Studied by 3 people
Looks like no one added any tags here yet for you.
What is cloud computing?
Cloud computing is the on-demand delivery of IT resources through a cloud services platform over the Internet with pay-as-you-go pricing.
What are the key features of cloud computing?
Quick access, flexibility, and low-cost are the key features of cloud computing.
How are IT resources delivered in cloud computing?
IT resources are delivered through a cloud services platform over the Internet.
What is the pricing model in cloud computing?
Cloud computing follows a pay-as-you-go pricing model.
Why is cloud computing advantageous?
Cloud computing provides quick access to flexible and low-cost IT resources.
What does Software as a Service (SaaS) deliver to its users?
Applications over the Internet.
What is on-premises deployment?
On-premises deployment is a model where on-premises resources are used exclusively.
Global reach
The ability to operate and serve customers across multiple countries or regions.
How are availability zones connected within a region?
Availability zones (AZs) are connected in-region by a fast, low-latency network, which enables synchronous replication of data.
What are AWS Tools and Software Development Kits (SDKs)?
AWS Tools and Software Development Kits (SDKs) is a framework that integrates code with AWS.
Amazon Elasticsearch Service
An Elasticsearch service to search, analyze, and visualize log data. Elasticsearch is a search and analytics engine.
What is an Amazon Machine Image (AMI) in Amazon EC2?
An Amazon Machine Image
AWS Fargate
A serverless compute service for containers that allows users to build applications and deploy them with ECS or EKS.
AWS Simple Monthly Calculator
Another name for the AWS Pricing Calculator, used to estimate the cost of AWS products and services.
What databases does Amazon RDS support?
Amazon RDS supports MySQL, PostgreSQL, MariaDB, SQL Server, Oracle,
Amazon WorkSpaces
A desktop delivery service that allows the provisioning of virtual desktops for users.
Amazon SageMaker
Machine Learning service for building, training, and deploying ML models.
AWS Config
Configuration monitoring service for simplifying compliance auditing, security analysis, change management, and operational troubleshooting.
Amazon Lex
Conversational interface service for building voice and text chatbots.
What are the DB instance type options in Amazon RDS?
The DB instance type options in Amazon RDS are general purpose, memory optimized, and burstable performance.
AWS Budgets
A budgeting service that sends alerts when cost or usage budgets are exceeded.
Container
A standard unit of software that packages code with its dependencies.
Amazon Kinesis Data Firehose
Loads streams into data stores.
What is the AWS Command Line Interface (CLI)?
The AWS Command Line Interface (CLI) is a unified tool to manage AWS.
What is a region in the context of global infrastructure?
A region is a geographic area that hosts two or more availability zones.
Variable cost structure
A cost structure in which costs fluctuate based on the level of production or sales.
What is hybrid deployment?
Hybrid deployment is a model where cloud resources and on-premises resources are used together.
What are the five main benefits of AWS Organizations?
Centrally manage access policies across multiple AWS accounts.
What is the third factor to consider when estimating the costs of Amazon EBS?
Snapshots.
How do you estimate the costs of Amazon CloudFront distribution?
Data Transfer Out.
Traffic distribution.
Number of requests.
Operational excellence
the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.
Security
the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
Reliability
the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
Performance Efficiency
includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.
Cost Optimization
the ability to avoid or eliminate unneeded cost or sub-optimal resources.
What variables affect EC2 pricing?
- The buying option (On-demand, Reserved, Spot, Dedicated)
- Selected AMI
- Selected instance type
- Region
- Data Transfer in/out
- Storage capacity.
What do customers inherit from AWS?
Physical and environmental controls
Hypervisor
allows multiple virtual instance to run on physical server through code.
Patching
updates to operating system to fix bug or security issue (client responsibility) (operating system level) except if a managed service
APN Consulting Partners
professional services firms that help customers design, build, and manage their workloads on AWS
APN Technology Partners
provide hardware, connectivity services, or software solutions that or hosted on or integrated with AWS
AWS Quick Starts
Get automated, gold-standard enterprise solutions; A reference deployment includes an architectural outline, CloudFormation templates, and an implementation guide
AWS Marketplace
Find, test, buy, and deploy AWS-compatible software
AWS Support Conceirge
provides assistance with account and billing subjects
AWS Abuse Team
provides assistance when AWS resources are compromised by abusive or illegal means
Infrastructure event Management
provides strategic planning assistance before major events (e.g., launches) aka a short-term engagement with AWS Support, included in the Enterprise-level Support product offering, and available for additional purchase for Business-level Support subscribers.
Technical account manager
a technical point of contact with AWS expertise
Enterprise plan
offers additional features, such as a technical account manager, infrastructure event management, in-depth architectural and operational guidance with SMEs, the AWS Abuse Team, and the AWS Support Concierge Team
Business Plan
offers additional features, such as use-case guidance, AWS Trusted Advisor, the AWS Support API, and third-party software support
AWS Support API
an interface for programmatic case management
Developer plan
offers additional features, such as best practice guidance, basic architecture support, and AWS IAM
Basic Plan
free and offers support for account and billing questions, service quota increases, documentation, and forums
Shared responsibility Model
states that security and compliance are shared responsibilities between AWS and the customer; Under the shared responsibility model, AWS is responsible for the hardware and software that run AWS services. This includes patching the infrastructure software and configuring infrastructure devices. As a customer, you are responsible for implementing best practices for data encryption, patching guest operating system and applications, identity and access management, and network & firewall configurations.
Four factors of the SRM
Security in the cloud is the responsibility of the customer
Security of the cloud is the responsibility of AWS
Shared Controls apply to the infrastructure layer and customer layer (e.g., awareness and training)
Inherited Controls include physical and environmental controls
Customer Specific Controls include service and communication protection and zone security
AWS Storage Gateway
Get on-premises access to virtually unlimited cloud storage
AWS S3 Glacier
a data archiving and long-term backup service that can store infrequently accessed data inexpensively
Expedited Retrieval returns data in a 1-5 minutes
Standard Retrieval returns data in 3-5 hours
Bulk Retrieval returns data in 5-12 hours
Amazon Elastic File System
Set up a Linux file system
Amazon Simple Storage Service (S3)
an object storage service that has unlimited storage (buckets)and a single object limited to 5 TB
Common scenarios for using S3
backup and store, application hosting, media hosting, software delivering, retrieve any amount of data from anywhere via Internet, and foundational for serverless computing, user-driven content, backup and recovery, and data lakes
S3 Standard
a storage class for frequently accessed data, replicated over all AZ if 3+ AZ
S3 Intelligent-Tiering
a storage class for data with changing or unknown access patterns
S3 Reduced Redundancy
a storage class for frequently accessed, non-critical data
S3 Standard IA/One Zone-IA
for long-lived, infrequently accessed data
Data lake
a repository of raw, unstructured data
Object storage
stores data in distinct units consisting of the data itself, associated metadata, and a unique identifier
Penetration testing
the practice of testing a network or web application for security vulnerabilities and is allowed by the client on eight select services without permission (e.g., Elastic Beanstalk)
Security bulletins
notify customers of security and privacy events
AWS Identity and Access Management
a resource access service that can control resource authentication and authorization
User
an operator with permanent credentials
Group
a collection of users
Role
an operator with temporary credentials
Policy document
attached to a user, group, or role and defines permissions via JSON
Least privilege
a best practice in which users are granted only the permissions necessary to do particular tasks
Access key
a long-term credential that allows for programmatic access to the AWS CLI or AWS API
AWS Web Application Firewall
Create security rules to block common attack patterns and exploits (e.g., SQL injection)
AWS Cloud HSM
Generate and use encryption keys
AWS Certificate Manager
a certificate management service that can provision, manage, and deploy digital certificates (i.e., SSL/TLS); A digital certificate creates a secure link between a web browser and a web server
AWS Secrets Manager
a secret management service that can rotate, manage, and retrieve database credentials and API keys
Amazon Cloud Directory
a directory service that can organize and manage application resources and relationships between them
AWS Key Management Service
a key management service that can create and control keys to encrypt or digitally sign data
Amazon Firewall Manager
a firewall management service that can simplify WAF administration and security rules across resources
AWS Shield
a DDoS protection service that can protect resources against web traffic overflows; A distributed denial of service (DDoS) is a malicious attempt to crash an application, service, or network with excessive traffic
AWS Artifact
a compliance reporting service and can access compliance reports, accreditations, and agreements (e.g., ISO certifications, NDAs, etc.)
Amazon Cognito
an application identity management service and can add user sign-up, sign-in, and access control to applications
Amazon Inspector
a security assessment service that analyzes applications for exposure, vulnerabilities, and deviation from best practices
Elastic Load Balancing
a traffic distribution service
The Load Balancer
serves as the point of contact for client requests, routing traffic across multiple targets
The Listener
forwards requests to targets with the appropriate protocol and port configurations
Network Load Balancer
routes traffic for applications with performance requirements or volatile traffic patterns
The Application Load Balancer
routes traffic for modern application architectures
The Classic Load Balancer
routes traffic for legacy options (i.e., EC2 instances launched prior to VPC)
Amazon API Gateway
an API service that can create, maintain, and secure APIs
AWS Direct connect
a network connection service that can establish a direct network connection on-premises to AWS
A network access control list
a layer of security for VPC that acts as a firewall for inbound and outbound subnet traffic
An Internet gateway
the VPC side of an Internet connection
A subnet
a subset of a VPC network which can house isolated resources
Amazon Virtual Private Cloud
a private networking service
Edge Location
a localized cache that lives close to end users
Content Delivery Network
a distributed network of servers and data centers
AWS VPN
Set up secure connections to VPC or on-premises networks
Note 
Flashcard (120)