30 Questions
What AWS service is suitable for frequently accessed data?
S3 Intelligent Tiering
Which storage class is recommended for data archival for 3 to 5 years?
S3 Glacier Deep Archive
What is the primary function of AWS Backup?
Automating and governing data backup
Which storage class offers the highest durability?
S3 Glacier Deep Archive
When is S3 Glacier typically used?
For archiving purposes
What feature does AWS Backup provide to automate backups across AWS resources?
Backup console
How can one troubleshoot a large transfer compared to a small transfer?
It is more complex to troubleshoot a large transfer
What feature helps in transferring data at a faster rate with Snowball?
Parallelization
What functionality distinguishes Snowball Edge from regular Snowball devices?
Local processing and edge-computing workloads capabilities
Which category of AWS Snow family provides block storage, object storage, and 40 vCPUs?
Snowball Edge Compute Optimized
What is one of the main use cases of AWS Snowball according to the text?
Regularly transferring large amounts of data with clients or partners
How are charges applied for AWS Snow services according to the text?
Service Fee per Job - region-specific
What is the primary purpose of an IAM User in AWS?
To represent the person or service interacting with AWS
Which AWS entity is considered the first principal in an AWS account?
Root User
What is the difference between an IAM User and the Root User in AWS?
IAM User has no credentials attached, while the Root User does
What is the function of an IAM Group in AWS?
To create collections of IAM users with specific permissions
Which AWS entity can be assigned to a federated user from an external Identity Provider?
IAM Role
How do IAM users access different permissions for specific tasks in AWS?
By temporarily assuming an IAM Role
What does AWS Key Management Service (AWS KMS) allow users to create and control?
Encryption keys
How are customer master keys (CMKs) in AWS KMS described?
Consist of key ID, creation date, and key material
What type of key is an asymmetric CMK in AWS KMS?
Public-private key pair
In AWS KMS, what are symmetric CMKs primarily used for?
Data encryption/decryption
What does AWS KMS integrate with to provide data at rest security?
Amazon EBS and Amazon S3
For which kind of key pair is an asymmetric CMK in AWS KMS similar to?
RSA key pair
What type of CloudTrail event is represented in the example provided?
Management events
Which API operation falls under the category of Data events in CloudTrail?
DeleteObject
What is the purpose of CloudWatch in the AWS environment?
To monitor and manage AWS service and resource activity
Which region's activity does the CloudTrail log in the example pertain to?
ap-south-2
Which type of event signifies unusual activity in CloudTrail?
CloudTrail Insights events
What is the source of the event in the CloudTrail log example?
AWS Management Console
Study Notes
S3 Storage Classes
- S3 Standard: accessed data frequently, 99.99% durability, no minimum storage days
- S3 Standard-IA (Infrequent Access): accessed data infrequently, 99.90% durability, 30 days minimum storage
- S3 Intelligent-Tiering: unknown access patterns, 100% durability, 30 days minimum storage
- S3 One Zone-IA (Kept in a Single Zone): non-critical data, 100% durability, 30 days minimum storage
- S3 Glacier (For Archiving Purpose): long-term data archival, 100% durability, 90 days minimum storage
- S3 Glacier Deep Archive (For Archiving Purpose): long-term data archival, 100% durability, 180 days minimum storage
- RRS (Reduced Redundancy Storage): non-critical data, 99% durability
AWS Backup
- Automates and governs data backup in the AWS cloud and on-premises
- Features: backup console, backup APIs, AWS CLI
- Scheduled backup plans (policies) for automating backup of AWS resources across AWS accounts and regions
- Integrated with AWS CloudTrail and Amazon SNS
AWS Snowball
- Secure service for transferring large amounts of data to AWS
- Features: parallelization for faster data transfer, integrated with AWS CloudTrail and Amazon SNS
- Types: Snowball Edge (compute-optimized, storage-optimized), Snowball Edge Compute Optimized, Snowball Edge Storage Optimized
- Use cases: transferring large amounts of data with clients or partners, collecting and analyzing data for safety, efficiency, and productivity
IAM
- Principle: an entity that makes a call for action or operation on an AWS resource
- Users, groups, and roles are AWS principals
- Root User: the first principal in an AWS account, with complete access to all AWS services and resources
- IAM User: a user created in AWS, with access permissions depending on assigned policies
- IAM Group: a collection of IAM users, with specific permissions assigned to the group
- IAM Role: a user with policies attached, deciding what an identity can or cannot do
AWS Key Management Service (KMS)
- Secure service for creating and controlling encryption keys
- Integrated with other AWS services such as Amazon EBS and Amazon S3
- Customer master keys (CMKs): symmetric and asymmetric keys, regional, and cannot be sent outside the region
- CMKs: metadata, key ID, creation date, description, key state, and key material
AWS CloudTrail
- Monitors and logs AWS API calls
- Three types of events: management events (control plane operations), data events, CloudTrail Insights events (unusual activity events)
- Example of CloudTrail log file: IAM log file showing the actions performed by IAM users
AWS CloudWatch
- Monitors and manages the activity of AWS services and resources, reporting on their health and performance
- Differs from CloudTrail, which resembles logs of all actions performed inside the AWS environment
Learn about managing access to AWS services and resources securely, attaching policies to users, groups, and roles, and understanding principals in IAM. Explore the differences between IAM user and root user in AWS.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free