Best Practices Flashcards
What is the advantage of the AWS-recommended practice of decoupling applications?
1) Reduces inter-dependencies so that failures do not impact other components of the application.
2) As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed in a way that reduces inter-dependencies—a change or a failure in one component should not cascade to other components.
What is horizontal scaling in the AWS Cloud?
1) Adding more EC2 instances to handle an increase in traffic.
2) Scaling horizontally takes place through an increase in the number of resources (e.g., adding more hard drives to a storage array or adding more servers to support an application).
3) This is a great way to build Internet-scale applications that leverage the elasticity of cloud computing.
4) With horizontal-scaling it is often easier to scale dynamically by adding more machines in parallel. Hence, in most cases, horizontal-scaling is recommended over vertical-scaling.
What is Vertical scaling in the AWS Cloud?
1) Scaling vertically takes place through an increase in the specifications of an individual resource (e.g., upgrading a server with a larger hard drive, adding more memory, or provisioning a faster CPU).
2) On Amazon EC2, this can easily be achieved by stopping an instance and resizing it to an instance type that has more RAM, CPU, I/O,or networking capabilities. This way of scaling can eventually hit a limit and it is not always a cost efficient or highly available approach. However, it is very easy to implement and can be sufficient for many use cases especially as a short term solution.
3) Vertical-scaling is often limited to the capacity constraints of a single machine, scaling beyond that capacity often involves downtime and comes with an upper limit
What does the “Principle of Least Privilege” refer to?
1) The principle of least privilege is one of the most important security practices and it means granting users the required permissions to perform the tasks entrusted to them and nothing more.
2) The security administrator determines what tasks users need to perform and then attaches the policies that allow them to perform only those tasks.
3) You should start with a minimum set of permissions and grant additional permissions when necessary. Doing so is more secure than starting with permissions that are too lenient and then trying to tighten them down.
List the 6 practices of AWS Well-Architected Framework
1- Stop guessing your capacity needs: Eliminate guessing about your infrastructure capacity needs
2- Test systems at production scale: In the cloud, you can create a production-scale test environment on demand, complete your testing, and then decommission the resources.
3- Automate to make architectural experimentation easier: Automation allows you to create and replicate your systems at low cost and avoid the expense of manual effort.
4- Allow for evolutionary architectures: In the cloud, the capability to automate and test on demand lowers the risk of impact from design changes. This allows systems to evolve over time so that businesses can take advantage of innovations as a standard practice.
5- Drive architectures using data: In the cloud you can collect data on how your architectural choices affect the behavior of your workload. This lets you make fact-based decisions on how to improve your workload.
6- Improve through game days: Test how your architecture and processes perform by regularly scheduling game days to simulate events in production.
A company has developed an eCommerce web application in AWS. What should they do to ensure that the application has the highest level of availability?
1) Deploy the application across multiple Regions and Availability Zones
2) The AWS Global infrastructure is built around Regions and Availability Zones (AZs).
3) Each AWS Region is a separate geographic area.
4) Each AWS Region has multiple, isolated locations known as Availability Zones.
5) Availability Zones in a region are connected with low latency, high throughput, and highly redundant networking. These Availability Zones offer AWS customers an easier and more effective way to design and operate applications and databases, making them more highly available, fault tolerant, and scalable than traditional single datacenter infrastructures or multi-datacenter infrastructures.
One of the most important AWS best-practices to follow is the cloud architecture principle of elasticity. How does following this principle improve your architecture’s design?
1) By automatically provisioning the required AWS resources based on changes in demand.
2) The concept of Elasticity involves the ability of a service to automatically scale its resources up or down based on changes in demand. For example, Amazon EC2 Autoscaling can help automate the process of adding or removing Amazon EC2 instances as demand increases or decreases.
Adjusting compute capacity dynamically to reduce cost is an implementation of which AWS cloud best practice?
1) Implement elasticity
2) In the cloud, resources are elastic, meaning they can instantly grow ( to maintain performance) or shrink ( to reduce costs).
The principle “design for failure and nothing will fail” is very important when designing your AWS Cloud architecture. What AWS strategies or services adhere to this principle?
1) Availability zones - When designing your AWS Cloud architecture, you should make sure that your system will continue to run even if failures happen. You can achieve this by deploying your AWS resources in multiple Availability zones.
2) AWS Elastic Load Balancer - you can use the Elastic Load Balancer to regularly perform health checks and distribute traffic only to the healthy instances.
In order to implement best practices when dealing with a “Single Point of Failure,” you should aim to build as much automation as possible in both detecting and reacting to failure. What AWS services would help with that?
1) You should aim to build as much automation as possible in both detecting and reacting to failure.
2) You can use services like ELB and Amazon Route53 to configure health checks and mask failure by only routing traffic to healthy endpoints.
3) In addition, Auto Scaling can be configured to automatically replace unhealthy nodes.
4) You can also replace unhealthy nodes using the Amazon EC2 auto-recovery feature or services such as AWS OpsWorks and AWS Elastic Beanstalk.
A company is introducing a new product to their customers, and is expecting a surge in traffic to their web application. As part of their Enterprise Support plan, what plan provides the company with architectural and scaling guidance?
1) AWS Infrastructure Event Management (IEM) is a short-term engagement with AWS Support, included in the Enterprise-level Support product offering, and available for additional purchase for Business-level Support subscribers.
2) AWS Infrastructure Event Management partners with your technical and project resources to gain a deep understanding of your use case and provide architectural and scaling guidance for an event.
3) Common use-case examples for AWS Event Management include advertising launches, new product launches, and infrastructure migrations to AWS.
You have discovered that some AWS resources are being used in malicious activities that could compromise your data. What should you do?
Contact the AWS Abuse Team. The AWS Abuse team can assist you when AWS resources are being used to engage in the following types of abusive behavior:
1) Spam: You are receiving unwanted emails from an AWS-owned IP address, or AWS resources are being used to spam websites or forums.
2) Port scanning: Your logs show that one or more AWS-owned IP addresses are sending packets to multiple ports on your server, and you believe this is an attempt to discover unsecured ports.
3) Denial of service attacks (DdOS): Your logs show that one or more AWS-owned IP addresses are being used to flood ports on your resources with packets, and you believe this is an attempt to overwhelm or crash your server or software running on your server.
4) Intrusion attempts: Your logs show that one or more AWS-owned IP addresses are being used to attempt to log in to your resources.
5) Hosting objectionable or copyrighted content: You have evidence that AWS resources are being used to host or distribute illegal content or distribute copyrighted content without the consent of the copyright holder.
6) Distributing malware: You have evidence that AWS resources are being used to distribute software that was knowingly created to compromise or cause harm to computers or machines on which it is installed.
What is the AWS Security team responsible for?
The AWS Security team is responsible for the security of services offered by AWS.
What is the AWS Customer Service team responsible for?
1) The AWS Customer Service team is at the forefront of this transformational technology assisting a global list of customers that are taking advantage of a growing set of services and features to run their mission-critical applications.
2) The team helps AWS customers understand what Cloud Computing is all about, and whether it can be useful for their business needs.
As part of the Enterprise support plan, who is the primary point of contact for ongoing support needs?
1) For Enterprise-level customers, a TAM (Technical Account Manager) provides technical expertise for the full range of AWS services and obtains a detailed understanding of your use case and technology architecture.
2) TAMs work with AWS Solution Architects to help you launch new projects and give best practices recommendations throughout the implementation life cycle.
3) Your TAM is the primary point of contact for ongoing support needs, and you have a direct telephone line to your TAM.
