Cloud Practioner Fundamentals Flashcards
(45 cards)
Golden Image
Certain AWS resource types like Amazon EC2instances, Amazon RDS DB instances, Amazon Elastic Block Store (Amazon EBS) volumes, etc., can be launched from a golden image: a snapshot of a particular state of that resource.
When compared to the bootstrapping approach, a golden image results in faster start times and removes dependencies to configuration services or third-party repositories. This is important in auto-scaled environments where you want to be able to quickly and reliably launch additional resources as a response to demand changes.
Bootstrapping
When you launch an AWS resource like an Amazon EC2 instance or Amazon Relational Database (Amazon RDS)DB instance, you start with a default configuration.
You can then execute automated bootstrapping actions. That is, scripts that install software or copy data to bring that resource to a particular state. You can parameterize configuration details that vary between different environments (e.g.,production, test, etc.) so that the same scripts can be reused without modifications.
Shuffle Sharding
fault-isolation technique
non-explicit deny
When a new IAM user is created, that user has NO access to any AWS service. or that user, access must be explicitly allowed via IAM permissions.
AWS Certificate Manager (AWS ACM)
easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.
SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet as well as resources on private networks.
Amazon Cloud Directory
used to build cloud-native directories for organizing hierarchies of data along multiple dimensions
traditional directory solutions, such as Active Directory Lightweight Directory Services (AD LDS) and other LDAP-based directories, limit you to a single hierarchy
Cloud Directory offers you the flexibility to create directories with hierarchies that span multiple dimensions
CloudFront
used to distribute content to global users with low latency
CloudTrail
an auditing service that track and record user activity and API usage.
provides visibility into user activity by recording actions taken on your account.
CloudTrail records important information about each action, including who made the request, the services used, the actions performed, parameters for the actions, and the response elements returned by the AWS service. This information helps you to enable governance, compliance, operational auditing, and risk auditing of your AWS account.
CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.
Amazon CloudWatch
used to monitor the utilization of the AWS cloud resources (such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances) , as well as custom metrics generated by your applications and services.
AWS CloudFormation
allows you to model your entire infrastructure with either a text file or programming languages.
allows you to provision your resources using code
Account Compromised
1- Change your AWS root account password and the passwords of any IAM users.
2- Delete or rotate all root and AWS Identity and Access Management (IAM) access keys.
3- Delete any potentially compromised IAM users.
4- Delete any resources on your account you didn’t create, such as EC2 instances and AMIs, EBS volumes and snapshots, and IAM users.
5- Respond to any notifications you received from AWS Support through the AWS Support Center
AWS Concierge
AWS billing and account experts that work with you to implement billing and account best practices.
AWS Trusted Advisor
is not a team, it is an online tool that offers a rich set of best practice checks and recommendations across five categories: cost optimization, security, fault tolerance, performance, and service limits.
AWS Elastic Beanstalk
easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.
Amazon SNS
is a messaging service
AWS Systems Manager
allows you to centralize operational data from multiple AWS services and automate tasks across your AWS resources.
AWS OpsWorks
configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.
AutoScaling
used to adjust capacity (up or down) automatically to optimize performance and costs.
used to increase or decrease capacity based on demand.
AWS Config
is a service that enables you to monitor, assess, and audit all changes made to your AWS resources.
used to Record and evaluate configurations of your AWS resources.
AWS Macie
protect your sensitive data in AWS. Amazon
uses machine learning to automatically discover, classify, and protect sensitive data in AWS.
recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.
The fully managed service continuously monitors data access activity for anomalies, and generates detailed alerts when it detects risk of unauthorized access or inadvertent data leaks.
Today, Amazon Macie is available to protect data stored in Amazon S3, with support for additional AWS data stores coming later this year.
data protection services & features
You can protect your data by encrypting it in transit and at rest.
You can use Cloudtrail to audit and get deep visibility into all API calls, including who, what, and from where calls were made.
You can also use the AWS Identity and Access Management (IAM) to control who can access or edit your data.
AWS Storage Gateway
hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage.
You can use the service for backup and archiving, disaster recovery, cloud data processing, storage tiring, and migration.
The gateway connects to AWS storage services, such as Amazon S3, Amazon S3 Glacier, Amazon S3 Glacier Deep Archive, Amazon EBS, and AWS Backup, providing storage for files, volumes, snapshots, and virtual tapes in AWS.
Amazon EFS
is a shared file system. It is not for storing objects.
storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it.
it may be used to backup databases when you need temporary protection during updates or for development and test. It is not a cost effective solution for long term archival storage.
it can provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistent low latencies.
AWS Data Pipeline
a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources.
