AWS Cloud Practitioner
s3 glacier deep dive
storage class that has the lowest cost storage, which is ideal for archiving, retrieve files within 12 hours
s3 intelligent tiering
storage class that is ideal for data with unknown or changing access patterns, requires a small monthly monitoring and automation fee per object. It monitors access patterns and if an object isn't used for 30 days, it'll move to S3 IA. If you access an object in IA, S3 automatically moves it to the S3 Standard.
s3 glacier
storage class that is low cost storage designed for data archiving, able to retrieve objects within a few minutes to hours § EX. Archived customer files, old photos
s3 one zone - infrequent access
storage class with single availability zone, lower storage price that S3 IA. Better than S3 IA if you want to save costs on storage, easily reproduce your data in the event of a availability zone failure.
relational database management system
stores data in a way such that it relates to other pieces of data. o Querying 2 tables together with SQL o You can easily move them to the cloud with a lift and shift and migrate your database to run on EC2. o EX. Coffee shop owners write a SQL query to identify all customers that frequently purchase lattes.
slowloris attack
the attacker pretends to have a horribly slow connection and production servers are standing waiting for them to finish their request. They can exhaust the capacity of the front end with no effect. The solution is ELB.
Cloud Computing
the on-demand delivery of IT resources over the internet with pay as you go pricing
root account user
the owner of the AWS account and has permission to do anything; they can access or control any resource
aws shield with waf
uses web app firewall to filter incoming traffic for the signatures of hackers> it can recognize new threats as they evolve by writing customer rules (filtering by using a web access control list (ACL)).
cloudwatch
web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics. It then uses the metrics to create graphs automatically that show how performance has changed over time.
AWS outposts
where AWS will install a fully operational mini region, right outside your own data center, isolated within your building
aws cloud formation
you can build an environment by writing lines of code instead of using AWS Management Console to individually provision resources; repeatable manner and determines the right operations to perform when managing your stack and rolls back changes automatically if detects errors.
cloudtrail
· a log of actions that records API calls for your accounts. The recorded info includes identity of API caller, time of API call, source of IP address, etc. helps users enable governance, compliance, and operational and risk auditing of their AWS accounts. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface (CLI), and AWS SDKs and APIs.
aws cost explorer
· a tool that enables you to visualize, understand, and manager your AWS costs and usage over time
distributed denial of service
· attack that tries to shut down your applications ability to function by overwhelming the system to the point it can no longer operate. Multiple sources are used to start an attack that aims to make a website or application unavailable. Can come from groups of attackers or a single attacker with bots
denial of service
· attack to make a website or application unavailable to users. o Ex. Attacker floods a website with excessive network traffic so real customers can't use it
customer compliance center
· contains resources to help you better understand AWS compliance. You can read customer compliance stories, access whitepapers, documentation on helpful topics, and an auditor learning path.
amazon guard duty
· service that provides intelligent threat detection for your AWS infrastructure and resources. o Continuously monitors the network activity and account behavior within your AWS environment. If it detects any threats, you can review detailed findings from the AWS Management Console.
aws artifact
· service that provides on demand access to AWS security and compliance reports and select online agreements.
AWS management console
· web-based interface for accessing and managing AWS services. It includes wizards and automated workflows that can simplify the process of completing tasks. This is good for building test environments.
AWS Service Offerings
1. Compute 2. Storage 3. Network Security
elastic load balancing
AWS service that automatically distributes incoming application traffic across multiple resources. It acts as a single point of contact for all incoming web traffic; you can add/remove instances in response to traffic.
Client-Server Model
Client makes a request, and with permissions the server responds to that request
Cloud based deployment model
Cloud deployment model that runs all parts of the app in the cloud, migrate existing applications to the cloud, or you can design and build new applications in the cloud. You can build those applications on low-level infrastructure that requires your IT staff to manage them. Alternatively, you can build them using higher-level services that reduce the management, architecting, and scaling requirements of the core infrastructure. Ex. a company might create an application consisting of virtual servers, databases, and networking components that are fully based in the cloud.
On-Premises Deployment model
Cloud deployment model where resources are deployed on premises by using virtualization and resource management tools. It increases resource utilization by using application management and virtualization technologies. Similar to legacy IT infrastructure Ex. Applications run on technology that's fully kept in your on-premises data center
Compute optimized
EC2 instance type that compute bound apps that benefit from high performance processors. You can use for web, apps, and gaming servers. Also for batch processing workloads that require processing many transactions in a single group
Storage optimized
EC2 instance type that has workloads that require high performance for locally stored data. If you have an application that has a high IOPS requirement, a storage optimized instance can provide better performance over other instance types not optimized for this kind of use case. § Ex. Distributed file systems, data warehousing apps, high frequency online transaction processing systems
General Purpose
EC2 instance type that is a balance of compute, memory, and networking resources. Ex. App servers, gaming servers, backend servers for enterprise apps, and small and medium databases
Memory optimized
EC2 instance type that is designed to deliver fast performance for workloads that process large datasets in memory. Memory is a temporary storage area. It holds all the data and instructions that a CPU needs to complete actions. § Ex. High performance database, unstructured data
Accelerated computing
EC2 instance type that uses hardware accelerators, or coprocessors, to perform functions more efficiently than software on CPUs Ex. Graphics apps, game streaming, app streaming, data pattern matching
On-Demand Delivery (ODD)
Indicates that AWS has the resources you need when you need them.
AWS Trusted Advisor
Inspects your AWS environment and makes recommendations when opportunities may exist to save money, improve system performance or close security gaps. Only checks IAM.
hypervisor
Software that enables a single computer to run multiple operating systems simultaneously; responsible for coordinating this multitenancy and for isolating the virtual machines from each other as they share resources from the host
network access control list (ACL)
The VPC component that checks packet permissions for subnets. It is a virtual firewall that controls inbound and outbound traffic by default allows all inbound/outbound traffic
security group
The VPC component that checks permissions for EC2 instances by default allows all outbound and denies all inbound
EC2
The service you use to access virtual servers
instance store volumes
They provide temporary block level storage for an instance. It is disk storage that is physically attached to the host computer for an instance, therefore has the same lifespan. When the instance is terminated, you lose any data
Benefits of cloud computing
Trade upfront expense for variable expense. Benefit from massive economies of scale. Stop guessing capacity. Increase speed and agility. Stop spending money running and maintaining data centers. Go global in minutes.
simple storage service (s3)
Web Service based object storage. 1 byte to 5 Tb. Unlimited Storage. Stored in Buckets. Names are unique globally. - Storage - Region allows you to store and retrieve an unlimited amount of data at any scale; object level storage in buckets
IAM policy
a JSON document that describes what API calls a user can/cannot make; Only 2 options: allow or deny
document db
a document database service that supports MongoDB workloads. (MongoDB is a document database program.)
amazon neptune
a graph database service that you can use to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs
quantum ledger database
a ledger database service. that you can use to review a complete history of all the changes that have been made to your application data.
block level storage volumes
a place to store files. They behave like physical hard drives
file
a series of bytes that are stored in blocks on a disc
amazon elasticache
a service that adds caching layers on top of your databases to help improve the read times of common requests. It supports two types of data stores: Redis and Memcached
aws direct connect
a service that enables you to establish a dedicated private connection between your data center and VPC. It reduces network costs and increases bandwidth through network.
amazon managed blockchain
a service that you can use to create and manage blockchain networks with open-source frameworks; a distributed ledger system that lets multiple parties run transactions and share data without a central authority.
AWS Lambda
a service to run code without managing compute resources in response to events and triggers
key value pair
a structural approach for non relational databases. Data is organized into items (keys) and they have attributes (values). You can add/remove attributes from items. Tables don't have to have the same attributes for all items.
packet
a unit of data sent over the internet/network
IAM user
an identity and represents the person or application that interacts with services or resources
dynamo db accelerator
an in-memory cache for DynamoDB; It helps improve response times from single-digit milliseconds to microseconds.
Monolithic Application
app with tightly coupled components (databases, servers, user interface, business logic, etc). Because it's tightly coupled, if one component fails, they all do. To help maintain app availability when a single component fails, you can design your app through a microservices approach - components that are loosely coupled. The services that fulfill the app integration are SNS and SQS
udp flood
attack based on helpful parts of the internet. Someone sends a simple request, but gives a fake return address, so someone else's system is flooded and brought to a standstill. The solution is security groups.
http level attacks
attack that is asking for complicated product searches over and over from an army of bots so customers can't get in.
ec2 autoscaling
automatic scaling that enables you to automatically add/remove EC2 instances in response to changing application demand
Reserved instances
billing discount applied to on demand instances. Can purchase standard reserved and convertible reserved for 1yr/3yr, or scheduled instances for 1 yr
service control policies
centrally control permissions for your accounts in your organization Enables you to place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access
Hybrid deployment model
cloud deployment model where cloud-based resources are connected to an on-premises infrastructure. You may want to use this when you have legacy applications that are better maintained on premises or government regulations require your business to keep certain records on premises. Ex: a company wants to use cloud services that can automate batch data processing and analytics. However, the company has several legacy applications that are more suitable on premises and will not be migrated to the cloud. With a hybrid deployment, the company would be able to keep the legacy applications on premises while benefiting from the data and analytics services that run in the cloud.
Cloud Computing Deployment Models
cloud-based, on-premises, and hybrid
Savings Plan
committing to a consistent amount of compute usage for a 1yr/3yr plan. Can save 72% of any usage up to the commitment
identity and access management (IAM)
control access and create IAM users which by default have no permissions. You have to give the user permission to do anything.
amazon redshift
data warehousing for big data analytics. It offers the ability to collect data from many sources sand helps you to understand relationships and trends. o Very scalable, PB sizes, run a single SQL query against a lot of unstructured data, higher performance than databases
aws marketplace
digital catalog that includes thousands of software listings from independent software vendors. You can use this to find, test, and buy software that runs on AWS and explore software solutions by industry and use case.
amazon free tier
enables you to begin using certain services without having to worry about incurring costs
Database Migration Service (DMS)
enables you to migrate relational databases, non-relational databases, and other types of data stores. You move data between a source database and a target database. They can be the same type or different types. During migration your source database remains operational, reducing downtime for apps
aws key management service
enables you to perform encryption operations through use of cryptographic keys which are random strings of digits for locking and unlocking data
edge location
endpoints for AWS which are used for caching content closer to your customers for faster delivery. Typically this consists of CloudFront, Amazon's Content Delivery Network (CDN)
Amazon Elastic Kubernetes Service (EKS)
fully managed service you can use to run Kubernetes on AWS. Kubernetes is open source software that enables you to deploy and manage containerized applications at scale
On Demand Compute time
good for short irregular workloads that can't be interrupted, no upfront or minimum costs. These instances run continuously until you stop them. Ex. Developing, testing apps/running apps, short term work
scalability
having the resources you need and designing the architecture to automatically respond to changing demand. You pay for what you need and have enough capacity.
amazon inspector
helps improve security and compliance of your AWS deployed apps by running an automated security assessment against your infrastructure.
amazon route 53
highly available and scalable DNS (Domain Name System) web service Queries for your domain are automatically routed to closest DNS server (around world)
amazon elastic container service (ECS)
highly scalable, high performance service that enables you to run and scale containerized apps on AWS. It supports docker containers.
spot instances
ideal for workloads with flexible start/end times or that can withstand interruptions. It uses unused EC2 capacity and can offer you 90% cost savings
IAM role
identity federation; create identities that have associated permissions that are assumed for temporary amounts of time. It has no username/password. When an identity assumes a role, it abandons all previous permissions
AWS organizations
install order and enforces who is allowed to perform certain functions in what account
domain name system (DNS)
involves a DNS Server communicating with a web server; it's a translation service. It is the process of translating a domain name to an IP address.
virtual private gateway
is the component that allows protected internet traffic into the VPC, but it still can be crowded because you're on the same network. So it enables you to establish a VPN between your VPC and private network
dynamo db
key value database service that delivers single-digit millisecond performance at any scale. You create tables and it manages the underlying storage for you.
software development kits
make it easier for you to use AWS services through an API designed for your programming language/platform. It enables you to use AWS services with your existing apps or create new ones.
dedicated hosts
physical servers with EC2 instance capacity that is fully dedicated to your use; most expensive
messaging and queuing
placing messages into a buffer
containers
provide a standard way to package your app's code and dependencies into a single object. You can also use it for processes and workflows in which there are essential requirements for security, reliability, and scalability.
AWS Elastic Beanstalk
provide code and configuration settings, and this deploys the resources to perform- adjust capacity, load balancing, automatic scaling, app health monitoring
Virtual Private Cloud (VPC)
provision a logically isolated section of the AWS Cloud where you can launch AWS resources on a network you define. The resources can be public facing (access to internet) or private (backend services)
aws command line interface
save time when making API requests by enabling the ability to control multiple AWS services directly from the command line within one tool. You can automate the actions that your apps and services perform through scripts to avoid human error.
amazon elastic file system
scalable file system used with AWS Cloud services and premises resources. As you add/remove files EFS grows and shrinks automatically. It can scale on demand without disrupting apps, across apps
encryption
securing a message in a way that can only be accessed by authorized parties.
simple queue service (sqs)
send, store, receives messages between software components. The data contained within the message is a payload. o EX. Queue board of orders at CFA
simple notification service (sns)
sends out messages to services or notifications to end users using pub/sub model. You create an SNS topic and configure subscribers. These notifications can be sent out using mobile push, SMS, email o Subscriber EXs: SQS queues, AWS Lambda functions, HTTPs/HTTP
amazon fargate
serverless compute engine for containers. It works with both ECS and EKS. When using, you don't need to provision servers, it manages your server infrastructure for you
Relational database service:
service that enables you to run relational databases in the AWS Cloud.
aws shield
service that protects applications against DDoS attacks. There are 2 levels of protection: 1. Standard: automatically protects all AWS customers at no cost from most common attacks by automatically mitigating it. 2. Advanced: paid service that provides detailed attack diagnostics and ability to detect and mitigate sophisticated DDoS attacks. It integrates with other services like CloudFront, Route 53, and ELB.
elastic block storage (EBS)
service that provides block level storage volumes that you can use with EC2 instances. If you stop the instance, all data on the attached __ remains (similar to a virtual hard drive)
availability zone
single or multiple data centers within a region
docker
software platform that enables you to build, test, and deploy apps quickly. You can use API calls to launch and stop docker-enabled apps
s3 standard
storage class for frequently accessed data, stores in a minimum of 3 availability zones, higher cost. § EX. Websites, content distribution, and data analytics
s3 standard - infrequent access
storage class for infrequently accessed data, lower storage price, higher retrieval rate than S3, minimum of 3 availability zones, and high availability
