NotesSAA-C03

studied byStudied by 2 people
0.0(0)
Get a hint
Hint

Shared Responsibility Model

1 / 273

encourage image

There's no tags or description

Looks like no one added any tags here yet for you.

274 Terms

1

Shared Responsibility Model

The model that defines the division of security responsibilities between the customer and AWS in the cloud.

New cards
2

6 Pillars of the Well-Architected Framework

The six key areas of focus for building well-architected and efficient cloud solutions:Operation Excellence, Performance Efficiency, Security, Cost Optimization, Reliability, and Sustainability.

New cards
3

IAM

Identity and Access Management, the service that allows you to manage access to AWS resources.

New cards
4

IAM Policy documents

JSON-formatted documents that define the permissions and access control for IAM users, groups, and roles.

New cards
5

Identity Providers

Services that enable federation of identities between AWS and external identity systems, such as AWS SSO.

New cards
6

IAM Roles

Identities in IAM with specific permissions that can be assumed by trusted entities, such as EC2 instances.

New cards
7

Simple Storage Solution (S3)

Object storage service in AWS that allows you to store and retrieve any amount of data.

New cards
8

S3 URLS

The URL format used to access objects stored in S3 buckets.

New cards
9

Versioning

Feature in S3 that allows you to store and retrieve all versions of an object, including deleted ones.

New cards
10

Server-Side Encryption

S3 feature that allows you to encrypt data at rest in your S3 buckets.

New cards
11

Access Control Lists (ACLs)

Mechanism in S3 that allows you to define fine-grained access control for individual objects within a bucket.

New cards
12

Bucket Policies

Policies in S3 that define what actions are allowed or denied on buckets.

New cards
13

Storage Classes in S3

Different storage options available in S3, such as S3 Standard, S3 Standard - Infrequently Accessed (IA), S3 One Zone - IA, S3 Intelligent Tiering, and Glacier.

New cards
14

Glacier

AWS service for long-term data archiving at a low cost.

New cards
15

Lifecycle Management

Feature in S3 that automates the movement of objects between different storage tiers to optimize cost-effectiveness.

New cards
16

S3 Object Lock

Feature in S3 that allows you to store objects using a Write Once Read Many (WORM) model to prevent deletion or modification.

New cards
17

S3 Encryption

Different types of encryption available for data in S3, including encryption in transit and encryption at rest using server-side encryption or client-side encryption.

New cards
18

EC2

Elastic Cloud Compute, the virtual server service in AWS.

New cards
19

Pricing Options for EC2

Different pricing models available for EC2 instances, including On-Demand, Reserved, Spot, and Spot Fleet.

New cards
20

Bootstrap Scripts

Scripts that run when an EC2 instance first starts, used for initial configuration and setup.

New cards
21

EC2 Metadata

Metadata about an EC2 instance that can be accessed from within the instance.

New cards
22

Networking with EC2

Different types of networking cards available for EC2 instances, including Elastic Network Interface (ENI), Enhanced Networking (EN), and Elastic Fabric Adapter (EFA).

New cards
23

Placement Groups

Feature in EC2 that allows you to logically group instances for better network performance or fault tolerance.

New cards
24

Placement Group

A logical grouping of EC2 instances that are placed on distinct underlying hardware, allowing for isolation and separation of critical instances.

New cards
25

EC2 Hibernation

A feature that allows you to hibernate an EC2 instance, saving the instance's memory (RAM) to the EBS root volume and persisting the EBS root volume and attached EBS data volumes.

New cards
26

Deploying vCenter in AWS with VMWare Cloud on AWS

The process of using VMWare Cloud on AWS to deploy vCenter in AWS, enabling organizations to create private cloud deployments and leverage AWS services for hybrid cloud, cloud migration, disaster recovery, and more.

New cards
27

Elastic Block Storage (EBS)

A virtual disk or storage volume that can be attached to EC2 instances, allowing for the installation of applications, operating systems, running databases, storing data, and creating file systems.

New cards
28

EBS Volume Types

Different types of EBS volumes, including General Purpose SSD, Provisioned IOPS SSD, Throughput Optimized HDD, and Cold HDD, each suited for different workloads and storage requirements.

New cards
29

IOPS vs Throughput

IOPS measures the number of read and write operations per second, important for quick transactions and low-latency apps, while throughput measures the number of bits read or written per second, important for large datasets and complex queries.

New cards
30

Volumes vs Snapshots

Volumes are the storage units on EBS, while snapshots are point-in-time copies of volumes stored on S3, with volumes being resizable and changeable on the fly, and snapshots being incremental and region-specific.

New cards
31

EBS Encryption

The use of KMS customer master keys (CMK) to encrypt EBS volumes and snapshots, ensuring data at rest and in transit is encrypted, and providing end-to-end encryption for volumes created from encrypted snapshots.

New cards
32

Elastic File System (EFS)

A managed NFS (Network File System) that provides shared storage for EC2 instances, based on the NFSv4 protocol, and suitable for use cases such as web server farms, content management systems, and shared database access.

New cards
33

FSx for Windows

A fully managed native Microsoft Windows file system that allows for the easy migration of Windows-based apps requiring file storage to AWS, supporting features such as SharePoint services, shared storage for Windows, and Active Directory migration.

New cards
34

FSx for Lustre

A managed file system optimized for compute-intensive workloads, such as high-performance computing, AI, ML, media data processing workflows, and electronic design automation, providing high-speed, high-capacity storage capabilities.

New cards
35

Amazon Machine Images (AMI)

The information required to launch an EC2 instance, categorized as either EBS-backed or Instance Store-backed, with EBS-backed AMIs allowing for instance stoppage and data retention, while Instance Store-backed AMIs are ephemeral and do not retain data if the underlying host fails.

New cards
36

AWS Backup

A service that allows for the consolidation of backups across multiple AWS services, providing centralized management, automation, improved compliance, and easy auditing, with support for various AWS services and multiple AWS accounts within an organization.

New cards
37

Relational Database Service (RDS)

A service that offers managed database engines, including SQL Server, Oracle, MySQL, PostgreSQL, MariaDB, and Aurora, suitable for online transaction processing (OLTP) workloads, and providing features such as Multi-AZ deployments, read replicas, and Aurora Serverless.

New cards
38

DynamoDB

A proprietary NoSQL database service that offers fast and flexible storage for applications requiring constant, low-latency access, supporting both document and key-value data models, and providing features such as DynamoDB Accelerator (DAX) for improved performance and encryption at rest with KMS.

New cards
39

IAM policies and roles

Works with IAM policies and roles to manage access to AWS resources.

New cards
40

CloudWatch and CloudTrail integration

Integrates with CloudWatch and CloudTrail for monitoring and auditing.

New cards
41

VPC endpoints-compatible

Compatible with VPC endpoints for secure and private access to AWS services.

New cards
42

DynamoDB Transactions

Provides ACID (Atomic, Consistent, Isolated, Durable) transactions for DynamoDB.

New cards
43

ACID Diagram/Methodology

ACID stands for Atomic, Consistent, Isolated, and Durable, which are the properties of a transaction.

New cards
44

Atomic

All changes to the data must be performed successfully or not at all.

New cards
45

Consistent

Data must be in a constant state before and after the transaction.

New cards
46

Isolated

No other process can change the data while the transaction is running.

New cards
47

Durable

The changes made by a transaction must persist.

New cards
48

ACID

If anything fails, the transaction rolls back.

New cards
49

DynamoDB transactions

Provide ACID across one or more tables within a single AWS account and region.

New cards
50

Use cases

Financial transactions, fulfilling orders.

New cards
51

3 options for reads

Eventual consistency, strong consistency, and transactional.

New cards
52

2 options for writes

Standard and transactional.

New cards
53

DynamoDB Backups

On-Demand Backup and Restore, Point-In-Time Recovery (PITR), incremental backups.

New cards
54

On-Demand Backup and Restore

Allows you to manually create backups and restore them as needed.

New cards
55

Point-In-Time Recovery (PITR)

Protects against accidental writes or deletes by allowing you to restore to any point in the last 35 days.

New cards
56

Incremental backups

Not enabled by default, but allows you to restore to the latest restorable point, which is up to 5 minutes in the past.

New cards
57

DynamoDB Streams

Time-ordered sequence of item-level changes in a table, stored for 24 hours, broken up into shards.

New cards
58

Shards

Bunches of data with sequential sequence numbers, used to store sequences in DynamoDB Streams.

New cards
59

Combine streams with Lambda functions

Allows you to use streams with Lambda functions for functionality like stored procedures.

New cards
60

DynamoDB Global Tables

Managed multi-master, multi-region replication for DynamoDB tables, great for globally distributed apps.

New cards
61

DynamoDB Global Tables based on DynamoDB Streams

Streams must be turned on to enable Global Tables.

New cards
62

Mongo-DB-compatible DBs in Amazon DocumentDB

Allows you to run MongoDB in the AWS cloud, a managed DB service.

New cards
63

Amazon Keyspaces

Run Apache Cassandra workloads with Keyspaces, a fully managed and serverless DB service.

New cards
64

Amazon Neptune

Implement GraphDBs by storing nodes and relationships instead of tables or documents.

New cards
65

Amazon Quantum Ledger DB (QLDB)

Immutable, transparent, and cryptographically verifiable transaction log owned by one authority.

New cards
66

Amazon Timestream

Serverless, fully managed DB service for time-series data, capable of analyzing trillions of events per day.

New cards
67

Virtual Private Cloud (VPC) Networking

Virtual data center in the cloud, allows you to define your own network with complete control.

New cards
68

VPC Overview

Logically isolated part of AWS cloud, can create hardware VPN connections, attach virtual private gateways, and more.

New cards
69

Default VPC

User-friendly, all subnets have internet access, each EC2 instance has a public and private IP address.

New cards
70

Custom VPC

Created by users, steps include choosing IPv4 CIDR, tenancy, creating subnets, internet gateway, route table, security group, and more.

New cards
71

NAT Gateway

Allows instances in a private subnet to connect to the internet, automatically assigned a public IP address.

New cards
72

Security Groups

Virtual firewalls for EC2 instances, stateful, control inbound and outbound traffic.

New cards
73

Network ACLs

Optional layer of security for VPC, acts as a firewall, evaluated in order, stateless.

New cards
74

VPC Endpoints

Privately connect VPC to supported AWS services and VPC endpoint services without internet gateway or VPN.

New cards
75

Interface Endpoint

ENI with a private IP address for traffic to supported services.

New cards
76

Gateway Endpoint

Virtual device for connection to S3 and DynamoDB.

New cards
77

VPC Peering

Connects VPCs via a direct network route using private IP addresses, behaves as if on the same private network.

New cards
78

PrivateLink

Expose service VPC to customer VPC through PrivateLink, no peering or internet access required.

New cards
79

CloudHub

Connect multiple sites with VPN connections together using CloudHub, operates over the public internet.

New cards
80

Direct Connect (DX)

Establish a dedicated network connection from your premises to AWS, private connectivity, reduces network costs.

New cards
81

Transit Gateway

Connects VPCs and on-prem networks through a central hub, simplifies network and supports IP Multicast.

New cards
82

Wavelength

Embeds AWS compute and storage service within 5G networks for ultra-low-latency applications.

New cards
83

Route53

Domain registrar, common DNS record types, starts with NS records, uses SOA records, A records for address, etc.

New cards
84

DNS

Used by a computer to translate the name of the domain to an IP address

New cards
85

A Record

Most common type of DNS record

New cards
86

TTL

Time to live, the length that a DNS record is cached on either the resolving server or the user's own local PC

New cards
87

CNAME

Canonical name, can be used to resolve one domain name to another

New cards
88

Alias Records

Used to map resource sets in your hosted zone to load balancers, CloudFront distros, or S3 buckets that are configured as websites

New cards
89

Route53

Amazon's DNS service, allows you to register domain names, create hosted zones, and manage and create DNS records

New cards
90

Simple Routing Service

Can only have one record with multiple IP addresses, returns all values to the user in a random order

New cards
91

Weighted Routing Policy

Allows you to split your traffic based on assigned weights

New cards
92

Health Checks

Can set health checks on individual record sets/servers, if a record set/server fails a health check, it will be removed from route53 until it passes the check

New cards
93

Failover Routing Policy

When you want to create an active/passive setup, route53 will monitor the health of your primary site using health checks and auto-route traffic if the primary site fails the check

New cards
94

Geolocation Routing

Lets you choose where your traffic will be sent based on the geographical location of your users

New cards
95

Geoproximity Routing Policy

Can route traffic flow based on geographic location, latency, and availability to route traffic from your users to your close or on-prem endpoints

New cards
96

Latency Routing Policy

Allows you to route your traffic based on the lowest network latency for your end user

New cards
97

Multivalue Answer Routing Policy

Lets you configure route53 to return multiple values, such as IP addresses for your web server, in response to DNS queries

New cards
98

Elastic Load Balancers (ELBs)

Auto distributes incoming traffic across multiple targets, 3 types:Application Load Balancer, Network Load Balancer, Classic Load Balancer

New cards
99

Application Load Balancer

Best suited for balancing HTTP and HTTPS traffic, operates at layer 7

New cards
100

Network Load Balancer

Operates at the connection level, capable of handling millions of requests/sec, low latencies

New cards

Explore top notes

note Note
studied byStudied by 25 people
... ago
5.0(1)
note Note
studied byStudied by 12 people
... ago
5.0(3)
note Note
studied byStudied by 158 people
... ago
5.0(3)
note Note
studied byStudied by 16 people
... ago
5.0(1)
note Note
studied byStudied by 16 people
... ago
4.5(2)
note Note
studied byStudied by 7 people
... ago
5.0(1)
note Note
studied byStudied by 41 people
... ago
4.0(1)
note Note
studied byStudied by 3806 people
... ago
4.7(19)

Explore top flashcards

flashcards Flashcard (44)
studied byStudied by 8 people
... ago
5.0(1)
flashcards Flashcard (53)
studied byStudied by 12 people
... ago
5.0(1)
flashcards Flashcard (20)
studied byStudied by 13 people
... ago
5.0(1)
flashcards Flashcard (50)
studied byStudied by 21 people
... ago
4.0(1)
flashcards Flashcard (40)
studied byStudied by 143 people
... ago
5.0(2)
flashcards Flashcard (67)
studied byStudied by 3 people
... ago
5.0(1)
flashcards Flashcard (48)
studied byStudied by 2 people
... ago
5.0(1)
flashcards Flashcard (106)
studied byStudied by 27 people
... ago
5.0(1)
robot