AWS Cloud Practitioner

What is Multitenancy?

What is Multitenancy?

Idea of sharing underlined hardware between virtual machines -> hypervisor is responsible for coordinating multitenancy; 1 EC2 is not aware of another EC2 on the same host.

Name EC2 instance types & families and describe them

Instance types offer different combinations of CPU, memory, storage, networking capacity; they are grouped under families

- General purpose: good balance for diverse workflows (web servers, code repositories)
- Compute optimized: ideal for compute intensive tasks (gaming servers, high performance computing HPC, scientific modeling)
- Memory optimized: memory intensive tasks
- Accelerated computing: good for floating point numbers calculations, graphic processing, data pattern matching, as they use utilize hardware accelerators
- Storage optimized: good for high performance for locally stored data

What is EC2?

Elastic Compute Cloud - A VM, hosted in AWS instead of a personal data center

Describe pricing of EC2 instances

- On-demand: pay only for time when EC2 runs

- Savings plan: low prices for EC2 in exchange for commitment for specific price and amount of time of EC2 instance usage (dollar/hour) for next 1 or 3 years => the commitment to spend a particular dollar amount per hour over a specific period

- Reserved instances: suited for steady workflows, commitment for 1 or 3 year term and payment (payment options: all upfront, partial upfront, no upfront) => the commitment to use an instance at a particular price over a specific period,

- Spot instances: 90% off demand price, AWS can reclaim instance when they need it in short time period, good for workflows that can be interrupted

- Dedicated hosts: host dedicated only for your EC2

Explain EC2 auto scaling

EC2 Auto Scaling - adds instances based on demand and then removes instances when they are no longer needed
2 types of scaling:
- scale vertically: add more power to the machines when they are running
- scale horizontally: multiply the number of instances

for EC2 Auto Scaling (allows to set automated horizontal scaling) we can set:
- minimum capacity
- desired capacity
- maximum capacity

What is ELB?

Elastic Load Balancing service (ELB) - managed service, runs on region level, ELB is automatically scalable to handle additional throughput; it communicates with EC2 instances
-> Can communicate front end with back end - to manage the traffic.

Load balancing: takes requests and routes them the instances to be processed
- main task: properly distribute traffic

What is SQS?

Amazon Simple Queue Service (SQS): send, store, receive messages between software components at any volume
- Payload: data contained within the message, stored until processed
- SQS queues: where messages are placed until they are processed
- example of loosely coupled architecture: single failure won't cause cascading failures in processing

What is SNS?

Amazon Simple Notification Service (SNS): used to send out messages, notifications, uses pub-sub module
- SNS topic: channel for messages to be delivered, subscribers will receive message placed there

What does 'serverless compute option' mean? Give an example

You cannot see or access the underlying infrastructure or instances that are hosting your app; so everything (patching, scaling) is taken care of by AWS
e.g.: AWS Lambda, AWS container services

What is AWS Lambda?

AWS Lambda - server less compute option
- service that allows to create lambda function from your code, configure the trigger
- when trigger is detected the code is run in the prepared environment
- lambda is automatically scalable (when a lot of incoming triggers)
- designed to run code under 15 mins, so for fast responses

What are AWS container services? Explain and provide examples

AWS container services: container orchestration tools

-> container = a docker container

-> container = package for your code, with dependencies, configs etc., these containers run on the top of EC2 and run in isolation from each other, but host is EC2 instance

e.g.:

1. Amazon Elastic Kubernetes service (EKS)

2. AWS Elastic Container Service (ECS): container orchestrator (number of containers = cluster), ECS is designed to run containerized apps at scale without managing own container orchestration software

What is AWS Fargate?

Fargate is a serverless compute engine for containers that works with both Amazon ECS and EKS

-> EKS & ECS can run on the top of EC2 but also can be run in AWS Fargate (serverless compute platform)

When using AWS Fargate, you do not need to provision or manage servers.

AWS Fargate manages your server infrastructure for you. You can focus more on innovating and developing your applications, and you pay only for the resources that are required to run your containers.

What is a container?

Container: isolated environment for your code
- a container has no knowledge of your operating system, or your files
- it runs on the environment provided to you by Docker Desktop
- containers have everything that your code needs to run, down to a base operating system
- You can use Docker Desktop to manage and explore your containers

Describe difference between types of needs and appropriate approaches to use of compute services in AWS (EC2, Lambda, Container services)

Compute services
- need for host traditional applications, need full access to the OS? => use amazon EC2
- need to host short running functions, service-oriented applications, event driven applications, no provisioning or managing servers? => use AWS Lambda
- need to run docker container-based workloads on AWS? -> Amazon ECS or Amazon EKS on EC2 // or when serverless AWS Fargate

Describe what is cloud computing

Cloud computing - on-demand delivery of IT resources over the internet with pay-as-you-go pricing

What are regions in AWS?

Geographically isolated areas which contain Availability Zones (AZs)

What does regional data sovereignty concept mean?

It means that data lives where region is, not in any other geographical locations

Name and describe 4 main aspects while choosing a Region in AWS to deploy your services

- Compliance requirements (for example: your data must live only in UK boundaries)
- Proximity (how close you are to your customer base, close is good)
- Latency: the time it takes for data to be sent and received between regions
- Feature availability (not all regions have all functions)
- Pricing (some locations are more expensive to operate in, e.g. Brazil)

What is AZ in AWS?

Availability Zones (AZ) - consist of 1 or more data center, each region is made up of AZs
-> this concept helps to solve high availability & disaster recovery scenarios

What are edge locations?

Edge Locations are placed all around the world and are separate from regions, they are used to be even near to the customer & to accelerate delivery
-> used by CloudFront

What is AWS CloudFront?

Amazon Cloudfront - service that helps to deliver data to customers around the world with low latency and high transfer speeds

- used for CDN (content delivery network)

- uses Edge Locations all around the world to accelerate delivery

What is Amazon Route 53? name examples for types of routing

Amazon Route 53 - DNS service that helps to direct customers to correct web locations with reliable low latency.

-> Also uses Edge locations to run Domain Name System (DNS)

1. Simple routing policy – route to the single resource that performs a given function for your domain

2. Failover routing policy – route to the healthy resource in case of primary resource being unhealthy

3. Geolocation routing policy – route traffic based on the location of your users

4. Geoproximity routing policy – route traffic based on the location of your resources and client location, but also the traffic on the resource, it can shift traffic from resources in 1 location to resources in another location (allows prioritization of resources)

5. Latency routing policy – when you have resources in multiple AWS Regions and you want to route traffic to the Region that provides the best latency, route to the fastest responding resource

6. IP-based routing policy – route traffic based on the location of your users, match user IP address with assigned matched IP range of the resource

7. Multivalue answer routing policy – use when you want Route 53 to respond to DNS queries with up to 8 healthy records selected at random [round-robin-method => traffic evenly distributed across available resources]

8. Weighted routing policy – route traffic to multiple resources in proportions that you specify [like 70:30]

What is DNS?

The Domain Name System (DNS) converts domain names or host names into IP addresses.

Instead of having to remember a host's IP address, DNS allows you to use a friendly name to access the host. For example, it is easier to remember http://www.cisco.com than 198.133.219.25.

What is AWS Outposts?

AWS Outposts - if business wants to use AWS services inside their own building not Amazon data center
-> AWS will install fully operational region inside your own data center (it will owned & operated by AWS, but isolated within your own building)

How can you access & use AWS?

Through API: application programming interface
- all your interactions are API calls, you can use:

1. AWS management console (browser based, manage resources visually)
2. AWS command line (CLI) (allows to make API calls using command line on your machine)
3. AWS software development kits (SDKs)
4. Various other tools (like AWS Elastic Beanstalk, AWS Cloud Formation [Infrastructure as code tool])

What is Amazon Elastic Beanstalk (AEB)?

Elastic Beanstalk - a service for deploying and scaling web applications and services:
- automatically handles the deployment: from capacity provisioning, load balancing, and auto scaling to application health monitoring

What is VPC?

VPC = Amazon Virtual Private Cloud: a regional service that allows the creation of isolated networks within AWS

-> subnet is a range of IP addresses in your VPC
public vs private
e.g. Cashier - public subnet, available for everyone
e.g. Barista - private subnet, available for cashier and staff members only

What allows for private/public traffic in VPC?

Public traffic: attach internet gateway to VPC = doorway which is open to the public, without gateway no one can reach resources placed in your VPC

Private traffic: attach virtual private gateway to VPC, to allow VPN connection between private network to VPC (private & encrypted)

What is AWS Direct Connect?

- to establish a dedicated private connection between your data center and a VPC
- virtual private gateway alternative to have highest security & lowest latency
-> physical connection through cable (fully private) - links your internal network with Direct Connect Location

What is Network ACL and how can you manage it in AWS?

Network ACL: like passport control entry to the subnet (validate data which wants in/out), checks traffic going IN & OUT from the subnet to secure your network [works on the subnet level]

Describe what does stateless and statefull mean in connection to subnets

-> Security groups are allowing out everything by default, they check only on entry = so they are statefull and allow to go out without additional check + they recognize the packets from before and allow to enter

-> Network ACLs are stateless which means they check packet in the way out also, doesn't mean that packet entered it has to be checked to be let out

What is Amazon EBS?

Amazon Elastic Block Store (EBS): block level storage - hard drive

EBS: separate drives from EC2 instance, they are not tied to the host of EC2, so data written to EBS can persist when EC2 is terminated/stopped
-> Allows to take incremental backups of your data (snapshots)

What is Amazon S3?

Amazon Simple Storage Service (Amazon S3): store and retrieve an unlimited amount of data
- Data stored as objects
- store objects in buckets (like file directories)
- max upload size is 5 TB
- there is objects versioning
- you can create multiple buckets & set permissions

Name and explain Amazon S3 storage classes

- Amazon S3 standard: eleven 9 of durability (will remain intact in the period of 1 year), general purpose storage for frequently accessed data

- S3 Intelligent-Tiering: monitors objects' access patterns and and moves data based on access patterns, to Infrequent Access/Archive Instant Access/Deep Archive Access

- S3 Express One Zone: in 1 AZ, access data in milliseconds

- Amazon S3 standard-infrequent access (S3 Standard-IA): good for data as backups etc., for data that is accessed infrequently but requires rapid access when needed

- Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA): infrequent access but stores data in a single Availability Zone

- Amazon Glacier Instant Retrieval: archive data storage & retrieval in milliseconds with the same performance as S3 Standard

- Amazon S3 Glacier Flexible retrieval: backup and archive data that is rarely accessed and low cost, configurable retrieval from mins to hrs

- S3 Glacier Deep Archive: data that is very rarely accessed and very low cost, retrieval within 12 hrs

- S3 Outposts: delivers object storage to your on-premises AWS Outposts environment, for workloads with local data residency requirements & to satisfy demanding performance needs by keeping data close to on-premises applications

What is Amazon S3 lifecycle policy?

S3 Lifecycle configuration - set of rules that define actions that Amazon S3 applies to a group of objects. There are two types of actions:

- Transition actions – define when objects transition to another storage class

- Expiration actions – define when objects expire. Amazon S3 deletes expired objects on your behalf

Describe object vs block storage

Object vs block storage:
- Object: treats any file as complete discrete object, every time when you have a change to the file you need to reupdate the file
- Block storage breaks the file into blocks so when there is a change only block with changes will be updated, so not the whole file will be updated
- > occasional changes: S3 better
- > complex read-write functions EBS is better

What is Amazon EFS?

Amazon Elastic File System (EFS): (regional) managed file system
- Allows to have multiple instances accessing data in EFS at the same time
- EFS does scaling when needed ! for Linux only

Describe EBS vs EFS

EBS
- EBS is attached to EC2 instance
- EBS is AZ level resource
- EBS needs to be in the same AZ to attach EC2 instances
- EBS volumes do not automatically scale

EFS
- EFS can have multiple instances reading and writing simultaneously
- EFS is a Linux file system
- EFS is Regional resource
- EFS Automatically scales

What is Amazon RDS?

Amazon Relational Database Service (Amazon RDS) is a managed service that makes it easy to set up, operate, and scale a relational database in the cloud.

RDBMS: relational database management system -> Amazon RDS is available on 6 database engines, which optimize for memory, performance, or input/output (I/O). Supported database engines include:

- Amazon Aurora
- PostgreSQL
- MySQL
- MariaDB
- Oracle Database

managed service that allows:
- Automated patching
- Backups
- Redundancy
- Failover
- Disaster recovery
-> AWS manages a lot so you can concentrate on different things

another option would be lift-and-shift migration to run a DB on EC2
- Migrate DB using standard practices
- Or use migration-service
-> but then you will manage patching, redundancy, backups etc.

What is Amazon Aurora?

Amazon Aurora (Aurora): a fully managed relational database engine that's compatible with MySQL and PostgreSQL
- Data replication
- 1.10 cost of commercial databases
- Up to 15 read replicas
- Continuous backup to Amazon S3
- Point in time recovery possible

What is Amazon DynamoDB?

Amazon Dynamo DB [similar to MongoDB provided not by AWS]: fully managed nosql serverless database
- You don't need to manage underlying infrastructure
- Place to store and query data
- Key-value pairs
- Manages underlying storage
- Stores data redundantly
- Very performant & scalable (millisecond response time)
-> It doesn't use SQL because it's non-sql non-relational database
-> Purpose built - is not the best fit for every workload
-> Has simple flexible schema
-> Key & value pairs can have different structure (not the same values for each key) [JSON]
-> Queries can be run against keys, so querying only with simpler SQL queries

What is Amazon Redshift?

Amazon Redshift: data warehouse in cloud (good to perform complex sql queries, look at historical data etc.)
- DWH as service: kept resilient, auto scaled, massively scalable, has nodes
- columnar database (for analytical purposes)
- cluster architecture

What is Amazon DMS?

AWS Database migration service (Amazon DMS):
- Helps to migrate existing databases secure & fast
- Source DB remains fully operational during the migration
- Downtime is minimized for applications that rely on that DB
- Source and target DBs don't have to be of the same type
-> Homogeneous Databases: both DBs of the same time
-> Hetrerogeneus Databases: when DBs are of different types

Other use cases for AWS DMS:
- Development and test database migrations: when you want to test data but not on production DB
- Database consolidation: when you have several DBs and want to consolidate them into single DB
- Continuous database replication

! AWS DMS does not migrate the actual server to an EC2 instance

What is Amazon DocumentDB?

Amazon DocumentDB: compatible with MongoDB, fully managed native JSON document database

What is Amazon Neptune Graph?

Amazon Neptune: server less graph DB, shows who is connected to who etc., good for recommendations analysis and fraud detections

What us Amazon QLDB?

Amazon Quantum Ledger Database (QLDB): managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log
-> entry can never be removed

Name DB accelerators in AWS and explain how they work shortly

Database accelerators:
- Amazon ElastiCache: caching layers on the DB to improve the performance of queries (managed service)
- Dynamo DB Accelerator (DAX): improves performance on DynamoDB

What is Amazon Managed Blockchain?

Amazon Managed Blockchain: service that you can use to create and manage blockchain networks with open-source frameworks.
-> Blockchain =a distributed ledger system that lets multiple parties run transactions and share data without a central authority

What is Shared Responsibility Model in AWS?

Shared Responsibility Model in the Cloud consists of you (customer) and AWS

-> AWS responsible for security OF the cloud
- Physical layer: e.g. data center
- Network
- hypervisor
-> Customer is responsible for security IN the cloud
- Operating system
- Application
- Data

Which permissions does the AWS account root user have?

All permissions

Which permissions does a user have by default?

By default, no permissions, by default all actions are denied (we have to explicitly allow them)

What is AWS IAM?

AWS Identity and Access Management (IAM): SaaS, service that allows to specify who or what can access services and resources in AWS, centrally manage fine-grained permissions, and analyze access to refine permissions across AWS

Name and describe IAM resources

-> user: by default has no permissions

-> group: groups of users, you can attach policy to the group than all users will inherit this policy

-> role: user can have many roles

- Have associated permissions that allow or deny

- Assumed for temporary amount of time

- No username of password

-> policy: (associated with user) describes which API calls user is allowed to make; a JSON file with:

- Effect

- Action

- Resource

-> identity-provider object: like your company

What is least privilege principle and why is it important?

Least privilege principle - a user should be granted access only to what they need, enhances security

What is AWS Organizations and what it is used for?

AWS Organizations: a central location to manage multiple AWS accounts
- Centralized management of all AWS accounts
- Consolidated billing for all member accounts
- Hierarchical grouping of accounts (allows to group accounts into organizational units (OUs - e.g. Finance, IT, Sales etc.))
- AWS service and API actions access control -> service control policies (SCPs): restrict which AWS resources can be accessed

What is AWS Artifact?

AWS Artifact holds Report and Agreements, allows to manage documents and download the compliance reports done by 3rd parties on AWS

What is AWS Compliance?

AWS Compliance place which stores AWS compliance information (with e.g. GDPR etc.)

What is AWS Shield?

AWS Shield: service that is specially aimed to protect the system from DDoS attacks

What is AWS WAF?

AWS WAF:
- web application firewall,
- has ML capabilities to recognize threats
- protects against common web exploits and bots that can affect availability, compromise security, or consume excessive resources
- filters web traffic

What is Amazon Inspector?

Amazon Inspector: is a vulnerability management service that continuously scans your AWS workloads for software vulnerabilities and unintended network exposure.
- Network configuration reachability piece
- Amazon agent (can be installed on EC2)
- Security assessment service

What is Amazon GuardDuty?

Amazon GuardDuty -> A service that provides intelligent threat detection for your AWS infrastructure and resources.

- analyzes continuous streams of metadata generated from your account and network activity,

- uses integrated threat intelligence (ML etc)

What is AWS KMS?

AWS Key Management Service (AWS KMS) - lets you create, manage, and control cryptographic keys across your applications and AWS services
use cases:
- data encryption & decryption
- verification of signatures
- generate and verify message authentication codes (MACs)

What is Instance Store Volume on EC2?

Instance Store Volumes - disk that is physically attached to the host of EC2 instance
-> all files will be lost when instance is terminated (it is ephemeral/temporary storage); ok for data that can be recreated easily

What is Amazon CloudWatch?

- allows to monitor AWS Cloud infrastructure
- allows to create metrics and CloudWatch Alarm -> alert on specific metric
- cloud watch dashboard feature
- access all your metrics from a central location
- gain visibility into your applications, infrastructure and services
- reduce mean-time-to-resolution (MTTR) and improve total cost of ownership (TCO)
- drive insights to optimize applications and operational resources

What is AWS Cloud Trail?

- allows to track all actions in cloud
- comprehensive API auditing tool
- every request is logged in the cloud trail engine (who did the request, when, where, response etc.)
- logs saved in S3 buckets

What is AWS Trusted Advisor?

AWS Trusted Advisor:
-> service that will evaluate your resources against 5 pillars:
- cost optimization
- performance
- security
- fault tolerance
- service limits
-> provides good point for investigation on the resources

Trusted Advisor checks security groups for rules that allow unrestricted access to a resource. Unrestricted access increases opportunities for malicious activity, such as hacking, denial-of-service attacks, or loss of data.

How does AWS pricing work?

- Pay for what you use
- Pay less when you reserve
- Pay less with volume-based discounts when you use more

What is AWS Free tier? give some examples

AWS Free tier: period/amount for which the services can be used for free
- always free
- 12 months free
- Trials

examples:
- AWS Lambda allows for under 1 mln invocations
- S3 is free for 12 months for up to 5 GB of standard storage
- AWS Lightsail offers 1 month of free trial

What is AWS Pricing Calculator?

- you can input the services you will use, and the configuration of those services, and get an estimate of the costs these services will accrue.
- lets you explore AWS services, and create an estimate for the cost of your use cases on AWS

What is Consolidated billing in AWS?

It is AWS Organizations feature:
- allows to roll the bills from accounts together owned by the owner of organization,
- allows to view bill for account but also aggregated

-> Bulk discount pricing available: aggregate across all accounts in organization
-> Savings plan in place or reserved instances: it can be shared across accounts in the organization.
Consolidated billing:
- simplifies billing process
- share savings across accounts
- free feature

What is AWS Budgets?

Allows to create budgets to plan your service usage (future), service costs, and instance reservations, set to receive notifications when budget is to be achieved

What is AWS Cost Explorer?

- console based service to see and analyze how you are spending money in AWS (currently & past)
- provides 12 months of historical data,
- allows to analyze the cost trends (apply filters to display needed data)

What is AWS Marketplace?

AWS Marketplace - a digital catalog that includes thousands of software apps/services from independent software vendors
-> used to find, test, and buy software that runs on AWS

What is TAM in AWS?

Technical Account Manager (TAM) - The Enterprise On-Ramp and Enterprise Support plans include access to a Technical Account Manager (TAM).
- TAM = your primary point of contact at AWS.
- If your company subscribes to Enterprise Support or Enterprise On-Ramp, your TAM educates, empowers, and evolves your cloud journey across the full range of AWS services
- TAMs provide expert engineering guidance, help you design solutions that efficiently integrate AWS services
-> assist with cost-effective and resilient architectures
-> provide direct access to AWS programs and a broad community of experts

Name and describe AWS Support plans

1. Basic support: free for all, 24/7 customer service, documentation, whitepapers, support forums, AWS trusted Advisor, AWS Personal health Dashboard

2. Developer support: includes all what you have in basic support + email access to customer support (answer in 24 hrs)

3. Business support: everything from previous plans included + direct phone access to cloud support engineers, AWS Trusted Advisor provides full set of best practice checks,

+ Infrastructure event management (for extra fee)

4. AWS enterprise support on-ramp support: basic, developer and business support, 30 min response time for business critical workloads, access to a pool of technical account managers (TAMs)

5. AWS Enterprise Support: basic, developer and business support, 15 min response time for business critical workloads, Designated technical account manager (TAM)

Name and describe 6 R's of migration to cloud

6R's of migration = strategies for migration to the cloud

· Rehosting: lift & shift, not making any changes, just pick up apps and move them to AWS,

· Replatforming: lift & tinker & shift, not pure 1:1 but with few cloud optimizations, no new dev efforts involved,

· Refactoring/re-architecting: adding features and performance that was on available before (reimagining the application using cloud-native features)

· Repurchasing: moving from a traditional license to a software-as-a-service model.

· Retaining: consists of keeping applications that are critical for the business in the source environment. This might include applications that require major refactoring before they can be migrated, or, work that can be postponed until a later time.

· Retiring: process of removing applications that are no longer needed.

What is AWS CAF?

AWS Cloud Adoption Framework (AWS CAF): guidance, provides advice to the company to allow smooth migration to AWS

6 core perspectives of the Cloud Adoption Framework
Business capabilities (non-technical planning):
- Business (BA): helps you to move from a model that separates business and IT strategies into a business model that integrates IT strategy.
- People (HR)
- Governance
Technical capabilities (technical planning):
- Platform (Architect): includes principles for implementing new solutions and migrating on-premises workloads to the cloud.
- Security
- Operations

-> These capabilities provide different points of views, each of them is used to uncover gaps, skills, and processes - which are recorded and called inputs
-> These inputs help to create an Action Plan on how to move to the cloud

How to move massive amounts of data to AWS without shipping it through network?

AWS Snow Family: devices to migrate the data, ship you hardware you load data there and send them back to AWS, AWS loads it up to S3 to make it faster than internet connection:

- AWS Snowcone: is a small, rugged, and secure edge computing and data transfer device. It features 2 CPUs, 4 GB of memory, and up to 14 TB of usable storage.

- AWS Snowball:

=> Edge storage optimized: devices are well suited for large-scale data migrations and recurring transfer workflows, in addition to local computing with higher capacity needs – 80 TB Storage

=> Edge compute optimized: provides powerful computing resources for use cases such as machine learning, full motion video analysis, analytics, and local computing stacks – 80 TB Storage

- AWS Snowmobile: truck, is an exabyte-scale data transfer service used to move large amounts of data to AWS. – up to 100 petabytes of data

What is Amazon SageMaker?

Amazon SageMaker: to build, train ML models
=> IDE for data scientist and no-code interfaces for BAs

What is Amazon A2I?

Amazon Augumented AI (Amazon A2I): machine learning platform - to implement human reviews and audits of ML predictions based on specific requirements

What is Amazon Lex?

Amazon Lex = heart of Alexa (Amazon AI) => conversational AI
- Virtual agents & voice assistants
- Automated voice responses to most common FAQ searches
- Chatbots possible

What is Amazon textract?

Amazon Textract: AI for extracting text and data from your documents

What is AWS DeepRacer?

AWS DeepRacer - AI for developers, reinforcement learning

Name and describe pillars of AWS Well-Architected-Framework

AWS Well-Architected-Framework = is a service designed to enable building resilient architecture

6 pillars:

- Operational excellence: running and monitoring systems to deliver business value and to continually improve supporting processes and procedures.

- Security: protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

- Reliability: recovery planning, how you handle change

- Performance efficiency: using resources efficiently

- Cost optimization: optimizing full cost, controlling where money is spent

- Sustainability: minimizing environmental impacts of cloud workflows

-> Tool that allows you to evaluate your architecture as normally solutions architect does

Name 6 main benefits of using AWS Cloud

1. Trade upfront expense for variable expense (data centers)
2. Benefit from massive economies of scale (lower variable cost than you could running a data center alone)
3. Stop guessing capacity: no over- or underestimating
4. Increase speed and agility (possibility to experiment)
5. Stop spending money running and maintaining data centers
6. Go global in minutes: short time to expand to the next area of the world

What is Amazon Lightsail?

Service in AWS for web hosting - easy and affordable
- User friendly (quick setup for beginners)
- Versatile (ideal for blogs)

What is Security group?

A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.

By default, a security group denies all inbound traffic and allows all outbound traffic. Businesses can add custom rules to configure which traffic should be allowed or denied.

What is AWS Batch?

AWS Batch: efficient handling of large task volumes
- Fully managed service
- Good for batch processing and ML computations
- Manages compute resources (will organize, schedule, execute your batch)

What are AWS Local Zones?

AWS Local Zones - made to bring key AWS resources closer to densely populated areas
· Faster applications: reduce latency for gaming, live streaming, AR/VR
· Simplified hybrid cloud: ease migration with nearby local zones
· Adhere to local rules in sectors like healthcare & finance

What are AWS Wavelength Zones?

AWS Wavelength Zones: AWS in 5G networks (direct integration into 5G networks)
· Integrated directly to the telecom network
· Having AWS power in the telecom infrastructure, full potential of 5Gs speed and bandwidth

What is Amazon ECR?

Amazon Elastic Container Registry (ECR) - efficient container image management

· Simplified process of storing, sharing and deploying container software

· Fully managed image registry: high-performance container image hosting for reliable deployments

· Universal application deployment: push and pull container images and artifacts to/from any location

What is AWS Client VPN?

AWS Client VPN - aws vpn, enables remote workforce to access resources securely, connects to both AWS and on-premises networks

What is AWS Site-to-Site VPN?

AWS Site-to-Site VPN: establishes encrypted connections between various locations, links data centers and remote offices to AWS resources
-> connection uses internet, traffic is encrypted

What is AWS Global Accelerator?

AWS Global Accelerator: networking service that helps to improve the availability, performance, and security of public applications.

- Static public IPs: offers 2 global static IPs as consistent entry point
- Connects to application load balancers, EC2, network load balancers, elastic IPs

What is Amazon API Gateway?

Amazon API Gateway: fully managed service for API creation, publishing, maintenance, security
- API as a front door: enables applications to access data, business logic and backend functionality
- Integrated with containerized services, serverless workloads and web apps

What is Amazon FSx?

Amazon FSx: managed file system solutions
- Manages & SSD powered: fast performance, low latency, hands-off management
- Optimized for diverse needs: cost-effective, scalable and feature-rich for a wide range of workloads, build on the latest AWS technologies for high performance
- FSx solutions in AWS: (you can choose between 4 widely used file systems) for NetApp, for Windows File Server, for OpenZFS, for Lustre ! for Windows

What is AWS Storage Gateway?

AWS Storage Gateway: brings on-premises and cloud-storage
- Hybrid cloud storage: on-premises access to virtually unlimited cloud storage (connects your local storage with cloud)

Gateway types:
- Tape gateway: stores virtual tapes in Amazon S3, automating tape management, modernizing tape storage
- Amazon S3 file gateway: backups on-premises data as objects in Amazon S3; supports hybrid workflows [back up your data in cloud]
- Amazon FSx File Gateway: integrates with AWS services for enhanced storage management and data protection
- Volume gateway: ideal for local application backups, disaster recovery and EBS snapshots

What is AWS DRS?

AWS Elastic disaster recovery (AWS DRS): cost-effective and rapid recovery service
- Pay for disaster recovery when needed
- Restore applications within minutes, either to the latest state or a previous selected point

What is AWS Backup?

AWS Backup - fully-managed service, for centralizing and automating data protection across AWS services, in the cloud, and on premises
-> allows to configure backup policies and monitor activity for your AWS resources in 1place
- Safeguards AWS storage, database, compute services and hybrid workloads like VMware
- Automated management: streamlined backup scheduling and retention
- AWS KMS-integrated encryption and cross-account management via AWS organizations
- Immutable storage: write-once, read-many (WORM) capability with AWS Backup Vault Lock

What are in-memory DBs on AWS? Name examples

In-Memory databases on AWS: fast data access and performance, reduced response time, having data ready to be accessed instantly, in-memory data store & caching

-> Redis = an open-source in-memory storage, used as a distributed, in-memory key-value database, cache and message broker, with optional durability.
- Amazon Memory DB for Redis
- Amazon ElastiCache for Redis
- Amazon ElastiCache for Memcached
- > caches frequent queries in memory