Studied by 2 people
Looks like no one added any tags here yet for you.
Shared Responsibility Model
The model that defines the division of security responsibilities between the customer and AWS in the cloud.
6 Pillars of the Well-Architected Framework
The six key areas of focus for building well-architected and efficient cloud solutions:Operation Excellence, Performance Efficiency, Security, Cost Optimization, Reliability, and Sustainability.
IAM
Identity and Access Management, the service that allows you to manage access to AWS resources.
IAM Policy documents
JSON-formatted documents that define the permissions and access control for IAM users, groups, and roles.
Identity Providers
Services that enable federation of identities between AWS and external identity systems, such as AWS SSO.
IAM Roles
Identities in IAM with specific permissions that can be assumed by trusted entities, such as EC2 instances.
Simple Storage Solution (S3)
Object storage service in AWS that allows you to store and retrieve any amount of data.
S3 URLS
The URL format used to access objects stored in S3 buckets.
Versioning
Feature in S3 that allows you to store and retrieve all versions of an object, including deleted ones.
Server-Side Encryption
S3 feature that allows you to encrypt data at rest in your S3 buckets.
Access Control Lists (ACLs)
Mechanism in S3 that allows you to define fine-grained access control for individual objects within a bucket.
Bucket Policies
Policies in S3 that define what actions are allowed or denied on buckets.
Storage Classes in S3
Different storage options available in S3, such as S3 Standard, S3 Standard - Infrequently Accessed (IA), S3 One Zone - IA, S3 Intelligent Tiering, and Glacier.
Glacier
AWS service for long-term data archiving at a low cost.
Lifecycle Management
Feature in S3 that automates the movement of objects between different storage tiers to optimize cost-effectiveness.
S3 Object Lock
Feature in S3 that allows you to store objects using a Write Once Read Many (WORM) model to prevent deletion or modification.
S3 Encryption
Different types of encryption available for data in S3, including encryption in transit and encryption at rest using server-side encryption or client-side encryption.
EC2
Elastic Cloud Compute, the virtual server service in AWS.
Pricing Options for EC2
Different pricing models available for EC2 instances, including On-Demand, Reserved, Spot, and Spot Fleet.
Bootstrap Scripts
Scripts that run when an EC2 instance first starts, used for initial configuration and setup.
EC2 Metadata
Metadata about an EC2 instance that can be accessed from within the instance.
Networking with EC2
Different types of networking cards available for EC2 instances, including Elastic Network Interface (ENI), Enhanced Networking (EN), and Elastic Fabric Adapter (EFA).
Placement Groups
Feature in EC2 that allows you to logically group instances for better network performance or fault tolerance.
Placement Group
A logical grouping of EC2 instances that are placed on distinct underlying hardware, allowing for isolation and separation of critical instances.
EC2 Hibernation
A feature that allows you to hibernate an EC2 instance, saving the instance's memory (RAM) to the EBS root volume and persisting the EBS root volume and attached EBS data volumes.
Deploying vCenter in AWS with VMWare Cloud on AWS
The process of using VMWare Cloud on AWS to deploy vCenter in AWS, enabling organizations to create private cloud deployments and leverage AWS services for hybrid cloud, cloud migration, disaster recovery, and more.
Elastic Block Storage (EBS)
A virtual disk or storage volume that can be attached to EC2 instances, allowing for the installation of applications, operating systems, running databases, storing data, and creating file systems.
EBS Volume Types
Different types of EBS volumes, including General Purpose SSD, Provisioned IOPS SSD, Throughput Optimized HDD, and Cold HDD, each suited for different workloads and storage requirements.
IOPS vs Throughput
IOPS measures the number of read and write operations per second, important for quick transactions and low-latency apps, while throughput measures the number of bits read or written per second, important for large datasets and complex queries.
Volumes vs Snapshots
Volumes are the storage units on EBS, while snapshots are point-in-time copies of volumes stored on S3, with volumes being resizable and changeable on the fly, and snapshots being incremental and region-specific.
EBS Encryption
The use of KMS customer master keys (CMK) to encrypt EBS volumes and snapshots, ensuring data at rest and in transit is encrypted, and providing end-to-end encryption for volumes created from encrypted snapshots.
Elastic File System (EFS)
A managed NFS (Network File System) that provides shared storage for EC2 instances, based on the NFSv4 protocol, and suitable for use cases such as web server farms, content management systems, and shared database access.
FSx for Windows
A fully managed native Microsoft Windows file system that allows for the easy migration of Windows-based apps requiring file storage to AWS, supporting features such as SharePoint services, shared storage for Windows, and Active Directory migration.
FSx for Lustre
A managed file system optimized for compute-intensive workloads, such as high-performance computing, AI, ML, media data processing workflows, and electronic design automation, providing high-speed, high-capacity storage capabilities.
Amazon Machine Images (AMI)
The information required to launch an EC2 instance, categorized as either EBS-backed or Instance Store-backed, with EBS-backed AMIs allowing for instance stoppage and data retention, while Instance Store-backed AMIs are ephemeral and do not retain data if the underlying host fails.
AWS Backup
A service that allows for the consolidation of backups across multiple AWS services, providing centralized management, automation, improved compliance, and easy auditing, with support for various AWS services and multiple AWS accounts within an organization.
Relational Database Service (RDS)
A service that offers managed database engines, including SQL Server, Oracle, MySQL, PostgreSQL, MariaDB, and Aurora, suitable for online transaction processing (OLTP) workloads, and providing features such as Multi-AZ deployments, read replicas, and Aurora Serverless.
DynamoDB
A proprietary NoSQL database service that offers fast and flexible storage for applications requiring constant, low-latency access, supporting both document and key-value data models, and providing features such as DynamoDB Accelerator (DAX) for improved performance and encryption at rest with KMS.
IAM policies and roles
Works with IAM policies and roles to manage access to AWS resources.
CloudWatch and CloudTrail integration
Integrates with CloudWatch and CloudTrail for monitoring and auditing.
VPC endpoints-compatible
Compatible with VPC endpoints for secure and private access to AWS services.
DynamoDB Transactions
Provides ACID (Atomic, Consistent, Isolated, Durable) transactions for DynamoDB.
ACID Diagram/Methodology
ACID stands for Atomic, Consistent, Isolated, and Durable, which are the properties of a transaction.
Atomic
All changes to the data must be performed successfully or not at all.
Consistent
Data must be in a constant state before and after the transaction.
Isolated
No other process can change the data while the transaction is running.
Durable
The changes made by a transaction must persist.
ACID
If anything fails, the transaction rolls back.
DynamoDB transactions
Provide ACID across one or more tables within a single AWS account and region.
Use cases
Financial transactions, fulfilling orders.
3 options for reads
Eventual consistency, strong consistency, and transactional.
2 options for writes
Standard and transactional.
DynamoDB Backups
On-Demand Backup and Restore, Point-In-Time Recovery (PITR), incremental backups.
On-Demand Backup and Restore
Allows you to manually create backups and restore them as needed.
Point-In-Time Recovery (PITR)
Protects against accidental writes or deletes by allowing you to restore to any point in the last 35 days.
Incremental backups
Not enabled by default, but allows you to restore to the latest restorable point, which is up to 5 minutes in the past.
DynamoDB Streams
Time-ordered sequence of item-level changes in a table, stored for 24 hours, broken up into shards.
Shards
Bunches of data with sequential sequence numbers, used to store sequences in DynamoDB Streams.
Combine streams with Lambda functions
Allows you to use streams with Lambda functions for functionality like stored procedures.
DynamoDB Global Tables
Managed multi-master, multi-region replication for DynamoDB tables, great for globally distributed apps.
DynamoDB Global Tables based on DynamoDB Streams
Streams must be turned on to enable Global Tables.
Mongo-DB-compatible DBs in Amazon DocumentDB
Allows you to run MongoDB in the AWS cloud, a managed DB service.
Amazon Keyspaces
Run Apache Cassandra workloads with Keyspaces, a fully managed and serverless DB service.
Amazon Neptune
Implement GraphDBs by storing nodes and relationships instead of tables or documents.
Amazon Quantum Ledger DB (QLDB)
Immutable, transparent, and cryptographically verifiable transaction log owned by one authority.
Amazon Timestream
Serverless, fully managed DB service for time-series data, capable of analyzing trillions of events per day.
Virtual Private Cloud (VPC) Networking
Virtual data center in the cloud, allows you to define your own network with complete control.
VPC Overview
Logically isolated part of AWS cloud, can create hardware VPN connections, attach virtual private gateways, and more.
Default VPC
User-friendly, all subnets have internet access, each EC2 instance has a public and private IP address.
Custom VPC
Created by users, steps include choosing IPv4 CIDR, tenancy, creating subnets, internet gateway, route table, security group, and more.
NAT Gateway
Allows instances in a private subnet to connect to the internet, automatically assigned a public IP address.
Security Groups
Virtual firewalls for EC2 instances, stateful, control inbound and outbound traffic.
Network ACLs
Optional layer of security for VPC, acts as a firewall, evaluated in order, stateless.
VPC Endpoints
Privately connect VPC to supported AWS services and VPC endpoint services without internet gateway or VPN.
Interface Endpoint
ENI with a private IP address for traffic to supported services.
Gateway Endpoint
Virtual device for connection to S3 and DynamoDB.
VPC Peering
Connects VPCs via a direct network route using private IP addresses, behaves as if on the same private network.
PrivateLink
Expose service VPC to customer VPC through PrivateLink, no peering or internet access required.
CloudHub
Connect multiple sites with VPN connections together using CloudHub, operates over the public internet.
Direct Connect (DX)
Establish a dedicated network connection from your premises to AWS, private connectivity, reduces network costs.
Transit Gateway
Connects VPCs and on-prem networks through a central hub, simplifies network and supports IP Multicast.
Wavelength
Embeds AWS compute and storage service within 5G networks for ultra-low-latency applications.
Route53
Domain registrar, common DNS record types, starts with NS records, uses SOA records, A records for address, etc.
DNS
Used by a computer to translate the name of the domain to an IP address
A Record
Most common type of DNS record
TTL
Time to live, the length that a DNS record is cached on either the resolving server or the user's own local PC
CNAME
Canonical name, can be used to resolve one domain name to another
Alias Records
Used to map resource sets in your hosted zone to load balancers, CloudFront distros, or S3 buckets that are configured as websites
Route53
Amazon's DNS service, allows you to register domain names, create hosted zones, and manage and create DNS records
Simple Routing Service
Can only have one record with multiple IP addresses, returns all values to the user in a random order
Weighted Routing Policy
Allows you to split your traffic based on assigned weights
Health Checks
Can set health checks on individual record sets/servers, if a record set/server fails a health check, it will be removed from route53 until it passes the check
Failover Routing Policy
When you want to create an active/passive setup, route53 will monitor the health of your primary site using health checks and auto-route traffic if the primary site fails the check
Geolocation Routing
Lets you choose where your traffic will be sent based on the geographical location of your users
Geoproximity Routing Policy
Can route traffic flow based on geographic location, latency, and availability to route traffic from your users to your close or on-prem endpoints
Latency Routing Policy
Allows you to route your traffic based on the lowest network latency for your end user
Multivalue Answer Routing Policy
Lets you configure route53 to return multiple values, such as IP addresses for your web server, in response to DNS queries
Elastic Load Balancers (ELBs)
Auto distributes incoming traffic across multiple targets, 3 types:Application Load Balancer, Network Load Balancer, Classic Load Balancer
Application Load Balancer
Best suited for balancing HTTP and HTTPS traffic, operates at layer 7
Network Load Balancer
Operates at the connection level, capable of handling millions of requests/sec, low latencies
Note
Flashcard