Everything Flashcards
idk i just want flashcards
1
Q
IaaS
A
Infrastructure as a Service - Most control, most setup
2
Q
PaaS
A
Platform as a Service - Middle ground of IaaS and SaaS
3
Q
SaaS
A
Software as a Service - Least control, least setup
4
Q
Regions
A
Cluster of Data Centers
5
Q
Availability Zone
A
Each region has between 3-6, completely isolated from each other.
6
Q
Shared Responsibility Model
A
Customer is responsible for security IN the cloud, Amazon is responsible for security of the cloud
Customer Ex: Customer data, access management (IAM), firewall configs, encryption, etc.)
Amazon Ex: Software (compute, storage, db, networking), regions, edge locations, etc.)
7
Q
IAM
A
Identity Access Management. How you control users in your AWS account
8
Q
Groups
A
Collection of users. Users can belong to multiple groups.
9
Q
Policies
A
Policies are applied to users/groups that dictates what they can/can’t do
10
Q
AWS Management Console
A
Web interface to manage AWS services and resources
11
Q
AWS Command Line Interface (CLI)
A
Alternative to AWS Management Console
12
Q
AWS Software Dev Kit (SDK)
A
Language specific API’s
13
Q
Access Key
A
~= Username
14
Q
Secret Access Key
A
~= Password
15
Q
IAM Best Practices
A
One AWS user = one person
Assign perm’s to groups, not individuals
Strong pswd policy + MFA
Access keys for CLI/SDK. Don’t share them!
16
Q
EC2
A
Resizable virtual serves in the cloud. Allows for customers to have serverless architecture
17
Q
Instance Types
A
General Purpose
Compute Optimized
Memory Optimized
Storage Optimized
18
Q
Security Groups
A
Control traffic in/out of EC2 instances (Like firewalls)
19
Q
Important Ports
A
21 - FTP
22 - SSH, SFTP
80 - HTTP
443 - HTTPS
3389 - RDP
20
Q
Reserved Instances
A
Bought for 1 or 3 years, long-term. Better discounts
21
Q
On-demand Instances
A
Good for short work loads, predictable pricing
22
Q
Convertable Reserved Instances
A
Like reserved, but can change instance type
23
Q
Spot Instances
A
Cheap instances that can be taken over by others willing to pay more. Cheapest, but unreliable
24
Q
Dedicated Host Instances
A
Booking an entire instance
25
EBS (Elastic Block Store) Volume
Block storage for EC2 Instances.
26
EBS Snapshots
Backup of an EBS Volume. Also how you 'restore' (move) EBS Volumes to other regions
27
AMI (Amazon Machine Image)
Customization of an EC2 instance. Add own software, config, OS, monitoring, etc.)
28
EC2 Image Builder
Automate creation of virtual machines or container images
29
EC2 Instance Store
Temporary storage for EC2, data lost on stop or terminate.
30
EFS (Elastic File System)
Scalable, shared file storage for EC2. Managed network file system, can be mounted to 100's of EC2 instances ACROSS AZ's
31
FSX
Windows native shared file system
32
Vertical Scalability
Increase size of an instance (non-distributed systems) Building tall in Civ
33
Horizontal Scalability
Increasing the amount of instances (distributed systems) Building wide in Civ
34
Elasticity
'Auto-scaling' to scale based on usage. Matching performance w/ needs
35
ELB (Elastic Load Balancer)
ELB directs traffic to available instances downstream to increase performance
36
4 Types of load balancers
1. Applications (Layer 7)
2. Network (Layer 4)
3. Gateway (Layer 3)
37
ASG (Auto Scale Groups)
Automatically scales EC2 Instances
38
ASG Scaling Strategies
1. Manual
2. Target Tracking - 'Want average ASG CPU @ 40%'
3. Simple/Step - 'If (x>7) add 2 units
4. Scheduled - Increase capacity @ certain time
5. Predictive - Uses machine learning to predict future traffic spikes/dips
39
S3
Scalable object storage for data.
40
S3 Buckets
Store objects (files) in buckets (directories/folders) on S3
41
S3 Objects
Files in S3
42
S3 Security
IAM Policies for users
Bucket policies or ACL (Access control lists) for resources
43
Bucket Policies
JSON Based
resource - what bucket to apply to
effect - allow/deny actions
principal - bucket to apply policy to
44
S3 Versioning
Save versions of files that are changed in S3
45
CRR (Cross-Region Replication) and SSR (Same-Region Replication)
Replicates object across/within region
46
S3 Storage Classes
6 Classes (Use cases listed for each)
1. General Purpose - Big data analytics, content distribution
2. Infrequent Access - Backups. Rapid access when needed
3. One Zone Infrequent - Secondary Backups
4. Glacier - Data accessed once per quarter
5. Glacier flexibile retrieval - idk
6. Glacier Deep Archive - Infrequent Access
47
Server-Side Encryption
Server encrypts file after receiving it (on by default)
48
IAM Access Analyzer for S3
Monitor bucket access
49
Snow Family
Portable devices to migrate data from on-premise locations to AWS.
Snowcone - Smaller
Snowball Edge - Bigger
50
Relational DB's
SQL. Links between DB's.
51
Non-Relational
No-SQL. Built for specific data models
52
RDS
Relational DB for SQL
53
Aurora
Cloud optimized for PostgreSQL and MySQL. More cost effective than RDS (proprietary)
54
ElastiCache
Managed in-memory caching service to make RDS databases run faster. Reduces load on main DB.
55
DynamoDB
NoSQL. Fully managed w/ replication across 3 AZ's w/ extremely low latency
56
Redshift
SQL. Managed data WAREHOUSE for big data analytics.
57
EMR (Elastic MapReduce)
Uses HADOOP to utilize clusters of EC2 instances to analyze data
58
Athena
Serverless query service for S3 data using SQL.
59
Quicksight
Create dashboards on data for user insights
60
DocumentDB
Implementation for MongoDB (NoSQL)
61
Neptune
Used for graph db's. (Ex: Wikipedia, social networking, etc.)
62
Timestream
Time series DB
63
Amazon QLDB
Ledger for recording financial transactions
64
Managed Blockchain
Hyperledger & Ethereum
65
Glue
ETL Service (prepare data for loading)
66
DMS
DB migration service, migrate DB's to other DB's.
Note: If you're migrating a linux machine that has a DB on it, you wouldn't use DMS. Instead, use application migration service. (You're migrating the Linux machine that HAS a DB, but not a DB itself)
67
Docker
Software dev tool to package apps to run on any OS
68
ECS (Elastic Container Service)
Launch docker containers on AWS
69
Fargate
Launch docker containers w/o needing to provision
70
ECR (Elastic Container Registry)
Store docker images to be run by ECR/Fargate
71
EKS
Kubernetes service
72
Lambda
For executing individual functions. Pay per request & compute time.
73
API Gateway
For if you want to build a serverless HTTP API
74
Batch
Fully managed batch processing server (Batch = function has a start and an end, not continuous)
75
Light sail
Pretty much easy option for people who don't wanna learn AWS. Servers, storage, DB's, networking, all centralized. For quick projects
76
Cloudformation
Automatically creates AWS infrastructure from your own templates. Infrastructure as code
77
CDK (Cloud Development Kit)
Way to write cloud infrastructure in a familiar coding language
78
Beanstalk
Developer centric view for putting all components together (EC2, ASG, ELR, RDS)
79
CodeDeploy
Automated deployment of applications to EC2 instances
80
CodeBuild
Compile, test, run, and output code on cloud for artifacts.
81
CodePipeline
Orchestrates steps to have code automatically pushed to production
82
CodeArtifact
Storing and retrieving artifacts (dependancies)
83
SSM (Systems Manager)
Help manage EC2 and on-premise servers at scale
84
Session Manager
Start secure shell w/o needing SSH for Ec2/On-prem servers
85
Route 53
Scalable DNS and domain name registration servers. Good for reducing latency/routing connections
86
Cloudfront
CACHING. Improves read performance by caching content globally on edge locations
87
S3 Transfer Acceleration
Increase transfer speed. File --> Edge location --> S3 Bucket
88
Global Accelerator
No caching, all content is passed through. Makes requests faster
89
Outposts
AWS infrastructure extension to on-premise environments
90
Local Zones
Smaller 'AZ' like zones, lets you connect to niche areas. Ex: Boston in US-EAST-1
91
Active-Passive v. Active-Active
Active-Passive. 2 Regions. 1 active, 1 passive (no writes)
Active-Active. 2 Regions 2 Actives (both read and write)
92
SQS (Simple Queue Service)
DECOUPLE. Serverless app to decouple applications
93
Kinesis
Real-time big data streaming
94
SNS
Send message to one SMS topic (hub) that then auto routes to right service
95
MQ
Managed broker service to get traditional apps running on AWS. (Old weird stuff)
96
Cloudwatch
Metrics for monitoring stuff like Cost, CPU Utilization, Status Checks, etc.)
97
CloudWatch logs
Real-time monitoring of logs
98
EventBridge
Scheduling cron jobs (scheduled scripts)
99
CloudTrail
Logs and monitors AWS account activity for governance and security
100
X-Ray
Visual analysis/tracing of applications for debugging
101
CodeGuru
Automated code reviews and application performance recommendations
102
Health Dashboard
Shows:
Service History (general info)
Your account (events that impacts you directly)
Can also aggregate data
103
VPC (Virtual Private Cloud)
Private network to deploy resources
104
NACL (Network access control list)
Filter traffic in/out of a SUBNET
105
VPC Flow Log
Captures network traffic data for VPC monitoring and analysis
106
VPC Peering
Connect two VPC's to talk to eachother
107
VPC Endpoints
Private connection between VPC and AWS services w/o using internet
108
Site-to-site
Connect on premise VPN to AWS (less private, fast)
109
Direct Connect (DX)
Physical connection to AWS (private, slow)
110
Client VPN
Connecting personal computer to your private network
111
Transit Gateway
Way to make a star topology instead of peering
112
AWS Shield Standard
Managed DDoS protection for applications
113
Other DDoS Protection
Shield Advanced, CloudFront, Route 53, WAF
114
AWS Network Firewall
Protect entire VPC (layers 3-7)
115
Firewall Manager
Managing VPC Security groups across multiple accounts
116
ACM (Certificate Manager)
Provision/manage SSL/TLS certificates
117
Secrets Manager
Secret managing in RDS
118
Artifact
Support internal or external audits. Important for stuff like HIPPA
119
Macie
Find/Protect sensitive data (PII, HIPPA, etc.)
120
GuardDuty
Machine learning to analyze various logs to detect/protect (Continuous monitoring)INse
121
Insepctor
Run automated security assessments on EC2, Lambda functions, or containers
122
Config
Helps record configuration changes over time
123
Security Hub
Aggregate alerts into one central hub
124
Detective
Identify the ROOT of security incidents
125
Access ANalyzer
Find out what resources are shared externally
126
Rekognition
Detect people or objects in images/videos
127
Polly
Turn text into speech
128
Translate
Translate into different languagesLex
129
Lex and Connect
Lex helps build chatbots. Connect invokes lambda functions for chatbots to use
130
Comprehend
NLP (natural Language Proccessing)
131
Sagemaker
Service to build a Machine Learning model
132
Forecast
Uses machine earning to report future sales forecasts
133
Kendra
Document searching to extract data from
134
Personalize
build apps w/ personalized product recommendations
135
Textract
Extract text from documents to give as data file
136
Organizations
Allows management of multiple AWS accounts by linking them together into one Organization. Shared billing and pricing discounts
137
Control Tower
Setup and govern multiple accounts w/ best practices
138
AWS RAM (Resource Access Manager)
Share resources across accounts (ex: reserved instances not in use on one account are transferred to another)
139
Service Catalog
Premade products that users can purchase
140
Pricing Models (4)
1. Pay as you go
2. Save when you reserve
3. Pay less by using more
4. Pay less as AWS grows
141
EC2 Pricing (Most to least expensive)
Dedicated --> On-Demand --> Reserved --> Spot
142
Lambda Pricing
Pay per call & duration
143
Compute Optimizer
Makes recommendations to reduce cost and inc. performance
144
Pricing Calc
Estimate cost for desired architecture
145
Billing Dashboard
See your bills
146
Cost allocation Tag
Apply tags to resources to see cost by category
147
Cost & Usage Report
Most comprehensive billing report
148
Trusted Advisor
High level AWS account assessment for cost saving
149
Support Plans (4)
Basic --> Business (24/7 support) --> Enterprise On-Ramp --> Enterprise (business critical support)
150
STS (Security Token Service)
Create temporary, limited privilege credentials to access resourcesC
151
Cognito
Way to manage users for a mobile/web app
152
Identity Center
SSO (Single Sign On) for all AWS accounts in your organization
153
Workspaces
Provision Windows or Linux desktops
154
App Stream 2.0
Deliver applications through web-browswer
155
AWS IoT Core
Connect IoT devices into AWS CloudE
156
lastic Transcoder
Convert media files into other formats in S3
157
AppSync
GraphQL
158
Amplify
Develop and deploy fullstack web/mobile apps
159
Application Composer
Visually design and build serverless apps
160
Device Farm
Test mobile/desktop apps across multitude of devices
161
Backup
Manage and automate backupsD
162
Disaster Recovery
Backup and Restore
163
Elastic Disaster Recovery
Recover DB's, apps, etc.)
164
DataSync
Incremental to move on premise to AWS
165
Application Discovery
Plan migration to AWS
166
Migration Evaluator
Data-driven business case to migrate to AWS
167
Migration hub
Central location to collect data
168
Fault Injection
Purposely try to fuck shit up to see if it still works
169
Step functions
Build serverless visual workflow
170
Ground Station
Control sattelites
171
Pinpoint
Marking and communication service (SMS)
172
Operational Excellence
Ability to run and monitor continusouyl
173
Security
Ability to protect information
174
Reliability
Ability to recover information
175
Performance Efficency
Ability to meet desired requirements
176
Cost Optimization
Ability to deliver at the lowest possible price
177
Sustainability
Ability to minimize environmental impacts and optimize over-time
178
Well-Architectured Tool
Way to check your architecture against the 6 pillars
179
AWS CAF (Cloud Adoption Framework)
How to leverage AWS
180
Business Perspective
Ensure cloud investments help company goals
181
People Perspective
Bridge between technhology and business
182
Governance Perspective
Orchestrate cloud strategies
183
Platform Perspective
Build enterprise, scalable platforms
184
Security Perspective
Achieve CIA (Confidentiality, Integrity, Availability)
185
Right Sizing
Start small b/c scaling up is easier than down. Making sure your systems match what performance you need
186
IQ
Quickly find a professional to help with your AWS projects (Like freelancing)
187
Re:Post
Forms, like stackoverflow
188
AMS (Managed Services)
Infrastructure and Application support by Amazon.
