Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS - Solutions Architect Associate (SAA-C02) > Section - Governance > Flashcards

Section - Governance Flashcards

1
Q

What is Organizations?

A
  • AWS Organizations is free governance tool that allows you to create and manage multiple AWS accounts.
  • You can control your accounts from a single location rather than jumping from account to account.
  • Features:
    • Logging Accounts
      • It’s best practice to create a specific account dedicated to logging. CloudTrail supports logs aggregation
    • Programmatic Creation
      • Easily create and new destroy accounts (API available)
    • Rerserved Instances
      • RIs can be shared across accounts (This feature can be turned off)
    • Consolidated Billing
      • The primary account pays the bills
    • Service Control Policies
      • SCPs can limit user’s permissions
      • They never give permissions but rather they take away permissions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Exam Tips: Logs and SCPs

A
  • You will be given scenario about wanting to ensure logs are centralized and no one can edit or delete them
  • When these come up, make sure to select a solution that uses Organizations to centrilize your logs and SCPs to restrict anyone from making changes to them.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is AWS RAM?

A
  • AWS Resource Access Manager (RAM) is a free service that allows you to share AWS resources with other accounts and within your organization.
  • AWS RAM allows you to easily share resources rather than having to create duplicate copies in your different accounts.
  • What can be shared using AWS RAM?
    • Transit gateways
    • License manager
    • VPC subnets
    • Dedicated hosts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Exam Tips: RAM vs. VPC Peering

A
  • When should you use VPC Peering or RAM?
  • Are you sharing resources within the same region? use RAM
  • Are you sharing across regions? Use VPC Peering
  • if RAM isn’t available and VPC Peering is, that’s still great option.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cross-Account Role Access?

A
  • As the number of AWS accounts you manage increases, you’ll need to set up cross-account access.
  • Duplicating AIM accounts creates security vulnerability.
  • Cross-account role access gives you the ability to set up temporary access you can easily control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Exam Tip: Cross-Account Role Access

A
  • It is preferred to create cross-account roles rather additional IAM roles.
  • Any temporary employees get role access, and it’s it. NO Permanent credentials.
  • Role assumption is temporary. You can’t permanently assume a role.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Config?

A
  • Config is an inventory management and control tool.
  • it allows you to show the history of your infrastructure along with creating rules to make it conforms to the best practices you’ve laid out.
  • Features:
    • Query:
      • You can easily discover what architecture you have in your account.
      • You can query by resource type, tag and even see deleted infrastructure.
    • Enforce:
      • Rules can be created to flag when something is going wrong.
      • Whenever a rule is violated, you can be alerted or even have it automatically fixed.
    • Learn:
      • What is the history of your environment?
      • when did something change?
      • who made the call?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Exam Tips: Config

A
  • Config = Standards
  • Use Config to ensure your S3 buckets aren’t publicly readable or your users are using the approved AMI in their EC2 instances.
  • Standards
    • Config is the best way to check what standards are applied to your architecture.
  • Deleted Resources
    • You can track previously deleted AWS resources using config
  • Enforcement
    • You can use automation documents or lambda to enforce your standards
  • Consolidation
    • You can roll up your results to a single region
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Directory Service?

A
  • AWS Directory Service is fully managed version of Active Directory.
  • It allows you to offload the painful parts of keeping AD online to AWS while still giving the full control and flexibility AD providers
  • Available Types:
    • Managed Microsoft AD
      • This is the AD suite, you can easily build out AD in AWS.
    • AD Connector
      • Creates a tunnel between AWS and your on-premises AD
    • Simple AD
      • Standalone directory powered by Linux Samba Active Directory-compatible server.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Cost Explorer?

A
  • AWS Cost Explorer is an easy-to-use tool that allows you to visualize your cloud costs.
  • You can generate reports based on a variety of factors, including resource tags.
  • Features:
    • Easily break down costs on a service-by-service basis.
    • Whats was yourt bill last month? how about next month? the last two years?
    • Where us the spend coming from? Filter on tag, categories, etc..
  • Tags are one of the most important ways to track your spend.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is AWS Budgets?

A
  • AWS Budgets allows organizations to easily plan and set expectations around cloud costs.
  • You can easily track your ongoing spend and create alerts to let users know when they’re close to exceeding the allotted spend.
  • 4 Types of budgets
    • Cost Budgets
      • How much are we spending
    • Usage Budgets
      • How much are we using
    • Reservation Budgets
      • Are we being efficient with our RIs?
    • Saving Plans Budgets
      • Is what we’re doing covered by our savings plan?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is AWS Trusted Advisor?

A
  • AWS Trusted Advisor is a fully managed best-pratice auditing tool.
  • It will scan 5 different parts of your account and look for places where you could improve your adoption of the recommended best practices provided by AWS.
  • 5 Questions Trusted Advisor Asks:
    • Cost Optimization
      • Are you spending money on resources that aren’t needed?
    • Performance
      • Are your services configured properly?
    • Security
      • Is your AWS architecture full of vulnerabilities
    • Fault Tolerance
      • Are you protected when something fails?
    • Service Limits
      • Do you have room to scale?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Exam Tips: Trusted Advisor

A
  • Automate a Response
  • Focus on answers that have automation component.
  • It doesn’t have to fix the issue, but it should at least alert users that something is potentially wrong.
  • Alerts:
    • Something wrong? tell someone! Use SNS to let users know.
  • Cost
    • To get the most useful checks you’ll need a business or enterprise support plan.
  • Limits
    • Trusted Advisor will not fix the problems for you …automate it ..e.g. Lambda
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS - Solutions Architect Associate (SAA-C02) (20 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions