Practice 3 Flashcards
(34 cards)
AWS AppSync
> simplifies application development by letting you create a flexible API to securely access, manipulate, and combine data from one or more data sources.
managed service that uses GraphQL to make it easy for applications to get exactly the data they need.
workflow in SWF
defines all the activities in the workflow.
purpose of a decision task
tells the decider the state of the workflow execution
activity task
tells the worker to perform a function
SWF task
represents a single task in the workflow
Kinesis data stream stores records from(duration)
24 hours by defaultto a maximum of 168 hours.
Server-Side Encryption
You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects
Client-Side Encryption
You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.
2 Client-Side Encryptions
- Client-Side Encryption with AWS KMS–Managed Customer Master Key (CMK)
- Client-Side Encryption Using a Client-Side Master Key
CloudFront Origin Access Identity
feature which ensures that only CloudFront can serve S3 content
Glacier retrieval options
- Standard - 3 - 5 hours
- Expedited - 1 - 5 mins
- Bulk - 5 - 12 hours
Glacier Select
you can run queries and custom analytics on your data that is stored in Glacier, without having to restore your data to a hotter tier like Amazon S3
Glacier Provisioned Capacity
> ensures that your retrieval capacity for expedited retrievals is available when you need it.
Each unit of capacity provides that at least three expedited retrievals can be performed every five minutes and provides up to 150 MB/s of retrieval throughput.
Why purchase Glacier Provisioned Capacity
You should purchase provisioned retrieval capacity if your workload requires highly reliable and predictable access to a subset of your data in minutes
Ranged Archive Retrievals
retrieve an archive from Glacier, you can optionally specify a range, or portion, of the archive to retrieve:
> Manage your data downloads
> Retrieve a targeted part of a large archive
Amazon S3 now provides increased performance to support at least ? requests per second to add data and ? requests per second to retrieve data
at least 3,500 requests per second to add data and 5,500 requests per second to retrieve data
Lambda automatically monitors functions on your behalf and reports metrics through Amazon CloudWatch:
- Duration – The average, minimum, and maximum execution times.
- Invocations – The number of times that the function was invoked in each 5-minute period.
- Error count and success rate (%) – The number of errors and the percentage of executions that completed without error.
- DeadLetterErrors – The number of events that Lambda attempted to write to a dead-letter queue, but failed.
- IteratorAge – For stream event sources, the age of the last item in the batch when Lambda received it and invoked the function.
- Throttles – The number of times that execution failed due to concurrency limits.
The following VPC peering connection configurations are not supported.
- Overlapping CIDR Blocks
- Transitive Peering
- Edge to Edge Routing Through a Gateway or Private Connection
Therevoke-security-group-ingresscommand
removes one or more ingress rules from a security group
revoke-security-group-egress
Removes one or more egress rules from a security group
When connecting to your EC2 instance via SSH, you need to ensure that
port 22 is allowed on the security group of your EC2 instance.
Network ACL is much suitable to control the traffic that goes in and out of your entire VPC and not just on one EC2 instance.- T or F
true
You can modify a launch configuration after creating it - T or F
false; you can’t modify
When you create a launch configuration, you specify information for the instances such as the:
- block device mapping.
- Amazon Machine Image (AMI) ID
- key pair,
- instance type,
- Security groups
