3. [M] AWS Fundamentals

Questions and Answers

In AWS, what is the purpose of a Virtual Private Cloud (VPC)?

• To provide a network zone where AWS public services operate.
• To create isolated private networks within AWS. (correct)
• To manage user permissions for all AWS services.
• To directly connect on-premises networks to the public Internet.

How does accessing AWS public services from a location with a public internet connection work regarding network zones?

• It uses the public internet to transit to and from the AWS public zone. (correct)
• It utilizes AWS Direct Connect, avoiding the internet entirely.
• It bypasses the public internet, communicating directly with the AWS private zone.
• It strictly uses VPN for secure transit through AWS zones.

What is the AWS public zone's relationship to the public internet and AWS private zone?

• It is synonymous with the public internet.
• It sits between the public internet and the AWS private zone. (correct)
• It is part of the AWS private zone.
• It is independent of both the public internet and AWS private zone.

What does it mean for an AWS service to be regionally resilient?

The service operates in a single region with data replicated across multiple Availability Zones. (B)

What is the key benefit of AWS Regions being geographically separated?

To provide isolation, ensuring that a problem in one region doesn't affect other regions. (D)

In the context of AWS, what does an Availability Zone (AZ) provide?

Isolated compute, storage, networking, power and facilities within a region. (A)

A company wants to ensure their application remains operational even if a disaster impacts an entire AWS region. Which type of service resilience is most appropriate?

Globally Resilient Services (A)

Which of the following is a characteristic of services considered 'globally resilient' in AWS?

They operate globally with data replicated across multiple regions and without a single point of failure. (C)

When referring to an AWS Region, what is the primary difference between using a 'region code' versus a 'region name'?

Region codes are used programmatically (CLI/APIs) and region names in the AWS console. (D)

Which statement is correct regarding Virtual Private Clouds (VPCs) in AWS?

VPCs are regional resources and operate within multiple Availability Zones. (C)

In AWS networking, what primarily differentiates a 'public service' from a 'private service'?

How the service is accessed: public endpoints versus VPC-bound. (D)

Consider an EC2 instance running in a private subnet. What is required for this instance to directly access AWS public services like S3 without traversing the public internet?

A NAT gateway or instance in a public subnet, and appropriate routing rules. (C)

What three distinct network 'zones' exist when considering AWS architecture from a networking perspective?

Public Internet, AWS Public Zone, AWS Private Zone. (D)

In terms of geographical coverage, how do AWS Regions and AWS Edge Locations differ?

Regions are larger and contain full deployments of AWS infrastructure, while Edge Locations are smaller and more numerous, offering primarily content distribution. (C)

A company wants to rapidly deploy content closer to its customers to reduce latency. Which AWS service is most suitable for this purpose?

AWS Edge Locations. (D)

What benefit does the geographical separation of AWS Regions offer to solutions architects?

Protection against global disasters and localized compliance. (B)

When is it essential for a solutions architect to consider the data residency implications of selecting a specific AWS Region?

When the application is subject to specific legal or regulatory requirements regarding data location. (B)

What are the three 'main benefits' that AWS Regions provide to a solutions architect, as discussed in the text?

Geographic separation, geopolitical separation, and location control. (B)

Which AWS service does NOT require region selection because it operates globally?

Identity and Access Management (IAM). (A)

A company has infrastructure in the Sydney region and wants to ensure minimal impact if Sydney experiences a major failure. What strategy should they employ?

Host a mirror infrastructure in Northern Virginia. (B)

AWS Regions are designed to be 100% isolated. What is the primary advantage of this design principle?

A problem in one region won't affect other regions. (C)

If you place data in an EU Region in AWS, what commitment does AWS make regarding the location of that data?

AWS ensures the data will always be stored in the specified EU region unless you configure it otherwise. (A)

Consider a scenario where a company wants to optimize the performance of their application for customers in a specific geographic location. What strategy should they employ?

Select a region closest to their customers and optionally duplicate infrastructure in another region if demand increases. (D)

Which of the following statements accurately describes Availability Zones (AZs) within an AWS Region?

AZs are connected by low-latency links and provide isolated infrastructure. (D)

If an Availability Zone (AZ) in a region experiences an isolated failure, what is the expected behavior of services running in other AZs within the same region?

Only services in the affected AZ will be impacted, while services in other AZs should continue to operate normally. (D)

What is a globally resilient service?

A service that operates globally with a single database and replicates data across multiple AWS regions. (C)

An application consists of EC2 instances, load balancers, and databases. All of these components have been created in your default VPC. What is true about the communications between these components?

The components can communicate with each other and are able to connect to the public internet through the VPC's internet gateway. (D)

You are tasked with building a custom VPC in the us-east-1 region. How many default VPCs can you also create for the us-east-1 region?

1. (C)

Custom VPCs are 100% private by default. What does this mean?

They require explicit configuration for communication with the internet or other VPCs. (C)

What is true about custom and default VPCs?

Both custom and default VPCs are regional resources that operate out of multiple availability zones. (A)

What is the default CIDR range of the default VPC?

172.31.0.0/16 (B)

What's true about IP addresses and subnets in default AWS VPCs?

Each subnet inside the VPC is located in one availability zone and is pre-configured to have one subnet in every availability zone in that region. (B)

Which scenario best utilizes EC2 IaaS (Infrastructure as a Service)?

Running a custom-built application that requires specific operating system configurations and libraries. (D)

Where are EC2 instances launched?

Into a VPC subnet. (C)

An EC2 instance is launched within a subnet, which is part of an Availability Zone(AZ). What happens to an EC2 if the AZ that the instance is launched into fails?

The EC2 will likely fail. (D)

Identify key components of an EC2 instance.

CPU, memory, disk and networking. (B)

Under what circumstances are you charged for a stopped EC2 instance?

You are only charged for Elastic Block Storage (EBS) volumes attached to the instance. (C)

What is the purpose of an Amazon Machine Image (AMI)?

To serve as a template to create an EC2 instance. (B)

What does an AMI contain?

Permissions, block device mapping and the boot volume. (D)

Which protocol and port are used to connect to Windows EC2 instances?

RDP on port 3389 (A)

Which of the following is true regarding access permissions for Amazon Machine Images (AMIs)?

AMIs can be either public, private, or explicitly shared with specific AWS accounts. (D)

How does an EC2 instance authenticate to a Linux instance using an SSH key pair?

By using the private and public key to authenticate and connect to the instance. (B)

A solutions architect needs to store a large number of media files, including videos and images, with infrequent access, for a long-term archive. Which AWS service is most appropriate for this use case?

Simple Storage Service (S3) (A)

What makes S3 suitable as a default storage solution within AWS?

Its flat structure and ability for multi-user storage with unlimited capacity and scalability. (B)

What is the maximum object size that can be stored in Amazon S3?

5 TB (B)

What are 'buckets' in Amazon S3?

Containers for objects. (A)

What is unique about the naming requirements for Amazon S3 buckets?

Bucket names must be unique across all AWS accounts and regions. (C)

How does S3 organize objects?

Objects are stored within the bucket at the root level with a flat structure. (C)

When referring to 'folders' within an S3 bucket, what does this typically represent?

Prefixes within object names, used for organizational purposes in the S3 console. (D)

Where should you configure S3 permissions and set S3 objects?

You should configure S3 permissions at the bucket level. (C)

In AWS networking, what is the function of the 'AWS public zone' in relation to the public internet and AWS private zone?

It serves as an intermediary network that sits between the public internet and AWS private zone, facilitating access to public AWS services. (D)

If an EC2 instance in a private subnet needs to access an AWS public service like S3, but should not traverse the public internet, how can this be achieved?

By routing traffic through a NAT Gateway within the VPC. (C)

When considering AWS architecture from a networking perspective, which of the following accurately describes the relationships between the network zones?

The public internet connects to the AWS public zone, which then connects to the AWS private zone where VPCs run. (B)

What statement accurately describes how connecting AWS VPCs to on-premises networks is achieved?

VPCs can be connected to on-premises through VPNs or Direct Connect. (D)

If data is placed into an EU Region within AWS, what is AWS's commitment regarding the geographic location of that data?

AWS commits to keeping the data within the EU region, unless explicitly configured otherwise. (A)

What architectural component is introduced inside an AWS Region to provide isolated compute, storage, networking, power, and facilities?

Availability Zone (C)

What is the primary difference between an AWS Region and an Availability Zone (AZ)?

Regions are groupings of AZs, and AZs are physically isolated datacenters. (D)

An organization requires its application to withstand the failure of a single Availability Zone. Which design approach should they implement?

Implement replication across multiple Availability Zones. (C)

What is the distinguishing feature of a service categorized as 'globally resilient' in AWS?

It operates globally with data replicated across multiple regions. (D)

Which of the following is primarily provided by AWS Regions in regard to the operational governance of a system?

Geopolitical separation. (B)

What is the term for prebuilt configurations that launch EC2 instances in AWS?

AMIs (Amazon Machine Images) (D)

How do you connect to a Linux EC2 instance?

SSH on port 22 (C)

What does it mean when an EC2 instance is 'AZ resilient'?

The EC2 instance will likely fail if the Availabilty Zone it is located in fails. (A)

You need to control which AWS accounts are able to create EC2 instances from your AMI. Which AMI permission setting should you use?

Explicit (A)

What are 'buckets' in Amazon S3 best described as?

Containers for storing objects. (B)

What is a critical requirement for naming S3 buckets?

Bucket names must be globally unique across all AWS accounts and regions. (B)

What is the maximum number of S3 buckets that can be created per AWS account, without contacting support?

1000 (B)

What are the two main components an object consists of in S3?

Key and Value. (C)

What are the steps CloudFormation takes when a template is used to create a stack?

Scans the template, creates a stack with logical resources, and then creates physical resources which match. (C)

Where is it mandatory to specify at least one resource?

The Resources of a CloudFormation template. (A)

Where are different things in a CloudFormation template presented to the console UI?

In the Metadata. (D)

What component of the CloudFormation template are AWS able to extend over time to allow for standards over time, and is assumed if omitted?

Template format version (A)

A CloudFormation template contains both a description and an AWS template format version. What is the correct order in which they must be declared?

The descriptions needs to immediately follow the AWS template format version. (B)

What are 3 main products in one that CloudWatch offers?

Metrics, logs and events (C)

What do you need to install to collect metrics outside of AWS, in other cloud environments, or within on-premises environments?

CloudWatch agent (B)

What do CloudWatch Events allow you to generate?

An event to do something at a certain time of day or certain days of week (C)

CloudWatch manages lots of different services. What concept allows it to keep different services separated?

Namespace (C)

You are going to create an EC2 autoscaling group that scales off the CPU alarm. What part of CloudWatch can you apply to allow the scaling?

CloudWatch Alarm (B)

A metric is a collection of related datapoints in what?

Time ordered structure (B)

What is attached to datapoints that allow CloudWatch to separate them?

Dimensions (C)

AWS is responsible for security 'of' the cloud, and who is response for the security 'in' the cloud?

Customer / you. (B)

AWS is responsible for managing which components of the infrastructure stack?

Facilities, Infrastructure, and Servers. (A)

You are responsible for components of the infrastructure stack?

Local firewall configuration and client side data encryption (D)

Which of the following statements best describes the goal of High Availability (HA)?

Maximizing a system's online time with the ability to automatically recover from issues. (C)

With regards to High Availability, what is the term used to describe system designed so that when it fails, its components can be replaced or fixed as quickly as possible?

Automated. (C)

What is the key property that allows for continued operation in the event of failing components?

Fault Tolerance. (C)

How is traffic routed with server failures?

Routing. (C)

Is fault tolerance simply maximized uptime?

No (B)

In comparison to Fault Tolerance, is HA or FT more expensive and more complex?

Fault Tolerance (A)

What needs to be pre-planned in advance with disaster recovery? (Choose 2)

Process Documentation (A), Backup Processes (C)

What is the definition of a DNS hosted zone?

Zone files hosted on the server (B)

What determines what name to use for a DNS configuration?

Registries like IANA (C)

A client, at at a Starbucks, looks up www.amazon.com. What record gets looked up first?

The DNS root (B)

What does CNAME stand for?

Canonical Name (A)

Your team wants to set up some record in a DNS to see if they can send email on your behalf. What configurations can you apply to accomplish this configuration?

TXT (C)

What is importance to the TTL configuration?

When things actually change (C)

When you hear the terms 'AWS private service' and 'AWS public service', what aspect are those terms referring to?

Networking only. (D)

In AWS, which of the following is NOT considered one of the three distinct network 'zones'?

The corporate data center. (D)

If an EC2 instance resides in a private subnet and needs to securely communicate with a public AWS service like S3, how does the communication occur?

The traffic is routed through the AWS public zone, never touching the public internet. (C)

What happens if a solutions architect does not declare a specific AWS Template Format Version in a CloudFormation template?

AWS CloudFormation assumes a defined version to allow for standards over time. (B)

What statement best describes the relationship between high availability (HA) and fault tolerance (FT)?

FT includes HA by minimizing outages and adds continued operation during failures. (D)

You are designing a system that requires different actions depending on whether the stack is for production or testing. Which CloudFormation component would you use to achieve this?

Conditions (B)

A client wants to stream the latest episode of a TV show with minimal latency. Which AWS infrastructure element would best serve this?

AWS Edge Location (C)

As a solutions architect, what three primary benefits do AWS Regions offer?

Geographic separation, geopolitical separation, and location control (C)

What is the primary functional difference between Availability Zones (AZs) within an AWS Region and AWS Regions themselves?

AZs are isolated instances of compute, storage, networking, power and facilities inside a region, while Regions are larger, geographically separated areas. (D)

Your company has placed data in an AWS Region in Canada and requires assurances about the data's location. What commitment does AWS provide regarding this aspect?

AWS guarantees the data will remain within Canada, unless explicitly configured otherwise. (D)

What statement best describes how connecting AWS VPCs to on-premises networks using Direct Connect differs to using the public internet?

Direct Connect establishes a dedicated network connection to a VPC; public internet uses the internet as transit to the AWS Public Zone. (C)

An application requires the use of block storage for an EC2 instance. What AWS storage service is best suited?

Elastic Block Store (EBS). (A)

What factors determine the cost of EC2 instances?

Instance operating state, billing duration, selected software, instance sizes and capabilities, and storage usage (C)

An organization is designing an EC2 instance and needs to control what AWS accounts are able to launch new instances from it. What should they look to configure?

AMI Permission (D)

What limitations apply to S3 buckets, as of this lesson?

Unlimited storage, stored in multi-AZ, globally unique name, and has a 100 bucket soft limit per AWS account. (D)

An organization needs to configure S3 access and permissions. Where should this process generally occur?

Inside the bucket itself, where most permission-related configurations are placed. (A)

What are the two main components of an object stored in Amazon S3?

Object Key and Value (B)

What is the key takeaway from this lesson on CloudFormation?

The only mandatory part of a CloudFormation template is resources. (C)

What describes what CloudWatch requires?

Has direct integrations with AWS for out-of-the-box usage. (B)

A solutions architect is troubleshooting a system where an EC2 instance's CPU usage spikes unexpectedly. How can CloudWatch help to isolate the problem further?

By defining separate name value pairs to separate things within the same metric. (C)

Flashcards

AWS Public Service

Accessible via public endpoints; accessed with an internet connection.

AWS Private Service

Runs within a VPC; accessible only within that VPC or connected networks.

AWS Networking Differences

Networking matters most when considering public versus private.

Internet Zone

The zone where Internet-based services operate.

AWS Private Zone (VPC)

Isolated, cannot communicate unless configured; services like EC2 can be placed here.

AWS Public Zone

Connects public Internet and AWS private zone; AWS public services operate here.

Accessing AWS Public Services

Communication uses the public Internet for transit to and from the AWS public zone.

AWS Global Infrastructure

A global cloud platform composed of smaller infrastructure groups connected by a high-speed network.

AWS Region

An area of the world selected by AWS containing a full infrastructure deployment.

AWS Edge Locations

Smaller than regions; used for content distribution and some edge computing.

AWS Service Specific Region

Interacting with a service in a specific region.

Globally Resilient Services

Services that operate globally. You don't select a region, and failures aren't impacted.

Region Resilient Services

Services operating in a single region with data per region.

AZ Resilient Services

Services that run from a single availability zone.

Virtual Private Cloud (VPC)

A virtual network inside AWS; create a VPC within an AWS account and region.

VPC Regional Services

Regional services that operate from availability zones in an AWS region.

VPC Private Service

Private and isolated by default; requires configuration for external communication.

Default VPC

One VPC can be setup per region created by default by AWS

Custom VPC's

A default VPC by is entirely private by default.

VPC communication

A Region can have multiple custom VPC's created within it.

Region

VPC's are regionally resilient.

VPC CIDR

Range of IP addresses that the VPC uses, outgoing connections originate.

Default VPC CIDR

172.31.0.0/16

VPC subnets

Subdivided into subnets, for resilience.

Default VPC configuration

1 subnet per Availability Zone, in each region.

Subnet CIDRs

Use part of the VPC's IP addresses; don't overlap with other subnets.

VPC resilience

Deployed to a region and broken down into subnets; each subnet is inside one AZ.

One default VPC

Per region and can be removed & recreated.

Default VPC Subnets

Allocated and assigned a public IP version four address in public zone.

EC2 (Elastic Compute Cloud)

Infrastructure as a Service. Unit of consumption is the instance.

EC2 Service

Runs in private AWS zone; configured to launch into a single VPC subnet;

On-Demand EC2 Billing

Resources are used while working; charged by the second or hour.

AWS Responsibility EC2

IaaS: AWS handles the virtualization, hardware, networking, storage, and facilities.

EC2 Instance state

Running, stopped, and terminated.

EC2 removal

Truly have no EC2 costs

Amazon Machine Image (AMI)

An image of an EC2 instance.

Important things AMI handles

It contains boot volume, block device mapping; can be public, private, or shared.

Connecting Windows Instances

Use RDP (port 3389).

Connecting Llinux Instances

Use SSH (port 22).

AWS Permissions

Identity other than account root has no guaranteed resource authorization.

Availability Zone

Isolated compute, storage, networking, power, and facilities within a region.

Operability after an Isolated Issue

Services from one availability zone are fully functional and available for usage.

Multiple Availability Zone Solutions

Design solutions distributing aspects across availability zones.

Private SSH Key usage

Gaining access to local administrator PWD of the instance.

CloudWatch

Collection of metrics, monitoring and actions based on metrics.

CloudWatch Logs

Collect, monitor, and perform actions based on data logging.

CloudWatch Events

After certain conditions, it generates certain events which in turn start other actions.

Shared Responsibility Model

AWS' way to determine which components you manage or they manage.

Fault Tolerance

Continue operation properly in event some components fail.

High Availability

Minimises outages, seeks high reliability and availability.

Disaster Recovery

A set of policies designed to allow the recovery of tech systems.

Delegated AWS responsibilities

AWS name servers are authoritative for the domain.

Zone File

A database with DNS information for a particular domain.

Name Servers

Servers where DNS info is stored.

Route 53

AWS' DNS as a Service that lets you manage zone files.

Public Hosted Zones

Data is available on Public internet

Private Hosted Zones

Linked and accessible within certain VPCS.

Public IP Address

Help to make an EC2 instance publicly available by attaching one.

Configure virtual/physical collections

Helps to connect on-premises to VPCs.

Internet Gateway

Allows private zone resources to connect to the public Internet.

Instance Sizes and Capabilities

Influences instance resources, extra capabilities and options.

EC2 Configuration

You can change some decisions both before and after instance launch.

VPC's are regional

Operate within multiple availability zones in an AWS Region.

AWS side of shared repsonsibility's

AWS handles everything below hypervisor, customer handles everything above

Customers responsibility's

Customer handles everything above hypervisor and how they interface.

Stable and Controlled Data

S3 has stable data due to governance by laws and rules of the region.

Blast Radius

Scope of major failures like natural disaster are contained within S3 region.

S3 Services

S3 bucket's can be accessed from anywhere that is allowed.

Objects stored in S3

Objects consisting of a key & data, which is the value, stored in S3

Regions Provide Location Control

Used to tune architecture, placing near customers, duplicating for demand.

Differentiation between CloudWatch and CloudWatch logs.

CloudWatch collects operational data, CloudWatch logs collects log data

CloudFormation

Tool that creates, updates and deletes resources in AWS.

CloudFormation Templates

Used to create AWS infrastructure using CloudFormation.

AWS Private Service (Region)

A component or service which exists within and is local to an AWS region.

Private Network Zone

The zone where a home network operates where access is managed via network connections or Wi-Fi passwords.

Benefits of region

Ensure systems withstand global disasters, geographically isolated for fault tolerance and governance.

Geographic Separation

It means something terrible will happen to one region but the others remains operative.

Geopolitical Separation

Select a region and be affected by the laws and regulations of that region where your infrastructure is stored.

Location Control

Tune your architecture's performance, duplicating infrastructure into another region if need arises.

Referring to a region

Region Code or Region Name

Sydney Region

Lower level architectural component available within AWS known as availability zone within a region known as Sydney region.

Instances

A collection of Virtual Machines known as EC2 Instances, it's the consumption to this.

EC2 instance

State of an EC2 indicates its condition. An instance can exist in one of a few states.

The running state

You can be charged for all 4 of those categories: running, stopped, terminated.

To terminate the instance

No EC2 costs for a set instance

Attached permissions

The AMI are controlled by accounting that can/cant use and AMI.

Based Regional Storage

It means data is Stored in a specific region while its at rest.

Prefixes in S3

Object names that structure as folders for Ul folder name.

A Namespace

A way to separate things in different areas inside the storage platform.

Datapoint

A point which consists of two things, a time stamp as well as a value.

How to separate the data.

CPU utilisation that contains metrics, how do you separate these data?

A Metric

A collection of related datapoints, all the metrics.

Also known as alarms

How can we take actions based on these metrics??

Shared Responsibility

Is how AWS provide clarity around systems security are theirs.

High available

Designed to be online, provide services where components are replaced or fixed quickly

Systems monitor communicate with two servers the same time.

Continue system to be operative, with failover so data wont be lost.

Fault Tolerance systems

Designed to operate through systems failure + for special situations.

Using Disaster Recovery - DR

Used when theses above won't work, and this is how to recover

All major domain registries

Companies managing all the Top Level Domains.

DNS as delegation

It's just a system of delegation between entities and how the internets are being delegated

To create a zone

Create file/record for registering + managing a DNS. A database containing DNS

Hosted zones

DNS as Service, this means allows creating + managing zone files

Study Notes

AWS Public vs Private Services

• AWS private services are accessible by instances or entities within a VPC or connected to that VPC.
• AWS public services can be accessed using public endpoints
• S3 is an example of a public service that can be accessed from anywhere with an internet connection.
• Even though S3 is a public service identities other than the account root user has no authorization to access that resource by default
• Permissions and networking are considerations when talking about service access and the networking is what matters.
• The Internet is the zone from which Internet-based services like online stores and Gmail operate.
• A home network is an example of a private network where access is limited to devices directly connected or those with the Wi-Fi password.
• There are actually three different network zones: the public Internet, the AWS public zone, and the AWS private zone (VPC).
• The AWS public zone is a network connected to the public Internet, but not part of it, and it sits between the public Internet and AWS private zone networks.
• If EC2 has an allocated public IP address, private zone resources can access the public Internet.
• Access to public AWS services such as S3 via an IGW still communicates through the AWS public zone.
• Communication to and from an AWS public service uses the public internet as transit before reaching the AWS public zone.
• EC2 instances can project into the public zone to become publicly accessible from the internet.
• Private networks can be connected together if allowed.

AWS Global Infrastructure

• AWS is a global cloud platform comprised of smaller infrastructure groupings connected by a high-speed network.
• This design allows for the creation of systems that are resilient to failure and highly available.
• AWS infrastructure concepts include AWS regions, edge locations, and Availability Zones.
• Resilience is categorized into globally resilient, regionally resilient, and zone resilient services.
• AWS regions and edge locations are the deployments used.
• A region does not directly correspond to a continent or country but is an area selected by AWS with full infrastructure deployment.
• AWS adds regions over time, and countries may have multiple regions based on customer requirements and size.
• Regions are geographically spread out to allow for design of systems capable of withstanding global-level disasters.
• Interacting with most AWS services means interacting with a specific region.
• Elastic Compute Cloud in Northern Virginia is separate from that in Sydney, for example.
• AWS provides edge locations which are smaller than regions.
• Edge locations have content distribution services, and some edge computing, located in more places than regions.
• Edge locations are useful for companies like Netflix, to store content closer to the customers.
• Edge locations allow for fast, efficient data transfer due to lower latency.
• Regions and edge locations are commonly used by solutions architects running infrastructure from multiple regions but using edge locations for content delivery at faster speeds.
• The AWS network can be visualized, showing fewer regions vs edge locations and how regions are connected via high speed networking links.
• AWS networking can be used for efficient system deployment.

AWS Regions

• Regions are presented in the AWS console, and EC2 requires region selection
• Some services are global, like IAM and Route 53, and don't require region selection
• Each region is geographically separated, providing fault isolation and preventing issues in one region from affecting others.
• It enables the ability to place infrastructure into a region knowing it will not be affected by faults in another.
• Regions are designed to be 100% isolated, enhancing fault tolerance.
• Selection of a region offers geopolitical or governance separation, impacting the laws and regulations affecting infrastructure storage.
• AWS commits to keeping data within a chosen region if not configured otherwise.
• Regions allow for location control and the ability to place infrastructure close to customers for performance
• Netflix uses infrastructure around the globe close to customers
• When referring to a region, either the region code or region name is used. The Sydney region has a region code of ap-southeast-2 and a region name of Asia Pacific (Sydney).

Regions and Availability Zones

• AWS defines a region as having the region code (ap-southeast-2) and the region name (Asia Pacific (Sydney)).
• A region provides resilience through infrastructure mirrored in other regions.
• Need exists for more granularity and this is available through availability zones.
• AWS provides multiple availability zones inside a region, with 3 in Sydney (ap-southeast-2a, 2b, 2c).
• Availability zones give isolated compute, storage, networking, power, and facilities inside a region.
• If a region experiences an isolated issue that only affects one zone, the other zones will continue to be fully functional.
• Solutions can be designed to distribute components across multiple Availability Zones for resilience.
• An Availability Zone is a logical construct within AWS and may consist of one or more data centers.
• AWS only guarantees zone isolation and connectivity.
• Services can be placed across multiple Availability Zones for fault tolerance using virtual private cloud.

Service Resilience

• How a service is defined by its level of resilience.
• Globally resilience occurs when a service operates with a single database replicated accross multiple regions, such as IAM and Route 53
• Region resilience occurs when services operates in a single region with separate sets of data, like an RDS database in Sydney versus one in Northern Virginia.
• Data is typically replicated to multiple availability zones and the service will continue to operate in if an AZ fails.
• If the whole region fails, so will this service.
• AZ resilient services run from a single availability zone.
• Failure of this AZ will cause failure of the service.
• These services include those that need resilient storage systems.

AWS Default Virtual Private Cloud (VPC)

• VPCs are virtual private networks within AWS, allowing creation of private networks for services to run.
• VPCs enable connections between AWS private networks and on-premises networks in hybrid environments.
• Private AWS networks can be connected to on-premise networks creating a hybrid environment.
• VPCs can connect to other cloud platforms for multi-cloud deployments.
• A VPC is a service which is within an AWS account and AWS region.
• VPCs are regional services, providing regional resilience and operating from multiple availability zones in a region.
• A VPC is private and isolated by default.
• Services in the same VPC can communicate, but the VPC is isolated from other VPCs, the public AWS zone, and the public Internet, but this can be changed through configuration.
• There are two types of VPCs: default VPC and custom VPC.
• Maximum of one default VPC per region.
• Can have several custom VPCs in a region.
• Custom VPCs are custom, to be configured as needed, following VPC rules/limits.
• Custom VPCs are 100% private by default and used in most AWS deployments.
• They can be configured to the sizes and structures, linked with other VPCs, and communicate with other cloud platforms or on-premises networks.
• One default VPC is automatically created by AWS in every region.
• Default VPCs come pre-configured via AWS and are less flexible than custom VPCs.
• VPC allows you to build an isolated private network and unless configured, there is no traffic out the the VPC border with the exception of allowing it.

VPC characteristics

• Every VPC has a range of IP addresses, which are called the VPC CIDR, which is a common range of IP addresses the VPC can use
• The CIDR is just the IP address range of the VPC
• DefaultVPC only gets 1 CIDR, which is 172.31.0.0/16
• This is a strength, that it's predictable
• A region has multiple availability zones, such as us-east-2a, 2b, 2c, each an independent infra pool
• To provide resilience, a VPC can be sub-divided into subnets, which is short for the network
• The a,b,c at the end defines the sub-network is located in one AZ.
• Each subnet will use part of the VPC"s range of IP addresses/CIDR Range
• THese ranges cannot be the same and can't overlap
• This is how a VPC is resilient, by each subnet will be in one AZ and if it fails, part of the VPC fails
• If the AZ that an instance is launched into fails, then the instance itself will likely fail

Default VPC Facts

• One per region and can be removed and recreated
• The VPC ranges is always 172.31.0.0/16
• Inside that range there are many /20 subnet to AZ
• Internet Gateway and Security Groups assign
• They come precongifured so they have v4 addressing

Elastic Compute Cloud (EC2) Basics

• EC2 is IAAS and provides virtual machines (instances)
• Unit of Consumption is the instance, just a OS with alocated resources
• Is a private service, so it means it runs in the private zone by default
• runs in a sinlge VPC subnet but needs VPC support
• Choose sizes and capabilities for the instance to determine resources,GPU and extra processes etc
• You menage the OS because it's IAAS and manage virtualization
• Billing per second/hour depending on what it's launched with
• Only pay for uptime
• In stopped state there are no CPU resources being consumed
• You'll still see bill with EBS

How to reduce instance costs

• The only way to truly have no ec2 costs for an instance is to terminate that EC2 instance.
• AMI is an image of an EC2 instance, AWS supplies with a image for every window/linus.
• An image is similar to server image but contains a USB device.

Access permissions for EC2

• AMI Permission
• Explicit permission
• Root volume for boot/ and contains block device mapping
• Connecting to ec2 instances
• Using RDP via port 3389 for windows
• Using SSH to port 22 for linus

Simple Storage Service (S3) Basics

• A global storage platform that is regional based and resilient
• A public service that can handle unlimited data and multi user based
• Ideal to store movies/photos and data sets
• Economical and accessed via UI/CLI/API/HTTP
• Uses objects and buckets
• In a specific AWS region when it's unused, it will never leave unless you configure it.
• It can tolerate failure of AZ
• Select region when you create a thing insude s3
• It can cope with multilated data ammounts/ multi user usage, millions of cat pictures
• The great thing is it sales at a massive scales
• 3 the default storage service in AWS.
• 2 main service it delivers like objects/buckets
• your cat picture is an object .g the migration og koala
• buckets are containers for objects
• Component of object there is value and value is the data or contents.
• Value of an object is an empty obkect or 5tbs
• Objects have a few components called version 1D, medatar,access control and the sub-reosources
• S3 buckets are created in a specific AWS REGIOUN with the use of sydney or ap-southeast-2 as example.

Characteristics of Buckets

• Data inside a bucket has a promary home region and if never leaves
• Bucket name must be global Unique
• They must be uinque all regions / accounts.

S3 buckets summary

• S3 bucket can hold UNLIMITED number of objects
• S3 bucket is flat
• Store a root level even when you create /old.data s
• They prefix it with the object names
• There's limit in terms of number of buckes to have with 100 as a hard / 100 asoft as a max limit on buckets
• S3 is an object store
• Good for ofload
• AWS service output

CloudFormation (CFN) Basics

• CloudFormation is a tool to create, update and delete infrastructure in AWS using templates.
• Templates are written in either YAML or JSON.
• All templates include a list of resources which CloudFormation uses to create, update, or remove physical resources.
• Description is a free text field for the template author to add details about the template and resources, and changes
• The AWS template format version isn't mandatory, but if description is also used as a parameter, description needs to directly follow the template format version
• The template format version is the avenue AWS uses for extending the template standards over time, and it is assumed if omitted.

Building templates and conditions

• Templates are added , and meta data is like a Ul but for those information
• Parameters and set of you can you add in fields.
• Templates can use mappings to lookup the data.
• There is a multi set of to set, such as to create a prod set
• Ouputs are used a set set set a set of outputs which are template and its is of

Logical and template resources and stacks

• Templates contains resource and the other stuff used with cloud
• Templates contains resource and the other stuff used with CloudFormation
• The resource section with a list resource where the in EC2, and used logical to exactly to create Aws.
• You take templates and intially give it to to cloud, will need to that be and that created

CloudWatch (CW) Basics

• CloudWatch collects data on behalf of you
• This includes operational or logging.
• CloudWatchs that are are or AWS.
• A AWS, or on other cloud you can take most to where that it will be

Agent gathering

• Is to AWS , log
• Cloud, actions

Namespace and dimesnions for cloudwatch

• Log action
• And state
• To

Shared Responsibility Model

• AWS helps with security for a piece of the cloud and the customer helps the security to the cloud.
• Location helps keep with those
• You
• To a point

HA / FT /DR

• HA - to minimise the number of outage
• FT - To operate though failure
• DR - when to use with those don't work
• HA is about fast and automatic recovery, it's not about perventing user disruption