a single SQL query against a lot of unstructured data, higher performance than databases

aws marketplace

digital catalog that includes thousands of software listings from independent software vendors. You can use this to find, test, and buy software that runs on AWS and explore software solutions by industry and use case.

amazon free tier

enables you to begin using certain services without having to worry about incurring costs

Database Migration Service (DMS)

enables you to migrate relational databases, non-relational databases, and other types of data stores. You move data between a source database and a target database. They can be the same type or different types. During migration your source database remains operational, reducing downtime for apps

aws key management service

enables you to perform encryption operations through use of cryptographic keys which are random strings of digits for locking and unlocking data

edge location

endpoints for AWS which are used for caching content closer to your customers for faster delivery. Typically this consists of CloudFront, Amazon's Content Delivery Network (CDN)

Amazon Elastic Kubernetes Service (EKS)

fully managed service you can use to run Kubernetes on AWS. Kubernetes is open source software that enables you to deploy and manage containerized applications at scale

On Demand Compute time

good for short irregular workloads that can't be interrupted, no upfront or minimum costs. These instances run continuously until you stop them. Ex. Developing, testing apps/running apps, short term work

scalability

having the resources you need and designing the architecture to automatically respond to changing demand. You pay for what you need and have enough capacity.

amazon inspector

helps improve security and compliance of your AWS deployed apps by running an automated security assessment against your infrastructure.

amazon route 53

highly available and scalable DNS (Domain Name System) web service Queries for your domain are automatically routed to closest DNS server (around world)

amazon elastic container service (ECS)

highly scalable, high performance service that enables you to run and scale containerized apps on AWS. It supports docker containers.

spot instances

ideal for workloads with flexible start/end times or that can withstand interruptions. It uses unused EC2 capacity and can offer you 90% cost savings

IAM role

identity federation; create identities that have associated permissions that are assumed for temporary amounts of time. It has no username/password. When an identity assumes a role, it abandons all previous permissions

AWS organizations

install order and enforces who is allowed to perform certain functions in what account

domain name system (DNS)

involves a DNS Server communicating with a web server; it's a translation service. It is the process of translating a domain name to an IP address.

virtual private gateway

is the component that allows protected internet traffic into the VPC, but it still can be crowded because you're on the same network. So it enables you to establish a VPN between your VPC and private network

dynamo db

key value database service that delivers single-digit millisecond performance at any scale. You create tables and it manages the underlying storage for you.

software development kits

make it easier for you to use AWS services through an API designed for your programming language/platform. It enables you to use AWS services with your existing apps or create new ones.

dedicated hosts

physical servers with EC2 instance capacity that is fully dedicated to your use; most expensive

messaging and queuing

placing messages into a buffer

containers

provide a standard way to package your app's code and dependencies into a single object. You can also use it for processes and workflows in which there are essential requirements for security, reliability, and scalability.

AWS Elastic Beanstalk

provide code and configuration settings, and this deploys the resources to perform- adjust capacity, load balancing, automatic scaling, app health monitoring

Virtual Private Cloud (VPC)

provision a logically isolated section of the AWS Cloud where you can launch AWS resources on a network you define. The resources can be public facing (access to internet) or private (backend services)

aws command line interface

save time when making API requests by enabling the ability to control multiple AWS services directly from the command line within one tool. You can automate the actions that your apps and services perform through scripts to avoid human error.

amazon elastic file system

scalable file system used with AWS Cloud services and premises resources. As you add/remove files EFS grows and shrinks automatically. It can scale on demand without disrupting apps, across apps

encryption

securing a message in a way that can only be accessed by authorized parties.

simple queue service (sqs)

send, store, receives messages between software components. The data contained within the message is a payload. o EX. Queue board of orders at CFA

simple notification service (sns)

sends out messages to services or notifications to end users using pub/sub model. You create an SNS topic and configure subscribers. These notifications can be sent out using mobile push, SMS, email o Subscriber EXs: SQS queues, AWS Lambda functions, HTTPs/HTTP

amazon fargate

serverless compute engine for containers. It works with both ECS and EKS. When using, you don't need to provision servers, it manages your server infrastructure for you

Relational database service:

service that enables you to run relational databases in the AWS Cloud.

aws shield

service that protects applications against DDoS attacks. There are 2 levels of protection: 1. Standard: automatically protects all AWS customers at no cost from most common attacks by automatically mitigating it. 2. Advanced: paid service that provides detailed attack diagnostics and ability to detect and mitigate sophisticated DDoS attacks. It integrates with other services like CloudFront, Route 53, and ELB.

elastic block storage (EBS)

service that provides block level storage volumes that you can use with EC2 instances. If you stop the instance, all data on the attached __ remains (similar to a virtual hard drive)

availability zone

single or multiple data centers within a region

docker

software platform that enables you to build, test, and deploy apps quickly. You can use API calls to launch and stop docker-enabled apps

s3 standard

storage class for frequently accessed data, stores in a minimum of 3 availability zones, higher cost. § EX. Websites, content distribution, and data analytics

s3 standard - infrequent access

storage class for infrequently accessed data, lower storage price, higher retrieval rate than S3, minimum of 3 availability zones, and high availability


Related study sets

Moudule 11~lesson 1 South America🍍🍦📖

View Set

5.7 understand the changes that occur when a solid melts to form a liquid, and when a liquid evaporates or boils to form a gas

View Set

Data Types and the Power of Databases (Practice Test)

View Set