Exam Prep Flashcards by Sean Ba

What type of cloud is Cloud services is used by a
single organization, not
exposed to the public?

Private Cloud

How well did you know this?

Not at all

Perfectly

What type of cloud is Cloud resources owned
and operated by a third party cloud service
provider delivered over
the Internet?

Public Cloud

How well did you know this?

Not at all

Perfectly

What type of cloud service is Keeping some servers on
premises and extend
some capabilities to the
Cloud?

Hybrid Cloud

How well did you know this?

Not at all

Perfectly

Is Elastic Beanstalk (on AWS):
- Software as a service
- Platform as a service
- Infrastructure as a service

Platform as a Service

How well did you know this?

Not at all

Perfectly

AWS has three pricing options, what are they?

Compute
Storage
Data transfer OUT of the Cloud:

How well did you know this?

Not at all

Perfectly

A ___ is one or more
discrete data centers with redundant power,
networking, and connectivity.

Availability Zone

How well did you know this?

Not at all

Perfectly

True or False: Users don’t have to belong to a group, and user can belong to multiple groups

True

How well did you know this?

Not at all

Perfectly

________ are people within your organization, and can be grouped

Users

How well did you know this?

Not at all

Perfectly

__________ define the
permissions of the users

Policies

How well did you know this?

Not at all

Perfectly

True or false: The least
privilege principle means that you should give as many permissions to the user as possible.

False: don’t give
more permissions than a user
needs

How well did you know this?

Not at all

Perfectly

Which tool enables you to access and manage AWS services
programmatically?

Amazon Software Development Kit (SDK)

How well did you know this?

Not at all

Perfectly

________ allows secure access to AWS using the CLI or SDK

Access Keys

How well did you know this?

Not at all

Perfectly

True or false: EC2 = Infrastructure as a Service

True

How well did you know this?

Not at all

Perfectly

Here is an EC2 instance type: “m5.2xlarge”

M Stands for?

: instance class

How well did you know this?

Not at all

Perfectly

Here is an EC2 instance type: “m5.2xlarge”

5 Stands for?

Generation (AWS improves them over time)

How well did you know this?

Not at all

Perfectly

Here is an EC2 instance type: “m5.2xlarge”

2xlarge Stands for?

size within the instance class

How well did you know this?

Not at all

Perfectly

What EC2 instance type is great for a diversity of workloads such as web servers or code repositories
* Balance between:
* Compute
* Memory
* Networking

EC2 Instance Types – General Purpose

How well did you know this?

Not at all

Perfectly

What EC2 instance type is great for compute-intensive tasks that require high performance
processors:
* Batch processing workloads
* Media transcoding
* High performance web servers
* High performance computing (HPC)
* Scientific modeling & machine learning
* Dedicated gaming servers

EC2 Instance Types – Compute Optimized

How well did you know this?

Not at all

Perfectly

What EC2 instance type is fast performance for workloads that process large data sets in memory
* Use cases:
* High performance, relational/non-relational databases
* Distributed web scale cache stores
* In-memory databases optimized for BI (business intelligence)
* Applications performing real-time processing of big unstructured data

EC2 Instance Types – Memory Optimized

How well did you know this?

Not at all

Perfectly

What EC2 instance type is great for storage-intensive tasks that require high, sequential read and write
access to large data sets on local storage
* Use cases:
* High frequency online transaction processing (OLTP) systems
* Relational & NoSQL databases
* Cache for in-memory databases (for example, Redis)
* Data warehousing applications
* Distributed file systems

EC2 Instance Types – Storage Optimized

How well did you know this?

Not at all

Perfectly

_________ control how traffic is allowed into or out of our EC2 Instances.

Security Groups

How well did you know this?

Not at all

Perfectly

True or False: Security groups only contain ‘do not allow’ rules

False

How well did you know this?

Not at all

Perfectly

What type of EC2 instance is recommended for short-term and un-interrupted workloads, where
you can’t predict how the application will behave

EC2 on demand

How well did you know this?

Not at all

Perfectly

What type of EC2 instance has the highest cost but no upfront payment

EC2 on demand

How well did you know this?

Not at all

Perfectly

What type of EC2 instance is recommended for steady-state usage applications (think database)

EC2 Reserved Instances

How well did you know this?

Not at all

Perfectly

What is the reservation period range for EC2 Reserved

1 year (+discount) or 3 years (+++discount)

How well did you know this?

Not at all

Perfectly

What is the EC2 instance plan where you commit to a certain type of usage ($10/hour for 1 or 3 years)

Savings Plan

How well did you know this?

Not at all

Perfectly

What happens when you have an EC2 savings plan and you have usage beyond the plan? Whats the billing plan?

Usage beyond EC2 Savings Plans is billed at the On-Demand price

How well did you know this?

Not at all

Perfectly

What is the MOST cost-efficient instances in AWS

EC2 Spot Instances

How well did you know this?

Not at all

Perfectly

_______ are instances that you can “lose” at any point of time if your max price is less than the
current spot price

EC2 Spot Instances

How well did you know this?

Not at all

Perfectly

___________ is a physical server with EC2 instance capacity fully dedicated to your use

EC2 dedicated host

How well did you know this?

Not at all

Perfectly

What are the purchasing options for dedicated host servers?

On-demand – pay per second for active Dedicated Host
Reserved - 1 or 3 years (No Upfront, Partial Upfront, All Upfront)

How well did you know this?

Not at all

Perfectly

What is the most expensive option for an EC2 payment plan?

Dedicated Host Servers

How well did you know this?

Not at all

Perfectly

What EC2 purchasing option is Reserved On-Demand instances capacity in a specific AZ for any duration

“EC2 Capacity Reservations”

How well did you know this?

Not at all

Perfectly

a _________ is a network drive you can attach
to your instances while they run

EBS (Elastic Block Store) Volume

How well did you know this?

Not at all

Perfectly

True or False: EBS Volumes can only be mounted to one instance at a time

True

How well did you know this?

Not at all

Perfectly

True or False: EBS Volumes can be tied to multiple availability zones

False, They can be tied to a single availability zone

How well did you know this?

Not at all

Perfectly

What storage option makes a backup (snapshot) of your EBS volume at a point in time?

EBS Snapshot

How well did you know this?

Not at all

Perfectly

What does AMI stand for?

Amazon Machine Image

How well did you know this?

Not at all

Perfectly

What storage option is a customization of an EC2 instance?
* You add your own software, configuration, operating system, monitoring…
* Faster boot / configuration time because all your software is pre-packaged

Amazon Machine Image (AMI)

How well did you know this?

Not at all

Perfectly

What storage tool is used to automate the creation of Virtual Machines or container images

EC2 Image Builder

How well did you know this?

Not at all

Perfectly

What storage tool for EBS volumes are network drives with good but “limited” performance?

EC2 Instance Store

How well did you know this?

Not at all

Perfectly

What storage tool is a managed NFS (network file system) that can be mounted on 100s of EC2

Elastic File System (EFS)

How well did you know this?

Not at all

Perfectly

What storage class is cost-optimized for files not
accessed every day?

EFS Infrequent Access (EFS-IA)

How well did you know this?

Not at all

Perfectly

A fully managed, highly reliable, and scalable Windows native shared file system
* Built on Windows File Server

Amazon FSx for Windows File Server

How well did you know this?

Not at all

Perfectly

Manages high-performance, scalable file storage for High Performance Computing (HPC)

Amazon FSx for Lustre

How well did you know this?

Not at all

Perfectly

What are the two kinds of scalability?

Vertical Scalability
Horizontal Scalability (= elasticity)

How well did you know this?

Not at all

Perfectly

_________ means that an application / system can handle greater loads
by adapting

Scalability

How well did you know this?

Not at all

Perfectly

What type of scalability means increasing the size
of the instance

Vertical

How well did you know this?

Not at all

Perfectly

What type of scalability means increasing the number of instances / systems for your
application?

Horizontal

How well did you know this?

Not at all

Perfectly

_____ availability means running
your application / system in at
least 2 Availability Zones

High Availability

How well did you know this?

Not at all

Perfectly

The goal of high availability is to
survive a _______

data center loss
(disaster)

How well did you know this?

Not at all

Perfectly

Is this an example of high availability or vertical scaling:
Run instances for the same application across multi AZ

High Availability

How well did you know this?

Not at all

Perfectly

__________ is ability to accommodate a larger load by making the hardware
stronger (scale up), or by adding nodes (scale out)

Scalability

How well did you know this?

Not at all

Perfectly

__________ means that there will be
some “auto-scaling” so that the system can scale based on the load. This
is “cloud-friendly”: pay-per-use, match demand, optimize costs

Elasticity

How well did you know this?

Not at all

Perfectly

_________ means new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes.

agility

How well did you know this?

Not at all

Perfectly

__________ are servers that forward internet traffic to multiple
servers (EC2 Instances) downstream.

Load Balancer

How well did you know this?

Not at all

Perfectly

What type of load balancer has the characteristics below:
* HTTP / HTTPS / gRPC
protocols (Layer 7)
* HTTP Routing features
* Static DNS (URL)

Application Load Balancer

How well did you know this?

Not at all

Perfectly

What type of load balancer has the characteristics below:
* TCP / UDP protocols
(Layer 4)
* High Performance: millions of
request per seconds
* Static IP through Elastic IP

Network Load Balancer

How well did you know this?

Not at all

Perfectly

What type of load balancer has the characteristics below:
* GENEVE Protocol on
IP Packets (Layer 3)
* Route Traffic to Firewalls that
you manage on EC2 Instances
* Intrusion detection

Gateway Load Balancer

How well did you know this?

Not at all

Perfectly

The goal of an ___________ is to:
* Scale out (add EC2 instances) to match an increased load
* Scale in (remove EC2 instances) to match a decreased load
* Ensure we have a minimum and a maximum number of machines running
* Automatically register new instances to a load balancer
* Replace unhealthy instances

Auto Scaling Group (ASG)

How well did you know this?

Not at all

Perfectly

What scaling strategy is when you scale an Auto Scaling Group Manually?

Manual Scaling

How well did you know this?

Not at all

Perfectly

What type of scaling strategy is the behavior below?
* When a CloudWatch alarm is triggered (example CPU > 70%), then add 2 units
* When a CloudWatch alarm is triggered (example CPU < 30%), then remove 1

Simple / Step Scaling

How well did you know this?

Not at all

Perfectly

What type of scaling strategy is the behavior below?
* Example: I want the average ASG CPU to stay at around 40%

Target Tracking Scaling

How well did you know this?

Not at all

Perfectly

What type of scaling strategy is the behavior below?
* Anticipate a scaling based on known usage patterns
* Example: increase the min. capacity to 10 at 5 pm on Fridays

Scheduled Scaling

How well did you know this?

Not at all

Perfectly

What type of scaling strategy is the behavior below?
* Uses Machine Learning
to predict future traffic
ahead of time
* Automatically
provisions the right
number of EC2
instances in advance

Predictive Scaling

How well did you know this?

Not at all

Perfectly

S3 buckets are defined at what level?

Region Level

How well did you know this?

Not at all

Perfectly

What is the below path called in S3?
* s3://my-bucket/my_folder1/another_folder/my_file.txt

The ‘key’

How well did you know this?

Not at all

Perfectly

________ are bucket wide rules from the S3 console - allows cross account

Bucket policies

How well did you know this?

Not at all

Perfectly

True or false: It is best practice to version your buckets

True

How well did you know this?

Not at all

Perfectly

Is this an example of durability or availability?

If you store 10,000,000 objects with Amazon S3, you can on average expect to
incur a loss of a single object once every 10,000 years
* Same for all storage classes

Durability

How well did you know this?

Not at all

Perfectly

is the below an example of durability or availability?

Measures how readily available a service is
* Varies depending on storage class
* Example: S3 standard has 99.99% availability = not available 53 minutes a year

Availability

How well did you know this?

Not at all

Perfectly

What S3 Storage Class has the below characteristics?

99.99% Availability
Used for frequently accessed data
Low latency and high throughput
Sustain 2 concurrent facility failures

S3 Standard – General Purpose

How well did you know this?

Not at all

Perfectly

What S3 Storage Class has the below characteristics?

For data that is less frequently accessed, but requires rapid access when needed

S3 Storage Classes – Infrequent Access

How well did you know this?

Not at all

Perfectly

What S3 Storage Class has the below characteristics?

Low-cost object storage meant for archiving / backup
Pricing: price for storage + object retrieval cost

Amazon S3 Glacier Storage Classes

How well did you know this?

Not at all

Perfectly

What S3 Storage Class has the below characteristics?

Small monthly monitoring and auto-tiering fee
Moves objects automatically between Access Tiers based on usage
There are no retrieval charges in S3 Intelligent-Tiering

S3 Intelligent Tiering

How well did you know this?

Not at all

Perfectly

What S3 storage class has the below use case?

Use Cases: Big Data analytics, mobile & gaming applications, content
distribution…

S3 General Purpose

How well did you know this?

Not at all

Perfectly

What S3 storage class has the below use case?

High durability (99.999999999%) in a single AZ; data lost when AZ is destroyed
99.5% Availability
Use Cases: Storing secondary backup copies of on-premise data, or data you can recreate

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

How well did you know this?

Not at all

Perfectly

What S3 storage class has the below use case?
* * For data that is less frequently accessed, but requires rapid access when needed
* 99.9% Availability
* Use cases: Disaster Recovery, backups

Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

How well did you know this?

Not at all

Perfectly

What S3 storage class has the below use case?

Low-cost object storage meant for archiving / backup
Pricing: price for storage + object retrieval cost
Standard (12 hours), Bulk (48 hours)
Minimum storage duration of 180 days

Amazon S3 Glacier Deep Archive – for long term storage:

How well did you know this?

Not at all

Perfectly

What S3 storage class has the below use case?

Low-cost object storage meant for archiving / backup
Pricing: price for storage + object retrieval cost
Expedited (1 to 5 minutes), Standard (3 to 5 hours), Bulk (5 to 12 hours) – free
Minimum storage duration of 90 days

Amazon S3 Glacier Flexible Retrieval (formerly Amazon S3 Glacier):

How well did you know this?

Not at all

Perfectly

What S3 storage class has the below use case?

Low-cost object storage meant for archiving / backup
Pricing: price for storage + object retrieval cost
Millisecond retrieval, great for data accessed once a quarter
Minimum storage duration of 90 days

Amazon S3 Glacier Instant Retrieval

How well did you know this?

Not at all

Perfectly

What are the S3 Intelligent-Tiering tiers?

Frequent Access tier (automatic): default tier
Infrequent Access tier (automatic): objects not accessed for 30 days
Archive Instant Access tier (automatic): objects not accessed for 90 days
Archive Access tier (optional): configurable from 90 days to 700+ days
Deep Archive Access tier (optional): config. from 180 days to 700+ days

How well did you know this?

Not at all

Perfectly

_______ are offline devices to perform data migrations

AWS Snow

How well did you know this?

Not at all

Perfectly

What AWS Snow feature has the below characteristics:
* Small, portable computing, anywhere, rugged &
secure, withstands harsh environments.
* Device used for edge computing, storage, and data
transfer
* 8 TBs of usable storage

AWS Snowcone

How well did you know this?

Not at all

Perfectly

What AWS Snow feature has the below characteristics:
* Physical data transport solution: move TBs or PBs of data in or out
of AWS
* Alternative to moving data over the network (and paying network
fees)
* Pay per data transfer job * Provide block storage and Amazon S3
-compatible object storage
* 80 TB of HDD capacity for block volume and s3 compatible object storage

Snowball Edge

How well did you know this?

Not at all

Perfectly

What AWS Snow feature has the below characteristics:
* Transfer exabytes of data (1 EB = 1,000 PB = 1,000,000 TBs)

AWS Snowmobile

How well did you know this?

Not at all

Perfectly

What software do you install on your computer / laptop) to
manage your Snow Family Devices?

AWS OpsHub

How well did you know this?

Not at all

Perfectly

What AWS Service has the below characteristics?
* Bridge between on-premise data and cloud
data in S3
* Hybrid storage service to allow on- premises to seamlessly use the AWS Cloud
* Use cases: disaster recovery, backup & restore, tiered storage

AWS Storage Gateway

How well did you know this?

Not at all

Perfectly

What does AWS RDS stand for?

Relational Database Service

How well did you know this?

Not at all

Perfectly

Can you scale vertically with RDS?

Yes, and horizontally

How well did you know this?

Not at all

Perfectly

What type of aws database has the following characteristics?
* It’s a managed DB service for DB use SQL as a query language.

RDS

How well did you know this?

Not at all

Perfectly

True or false: Amazon RDS can only be in one region.

False. It can be in many regions for disaster recovery purposes.

How well did you know this?

Not at all

Perfectly

What type of aws database has the following characteristics?
* “AWS cloud optimized” and claims 5x performance improvement over MySQL on RDS, over 3x the performance of Postgres on RDS
*

Aurora

How well did you know this?

Not at all

Perfectly

What type of aws database has the following characteristics?
* * Caches are in-memory databases with high performance, low latency
* Helps reduce load off databases for read intensive workloads
* AWS takes care of OS maintenance / patching, optimizations, setup,
configuration, monitoring, failure recovery and backups

ElastiCache

How well did you know this?

Not at all

Perfectly

What type of aws database has the following characteristics?
* Fully Managed Highly available with replication across 3 AZ
* NoSQL database - not a relational database
* Scales to massive workloads, distributed “serverless” database
* Millions of requests per seconds, trillions of row, 100s of TB of storage
* Fast and consistent in performance
* Single-digit millisecond latency – low latency retrieval
* Integrated with IAM for security, authorization and administration
* Low cost and auto scaling capabilities
* Standard & Infrequent Access (IA) Table Class

DynamoDB

How well did you know this?

Not at all

Perfectly

What type of aws database has the following characteristics?
* Fully Managed in-memory cache for DynamoDB
* 10x performance improvement – single- digit millisecond latency to microseconds latency – when accessing your DynamoDB
tables
* Secure, highly scalable & highly available

DynamoDB Accelerator - DAX

How well did you know this?

Not at all

Perfectly

What type of aws database has the following characteristics?
* It’s OLAP – online analytical processing (analytics and data warehousing)
* Load data once every hour, not every second
* 10x better performance than other data warehouses, scale to PBs of data
* Columnar storage of data (instead of row based)
* Massively Parallel Query Execution (MPP), highly available
* Pay as you go based on the instances provisioned
* Has a SQL interface for performing the queries
* BI tools such as AWS Quicksight or Tableau integrate with it

Redshift

How well did you know this?

Not at all

Perfectly

What type of aws database has the following characteristics?
* helps creating Hadoop clusters (Big Data) to analyze and process
vast amount of data
* The clusters can be made of hundreds of EC2 instances
* Also supports Apache Spark, HBase, Presto, Flink…
* EMR takes care of all the provisioning and configuration
* Auto-scaling and integrated with Spot instances
* Use cases: data processing, machine learning, web indexing, big data

EMR stands for “Elastic MapReduce”

What type of aws database has the following characteristics?
*Serverless query service to analyze data stored in Amazon S3
* Uses standard SQL language to query the files
* Supports CSV, JSON, ORC, Avro, and Parquet (built on Presto)
* Pricing: $5.00 per TB of data scanned
* Use compressed or columnar data for cost-savings (less scan)

Amazon Athena

What type of aws database has the following characteristics?
*Serverless machine learning-powered business intelligence service to
create interactive dashboards
* Fast, automatically scalable, embeddable, with per-session pricing
* Use cases:
* Business analytics
* Building visualizations
* Perform ad-hoc analysis
* Get business insights using data
* Integrated with RDS, Aurora,
Athena, Redshift, S3…

Amazon QuickSight

What type of aws database has the following characteristics?
* MongoDB is used to store, query, and index JSON data
* Similar “deployment concepts” as Aurora
* Fully Managed, highly available with replication across 3 AZ

DocumentDB

What database has the use case below:
* Use cases: data processing, machine learning, web indexing, big data…

Amazon EMR

What database service offers the below use cases:
* Use cases: Business intelligence / analytics / reporting, analyze &
query VPC Flow Logs, ELB Logs, CloudTrail trails, etc…

Amazon Athena

What type of aws database has the following characteristics?
Fully managed graph database
* A popular graph dataset would be a social network
* Users have friends
* Posts have comments
* Comments have likes from users * Users share and like posts…
* Highly available across 3 AZ, with up to 15 read replicas
* Build and run applications working with highly connected
datasets
– optimized for these complex and hard queries
* Can store up to billions of relations and query the graph with
milliseconds latency
* Highly available with replications across multiple AZs

Amazon Neptune

What type of aws database has the following characteristics?
*A ledger is a book recording financial transactions
* Fully Managed, Serverless, High available, Replication across 3 AZ
* Used to review history of all the changes made to your application data over time
* Immutable system: no entry can be removed or modified, cryptographically verifiable
* 2-3x better performance than common ledger blockchain frameworks, manipulate data using SQL
* Difference with Amazon Managed Blockchain: no decentralization component, in accordance with
financial regulation rules

Amazon QLDB - Quantum Ledger Database

What type of aws database has the following characteristics?
* makes it possible to build applications where multiple parties can execute transactions without the need for a trusted, central authority.
* Join public blockchain networks
* Or create your own scalable private network

Amazon Managed Blockchain

What type of aws database has the following characteristics?
* Managed extract, transform, and load (ETL) service
* Useful to prepare and transform data for analytics * Fully serverless service

AWS Glue

What database service has the below use cases:
* Great for knowledge graphs (Wikipedia), fraud detection,
recommendation engines, social networking

Amazon Neptune

What AWS compute offering has the below characteristics:
* Launch Docker containers on
AWS
* You must provision & maintain
the infrastructure (the EC2
instances)
* AWS takes care of starting /
stopping containers
* Has integrations with the
Application Load Balancer

Amazon ECS (Elastic Container Service)

What AWS compute offering has the below characteristics:
* Launch Docker containers on
AWS
* You do not provision the
infrastructure (no EC2 instances
to manage)
– simpler!
* Serverless offering * AWS just runs containers for
you based on the CPU / RAM
you need

Amazon Fargate

What AWS compute offering has the below characteristics:

Private Docker Registry on
AWS
This is where you store your
Docker images so they can
be run by ECS or Fargate

ECR - Elastic Container Registry

True or false:

The benefits of AWS Lambda are below:
Virtual Servers in the Cloud
Limited by RAM and CPU
Continuously running
Scaling means intervention to add / remove servers

False. This is EC2

True or False:

About AWS lambda:
-Pay per request and compute time

True

What AWS Service has the following characteristics:

Fully managed service for developers to easily create, publish, maintain,
monitor, and secure APIs
Serverless and scalable
Supports RESTful APIs and WebSocket APIs
Support for security, user authentication, API throttling, API keys, monitoring…

AWS API Gateway

What AWS service has the following characteristics:

Fully managed batch processing at any scale
Efficiently run 100,000s of computing batch jobs on AWS
A “batch” job is a job with a start and an end (opposed to continuous)
Batch will dynamically launch EC2 instances or Spot Instances
AWS Batch provisions the right amount of compute / memory
You submit or schedule batch jobs and AWS Batch does the rest!
Batch jobs are defined as Docker images and run on ECS
Helpful for cost optimizations and focusing less on the infrastructure

AWS Batch

What AWS service has the following characteristics:

Virtual servers, storage, databases, and networking
Low & predictable pricing
Simpler alternative to using EC2, RDS, ELB, EBS, Route 53…
Great for people with little cloud experience!

Amazon Lightsail

________ is a declarative way of outlining your AWS
Infrastructure, for any resources (most of them are supported)

Cloudformation

What amazon service offers the below characteristics:

Define your cloud infrastructure using a familiar language:
* JavaScript/TypeScript, Python, Java, and .NET

You can therefore deploy infrastructure and application runtime code together
* Great for Lambda functions
* Great for Docker containers in ECS / EKS

AWS Cloud Development Kit (CDK)

Managed service
* Instance configuration / OS is handled by __________
* Deployment strategy is configurable but performed by _____________
* Capacity provisioning
* Load balancing & auto-scaling
* Application health-monitoring & responsiveness
* Just the application code is the responsibility of the developer

Beanstalk

We want to deploy our application
automatically
* Works with EC2 Instances
* Works with On-Premises Servers
* Hybrid service
* Servers / Instances must be provisioned
and configured ahead of time with _______________

AWS CodeDeploy

Before pushing the application code to servers, it needs to be stored somewhere
* Developers usually store code in a repository, using the Git technology
* A famous public offering is GitHub, AWS’ competing product is _________________
* ____________
* Source-control service that hosts Git-based repositories
* Makes it easy to collaborate with others on code
* The code changes are automatically versioned
* Benefits:
* Fully managed
* Scalable & highly available
* Private, Secured, Integrated with AWS

CodeCommit

What is the below AWS service:
* Compiles source code, run tests, and produces packages that are ready to be deployed (by CodeDeploy for example)

Benefits:
* Fully managed, serverless
* Continuously scalable & highly available
* Secure
* Pay-as-you-go pricing – only pay for the build time

AWS codebuild

What is the below AWS Service:

Orchestrate the different steps to have the code automatically pushed to production
Code => Build => Test => Provision => Deploy
Basis for CICD (Continuous Integration & Continuous Delivery)
Benefits:
Fully managed, compatible with CodeCommit, CodeBuild, CodeDeploy, Elastic Beanstalk,
CloudFormation, GitHub, 3rd-party services (GitHub…) & custom plugins…
Fast delivery & rapid updates

AWS CodePipeline

______________ is a secure, scalable, and cost-effective artifact
management for software development
* Works with common dependency management tools such as Maven,
Gradle, npm, yarn, twine, pip, and NuGet
* Developers and CodeBuild can then retrieve dependencies straight from _____________

CodeArtifact

What is the below AWS Service:
* Unified UI to easily manage software development activities in one place
* “Quick way” to get started to correctly set-up CodeCommit, CodePipeline,
CodeBuild, CodeDeploy, Elastic Beanstalk, EC2, etc…

AWS CodeStar

______________ is a cloud IDE (Integrated
Development Environment) for writing, running
and debugging code
* “Classic” IDE (like IntelliJ, Visual Studio Code…)
are downloaded on a computer before being
used
* A cloud IDE can be used within a web browser,
meaning you can work on your projects from
your office, home, or anywhere with internet
with no setup necessary
* ____________ also allows for code collaboration
in real
-time (pair programming)

AWS Cloud9

What AWS Service is below:

Helps you manage your EC2 and On-Premises systems at scale
Another Hybrid AWS service
Get operational insights about the state of your infrastructure
Suite of 10+ products
Most important features are:
Patching automation for enhanced compliance
Run commands across an entire fleet of servers
Store parameter configuration with the SSM Parameter Store
Works for both Windows and Linux OS

AWS Systems Manager - SSM

_________ Allows you to start a secure shell on your EC2 and
on-premises servers
* No SSH access, bastion hosts, or SSH keys needed
* No port 22 needed (better security)
* Supports Linux, macOS, and Windows
* Send session log data to S3 or CloudWatch Logs

Systems Manager – SSM Session Manager

Chef & Puppet help you perform server configuration automatically, or repetitive actions
They work great with EC2 & On-Premises VM
_________ = Managed Chef & Puppet
It’s an alternative to AWS SSM
Only provision standard AWS resources:
EC2 Instances, Databases, Load Balancers, EBS volumes…
In the exam: Chef or Puppet needed => AWS OpsWorks

AWS OpsWorks

A_________ is an application deployed in multiple geographies

global application

_____________is the time it takes for a network packet to reach a server

Latency

*_________ is a Managed DNS (Domain Name System)
* DNS is a collection of rules and records which helps clients understand
how to reach a server through URLs.

Route53

What AWS service offers the below characteristics:

Content Delivery Network (CDN)
Improves read performance, content
is cached at the edge
Improves users experience
216 Point of Presence globally (edge
locations)
DDoS protection (because
worldwide), integration with Shield,
AWS Web Application Firewall

Amazon CloudFront

What AWS Service has the following characteristics:

Increase transfer speed by transferring file to an AWS edge location
which will forward the data to the S3 bucket in the target region

S3 Transfer Acceleration

What AWS service has the following characteristics:

*Improve global application availability
and performance using the AWS
global network
* Leverage the AWS internal network
to optimize the route to your
application (60% improvement)
* 2 Anycast IP are created for your
application and traffic is sent through
Edge Locations
* The Edge locations send the traffic to
your application

AWS Global Accelerator

What is the difference between AWS Global Accelerator vs CloudFront?

They both use the AWS global network and its edge locations around the world
* Both services integrate with AWS Shield for DDoS protection.
* CloudFront – Content Delivery Network
* Improves performance for your cacheable content (such as images and videos)
* Content is served at the edge
* Global Accelerator
* No caching, proxying packets at the edge to applications running in one or more AWS Regions.
* Improves performance for a wide range of applications over TCP or UDP
* Good for HTTP use cases that require static IP addresses
* Good for HTTP use cases that required deterministic, fast regional failover

What AWS offering is the below?

Hybrid Cloud: businesses that keep an on
premises infrastructure alongside a cloud
infrastructure
Therefore, two ways of dealing with IT systems: * One for the AWS cloud (using the AWS console,
CLI, and AWS APIs)
One for their on
-premises infrastructure
__________ are “server racks” that offers the
same AWS infrastructure, services, APIs & tools
to build your own applications on
-premises just as in the clou

AWS Outposts

________are infrastructure deployments embedded within the telecommunications providers’
datacenters at the edge of the 5G networks
* Brings AWS services to the edge of the 5G networks
* Example: EC2, EBS, VPC…
* Ultra-low latency applications through 5G networks
* Traffic doesn’t leave the Communication Service
Provider’s (CSP) network
* High-bandwidth and secure connection to the parent AWS Region
* No additional charges or service agreements
* Use cases: Smart Cities, ML-assisted diagnostics, Connected Vehicles, Interactive Live Video Streams, AR/VR,
Real-time Gaming, …

WaveLength Zones

________ Places AWS compute, storage, database, and other selected AWS services closer
to end users to run latency-sensitive applications
* Extend your VPC to more locations – “Extension of an AWS Region”
* Compatible with EC2, RDS, ECS, EBS, ElastiCache, Direct Connect …

AWS Local Zones

What is the below AWS application:

Oldest AWS offering (over 10 years old)
* Fully managed service (~serverless), use to decouple applications
* Scales from 1 message per second to 10,000s per second
* Default retention of messages: 4 days, maximum of 14 days
* No limit to how many messages can be in the queue
* Messages are deleted after they’re read by consumers
* Low latency (<10 ms on publish and receive)
* Consumers share the work to read messages & scale horizontally

Amazon SQS – Simple Queue Service

_____ = real-time big data streaming
* Managed service to collect, process, and analyze real-time streaming
data at any scale
* Too detailed for the Cloud Practitioner exam but good to know:
* _______ Data Streams: low latency streaming to ingest data at scale from hundreds of thousands of sources
* _________ Data Firehose: load streams into S3, Redshift, ElasticSearch, etc…
* _______Data Analytics: perform real-time analytics on streams using SQL
* ________Video Streams: monitor real-time video streams for analytics or ML

Amazon Kinesis

What is the below AWS application?

The “event publishers” only sends message to one _____topic
* As many “event subscribers” as we want to listen to the ___topic notifications
* Each subscriber to the topic will get all the messages
* Up to 12,500,000 subscriptions per topic, 100,000 topics limit

Amazon SNS

When migrating to the cloud, instead of re-engineering the application to use SQS and SNS, we can use _____
* ________ is a managed message broker service for RabbitMQ and ActiveMQ

Amazon MQ

What is the difference between Amazon SQS and SNS?

SQS:
* Queue service in AWS
* Multiple Producers, messages are kept up to 14 days
* Multiple Consumers share the read and delete messages when done
* Used to decouple applications in AWS
* SNS:
* Notification service in AWS
* Subscribers: Email, Lambda, SQS, HTTP, Mobile…
* Multiple Subscribers, send all messages to all of them
* No message retention

________ provides metrics for every services in AWS
* Metric is a variable to monitor (CPUUtilization, NetworkIn…)
* Metrics have timestamps

CloudWatch

What service can do the below:

Alarms actions…
* Auto Scaling: increase or decrease EC2 instances “desired” count
* EC2 Actions: stop, terminate, reboot or recover an EC2 instance
* SNS notifications: send a notification into an SNS topic

Cloudwatch Alarms

________ can collect log from:
* Elastic Beanstalk: collection of logs from application
* ECS: collection from containers
* AWS Lambda: collection from function logs
* CloudTrail based on filter

CloudWatch Logs

What service can do the below:

Schedule: Cron jobs (scheduled scripts)
- Event Pattern: Event rules to react to a service doing something
- Trigger Lambda functions, send SQS/SNS messages…

Amazon EventBridge
(formerly CloudWatch Events)

Provides governance, compliance and audit for your AWS Account
* ________is enabled by default!
* Get an history of events / API calls made within your AWS Account by:
* Console
* SDK
* CLI
* AWS Services

CloudTrail

What application is the below:

Debugging in Production, the good old way:
Test locally
Add log statements everywhere
Re-deploy in production
Log formats differ across applications and log analysis is hard.
Debugging: one big monolith “easy”, distributed services “hard”
No common views of your entire architecture

XRay

_______ is An ML-powered service for automated code reviews and application performance recommendations

Amazon CodeGuru

What service is the below:

Identify critical issues, security
vulnerabilities, and hard-to-find bugs
Example: common coding best practices,
resource leaks, security detection, input
validation
Uses Machine Learning and automated
reasoning
Hard-learned lessons across millions of
code reviews on 1000s of open-source
and Amazon repositories
Supports Java and Python
Integrates with GitHub, Bitbucket, and
AWS CodeCommit

Amazon CodeGuru Reviewer

What is the service below:

Helps understand the runtime behavior of your
application
* Example: identify if your application is consuming
excessive CPU capacity on a logging routine
* Features:
* Identify and remove code inefficiencies
* Improve application performance (e.g., reduce CPU
utilization)
* Decrease compute costs
* Provides heap summary (identify which objects using
up memory)
* Anomaly Detection
* Support applications running on AWS or on- premise
* Minimal overhead on application

Amazon CodeGuru Profiler

What service is the below:

Shows all regions, all services
health
Shows historical information
for each day
Has an RSS feed you can
subscribe to

AWS Status - Service Health Dashboard

_____________ provides alerts and remediation
guidance when AWS is experiencing events that may impact you.
* While the Service Health Dashboard displays the general status of AWS services, _________ gives you a personalized
view into the performance and availability of the AWS services
underlying your AWS resources.
* The dashboard displays relevant and timely information to help you manage events in progress and provides proactive notification to help you plan for scheduled activities.

AWS Personal Health Dashboard

_________ private network to deploy your resources
(regional resource)

VPC -Virtual Private Cloud:

______ allow you to partition your network inside your VPC
(Availability Zone resource)

Subnets

A _________ is a subnet that is
accessible from the internet

public subnet

A _______ is a subnet that is not
accessible from the internet

private subnet

__________ helps our VPC
instances connect with the internet

Internet Gateways

A firewall which controls traffic from and to subnet
Can have ALLOW and DENY rules
Are attached at the Subnet level
Rules only include IP addresses

NACL (Network ACL)

A firewall that controls traffic to and from an
ENI / an EC2 Instance
* Can have only ALLOW rules
* Rules include IP addresses and other security
groups

Security Groups

__________ protects against DDOS attack for your website
and applications, for all customers at no additional costs

AWS Shield Standard

__________ is 24/7 premium DDoS protection

AWS Shield Advanced:

Protects your web applications from common web exploits (Layer 7)
* Layer 7 is HTTP (vs Layer 4 is TCP)
* Deploy on Application Load Balancer, API Gateway, CloudFront

AWS WAF – Web Application Firewall

data stored or archived on a device
* On a hard disk, on a RDS instance, in S3 Glacier Deep Archive, etc.

Data at Rest

data being moved from one location to another
* Transfer from on-premises to AWS, EC2 to DynamoDB, etc.
* Means data transferred on the network

Data in transit

AWS manages the encryption keys for us
* Encryption Opt-in:
* EBS volumes: encrypt volumes
* S3 buckets: Server-side encryption of objects
* Redshift database: encryption of data
* RDS database: encryption of data
* EFS drives: encryption of data
* Encryption Automatically enabled:
* CloudTrail Logs
* S3 Glacier
* Storage Gateway

AWS KMS (Key Management Service)

_______ => AWS provisions
encryption hardware
* Dedicated Hardware
* You manage your own encryption
keys entirely (not AWS)
* HSM device is tamper resistant, FIPS
140
-2 Level 3 compliance

CloudHSM

What type of master key is the below:
Create, manage and used by the customer, can enable or disable
* Possibility of rotation policy (new key generated every year, old key preserved)
* Possibility to bring-your-own-key

Customer Managed CMK:

What type of master key is the below:
Created, managed and used on the customer’s behalf by AWS
* Used by AWS services (aws/s3, aws/ebs, aws/redshift)

AWS managed CMK:

What type of master key is the below:

Collection of CMKs that an AWS service owns and manages to use in multiple accounts
AWS can use those to protect resources in your account (but you can’t view the keys)

AWS owned CMK:

What type of master key is the below:
Keys generated from your own CloudHSM hardware device
* Cryptographic operations are performed within the CloudHSM cluster

CloudHSM Keys (custom keystore):

What AWS service is the below:

Let’s you easily provision, manage, and deploy
SSL/TLS Certificates
Used to provide in-flight encryption for websites (HTTPS)
Supports both public and private TLS
certificates
Free of charge for public TLS certificates
Automatic TLS certificate renewal
Integrations with (load TLS certificates on)
Elastic Load Balancers
CloudFront Distributions
APIs on API Gateway

AWS Certificate Manager (ACM)

What AWS service is the below:

Newer service, meant for storing secrets
* Capability to force rotation of secrets every X days
* Automate generation of secrets on rotation (uses Lambda)
* Integration with Amazon RDS (MySQL, PostgreSQL, Aurora)
* Secrets are encrypted using KMS
* Mostly meant for RDS integration

AWS Secrets Manager

AWS service?

Portal that provides customers with on-demand access to AWS compliance documentation and AWS agreements
* Artifact Reports - Allows you to download AWS security and compliance
documents from third-party auditors, like AWS ISO certifications, Payment
Card Industry (PCI), and System and Organization Control (SOC) reports
* Artifact Agreements - Allows you to review, accept, and track the status of
AWS agreements such as the Business Associate Addendum (BAA) or the
Health Insurance Portability and Accountability Act (HIPAA) for an individual
account or in your organization
* Can be used to support internal audit or compliance

AWS Artifact

Intelligent Threat discovery to Protect AWS Account
Uses Machine Learning algorithms, anomaly detection, 3rd party data
One click to enable (30 days trial), no need to install software
Input data includes:
CloudTrail Events Logs – unusual API calls, unauthorized deployments
CloudTrail Management Events – create VPC subnet, create trail, …
CloudTrail S3 Data Events – get object, list objects, delete object, …
VPC Flow Logs – unusual internal traffic, unusual IP address
DNS Logs – compromised EC2 instances sending encoded data within DNS queries
Kubernetes Audit Logs – suspicious activities and potential EKS cluster compromises
Can setup CloudWatch Event rules to be notified in case of findings
CloudWatch Events rules can target AWS Lambda or SNS

GuardDuty

What AWS service is the below:

Automated Security Assessments
* For EC2 instances
* Leveraging the AWS System Manager (SSM) agent
* Analyze against unintended network accessibility
* Analyze the running OS against known vulnerabilities
* For Container Images push to Amazon ECR
* Assessment of Container Images as they are pushed
* For Lambda Functions
* Identifies software vulnerabilities in function code and package
dependencies
* Assessment of functions as they are deployed

Amazon Inspector

What does Amazon Inspector evaluate?

Remember: only for EC2 instances, Container Images & Lambda functions

Helps with auditing and recording compliance of your AWS resources
Helps record configurations and changes over time
Possibility of storing the configuration data into S3 (analyzed by Athena)
Questions that can be solved by AWS Config:
Is there unrestricted SSH access to my security groups?
Do my buckets have any public access?
How has my ALB configuration changed over time?
You can receive alerts (SNS notifications) for any changes

AWS Config

__________ is a fully managed data security and data privacy service
that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
* _______helps identify and alert you to sensitive data, such as personally

Amazon Macie

Central security tool to manage security across several AWS accounts and
automate security checks
* Integrated dashboards showing current security and compliance status to quickly
take actions
* Automatically aggregates alerts in predefined or personal findings formats from
various AWS services & AWS partner tools:
* GuardDuty
* Inspector
* Macie
* IAM Access Analyzer
* AWS Systems Manager
* AWS Firewall Manager
* AWS Partner Network Solutions

AWS Security Hub

GuardDuty, Macie, and Security Hub are used to identify potential
security issues, or findings
* Sometimes security findings require deeper analysis to isolate the root
cause and take action – it’s a complex process
* ____________ analyzes, investigates, and quickly identifies the root
cause of security issues or suspicious activities (using ML and graphs)
* Automatically collects and processes events from VPC Flow Logs,
CloudTrail, GuardDuty and create a unified view
* Produces visualizations with details and context to get to the root cause

Amazon Detective

Find objects, people, text, scenes in images and videos using ML
* Facial analysis and facial search to do user verification, people counting
* Create a database of “familiar faces” or compare against celebrities
* Use cases:
* Labeling
* Content Moderation
* Text Detection
* Face Detection and Analysis (gender, age range, emotions…)
* Face Search and Verification
* Celebrity Recognition
* Pathing (ex: for sports game analysis

Amazon Rekognition

Automatically convert speech to text
* Uses a deep learning process called automatic speech recognition (ASR) to convert speech to text quickly and accurately
* Automatically remove Personally Identifiable Information (PII) using Redaction
* Supports Automatic Language Identification for multi-lingual audio
* Use cases:
* transcribe customer service calls
* automate closed captioning and subtitling
* generate metadata for media assets to create a fully searchable archive

Amazon Transcribe

turnn text into lifelike speech using deep learning * Allowing you to create applications that talk

amazon polly

Natural and accurate language translation
Amazon Translate allows you to localize content - such as websites and
applications - for international users, and to easily translate large
volumes of text efficiently

Amazon Translate

(same technology that powers Alexa)
* Automatic Speech Recognition (ASR) to convert speech to text
* Natural Language Understanding to recognize the intent of text, callers
* Helps build chatbots, call center bots

Amazon Lex

Receive calls, create contact flows, cloud-based virtual contact center
* Can integrate with other CRM systems or AWS
* No upfront payments, 80% cheaper than traditional contact center solutions

Amazon connect

For Natural Language Processing – NLP
* Fully managed and serverless service
* Uses machine learning to find insights and relationships in text
* Language of the text
* Extracts key phrases, places, people, brands, or events
* Understands how positive or negative the text is
* Analyzes text using tokenization and parts of speech
* Automatically organizes a collection of text files by topic
* Sample use cases:
* analyze customer interactions (emails) to find what leads to a positive or negative experience
* Create and groups articles by topics that Comprehend will uncover

Amazon Comprehend

Fully managed service for developers / data scientists to build ML models
Typically, difficult to do all the processes in one place + provision servers
Machine learning process (simplified): predicting your exam score

Sagemaker

Fully managed service that uses ML to deliver highly accurate forecasts
* Example: predict the future sales of a raincoat
* 50% more accurate than looking at the data itself
* Reduce forecasting time from months to hours
* Use cases: Product Demand Planning, Financial Planning, Resource Planning, …

Amazon Forecast

Fully managed document search service powered by Machine Learning
* Extract answers from within a document (text, pdf, HTML, PowerPoint, MS Word, FAQs…)
* Natural language search capabilities
* Learn from user interactions/feedback to promote preferred results (Incremental Learning)
* Ability to manually fine-tune search results (importance of data, freshness, custom, …)

Amazon Kendra

Fully managed ML-service to build apps with real-time personalized recommendations
* Example: personalized product recommendations/re-ranking, customized direct marketing
* Example: User bought gardening tools, provide recommendations on the next one to buy
* Same technology used by Amazon.com
* Integrates into existing websites, applications, SMS, email marketing systems, …
* Implement in days, not months (you don’t need to build, train, and deploy ML solutions)
* Use cases: retail stores, media and entertainment

Amazon personalize

Automatically extracts text, handwriting, and data from any scanned
documents using AI and ML

amazon textract

What AWS Service:

Global service
* Allows to manage multiple AWS accounts
* The main account is the master account

AWS Organizations

What are the benefits of using AWS organizations ?

Consolidated Billing across all accounts - single payment method
Pricing benefits from aggregated usage (volume discount for EC2, S3…)
Pooling of Reserved EC2 instances for optimal savings

SCP (service control policies) areapplied to all the ___________ of the Account, including Root user

Users and Roles

What does consolidated billing enable you with?

Combined Usage – combine the usage across all AWS accounts in the AWS Organization to
share the volume pricing, Reserved Instances and Savings Plans discounts
One Bill – get one bill for all AWS Accounts in the AWS Organization

What AWS Service:

Easy way to set up and govern a secure and compliant multi-account
AWS environment based on best practices
* Benefits:
* Automate the set up of your environment in a few clicks
* Automate ongoing policy management using guardrails
* Detect policy violations and remediate them
* Monitor compliance through an interactive dashboard

AWS Control Tower

How many pricing models does AWS have?

What are the pricing models that AWS offers?

Pay as you go: pay for what you use, remain agile, responsive, meet scale
demands
Save when you reserve: minimize risks, predictably manage budgets, comply
with long-terms requirements
Reservations are available for EC2 Reserved Instances, DynamoDB Reserved
Capacity, ElastiCache Reserved Nodes, RDS Reserved Instance, Redshift Reserved
Nodes
Pay less by using more: volume-based discounts
Pay less as AWS grows

What type of ec2 compute pricing structure is below?

Minimum of 60s * Pay per second (Linux/Windows) or per hour (other)

on demand instances

What type of ec2 compute pricing structure is below?

*Up to 75% discount compared to On-demand on hourly rate
* 1- or 3-years commitment
* All upfront, partial upfront, no upfront

reserved instances

What type of ec2 compute pricing structure is below?

*Up to 90% discount compared to On-demand on hourly rate
* Bid for unused capacity

spot instances

What type of ec2 compute pricing structure is below?
* On-demand
* Reservation for 1 year or 3 years commitment

dedicated host

Whats the difference between the Lambda and ECS pricing structures?

Lambda: * Pay per call * Pay per duration
ECS: * EC2 Launch Type Model: No additional fees, you pay for AWS resources stored and created in your application

What is the storage pricing structure for S3?

Number and size of objects: Price can be tiered (based on volume)
* Number and type of requests
* Data transfer OUT of the S3 region
* S3 Transfer Acceleration
* Lifecycle transitions

What is the storage pricing structure for EBS?

Volume type (based on performance)
* Storage volume in GB per month provisionned
* IOPS: * General Purpose SSD: Included
* Provisioned IOPS SSD: Provisionned amount in IOPS
* Magnetic: Number of requests
* Snapshots:
* Added data cost per GB per month
* Data transfer:
* Outbound data transfer are tiered for volume discounts
* Inbound is free

What is the pricing structure for RDS?

Per hour billing
- Purchase type:
On-demand
Reserved instances (1 or 3 years) with required up-front
Backup Storage: There is no additional charge for backup storage up to
100% of your total database storage for a region.
Data transfer: * Outbound data transfer are tiered for volume discounts * Inbound is free

True or false:
Use Private IP
instead of Public
IP for good
savings and
better network
performance

true

What type of billing plan is this

mmit a certain $ amount per hour for 1 or 3 years * Easiest way to setup long-term commitments on AWS

Savings plan

EC2 Savings Plan * Up to 72% discount compared to On-Demand * Commit to usage of individual instance families in a region (e.g. C5 or M5) * Regardless of AZ, size (m5.xl to m5.4xl), OS (Linux/Windows) or tenancy * All upfront, partial upfront, no upfront * Compute Savings Plan * Up to 66% discount compared to On-Demand * Regardless of Family, Region, size, OS, tenancy, compute options * Compute Options: EC2, Fargate, Lamb

What tool is the below:

Reduce costs and improve performance by recommending optimal AWS resources for your
workloads
* Helps you choose optimal configurations and right
- size your workloads (over/under provisioned)
* Uses Machine Learning to analyze your resources’
configurations and their utilization CloudWatch
metrics
* Supported resources * EC2 instances * EC2 Auto Scaling Groups * EBS volumes * Lambda functions * Lower your costs by up to 25% * Recommendations can be exported to S3

AWS Compute optimizer

What billing or costing tool is the below:

Estimate the cost for your solution architecture

AWS Pricing Calculator

Use ___________ to track your AWS costs on a detailed level
AWS generated tags
Automatically applied to the resource you create
Starts with Prefix aws: (e.g. aws: createdBy)
User-defined tags
Defined by the user
Starts with Prefix user:

cost allocation tags

What tool:

Dive deeper into your AWS costs and usage
* The ___________contains the most comprehensive set of AWS cost and usage data available, including additional metadata
about AWS services, pricing, and reservations (e.g., Amazon EC2 Reserved Instances (RIs)).
* The ___________ lists AWS usage for each service
category used by an account and its IAM users in hourly or daily line
items, as well as any tags that you have activated for cost allocation
purposes

AWS Cost & Usage Report

What tool:

Visualize, understand, and manage your AWS costs and usage over time
Create custom reports that analyze cost and usage data.
Analyze your data at a high level: total costs and usage across all accounts
Or Monthly, hourly, resource level granularity
Choose an optimal Savings Plan (to lower prices on your bill)
Forecast usage up to 12 months based on previous usage

Cost explorer

What tool:

Create budget and send alarms when costs exceeds the budget

AWS Budgets

What tool:

No need to install anything
– high level
AWS account assessment
* Analyze your AWS accounts and provides
recommendation on 5 categories
* Cost optimization * Performance * Security * Fault tolerance * Service limits

AWS Trusted Advisor

What type of aws support plan is this:

Customer Service & Communities - 24x7 access to customer service,
documentation, whitepapers, and support forums.
* AWS Trusted Advisor - Access to the 7 core Trusted Advisor checks and
guidance to provision your resources following best practices to
increase performance and improve security.
* AWS Personal Health Dashboard - A personalized view of the health of
AWS services, and alerts when your resources are impacted

Basic Support Plan

What type of support plan is this:

All Basic Support Plan +
* Business hours email access to Cloud Support Associates
* Unlimited cases / 1 primary contact
* Case severity / response times:
* General guidance: < 24 business hours
* System impaired: < 12 business hours

AWS Developer Support Plan

What type of AWS Support plan is this:

Intended to be used if you have production workloads
* Trusted Advisor – Full set of checks + API access
* 24x7 phone, email, and chat access to Cloud Support Engineers
* Unlimited cases / unlimited contacts
* Access to Infrastructure Event Management for additional fee.
* Case severity / response times:
* General guidance: < 24 business hours
* System impaired: < 12 business hours
* Production system impaired: < 4 hours
* Production system down: < 1 hour

AWS Business Support Plan (24/7)

What type of AWS Support plan is this:

Intended to be used if you have production or business critical workloads
* All of Business Support Plan +
* Access to a pool of Technical Account Managers (TAM)
* Concierge Support Team (for billing and account best practices)
* Infrastructure Event Management, Well-Architected & Operations Reviews
* Case severity / response times:
* …
* Production system impaired: < 4 hours
* Production system down: < 1 hour
* Business-critical system down: < 30 minutes

AWS Enterprise On Ramp support plan (24/7)

What type of support plan:

Intended to be used if you have mission critical workloads
* All of Business Support Plan +
* Access to a designated Technical Account Manager (TAM)
* Concierge Support Team (for billing and account best practices)
* Infrastructure Event Management, Well-Architected & Operations Reviews
* Case severity / response times:
* …
* Production system impaired: < 4 hours
* Production system down: < 1 hour
* Business-critical system down: < 15 minutes

AWS Enterprise Support Plan (24/7)

What AWS identify service is the below:

Enables you to create temporary, limited- privileges credentials to access your AWS
resources
* Short-term credentials: you configure
expiration period
* Use cases
* Identity federation: manage user identities in
external systems, and provide them with STS
tokens to access AWS resources
* IAM Roles for cross/same account access
* IAM Roles for Amazon EC2: provide temporary
credentials for EC2 instances to access AWS
resources

AWS STS

What is the AWS Identity service below:

Identity for your Web and Mobile applications users (potentially millions)
Instead of creating them an IAM user, you create a user in Cognito

Amazon cognito

What AWS Directory Service is the below:

Create your own AD in AWS, manage users
locally, supports MFA
* Establish “trust” connections with your on-

AWS Managed Microsoft AD

What AWS Directory Service is the below:

Directory Gateway (proxy) to redirect to on- premise AD, supports MFA
* Users are managed on the on-premise AD

AD Connector

What AWS Directory Service is the below:

AD-compatible managed directory on AWS
* Cannot be joined with on-premise AD

Simple AD

What are the six pillars of the Well Architected Framework ?

1) Operational Excellence
2) Security
3) Reliability
4) Performance Efficiency
5) Cost Optimization
6) Sustainability

What pillar of the well architected framework is below:

Includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures

Operational excellence

What pillar of the well architected framework is below:

Includes the ability to protect information, systems, and assets while delivering
business value through risk assessments and mitigation strategies

Security

What pillar of the well architected framework is below:

Ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues

Reliability

What pillar of the well architected framework is below:

Includes the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes
and technologies evolve

Performance Efficiency

What pillar of the well architected framework is below:

Includes the ability to run systems to deliver business value at the lowest
price point

Cost optimization

What pillar of the well architected framework is below:

The __________ pillar focuses on minimizing the environmental impacts of running
cloud workloads.

sustainability