Intro to Amazon Web Services (AWS)

Questions and Answers

A company wants to migrate its applications to AWS while maintaining some resources on-premises. Which deployment model best fits this requirement?

• Hybrid (correct)
• CaaS
• On-premises
• Cloud-based

Which Amazon EC2 instance type is MOST suitable for tasks that require high-performance processors?

• Memory Optimized Instances
• General Purpose Instances
• Storage Optimized Instances
• Compute Optimized Instances (correct)

A company needs to store data that is accessed frequently and requires high availability. Which Amazon S3 storage class is MOST appropriate for this scenario?

• S3 One Zone-Infrequent Access
• S3 Glacier Deep Archive
• S3 Standard (correct)
• S3 Standard-Infrequent Access

Which of the following is a BENEFIT of using Amazon Relational Database Service (RDS)?

Automated patching (B)

A company wants to implement a virtual firewall at the subnet level to control inbound and outbound traffic. Which AWS service should they use?

Network ACLs (B)

Which AWS service helps protect web applications from common web exploits?

AWS WAF (A)

A company wants to consolidate billing for all its AWS accounts. Which AWS service should they use?

Consolidated Billing (A)

An organization needs to run containerized applications on AWS and requires a highly scalable system. Which service should they consider?

Amazon Elastic Container Service (ECS) (C)

Which AWS service allows you to access security and compliance reports on demand?

AWS Artifact (C)

Which AWS service helps in understanding relationships and trends across your data?

Amazon Redshift (C)

Which AWS service provides a dedicated private connection from your data center to AWS?

AWS Direct Connect (A)

Which AWS service is used for monitoring API calls made in your AWS account?

AWS CloudTrail (B)

A development team requires a NoSQL database with millisecond response time and full management by AWS. Which AWS database offering is MOST suitable?

Amazon DynamoDB (D)

Which component in AWS is responsible for checking packet permissions for an Amazon EC2 instance?

Security Groups (A)

Which AWS service allows you to run code without needing to provision or manage servers?

AWS Lambda (D)

Flashcards

Client-Server Model

A model where a client (web browser or app) interacts with computer servers to make requests.

Amazon EC2

Amazon's virtual server in the cloud, allowing on-demand instance creation with pay-as-you-go pricing.

Cloud-Based Deployment

A deployment model where all application parts (servers, databases, etc.) run in the cloud.

On-Premises Deployment

Deploy resources using virtualization and management tools within an internal infrastructure.

Hybrid Deployment

Combines cloud and on-premises resources, integrating cloud with legacy IT applications.

Benefits of Cloud Computing

Trading capital expense for variable expense and benefiting from economies of scale.

CaaS (Compute as a Service)

Virtual servers hosted in the AWS cloud, billed only when running.

General Purpose Instances

EC2 instances offering a balance of compute, memory, and networking resources.

EC2 On-Demand Pricing

Ideal for short-term, irregular workloads; pay-as-you-go EC2 instance pricing.

Scaling Amazon EC2

Automatically adjusting the number of EC2 instances based on demand.

Elastic Load Balancing

An AWS service that automatically distributes incoming application traffic across multiple resources.

AWS Lambda

A serverless compute service that lets you run code without provisioning or managing servers.

Amazon ECS

A scalable system to run and scale containerized applications in AWS.

Availability Zone

Isolated data centers, or groupings of data centers within a region.

Amazon CloudWatch

A web service for monitoring metrics and setting alarms.

Study Notes

Module 1: Intro to Amazon Web Services

• A client is a web browser or desktop application making requests to computer servers in the client-server model.
• Amazon Elastic Compute Cloud (Amazon EC2) is a virtual server.
• EC2 instances can be created on demand and you only pay for what is used.

Deployment Models for Cloud Computing

• Cloud-based deployment involves running all parts of the application in the cloud, including virtual servers, databases, and networking components.
• On-premises deployment involves deploying resources using virtualization and resource management tools, including private cloud deployment.
• Hybrid deployment connects cloud-based resources to on-premises infrastructure and integrates the cloud with legacy IT applications.

Benefits of Cloud Computing

• Cloud computing trades upfront expenses for variable expenses by removing the need to invest upfront in data centers and servers.
• Using the cloud stops spending on running and maintaining data centers.
• EC2 instances can be launched when needed, depending on computing time, to eliminate guessing capacity.
• Cloud computing benefits from massive economies of scale and increases speed and agility.
• Apps can be deployed to customers globally in minutes.

Module 2: Compute in the Cloud

• CaaS uses virtual servers in the AWS cloud.
• Payment is only required when the instance is running.
• General Purpose Instances balance compute, memory, and networking, therefore they are considered "avatars" of instances.
• Compute Optimized Instances are used tasks that require high-performance processors.
• Memory Optimized Instances, Accelerate Computing Instances and Storage Optimized Instances are EC2 Instance Types.

EC2 Pricing

• On-Demand is ideal for short-term, irregular workloads.
• Reserved Instances include Standard Reserved Instances and Convertible Reserved Instances.
• Other EC2 Pricing options are EC2 Instance Savings Plan, Spot Instances and Dedicated Hosts.
• Amazon EC2 auto scaling automatically adds or removes instances depending on demand.
• Elastic Load Balancing automatically distributes incoming application traffic across multiple resources.
• Simple Notification Service (SNS) and Simple Queue Service (SQS) are messaging and queueing services.
• AWS Lambda allows code to run without provisioning or managing servers.
• Amazon Elastic Container Service (ECS) is a scalable container management system that runs and scales containerized applications on AWS.

Module 3: Global Infrastructure and Reliability

• AWS Regions are selected based on compliance with data governance and legal requirements, proximity to customers, available services, and pricing.
• An Availability Zone is a single data center or a group of data centers within a Region.
• Edge Locations are sites where Amazon CloudFront is used to store cached content closer to customers for faster delivery.
• AWS Elastic Beanstalk deploys resources based on code and configuration settings to adjust capacity, load balance, automatically scale, and monitor application health.
• AWS CloudFormation treats infrastructure as code and builds environments by writing lines of code instead of using the AWS Management Console to provision resources individually.

Module 4: Networking

• AWS Virtual Private Cloud (VPC) is a networking service that establishes boundaries around AWS resources.
• Subnets in a VPC contain resources.
• An Internet Gateway attaches to a VPC to allow public internet traffic.
• Virtual Private Gateway is used to access private resources in a VPC.
• AWS Direct Connect establishes a dedicated private connection between a data center and a VPC.
• Network ACLs are virtual firewalls that control inbound and outbound traffic at the subnet level.
• Stateless packet filtering in Network ACLs checks both inbound and outbound packets and doesn't remember anything.
• Security Groups check packet permissions for an EC2 instance and applies stateful packet filtering, remembering previous decisions for incoming packets.
• DOMAIN NAME SYSTEM (DNS) is Amazon Route 53, a DNS web service.

Module 5: Storage and Databases

• Instance Store provides temporary block-level storage for an Amazon EC2 instance and has the same lifespan as the instance.
• Amazon Elastic Block Store (Amazon EBS) provides block-level storage volumes for use with Amazon EC2 instances, with data remaining available if the EC2 instance is stopped or terminated.
• An EBS Snapshot is an incremental backup.
• Amazon Simple Storage Service (Amazon S3) provides object-level storage, storing data as objects in buckets.
• S3 Advantages include Web Enabled access, regionally distributed, and cost savings.
• S3 Standard is the storage of data in a minimum of 3 Availability Zones, designed for frequently accessed data.
• S3 Standard-Infrequent Access is Ideal for infrequently accessed data with a lower storage price and higher retrieval price.
• S3 One Zone-Infrequent Access stores data in a single Availability Zone and has a lower storage price than S3 standard-IA.
• S3 Intelligent Tiering is ideal for data with unknown or changing access patterns and requires a small monthly monitoring and automation fee per object.
• S3 Glacier Instant Retrieval is used for archived data that requires quick access and can retrieve objects within milliseconds.
• S3 Glacier Flexible Retrieval is a low-cost storage designed for data archiving, retrieving objects within minutes to hours.
• S3 Glacier Deep Archive is the lowest-cost object storage class ideal for archiving, retrieving objects within 12 hours.
• S3 Outposts creates S3 buckets on Amazon S3 outposts, making it easier to retrieve, store, and access data on AWS outposts.
• In object storage, each object consists of data, metadata, and a key, and must be reuploaded if any changes are made.
• Block Storage comprises small components used for complex read/write functions that don't affect other parts.
• Amazon Elastic File System (EFS) allows multiple instances to access data simultaneously, with any EC2 instance in the region able to write to the EFS file system and automatic scaling based on data.
• An Amazon EBS volume stores data in a single Availability Zone.
• The Amazon EC2 instance and the EBS volume must reside within the same Availability Zone, to attach an Amazon EC2 instance to an EBS volume.
• Amazon EFS is a regional service that stores data in and across multiple Availability Zones.
• Duplicate storage enables access to data concurrently.
• On-premises servers can access Amazon EFS using AWS Direct Connect.
• Amazon Relational Database Service (Amazon RDS) enables running relational databases in the AWS Cloud. Benefits such as automated patching.
• Additional RDS benefits include backups, redundancy, failover, and disaster recovery.
• Amazon Aurora supports MySQL and PostgreSQL, costs 1/10th the price of commercial databases, offers data replication, up to 15 read replicas, continuous backup to Amazon S3, and point-in-time recovery.
• AWS Supported databases are MySQL, PostgreSQL, Oracle, and Microsoft SQL Server.
• Lift-and-Shift Migration migrates a database to run on Amazon EC2.
• Amazon DynamoDB is a key-value database service.
• Its key properties are non-relational NoSQLdatabase, built for a purpose, is millisecond response time, fully managed, highly scalable, and serverless.
• Amazon Redshift is a data warehousing service for big data analytics that collects data from many sources and identifies relationships and trends.
• Amazon Database Migration Service (DMS) migrates databases. Downtime is minimized for applications that rely on that database. The source and target databases don't have to be of the same type.
• Homogeneous databases Migration migrates databases of the same type: MySQL to Amazon RDS for MySQL or Microsoft SQL Server to Amazon RDS for SQL Server.
• Heterogeneous database Migration migrates target databases of different types, and uses a 2-step process: Convert and then use DMS.
• Additional Database Services include Amazon DocumentDB, Amazon Neptune - Graph Database, Amazon Managed Blockchain, Amazon Quantum Ledger Database (Amazon QLDB), and Database Accelerators.

Module 6: Security

• The AWS Shared Responsibility Model divides security responsibilities between AWS and the customer.
• AWS Identity and Access Management (IAM) manages secure access to AWS services and resources.
• The AWS Account Root User is the owner of the account and has complete access to all AWS services and resources.
• An IAM User is an identity created in AWS representing a person or application that interacts with AWS services and resources and consists of a name and credentials.
• An IAM Policy is a document that allows or denies permissions to AWS services and resources, customizing user access levels.
• An IAM Group is a collection of IAM users.
• AWS Organization consolidates and manages multiple AWS accounts.
• Service Control Policies (SCPs) control permissions for the accounts by restricting AWS services, resources, and individual API actions accessible to users and roles in each account.
• Compliance consists of AWS Artifact to provide on-demand access to AWS security and compliance reports and select online agreements.
• AWS Artifact Agreements are agreements with AWS regarding the use of certain types of information throughout AWS services.
• AWS Artifact Reports provides compliance reports from third-party auditors that have tested and verified AWS's compliance with various standards and regulations.
• The Customer Compliance Center contains resources to help learn more about AWS compliance.
• Denial-of-Service Attacks involve Distributed Denial-of-Service Attacks (bots attack).
• AWS Shield protects applications against DDoS attacks.
• AWS Shield Standard protects AWS resources from common DDoS attacks.
• AWS Shield Advanced is a paid service that provides detailed attack diagnostics and mitigates sophisticated DDoS attacks. It integrates with services such as Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing, and allows custom rules with AWS WAF to mitigate complex DDoS attacks.
• AWS Key Management Service (AWS KMS) performs encryption operations using cryptographic keys.
• AWS WAF - is a web application firewall that monitors network requests to applications.

Module 7: Monitoring and Analytics

• Amazon CloudWatch monitors and manages metrics, configuring alarm actions based on data from those metrics.
• CloudWatch uses metrics to represent data points for resources, creating graphs to show how performance has changed over time.
• CloudWatch Alarms perform actions if a metric's value goes above or below a predefined threshold.
• AWS CloudTrail records API calls for an account, capturing caller identity, time of API call, and more. Events are typically updated in CloudTrail within 15 minutes after an API call.
• CloudTrail Insights is an optional feature for detecting unusual API activities in an AWS account.
• AWS Trusted Advisor inspects the AWS environment, providing real-time recommendations based on AWS best practices, comparing findings in 5 categories: cost optimization, performance, security, fault tolerance, and service limits.

Module 8: Pricing and Support

• AWS Free Tier enables beginning use of certain services without incurring costs for a specific period. Types of offers are: Always Free, 12 Months Free and Trials.
• AWS Pricing Calculator estimates the cost of use cases on AWS, organizing estimates by groups that reflect how your company is organized, such as by cost center.
• AWS Billing & Cost Management Dashboard is useful to pay AWS bills, monitor usage, and analyze and control costs.
• Consolidated Billing enables receiving a single bill for all AWS accounts in the organization with itemized charges for each account.
• AWS Budgets allows to plan service usage, service costs, and instance reservations. It updates info three times a day and allows setting custom alerts if usage exceeds, or is forecasted to exceed, the budgeted amount.
• AWS Cost Explorer visualizes, understand, and manage AWS costs and usage over time.