Technology Flashcards
How is the AWS global infrastructure organised?
Regions, Availability Zones and Edge locations
What is a region?
Physical geographical area consisting of 2 or more AZs
What is an availability zone?
One or more discrete data center with own redundant power, networking and connectivity, housed in separate facilities.
What is an edge location?
Endpoints for AWS used for caching content (typically CloudFront, AWS’s CDN). There are more edge locations than regions
Explain how an edge location works
If someone in London is trying to access a file stored in New York, it will query the edge location. As this is the first time, it will download it from NY. It will be cached here for TTL, meaning the next time someone needs it it will be much quicker
How do you choose which AWS region to select?
1) Data sovereignity laws: data may only be able to reside in certain countries
2) Latency to end user: where are the majority of your customers based?
3) AWS services: US East 1 has the most services, and other regions may be slower to gain access to services
What is the use case for developer support plan?
Experimenting with AWS
What is the use case for business support plan?
Production use of AWS
What is the use case for enterprise support plan?
Mission critical use of AWS
What is special about the enterprise support plan?
Receive a TAM (technical Account Manager). This is 1-1 with an account, and provides proactive guidance and best practices to help plan, develop and run your AWS solution, a support concierge who provides billing and account analysis and supports product launches and promotions
What is a billing alarm?
Sends a notification (SNS) whenever your bill goes over a certain amount. Important, as in the free tier whilst a lot is free, some services are not. Located in CloudWatch
How can you get automatic notifications if your account goes over £1000?
Set up a Billing Alarm in CloudWatch and set an SNS topic to email whenever you go over a threshold
What is IAM
Identity Access Management is a global service
Allows you to create users, groups and roles and give access to different levels
This is done from a root account
1) Activate MFA on your root account (google authenticator)
2) Create individual IAM users
3) User groups to assign permissions
4) Apply an IAM password policy (e.g. 8 letters, 1 capital)
What are the 3 kinds of access for IAM Users?
1) AWS Management Console: enables a password that allows users to sign into the console
2) Programmatic access using Command Line Interface (CLI): enables an access key ID and secret access key for AWS API, CLI, SDK and other development tools
3) SDK (software development kit)
What are user policies?
Always written in JSON format with key value pairs and version. Outlines permissions the user/group is allowed e.g. Admin Access. These can be copies from an existing user or attached directly
What is a root account?
The email address you use to set up your AWS account. This will always have full admin access to credentials should never be shared, instead create a user for each individual. Always secure the root account using MFA
What is a IAM group?
A place to store your users. These will inherit all permissions given to that group eg. HR, finance, sales
What is S3?
Simple Storage Service
One of the longest AWS services, it provides developers and IT teams with secure, durable and highly scalable object storage with a simple web interface to store and retrieve any amount of data from anywhere
Stores flat files (text, pictures, video).
What do objects consist of?
Key (name of the object) Value (data, made up of bytes) Version ID Metadata Sub resource (access control list and Torrent) Files can be 0 bytes - 5TB Unlimited storage
What are S3 buckets and how are they stored
Files are stored in buckets (folder in the cloud). S3 is a universal namespace, meaning names must be unique globally.
Bucket names make up the DNS: s3.region.amazonaws.com/bucket name
What happens when you upload a file to S3
Receive a HTTP200 code if successful
How does data consistency work for S3?
Read after Write Consistency for PUTS of new objects: if you are writing another file (PUTTING it into S3) and read i immediately after, it will be available)
Eventual Consistency for overwrite PUTS and DELETES: if you update/delete an existing file and read it immediately, you may get an older version or may get new version. Takes time to propagate
What is the different between object based storage and block based storage
Object based storage (S3) allows you to upload flat files that don’t change. EBS allows you to install an OS or DB
What guarantees do Amazon offer for S3?
1) Built for 99.99% availability
2) 99.999999999 (11 9s) durability meaning you wont lose access to the file
What are the features of S3?
1) Tiered storage available
2) Lifecycle Management(manage which storage tier it goes to over time)
3) Versionining (if overwritten without authorization, can restore)
4) Encryption
5) Secure data using Access Control Lists and Bucket Policies, or via IAM policies
What is an Access Control List
Access restricted to an individual object
What is a Bucket Policy
Policy of permissions work across all objects within a bucket
What are the 6 S3 Storage classes
1) S3 standard
2) S3 Infrequently Accessed
3) S3 1 Zone IA
4) S3 Intelligent Tiering
5) S3 Glacier
6) S3 Glacier Deep Archive
What is S3 Standard storage class
Stored redundantly, access via multiple devices in multiple facilities and designed to sustain the loss of 2 facilities concurrently
99.99% availability, 11 9’s durability
What is S3 IA
For data that is accessed less frequently, but requires rapid access when needed. Lower fee than S3 but are charged a retrieval fee
What is S3 One Zone IA
For where you want a really low cost option for IA data, but do not require multi-AZ resilience
What is S3 intelligent tiering?
Designed to optimize costs by automatically moving data to the most effective access tier, without performance impact or operational overhead
What is S3 Glacier?
Secure, durable and low-cost storage class for data archiving. You can reliably store any amount of data that is competitive/cheaper than on-prem solutions. Retrieval times configurable from hours to minutes
What is S3 Glacier Deep Archive
Amazon S3 slowest cost storage. Retrieval time of 12 hours
Which S3 classes charge a retrieval fee per GB retrieved?
S3 IA, S3 One Zone IA, S3 Glacier, S3 Glacier Deep Archive
Which S3 classes have a minimum capacity charge per object
S3 IA, S3 One Zone IA, S3 Glacier, S3 Glacier Deep Archive
How are you charged for S3?
1) Storage (per GB)
2) Number of requests
3) Storage Management pricing
4) Data transfer pricing
5) S3 transfer acceleration
6) Cross region replication
What is S3 transfer acceleration?
Enables fast, easy and secure transfer of files over long distances between users and S3 buckets. Takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path. Used for performance
In other words, users want to upload file to bucket hosted in London. If you have enabled Transfer acceleration, users will upload the buckets to edge location nearest to them. Edge location uses Amazons super fast network to upload this to the S3 bucket over their own internal network (not traversing the general internet). Can run a check to see how much quicker this would be (normally faster % if further away)
What is cross region replication?
Files are automatically replicated to another bucket in another region for disaster recover
Is S3 global or regional
Buckets can be viewed globally but are created in a region
What are the 3 ways to restrict bucket access
1) Bucket Policy
2) Access control List (object policy)
3) IAM policies to users and groups
True or False: S3 is serverless?
True
How do you create an S3 website?
Create a bucket and upload index.html and error.html file. Receive HTTP200 message.Ensure permissions are public. Enter into bucket properties and allow static web hosting and select index and error documents. Locate bucket policy and enter a policy. Update bucket name with ARN and access static website via the link
Which websites cannot be hosted on S3?
Websites that require DB connects (e.g. wordpress)
What is CloudFront?
Amazon’s Content Deliver Network: A system/network of distributed servers that deliver webpages and web content to a user based on the geographic location of the user, origin of the webpage and content delivery server. Can be used to deliver entire websites, including dynamic, static, streaming and interactive content. Requests for content are automatically routed to the nearest edge location to improve performance.
Explain the difference between accessing web content with and without CDN
Without: User from Australia trying to access video stored on London Server. They connect to London and download, which can take a long time depending on connection speeds
With: User from Australia trying to access video stored on London Server. First, they query and edge location for a copy of the file. As this is the first time, this will connect to the origin and download, where it is stored and streamed to the user. The second time the edge location is queried, this is cached and can be downloaded from the edge location
A file is cached for a length of time determined by the TTL (given in seconds). Typically 48 hours.
What does edge locations, origin and distribution mean in the context of CloudFront
Edge Location: Location where content is cached
Origin: origin of all the files a CDN will istribute (S3, EC2, ALB or route 53)
Distribution: Name given to CDN which consists of a collection of edge locations
What are the two distribution types
Web distribution: for websites
RTMP: Used for media streaming (Adobe flash). Not commonly used anymore
True or False: Edge locations are read and write
True: you can put and object to edge locations to be uploaded as well as download from them
Can you clear cached objects from edge location?
Yes, but you will be charged
What is EC2
Elastic Cloud Compute. One of the older services, it is a virtual server/s in the cloud and is compute based (not serverless). It is a web service that provides resizable compute capacity in the cloud, reducing the time required to obtain and boot new server instances to minutes, allowing you to scale as requirements change
What are the 4 EC2 pricing models?
1) On demand
2) Reserved
3) Spot
4) Dedicated hosts
What is EC2: on demand pricing model and use case?
Pay fixed rate by hour/second with no commitment
Use case: Users wanting low cost and flexibility without up-front payments and commitment, apps with short term unpredictable workloads that cant be interrupted, or applications being developed/tested for the first time
What is EC2: reserved pricing model and use case?
Provides you with capacity reservation and offer a significant discount. Contracts terms are 1-3 year. Pay less for longer contracts and upfront
Use case: Apps with steady state/predictable usage, applications that require reserved capacity or users able to make upfront payments to reduce costs further
What are the 3 reserved pricing types?
1) Standard reserved instances: offer 75% off on demand instances. May more up front = greater discount
2) Convertible reserved instances: offer 54% off on demand instances. Ability to cange attributes of the RI as long as the exchange results in creation of resered instance of equal or greater value
3) Scheduled reserved instance: Available to launch within the time windows you reserve, to match capacity reservation to predictable recurring schedule e.g. 9-10 every day
What is EC2: spot pricing model and use case?
Enables you to bid the price you want for instance capacity, providing cost savings if your applications have flexible start/end times. When the price is above your bid, you lose the server
Use case: applications with a flexible start and end time, users with urgent computing need for large amounts of additional capacity, or apps only feasible at low computer prices e.g. genomics companies do work in the middle of the night
What is EC2: dedicated host pricing model and use case?
Physical EC2 servers dedicated for your use. Help reduce costs by allowing you to use existing server bound software licenses. Can be purchased on demand (hourly) or reserved (70% off)
Use case: useful for regulatory requirements that may not support multi-tenant virtualisation, licensing which does not support multi tenancy or cloud deployments.
What are the different families of EC2 instances?
FIGHTDRMCPXY F - FPGA I - IOPS (storage) G - Graphics H - High Disk Throughput T - Cheap general purpose (think T2) D - Dense storage R - RAM M - Main choice for general purpose C - Compute P - Graphics (pics)/ general purpose X - Extreme memory Z - Extreme memory and CPU
What is Elastic Block Store (EBS)?
Virtual hard-disk that EC2 uses. Allowsyou to create storage volumes and attach them to EC2 instances. Once attached you can create a file system on top of these volumes, run a DB etc. Amazon EBS volumes are placed in a specific AZ where they automatically replicate to protect you from failure
What are the two types of EBS?
1) SSD
a) General Purpose SSD (GP2) - balance price and performance
b) Provisioed IOPS SSD (IO1) - Highest performance SSD volume for mission critical low latency or high throughput workloads
2) Magnetic
a) Throughput optimised HDD (ST1) - low cost HDD (hard disk drive) volume for frequently accessed, throughput intensive workloads (data warehouse)
b) Cold HDD (SC1) Lowest cost HDD volume for less frequently accessed workloads
c) Magnetic - previous generation
True or False: EC2 is a global feature
False - it is regional
Which 3 EBS types can a root EC2 have?
GP2, IO1 or magnetic
Explain the functions of ports
Allow computers to communicate, be restricting which computers can talk to it. To allow all information in, you can soecify 0.0.0.0/0, or you can restrict it to different ports (e.g. port 80). Different types of computers have different ports:
SSH: Port 22
Microsoft: remote desktop protocol port 3389
HTTP: Port 80
HTTPS: Port 443
What is a key pair
When you provision and EC2 instance you get a key pair, which allows you to log in to the instance. This consists of a public and private key. AWS stores the public key and you store the private key, and together they allow you to connect to your instance securely
True or False: EC2 is serverless?
False - it is compute service and is a virtual server in the cloud
What is a security group
Similar to a firewall in the cloud, it can determine which IP addresses can access the server. E.g. create a security group WebDMZ which only allows Port 80 and Port 22 to access, but all IP addresses from this port
Recap: what are the 3 ways you can interact with AWS
1) Console
2) CLI
3) SDKs
How can you apply roles for security with EC2
Create a role in IAM and attach permission policies (e.g. full S3 access), and attached the role to the EC2 instance. This is much more secure than using access key IDs and secret access keys and are easier to manager
When can you apply roles to EC2
At any time, and are applied immediately
True or False: Roles are regional?
False, roles are universal so you don’t need to specify what region they are in, similar to users (IAM is a global service)
Can you turn your EC2 instance into a web server?
Yes, by installing a programme on EC2 (httpd) and uploading an index file, you can visit the EC2 IP address and see a HTML page
What is a Load Balancer
Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Tey are redundant (spread across multiple AZs)
What are the 3 types of Load Balancers?
1) Application Load Balancer: application aware and can see into layer 7 and make intelligent routing decisions
2) Network load balancer: ultra high performance and static IP addresses
3) Classic Load Balancer: Previous generation and slowly being phased out. Used by Test/Dev to keep costs low
How many AZs do you set up your Load Balancer in?
Several (all of them if possible) for fault tolerance
When setting up multiple EC2 instances to load balance, what is key to remember
Set the up in different AZs so if one goes down there is no outage.
What are relational databases (RDS)
Like a traditional spreadsheet, the actual file is the database consisting of table/s. Within each table is a number of rows and columns. If you add a new column, you have to fill this out for each row (i.e. each value has a document for each factor)
Name RDS’s on AWS (6)
1) SQL Server
2) Oracle
3) MySQL server
4) PostgreSQL
5) Aurora
6) MariaDB
What are two key features of RDS
1) Multi AZ for disaster recovery. An EC2 may point at a primary RDS DB, but if this connection is lost it will be pointed to a secondary DB in a secondary AZ. This is done through turning on RDS Multi AZ
2) Read replicas for performance. Replicas of prod DB and direct traffic to read from the replica rather than the Prod to improve performance
You write to the primary DB, which is replicated to the read replica. If the primary database goes down this is not carried over but will be unable to write. Can have several replicas for increased performance
What are non relational Databases
Consists of a collection (like a table)
Inside is a document (like a row)
Within this is a field (key value pairs) e.g. id: 1234
You can add more fields within a document but this wont affect the other documents, meaning one document can have 5 fields and another have 10
Key features:
- Columns in the table can vary, but this will not affect the other rows allowing for more flexibility
Name a non relational database (noSQL)
Dynamo DB
What is OLTP
Online Transaction Processing, performed by RDS
For example, this pulls a row of data depending on a key value and you receive everything in that row (an extract of the data row)
What is OLAP
Online Analytic Processing performed by RedShift
Used for pulling in a large number of records and performing analytics on this. These queries would normally make a huge hit on performance, hence created data warehousing
OLAP example: To understand the net profit for EMEA and pacific digital records, pull all sales, unit cost, sales price and then do calculation
What is data warehousing
Used for business intelligence, it allows you to do complex tasks without impacting the primary database, usually used by management to do queries on data
What is Amazons data warehousing service and how does it differ to DBs
Redshift
Data warehousing DBs have a different type of architecture at both DB and infrastructure layer
What is ElastiCache
Web service that makes it easy to deploy, operate and scale an in-memory cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches instead of relying entirely on slower disk-based databases
E.g. when you go to amazon.com, it always shows you the most popular products. Instead of sending 10000 queries for the 10000 people on the site, it will query elasticache which caches the most common queries and returns the result much faster. Uncommon queries are still made to the DB, but there is reduces traffic so improved performance
What two open source in memory caching engines does elasticache support
Memcached and Redis
How do you provision an RDS instance
Create and RDS and select its security group
Creat an EC2 instance(from a bootstrap which has wordpress downloaded) and select its security group
Assign the RDS endpoint as the DB host in the EC2
Wordpress will tie the IP adress to the EC2 it was provisioned on. Change this to ALB IP address so that if EC2 is terminated site still works
What does creating an image of an EC2 instance do
Creates a snapshot allowing you to provision the exact same service
Are RDS’s multi AZ?
They are installed locally on the EC2 but wont be Multi AZ unless you do replication between them
How can autoscaling use an EC2 image
Deploy autoscaling from the EC2 image, so that you can deploy 2 identical EC2 instances across 2 AZs for a fault tolerant website. This would scale depending on scaling polciy (e.g. CPU utilization)
What is DNS
Domain Name System is the process computers use to resolve domain names to IP addresses
For example, you can create a DNS and point it at an S3 bucket to create a serverless website
When registering a domain name, what do you need to rememeber
You need to ensure you have an S3 bucket with the same name (with .com at the end). S3 buckets are universally named so will be unique
