Podcast
Questions and Answers
What AWS service is suitable for frequently accessed data?
What AWS service is suitable for frequently accessed data?
- S3 Glacier Deep Archive
- S3 Standard-IA
- S3 Glacier
- S3 Intelligent Tiering (correct)
Which storage class is recommended for data archival for 3 to 5 years?
Which storage class is recommended for data archival for 3 to 5 years?
- S3 Glacier Deep Archive (correct)
- S3 Intelligent Tiering
- S3 Glacier
- S3 One Zone-IA
What is the primary function of AWS Backup?
What is the primary function of AWS Backup?
- Data analysis and reporting
- Data storage optimization
- Automating and governing data backup (correct)
- Managing AWS billing
Which storage class offers the highest durability?
Which storage class offers the highest durability?
When is S3 Glacier typically used?
When is S3 Glacier typically used?
What feature does AWS Backup provide to automate backups across AWS resources?
What feature does AWS Backup provide to automate backups across AWS resources?
How can one troubleshoot a large transfer compared to a small transfer?
How can one troubleshoot a large transfer compared to a small transfer?
What feature helps in transferring data at a faster rate with Snowball?
What feature helps in transferring data at a faster rate with Snowball?
What functionality distinguishes Snowball Edge from regular Snowball devices?
What functionality distinguishes Snowball Edge from regular Snowball devices?
Which category of AWS Snow family provides block storage, object storage, and 40 vCPUs?
Which category of AWS Snow family provides block storage, object storage, and 40 vCPUs?
What is one of the main use cases of AWS Snowball according to the text?
What is one of the main use cases of AWS Snowball according to the text?
How are charges applied for AWS Snow services according to the text?
How are charges applied for AWS Snow services according to the text?
What is the primary purpose of an IAM User in AWS?
What is the primary purpose of an IAM User in AWS?
Which AWS entity is considered the first principal in an AWS account?
Which AWS entity is considered the first principal in an AWS account?
What is the difference between an IAM User and the Root User in AWS?
What is the difference between an IAM User and the Root User in AWS?
What is the function of an IAM Group in AWS?
What is the function of an IAM Group in AWS?
Which AWS entity can be assigned to a federated user from an external Identity Provider?
Which AWS entity can be assigned to a federated user from an external Identity Provider?
How do IAM users access different permissions for specific tasks in AWS?
How do IAM users access different permissions for specific tasks in AWS?
What does AWS Key Management Service (AWS KMS) allow users to create and control?
What does AWS Key Management Service (AWS KMS) allow users to create and control?
How are customer master keys (CMKs) in AWS KMS described?
How are customer master keys (CMKs) in AWS KMS described?
What type of key is an asymmetric CMK in AWS KMS?
What type of key is an asymmetric CMK in AWS KMS?
In AWS KMS, what are symmetric CMKs primarily used for?
In AWS KMS, what are symmetric CMKs primarily used for?
What does AWS KMS integrate with to provide data at rest security?
What does AWS KMS integrate with to provide data at rest security?
For which kind of key pair is an asymmetric CMK in AWS KMS similar to?
For which kind of key pair is an asymmetric CMK in AWS KMS similar to?
What type of CloudTrail event is represented in the example provided?
What type of CloudTrail event is represented in the example provided?
Which API operation falls under the category of Data events in CloudTrail?
Which API operation falls under the category of Data events in CloudTrail?
What is the purpose of CloudWatch in the AWS environment?
What is the purpose of CloudWatch in the AWS environment?
Which region's activity does the CloudTrail log in the example pertain to?
Which region's activity does the CloudTrail log in the example pertain to?
Which type of event signifies unusual activity in CloudTrail?
Which type of event signifies unusual activity in CloudTrail?
What is the source of the event in the CloudTrail log example?
What is the source of the event in the CloudTrail log example?
Study Notes
S3 Storage Classes
- S3 Standard: accessed data frequently, 99.99% durability, no minimum storage days
- S3 Standard-IA (Infrequent Access): accessed data infrequently, 99.90% durability, 30 days minimum storage
- S3 Intelligent-Tiering: unknown access patterns, 100% durability, 30 days minimum storage
- S3 One Zone-IA (Kept in a Single Zone): non-critical data, 100% durability, 30 days minimum storage
- S3 Glacier (For Archiving Purpose): long-term data archival, 100% durability, 90 days minimum storage
- S3 Glacier Deep Archive (For Archiving Purpose): long-term data archival, 100% durability, 180 days minimum storage
- RRS (Reduced Redundancy Storage): non-critical data, 99% durability
AWS Backup
- Automates and governs data backup in the AWS cloud and on-premises
- Features: backup console, backup APIs, AWS CLI
- Scheduled backup plans (policies) for automating backup of AWS resources across AWS accounts and regions
- Integrated with AWS CloudTrail and Amazon SNS
AWS Snowball
- Secure service for transferring large amounts of data to AWS
- Features: parallelization for faster data transfer, integrated with AWS CloudTrail and Amazon SNS
- Types: Snowball Edge (compute-optimized, storage-optimized), Snowball Edge Compute Optimized, Snowball Edge Storage Optimized
- Use cases: transferring large amounts of data with clients or partners, collecting and analyzing data for safety, efficiency, and productivity
IAM
- Principle: an entity that makes a call for action or operation on an AWS resource
- Users, groups, and roles are AWS principals
- Root User: the first principal in an AWS account, with complete access to all AWS services and resources
- IAM User: a user created in AWS, with access permissions depending on assigned policies
- IAM Group: a collection of IAM users, with specific permissions assigned to the group
- IAM Role: a user with policies attached, deciding what an identity can or cannot do
AWS Key Management Service (KMS)
- Secure service for creating and controlling encryption keys
- Integrated with other AWS services such as Amazon EBS and Amazon S3
- Customer master keys (CMKs): symmetric and asymmetric keys, regional, and cannot be sent outside the region
- CMKs: metadata, key ID, creation date, description, key state, and key material
AWS CloudTrail
- Monitors and logs AWS API calls
- Three types of events: management events (control plane operations), data events, CloudTrail Insights events (unusual activity events)
- Example of CloudTrail log file: IAM log file showing the actions performed by IAM users
AWS CloudWatch
- Monitors and manages the activity of AWS services and resources, reporting on their health and performance
- Differs from CloudTrail, which resembles logs of all actions performed inside the AWS environment
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Learn about managing access to AWS services and resources securely, attaching policies to users, groups, and roles, and understanding principals in IAM. Explore the differences between IAM user and root user in AWS.