New notes Flashcards
What is the scope of a Virtual Private Cloud (VPC)?
Regional
VPCs are regional. You create VPCs in each region separately.
At which level do you attach an Internet gateway?
VPC
Internet Gateways are attached to the VPC. You then need to add entries to the route tables for your public subnets to point to the IGW.
AWS Outposts
An Outpost is a pool of AWS compute and storage capacity deployed at a customer site, e.g. EC2 instances
AWS operates, monitors, and manages this capacity as part of an AWS Region. You can create subnets on your Outpost and specify them when you create AWS resources such as EC2 instances, EBS volumes, ECS clusters, and RDS instances.
RAID 0 vs RAID 1 (on EBS)
RAID 0 = used for performance (splits data across volumes, but if one fails then whole thing fails)
RIAD 1 = fault tolerance/failover (mirrors data)
GaurdDuty vs Inspector vs Macie
Inspector = Scanning for potential vulnerabilities
Guard Duty = Scanning for active intrusion attempts
Macie = identify and alert on sensative data such as PII (Personally Identifiable Information)
VPC overview - part 1
VPC Peering
- Connect two or more VPC’s using AWS network (not transitive) over IPv4 or IPv6
- Private connection
VPC Endpoints
- Allows access from your VPC to AWS services (e.g. S3, DynamoDB)
- Private connection
Direct Connect (DX)
- connect VPC to customer data center (over IPv4 and IPv6)
- consistent network experience
- private connection
Direct Connect Gateway
- connect one customer data center to multiple VPC on AWS
AWS Site-to-Site VPN
- Connects customer data center to AWS VPC
- private encrypted connection
VPC overview - part 2
Egress-only Internet Gateway
- allows outbound only connection to your VPC (private subnet) to the internet (IPv6 only)
- public network
AWS VPN CloudHub
- Connect multiple VPC’s to multiple Customer data centers
- public network
Transit Gateway
- Connecting multiple VPC services together (spoke and hub) and is transitive
- public network
Internet Gateway
-
SQS Visbility Timeout
SQS Visibility Timeout is a period of time during which Amazon SQS prevents other consumers from receiving and processing the message again.
In Visibility Timeout, a message is hidden only after it is consumed from the queue. Increasing the Visibility Timeout gives more time to the consumer to process the message and prevent duplicate reading of the message. (default: 30 sec., min.: 0 sec., max.: 12 hours)
AWS App Runner
Similar to Beanstalk, but for containerised web apps
Security Groups and NACL operate at which level?
Security Group = EC2 instance level
Network Access Control List (NACL) = subnet level
Security Groups
Security groups are stateful, meaning if traffic can go out, then it can go back in.
Security Group = stateful (return traffic is automatcially allowed)
NACL = stateless (return traffic must be explicitily allowed by the rules)
Bastion Hosts
Bastion hosts should be deployed in a public subnet
AWS Fargate
AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes (EKS).
Amazon EBS root device volumes
By default, Amazon EBS root device volumes are automatically deleted when the instance terminates.
You can preserve the volume by setting the value of DeleteOnTermination attribute of the EBS volumes to False.
S3 Glacier retrival
Expedited retrievals allow you to quickly access your data when occasional urgent requests for a subset of archives are required. For all but the largest archives (250 MB+), data accessed using Expedited retrievals are typically made available within 1–5 minutes. Provisioned Capacity ensures that retrieval capacity for Expedited retrievals is available when you need it.
To make an Expedited, Standard, or Bulk retrieval, set the Tier parameter in the Initiate Job (POST jobs) REST API request to the option you want, or the equivalent in the AWS CLI or AWS SDKs. If you have purchased provisioned capacity, then all expedited retrievals are automatically served through your provisioned capacity.
Provisioned capacity ensures that your retrieval capacity for expedited retrievals is available when you need it. Each unit of capacity provides that at least three expedited retrievals can be performed every five minutes and provides up to 150 MB/s of retrieval throughput. You should purchase provisioned retrieval capacity if your workload requires highly reliable and predictable access to a subset of your data in minutes. Without provisioned capacity Expedited retrievals are accepted, except for rare situations of unusually high demand. However, if you require access to Expedited retrievals under all circumstances, you must purchase provisioned retrieval capacity.