AWS Cloud Practitioner Services Flashcards
1
Q
Elasticity
A
Scale resources up and down when needed
2
Q
Reliability
A
Fault tolerance and high availability
3
Q
Agility
A
Reduced infrastructure time and more access to emerging technologies
4
Q
Cloud Computing
A
On-demand delivery of pay-as-you-go services through a platform
5
Q
IaaS
A
Infrastructure as a service.
- E.g. traditional data center
6
Q
PaaS
A
Platform as a service.
E.g. deployment services configured by owner, AWS Elastic Beanstalk
7
Q
SaaS
A
Service as a service: no maintainance
8
Q
Public cloud
A
E.g. AWS
9
Q
Private cloud
A
On-prem cloud
10
Q
Hybrid cloud
A
E.g. cloud apps connected to private data center
11
Q
Region
A
- 1 geographic region
- Cluster of at least 2 AZ’s
- Multiple AZ minimizes failure
12
Q
Availability Zone
A
At least 1 data center
13
Q
Edge Locations
A
- Nodes in glocal CDN
- Used by CloudFront
- Used by Route 53
- Delivers content closest to users
14
Q
CapEx
A
Capitalized Expense:
- Upfront costs
- Minimal in cloud
15
Q
OpEx
A
Operational Expense:
- Operational costs
- Mirrors demand in cloud. Pay-as-you-go
16
Q
AWS Cost Explorer
A
- Explore costs
- Numbers broken to services, tags etc.
- Recommends cost optimization
- Access via API
17
Q
AWS Budgets
A
- Uses data from AWS Cost Explorer
- Cost per service, service usage, coverage etc.
18
Q
AWS TCO Calculator
A
Total costs to move to cloud
19
Q
AWS Simply Monthly Calculator
A
Costs for specific services
20
Q
AWS Resource Tags
A
Tag and explore costs
21
Q
AWS Organizations
A
- Organizations of accounts in master account
- Total bill cost
- Centralize and restrict security access
22
Q
AWS Support
A
AWS Personal Health Advisor + AWS Trusted Advisor + SomethingElse
23
Q
AWS Trusted Advisor
A
- Recommends best practices
- 7 core checks
24
Q
AWS Personal Health Dashboard
A
Alerts and remediation with AWS is experiencing events
25
AWS Basic Support
- 7 core checks
- 24/7 customer service, forums, documentation and whitepapers
- AWS health dashboard
- Free
26
AWS Developer Support
- Business hour access to support engineers
- 1 primary contact
- Response time (24/12 hours)
27
AWS Business Support
- Full AWS Trusted Advisor checks
- 24/7 phone, email, chat with support engineers
- Unlimited number of contacts
- Response time (24/12/4/1 hours)
28
AWS Enterprise Support
- Personal Technical Account Manager
- Concierge support team
- Response time (24/12/4/0.25 hours)
29
AWS Console
Web/app interface for interactions with services
30
AWS CLI
CL for console tasks
31
AWS SDK
- Programming resources
| - Supported: Java, .NET, Node.js, JavaScript, PHP, Python, Ruby, Go and C++
32
When is AWS Console beneficial?
Testing services
33
When is AWS CLI beneficial?
Automation of repeated tasks
34
When is AWS SDK beneficial?
Automation of tasks with custom apps
35
Compute Services
1. Amazon EC2
2. AWS Elastic Beanstalk
3. AWS Lambda
36
EC2 instance
Virtual server. Types:
- General purpose
- Compute optimized
- Memory optimized
- Storage optimized
- Accelerated computing
37
Instance storage
- Non-persistent
| - Attached to instance
38
EBS
Elastic Block Storage
- Persistent storage
- Not attached to instance
39
AMI
Amazon Machine Image
- Template for EC2 image
- Commercial AMI's in AWS Marketplace
40
On-demand instance
Pay-by-second instance launched
41
Reserved instance
- Purchase in advance
| - Possible upfront for discount
42
Spot instance
- Unused instance in a region for discount
- Market price
- Launch if bid over spot
- Terminate if bid lower then spot. Quick notification
43
When to choose reserved instance?
Consistency
44
When to choose spot instance?
Can start and stop. Batch processing
45
When to choose on-demand instance?
In-consistent. Cannot stop
46
AWS Elastic Beanstalk
1. Monitoring
2. Deployment
3. Scaling
4. EC2 customization
47
AWS Lambda
- Run code without infrastructure
- Charged for execution time
- Server-less architecture
48
Content and network delivery services
1. Amazon VPC
2. Amazon Direct Connect
3. Amazon Route 53
4. Elastic Load Balancing
5. Amazon CloudFront
6. Amazon API Gateway
49
Amazon VPC
- Launch resources in private network
- Can connect to other VPCs
- Can connect to data center
50
Amazon Direct Connect
Direct network connection from data center to AWS
51
Amazon Route 53
- DNS: map domain names to IP addresses
- Global service
- Highly available
52
Elastic Load Balancing
- Distributes traffic among multiple targets
- Integrates with Lambda EC2, ECS
1. Application Load Balancer
2. Network Load Balancer
3. Classic Load Balancer
53
Scaling
1. Vertical: larger instance types
| 2. Horizontal: increase instances
54
Security in CloudFront
- AWS Shield for DDoS
| - AWS Web App Firewall
55
File storage services
1. Simple Storage Service (S3)
2. S3 Glacier
3. EC2 file storage (EBS, EFS, FSx)
4. AWS Snowball
5. AWS Snowmobile
56
Bucket
Storage unit in S3 which configures stored objects to same settings
57
Storage
Objects in buckets
58
S3 Intelligent-Tiering
- Move data to correct storage class based on usage
| - Same performance as S3
59
S3 Standard
- Default
| - Frequently accessed data
60
S3 Standard-IA
- In-frequent accessed data
| - Cheaper price
61
S3 One Zone-IA
- In-frequent accessed data
- Only stored in one AZ
- Cheapest
62
S3 Transfer Acceleration
Bucket feature to optimize uploading using Edge Locations in CloudFront
63
S3 Glacier & S3 Glacier Deep Archive
- Archival data
- 90/180 days minimum storage
- Retrieve in minutes/hours
- Pay per retrieval size
- Less expensive
- Deep Archive stored: AWS Management or programmatically
64
EBS volume types
1. General purpose SSD: cost-effective; general workload
2. Provisioned IOPS SSD: high-performance; low latency
3. Throughput Optimized HDD: frequently accessed data
4. Cold HDD: less frequently accessed data
65
AWS Snowball
Migrate petabytes to AWS
66
AWS Snowmobile
Migrate exabytes to AWS
67
Database services
1. Relational Database Service (RDS)
2. Amazon DynamoDB
3. Amazon Elasticache
4. Amazon Redshift
5. Amazon Aurora
6. Amazon Database Migration Service (DMS)
68
RDS
- PaaS
- Relational databases
- Deploy across multiple AZ
- EBS: general purpose SSD and IOPS SSD
- Supports: MySQL, PostgreSQL, MariaDB, Oracle DB, SQL Server, Amazon Aurora
69
Amazon DynamoDB
- NoSQL
- Low latency at any scale
- Data models without blob
- Serverless apps
70
Amazon Elasticache
- In-memory data stores
| - Memcached and Redis
71
Amazon Redshift
- Data warehouse service
- Scale-able
- Querying exabytes in S3 with Redshift Spectrum
72
Amazon Aurora
MySQL and PostgreSQL RDB for cloud
73
Amazon Athena
Server-less querying SQL in S3
74
Amazon Database Migration
- Move data from existing db to AWS
- One-time and continuous migration
- Pay for compute leveraged in migration
75
Amazon SQS
Message Querying Service
- Stored up to 14 days
- Decoupled and fault tolerant apps
76
Amazon SNS
Pub/sub Messaging Service
- Decoupled apps
- Organizes relative to topics
- End user notifications (sms, email, push)
77
AWS Step Functions
Orchestration of workflows
- Server-less architecture
- Can integrate services: compute, db, messaging, data processing, ml
78
AWS CloudTrail
Log and monitor account activity
| - Inserts audit trails in CloudWatch logs
79
AWS CloudWatch
- Metrics, logs and alarms for infrastructure
| - Metrics visualization and custom dashboards
80
AWS Config
Configuration history for infrastructure
| - Evaluates infrastructure against rules
81
AWS Systems Manager
- Operational data and automation across infrastructure
- Access servers securely with AWS credentials
- Centralize passwords and parameters
82
AWS CloudFormation
- Manages dependencies between resources
- Drift detection of infrastructure
- Infrastructure as code through templates (json/yaml)
83
AWS Organizations
- Manage multiple accounts under master
- Total billings for all accounts
- Centralize loggings and security standards
84
AWS Control Tower
- Centralize users
- Create new AWS accounts with templates
- Operational insight dashboard
85
Acceptable User Policy
Allowed and prohibited use
- Prohibited: mass emails, harmful content
- Allowed: pen-testing of some services
86
Least Privilege Access
Users should have minimum privilege to perform tasks and no more
87
AWS Shared Responsibility
- AWS: security of cloud
| - Customer: security in cloud
88
AWS Well-architected Framework
1. Operational excellence
2. Security
3. Reliability
4. Performance efficiency
5. Cost optimization
89
Compliance Services
1. AWS Config
2. AWS Artifact
3. Amazon GuardDuty
90
AWS Artifact
Compliance reports
91
Amazon GuardDuty
Intelligent threat detection
92
Fault tolerance architecture
- Enable by default: SQS, Route 53
- Should be architected on EC2
- Should leverage multiple AZ
93
High availability services
On most services
94
AWS Identity and Access Management
Control access to AWS resources
- Manages authentication (login)
- Manages authorization (access)
95
IAM identities
1. Users: single individual account
2. Groups: permissions for group of IAM users
3. Roles: user or service to assume permissions
96
IAM identity policy
JSON-document
- Services identity can access
- Actions identity can take
97
MFA
Multi-factor authentication
98
Amazon Cognito
- Authentication/authorization in web/app through AWS
| - Providers: Google, Facebook, Active Directory, SALM 2.0
99
On-prem Data Integration Services
1. AWS Storage Gateway
| 2. AWS DataSync
100
AWS Storage Gateway
Hybrid-cloud storage service
- Tape Gateway
- Volume Gateway
- File Gateway
101
AWS DataSync
Automated data transfer
102
Data Processing Services
1. AWS Glue
2. AWS Elastic MapReduce (EMR)
3. AWS Data Pipeline
103
AWS Glue
ETL service
- Server-less
- Supports: RDS, DynamoDB, Redshift and S3
104
AWS EMR
Big data cloud processing
| - Supports: Spark, Flink, Hive, Hudi, Hbase, Presto
105
AWS Data Pipeline
Data workflow orchestration across AWS services
- ETL service
- Supports: RDS, DynamoDB, Redshift, S3 and EMR
- Can integrate on-prem data stores
106
Data Analysis Services
1. Amazon Athena
2. Amazon Quicksight
3. Amazon CloudSearch
107
Amazon Quicksight
BI service enabling dashboards
108
Amazon CloudSearch
Search service for custom apps
109
AI and ML services
1. Amazon Rekognition
2. Amazon Translate
3. Amazon Transcribe
110
Amazon Rekognition
Computer vision service powered by ML
111
Amazon Translate
Text translation service powered by ML
112
Amazon Transcribe
Speech to text powered by ML
113
Disaster recovery scenarios
1. Backup and restore
2. Pilot Light
3. Warm Standby
4. Multi Site
114
Backup and restore
- Backed up in S3
| - Longest recovery time
115
Pilot Light
- Key components running in cloud
| - Rest of components can be launched quickly
116
Warm Standby
- Scaled-down full environment
| - Instances can be scaled up
117
Multi Site
- Full environment running in cloud
| - Seamless recovery period
118
Recovery Time Objective
Time before recovers
119
Recovery Point Objective
Data loss (terms in time) before recovers
120
Auto Scaling Group
Set of EC2 instances with rules for scaling and management
121
AWS Secrets Manager
Secure way to integrate credentials, API tokens etc.
122
AWS VPN
1. Site-to-site VPN
| 2. Client VPN
123
Security Groups
Firewall-like control of resources in VPC
124
Network ACL
Control in-/outbound traffic for subnet in VPC
125
Amazon Inspector
Automated security assessment for EC2 instances
1. Network reachability assessment
2. Host assessment
126
Amazon Macie
Data protection powered by ML
127
AWS Service Catalog
IT-services on AWS for an organization
128
AWS Marketplace
Third-party software catalog
129
AWS CodeCommit
Verison control
130
AWS CodeBuild
CI-service
131
AWS CodeDeploy
Deployment to services
132
AWS CodePipeline
CD-service
133
AWS CodeStar
Bootstrap development
