Podcast
Questions and Answers
What is the primary function of an Internet Gateway in a VPC?
What is the primary function of an Internet Gateway in a VPC?
What is the purpose of a VPC Endpoint?
What is the purpose of a VPC Endpoint?
What type of log captures information about IP traffic going to instances in a VPC?
What type of log captures information about IP traffic going to instances in a VPC?
What is the benefit of adding rules to authorize another security group?
What is the benefit of adding rules to authorize another security group?
Signup and view all the answers
What is the purpose of a Customer Gateway?
What is the purpose of a Customer Gateway?
Signup and view all the answers
What is an example of a VPC architecture?
What is an example of a VPC architecture?
Signup and view all the answers
What is the primary purpose of MFA in AWS?
What is the primary purpose of MFA in AWS?
Signup and view all the answers
What is the main benefit of using IAM Access Advisor?
What is the main benefit of using IAM Access Advisor?
Signup and view all the answers
Who is responsible for managing IAM users, groups, and roles in AWS?
Who is responsible for managing IAM users, groups, and roles in AWS?
Signup and view all the answers
What is the purpose of an IAM Credentials Report?
What is the purpose of an IAM Credentials Report?
Signup and view all the answers
What is the primary benefit of using EBS Snapshots?
What is the primary benefit of using EBS Snapshots?
Signup and view all the answers
What is the purpose of AWS Key Management Service (AWS KMS)?
What is the purpose of AWS Key Management Service (AWS KMS)?
Signup and view all the answers
What is the main characteristic of an EBS volume?
What is the main characteristic of an EBS volume?
Signup and view all the answers
What is the purpose of an AMI?
What is the purpose of an AMI?
Signup and view all the answers
What happens to the root EBS volume by default when an EC2 instance is terminated?
What happens to the root EBS volume by default when an EC2 instance is terminated?
Signup and view all the answers
What is the purpose of the 'Delete on Termination' attribute for EBS volumes?
What is the purpose of the 'Delete on Termination' attribute for EBS volumes?
Signup and view all the answers
What is the key benefit of using AWS CloudShell over a local terminal?
What is the key benefit of using AWS CloudShell over a local terminal?
Signup and view all the answers
Which AWS service provides a serverless CI/CD environment for AWS applications?
Which AWS service provides a serverless CI/CD environment for AWS applications?
Signup and view all the answers
What is the primary function of a buildspec.yaml file in AWS CodeBuild?
What is the primary function of a buildspec.yaml file in AWS CodeBuild?
Signup and view all the answers
Which of these services is NOT a part of the AWS Amplify framework?
Which of these services is NOT a part of the AWS Amplify framework?
Signup and view all the answers
What is the main advantage of using AWS CodeCommit over GitHub or GitLab?
What is the main advantage of using AWS CodeCommit over GitHub or GitLab?
Signup and view all the answers
Which service allows you to export your application's configuration to a CloudFormation template?
Which service allows you to export your application's configuration to a CloudFormation template?
Signup and view all the answers
Which AWS service provides a managed load balancer for forwarding traffic to multiple downstream servers?
Which AWS service provides a managed load balancer for forwarding traffic to multiple downstream servers?
Signup and view all the answers
Which of the following is NOT a benefit of using AWS CLI?
Which of the following is NOT a benefit of using AWS CLI?
Signup and view all the answers
Which AWS service enables you to define and manage infrastructure as code using a declarative language?
Which AWS service enables you to define and manage infrastructure as code using a declarative language?
Signup and view all the answers
What is the difference between vertical and horizontal scalability?
What is the difference between vertical and horizontal scalability?
Signup and view all the answers
Which AWS service provides a centralized location for managing and auditing changes to your AWS infrastructure?
Which AWS service provides a centralized location for managing and auditing changes to your AWS infrastructure?
Signup and view all the answers
Which AWS service allows you to monitor and manage your applications in real-time, providing insights into performance and health?
Which AWS service allows you to monitor and manage your applications in real-time, providing insights into performance and health?
Signup and view all the answers
Which AWS service provides a framework for building and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?
Which AWS service provides a framework for building and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?
Signup and view all the answers
Which AWS service allows you to store and manage log files generated by your applications and infrastructure?
Which AWS service allows you to store and manage log files generated by your applications and infrastructure?
Signup and view all the answers
What is the primary disadvantage of using EC2 Instance Store for data storage?
What is the primary disadvantage of using EC2 Instance Store for data storage?
Signup and view all the answers
Which of the following is NOT a suitable use case for Amazon Elastic File System (EFS)?
Which of the following is NOT a suitable use case for Amazon Elastic File System (EFS)?
Signup and view all the answers
What is the key advantage of using Amazon EFS over EC2 Instance Store?
What is the key advantage of using Amazon EFS over EC2 Instance Store?
Signup and view all the answers
What is the main reason for choosing the 'Max IO' performance mode for Amazon EFS?
What is the main reason for choosing the 'Max IO' performance mode for Amazon EFS?
Signup and view all the answers
Which of the following storage tiers is most suitable for data that is rarely accessed (few times per year)?
Which of the following storage tiers is most suitable for data that is rarely accessed (few times per year)?
Signup and view all the answers
Which storage option would be best suited for a web server application that requires high availability, scalability, and a managed NFS service?
Which storage option would be best suited for a web server application that requires high availability, scalability, and a managed NFS service?
Signup and view all the answers
What is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?
What is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?
Signup and view all the answers
What is the primary benefit of using lifecycle policies with Amazon EFS?
What is the primary benefit of using lifecycle policies with Amazon EFS?
Signup and view all the answers
What is the maximum number of read replicas for an Elasticache Redis cluster with cluster-mode disabled?
What is the maximum number of read replicas for an Elasticache Redis cluster with cluster-mode disabled?
Signup and view all the answers
Which caching design pattern involves writing to the cache when the database is updated?
Which caching design pattern involves writing to the cache when the database is updated?
Signup and view all the answers
What is a benefit of using Lazy loading caching design pattern?
What is a benefit of using Lazy loading caching design pattern?
Signup and view all the answers
Which of the following caching technologies supports Sets and Sorted Sets?
Which of the following caching technologies supports Sets and Sorted Sets?
Signup and view all the answers
What is a limitation of Memcached compared to Redis?
What is a limitation of Memcached compared to Redis?
Signup and view all the answers
Which caching design pattern involves checking if cached data is present, and loading from the database if not?
Which caching design pattern involves checking if cached data is present, and loading from the database if not?
Signup and view all the answers
Which AWS service allows you to query data stored in S3 buckets in an interactive manner?
Which AWS service allows you to query data stored in S3 buckets in an interactive manner?
Signup and view all the answers
What is the main advantage of using Kinesis Data Streams over SQS?
What is the main advantage of using Kinesis Data Streams over SQS?
Signup and view all the answers
What is the primary function of CloudFront in AWS?
What is the primary function of CloudFront in AWS?
Signup and view all the answers
Which of the following is NOT a characteristic of an Edge Network?
Which of the following is NOT a characteristic of an Edge Network?
Signup and view all the answers
What is the primary purpose of AWS Firehose?
What is the primary purpose of AWS Firehose?
Signup and view all the answers
Which of the following is NOT a way to access AWS services?
Which of the following is NOT a way to access AWS services?
Signup and view all the answers
Which of the following is NOT a valid state type in AWS Step Functions?
Which of the following is NOT a valid state type in AWS Step Functions?
Signup and view all the answers
Which of these AWS services is designed for orchestrating Lambda functions?
Which of these AWS services is designed for orchestrating Lambda functions?
Signup and view all the answers
Which of the following is a benefit of using the FIFO queue type in SQS?
Which of the following is a benefit of using the FIFO queue type in SQS?
Signup and view all the answers
What is the purpose of EC2 User Data?
What is the purpose of EC2 User Data?
Signup and view all the answers
What is the primary advantage of using a Writer Endpoint for Amazon DynamoDB?
What is the primary advantage of using a Writer Endpoint for Amazon DynamoDB?
Signup and view all the answers
What is the primary benefit of using a compute-optimized EC2 instance type?
What is the primary benefit of using a compute-optimized EC2 instance type?
Signup and view all the answers
What is the main benefit of using Amazon ElastiCache for read-intensive workloads?
What is the main benefit of using Amazon ElastiCache for read-intensive workloads?
Signup and view all the answers
Which of these is NOT a core characteristic of Amazon DynamoDB?
Which of these is NOT a core characteristic of Amazon DynamoDB?
Signup and view all the answers
Which AWS service provides a visual representation of the workflow in Step Functions?
Which AWS service provides a visual representation of the workflow in Step Functions?
Signup and view all the answers
Which of the following is NOT a benefit of using Amazon EFS over EC2 Instance Store?
Which of the following is NOT a benefit of using Amazon EFS over EC2 Instance Store?
Signup and view all the answers
Which of the following statements accurately describes the role of a Reader Endpoint in the context of Amazon DynamoDB?
Which of the following statements accurately describes the role of a Reader Endpoint in the context of Amazon DynamoDB?
Signup and view all the answers
What is a primary advantage of using Amazon ElastiCache for a web application that requires statelessness?
What is a primary advantage of using Amazon ElastiCache for a web application that requires statelessness?
Signup and view all the answers
Which of the following is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?
Which of the following is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?
Signup and view all the answers
Which of these options is a potential disadvantage of using Amazon ElastiCache for your application?
Which of these options is a potential disadvantage of using Amazon ElastiCache for your application?
Signup and view all the answers
What is the primary function of a Route Table in a VPC?
What is the primary function of a Route Table in a VPC?
Signup and view all the answers
Which of the following statements about VPC peering is TRUE?
Which of the following statements about VPC peering is TRUE?
Signup and view all the answers
What is the primary benefit of using VPC Endpoints?
What is the primary benefit of using VPC Endpoints?
Signup and view all the answers
Which security feature in a VPC operates at the subnet level?
Which security feature in a VPC operates at the subnet level?
Signup and view all the answers
Which of these statements about Security Groups is TRUE?
Which of these statements about Security Groups is TRUE?
Signup and view all the answers
What is the main advantage of using Direct Connect over a Site-to-Site VPN?
What is the main advantage of using Direct Connect over a Site-to-Site VPN?
Signup and view all the answers
Which of the following is a characteristic of VPC peering?
Which of the following is a characteristic of VPC peering?
Signup and view all the answers
Which of the following statements about Network ACLs is TRUE?
Which of the following statements about Network ACLs is TRUE?
Signup and view all the answers
What is the primary benefit of using Lambda Layers?
What is the primary benefit of using Lambda Layers?
Signup and view all the answers
What is the purpose of an Alias in Lambda Versions?
What is the purpose of an Alias in Lambda Versions?
Signup and view all the answers
What happens to a Lambda function when it connects to a VPC?
What happens to a Lambda function when it connects to a VPC?
Signup and view all the answers
What is the primary benefit of using Amazon Aurora?
What is the primary benefit of using Amazon Aurora?
Signup and view all the answers
What is the main difference between Relational and NoSQL databases?
What is the main difference between Relational and NoSQL databases?
Signup and view all the answers
What is the purpose of AWS SAM?
What is the purpose of AWS SAM?
Signup and view all the answers
What is the primary benefit of using Elastic Beanstalk?
What is the primary benefit of using Elastic Beanstalk?
Signup and view all the answers
What is the primary benefit of using Amazon ECR?
What is the primary benefit of using Amazon ECR?
Signup and view all the answers
What is the benefit of using stickiness in load balancers?
What is the benefit of using stickiness in load balancers?
Signup and view all the answers
What is the primary purpose of SSL/TLS certificates in load balancers?
What is the primary purpose of SSL/TLS certificates in load balancers?
Signup and view all the answers
What is the benefit of using connection draining in load balancers?
What is the benefit of using connection draining in load balancers?
Signup and view all the answers
What is the default behavior of cross-zone load balancing in ALB?
What is the default behavior of cross-zone load balancing in ALB?
Signup and view all the answers
What is the purpose of SNI in SSL/TLS?
What is the purpose of SNI in SSL/TLS?
Signup and view all the answers
What is the primary purpose of security groups in load balancers?
What is the primary purpose of security groups in load balancers?
Signup and view all the answers
What type of cookies are used in stickiness for Application Load Balancers (ALB)?
What type of cookies are used in stickiness for Application Load Balancers (ALB)?
Signup and view all the answers
What is the primary purpose of AWS Certificate Manager (ACM)?
What is the primary purpose of AWS Certificate Manager (ACM)?
Signup and view all the answers
What is the purpose of scaling cooldowns in predictive scaling?
What is the purpose of scaling cooldowns in predictive scaling?
Signup and view all the answers
What is the minimum and maximum size of a VPC CIDR block?
What is the minimum and maximum size of a VPC CIDR block?
Signup and view all the answers
What is the primary function of a NAT device in a VPC?
What is the primary function of a NAT device in a VPC?
Signup and view all the answers
What is the benefit of using Instance Refresh in EC2?
What is the benefit of using Instance Refresh in EC2?
Signup and view all the answers
What is the purpose of a DHCP options set in a VPC?
What is the purpose of a DHCP options set in a VPC?
Signup and view all the answers
What is the key difference between a NAT instance and a NAT gateway?
What is the key difference between a NAT instance and a NAT gateway?
Signup and view all the answers
What is the primary benefit of using predictive scaling in EC2?
What is the primary benefit of using predictive scaling in EC2?
Signup and view all the answers
What is the main characteristic of a private subnet in a VPC?
What is the main characteristic of a private subnet in a VPC?
Signup and view all the answers
Which EBS volume type is best suited for applications that require high performance and consistent I/O operations, such as databases?
Which EBS volume type is best suited for applications that require high performance and consistent I/O operations, such as databases?
Signup and view all the answers
What is the maximum IOPS that can be independently set for a GP3 volume?
What is the maximum IOPS that can be independently set for a GP3 volume?
Signup and view all the answers
Which EBS volume type is designed for archiving data that is rarely accessed?
Which EBS volume type is designed for archiving data that is rarely accessed?
Signup and view all the answers
What is a key advantage of using EBS Multi-Attach?
What is a key advantage of using EBS Multi-Attach?
Signup and view all the answers
Which of these is NOT a valid source for EC2 instances?
Which of these is NOT a valid source for EC2 instances?
Signup and view all the answers
Which EBS volume type is best suited for big data workloads, such as data warehouses and log processing?
Which EBS volume type is best suited for big data workloads, such as data warehouses and log processing?
Signup and view all the answers
Which state type in AWS Step Functions is used to represent a single unit of work?
Which state type in AWS Step Functions is used to represent a single unit of work?
Signup and view all the answers
What advantage does EC2 User Data provide during the first launch of an EC2 instance?
What advantage does EC2 User Data provide during the first launch of an EC2 instance?
Signup and view all the answers
Which EC2 instance type is primarily optimized for memory-intensive applications?
Which EC2 instance type is primarily optimized for memory-intensive applications?
Signup and view all the answers
Which state type in AWS Step Functions would you use for implementing if-then-else logic?
Which state type in AWS Step Functions would you use for implementing if-then-else logic?
Signup and view all the answers
What type of EC2 instance store is characterized by high speed but does not persist after instance termination?
What type of EC2 instance store is characterized by high speed but does not persist after instance termination?
Signup and view all the answers
What is the purpose of the 'Map' state type in AWS Step Functions?
What is the purpose of the 'Map' state type in AWS Step Functions?
Signup and view all the answers
In EC2 instance types, what does the '5' in 'm5.2xlarge' indicate?
In EC2 instance types, what does the '5' in 'm5.2xlarge' indicate?
Signup and view all the answers
What kind of logic can the 'Choice' state type in AWS Step Functions implement?
What kind of logic can the 'Choice' state type in AWS Step Functions implement?
Signup and view all the answers
Which of the following AWS services is a fully managed, serverless data warehouse service that allows you to query data stored in S3 buckets in an interactive manner?
Which of the following AWS services is a fully managed, serverless data warehouse service that allows you to query data stored in S3 buckets in an interactive manner?
Signup and view all the answers
Which AWS service provides a managed, serverless messaging service for sending messages to multiple subscribers, ensuring that at least one subscriber receives the message, even if others are unavailable?
Which AWS service provides a managed, serverless messaging service for sending messages to multiple subscribers, ensuring that at least one subscriber receives the message, even if others are unavailable?
Signup and view all the answers
Which AWS service provides a managed, serverless compute platform that allows you to run code in response to events, such as HTTP requests, file uploads, or database changes?
Which AWS service provides a managed, serverless compute platform that allows you to run code in response to events, such as HTTP requests, file uploads, or database changes?
Signup and view all the answers
Which AWS service provides a managed, serverless service for orchestrating and automating workflows, allowing you to chain together multiple tasks and functions to create complex business processes?
Which AWS service provides a managed, serverless service for orchestrating and automating workflows, allowing you to chain together multiple tasks and functions to create complex business processes?
Signup and view all the answers
Which of the following AWS services is a managed, serverless database service that provides a highly scalable and performant NoSQL database solution?
Which of the following AWS services is a managed, serverless database service that provides a highly scalable and performant NoSQL database solution?
Signup and view all the answers
Which AWS service provides a managed, serverless in-memory caching service that can be used to improve the performance of applications by storing frequently accessed data in memory?
Which AWS service provides a managed, serverless in-memory caching service that can be used to improve the performance of applications by storing frequently accessed data in memory?
Signup and view all the answers
Which of the following AWS services provides a managed, serverless service for managing and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?
Which of the following AWS services provides a managed, serverless service for managing and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?
Signup and view all the answers
Which of the following AWS services provides a managed, serverless service for managing and monitoring your applications in real-time, providing insights into performance and health?
Which of the following AWS services provides a managed, serverless service for managing and monitoring your applications in real-time, providing insights into performance and health?
Signup and view all the answers
When would choosing a Dedicated Host be a good idea?
When would choosing a Dedicated Host be a good idea?
Signup and view all the answers
What is a cold start in the context of Lambda functions?
What is a cold start in the context of Lambda functions?
Signup and view all the answers
What is the main advantage of using a Savings Plan compared to Reserved Instances?
What is the main advantage of using a Savings Plan compared to Reserved Instances?
Signup and view all the answers
What is the main advantage of using AWS CloudShell over a local terminal?
What is the main advantage of using AWS CloudShell over a local terminal?
Signup and view all the answers
Which of the following is a benefit of using a Lambda function?
Which of the following is a benefit of using a Lambda function?
Signup and view all the answers
Which AWS service provides a serverless CI/CD environment for AWS applications?
Which AWS service provides a serverless CI/CD environment for AWS applications?
Signup and view all the answers
Which of the following is NOT a use case for Amazon ElastiCache?
Which of the following is NOT a use case for Amazon ElastiCache?
Signup and view all the answers
Which of the following purchase options is best for unpredictable workloads?
Which of the following purchase options is best for unpredictable workloads?
Signup and view all the answers
What is the primary function of a buildspec.yaml file in AWS CodeBuild?
What is the primary function of a buildspec.yaml file in AWS CodeBuild?
Signup and view all the answers
What is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?
What is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?
Signup and view all the answers
Which of these services is NOT a part of the AWS Amplify framework?
Which of these services is NOT a part of the AWS Amplify framework?
Signup and view all the answers
What is the main advantage of using AWS CodeCommit over GitHub or GitLab?
What is the main advantage of using AWS CodeCommit over GitHub or GitLab?
Signup and view all the answers
What is the main advantage of using EC2 Instance Connect compared to traditional SSH?
What is the main advantage of using EC2 Instance Connect compared to traditional SSH?
Signup and view all the answers
What is a primary feature of Redis compared to Memcached?
What is a primary feature of Redis compared to Memcached?
Signup and view all the answers
Which service allows you to export your application's configuration to a CloudFormation template?
Which service allows you to export your application's configuration to a CloudFormation template?
Signup and view all the answers
What is the typical maximum number of read replicas for an Elasticache Redis cluster with cluster-mode disabled?
What is the typical maximum number of read replicas for an Elasticache Redis cluster with cluster-mode disabled?
Signup and view all the answers
What is the purpose of AWS CodeArtifact?
What is the purpose of AWS CodeArtifact?
Signup and view all the answers
Which caching design pattern requires checking if cached data is present in the application before loading from the database?
Which caching design pattern requires checking if cached data is present in the application before loading from the database?
Signup and view all the answers
Which of these services would you use to manage the source code for your application?
Which of these services would you use to manage the source code for your application?
Signup and view all the answers
What is a drawback of the Lazy Loading caching design pattern?
What is a drawback of the Lazy Loading caching design pattern?
Signup and view all the answers
Which of the following is true about Memcached?
Which of the following is true about Memcached?
Signup and view all the answers
What is a benefit of using the Write-Through caching design pattern?
What is a benefit of using the Write-Through caching design pattern?
Signup and view all the answers
Which statement accurately describes a limitation of Memcached?
Which statement accurately describes a limitation of Memcached?
Signup and view all the answers
What is a characteristic of Redis that enhances its performance?
What is a characteristic of Redis that enhances its performance?
Signup and view all the answers
What is one of the main advantages of using Amazon DynamoDB compared to a traditional SQL database?
What is one of the main advantages of using Amazon DynamoDB compared to a traditional SQL database?
Signup and view all the answers
How does the reader endpoint function in a typical setup?
How does the reader endpoint function in a typical setup?
Signup and view all the answers
What is a significant limitation when modifying application code to use caching effectively?
What is a significant limitation when modifying application code to use caching effectively?
Signup and view all the answers
What mechanism does Amazon ElastiCache utilize to enhance application performance?
What mechanism does Amazon ElastiCache utilize to enhance application performance?
Signup and view all the answers
What is a key feature of Amazon DynamoDB that contributes to its performance?
What is a key feature of Amazon DynamoDB that contributes to its performance?
Signup and view all the answers
In terms of data availability, how does the architecture of Amazon's database solution likely ensure higher availability?
In terms of data availability, how does the architecture of Amazon's database solution likely ensure higher availability?
Signup and view all the answers
What can be considered a key use case for implementing Amazon ElastiCache?
What can be considered a key use case for implementing Amazon ElastiCache?
Signup and view all the answers
What does the term 'cache miss' refer to in the context of managed Redis or Memcached instances?
What does the term 'cache miss' refer to in the context of managed Redis or Memcached instances?
Signup and view all the answers
What is the primary focus of the Operational Excellence pillar in the AWS Well-Architected Framework?
What is the primary focus of the Operational Excellence pillar in the AWS Well-Architected Framework?
Signup and view all the answers
What is the main benefit of using Amazon DynamoDB over Amazon Relational Database Service (RDS)?
What is the main benefit of using Amazon DynamoDB over Amazon Relational Database Service (RDS)?
Signup and view all the answers
Which AWS service provides a framework for building and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?
Which AWS service provides a framework for building and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?
Signup and view all the answers
What is the primary benefit of using Amazon S3 Glacier over Amazon S3?
What is the primary benefit of using Amazon S3 Glacier over Amazon S3?
Signup and view all the answers
Which AWS service provides a managed load balancer for forwarding traffic to multiple downstream servers?
Which AWS service provides a managed load balancer for forwarding traffic to multiple downstream servers?
Signup and view all the answers
What is the primary purpose of AWS CloudTrail?
What is the primary purpose of AWS CloudTrail?
Signup and view all the answers
Which caching design pattern involves writing to the cache when the database is updated?
Which caching design pattern involves writing to the cache when the database is updated?
Signup and view all the answers
What is the primary benefit of using Amazon EFS over EC2 Instance Store?
What is the primary benefit of using Amazon EFS over EC2 Instance Store?
Signup and view all the answers
What is the primary function of a route table in a VPC?
What is the primary function of a route table in a VPC?
Signup and view all the answers
What is a restriction of VPC peering connections?
What is a restriction of VPC peering connections?
Signup and view all the answers
What is the primary function of a Network ACL?
What is the primary function of a Network ACL?
Signup and view all the answers
What is a characteristic of Security Groups?
What is a characteristic of Security Groups?
Signup and view all the answers
What is the primary benefit of using VPC Endpoints?
What is the primary benefit of using VPC Endpoints?
Signup and view all the answers
What is the primary function of a VPC Endpoint?
What is the primary function of a VPC Endpoint?
Signup and view all the answers
What is a characteristic of Direct Connect (DX)?
What is a characteristic of Direct Connect (DX)?
Signup and view all the answers
What is the primary function of Site-to-Site VPN?
What is the primary function of Site-to-Site VPN?
Signup and view all the answers
What is a key characteristic of an AMI?
What is a key characteristic of an AMI?
Signup and view all the answers
What is the primary use case for GP2/GP3 EBS volumes?
What is the primary use case for GP2/GP3 EBS volumes?
Signup and view all the answers
What is a key feature of io1/io2 EBS volumes?
What is a key feature of io1/io2 EBS volumes?
Signup and view all the answers
What is the primary use case for st1 EBS volumes?
What is the primary use case for st1 EBS volumes?
Signup and view all the answers
What is the primary use case for sc1 EBS volumes?
What is the primary use case for sc1 EBS volumes?
Signup and view all the answers
What is EBS multi-attach feature used for?
What is EBS multi-attach feature used for?
Signup and view all the answers
What is a key benefit of using EBS multi-attach feature?
What is a key benefit of using EBS multi-attach feature?
Signup and view all the answers
Which of the following EBS volume types is NOT suitable for boot volumes?
Which of the following EBS volume types is NOT suitable for boot volumes?
Signup and view all the answers
Which purchasing option allows users to reserve capacity in a specific Availability Zone for a fixed duration?
Which purchasing option allows users to reserve capacity in a specific Availability Zone for a fixed duration?
Signup and view all the answers
What is the primary characteristic of dedicated instances?
What is the primary characteristic of dedicated instances?
Signup and view all the answers
What does a cold start of a Lambda function refer to?
What does a cold start of a Lambda function refer to?
Signup and view all the answers
What is a key benefit of using Savings Plans for long workloads?
What is a key benefit of using Savings Plans for long workloads?
Signup and view all the answers
Why are spot instances considered less reliable compared to on-demand instances?
Why are spot instances considered less reliable compared to on-demand instances?
Signup and view all the answers
What is the role of the event object in a Lambda function?
What is the role of the event object in a Lambda function?
Signup and view all the answers
Which of the following is a key feature of Reserved Instances?
Which of the following is a key feature of Reserved Instances?
Signup and view all the answers
What does the Init phase of a Lambda function lifecycle involve?
What does the Init phase of a Lambda function lifecycle involve?
Signup and view all the answers
What is the primary reason for applying the principle of least privilege in AWS IAM?
What is the primary reason for applying the principle of least privilege in AWS IAM?
Signup and view all the answers
Which component of AWS IAM allows you to group users for easier permission management?
Which component of AWS IAM allows you to group users for easier permission management?
Signup and view all the answers
What is the purpose of a policy in AWS IAM?
What is the purpose of a policy in AWS IAM?
Signup and view all the answers
Which aspect of an AWS IAM policy structure identifies the actions allowed or denied?
Which aspect of an AWS IAM policy structure identifies the actions allowed or denied?
Signup and view all the answers
What should be avoided when managing the root account in AWS?
What should be avoided when managing the root account in AWS?
Signup and view all the answers
Which of the following is NOT a valid element of an IAM policy statement?
Which of the following is NOT a valid element of an IAM policy statement?
Signup and view all the answers
What role does Amazon Cognito play in AWS security and identity management?
What role does Amazon Cognito play in AWS security and identity management?
Signup and view all the answers
In AWS IAM, what does the 'Principal' element in a policy specify?
In AWS IAM, what does the 'Principal' element in a policy specify?
Signup and view all the answers
What is the primary purpose of a Lambda Layer?
What is the primary purpose of a Lambda Layer?
Signup and view all the answers
What happens to a Lambda function when it connects to a VPC?
What happens to a Lambda function when it connects to a VPC?
Signup and view all the answers
What is the benefit of using Amazon Aurora over RDS?
What is the benefit of using Amazon Aurora over RDS?
Signup and view all the answers
What is the purpose of an Alias in Lambda Versions?
What is the purpose of an Alias in Lambda Versions?
Signup and view all the answers
What is the advantage of using Amazon Elastic Container Service (Amazon ECS) over Amazon Elastic Container Registry (Amazon ECR)?
What is the advantage of using Amazon Elastic Container Service (Amazon ECS) over Amazon Elastic Container Registry (Amazon ECR)?
Signup and view all the answers
What is the difference between Relational and NoSQL databases?
What is the difference between Relational and NoSQL databases?
Signup and view all the answers
What is the purpose of AWS Serverless Application Model (SAM)?
What is the purpose of AWS Serverless Application Model (SAM)?
Signup and view all the answers
What is the primary benefit of using Lambda Versions and Aliases?
What is the primary benefit of using Lambda Versions and Aliases?
Signup and view all the answers
What is a key benefit of using AWS CloudShell over a local terminal?
What is a key benefit of using AWS CloudShell over a local terminal?
Signup and view all the answers
What is the primary function of a buildspec.yaml file in AWS CodeBuild?
What is the primary function of a buildspec.yaml file in AWS CodeBuild?
Signup and view all the answers
What is the main advantage of using AWS CodeCommit over GitHub or GitLab?
What is the main advantage of using AWS CodeCommit over GitHub or GitLab?
Signup and view all the answers
Which service allows you to export your application's configuration to a CloudFormation template?
Which service allows you to export your application's configuration to a CloudFormation template?
Signup and view all the answers
What is the primary function of AWS CodeBuild?
What is the primary function of AWS CodeBuild?
Signup and view all the answers
What is the main characteristic of AWS CodeArtifact?
What is the main characteristic of AWS CodeArtifact?
Signup and view all the answers
Which AWS service provides a terminal in the cloud that works similar to AWS CLI?
Which AWS service provides a terminal in the cloud that works similar to AWS CLI?
Signup and view all the answers
What is the primary advantage of using AWS CodeBuild over traditional CI/CD environments?
What is the primary advantage of using AWS CodeBuild over traditional CI/CD environments?
Signup and view all the answers
What type of storage is recommended for temporary content or scratch data?
What type of storage is recommended for temporary content or scratch data?
Signup and view all the answers
What is a key advantage of using Amazon EFS over EC2 Instance Store?
What is a key advantage of using Amazon EFS over EC2 Instance Store?
Signup and view all the answers
What is the purpose of the 'Infrequent access (EFS-IA)' storage tier in Amazon EFS?
What is the purpose of the 'Infrequent access (EFS-IA)' storage tier in Amazon EFS?
Signup and view all the answers
What is the main characteristic of the 'Archive' storage tier in Amazon EFS?
What is the main characteristic of the 'Archive' storage tier in Amazon EFS?
Signup and view all the answers
What is the purpose of lifecycle policies in Amazon EFS?
What is the purpose of lifecycle policies in Amazon EFS?
Signup and view all the answers
What is the main benefit of using Amazon EFS over Teradata?
What is the main benefit of using Amazon EFS over Teradata?
Signup and view all the answers
What is the primary purpose of the 'General Purpose' performance mode in Amazon EFS?
What is the primary purpose of the 'General Purpose' performance mode in Amazon EFS?
Signup and view all the answers
What is the main advantage of using the 'Provisioned' throughput mode in Amazon EFS?
What is the main advantage of using the 'Provisioned' throughput mode in Amazon EFS?
Signup and view all the answers
Which of the following is NOT a feature of Amazon Elastic Block Store (EBS)?
Which of the following is NOT a feature of Amazon Elastic Block Store (EBS)?
Signup and view all the answers
What is the primary function of AWS Key Management Service (AWS KMS)?
What is the primary function of AWS Key Management Service (AWS KMS)?
Signup and view all the answers
Which of the following is NOT a method supported by Multi-Factor Authentication (MFA) in AWS?
Which of the following is NOT a method supported by Multi-Factor Authentication (MFA) in AWS?
Signup and view all the answers
Which of the following is NOT a responsibility of AWS in the shared responsibility model for IAM?
Which of the following is NOT a responsibility of AWS in the shared responsibility model for IAM?
Signup and view all the answers
Which AWS service allows you to encrypt EBS volumes at rest?
Which AWS service allows you to encrypt EBS volumes at rest?
Signup and view all the answers
Which of the following is a key benefit of using EBS Snapshots?
Which of the following is a key benefit of using EBS Snapshots?
Signup and view all the answers
What is the purpose of the 'Delete on Termination' attribute for EBS volumes?
What is the purpose of the 'Delete on Termination' attribute for EBS volumes?
Signup and view all the answers
What is the purpose of an AMI in AWS?
What is the purpose of an AMI in AWS?
Signup and view all the answers
What is a characteristic of GP2 and GP3 EBS volume types?
What is a characteristic of GP2 and GP3 EBS volume types?
Signup and view all the answers
What is a use case for io1 and io2 EBS volume types?
What is a use case for io1 and io2 EBS volume types?
Signup and view all the answers
What is a feature of EBS Multi-attach?
What is a feature of EBS Multi-attach?
Signup and view all the answers
What is the main difference between GP2 and GP3 EBS volume types?
What is the main difference between GP2 and GP3 EBS volume types?
Signup and view all the answers
What is a use case for st1 EBS volume type?
What is a use case for st1 EBS volume type?
Signup and view all the answers
What is a feature of io2 EBS volume type?
What is a feature of io2 EBS volume type?
Signup and view all the answers
What is a characteristic of sc1 EBS volume type?
What is a characteristic of sc1 EBS volume type?
Signup and view all the answers
What is a benefit of using EBS Multi-attach?
What is a benefit of using EBS Multi-attach?
Signup and view all the answers
What is the primary function of connection draining in relation to Load Balancers?
What is the primary function of connection draining in relation to Load Balancers?
Signup and view all the answers
What is the key difference between Application Load Balancers (ALB) and Network Load Balancers (NLB) in terms of cross-zone load balancing?
What is the key difference between Application Load Balancers (ALB) and Network Load Balancers (NLB) in terms of cross-zone load balancing?
Signup and view all the answers
How does Server Name Indication (SNI) improve SSL certificate management on Application Load Balancers (ALBs)?
How does Server Name Indication (SNI) improve SSL certificate management on Application Load Balancers (ALBs)?
Signup and view all the answers
What is the primary purpose of sticky sessions in the context of load balancing?
What is the primary purpose of sticky sessions in the context of load balancing?
Signup and view all the answers
Which type of load balancer supports the use of Application Security Groups to restrict access from load balancer security groups only?
Which type of load balancer supports the use of Application Security Groups to restrict access from load balancer security groups only?
Signup and view all the answers
What is the main purpose of a payload manipulation technique in an Intrusion Detection System (IDS)?
What is the main purpose of a payload manipulation technique in an Intrusion Detection System (IDS)?
Signup and view all the answers
Which of the following is NOT a benefit of using Application Load Balancers (ALB) for cross-zone load balancing?
Which of the following is NOT a benefit of using Application Load Balancers (ALB) for cross-zone load balancing?
Signup and view all the answers
What is the primary advantage of using SSL/TLS certificates with load balancers?
What is the primary advantage of using SSL/TLS certificates with load balancers?
Signup and view all the answers
What is the default time interval for draining an instance in an autoscaling group?
What is the default time interval for draining an instance in an autoscaling group?
Signup and view all the answers
Which component is NOT typically included in a launch template for autoscaling groups?
Which component is NOT typically included in a launch template for autoscaling groups?
Signup and view all the answers
What type of scaling is used when an autoscaling group adjusts based on a CloudWatch alarm?
What type of scaling is used when an autoscaling group adjusts based on a CloudWatch alarm?
Signup and view all the answers
Which of the following scaling policies is an example of dynamic scaling?
Which of the following scaling policies is an example of dynamic scaling?
Signup and view all the answers
What is the primary function of autoscaling groups in the context of EC2 instances?
What is the primary function of autoscaling groups in the context of EC2 instances?
Signup and view all the answers
When configuring an autoscaling group, which parameter defines the minimum number of instances that should be maintained?
When configuring an autoscaling group, which parameter defines the minimum number of instances that should be maintained?
Signup and view all the answers
Which of the following is NOT a characteristic of the autoscaling group?
Which of the following is NOT a characteristic of the autoscaling group?
Signup and view all the answers
In the context of autoscaling, what does 'scheduled scaling' refer to?
In the context of autoscaling, what does 'scheduled scaling' refer to?
Signup and view all the answers
What is the main advantage of using On-demand instances in EC2 pricing?
What is the main advantage of using On-demand instances in EC2 pricing?
Signup and view all the answers
What is a characteristic of Dedicated Hosts in AWS?
What is a characteristic of Dedicated Hosts in AWS?
Signup and view all the answers
Which of the following accurately describes the purpose of Reserved Instances?
Which of the following accurately describes the purpose of Reserved Instances?
Signup and view all the answers
What happens during a cold start in AWS Lambda?
What happens during a cold start in AWS Lambda?
Signup and view all the answers
Which of the following best describes the concept of Savings Plans in EC2?
Which of the following best describes the concept of Savings Plans in EC2?
Signup and view all the answers
In the context of AWS Lambda, what is the role of the Event Object?
In the context of AWS Lambda, what is the role of the Event Object?
Signup and view all the answers
What is a consequence of using Spot Instances for workloads?
What is a consequence of using Spot Instances for workloads?
Signup and view all the answers
Which statement accurately reflects the characteristics of EC2 Instance Connect?
Which statement accurately reflects the characteristics of EC2 Instance Connect?
Signup and view all the answers
What is the primary role of AWS CodeDeploy?
What is the primary role of AWS CodeDeploy?
Signup and view all the answers
Which of the following best describes Vertical Scalability?
Which of the following best describes Vertical Scalability?
Signup and view all the answers
What aspect of AWS CLI allows it to be an alternative to the AWS Management Console?
What aspect of AWS CLI allows it to be an alternative to the AWS Management Console?
Signup and view all the answers
Which statement accurately differentiates Scalability from High Availability?
Which statement accurately differentiates Scalability from High Availability?
Signup and view all the answers
Which AWS service allows for version control and collaboration on code repositories?
Which AWS service allows for version control and collaboration on code repositories?
Signup and view all the answers
What benefit does using Elastic Load Balancing (ELB) provide?
What benefit does using Elastic Load Balancing (ELB) provide?
Signup and view all the answers
What is a primary attribute of the AWS Cloud Development Kit (AWS CDK)?
What is a primary attribute of the AWS Cloud Development Kit (AWS CDK)?
Signup and view all the answers
Which service provides real-time monitoring of resources and applications in AWS?
Which service provides real-time monitoring of resources and applications in AWS?
Signup and view all the answers
Which AWS service is used to monitor and manage applications in real-time, offering insights into performance and health?
Which AWS service is used to monitor and manage applications in real-time, offering insights into performance and health?
Signup and view all the answers
Which AWS service allows you to define and manage infrastructure as code using a declarative language?
Which AWS service allows you to define and manage infrastructure as code using a declarative language?
Signup and view all the answers
Which of the following is NOT a benefit of using AWS CLI?
Which of the following is NOT a benefit of using AWS CLI?
Signup and view all the answers
Which AWS service provides a framework for building and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?
Which AWS service provides a framework for building and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?
Signup and view all the answers
What is the difference between vertical and horizontal scalability?
What is the difference between vertical and horizontal scalability?
Signup and view all the answers
Which AWS service allows you to store and manage log files generated by your applications and infrastructure?
Which AWS service allows you to store and manage log files generated by your applications and infrastructure?
Signup and view all the answers
Which of the following is NOT a suitable use case for Amazon Elastic File System (EFS)?
Which of the following is NOT a suitable use case for Amazon Elastic File System (EFS)?
Signup and view all the answers
What is the key advantage of using Amazon EFS over EC2 Instance Store?
What is the key advantage of using Amazon EFS over EC2 Instance Store?
Signup and view all the answers
Which storage option is most suitable for storing data that is rarely accessed (few times per year)?
Which storage option is most suitable for storing data that is rarely accessed (few times per year)?
Signup and view all the answers
Which of these storage options is suitable for managing content, web serving, and data sharing?
Which of these storage options is suitable for managing content, web serving, and data sharing?
Signup and view all the answers
Which performance mode in Amazon EFS is best for general web site use cases?
Which performance mode in Amazon EFS is best for general web site use cases?
Signup and view all the answers
Which storage option is best for high-performance, low-latency workloads requiring ephemeral storage?
Which storage option is best for high-performance, low-latency workloads requiring ephemeral storage?
Signup and view all the answers
Which of the following statements is true regarding Amazon EFS?
Which of the following statements is true regarding Amazon EFS?
Signup and view all the answers
Which of the following is a key difference between EC2 Instance Store and Amazon EFS?
Which of the following is a key difference between EC2 Instance Store and Amazon EFS?
Signup and view all the answers
What is a major consideration when choosing between Amazon EFS's Bursting and Provisioned throughput modes?
What is a major consideration when choosing between Amazon EFS's Bursting and Provisioned throughput modes?
Signup and view all the answers
Which Amazon EFS storage tier is most suitable for frequently accessed files?
Which Amazon EFS storage tier is most suitable for frequently accessed files?
Signup and view all the answers
What is a major benefit of using AWS CodeBuild?
What is a major benefit of using AWS CodeBuild?
Signup and view all the answers
How does AWS CloudShell differ from traditional command line interfaces?
How does AWS CloudShell differ from traditional command line interfaces?
Signup and view all the answers
What defines the build process in AWS CodeBuild?
What defines the build process in AWS CodeBuild?
Signup and view all the answers
What is a key advantage of using AWS CodeCommit?
What is a key advantage of using AWS CodeCommit?
Signup and view all the answers
Which feature of AWS CodeArtifact is particularly highlighted?
Which feature of AWS CodeArtifact is particularly highlighted?
Signup and view all the answers
What is a characteristic of AWS Amplify's services?
What is a characteristic of AWS Amplify's services?
Signup and view all the answers
Which component is essential for AWS CodeBuild to run builds based on the source code?
Which component is essential for AWS CodeBuild to run builds based on the source code?
Signup and view all the answers
Which statement accurately describes AWS Cloud9?
Which statement accurately describes AWS Cloud9?
Signup and view all the answers
What is one of the main advantages of using Athena compared to S3 Select?
What is one of the main advantages of using Athena compared to S3 Select?
Signup and view all the answers
Which characteristic distinguishes Kinesis Data Streams from SQS?
Which characteristic distinguishes Kinesis Data Streams from SQS?
Signup and view all the answers
Which access method uses access keys for AWS interaction?
Which access method uses access keys for AWS interaction?
Signup and view all the answers
Which of the following statements about Edge Networks is incorrect?
Which of the following statements about Edge Networks is incorrect?
Signup and view all the answers
What functionality does CloudFront provide in relation to edge locations?
What functionality does CloudFront provide in relation to edge locations?
Signup and view all the answers
What is a key difference between Kinesis Data Streams and Kinesis Firehose?
What is a key difference between Kinesis Data Streams and Kinesis Firehose?
Signup and view all the answers
Which of the following statements is true about AWS Athena's billing?
Which of the following statements is true about AWS Athena's billing?
Signup and view all the answers
Which service is necessary to obtain an ordered stream of messages in Kinesis?
Which service is necessary to obtain an ordered stream of messages in Kinesis?
Signup and view all the answers
What is the maximum time you can set for draining an instance before it is terminated in an autoscaling group?
What is the maximum time you can set for draining an instance before it is terminated in an autoscaling group?
Signup and view all the answers
What are the two main types of scaling policies for autoscaling groups?
What are the two main types of scaling policies for autoscaling groups?
Signup and view all the answers
What is the purpose of Launch Templates in AWS Auto Scaling?
What is the purpose of Launch Templates in AWS Auto Scaling?
Signup and view all the answers
Which of these is NOT included in the Launch Template for an autoscaling group?
Which of these is NOT included in the Launch Template for an autoscaling group?
Signup and view all the answers
What is the purpose of a Target Tracking scaling policy?
What is the purpose of a Target Tracking scaling policy?
Signup and view all the answers
What is the benefit of using a Simple scaling policy?
What is the benefit of using a Simple scaling policy?
Signup and view all the answers
What is a key advantage of using AWS Auto Scaling?
What is a key advantage of using AWS Auto Scaling?
Signup and view all the answers
How can you specify the minimum and maximum number of instances in an autoscaling group?
How can you specify the minimum and maximum number of instances in an autoscaling group?
Signup and view all the answers
What is the primary purpose of stickiness in load balancers?
What is the primary purpose of stickiness in load balancers?
Signup and view all the answers
What is the difference between Cross Zone load balancing and normal load balancing?
What is the difference between Cross Zone load balancing and normal load balancing?
Signup and view all the answers
What is the primary purpose of SNI?
What is the primary purpose of SNI?
Signup and view all the answers
What is the primary purpose of connection draining?
What is the primary purpose of connection draining?
Signup and view all the answers
What is the primary benefit of using SSL/TLS certificates with load balancers?
What is the primary benefit of using SSL/TLS certificates with load balancers?
Signup and view all the answers
What is the primary purpose of security groups with load balancers?
What is the primary purpose of security groups with load balancers?
Signup and view all the answers
What is the primary difference between ALB and NLB in terms of cross-zone load balancing?
What is the primary difference between ALB and NLB in terms of cross-zone load balancing?
Signup and view all the answers
What is the primary benefit of using application-based cookies with load balancers?
What is the primary benefit of using application-based cookies with load balancers?
Signup and view all the answers
Which AWS service allows you to manage and audit changes to your AWS infrastructure?
Which AWS service allows you to manage and audit changes to your AWS infrastructure?
Signup and view all the answers
Which of the following is a benefit of using AWS CLI?
Which of the following is a benefit of using AWS CLI?
Signup and view all the answers
Which AWS service provides a framework for building and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?
Which AWS service provides a framework for building and deploying applications on AWS, including tools for project management, source code repository, build automation, and deployment?
Signup and view all the answers
Which AWS service provides a managed load balancer for forwarding traffic to multiple downstream servers?
Which AWS service provides a managed load balancer for forwarding traffic to multiple downstream servers?
Signup and view all the answers
What is the primary function of AWS CodeDeploy?
What is the primary function of AWS CodeDeploy?
Signup and view all the answers
Which of the following is NOT a benefit of using AWS SDK?
Which of the following is NOT a benefit of using AWS SDK?
Signup and view all the answers
Which of the following is a characteristic of horizontal scalability?
Which of the following is a characteristic of horizontal scalability?
Signup and view all the answers
Which of the following AWS services allows you to define and manage infrastructure as code using a declarative language?
Which of the following AWS services allows you to define and manage infrastructure as code using a declarative language?
Signup and view all the answers
Which of the following is NOT a way to establish a connection to the internet at the VPC level?
Which of the following is NOT a way to establish a connection to the internet at the VPC level?
Signup and view all the answers
How does a VPC Flow Log capture information about IP traffic going to instances?
How does a VPC Flow Log capture information about IP traffic going to instances?
Signup and view all the answers
What is the purpose of adding rules to authorize another security group in a VPC?
What is the purpose of adding rules to authorize another security group in a VPC?
Signup and view all the answers
Which of the following is a benefit of using VPC Endpoints to connect EC2 instances to AWS global services?
Which of the following is a benefit of using VPC Endpoints to connect EC2 instances to AWS global services?
Signup and view all the answers
What is the primary function of a Customer Gateway in a VPC?
What is the primary function of a Customer Gateway in a VPC?
Signup and view all the answers
In a three-tier architecture, which tier typically handles user requests and interacts with the database tier?
In a three-tier architecture, which tier typically handles user requests and interacts with the database tier?
Signup and view all the answers
Which of the following is NOT a valid destination for VPC Flow Logs?
Which of the following is NOT a valid destination for VPC Flow Logs?
Signup and view all the answers
What is a key benefit of using Subnet Flow Logs compared to VPC Flow Logs?
What is a key benefit of using Subnet Flow Logs compared to VPC Flow Logs?
Signup and view all the answers
What distinguishes GP3 volumes from GP2 volumes in EBS storage?
What distinguishes GP3 volumes from GP2 volumes in EBS storage?
Signup and view all the answers
Which type of EBS volume is best suited for applications that require sustained IOPS performance?
Which type of EBS volume is best suited for applications that require sustained IOPS performance?
Signup and view all the answers
What is the maximum provisioned IOPS for an io2 EBS volume?
What is the maximum provisioned IOPS for an io2 EBS volume?
Signup and view all the answers
What feature does EBS Multi-attach provide for EC2 instances?
What feature does EBS Multi-attach provide for EC2 instances?
Signup and view all the answers
What is the primary use case for st1 EBS volumes?
What is the primary use case for st1 EBS volumes?
Signup and view all the answers
Which of the following statements about AMIs is true?
Which of the following statements about AMIs is true?
Signup and view all the answers
When using io1 volumes, what is the maximum IOPS to GiB ratio allowed?
When using io1 volumes, what is the maximum IOPS to GiB ratio allowed?
Signup and view all the answers
What differentiates sc1 volumes from st1 volumes?
What differentiates sc1 volumes from st1 volumes?
Signup and view all the answers
What controls the network traffic in a VPC through subnet routing?
What controls the network traffic in a VPC through subnet routing?
Signup and view all the answers
What is a requirement for establishing a VPC peering connection?
What is a requirement for establishing a VPC peering connection?
Signup and view all the answers
Which statement is true regarding security groups in a VPC?
Which statement is true regarding security groups in a VPC?
Signup and view all the answers
What is the primary function of VPC endpoints?
What is the primary function of VPC endpoints?
Signup and view all the answers
Which features of network ACL and security groups differ fundamentally?
Which features of network ACL and security groups differ fundamentally?
Signup and view all the answers
What does the Direct Connect (DX) service provide?
What does the Direct Connect (DX) service provide?
Signup and view all the answers
Which of the following statements about route tables is incorrect?
Which of the following statements about route tables is incorrect?
Signup and view all the answers
What is a key feature of the Site to Site VPC VPN?
What is a key feature of the Site to Site VPC VPN?
Signup and view all the answers
Which of the following pillars of the AWS Well-Architected Framework is concerned with the ability to run and monitor systems to deliver business value?
Which of the following pillars of the AWS Well-Architected Framework is concerned with the ability to run and monitor systems to deliver business value?
Signup and view all the answers
What is the primary benefit of using a regional Amazon S3 bucket?
What is the primary benefit of using a regional Amazon S3 bucket?
Signup and view all the answers
Which AWS service provides a managed relational database service that combines the high performance and availability of commercial-grade relational databases with the simplicity and cost-effectiveness of open-source databases?
Which AWS service provides a managed relational database service that combines the high performance and availability of commercial-grade relational databases with the simplicity and cost-effectiveness of open-source databases?
Signup and view all the answers
What is the primary purpose of Amazon CloudWatch
What is the primary purpose of Amazon CloudWatch
Signup and view all the answers
Which AWS service enables developers to write, run, and debug code quickly and safely in a cloud-based integrated development environment (IDE)?
Which AWS service enables developers to write, run, and debug code quickly and safely in a cloud-based integrated development environment (IDE)?
Signup and view all the answers
What is the primary benefit of using Amazon Elastic Container Service (ECS)?
What is the primary benefit of using Amazon Elastic Container Service (ECS)?
Signup and view all the answers
Which AWS service provides a fully managed service that makes it easy to create, manage, and scale event-driven architectures?
Which AWS service provides a fully managed service that makes it easy to create, manage, and scale event-driven architectures?
Signup and view all the answers
What is the primary purpose of AWS Config?
What is the primary purpose of AWS Config?
Signup and view all the answers
What is a characteristic of an AMI?
What is a characteristic of an AMI?
Signup and view all the answers
What is the main difference between GP2 and GP3 EBS volume types?
What is the main difference between GP2 and GP3 EBS volume types?
Signup and view all the answers
What is the main use case for io1 and io2 EBS volume types?
What is the main use case for io1 and io2 EBS volume types?
Signup and view all the answers
What is the main benefit of EBS Multi-attach?
What is the main benefit of EBS Multi-attach?
Signup and view all the answers
What is the main difference between st1 and sc1 EBS volume types?
What is the main difference between st1 and sc1 EBS volume types?
Signup and view all the answers
What is a key feature of io1 and io2 EBS volume types?
What is a key feature of io1 and io2 EBS volume types?
Signup and view all the answers
What is the main limitation of GP2 EBS volume types?
What is the main limitation of GP2 EBS volume types?
Signup and view all the answers
What is the main benefit of using EBS volume types?
What is the main benefit of using EBS volume types?
Signup and view all the answers
Which state type in Step Functions signifies successful completion of a workflow?
Which state type in Step Functions signifies successful completion of a workflow?
Signup and view all the answers
What is one of the primary uses for EC2 instance types labeled as 'memory optimized'?
What is one of the primary uses for EC2 instance types labeled as 'memory optimized'?
Signup and view all the answers
Which type of task allows concurrent execution of various jobs in AWS Step Functions?
Which type of task allows concurrent execution of various jobs in AWS Step Functions?
Signup and view all the answers
What is a common use case for EC2 User Data scripts'
What is a common use case for EC2 User Data scripts'
Signup and view all the answers
Which of the following state types in AWS Step Functions is used for conditional logic?
Which of the following state types in AWS Step Functions is used for conditional logic?
Signup and view all the answers
What benefits do Compute optimized EC2 instances provide?
What benefits do Compute optimized EC2 instances provide?
Signup and view all the answers
What happens to the EC2 instance's User Data script during subsequent restarts?
What happens to the EC2 instance's User Data script during subsequent restarts?
Signup and view all the answers
How can AWS Step Functions enhance workflows in a serverless architecture?
How can AWS Step Functions enhance workflows in a serverless architecture?
Signup and view all the answers
Which condition can trigger cache eviction?
Which condition can trigger cache eviction?
Signup and view all the answers
What is a primary advantage of using Amazon RDS over EC2 for database management?
What is a primary advantage of using Amazon RDS over EC2 for database management?
Signup and view all the answers
Which of the following statements about RDS read replicas is accurate?
Which of the following statements about RDS read replicas is accurate?
Signup and view all the answers
What is the main feature of Amazon RDS Proxy?
What is the main feature of Amazon RDS Proxy?
Signup and view all the answers
What is the purpose of the Time to Live (TTL) in caching?
What is the purpose of the Time to Live (TTL) in caching?
Signup and view all the answers
When converting an unencrypted RDS database to an encrypted one, which is the correct method?
When converting an unencrypted RDS database to an encrypted one, which is the correct method?
Signup and view all the answers
Which use case is most suitable for implementing read replicas?
Which use case is most suitable for implementing read replicas?
Signup and view all the answers
How does scaling out or scaling up affect cache eviction due to memory limits?
How does scaling out or scaling up affect cache eviction due to memory limits?
Signup and view all the answers
What is the main advantage of using Amazon Elastic File System (EFS) over EC2 Instance Store for applications requiring high availability and scalability?
What is the main advantage of using Amazon Elastic File System (EFS) over EC2 Instance Store for applications requiring high availability and scalability?
Signup and view all the answers
Which of the following is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?
Which of the following is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?
Signup and view all the answers
Which storage tier in Amazon EFS is most cost-effective for data that is rarely accessed (few times per year)?
Which storage tier in Amazon EFS is most cost-effective for data that is rarely accessed (few times per year)?
Signup and view all the answers
Which of the following is NOT a suitable use case for Amazon Elastic File System (EFS)?
Which of the following is NOT a suitable use case for Amazon Elastic File System (EFS)?
Signup and view all the answers
What is the primary benefit of using lifecycle policies with Amazon EFS?
What is the primary benefit of using lifecycle policies with Amazon EFS?
Signup and view all the answers
Which of the following statements about Amazon Elastic File System (EFS) is TRUE?
Which of the following statements about Amazon Elastic File System (EFS) is TRUE?
Signup and view all the answers
Which of the following is NOT a characteristic of Amazon Elastic File System (EFS)?
Which of the following is NOT a characteristic of Amazon Elastic File System (EFS)?
Signup and view all the answers
What is the main reason for choosing the 'Max IO' performance mode for Amazon EFS?
What is the main reason for choosing the 'Max IO' performance mode for Amazon EFS?
Signup and view all the answers
What is the primary function of a route table in a VPC?
What is the primary function of a route table in a VPC?
Signup and view all the answers
What is a key requirement for VPC peering connections?
What is a key requirement for VPC peering connections?
Signup and view all the answers
What is the primary benefit of using VPC Endpoints?
What is the primary benefit of using VPC Endpoints?
Signup and view all the answers
What is the primary function of a Network ACL?
What is the primary function of a Network ACL?
Signup and view all the answers
What is a key characteristic of Security Groups?
What is a key characteristic of Security Groups?
Signup and view all the answers
What is the primary function of a VPC Endpoint?
What is the primary function of a VPC Endpoint?
Signup and view all the answers
What is the primary benefit of using Site-to-Site VPN?
What is the primary benefit of using Site-to-Site VPN?
Signup and view all the answers
What is the primary function of Direct Connect?
What is the primary function of Direct Connect?
Signup and view all the answers
What is a characteristic of an AMI?
What is a characteristic of an AMI?
Signup and view all the answers
What is the main difference between GP2 and GP3 EBS volume types?
What is the main difference between GP2 and GP3 EBS volume types?
Signup and view all the answers
What is a suitable use case for io1/io2 EBS volume types?
What is a suitable use case for io1/io2 EBS volume types?
Signup and view all the answers
What is the EBS Multi-attach feature used for?
What is the EBS Multi-attach feature used for?
Signup and view all the answers
What type of EBS volume is suitable for big data, data warehouses, and log processing?
What type of EBS volume is suitable for big data, data warehouses, and log processing?
Signup and view all the answers
What is the maximum IOPS for an io1 EBS volume type?
What is the maximum IOPS for an io1 EBS volume type?
Signup and view all the answers
What is the primary benefit of using io2 EBS volume types?
What is the primary benefit of using io2 EBS volume types?
Signup and view all the answers
What is the primary use case for sc1 EBS volume types?
What is the primary use case for sc1 EBS volume types?
Signup and view all the answers
What is the purpose of an EC2 User Data script?
What is the purpose of an EC2 User Data script?
Signup and view all the answers
What is the primary function of Amazon SNS (Simple Notification Service)?
What is the primary function of Amazon SNS (Simple Notification Service)?
Signup and view all the answers
Which of the following is NOT a state type available in AWS Step Functions?
Which of the following is NOT a state type available in AWS Step Functions?
Signup and view all the answers
Which EC2 instance type is designed for high-performance databases with memory-intensive workloads?
Which EC2 instance type is designed for high-performance databases with memory-intensive workloads?
Signup and view all the answers
What is a key benefit of using Amazon SQS (Simple Queue Service) for message queues compared to Amazon SNS?
What is a key benefit of using Amazon SQS (Simple Queue Service) for message queues compared to Amazon SNS?
Signup and view all the answers
What is the primary purpose of AWS AppSync?
What is the primary purpose of AWS AppSync?
Signup and view all the answers
Which AWS service is used to manage the flow and execution of lambda functions in a serverless environment?
Which AWS service is used to manage the flow and execution of lambda functions in a serverless environment?
Signup and view all the answers
Which of these is a key difference between a standard SQS queue and a FIFO (First-In, First-Out) SQS queue?
Which of these is a key difference between a standard SQS queue and a FIFO (First-In, First-Out) SQS queue?
Signup and view all the answers
Which AWS service allows you to connect EC2 instances within a VPC to services like AWS Lambda or S3 without internet traffic?
Which AWS service allows you to connect EC2 instances within a VPC to services like AWS Lambda or S3 without internet traffic?
Signup and view all the answers
What is the purpose of a Customer Gateway in AWS VPC?
What is the purpose of a Customer Gateway in AWS VPC?
Signup and view all the answers
How can you authorize communication between EC2 instances in different security groups within a VPC?
How can you authorize communication between EC2 instances in different security groups within a VPC?
Signup and view all the answers
What is the purpose of VPC Flow Logs?
What is the purpose of VPC Flow Logs?
Signup and view all the answers
Which of the following is a valid destination for VPC Flow Logs?
Which of the following is a valid destination for VPC Flow Logs?
Signup and view all the answers
What is the main benefit of using VPC Endpoints compared to connecting EC2 instances directly to the internet?
What is the main benefit of using VPC Endpoints compared to connecting EC2 instances directly to the internet?
Signup and view all the answers
Which of the following is NOT a valid use case for a three-tier architecture in AWS?
Which of the following is NOT a valid use case for a three-tier architecture in AWS?
Signup and view all the answers
What is the primary function of an Internet Gateway in AWS VPC?
What is the primary function of an Internet Gateway in AWS VPC?
Signup and view all the answers
What is the main function of scaling cooldowns in a cloud environment?
What is the main function of scaling cooldowns in a cloud environment?
Signup and view all the answers
Which of the following statements about NAT devices is correct?
Which of the following statements about NAT devices is correct?
Signup and view all the answers
What does the CIDR notation /28 represent in terms of IP addresses?
What does the CIDR notation /28 represent in terms of IP addresses?
Signup and view all the answers
What configuration is automatically provisioned by DHCP options set in AWS?
What configuration is automatically provisioned by DHCP options set in AWS?
Signup and view all the answers
Which of the following is true regarding the limitations of a private subnet within a VPC?
Which of the following is true regarding the limitations of a private subnet within a VPC?
Signup and view all the answers
Why is it important to specify a minimum healthy percentage during instance refresh?
Why is it important to specify a minimum healthy percentage during instance refresh?
Signup and view all the answers
In which scenario would using a VPC be unsuitable?
In which scenario would using a VPC be unsuitable?
Signup and view all the answers
What is the primary reason for using predictive scaling?
What is the primary reason for using predictive scaling?
Signup and view all the answers
What is the primary focus of the Operational Excellence pillar in the AWS Well-Architected Framework?
What is the primary focus of the Operational Excellence pillar in the AWS Well-Architected Framework?
Signup and view all the answers
What is the main benefit of using Amazon Elastic Container Service (Amazon ECS) over Amazon Elastic Container Registry (Amazon ECR)?
What is the main benefit of using Amazon Elastic Container Service (Amazon ECS) over Amazon Elastic Container Registry (Amazon ECR)?
Signup and view all the answers
Which of the following AWS services is primarily used for real-time data processing and analysis?
Which of the following AWS services is primarily used for real-time data processing and analysis?
Signup and view all the answers
What is the main advantage of using Amazon Aurora over Amazon RDS?
What is the main advantage of using Amazon Aurora over Amazon RDS?
Signup and view all the answers
Which of the following is a key characteristic of a highly available architecture in AWS?
Which of the following is a key characteristic of a highly available architecture in AWS?
Signup and view all the answers
What is the primary purpose of AWS CloudTrail?
What is the primary purpose of AWS CloudTrail?
Signup and view all the answers
Which of the following AWS services is primarily used for building, testing, and deploying software?
Which of the following AWS services is primarily used for building, testing, and deploying software?
Signup and view all the answers
What is the main benefit of using Amazon Elastic File System (EFS) over Amazon S3?
What is the main benefit of using Amazon Elastic File System (EFS) over Amazon S3?
Signup and view all the answers
Which of the following statements about Teradata applications are TRUE? (Select all that apply)
Which of the following statements about Teradata applications are TRUE? (Select all that apply)
Signup and view all the answers
Which of the following is a suitable use case for Amazon EFS?
Which of the following is a suitable use case for Amazon EFS?
Signup and view all the answers
What is a key advantage of using Amazon EFS over EC2 Instance Store?
What is a key advantage of using Amazon EFS over EC2 Instance Store?
Signup and view all the answers
Which of the following is NOT a characteristic of Amazon EFS?
Which of the following is NOT a characteristic of Amazon EFS?
Signup and view all the answers
Which storage tier in Amazon EFS is designed for rarely accessed data (few times per year)?
Which storage tier in Amazon EFS is designed for rarely accessed data (few times per year)?
Signup and view all the answers
What is the purpose of a scaling cooldown period in cloud scaling activities?
What is the purpose of a scaling cooldown period in cloud scaling activities?
Signup and view all the answers
What is the main benefit of using lifecycle policies with Amazon EFS?
What is the main benefit of using lifecycle policies with Amazon EFS?
Signup and view all the answers
What is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?
What is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?
Signup and view all the answers
Which statement accurately describes a private subnet within a VPC?
Which statement accurately describes a private subnet within a VPC?
Signup and view all the answers
Which of the following statements about EC2 Instance Store is TRUE?
Which of the following statements about EC2 Instance Store is TRUE?
Signup and view all the answers
What is the role of NAT Devices in a VPC environment?
What is the role of NAT Devices in a VPC environment?
Signup and view all the answers
What does an Instance Refresh in a VPC accomplish?
What does an Instance Refresh in a VPC accomplish?
Signup and view all the answers
What is the significance of CIDR blocks in a VPC configuration?
What is the significance of CIDR blocks in a VPC configuration?
Signup and view all the answers
Which description best represents a NAT Gateway compared to a NAT Instance?
Which description best represents a NAT Gateway compared to a NAT Instance?
Signup and view all the answers
What is a key benefit of using DHCP options in a VPC?
What is a key benefit of using DHCP options in a VPC?
Signup and view all the answers
Which statement about VPC subnets is false?
Which statement about VPC subnets is false?
Signup and view all the answers
What type of health check does the Elastic Load Balancer (ELB) perform?
What type of health check does the Elastic Load Balancer (ELB) perform?
Signup and view all the answers
Which feature is unique to the Application Load Balancer (ALB)?
Which feature is unique to the Application Load Balancer (ALB)?
Signup and view all the answers
What protocol is supported by the Network Load Balancer (NLB)?
What protocol is supported by the Network Load Balancer (NLB)?
Signup and view all the answers
What is a primary feature of the Gateway Load Balancer (GWLB)?
What is a primary feature of the Gateway Load Balancer (GWLB)?
Signup and view all the answers
What is a notable capability of Application Load Balancers concerning redirection?
What is a notable capability of Application Load Balancers concerning redirection?
Signup and view all the answers
Which load balancer is best suited for applications that require high throughput and low latency?
Which load balancer is best suited for applications that require high throughput and low latency?
Signup and view all the answers
Which of the following load balancer types is specifically mentioned as being replaced in capabilities?
Which of the following load balancer types is specifically mentioned as being replaced in capabilities?
Signup and view all the answers
What is a common feature between the Application Load Balancer and Network Load Balancer in terms of session management?
What is a common feature between the Application Load Balancer and Network Load Balancer in terms of session management?
Signup and view all the answers
Which statement about route tables in a VPC is accurate?
Which statement about route tables in a VPC is accurate?
Signup and view all the answers
What is a requirement for establishing a VPC peering connection?
What is a requirement for establishing a VPC peering connection?
Signup and view all the answers
Which of the following is a feature of Security Groups in a VPC?
Which of the following is a feature of Security Groups in a VPC?
Signup and view all the answers
Which statement about VPC endpoints is true?
Which statement about VPC endpoints is true?
Signup and view all the answers
What describes the main functionality of Direct Connect (DX)?
What describes the main functionality of Direct Connect (DX)?
Signup and view all the answers
What capability does a Network ACL provide in a VPC?
What capability does a Network ACL provide in a VPC?
Signup and view all the answers
In terms of traffic management, how do VPC Security Groups differ from Network ACLs?
In terms of traffic management, how do VPC Security Groups differ from Network ACLs?
Signup and view all the answers
What is a unique characteristic of VPC peering connections?
What is a unique characteristic of VPC peering connections?
Signup and view all the answers
What is the main difference between Lazy loading and Write Through caching design patterns?
What is the main difference between Lazy loading and Write Through caching design patterns?
Signup and view all the answers
What is a limitation of using Memcached compared to Redis?
What is a limitation of using Memcached compared to Redis?
Signup and view all the answers
What is the primary benefit of using Lazy loading caching design pattern?
What is the primary benefit of using Lazy loading caching design pattern?
Signup and view all the answers
What is a characteristic of Write Through caching design pattern?
What is a characteristic of Write Through caching design pattern?
Signup and view all the answers
Which caching technology supports Sets and Sorted Sets?
Which caching technology supports Sets and Sorted Sets?
Signup and view all the answers
What is the maximum number of read replicas for an Elasticache Redis cluster with cluster-mode disabled?
What is the maximum number of read replicas for an Elasticache Redis cluster with cluster-mode disabled?
Signup and view all the answers
Which caching design pattern involves checking if cached data is present, and loading from the database if not?
Which caching design pattern involves checking if cached data is present, and loading from the database if not?
Signup and view all the answers
What is a benefit of using Cache-Aside caching design pattern?
What is a benefit of using Cache-Aside caching design pattern?
Signup and view all the answers
Which of these scenarios benefit from enabling sticky sessions on a load balancer?
Which of these scenarios benefit from enabling sticky sessions on a load balancer?
Signup and view all the answers
Which load balancer type allows you to disable cross-zone load balancing at the target group level, without incurring charges for inter-AZ data transfer?
Which load balancer type allows you to disable cross-zone load balancing at the target group level, without incurring charges for inter-AZ data transfer?
Signup and view all the answers
What is the primary purpose of using a default certificate on an HTTPS listener for an Application Load Balancer (ALB)?
What is the primary purpose of using a default certificate on an HTTPS listener for an Application Load Balancer (ALB)?
Signup and view all the answers
Which of these techniques helps address the challenge of managing multiple SSL certificates for different domains on a single web server?
Which of these techniques helps address the challenge of managing multiple SSL certificates for different domains on a single web server?
Signup and view all the answers
Which of these describes the concept of connection draining in the context of load balancer target group instances?
Which of these describes the concept of connection draining in the context of load balancer target group instances?
Signup and view all the answers
Which of the following is a key benefit of using an Application Security Group (ASG) in conjunction with a load balancer?
Which of the following is a key benefit of using an Application Security Group (ASG) in conjunction with a load balancer?
Signup and view all the answers
Which of the following statements about AWS Certificate Manager (ACM) is TRUE?
Which of the following statements about AWS Certificate Manager (ACM) is TRUE?
Signup and view all the answers
What is the primary purpose of using a Network Load Balancer (NLB) in an AWS environment?
What is the primary purpose of using a Network Load Balancer (NLB) in an AWS environment?
Signup and view all the answers
What is the primary role of Step Functions in AWS?
What is the primary role of Step Functions in AWS?
Signup and view all the answers
Which of the following EC2 instance types is optimized for high-performance databases?
Which of the following EC2 instance types is optimized for high-performance databases?
Signup and view all the answers
Which state type in Step Functions is used to introduce a delay in execution?
Which state type in Step Functions is used to introduce a delay in execution?
Signup and view all the answers
What type of EC2 User Data script is run during the first launch of an instance?
What type of EC2 User Data script is run during the first launch of an instance?
Signup and view all the answers
What does the 'Map' state type in Step Functions facilitate?
What does the 'Map' state type in Step Functions facilitate?
Signup and view all the answers
Which configuration does NOT pertain to EC2 instance sizing options?
Which configuration does NOT pertain to EC2 instance sizing options?
Signup and view all the answers
Which of the following is a characteristic of the 'Choice' state in Step Functions?
Which of the following is a characteristic of the 'Choice' state in Step Functions?
Signup and view all the answers
Which EC2 instance type naming convention indicates it is memory optimized?
Which EC2 instance type naming convention indicates it is memory optimized?
Signup and view all the answers
What is a distinguishing feature of Amazon DynamoDB compared to traditional databases?
What is a distinguishing feature of Amazon DynamoDB compared to traditional databases?
Signup and view all the answers
What is the primary advantage of using the Writer and Reader endpoints provided by a data service?
What is the primary advantage of using the Writer and Reader endpoints provided by a data service?
Signup and view all the answers
Which statement is true about Amazon ElastiCache?
Which statement is true about Amazon ElastiCache?
Signup and view all the answers
How does caching improve the performance of applications utilizing in-memory databases?
How does caching improve the performance of applications utilizing in-memory databases?
Signup and view all the answers
What must be modified in application code to effectively utilize caching with Amazon ElastiCache?
What must be modified in application code to effectively utilize caching with Amazon ElastiCache?
Signup and view all the answers
What is the expected behavior when an application experiences a cache miss?
What is the expected behavior when an application experiences a cache miss?
Signup and view all the answers
Why is high availability important for data management services such as those mentioned?
Why is high availability important for data management services such as those mentioned?
Signup and view all the answers
What primary role does the connection load balancer play in the context of the Reader endpoint?
What primary role does the connection load balancer play in the context of the Reader endpoint?
Signup and view all the answers
Which of the following statements accurately describes the role of IAM policies in AWS security?
Which of the following statements accurately describes the role of IAM policies in AWS security?
Signup and view all the answers
What is the significance of the 'Effect' element within an IAM policy statement?
What is the significance of the 'Effect' element within an IAM policy statement?
Signup and view all the answers
Which of the following scenarios BEST illustrates the concept of the 'Principle of Least Privilege' in AWS IAM?
Which of the following scenarios BEST illustrates the concept of the 'Principle of Least Privilege' in AWS IAM?
Signup and view all the answers
Which of the following statements regarding AWS IAM Roles is CORRECT?
Which of the following statements regarding AWS IAM Roles is CORRECT?
Signup and view all the answers
What is the primary function of the 'Resource' element within an IAM policy statement?
What is the primary function of the 'Resource' element within an IAM policy statement?
Signup and view all the answers
In an IAM policy, which of the following elements is OPTIONAL?
In an IAM policy, which of the following elements is OPTIONAL?
Signup and view all the answers
Which of the following statements BEST explains the purpose of the 'Principal' element within an IAM policy statement?
Which of the following statements BEST explains the purpose of the 'Principal' element within an IAM policy statement?
Signup and view all the answers
Which of the following is a key benefit of using IAM Groups in AWS security?
Which of the following is a key benefit of using IAM Groups in AWS security?
Signup and view all the answers
What is a key consideration when setting up a password policy in IAM?
What is a key consideration when setting up a password policy in IAM?
Signup and view all the answers
What is the primary benefit of using IAM Access Advisor?
What is the primary benefit of using IAM Access Advisor?
Signup and view all the answers
What is a key characteristic of an EBS volume?
What is a key characteristic of an EBS volume?
Signup and view all the answers
What is the primary use case for AWS Key Management Service (AWS KMS)?
What is the primary use case for AWS Key Management Service (AWS KMS)?
Signup and view all the answers
What is the primary function of AWS Security Token Service (AWS STS)?
What is the primary function of AWS Security Token Service (AWS STS)?
Signup and view all the answers
What is the primary benefit of using EBS Snapshots?
What is the primary benefit of using EBS Snapshots?
Signup and view all the answers
What is the primary purpose of MFA in AWS?
What is the primary purpose of MFA in AWS?
Signup and view all the answers
What is the primary responsibility of the user in the Shared Responsibility Model of IAM?
What is the primary responsibility of the user in the Shared Responsibility Model of IAM?
Signup and view all the answers
Which AWS service provides a managed caching service, offering high performance, scalability, and in-memory data storage, supporting both Redis and Memcached?
Which AWS service provides a managed caching service, offering high performance, scalability, and in-memory data storage, supporting both Redis and Memcached?
Signup and view all the answers
Which of the following AWS pricing models offers the most cost savings for a long-running workload with a consistent usage pattern, but requires a commitment to a specific amount of usage?
Which of the following AWS pricing models offers the most cost savings for a long-running workload with a consistent usage pattern, but requires a commitment to a specific amount of usage?
Signup and view all the answers
Which AWS service offers the ability to manage and deploy your applications in a serverless environment, allowing you to focus on code development rather than infrastructure management?
Which AWS service offers the ability to manage and deploy your applications in a serverless environment, allowing you to focus on code development rather than infrastructure management?
Signup and view all the answers
What is the benefit of using the "Context Reuse" feature in AWS Lambda?
What is the benefit of using the "Context Reuse" feature in AWS Lambda?
Signup and view all the answers
Which of the following is NOT a benefit of using Dedicated Instances in AWS EC2?
Which of the following is NOT a benefit of using Dedicated Instances in AWS EC2?
Signup and view all the answers
In AWS Lambda, what is the purpose of the "Event Object"?
In AWS Lambda, what is the purpose of the "Event Object"?
Signup and view all the answers
What is a primary advantage of using "Spot Instances" in AWS EC2?
What is a primary advantage of using "Spot Instances" in AWS EC2?
Signup and view all the answers
Which of the following AWS services is NOT directly related to managing and deploying applications in a serverless environment?
Which of the following AWS services is NOT directly related to managing and deploying applications in a serverless environment?
Signup and view all the answers
Which of the following statements accurately describes the advantages of using Lambda Layers?
Which of the following statements accurately describes the advantages of using Lambda Layers?
Signup and view all the answers
Which type of AWS Step Function state is specifically designed to perform a single unit of work?
Which type of AWS Step Function state is specifically designed to perform a single unit of work?
Signup and view all the answers
What is a key feature of the EC2 User Data script during instance initialization?
What is a key feature of the EC2 User Data script during instance initialization?
Signup and view all the answers
Which state type in AWS Step Functions is used to implement an if-then-else logic?
Which state type in AWS Step Functions is used to implement an if-then-else logic?
Signup and view all the answers
For which use case is a Compute Optimized EC2 instance type most suitable?
For which use case is a Compute Optimized EC2 instance type most suitable?
Signup and view all the answers
Which of the following correctly describes the 'Map' state in AWS Step Functions?
Which of the following correctly describes the 'Map' state in AWS Step Functions?
Signup and view all the answers
What characteristic does an EC2 Instance store have that differentiates it from EBS and EFS?
What characteristic does an EC2 Instance store have that differentiates it from EBS and EFS?
Signup and view all the answers
Which statement about 'Fail' and 'Succeed' states in AWS Step Functions is accurate?
Which statement about 'Fail' and 'Succeed' states in AWS Step Functions is accurate?
Signup and view all the answers
What does the naming convention 'm5.2xlarge' tell you about the EC2 instance type?
What does the naming convention 'm5.2xlarge' tell you about the EC2 instance type?
Signup and view all the answers
What is a key benefit of using Amazon DynamoDB compared to Amazon RDS for a database-driven application?
What is a key benefit of using Amazon DynamoDB compared to Amazon RDS for a database-driven application?
Signup and view all the answers
Which statement accurately describes the Writer Endpoint functionality in the context of Amazon RDS?
Which statement accurately describes the Writer Endpoint functionality in the context of Amazon RDS?
Signup and view all the answers
What is the primary advantage of using Amazon ElastiCache (Redis) over Amazon RDS for read-intensive workloads?
What is the primary advantage of using Amazon ElastiCache (Redis) over Amazon RDS for read-intensive workloads?
Signup and view all the answers
Which scenario best illustrates a use case where Amazon ElastiCache (Memcached) would be an effective solution?
Which scenario best illustrates a use case where Amazon ElastiCache (Memcached) would be an effective solution?
Signup and view all the answers
What is the main challenge associated with using Amazon ElastiCache to enhance application performance?
What is the main challenge associated with using Amazon ElastiCache to enhance application performance?
Signup and view all the answers
Which statement best describes the concept of 'Cache Miss' when using Amazon ElastiCache?
Which statement best describes the concept of 'Cache Miss' when using Amazon ElastiCache?
Signup and view all the answers
What is a key advantage of using Amazon ElastiCache (Redis) for session management in a web application?
What is a key advantage of using Amazon ElastiCache (Redis) for session management in a web application?
Signup and view all the answers
How does Amazon RDS differ from Amazon DynamoDB in terms of its data model?
How does Amazon RDS differ from Amazon DynamoDB in terms of its data model?
Signup and view all the answers
What is the primary focus of the Operational Excellence pillar in the AWS Well-Architected Framework?
What is the primary focus of the Operational Excellence pillar in the AWS Well-Architected Framework?
Signup and view all the answers
What is the main benefit of using Amazon Aurora's writer/reader endpoint?
What is the main benefit of using Amazon Aurora's writer/reader endpoint?
Signup and view all the answers
What is the primary advantage of using AWS CodeCommit over other version control systems?
What is the primary advantage of using AWS CodeCommit over other version control systems?
Signup and view all the answers
What is the main purpose of AWS CloudWatch Logs?
What is the main purpose of AWS CloudWatch Logs?
Signup and view all the answers
What is the primary benefit of using Amazon ElastiCache with Redis?
What is the primary benefit of using Amazon ElastiCache with Redis?
Signup and view all the answers
What is the main advantage of using AWS Lambda over EC2 instances?
What is the main advantage of using AWS Lambda over EC2 instances?
Signup and view all the answers
What is the primary purpose of AWS X-Ray?
What is the primary purpose of AWS X-Ray?
Signup and view all the answers
What is the main benefit of using AWS CloudFormation over manual infrastructure deployment?
What is the main benefit of using AWS CloudFormation over manual infrastructure deployment?
Signup and view all the answers
What is the primary benefit of using a Virtual Private Gateway in a VPC?
What is the primary benefit of using a Virtual Private Gateway in a VPC?
Signup and view all the answers
What is the purpose of a Subnet flow log in a VPC?
What is the purpose of a Subnet flow log in a VPC?
Signup and view all the answers
What is the benefit of using a Three-Tier Architecture in a VPC?
What is the benefit of using a Three-Tier Architecture in a VPC?
Signup and view all the answers
What is the primary purpose of VPC Flow logs?
What is the primary purpose of VPC Flow logs?
Signup and view all the answers
What is the benefit of using a VPC Endpoint for AWS services?
What is the benefit of using a VPC Endpoint for AWS services?
Signup and view all the answers
What is the primary purpose of a Customer Gateway?
What is the primary purpose of a Customer Gateway?
Signup and view all the answers
What is the benefit of adding rules to authorize another security group in a VPC?
What is the benefit of adding rules to authorize another security group in a VPC?
Signup and view all the answers
What is the primary purpose of an Elastic Network Interface Flow log in a VPC?
What is the primary purpose of an Elastic Network Interface Flow log in a VPC?
Signup and view all the answers
What is the primary benefit of using IAM Access Advisor in AWS?
What is the primary benefit of using IAM Access Advisor in AWS?
Signup and view all the answers
What is the key difference between a User and a Group in IAM?
What is the key difference between a User and a Group in IAM?
Signup and view all the answers
What is the purpose of the Principal element in an IAM policy?
What is the purpose of the Principal element in an IAM policy?
Signup and view all the answers
What is the benefit of using roles in IAM?
What is the benefit of using roles in IAM?
Signup and view all the answers
What is the purpose of a Condition element in an IAM policy?
What is the purpose of a Condition element in an IAM policy?
Signup and view all the answers
What is the main advantage of using Amazon Cognito?
What is the main advantage of using Amazon Cognito?
Signup and view all the answers
What is the purpose of AWS Certificate Manager (ACM)?
What is the purpose of AWS Certificate Manager (ACM)?
Signup and view all the answers
What is the principle of least privilege in IAM?
What is the principle of least privilege in IAM?
Signup and view all the answers
What is the primary purpose of scaling cooldowns in a scaling activity?
What is the primary purpose of scaling cooldowns in a scaling activity?
Signup and view all the answers
Which statement accurately describes a private subnet within an Amazon VPC?
Which statement accurately describes a private subnet within an Amazon VPC?
Signup and view all the answers
What does the CIDR block notation /16 signify in an Amazon VPC?
What does the CIDR block notation /16 signify in an Amazon VPC?
Signup and view all the answers
What is the primary distinction between NAT instances and NAT gateways?
What is the primary distinction between NAT instances and NAT gateways?
Signup and view all the answers
What happens to EC2 instances when an instance refresh is executed?
What happens to EC2 instances when an instance refresh is executed?
Signup and view all the answers
What role does DHCP options set serve in an Amazon VPC?
What role does DHCP options set serve in an Amazon VPC?
Signup and view all the answers
What is the consequence of reserving the first four and last IP addresses in a CIDR block for Amazon?
What is the consequence of reserving the first four and last IP addresses in a CIDR block for Amazon?
Signup and view all the answers
How does a NAT device function within a private subnet of a VPC?
How does a NAT device function within a private subnet of a VPC?
Signup and view all the answers
What is the role of a route table within a VPC?
What is the role of a route table within a VPC?
Signup and view all the answers
Which statement about VPC peering connections is true?
Which statement about VPC peering connections is true?
Signup and view all the answers
What is a key characteristic of security groups in a VPC?
What is a key characteristic of security groups in a VPC?
Signup and view all the answers
Which of the following best describes Network ACLs?
Which of the following best describes Network ACLs?
Signup and view all the answers
What are VPC endpoints mainly used for?
What are VPC endpoints mainly used for?
Signup and view all the answers
What is the primary function of Direct Connect (DX) within a VPC context?
What is the primary function of Direct Connect (DX) within a VPC context?
Signup and view all the answers
What traffic management capabilities does a route table provide within a subnet?
What traffic management capabilities does a route table provide within a subnet?
Signup and view all the answers
Which characteristic is NOT true regarding site-to-site VPN connections?
Which characteristic is NOT true regarding site-to-site VPN connections?
Signup and view all the answers
What is the maximum number of read replicas for an Elasticache Redis cluster with cluster-mode disabled?
What is the maximum number of read replicas for an Elasticache Redis cluster with cluster-mode disabled?
Signup and view all the answers
What is the primary advantage of using the Write Through caching design pattern?
What is the primary advantage of using the Write Through caching design pattern?
Signup and view all the answers
What is a limitation of Memcached compared to Redis?
What is a limitation of Memcached compared to Redis?
Signup and view all the answers
Which caching design pattern involves checking if cached data is present, and loading from the database if not?
Which caching design pattern involves checking if cached data is present, and loading from the database if not?
Signup and view all the answers
What is a benefit of using the Lazy loading caching design pattern?
What is a benefit of using the Lazy loading caching design pattern?
Signup and view all the answers
Which caching technology supports Multi-AZ with Auto-failover?
Which caching technology supports Multi-AZ with Auto-failover?
Signup and view all the answers
What is a characteristic of the Cache-Aside caching design pattern?
What is a characteristic of the Cache-Aside caching design pattern?
Signup and view all the answers
Which caching technology does not support high availability?
Which caching technology does not support high availability?
Signup and view all the answers
What is the purpose of "Connection Draining" in relation to load balancers?
What is the purpose of "Connection Draining" in relation to load balancers?
Signup and view all the answers
What is the primary function of "Sticky Sessions" in a load balancer setup?
What is the primary function of "Sticky Sessions" in a load balancer setup?
Signup and view all the answers
Which of the following statements accurately describes how SSL/TLS certificates are managed in AWS Load Balancers?
Which of the following statements accurately describes how SSL/TLS certificates are managed in AWS Load Balancers?
Signup and view all the answers
What is the primary purpose of "Server Name Indication (SNI)" in the context of AWS Load Balancers?
What is the primary purpose of "Server Name Indication (SNI)" in the context of AWS Load Balancers?
Signup and view all the answers
Which load balancer type allows you to disable cross-zone load balancing at the target group level?
Which load balancer type allows you to disable cross-zone load balancing at the target group level?
Signup and view all the answers
Which of the following statements accurately describes the behavior of a load balancer with cross-zone load balancing disabled?
Which of the following statements accurately describes the behavior of a load balancer with cross-zone load balancing disabled?
Signup and view all the answers
Which of the following statements accurately describes the impact of enabling "Stickiness" on load balancer behavior?
Which of the following statements accurately describes the impact of enabling "Stickiness" on load balancer behavior?
Signup and view all the answers
Which of the following is NOT a valid use case for "Stickiness" in load balancing?
Which of the following is NOT a valid use case for "Stickiness" in load balancing?
Signup and view all the answers
What must be true for two VPCs to establish a peering connection?
What must be true for two VPCs to establish a peering connection?
Signup and view all the answers
What is a key characteristic of Security Groups in AWS?
What is a key characteristic of Security Groups in AWS?
Signup and view all the answers
Which statement correctly describes the functionality of VPC Endpoints?
Which statement correctly describes the functionality of VPC Endpoints?
Signup and view all the answers
How does a Network ACL differ from a Security Group in AWS?
How does a Network ACL differ from a Security Group in AWS?
Signup and view all the answers
Which of the following is NOT a feature of Route Tables in a VPC?
Which of the following is NOT a feature of Route Tables in a VPC?
Signup and view all the answers
What is a limitation of VPC peering connections?
What is a limitation of VPC peering connections?
Signup and view all the answers
What is the primary benefit of using Direct Connect (DX)?
What is the primary benefit of using Direct Connect (DX)?
Signup and view all the answers
Which of the following statements about Site-to-Site VPN is true?
Which of the following statements about Site-to-Site VPN is true?
Signup and view all the answers
What is a specific purpose of the 'Wait' state type in Step Functions?
What is a specific purpose of the 'Wait' state type in Step Functions?
Signup and view all the answers
Which EC2 instance characteristic does NOT influence its performance?
Which EC2 instance characteristic does NOT influence its performance?
Signup and view all the answers
Which of the following states in Step Functions is responsible for running a single unit of work?
Which of the following states in Step Functions is responsible for running a single unit of work?
Signup and view all the answers
Which EC2 instance type is best suited for media transcoding and batch processing?
Which EC2 instance type is best suited for media transcoding and batch processing?
Signup and view all the answers
What is NOT a state type in AWS Step Functions?
What is NOT a state type in AWS Step Functions?
Signup and view all the answers
Which of the following options describes EC2 User Data?
Which of the following options describes EC2 User Data?
Signup and view all the answers
What does the 'Map' state in AWS Step Functions do?
What does the 'Map' state in AWS Step Functions do?
Signup and view all the answers
Which AWS service is primarily used to connect and manage serverless workflows?
Which AWS service is primarily used to connect and manage serverless workflows?
Signup and view all the answers
Which of the following statements regarding IAM Policies is incorrect?
Which of the following statements regarding IAM Policies is incorrect?
Signup and view all the answers
A developer requires access to create and manage AWS Lambda functions, but should not be able to modify any IAM roles. Which of the following actions should NOT be included in the developer's IAM policy?
A developer requires access to create and manage AWS Lambda functions, but should not be able to modify any IAM roles. Which of the following actions should NOT be included in the developer's IAM policy?
Signup and view all the answers
A company wants to ensure that only users belonging to the 'Sales' group can access the 'Marketing-Data' S3 bucket. Which of the following policy statements would correctly implement this restriction?
A company wants to ensure that only users belonging to the 'Sales' group can access the 'Marketing-Data' S3 bucket. Which of the following policy statements would correctly implement this restriction?
Signup and view all the answers
Which of the following statements about IAM Roles is incorrect?
Which of the following statements about IAM Roles is incorrect?
Signup and view all the answers
A company uses a separate IAM User for each developer working on their project. Which of the following scenarios demonstrates the principle of least privilege?
A company uses a separate IAM User for each developer working on their project. Which of the following scenarios demonstrates the principle of least privilege?
Signup and view all the answers
An organization wants to ensure that its developers can only deploy code to specific environments, based on their team affiliation. Which of the following approaches would be most effective in achieving this requirement?
An organization wants to ensure that its developers can only deploy code to specific environments, based on their team affiliation. Which of the following approaches would be most effective in achieving this requirement?
Signup and view all the answers
Which of the following statements regarding the 'Effect' statement in an IAM Policy is correct?
Which of the following statements regarding the 'Effect' statement in an IAM Policy is correct?
Signup and view all the answers
A company has several development teams, each with their own set of resources and permissions. Which of the following approaches would be most efficient in managing IAM permissions for this organization?
A company has several development teams, each with their own set of resources and permissions. Which of the following approaches would be most efficient in managing IAM permissions for this organization?
Signup and view all the answers
Which type of load balancer is best suited for scaling applications with EC2 Auto Scaling groups?
Which type of load balancer is best suited for scaling applications with EC2 Auto Scaling groups?
Signup and view all the answers
What is the primary role of EC2 Auto Scaling groups in conjunction with load balancers?
What is the primary role of EC2 Auto Scaling groups in conjunction with load balancers?
Signup and view all the answers
How do EC2 Auto Scaling groups interact with Application Load Balancers (ALB) to maintain application availability?
How do EC2 Auto Scaling groups interact with Application Load Balancers (ALB) to maintain application availability?
Signup and view all the answers
What is the primary benefit of using EC2 Auto Scaling groups in a production environment?
What is the primary benefit of using EC2 Auto Scaling groups in a production environment?
Signup and view all the answers
Which of the following scenarios would benefit most from the use of EC2 Auto Scaling groups?
Which of the following scenarios would benefit most from the use of EC2 Auto Scaling groups?
Signup and view all the answers
How do EC2 Auto Scaling groups contribute to fault tolerance in a system?
How do EC2 Auto Scaling groups contribute to fault tolerance in a system?
Signup and view all the answers
What is a key consideration when configuring EC2 Auto Scaling groups?
What is a key consideration when configuring EC2 Auto Scaling groups?
Signup and view all the answers
What is the main purpose of scaling policies in EC2 Auto Scaling groups?
What is the main purpose of scaling policies in EC2 Auto Scaling groups?
Signup and view all the answers
Which AWS service can be used to automatically scale EC2 instances based on predefined metrics?
Which AWS service can be used to automatically scale EC2 instances based on predefined metrics?
Signup and view all the answers
What is the main purpose of scaling groups in EC2 Auto Scaling?
What is the main purpose of scaling groups in EC2 Auto Scaling?
Signup and view all the answers
What are the two main types of scaling policies in EC2 Auto Scaling?
What are the two main types of scaling policies in EC2 Auto Scaling?
Signup and view all the answers
Which type of scaling policy in EC2 Auto Scaling allows you to set a desired number of instances to maintain?
Which type of scaling policy in EC2 Auto Scaling allows you to set a desired number of instances to maintain?
Signup and view all the answers
Which scaling policy in EC2 Auto Scaling adjusts the number of instances based on predefined thresholds and cool-down periods?
Which scaling policy in EC2 Auto Scaling adjusts the number of instances based on predefined thresholds and cool-down periods?
Signup and view all the answers
Which scaling policy in EC2 Auto Scaling aims to maintain a specific target value for a chosen metric?
Which scaling policy in EC2 Auto Scaling aims to maintain a specific target value for a chosen metric?
Signup and view all the answers
What is the role of a Launch Configuration in EC2 Auto Scaling?
What is the role of a Launch Configuration in EC2 Auto Scaling?
Signup and view all the answers
Which of these is NOT a benefit of using EC2 Auto Scaling?
Which of these is NOT a benefit of using EC2 Auto Scaling?
Signup and view all the answers
What component is used to configure the specifications for instances in an Auto Scaling Group?
What component is used to configure the specifications for instances in an Auto Scaling Group?
Signup and view all the answers
Which of the following is NOT a type of scaling policy used in Auto Scaling Groups?
Which of the following is NOT a type of scaling policy used in Auto Scaling Groups?
Signup and view all the answers
What is the default duration for draining an instance in an Auto Scaling Group?
What is the default duration for draining an instance in an Auto Scaling Group?
Signup and view all the answers
What parameters must be specified when configuring an Auto Scaling Group?
What parameters must be specified when configuring an Auto Scaling Group?
Signup and view all the answers
How is dynamic scaling commonly triggered in an Auto Scaling Group?
How is dynamic scaling commonly triggered in an Auto Scaling Group?
Signup and view all the answers
Which of the following best describes target tracking scaling?
Which of the following best describes target tracking scaling?
Signup and view all the answers
What type of information can be included in a Launch template for an Auto Scaling Group?
What type of information can be included in a Launch template for an Auto Scaling Group?
Signup and view all the answers
What does scheduled scaling accomplish in Auto Scaling Groups?
What does scheduled scaling accomplish in Auto Scaling Groups?
Signup and view all the answers
What does vertical scalability refer to in cloud architecture?
What does vertical scalability refer to in cloud architecture?
Signup and view all the answers
Which approach best describes horizontal scalability?
Which approach best describes horizontal scalability?
Signup and view all the answers
What key advantage does auto scaling provide to applications?
What key advantage does auto scaling provide to applications?
Signup and view all the answers
Which AWS service is commonly used for implementing auto scaling?
Which AWS service is commonly used for implementing auto scaling?
Signup and view all the answers
What is the role of Elastic Load Balancing (ELB) in conjunction with auto scaling?
What is the role of Elastic Load Balancing (ELB) in conjunction with auto scaling?
Signup and view all the answers
What is a common misconception about auto scaling?
What is a common misconception about auto scaling?
Signup and view all the answers
How does auto scaling contribute to high availability in cloud applications?
How does auto scaling contribute to high availability in cloud applications?
Signup and view all the answers
What is a benefit of using an auto scaling group?
What is a benefit of using an auto scaling group?
Signup and view all the answers
What is the purpose of scaling cooldowns in Auto Scaling?
What is the purpose of scaling cooldowns in Auto Scaling?
Signup and view all the answers
What does 'Instance Refresh' in EC2 Auto Scaling allow you to do?
What does 'Instance Refresh' in EC2 Auto Scaling allow you to do?
Signup and view all the answers
What is a key characteristic of predictive scaling?
What is a key characteristic of predictive scaling?
Signup and view all the answers
Which of the following describes a NAT Gateway in a VPC?
Which of the following describes a NAT Gateway in a VPC?
Signup and view all the answers
What is the function of the CIDR Block in a VPC?
What is the function of the CIDR Block in a VPC?
Signup and view all the answers
How does a private subnet differ from a public subnet in a VPC?
How does a private subnet differ from a public subnet in a VPC?
Signup and view all the answers
What is the minimum healthy percentage in the context of instance refresh?
What is the minimum healthy percentage in the context of instance refresh?
Signup and view all the answers
What is a common disadvantage of using a NAT Instance compared to a NAT Gateway?
What is a common disadvantage of using a NAT Instance compared to a NAT Gateway?
Signup and view all the answers
What is the primary benefit of using Lambda Layers?
What is the primary benefit of using Lambda Layers?
Signup and view all the answers
What happens to a Lambda function when it connects to a VPC?
What happens to a Lambda function when it connects to a VPC?
Signup and view all the answers
What is the primary purpose of AWS Serverless Application Model (SAM)?
What is the primary purpose of AWS Serverless Application Model (SAM)?
Signup and view all the answers
What is Amazon Aurora optimized for?
What is Amazon Aurora optimized for?
Signup and view all the answers
What is the main advantage of using RDS over Amazon Aurora?
What is the main advantage of using RDS over Amazon Aurora?
Signup and view all the answers
What is the primary benefit of using Lambda Versions and Aliases?
What is the primary benefit of using Lambda Versions and Aliases?
Signup and view all the answers
What is the main difference between Relational and NoSQL databases?
What is the main difference between Relational and NoSQL databases?
Signup and view all the answers
What is the primary function of an SNS Notification event?
What is the primary function of an SNS Notification event?
Signup and view all the answers
Which of these AWS services is designed primarily for storing and managing source code?
Which of these AWS services is designed primarily for storing and managing source code?
Signup and view all the answers
Which of these AWS services allows users to directly access and manipulate files within the service, creating a stateful environment?
Which of these AWS services allows users to directly access and manipulate files within the service, creating a stateful environment?
Signup and view all the answers
Which of these AWS services is used for building and testing applications, providing pre-packaged environments and reducing the need for server maintenance?
Which of these AWS services is used for building and testing applications, providing pre-packaged environments and reducing the need for server maintenance?
Signup and view all the answers
Which of these AWS services offers the ability to export your application's configuration into a CloudFormation template?
Which of these AWS services offers the ability to export your application's configuration into a CloudFormation template?
Signup and view all the answers
Which of these AWS services is NOT directly part of the AWS Amplify framework?
Which of these AWS services is NOT directly part of the AWS Amplify framework?
Signup and view all the answers
Which of these AWS services offers a managed Git-based source code repository, designed for integration with other AWS services?
Which of these AWS services offers a managed Git-based source code repository, designed for integration with other AWS services?
Signup and view all the answers
Which of these AWS services is a serverless CI/CD environment that focuses on building and testing applications, and reduces the need for maintaining dedicated servers?
Which of these AWS services is a serverless CI/CD environment that focuses on building and testing applications, and reduces the need for maintaining dedicated servers?
Signup and view all the answers
Which of these AWS services enables users to store and manage code artifacts, providing a centralized repository for managing dependencies and packages?
Which of these AWS services enables users to store and manage code artifacts, providing a centralized repository for managing dependencies and packages?
Signup and view all the answers
Which load balancer type offers the ability to assign a static IP address and supports TCP, HTTP, and HTTPS health checks?
Which load balancer type offers the ability to assign a static IP address and supports TCP, HTTP, and HTTPS health checks?
Signup and view all the answers
Which load balancer type would be the most appropriate choice for an application that needs to handle millions of requests per second and requires a static IP address for its external access?
Which load balancer type would be the most appropriate choice for an application that needs to handle millions of requests per second and requires a static IP address for its external access?
Signup and view all the answers
You need to create a load balancer that can support routing based on query strings or parameters. Which load balancer type would best meet this requirement?
You need to create a load balancer that can support routing based on query strings or parameters. Which load balancer type would best meet this requirement?
Signup and view all the answers
Which load balancer type supports sticky sessions, allowing you to keep a specific client connected to the same server for a period of time?
Which load balancer type supports sticky sessions, allowing you to keep a specific client connected to the same server for a period of time?
Signup and view all the answers
What is the primary function of an Application Load Balancer (ALB) in relation to the underlying infrastructure?
What is the primary function of an Application Load Balancer (ALB) in relation to the underlying infrastructure?
Signup and view all the answers
Which load balancer type operates at layer 3 (Network Layer) and is primarily used for deploying and managing a fleet of 3rd party network virtual appliances?
Which load balancer type operates at layer 3 (Network Layer) and is primarily used for deploying and managing a fleet of 3rd party network virtual appliances?
Signup and view all the answers
You need a load balancer that can handle a large volume of requests and distribute traffic across multiple EC2 instances, Lambda functions, or ECS clusters. Which load balancer type would be the most suitable choice?
You need a load balancer that can handle a large volume of requests and distribute traffic across multiple EC2 instances, Lambda functions, or ECS clusters. Which load balancer type would be the most suitable choice?
Signup and view all the answers
Which load balancer type is considered deprecated and is no longer recommended for new deployments?
Which load balancer type is considered deprecated and is no longer recommended for new deployments?
Signup and view all the answers
What differentiates GP3 EBS volumes from GP2 volumes?
What differentiates GP3 EBS volumes from GP2 volumes?
Signup and view all the answers
Which of the following EBS volume types is specifically designed for applications that require high and consistent IOPS performance?
Which of the following EBS volume types is specifically designed for applications that require high and consistent IOPS performance?
Signup and view all the answers
What is the maximum provisioned IOPS that can be achieved with io2 EBS volumes?
What is the maximum provisioned IOPS that can be achieved with io2 EBS volumes?
Signup and view all the answers
In which scenario would you most likely utilize EBS multi-attach feature?
In which scenario would you most likely utilize EBS multi-attach feature?
Signup and view all the answers
What type of AMI can be used to launch EC2 instances predominantly designed by AWS?
What type of AMI can be used to launch EC2 instances predominantly designed by AWS?
Signup and view all the answers
Which of the following best describes the primary use case for st1 EBS volumes?
Which of the following best describes the primary use case for st1 EBS volumes?
Signup and view all the answers
Which feature of io1 EBS volumes requires the use of Nitro instances to exceed a specific IOPS limit?
Which feature of io1 EBS volumes requires the use of Nitro instances to exceed a specific IOPS limit?
Signup and view all the answers
Which of the following statements is true regarding AMIs?
Which of the following statements is true regarding AMIs?
Signup and view all the answers
A user in the "developers" group needs to access Amazon S3 to upload code artifacts. Which of the following policy statements would most appropriately grant this access, while adhering to the principle of least privilege?
A user in the "developers" group needs to access Amazon S3 to upload code artifacts. Which of the following policy statements would most appropriately grant this access, while adhering to the principle of least privilege?
Signup and view all the answers
What is the maximum time that an instance can be draining before autoscaling routes traffic to other instances?
What is the maximum time that an instance can be draining before autoscaling routes traffic to other instances?
Signup and view all the answers
What is the purpose of an IAM role in an autoscaling launch template?
What is the purpose of an IAM role in an autoscaling launch template?
Signup and view all the answers
What is the main benefit of using target tracking scaling in autoscaling?
What is the main benefit of using target tracking scaling in autoscaling?
Signup and view all the answers
What can be based on a CloudWatch alarm in autoscaling?
What can be based on a CloudWatch alarm in autoscaling?
Signup and view all the answers
What is the primary purpose of scaling cooldowns in Auto Scaling?
What is the primary purpose of scaling cooldowns in Auto Scaling?
Signup and view all the answers
What is the minimum healthy percentage used to trigger an Instance Refresh in Auto Scaling?
What is the minimum healthy percentage used to trigger an Instance Refresh in Auto Scaling?
Signup and view all the answers
What is specified in the initial capacity of an autoscaling group?
What is specified in the initial capacity of an autoscaling group?
Signup and view all the answers
What can be attached to an autoscaling group?
What can be attached to an autoscaling group?
Signup and view all the answers
What is the purpose of predictive scaling in Auto Scaling?
What is the purpose of predictive scaling in Auto Scaling?
Signup and view all the answers
What is the default time period for scaling cooldowns in Auto Scaling?
What is the default time period for scaling cooldowns in Auto Scaling?
Signup and view all the answers
What is the primary benefit of using autoscaling?
What is the primary benefit of using autoscaling?
Signup and view all the answers
What is the purpose of an Instance Refresh in Auto Scaling?
What is the purpose of an Instance Refresh in Auto Scaling?
Signup and view all the answers
What is the cost model for autoscaling?
What is the cost model for autoscaling?
Signup and view all the answers
What is the warm-up time used for in an Instance Refresh?
What is the warm-up time used for in an Instance Refresh?
Signup and view all the answers
What is the main difference between scalability and high availability in AWS?
What is the main difference between scalability and high availability in AWS?
Signup and view all the answers
What is the primary function of Elastic Load Balancing (ELB) in AWS?
What is the primary function of Elastic Load Balancing (ELB) in AWS?
Signup and view all the answers
What is the purpose of Auto Scaling?
What is the purpose of Auto Scaling?
Signup and view all the answers
What is the benefit of using predictive scaling in Auto Scaling?
What is the benefit of using predictive scaling in Auto Scaling?
Signup and view all the answers
What is the benefit of using Auto Scaling in AWS?
What is the benefit of using Auto Scaling in AWS?
Signup and view all the answers
What is the primary purpose of AWS CodePipeline?
What is the primary purpose of AWS CodePipeline?
Signup and view all the answers
What is the difference between vertical and horizontal scalability in AWS?
What is the difference between vertical and horizontal scalability in AWS?
Signup and view all the answers
What is the primary purpose of AWS CodeCommit?
What is the primary purpose of AWS CodeCommit?
Signup and view all the answers
What is the primary benefit of using AWS CodeBuild?
What is the primary benefit of using AWS CodeBuild?
Signup and view all the answers
What is the primary purpose of AWS CodeStar?
What is the primary purpose of AWS CodeStar?
Signup and view all the answers
Which load balancer type supports HTTP to HTTPS redirection?
Which load balancer type supports HTTP to HTTPS redirection?
Signup and view all the answers
What is a primary advantage of using a Network Load Balancer?
What is a primary advantage of using a Network Load Balancer?
Signup and view all the answers
Which type of load balancer operates at layer 3?
Which type of load balancer operates at layer 3?
Signup and view all the answers
What type of health check does the Network Load Balancer support?
What type of health check does the Network Load Balancer support?
Signup and view all the answers
Which of the following features is NOT supported by the Application Load Balancer?
Which of the following features is NOT supported by the Application Load Balancer?
Signup and view all the answers
Which load balancer can effectively load balance various applications on the same machine?
Which load balancer can effectively load balance various applications on the same machine?
Signup and view all the answers
What is a key characteristic of the Classic Load Balancer?
What is a key characteristic of the Classic Load Balancer?
Signup and view all the answers
Which load balancer type is best suited for high throughput and low latency applications?
Which load balancer type is best suited for high throughput and low latency applications?
Signup and view all the answers
Which of the following is a characteristic of the 'Task' state in Step Functions?
Which of the following is a characteristic of the 'Task' state in Step Functions?
Signup and view all the answers
What is the primary purpose of EC2 User Data?
What is the primary purpose of EC2 User Data?
Signup and view all the answers
Which of the following EC2 instance types is specifically memory optimized?
Which of the following EC2 instance types is specifically memory optimized?
Signup and view all the answers
What type of state in Step Functions is used for if-then-else logic?
What type of state in Step Functions is used for if-then-else logic?
Signup and view all the answers
Which EC2 instance configuration component determines the speed of data transfer?
Which EC2 instance configuration component determines the speed of data transfer?
Signup and view all the answers
In the context of EC2, what does the term 'Bootstrapped' refer to?
In the context of EC2, what does the term 'Bootstrapped' refer to?
Signup and view all the answers
Which state type in Step Functions is used to pause execution for a specified duration?
Which state type in Step Functions is used to pause execution for a specified duration?
Signup and view all the answers
What is a key function of the 'Map' state in Step Functions?
What is a key function of the 'Map' state in Step Functions?
Signup and view all the answers
Which of the following is a key advantage of using VPC peering over VPC endpoints?
Which of the following is a key advantage of using VPC peering over VPC endpoints?
Signup and view all the answers
What is a limitation of security groups compared to network ACLs?
What is a limitation of security groups compared to network ACLs?
Signup and view all the answers
Which of the following is a characteristic of a VPC endpoint?
Which of the following is a characteristic of a VPC endpoint?
Signup and view all the answers
What is a key consideration when designing a VPC architecture with multiple availability zones?
What is a key consideration when designing a VPC architecture with multiple availability zones?
Signup and view all the answers
Which of the following is a benefit of using Direct Connect over Site-to-Site VPN?
Which of the following is a benefit of using Direct Connect over Site-to-Site VPN?
Signup and view all the answers
What is a limitation of network ACLs compared to security groups?
What is a limitation of network ACLs compared to security groups?
Signup and view all the answers
Which of the following is a characteristic of a VPC peering connection?
Which of the following is a characteristic of a VPC peering connection?
Signup and view all the answers
What is a key advantage of using VPC endpoints over Site-to-Site VPN?
What is a key advantage of using VPC endpoints over Site-to-Site VPN?
Signup and view all the answers
What is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?
What is a key consideration when choosing between the 'Bursting' and 'Provisioned' throughput modes for Amazon EFS?
Signup and view all the answers
What is the main advantage of using Amazon Elastic File System (EFS) over EC2 Instance Store for data storage?
What is the main advantage of using Amazon Elastic File System (EFS) over EC2 Instance Store for data storage?
Signup and view all the answers
Which of the following use cases is most suitable for Amazon EFS?
Which of the following use cases is most suitable for Amazon EFS?
Signup and view all the answers
What is the primary benefit of using lifecycle policies with Amazon EFS?
What is the primary benefit of using lifecycle policies with Amazon EFS?
Signup and view all the answers
Which storage tier is most suitable for data that is rarely accessed (few times per year) in Amazon EFS?
Which storage tier is most suitable for data that is rarely accessed (few times per year) in Amazon EFS?
Signup and view all the answers
What is the primary characteristic of the 'Max IO' performance mode in Amazon EFS?
What is the primary characteristic of the 'Max IO' performance mode in Amazon EFS?
Signup and view all the answers
What is the limitation of using EC2 Instance Store for data storage?
What is the limitation of using EC2 Instance Store for data storage?
Signup and view all the answers
Which of the following is a requirement for using Amazon Elastic File System (EFS)?
Which of the following is a requirement for using Amazon Elastic File System (EFS)?
Signup and view all the answers
What is a feature of Reserved Instances in AWS?
What is a feature of Reserved Instances in AWS?
Signup and view all the answers
Which invocation method allows for immediate response but can lead to delays in processing in Lambda?
Which invocation method allows for immediate response but can lead to delays in processing in Lambda?
Signup and view all the answers
What is the main characteristic of dedicated hosts in AWS?
What is the main characteristic of dedicated hosts in AWS?
Signup and view all the answers
What effect does a cold start have on a Lambda function?
What effect does a cold start have on a Lambda function?
Signup and view all the answers
How are savings plans different from reserved instances in AWS?
How are savings plans different from reserved instances in AWS?
Signup and view all the answers
What does the Execution Context in Lambda functions allow for?
What does the Execution Context in Lambda functions allow for?
Signup and view all the answers
In which scenario would you typically prefer using Spot Instances?
In which scenario would you typically prefer using Spot Instances?
Signup and view all the answers
What is a key advantage of using the Event Object in Lambda functions?
What is a key advantage of using the Event Object in Lambda functions?
Signup and view all the answers
What does the writer endpoint in a database setup provided by Amazon allow applications to do?
What does the writer endpoint in a database setup provided by Amazon allow applications to do?
Signup and view all the answers
Which of the following is a primary advantage of using Amazon ElastiCache?
Which of the following is a primary advantage of using Amazon ElastiCache?
Signup and view all the answers
Which statement accurately describes the function of cache hits and misses?
Which statement accurately describes the function of cache hits and misses?
Signup and view all the answers
What is a notable operational feature of Amazon DynamoDB?
What is a notable operational feature of Amazon DynamoDB?
Signup and view all the answers
Which advantage does cross-region replication provide?
Which advantage does cross-region replication provide?
Signup and view all the answers
What is a limitation of using Memcached compared to Redis?
What is a limitation of using Memcached compared to Redis?
Signup and view all the answers
How does the reader endpoint facilitate database access?
How does the reader endpoint facilitate database access?
Signup and view all the answers
Which scenario is best suited for using Amazon ElastiCache?
Which scenario is best suited for using Amazon ElastiCache?
Signup and view all the answers
Which AWS service provides a managed load balancer for forwarding traffic to multiple downstream servers, and offers features like health checks and automatic scaling?
Which AWS service provides a managed load balancer for forwarding traffic to multiple downstream servers, and offers features like health checks and automatic scaling?
Signup and view all the answers
Which of the following statements about AWS CodeBuild is FALSE?
Which of the following statements about AWS CodeBuild is FALSE?
Signup and view all the answers
What is a key advantage of using AWS CloudShell over a local terminal when working with AWS resources?
What is a key advantage of using AWS CloudShell over a local terminal when working with AWS resources?
Signup and view all the answers
Which service offers a serverless CI/CD environment for AWS applications, allowing you to automate the build, test, and deployment process without managing infrastructure?
Which service offers a serverless CI/CD environment for AWS applications, allowing you to automate the build, test, and deployment process without managing infrastructure?
Signup and view all the answers
Which of the following AWS services is NOT a part of the AWS Amplify framework?
Which of the following AWS services is NOT a part of the AWS Amplify framework?
Signup and view all the answers
Which AWS service provides a Git-based code repository hosted in S3, offering high availability and resiliency, and seamless integration with other AWS services?
Which AWS service provides a Git-based code repository hosted in S3, offering high availability and resiliency, and seamless integration with other AWS services?
Signup and view all the answers
Which of the following statements accurately describes AWS CodeArtifact?
Which of the following statements accurately describes AWS CodeArtifact?
Signup and view all the answers
Which of the following is NOT a benefit of using AWS CloudShell over a local terminal for managing AWS resources?
Which of the following is NOT a benefit of using AWS CloudShell over a local terminal for managing AWS resources?
Signup and view all the answers
Study Notes
Amplify
- Amplify studio, libraries, CLI, and hosting are available
- Can export to CloudFormation template
AWS Cloud9
- cloud-based integrated development environment (IDE)
AWS CloudShell
- Available in a few AWS regions only
- Terminal in the cloud, works similar to AWS CLI
- Advantage: no need to configure AWS with access key
- Supports Linux commands like ls, echo, cat, etc.
- Stateful: creates or edits files
AWS CodeArtifact
- Artifact repository service
AWS CodeBuild
- Serverless continuous integration (CI) service
- Reduces need for patching/maintaining a dedicated server
- Only pay for time it takes to build (not idle time)
- Provides pre-packaged environments like Docker containers
- Build environment: OS + programming env + tools used by CodeBuild
- Can test/run application locally
- Can create build project using CodeBuild console/AWS CLI/AWS SDK/creation of CodePipeline
- Buildspec.yaml defines the build to run
- Can upload build artifact to CodeArtifact or another artifact repo
- Supports Amazon SNS on build notifications (e.g., build failure)
AWS CodeCommit
- Hosted in S3, provides high availability and resiliency
- Integrates well with other AWS services
- Advantage over GitHub/Stash: can omit an event when code has been committed and changed for other services to use
AWS CodeDeploy
- Continuous deployment service
Amazon CodeGuru
- Machine learning-based code review service
AWS CodePipeline
- Continuous integration and continuous deployment (CI/CD) service
AWS CodeStar
- Development environment for building, deploying, and managing applications
AWS CodeWhisperer
- AI-powered coding companion
AWS X-Ray
- Service for analyzing and debugging distributed applications
Management and Governance
AWS AppConfig
- Service for managing application configuration and deployment
AWS CLI
- Command-line tool to interact with AWS services
- Protected by access keys
- Alternative to AWS Management Console
- Built on AWS SDK for Python
- Supports direct access to public APIs of AWS services
AWS SDK
- Set of libraries to access language-specific APIs
- Embedded within an application
- High-level SDK and low-level SDK (for API-level commands)
- Programming language-specific (e.g., JavaScript, Java, Python, PHP, Go)
AWS Cloud Development Kit (AWS CDK)
- Open-source software development framework
AWS CloudFormation
- Service for infrastructure as code (IaC)
AWS CloudTrail
- Service for auditing and tracking AWS resource usage
Amazon CloudWatch
- Monitoring and logging service
Amazon CloudWatch Logs
- Service for monitoring and logging AWS resource usage
AWS Systems Manager
- Service for managing and monitoring AWS resources
Networking and Content Delivery
Amazon API Gateway
- RESTful API service
Amazon CloudFront
- Content delivery network (CDN)
Elastic Load Balancing (ELB)
- Managed load balancer service
- Scalability vs high availability: vertical scalability (e.g., increase instance size of EC2), horizontal scalability (add load balancer/auto-scaling group)
- Scalability is linked to but different from high availability (e.g., auto-scaling group multi-AZ/load balancer multi-AZ)
Amazon S3
- Object storage service
- VPC Endpoint can be used to connect EC2 instance in the VPC to AWS global services like AWS Lambda/S3
- Traffic does not pass through the internet
- Supports VPC gateway endpoint available for Amazon S3 and DynamoDB
Security
AWS Access Keys
- Generated through AWS Console
- Users are responsible for their own access keys
- Access Key ID ~= username, Secret Access Key ~= password
AWS Key Management Service (AWS KMS)
- Can be used to encrypt EBS at rest
AWS Private Certificate Authority
- Service for managing private certificates
AWS Secrets Manager
- Service for managing secrets and credential rotation
AWS Security Token Service (AWS STS)
- Service for temporary security credentials
AWS WAF
- Web application firewall service
Storage
Amazon Elastic Block Store (Amazon EBS)
- Network drive you can attach to your instances
- Persists data even after EC2 termination
- Bound to specific AZ (need to snapshot it to move it across)
- Can be detached from EC2 instance and attached to another one quickly
- Has a provisioned activity (IOPS, space, etc.)
- Delete on Termination attribute: controls EBS behavior when EC2 instance terminates
EBS Snapshots
- Backup of your EBS volume
- Can copy snapshots across AZ
- Features: move to archive tier (75% cheaper), recycle bin for snapshots, Fast Snapshot Restore (FSR)
AMI overview
- Customization of an EC2 instance
- Up to 16 EC2 instances at a time
- Must use a filesystem that's cluster-aware (not XFS, EXT4...)
EC2 Instance Store
- High-performance, low-latency, better I/O performance
- Hardware disk attached via network drive to EC2
- Ephemeral storage: lose their storage if EC2 instance is stopped
- Good as a buffer/cache/scratch data/temporary content
Amazon Elastic File System (Amazon EFS)
- Managed NFS (Network File System) that can be mounted on many EC2
- EFS can work in multiple AZ
- Highly available, scalable, expensive (3x the cost of gp2), and pay-per-use
- Use cases: content management, web serving, data sharing, WordPress
- Only compatible with Linux-based AMI (not Windows)
- Encryption with KMS at rest
- POSIX file system with standard file API
- File system scales automatically: no capacity planning, pay-per-use
- Scalability and performance modes: EFS Scale, Performance mode (General Purpose, Max IO), Throughput mode (Bursting, Provisioned)
- Storage tiers: Standard, Infrequent Access (EFS-IA), Archive
- Can implement lifecycle policies to move files between storage tiers
Accessing AWS
- AWS can be accessed through the management console (protected by password and MFA), AWS CLI (protected by access keys), and AWS SDK (protected by access keys)
Edge Networks
- Allow content to be cached closer to other locations
- Also known as CDN, uses CloudFront to serve content at edge locations
- CloudFront can also run Lambda functions
Major AWS Services
Analysis
- Athena: interactive query service stored in S3, serverless, and costs less compared to RedShift/EMR or ES
- Athena vs S3 Select: can query the entire bucket instead of just a subset with S3
- Kinesis: real-time data streams, preserves order of messaging by default, supports multiple data sources
- Kinesis vs SQS: Kinesis is real-time, provides ability to perform analysis
- OpenSearch Service: search service for log analysis
Application Integration
- SQS: standard vs FIFO (benefits), ordered, and supports multiple data sources
- SNS: notification service
- EventBridge: event-driven architecture
- AppSync: managed GraphQL service
- Step Functions: orchestrates lambda functions, visual review of workflow, 8 state types
Compute
- EC2: provides various sizing and configuration options, such as OS, CPU, RAM, EBS, and EFS
- EC2 User Data: bootstrapped, run once only at the first instance start, as root user
- EC2 Instance types: many different types, naming convention: m5.2xlarge (memory optimized, generation, spec)
- EC2 Instance types: compute optimized, memory optimized, higher availability, supports cross-region replication
Database
- Amazon DynamoDB: No SQL database, writer/reader endpoint
- Amazon ElastiCache: managed Redis or Memcached instances, in-memory dbs with high performance
- ElastiCache: maximum number of read replicas for Elasticache Redis cluster with cluster-mode disabled = 5
- Memcached vs Redis: multi AZ with auto-failover, read replicas, backup and restore, sets and sorted sets
Caching Design Patterns
- Lazy loading/ Cache-Aside/ Lazy Population
- Write Through: write to cache when DB is updated
- Pros and Cons of each caching design pattern
Networking
- Route table: controls network traffic in your VPC through subnet routing
- VPC peering: connects two VPC privately using AWS' network
- VPC endpoints: connect to AWS services using private network instead of www network
- Site to Site VPC: connect on-premises VPN to AWS (encrypted over public internet)
- Direct Connect (DX): physical connection between on-premises and AWS
Security Features
- Network ACL: firewall to allow or deny at a subnet level
- Security Groups: works at instance level (e.g. EC2), can only specify ALLOW rules not DENY
Video Streams
- No additional information provided
OpenSearch Service
- No additional information provided
Application Integration
- SQS: Standard vs FIFO (benefits)
SNS
- No additional information provided
EventBridge
- No additional information provided
AppSync
- No additional information provided
Step Functions
- Orchestrates lambda functions
- Statemachine - serverless workflow - allows you to review flow visually
- 8 state types:
- Task - single unit of work
- Choice - if-then-else logic
- Parallel - run units of work in parallel
- Wait - delay execution for a time period
- Fail - stop execution, mark as failure
- Succeed - stop execution, mark as success
- Pass - passes input to its output
- Map - for each loop
- Has built-in retry/error handling that you can implement at each state
Compute
- EC2
- Sizing and configuration options:
- OS (Linux, Windows, or Mac OS)
- CPU
- RAM
- EBS and EFS (Network attached)
- EC2 Instance Store (Hardware)
- Network card (speed of card / public IP address)
- Security Group (Firewall rules)
- Bootstrap Script (configure at first launch: EC2 User Data)
- EC2 User Data
- Bootstrapped, Run once only at the first instance start
- e.g., installing updates / software
- Run as root user
- EC2 Instance types:
- e.g., t2.micro, c5d.4xlarge - many different types
- Naming convention: m5.2xlarge (m = memory optimized, 5 = generation (AWS improves over time). 2xLarge = spec)
- Compute optimized - Use cases: good for batch processing / media transcoding / machine learning / dedicate gaming server
- Memory optimized - Use cases: High-performance databases (with memory). Web scale cache stores (e.g., SNS Notification event, Amazon S3 event)
- Sizing and configuration options:
Lambda
- Context object describes the current execution event of the lambda function (e.g., memory of the function, get remaining time in millis, etc.)
- Lambda Layers
- Allow you to re-use external dependencies that will be used by multiple Lambda functions
- Deployed as zips that can be re-used
- Advantages:
- Can be shared with all lambda functions inside a region
- Faster Deployments
- Separation of concern - can separate business logic from its dependencies
- Can manage all dependencies for shared resources in a single layer, rather than repeating the same dependency / utility function in each lambda function
- Lambda Versions / Aliases
- Allows new version of function can be created to avoid affecting Prod
- Useful for Canary deployments
- Versions auto-increment number
- Alias is like a nickname for a version - can change the version it's pointing to (so your other code can refer to the alias)
- Like a symlink, referring code does not need to update version it's pointing to, can just point to alias
- Lambda / VPC integration
- Need to assign execution role IAM managed policy with LambdaVPCAccessExecutionRole to allow access (to the Lambda)
- Lambda function will lose access to the internet after it connects to VPC
AWS Serverless Application Model (SAM)
- No additional information provided
Elastic Beanstalk
- No additional information provided
Containers
- AWS Copilot
- No additional information provided
- Amazon Elastic Container Registry (Amazon ECR)
- No additional information provided
- Amazon Elastic Container Service (Amazon ECS)
- No additional information provided
- Amazon Elastic Kubernetes Service (Amazon EKS)
- No additional information provided
Database
- Relational vs No SQL
- Harder to make Schema changes with relational
- Amazon Aurora
- Basic
- Autoscales in increments of 10GB up to 128TB
- Supports MySQL and PostgreSQL
- 20% more expensive than RDS but "AWS cloud optimized" e.g., Firewalls, Intrusion Detection Systems, Payload Manipulation)
- Basic
- Security Groups / Use cases
- Load balancers can have security groups which can be set up to allow HTTP traffic, and can connect Application Security group to restrict access from load balance security group only
- IP address to load balance to, must be private IPs
Load Balancing
- Stick sessions / Session Affinity
- Ensure use request only routed to the same target group
- CLB and ALB use cookie with expiration date
- Use case - make sure user doesn't lose his session data
- Enabling stickiness may cause EC2 instances to not be equally balanced
- Application-based Cookies: Check for custom attributes required by the application
- Duration-based cookies: Generated by load balancer
- Cross Zone load balancing: (Cross AZ load balancing)
- With Enabled: each load balancer instance distributes evenly across all registered instances in all AZ
- With Disabled: Requests are distributed in the instances of the node of the Elastic Load Balancer
- ALB - enabled by default (can be disabled at target group level), no charge for inter AZ data
- NLB - disabled by default (Pay charges for cross zone AZ)
- SSL / TLS
- Can use SSL Cert / TLS cert between your clients and your load balancer to allow encryption in transit (in-flight encryption) - TLS is newer
- Managed via AWS ACM (Certificate manager) - Load balancer uses an X.509 Cert but you can upload your own certs to ACM
- Set a default certificate on HTTPS listener (with optional list of domains)
- Clients can use SNI (Server name Indication) to indicate the hostname they would like to reach on initial SSL handshake
- SNI solves the problem of multiple SSL Certs onto one web server (you may have more than one domain SSL cert at the ALB level)
- SNI only works for ALB / NLB and CloudFront
- Connection Draining / Deregistration delay
- Can set time to complete 'in-flight requests' while target group instances are de-registering or unhealthy
Amazon Route 53
- No additional information provided
Amazon VPC
- VPC can only exist within one region
- Private subnet within one availability zone only (one subnet cannot span two or more AZs) (for backend systems like DBs, app servers) - not accessible from internet
- Public subnet - can have multiple subnets in the same AZ (e.g., publicly accessible web servers)
- CIDR Block
- allows you to specify size of network between /16 (16 netmask allows 65,536 IP addresses) and /28 (16 IP addresses) netmask (total number of available hosts for network)
- IPV4 / IPV6 CIDR range
- First 4 and last 1 IP address reserved for Amazon
- DHCP options set
- Automatically provision IP addresses for EC2 instances and other resources
- Configures DNS, Netbios Name server, and NTP
- NAT Devices
- Enable EC2 instances in private subnet to connect to public internet or other AWS services (lives in public subnet, and has a route to Internet Gateway)
- Like a gateway but Prevents Public Internet from initiating connections with your private EC2 instances
- Two types
- NAT Instance - virtualized running in EC2, managed by customer, not highly scalable or available
- NAT Gateway - Managed by AWS not on VPC, Highly available and scalable
AMI
- AMI is region-specific
- EC2 instances can be launched from public (made by AWS) and private AMIs (made yourself) or AWS MarketPlace AMI (made by someone else and potentially sold by)
EBS Volume types
- GP2 / GP3 - Cost-effective storage, low latency, general-purpose SSD volume
- (can be used for boot volume) -
- GP3 can independently set throughput and storage, whereas for GP2 is preconfigured (GP2 older) - up to 16,000 iops
- io1 / io2 - Provisioned IOPS SSD -
- Applications that need sustained IOPS performance eg. Database workloads - sensitive to storage performance and consistency
- io1 can independently set IOPs up to 64,000 IOPS for Nitro instances, IO2 set with a max PIOPS of 256,000 with a IOPS to GiB ratio of 100:1. If you want over 32,000 IOPS you need nitro
- Supports EBS multi-attach feature
- Can be used for boot volume
- st1 - Hard disk drives (HDD)
- Suitable for Big data, data warehouses, log processing (500 iops)
- sc1 - Cold HDD
- Suitable for archiving
EBS Multi-attach
- Attach the same EBS volume to multiple EC2 instances in the same AZ
- Each instance has full read-write permissions to the high-performance volume
- Use case:
- Achieve higher application availability in clustered Linux applications
General Concepts
- AWS Well-Architected Framework consists of six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability.
- AWS Global Architectures comprise Availability Zones (60 miles apart) and Regions (made up of multiple Availability Zones).
Major AWS Services
Analysis
- Athena: Real-time processing of big unstructured data.
- Kinesis: Storage optimized - Use cases: High frequency OLTP systems / DB (relational and NoSQL) / data warehouses, etc.
- OpenSearch Service: General purpose - Good general diversity for general websites.
Application Integration
- SQS: Queue-based service.
- SNS: Fanout to multiple subscribers.
- EventBridge: Serverless event bus.
- AppSync: GraphQL API.
- Step Functions: Serverless functions.
Compute
- EC2: Virtual machines.
- Lambda: Serverless compute.
- AWS Serverless Application Model (SAM): Framework for building serverless applications.
- Elastic Beanstalk: Managed platform for deploying web applications.
Containers
- AWS Copilot: Develop, deploy, and manage containerized applications.
- Amazon Elastic Container Registry (Amazon ECR): Container registry.
- Amazon Elastic Container Service (Amazon ECS): Container orchestration.
- Amazon Elastic Kubernetes Service (Amazon EKS): Managed Kubernetes service.
Database
- Relational vs NoSQL databases.
- Amazon Aurora: MySQL-compatible database with high performance and reliability.
- Amazon DynamoDB: NoSQL database.
- Amazon ElastiCache:
- Basic: Managed Redis or Memcached instances.
- Supports high performance and low latency.
- Use cases: Reduce load off of databases for read-intensive workloads, make applications stateless.
- Amazon RDS:
- Basic: Relational database service.
- RDS Storage Auto Scaling: Automatic storage scaling.
- Read Replicas: Improve read performance and availability.
- RDS Multi-AZ: Disaster recovery.
- Encrypting an Unencrypted RDS DB: Enables encryption.
Developer Tools
- AWS Amplify:
- Amplify Studio: Visual interface for developing applications.
- Amplify Libraries: Client-side libraries for AWS services.
- Amplify CLI: Command-line interface for Amplify.
- Amplify Hosting: Hosting for Amplify applications.
- AWS Cloud9: Cloud-based Integrated Development Environment (IDE).
- AWS CloudShell:
- Terminal in the cloud.
- Supports Linux commands.
- Stateful if you create or edit files.
- AWS CodeArtifact: Artifact repository.
- AWS CodeBuild:
- Serverless CI/CD server for AWS.
- Reduces need for patching/maintaining a dedicated server.
- Only pay for time it takes to build (not idle time).
- AWS CodeCommit: Git-based code repository hosted in S3.
Management and Governance
- AWS AppConfig: Application configuration and deployment.
- AWS CLI: Command-line interface for AWS.
- AWS Cloud Development Kit (AWS CDK): Framework for defining cloud infrastructure.
- AWS CloudFormation: Infrastructure as Code (IaC) service.
- AWS CloudTrail: Auditing and logging service.
- Amazon CloudWatch:
- Monitoring and logging service.
- Supports metrics and logs.
- Amazon CloudWatch Logs: Log aggregation and analysis.
- AWS Systems Manager:
- Management service for AWS resources.
- Supports automation and orchestration.
Networking and Content Delivery
- Amazon API Gateway: RESTful API service.
- Amazon CloudFront: Content delivery network (CDN).
- Elastic Load Balancing (ELB): Load balancing service.
- Amazon Route 53: DNS service.
- Amazon VPC: Virtual private cloud (VPC).
Security, Identity, and Compliance
- AWS Certificate Manager (ACM): Certificate issuance and management.
- Amazon Cognito: User identity and access management.
- AWS Identity and Access Management (IAM): Identity and access management.
- AWS Key Management Service (AWS KMS): Key management service.
- AWS Private Certificate Authority: Private certificate authority.
- AWS Secrets Manager: Secrets management service.
- AWS Security Token Service (AWS STS): Token-based authentication.
- AWS WAF: Web application firewall.
Storage
- Amazon Elastic Block Store (Amazon EBS): Block-level storage.
- EC2 Instance Store: Instance-level storage.
- Amazon Elastic File System (Amazon EFS): File-level storage.
- Amazon S3: Object-level storage.
- Amazon S3 Glacier: Archival storage.
General Concepts
- AWS Well Architected Framework consists of six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability.
- AWS Global architectures include Availability Zones, Regions, and Edge Locations.
Major AWS Services
Analysis
- Athena: Real-time processing of big unstructured data.
- Kinesis: Real-time processing of big unstructured data.
- OpenSearch Service: Real-time processing of big unstructured data.
Application Integration
- SQS: Queue-based messaging service for decoupling applications.
- SNS: Fanout messaging service for decoupling applications.
- EventBridge: Event-driven architecture for decoupling applications.
- AppSync: GraphQL-based API for mobile and web applications.
- Step Functions: Orchestration service for coordinating microservices.
Compute
- EC2: Virtual machine service for running applications.
- Lambda: Serverless compute service for event-driven applications.
- AWS Serverless Application Model (SAM): Framework for building serverless applications.
- Elastic Beanstalk: Managed platform for deploying web applications.
Containers
- AWS Copilot: Tool for containerizing and deploying applications.
- Amazon Elastic Container Registry (Amazon ECR): Container registry for storing and managing container images.
- Amazon Elastic Container Service (Amazon ECS): Container orchestration service for running containerized applications.
- Amazon Elastic Kubernetes Service (Amazon EKS): Managed Kubernetes service for running containerized applications.
Database
- Relational vs NoSQL databases: Relational databases use structured data, while NoSQL databases use unstructured or semi-structured data.
- Amazon Aurora: Relational database service with high performance and availability.
- Amazon DynamoDB: NoSQL database service with high performance and scalability.
- Amazon ElastiCache: In-memory caching service for improving database performance.
- Cache Eviction / TTL (Time to Live): Mechanism for managing cache data.
- Amazon MemoryDB for Redis: In-memory database service for real-time data processing.
Developer Tools
- AWS Amplify: Development framework for building cloud-native applications.
- AWS Cloud9: Integrated development environment (IDE) for coding and debugging.
- AWS CloudShell: Browser-based shell for running scripts and commands.
- AWS CodeArtifact: Package manager for storing and managing software packages.
- AWS CodeBuild: Continuous integration and continuous deployment (CI/CD) service for building and deploying applications.
- AWS CodeCommit: Version control service for managing code repositories.
- AWS CodeDeploy: Continuous deployment service for automating code deployments.
- Amazon CodeGuru: AI-powered code review service for improving code quality.
- AWS CodePipeline: Continuous integration and continuous deployment (CI/CD) service for automating workflows.
- AWS CodeStar: Development environment for building and deploying applications.
Management and Governance
- AWS AppConfig: Configuration management service for managing applications.
- AWS CLI: Command-line interface for managing AWS services.
- AWS Cloud Development Kit (AWS CDK): Framework for defining cloud infrastructure in code.
- AWS CloudFormation: Infrastructure as Code (IaC) service for managing cloud resources.
- AWS CloudTrail: Audit logging service for tracking API calls.
- Amazon CloudWatch: Monitoring and logging service for tracking application performance.
- Amazon CloudWatch Logs: Log management service for collecting and analyzing logs.
- AWS Systems Manager: Automation service for managing and configuring resources.
Networking and Content Delivery
- Amazon API Gateway: API management service for building and managing APIs.
- Amazon CloudFront: Content Delivery Network (CDN) for distributing static assets.
- Elastic Load Balancing (ELB): Load balancing service for distributing traffic.
- Amazon Route 53: Domain Name System (DNS) service for managing domain names.
- Amazon VPC: Virtual Private Cloud (VPC) for creating isolated networks.
Security, Identity, and Compliance
- AWS Certificate Manager (ACM): Certificate management service for managing SSL/TLS certificates.
- Amazon Cognito: Identity management service for managing user identities.
- AWS Identity and Access Management (IAM): Identity and access management service for managing access to AWS resources.
- AWS Key Management Service (AWS KMS): Key management service for managing encryption keys.
- AWS Private Certificate Authority: Certificate authority service for issuing private certificates.
- AWS Secrets Manager: Secret management service for storing and managing sensitive data.
- AWS Security Token Service (AWS STS): Token service for managing temporary credentials.
- AWS WAF: Web Application Firewall (WAF) for protecting applications from attacks.
Storage
- Amazon Elastic Block Store (Amazon EBS): Block-level storage service for EC2 instances.
- EC2 Instance Store: Instance store service for storing data locally on EC2 instances.
- Amazon Elastic File System (Amazon EFS): File-level storage service for EC2 instances.
- Amazon S3: Object-level storage service for storing and serving objects.
- Amazon S3 Glacier: Archival storage service for storing and retrieving infrequently accessed data.
AWS Lambda
- Context object describes the current execution event of the Lambda function, including memory and remaining time in millis
- Lambda Layers allow reusing external dependencies across multiple Lambda functions, advantageous for shared resources and faster deployments
- Lambda Versions/Aliases enable creating new versions of functions without affecting production, useful for Canary deployments, with aliases serving as nicknames for versions
- Lambda/VPC integration requires assigning an execution role with LambdaVPCAccessExecutionRole policy, but affects internet access
AWS Serverless Application Model (SAM)
- Enables building serverless applications
Containers
- Amazon Elastic Container Registry (Amazon ECR) for storing container images
- Amazon Elastic Container Service (Amazon ECS) for managing containers
- Amazon Elastic Kubernetes Service (Amazon EKS) for managing Kubernetes clusters
Database
- Relational databases vs NoSQL databases, with relational databases being harder to make schema changes
- Amazon Aurora, a cloud-optimized relational database, supports MySQL and PostgreSQL, and autoscales in increments of 10GB up to 128TB
AWS Copilot
- Simplifies containerized application development and deployment
AWS Elastic Beanstalk
- Enables deploying web applications and services to the cloud
AWS Cloud9
- Provides an integrated development environment (IDE) for writing, running, and debugging code
AWS CloudShell
- Offers a terminal in the cloud, available in a few AWS regions, with no need to configure AWS access keys
- Supports Linux commands like ls, echo, and cat, and is stateful for created or edited files
AWS CodeArtifact
- Provides a package manager for AWS services
AWS CodeBuild
- Offers a serverless CI/CD service for building and testing code, reducing the need for patching/maintaining dedicated servers
- Provides pre-packaged environments, such as Docker containers, and supports Amazon SNS for build notifications
AWS CodeCommit
- Offers a Git-based code repository, hosted in S3 for high availability and resiliency
- Integrates well with other AWS services, such as Route 53, ELB, and EC2
Security, Identity, and Compliance
- AWS Certificate Manager (ACM) for managing SSL/TLS certificates
- Amazon Cognito for user identity and access management
- AWS Identity and Access Management (IAM) for access control and security
- Best practices: use the principle of least privilege, avoid using the root account, and apply policies to users, groups, and roles
Users and Groups
- Users can be part of multiple groups
- Groups can be assigned policies, which are JSON documents defining permissions
Policies
- Policy structure includes version, ID, statement, effect, principal, action, resource, and condition
- Policies can be assigned to users, groups, or resources
Roles
- Can be assigned to AWS services, such as EC2 instances or Lambda functions
Password Policy
- Can be set up for minimum length, specific character types, and password expiry
- Can be enabled to prevent password reuse and allow users to change their own passwords
MFA (Multi-Factor Authentication)
- Combines something you know (password) with something you own (security device)
- Supports virtual MFA devices, U2F security keys, and hardware key fobs
Security Tools
- IAM Credentials Report for account-level credential status
- IAM Access Advisor for service permissions and last access times
Shared Responsibility of IAM
- AWS is responsible for infrastructure, configuration, and vulnerability analysis
- Users are responsible for users, groups, roles, policies, monitoring, and MFA enablement
AWS Access Keys
- Generated through the AWS Console, should be kept secret, and rotated regularly
AWS Key Management Service (AWS KMS)
- Can be used to encrypt EBS at rest
AWS Private Certificate Authority
- Enables creating and managing private certificates
AWS Secrets Manager
- Enables securely storing and retrieving sensitive data
AWS Security Token Service (AWS STS)
- Provides temporary security credentials for AWS services
AWS WAF
- Provides a web application firewall for protecting web applications
Storage
- Amazon Elastic Block Store (Amazon EBS) provides a network drive for EC2 instances
- EBS persists data even after EC2 termination and has a provisioned activity (IOPS, space, etc.)
- EBS Snapshots enable backing up EBS volumes, with features like copying across AZs, moving to an archive tier, and fast snapshot restore
- EC2 Instance Store provides high-performance, low-latency storage, but is ephemeral and loses data if the instance is stopped
- Amazon Elastic File System (Amazon EFS) offers a managed NFS for multiple EC2 instances, with high availability, scalability, and pay-per-use pricing.
EC2
- Storage optimized instances are ideal for high frequency OLTP systems, databases, and data warehouses
- General purpose instances provide good general diversity for general websites
- HPC optimized instances are designed for high-performance computing workloads
- On-demand instances offer short workloads with predictable pricing, and users pay by the second
- Reserved instances (1 & 3 years) are suitable for long workloads, with the option to convert to convertible reserved instances for flexible instances
- Savings plans (1 & 3 years) provide a commitment to an amount of usage, resulting in cost savings
- Spot instances are ideal for short workloads, offering cheap prices, but may lose instances and are less reliable
- Dedicated hosts allow users to book an entire physical server, with control over instance placement, making it suitable for bring-your-own-license and regulatory requirements
- Dedicated instances ensure no other customers share the user's hardware, with the option to have their own instance on their own hardware
- Capacity reservations allow users to reserve capacity in a specific availability zone (AZ) for a specified duration
Lambda
- Asynchronous and synchronous invocations are supported
- The execution lifecycle of a function includes cold start, init, invoke, and shutdown
- Cold start up to 10 seconds is not charged, and init and invoke phases can be reused up to 512MB
- Event and context objects provide parameters to the lambda function, with the event object containing JSON data for processing
AWS Services
- AWS CodeDeploy, CodeGuru, CodePipeline, CodeStar, and CodeWhisperer are development tools
- AWS X-Ray provides management and governance
- AWS AppConfig and AWS CLI provide protected access keys, command-line tools, and direct access to public APIs
- AWS SDK offers language-specific APIs for embedded application development
- AWS Cloud Development Kit (AWS CDK) and AWS CloudFormation provide infrastructure as code
- AWS CloudTrail and Amazon CloudWatch provide monitoring and logging
- AWS Systems Manager provides system management and automation
Networking and Content Delivery
- Amazon API Gateway manages APIs
- Amazon CloudFront provides content delivery
- Elastic Load Balancing (ELB) supports scalability and high availability
- Scalability is achieved through vertical (increasing instance size) and horizontal (adding load balancers/auto-scaling groups) scaling
- High availability ensures data is available in at least two data centers to survive data center loss
- Load balancing distributes traffic to multiple servers downstream, with ELB offering a managed load balancer with features like sticky sessions and security groups
- Security groups can be attached to load balancers to restrict access
- Cross-zone load balancing distributes requests across all registered instances in all AZs
- SSL/TLS encryption is supported using AWS Certificate Manager (ACM) and can be used with load balancers
Autoscaling
- Autoscaling groups (ASG) automatically scale out or scale in to match load requirements
- ASG is free, with costs incurred only for underlying EC2 instances
- ASG can be configured using launch templates containing AMI, instance type, EC2 user data, EBS volumes, security groups, SSH key pairs, IAM roles, and network information
- Scaling policies can be based on CloudWatch alarms, with options for target tracking, dynamic scaling, and scheduled scaling
- AMI is region-specific, and EC2 instances can be launched from public, private, or AWS Marketplace AMIs
Storage
- EBS volume types include:
- GP2/GP3: cost-effective storage with low latency, general-purpose SSD volume
- io1/io2: provisioned IOPS SSD for applications requiring sustained IOPS performance
- st1: hard disk drives (HDD) for big data, data warehouses, and log processing
- sc1: cold HDD for archiving
- EBS multi-attach allows attaching the same EBS volume to multiple EC2 instances in the same AZ, with each instance having full read-write permissions
Edge Networks
- Allow content to be cached closer to other locations
- Also known as CDN (Content Delivery Network)
- Use CloudFront to serve content at edge locations, which can also run Lambda functions
Accessing AWS
- AWS Management Console: protected by password and MFA
- AWS CLI: protected by access keys, command line tool to interact with AWS services
- AWS SDK: protected by access keys, set of libraries to access language-specific APIs
Major AWS Services
Analysis
Athena
- Interactive Query service stored in S3
- Allows querying entire bucket instead of just a subset with S3
- Serverless, costs less compared to RedShift/EMR or ES
Kinesis
- DataStreams: real-time, preserves order of messaging by default, supports multiple data sources
- Data Analytics: provides ability to perform analysis
- Firehose: can stream data without need for a consumer
AWS Cloud9
- Integrated development environment (IDE) that provides a cloud-based development environment
AWS CloudShell
- Available in a few AWS regions only, terminal in the cloud
- Advantage over terminal: no need to configure AWS with access key
- Supports Linux commands like ls, echo, cat, etc.
- Stateful if you create or edit files
AWS Code Services
CodeArtifact
- Used for storing and sharing artifacts like code and dependencies
CodeBuild
- Serverless CI Server for AWS, reduces need for patching/maintaining a dedicated server
- Only pay for time it takes to build, provides pre-packaged environments like Docker containers
- Build environment = OS + Programming env + Tools used by CodeBuild to run the build
- Can create build project using CodeBuild console/AWS CLI/AWS SDK/creation of CodePipeline
- Buildspec.yaml defines the build to run (on the code pulled from source repo)
CodeCommit
- Git-based code repository, hosted in S3, high availability and resiliency
- Advantage over GitHub/Stash: integrates well with other AWS services
CodeDeploy
- Automated deployment service that helps deploy applications to various environments
CodeGuru
- Machine learning-based service that helps improve code quality and identify bugs
CodePipeline
- Continuous integration and continuous delivery (CI/CD) service
CodeStar
- Integrated development environment (IDE) for creating and managing applications
CodeWhisperer
- AI-powered coding companion that provides suggestions and completions
Management and Governance
AppConfig
- Helps manage application configurations and settings
AWS CLI
- Command line tool to interact with AWS services using commands in your shell
- Direct access to the public APIs of AWS Services
- Opensource, alternative to AWS management console
- Built on AWS SDK for Python
AWS SDK
- Set of libraries to access language-specific APIs (embedded within application)
- Programming language-specific (e.g., JavaScript, Java, Python, PHP, Go, etc.)
AWS Cloud Development Kit (AWS CDK)
- Open-source framework that allows defining cloud infrastructure in code
AWS CloudFormation
- Service that helps use templates to define and deploy infrastructure as code
AWS CloudTrail
- Service that provides governance, compliance, and audit for AWS API calls
Amazon CloudWatch
- Monitoring and logging service that provides insights into application performance
Amazon CloudWatch Logs
- Service that helps monitor and troubleshoot application logs
AWS Systems Manager
- Service that helps manage and configure AWS resources
Networking and Content Delivery
Amazon API Gateway
- Fully managed service that makes it easy to create, publish, and manage RESTful APIs
Amazon CloudFront
- Fast, highly secure, and programmable content delivery network (CDN)
Elastic Load Balancing (ELB)
- Managed load balancer that helps distribute traffic across multiple targets
Scalability vs High Availability
- Vertical scalability: increases instance size of EC2
- Horizontal scalability: adds load balancer/autoscaling group
- Scalability is linked to but different from high availability
Load Balancing
- Forward traffic to multiple servers downstream (e.g., EC2 instances)
ELB
- Managed load balancer, more cost-effective compared to setting up own load balancer
- Integrates with many AWS offerings/services
Autoscaling Groups (ASG)
- Automatically scales out (adds EC2 instances) or scales in (removes EC2 instances) to match load per requirements
- Configured via Launch template containing various settings
- Can attach security groups to ASG just like EC2
- Scaling policies: based on CloudWatch alarm, dynamic scaling, scheduled scaling
AWS Services
- AWS CodeDeploy: not described
- Amazon CodeGuru: not described
- AWS CodePipeline: not described
- AWS CodeStar: not described
- Amazon CodeWhisperer: not described
- AWS X-Ray: not described
Management and Governance
- AWS AppConfig: not described
- AWS CLI:
- Protected by Access Keys
- Command line tool to interact with AWS services using commands in your shell
- Direct access to the public APIs of AWS Services
- Opensource
- Alternative to AWS management console
- Built on AWS SDK for Python
- AWS SDK:
- Set of libraries to access Language specific APIs (embedded within application) - high level SDK and low level SDK (for API level commands)
- Programming language specific e.g. Javascript, java, python, PHP, Go etc)
- AWS Cloud Development Kit (AWS CDK): not described
- AWS CloudFormation: not described
- AWS CloudTrail: not described
- Amazon CloudWatch: not described
- Amazon CloudWatch Logs: not described
- AWS Systems Manager: not described
Networking and Content Delivery
- Amazon API Gateway: not described
- Amazon CloudFront: not described
- Elastic Load Balancing (ELB):
- Scalability vs High Availability
- Vertical scalability (e.g. Increase instance size of EC2)
- Horizontal scalability (Add load balancer / auto scaling group)
- Scalability is linked to but different to high availability (Means your data is running at least 2 data centers - to survive data center loss)
- Load balancing: forward traffic to multiple servers downstream (e.g. EC2 instances)
- Managed load balancer - more cost effective compared with setting up your own load balancer / AWS guarantees it is working / upgrades / maintenance etc.
- Integrates with many AWS offerings / services: e.g. Firewalls, Intrusion Detection Systems, Payload Manipulation
- Supports Sticky Sessions
- Stick sessions / Session Affinity:
- Ensure user request only routed to same target group
- CLB and ALB use cookie with expiration date
- Use case - make sure user doesn't lose his session data
- Enabling stickiness may cause ec2 instances to not be equally balanced
- Application based Cookies: Check for custom attributes required by the application
- Duration based cookies: Generated by load balancer
- Cross Zone load balancing:
- With Enabled: each load balancer instance distributes evenly across all registered instances in all AZ
- With Disabled: Requests are distributed in the instances of the node of the Elastic Load Balancer
- ALB - enabled by default (can be disabled at target group level), no charge for inter AZ data
- NLB - disabled by default (Pay charges for cross zone AZ)
- SSL / TLS:
- Can use SSL Cert / TLS cert between your clients and your load balancer to allow encryption in transit (in-flight encryption)
- Managed via AWS ACM (Certificate manager) - Load balancer uses an X.509 Cert but you can upload your own certs to ACM
- Set a default certificate on HTTPS listener (with optional list of domains)
- Clients can use SNI (Server name Indication) to indicate the hostname they would like to reach on initial SSL handshake
- SNI solves the problem of multiple SSL Certs onto one web server (you may have more than one domain SSL cert at the ALB level)
- SNI only works for ALB / NLB and CloudFront
- Connection Draining / Deregistration delay:
- Can set time to complete 'in-flight requests' while target group instances are de-registering or unhealthy
- Associated with particular AZ only (so can implement redundancy by implementing for each AZ separately)
- Route table:
- Controls the network traffic in your vpc through subnet routing
- Allow access between subnets / to the internet
- One route table can be associated with multiple subnets, but each subnet must have exactly one route table associated
- VPC peering:
- Connect two VPC privately using AWS' network - make them behave as if they were in the same network
- Must not have overlapping CIDR (IP address range)
- VPC peering connection is not transitive (if a is connected to b, and b is connected to c, then a is not connected to c, unless a direct connection exists)
- VPC Endpoints:
- Endpoints allow you to Connect to AWS services using private network instead of www network
- Enhanced security and lower latency to access AWS Services
- Site to Site VPC - connect on-premises VPN to AWS (encrypted over public internet)
- Direct Connect (DX) - Physical connection between on-premises and AWS - secure, fast and private network
Security Features
- Network ACL:
- Firewall to allow or deny at a subnet level - explicitly allow or deny traffic by Port / IP address / Destination
- Security Groups:
- Works at instance level (e.g. EC2).(ENI - elastic network interface)
- Can only specify ALLOW rules not DENY
- Inbound security group all deny by default, outbound security group is allow all by default
- Security group rule, comprises of IP / port (e.g. ssh) or other security groups
- Rules can be added to authorize another security group through (useful for load balancer where ec2 instances can connect without needing to specify IP all the time)
- Virtual private gateway / public gateway:
- Internet Gateway - allow connection to Internet at the VPC level
- Customer Gateway - Virtual private gateway can be used to establish an AWS DirectConnect connection to CustomerGateway (which could be a hardware or virtual gateway in the customers own on-premises data centre) at VPC level
- VPC Flow log:
- Capture information about IP traffic going to instances - there are also Subnet flow logs, ENI (Elastic Network Interface Flow logs)
- Monitor network traffic through the VPC
- Can be sent to S3, CloudWatch, or Kinesis data firehose
Example Architectures
- Three Tier Architecture:
- Understanding of general diagram (For e.g. Pre-packing the software with EC2 instance)
- AMI:
- AMI is region specific
- EC2 instances can be launched from public (made by AWS) and private AMIs (made yourself) or AWS MarketPlace AMI (made by someone else and potentially sold by)
EBS Volume types
- GP2 / GP3:
- Cost effective storage, low latency, general purpose SSD volume (can be used for boot volume)
- GP3 can independently set throughput and storage, whereas for GP2 is preconfigured (GP2 older) - up to 16,000 iops
- io1 / io2:
- Provisioned IOPS SSD -
- Applications that need sustained IOPS performance eg. Database workloads - sensitive to storage performance and consistency
- io1 can independently set IOPs upto 64,000 IOPS for Nitro instances, IO2 set with a max PIOPS of 256,000 with a IOPS to GiB ratio of 100:1. If you want over 32,000 IOPS you need nitro
- Supports EBS multi attach feature
- Can be used for boot volume
- st1:
- Hard disk drives (HDD)
- Suitable for Big data, data warehouses, log processing (500 iops)
- sc1:
- Cold HDD
- Suitable for archiving
EBS Multi-attach
- Attach the same EBS volume to multiple EC2 instances in the same AZ
- Each instance has full read write permissions to the high performance volume
- Use case: Achieve higher application availability in clustered linux applications (e.g.
General Concepts
- AWS Well-Architected Framework consists of six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability
- AWS Global architectures include:
- Availability Zones (60 miles apart)
- Regions (made up of multiple Availability Zones)
- Video Streams
Major AWS Services
Analysis
- Athena: a query service for analyzing data in Amazon S3
- Kinesis: a real-time data processing service
- OpenSearch Service: a search service for log analytics and application monitoring
Application Integration
- SQS: a message queue service with Standard and FIFO (First-In-First-Out) queues
- Benefits of FIFO: exactly-once processing, and message deduplication
- SNS: a publish-subscribe messaging service
- EventBridge: a serverless event bus service
- AppSync: a managed service for building GraphQL APIs
- Step Functions: a service for orchestrating AWS Lambda functions
- Features:
- 8 state types: Task, Choice, Parallel, Wait, Fail, Succeed, Pass, and Map
- Built-in retry/error handling at each state
- Visual workflow management
- Features:
Compute
- EC2:
- Sizing and configuration options:
- OS (Linux, Windows, or Mac OS)
- CPU
- RAM
- EBS and EFS (Network-attached)
- EC2 Instance Store (Hardware)
- Network card (speed of card and public IP address)
- Security Group (Firewall rules)
- Bootstrap Script (configure at first launch: EC2 User Data)
- EC2 User Data:
- Bootstrapped, run once only at the first instance start
- e.g., installing updates/software
- Run as root user
- EC2 Instance types:
- e.g., t2.micro, c5d.4xlarge (many different types)
- Naming convention: m5.2xlarge (m = memory optimized, 5 = generation, 2xLarge = spec)
- Compute optimized: good for batch processing, media transcoding, machine learning, dedicated gaming server, etc.
- Memory optimized: good for high-performance databases (with memory), web scale cache stores, etc.
- Sizing and configuration options:
Database
- Relational vs No SQL:
- Relational: Amazon Aurora, Amazon RDS
- No SQL: Amazon DynamoDB
- Amazon Aurora:
- Basic: MySQL-compatible database engine
- Writer/Reader endpoint: supports read replicas
- Amazon DynamoDB:
- Fast, fully managed No SQL database service
- Amazon ElastiCache:
- Basic: in-memory data store for Redis and Memcached
- Memcached vs Redis: Memcached is a simple, key-value store, while Redis is a data structure server
- Cache Eviction/TTL (Time to Live):
- Cache can be evicted if:
- item is deleted explicitly in cache
- memory is full and it's not recently used (LRU)
- TTL that has been set is exceeded
- If too many evictions happen due to memory limits, you should scale out or up
- Cache can be evicted if:
- Amazon MemoryDB for Redis:
- Redis-compatible, durable, in-memory database
- Ultra-high performance with over 160 million requests/second
- Scale seamlessly to 100s of TB of storage
- Use cases: web apps, online gaming, media streaming, etc.
- Amazon RDS:
- Basic: managed relational database service
- RDS Storage Auto Scaling: automatically scale database storage up to a set Maximum Storage Threshold
- Read Replicas:
- Replications are asynchronous - data will be eventually consistent
- Up to 15 read replicas within AZ, Cross AZ, or Cross Region
- Replicas can be promoted to their own DB
- Applications must update connection string to use a read replica
- Use cases: reporting, analytics, read-only high load environments
- RDS Multi AZ (Disaster Recovery):
- Synchronous replication - main purpose is to increase availability, not for scaling
- One DNS name - automatic app failover to standby
- Read replicas can be set up as Multi AZ for DR
- Going from Single AZ to Multi AZ is a zero-downtime operation
- Encrypting an Unencrypted RDS DB:
- Create a snapshot of DB, copy the snapshot, click "Enable Encryption", then restore the DB instance from encrypted snapshot
- Unencrypted RDS DB will always have unencrypted read replicas
Developer Tools
- AWS Amplify:
- Deploy application in serverless architecture, allows auto-deployment/scaling/management of application and underlying resources
- Complete solution that allows frontend web and mobile developers to easily build, connect, and host full-stack applications
- AWS Cloud9:
- Cloud-based integrated development environment (IDE) for writing, running, and debugging code
- AWS CodeArtifact:
- Fully managed artifact repository service
- AWS CodeBuild:
- Fully managed continuous integration service
- AWS CodeCommit:
- Fully managed version control service
- AWS CodeDeploy:
- Fully managed deployment service
- Amazon CodeGuru:
- Machine learning-powered code review and debugging service
- AWS CodePipeline:
- Fully managed continuous delivery service
- AWS CodeStar:
- Cloud-based service for creating, managing, and scaling continuous integration and continuous deployment (CI/CD) pipelines
- Amazon CodeWhisperer:
- AI-powered coding companion that provides real-time code suggestions and recommendations
- AWS X-Ray:
- Distributed tracing service for debugging and analyzing distributed applications
Management and Governance
- AWS AppConfig:
- Fully managed service for managing and monitoring application configurations
- AWS CLI:
- Command-line tool for managing AWS resources
- AWS Cloud Development Kit (AWS CDK):
- Open-source framework for defining cloud infrastructure in code
- AWS CloudFormation:
- Service for managing infrastructure as code
- AWS CloudTrail:
- Service for monitoring and logging AWS API calls
- Amazon CloudWatch:
- Monitoring and logging service for AWS resources and applications
- Amazon CloudWatch Logs:
- Logs monitoring and analysis service
- AWS Systems Manager:
- Service for managing and automating AWS resources and applications
Networking and Content Delivery
- Amazon API Gateway:
- Fully managed API management service
- Amazon CloudFront:
- Content delivery network (CDN) service
- Elastic Load Balancing (ELB):
- Load balancing service for distributing traffic across multiple targets
- Amazon Route 53:
- Domain name system (DNS) service
- Amazon VPC:
- Virtual private cloud (VPC) service for creating a virtual network in the cloud
Video Streams and Application Integration
- Video Streams and Application Integration involves OpenSearch Service, SQS, SNS, EventBridge, and AppSync.
Compute
- EC2 instance types have different naming conventions, such as m5.2xlarge (m = memory optimized, 5 = generation, 2xLarge = spec).
- Compute optimized instances are suitable for batch processing, media transcoding, machine learning, and dedicated gaming servers.
- Memory optimized instances are suitable for high-performance databases with memory and web-scale cache stores.
- Predictive scaling continuously forecasts load and schedules scaling ahead, with scaling cooldowns allowing metrics to stabilize.
- Instance Refresh recreates all EC2 instances after updating a launch template, with a minimum healthy percentage as a trigger and warm-up time.
Amazon Route 53 and VPC
- A VPC can only exist within one region, with private subnets within one availability zone (AZ) only.
- Public subnets can have multiple subnets in the same AZ, with CIDR Block specifying the size of the network.
- DHCP options set automatically provision IP addresses for EC2 instances and other resources, configuring DNS, Netbios Name server, and NTP.
- NAT Devices enable EC2 instances in private subnets to connect to the public internet or other AWS services, with two types: NAT Instance and NAT Gateway.
- Route tables control network traffic in a VPC through subnet routing, allowing access between subnets and to the internet.
- VPC peering connects two VPCs privately using AWS' network, with no overlapping CIDR ranges.
- VPC Endpoints allow connecting to AWS services using a private network, enhancing security and reducing latency.
Security Features
- Network ACLs work at the subnet level, explicitly allowing or denying traffic by port, IP address, or destination.
- Security Groups work at the instance level, specifying ALLOW rules only, with default deny for inbound and default allow for outbound.
- Security Group rules comprise IP, port, or other security groups, with rules added to authorize another security group.
VPC Endpoints and Gateways
- Virtual private gateways/public gateways allow connections to the internet at the VPC level.
- Customer Gateways establish an AWS DirectConnect connection to a CustomerGateway.
- VPC Endpoint connects EC2 instances in a VPC to AWS global services like AWS Lambda and S3, without passing through the internet.
EBS Volume Types
- GP2/GP3 are cost-effective storage, low-latency, general-purpose SSD volumes, with GP3 allowing independent throughput and storage configuration.
- IO1/IO2 are provisioned IOPS SSD volumes, suitable for applications needing sustained IOPS performance, such as databases.
- ST1 is a hard disk drive (HDD) suitable for big data, data warehouses, and log processing.
- SC1 is a cold HDD suitable for archiving.
EBS Multi-attach
- Attaches the same EBS volume to multiple EC2 instances in the same AZ, with each instance having full read-write permissions to the high-performance volume.
- Used for achieving higher application availability in clustered Linux applications.
General Concepts
- AWS Well-Architected Framework consists of six pillars:
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
- Sustainability
Compute Services
- EC2:
- Supports various instance types and operating systems
- Can be launched in a VPC or a subnet
- Lambda:
- Serverless computing service
- Supports Node.js, Python, Java, and Go languages
- Can be triggered by various AWS services
- AWS Serverless Application Model (SAM):
- Framework for building serverless applications
- Supports AWS Lambda, API Gateway, and other services
Containers
- AWS Copilot:
- Service for deploying and managing containerized applications
- Supports Docker and Kubernetes
- Amazon Elastic Container Registry (Amazon ECR):
- Fully-managed container registry service
- Supports Docker container images
- Amazon Elastic Container Service (Amazon ECS):
- Fully-managed container orchestration service
- Supports Docker containers and Kubernetes
- Amazon Elastic Kubernetes Service (Amazon EKS):
- Managed Kubernetes service
- Supports Kubernetes clusters
Database Services
- Relational vs NoSQL databases:
- Relational databases: support structured data and SQL queries
- NoSQL databases: support semi-structured or unstructured data and flexible schema
- Amazon Aurora:
- Relational database service
- Supports MySQL and PostgreSQL databases
- Offers high performance and durability
- Amazon DynamoDB:
- NoSQL database service
- Supports key-value and document data models
- Offers high performance and low latency
- Amazon ElastiCache:
- In-memory caching service
- Supports Memcached and Redis engines
- Improves application performance and reduces latency
- Cache eviction and TTL (Time to Live):
- Cache eviction: process of removing data from the cache
- TTL: sets the maximum time data remains in the cache
Storage Services
- Amazon Elastic Block Store (Amazon EBS):
- Block-level storage service
- Supports persistent data storage for EC2 instances
- Offers high performance and low latency
- EC2 Instance Store:
- Temporary storage service
- Supports ephemeral data storage for EC2 instances
- Data is lost when the instance is stopped or terminated
- Amazon Elastic File System (Amazon EFS):
- File-level storage service
- Supports shared file storage for multiple EC2 instances
- Offers high availability, scalability, and durability
- Supports NFS protocol and POSIX file system
- Offers encryption at rest using KMS
Security, Identity, and Compliance
- AWS Identity and Access Management (IAM):
- Service for managing access and permissions to AWS resources
- Supports users, groups, roles, and policies
- AWS Key Management Service (AWS KMS):
- Service for managing encryption keys
- Supports key creation, rotation, and deletion
- Integrates with AWS services and resources
- AWS Certificate Manager (ACM):
- Service for managing SSL/TLS certificates
- Supports certificate creation, validation, and revocation
- Integrates with AWS services and resources
- AWS Security Token Service (AWS STS):
- Service for managing temporary security credentials
- Supports temporary access to AWS resources
- Integrates with AWS services and resources
Networking and Content Delivery
- Amazon API Gateway:
- Service for creating RESTful APIs
- Supports API creation, deployment, and management
- Integrates with AWS services and resources
- Amazon CloudFront:
- Content delivery network (CDN) service
- Supports fast and secure content delivery
- Integrates with AWS services and resources
- Elastic Load Balancing (ELB):
- Service for distributing traffic across EC2 instances
- Supports load balancing for HTTP, HTTPS, and TCP protocols
- Integrates with AWS services and resources
- Amazon Route 53:
- Domain name system (DNS) service
- Supports domain registration, routing, and management
- Integrates with AWS services and resources
- Amazon VPC:
- Virtual private cloud service
- Supports isolated and secure networking for EC2 instances
- Integrates with AWS services and resources
Application Integration
- SQS:
- Message queuing service
- Supports decoupling of applications and services
- Integrates with AWS services and resources
- SNS:
- Messaging service
- Supports fan-out messaging and event-driven architecture
- Integrates with AWS services and resources
- EventBridge:
- Event-driven service
- Supports event bus, event source, and event target
- Integrates with AWS services and resources
- AppSync:
- Service for building scalable and secure APIs
- Supports GraphQL and RESTful APIs
- Integrates with AWS services and resources
- Step Functions:
- Service for building distributed workflows
- Supports step-by-step execution of tasks
- Integrates with AWS services and resources
Video Streams
- OpenSearch Service for application integration
- SQS (Standard vs FIFO) for message queuing
- SNS for fanout messaging
- EventBridge for event-driven architecture
- AppSync for managed GraphQL service
Compute
- EC2 instance types: Compute, Memory, and Storage optimized
- EC2 instance store: provides temporary storage for instances
- EBS and EFS: network-attached storage options
- Security groups: act as virtual firewalls for instances
- Bootstrap script: configures instances during first launch
- EC2 user data: runs once at first instance start, ideal for installing updates/software
Databases
- Amazon DynamoDB: NoSQL database
- Amazon ElastiCache: in-memory database for high performance and low latency
- Redis vs Memcached: Redis supports multi-AZ with auto-failover and backup/restore features
- Caching design patterns: Lazy loading, Cache-Aside, Write Through, and more
Security Groups and Load Balancers
- Security groups: restrict access to instances and load balancers
- Load balancers: can have security groups to allow HTTP traffic
- Stick sessions: ensure requests are routed to the same target group
- Cross-zone load balancing: distributes requests across all availability zones
- SSL/TLS: encrypts data in transit using X.509 certificates
Identity and Access Management (IAM)
- AWS Certificate Manager (ACM): manages SSL/TLS certificates
- Amazon Cognito: provides user identity management
- IAM best practices: use least privilege, avoid using the root account
- Users: can be grouped and assigned policies
- Groups: group users together for easier management
- Policies: JSON documents that define permissions for users and groups
- Roles: assign permissions to AWS services
Video Streams and OpenSearch Service
- Video Streams and OpenSearch Service are application integration services in AWS
Message Queue and Notification Services
- SQS (Standard and FIFO queues) benefits:
- Decouples microservices and allows parallel processing
- Acts as a buffer for high-volume messages
- SNS (Simple Notification Service) benefits:
- Fanout messaging for decoupling microservices
- Publish-subscribe messaging pattern
- EventBridge benefits:
- Event-driven architecture for decoupling microservices
- Supports event buses and event sources
- AppSync benefits:
- Real-time data synchronization and offline data access
- GraphQL API for mobile and web applications
Compute Services
- EC2 (Elastic Compute Cloud) features:
- Sizing and configuration options:
- OS (Linux, Windows, or Mac OS)
- CPU, RAM, EBS, and EC2 Instance Store
- Network card and public IP address
- Security Group (Firewall rules)
- Bootstrap Script (EC2 User Data)
- EC2 Instance types:
- Compute optimized (e.g., t2.micro, c5d.4xlarge)
- Memory optimized (e.g., m5.2xlarge)
- Storage optimized
- General purpose
- EC2 Instance Connect for SSH access
- IAM roles for EC2 instances
- Security Groups for port configuration
- Purchasing options:
- On-demand instances
- Reserved instances (1 & 3 years)
- Savings plans (1 & 3 years)
- Spot instances
- Dedicated Hosts
- Dedicated Instances
- Capacity Reservations
- Sizing and configuration options:
- Lambda features:
- Asynchronous and synchronous invocation
- Execution lifecycle (init, invoke, shutdown)
- Event Object and Context Object
- Lambda Layers for reusing external dependencies
- Lambda Versions and Aliases for canary deployments
- VPC integration (LambdaVPCAccessExecutionRole)
Container Services
- Amazon Elastic Container Registry (Amazon ECR) features:
- Container registry for Amazon ECS and Amazon EKS
- Amazon Elastic Container Service (Amazon ECS) features:
- Container orchestration service
- Supports Amazon ECR and Docker Hub
- Amazon Elastic Kubernetes Service (Amazon EKS) features:
- Managed Kubernetes service
- Supports Amazon ECR and Docker Hub
Database Services
- Relational databases vs NoSQL databases:
- Relational databases (e.g., Amazon Aurora) for structured data
- NoSQL databases (e.g., Amazon DynamoDB) for unstructured data
- Amazon Aurora features:
- Autoscales in increments of 10GB up to 128TB
- Supports MySQL and PostgreSQL
- Higher availability with 6 copies of data across 3 AZ
- Cross Region Replication
- Amazon DynamoDB features:
- NoSQL database for large-scale applications
- Amazon ElastiCache features:
- Managed Redis or Memcached instances
- In-memory database for high performance and low latency
Identity and Access Management (IAM)
- Password policy features:
- Minimum length and character types
- Password expiry and reuse prevention
- MFA (Multi-Factor Authentication) features:
- Virtual MFA device (Google Authenticator or Authy)
- U2F security key hardware
- Hardware Key Fob MFA device
- Security tools:
- IAM Credentials Report
- IAM Access Advisor
- Shared Responsibility Model:
- AWS: Infrastructure, Configuration, and Compliance
- You: Users, Groups, Roles, Policies, Monitoring
- AWS Access Keys features:
- Generated through AWS Console
- Access Key ID and Secret Access Key
- AWS Key Management Service (AWS KMS) features:
- Encryption for EBS at rest
- AWS Private Certificate Authority features:
- Private Certificate Authority for AWS services
- AWS Secrets Manager features:
- Secure storage for secrets and credentials
- AWS Security Token Service (AWS STS) features:
- Temporary security credentials for IAM users and roles
- AWS WAF features:
- Web Application Firewall for AWS services
Storage Services
- Amazon Elastic Block Store (Amazon EBS) features:
- Network drive for EC2 instances
- Persists data even after EC2 termination
- Bound to specific AZ
- Can be detached and attached to another instance
- Provisioned activity (IOPS, space, etc.)
- Delete on Termination attribute
- EBS Snapshots features:
- Backup of EBS volume
- Can copy snapshots across AZ
- Archive tier for cost-effective storage
- Recycle bin for snapshots
- Fast Snapshot Restore (FSR)
- AMI (Amazon Machine Image) features:
- Customization of EC2 instance
- Add own software, OS monitoring
General Concepts
- AWS Well Architected Framework consists of six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability.
- AWS Global architectures are composed of Availability Zones (60 miles apart) and Regions (made up of multiple Availability Zones).
Major AWS Services
Analysis
- Athena: analytical service for querying data in S3.
- Kinesis: real-time data processing and analytics service.
- OpenSearch Service: search service for searching and analyzing data.
Application Integration
- SQS: message queue service for decoupling applications.
- SNS: fan-out messaging service for sending and receiving messages.
- EventBridge: event-driven service for integrating applications.
- AppSync: managed GraphQL service for real-time data synchronization.
- Step Functions: service for orchestrating serverless workflows.
Compute
- EC2: virtual machine service for compute tasks.
- Lambda: serverless compute service for running code.
- AWS Serverless Application Model (SAM): framework for building serverless applications.
- Elastic Beanstalk: managed platform for deploying web applications.
Containers
- AWS Copilot: containerized application service for deploying containers.
- Amazon Elastic Container Registry (Amazon ECR): container registry service for storing and managing containers.
- Amazon Elastic Container Service (Amazon ECS): container orchestration service for running and managing containers.
- Amazon Elastic Kubernetes Service (Amazon EKS): managed Kubernetes service for running Kubernetes applications.
Database
- Relational vs NoSQL databases.
- Amazon Aurora: relational database service for MySQL and PostgreSQL.
- Basic: single instance database.
- Writer/Reader endpoint: endpoint for reading and writing data.
- Amazon DynamoDB: NoSQL database service for large-scale applications.
- Amazon ElastiCache: in-memory caching service for improving performance.
- Basic: caching service for Redis and Memcached.
- Memcached vs Redis: caching engines for ElastiCache.
- Caching Design Patterns: patterns for caching data.
- Cache Eviction/TTL (Time to Live): mechanism for managing cache expiration.
- Amazon MemoryDB for Redis: in-memory database service for Redis workloads.
- Amazon RDS: relational database service for various database engines.
- Basic: single instance database.
- RDS Storage Auto Scaling: automatic scaling for database storage.
- Read Replicas: read-only copies of the primary database.
- RDS Multi AZ (Disaster Recovery): high availability feature for databases.
- Encrypting an Unencrypted RDS DB: process for encrypting existing databases.
Developer Tools
- AWS Amplify: development environment for building, deploying, and managing applications.
- AWS Cloud9: integrated development environment for coding and debugging.
- AWS CloudShell: interactive shell for AWS services and resources.
- AWS CodeArtifact: package manager for software dependencies.
- AWS CodeBuild: continuous integration and continuous deployment (CI/CD) service.
- AWS CodeCommit: version control service for managing code repositories.
- AWS CodeDeploy: automated deployment service for configuring and deploying applications.
- Amazon CodeGuru: AI-powered code review service for improving code quality.
- AWS CodePipeline: CI/CD service for automating workflows.
- AWS CodeStar: project management service for creating and managing projects.
- Amazon CodeWhisperer: AI-powered coding companion for writing code.
- AWS X-Ray: service for analyzing and debugging distributed applications.
Management and Governance
- AWS AppConfig: feature for managing application configurations.
- AWS CLI: command-line interface for interacting with AWS services.
- AWS Cloud Development Kit (AWS CDK): framework for defining cloud infrastructure in code.
- AWS CloudFormation: service for provisioning and managing infrastructure as code.
- AWS CloudTrail: service for auditing and logging AWS API calls.
- Amazon CloudWatch: monitoring and logging service for AWS resources.
- Amazon CloudWatch Logs: service for storing and processing log data.
- AWS Systems Manager: service for managing and patching AWS resources.
Networking and Content Delivery
- Amazon API Gateway: RESTful API service for building and managing APIs.
- Amazon CloudFront: content delivery network (CDN) for distributing content.
- Elastic Load Balancing (ELB): load balancing service for distributing traffic.
- Amazon Route 53: DNS service for routing internet traffic.
- Amazon VPC: virtual private cloud service for creating isolated networks.
Security, Identity, and Compliance
- AWS Certificate Manager (ACM): service for managing SSL/TLS certificates.
- Amazon Cognito: user identity and access management service.
- AWS Identity and Access Management (IAM): service for managing access and permissions.
- AWS Key Management Service (AWS KMS): service for managing encryption keys.
- AWS Private Certificate Authority: service for creating and managing private certificates.
- AWS Secrets Manager: service for managing secrets and credentials.
- AWS Security Token Service (AWS STS): service for requesting temporary security tokens.
- AWS WAF: web application firewall service for protecting web applications.
Storage
- Amazon Elastic Block Store (Amazon EBS): block-level storage service for EC2 instances.
- EC2 Instance Store: ephemeral storage service for EC2 instances.
- Amazon Elastic File System (Amazon EFS): file-level storage service for EC2 instances.
- Amazon S3: object-level storage service for storing and retrieving data.
- Amazon S3 Glacier: long-term archival storage service for infrequently accessed data.
Amazon Route 53
- Domain name system (DNS) service for routing internet traffic.
Amazon VPC
- Virtual private cloud service for creating isolated networks.
- VPC can only exist within one region.
- Private subnet: isolated network for backend systems like DBs and app servers.
- Public subnet: publicly accessible network for web servers and other resources.
- CIDR Block: specifies the size of the network.
- DHCP options set: automatically provisions IP addresses for EC2 instances and other resources.
- NAT Devices: enables EC2 instances in private subnets to connect to the public internet or other AWS services.
- Route table: controls network traffic in your VPC through subnet routing.
- VPC peering: connects two VPCs privately using AWS' network.
- VPC endpoints: connects to AWS services using a private network instead of the internet.
Security Features
- Network ACL: explicitly allows or denies traffic at the subnet level.
- Security Groups: works at the instance level, specifying ALLOW rules for inbound traffic and DENY rules for outbound traffic.
VPC Flow Logs
- Captures information about IP traffic going to instances.
- Can be sent to S3, CloudWatch, or Kinesis data firehouse.
- Monitors network traffic through the VPC.
Example Architectures
- Three-Tier Architecture: consists of a presentation layer, application layer, and data layer.
- LAMP Stack on EC2: Linux, Apache, MySQL, and PHP stack on EC2 instances.
- Wordpress on AWS: WordPress installation on AWS services.
Security, Identity, and Compliance
- AWS Certificate Manager (ACM): service for managing SSL/TLS certificates.
- Amazon Cognito: user identity and access management service.
- AWS Identity and Access Management (IAM): service for managing access and permissions.
- IAM Best Practices:
- Root account should not be used or shared.
- Do not use Root (except for AWS account setup).
- Always apply the principle of least privilege.
- Users: people in your organization can be grouped.
- Groups: can group users together.
- Policies: JSON documents that define permissions for users or groups.
- Policy structure:
- Version: policy language version.
- Id: identifier for the policy.
- Statement: one or more individual statements.
- Sid: optional identifier for the statement.
- Effect: Allow or Deny.
- Principal: which account/user/role the policy applies to.
- Action: list of actions this policy allows or denies.
- Resource: list of resources to which the actions apply.
- Condition: conditions for when this policy is in effect.
- Policy structure:
- Roles: can assign permissions to AWS services.
Video Streams and Application Integration
- OpenSearch Service is a part of application integration
- SQS (Standard vs FIFO) has benefits
- SNS, EventBridge, AppSync, and Step Functions are also part of application integration
Step Functions
- Orchestrates lambda functions
- Statemachine - serverless workflow - allows reviewing the flow visually
- 8 state types:
- Task - single unit of work
- Choice - if-then-else logic
- Parallel - run units of work in parallel
- Wait - delay execution for a time period
- Fail - stop execution, mark as failure
- Succeed - stop execution, mark as success
- Pass - passes input to its output
- Map - for each loop
- Has built-in retry/error handling that you can implement at each state
Compute
- EC2:
- Sizing and configuration options:
- OS (Linux, Windows, or Mac OS)
- CPU
- RAM
- EBS and EFS (Network attached)
- EC2 Instance Store (Hardware)
- Network card (speed of card / public IP address)
- Security Group (Firewall rules)
- Bootstrap Script (configure at first launch: EC2 User Data)
- EC2 User Data:
- Bootstrapped, run once only at the first instance start
- e.g., installing updates / software
- Run as root user
- EC2 Instance types:
- e.g., t2.micro, c5d.4xlarge - many different types
- Naming convention: m5.2xlarge (m = memory optimized, 5 = generation (AWS improves over time))
- Compute optimized - Use cases: good for batch processing / media transcoding / machine learning / dedicated gaming server
- Memory optimized - Use cases: High-performance dbs (with memory). Web scale cache stores (e.g., cache user session across application servers into Elasticache)
- Sizing and configuration options:
Memcached vs Redis
- Redis:
- Multi-AZ with Auto-failover
- Read replicas to horizontally scale and provide availability
- Backup and restore features
- Support Sets and Sorted Sets
- Memcached:
- Multi-node for partitioning (sharding) of data
- No high availability (replication)
- Non-persistent - no backup and restore
- Multi-threaded architecture
Caching Design Patterns
- Lazy loading / Cache-Aside / Lazy Population:
- Check if cached data is present in application, if not load from DB into cache
- Pros:
- Only requested data is cached (the cache isn’t filled up with unused data)
- Node failures are not fatal (just increased latency to warm the cache)
- Write Through:
- Write to cache when DB is updated
- Pros:
- Data in cache is never stale, reads are quick
- Write penalty vs Read penalty (each write requires 2 calls)
Security Groups / Use cases
- Load balancers can have security groups which can be set up to allow HTTP traffic
- Can connect Application Security group to restrict access from load balance security group only
- IP address to load balance to, must be private IPs
Stick sessions / Session Affinity
- Ensure user requests are routed only to the same target group
- CLB and ALB use cookie with expiration date
- Use case - make sure user doesn't lose his session data
- Enabling stickiness may cause EC2 instances to not be equally balanced
- Application-based Cookies: Check for custom attributes required by the application
- Duration-based cookies: Generated by load balancer
Cross Zone Load Balancing
- With Enabled: each load balancer instance distributes evenly across all registered instances in all AZ
- With Disabled: Requests are distributed in the instances of the node of the Elastic Load Balancer
- ALB - enabled by default (can be disabled at target group level), no charge for inter-AZ data
- NLB - disabled by default (Pay charges for cross zone AZ)
SSL / TLS
- Can use SSL Cert / TLS cert between clients and load balancer to allow encryption in transit (in-flight encryption) - TLS is newer
- Managed via AWS ACM (Certificate manager) - Load balancer uses an X.509 Cert but you can upload your own certs to ACM
- Set a default certificate on HTTPS listener (with optional list of domains)
- Clients can use SNI (Server name Indication) to indicate the hostname they would like to reach on initial SSL handshake
- SNI solves the problem of multiple SSL Certs onto one web server (you may have more than one domain SSL cert at the ALB level)
- SNI only works for ALB / NLB and CloudFront
Connection Draining / Deregistration Delay
- Can set time to complete 'in-flight requests' while target group instances are de-registering or unhealthy
- Associated with particular AZ only (so can implement redundancy by implementing for each AZ separately)
Route Table
- Controls the network traffic in your VPC through subnet routing
- Allow access between subnets / to the internet
- One route table can be associated with multiple subnets, but each subnet must have exactly one route table associated
VPC Peering
- Connect two VPCs privately using AWS' network - make them behave as if they were in the same network
- Must not have overlapping CIDR (IP address range)
- VPC peering connection is not transitive (if A is connected to B, and B is connected to C, then A is not connected to C, unless a direct connection exists)
VPC Endpoints
- Endpoints allow you to connect to AWS services using a private network instead of www network
- Enhanced security and lower latency to access AWS Services
- Site-to-Site VPC - connect on-premises VPN to AWS (encrypted over public internet)
- Direct Connect (DX) - Physical connection between on-premises and AWS - secure, fast, and private network
Security Features
- Network ACL:
- Firewall to allow or deny at a subnet level - explicitly allow or deny traffic by Port / IP address / Destination
- Security Groups:
- Works at instance level (e.g., EC2)
- Can only specify ALLOW rules, not DENY
- Inbound security group all deny by default, outbound security group is allow all by default
- Security group rule, comprises of IP / port (e.g., User connects via Route 53, Tier1 ELB in public subnet, Tier 2 EC2 Autoscaling group private subnets, Tier 3 RDS / Elasticache (private subnet)
LAMP Stack on EC2
- LAMP Stack on EC2 is possible
Security, Identity, and Compliance
- AWS Certificate Manager (ACM)
- Amazon Cognito
- AWS Identity and Access Management (IAM)
- Best Practices:
- Root account created by default - shouldn't be used or shared
- Do not use Root (except AWS account setup)
- Always apply the principle of least privilege
IAM
- Users:
- Users - people in your organization can be grouped
- Users can be part of multiple groups
- Groups:
- Can group users together (e.g., developers / sales etc)
- Policies:
- Users or groups can be assigned policies (which are JSON documents)
- If policy attached to group level, all users in group get policy
- Policy structure:
- Version: policy language version (e.g., 2012-10-17)
- Id: Identifier for policy (optional)
- Statement: one or more individual statements (required):
- Sid (optional) identifier for the statement
- Effect: (Allow / Deny)
- Principal: Which account/ user / role the policy applies to (e.g., AWS : aws:iam:123456789012:root for the root user)
- Action: List of actions this policy allows or denies (e.g., s3:GetObject, s3:putObject) - supports for wildcard e.g., s3:Get* or just *
- Resource: list of resources to which the actions apply to - supports * for wildcard
- Condition: conditions for when this policy is in effect (optional)
- Roles:
- Can assign permissions to AWS Services (e.g.,
Autoscaling Groups (ASG)
- Automatically scales out (adds EC2 instances) or scales in (removes EC2 instances) to match load requirements
- Configured via Launch template containing:
- AMI + Instance Type
- EC2 User Data
- EBS Volumes
- Security Groups
- SSH Key Pair
- IAM Roles for your EC2 Instances
- Network + Subnets Information
- Load Balancer Information
- Can attach security groups to ASG just like EC2
- Scaling policies:
- Based on CloudWatch alarm (e.g. Average CPU, or other metric)
- Dynamic scaling:
- Target tracking scaling (e.g. I want the average ASG CPU to stay at around 40%)
- Simple / Step Scaling (e.g. When a CloudWatch alarm is triggered, then add 2 units)
- Scheduled scaling: e.g. increase the min capacity to 10 at 5pm on Fridays
AWS Services
- AWS CodeDeploy
- Amazon CodeGuru
- AWS CodePipeline
- AWS CodeStar
- Amazon CodeWhisperer
- AWS X-Ray
- Management and Governance:
- AWS AppConfig
- AWS CLI:
- Protected by Access Keys
- Command line tool to interact with AWS services using commands in your shell
- Direct access to the public APIs of AWS Services
- Opensource
- Alternative to AWS management console
- Built on AWS SDK for Python
- AWS SDK:
- Set of libraries to access Language specific APIs (embedded within application) - high level SDK and low level SDK (for API level commands)
- Programming language specific e.g. Javascript, Java, Python, PHP, Go etc)
- AWS Cloud Development Kit (AWS CDK)
- AWS CloudFormation
- AWS CloudTrail
- Amazon CloudWatch
- Amazon CloudWatch Logs
- AWS Systems Manager
Networking and Content Delivery
- Amazon API Gateway
- Amazon CloudFront
- Elastic Load Balancing (ELB)
- Scalability vs High Availability
- Vertical scalability (e.g. Increase instance size of EC2)
- Horizontal scalability (Add load balancer / auto scaling group)
- Scalability is linked to but different to high availability (Means your data is running at least 2 data centers - to survive data center loss)
- Load balancing:
- Forward traffic to multiple servers downstream (e.g. EC2 instances)
- ELB:
- Managed load balancer - more cost effective compared with setting up your own load balancer / AWS guarantees it is working / upgrades / maintenance etc.
- Integrates with many AWS offerings / services
- Predictive scaling: Continuously forecast load and schedule scaling ahead
- Scaling cooldowns = time period where another scaling in and out is not allowed to happen after a scaling activity (default 300 sec)
- Instance Refresh = after updating launch template - you can recreate all EC2 instances (can specify minimum healthy percentage as a trigger / warm-up time (time before instance can be used)
- Amazon Route 53
- Amazon VPC
- VPC can only exist within one region
- Private subnet within one availability zone only (one subnet cannot span two or more AZs) - not accessible from internet
- Public subnet - can have multiple subnets in the same AZ (e.g. publicly accessible web servers)
- CIDR Block
- Allows you to specify size of network between /16 (16 netmask allows 65,536 IP addresses) and /28 (16 IP addresses) netmask (total number of available hosts for network)
- IPV4 / IPV6 CIDR range
- First 4 and last 1 ip address reserved for Amazon
- DHCP options set
- Automatically provision IP addresses for EC2 instances and other resources
- Configures DNS, Netbios Name server and NTP
- NAT Devices
- Enable EC2 instances in private subnet to connect to public internet or other AWS services (lives in public subnet, and has a route to Internet Gateway
- Like a gateway but Prevents Public Internet from initiating connections with your private EC2 instances
- Two types
- NAT Instance - virtualized running in EC2, managed by customer, not highly scalable or available
- NAT Gateway - Managed by AWS not on VPC, Highly available and scalable
Load Balancer Types
- Classic load balancer
- Protocols: HTTP, HTTPS, TCP, SSL
- Target Groups: EC2 instances, Private IPs
- Uses: General-purpose load balancer
- Application load balancer (ALB)
- Protocols: HTTP, HTTPS, Websocket
- Target Groups: EC2 instances, Private IPs, ECS, Lambda (via HTTP)
- Uses: Standard load balancer for general purpose, supports redirects from HTTP to HTTPS, Supports Query Strings / Parameters routing, Supports Sticky sessions
- Network load balancer (NLB)
- Protocols: TCP, TLS, UDP
- Target Groups: EC2 instances, Private IPs, Application Load Balancer
- Uses: High throughput, low latency load balancer, supports static IP provisioning, Supports Sticky Sessions
- Gateway load balancer (GWLB)
- Protocols: TCP, TLS, UDP
- Target Groups: EC2 instances, Private IPs
- Uses: Deploy, scale and manage a fleet of 3rd party network virtual appliances
Application Integration
- SQS
- Standard vs FIFO (benefits)
- SNS
- EventBridge
- AppSync
- Step Functions
- Orchestrates lambda functions
- Statemachine - serverless workflow - allows you to review flow visually
- 8 state types:
- Task - single unit of work
- Choice - if-then-else logic
- Parallel - run units of work in parallel
- Wait - delay execution for time period
- Fail - stop execution, mark as failure
- Succeed - stop execution, mark as success
- Pass - passes input to its output
- Map - for each loop
- Has built-in retry/ error handling that you can implement at each state
Compute
- EC2
- Sizing and configuration options:
- OS (Linux, windows or Mac OS)
- CPU
- RAM
- EBS and EFS (Network attached)
- EC2 Instance Store (Hardware)
- Network card (speed of card / public IP address)
- Security Group (Firewall rules)
- Bootstrap Script (configure at first launch: EC2 User Data)
- EC2 User Data
- Bootstrapped, Run once only at the first instance start
- e.g. installing updates / software
- Run as root user
- EC2 Instance types:
- e.g. t2.micro, c5d.4xlarge - many different types
- Naming convention: m5.2xlarge (m = memory optimized, 5 = generation (aws improves over time). 2xLarge = spec
- Compute optimized - Use cases: good for batch processing / media transcoding / machine learning / dedicate gaming server etc.
- Memory optimized - Use cases: High performance dbs (with memory). Web scale cache stores (e.g.
AWS Lambda
- Context object describes the current execution event of the Lambda function, including memory, remaining time, etc.
- Lambda Layers allow re-using external dependencies across multiple Lambda functions
- Deployed as zips that can be re-used
- Advantages:
- Can be shared with all Lambda functions inside a region
- Faster deployments
- Separation of concern - separate business logic from dependencies
- Manage all dependencies for shared resources in a single layer
- Lambda Versions / Aliases:
- Create new versions of functions to avoid affecting production
- Versions auto-incremented
- Alias is like a nickname for a version, can be changed to point to a different version
- Useful for Canary deployments
- Lambda / VPC Integration:
- Need to assign execution role IAM managed policy with LambdaVPCAccessExecutionRole
- Lambda function will lose access to the internet after connecting to VPC
AWS Serverless Application Model (SAM)
- No additional information provided
Elastic Beanstalk
- No additional information provided
Containers
- Amazon Elastic Container Registry (ECR)
- Amazon Elastic Container Service (ECS)
- Amazon Elastic Kubernetes Service (EKS)
- AWS Copilot
Database
- Relational vs NoSQL:
- Harder to make schema changes with relational
- Amazon Aurora:
- Autoscales in increments of 10GB up to 128TB
- Supports MySQL and PostgreSQL
- 20% more expensive than RDS but "AWS cloud optimized"
- Amplify:
- Amplify studio
- Amplify libraries
- Amplify CLI
- Amplify Hosting
- Can export to CloudFormation template
Development Tools
- AWS Cloud9
- AWS CloudShell:
- Available in a few AWS regions only
- Terminal in the cloud, works similar to AWS CLI
- Advantage: No need to configure AWS with access key
- Supports Linux commands like ls, echo, cat, etc.
- Stateful if you create or edit files
- AWS CodeArtifact
- AWS CodeBuild:
- Serverless CI server for AWS
- Reduces need for patching/maintaining a dedicated server
- Only pay for time it takes to build (not idle time)
- Provides pre-packaged environments such as Docker containers
- Build environment = OS + programming env + tools used by CodeBuild to run the build
- Can upload build artifact to CodeArtifact or another artifact repo
- Supports Amazon SNS on build notifications (e.g. build failure)
- AWS CodeCommit:
- Hosted in S3, which gives it high availability and resiliency
- Advantage: Integrates well with other AWS services
Health Checks
- Done by ELB on a port and route (/health e.g.) to check 200 response to ensure downstream server is healthy
Load Balancers
- Types of load balancers:
- Classic load balancer (replaced with v2 load balancers)
- Application load balancer (ALB):
- Supports HTTP, HTTPS, Websocket
- Targets: EC2, private IPs, Lambda functions
- Features: Load balance to multiple applications, supports redirects from HTTP to HTTPS, query strings/parameters routing, sticky sessions, port mapping
- Network load balancer (NLB):
- Supports TCP, TLS, UDP
- Targets: EC2, private IPs
- Features: High throughput, low latency, static IP provisioning, health checks support TCP, HTTP, and HTTPS protocols
- Gateway load balancer (GWLB):
- Supports deploying, scaling, and managing fleet of 3rd party network virtual appliances
Security, Identity, and Compliance
- AWS Certificate Manager (ACM)
- Amazon Cognito
- AWS Identity and Access Management (IAM):
- Best practices:
- Root account should not be used or shared
- Apply principle of least privilege
- Users:
- Can be grouped
- Can be part of multiple groups
- Groups:
- Can group users together
- Policies:
- Are JSON documents
- Can be assigned to users or groups
- Policy structure: Version, Id, Statement (Sid, Effect, Principal, Action, Resource, Condition)
- Roles:
- Can assign permissions to AWS services
- Best practices:
Storage
- EBS Volume types:
- GP2/GP3: Cost-effective storage, low latency, general-purpose SSD volume
- io1/io2: Provisioned IOPS SSD, suitable for applications that need sustained IOPS performance
- st1: Hard disk drives (HDD), suitable for big data, data warehouses, log processing
- sc1: Cold HDD, suitable for archiving
- EBS Multi-attach:
- Attach the same EBS volume to multiple EC2 instances in the same AZ
- Each instance has full read-write permissions to the high-performance volume
- Use case: Achieve higher application availability in clustered Linux applications
Autoscaling Groups (ASG)
- Automatically scales out (adds EC2 instances) or scales in (removes EC2 instances) to match load requirements
- Configured via Launch template containing:
- AMI + Instance Type
- EC2 User Data
- EBS Volumes
- Security Groups
- SSH Key Pair
- IAM Roles for your EC2 Instances
- Network + Subnets Information
- Load Balancer Information
- Can attach security groups to ASG just like EC2
- Scaling policies:
- Based on CloudWatch alarm (e.g. Average CPU, or other metric)
- Dynamic scaling:
- Target tracking scaling (e.g. I want the average ASG CPU to stay at around 40%)
- Simple / Step Scaling (e.g. When a CloudWatch alarm is triggered, then add 2 units)
- Scheduled scaling: e.g. increase the min capacity to 10 at 5pm on Fridays
AWS Services
- AWS CodeDeploy
- Amazon CodeGuru
- AWS CodePipeline
- AWS CodeStar
- Amazon CodeWhisperer
- AWS X-Ray
- Management and Governance:
- AWS AppConfig
- AWS CLI:
- Protected by Access Keys
- Command line tool to interact with AWS services using commands in your shell
- Direct access to the public APIs of AWS Services
- Opensource
- Alternative to AWS management console
- Built on AWS SDK for Python
- AWS SDK:
- Set of libraries to access Language specific APIs (embedded within application) - high level SDK and low level SDK (for API level commands)
- Programming language specific e.g. Javascript, Java, Python, PHP, Go etc)
- AWS Cloud Development Kit (AWS CDK)
- AWS CloudFormation
- AWS CloudTrail
- Amazon CloudWatch
- Amazon CloudWatch Logs
- AWS Systems Manager
Networking and Content Delivery
- Amazon API Gateway
- Amazon CloudFront
- Elastic Load Balancing (ELB)
- Scalability vs High Availability
- Vertical scalability (e.g. Increase instance size of EC2)
- Horizontal scalability (Add load balancer / auto scaling group)
- Scalability is linked to but different to high availability (Means your data is running at least 2 data centers - to survive data center loss)
- Load balancing:
- Forward traffic to multiple servers downstream (e.g. EC2 instances)
- ELB:
- Managed load balancer - more cost effective compared with setting up your own load balancer / AWS guarantees it is working / upgrades / maintenance etc.
- Integrates with many AWS offerings / services
- Predictive scaling: Continuously forecast load and schedule scaling ahead
- Scaling cooldowns = time period where another scaling in and out is not allowed to happen after a scaling activity (default 300 sec)
- Instance Refresh = after updating launch template - you can recreate all EC2 instances (can specify minimum healthy percentage as a trigger / warm-up time (time before instance can be used)
- Amazon Route 53
- Amazon VPC
- VPC can only exist within one region
- Private subnet within one availability zone only (one subnet cannot span two or more AZs) - not accessible from internet
- Public subnet - can have multiple subnets in the same AZ (e.g. publicly accessible web servers)
- CIDR Block
- Allows you to specify size of network between /16 (16 netmask allows 65,536 IP addresses) and /28 (16 IP addresses) netmask (total number of available hosts for network)
- IPV4 / IPV6 CIDR range
- First 4 and last 1 ip address reserved for Amazon
- DHCP options set
- Automatically provision IP addresses for EC2 instances and other resources
- Configures DNS, Netbios Name server and NTP
- NAT Devices
- Enable EC2 instances in private subnet to connect to public internet or other AWS services (lives in public subnet, and has a route to Internet Gateway
- Like a gateway but Prevents Public Internet from initiating connections with your private EC2 instances
- Two types
- NAT Instance - virtualized running in EC2, managed by customer, not highly scalable or available
- NAT Gateway - Managed by AWS not on VPC, Highly available and scalable
Load Balancer Types
- Classic load balancer
- Protocols: HTTP, HTTPS, TCP, SSL
- Target Groups: EC2 instances, Private IPs
- Uses: General-purpose load balancer
- Application load balancer (ALB)
- Protocols: HTTP, HTTPS, Websocket
- Target Groups: EC2 instances, Private IPs, ECS, Lambda (via HTTP)
- Uses: Standard load balancer for general purpose, supports redirects from HTTP to HTTPS, Supports Query Strings / Parameters routing, Supports Sticky sessions
- Network load balancer (NLB)
- Protocols: TCP, TLS, UDP
- Target Groups: EC2 instances, Private IPs, Application Load Balancer
- Uses: High throughput, low latency load balancer, supports static IP provisioning, Supports Sticky Sessions
- Gateway load balancer (GWLB)
- Protocols: TCP, TLS, UDP
- Target Groups: EC2 instances, Private IPs
- Uses: Deploy, scale and manage a fleet of 3rd party network virtual appliances
Application Integration
- SQS
- Standard vs FIFO (benefits)
- SNS
- EventBridge
- AppSync
- Step Functions
- Orchestrates lambda functions
- Statemachine - serverless workflow - allows you to review flow visually
- 8 state types:
- Task - single unit of work
- Choice - if-then-else logic
- Parallel - run units of work in parallel
- Wait - delay execution for time period
- Fail - stop execution, mark as failure
- Succeed - stop execution, mark as success
- Pass - passes input to its output
- Map - for each loop
- Has built-in retry/ error handling that you can implement at each state
Compute
- EC2
- Sizing and configuration options:
- OS (Linux, windows or Mac OS)
- CPU
- RAM
- EBS and EFS (Network attached)
- EC2 Instance Store (Hardware)
- Network card (speed of card / public IP address)
- Security Group (Firewall rules)
- Bootstrap Script (configure at first launch: EC2 User Data)
- EC2 User Data
- Bootstrapped, Run once only at the first instance start
- e.g. installing updates / software
- Run as root user
- EC2 Instance types:
- e.g. t2.micro, c5d.4xlarge - many different types
- Naming convention: m5.2xlarge (m = memory optimized, 5 = generation (aws improves over time). 2xLarge = spec
- Compute optimized - Use cases: good for batch processing / media transcoding / machine learning / dedicate gaming server etc.
- Memory optimized - Use cases: High performance dbs (with memory). Web scale cache stores (e.g.
Amazon Web Services (AWS)
-
EC2:
- Can use EC2 Instance Connect to SSH into the box
- Can add IAM roles for EC2 instances
- Setting up SSH and other ports using attached SecurityGroups
- Various purchasing options: On-demand instances, Reserved instances, Savings plans, Spot instances, Dedicated Hosts, and Dedicated Instances
Lambda
- Asynchronous vs Synchronous invocation
-
Execution lifecycle of a function:
- Cold start / warm start (don't pay for cold start up to 10 secs)
- Init / Invoke / Shutdown
- Execution environment / Context Reuse (can speed up execution, by reusing resources from INIT phase up to 512MB)
-
Event Object / Context Object:
- Parameters into the lambda function parameter
- Event object JSON data for lambda function to process
Amazon DynamoDB
- No SQL database
-
Writer / Reader endpoint:
- Writer endpoint: single DNS endpoint pointing to master instance to write
- Reader endpoint: single DNS endpoint to access read replicas (via connection load balancer)
Amazon ElastiCache
-
Basic:
- Managed Redis or Memcached instances (in-memory dbs with high performance and low latency)
- Need to heavily modify application code to effectively query from cache appropriately instead of DB
- Cache hit (get from cache) / Cache miss (fetch from DB)
-
Use cases / Advantages:
- Reduce load off of dbs for read intensive workloads
- Make your application stateless (e.g. WYSIWYG)
AWS Cloud9
- Cloud integrated development environment (IDE)
AWS CloudShell
- Available in a few AWS regions only (not every region)
- Advantage over terminal: no need to configure AWS with access key (already set up for you with your logged-in AWS user)
- Supports Linux commands like ls, echo, cat, etc.
- Stateful if you create or edit files
AWS CodeArtifact
-
AWS CodeBuild:
- Serverless CI Server for AWS
- Reduces need for patching / maintaining a dedicated server
- Only pay for time it takes to build (not idle time)
- Provides pre-packaged environments such as Docker containers
- Build environment = OS + Programming env + Tools used by CodeBuild to run the build
- AWS Codebuild agent can test / run application locally
- Can create build project using CodeBuild console / AWS CLI / AWS SDK / creation of CodePipeline
- Buildspec.yaml defines the build to run (on the code pulled from source repo)
- Can upload build artifact to CodeArtifact or another artifact repo
- Supports Amazon SNS on build notifications (e.g. Build failure)
AWS CodeCommit
- Hosted in S3 (which gives it high availability and resiliency)
- Advantage over github/stash: Integrates well with other AWS services
- Associated with particular AZ only (so can implement redundancy by implementing for each AZ separately)
Route Table
- Controls the network traffic in your VPC through subnet routing
- Allow access between subnets / to the internet
- One route table can be associated with multiple subnets, but each subnet must have exactly one route table associated
VPC Peering
- Connect two VPC privately using AWS' network
- Make them behave as if they were in the same network
- Must not have overlapping CIDR (IP address range)
- VPC peering connection is not transitive (if a is connected to b, and b is connected to c, then a is not connected to c, unless a direct connection exists)
VPC Endpoints
- Endpoints allow you to Connect to AWS services using private network instead of www network
- Enhanced security and lower latency to access AWS Services
- Site to Site VPC - connect on-premises VPN to AWS (encrypted over public internet)
- Direct Connect (DX) - Physical connection between on-premises and AWS - secure, fast and private network
Security Features
-
Network ACL:
- Firewall to allow or deny at a subnet level
- Explicitly allow or deny traffic by Port / IP address / Destination
-
Security Groups:
- Works at instance level (e.g. EC2)
- Can only specify ALLOW rules, not DENY
- Inbound security group all deny by default, outbound security group is allow all by default
- Security group rule, comprises of IP / port (e.g. Teradata)
EC2 Instance Store
- High performance, low latency, better io performance
- Hardware disk attached via network drive to EC2
- Ephemeral storage - lose their storage if EC2 instance is stopped
- Good as a buffer / cache/ scratch data / temporary content
Amazon Elastic File System (Amazon EFS)
- Managed NFS (Network file system that can be mounted on many EC2)
- EFS can work in Multiple AZ
- Highly available, scalable, expensive (3x the cost of gp2), and pay per use
- Use cases: Content management, web serving, datasharing, wordpress
- Only compatible with Linux-based AMI (not windows)
- Encryption with KMS at rest
- Posix file system with standard file API
- File system scales automatically - no capacity planning! - pay-per-use
-
Scalability and performance modes:
- EFS Scale: 1000s of NFS clients concurently, 10GB+ throughput - grow to petabyte scale automatically
-
Performance mode:
- General purpose - use case: general sites
- Max IO e.g. Big data
-
Throughput mode:
- Bursting
- Provisioned
- Elastic
-
Storage tiers:
- Standard: for frequently accessed files
- Infrequent access (EFS-IA) cost to retrieve files, lower price to store
- Archive: Rarely accessed data (few times per year) - 50% Cheaper
- Can implement lifecycle policies to move files between storage tiers
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz covers various AWS development tools including Amplify Studio, Amplify CLI, AWS Cloud9, and AWS CloudShell. It tests knowledge of their features and functionalities.