Summary Flashcards
Receive alerts when the reservation utilization falls
AWS Budgets
Amazon S3 vs EFS
S3 does not support file append like EFS
AWS Neptune
Build and run graph applications
Support Plans
Developer Business Enterprise-on-ramp Enterprise
<12 hrs < 1hr <30 mins <15 mins
- TAMs 1 TAM
Business 24/7 24/7 24/7
hours email
access
- AWS Sup API AWS Sup API AWS Sup API
Incident detection for
additional fee
AWS Managed Srvs AWS Managed Srvs
for additional fee for additional fee
re:Post:Private re:Post:Private
for additional fee for additional fee
Access to Access to architectural
architectural reviews
reviews
MFA devices
- U2F security key - Plug into a USB port on your computer. Authenticated by tapping the device instead of manually entering a code
- Virtual Multi-Factor Authentication (AWS MFA) device - Software app that runs on a phone or other device and emulates a physical device. Authenticated by typing a valid code from the device
- Hardware Multi-Factor Authentication (AWS MFA) device - Hardware device that generates a six-digit numeric code. Authenticated by typing a valid code from the device
- SMS text message-based Multi-Factor Authentication (AWS MFA) - IAM user settings include the phone number of the user’s SMS-compatible mobile device. Authenticated by OTP
Disaster Recovery Plans
Automated backups - Same region (Recovery Time Objective is lowest)
Manual snapshots - Cross region (Recovery Point Objective is lowest)
Read replicas - Cross region
Amazon EC2 instance user data and metadata
Bootstrap script or configuration parameters while launching your instance
Metadata is data about your instance that you can use to manage the instance
S3 pricing
There are four cost components to consider for S3 pricing –
storage pricing;
request and data retrieval pricing;
data transfer and transfer acceleration pricing;
and data management features pricing.
Under “Data Transfer”, You pay for all bandwidth into and out of Amazon S3, except for the following:
(1) Data transferred in from the internet,
(2) Data transferred out to an Amazon Elastic Compute Cloud (Amazon EC2) instance, when the instance is in the same AWS Region as the S3 bucket,
(3) Data transferred out to Amazon CloudFront (CloudFront).
AWS Web Application Firewall (AWS WAF) lets you monitor the HTTP and HTTPS requests that are forwarded to….
- Application Load Balancer
- Amazon CloudFront
- Amazon API Gateway
Billing alarms
CloudWatch
AWS Shield Advanced provides protection for the following AWS Services
- EC2,
- Elastic Load Balances,
- Amazon CloudFront,
- Amazon Route 53,
- AWS Global Accelerator
Which of the following is available across all AWS Support plans
AWS Health Dashboard – Your account health
Key components of S3 Glacier
- Access Policy
- Archive
- Vault
Routing algorithm for ALB
ALB selects target based on the routing rule then selects node using round robin strategy
The classic ALB using round robin for TCP listners only
Bucket Policies and ACLs wrt to S3
Bucket Policies control access to entire bucket and ACLs to individual object within the bucket
URL structure of S3
https.<bucket>.<S3>/<object></object></S3></bucket>
Amazon Glacier components
Archive, Vault(Groups of archives) and Access Policies(to control access to objects within archive and vaults)
Database migration services
Can migrate to and from AWS and on-premise
Can migrate from EC2 to RDS
Can migrate to Redshift and DynamoDB
VPC Peering some facts
It can happen across regions and between different AWS accounts
It also used to store data for fault tolerance, DR and redundnacy
Traffic between different regions is encrypted by default but not encrypted by defualt within same region
TCO
Recommendations on resource types based on operational best practices and user inputs
DataSync
Transfer from on-premise to AWS storage services
Between AWS storage services
Between public clouds to AWS storage services
Its for continuous synching vs DMS which is for Database migration only
Athena some facts
Serverless query service
Interactive query service that makes it easy to analyze unstructured, semi-structured, and structured data stored in Amazon S3 directly in Amazon Simple Storage Service (Amazon S3) using standard SQL
Compatible with CSV, JSON, AVRO or columnar data formats such as Apache Parquet and Apache ORC,
DynamoDB Backups, who configures and who takes backup?
Customer configures and AWS takes backups
AppSync
Simplify application development with GraphQL APIs by providing a single endpoint to securely query or update data from multiple databases, microservices, and APIs
Consolidate data from multiple databases, APIs, and microservices in a single network call, from a single endpoint, abstracting backend complexity
Amplify
Facilitate the development and deployment of web and mobile applications. Quickly build full-stack applications
AWS Firewall Manager
Simplifies your administration and maintenance tasks across multiple accounts and resources for a variety of protections, including AWS WAF, AWS Shield Advanced, Amazon VPC security groups, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall. It does not work with Network ACLs
Security Hub collects security data across AWS accounts, AWS services, and supported third-party products and helps you analyze your security trends and identify the highest priority security issues
SCPs
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.
Not enabled by default
SCPs offer central control over the maximum available permissions for all accounts in your organization. SCPs help you to ensure your accounts stay within your organization’s access control guidelines
SCPs alone are not sufficient in granting permissions to the accounts in your organization. No permissions are granted by an SCP. An SCP defines a guardrail, or sets limits, on the actions that the account’s administrator can delegate to the IAM users and roles in the affected accounts.
The administrator must still attach identity-based or resource-based policies to IAM users or roles, or to the resources in your accounts to actually grant permissions.
The effective permissions are the logical intersection between what is allowed by the SCP and what is allowed by the IAM and resource-based policies
If an instance store reboots, does the data in the instance persist?
Yes
Which tool lets you visualise and manage your AWS costs?
AWS Cost Explorer
Which AWS service reduces network latency?
CloudFront
Which Amazon S3 storage class has the lowest cost?
S3 Glacier Deep Archive
Which perspective of the AWS Cloud Adoption Framework focuses on minimizing the business risks?
Governance Perspective
Which AWS service helps you build text chatbots?
Amazon Lex
What is Service Quotas in AWS?
Quotas, also referred to as limits in AWS services, are the maximum values for the resources, actions, and items in your AWS account
Scope of VPC
A VPC can span all Availability Zones within an AWS Region
AWS Resource Explorer
Facilitates resource search and discovery within AWS accounts
AWS Knowledge Center
Available through AWS re:Post, offers official articles and videos addressing common questions and requests from AWS customers
Individual Amazon S3 objects range?
0 to 5TB
AWS Tape Gateway
You can use it to directly connect to your tape drive on premise and using AWS Storage Gateway backup the data on Amazon S3 Tape Library w/o any code changes
Securing EC2
- SSH (IP is public and key stored on accessing machine)
- EC2 in private subnet, which talks to bastion host on public subnet which inturn talks to user over internet (key stored on accessing machine)
- Add MFA on access
- SSM (No need of bastion host. EC2 in private subnet with access to internet using NAT or VPC endpoint)
Migration strategies
Rehosting — Otherwise known as “lift-and-shift”
Replatforming — I sometimes call this “lift-tinker-and-shift”
Repurchasing — Moving to a different product
Refactoring / Re-architecting
Retire — Get rid of
Retain — Usually this means “revisit” or do nothing (for now)
Amazon WorkLink
Fully managed service introduced by AWS that facilitates secure, one-click access to internal corporate websites for employees
Secure access from iOS and Android phones to internal websites and web apps, simplifying the user experience with a single-step process
Generates webpage content in the AWS cloud and transfers it to the user’s phone
AWS CloudShell
AWS CloudShell is a browser-based shell that allows users to run scripts with the AWS Command Line Interface (CLI) and experiment with service APIs
AWS Application Composer
Visual designer that you can use to build your serverless applications from multiple AWS services
Amazon Timestream
Time Stream DB for IoT
Amazon S3 Object Lock
Prevent the deletion or overwriting of objects in Amazon S3 for a specified duration or indefinitely
DynamoDB vs DocumentDB
Fully managed Vs gives admin access to users
Less costly Vs More Costly
Does not support MongoDB Vs SupportsMongoDB
NoSQL Vs NoSQL
Key-Value Vs JSON
AWS Compute Optimzer Vs Cost Explorer
Compute Optimizer delivers all recommendations regardless of the cost implications wheres Cost Explorer recommends pertaining to cost only
AWS OpsWork Vs AWS OpsHub Vs AWS Opscenter Vs AWS Workspace
Configuration management service for cloud enterprises, utilizing Puppet or Chef for application configuration and operation
Vs
Unified view and automates operational tasks on AWS Snow Family devices
Vs
Capability of AWS systems manager for configuration management of aws resources like firewall settings, anti virus settings, patch update, etc
Vs
Virtual desktop service
AWS Glue Vs AWS Macie Vs AWS Neptune
ETL
Vs
PII
Vs
Database service powering graph
AWS Service Catalog Vs AWS Config
Create and manage catalogs of IT services that are approved for AWS
Vs
Assessing, auditing, and evaluating the configurations and relationships of resources
Amazon MQ Vs AWS SQS
Set up and operate message brokers on AWS Vs message queue(Storing messages as they travel between computers)
Network ACL Vs Security Group
Stateless(Separate rules for inbound and outbound Traffic) Vs Statefull(If allowed inbound, outbound is automatically allowed)
Allow/Deny Vs Allow
Subnet Vs EC2
Which CAF perspective covers Benefit Management?
Governance
Which CAF perspective covers Risk Management?
Governance
