AWS Developer Associate Part 1

Questions and Answers

What is the primary function of an Internet Gateway in a VPC?

To connect EC2 instances to AWS Global services like AWS Lambda

To establish an AWS DirectConnect connection to a Customer Gateway

To allow connection to the Internet at the VPC level (correct)

To monitor network traffic within the VPC

What is the purpose of a VPC Endpoint?

To authorize another security group through rules

To capture information about IP traffic going to instances

To connect EC2 instances to AWS Global services like AWS Lambda without using the Internet (correct)

To establish an AWS DirectConnect connection to a Customer Gateway

What type of log captures information about IP traffic going to instances in a VPC?

VPC Flow logs (correct)

Security Group logs

ENI flow logs

Subnet flow logs

What is the benefit of adding rules to authorize another security group?

To allow EC2 instances to connect without specifying IP addresses

What is the purpose of a Customer Gateway?

To establish an AWS DirectConnect connection to a hardware or virtual gateway

What is an example of a VPC architecture?

Three-Tier Architecture

What is the primary purpose of MFA in AWS?

To add an extra layer of security for IAM users

What is the main benefit of using IAM Access Advisor?

To identify unused permissions and last access times

Who is responsible for managing IAM users, groups, and roles in AWS?

You (the customer)

What is the purpose of an IAM Credentials Report?

To list all account users and their credential status

What is the primary benefit of using EBS Snapshots?

To backup EBS volumes

What is the purpose of AWS Key Management Service (AWS KMS)?

To encrypt EBS volumes

What is the main characteristic of an EBS volume?

It persists data even after EC2 termination

What is the purpose of an AMI?

To create a customized EC2 instance

What happens to the root EBS volume by default when an EC2 instance is terminated?

It is deleted

What is the purpose of the 'Delete on Termination' attribute for EBS volumes?

To determine EBS volume behavior when the EC2 instance terminates

What is the key benefit of using AWS CloudShell over a local terminal?

CloudShell eliminates the need to configure AWS access keys.

Which AWS service provides a serverless CI/CD environment for AWS applications?

AWS CodeBuild

What is the primary function of a buildspec.yaml file in AWS CodeBuild?

Specifying the build steps and actions to execute.

Which of these services is NOT a part of the AWS Amplify framework?

AWS CloudShell

What is the main advantage of using AWS CodeCommit over GitHub or GitLab?

CodeCommit seamlessly integrates with other AWS services.

Which service allows you to export your application's configuration to a CloudFormation template?

AWS Amplify

Which AWS service provides a managed load balancer for forwarding traffic to multiple downstream servers?

Elastic Load Balancing (ELB)

Which of the following is NOT a benefit of using AWS CLI?

Provides a graphical interface for managing AWS resources

Which AWS service enables you to define and manage infrastructure as code using a declarative language?

AWS CloudFormation

What is the difference between vertical and horizontal scalability?

Horizontal scalability involves adding more instances to a cluster, while vertical scalability involves increasing the size of individual instances.

Which AWS service provides a centralized location for managing and auditing changes to your AWS infrastructure?

AWS CloudTrail

Which AWS service allows you to monitor and manage your applications in real-time, providing insights into performance and health?

Amazon CloudWatch

Which AWS service provides a framework for building and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?

AWS CodeStar

Which AWS service allows you to store and manage log files generated by your applications and infrastructure?

Amazon CloudWatch Logs

What is the primary disadvantage of using EC2 Instance Store for data storage?

Data is lost if the EC2 instance is stopped.

Which of the following is NOT a suitable use case for Amazon Elastic File System (EFS)?

Database storage for Teradata applications

What is the key advantage of using Amazon EFS over EC2 Instance Store?

EFS provides persistent storage, while Instance Store is ephemeral.

What is the main reason for choosing the 'Max IO' performance mode for Amazon EFS?

When high throughput is required for large data sets.

Which of the following storage tiers is most suitable for data that is rarely accessed (few times per year)?

Archive

Which storage option would be best suited for a web server application that requires high availability, scalability, and a managed NFS service?

Amazon EFS

What is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?

The performance requirements of the application.

What is the primary benefit of using lifecycle policies with Amazon EFS?

To optimize storage costs by moving files between storage tiers.

What is the maximum number of read replicas for an Elasticache Redis cluster with cluster-mode disabled?

5

Which caching design pattern involves writing to the cache when the database is updated?

Write Through

What is a benefit of using Lazy loading caching design pattern?

Only requested data is cached

Which of the following caching technologies supports Sets and Sorted Sets?

Redis

What is a limitation of Memcached compared to Redis?

All of the above

Which caching design pattern involves checking if cached data is present, and loading from the database if not?

Lazy loading

Which AWS service allows you to query data stored in S3 buckets in an interactive manner?

Amazon Athena

What is the main advantage of using Kinesis Data Streams over SQS?

Kinesis Data Streams is a real-time service, while SQS is a message queuing service.

What is the primary function of CloudFront in AWS?

To serve content from edge locations, improving performance and reducing latency.

Which of the following is NOT a characteristic of an Edge Network?

It is only available in specific regions, making it unsuitable for global deployments.

What is the primary purpose of AWS Firehose?

To stream data from multiple sources to destinations like S3, Redshift, or Elasticsearch.

Which of the following is NOT a way to access AWS services?

Amazon CloudWatch

Which of the following is NOT a valid state type in AWS Step Functions?

Queue

Which of these AWS services is designed for orchestrating Lambda functions?

Step Functions

Which of the following is a benefit of using the FIFO queue type in SQS?

Guaranteed message delivery order

What is the purpose of EC2 User Data?

To configure an EC2 instance at launch with custom scripts and settings

What is the primary advantage of using a Writer Endpoint for Amazon DynamoDB?

It simplifies write operations by providing a single DNS endpoint to access the master instance, regardless of its location.

What is the primary benefit of using a compute-optimized EC2 instance type?

Fast processing speeds for intensive workloads

What is the main benefit of using Amazon ElastiCache for read-intensive workloads?

It reduces the load on the database by caching frequently accessed data, resulting in faster response times for read operations.

Which of these is NOT a core characteristic of Amazon DynamoDB?

Supports traditional relational database queries (SQL)

Which AWS service provides a visual representation of the workflow in Step Functions?

State Machine

Which of the following is NOT a benefit of using Amazon EFS over EC2 Instance Store?

Lower cost per GB of storage

Which of the following statements accurately describes the role of a Reader Endpoint in the context of Amazon DynamoDB?

It provides a single DNS endpoint for accessing read replicas, balancing the load across multiple instances.

What is a primary advantage of using Amazon ElastiCache for a web application that requires statelessness?

It provides a high-performance, low-latency cache that can be used to store session data, making the application stateless.

Which of the following is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?

The frequency of data access

Which of these options is a potential disadvantage of using Amazon ElastiCache for your application?

It requires significant modifications to your application code to effectively query data from the cache.

What is the primary function of a Route Table in a VPC?

To control network traffic flow within a VPC

Which of the following statements about VPC peering is TRUE?

VPC peering enables private connectivity between two VPCs over AWS's network.

What is the primary benefit of using VPC Endpoints?

They allow you to access AWS services using private IP addresses instead of public IP addresses.

Which security feature in a VPC operates at the subnet level?

Network ACLs

Which of these statements about Security Groups is TRUE?

Security Groups can only be associated with EC2 instances.

What is the main advantage of using Direct Connect over a Site-to-Site VPN?

Direct Connect allows for higher bandwidth than a Site-to-Site VPN.

Which of the following is a characteristic of VPC peering?

It creates a private connection between two VPCs over AWS's network.

Which of the following statements about Network ACLs is TRUE?

They are a more granular control mechanism than Security Groups, allowing for traffic filtering at the subnet level.

What is the primary benefit of using Lambda Layers?

To separate business logic from its dependencies

What is the purpose of an Alias in Lambda Versions?

To point to a specific version of a Lambda function

What happens to a Lambda function when it connects to a VPC?

It loses access to the internet

What is the primary benefit of using Amazon Aurora?

It is 'AWS cloud optimized'

What is the main difference between Relational and NoSQL databases?

Relational databases are harder to make schema changes

What is the purpose of AWS SAM?

To model and deploy serverless applications

What is the primary benefit of using Elastic Beanstalk?

To easily deploy web applications and services

What is the primary benefit of using Amazon ECR?

To store and manage container images

What is the benefit of using stickiness in load balancers?

To ensure user session data is not lost

What is the primary purpose of SSL/TLS certificates in load balancers?

To enable encryption in transit between clients and load balancers

What is the benefit of using connection draining in load balancers?

To allow 'in-flight requests' to complete while target group instances are de-registering or unhealthy

What is the default behavior of cross-zone load balancing in ALB?

Enabled by default, with no charge for inter-AZ data transfer

What is the purpose of SNI in SSL/TLS?

To allow multiple SSL certificates to be hosted on a single web server

What is the primary purpose of security groups in load balancers?

To restrict access to load balancers from specific IP addresses

What type of cookies are used in stickiness for Application Load Balancers (ALB)?

Application-based cookies

What is the primary purpose of AWS Certificate Manager (ACM)?

To upload and manage SSL/TLS certificates for load balancers

What is the purpose of scaling cooldowns in predictive scaling?

To allow metrics to stabilise

What is the minimum and maximum size of a VPC CIDR block?

/28 to /16

What is the primary function of a NAT device in a VPC?

To provide a highly available and scalable connection to the public internet

What is the benefit of using Instance Refresh in EC2?

To replace all EC2 instances with new instances launched from an updated launch template

What is the purpose of a DHCP options set in a VPC?

To automatically provision IP addresses for EC2 instances and other resources

What is the key difference between a NAT instance and a NAT gateway?

A NAT gateway is highly available and scalable, while a NAT instance is not

What is the primary benefit of using predictive scaling in EC2?

To continuously forecast load and schedule scaling ahead

What is the main characteristic of a private subnet in a VPC?

It is not accessible from the public internet

Which EBS volume type is best suited for applications that require high performance and consistent I/O operations, such as databases?

io1 / io2

What is the maximum IOPS that can be independently set for a GP3 volume?

16,000 IOPS

Which EBS volume type is designed for archiving data that is rarely accessed?

sc1

What is a key advantage of using EBS Multi-Attach?

It allows for high availability in clustered applications by sharing a single EBS volume among multiple instances.

Which of these is NOT a valid source for EC2 instances?

AWS CloudFormation Templates

Which EBS volume type is best suited for big data workloads, such as data warehouses and log processing?

st1

Which state type in AWS Step Functions is used to represent a single unit of work?

Task

What advantage does EC2 User Data provide during the first launch of an EC2 instance?

It runs scripts as the root user.

Which EC2 instance type is primarily optimized for memory-intensive applications?

m5.2xlarge

Which state type in AWS Step Functions would you use for implementing if-then-else logic?

Choice

What type of EC2 instance store is characterized by high speed but does not persist after instance termination?

EC2 Instance Store

What is the purpose of the 'Map' state type in AWS Step Functions?

For each loop execution

In EC2 instance types, what does the '5' in 'm5.2xlarge' indicate?

Generation of the instance

What kind of logic can the 'Choice' state type in AWS Step Functions implement?

If-then-else decision-making

Which of the following AWS services is a fully managed, serverless data warehouse service that allows you to query data stored in S3 buckets in an interactive manner?

Amazon Athena

Which AWS service provides a managed, serverless messaging service for sending messages to multiple subscribers, ensuring that at least one subscriber receives the message, even if others are unavailable?

Amazon SNS

Which AWS service provides a managed, serverless compute platform that allows you to run code in response to events, such as HTTP requests, file uploads, or database changes?

Amazon Lambda

Which AWS service provides a managed, serverless service for orchestrating and automating workflows, allowing you to chain together multiple tasks and functions to create complex business processes?

AWS Step Functions

Which of the following AWS services is a managed, serverless database service that provides a highly scalable and performant NoSQL database solution?

Amazon DynamoDB

Which AWS service provides a managed, serverless in-memory caching service that can be used to improve the performance of applications by storing frequently accessed data in memory?

Amazon ElastiCache

Which of the following AWS services provides a managed, serverless service for managing and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?

AWS CodeStar

Which of the following AWS services provides a managed, serverless service for managing and monitoring your applications in real-time, providing insights into performance and health?

AWS CloudWatch

When would choosing a Dedicated Host be a good idea?

When you need to be able to control the placement of your EC2 instances

What is a cold start in the context of Lambda functions?

When a Lambda function is invoked for the first time after a period of inactivity

What is the main advantage of using a Savings Plan compared to Reserved Instances?

Savings Plans allow you to use your credits on any instance type, even if it's not the type you originally committed to

What is the main advantage of using AWS CloudShell over a local terminal?

Allows access to AWS services without needing to configure AWS credentials.

Which of the following is a benefit of using a Lambda function?

Lambda functions are highly scalable and only pay for the time they run

Which AWS service provides a serverless CI/CD environment for AWS applications?

AWS CodeBuild

Which of the following is NOT a use case for Amazon ElastiCache?

Real-time processing of big unstructured data

Which of the following purchase options is best for unpredictable workloads?

On-demand Instances

What is the primary function of a buildspec.yaml file in AWS CodeBuild?

Specifies the build steps to be executed for a particular project.

What is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?

The amount of data being accessed at any given time

Which of these services is NOT a part of the AWS Amplify framework?

AWS CodeArtifact

What is the main advantage of using AWS CodeCommit over GitHub or GitLab?

Integrates seamlessly with other AWS services, such as CodeBuild and CodePipeline.

What is the main advantage of using EC2 Instance Connect compared to traditional SSH?

EC2 Instance Connect allows you to access your EC2 instances without having to open any ports in your security groups

What is a primary feature of Redis compared to Memcached?

Backup and restore features

Which service allows you to export your application's configuration to a CloudFormation template?

Amplify Studio

What is the typical maximum number of read replicas for an Elasticache Redis cluster with cluster-mode disabled?

5

What is the purpose of AWS CodeArtifact?

To manage and store software packages, like libraries and dependencies.

Which caching design pattern requires checking if cached data is present in the application before loading from the database?

Cache-Aside

Which of these services would you use to manage the source code for your application?

AWS CodeCommit

What is a drawback of the Lazy Loading caching design pattern?

Data might become stale until needed.

Which of the following is true about Memcached?

Does not have backup and restore features

What is a benefit of using the Write-Through caching design pattern?

Data in cache is updated at the same time as the database

Which statement accurately describes a limitation of Memcached?

It lacks support for multi-threading.

What is a characteristic of Redis that enhances its performance?

In-memory data storage only

What is one of the main advantages of using Amazon DynamoDB compared to a traditional SQL database?

It is a NoSQL database.

How does the reader endpoint function in a typical setup?

It provides a single DNS endpoint to access read replicas.

What is a significant limitation when modifying application code to use caching effectively?

It often requires heavy modifications to retrieve data from cache.

What mechanism does Amazon ElastiCache utilize to enhance application performance?

It uses in-memory databases for high performance.

What is a key feature of Amazon DynamoDB that contributes to its performance?

It automatically scales storage based on demand.

In terms of data availability, how does the architecture of Amazon's database solution likely ensure higher availability?

It maintains 6 copies of data across 3 availability zones.

What can be considered a key use case for implementing Amazon ElastiCache?

To reduce load on databases for read-intensive workloads.

What does the term 'cache miss' refer to in the context of managed Redis or Memcached instances?

Failing to find required data in the cache, necessitating a database fetch.

What is the primary focus of the Operational Excellence pillar in the AWS Well-Architected Framework?

Running and managing AWS resources and applications

What is the main benefit of using Amazon DynamoDB over Amazon Relational Database Service (RDS)?

DynamoDB provides high performance and low latency

Which AWS service provides a framework for building and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?

AWS CodeStar

What is the primary benefit of using Amazon S3 Glacier over Amazon S3?

S3 Glacier provides lower storage costs for infrequently accessed data

Which AWS service provides a managed load balancer for forwarding traffic to multiple downstream servers?

Elastic Load Balancing (ELB)

What is the primary purpose of AWS CloudTrail?

Monitoring and logging AWS API calls

Which caching design pattern involves writing to the cache when the database is updated?

Write-through caching

What is the primary benefit of using Amazon EFS over EC2 Instance Store?

EFS provides a managed NFS service

What is the primary function of a route table in a VPC?

To allow access between subnets and to the internet

What is a restriction of VPC peering connections?

They must not have overlapping CIDR blocks

What is the primary function of a Network ACL?

To allow or deny traffic at a subnet level

What is a characteristic of Security Groups?

They can only specify ALLOW rules

What is the primary benefit of using VPC Endpoints?

They provide enhanced security and lower latency to access AWS services

What is the primary function of a VPC Endpoint?

To connect to AWS services using private networks

What is a characteristic of Direct Connect (DX)?

It is a physical connection between on-premises and AWS

What is the primary function of Site-to-Site VPN?

To connect on-premises VPN to AWS over the public internet

What is a key characteristic of an AMI?

It is region-specific

What is the primary use case for GP2/GP3 EBS volumes?

General-purpose SSD volumes for boot or data volumes

What is a key feature of io1/io2 EBS volumes?

They support EBS multi-attach feature

What is the primary use case for st1 EBS volumes?

Big data and data warehouses

What is the primary use case for sc1 EBS volumes?

Archiving files

What is EBS multi-attach feature used for?

To attach EBS volumes to multiple EC2 instances in the same AZ

What is a key benefit of using EBS multi-attach feature?

Higher application availability in clustered Linux applications

Which of the following EBS volume types is NOT suitable for boot volumes?

st1

Which purchasing option allows users to reserve capacity in a specific Availability Zone for a fixed duration?

Capacity Reservations

What is the primary characteristic of dedicated instances?

Other customers will not share your hardware.

What does a cold start of a Lambda function refer to?

The moment when the function is executed for the first time during a session.

What is a key benefit of using Savings Plans for long workloads?

Provides cost savings in exchange for a commitment to an amount of usage.

Why are spot instances considered less reliable compared to on-demand instances?

There is a risk of losing instances at any time.

What is the role of the event object in a Lambda function?

It provides parameters for the function to process.

Which of the following is a key feature of Reserved Instances?

They provide significant savings for long workloads with a one- or three-year commitment.

What does the Init phase of a Lambda function lifecycle involve?

Setting up the execution environment and resources.

What is the primary reason for applying the principle of least privilege in AWS IAM?

To limit users’ permissions to only those necessary for their role.

Which component of AWS IAM allows you to group users for easier permission management?

Groups

What is the purpose of a policy in AWS IAM?

To define which actions are allowed or denied on specific resources.

Which aspect of an AWS IAM policy structure identifies the actions allowed or denied?

Action

What should be avoided when managing the root account in AWS?

Using the root account for everyday tasks.

Which of the following is NOT a valid element of an IAM policy statement?

Association

What role does Amazon Cognito play in AWS security and identity management?

It manages user identities and provides authentication services.

In AWS IAM, what does the 'Principal' element in a policy specify?

The accounts, users, or roles the policy affects.

What is the primary purpose of a Lambda Layer?

To re-use external dependencies across multiple Lambda functions

What happens to a Lambda function when it connects to a VPC?

It loses access to the internet

What is the benefit of using Amazon Aurora over RDS?

It is cloud-optimized

What is the purpose of an Alias in Lambda Versions?

To point to a specific version of a Lambda function

What is the advantage of using Amazon Elastic Container Service (Amazon ECS) over Amazon Elastic Container Registry (Amazon ECR)?

It provides a managed service for running containerized applications

What is the difference between Relational and NoSQL databases?

Relational databases make schema changes harder, while NoSQL databases make schema changes easier

What is the purpose of AWS Serverless Application Model (SAM)?

To deploy a serverless application to AWS

What is the primary benefit of using Lambda Versions and Aliases?

It allows for canary deployments and rolling back to previous versions

What is a key benefit of using AWS CloudShell over a local terminal?

It eliminates the need to configure AWS with access keys

What is the primary function of a buildspec.yaml file in AWS CodeBuild?

It defines the build to run on the code pulled from the source repository

What is the main advantage of using AWS CodeCommit over GitHub or GitLab?

It integrates well with other AWS services

Which service allows you to export your application's configuration to a CloudFormation template?

AWS Amplify

What is the primary function of AWS CodeBuild?

It provides a serverless CI environment

What is the main characteristic of AWS CodeArtifact?

It provides a managed artifact repository

Which AWS service provides a terminal in the cloud that works similar to AWS CLI?

AWS CloudShell

What is the primary advantage of using AWS CodeBuild over traditional CI/CD environments?

It reduces the need for patching and maintaining a dedicated server

What type of storage is recommended for temporary content or scratch data?

EC2 Instance Store

What is a key advantage of using Amazon EFS over EC2 Instance Store?

EFS provides high availability and scalability

What is the purpose of the 'Infrequent access (EFS-IA)' storage tier in Amazon EFS?

For rarely accessed data, with a lower price to store

What is the main characteristic of the 'Archive' storage tier in Amazon EFS?

Rarely accessed data, with a 50% lower price to store

What is the purpose of lifecycle policies in Amazon EFS?

To move files between storage tiers

What is the main benefit of using Amazon EFS over Teradata?

EFS is more scalable than Teradata

What is the primary purpose of the 'General Purpose' performance mode in Amazon EFS?

For general-purpose use cases, such as web serving and content management

What is the main advantage of using the 'Provisioned' throughput mode in Amazon EFS?

It provides predictable throughput for applications with steady workloads

Which of the following is NOT a feature of Amazon Elastic Block Store (EBS)?

Provides a high-latency data access compared to S3

What is the primary function of AWS Key Management Service (AWS KMS)?

Offers encryption services for EBS volumes at rest

Which of the following is NOT a method supported by Multi-Factor Authentication (MFA) in AWS?

Password only

Which of the following is NOT a responsibility of AWS in the shared responsibility model for IAM?

Managing user access permissions

Which AWS service allows you to encrypt EBS volumes at rest?

AWS Key Management Service (AWS KMS)

Which of the following is a key benefit of using EBS Snapshots?

EBS Snapshots provide a point-in-time backup of your EBS volumes

What is the purpose of the 'Delete on Termination' attribute for EBS volumes?

To ensure that EBS volumes are automatically deleted when the EC2 instance is terminated

What is the purpose of an AMI in AWS?

A template that defines the configuration of an EC2 instance

What is a characteristic of GP2 and GP3 EBS volume types?

They are cost-effective storage with low latency and general purpose SSD

What is a use case for io1 and io2 EBS volume types?

Applications that need sustained IOPS performance

What is a feature of EBS Multi-attach?

Attach the same EBS volume to multiple EC2 instances in the same AZ

What is the main difference between GP2 and GP3 EBS volume types?

GP2 has preconfigured throughput and storage, whereas GP3 can independently set throughput and storage

What is a use case for st1 EBS volume type?

Big data and data warehouses

What is a feature of io2 EBS volume type?

All of the above

What is a characteristic of sc1 EBS volume type?

Suitable for archiving

What is a benefit of using EBS Multi-attach?

Higher application availability in clustered linux applications

What is the primary function of connection draining in relation to Load Balancers?

Allowing for the graceful termination of connections to target group instances during deregistration or unhealthy states.

What is the key difference between Application Load Balancers (ALB) and Network Load Balancers (NLB) in terms of cross-zone load balancing?

NLB charges for inter-AZ data transfer, while ALB does not.

How does Server Name Indication (SNI) improve SSL certificate management on Application Load Balancers (ALBs)?

SNI allows the use of a single SSL certificate for multiple domains, eliminating the need for separate certificates.

What is the primary purpose of sticky sessions in the context of load balancing?

Ensuring that all traffic is routed to the same target group instance for a specific user session.

Which type of load balancer supports the use of Application Security Groups to restrict access from load balancer security groups only?

Application Load Balancers (ALB)

What is the main purpose of a payload manipulation technique in an Intrusion Detection System (IDS)?

To modify incoming traffic to prevent malicious attacks.

Which of the following is NOT a benefit of using Application Load Balancers (ALB) for cross-zone load balancing?

Elimination of charges for inter-AZ data transfer.

What is the primary advantage of using SSL/TLS certificates with load balancers?

Protecting sensitive data in transit between clients and load balancers.

What is the default time interval for draining an instance in an autoscaling group?

300 secs

Which component is NOT typically included in a launch template for autoscaling groups?

Database Connection String

What type of scaling is used when an autoscaling group adjusts based on a CloudWatch alarm?

Step scaling

Which of the following scaling policies is an example of dynamic scaling?

Average CPU target tracking

What is the primary function of autoscaling groups in the context of EC2 instances?

To automatically adjust the number of EC2 instances

When configuring an autoscaling group, which parameter defines the minimum number of instances that should be maintained?

Minimum size

Which of the following is NOT a characteristic of the autoscaling group?

Has a fixed instance count

In the context of autoscaling, what does 'scheduled scaling' refer to?

Increasing instance capacity daily at specific times

What is the main advantage of using On-demand instances in EC2 pricing?

Predictable pricing without upfront fees

What is a characteristic of Dedicated Hosts in AWS?

They enable control over instance placement and licensing

Which of the following accurately describes the purpose of Reserved Instances?

Designed for long-term workloads requiring cost efficiency

What happens during a cold start in AWS Lambda?

The execution environment is set up fresh, and resources are allocated

Which of the following best describes the concept of Savings Plans in EC2?

A commitment to a specific amount of usage to reduce costs

In the context of AWS Lambda, what is the role of the Event Object?

To provide parameters for the lambda function to process

What is a consequence of using Spot Instances for workloads?

They might not remain allocated when capacity is needed elsewhere

Which statement accurately reflects the characteristics of EC2 Instance Connect?

It allows direct SSH access without the need for a public IP

What is the primary role of AWS CodeDeploy?

Deployment automation for applications

Which of the following best describes Vertical Scalability?

Increasing the size of an existing instance

What aspect of AWS CLI allows it to be an alternative to the AWS Management Console?

It provides command line access to AWS services

Which statement accurately differentiates Scalability from High Availability?

Scalability only considers resource upgrades, while High Availability is concerned with redundancy.

Which AWS service allows for version control and collaboration on code repositories?

AWS CodeCommit

What benefit does using Elastic Load Balancing (ELB) provide?

It distributes incoming traffic to multiple EC2 instances.

What is a primary attribute of the AWS Cloud Development Kit (AWS CDK)?

It enables infrastructure provisioning as code using familiar programming languages.

Which service provides real-time monitoring of resources and applications in AWS?

Amazon CloudWatch

Which AWS service is used to monitor and manage applications in real-time, offering insights into performance and health?

Amazon CloudWatch

Which AWS service allows you to define and manage infrastructure as code using a declarative language?

AWS CloudFormation

Which of the following is NOT a benefit of using AWS CLI?

Provides a graphical user interface

Which AWS service provides a framework for building and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?

AWS CodeStar

What is the difference between vertical and horizontal scalability?

Vertical scalability increases the size of instances while horizontal scalability increases the number of instances.

Which AWS service allows you to store and manage log files generated by your applications and infrastructure?

Amazon CloudWatch Logs

Which of the following is NOT a suitable use case for Amazon Elastic File System (EFS)?

Supporting a single EC2 instance for a database

What is the key advantage of using Amazon EFS over EC2 Instance Store?

EFS provides persistent storage that survives instance termination, unlike Instance Store.

Which storage option is most suitable for storing data that is rarely accessed (few times per year)?

Amazon EFS - Archive

Which of these storage options is suitable for managing content, web serving, and data sharing?

Amazon EFS

Which performance mode in Amazon EFS is best for general web site use cases?

General Purpose

Which storage option is best for high-performance, low-latency workloads requiring ephemeral storage?

EC2 Instance Store

Which of the following statements is true regarding Amazon EFS?

Amazon EFS scales automatically, requiring no capacity planning.

Which of the following is a key difference between EC2 Instance Store and Amazon EFS?

Amazon EFS is a managed service, while EC2 Instance Store is not.

What is a major consideration when choosing between Amazon EFS's Bursting and Provisioned throughput modes?

The expected workload pattern and performance requirements.

Which Amazon EFS storage tier is most suitable for frequently accessed files?

Standard

What is a major benefit of using AWS CodeBuild?

Fully managed and reduces idle time billing

How does AWS CloudShell differ from traditional command line interfaces?

Provides terminal access pre-configured with your AWS user

What defines the build process in AWS CodeBuild?

buildspec.yaml file

What is a key advantage of using AWS CodeCommit?

Integrates well with other AWS services

Which feature of AWS CodeArtifact is particularly highlighted?

Enables artifact storage and distribution

What is a characteristic of AWS Amplify's services?

Offers tools for full-stack development and deployment

Which component is essential for AWS CodeBuild to run builds based on the source code?

buildspec.yaml file

Which statement accurately describes AWS Cloud9?

It is a fully managed IDE that runs in the cloud

What is one of the main advantages of using Athena compared to S3 Select?

Athena can query the entire bucket.

Which characteristic distinguishes Kinesis Data Streams from SQS?

Kinesis allows real-time data processing.

Which access method uses access keys for AWS interaction?

Both b and c

Which of the following statements about Edge Networks is incorrect?

Edge Networks can only serve dynamic content.

What functionality does CloudFront provide in relation to edge locations?

CloudFront serves content at edge locations for reduced latency.

What is a key difference between Kinesis Data Streams and Kinesis Firehose?

Data Streams requires a consumer to process data.

Which of the following statements is true about AWS Athena's billing?

Athena charges based on the amount of data scanned during queries.

Which service is necessary to obtain an ordered stream of messages in Kinesis?

Kinesis Data Streams supports ordered data natively.

What is the maximum time you can set for draining an instance before it is terminated in an autoscaling group?

3600 seconds

What are the two main types of scaling policies for autoscaling groups?

Dynamic and Scheduled

What is the purpose of Launch Templates in AWS Auto Scaling?

To define the size and type of EC2 instances to be launched in an autoscaling group

Which of these is NOT included in the Launch Template for an autoscaling group?

The AWS region

What is the purpose of a Target Tracking scaling policy?

To scale the autoscaling group based on a specific metric, such as CPU utilization

What is the benefit of using a Simple scaling policy?

It is easier to configure than a target tracking scaling policy

What is a key advantage of using AWS Auto Scaling?

It allows you to automatically scale your application's resources based on demand

How can you specify the minimum and maximum number of instances in an autoscaling group?

By using the autoscaling group's configuration settings

What is the primary purpose of stickiness in load balancers?

To ensure user sessions are routed to the same target group

What is the difference between Cross Zone load balancing and normal load balancing?

Cross Zone load balancing distributes requests across all AZs, while normal load balancing does not

What is the primary purpose of SNI?

To allow multiple SSL certificates on one web server

What is the primary purpose of connection draining?

To complete in-flight requests while target group instances are de-registering or unhealthy

What is the primary benefit of using SSL/TLS certificates with load balancers?

To allow encryption in transit (in-flight encryption)

What is the primary purpose of security groups with load balancers?

To restrict access to load balancers

What is the primary difference between ALB and NLB in terms of cross-zone load balancing?

ALB has cross-zone load balancing enabled by default, while NLB has it disabled by default

What is the primary benefit of using application-based cookies with load balancers?

To allow custom attributes required by the application

Which AWS service allows you to manage and audit changes to your AWS infrastructure?

AWS CloudTrail

Which of the following is a benefit of using AWS CLI?

It provides a high-level API to interact with AWS services.

Which AWS service provides a framework for building and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?

AWS CodeStar

Which AWS service provides a managed load balancer for forwarding traffic to multiple downstream servers?

Elastic Load Balancing (ELB)

What is the primary function of AWS CodeDeploy?

Provides a managed service for deploying and managing applications on AWS.

Which of the following is NOT a benefit of using AWS SDK?

Requires extensive knowledge of AWS CLI commands to use it.

Which of the following is a characteristic of horizontal scalability?

Adding more servers to a load balancer.

Which of the following AWS services allows you to define and manage infrastructure as code using a declarative language?

AWS CloudFormation

Which of the following is NOT a way to establish a connection to the internet at the VPC level?

VPC Endpoint

How does a VPC Flow Log capture information about IP traffic going to instances?

By intercepting and analyzing network packets.

What is the purpose of adding rules to authorize another security group in a VPC?

To allow instances in one security group to communicate with instances in another security group.

Which of the following is a benefit of using VPC Endpoints to connect EC2 instances to AWS global services?

All of the above.

What is the primary function of a Customer Gateway in a VPC?

To establish an AWS DirectConnect connection to an on-premises data center.

In a three-tier architecture, which tier typically handles user requests and interacts with the database tier?

Presentation Tier

Which of the following is NOT a valid destination for VPC Flow Logs?

Amazon CloudTrail

What is a key benefit of using Subnet Flow Logs compared to VPC Flow Logs?

All of the above.

What distinguishes GP3 volumes from GP2 volumes in EBS storage?

GP3 allows independent configuration of throughput and storage.

Which type of EBS volume is best suited for applications that require sustained IOPS performance?

io1 / io2

What is the maximum provisioned IOPS for an io2 EBS volume?

256,000 IOPS

What feature does EBS Multi-attach provide for EC2 instances?

Enables full read and write permissions for multiple instances to the same EBS volume.

What is the primary use case for st1 EBS volumes?

Big data, data warehouses, or log processing.

Which of the following statements about AMIs is true?

AMIs can be created only in the same region as the EC2 instance.

When using io1 volumes, what is the maximum IOPS to GiB ratio allowed?

100:1

What differentiates sc1 volumes from st1 volumes?

sc1 is more cost-effective for archiving.

What controls the network traffic in a VPC through subnet routing?

Route table

What is a requirement for establishing a VPC peering connection?

No overlapping CIDR in the IP address range

Which statement is true regarding security groups in a VPC?

They only specify ALLOW rules.

What is the primary function of VPC endpoints?

To connect to AWS services using a private network.

Which features of network ACL and security groups differ fundamentally?

Security Groups work at the instance level.

What does the Direct Connect (DX) service provide?

Physical connection with lower latency to on-premises infrastructure.

Which of the following statements about route tables is incorrect?

Each subnet can have more than one route table associated.

What is a key feature of the Site to Site VPC VPN?

It provides an encrypted connection over the public internet.

Which of the following pillars of the AWS Well-Architected Framework is concerned with the ability to run and monitor systems to deliver business value?

Operational Excellence

What is the primary benefit of using a regional Amazon S3 bucket?

Lower latency

Which AWS service provides a managed relational database service that combines the high performance and availability of commercial-grade relational databases with the simplicity and cost-effectiveness of open-source databases?

Amazon Aurora

What is the primary purpose of Amazon CloudWatch

To monitor and manage AWS resources and applications

Which AWS service enables developers to write, run, and debug code quickly and safely in a cloud-based integrated development environment (IDE)?

AWS Cloud9

What is the primary benefit of using Amazon Elastic Container Service (ECS)?

Simplified container management

Which AWS service provides a fully managed service that makes it easy to create, manage, and scale event-driven architectures?

EventBridge

What is the primary purpose of AWS Config?

To evaluate and manage the configuration of AWS resources

What is a characteristic of an AMI?

It is region-specific

What is the main difference between GP2 and GP3 EBS volume types?

GP2 has preconfigured throughput and storage, while GP3 allows independent configuration

What is the main use case for io1 and io2 EBS volume types?

Applications that need sustained IOPS performance

What is the main benefit of EBS Multi-attach?

Achieve higher application availability in clustered Linux applications

What is the main difference between st1 and sc1 EBS volume types?

st1 is for hard disk drives and sc1 is for solid-state drives

What is a key feature of io1 and io2 EBS volume types?

Independently set IOPS and storage

What is the main limitation of GP2 EBS volume types?

It has a maximum IOPS of 16,000

What is the main benefit of using EBS volume types?

All of the above

Which state type in Step Functions signifies successful completion of a workflow?

Succeed

What is one of the primary uses for EC2 instance types labeled as 'memory optimized'?

High performance databases

Which type of task allows concurrent execution of various jobs in AWS Step Functions?

Parallel

What is a common use case for EC2 User Data scripts'

Install software during instance launch

Which of the following state types in AWS Step Functions is used for conditional logic?

Choice

What benefits do Compute optimized EC2 instances provide?

Suitable for batch processing and media transcoding

What happens to the EC2 instance's User Data script during subsequent restarts?

Runs only the first time the instance is launched

How can AWS Step Functions enhance workflows in a serverless architecture?

By orchestrating Lambda functions visually

Which condition can trigger cache eviction?

An item is deleted explicitly

What is a primary advantage of using Amazon RDS over EC2 for database management?

Automated backups and maintenance

Which of the following statements about RDS read replicas is accurate?

Up to 15 read replicas can be created within the same region

What is the main feature of Amazon RDS Proxy?

It pools and shares database connections to enhance efficiency

What is the purpose of the Time to Live (TTL) in caching?

To define how long an item can stay in the cache before being evicted

When converting an unencrypted RDS database to an encrypted one, which is the correct method?

Create a snapshot, copy it, enable encryption, and restore

Which use case is most suitable for implementing read replicas?

Reporting and analytics in read-heavy environments

How does scaling out or scaling up affect cache eviction due to memory limits?

It can help alleviate frequent evictions by providing more resources

What is the main advantage of using Amazon Elastic File System (EFS) over EC2 Instance Store for applications requiring high availability and scalability?

EFS provides persistent storage that survives instance termination, while Instance Store is ephemeral.

Which of the following is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?

The expected peak throughput requirements for the application.

Which storage tier in Amazon EFS is most cost-effective for data that is rarely accessed (few times per year)?

Archive

Which of the following is NOT a suitable use case for Amazon Elastic File System (EFS)?

Storing temporary data that is frequently accessed by a single EC2 instance.

What is the primary benefit of using lifecycle policies with Amazon EFS?

Automated data migration to different storage tiers based on access patterns.

Which of the following statements about Amazon Elastic File System (EFS) is TRUE?

EFS is a fully managed service that requires no capacity planning.

Which of the following is NOT a characteristic of Amazon Elastic File System (EFS)?

Offers consistent low latency for all access patterns.

What is the main reason for choosing the 'Max IO' performance mode for Amazon EFS?

To optimize performance for applications that require high IOPS and throughput.

What is the primary function of a route table in a VPC?

To control the access between subnets and the internet

What is a key requirement for VPC peering connections?

Non-overlapping CIDR blocks

What is the primary benefit of using VPC Endpoints?

Enhanced security and lower latency to access AWS Services

What is the primary function of a Network ACL?

To allow or deny traffic at the subnet level

What is a key characteristic of Security Groups?

They can only specify allow rules

What is the primary function of a VPC Endpoint?

To allow access to AWS services using a private network

What is the primary benefit of using Site-to-Site VPN?

Connect on-premises VPN to AWS via an encrypted public internet connection

What is the primary function of Direct Connect?

To connect on-premises infrastructure to AWS via a physical connection

What is a characteristic of an AMI?

It is region specific

What is the main difference between GP2 and GP3 EBS volume types?

GP3 can independently set throughput and storage, whereas GP2 cannot

What is a suitable use case for io1/io2 EBS volume types?

Database workloads that require sustained IOPS performance

What is the EBS Multi-attach feature used for?

To attach a single EBS volume to multiple EC2 instances in the same availability zone

What type of EBS volume is suitable for big data, data warehouses, and log processing?

st1

What is the maximum IOPS for an io1 EBS volume type?

64,000 IOPS

What is the primary benefit of using io2 EBS volume types?

They provide high IOPS performance

What is the primary use case for sc1 EBS volume types?

Archiving and cold storage

What is the purpose of an EC2 User Data script?

To automatically install software and configure the EC2 instance at launch.

What is the primary function of Amazon SNS (Simple Notification Service)?

To enable communication between different AWS services.

Which of the following is NOT a state type available in AWS Step Functions?

Switch

Which EC2 instance type is designed for high-performance databases with memory-intensive workloads?

m5.2xlarge

What is a key benefit of using Amazon SQS (Simple Queue Service) for message queues compared to Amazon SNS?

SQS allows for guaranteed message delivery, while SNS does not.

What is the primary purpose of AWS AppSync?

To create a serverless API for accessing data from multiple data sources.

Which AWS service is used to manage the flow and execution of lambda functions in a serverless environment?

AWS Step Functions

Which of these is a key difference between a standard SQS queue and a FIFO (First-In, First-Out) SQS queue?

FIFO queues provide guaranteed message order delivery, while standard queues do not.

Which AWS service allows you to connect EC2 instances within a VPC to services like AWS Lambda or S3 without internet traffic?

VPC Endpoint

What is the purpose of a Customer Gateway in AWS VPC?

To establish an AWS Direct Connect connection to an on-premises data center

How can you authorize communication between EC2 instances in different security groups within a VPC?

By adding rules to a security group to allow traffic from the other security group

What is the purpose of VPC Flow Logs?

To capture information about IP traffic going to or from instances within a VPC

Which of the following is a valid destination for VPC Flow Logs?

All of the above

What is the main benefit of using VPC Endpoints compared to connecting EC2 instances directly to the internet?

All of the above

Which of the following is NOT a valid use case for a three-tier architecture in AWS?

A monolithic application with all components deployed on a single EC2 instance

What is the primary function of an Internet Gateway in AWS VPC?

To allow connection to the internet at the VPC level

What is the main function of scaling cooldowns in a cloud environment?

To prevent multiple scaling actions from occurring too quickly.

Which of the following statements about NAT devices is correct?

NAT Instances operate within the public subnet and manage private instance connections.

What does the CIDR notation /28 represent in terms of IP addresses?

16 IP addresses available.

What configuration is automatically provisioned by DHCP options set in AWS?

Configures DNS, Netbios Name server, and NTP settings.

Which of the following is true regarding the limitations of a private subnet within a VPC?

It is typically used for backend systems like databases.

Why is it important to specify a minimum healthy percentage during instance refresh?

To control the number of running instances during updates.

In which scenario would using a VPC be unsuitable?

When no alternative routing options are needed.

What is the primary reason for using predictive scaling?

To forecast load and schedule resource scaling proactively.

What is the primary focus of the Operational Excellence pillar in the AWS Well-Architected Framework?

Running and using AWS resources efficiently

What is the main benefit of using Amazon Elastic Container Service (Amazon ECS) over Amazon Elastic Container Registry (Amazon ECR)?

Container orchestration and management

Which of the following AWS services is primarily used for real-time data processing and analysis?

Amazon Kinesis

What is the main advantage of using Amazon Aurora over Amazon RDS?

Faster database performance

Which of the following is a key characteristic of a highly available architecture in AWS?

Auto-scaling and load balancing

What is the primary purpose of AWS CloudTrail?

Security and compliance auditing

Which of the following AWS services is primarily used for building, testing, and deploying software?

AWS CodePipeline

What is the main benefit of using Amazon Elastic File System (EFS) over Amazon S3?

Faster access to files

Which of the following statements about Teradata applications are TRUE? (Select all that apply)

Teradata applications must be able to handle multiple write operations happening simultaneously.

Which of the following is a suitable use case for Amazon EFS?

Managing website content and files for web servers.

What is a key advantage of using Amazon EFS over EC2 Instance Store?

Ability to mount the filesystem on multiple EC2 instances simultaneously.

Which of the following is NOT a characteristic of Amazon EFS?

Offers a single storage tier for all data types.

Which storage tier in Amazon EFS is designed for rarely accessed data (few times per year)?

Archive

What is the purpose of a scaling cooldown period in cloud scaling activities?

To allow metrics to stabilize after a scaling event

What is the main benefit of using lifecycle policies with Amazon EFS?

Optimizing storage costs by moving data to the appropriate tier based on access frequency.

What is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?

The expected peak throughput requirements for the workload.

Which statement accurately describes a private subnet within a VPC?

It is not accessible from the internet.

Which of the following statements about EC2 Instance Store is TRUE?

It's well-suited for buffering and caching frequently accessed data.

What is the role of NAT Devices in a VPC environment?

To enable EC2 instances in a private subnet to access the public internet

What does an Instance Refresh in a VPC accomplish?

It updates the launch template for EC2 instances without downtime

What is the significance of CIDR blocks in a VPC configuration?

They specify the size of the network and the number of available IP addresses.

Which description best represents a NAT Gateway compared to a NAT Instance?

NAT Gateways offer increased scalability and availability.

What is a key benefit of using DHCP options in a VPC?

They provision IP addresses automatically for resources within the VPC.

Which statement about VPC subnets is false?

A subnet can contain resources from multiple availability zones.

What type of health check does the Elastic Load Balancer (ELB) perform?

Checks for specific response codes on a defined route

Which feature is unique to the Application Load Balancer (ALB)?

Can load balance to multiple applications

What protocol is supported by the Network Load Balancer (NLB)?

TCP and UDP

What is a primary feature of the Gateway Load Balancer (GWLB)?

Manages a fleet of third-party network virtual appliances

What is a notable capability of Application Load Balancers concerning redirection?

Supports redirects from HTTP to HTTPS

Which load balancer is best suited for applications that require high throughput and low latency?

Network Load Balancer (NLB)

Which of the following load balancer types is specifically mentioned as being replaced in capabilities?

Classic Load Balancer

What is a common feature between the Application Load Balancer and Network Load Balancer in terms of session management?

Both can be configured for session stickiness

Which statement about route tables in a VPC is accurate?

Every subnet must have one route table associated with it.

What is a requirement for establishing a VPC peering connection?

The VPCs must not have overlapping CIDR ranges.

Which of the following is a feature of Security Groups in a VPC?

Inbound traffic is denied by default.

Which statement about VPC endpoints is true?

Endpoints reduce latency and enhance security when connecting to AWS services.

What describes the main functionality of Direct Connect (DX)?

It offers a physical connection for faster and more secure network access to AWS.

What capability does a Network ACL provide in a VPC?

Allows or denies traffic at the subnet level explicitly.

In terms of traffic management, how do VPC Security Groups differ from Network ACLs?

Security Groups can only specify ALLOW rules, whereas Network ACLs can specify both ALLOW and DENY rules.

What is a unique characteristic of VPC peering connections?

Each peering connection must be established directly between two VPCs.

What is the main difference between Lazy loading and Write Through caching design patterns?

Lazy loading checks if cached data is present, and loading from the database if not, while Write Through writes to the cache when the database is updated

What is a limitation of using Memcached compared to Redis?

Memcached does not support Sets and Sorted Sets

What is the primary benefit of using Lazy loading caching design pattern?

Only requested data is cached, and node failures are not fatal

What is a characteristic of Write Through caching design pattern?

Data in cache is never stale, and writes require 2 calls

Which caching technology supports Sets and Sorted Sets?

Redis

What is the maximum number of read replicas for an Elasticache Redis cluster with cluster-mode disabled?

5

Which caching design pattern involves checking if cached data is present, and loading from the database if not?

Lazy loading

What is a benefit of using Cache-Aside caching design pattern?

Reduces the load on the database, and improves application performance

Which of these scenarios benefit from enabling sticky sessions on a load balancer?

An online shopping cart application where users need to maintain their items in the cart across multiple requests.

Which load balancer type allows you to disable cross-zone load balancing at the target group level, without incurring charges for inter-AZ data transfer?

Application Load Balancer (ALB)

What is the primary purpose of using a default certificate on an HTTPS listener for an Application Load Balancer (ALB)?

To automatically redirect HTTP traffic to HTTPS, providing a more secure connection for users.

Which of these techniques helps address the challenge of managing multiple SSL certificates for different domains on a single web server?

Utilizing Server Name Indication (SNI) to allow the client to specify the hostname during the initial SSL handshake.

Which of these describes the concept of connection draining in the context of load balancer target group instances?

The process of gracefully removing unhealthy instances from the load balancer's target group, while ensuring that ongoing requests are completed.

Which of the following is a key benefit of using an Application Security Group (ASG) in conjunction with a load balancer?

It allows you to configure access control rules to restrict inbound and outbound traffic to the load balancer and its associated target group instances.

Which of the following statements about AWS Certificate Manager (ACM) is TRUE?

ACM provides a centralized location for managing SSL/TLS certificates used for various AWS services, including load balancers, CloudFront, and API Gateway.

What is the primary purpose of using a Network Load Balancer (NLB) in an AWS environment?

To route traffic based on the source IP address of the client requests, providing high availability for network services.

What is the primary role of Step Functions in AWS?

To enable serverless workflows and orchestrate Lambda functions

Which of the following EC2 instance types is optimized for high-performance databases?

m5.2xlarge

Which state type in Step Functions is used to introduce a delay in execution?

Wait

What type of EC2 User Data script is run during the first launch of an instance?

A one-time setup script to install software or updates

What does the 'Map' state type in Step Functions facilitate?

Parallel execution of multiple tasks over a collection

Which configuration does NOT pertain to EC2 instance sizing options?

Data transfer limits

Which of the following is a characteristic of the 'Choice' state in Step Functions?

Executes a specified task based on predefined conditions

Which EC2 instance type naming convention indicates it is memory optimized?

m

What is a distinguishing feature of Amazon DynamoDB compared to traditional databases?

It is a NoSQL database.

What is the primary advantage of using the Writer and Reader endpoints provided by a data service?

They streamline the application’s connection process to different instance types.

Which statement is true about Amazon ElastiCache?

It is a fully managed service providing in-memory data store options.

How does caching improve the performance of applications utilizing in-memory databases?

By reducing the load on databases during read-intensive workloads.

What must be modified in application code to effectively utilize caching with Amazon ElastiCache?

The query patterns need to incorporate cache hit and miss strategies.

What is the expected behavior when an application experiences a cache miss?

Data is fetched from the database after failing to find it in the cache.

Why is high availability important for data management services such as those mentioned?

It allows for automatic failover and redundancy in data storage.

What primary role does the connection load balancer play in the context of the Reader endpoint?

It manages the traffic between application requests and read replicas.

Which of the following statements accurately describes the role of IAM policies in AWS security?

IAM policies are used to define the permissions for AWS users and groups, allowing or denying access to specific resources and actions.

What is the significance of the 'Effect' element within an IAM policy statement?

The 'Effect' element specifies the type of access control rule, such as 'Allow' or 'Deny', determining whether the policy grants or prohibits access to a specific resource.

Which of the following scenarios BEST illustrates the concept of the 'Principle of Least Privilege' in AWS IAM?

A security administrator is assigned a role that grants access only to specific security monitoring tools and dashboards.

Which of the following statements regarding AWS IAM Roles is CORRECT?

IAM Roles are designed to grant permissions to AWS services, allowing them to access specific resources on behalf of the service.

What is the primary function of the 'Resource' element within an IAM policy statement?

The 'Resource' element identifies the specific AWS resources that the policy grants or denies access to, such as S3 buckets or EC2 instances.

In an IAM policy, which of the following elements is OPTIONAL?

Statement

Which of the following statements BEST explains the purpose of the 'Principal' element within an IAM policy statement?

The 'Principal' element identifies the user, group, or role that the policy applies to, determining who or what is subject to the policy's rules.

Which of the following is a key benefit of using IAM Groups in AWS security?

IAM Groups allow for centralized management of permissions for multiple users, simplifying the process of assigning and modifying access controls.

What is a key consideration when setting up a password policy in IAM?

Setting a minimum length for the password

What is the primary benefit of using IAM Access Advisor?

It shows service permissions granted to the user and when those were last accessed

What is a key characteristic of an EBS volume?

It persists data even after EC2 termination

What is the primary use case for AWS Key Management Service (AWS KMS)?

To encrypt EBS at rest

What is the primary function of AWS Security Token Service (AWS STS)?

To request temporary, limited-privilege credentials for IAM users or roles

What is the primary benefit of using EBS Snapshots?

It provides a backup of your EBS volume

What is the primary purpose of MFA in AWS?

To provide an additional layer of security for IAM users

What is the primary responsibility of the user in the Shared Responsibility Model of IAM?

Applying appropriate permissions in IAM

Which AWS service provides a managed caching service, offering high performance, scalability, and in-memory data storage, supporting both Redis and Memcached?

Amazon ElastiCache

Which of the following AWS pricing models offers the most cost savings for a long-running workload with a consistent usage pattern, but requires a commitment to a specific amount of usage?

Savings Plans

Which AWS service offers the ability to manage and deploy your applications in a serverless environment, allowing you to focus on code development rather than infrastructure management?

AWS Lambda

What is the benefit of using the "Context Reuse" feature in AWS Lambda?

Reduces cold start latency by reusing resources from the "INIT" phase, up to 512MB.

Which of the following is NOT a benefit of using Dedicated Instances in AWS EC2?

Ability to install and manage custom operating systems on the instances.

In AWS Lambda, what is the purpose of the "Event Object"?

It provides the input data that triggers the Lambda function execution.

What is a primary advantage of using "Spot Instances" in AWS EC2?

They are highly cost-effective for short-duration workloads, but may be interrupted.

Which of the following AWS services is NOT directly related to managing and deploying applications in a serverless environment?

Amazon ElastiCache

Which of the following statements accurately describes the advantages of using Lambda Layers?

Lambda Layers offer reduced deployment time by allowing the reuse of external dependencies across multiple Lambda functions.

Which type of AWS Step Function state is specifically designed to perform a single unit of work?

Task

What is a key feature of the EC2 User Data script during instance initialization?

It runs only once at the first instance start.

Which state type in AWS Step Functions is used to implement an if-then-else logic?

Choice

For which use case is a Compute Optimized EC2 instance type most suitable?

Media transcoding

Which of the following correctly describes the 'Map' state in AWS Step Functions?

Executes units of work in parallel for each item in a collection.

What characteristic does an EC2 Instance store have that differentiates it from EBS and EFS?

Ephemeral data storage

Which statement about 'Fail' and 'Succeed' states in AWS Step Functions is accurate?

The Fail state stops execution and marks it as a failure.

What does the naming convention 'm5.2xlarge' tell you about the EC2 instance type?

The instance type is memory optimized, is the fifth generation, and has large specs.

What is a key benefit of using Amazon DynamoDB compared to Amazon RDS for a database-driven application?

DynamoDB offers higher availability due to its distributed nature, making it more resilient to failures.

Which statement accurately describes the Writer Endpoint functionality in the context of Amazon RDS?

The Writer Endpoint provides a single DNS endpoint for writing to the master instance of the RDS cluster, simplifying application code.

What is the primary advantage of using Amazon ElastiCache (Redis) over Amazon RDS for read-intensive workloads?

ElastiCache offers lower latency for read operations compared to RDS, resulting in faster response times.

Which scenario best illustrates a use case where Amazon ElastiCache (Memcached) would be an effective solution?

An e-commerce platform with a large product catalog and a need for fast product lookups.

What is the main challenge associated with using Amazon ElastiCache to enhance application performance?

ElastiCache requires significant application code modifications to effectively leverage its caching capabilities.

Which statement best describes the concept of 'Cache Miss' when using Amazon ElastiCache?

When the requested data is not found in the cache and needs to be retrieved from the underlying database.

What is a key advantage of using Amazon ElastiCache (Redis) for session management in a web application?

Redis's in-memory data storage provides fast access to session data, improving application responsiveness.

How does Amazon RDS differ from Amazon DynamoDB in terms of its data model?

RDS is a relational database that adheres to SQL standards, while DynamoDB is a NoSQL database with a key-value data model.

What is the primary focus of the Operational Excellence pillar in the AWS Well-Architected Framework?

Continuous improvement and learning

What is the main benefit of using Amazon Aurora's writer/reader endpoint?

Improved read performance

What is the primary advantage of using AWS CodeCommit over other version control systems?

Tighter integration with AWS services

What is the main purpose of AWS CloudWatch Logs?

Log file storage and management

What is the primary benefit of using Amazon ElastiCache with Redis?

In-memory data storage

What is the main advantage of using AWS Lambda over EC2 instances?

Cost savings due to serverless computing

What is the primary purpose of AWS X-Ray?

Distributed tracing and analytics

What is the main benefit of using AWS CloudFormation over manual infrastructure deployment?

Version control and infrastructure as code

What is the primary benefit of using a Virtual Private Gateway in a VPC?

It establishes an AWS DirectConnect connection to a Customer Gateway at the VPC level

What is the purpose of a Subnet flow log in a VPC?

To capture information about IP traffic going to a specific subnet

What is the benefit of using a Three-Tier Architecture in a VPC?

It provides a scalable and secure architecture for web applications

What is the primary purpose of VPC Flow logs?

To capture information about IP traffic going to instances in a VPC

What is the benefit of using a VPC Endpoint for AWS services?

It provides a secure connection to AWS services over the internet

What is the primary purpose of a Customer Gateway?

To establish an AWS DirectConnect connection to a Virtual Private Gateway at the VPC level

What is the benefit of adding rules to authorize another security group in a VPC?

It allows load balancers to connect to EC2 instances without specifying IP addresses

What is the primary purpose of an Elastic Network Interface Flow log in a VPC?

To capture information about IP traffic going to a specific Elastic Network Interface

What is the primary benefit of using IAM Access Advisor in AWS?

To provide insights into service-level permissions

What is the key difference between a User and a Group in IAM?

A User is an individual, while a Group is a collection of users

What is the purpose of the Principal element in an IAM policy?

To specify the account or user that the policy applies to

What is the benefit of using roles in IAM?

To assign permissions to AWS services

What is the purpose of a Condition element in an IAM policy?

To specify the condition for when the policy is in effect

What is the main advantage of using Amazon Cognito?

It provides user identity and access management for web and mobile applications

What is the purpose of AWS Certificate Manager (ACM)?

To manage and provision SSL/TLS certificates for AWS resources

What is the principle of least privilege in IAM?

Assigning only the necessary permissions to users and groups

What is the primary purpose of scaling cooldowns in a scaling activity?

To allow for metric stabilization after a scaling change

Which statement accurately describes a private subnet within an Amazon VPC?

It is confined to one availability zone and not internet accessible

What does the CIDR block notation /16 signify in an Amazon VPC?

It allows for a maximum of 65,536 IP addresses

What is the primary distinction between NAT instances and NAT gateways?

NAT gateways are managed by AWS, while NAT instances require customer management

What happens to EC2 instances when an instance refresh is executed?

All instances are recreated based on the updated launch template

What role does DHCP options set serve in an Amazon VPC?

To automatically provision IP addresses and configure DNS and network settings

What is the consequence of reserving the first four and last IP addresses in a CIDR block for Amazon?

These addresses are reserved for AWS management and cannot be used by customers

How does a NAT device function within a private subnet of a VPC?

It routes internet traffic from private instances to the public internet while isolating them

What is the role of a route table within a VPC?

It controls the flow of network traffic through subnet routing.

Which statement about VPC peering connections is true?

You can connect two VPCs that belong to different AWS accounts through VPC peering.

What is a key characteristic of security groups in a VPC?

Security groups are stateful and remember inbound connections.

Which of the following best describes Network ACLs?

They provide a firewall mechanism to explicitly allow or deny traffic by various parameters.

What are VPC endpoints mainly used for?

To provide private connections to AWS services without going through the internet.

What is the primary function of Direct Connect (DX) within a VPC context?

To establish a physical and dedicated connection from on-premises to AWS.

What traffic management capabilities does a route table provide within a subnet?

It defines how traffic should be directed to and from subnets.

Which characteristic is NOT true regarding site-to-site VPN connections?

They are capable of site-to-site communication without latency issues.

What is the maximum number of read replicas for an Elasticache Redis cluster with cluster-mode disabled?

5

What is the primary advantage of using the Write Through caching design pattern?

Data in cache is never stale

What is a limitation of Memcached compared to Redis?

It does not support Sets and Sorted Sets

Which caching design pattern involves checking if cached data is present, and loading from the database if not?

Lazy loading

What is a benefit of using the Lazy loading caching design pattern?

Only requested data is cached

Which caching technology supports Multi-AZ with Auto-failover?

Redis

What is a characteristic of the Cache-Aside caching design pattern?

Data is loaded from the database into the cache when requested

Which caching technology does not support high availability?

Memcached

What is the purpose of "Connection Draining" in relation to load balancers?

To ensure that all in-flight requests are completed before an instance is de-registered or becomes unhealthy.

What is the primary function of "Sticky Sessions" in a load balancer setup?

To ensure that requests from the same client are always routed to the same target instance.

Which of the following statements accurately describes how SSL/TLS certificates are managed in AWS Load Balancers?

Load balancers utilize AWS Certificate Manager (ACM) to manage SSL/TLS certificates, allowing users to upload custom certificates or leverage ACM's managed certificates.

What is the primary purpose of "Server Name Indication (SNI)" in the context of AWS Load Balancers?

SNI allows a single load balancer to host multiple domains with different SSL certificates, enabling secure communication for each domain.

Which load balancer type allows you to disable cross-zone load balancing at the target group level?

Application Load Balancer (ALB)

Which of the following statements accurately describes the behavior of a load balancer with cross-zone load balancing disabled?

Requests are distributed evenly across instances within the same availability zone as the load balancer.

Which of the following statements accurately describes the impact of enabling "Stickiness" on load balancer behavior?

Enabling Stickiness can cause uneven distribution of traffic, potentially overloading some instances.

Which of the following is NOT a valid use case for "Stickiness" in load balancing?

Distributing traffic evenly across all instances in a target group.

What must be true for two VPCs to establish a peering connection?

They must not have overlapping CIDR blocks.

What is a key characteristic of Security Groups in AWS?

They can only specify allow rules, not deny.

Which statement correctly describes the functionality of VPC Endpoints?

They enhance security by allowing connections over a private network.

How does a Network ACL differ from a Security Group in AWS?

Network ACLs operate at the subnet level, while Security Groups operate at the instance level.

Which of the following is NOT a feature of Route Tables in a VPC?

They control access between different VPCs.

What is a limitation of VPC peering connections?

They are not transitive and require direct connections.

What is the primary benefit of using Direct Connect (DX)?

It provides a secure, fast, and private physical connection.

Which of the following statements about Site-to-Site VPN is true?

It is encrypted over a public internet connection.

What is a specific purpose of the 'Wait' state type in Step Functions?

To delay execution for a specified time period

Which EC2 instance characteristic does NOT influence its performance?

Geographic location of the AWS region

Which of the following states in Step Functions is responsible for running a single unit of work?

Task

Which EC2 instance type is best suited for media transcoding and batch processing?

c5d.4xlarge

What is NOT a state type in AWS Step Functions?

Diversion

Which of the following options describes EC2 User Data?

Instructions that execute only once at the first start

What does the 'Map' state in AWS Step Functions do?

Runs units of work in parallel for each item in a collection

Which AWS service is primarily used to connect and manage serverless workflows?

Step Functions

Which of the following statements regarding IAM Policies is incorrect?

Policies can only allow access to resources; they cannot deny access to specific resources.

A developer requires access to create and manage AWS Lambda functions, but should not be able to modify any IAM roles. Which of the following actions should NOT be included in the developer's IAM policy?

iam:CreateRole

A company wants to ensure that only users belonging to the 'Sales' group can access the 'Marketing-Data' S3 bucket. Which of the following policy statements would correctly implement this restriction?

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::123456789012:group/Sales"}, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::Marketing-Data/*" }] }

Which of the following statements about IAM Roles is incorrect?

Roles can be assigned to individual users, allowing them to access resources on behalf of the role's permissions.

A company uses a separate IAM User for each developer working on their project. Which of the following scenarios demonstrates the principle of least privilege?

Each developer is assigned to a group with a policy that grants them access to only the resources and services necessary to complete their assigned tasks.

An organization wants to ensure that its developers can only deploy code to specific environments, based on their team affiliation. Which of the following approaches would be most effective in achieving this requirement?

Create different IAM Roles for each development team, granting each role access to the specific environments they are responsible for.

Which of the following statements regarding the 'Effect' statement in an IAM Policy is correct?

The 'Effect' statement can be set to either 'Allow' or 'Deny', allowing for both positive and negative authorization of actions.

A company has several development teams, each with their own set of resources and permissions. Which of the following approaches would be most efficient in managing IAM permissions for this organization?

Create different IAM Roles for each development team, granting each role access to the specific resources and permissions required for their work.

Which type of load balancer is best suited for scaling applications with EC2 Auto Scaling groups?

Application Load Balancer (ALB)

What is the primary role of EC2 Auto Scaling groups in conjunction with load balancers?

Managing the deployment of new instances to replace unhealthy ones

How do EC2 Auto Scaling groups interact with Application Load Balancers (ALB) to maintain application availability?

Auto Scaling groups register EC2 instances with ALBs, ensuring traffic is distributed to healthy instances.

What is the primary benefit of using EC2 Auto Scaling groups in a production environment?

Reduced cost by only running instances when needed

Which of the following scenarios would benefit most from the use of EC2 Auto Scaling groups?

A mobile game server with fluctuating player counts

How do EC2 Auto Scaling groups contribute to fault tolerance in a system?

By automatically launching new instances to replace unhealthy ones

What is a key consideration when configuring EC2 Auto Scaling groups?

All of the above

What is the main purpose of scaling policies in EC2 Auto Scaling groups?

To determine when and how to adjust the number of instances based on metrics

Which AWS service can be used to automatically scale EC2 instances based on predefined metrics?

Amazon EC2 Auto Scaling

What is the main purpose of scaling groups in EC2 Auto Scaling?

To define the scaling policies for a set of instances

What are the two main types of scaling policies in EC2 Auto Scaling?

Manual and Automated

Which type of scaling policy in EC2 Auto Scaling allows you to set a desired number of instances to maintain?

Manual Scaling Policy

Which scaling policy in EC2 Auto Scaling adjusts the number of instances based on predefined thresholds and cool-down periods?

Step Scaling Policy

Which scaling policy in EC2 Auto Scaling aims to maintain a specific target value for a chosen metric?

Target Tracking Scaling Policy

What is the role of a Launch Configuration in EC2 Auto Scaling?

To specify the configuration of instances launched in a scaling group

Which of these is NOT a benefit of using EC2 Auto Scaling?

Guaranteed performance for all applications

What component is used to configure the specifications for instances in an Auto Scaling Group?

Launch template

Which of the following is NOT a type of scaling policy used in Auto Scaling Groups?

Static scaling

What is the default duration for draining an instance in an Auto Scaling Group?

300 seconds

What parameters must be specified when configuring an Auto Scaling Group?

Minimum size and maximum size

How is dynamic scaling commonly triggered in an Auto Scaling Group?

Through CloudWatch alarms

Which of the following best describes target tracking scaling?

Adjusting instances to maintain a specific performance metric

What type of information can be included in a Launch template for an Auto Scaling Group?

AMI and IAM roles

What does scheduled scaling accomplish in Auto Scaling Groups?

It sets fixed numbers of instances for specific times.

What does vertical scalability refer to in cloud architecture?

Increasing the size of a single instance to improve performance

Which approach best describes horizontal scalability?

Adding more servers to share the load

What key advantage does auto scaling provide to applications?

Dynamically adjusts resources based on demand

Which AWS service is commonly used for implementing auto scaling?

Amazon CloudWatch

What is the role of Elastic Load Balancing (ELB) in conjunction with auto scaling?

To evenly distribute incoming application traffic across multiple instances

What is a common misconception about auto scaling?

It guarantees zero downtime during scaling

How does auto scaling contribute to high availability in cloud applications?

By automatically replacing unhealthy instances

What is a benefit of using an auto scaling group?

Enables automatic management of instance lifecycle events

What is the purpose of scaling cooldowns in Auto Scaling?

To prevent instances from being added before previous ones have initialized

What does 'Instance Refresh' in EC2 Auto Scaling allow you to do?

Recreate all EC2 instances after updating the launch template

What is a key characteristic of predictive scaling?

It forecasts load and schedules scaling in advance

Which of the following describes a NAT Gateway in a VPC?

An AWS-managed device that connects private subnet instances to the internet

What is the function of the CIDR Block in a VPC?

Specifies the size of the network and available IP addresses

How does a private subnet differ from a public subnet in a VPC?

Public subnets have instances that are accessible from the internet

What is the minimum healthy percentage in the context of instance refresh?

The minimum number of instances required for operations during refresh

What is a common disadvantage of using a NAT Instance compared to a NAT Gateway?

NAT Instances are less scalable and not as highly available

What is the primary benefit of using Lambda Layers?

Separation of concern and managing all dependencies in a single layer

What happens to a Lambda function when it connects to a VPC?

It loses access to the internet

What is the primary purpose of AWS Serverless Application Model (SAM)?

To build serverless applications

What is Amazon Aurora optimized for?

AWS cloud optimization

What is the main advantage of using RDS over Amazon Aurora?

RDS is less expensive

What is the primary benefit of using Lambda Versions and Aliases?

Canary deployments and zero-downtime updates

What is the main difference between Relational and NoSQL databases?

Relational databases are harder to make schema changes

What is the primary function of an SNS Notification event?

To trigger a Lambda function

Which of these AWS services is designed primarily for storing and managing source code?

AWS CodeCommit

Which of these AWS services allows users to directly access and manipulate files within the service, creating a stateful environment?

AWS CloudShell

Which of these AWS services is used for building and testing applications, providing pre-packaged environments and reducing the need for server maintenance?

AWS CodeBuild

Which of these AWS services offers the ability to export your application's configuration into a CloudFormation template?

AWS Amplify Studio

Which of these AWS services is NOT directly part of the AWS Amplify framework?

AWS CloudShell

Which of these AWS services offers a managed Git-based source code repository, designed for integration with other AWS services?

AWS CodeCommit

Which of these AWS services is a serverless CI/CD environment that focuses on building and testing applications, and reduces the need for maintaining dedicated servers?

AWS CodeBuild

Which of these AWS services enables users to store and manage code artifacts, providing a centralized repository for managing dependencies and packages?

AWS CodeArtifact

Which load balancer type offers the ability to assign a static IP address and supports TCP, HTTP, and HTTPS health checks?

Network Load Balancer (NLB)

Which load balancer type would be the most appropriate choice for an application that needs to handle millions of requests per second and requires a static IP address for its external access?

Network Load Balancer (NLB)

You need to create a load balancer that can support routing based on query strings or parameters. Which load balancer type would best meet this requirement?

Application Load Balancer (ALB)

Which load balancer type supports sticky sessions, allowing you to keep a specific client connected to the same server for a period of time?

Both ALB and NLB

What is the primary function of an Application Load Balancer (ALB) in relation to the underlying infrastructure?

Managing communication between EC2 instances and external users.

Which load balancer type operates at layer 3 (Network Layer) and is primarily used for deploying and managing a fleet of 3rd party network virtual appliances?

Gateway Load Balancer (GWLB)

You need a load balancer that can handle a large volume of requests and distribute traffic across multiple EC2 instances, Lambda functions, or ECS clusters. Which load balancer type would be the most suitable choice?

Application Load Balancer (ALB)

Which load balancer type is considered deprecated and is no longer recommended for new deployments?

Classic Load Balancer (CLB)

What differentiates GP3 EBS volumes from GP2 volumes?

GP3 volumes allow independent configuration of throughput and storage rates.

Which of the following EBS volume types is specifically designed for applications that require high and consistent IOPS performance?

io1/io2

What is the maximum provisioned IOPS that can be achieved with io2 EBS volumes?

256,000 IOPS

In which scenario would you most likely utilize EBS multi-attach feature?

To achieve higher application availability in clustered applications.

What type of AMI can be used to launch EC2 instances predominantly designed by AWS?

Public AMI

Which of the following best describes the primary use case for st1 EBS volumes?

Storage for data warehousing and big data.

Which feature of io1 EBS volumes requires the use of Nitro instances to exceed a specific IOPS limit?

Provisioned IOPS setting.

Which of the following statements is true regarding AMIs?

AMIs can be public, private, or community-based.

A user in the "developers" group needs to access Amazon S3 to upload code artifacts. Which of the following policy statements would most appropriately grant this access, while adhering to the principle of least privilege?

Option A

What is the maximum time that an instance can be draining before autoscaling routes traffic to other instances?

300 secs

What is the purpose of an IAM role in an autoscaling launch template?

To grant permissions to the EC2 instance

What is the main benefit of using target tracking scaling in autoscaling?

It maintains a specific average utilization level

What can be based on a CloudWatch alarm in autoscaling?

Scaling policies

What is the primary purpose of scaling cooldowns in Auto Scaling?

To allow metrics to stabilise after a scaling activity

What is the minimum healthy percentage used to trigger an Instance Refresh in Auto Scaling?

0%

What is specified in the initial capacity of an autoscaling group?

The desired number of instances

What can be attached to an autoscaling group?

A security group

What is the purpose of predictive scaling in Auto Scaling?

To continuously forecast load and schedule scaling ahead

What is the default time period for scaling cooldowns in Auto Scaling?

300 seconds

What is the primary benefit of using autoscaling?

It automatically adjusts the number of instances to match changing workloads

What is the purpose of an Instance Refresh in Auto Scaling?

To recreate all EC2 instances in an Auto Scaling group

What is the cost model for autoscaling?

You pay for the underlying EC2 instances only

What is the warm-up time used for in an Instance Refresh?

To specify the time before an instance can be used

What is the main difference between scalability and high availability in AWS?

Scalability is about adding more resources to handle increased load, while high availability is about ensuring data is available even in data center loss.

What is the primary function of Elastic Load Balancing (ELB) in AWS?

To distribute traffic across multiple instances for scalability.

What is the purpose of Auto Scaling?

To maintain a desired number of EC2 instances

What is the benefit of using predictive scaling in Auto Scaling?

Proactive scaling based on forecasted load

What is the benefit of using Auto Scaling in AWS?

It allows for horizontal scaling by adding or removing instances as needed.

What is the primary purpose of AWS CodePipeline?

To provide a serverless CI/CD environment for AWS applications.

What is the difference between vertical and horizontal scalability in AWS?

Vertical scalability is about increasing instance size, while horizontal scalability is about adding more instances.

What is the primary purpose of AWS CodeCommit?

To provide a source code repository for version control.

What is the primary benefit of using AWS CodeBuild?

It provides automated build and testing for code changes.

What is the primary purpose of AWS CodeStar?

To provide a framework for building and deploying applications on AWS.

Which load balancer type supports HTTP to HTTPS redirection?

Application Load Balancer

What is a primary advantage of using a Network Load Balancer?

Works best with static IP provisioning

Which type of load balancer operates at layer 3?

Gateway Load Balancer

What type of health check does the Network Load Balancer support?

TCP, HTTP, and HTTPS

Which of the following features is NOT supported by the Application Load Balancer?

Static IP address provisioning

Which load balancer can effectively load balance various applications on the same machine?

Application Load Balancer

What is a key characteristic of the Classic Load Balancer?

It has been replaced by newer types

Which load balancer type is best suited for high throughput and low latency applications?

Network Load Balancer

Which of the following is a characteristic of the 'Task' state in Step Functions?

Represents a single unit of work

What is the primary purpose of EC2 User Data?

To run scripts or commands at the first launch

Which of the following EC2 instance types is specifically memory optimized?

r5.4xlarge

What type of state in Step Functions is used for if-then-else logic?

Choice

Which EC2 instance configuration component determines the speed of data transfer?

Network card

In the context of EC2, what does the term 'Bootstrapped' refer to?

An initial configuration script for the instance

Which state type in Step Functions is used to pause execution for a specified duration?

Wait

What is a key function of the 'Map' state in Step Functions?

To iterate over a collection of items

Which of the following is a key advantage of using VPC peering over VPC endpoints?

Reduced security risks

What is a limitation of security groups compared to network ACLs?

Security groups can only specify allow rules

Which of the following is a characteristic of a VPC endpoint?

Provides a private connection to AWS services

What is a key consideration when designing a VPC architecture with multiple availability zones?

Implementing redundancy within each availability zone

Which of the following is a benefit of using Direct Connect over Site-to-Site VPN?

Higher bandwidth

What is a limitation of network ACLs compared to security groups?

Network ACLs are stateless

Which of the following is a characteristic of a VPC peering connection?

Has a maximum limit on the number of connections

What is a key advantage of using VPC endpoints over Site-to-Site VPN?

Private access to AWS services

What is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?

Predictable throughput requirements

What is the main advantage of using Amazon Elastic File System (EFS) over EC2 Instance Store for data storage?

Support for multiple Availability Zones

Which of the following use cases is most suitable for Amazon EFS?

Content management

What is the primary benefit of using lifecycle policies with Amazon EFS?

Cost optimization by moving files to lower-cost storage tiers

Which storage tier is most suitable for data that is rarely accessed (few times per year) in Amazon EFS?

Archive

What is the primary characteristic of the 'Max IO' performance mode in Amazon EFS?

High-throughput file system for big data workloads

What is the limitation of using EC2 Instance Store for data storage?

Data loss when instance is stopped

Which of the following is a requirement for using Amazon Elastic File System (EFS)?

Linux-based AMI

What is a feature of Reserved Instances in AWS?

Commitment to a specific instance type for a duration

Which invocation method allows for immediate response but can lead to delays in processing in Lambda?

Synchronous invocation

What is the main characteristic of dedicated hosts in AWS?

Full control over instance placement and configuration

What effect does a cold start have on a Lambda function?

It requires longer execution times due to resource initialization.

How are savings plans different from reserved instances in AWS?

Savings plans provide more flexibility in terms of instance types.

What does the Execution Context in Lambda functions allow for?

Speed up by maintaining state between invocations

In which scenario would you typically prefer using Spot Instances?

For processing batch jobs that can handle interruptions

What is a key advantage of using the Event Object in Lambda functions?

It provides parameters in JSON format for processing.

What does the writer endpoint in a database setup provided by Amazon allow applications to do?

Direct write operations through a centralized DNS endpoint

Which of the following is a primary advantage of using Amazon ElastiCache?

Provides in-memory data storage for high performance

Which statement accurately describes the function of cache hits and misses?

Cache hits indicate successful retrieval of data from the cache

What is a notable operational feature of Amazon DynamoDB?

It is designed as a NoSQL database for rapid throughput

Which advantage does cross-region replication provide?

Enhances data availability by distributing copies across regions

What is a limitation of using Memcached compared to Redis?

Memcached does not have advanced data structure support

How does the reader endpoint facilitate database access?

It uses a connection load balancer for distributing read requests

Which scenario is best suited for using Amazon ElastiCache?

Handling read-intensive workloads with low latency demands

Which AWS service provides a managed load balancer for forwarding traffic to multiple downstream servers, and offers features like health checks and automatic scaling?

AWS Amplify Hosting

Which of the following statements about AWS CodeBuild is FALSE?

CodeBuild can upload build artifacts to CodeCommit, but not to external artifact repositories like S3.

What is a key advantage of using AWS CloudShell over a local terminal when working with AWS resources?

CloudShell provides access to AWS resources without requiring you to configure your local terminal with AWS credentials.

Which service offers a serverless CI/CD environment for AWS applications, allowing you to automate the build, test, and deployment process without managing infrastructure?

AWS CodeBuild

Which of the following AWS services is NOT a part of the AWS Amplify framework?

AWS CodeBuild

Which AWS service provides a Git-based code repository hosted in S3, offering high availability and resiliency, and seamless integration with other AWS services?

AWS CodeCommit

Which of the following statements accurately describes AWS CodeArtifact?

CodeArtifact is a fully managed, private artifact repository service that allows you to store and manage code artifacts for use in your applications.

Which of the following is NOT a benefit of using AWS CloudShell over a local terminal for managing AWS resources?

CloudShell is more secure than a local terminal as it provides access to all AWS services, including those with sensitive data.

Study Notes

Amplify

• Amplify studio, libraries, CLI, and hosting are available
• Can export to CloudFormation template

AWS Cloud9

• cloud-based integrated development environment (IDE)

AWS CloudShell

• Available in a few AWS regions only
• Terminal in the cloud, works similar to AWS CLI
• Advantage: no need to configure AWS with access key
• Supports Linux commands like ls, echo, cat, etc.
• Stateful: creates or edits files

AWS CodeArtifact

• Artifact repository service

AWS CodeBuild

• Serverless continuous integration (CI) service
• Reduces need for patching/maintaining a dedicated server
• Only pay for time it takes to build (not idle time)
• Provides pre-packaged environments like Docker containers
• Build environment: OS + programming env + tools used by CodeBuild
• Can test/run application locally
• Can create build project using CodeBuild console/AWS CLI/AWS SDK/creation of CodePipeline
• Buildspec.yaml defines the build to run
• Can upload build artifact to CodeArtifact or another artifact repo
• Supports Amazon SNS on build notifications (e.g., build failure)

AWS CodeCommit

• Hosted in S3, provides high availability and resiliency
• Integrates well with other AWS services
• Advantage over GitHub/Stash: can omit an event when code has been committed and changed for other services to use

AWS CodeDeploy

• Continuous deployment service

Amazon CodeGuru

• Machine learning-based code review service

AWS CodePipeline

• Continuous integration and continuous deployment (CI/CD) service

AWS CodeStar

• Development environment for building, deploying, and managing applications

AWS CodeWhisperer

• AI-powered coding companion

AWS X-Ray

• Service for analyzing and debugging distributed applications

Management and Governance

AWS AppConfig

• Service for managing application configuration and deployment

AWS CLI

• Command-line tool to interact with AWS services
• Protected by access keys
• Alternative to AWS Management Console
• Built on AWS SDK for Python
• Supports direct access to public APIs of AWS services

AWS SDK

• Set of libraries to access language-specific APIs
• Embedded within an application
• High-level SDK and low-level SDK (for API-level commands)
• Programming language-specific (e.g., JavaScript, Java, Python, PHP, Go)

AWS Cloud Development Kit (AWS CDK)

• Open-source software development framework

AWS CloudFormation

• Service for infrastructure as code (IaC)

AWS CloudTrail

• Service for auditing and tracking AWS resource usage

Amazon CloudWatch

• Monitoring and logging service

Amazon CloudWatch Logs

• Service for monitoring and logging AWS resource usage

AWS Systems Manager

• Service for managing and monitoring AWS resources

Networking and Content Delivery

Amazon API Gateway

• RESTful API service

Amazon CloudFront

• Content delivery network (CDN)

Elastic Load Balancing (ELB)

• Managed load balancer service
• Scalability vs high availability: vertical scalability (e.g., increase instance size of EC2), horizontal scalability (add load balancer/auto-scaling group)
• Scalability is linked to but different from high availability (e.g., auto-scaling group multi-AZ/load balancer multi-AZ)

Amazon S3

• Object storage service
• VPC Endpoint can be used to connect EC2 instance in the VPC to AWS global services like AWS Lambda/S3
• Traffic does not pass through the internet
• Supports VPC gateway endpoint available for Amazon S3 and DynamoDB

Security

AWS Access Keys

• Generated through AWS Console
• Users are responsible for their own access keys
• Access Key ID ~= username, Secret Access Key ~= password

AWS Key Management Service (AWS KMS)

• Can be used to encrypt EBS at rest

AWS Private Certificate Authority

• Service for managing private certificates

AWS Secrets Manager

• Service for managing secrets and credential rotation

AWS Security Token Service (AWS STS)

• Service for temporary security credentials

AWS WAF

• Web application firewall service

Storage

Amazon Elastic Block Store (Amazon EBS)

• Network drive you can attach to your instances
• Persists data even after EC2 termination
• Bound to specific AZ (need to snapshot it to move it across)
• Can be detached from EC2 instance and attached to another one quickly
• Has a provisioned activity (IOPS, space, etc.)
• Delete on Termination attribute: controls EBS behavior when EC2 instance terminates

EBS Snapshots

• Backup of your EBS volume
• Can copy snapshots across AZ
• Features: move to archive tier (75% cheaper), recycle bin for snapshots, Fast Snapshot Restore (FSR)

AMI overview

• Customization of an EC2 instance
• Up to 16 EC2 instances at a time
• Must use a filesystem that's cluster-aware (not XFS, EXT4...)

EC2 Instance Store

• High-performance, low-latency, better I/O performance
• Hardware disk attached via network drive to EC2
• Ephemeral storage: lose their storage if EC2 instance is stopped
• Good as a buffer/cache/scratch data/temporary content

Amazon Elastic File System (Amazon EFS)

• Managed NFS (Network File System) that can be mounted on many EC2
• EFS can work in multiple AZ
• Highly available, scalable, expensive (3x the cost of gp2), and pay-per-use
• Use cases: content management, web serving, data sharing, WordPress
• Only compatible with Linux-based AMI (not Windows)
• Encryption with KMS at rest
• POSIX file system with standard file API
• File system scales automatically: no capacity planning, pay-per-use
• Scalability and performance modes: EFS Scale, Performance mode (General Purpose, Max IO), Throughput mode (Bursting, Provisioned)
• Storage tiers: Standard, Infrequent Access (EFS-IA), Archive
• Can implement lifecycle policies to move files between storage tiers

Accessing AWS

• AWS can be accessed through the management console (protected by password and MFA), AWS CLI (protected by access keys), and AWS SDK (protected by access keys)

Edge Networks

• Allow content to be cached closer to other locations
• Also known as CDN, uses CloudFront to serve content at edge locations
• CloudFront can also run Lambda functions

Major AWS Services

Analysis

• Athena: interactive query service stored in S3, serverless, and costs less compared to RedShift/EMR or ES
• Athena vs S3 Select: can query the entire bucket instead of just a subset with S3
• Kinesis: real-time data streams, preserves order of messaging by default, supports multiple data sources
• Kinesis vs SQS: Kinesis is real-time, provides ability to perform analysis
• OpenSearch Service: search service for log analysis

Application Integration

• SQS: standard vs FIFO (benefits), ordered, and supports multiple data sources
• SNS: notification service
• EventBridge: event-driven architecture
• AppSync: managed GraphQL service
• Step Functions: orchestrates lambda functions, visual review of workflow, 8 state types

Compute

• EC2: provides various sizing and configuration options, such as OS, CPU, RAM, EBS, and EFS
• EC2 User Data: bootstrapped, run once only at the first instance start, as root user
• EC2 Instance types: many different types, naming convention: m5.2xlarge (memory optimized, generation, spec)
• EC2 Instance types: compute optimized, memory optimized, higher availability, supports cross-region replication

Database

• Amazon DynamoDB: No SQL database, writer/reader endpoint
• Amazon ElastiCache: managed Redis or Memcached instances, in-memory dbs with high performance
• ElastiCache: maximum number of read replicas for Elasticache Redis cluster with cluster-mode disabled = 5
• Memcached vs Redis: multi AZ with auto-failover, read replicas, backup and restore, sets and sorted sets

Caching Design Patterns

• Lazy loading/ Cache-Aside/ Lazy Population
• Write Through: write to cache when DB is updated
• Pros and Cons of each caching design pattern

Networking

• Route table: controls network traffic in your VPC through subnet routing
• VPC peering: connects two VPC privately using AWS' network
• VPC endpoints: connect to AWS services using private network instead of www network
• Site to Site VPC: connect on-premises VPN to AWS (encrypted over public internet)
• Direct Connect (DX): physical connection between on-premises and AWS

Security Features

• Network ACL: firewall to allow or deny at a subnet level
• Security Groups: works at instance level (e.g. EC2), can only specify ALLOW rules not DENY

Video Streams

• No additional information provided

OpenSearch Service

• No additional information provided

Application Integration

• SQS: Standard vs FIFO (benefits)

SNS

• No additional information provided

EventBridge

• No additional information provided

AppSync

• No additional information provided

Step Functions

• Orchestrates lambda functions
• Statemachine - serverless workflow - allows you to review flow visually
• 8 state types:
  • Task - single unit of work
  • Choice - if-then-else logic
  • Parallel - run units of work in parallel
  • Wait - delay execution for a time period
  • Fail - stop execution, mark as failure
  • Succeed - stop execution, mark as success
  • Pass - passes input to its output
  • Map - for each loop
• Has built-in retry/error handling that you can implement at each state

Compute

• EC2
  • Sizing and configuration options:
    • OS (Linux, Windows, or Mac OS)
    • CPU
    • RAM
    • EBS and EFS (Network attached)
    • EC2 Instance Store (Hardware)
    • Network card (speed of card / public IP address)
    • Security Group (Firewall rules)
    • Bootstrap Script (configure at first launch: EC2 User Data)
  • EC2 User Data
    • Bootstrapped, Run once only at the first instance start
    • e.g., installing updates / software
    • Run as root user
  • EC2 Instance types:
    • e.g., t2.micro, c5d.4xlarge - many different types
    • Naming convention: m5.2xlarge (m = memory optimized, 5 = generation (AWS improves over time). 2xLarge = spec)
    • Compute optimized - Use cases: good for batch processing / media transcoding / machine learning / dedicate gaming server
    • Memory optimized - Use cases: High-performance databases (with memory). Web scale cache stores (e.g., SNS Notification event, Amazon S3 event)

Lambda

• Context object describes the current execution event of the lambda function (e.g., memory of the function, get remaining time in millis, etc.)
• Lambda Layers
  • Allow you to re-use external dependencies that will be used by multiple Lambda functions
  • Deployed as zips that can be re-used
  • Advantages:
    • Can be shared with all lambda functions inside a region
    • Faster Deployments
    • Separation of concern - can separate business logic from its dependencies
    • Can manage all dependencies for shared resources in a single layer, rather than repeating the same dependency / utility function in each lambda function
• Lambda Versions / Aliases
  • Allows new version of function can be created to avoid affecting Prod
  • Useful for Canary deployments
  • Versions auto-increment number
  • Alias is like a nickname for a version - can change the version it's pointing to (so your other code can refer to the alias)
  • Like a symlink, referring code does not need to update version it's pointing to, can just point to alias
• Lambda / VPC integration
  • Need to assign execution role IAM managed policy with LambdaVPCAccessExecutionRole to allow access (to the Lambda)
  • Lambda function will lose access to the internet after it connects to VPC

AWS Serverless Application Model (SAM)

• No additional information provided

Elastic Beanstalk

• No additional information provided

Containers

• AWS Copilot
  • No additional information provided
• Amazon Elastic Container Registry (Amazon ECR)
  • No additional information provided
• Amazon Elastic Container Service (Amazon ECS)
  • No additional information provided
• Amazon Elastic Kubernetes Service (Amazon EKS)
  • No additional information provided

Database

• Relational vs No SQL
  • Harder to make Schema changes with relational
• Amazon Aurora
  • Basic
    • Autoscales in increments of 10GB up to 128TB
    • Supports MySQL and PostgreSQL
    • 20% more expensive than RDS but "AWS cloud optimized" e.g., Firewalls, Intrusion Detection Systems, Payload Manipulation)
• Security Groups / Use cases
  • Load balancers can have security groups which can be set up to allow HTTP traffic, and can connect Application Security group to restrict access from load balance security group only
  • IP address to load balance to, must be private IPs

Load Balancing

• Stick sessions / Session Affinity
  • Ensure use request only routed to the same target group
  • CLB and ALB use cookie with expiration date
  • Use case - make sure user doesn't lose his session data
  • Enabling stickiness may cause EC2 instances to not be equally balanced
  • Application-based Cookies: Check for custom attributes required by the application
  • Duration-based cookies: Generated by load balancer
• Cross Zone load balancing: (Cross AZ load balancing)
  • With Enabled: each load balancer instance distributes evenly across all registered instances in all AZ
  • With Disabled: Requests are distributed in the instances of the node of the Elastic Load Balancer
  • ALB - enabled by default (can be disabled at target group level), no charge for inter AZ data
  • NLB - disabled by default (Pay charges for cross zone AZ)
• SSL / TLS
  • Can use SSL Cert / TLS cert between your clients and your load balancer to allow encryption in transit (in-flight encryption) - TLS is newer
  • Managed via AWS ACM (Certificate manager) - Load balancer uses an X.509 Cert but you can upload your own certs to ACM
  • Set a default certificate on HTTPS listener (with optional list of domains)
  • Clients can use SNI (Server name Indication) to indicate the hostname they would like to reach on initial SSL handshake
  • SNI solves the problem of multiple SSL Certs onto one web server (you may have more than one domain SSL cert at the ALB level)
  • SNI only works for ALB / NLB and CloudFront
• Connection Draining / Deregistration delay
  • Can set time to complete 'in-flight requests' while target group instances are de-registering or unhealthy

Amazon Route 53

• No additional information provided

Amazon VPC

• VPC can only exist within one region
• Private subnet within one availability zone only (one subnet cannot span two or more AZs) (for backend systems like DBs, app servers) - not accessible from internet
• Public subnet - can have multiple subnets in the same AZ (e.g., publicly accessible web servers)
• CIDR Block
  • allows you to specify size of network between /16 (16 netmask allows 65,536 IP addresses) and /28 (16 IP addresses) netmask (total number of available hosts for network)
  • IPV4 / IPV6 CIDR range
  • First 4 and last 1 IP address reserved for Amazon
• DHCP options set
  • Automatically provision IP addresses for EC2 instances and other resources
  • Configures DNS, Netbios Name server, and NTP
• NAT Devices
  • Enable EC2 instances in private subnet to connect to public internet or other AWS services (lives in public subnet, and has a route to Internet Gateway)
  • Like a gateway but Prevents Public Internet from initiating connections with your private EC2 instances
  • Two types
    • NAT Instance - virtualized running in EC2, managed by customer, not highly scalable or available
    • NAT Gateway - Managed by AWS not on VPC, Highly available and scalable

AMI

• AMI is region-specific
• EC2 instances can be launched from public (made by AWS) and private AMIs (made yourself) or AWS MarketPlace AMI (made by someone else and potentially sold by)

EBS Volume types

• GP2 / GP3 - Cost-effective storage, low latency, general-purpose SSD volume
  • (can be used for boot volume) -
  • GP3 can independently set throughput and storage, whereas for GP2 is preconfigured (GP2 older) - up to 16,000 iops
• io1 / io2 - Provisioned IOPS SSD -
  • Applications that need sustained IOPS performance eg. Database workloads - sensitive to storage performance and consistency
  • io1 can independently set IOPs up to 64,000 IOPS for Nitro instances, IO2 set with a max PIOPS of 256,000 with a IOPS to GiB ratio of 100:1. If you want over 32,000 IOPS you need nitro
  • Supports EBS multi-attach feature
  • Can be used for boot volume
• st1 - Hard disk drives (HDD)
  • Suitable for Big data, data warehouses, log processing (500 iops)
• sc1 - Cold HDD
  • Suitable for archiving

EBS Multi-attach

• Attach the same EBS volume to multiple EC2 instances in the same AZ
• Each instance has full read-write permissions to the high-performance volume
• Use case:
  • Achieve higher application availability in clustered Linux applications

General Concepts

• AWS Well-Architected Framework consists of six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability.
• AWS Global Architectures comprise Availability Zones (60 miles apart) and Regions (made up of multiple Availability Zones).

Major AWS Services

Analysis

• Athena: Real-time processing of big unstructured data.
• Kinesis: Storage optimized - Use cases: High frequency OLTP systems / DB (relational and NoSQL) / data warehouses, etc.
• OpenSearch Service: General purpose - Good general diversity for general websites.

Application Integration

• SQS: Queue-based service.
• SNS: Fanout to multiple subscribers.
• EventBridge: Serverless event bus.
• AppSync: GraphQL API.
• Step Functions: Serverless functions.

Compute

• EC2: Virtual machines.
• Lambda: Serverless compute.
• AWS Serverless Application Model (SAM): Framework for building serverless applications.
• Elastic Beanstalk: Managed platform for deploying web applications.

Containers

• AWS Copilot: Develop, deploy, and manage containerized applications.
• Amazon Elastic Container Registry (Amazon ECR): Container registry.
• Amazon Elastic Container Service (Amazon ECS): Container orchestration.
• Amazon Elastic Kubernetes Service (Amazon EKS): Managed Kubernetes service.

Database

• Relational vs NoSQL databases.
• Amazon Aurora: MySQL-compatible database with high performance and reliability.
• Amazon DynamoDB: NoSQL database.
• Amazon ElastiCache:
  • Basic: Managed Redis or Memcached instances.
  • Supports high performance and low latency.
  • Use cases: Reduce load off of databases for read-intensive workloads, make applications stateless.
• Amazon RDS:
  • Basic: Relational database service.
  • RDS Storage Auto Scaling: Automatic storage scaling.
  • Read Replicas: Improve read performance and availability.
  • RDS Multi-AZ: Disaster recovery.
  • Encrypting an Unencrypted RDS DB: Enables encryption.

Developer Tools

• AWS Amplify:
  • Amplify Studio: Visual interface for developing applications.
  • Amplify Libraries: Client-side libraries for AWS services.
  • Amplify CLI: Command-line interface for Amplify.
  • Amplify Hosting: Hosting for Amplify applications.
• AWS Cloud9: Cloud-based Integrated Development Environment (IDE).
• AWS CloudShell:
  • Terminal in the cloud.
  • Supports Linux commands.
  • Stateful if you create or edit files.
• AWS CodeArtifact: Artifact repository.
• AWS CodeBuild:
  • Serverless CI/CD server for AWS.
  • Reduces need for patching/maintaining a dedicated server.
  • Only pay for time it takes to build (not idle time).
• AWS CodeCommit: Git-based code repository hosted in S3.

Management and Governance

• AWS AppConfig: Application configuration and deployment.
• AWS CLI: Command-line interface for AWS.
• AWS Cloud Development Kit (AWS CDK): Framework for defining cloud infrastructure.
• AWS CloudFormation: Infrastructure as Code (IaC) service.
• AWS CloudTrail: Auditing and logging service.
• Amazon CloudWatch:
  • Monitoring and logging service.
  • Supports metrics and logs.
• Amazon CloudWatch Logs: Log aggregation and analysis.
• AWS Systems Manager:
  • Management service for AWS resources.
  • Supports automation and orchestration.

Networking and Content Delivery

• Amazon API Gateway: RESTful API service.
• Amazon CloudFront: Content delivery network (CDN).
• Elastic Load Balancing (ELB): Load balancing service.
• Amazon Route 53: DNS service.
• Amazon VPC: Virtual private cloud (VPC).

Security, Identity, and Compliance

• AWS Certificate Manager (ACM): Certificate issuance and management.
• Amazon Cognito: User identity and access management.
• AWS Identity and Access Management (IAM): Identity and access management.
• AWS Key Management Service (AWS KMS): Key management service.
• AWS Private Certificate Authority: Private certificate authority.
• AWS Secrets Manager: Secrets management service.
• AWS Security Token Service (AWS STS): Token-based authentication.
• AWS WAF: Web application firewall.

Storage

• Amazon Elastic Block Store (Amazon EBS): Block-level storage.
• EC2 Instance Store: Instance-level storage.
• Amazon Elastic File System (Amazon EFS): File-level storage.
• Amazon S3: Object-level storage.
• Amazon S3 Glacier: Archival storage.

General Concepts

• AWS Well Architected Framework consists of six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability.
• AWS Global architectures include Availability Zones, Regions, and Edge Locations.

Major AWS Services

Analysis

• Athena: Real-time processing of big unstructured data.
• Kinesis: Real-time processing of big unstructured data.
• OpenSearch Service: Real-time processing of big unstructured data.

Application Integration

• SQS: Queue-based messaging service for decoupling applications.
• SNS: Fanout messaging service for decoupling applications.
• EventBridge: Event-driven architecture for decoupling applications.
• AppSync: GraphQL-based API for mobile and web applications.
• Step Functions: Orchestration service for coordinating microservices.

Compute

• EC2: Virtual machine service for running applications.
• Lambda: Serverless compute service for event-driven applications.
• AWS Serverless Application Model (SAM): Framework for building serverless applications.
• Elastic Beanstalk: Managed platform for deploying web applications.

Containers

• AWS Copilot: Tool for containerizing and deploying applications.
• Amazon Elastic Container Registry (Amazon ECR): Container registry for storing and managing container images.
• Amazon Elastic Container Service (Amazon ECS): Container orchestration service for running containerized applications.
• Amazon Elastic Kubernetes Service (Amazon EKS): Managed Kubernetes service for running containerized applications.

Database

• Relational vs NoSQL databases: Relational databases use structured data, while NoSQL databases use unstructured or semi-structured data.
• Amazon Aurora: Relational database service with high performance and availability.
• Amazon DynamoDB: NoSQL database service with high performance and scalability.
• Amazon ElastiCache: In-memory caching service for improving database performance.
• Cache Eviction / TTL (Time to Live): Mechanism for managing cache data.
• Amazon MemoryDB for Redis: In-memory database service for real-time data processing.

Developer Tools

• AWS Amplify: Development framework for building cloud-native applications.
• AWS Cloud9: Integrated development environment (IDE) for coding and debugging.
• AWS CloudShell: Browser-based shell for running scripts and commands.
• AWS CodeArtifact: Package manager for storing and managing software packages.
• AWS CodeBuild: Continuous integration and continuous deployment (CI/CD) service for building and deploying applications.
• AWS CodeCommit: Version control service for managing code repositories.
• AWS CodeDeploy: Continuous deployment service for automating code deployments.
• Amazon CodeGuru: AI-powered code review service for improving code quality.
• AWS CodePipeline: Continuous integration and continuous deployment (CI/CD) service for automating workflows.
• AWS CodeStar: Development environment for building and deploying applications.

Management and Governance

• AWS AppConfig: Configuration management service for managing applications.
• AWS CLI: Command-line interface for managing AWS services.
• AWS Cloud Development Kit (AWS CDK): Framework for defining cloud infrastructure in code.
• AWS CloudFormation: Infrastructure as Code (IaC) service for managing cloud resources.
• AWS CloudTrail: Audit logging service for tracking API calls.
• Amazon CloudWatch: Monitoring and logging service for tracking application performance.
• Amazon CloudWatch Logs: Log management service for collecting and analyzing logs.
• AWS Systems Manager: Automation service for managing and configuring resources.

Networking and Content Delivery

• Amazon API Gateway: API management service for building and managing APIs.
• Amazon CloudFront: Content Delivery Network (CDN) for distributing static assets.
• Elastic Load Balancing (ELB): Load balancing service for distributing traffic.
• Amazon Route 53: Domain Name System (DNS) service for managing domain names.
• Amazon VPC: Virtual Private Cloud (VPC) for creating isolated networks.

Security, Identity, and Compliance

• AWS Certificate Manager (ACM): Certificate management service for managing SSL/TLS certificates.
• Amazon Cognito: Identity management service for managing user identities.
• AWS Identity and Access Management (IAM): Identity and access management service for managing access to AWS resources.
• AWS Key Management Service (AWS KMS): Key management service for managing encryption keys.
• AWS Private Certificate Authority: Certificate authority service for issuing private certificates.
• AWS Secrets Manager: Secret management service for storing and managing sensitive data.
• AWS Security Token Service (AWS STS): Token service for managing temporary credentials.
• AWS WAF: Web Application Firewall (WAF) for protecting applications from attacks.

Storage

• Amazon Elastic Block Store (Amazon EBS): Block-level storage service for EC2 instances.
• EC2 Instance Store: Instance store service for storing data locally on EC2 instances.
• Amazon Elastic File System (Amazon EFS): File-level storage service for EC2 instances.
• Amazon S3: Object-level storage service for storing and serving objects.
• Amazon S3 Glacier: Archival storage service for storing and retrieving infrequently accessed data.

AWS Lambda

• Context object describes the current execution event of the Lambda function, including memory and remaining time in millis
• Lambda Layers allow reusing external dependencies across multiple Lambda functions, advantageous for shared resources and faster deployments
• Lambda Versions/Aliases enable creating new versions of functions without affecting production, useful for Canary deployments, with aliases serving as nicknames for versions
• Lambda/VPC integration requires assigning an execution role with LambdaVPCAccessExecutionRole policy, but affects internet access

AWS Serverless Application Model (SAM)

• Enables building serverless applications

Containers

• Amazon Elastic Container Registry (Amazon ECR) for storing container images
• Amazon Elastic Container Service (Amazon ECS) for managing containers
• Amazon Elastic Kubernetes Service (Amazon EKS) for managing Kubernetes clusters

Database

• Relational databases vs NoSQL databases, with relational databases being harder to make schema changes
• Amazon Aurora, a cloud-optimized relational database, supports MySQL and PostgreSQL, and autoscales in increments of 10GB up to 128TB

AWS Copilot

• Simplifies containerized application development and deployment

AWS Elastic Beanstalk

• Enables deploying web applications and services to the cloud

AWS Cloud9

• Provides an integrated development environment (IDE) for writing, running, and debugging code

AWS CloudShell

• Offers a terminal in the cloud, available in a few AWS regions, with no need to configure AWS access keys
• Supports Linux commands like ls, echo, and cat, and is stateful for created or edited files

AWS CodeArtifact

• Provides a package manager for AWS services

AWS CodeBuild

• Offers a serverless CI/CD service for building and testing code, reducing the need for patching/maintaining dedicated servers
• Provides pre-packaged environments, such as Docker containers, and supports Amazon SNS for build notifications

AWS CodeCommit

• Offers a Git-based code repository, hosted in S3 for high availability and resiliency
• Integrates well with other AWS services, such as Route 53, ELB, and EC2

Security, Identity, and Compliance

• AWS Certificate Manager (ACM) for managing SSL/TLS certificates
• Amazon Cognito for user identity and access management
• AWS Identity and Access Management (IAM) for access control and security
• Best practices: use the principle of least privilege, avoid using the root account, and apply policies to users, groups, and roles

Users and Groups

• Users can be part of multiple groups
• Groups can be assigned policies, which are JSON documents defining permissions

Policies

• Policy structure includes version, ID, statement, effect, principal, action, resource, and condition
• Policies can be assigned to users, groups, or resources

Roles

• Can be assigned to AWS services, such as EC2 instances or Lambda functions

Password Policy

• Can be set up for minimum length, specific character types, and password expiry
• Can be enabled to prevent password reuse and allow users to change their own passwords

MFA (Multi-Factor Authentication)

• Combines something you know (password) with something you own (security device)
• Supports virtual MFA devices, U2F security keys, and hardware key fobs

Security Tools

• IAM Credentials Report for account-level credential status
• IAM Access Advisor for service permissions and last access times

Shared Responsibility of IAM

• AWS is responsible for infrastructure, configuration, and vulnerability analysis
• Users are responsible for users, groups, roles, policies, monitoring, and MFA enablement

AWS Access Keys

• Generated through the AWS Console, should be kept secret, and rotated regularly

AWS Key Management Service (AWS KMS)

• Can be used to encrypt EBS at rest

AWS Private Certificate Authority

• Enables creating and managing private certificates

AWS Secrets Manager

• Enables securely storing and retrieving sensitive data

AWS Security Token Service (AWS STS)

• Provides temporary security credentials for AWS services

AWS WAF

• Provides a web application firewall for protecting web applications

Storage

• Amazon Elastic Block Store (Amazon EBS) provides a network drive for EC2 instances
• EBS persists data even after EC2 termination and has a provisioned activity (IOPS, space, etc.)
• EBS Snapshots enable backing up EBS volumes, with features like copying across AZs, moving to an archive tier, and fast snapshot restore
• EC2 Instance Store provides high-performance, low-latency storage, but is ephemeral and loses data if the instance is stopped
• Amazon Elastic File System (Amazon EFS) offers a managed NFS for multiple EC2 instances, with high availability, scalability, and pay-per-use pricing.

EC2

• Storage optimized instances are ideal for high frequency OLTP systems, databases, and data warehouses
• General purpose instances provide good general diversity for general websites
• HPC optimized instances are designed for high-performance computing workloads
• On-demand instances offer short workloads with predictable pricing, and users pay by the second
• Reserved instances (1 & 3 years) are suitable for long workloads, with the option to convert to convertible reserved instances for flexible instances
• Savings plans (1 & 3 years) provide a commitment to an amount of usage, resulting in cost savings
• Spot instances are ideal for short workloads, offering cheap prices, but may lose instances and are less reliable
• Dedicated hosts allow users to book an entire physical server, with control over instance placement, making it suitable for bring-your-own-license and regulatory requirements
• Dedicated instances ensure no other customers share the user's hardware, with the option to have their own instance on their own hardware
• Capacity reservations allow users to reserve capacity in a specific availability zone (AZ) for a specified duration

Lambda

• Asynchronous and synchronous invocations are supported
• The execution lifecycle of a function includes cold start, init, invoke, and shutdown
• Cold start up to 10 seconds is not charged, and init and invoke phases can be reused up to 512MB
• Event and context objects provide parameters to the lambda function, with the event object containing JSON data for processing

AWS Services

• AWS CodeDeploy, CodeGuru, CodePipeline, CodeStar, and CodeWhisperer are development tools
• AWS X-Ray provides management and governance
• AWS AppConfig and AWS CLI provide protected access keys, command-line tools, and direct access to public APIs
• AWS SDK offers language-specific APIs for embedded application development
• AWS Cloud Development Kit (AWS CDK) and AWS CloudFormation provide infrastructure as code
• AWS CloudTrail and Amazon CloudWatch provide monitoring and logging
• AWS Systems Manager provides system management and automation

Networking and Content Delivery

• Amazon API Gateway manages APIs
• Amazon CloudFront provides content delivery
• Elastic Load Balancing (ELB) supports scalability and high availability
• Scalability is achieved through vertical (increasing instance size) and horizontal (adding load balancers/auto-scaling groups) scaling
• High availability ensures data is available in at least two data centers to survive data center loss
• Load balancing distributes traffic to multiple servers downstream, with ELB offering a managed load balancer with features like sticky sessions and security groups
• Security groups can be attached to load balancers to restrict access
• Cross-zone load balancing distributes requests across all registered instances in all AZs
• SSL/TLS encryption is supported using AWS Certificate Manager (ACM) and can be used with load balancers

Autoscaling

• Autoscaling groups (ASG) automatically scale out or scale in to match load requirements
• ASG is free, with costs incurred only for underlying EC2 instances
• ASG can be configured using launch templates containing AMI, instance type, EC2 user data, EBS volumes, security groups, SSH key pairs, IAM roles, and network information
• Scaling policies can be based on CloudWatch alarms, with options for target tracking, dynamic scaling, and scheduled scaling
• AMI is region-specific, and EC2 instances can be launched from public, private, or AWS Marketplace AMIs

Storage

• EBS volume types include:
  • GP2/GP3: cost-effective storage with low latency, general-purpose SSD volume
  • io1/io2: provisioned IOPS SSD for applications requiring sustained IOPS performance
  • st1: hard disk drives (HDD) for big data, data warehouses, and log processing
  • sc1: cold HDD for archiving
• EBS multi-attach allows attaching the same EBS volume to multiple EC2 instances in the same AZ, with each instance having full read-write permissions

Edge Networks

• Allow content to be cached closer to other locations
• Also known as CDN (Content Delivery Network)
• Use CloudFront to serve content at edge locations, which can also run Lambda functions

Accessing AWS

• AWS Management Console: protected by password and MFA
• AWS CLI: protected by access keys, command line tool to interact with AWS services
• AWS SDK: protected by access keys, set of libraries to access language-specific APIs

Major AWS Services

Analysis

Athena

• Interactive Query service stored in S3
• Allows querying entire bucket instead of just a subset with S3
• Serverless, costs less compared to RedShift/EMR or ES

Kinesis

• DataStreams: real-time, preserves order of messaging by default, supports multiple data sources
• Data Analytics: provides ability to perform analysis
• Firehose: can stream data without need for a consumer

AWS Cloud9

• Integrated development environment (IDE) that provides a cloud-based development environment

AWS CloudShell

• Available in a few AWS regions only, terminal in the cloud
• Advantage over terminal: no need to configure AWS with access key
• Supports Linux commands like ls, echo, cat, etc.
• Stateful if you create or edit files

AWS Code Services

CodeArtifact

• Used for storing and sharing artifacts like code and dependencies

CodeBuild

• Serverless CI Server for AWS, reduces need for patching/maintaining a dedicated server
• Only pay for time it takes to build, provides pre-packaged environments like Docker containers
• Build environment = OS + Programming env + Tools used by CodeBuild to run the build
• Can create build project using CodeBuild console/AWS CLI/AWS SDK/creation of CodePipeline
• Buildspec.yaml defines the build to run (on the code pulled from source repo)

CodeCommit

• Git-based code repository, hosted in S3, high availability and resiliency
• Advantage over GitHub/Stash: integrates well with other AWS services

CodeDeploy

• Automated deployment service that helps deploy applications to various environments

CodeGuru

• Machine learning-based service that helps improve code quality and identify bugs

CodePipeline

• Continuous integration and continuous delivery (CI/CD) service

CodeStar

• Integrated development environment (IDE) for creating and managing applications

CodeWhisperer

• AI-powered coding companion that provides suggestions and completions

Management and Governance

AppConfig

• Helps manage application configurations and settings

AWS CLI

• Command line tool to interact with AWS services using commands in your shell
• Direct access to the public APIs of AWS Services
• Opensource, alternative to AWS management console
• Built on AWS SDK for Python

AWS SDK

• Set of libraries to access language-specific APIs (embedded within application)
• Programming language-specific (e.g., JavaScript, Java, Python, PHP, Go, etc.)

AWS Cloud Development Kit (AWS CDK)

• Open-source framework that allows defining cloud infrastructure in code

AWS CloudFormation

• Service that helps use templates to define and deploy infrastructure as code

AWS CloudTrail

• Service that provides governance, compliance, and audit for AWS API calls

Amazon CloudWatch

• Monitoring and logging service that provides insights into application performance

Amazon CloudWatch Logs

• Service that helps monitor and troubleshoot application logs

AWS Systems Manager

• Service that helps manage and configure AWS resources

Networking and Content Delivery

Amazon API Gateway

• Fully managed service that makes it easy to create, publish, and manage RESTful APIs

Amazon CloudFront

• Fast, highly secure, and programmable content delivery network (CDN)

Elastic Load Balancing (ELB)

• Managed load balancer that helps distribute traffic across multiple targets

Scalability vs High Availability

• Vertical scalability: increases instance size of EC2
• Horizontal scalability: adds load balancer/autoscaling group
• Scalability is linked to but different from high availability

Load Balancing

• Forward traffic to multiple servers downstream (e.g., EC2 instances)

ELB

• Managed load balancer, more cost-effective compared to setting up own load balancer
• Integrates with many AWS offerings/services

Autoscaling Groups (ASG)

• Automatically scales out (adds EC2 instances) or scales in (removes EC2 instances) to match load per requirements
• Configured via Launch template containing various settings
• Can attach security groups to ASG just like EC2
• Scaling policies: based on CloudWatch alarm, dynamic scaling, scheduled scaling

AWS Services

• AWS CodeDeploy: not described
• Amazon CodeGuru: not described
• AWS CodePipeline: not described
• AWS CodeStar: not described
• Amazon CodeWhisperer: not described
• AWS X-Ray: not described

Management and Governance

• AWS AppConfig: not described
• AWS CLI:
  • Protected by Access Keys
  • Command line tool to interact with AWS services using commands in your shell
  • Direct access to the public APIs of AWS Services
  • Opensource
  • Alternative to AWS management console
  • Built on AWS SDK for Python
• AWS SDK:
  • Set of libraries to access Language specific APIs (embedded within application) - high level SDK and low level SDK (for API level commands)
  • Programming language specific e.g. Javascript, java, python, PHP, Go etc)
• AWS Cloud Development Kit (AWS CDK): not described
• AWS CloudFormation: not described
• AWS CloudTrail: not described
• Amazon CloudWatch: not described
• Amazon CloudWatch Logs: not described
• AWS Systems Manager: not described

Networking and Content Delivery

• Amazon API Gateway: not described
• Amazon CloudFront: not described
• Elastic Load Balancing (ELB):
  • Scalability vs High Availability
  • Vertical scalability (e.g. Increase instance size of EC2)
  • Horizontal scalability (Add load balancer / auto scaling group)
  • Scalability is linked to but different to high availability (Means your data is running at least 2 data centers - to survive data center loss)
  • Load balancing: forward traffic to multiple servers downstream (e.g. EC2 instances)
  • Managed load balancer - more cost effective compared with setting up your own load balancer / AWS guarantees it is working / upgrades / maintenance etc.
  • Integrates with many AWS offerings / services: e.g. Firewalls, Intrusion Detection Systems, Payload Manipulation
  • Supports Sticky Sessions
• Stick sessions / Session Affinity:
  • Ensure user request only routed to same target group
  • CLB and ALB use cookie with expiration date
  • Use case - make sure user doesn't lose his session data
  • Enabling stickiness may cause ec2 instances to not be equally balanced
  • Application based Cookies: Check for custom attributes required by the application
  • Duration based cookies: Generated by load balancer
• Cross Zone load balancing:
  • With Enabled: each load balancer instance distributes evenly across all registered instances in all AZ
  • With Disabled: Requests are distributed in the instances of the node of the Elastic Load Balancer
  • ALB - enabled by default (can be disabled at target group level), no charge for inter AZ data
  • NLB - disabled by default (Pay charges for cross zone AZ)
• SSL / TLS:
  • Can use SSL Cert / TLS cert between your clients and your load balancer to allow encryption in transit (in-flight encryption)
  • Managed via AWS ACM (Certificate manager) - Load balancer uses an X.509 Cert but you can upload your own certs to ACM
  • Set a default certificate on HTTPS listener (with optional list of domains)
  • Clients can use SNI (Server name Indication) to indicate the hostname they would like to reach on initial SSL handshake
  • SNI solves the problem of multiple SSL Certs onto one web server (you may have more than one domain SSL cert at the ALB level)
  • SNI only works for ALB / NLB and CloudFront
• Connection Draining / Deregistration delay:
  • Can set time to complete 'in-flight requests' while target group instances are de-registering or unhealthy
  • Associated with particular AZ only (so can implement redundancy by implementing for each AZ separately)
• Route table:
  • Controls the network traffic in your vpc through subnet routing
  • Allow access between subnets / to the internet
  • One route table can be associated with multiple subnets, but each subnet must have exactly one route table associated
• VPC peering:
  • Connect two VPC privately using AWS' network - make them behave as if they were in the same network
  • Must not have overlapping CIDR (IP address range)
  • VPC peering connection is not transitive (if a is connected to b, and b is connected to c, then a is not connected to c, unless a direct connection exists)
• VPC Endpoints:
  • Endpoints allow you to Connect to AWS services using private network instead of www network
  • Enhanced security and lower latency to access AWS Services
  • Site to Site VPC - connect on-premises VPN to AWS (encrypted over public internet)
  • Direct Connect (DX) - Physical connection between on-premises and AWS - secure, fast and private network

Security Features

• Network ACL:
  • Firewall to allow or deny at a subnet level - explicitly allow or deny traffic by Port / IP address / Destination
• Security Groups:
  • Works at instance level (e.g. EC2).(ENI - elastic network interface)
  • Can only specify ALLOW rules not DENY
  • Inbound security group all deny by default, outbound security group is allow all by default
  • Security group rule, comprises of IP / port (e.g. ssh) or other security groups
  • Rules can be added to authorize another security group through (useful for load balancer where ec2 instances can connect without needing to specify IP all the time)
• Virtual private gateway / public gateway:
  • Internet Gateway - allow connection to Internet at the VPC level
  • Customer Gateway - Virtual private gateway can be used to establish an AWS DirectConnect connection to CustomerGateway (which could be a hardware or virtual gateway in the customers own on-premises data centre) at VPC level
• VPC Flow log:
  • Capture information about IP traffic going to instances - there are also Subnet flow logs, ENI (Elastic Network Interface Flow logs)
  • Monitor network traffic through the VPC
  • Can be sent to S3, CloudWatch, or Kinesis data firehose

Example Architectures

• Three Tier Architecture:
  • Understanding of general diagram (For e.g. Pre-packing the software with EC2 instance)
• AMI:
  • AMI is region specific
  • EC2 instances can be launched from public (made by AWS) and private AMIs (made yourself) or AWS MarketPlace AMI (made by someone else and potentially sold by)

EBS Volume types

• GP2 / GP3:
  • Cost effective storage, low latency, general purpose SSD volume (can be used for boot volume)
  • GP3 can independently set throughput and storage, whereas for GP2 is preconfigured (GP2 older) - up to 16,000 iops
• io1 / io2:
  • Provisioned IOPS SSD -
  • Applications that need sustained IOPS performance eg. Database workloads - sensitive to storage performance and consistency
  • io1 can independently set IOPs upto 64,000 IOPS for Nitro instances, IO2 set with a max PIOPS of 256,000 with a IOPS to GiB ratio of 100:1. If you want over 32,000 IOPS you need nitro
  • Supports EBS multi attach feature
  • Can be used for boot volume
• st1:
  • Hard disk drives (HDD)
  • Suitable for Big data, data warehouses, log processing (500 iops)
• sc1:
  • Cold HDD
  • Suitable for archiving

EBS Multi-attach

• Attach the same EBS volume to multiple EC2 instances in the same AZ
• Each instance has full read write permissions to the high performance volume
• Use case: Achieve higher application availability in clustered linux applications (e.g.

General Concepts

• AWS Well-Architected Framework consists of six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability
• AWS Global architectures include:
  • Availability Zones (60 miles apart)
  • Regions (made up of multiple Availability Zones)
  • Video Streams

Major AWS Services

Analysis

• Athena: a query service for analyzing data in Amazon S3
• Kinesis: a real-time data processing service
• OpenSearch Service: a search service for log analytics and application monitoring

Application Integration

• SQS: a message queue service with Standard and FIFO (First-In-First-Out) queues
  • Benefits of FIFO: exactly-once processing, and message deduplication
• SNS: a publish-subscribe messaging service
• EventBridge: a serverless event bus service
• AppSync: a managed service for building GraphQL APIs
• Step Functions: a service for orchestrating AWS Lambda functions
  • Features:
    • 8 state types: Task, Choice, Parallel, Wait, Fail, Succeed, Pass, and Map
    • Built-in retry/error handling at each state
    • Visual workflow management

Compute

• EC2:
  • Sizing and configuration options:
    • OS (Linux, Windows, or Mac OS)
    • CPU
    • RAM
    • EBS and EFS (Network-attached)
    • EC2 Instance Store (Hardware)
    • Network card (speed of card and public IP address)
    • Security Group (Firewall rules)
    • Bootstrap Script (configure at first launch: EC2 User Data)
  • EC2 User Data:
    • Bootstrapped, run once only at the first instance start
    • e.g., installing updates/software
    • Run as root user
  • EC2 Instance types:
    • e.g., t2.micro, c5d.4xlarge (many different types)
    • Naming convention: m5.2xlarge (m = memory optimized, 5 = generation, 2xLarge = spec)
    • Compute optimized: good for batch processing, media transcoding, machine learning, dedicated gaming server, etc.
    • Memory optimized: good for high-performance databases (with memory), web scale cache stores, etc.

Database

• Relational vs No SQL:
  • Relational: Amazon Aurora, Amazon RDS
  • No SQL: Amazon DynamoDB
• Amazon Aurora:
  • Basic: MySQL-compatible database engine
  • Writer/Reader endpoint: supports read replicas
• Amazon DynamoDB:
  • Fast, fully managed No SQL database service
• Amazon ElastiCache:
  • Basic: in-memory data store for Redis and Memcached
  • Memcached vs Redis: Memcached is a simple, key-value store, while Redis is a data structure server
• Cache Eviction/TTL (Time to Live):
  • Cache can be evicted if:
    • item is deleted explicitly in cache
    • memory is full and it's not recently used (LRU)
    • TTL that has been set is exceeded
  • If too many evictions happen due to memory limits, you should scale out or up
• Amazon MemoryDB for Redis:
  • Redis-compatible, durable, in-memory database
  • Ultra-high performance with over 160 million requests/second
  • Scale seamlessly to 100s of TB of storage
  • Use cases: web apps, online gaming, media streaming, etc.
• Amazon RDS:
  • Basic: managed relational database service
  • RDS Storage Auto Scaling: automatically scale database storage up to a set Maximum Storage Threshold
  • Read Replicas:
    • Replications are asynchronous - data will be eventually consistent
    • Up to 15 read replicas within AZ, Cross AZ, or Cross Region
    • Replicas can be promoted to their own DB
    • Applications must update connection string to use a read replica
    • Use cases: reporting, analytics, read-only high load environments
  • RDS Multi AZ (Disaster Recovery):
    • Synchronous replication - main purpose is to increase availability, not for scaling
    • One DNS name - automatic app failover to standby
    • Read replicas can be set up as Multi AZ for DR
    • Going from Single AZ to Multi AZ is a zero-downtime operation
  • Encrypting an Unencrypted RDS DB:
    • Create a snapshot of DB, copy the snapshot, click "Enable Encryption", then restore the DB instance from encrypted snapshot
    • Unencrypted RDS DB will always have unencrypted read replicas

Developer Tools

• AWS Amplify:
  • Deploy application in serverless architecture, allows auto-deployment/scaling/management of application and underlying resources
  • Complete solution that allows frontend web and mobile developers to easily build, connect, and host full-stack applications
• AWS Cloud9:
  • Cloud-based integrated development environment (IDE) for writing, running, and debugging code
• AWS CodeArtifact:
  • Fully managed artifact repository service
• AWS CodeBuild:
  • Fully managed continuous integration service
• AWS CodeCommit:
  • Fully managed version control service
• AWS CodeDeploy:
  • Fully managed deployment service
• Amazon CodeGuru:
  • Machine learning-powered code review and debugging service
• AWS CodePipeline:
  • Fully managed continuous delivery service
• AWS CodeStar:
  • Cloud-based service for creating, managing, and scaling continuous integration and continuous deployment (CI/CD) pipelines
• Amazon CodeWhisperer:
  • AI-powered coding companion that provides real-time code suggestions and recommendations
• AWS X-Ray:
  • Distributed tracing service for debugging and analyzing distributed applications

Management and Governance

• AWS AppConfig:
  • Fully managed service for managing and monitoring application configurations
• AWS CLI:
  • Command-line tool for managing AWS resources
• AWS Cloud Development Kit (AWS CDK):
  • Open-source framework for defining cloud infrastructure in code
• AWS CloudFormation:
  • Service for managing infrastructure as code
• AWS CloudTrail:
  • Service for monitoring and logging AWS API calls
• Amazon CloudWatch:
  • Monitoring and logging service for AWS resources and applications
• Amazon CloudWatch Logs:
  • Logs monitoring and analysis service
• AWS Systems Manager:
  • Service for managing and automating AWS resources and applications

Networking and Content Delivery

• Amazon API Gateway:
  • Fully managed API management service
• Amazon CloudFront:
  • Content delivery network (CDN) service
• Elastic Load Balancing (ELB):
  • Load balancing service for distributing traffic across multiple targets
• Amazon Route 53:
  • Domain name system (DNS) service
• Amazon VPC:
  • Virtual private cloud (VPC) service for creating a virtual network in the cloud

Video Streams and Application Integration

• Video Streams and Application Integration involves OpenSearch Service, SQS, SNS, EventBridge, and AppSync.

Compute

• EC2 instance types have different naming conventions, such as m5.2xlarge (m = memory optimized, 5 = generation, 2xLarge = spec).
• Compute optimized instances are suitable for batch processing, media transcoding, machine learning, and dedicated gaming servers.
• Memory optimized instances are suitable for high-performance databases with memory and web-scale cache stores.
• Predictive scaling continuously forecasts load and schedules scaling ahead, with scaling cooldowns allowing metrics to stabilize.
• Instance Refresh recreates all EC2 instances after updating a launch template, with a minimum healthy percentage as a trigger and warm-up time.

Amazon Route 53 and VPC

• A VPC can only exist within one region, with private subnets within one availability zone (AZ) only.
• Public subnets can have multiple subnets in the same AZ, with CIDR Block specifying the size of the network.
• DHCP options set automatically provision IP addresses for EC2 instances and other resources, configuring DNS, Netbios Name server, and NTP.
• NAT Devices enable EC2 instances in private subnets to connect to the public internet or other AWS services, with two types: NAT Instance and NAT Gateway.
• Route tables control network traffic in a VPC through subnet routing, allowing access between subnets and to the internet.
• VPC peering connects two VPCs privately using AWS' network, with no overlapping CIDR ranges.
• VPC Endpoints allow connecting to AWS services using a private network, enhancing security and reducing latency.

Security Features

• Network ACLs work at the subnet level, explicitly allowing or denying traffic by port, IP address, or destination.
• Security Groups work at the instance level, specifying ALLOW rules only, with default deny for inbound and default allow for outbound.
• Security Group rules comprise IP, port, or other security groups, with rules added to authorize another security group.

VPC Endpoints and Gateways

• Virtual private gateways/public gateways allow connections to the internet at the VPC level.
• Customer Gateways establish an AWS DirectConnect connection to a CustomerGateway.
• VPC Endpoint connects EC2 instances in a VPC to AWS global services like AWS Lambda and S3, without passing through the internet.

EBS Volume Types

• GP2/GP3 are cost-effective storage, low-latency, general-purpose SSD volumes, with GP3 allowing independent throughput and storage configuration.
• IO1/IO2 are provisioned IOPS SSD volumes, suitable for applications needing sustained IOPS performance, such as databases.
• ST1 is a hard disk drive (HDD) suitable for big data, data warehouses, and log processing.
• SC1 is a cold HDD suitable for archiving.

EBS Multi-attach

• Attaches the same EBS volume to multiple EC2 instances in the same AZ, with each instance having full read-write permissions to the high-performance volume.
• Used for achieving higher application availability in clustered Linux applications.

General Concepts

• AWS Well-Architected Framework consists of six pillars:
  • Operational Excellence
  • Security
  • Reliability
  • Performance Efficiency
  • Cost Optimization
  • Sustainability

Compute Services

• EC2:
  • Supports various instance types and operating systems
  • Can be launched in a VPC or a subnet
• Lambda:
  • Serverless computing service
  • Supports Node.js, Python, Java, and Go languages
  • Can be triggered by various AWS services
• AWS Serverless Application Model (SAM):
  • Framework for building serverless applications
  • Supports AWS Lambda, API Gateway, and other services

Containers

• AWS Copilot:
  • Service for deploying and managing containerized applications
  • Supports Docker and Kubernetes
• Amazon Elastic Container Registry (Amazon ECR):
  • Fully-managed container registry service
  • Supports Docker container images
• Amazon Elastic Container Service (Amazon ECS):
  • Fully-managed container orchestration service
  • Supports Docker containers and Kubernetes
• Amazon Elastic Kubernetes Service (Amazon EKS):
  • Managed Kubernetes service
  • Supports Kubernetes clusters

Database Services

• Relational vs NoSQL databases:
  • Relational databases: support structured data and SQL queries
  • NoSQL databases: support semi-structured or unstructured data and flexible schema
• Amazon Aurora:
  • Relational database service
  • Supports MySQL and PostgreSQL databases
  • Offers high performance and durability
• Amazon DynamoDB:
  • NoSQL database service
  • Supports key-value and document data models
  • Offers high performance and low latency
• Amazon ElastiCache:
  • In-memory caching service
  • Supports Memcached and Redis engines
  • Improves application performance and reduces latency
• Cache eviction and TTL (Time to Live):
  • Cache eviction: process of removing data from the cache
  • TTL: sets the maximum time data remains in the cache

Storage Services

• Amazon Elastic Block Store (Amazon EBS):
  • Block-level storage service
  • Supports persistent data storage for EC2 instances
  • Offers high performance and low latency
• EC2 Instance Store:
  • Temporary storage service
  • Supports ephemeral data storage for EC2 instances
  • Data is lost when the instance is stopped or terminated
• Amazon Elastic File System (Amazon EFS):
  • File-level storage service
  • Supports shared file storage for multiple EC2 instances
  • Offers high availability, scalability, and durability
  • Supports NFS protocol and POSIX file system
  • Offers encryption at rest using KMS

Security, Identity, and Compliance

• AWS Identity and Access Management (IAM):
  • Service for managing access and permissions to AWS resources
  • Supports users, groups, roles, and policies
• AWS Key Management Service (AWS KMS):
  • Service for managing encryption keys
  • Supports key creation, rotation, and deletion
  • Integrates with AWS services and resources
• AWS Certificate Manager (ACM):
  • Service for managing SSL/TLS certificates
  • Supports certificate creation, validation, and revocation
  • Integrates with AWS services and resources
• AWS Security Token Service (AWS STS):
  • Service for managing temporary security credentials
  • Supports temporary access to AWS resources
  • Integrates with AWS services and resources

Networking and Content Delivery

• Amazon API Gateway:
  • Service for creating RESTful APIs
  • Supports API creation, deployment, and management
  • Integrates with AWS services and resources
• Amazon CloudFront:
  • Content delivery network (CDN) service
  • Supports fast and secure content delivery
  • Integrates with AWS services and resources
• Elastic Load Balancing (ELB):
  • Service for distributing traffic across EC2 instances
  • Supports load balancing for HTTP, HTTPS, and TCP protocols
  • Integrates with AWS services and resources
• Amazon Route 53:
  • Domain name system (DNS) service
  • Supports domain registration, routing, and management
  • Integrates with AWS services and resources
• Amazon VPC:
  • Virtual private cloud service
  • Supports isolated and secure networking for EC2 instances
  • Integrates with AWS services and resources

Application Integration

• SQS:
  • Message queuing service
  • Supports decoupling of applications and services
  • Integrates with AWS services and resources
• SNS:
  • Messaging service
  • Supports fan-out messaging and event-driven architecture
  • Integrates with AWS services and resources
• EventBridge:
  • Event-driven service
  • Supports event bus, event source, and event target
  • Integrates with AWS services and resources
• AppSync:
  • Service for building scalable and secure APIs
  • Supports GraphQL and RESTful APIs
  • Integrates with AWS services and resources
• Step Functions:
  • Service for building distributed workflows
  • Supports step-by-step execution of tasks
  • Integrates with AWS services and resources

Video Streams

• OpenSearch Service for application integration
• SQS (Standard vs FIFO) for message queuing
• SNS for fanout messaging
• EventBridge for event-driven architecture
• AppSync for managed GraphQL service

Compute

• EC2 instance types: Compute, Memory, and Storage optimized
• EC2 instance store: provides temporary storage for instances
• EBS and EFS: network-attached storage options
• Security groups: act as virtual firewalls for instances
• Bootstrap script: configures instances during first launch
• EC2 user data: runs once at first instance start, ideal for installing updates/software

Databases

• Amazon DynamoDB: NoSQL database
• Amazon ElastiCache: in-memory database for high performance and low latency
• Redis vs Memcached: Redis supports multi-AZ with auto-failover and backup/restore features
• Caching design patterns: Lazy loading, Cache-Aside, Write Through, and more

Security Groups and Load Balancers

• Security groups: restrict access to instances and load balancers
• Load balancers: can have security groups to allow HTTP traffic
• Stick sessions: ensure requests are routed to the same target group
• Cross-zone load balancing: distributes requests across all availability zones
• SSL/TLS: encrypts data in transit using X.509 certificates

Identity and Access Management (IAM)

• AWS Certificate Manager (ACM): manages SSL/TLS certificates
• Amazon Cognito: provides user identity management
• IAM best practices: use least privilege, avoid using the root account
• Users: can be grouped and assigned policies
• Groups: group users together for easier management
• Policies: JSON documents that define permissions for users and groups
• Roles: assign permissions to AWS services

Video Streams and OpenSearch Service

• Video Streams and OpenSearch Service are application integration services in AWS

Message Queue and Notification Services

• SQS (Standard and FIFO queues) benefits:
  • Decouples microservices and allows parallel processing
  • Acts as a buffer for high-volume messages
• SNS (Simple Notification Service) benefits:
  • Fanout messaging for decoupling microservices
  • Publish-subscribe messaging pattern
• EventBridge benefits:
  • Event-driven architecture for decoupling microservices
  • Supports event buses and event sources
• AppSync benefits:
  • Real-time data synchronization and offline data access
  • GraphQL API for mobile and web applications

Compute Services

• EC2 (Elastic Compute Cloud) features:
  • Sizing and configuration options:
    • OS (Linux, Windows, or Mac OS)
    • CPU, RAM, EBS, and EC2 Instance Store
    • Network card and public IP address
    • Security Group (Firewall rules)
    • Bootstrap Script (EC2 User Data)
  • EC2 Instance types:
    • Compute optimized (e.g., t2.micro, c5d.4xlarge)
    • Memory optimized (e.g., m5.2xlarge)
    • Storage optimized
    • General purpose
  • EC2 Instance Connect for SSH access
  • IAM roles for EC2 instances
  • Security Groups for port configuration
  • Purchasing options:
    • On-demand instances
    • Reserved instances (1 & 3 years)
    • Savings plans (1 & 3 years)
    • Spot instances
    • Dedicated Hosts
    • Dedicated Instances
    • Capacity Reservations
• Lambda features:
  • Asynchronous and synchronous invocation
  • Execution lifecycle (init, invoke, shutdown)
  • Event Object and Context Object
  • Lambda Layers for reusing external dependencies
  • Lambda Versions and Aliases for canary deployments
  • VPC integration (LambdaVPCAccessExecutionRole)

Container Services

• Amazon Elastic Container Registry (Amazon ECR) features:
  • Container registry for Amazon ECS and Amazon EKS
• Amazon Elastic Container Service (Amazon ECS) features:
  • Container orchestration service
  • Supports Amazon ECR and Docker Hub
• Amazon Elastic Kubernetes Service (Amazon EKS) features:
  • Managed Kubernetes service
  • Supports Amazon ECR and Docker Hub

Database Services

• Relational databases vs NoSQL databases:
  • Relational databases (e.g., Amazon Aurora) for structured data
  • NoSQL databases (e.g., Amazon DynamoDB) for unstructured data
• Amazon Aurora features:
  • Autoscales in increments of 10GB up to 128TB
  • Supports MySQL and PostgreSQL
  • Higher availability with 6 copies of data across 3 AZ
  • Cross Region Replication
• Amazon DynamoDB features:
  • NoSQL database for large-scale applications
• Amazon ElastiCache features:
  • Managed Redis or Memcached instances
  • In-memory database for high performance and low latency

Identity and Access Management (IAM)

• Password policy features:
  • Minimum length and character types
  • Password expiry and reuse prevention
• MFA (Multi-Factor Authentication) features:
  • Virtual MFA device (Google Authenticator or Authy)
  • U2F security key hardware
  • Hardware Key Fob MFA device
• Security tools:
  • IAM Credentials Report
  • IAM Access Advisor
• Shared Responsibility Model:
  • AWS: Infrastructure, Configuration, and Compliance
  • You: Users, Groups, Roles, Policies, Monitoring
• AWS Access Keys features:
  • Generated through AWS Console
  • Access Key ID and Secret Access Key
• AWS Key Management Service (AWS KMS) features:
  • Encryption for EBS at rest
• AWS Private Certificate Authority features:
  • Private Certificate Authority for AWS services
• AWS Secrets Manager features:
  • Secure storage for secrets and credentials
• AWS Security Token Service (AWS STS) features:
  • Temporary security credentials for IAM users and roles
• AWS WAF features:
  • Web Application Firewall for AWS services

Storage Services

• Amazon Elastic Block Store (Amazon EBS) features:
  • Network drive for EC2 instances
  • Persists data even after EC2 termination
  • Bound to specific AZ
  • Can be detached and attached to another instance
  • Provisioned activity (IOPS, space, etc.)
  • Delete on Termination attribute
• EBS Snapshots features:
  • Backup of EBS volume
  • Can copy snapshots across AZ
  • Archive tier for cost-effective storage
  • Recycle bin for snapshots
  • Fast Snapshot Restore (FSR)
• AMI (Amazon Machine Image) features:
  • Customization of EC2 instance
  • Add own software, OS monitoring

General Concepts

• AWS Well Architected Framework consists of six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability.
• AWS Global architectures are composed of Availability Zones (60 miles apart) and Regions (made up of multiple Availability Zones).

Major AWS Services

Analysis

• Athena: analytical service for querying data in S3.
• Kinesis: real-time data processing and analytics service.
• OpenSearch Service: search service for searching and analyzing data.

Application Integration

• SQS: message queue service for decoupling applications.
• SNS: fan-out messaging service for sending and receiving messages.
• EventBridge: event-driven service for integrating applications.
• AppSync: managed GraphQL service for real-time data synchronization.
• Step Functions: service for orchestrating serverless workflows.

Compute

• EC2: virtual machine service for compute tasks.
• Lambda: serverless compute service for running code.
• AWS Serverless Application Model (SAM): framework for building serverless applications.
• Elastic Beanstalk: managed platform for deploying web applications.

Containers

• AWS Copilot: containerized application service for deploying containers.
• Amazon Elastic Container Registry (Amazon ECR): container registry service for storing and managing containers.
• Amazon Elastic Container Service (Amazon ECS): container orchestration service for running and managing containers.
• Amazon Elastic Kubernetes Service (Amazon EKS): managed Kubernetes service for running Kubernetes applications.

Database

• Relational vs NoSQL databases.
• Amazon Aurora: relational database service for MySQL and PostgreSQL.
  • Basic: single instance database.
  • Writer/Reader endpoint: endpoint for reading and writing data.
• Amazon DynamoDB: NoSQL database service for large-scale applications.
• Amazon ElastiCache: in-memory caching service for improving performance.
  • Basic: caching service for Redis and Memcached.
  • Memcached vs Redis: caching engines for ElastiCache.
  • Caching Design Patterns: patterns for caching data.
  • Cache Eviction/TTL (Time to Live): mechanism for managing cache expiration.
• Amazon MemoryDB for Redis: in-memory database service for Redis workloads.
• Amazon RDS: relational database service for various database engines.
  • Basic: single instance database.
  • RDS Storage Auto Scaling: automatic scaling for database storage.
  • Read Replicas: read-only copies of the primary database.
  • RDS Multi AZ (Disaster Recovery): high availability feature for databases.
  • Encrypting an Unencrypted RDS DB: process for encrypting existing databases.

Developer Tools

• AWS Amplify: development environment for building, deploying, and managing applications.
• AWS Cloud9: integrated development environment for coding and debugging.
• AWS CloudShell: interactive shell for AWS services and resources.
• AWS CodeArtifact: package manager for software dependencies.
• AWS CodeBuild: continuous integration and continuous deployment (CI/CD) service.
• AWS CodeCommit: version control service for managing code repositories.
• AWS CodeDeploy: automated deployment service for configuring and deploying applications.
• Amazon CodeGuru: AI-powered code review service for improving code quality.
• AWS CodePipeline: CI/CD service for automating workflows.
• AWS CodeStar: project management service for creating and managing projects.
• Amazon CodeWhisperer: AI-powered coding companion for writing code.
• AWS X-Ray: service for analyzing and debugging distributed applications.

Management and Governance

• AWS AppConfig: feature for managing application configurations.
• AWS CLI: command-line interface for interacting with AWS services.
• AWS Cloud Development Kit (AWS CDK): framework for defining cloud infrastructure in code.
• AWS CloudFormation: service for provisioning and managing infrastructure as code.
• AWS CloudTrail: service for auditing and logging AWS API calls.
• Amazon CloudWatch: monitoring and logging service for AWS resources.
• Amazon CloudWatch Logs: service for storing and processing log data.
• AWS Systems Manager: service for managing and patching AWS resources.

Networking and Content Delivery

• Amazon API Gateway: RESTful API service for building and managing APIs.
• Amazon CloudFront: content delivery network (CDN) for distributing content.
• Elastic Load Balancing (ELB): load balancing service for distributing traffic.
• Amazon Route 53: DNS service for routing internet traffic.
• Amazon VPC: virtual private cloud service for creating isolated networks.

Security, Identity, and Compliance

• AWS Certificate Manager (ACM): service for managing SSL/TLS certificates.
• Amazon Cognito: user identity and access management service.
• AWS Identity and Access Management (IAM): service for managing access and permissions.
• AWS Key Management Service (AWS KMS): service for managing encryption keys.
• AWS Private Certificate Authority: service for creating and managing private certificates.
• AWS Secrets Manager: service for managing secrets and credentials.
• AWS Security Token Service (AWS STS): service for requesting temporary security tokens.
• AWS WAF: web application firewall service for protecting web applications.

Storage

• Amazon Elastic Block Store (Amazon EBS): block-level storage service for EC2 instances.
• EC2 Instance Store: ephemeral storage service for EC2 instances.
• Amazon Elastic File System (Amazon EFS): file-level storage service for EC2 instances.
• Amazon S3: object-level storage service for storing and retrieving data.
• Amazon S3 Glacier: long-term archival storage service for infrequently accessed data.

Amazon Route 53

• Domain name system (DNS) service for routing internet traffic.

Amazon VPC

• Virtual private cloud service for creating isolated networks.
• VPC can only exist within one region.
• Private subnet: isolated network for backend systems like DBs and app servers.
• Public subnet: publicly accessible network for web servers and other resources.
• CIDR Block: specifies the size of the network.
• DHCP options set: automatically provisions IP addresses for EC2 instances and other resources.
• NAT Devices: enables EC2 instances in private subnets to connect to the public internet or other AWS services.
• Route table: controls network traffic in your VPC through subnet routing.
• VPC peering: connects two VPCs privately using AWS' network.
• VPC endpoints: connects to AWS services using a private network instead of the internet.

Security Features

• Network ACL: explicitly allows or denies traffic at the subnet level.
• Security Groups: works at the instance level, specifying ALLOW rules for inbound traffic and DENY rules for outbound traffic.

VPC Flow Logs

• Captures information about IP traffic going to instances.
• Can be sent to S3, CloudWatch, or Kinesis data firehouse.
• Monitors network traffic through the VPC.

Example Architectures

• Three-Tier Architecture: consists of a presentation layer, application layer, and data layer.
• LAMP Stack on EC2: Linux, Apache, MySQL, and PHP stack on EC2 instances.
• Wordpress on AWS: WordPress installation on AWS services.

Security, Identity, and Compliance

• AWS Certificate Manager (ACM): service for managing SSL/TLS certificates.
• Amazon Cognito: user identity and access management service.
• AWS Identity and Access Management (IAM): service for managing access and permissions.
• IAM Best Practices:
  • Root account should not be used or shared.
  • Do not use Root (except for AWS account setup).
  • Always apply the principle of least privilege.
• Users: people in your organization can be grouped.
• Groups: can group users together.
• Policies: JSON documents that define permissions for users or groups.
  • Policy structure:
    • Version: policy language version.
    • Id: identifier for the policy.
    • Statement: one or more individual statements.
      • Sid: optional identifier for the statement.
      • Effect: Allow or Deny.
      • Principal: which account/user/role the policy applies to.
      • Action: list of actions this policy allows or denies.
      • Resource: list of resources to which the actions apply.
      • Condition: conditions for when this policy is in effect.
• Roles: can assign permissions to AWS services.

Video Streams and Application Integration

• OpenSearch Service is a part of application integration
• SQS (Standard vs FIFO) has benefits
• SNS, EventBridge, AppSync, and Step Functions are also part of application integration

Step Functions

• Orchestrates lambda functions
• Statemachine - serverless workflow - allows reviewing the flow visually
• 8 state types:
  • Task - single unit of work
  • Choice - if-then-else logic
  • Parallel - run units of work in parallel
  • Wait - delay execution for a time period
  • Fail - stop execution, mark as failure
  • Succeed - stop execution, mark as success
  • Pass - passes input to its output
  • Map - for each loop
• Has built-in retry/error handling that you can implement at each state

Compute

• EC2:
  • Sizing and configuration options:
    • OS (Linux, Windows, or Mac OS)
    • CPU
    • RAM
    • EBS and EFS (Network attached)
    • EC2 Instance Store (Hardware)
    • Network card (speed of card / public IP address)
    • Security Group (Firewall rules)
    • Bootstrap Script (configure at first launch: EC2 User Data)
  • EC2 User Data:
    • Bootstrapped, run once only at the first instance start
    • e.g., installing updates / software
    • Run as root user
  • EC2 Instance types:
    • e.g., t2.micro, c5d.4xlarge - many different types
    • Naming convention: m5.2xlarge (m = memory optimized, 5 = generation (AWS improves over time))
    • Compute optimized - Use cases: good for batch processing / media transcoding / machine learning / dedicated gaming server
    • Memory optimized - Use cases: High-performance dbs (with memory). Web scale cache stores (e.g., cache user session across application servers into Elasticache)

Memcached vs Redis

• Redis:
  • Multi-AZ with Auto-failover
  • Read replicas to horizontally scale and provide availability
  • Backup and restore features
  • Support Sets and Sorted Sets
• Memcached:
  • Multi-node for partitioning (sharding) of data
  • No high availability (replication)
  • Non-persistent - no backup and restore
  • Multi-threaded architecture

Caching Design Patterns

• Lazy loading / Cache-Aside / Lazy Population:
  • Check if cached data is present in application, if not load from DB into cache
  • Pros:
    • Only requested data is cached (the cache isn’t filled up with unused data)
    • Node failures are not fatal (just increased latency to warm the cache)
• Write Through:
  • Write to cache when DB is updated
  • Pros:
    • Data in cache is never stale, reads are quick
    • Write penalty vs Read penalty (each write requires 2 calls)

Security Groups / Use cases

• Load balancers can have security groups which can be set up to allow HTTP traffic
• Can connect Application Security group to restrict access from load balance security group only
• IP address to load balance to, must be private IPs

Stick sessions / Session Affinity

• Ensure user requests are routed only to the same target group
• CLB and ALB use cookie with expiration date
• Use case - make sure user doesn't lose his session data
• Enabling stickiness may cause EC2 instances to not be equally balanced
• Application-based Cookies: Check for custom attributes required by the application
• Duration-based cookies: Generated by load balancer

Cross Zone Load Balancing

• With Enabled: each load balancer instance distributes evenly across all registered instances in all AZ
• With Disabled: Requests are distributed in the instances of the node of the Elastic Load Balancer
• ALB - enabled by default (can be disabled at target group level), no charge for inter-AZ data
• NLB - disabled by default (Pay charges for cross zone AZ)

SSL / TLS

• Can use SSL Cert / TLS cert between clients and load balancer to allow encryption in transit (in-flight encryption) - TLS is newer
• Managed via AWS ACM (Certificate manager) - Load balancer uses an X.509 Cert but you can upload your own certs to ACM
• Set a default certificate on HTTPS listener (with optional list of domains)
• Clients can use SNI (Server name Indication) to indicate the hostname they would like to reach on initial SSL handshake
• SNI solves the problem of multiple SSL Certs onto one web server (you may have more than one domain SSL cert at the ALB level)
• SNI only works for ALB / NLB and CloudFront

Connection Draining / Deregistration Delay

• Can set time to complete 'in-flight requests' while target group instances are de-registering or unhealthy
• Associated with particular AZ only (so can implement redundancy by implementing for each AZ separately)

Route Table

• Controls the network traffic in your VPC through subnet routing
• Allow access between subnets / to the internet
• One route table can be associated with multiple subnets, but each subnet must have exactly one route table associated

VPC Peering

• Connect two VPCs privately using AWS' network - make them behave as if they were in the same network
• Must not have overlapping CIDR (IP address range)
• VPC peering connection is not transitive (if A is connected to B, and B is connected to C, then A is not connected to C, unless a direct connection exists)

VPC Endpoints

• Endpoints allow you to connect to AWS services using a private network instead of www network
• Enhanced security and lower latency to access AWS Services
• Site-to-Site VPC - connect on-premises VPN to AWS (encrypted over public internet)
• Direct Connect (DX) - Physical connection between on-premises and AWS - secure, fast, and private network

Security Features

• Network ACL:
  • Firewall to allow or deny at a subnet level - explicitly allow or deny traffic by Port / IP address / Destination
• Security Groups:
  • Works at instance level (e.g., EC2)
  • Can only specify ALLOW rules, not DENY
  • Inbound security group all deny by default, outbound security group is allow all by default
  • Security group rule, comprises of IP / port (e.g., User connects via Route 53, Tier1 ELB in public subnet, Tier 2 EC2 Autoscaling group private subnets, Tier 3 RDS / Elasticache (private subnet)

LAMP Stack on EC2

• LAMP Stack on EC2 is possible

Security, Identity, and Compliance

• AWS Certificate Manager (ACM)
• Amazon Cognito
• AWS Identity and Access Management (IAM)
• Best Practices:
  • Root account created by default - shouldn't be used or shared
  • Do not use Root (except AWS account setup)
  • Always apply the principle of least privilege

IAM

• Users:
  • Users - people in your organization can be grouped
  • Users can be part of multiple groups
• Groups:
  • Can group users together (e.g., developers / sales etc)
• Policies:
  • Users or groups can be assigned policies (which are JSON documents)
  • If policy attached to group level, all users in group get policy
  • Policy structure:
    • Version: policy language version (e.g., 2012-10-17)
    • Id: Identifier for policy (optional)
    • Statement: one or more individual statements (required):
      • Sid (optional) identifier for the statement
      • Effect: (Allow / Deny)
      • Principal: Which account/ user / role the policy applies to (e.g., AWS : aws:iam:123456789012:root for the root user)
      • Action: List of actions this policy allows or denies (e.g., s3:GetObject, s3:putObject) - supports for wildcard e.g., s3:Get* or just *
      • Resource: list of resources to which the actions apply to - supports * for wildcard
      • Condition: conditions for when this policy is in effect (optional)
• Roles:
  • Can assign permissions to AWS Services (e.g.,

Autoscaling Groups (ASG)

• Automatically scales out (adds EC2 instances) or scales in (removes EC2 instances) to match load requirements
• Configured via Launch template containing:
• AMI + Instance Type
• EC2 User Data
• EBS Volumes
• Security Groups
• SSH Key Pair
• IAM Roles for your EC2 Instances
• Network + Subnets Information
• Load Balancer Information
• Can attach security groups to ASG just like EC2
• Scaling policies:
• Based on CloudWatch alarm (e.g. Average CPU, or other metric)
• Dynamic scaling:
  • Target tracking scaling (e.g. I want the average ASG CPU to stay at around 40%)
  • Simple / Step Scaling (e.g. When a CloudWatch alarm is triggered, then add 2 units)
• Scheduled scaling: e.g. increase the min capacity to 10 at 5pm on Fridays

AWS Services

• AWS CodeDeploy
• Amazon CodeGuru
• AWS CodePipeline
• AWS CodeStar
• Amazon CodeWhisperer
• AWS X-Ray
• Management and Governance:
  • AWS AppConfig
  • AWS CLI:
    • Protected by Access Keys
    • Command line tool to interact with AWS services using commands in your shell
    • Direct access to the public APIs of AWS Services
    • Opensource
    • Alternative to AWS management console
    • Built on AWS SDK for Python
• AWS SDK:
  • Set of libraries to access Language specific APIs (embedded within application) - high level SDK and low level SDK (for API level commands)
  • Programming language specific e.g. Javascript, Java, Python, PHP, Go etc)
• AWS Cloud Development Kit (AWS CDK)
• AWS CloudFormation
• AWS CloudTrail
• Amazon CloudWatch
• Amazon CloudWatch Logs
• AWS Systems Manager

Networking and Content Delivery

• Amazon API Gateway
• Amazon CloudFront
• Elastic Load Balancing (ELB)
• Scalability vs High Availability
• Vertical scalability (e.g. Increase instance size of EC2)
• Horizontal scalability (Add load balancer / auto scaling group)
• Scalability is linked to but different to high availability (Means your data is running at least 2 data centers - to survive data center loss)
• Load balancing:
• Forward traffic to multiple servers downstream (e.g. EC2 instances)
• ELB:
• Managed load balancer - more cost effective compared with setting up your own load balancer / AWS guarantees it is working / upgrades / maintenance etc.
• Integrates with many AWS offerings / services
• Predictive scaling: Continuously forecast load and schedule scaling ahead
• Scaling cooldowns = time period where another scaling in and out is not allowed to happen after a scaling activity (default 300 sec)
• Instance Refresh = after updating launch template - you can recreate all EC2 instances (can specify minimum healthy percentage as a trigger / warm-up time (time before instance can be used)
• Amazon Route 53
• Amazon VPC
• VPC can only exist within one region
• Private subnet within one availability zone only (one subnet cannot span two or more AZs) - not accessible from internet
• Public subnet - can have multiple subnets in the same AZ (e.g. publicly accessible web servers)
• CIDR Block
  • Allows you to specify size of network between /16 (16 netmask allows 65,536 IP addresses) and /28 (16 IP addresses) netmask (total number of available hosts for network)
  • IPV4 / IPV6 CIDR range
  • First 4 and last 1 ip address reserved for Amazon
• DHCP options set
  • Automatically provision IP addresses for EC2 instances and other resources
  • Configures DNS, Netbios Name server and NTP
• NAT Devices
  • Enable EC2 instances in private subnet to connect to public internet or other AWS services (lives in public subnet, and has a route to Internet Gateway
  • Like a gateway but Prevents Public Internet from initiating connections with your private EC2 instances
  • Two types
    • NAT Instance - virtualized running in EC2, managed by customer, not highly scalable or available
    • NAT Gateway - Managed by AWS not on VPC, Highly available and scalable

Load Balancer Types

• Classic load balancer
• Protocols: HTTP, HTTPS, TCP, SSL
• Target Groups: EC2 instances, Private IPs
• Uses: General-purpose load balancer
• Application load balancer (ALB)
• Protocols: HTTP, HTTPS, Websocket
• Target Groups: EC2 instances, Private IPs, ECS, Lambda (via HTTP)
• Uses: Standard load balancer for general purpose, supports redirects from HTTP to HTTPS, Supports Query Strings / Parameters routing, Supports Sticky sessions
• Network load balancer (NLB)
• Protocols: TCP, TLS, UDP
• Target Groups: EC2 instances, Private IPs, Application Load Balancer
• Uses: High throughput, low latency load balancer, supports static IP provisioning, Supports Sticky Sessions
• Gateway load balancer (GWLB)
• Protocols: TCP, TLS, UDP
• Target Groups: EC2 instances, Private IPs
• Uses: Deploy, scale and manage a fleet of 3rd party network virtual appliances

Application Integration

• SQS
• Standard vs FIFO (benefits)
• SNS
• EventBridge
• AppSync
• Step Functions
• Orchestrates lambda functions
• Statemachine - serverless workflow - allows you to review flow visually
• 8 state types:
  • Task - single unit of work
  • Choice - if-then-else logic
  • Parallel - run units of work in parallel
  • Wait - delay execution for time period
  • Fail - stop execution, mark as failure
  • Succeed - stop execution, mark as success
  • Pass - passes input to its output
  • Map - for each loop
• Has built-in retry/ error handling that you can implement at each state

Compute

• EC2
• Sizing and configuration options:
  • OS (Linux, windows or Mac OS)
  • CPU
  • RAM
  • EBS and EFS (Network attached)
  • EC2 Instance Store (Hardware)
  • Network card (speed of card / public IP address)
  • Security Group (Firewall rules)
  • Bootstrap Script (configure at first launch: EC2 User Data)
• EC2 User Data
  • Bootstrapped, Run once only at the first instance start
  • e.g. installing updates / software
  • Run as root user
• EC2 Instance types:
  • e.g. t2.micro, c5d.4xlarge - many different types
  • Naming convention: m5.2xlarge (m = memory optimized, 5 = generation (aws improves over time). 2xLarge = spec
  • Compute optimized - Use cases: good for batch processing / media transcoding / machine learning / dedicate gaming server etc.
  • Memory optimized - Use cases: High performance dbs (with memory). Web scale cache stores (e.g.

AWS Lambda

• Context object describes the current execution event of the Lambda function, including memory, remaining time, etc.
• Lambda Layers allow re-using external dependencies across multiple Lambda functions
  • Deployed as zips that can be re-used
  • Advantages:
    • Can be shared with all Lambda functions inside a region
    • Faster deployments
    • Separation of concern - separate business logic from dependencies
    • Manage all dependencies for shared resources in a single layer
• Lambda Versions / Aliases:
  • Create new versions of functions to avoid affecting production
  • Versions auto-incremented
  • Alias is like a nickname for a version, can be changed to point to a different version
  • Useful for Canary deployments
• Lambda / VPC Integration:
  • Need to assign execution role IAM managed policy with LambdaVPCAccessExecutionRole
  • Lambda function will lose access to the internet after connecting to VPC

AWS Serverless Application Model (SAM)

• No additional information provided

Elastic Beanstalk

• No additional information provided

Containers

• Amazon Elastic Container Registry (ECR)
• Amazon Elastic Container Service (ECS)
• Amazon Elastic Kubernetes Service (EKS)
• AWS Copilot

Database

• Relational vs NoSQL:
  • Harder to make schema changes with relational
• Amazon Aurora:
  • Autoscales in increments of 10GB up to 128TB
  • Supports MySQL and PostgreSQL
  • 20% more expensive than RDS but "AWS cloud optimized"
• Amplify:
  • Amplify studio
  • Amplify libraries
  • Amplify CLI
  • Amplify Hosting
  • Can export to CloudFormation template

Development Tools

• AWS Cloud9
• AWS CloudShell:
  • Available in a few AWS regions only
  • Terminal in the cloud, works similar to AWS CLI
  • Advantage: No need to configure AWS with access key
  • Supports Linux commands like ls, echo, cat, etc.
  • Stateful if you create or edit files
• AWS CodeArtifact
• AWS CodeBuild:
  • Serverless CI server for AWS
  • Reduces need for patching/maintaining a dedicated server
  • Only pay for time it takes to build (not idle time)
  • Provides pre-packaged environments such as Docker containers
  • Build environment = OS + programming env + tools used by CodeBuild to run the build
  • Can upload build artifact to CodeArtifact or another artifact repo
  • Supports Amazon SNS on build notifications (e.g. build failure)
• AWS CodeCommit:
  • Hosted in S3, which gives it high availability and resiliency
  • Advantage: Integrates well with other AWS services

Health Checks

• Done by ELB on a port and route (/health e.g.) to check 200 response to ensure downstream server is healthy

Load Balancers

• Types of load balancers:
  • Classic load balancer (replaced with v2 load balancers)
  • Application load balancer (ALB):
    • Supports HTTP, HTTPS, Websocket
    • Targets: EC2, private IPs, Lambda functions
    • Features: Load balance to multiple applications, supports redirects from HTTP to HTTPS, query strings/parameters routing, sticky sessions, port mapping
  • Network load balancer (NLB):
    • Supports TCP, TLS, UDP
    • Targets: EC2, private IPs
    • Features: High throughput, low latency, static IP provisioning, health checks support TCP, HTTP, and HTTPS protocols
  • Gateway load balancer (GWLB):
    • Supports deploying, scaling, and managing fleet of 3rd party network virtual appliances

Security, Identity, and Compliance

• AWS Certificate Manager (ACM)
• Amazon Cognito
• AWS Identity and Access Management (IAM):
  • Best practices:
    • Root account should not be used or shared
    • Apply principle of least privilege
  • Users:
    • Can be grouped
    • Can be part of multiple groups
  • Groups:
    • Can group users together
  • Policies:
    • Are JSON documents
    • Can be assigned to users or groups
    • Policy structure: Version, Id, Statement (Sid, Effect, Principal, Action, Resource, Condition)
  • Roles:
    • Can assign permissions to AWS services

Storage

• EBS Volume types:
  • GP2/GP3: Cost-effective storage, low latency, general-purpose SSD volume
  • io1/io2: Provisioned IOPS SSD, suitable for applications that need sustained IOPS performance
  • st1: Hard disk drives (HDD), suitable for big data, data warehouses, log processing
  • sc1: Cold HDD, suitable for archiving
• EBS Multi-attach:
  • Attach the same EBS volume to multiple EC2 instances in the same AZ
  • Each instance has full read-write permissions to the high-performance volume
  • Use case: Achieve higher application availability in clustered Linux applications

Autoscaling Groups (ASG)

• Automatically scales out (adds EC2 instances) or scales in (removes EC2 instances) to match load requirements
• Configured via Launch template containing:
• AMI + Instance Type
• EC2 User Data
• EBS Volumes
• Security Groups
• SSH Key Pair
• IAM Roles for your EC2 Instances
• Network + Subnets Information
• Load Balancer Information
• Can attach security groups to ASG just like EC2
• Scaling policies:
• Based on CloudWatch alarm (e.g. Average CPU, or other metric)
• Dynamic scaling:
  • Target tracking scaling (e.g. I want the average ASG CPU to stay at around 40%)
  • Simple / Step Scaling (e.g. When a CloudWatch alarm is triggered, then add 2 units)
• Scheduled scaling: e.g. increase the min capacity to 10 at 5pm on Fridays

AWS Services

• AWS CodeDeploy
• Amazon CodeGuru
• AWS CodePipeline
• AWS CodeStar
• Amazon CodeWhisperer
• AWS X-Ray
• Management and Governance:
  • AWS AppConfig
  • AWS CLI:
    • Protected by Access Keys
    • Command line tool to interact with AWS services using commands in your shell
    • Direct access to the public APIs of AWS Services
    • Opensource
    • Alternative to AWS management console
    • Built on AWS SDK for Python
• AWS SDK:
  • Set of libraries to access Language specific APIs (embedded within application) - high level SDK and low level SDK (for API level commands)
  • Programming language specific e.g. Javascript, Java, Python, PHP, Go etc)
• AWS Cloud Development Kit (AWS CDK)
• AWS CloudFormation
• AWS CloudTrail
• Amazon CloudWatch
• Amazon CloudWatch Logs
• AWS Systems Manager

Networking and Content Delivery

• Amazon API Gateway
• Amazon CloudFront
• Elastic Load Balancing (ELB)
• Scalability vs High Availability
• Vertical scalability (e.g. Increase instance size of EC2)
• Horizontal scalability (Add load balancer / auto scaling group)
• Scalability is linked to but different to high availability (Means your data is running at least 2 data centers - to survive data center loss)
• Load balancing:
• Forward traffic to multiple servers downstream (e.g. EC2 instances)
• ELB:
• Managed load balancer - more cost effective compared with setting up your own load balancer / AWS guarantees it is working / upgrades / maintenance etc.
• Integrates with many AWS offerings / services
• Predictive scaling: Continuously forecast load and schedule scaling ahead
• Scaling cooldowns = time period where another scaling in and out is not allowed to happen after a scaling activity (default 300 sec)
• Instance Refresh = after updating launch template - you can recreate all EC2 instances (can specify minimum healthy percentage as a trigger / warm-up time (time before instance can be used)
• Amazon Route 53
• Amazon VPC
• VPC can only exist within one region
• Private subnet within one availability zone only (one subnet cannot span two or more AZs) - not accessible from internet
• Public subnet - can have multiple subnets in the same AZ (e.g. publicly accessible web servers)
• CIDR Block
  • Allows you to specify size of network between /16 (16 netmask allows 65,536 IP addresses) and /28 (16 IP addresses) netmask (total number of available hosts for network)
  • IPV4 / IPV6 CIDR range
  • First 4 and last 1 ip address reserved for Amazon
• DHCP options set
  • Automatically provision IP addresses for EC2 instances and other resources
  • Configures DNS, Netbios Name server and NTP
• NAT Devices
  • Enable EC2 instances in private subnet to connect to public internet or other AWS services (lives in public subnet, and has a route to Internet Gateway
  • Like a gateway but Prevents Public Internet from initiating connections with your private EC2 instances
  • Two types
    • NAT Instance - virtualized running in EC2, managed by customer, not highly scalable or available
    • NAT Gateway - Managed by AWS not on VPC, Highly available and scalable

Load Balancer Types

• Classic load balancer
• Protocols: HTTP, HTTPS, TCP, SSL
• Target Groups: EC2 instances, Private IPs
• Uses: General-purpose load balancer
• Application load balancer (ALB)
• Protocols: HTTP, HTTPS, Websocket
• Target Groups: EC2 instances, Private IPs, ECS, Lambda (via HTTP)
• Uses: Standard load balancer for general purpose, supports redirects from HTTP to HTTPS, Supports Query Strings / Parameters routing, Supports Sticky sessions
• Network load balancer (NLB)
• Protocols: TCP, TLS, UDP
• Target Groups: EC2 instances, Private IPs, Application Load Balancer
• Uses: High throughput, low latency load balancer, supports static IP provisioning, Supports Sticky Sessions
• Gateway load balancer (GWLB)
• Protocols: TCP, TLS, UDP
• Target Groups: EC2 instances, Private IPs
• Uses: Deploy, scale and manage a fleet of 3rd party network virtual appliances

Application Integration

• SQS
• Standard vs FIFO (benefits)
• SNS
• EventBridge
• AppSync
• Step Functions
• Orchestrates lambda functions
• Statemachine - serverless workflow - allows you to review flow visually
• 8 state types:
  • Task - single unit of work
  • Choice - if-then-else logic
  • Parallel - run units of work in parallel
  • Wait - delay execution for time period
  • Fail - stop execution, mark as failure
  • Succeed - stop execution, mark as success
  • Pass - passes input to its output
  • Map - for each loop
• Has built-in retry/ error handling that you can implement at each state

Compute

• EC2
• Sizing and configuration options:
  • OS (Linux, windows or Mac OS)
  • CPU
  • RAM
  • EBS and EFS (Network attached)
  • EC2 Instance Store (Hardware)
  • Network card (speed of card / public IP address)
  • Security Group (Firewall rules)
  • Bootstrap Script (configure at first launch: EC2 User Data)
• EC2 User Data
  • Bootstrapped, Run once only at the first instance start
  • e.g. installing updates / software
  • Run as root user
• EC2 Instance types:
  • e.g. t2.micro, c5d.4xlarge - many different types
  • Naming convention: m5.2xlarge (m = memory optimized, 5 = generation (aws improves over time). 2xLarge = spec
  • Compute optimized - Use cases: good for batch processing / media transcoding / machine learning / dedicate gaming server etc.
  • Memory optimized - Use cases: High performance dbs (with memory). Web scale cache stores (e.g.

Amazon Web Services (AWS)

• EC2:
  • Can use EC2 Instance Connect to SSH into the box
  • Can add IAM roles for EC2 instances
  • Setting up SSH and other ports using attached SecurityGroups
  • Various purchasing options: On-demand instances, Reserved instances, Savings plans, Spot instances, Dedicated Hosts, and Dedicated Instances

Lambda

• Asynchronous vs Synchronous invocation
• Execution lifecycle of a function:
  • Cold start / warm start (don't pay for cold start up to 10 secs)
  • Init / Invoke / Shutdown
  • Execution environment / Context Reuse (can speed up execution, by reusing resources from INIT phase up to 512MB)
• Event Object / Context Object:
  • Parameters into the lambda function parameter
  • Event object JSON data for lambda function to process

Amazon DynamoDB

• No SQL database
• Writer / Reader endpoint:
  • Writer endpoint: single DNS endpoint pointing to master instance to write
  • Reader endpoint: single DNS endpoint to access read replicas (via connection load balancer)

Amazon ElastiCache

• Basic:
  • Managed Redis or Memcached instances (in-memory dbs with high performance and low latency)
  • Need to heavily modify application code to effectively query from cache appropriately instead of DB
  • Cache hit (get from cache) / Cache miss (fetch from DB)
• Use cases / Advantages:
  • Reduce load off of dbs for read intensive workloads
  • Make your application stateless (e.g. WYSIWYG)

AWS Cloud9

• Cloud integrated development environment (IDE)

AWS CloudShell

• Available in a few AWS regions only (not every region)
• Advantage over terminal: no need to configure AWS with access key (already set up for you with your logged-in AWS user)
• Supports Linux commands like ls, echo, cat, etc.
• Stateful if you create or edit files

AWS CodeArtifact

• AWS CodeBuild:
  • Serverless CI Server for AWS
  • Reduces need for patching / maintaining a dedicated server
  • Only pay for time it takes to build (not idle time)
  • Provides pre-packaged environments such as Docker containers
  • Build environment = OS + Programming env + Tools used by CodeBuild to run the build
  • AWS Codebuild agent can test / run application locally
  • Can create build project using CodeBuild console / AWS CLI / AWS SDK / creation of CodePipeline
  • Buildspec.yaml defines the build to run (on the code pulled from source repo)
  • Can upload build artifact to CodeArtifact or another artifact repo
  • Supports Amazon SNS on build notifications (e.g. Build failure)

AWS CodeCommit

• Hosted in S3 (which gives it high availability and resiliency)
• Advantage over github/stash: Integrates well with other AWS services
• Associated with particular AZ only (so can implement redundancy by implementing for each AZ separately)

Route Table

• Controls the network traffic in your VPC through subnet routing
• Allow access between subnets / to the internet
• One route table can be associated with multiple subnets, but each subnet must have exactly one route table associated

VPC Peering

• Connect two VPC privately using AWS' network
• Make them behave as if they were in the same network
• Must not have overlapping CIDR (IP address range)
• VPC peering connection is not transitive (if a is connected to b, and b is connected to c, then a is not connected to c, unless a direct connection exists)

VPC Endpoints

• Endpoints allow you to Connect to AWS services using private network instead of www network
• Enhanced security and lower latency to access AWS Services
• Site to Site VPC - connect on-premises VPN to AWS (encrypted over public internet)
• Direct Connect (DX) - Physical connection between on-premises and AWS - secure, fast and private network

Security Features

• Network ACL:
  • Firewall to allow or deny at a subnet level
  • Explicitly allow or deny traffic by Port / IP address / Destination
• Security Groups:
  • Works at instance level (e.g. EC2)
  • Can only specify ALLOW rules, not DENY
  • Inbound security group all deny by default, outbound security group is allow all by default
  • Security group rule, comprises of IP / port (e.g. Teradata)

EC2 Instance Store

• High performance, low latency, better io performance
• Hardware disk attached via network drive to EC2
• Ephemeral storage - lose their storage if EC2 instance is stopped
• Good as a buffer / cache/ scratch data / temporary content

Amazon Elastic File System (Amazon EFS)

• Managed NFS (Network file system that can be mounted on many EC2)
• EFS can work in Multiple AZ
• Highly available, scalable, expensive (3x the cost of gp2), and pay per use
• Use cases: Content management, web serving, datasharing, wordpress
• Only compatible with Linux-based AMI (not windows)
• Encryption with KMS at rest
• Posix file system with standard file API
• File system scales automatically - no capacity planning! - pay-per-use
• Scalability and performance modes:
  • EFS Scale: 1000s of NFS clients concurently, 10GB+ throughput - grow to petabyte scale automatically
  • Performance mode:
    • General purpose - use case: general sites
    • Max IO e.g. Big data
  • Throughput mode:
    • Bursting
    • Provisioned
• Elastic
• Storage tiers:
  • Standard: for frequently accessed files
  • Infrequent access (EFS-IA) cost to retrieve files, lower price to store
  • Archive: Rarely accessed data (few times per year) - 50% Cheaper
  • Can implement lifecycle policies to move files between storage tiers

Description

This quiz covers various AWS development tools including Amplify Studio, Amplify CLI, AWS Cloud9, and AWS CloudShell. It tests knowledge of their features and functionalities.