Combined Study Flashcards Preview

SA-12-The Well Architected Framework > Combined Study > Flashcards

Flashcards in Combined Study Deck (36):
1

Protection - Privilege Management

  1. Access control lists (ACLs)
    1. How are you limiting automating access?
  2. Role-based access controls
    1. Are you defining roles/responsibilities for access
  3. Password management (and rotation)
    1. AWS Root Credentials (with MFA)?

2

Protection - Infrastructure Protection

  1. Physical infrastructure owned by AWS
  2. Customer responsible for VPC level protections
    1. Security Groups
    2. ACLs
    3. Traffic Routing / Subnets

3

Protection - Protection Questions

 

How are you enforcing network and host-level boundary protections?

  1. Security Groups
  2. ACLs
  3. Public / Private Subnets
  4. User Access Control
  5. Bastion Hosts
  6. EC2 instance locations

4

Protection - Protection Questions

 

How are you enforcing AWS service level protection?

  1. Console Restriction
  2. Groups 
  3. MFA enabled for users
  4. Password policy

5

Protection - Protection Questions

 

How are you protecting the integrity of the operating systems on your Amazon EC2 instance?

Anti-virus for windows

6

Protection - Detective Controls - Solutions

  1. CloudTrail - log all changes - enabled in each reach (regional service)
  2. CloudWatch - for environment usage
  3. AWS Config
  4. S3
  5. Glacier

7

Reliability - Reliability in the cloud consists of 3 areas:

  1. Foundations
    1. Understand the AWS service limits, these can gate your solution (these can be raised if needed)
  2. Change Management
    1. Be aware of how change affects your system so you can proactively work around it (e.g. CloudWatch to autoscale)
  3. Failure Management
    1. Always assume that failure will occur (monitor, response, plan to prevent)

8

Reliability - Key AWS Services

  1. Foundations
    1. IAM, VPC
  2. Change Management
    1. AWS CloudTrail
  3. Failure Management
    1. AWS CloudFormation

9

Performance Efficiency - in the cloud consists of 4 areas

  1. Compute
  2. Storage
  3. Database
  4. Space-time-trade-off

10

Performance Efficiency - Best Practices - Compute

Choose the right kind of server

11

Performance Efficiency - Best Practices - Storage

  1. Best storage solution depends on:
    1. Access method - Block, File or Object
    2. Pattens of Access - Random or Sequential
    3. Throughput Required
    4. Frequency of Access - can it be: Online, Offline, or Archival
    5. Frequency of Update - Worm, Dynamic
    6. Availability Constraints
    7. Durability Constraints
  2. At AWS storage is virtualized
    1. S3 - 11 x 9’s durability / cross region replication
    2. EBS - different storage mediums available

12

Performance Efficiency - Best Practices - Database

Best solution depends on requirements

13

Performance Efficiency - Best Practices -Space Time Trade Off

  1. RDS - to add read replicas to reduce the DB load and create multiple copies of DB. Also helps to lower latency.
  2. You can use Direct Connect to provide predictable latency between your HQ and AWS
  3. You can use Amazon’s global infrastructure to have multiple copies of your environment, in regions that are closest to your customer base
  4. You can use caching services (e.g. ElastiCache or CloudFront) to reduce latency

14

Performance Efficiency - Key AWS Services

  1. Compute - talking about Autoscaling
  2. Storage - talking about EBS, S3, Glacier
  3. Database - talking about RDS, DynamoDB, RedShift
  4. Space-Time Trade-Off -talking about CloudFront, ElastiCache, Direct Connect, RDS Read Replicas, etc...

15

Cost Optimization - in the cloud is composed of 4 areas

  1. Matched supply and demand
  2. Cost effective resources
  3. Expenditure awareness
  4. Optimizing over time

16

Cost Optimization - Best Practices - Matched supply and demand

  1. Don’t over provision / under provision - instead, autoscale with demand
  2. In server-less context, use services such as Lambda that only execute (or respond) when a request (demand) comes in
  3. CloudWatch can help you track your demand

17

Cost Optimization - Best Practices — Cost effective resources

  1. Use the correct instance type for your need (smaller can be more expensive if it runs longer)

18

Cost Optimization - Best Practices - Expenditure awareness

  1. Be aware of each team’s AWS account expenditures
  2. Use cost allocation tags to track this, billing alerts, and consolidate billing

19

Cost Optimization - Best Practices - Optimizing over time

  1. You should keep changes made to AWS and constantly re-evaluate your existing architecture
  2. You can do this by subscribing to the AWS blog
  3. Use services such as Trusted Advisor

20

Cost Optimization - Key AWS Services

  1. Matched supply and demand - Autoscaling
  2. Cost effective resources - EC2 (reserved instances), AWS Trusted Advisor
  3. Expenditure awareness - CloudWatch Alarms, SNS
  4. Optimizing over time - AWS Blog, AWS Trusted Advisor

21

Operational Excellence - There are three best practice areas for operational excellence in the cloud

  1. Preparation
  2. Operation
  3. Response

22

Operational Excellence - Best Practices: Preparation (part 1)

  1. Preparation drives operational excellence
  2. Checklists ensures that workloads are ready for production and prevent mistakes
  3. Workloads should have
    1. Runbacks - which offer guidance that operations teams can refer to for normal tasks
    2. Playbooks - which offer guidance to unexpected events (response plans, escalation paths, and stakeholder notification)
  4. AWS CloudFront
    1. Can be used to ensure environments contain all required resources, and that the configurations are correct based on tested best practices

23

Operational Excellence - Best Practices: Preparation (part 2)

  1. Auto Scaling
    1. Provide auto mated scaling mechanisms to respond to business related events that affect operations needs
  2. Tagging
    1. To make sure all resources in a workload can be easily identified when needed during responses
  3. Accurate Documentation
    1. Information can become stale and needs to be updated regularly and tested
    2. Should include:
      1. Application designs
      2. Environment configurations
      3. Resource configurations
      4. Response plans
      5. Mitigation plans

24

Operational Excellence - Best Practices: Preparation (part 3)

  1. Deployments
    1. CI / CD pipelines (e.g. source code repository, build systems deployment, testing automation)
    2. Release management - small changes, tested, incremental, & tracked
    3. Roll Back - revert without introducing operational issues or causing operational impact 

25

Operational Excellence - Best Practices: Operation

  1. Standardized, manageable, routine basis
  2. Automation, small changes, regular quality assurance testing
  3. Mechanisms to track, audit, roll back, and review changes
  4. Changes should not be large, infrequent, need scheduled downtime, or manual
  5. KPIs should be collected and reviewed
  6. Automation to failures
  7. Avoid manual processes for deployments, release management, changes, rollbacks
  8. Align monitoring to business needs
  9. Avoid ad hoc and non-centralized monitoring

26

Operational Excellence - Best Practices: Response

  1. Responses should be automated (mitigation, remediation, rollback, and recovery)
  2. Alerts should be timely, and invoke escalations when automated responses are not enough
  3. QA mechanisms should be in play to automatically roll back failed deployments
  4. Responses should follow a pre-defined playbook
  5. Escalation paths should be defined and include both functional and hierarchical escalation paths
  6. Hierarchical escalations should be automated
  7. Escalated priority should result in stakeholder notifications

27

Operational Excellence - AWS Key Services: Preparation

  1. Preparation
    1. AWS Config - provides detailed inventory of your AWS resources, configurations, and continuously records configuration changes
    2. Service Catalog - helps to create a standardized set of service offerings that are aligned to best practices
    3. Designing workloads to use automation with services like Auto Scaling, SQS

28

Operational Excellence - AWS Key Services: Operation

  1. Tools to manage and automate code changes to AWS workloads
    1. AWS CodeCommit
    2. AWS CodeDeploy
    3. ASW CodePipeline
  2. Use AWS SDKs to automate operatonal changes
  3. Use AWS CloudTrail to audit and track changes made to AWS environments

29

Operational Excellence - AWS Key Services: Response

  1. Response
    1. CloudWatch - for effective automated responses
    2. CloudWatch to set alerting and notification
    3. CloudWatch - to trigger automated response

30

Well-Architected Framework - What is the well-architected framework?

  1. A set of questions used to evaluate how well your architecture is aligned to AWS best practices
    1. Security
    2. Reliability
    3. Performance Efficiency
    4. Cost Optimization
    5. Operational Excellence

31

Well-Architected Framework - General Design Principles

  1. Stop guessing your capacity needs
  2. Test systems at production scale
  3. Automate to make architectural experimentation easier
  4. Allow for evolutionary architectures - it should be dynamic
  5. Data driven architectures
  6. Improve through game days - simulate production events

32

Security - Design Principles

  1. Apply security at all layers
  2. Enable traceability
  3. Automate responses to security events
  4. Focus on securing your system
  5. Automate security best practices

33

Reliability - Design principles

  1. Test recovery procedures
  2. Automatically recover from failure based on KPI monitoring
  3. Scale horizontally to increase aggregate system availability (scale system, replace large resources with smaller distributed resources)
  4. Stop guessing capacity

34

Performance Efficiency - Design principles

  1. Democratize advanced technologies - consume advanced services, instead of becoming an expert in them
  2. Go global in minutes
  3. User server-less architectures
  4. Experiment more often

35

Cost Optimization - Design principles

  1. Transparently attribute expenditures to users
  2. Use managed services to reduce cost of ownership
  3. Trade capital expense for operating expense
  4. Benefit from economies of scale
  5. Stop spending money on data center operations

36

Operational Excellence - Design principles

  1. Perform operations with code
  2. Align operation processes to business objectives (eg. How is operations meeting business needs)
  3. Make regular, small, incremental changes
  4. Test for responses to unexpected events
  5. Learn from operational events and failures
  6. Keep operations procedures current (documentation, runbacks, playbooks, procedures, etc..)