AWS_CPE_Terms (1).docx

What is cloud computing?

Cloud computing is the on-demand delivery of IT resources through a cloud services platform over the Internet with pay-as-you-go pricing.

What are the key features of cloud computing?

Quick access, flexibility, and low-cost are the key features of cloud computing.

How are IT resources delivered in cloud computing?

IT resources are delivered through a cloud services platform over the Internet.

What is the pricing model in cloud computing?

Cloud computing follows a pay-as-you-go pricing model.

Why is cloud computing advantageous?

Cloud computing provides quick access to flexible and low-cost IT resources.

What does Software as a Service (SaaS) deliver to its users?

Applications over the Internet.

What is on-premises deployment?

On-premises deployment is a model where on-premises resources are used exclusively.

Global reach

The ability to operate and serve customers across multiple countries or regions.

How are availability zones connected within a region?

Availability zones (AZs) are connected in-region by a fast, low-latency network, which enables synchronous replication of data.

What are AWS Tools and Software Development Kits (SDKs)?

AWS Tools and Software Development Kits (SDKs) is a framework that integrates code with AWS.

Amazon Elasticsearch Service

An Elasticsearch service to search, analyze, and visualize log data. Elasticsearch is a search and analytics engine.

What is an Amazon Machine Image (AMI) in Amazon EC2?

An Amazon Machine Image

AWS Fargate

A serverless compute service for containers that allows users to build applications and deploy them with ECS or EKS.

AWS Simple Monthly Calculator

Another name for the AWS Pricing Calculator, used to estimate the cost of AWS products and services.

What databases does Amazon RDS support?

Amazon RDS supports MySQL, PostgreSQL, MariaDB, SQL Server, Oracle,

Amazon WorkSpaces

A desktop delivery service that allows the provisioning of virtual desktops for users.

Amazon SageMaker

Machine Learning service for building, training, and deploying ML models.

AWS Config

Configuration monitoring service for simplifying compliance auditing, security analysis, change management, and operational troubleshooting.

Amazon Lex

Conversational interface service for building voice and text chatbots.

What are the DB instance type options in Amazon RDS?

The DB instance type options in Amazon RDS are general purpose, memory optimized, and burstable performance.

AWS Budgets

A budgeting service that sends alerts when cost or usage budgets are exceeded.

Container

A standard unit of software that packages code with its dependencies.

Amazon Kinesis Data Firehose

Loads streams into data stores.

What is the AWS Command Line Interface (CLI)?

The AWS Command Line Interface (CLI) is a unified tool to manage AWS.

What is a region in the context of global infrastructure?

A region is a geographic area that hosts two or more availability zones.

Variable cost structure

A cost structure in which costs fluctuate based on the level of production or sales.

What is hybrid deployment?

Hybrid deployment is a model where cloud resources and on-premises resources are used together.

What are the five main benefits of AWS Organizations?

1. Centrally manage access policies across multiple AWS accounts.

What is the third factor to consider when estimating the costs of Amazon EBS?

Snapshots.

How do you estimate the costs of Amazon CloudFront distribution?

* Data Transfer Out.
* Traffic distribution.
* Number of requests.

Operational excellence

the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

Security

the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Reliability

the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as  misconfigurations or transient network issues.

Performance Efficiency

includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.

Cost Optimization

the ability to avoid or eliminate unneeded cost or sub-optimal resources.

What variables affect EC2 pricing?

\- The buying option (On-demand, Reserved, Spot, Dedicated)

\- Selected AMI

\- Selected instance type

\- Region

\- Data Transfer in/out

\- Storage capacity.

What do customers inherit from AWS?

Physical and environmental controls

Hypervisor

allows multiple virtual instance to run on physical server through code.

Patching

updates to operating system to fix bug or security issue (client responsibility) (operating system level) except if a managed service

APN Consulting Partners

professional services firms that help customers design, build, and manage their workloads on AWS

APN Technology Partners

provide hardware, connectivity services, or software solutions that or hosted on or integrated with AWS

AWS Quick Starts

Get automated, gold-standard enterprise solutions; A *reference deployment* includes an architectural outline, CloudFormation templates, and an implementation guide

AWS Marketplace

Find, test, buy, and deploy AWS-compatible software

AWS Support Conceirge

provides assistance with account and billing subjects

AWS Abuse Team

provides assistance when AWS resources are compromised by abusive or illegal means

Infrastructure event Management

provides strategic planning assistance before major events (e.g., launches) aka a short-term engagement with AWS Support, included in the Enterprise-level Support product offering, and available for additional purchase for Business-level Support subscribers.

Technical account manager

a technical point of contact with AWS expertise

Enterprise plan

offers additional features, such as a technical account manager, infrastructure event management, in-depth architectural and operational guidance with SMEs, the AWS Abuse Team, and the AWS Support Concierge Team

Business Plan

offers additional features, such as use-case guidance, AWS Trusted Advisor, the AWS Support API, and third-party software support

AWS Support API

an interface for programmatic case management

Developer plan

offers additional features, such as best practice guidance, basic architecture support, and AWS IAM

Basic Plan

free and offers support for account and billing questions, service quota increases, documentation, and forums

Shared responsibility Model

states that security and compliance are shared responsibilities between AWS and the customer; Under the shared responsibility model, AWS is responsible for the hardware and software that run AWS services. This includes patching the infrastructure software and configuring infrastructure devices. As a customer, you are responsible for implementing best practices for data encryption, patching guest operating system and applications, identity and access management, and network & firewall configurations.

Four factors of the SRM

* Security *in* the cloud is the responsibility of the customer
* Security *of* the cloud is the responsibility of AWS
* *Shared Controls* apply to the infrastructure layer and customer layer (e.g., awareness and training)
* *Inherited Controls* include physical and environmental controls
* *Customer Specific Controls* include service and communication protection and zone security

AWS Storage Gateway

Get on-premises access to virtually unlimited cloud storage

AWS S3 Glacier

a data archiving and long-term backup service that can store infrequently accessed data inexpensively

* *Expedited Retrieval* returns data in a 1-5 minutes
* *Standard Retrieval* returns data in 3-5 hours
* *Bulk Retrieval* returns data in 5-12 hours

Amazon Elastic File System

Set up a Linux file system

Amazon Simple Storage Service (S3)

an object storage service that has unlimited storage (buckets)and a single object limited to 5 TB

Common scenarios for using S3

backup and store, application hosting, media hosting, software delivering, retrieve any amount of data from anywhere via Internet, and foundational for serverless computing, user-driven content, backup and recovery, and data lakes

S3 Standard

a storage class for frequently accessed data, replicated over all AZ if 3+ AZ

S3 Intelligent-Tiering

a storage class for data with changing or unknown access patterns

S3 Reduced Redundancy

a storage class for frequently accessed, non-critical data

S3 Standard IA/One Zone-IA

for long-lived, infrequently accessed data

Data lake

a repository of raw, unstructured data

Object storage

stores data in distinct units consisting of the data itself, associated metadata, and a unique identifier

Penetration testing

the practice of testing a network or web application for security vulnerabilities and is allowed by the client on eight select services without permission (e.g., Elastic Beanstalk)

Security bulletins

notify customers of security and privacy events

AWS Identity and Access Management

a resource access service that can control resource authentication and authorization

User

an operator with permanent credentials

Group

a collection of users

Role

an operator with temporary credentials

Policy document

attached to a user, group, or role and defines permissions via JSON

Least privilege

a best practice in which users are granted only the permissions necessary to do particular tasks

Access key

a long-term credential that allows for programmatic access to the AWS CLI or AWS API

AWS Web Application Firewall

Create security rules to block common attack patterns and exploits (e.g., SQL injection)

AWS Cloud HSM

Generate and use encryption keys

AWS Certificate Manager

a certificate management service that can provision, manage, and deploy digital certificates (i.e., SSL/TLS); A *digital certificate* creates a secure link between a web browser and a web server

AWS Secrets Manager

a secret management service that can rotate, manage, and retrieve database credentials and API keys

Amazon Cloud Directory

a directory service that can organize and manage application resources and relationships between them

AWS Key Management Service

a key management service that can create and control keys to encrypt or digitally sign data

Amazon Firewall Manager

a firewall management service that can simplify WAF administration and security rules across resources

AWS Shield

a DDoS protection service that can protect resources against web traffic overflows; A *distributed denial of service (DDoS)* is a malicious attempt to crash an application, service, or network with excessive traffic

AWS Artifact

a compliance reporting service and can access compliance reports, accreditations, and agreements (e.g., ISO certifications, NDAs, etc.)

Amazon Cognito

an application identity management service and can add user sign-up, sign-in, and access control to applications

Amazon Inspector

a security assessment service that analyzes applications for exposure, vulnerabilities, and deviation from best practices

Elastic Load Balancing

a traffic distribution service

The Load Balancer

serves as the point of contact for client requests, routing traffic across multiple targets

The Listener

forwards requests to targets with the appropriate protocol and port configurations

Network Load Balancer

routes traffic for applications with performance requirements or volatile traffic patterns

The Application Load Balancer

routes traffic for modern application architectures

The Classic Load Balancer

routes traffic for legacy options (i.e., EC2 instances launched prior to VPC)

Amazon API Gateway

an API service that can create, maintain, and secure APIs

AWS Direct connect

a network connection service that can establish a direct network connection on-premises to AWS

A network access control list

a layer of security for VPC that acts as a firewall for inbound and outbound *subnet* traffic

An Internet gateway

the VPC side of an Internet connection

A subnet

a subset of a VPC network which can house isolated resources

Amazon Virtual Private Cloud

a private networking service

Edge Location

a localized cache that lives close to end users

Content Delivery Network

a distributed network of servers and data centers

AWS VPN

Set up secure connections to VPC or on-premises networks