Exam Flashcards
What is CloudWatch?
- CloudWatch is used for monitoring performance.
- CloudWatch can monitor most of AWS as well as your applications that run on AWS.
- CloudWatch with EC2 will monitor events every 5 minutes by default.
- You can have 1 minute intervals by turning on detailed monitoring.
- You can create CloudWatch alarms which trigger notifications.
- CloudWatch is all about performance.
Multiple EC2 instances is called what?
EC2 Fleet
What is an AWS Systems Manager?
- Systems Manager is a piece of software used to manage fleets of EC2 instances and virtual machines.
- Can be both inside AWS and on premise.
- Run Command is used to install, patch, uninstall software
- Integrates with CloudWatch to give you a dashboard of your entire estate.
List the 6 Advantages of Cloud.
- Trade capital expense for variable expense
- Benefit from massive economies of scale
- Stop guessing about capacity
- Increase speed and agility
- Stop spending money running and maintaining data centers
- Go global in minutes
List the 3 Types of Cloud Computing.
- Infrastructure as a Service (IaaS) (ex. EC2)
- Platform as a Service (PaaS) (ex. Elastic Beanstalk)
- Software as a Service (SaaS) (ex. Gmail)
List the 3 Types of Cloud Computing Deployments
- Public Cloud - AWS, Azure, GCP
- Hybrid - Mixture of public and private
- Private Cloud (or On Premise) - You manage it, in your datacenter (ex. Openstack or Vmware)
Explain the difference between a region, an Availability Zone (AZ) and an Edge Location.
- A Region is a physical location in the world which consists of two or more Availability Zones (AZ’s)
- An Availability Zone is one or more discrete data centers, each with redundant power, networking and connectivity, housed in separate facilities
- Edge Locations are endpoints for AWS which are used for cashing content. Typically this consists of CloudFront, Amazon’s Content Delivery Network (CDN)
What is Amazon CloudFront and how does it work?
CloudFront is Amazon’s Content Delivery Network (CDN)
The first time a user requests a file it queries an edge location. If that file is not on that edge location
it will download it from the origin (such as an S3 bucket). The next time a user requests the file, that file will be at the edge location and can be accessed right away.
- Edge location - location where content will be cached (this is separate to an AWS Region or Availability Zone).
- Origin - the origin of the files that Amazon’s Content Delivery Network (CDN) will distribute. This can either be an S3 Bucket, an EC2 instance, an Elastic Load Balancer or Route 53
- Distribution - the name given to the CDN network and
consists of a collection of Edge Locations. There are two different types: 1) Web Distribution (websites), and 2) RTMP (media streaming)
How do you choose the right AWS Region?
- Data Sovereignty Laws (ex. regulatory restrictions on offshore data storage)
- Latency to end users
- AWS Services (not all services are available everywhere)
Explain the different AWS support packages available.
- Basic - Free
- Developer - $29 a month (scales based on usage)
- Business - $100 a month (scales based on usage)
- Enterprise - $15k a month (scales based on usage) - TAM, Technical Account Manager)
Exam Tip:
Billing Alerts or Billing Alarms will alert you automatically when a certain level of AWS spend has been reached. If you are learning AWS for the first time you should turn it on so that you don’t spend money without realizing it.
How can you access the AWS platform?
- Via the Console
- Programmatically (using command line)
- Using the Software Developers Kit (SDK)
IAM
IAM stands for Identity Access Management.
You don’t specify a region when dealing with IAM,
it’s global and when you create a user or
a group these are created globally.
What is a root account?
Your root account is the email address that you used to set up your AWS account. The root account always has full administrator access. You should never give these account credentials away to anyone instead you should be creating a user for each individual, individually, within your organization and you should always secure this root account using multi-factor authentication
What is a user group?
A group is simply a place to store your users. Your users will always inherit the permissions that the group has, example groups might be Developers, System Administrators, Humans Resources, Finance, et cetera.
And then to set the permissions in a group you need to create or attach a policy to that group.
What is a user group policy?
To set the permissions in a group you need to create or attach a policy to that group. Policies consist of Java Script Object Notation (or JSON) and these are referred to as key value pairs, and you’ll always have your keys such as name and then the values
What is Amazon S3?
- Object-based (i.e., allows you to upload files)
- Files can be from 0 Bytes to 5 TB
- There is unlimited storage
- Files are stored in Buckets
- S3 is a universal namespace, so names must be unique globally
- Not suitable to install an operating system on
- Successful uploads will generate a HTTP 200 status code
ex. https://selectedregion.amazonaws.com/bucket-name
List the Key Fundamentals of S3.
- Key (This is simply the name of the object)
- Value (This is simply the data and is made up of a sequence of bytes).
- Read after Write consistency for PUTS of new Objects
- Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate)
Explain the Consistency Model for Amazon S3.
If you put an object up in S3 immediately (new object), you’ll be able to read that new object straight away,
but if you update an object or delete an object it can take time to propagate, for example, if you update an object and you go to read it immediately you may get the old object or you may get the new object but if you wait a couple of seconds then you’ll get the newly uploaded object.
Amazon Buckets
- When you view your buckets, you view them globally but you can have buckets in individual regions.
- You can use bucket policies to make everything in S3 bucket public.
What is Cross Region Replication?
When you replicate the contents of one bucket to another bucket in another region, this is called Cross region replication.
For example, say you’ve got a bucket in US East 1 and you want to have a backup bucket in Sydney, as soon as you write that file to S3 it will be replicated automatically over to Sydney.
What is an S3 Transfer Acceleration?
Instead of uploading data directly to an S3 Bucket, data is uploaded to Edge Locations and then runs through Amazon’s dedicated cable network to the S3 Bucket
List the 6 different types of S3 storage classes.
- S3 Standard: gives you 99.99% availability and eleven 9’s durability. It’s stored across multiple availability zones and is designed to sustain
the loss of two facilities concurrently. - S3 - IA (Infrequently Accessed): this is for data that’s accessed less frequently but requires rapid access
when you need it, it’s lower than S3, but you are still charged a retrieval fee. - S3 One Zone - IA (Infrequently Accessed): low cost for infrequently accessed data and only uses one availability zones.
- S3 Intelligent Tiering: designed to optimize cost by using machine learning automatically moving your data to the most cost effective tier
- S3 Glacier: secure, durable and low-cost storage class for data archival, your retrieval time is configurable from minutes up to hours.
- S3 Glacier Deep Archive: lowest S3 cost storage class, retrieval time of 12 hours is acceptable.
What types of websites can you host in Amazon S3?
S3 can be used to host static websites such as .HTML.
However, websites that required database connections such as WordPress cannot be hosted with S3.
S3 scales automatically to meet our demand. Many enterprises will use static websites in S3 if they think there’s going to be a large number of requests (such as a movie preview for example).
Exam Tip:
- Edge Locations are not just read only, you can also write to them and you can put an object to them, which is what we looked at when we, were looking at transfer acceleration.
- Remember also that objects are cached for the
life of the Time To Live (TTL) and is always in seconds. You can clear cached objects from your Edge Locations but you will still be charged for the service.
What are the Case Severity / Response Times for each Support Plan level?
Basic - N/A
Developer
- General Guidance: < 24 business hours
- System Impaired: < 12 business hours
Business
- General Guidance: < 24 hours
- System Impaired: < 12 hours
- Production System Impaired: < 4 hours
- Production System Down: < 1 hour
Enterprise
- General Guidance: < 24 hours
- System Impaired: < 12 hours
- Production System Impaired: < 4 hours
- Production System Down: < 1 hour
- Business-Critical system Down: < 15 minutes
Explain the AWS Pricing Model.
On-Demand: pay by the hour
Reserved: contract terms of 1 or 3 years, the more you pay upfront the bigger the discount
Spot: allows you to bid whatever price that you want for instance capacity and if it hits your Spot price then it will provision the service for you, if the price goes up you lose instances but only pay for the minutes you use (but if you terminate the instance you pay for the full hour of usage)
Dedicated Hosts: physical servers dedicated just to you (really useful for server-bound software licenses)
List all the EC2 instance classes (remember Fight Doctor McPixie or FIGHT DR MCPXZ)
F is for FPGAs I is for IOPS G is for Graphics, H is for High Disk Throughput, T is for General Purpose, so that's what we've been using throughout the course T2 Micros D is for Density R is for Ram M is the main choice for general purpose apps, C if for Compute, P is for Graphics so think Pics, X is for Extreme Memory and Z is for Extreme Memory and CPU.
What is EBS?
An EBS volume is best described as a virtual hard-disk in the cloud. EBS is split into SSD as well as Magnetic Storage. SSD consists of two, so we’ve got General Purpose SSD this is referred to as GP2. And we then have Provisioned IOPS SSD, this is for very high performance SSD volumes so its often referred to as IO1. Then on our Magnetic we have Throughput Optimized so we have ST1, this is low cost hard disk volume designed for frequently accessed throughput-intensive workloads. We then have Cold Hard Disk Drive, this is the lowest cost Hard Disk Drive volume that are designed for less frequently accessed workloads so think of File Servers and then we also have Magnetic which is previous generations and will probably be phased out at some point.
What are common ports used in AWS
Linux SSH/22
Microsoft RDP: 3389
HTTP: 80
HTTPS: 443
Basically, to let everything in, we open up 0.0.0.0/0. If we just want one IP address in, we’re going to do the individual IP address and the a /32. Security Groups are basically virtual firewalls in the cloud.
What does it mean to design for failure?
Things fail all the time and you should always have one EC2 instance in each availability zone, so if there is a failure you’re not going to have an outage.
What is EC2?
Amazon Elastic Compute Cloud (Amazon EC2). EC2 is a compute service and requires a private key to connect to EC2. Storing credentials on our EC2 instance is probably not a good idea because if that EC2 instance is hacked, basically, people could use that credentials to access our AWS environment anywhere in the world.
List the three ways to interact with AWS
- Console
- Command Line Interface (CLI)
- Software Development Kit (SDK)
What is the difference between user roles and access keys?
Roles are much more secure than using access key IDs and secret access keys, and they’re much easier to manage. And you can apply a role to an EC2 instance at any time. When you do this, the change takes place immediately. Roles are universal. You do not have to specify what regions they’re in. Similar to users, they are a product of IAM, which is a global service.
List the three different flavors of load balancers.
- Layer 7 - make intelligent routing decisions, can see the traffic
- Network Load Balancers - static IP addresses, extreme performance
- Classic Load Balancers - low cost, test/dev
List the different types of AWS databases
RDS - (SQL/OLTP) or online transaction processing database. These consist of six different technologies
or database engines (Microsoft SQL Server, MySQL,
PostgreSQL, Oracle, Aurora, MariaDB).
DynamoDB - Amazon’s NoSQL database technology
Redshift (OLAP) - used for business intelligence or data warehousing, used for online analytics processing
ElastiCache - speed up performance of existing databases by caching very frequently used database queries, and it consists of two different types, Memcached and Redis.
Neptune - graph databases, highly scalable and highly available
What are the two key features of RDS?
When we started provisioning out RDS instances we have Multiple Availability Zones. This is used solely for disaster recovery. If you need to increase your performance you wanna use Read Replicas. So Multi-AZs for DR, Read Replicas is for performance.
What is autoscaling?
Autoscaling allows you to provision multiple EC2 instances behind a load balancer, and basically, it will automatically scale depending on your demand.
What is Amazon Route 53?
Amazon’s domain name system, or DNS service. It’s named that way after Route 66, the first interstate highway across America. The reason it’s called Route 53 is because DNS is on the port 53. Route 53 is global. It’s similar to IAM and S3. And you can use it to direct traffic all around the world, and you can even use it to register a domain name.
What is Elastic Beanstalk?
With Elastic Beanstalk you just, you basically upload your code. You don’t have to worry about the infrastructure that runs those applications. Basically, you upload your application. Elastic Beanstalk will automatically handle the details of capacity provisioning, load balancing, scaling, and application health monitoring. Essentially, developers use Elastic Beanstalk if they don’t know how to use AWS.
How does CloudFormation help you?
This helps you model and set up your AWS resources
so that you spend less time managing those resources
and more time focusing on your applications in AWS. And you just create a template. The template is a JSON template, and it describes all the AWS resources that you want, like your EC2 instances, RDS instances, et cetera, and then CloudFormation will take care of the provisioning and configuring of those resources.
You don’t need to individually go in and create and configure AWS resources yourself.
What is the difference between Elastic Beanstalk
and CloudFormation?
Both of them are free services, however, the resources that they provision underneath, such as EC2, are not free. And the main difference is Elastic Beanstalk
is limited in what it can provision, it’s not programmable. CloudFormation is, by far, the most flexible product, and it can provision almost any AWS service, and it’s completely programmable.
Which AWS services are global?
IAM - When you create a user, or a group, or a role, that is created globally. Route 53 CloudFront SNS SES
Which AWS services can be installed on premise?
Snowball Snowball Edge Storage Gateway CodeDeploy OpsWorks IoT Greengrass
What is CloudWatch
CloudWatch is used to monitor performance. CloudWatch can monitor most of AWS as well as your applications that run on AWS. CloudWatch with EC2 will monitor events every five minutes, by default, and you can have one-minute intervals by turning on detailed monitoring. And you can create CloudWatch alarms which trigger notifications. And CloudWatch is all about performance.
What is AWS Systems Manager?
Systems Manager can be used to manage fleets of EC2 instances and virtual machines. A piece of software is installed on each VM. This is sometimes referred to as an agent. And it can be both inside AWS as well as on premise. And then you can use the run command to install, patch, and uninstall software. And it integrates with CloudWatch to give you a dashboard of your entire estate.
What is AWS’ philosophy on billing and pricing?
You pay as you go, pay for what you use, pay less as you use more, and pay even less when you reserve capacity.
What is CapEx vs OpEx?
CapEx stands for capital expenditure, which is where you pay up front, and it’s fix sunk costs. So it’s like buying a server up front, or buying a whole bunch of servers, or buying network, switches or firewalls, or load balancers, et cetera.
OpEx stands for operational expenditure, which is where you pay for what you use (utility bills, electricity, gas, etc.)
What are the five basic pricing policies?
- Pay as you go:
- Pay less when you reserve
- Pay even less when using more per unit
- Pay less as AWS grows
- Custom Pricing
List the key pricing principles and best practices that are broadly applicable.
- Understand the fundamentals of pricing
- Start early with cost optimization (it’s easiest to put cost visibility and control mechanisms in place before the environment grows large and complex)
- Maximize the power of flexibility (cost savings by not paying for services that are not running)
- Use the right pricing model for the job
What are the three drivers of pricing/cost?
- Compute
- Storage
- Data Outbound (leaving AWS environment)
What services in AWS are free?
- Amazon VPC (Virtual Datacenter)
- Elastic Beanstalk (only services, not resources)
- CloudFormation (not resources it provisions)
- IAM
- AutoScaling(not resources it provisions)
- Opsworks (not resources it provisions)
- Consolidated Billing
What determines price?
- Clock hours of server time
- Instance Type
- Pricing Model
- Number of Instances
- Load Balancing Level
- Detailed Monitoring
- Auto Scaling (more EC2 instances you have the more you pay)
- Elastic IP Addresses
- Operating Systems and Software Packages
EC2 Pricing Models
On Demand - allows you to pay a fixed rate
by the hour or by the second with no commitment
Reserved - provides you with a capacity reservation and offers significant discount on the hourly charge for an instance, and your contract terms of one or three years
Spot - enables you to bid whatever price you want, for Instance capacity, which gives you a great amount of savings, but only if your application has a flexible start and end time. If your application always needs to be on always running, then you don’t want spots. So it’s where you might be doing things like batch processing or you can have the application run in the middle of the night when the prices of the cheapest. But then as soon as it comes 9 a.m. on a Monday morning, it’s stops.
Dedicated - a physical EC2 server that’s dedicated for your use. And dedicated host can help you reduce costs by allowing you to use your existing server bound software licenses
Exam Tip:
You can use EC2 reserved instances to reserve capacity and receive discounts on your instance usage,
compared to running on demand instances. And the more you pay up front, and the longer the contract term, the more you’re going to save.
The longer the contract term that you sign, and the more money you pay up front to AWS, the more you’re going to save versus on demand
What determines price for Lambda (Amazon Alexa)?
Request Pricing
- Free Tier: 1 million requests per month and $0.20 per 1 million requests thereafter
- Duration Pricing: 400,000 GB-seconds per month free, up to 3.2 million seconds of compute time
What is a tag in AWS Systems Manager?
A tag is metadata (data about data). It consists of a case-sensitive key-value pair. For example, you could define a tag with ‘key = Name’ and ‘value = Webserver.’ A copy of a tag can be applied to volumes, instances or both. Tags will be applied to all instances and volumes. Tags can be inherited.Tag Editor is a global services.
What is the difference between tags and groups?
Tags are global, groups are per region
What is a resource group?
Resource groups make it easy to group your resources using the tags that are assigned to them. You can group resources that share one or more tags.
What is CloudTrail?
CloudTrail monitors AWS Management Console actions and API calls in the AWS platform. Is a tool for auditing. CloudTrail works on a per AWS account basis and is enabled per region. And essentially, you can consolidate your logs using an S3 bucket. To do this, you need to turn CloudTrail on in the paying account, create a bucket and a bucket policy that allows cross account access, and then you turn CloudTrail on in the other accounts and you use the bucket in the paying accounts to log all your data.
Exam Tip:
You’re paying account should be used for billing purposes only, do not deploy resources into the paying account,
What is the default number of linked accounts you can have with consolidated billing?
You can actually only have 20 linked accounts only. It’s a soft limit so you can get them to increase it.
