Combined Study Flashcards Preview

SA-12-The Well Architected Framework > Combined Study > Flashcards

Flashcards in Combined Study Deck (36):

Protection - Privilege Management

  1. Access control lists (ACLs)
    1. How are you limiting automating access?
  2. Role-based access controls
    1. Are you defining roles/responsibilities for access
  3. Password management (and rotation)
    1. AWS Root Credentials (with MFA)?


Protection - Infrastructure Protection

  1. Physical infrastructure owned by AWS
  2. Customer responsible for VPC level protections
    1. Security Groups
    2. ACLs
    3. Traffic Routing / Subnets


Protection - Protection Questions


How are you enforcing network and host-level boundary protections?

  1. Security Groups
  2. ACLs
  3. Public / Private Subnets
  4. User Access Control
  5. Bastion Hosts
  6. EC2 instance locations


Protection - Protection Questions


How are you enforcing AWS service level protection?

  1. Console Restriction
  2. Groups 
  3. MFA enabled for users
  4. Password policy


Protection - Protection Questions


How are you protecting the integrity of the operating systems on your Amazon EC2 instance?

Anti-virus for windows


Protection - Detective Controls - Solutions

  1. CloudTrail - log all changes - enabled in each reach (regional service)
  2. CloudWatch - for environment usage
  3. AWS Config
  4. S3
  5. Glacier


Reliability - Reliability in the cloud consists of 3 areas:

  1. Foundations
    1. Understand the AWS service limits, these can gate your solution (these can be raised if needed)
  2. Change Management
    1. Be aware of how change affects your system so you can proactively work around it (e.g. CloudWatch to autoscale)
  3. Failure Management
    1. Always assume that failure will occur (monitor, response, plan to prevent)


Reliability - Key AWS Services

  1. Foundations
    1. IAM, VPC
  2. Change Management
    1. AWS CloudTrail
  3. Failure Management
    1. AWS CloudFormation


Performance Efficiency - in the cloud consists of 4 areas

  1. Compute
  2. Storage
  3. Database
  4. Space-time-trade-off


Performance Efficiency - Best Practices - Compute

Choose the right kind of server


Performance Efficiency - Best Practices - Storage

  1. Best storage solution depends on:
    1. Access method - Block, File or Object
    2. Pattens of Access - Random or Sequential
    3. Throughput Required
    4. Frequency of Access - can it be: Online, Offline, or Archival
    5. Frequency of Update - Worm, Dynamic
    6. Availability Constraints
    7. Durability Constraints
  2. At AWS storage is virtualized
    1. S3 - 11 x 9’s durability / cross region replication
    2. EBS - different storage mediums available


Performance Efficiency - Best Practices - Database

Best solution depends on requirements


Performance Efficiency - Best Practices -Space Time Trade Off

  1. RDS - to add read replicas to reduce the DB load and create multiple copies of DB. Also helps to lower latency.
  2. You can use Direct Connect to provide predictable latency between your HQ and AWS
  3. You can use Amazon’s global infrastructure to have multiple copies of your environment, in regions that are closest to your customer base
  4. You can use caching services (e.g. ElastiCache or CloudFront) to reduce latency


Performance Efficiency - Key AWS Services

  1. Compute - talking about Autoscaling
  2. Storage - talking about EBS, S3, Glacier
  3. Database - talking about RDS, DynamoDB, RedShift
  4. Space-Time Trade-Off -talking about CloudFront, ElastiCache, Direct Connect, RDS Read Replicas, etc...


Cost Optimization - in the cloud is composed of 4 areas

  1. Matched supply and demand
  2. Cost effective resources
  3. Expenditure awareness
  4. Optimizing over time


Cost Optimization - Best Practices - Matched supply and demand

  1. Don’t over provision / under provision - instead, autoscale with demand
  2. In server-less context, use services such as Lambda that only execute (or respond) when a request (demand) comes in
  3. CloudWatch can help you track your demand


Cost Optimization - Best Practices — Cost effective resources

  1. Use the correct instance type for your need (smaller can be more expensive if it runs longer)


Cost Optimization - Best Practices - Expenditure awareness

  1. Be aware of each team’s AWS account expenditures
  2. Use cost allocation tags to track this, billing alerts, and consolidate billing


Cost Optimization - Best Practices - Optimizing over time

  1. You should keep changes made to AWS and constantly re-evaluate your existing architecture
  2. You can do this by subscribing to the AWS blog
  3. Use services such as Trusted Advisor


Cost Optimization - Key AWS Services

  1. Matched supply and demand - Autoscaling
  2. Cost effective resources - EC2 (reserved instances), AWS Trusted Advisor
  3. Expenditure awareness - CloudWatch Alarms, SNS
  4. Optimizing over time - AWS Blog, AWS Trusted Advisor


Operational Excellence - There are three best practice areas for operational excellence in the cloud

  1. Preparation
  2. Operation
  3. Response


Operational Excellence - Best Practices: Preparation (part 1)

  1. Preparation drives operational excellence
  2. Checklists ensures that workloads are ready for production and prevent mistakes
  3. Workloads should have
    1. Runbacks - which offer guidance that operations teams can refer to for normal tasks
    2. Playbooks - which offer guidance to unexpected events (response plans, escalation paths, and stakeholder notification)
  4. AWS CloudFront
    1. Can be used to ensure environments contain all required resources, and that the configurations are correct based on tested best practices


Operational Excellence - Best Practices: Preparation (part 2)

  1. Auto Scaling
    1. Provide auto mated scaling mechanisms to respond to business related events that affect operations needs
  2. Tagging
    1. To make sure all resources in a workload can be easily identified when needed during responses
  3. Accurate Documentation
    1. Information can become stale and needs to be updated regularly and tested
    2. Should include:
      1. Application designs
      2. Environment configurations
      3. Resource configurations
      4. Response plans
      5. Mitigation plans


Operational Excellence - Best Practices: Preparation (part 3)

  1. Deployments
    1. CI / CD pipelines (e.g. source code repository, build systems deployment, testing automation)
    2. Release management - small changes, tested, incremental, & tracked
    3. Roll Back - revert without introducing operational issues or causing operational impact 


Operational Excellence - Best Practices: Operation

  1. Standardized, manageable, routine basis
  2. Automation, small changes, regular quality assurance testing
  3. Mechanisms to track, audit, roll back, and review changes
  4. Changes should not be large, infrequent, need scheduled downtime, or manual
  5. KPIs should be collected and reviewed
  6. Automation to failures
  7. Avoid manual processes for deployments, release management, changes, rollbacks
  8. Align monitoring to business needs
  9. Avoid ad hoc and non-centralized monitoring


Operational Excellence - Best Practices: Response

  1. Responses should be automated (mitigation, remediation, rollback, and recovery)
  2. Alerts should be timely, and invoke escalations when automated responses are not enough
  3. QA mechanisms should be in play to automatically roll back failed deployments
  4. Responses should follow a pre-defined playbook
  5. Escalation paths should be defined and include both functional and hierarchical escalation paths
  6. Hierarchical escalations should be automated
  7. Escalated priority should result in stakeholder notifications


Operational Excellence - AWS Key Services: Preparation

  1. Preparation
    1. AWS Config - provides detailed inventory of your AWS resources, configurations, and continuously records configuration changes
    2. Service Catalog - helps to create a standardized set of service offerings that are aligned to best practices
    3. Designing workloads to use automation with services like Auto Scaling, SQS


Operational Excellence - AWS Key Services: Operation

  1. Tools to manage and automate code changes to AWS workloads
    1. AWS CodeCommit
    2. AWS CodeDeploy
    3. ASW CodePipeline
  2. Use AWS SDKs to automate operatonal changes
  3. Use AWS CloudTrail to audit and track changes made to AWS environments


Operational Excellence - AWS Key Services: Response

  1. Response
    1. CloudWatch - for effective automated responses
    2. CloudWatch to set alerting and notification
    3. CloudWatch - to trigger automated response


Well-Architected Framework - What is the well-architected framework?

  1. A set of questions used to evaluate how well your architecture is aligned to AWS best practices
    1. Security
    2. Reliability
    3. Performance Efficiency
    4. Cost Optimization
    5. Operational Excellence


Well-Architected Framework - General Design Principles

  1. Stop guessing your capacity needs
  2. Test systems at production scale
  3. Automate to make architectural experimentation easier
  4. Allow for evolutionary architectures - it should be dynamic
  5. Data driven architectures
  6. Improve through game days - simulate production events


Security - Design Principles

  1. Apply security at all layers
  2. Enable traceability
  3. Automate responses to security events
  4. Focus on securing your system
  5. Automate security best practices


Reliability - Design principles

  1. Test recovery procedures
  2. Automatically recover from failure based on KPI monitoring
  3. Scale horizontally to increase aggregate system availability (scale system, replace large resources with smaller distributed resources)
  4. Stop guessing capacity


Performance Efficiency - Design principles

  1. Democratize advanced technologies - consume advanced services, instead of becoming an expert in them
  2. Go global in minutes
  3. User server-less architectures
  4. Experiment more often


Cost Optimization - Design principles

  1. Transparently attribute expenditures to users
  2. Use managed services to reduce cost of ownership
  3. Trade capital expense for operating expense
  4. Benefit from economies of scale
  5. Stop spending money on data center operations


Operational Excellence - Design principles

  1. Perform operations with code
  2. Align operation processes to business objectives (eg. How is operations meeting business needs)
  3. Make regular, small, incremental changes
  4. Test for responses to unexpected events
  5. Learn from operational events and failures
  6. Keep operations procedures current (documentation, runbacks, playbooks, procedures, etc..)