Containers and Amazon Elastic Container Registry (ECR)

Questions and Answers

Which of the following best describes the primary function of Amazon Elastic Container Registry (ECR)?

• Managing Kubernetes clusters for containerized applications in the AWS cloud.
• Providing a serverless compute engine for running containers without managing EC2 instances.
• Orchestrating the deployment, scaling, and management of containerized applications.
• Storing, managing, and deploying container images and other artifacts. (correct)

An organization wants to ensure that its container deployment process has high availability and eliminates the need to manage container registry infrastructure. Which AWS service should they use?

• Amazon ECS
• Amazon EKS
• Amazon ECR (correct)
• AWS Fargate

A development team requires a solution that ensures consistency across different environments, from development to production, and that simplifies the deployment process. Which benefit of using containers addresses this need?

• Consistency across environments. (correct)
• Enhanced security features through isolation.
• Automatic scaling based on traffic.
• Centralized logging and monitoring.

Which of the following AWS services allows you to run containers without managing the underlying EC2 instances?

AWS Fargate (A)

Which key feature of Amazon ECR helps in reliably deploying new containers for applications?

Secure Storage (A)

A company wants to deploy a highly scalable and available containerized application on AWS. Which AWS service is most suitable for orchestrating this deployment?

Amazon ECS (B)

What does the term 'image' refer to in the context of containerization and Amazon ECR?

A packaged code blueprint of your application that includes dependencies. (D)

Which of the following AWS services would be BEST for managing a Kubernetes cluster?

Amazon EKS (D)

Which AWS Control Tower component automates the creation of new AWS accounts with pre-defined configurations and governance policies?

Account Factory (D)

An organization wants to implement a centralized network security solution to filter traffic and protect their VPCs from network threats. Which AWS service is most suitable for this scenario?

AWS Network Firewall (B)

A mobile app development company needs to test their application on a variety of real mobile devices and desktop browsers. Which AWS service can best facilitate this testing process?

AWS Device Farm (B)

When storing objects in Amazon S3, what is the maximum number of tags (key/value pairs) that can be associated with each object?

10 (D)

A company wants to host a simple, non-dynamic website using Amazon S3. Which feature of S3 allows them to accomplish this?

S3 Static Website Hosting (A)

An organization needs to store data in Amazon S3 that requires high availability and performance, with frequent access. Which S3 storage class is most appropriate?

S3 Standard (B)

A media company has a large archive of video files in S3 that are accessed infrequently but require rapid retrieval when needed. Which S3 storage class balances cost and retrieval speed for this scenario?

S3 Standard Infrequent Access (IA) (D)

A financial services company needs to store highly sensitive data in Amazon S3 with the lowest possible storage cost, but can tolerate lower availability. Which storage class is most suitable?

S3 One Zone-Infrequent Access (B)

A manufacturing plant needs to process sensor data in real-time directly at the plant due to limited internet connectivity and a lack of on-site computing resources. Which AWS service would best facilitate edge computing in this scenario?

Snowball Edge (D)

An organization wants to grant its developers temporary, limited access to specific AWS resources for a project, without requiring them to use their personal credentials. How should access be configured?

Create IAM roles with the necessary permissions, then have the developers assume those roles. (D)

A company observes unusual traffic patterns on their web application, suspecting a DDoS attack. What AWS service can provide automatic protection and real-time mitigation against this type of threat?

AWS Shield (D)

An e-commerce company needs to monitor the performance of its AWS resources, track application metrics, and centralize log files for troubleshooting. Which AWS service provides these capabilities?

Amazon CloudWatch (B)

A company wants to protect its public-facing web application against common exploits, such as cross-site scripting (XSS) and SQL injection. What AWS service should they implement?

AWS WAF (C)

Which AWS service is best suited for analyzing data stored in S3 using SQL without managing servers?

Amazon Athena (B)

What benefit does using columnar data formats like Parquet provide when querying data with Amazon Athena?

Reduced data scanning costs (C)

Which of the following is a primary use case for Amazon Neptune?

Identifying relationships and connections in data, such as social networks (C)

For read-heavy applications, what is the maximum number of read replicas that can be created for an RDS database to scale the read workload?

15 (D)

What is the primary purpose of deploying an RDS instance in multiple Availability Zones (Multi-AZ)?

To ensure high availability and automatic failover in case of an AZ outage (A)

Compared to running MySQL or PostgreSQL on standard RDS, what performance improvement does Amazon Aurora claim to offer?

5x improvement over MySQL and 3x over PostgreSQL (B)

For what purpose would you use Amazon ElastiCache in a system architecture?

To reduce the load on databases by caching frequently accessed data in-memory (A)

In the AWS Shared Responsibility Model, which security aspect falls under AWS's responsibility?

Securing the physical hardware and data centers that host AWS services. (D)

Which of the following best describes the relationship between Availability Zones (AZs) within an AWS Region?

AZs consist of one or more data centers that are physically separated but connected via low-latency, high-throughput, and highly redundant networking. (A)

Which of these features are benefits of using Amazon EMR? (Select all that apply)

Integration with spot instances for cost savings (A), Automatic scaling of resources based on workload (B), Fully managed provisioning and configuration (C)

A company wants to ensure its web application can handle sudden spikes in traffic. Which AWS services should they use together to automatically increase or decrease compute capacity based on application demand?

Amazon EC2 Auto Scaling and Elastic Load Balancing (A)

Which of the following is an example of vertical scalability?

Switching from a t2.micro EC2 instance to a t2.large EC2 instance. (A)

A company uses AWS AppStream 2.0 to provide its employees access to desktop applications. Which of the following security benefits does this approach offer?

Applications and data remain on AWS compute resources, reducing the risk of data loss or theft from user devices. (A)

A company wants to improve the performance of its website for users around the world. Which AWS service should they use to cache static content at edge locations?

Amazon CloudFront (A)

Which scenario demonstrates a shared control, as defined by the AWS Shared Responsibility Model?

AWS provides security awareness training for its employees, while customers must provide security awareness training for their own employees regarding the use of AWS services. (B)

An application is experiencing performance issues due to a high volume of read requests to the database. Which strategy would best utilize horizontal scalability to address this?

Adding read replicas to the database and distributing read requests across them. (B)

Which disaster recovery strategy involves having a scaled-down, operational environment continuously running in AWS that can be quickly scaled up in case of a failure in the primary environment?

Pilot Light (A)

A company wants to migrate a large dataset from their on-premises data center to AWS and needs to schedule incremental replications. Which AWS service is MOST suitable for this task?

AWS DataSync (D)

A company decides to move its existing application to AWS without making any code changes but optimizing it to leverage Cloud features. Which of the following 'R' strategies BEST describes this approach?

Replatform (B)

Which AWS service helps gather information about an on-premises data center, including system configuration, performance history, and network connections, to plan migration projects?

AWS Application Discovery Service (C)

A company wants to migrate an application to AWS using a 'lift-and-shift' approach. Which AWS service is specifically designed to simplify this process by converting servers to run natively on AWS?

AWS Application Migration Service (B)

A company wants to assess their on-premises environment and build a data-driven business case for migrating to AWS. Which AWS service is BEST suited for this?

AWS Migration Evaluator (A)

Which AWS service provides a central location to track the progress of your application migrations to AWS and collect inventory data?

AWS Migration Hub (A)

A development team wants to proactively identify weaknesses in their application by simulating disruptive events. Which AWS service would be MOST suitable for this?

AWS Fault Injection Simulator (FIS) (C)

Which AWS service would you use to visually design and build serverless applications by connecting different AWS services?

AWS Application Composer (D)

You need to design a visual workflow to orchestrate multiple Lambda functions for processing orders. Which AWS service would be MOST appropriate?

AWS Step Functions (B)

Flashcards

Amazon ECS

A managed container orchestration service that helps deploy, manage, and scale containerized applications.

Amazon ECR

A managed Docker container registry to store, manage, and deploy container images.

Container Image

Packaged code with everything needed to run an application.

ECR Key Features

Secure storage, access management, integration with ECS & CI/CD, and image scanning.

Why Use Containers?

Consistency across environments, efficiency, simplified deployment, and secure storage.

AWS Fargate

A serverless compute engine for containers, so you don't manage EC2 instances.

ECS Key Features

Task definitions, clusters, service management, and integrations.

Amazon EKS

Managed service to run Kubernetes for container orchestration in the AWS cloud or on-premises.

AWS AppStream Feature

Access desktop applications securely from any supported device.

AWS Responsibility

AWS protects the infrastructure (hardware, software, networking, facilities) running AWS Cloud services.

Customer Responsibility

Customer secures based on AWS Cloud services selected, including configuration work.

Shared Controls

Controls applied at both infrastructure and customer layers, each with separate context/perspective.

Regions

Geographically separated and isolated locations for AWS resources.

Availability Zones (AZs)

One or more data centers, physically separated, isolated, with low latency and high throughput.

Edge Locations

Points of Presence (PoPs) that cache data using CloudFront.

Vertical Scalability

Increasing instance size to handle greater loads (e.g., t2.micro to t2.large).

AWS Control Tower

A framework for managing multiple AWS accounts with guardrails and automated workflows to enforce policies across an organization.

Landing Zone

A foundational setup in AWS Control Tower that establishes a secure, multi-account AWS environment.

Guardrails

Policies that provide governance and compliance in your AWS environment.

Account Factory

Automates account creation with pre-set rules and guidelines in AWS Control Tower.

AWS Network Firewall

A managed network security service providing centralized protection for Virtual Private Cloud (VPC) networks.

AWS Device Farm

A service to test web and mobile apps on real devices in the AWS Cloud.

Amazon S3

A service that stores data as objects within buckets

S3 Standard

S3 storage class for frequently accessed data, balancing cost and speed.

Edge Computing

Process data at the source, where it's generated, often with limited internet access.

AWS Storage Gateway

A bridge between on-premise infrastructure and the AWS cloud, exposing S3 data locally.

CloudWatch

A monitoring service to track AWS resource performance, detect issues, and create dashboards.

IAM (Identity Access Management)

A service to securely manage access to AWS resources using users, groups, and roles.

AWS WAF (Web Application Firewall)

Protects web applications from common exploits like SQL injection and XSS.

Amazon Neptune

A fully managed graph database by AWS that uses graph structures to identify relationships between data points.

Amazon Aurora

A proprietary, AWS-optimized relational database, compatible with MySQL and PostgreSQL, offering improved performance and scalability.

RDS Read Replicas

Used to scale read workloads by creating copies of your database. Data is only written to the main DB. Supports up to 15 replicas.

RDS Multi-AZ

Provides high availability by synchronously replicating data to another Availability Zone (AZ) for automatic failover.

RDS Multi-Region

Enables disaster recovery and local performance for global reads by replicating your database to another AWS region.

ElastiCache

Managed in-memory data cache service (Redis or Memcached) for high performance and low latency, reducing database load.

Amazon Athena

A serverless query service that enables analyzing data directly in Amazon S3 using standard SQL.

Pilot Light

A disaster recovery setup where a minimal version of the environment is always running.

Warm Standby

A DR setup where a scaled-down but functional environment is always running.

Multi-Site / Hot-Site

A DR setup with duplicate, fully operational environments in multiple locations for immediate failover.

AWS Elastic Disaster Recovery (DRS)

AWS service to recover physical, virtual, and cloud-based servers into AWS quickly.

AWS DataSync

AWS service to move large amounts of data from on-premises to AWS, with scheduled incremental replication.

Retire (Cloud Migration)

A cloud migration strategy to discard unneeded applications.

Retain (Cloud Migration)

Cloud migration strategy: Keep the application or service as it is, without changes.

Relocate (Cloud Migration)

A cloud migration strategy to move apps from on-premises to a cloud version, workload focused.

Rehost (Lift and Shift)

Cloud migration strategy which involves simple migrations by re-hosting applications on AWS.

AWS Application Discovery Service

A cloud migration strategy involving gathering info about on-premises data centers.

Study Notes

• Amazon Elastic Compute Cloud (Amazon EC2) provides secure and scalable compute capacity in the AWS cloud
• EC2 is categorized as Infrastructure as a Service (IaaS)
• EC2 allows launching as many or as few virtual servers as needed

Pricing for EC2

• On-Demand Instances are for short-term, uninterrupted workloads where application behavior is unpredictable
• Reserved Instances (1 or 3 years) offer up to 72% discount by reserving a specific instance type for long workloads, also allows buying and selling in the Reserved Instance Marketplace
• Convertible Reserved Instances are for long workloads with flexible instances, offering up to a 66% discount
• Savings Plans (1 or 3 years) commit to an amount of AWS usage for long workloads, locked to a specific instance family & AWS region
• Spot Instances offer up to 90% discount for short, cheap workloads, but such instances are less reliable and can be lost without a warning if another party bids higher
• Dedicated Hosts allow booking an entire physical server, control instance placement, and provide EC2 instance capacity fully dedicated to use and are useful for software with complicated licensing models (BYOL)
• Dedicated Instances run on hardware dedicated to the user, with no other customers sharing the same hardware

EC2 Instance Types

• General Purpose instances are great for diverse workloads like web servers or code repositories
• Compute Optimized instances are great for compute-intensive tasks requiring high performance processors
• Memory Optimized instances offer fast performance for workloads processing large datasets in memory
• Storage Optimized instances are optimized for storage-intensive tasks requiring high, sequential read and write access to large datasets on local storage (OLTP)

AWS Batch

• AWS Batch is a fully managed batch processing service for developers, scientists, and engineers to execute large amounts of batch computing workloads on AWS
• AWS Batch submits a job to a particular job queue and schedules them in a computing environment, with "queue" as a key component
• AWS Batch benefits include it being fully managed, fully integrated with AWS, and cost-effective based on resource use

AWS Elastic Beanstalk

• AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS
• AWS Elastic Beanstalk operates as a Platform as a Service (PaaS)
• Users upload their code, and Elastic Beanstalk automatically handles deployment, capacity provisioning, load balancing, auto-scaling, and application health monitoring
• Programming languages supported through Beanstalk include; Java, .NET, PHP, Node.js, and Python
• Elastic Beanstalk reduces management complexity without restricting choice or control and automatically handles load balancing and health monitoring

AWS Lambda

• AWS Lambda is a serverless computing service that allows users to run code as functions without provisioning or managing servers and runs your code on a high availability compute infrastructure
• Each Lambda function runs in its own container
• Using AWS Lambda can save time on operational tasks
• Each function is charged on allocated memory and time used to complete a function
• Updating is done by AWS
• Similar instances can be executed simultaneously
• AWS Lambda extends other AWS services with custom logic and brings the user's own code
• Lambda natively supports Java, Go, PowerShell, Node.js, C#, Python, and Ruby code, and supports additional programming languages via a Runtime API
• Lambda has built-in fault tolerance
• AWS Lambda enables continuous scaling and is cost-optimized with millisecond metering, offering consistent performance at any scale

Containers

• Containers offer an ordinary way to package applications, code, and dependencies into a single object
• Containers can be used for processes and workflows that require security, reliability, and scalability

Amazon Elastic Container Service (ECS)

• Amazon ECS is a fully managed container orchestration service
• The service allows users to manage and scale containers on a cluster
• It is fully managed and docker-supported

Amazon Elastic Container Registry (ECR)

• ECR is a managed service for users to store, manage, share, and deploy container images and other artifacts
• Amazon ECS works with Amazon Elastic Kubernetes Service (EKS), Amazon Elastic Container Service (ECS), and AWS Lambda.
• ECR is a fully managed docker container registry
• An image is a packaged code, a blueprint of your application that includes everything needed to run it
• ECR key features include secure storage, access management, integration with ECS & CI/CD, and image scanning
• ECR eliminates the need to operate and scale the infrastructure required to power your container registry
• ECR utilizes Amazon S3 for storage, is highly available and accessible and allows deploying new containers

Containers

• Containers offer consistency across environments
• Container features also include efficiency, speed, and simplified deployment.

AWS Fargate

• AWS Fargate is a serverless compute engine for containers
• Allows you to run apps without managing the base EC2 instances
• You are only charged only for the resources used by each container
• Fargate works with amazon ecs and eks while it deploys and manages applications

Amazon Elastic Kubernetes Service (EKS)

• EKS is a managed service that runs Kubernetes an open-source container orchestration tool
• This service is used for Kubernetes applications on the AWS cloud or on-premises.
• Serverless container execution is a key feature
• EKS has compatibility with ECS and EKS and offers auto scaling and resource isolation
• EKS is ideal for applications that require fast, scalable scaling without the burden of managing infrastructure.

Resource Optimizer

• AWS Compute Optimizer assists in choosing the right AWS resources, enabling users to run workloads more efficiently
• It analyzes resource usage and gives recommendations to improve performance and reduce costs
• It is a service that recommends optimal AWS resources to reduce costs and improve performance of workloads and is an AWS smart assistant that suggests the best options
• Machine learning is used to analyze historical utilization metrics
• Charges accrue for enhanced metrics per resource, paid hourly for resource runtime

Amazon Lightsail

• Lightsail is a virtual private server (VPS) which provides you with needed to build an application or website, on a monthly plan
• Designed to help you start small and then scale as you grow
• Lightsail instance functions as a virtual private server (VPS) and can be used to store data, code, with the ability to build web-based applications or websites.
• Lightsail instances can connect to each other and other AWS resources through public (Internet) and private (VPC) networking
• To get started, export your Lightsail instance manual snapshot and then use the Upgrade to EC2 wizard to create an instance in EC2

Developer Tools

• Amazon WorkSpaces enables users to provision virtual, cloud-based Microsoft Windows, Amazon Linux, or Ubuntu Linux desktops
• WorkSpaces eliminate the need to procure and deploy hardware or install complex software, while enabling users to quickly add or remove users

AWS Config

• AWS Config rolls out configuration changes independent of code across any size application hosted on EC2 instances, containers, and serverless applications and functions
• AWS Config has pricing as "pay as you go"
• AWS can be used in application tuning, feature toggles, allow lists and when operational issues arise

Application Integration

• AWS AppSync builds and manages GraphQL APIs in cloud
• GraphQL allows request exactly the data they need, which makes it more efficient and flexible than traditional REST APIs.

AWS AppStream 2.0

• Amazon AppStream 2.0 is a application streaming service which provides users with desktop applications from anywhere.
• AppStream 2.0 manages AWS resources required to host and scale your applications
• Only a single version of each application is maintained which provides easier management
• The apps run on AWS compute resources which means that the data is never stored on the users devices; which means always getting a secure experience

AWS Shared Responsibility Model

• AWS provides security OF the Cloud which is composed of hardware, software, and networking
• Customer provides security IN the Cloud by selecting cloud services that they want to utilize
• Controls apply to the infrastructure and customer layers however completely separate
• AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services
• Regions are geographically separated, isolated locations
• There is at least one data center and the AZ's are physically separated and isolated
• Low latency, high throughput and highly redundant networking
• Edge Locations are smaller locations that Cache data using CloudFront
• AWS has a management Console that consists of AWS resources and Services that can be managed and customized from a desktop or mobile

Scalability & High Availability

• Scalability means that an application or system can handle greater loads by adapting.
• Vertical Scaling is when the size of an instance is increased
• Horizontal Scaling means increasing the number of instances or systems for your application.
• High Availability involves horizontally scaling and running your application or system in at least 2 Availability Zones

Amazon ELB (Elastic Load Balancer)

• Automatically distribute incoming traffic across multiple targets
• 4 Load balancer options from AWS, Application Load Balancers, Network Load Balancers, Gateway Load Balancers and Classic Load Balancers
• An Auto Scaling Group's goal is to add or remove instances based on web traffic

Amazon CLOUDFRONT

• It's used to deliver very secure and fast websites, accelerate content delivery and stream live videos.
• There is 1 TB of data transfer out to the internet per month and 10,000,000 HTTP pd HTTPS as part of the AWS free tier

AWS Global Accelerator

• Global accelerator uses a global network to improve the availability and performance of your application
• It can also be used for DDoS protection and has flow logs for detailed records
• Integrates with AWS Shield for DDoS protection, with Flow Logs providing detailed records, protected by AWS global network security procedures

Amazon Virtual Private Cloud (VPC)

• Allows a dedicated network for resources
• Includes: Internet gateways, VPN tools, CIDR, Subnets, Route tables, VPC endpoint, NAT instances, etc
• A subnet is a segment of a VPC that resides entirely within a single AZ.
• A private subnet does NOT have internet access and a public subnet DOES have internet access
• A VPN subnet does NOT have internet access but has access to the virtual private gateway for a VPN connection
• A VPC automatically comes with the main route table, used to guide network traffic to the right destination within the VPC
• Security groups (SG) act like a firewall at the instance level for inbound and outbound traffic
• all inbound traffic is blocked by default
• all outbound traffic is authorized by default
• It is stateful
• 22 = SSH (Secure Shell), 21 = FTP (File Transfer Protocol), 22 = SFTP (Secure File Transfer Protocol) 80 = HTTP (access unsecured websites, 443 = HTTPS access secured websites
• 3389 = RDP (Remote Desktop Protocol) - log into a Windows instance

Security

• Network access control lists (NACLs) act as firewalls at the subnet level and can be used to block ip addresses
• Amazon VPC has Elastic IP Addresses can allocate to your account or release it and also provides network interfaces
• VPC FLOW logs are a feature that enables the user to capture information about the IP traffic going to and from network interfaces in your VPC
• Virtual private gateways is the segment that allows protected internet traffic to enter a AWS VPN
• AWS Direct Connect links your network directly to AWS for consistent, low-latency performance
• VPC Peering is the connection between 2 VPCs that enables you to route traffic between them with private IP addresses

Connection

• AWS Site-to-Site VPN Creates a secure connection between branch office and your AWS cloud resources and creates a connection for people to access data
• AWS Client VPN scales up or down based on utilization
• Amazon OpenSearch is a managed service for Elasticsearch, and Kibana while providing real time App monitoring
• AWS Data and AWS Amplify help establish connections between any premises to AWS.
• The service fastens the development of mobile and web apps on the AWS platform

Permissions

• AWS IAM Identity Center is the successor to AWS Single Sign-On service
• The service secures a reliable master key for accessing different accounts with permissions of global service.
• Users or Groups can be assigned JSON documents called policies that apply the least amount of permissions
• IAM Credentials Report is Account Level
• IAM Accesor is User Level

Firewalls

• AWS Firewall Manager is a security management service that simplifies the setup and maintenance of firewall rules across multiple AWS accounts and resources
• AWS Control Tower simplifies the setup and governance of secure AWS environments
• Has blueprints and guardrails in place
• AWS Network Firewall is a managed network security service that centralizes protection for VPC networks

AWS Device Farm

• Facilitates the testing the web and mobile applications
• Runs tests concurrently on multiple devices
• Configures device settings

Amazon S3 (Simple Storage Service)

• Unlimited storage for any kind of data in virtually any format through buckets
• Used for S3 buckets to store data in a folder specific fashion with unique keys
• Uses object storage to store virtually any kind of data.
• Its tags(unicode key/Value pair) and encryption helps for security and its lifecycle

Amazon EBS (Elastic Block Storage)

• High performance SSD based solution for EC2 instances and uses Amazon EBS
• EBS volumes are network drives that have a limited performance.
• 16TiB for one volume Max Storage Size
• EFS works with Linux EC2 instances in multi-AZ
• S3 Intelligent-Tiering Storage Class delivers automatic cost saving
• EFS will automatically move your files to EFS-IA based on the last time they were the accessed and also transparent to applications that are assessing EFS
• Amazon FSx includes a 3rd party high-performance file systems on AWS with windows file servers that connect can connect from premise through your AWS or in AWS servers

Amazon RDS

• Amazon RDS is a managed DB service for SQL
• Users can create databases in the cloud that are managed by Postgres and etc
• Amazon DynamoDB is a non structured NoSQL that can be managed heavily through 3AZ databases.

Redshift

• Redshift data is based on PostgreSQL
• Redshift data is based on PostgreSQL It is used for online analytical processing
• Redshift data is based on PostgreSQL Fully managed data warehouse with petabytes in size(collection of data) and you can load it once over time
• EMR helps create Hadoop clusters with vast EC2 instances

Database Characteristics

• A QLDB ledger is a financial transaction book with replication throughout 3AZ and has history usage along with better performance.
• DMS migrates databases securely to AWS , is resilient with self healing capabilities which offers different types of migrations
• Amazon provides SnowFamily that is an efficient storage devices that is used to exabytes to migrate.

AWS Systems

Provides systems such as EC2, S3 and different data management in which has the services provides

• AWS Storage Gateway is an bridge between your premise with on storage.

AWS Console

• the AWS Cloudwath can monitor AWS resources and can notify issues or alert dashboards.

AWS IAM (Identify Access Management)

• the AWS IAM Helps with creating groups roles and different permissions, which can be accessed through CLI.

AWS Waf is used for web security.

• AWS Sheild provides DDoS attacks .
• AWS trusted advisor is an advisor for AWS optimization -Amazon Cognito helps authentic AWS services with authentication logins -AWS appsync tracks AWS services with certain controls implemented. -AWS Macie Provides high sensative to information.

Cloud computing

• Trade capital expense (CAPEX) for operational expense (OPEX) -Pay On-Demand: don't own hardware
• Benefit from massive economies of scale Prices are reduced as AWS is more efficient due to large scale
• Increase speed and agility
• Stop spending money running and maintaining data centers
• Go global in minutes: leverage the AWS global infrastructur

Important Factors for choosing an AWS Region

• compliance with the data stays where it is
• the close proximity to customers will decrease latency.
• The service has to be available and the pricing matters depending on usage
• Has global services such as IAM and there many different region options

AWS Monitoring Section

• Cloud Watch collects AWS metadata and AWS events. AWS has a system to manage code.
• AWS Amplify. a platform for mobile applications and is used in Github
• AWS infrastructure composer helps creating new and easy code with no errors
• AWS Cloud Migration helps migrate over the seven different types of cloud options

Elastic Transcode

• Elastic Transcoder uses media to playback different devices on the aws platform

Integration

• Integrations with DynamoDB / Lambda Real-time subscriptions, offline data synchronization , fine Grained Security AWS Amplify can leverage AWS AppSync in the background

AWS Disaster Recovery Options

Chepaset is the Backup one

• Backup + Restore
• Pilot Light -Warm Standby -Multi-Site / Hot-Site Data is transfered over aws Sync and incremental load over the transfer
• Agentless Discovery uses VM for performace usage , agent database is the performance running
• The AWS migration hub
• Supports building business data plans and aws plans
• AWS Fault system has servless with Lambda workflows.

Best Practice design principles

• vertical with horizontal scaling -Disposable servers and be serverless by using Auto scalling -Use Servicers and don't use EC2.

Description

Explore the primary functions of Amazon ECR and how it ensures high availability for container deployments. Understand how containers ensure consistency across development environments and simplify deployment processes. Learn about AWS services that run containers without managing EC2 instances.