AWS Fundamentals: VPC, Flow Logs, and Peering

Questions and Answers

A company wants to minimize costs while ensuring enough resources are available during peak demand. Which AWS feature would be most effective?

• Automatic Scaling (correct)
• Amazon EC2 Reserved Instances
• AWS Snowball
• Amazon EBS Provisioned IOPS

What does the AWS Shared Responsibility Model entail?

• The customer is responsible for security 'in' the cloud, while AWS is responsible for security 'of' the cloud. (correct)
• AWS is responsible for the security of the application, and the customer is responsible for the underlying infrastructure.
• The customer is fully responsible for all security aspects, while AWS provides basic infrastructure.
• AWS and the customer equally share responsibility for all aspects of security and compliance.

A company needs to transfer large amounts of data between different AWS Regions regularly. What cost consideration should they prioritize?

• Storage costs
• Data Transfer costs (correct)
• Compute costs
• IAM costs

Which of the following cloud computing deployment models is best suited for organizations that want to maintain dedicated resources while benefiting from virtualization?

On-premises (B)

A company aims to improve the speed and agility of its development process. Which advantage of cloud computing should they leverage?

Increase speed and agility (D)

Which AWS Cloud Adoption Framework (CAF) perspective focuses on aligning IT strategy with business goals?

Business perspective (A)

An organization is prioritizing visibility, auditability, control, and agility in its cloud environment. Which AWS CAF perspective should it focus on?

Security perspective (B)

What is a key benefit of using Availability Zones within an AWS Region?

Providing a fully isolated partition of the AWS infrastructure for high availability. (D)

A company wants to ensure that EC2 instances can automatically scale based on demand. Which AWS service is most appropriate for this?

Amazon EC2 Auto Scaling (B)

What is the primary benefit of using Amazon CloudFront?

Delivering content globally with low latency using edge locations. (B)

Which AWS service enables you to run code without provisioning or managing servers?

AWS Lambda (C)

A company wants to decouple the components of their cloud application. Which AWS service is most suitable?

Amazon SQS (D)

Which IAM feature helps simplify the management of permissions for multiple users?

IAM group (A)

What is the purpose of an Amazon Machine Image (AMI)?

Serving as a template for creating EC2 instances. (D)

Which of the following best describes the purpose of Amazon Elastic File System (EFS)?

To provide a scalable file system for use with AWS cloud services and on-premises resources. (A)

A web application requires low latency and high availability. Which factor of virtualization helps achieve this?

Latency (D)

Which of the following is a benefit of virtualization in AWS?

Improving resource utilization by running multiple virtual machines on a single physical machine. (A)

A startup wants to minimize upfront costs and pay only for the resources they use. Which cloud computing benefit is most relevant?

Trade capital expense for variable cost (C)

Which of the following AWS pricing models offers the largest discount?

All Upfront Reserved Instance (AURI) (A)

Which cloud service model provides the most control over your IT resources and is similar to traditional IT infrastructure?

IaaS (Infrastructure as a Service) (A)

You want to deploy, manage, and scale your web application without managing the underlying infrastructure. Which AWS service is most suitable?

AWS Elastic Beanstalk (C)

What is the function of AWS Command-Line Interface (AWS CLI)?

To provide utilities that can be launched from the command line or scripts. (D)

Which AWS component is designed for security and is where data resides?

AWS data centers (D)

What is the primary function of AWS Points of Presence?

To find the best way to route requests and deliver a better user experience. (D)

A company needs to store infrequently accessed data for long-term archiving at a low cost. Which Amazon S3 storage class is most suitable?

Amazon Glacier (D)

Which of the following is a key advantage of using Amazon S3?

Accessible data storage (C)

What is a primary use case for Amazon RDS?

Transaction database (B)

Which Amazon RDS feature allows for high availability by creating a standby copy of the database instance in another Availability Zone?

Multi-AZ deployment (A)

An application requires fast and predictable performance with seamless scalability for non-relational data. Which AWS service is most appropriate?

Amazon DynamoDB (B)

Which term describes a key consisting of a partition key and a sort key, used for retrieving data in DynamoDB?

Compound key (B)

What distinguishes Amazon Redshift from traditional relational databases?

It is a fast, scalable data warehouse optimized for storing large amounts of structured data. (C)

A company wants to migrate its existing MySQL database to AWS with minimal changes to the application code. Which AWS database service is the most compatible?

Amazon Aurora MySQL (C)

What is a key benefit of using Amazon EBS?

Providing persistent, network-attached block storage for EC2 instances. (D)

A company needs storage that allows changes to a single character in a 1GB file without rewriting the entire file. Which storage type is most suitable?

Block Storage (C)

What is the purpose of an Amazon EC2 instance store?

To offer temporary block-level storage for frequently changing information. (D)

Which of the following is a Platform as a Service (PaaS) offering from AWS?

AWS Elastic Beanstalk (C)

What is the primary function of Amazon ECS?

To provide a highly scalable, high-performance container management service. (B)

What is Docker primarily used for?

Packaging software into containers for quick deployment and scaling. (A)

What is the function of Kubernetes?

An open-source software for container orchestration. (C)

Which AWS security service offers on-demand downloads of security and compliance documents?

AWS Artifact (B)

What is the primary purpose of Amazon Route 53?

Translating human-readable domain names into IP addresses. (C)

Flashcards

Storage Cost

The cost of storing data in the cloud using services like Amazon S3 or EBS.

Data Transfer Cost

Cost of moving data between regions, networks, or services within AWS.

Compute Cost

Cost of using AWS computing resources like EC2, Lambda, or container services.

Amazon VPC

Virtual network logically isolated on the AWS cloud for launching AWS resources.

VPC Flow Logs

Captures traffic data from network interfaces in your VPC, including source/destination IPs and ports.

VPC Peering

Connection between two VPCs enabling private communication as if they were in the same network.

Automatic Scaling

Automatically adds or removes resources based on defined conditions to maintain performance and minimize costs.

Total Cost of Ownership (TCO)

Financial estimate of all direct and indirect costs of a system.

Cloud Computing

On-demand delivery of computing power, database, storage, and IT resources via the internet.

AWS (Amazon Web Services)

Secure cloud platform offering a broad set of global cloud-based products.

AWS EC2 (Elastic Compute Cloud)

Provides scalable virtual servers in the cloud for running and hosting applications.

Amazon S3 (Simple Storage Service)

Offers scalable object storage for data storage and retrieval.

AWS Lambda

Allows users to run code without managing servers; used for serverless applications.

AWS CloudFront

A content delivery network (CDN) that securely delivers data, videos, applications, and APIs globally.

Amazon SQS (Simple Queue Service)

Managed message queuing service enabling decoupling of application components.

AWS IAM (Identity and Access Management)

Manages access to AWS services and resources, controlling who can access what and when.

IAM Group

A collection of IAM users simplifying permission management.

IAM Policy

Document defining permissions to determine what users can do in the AWS account.

IAM Role

Tool for granting temporary access to specific AWS resources in an AWS account.

Amazon Machine Image (AMI)

Pre-configured template used to create virtual machines (EC2 instances) in AWS.

Amazon EFS (Elastic File System)

Scalable file system and fully-managed service for setting up and scaling file storage in the cloud.

Virtualization in AWS

Creating virtual versions of resources to run multiple servers on physical hardware.

Hybrid Cloud Deployment

Connecting infrastructure and applications between cloud-based resources and on-premise infrastructure.

On-Premises Deployment

Deployment of resources on-premises using virtualization and resource management tools.

Cloud Adoption Framework (CAF)

Framework providing guidance and best practices to identify gaps in skills and processes for cloud adoption.

Governance Perspective (CAF)

Stakeholders focus on aligning IT strategy and goals with organizational strategies and goals.

Security Perspective (CAF)

Stakeholders ensure the organization meets security objectives for visibility, audibility, control, and agility.

Operations Perspective (CAF)

Stakeholders define how day-to-day business is conducted.

Fundamental Drivers of Cost in AWS

Compute, storage, and outbound data transfer.

IaaS (Infrastructure as a Service)

Basic building blocks for cloud IT; provides access to networking, computers, and data storage.

PaaS (Platform as a Service)

Reduces the need to manage underlying infrastructure, enabling focus on application deployment and management.

SaaS (Software as a Service)

Provides a complete product that the service provider runs and manages, usually end-user applications.

AWS Region

Physical geographical location with one or more Availability Zones.

Availability Zone

Fully isolated partition of the AWS infrastructure; every Region has multiple.

AWS Shared Responsibility Model

Defines the division of security and compliance duties between AWS and the customer.

Amazon EC2 Auto Scaling

Enables you to automatically add or remove EC2 instances according to conditions you define.

Elastic Load Balancing

Automatically distributes incoming application traffic across multiple targets.

Security Groups

A virtual firewall that controls inbound and outbound traffic at an instance level.

Network Access Control List (NACL)

Acts as a firewall to control traffic in and out of subnets.

Study Notes

• Storage, data transfer, and compute costs are the fundamental cost drivers in AWS.
• There are no charges for inbound data transfer cost or data transfer between AWS services within the same AWS Region (some exceptions apply).

Amazon VPC

• It is a virtual network in the AWS cloud logically isolated, from other networks, enabling launching of AWS resources.
• Provides total control over the virtual networking environment, including IP address range selection, subnet creation, and configuration of route tables and networking gateways.

VPC Flow Logs

• It captures detailed data about traffic entering and exiting network interfaces within your VPC.
• Includes information on source and destination IP addresses, ports, and traffic type (allowed or denied).

VPC Peering

• Establishes a connection between two VPCs for resource communication as if they reside within the same network.
• This connection is private, facilitating communication across VPCs

Automatic Scaling

• Automatically adjusts resources based on defined conditions.
• Seamlessly increases resources during demand spikes and decreases them during low peaks to optimize performance and cost.

Total Cost of Ownership

• It is a financial estimate that helps organizations identify direct and indirect system costs.

Cloud Computing

• It is on-demand delivery of computing power, database storage, applications, and other IT resources via the internet.
• Runs on server computers in geographically diverse data centers worldwide.
• Enables infrastructure to be viewed and managed as software.

AWS (Amazon Web Services)

• A secure cloud platform offering a wide array of global cloud-based products and services.
• Aids in both building and deploying applications.

AWS EC2 (Elastic Compute Cloud)

• Provides scalable virtual servers in the cloud, enabling users to run and host applications.

Amazon S3 (Simple Storage Service)

• Offers scalable object storage for data storage and retrieval needs.

AWS Lambda

• Enables users to execute code without the need for server provisioning or management.
• Supports event-driven computing and is utilized for serverless applications.

AWS CloudFront

• A content delivery network (CDN) that securely delivers data, videos, applications, and APIs globally.

Amazon SQS (Simple Queue Service)

• A managed message queuing service that allows for the decoupling of cloud application components.

AWS IAM (Identity and Access Management)

• Securely manages access to AWS services and resources, allowing control over who can access what and when within the AWS environment.

IAM Group

• A collection of IAM users simplifying the process of specifying and managing permissions for multiple users.

IAM Policy

• A document defining permissions that dictate what users can do within an AWS account, granting access to specific resources and actions, and can also explicitly deny access.

IAM Role

• A tool for granting temporary access to specific AWS resources within an AWS account.

Amazon Machine Image (Amazon AMI)

• A pre-configured template used to create virtual machines (EC2 instances) in AWS.

Amazon Elastic File System (EFS)

• A scalable file system and fully-managed service that simplifies setting up and scaling file storage in the cloud.
• Multiple instances can connect to a single EFS volume for file sharing.

EFS Features

• Suitable for big data analytics, media processing workflows, content management, web serving, and home directories.
• Created using standard operating system file I/O APIs.
• Supports file system access semantics like file locking and consistency.
• Can scale storage size (GB, PB).
• Supports thousands of instances simultaneously, maintaining consistent performance.

EFS Architecture

• Cloud-based, allowing users to create, retrieve, mount, and read data from a file system on an EC2 instance.

• Can be mounted on a VPC using NFS versions 4.0 and 4.1 (NFSv4).

• EC2 instances across multiple Availability Zones and AWS Regions can access the file system.

• Customers with Amazon authorization can create AMIs within the AWS environment for managing or customizing EC2 instances.

Virtualization in AWS

• Creating virtual versions of resources like servers, storage devices, and network resources.
• AWS uses virtualization to enable businesses to run multiple servers on physical hardware, improving resource utilization, efficiency, and flexibility.

Benefits of Virtualization

• Allows for quicker resource provisioning and scaling, enabling faster application deployment.
• Improves resource utilization by running multiple virtual machines on one physical machine, enhancing infrastructure management efficiency.
• Can influence the time it takes for data to travel between systems; virtualized environments are designed to minimize latency.
• Enables resources to be localized to specific geographic regions, meeting local regulatory requirements and providing better user experiences.

Cloud Computing Deployment Models

• Cloud: Fully deployed in the cloud, with applications either created in the cloud or migrated from existing infrastructure.
• Hybrid: Connects infrastructure and applications between cloud-based resources and existing on-premises infrastructure.
• On-Premises: Deployment of resources on-premises, using virtualization and resource management tools, also known as a private cloud.

Advantages of Cloud Computing

• Trade capital expense for variable cost.
• Benefit from massive economies of scale due to aggregated customer usage, resulting in lower pay-as-you-go prices.
• Eliminate guessing infrastructure capacity needs, allowing scaling up or down as required.
• Increase speed and agility by reducing the time to make resources available to developers.
• Stop spending money on running and managing data centers, focusing on business differentiation instead.
• Deploy applications globally in minutes across multiple AWS Regions with minimal cost.

Cloud Adoption Framework (CAF)

• Provides guidance and best practices to help organizations identify gaps in skills and processes for cloud adoption.

Six Perspectives of AWS CAF

• Business Perspective: Use AWS CAF to create a strong business case for cloud adoption and prioritize cloud adoption initiatives.
• People Perspective: Evaluate organizational structures, roles, skills, and process requirements.
• Governance Perspective: Focus on skills and processes to align IT strategy and organizational goals.
• Platform Perspective: Understand and communicate the nature of IT systems and their relationships, detailing the principles of the target state environment.
• Security Perspective: Ensure that the organization meets security objectives for visibility, auditability, control, and agility.
• Operations Perspective: Define how day-to-day, quarter-to-quarter, and year-to-year business operations are conducted.

Fundamentals of Pricing

• Compute, storage, and outbound data transfer are the key cost drivers in AWS.
• There are no charges for inbound data transfer cost or data transfer between AWS services within the same AWS Region (with some exceptions).

AWS Pricing Model

• Pay for what you use.
• Pay less when you reserve instances, saving up to 75% with options like All Upfront Reserved Instance (AURI), Partial Upfront Reserved Instance (PURI), and No Upfront Payments Instance (NURI).
• Pay less when you use more resources.
• Pay even less as AWS grows and introduces custom pricing options.

Cloud Service Models

• IaaS (Infrastructure as a Service): Provides basic building blocks for cloud IT, including networking, computers, and data storage.
• PaaS (Platform as a Service): Reduces the need to manage underlying infrastructure, enabling focus on application deployment and management.
• SaaS (Software as a Service): Provides a complete product run and managed by the service provider, typically referring to end-user applications.

Choosing Services

• Amazon EC2: Choose when you want complete control over AWS computing resources.
• AWS Lambda: Opt for when you want to run code without managing servers.
• AWS Elastic Beanstalk: Use when you need a service to deploy, manage, and scale web applications.
• AWS Batch: Use when you need to run hundreds and thousands of batch workloads.
• AWS Outposts: Utilized to run AWS infrastructure in on-premises data centers.
• AWS Fargate: Implement a container or microservices architecture

Interacting with AWS

• AWS Management Console: Offers a graphical interface to access most AWS features.

• AWS Command-Line Interface (AWS CLI): Provides utilities that can be launched from the command script in Linux, macOS, or Microsoft Windows.

• Software Development Kits (SDKs): Offer packages for accessing AWS in various programming languages.

• All built on a REST-like API that serves as the foundation of AWS.

AWS Global Infrastructure

• Designed to deliver a flexible, reliable, scalable, and secure cloud computing environment with high-quality global network performance.

AWS Region

• A physical geographical location with one or more Availability Zones.

Availability Zone

• A fully isolated partition of the AWS infrastructure.
• Every Region has multiple Availability Zones.

AWS Data Centers

• Designed for security and where data resides.

AWS Points of Presence

• Located in most major cities globally, continuously measuring internet connectivity and performance to optimize request routing, delivering a better near-real-time user experience.

Edge Location

• Provides the lowest latency for ensuring optimal performance.
• Designed to serve popular content quickly; less popular content may be removed to make room for popular content.

Regional Edge Caches

• Deployed globally between original servers and global edge locations.
• Have a larger cache, allowing objects to remain cached longer and reducing the need to return to the origin server.

AWS Shared Responsibility Model

• Defines the division of security and compliance duties between AWS and the customer.
• AWS is responsible for security of the cloud.
• The customer is responsible for security in the cloud.

Amazon Elastic Compute Cloud

• Provides resizable compute capacity as virtual machines in the cloud.

Amazon EC2 Auto Scaling

• Automatically adds or removes EC2 instances based on defined conditions.

Amazon Elastic Container Service

• A container orchestration service that supports Docker containers.

Amazon Elastic Container Registry

• A managed Docker container registry that simplifies the storage, management, and deployment of Docker container images.

AWS Elastic Beanstalk

• A service for deploying and scaling web applications and services on familiar servers.

AWS Lambda

• Runs code without provisioning or managing servers, with charges only for compute time consumed.

Amazon Elastic Kubernetes Service (Amazon EKS)

• Simplifies deployment, management, and scaling of containerized applications in Kubernetes on AWS.

Amazon Relational Database Service

• Makes it easy to set up, operate, and scale a relational database in the cloud.

Amazon Aurora

• A MySQL and PostgreSQL-compatible relational database, faster than standard databases.

Amazon Redshift

• A fast, scalable data warehouse service.

Elastic Load Balancing

• Automatically distributes incoming application traffic across multiple targets such as EC2 instances, containers, IP addresses, and Lambda functions.

Amazon Transit Gateway

• Connects Amazon VPCs and on-premises networks to a single gateway.

Amazon Route 53

• A scalable cloud Domain Name System (DNS) web service. Translates domain names into IP addresses used by computers to connect to each other.

AWS Direct Connect

• Establishes a dedicated private network connection from a data center or office to AWS, reducing network costs and increasing bandwidth throughput.

Transit Gateway

• Acts as a hub to connect multiple VPCs and on-premises networks, simplifying network management through consolidated routing tables and centralized traffic.

Site-to-Site VPN

• Connects an on-premises network to an AWS VPC over an encrypted VPN connection for secure communication.

Amazon Elastic File System

• A scalable file storage service that can be used with Amazon EC2 instances providing a durable file system accessible from multiple instances.

Amazon S3 Glacier

• It is a low-cost, long-term object storage service designed for data archiving and backup, with retrieval times ranging from minutes to hours.

S3 Advantages

• Scales to accommodate however much data is needed.
• Ensures redundancy by making copies of the data to multiple facilities.
• Secures data at rest with AES 256-bit encryption.

Elastic Network Interface

• A virtual network interface that can be attached to an EC2 instance in AWS.

Amazon S3

• Durable, scalable secure object storage that is highly available.
• By default, Buckets are private and only accessible to authorized users.

S3 Advantages

• No need to predict storage requirements.
• Offers accessible data storage.
• Automatically creates multiple copies of data across facilities.
• Charges only for the storage used.

Storage Classes

• S3 Standard: Stores active data.
• S3 Standard Infrequent Access: For long-lived and less active data.
• Amazon Glacier: For long-term archive data.

Amazon RDS

• A managed database service that simplifies the process of setting up, operating, and scaling a relational database in the cloud.
• An Online Transaction Processing (OLTP) database type for structured, relational data.

Managed Services

• Require less configuration; scaling, fault tolerance, and availability are built into the service.
• Users configure scaling, fault tolerance, and availability.
• Require less configuration than static websites hosted cloud storage.
• S3 handles scaling, fault tolerance, and availability automatically being efficient for hosting static websites without a server.

Unmanaged Services

• Scaling and fault tolerance of the system are managed by the users.
• Provisioned in discrete portions; must be managed to respond to load, error, and resource availability changes.

Multi-AZ Deployment

• Enables synchronous replication of transactions by replicating the database in another Availability Zone within the same VPC
• Enhances availability during planned maintenance and protects the database from failures.
• Provides database failover by bringing the standby database instance online, minimizing data loss.
• Applications reference the database by name using Amazon RDS DNS endpoints, eliminating changes to application code

Amazon DynamoDB

• A fully managed NoSQL database service for seamless scalability and fast performance.
• Designed for highly transactional applications
• Offers 2 key types of primary keys : partition key, simple key (sort key and composite key) consisting of sort key and partition key)
• Tables include 2 methods of data retrieval
• Partitioning
• Scan

Methods for optimising DynammoDB

• Using a single key based on a single attribute and identifier or a compound key.

Amazon RDB(Relational Database)

• It is a system that manages structured data organised by tables, records and columns, using a programming interface.
• Can horizontally scale, work with semi-structures data and require numerous joins for normalized data.

Non-relational databases

• can scale horizontally, work with unstructured data and handle variable structured data.

Amazon Redshift

• A fast, scalable, managed relational databases called warehouses that store large amounts structured data from databases.
• Agile and flexible choice for migrating from traditional data warehouses enabling customers to handle deployment and maintenance at any scale
• Parallel Processing architecture

Parallel Processing Architecture

• The leader node handles plans for database
• Compute nodes compiles code send send to the leader node for final aggregation.

Amazon Aurora

• Users can integrate Aurora with AWS DMS and AWS Schema Conversion Tool for easy database migration with fast setup and a distributed storage subsystem.
• It is compatible with MySQL and PostgreSQL with High availabilty through data copies and S3 backups
• Its Resilient design reduces restart time after crash.

Amazon Elastic Block Store(EBS)

• High-performance that allows users to create volumes that provide data storage that retains data after shutdown that are replicated within Availability zones to protect from failure.

• EBS key storage types impact throughput, and allows for changes in a single character in a file as a faster/more expensive alternative to object storage.

• Automatically replicated within its Availability Zone.

• Provides durable, detachable and low-latency data storage for EC2 instances.

• the volumes can used to run databases in instances.

• Included in backups of instances into Amazon Machine Image(AMI) and can be reused to create new instances

• Object storage requires updating the entire file

EBS Features

• Enhanced data durability with volume snapshots.
• Can re-create volumes at any time.
• Share snapshots and copy them to different AWS Regions.
• Encrypted snapshots ensure data security.
• EBS volumes can be resized dynamically.
• Amazon EC2 instance store temporary block-level storage ideal for cache or replication across instances.

Amazon EC2

• An IaaS that offers virtual machines using AMIs for different instances that specify CPU, memory, storage and network capacity
• Instance types include are General purpose, Compute optimized, Memory Optimized Storage optimized Accelerated computing instances

AWS Beanstalk

• Platform as a service that enables quick deployment
• AWS Lambda is a zero-administration compute platform for codes with pay for compute time and is serverless.
• A scalable fully managed elastic Network File System(NFS) that scales on-demand that automatically grows and shrinks for provision.

Amazon Elastic Container Service

• Allows you to run applications on a managed cluster of Amazon EC2 instances.
• A method where applications and shared operating that hold software components by storing an app's code single object to have consistent and controlled granular recourses.

Docker

• Softw that packages containers for applications and it environment deployment.
• Tools for reducing microservices standard code deployments and reducing need for data processing.

Kubernetes

• A software containerization to work with Docker and provide deployment using same tool set in data or cloud centers.
• Manage compute instances to run container or nodes resource, requirements that connects ports through DNS names.
• Amazon Kubernetes Service: Kubernetes use without plane.

Amazon Elastic Container Registry(ECR)

• A container that Docker images with developer ECS storage, and runs containers HTTPS API using commands Docker CLI, Container images can be transferred via HTTPS and encrypted using Amazon S3 server-side encryption.

Access Control List (ACL)

• Predating IAM and less permissivce than object but do not open permissisions
• A permission check that enables users permission for global access permissions.
• Records that automate desired ones to evaluate resources in internal guidelines and simplifying troubleshooting.

AWS Artifact

• Docs about AWS regarding ISO certifications, PCI reports, and Service Organization Control(SOC) reports.

AWS Service Catalog

• A service for creating and managing IT machines servers apps and databses for access

IP Addresses

• Unique machines in a network to 32 and 128-bit addresses IPv4 AND Ipv6 IPv6 is in 8 group of number from 0 - F representing a 16-bit hexadecimal number format.

Classless and Interdomain Routing(CIDR)

• Is a method for describing networks used to express IP addresses in a group consecutive
• Internet Gateway
• Scalable and redundant VPC that ENABLES communication between interanet or VPCS, for non local traffic

Network Address Translation

• Connect to the internet to PRIVATE sunbbets but prevents it from INTERNET initiated connection VPC Endpoints virtual device to prevent leaving Amazon network

VPC Sharing

• Feature from AWS to allow customers to share subnets within the same organization and accounts to allow participants to change, view, create, and delete
• Provides Efficiency by DECOUPLING accounts due to smaller VPC
• Reuse of NAT gateways, VPC interface endpoints and inter-Availability Zone traffic.

VPC Peering

• Networking connection to allow traffic to be routed privately due to it limitations, such as address ranges (cannot overlap) only one peering resource can be between two VPCs -AWS site-to-site VPN which allows connectivity through Create a custom route table

AWS Direct Connect(DX)

• Connection of network challenges reducing and increasing bandwidth for consistent access
• Transit Gateways which simplify and reduce operational costs with a hub that manages with traffic routing among connected networks

Security

-Are firewalls, that state maintain state, by including an rule prevent inbound traffic and lacking traffic rules allows Traffic.

Network Access Control List(NACL)

• Firewalls to controlling in and out of sunbnets

Rule Purpose

• Determines traffic allowed in or out of a subnet associated with the ACL. Recommend creating rules in increments to allow future inserts.

Amazon Route 53

Translates human-readable domain names into IP addresses for communication and IPv6 compliant

• Routing policies: Simple round robin

Weighted Round Robin Routing

• Route traffic that assigns frequency across A/B servers or testing
• Latency routing that is based on time.
• Geolocation routing based on user location
• Geoproximity routing base user location.
• Failover routing to detect website outages -Multivalue answer routing to improve load balancing

Enhanced application

• Amazon CloudFront Is based in CDNs by delivering content and integrating code across AWS location and offers cost effective solutions.

Framework Principles

Operational excellence

• Manages systems that deliver business value by automating changes, responding to events and defining standards.

Security

• Safe guarding information by assessing and implementing strategies Implement a string identity foundation Enabling traceability Applying security at all layers Automating security best practices
• Protecting data in transit and at rest Keeping people away from data Preparing for security events

Reliable -Ensure functions by recovering from failures, focusing design and changes Automating recovery from failure

• Test recovery procedure Scale horizontally and aggregate workload availability Stop guessing capacity Manage change in automation

Performance efficency

• IT system that meets technical requirements and resources in technology

Design Principles

• Democratize advanced technologies Go global in minutes Use serverless architectures Experiment more often Consider mechanical sympathy

Cost optimization

• Spending ensures spends over time to spend accuracy Implement cloud financial management to accelerate business value Adopt a consumption model Stop spending money on undifferentiated heavy lifting Analyze and attribute expenditure accuracy

Sustainability

• introduced in 2021. to assist with focus.

• Tools to improve tool practices used by AWS and designed architecture

Reliability

-MTBF) and avaliabilty.

Elastic Load Balancing (ELB)

• Traffic distribution across multiple targets through Amazon EC2 instances, container and IP addresses through Classic Load Balancer(CLB) Application Load Balancer(ALB) Network Load Balancer(NLB)

Amazon CloudWatch

• Collecting, searching form of logs, metrics and events and visualising data. Monitors utilization, latency and changes in AWS expenses to manage resources using Alarms for the incoming events. CloudWatch Events respond to operational changes by system-wide operations Alarms based on threshold through a data Name contain Clouds

Amazon EC2 Auto-scaling

Adjust Amazon EC2 through demand specifications policies Amazon Lightsail has tools to website. AWS Batch and Fargate provide scales. AWS Outposts: AWS

VMware hybrid without hardware. ECS image