Podcast
Questions and Answers
What AWS service is suitable for frequently accessed data?
What AWS service is suitable for frequently accessed data?
Which storage class is recommended for data archival for 3 to 5 years?
Which storage class is recommended for data archival for 3 to 5 years?
What is the primary function of AWS Backup?
What is the primary function of AWS Backup?
Which storage class offers the highest durability?
Which storage class offers the highest durability?
Signup and view all the answers
When is S3 Glacier typically used?
When is S3 Glacier typically used?
Signup and view all the answers
What feature does AWS Backup provide to automate backups across AWS resources?
What feature does AWS Backup provide to automate backups across AWS resources?
Signup and view all the answers
How can one troubleshoot a large transfer compared to a small transfer?
How can one troubleshoot a large transfer compared to a small transfer?
Signup and view all the answers
What feature helps in transferring data at a faster rate with Snowball?
What feature helps in transferring data at a faster rate with Snowball?
Signup and view all the answers
What functionality distinguishes Snowball Edge from regular Snowball devices?
What functionality distinguishes Snowball Edge from regular Snowball devices?
Signup and view all the answers
Which category of AWS Snow family provides block storage, object storage, and 40 vCPUs?
Which category of AWS Snow family provides block storage, object storage, and 40 vCPUs?
Signup and view all the answers
What is one of the main use cases of AWS Snowball according to the text?
What is one of the main use cases of AWS Snowball according to the text?
Signup and view all the answers
How are charges applied for AWS Snow services according to the text?
How are charges applied for AWS Snow services according to the text?
Signup and view all the answers
What is the primary purpose of an IAM User in AWS?
What is the primary purpose of an IAM User in AWS?
Signup and view all the answers
Which AWS entity is considered the first principal in an AWS account?
Which AWS entity is considered the first principal in an AWS account?
Signup and view all the answers
What is the difference between an IAM User and the Root User in AWS?
What is the difference between an IAM User and the Root User in AWS?
Signup and view all the answers
What is the function of an IAM Group in AWS?
What is the function of an IAM Group in AWS?
Signup and view all the answers
Which AWS entity can be assigned to a federated user from an external Identity Provider?
Which AWS entity can be assigned to a federated user from an external Identity Provider?
Signup and view all the answers
How do IAM users access different permissions for specific tasks in AWS?
How do IAM users access different permissions for specific tasks in AWS?
Signup and view all the answers
What does AWS Key Management Service (AWS KMS) allow users to create and control?
What does AWS Key Management Service (AWS KMS) allow users to create and control?
Signup and view all the answers
How are customer master keys (CMKs) in AWS KMS described?
How are customer master keys (CMKs) in AWS KMS described?
Signup and view all the answers
What type of key is an asymmetric CMK in AWS KMS?
What type of key is an asymmetric CMK in AWS KMS?
Signup and view all the answers
In AWS KMS, what are symmetric CMKs primarily used for?
In AWS KMS, what are symmetric CMKs primarily used for?
Signup and view all the answers
What does AWS KMS integrate with to provide data at rest security?
What does AWS KMS integrate with to provide data at rest security?
Signup and view all the answers
For which kind of key pair is an asymmetric CMK in AWS KMS similar to?
For which kind of key pair is an asymmetric CMK in AWS KMS similar to?
Signup and view all the answers
What type of CloudTrail event is represented in the example provided?
What type of CloudTrail event is represented in the example provided?
Signup and view all the answers
Which API operation falls under the category of Data events in CloudTrail?
Which API operation falls under the category of Data events in CloudTrail?
Signup and view all the answers
What is the purpose of CloudWatch in the AWS environment?
What is the purpose of CloudWatch in the AWS environment?
Signup and view all the answers
Which region's activity does the CloudTrail log in the example pertain to?
Which region's activity does the CloudTrail log in the example pertain to?
Signup and view all the answers
Which type of event signifies unusual activity in CloudTrail?
Which type of event signifies unusual activity in CloudTrail?
Signup and view all the answers
What is the source of the event in the CloudTrail log example?
What is the source of the event in the CloudTrail log example?
Signup and view all the answers
Study Notes
S3 Storage Classes
- S3 Standard: accessed data frequently, 99.99% durability, no minimum storage days
- S3 Standard-IA (Infrequent Access): accessed data infrequently, 99.90% durability, 30 days minimum storage
- S3 Intelligent-Tiering: unknown access patterns, 100% durability, 30 days minimum storage
- S3 One Zone-IA (Kept in a Single Zone): non-critical data, 100% durability, 30 days minimum storage
- S3 Glacier (For Archiving Purpose): long-term data archival, 100% durability, 90 days minimum storage
- S3 Glacier Deep Archive (For Archiving Purpose): long-term data archival, 100% durability, 180 days minimum storage
- RRS (Reduced Redundancy Storage): non-critical data, 99% durability
AWS Backup
- Automates and governs data backup in the AWS cloud and on-premises
- Features: backup console, backup APIs, AWS CLI
- Scheduled backup plans (policies) for automating backup of AWS resources across AWS accounts and regions
- Integrated with AWS CloudTrail and Amazon SNS
AWS Snowball
- Secure service for transferring large amounts of data to AWS
- Features: parallelization for faster data transfer, integrated with AWS CloudTrail and Amazon SNS
- Types: Snowball Edge (compute-optimized, storage-optimized), Snowball Edge Compute Optimized, Snowball Edge Storage Optimized
- Use cases: transferring large amounts of data with clients or partners, collecting and analyzing data for safety, efficiency, and productivity
IAM
- Principle: an entity that makes a call for action or operation on an AWS resource
- Users, groups, and roles are AWS principals
- Root User: the first principal in an AWS account, with complete access to all AWS services and resources
- IAM User: a user created in AWS, with access permissions depending on assigned policies
- IAM Group: a collection of IAM users, with specific permissions assigned to the group
- IAM Role: a user with policies attached, deciding what an identity can or cannot do
AWS Key Management Service (KMS)
- Secure service for creating and controlling encryption keys
- Integrated with other AWS services such as Amazon EBS and Amazon S3
- Customer master keys (CMKs): symmetric and asymmetric keys, regional, and cannot be sent outside the region
- CMKs: metadata, key ID, creation date, description, key state, and key material
AWS CloudTrail
- Monitors and logs AWS API calls
- Three types of events: management events (control plane operations), data events, CloudTrail Insights events (unusual activity events)
- Example of CloudTrail log file: IAM log file showing the actions performed by IAM users
AWS CloudWatch
- Monitors and manages the activity of AWS services and resources, reporting on their health and performance
- Differs from CloudTrail, which resembles logs of all actions performed inside the AWS environment
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Learn about managing access to AWS services and resources securely, attaching policies to users, groups, and roles, and understanding principals in IAM. Explore the differences between IAM user and root user in AWS.
