18128077
Beschreibung
Karteikarten von Ashley Robinson, aktualisiert more than 1 year ago
|
Erstellt von Ashley Robinson
vor fast 5 Jahre
|
|
| Frage | Antworten |
| AWS Agility | Elasticity, Scalability, and Reliability |
| AWS High Availability | AZs, Fault Tolerance, minimized downtime |
| AWS Security and Compliance | Security auditing, governance capabilities, MFA, least-privileged basis |
| Reliability | High performing, reliable solutions, ability to recover from failures, and high flexibility |
| Pricing | -Avoid dedicating resources to infrastructure -Pay-as-you-go (no minimum or long-term contracts) -enables elasticity (use more, save more - data storage and tiered pricing) -Cost optimization (Cost Explorer) -Trusted Advisor (increase performance, reliability, reduce cost, etc) |
| TCO Calculator | Estimates cost for on-prem or colocation environment |
| AWS Pillars | -Security -Reliability -Performance -Cost Optimization -Operational Excellence |
| Scalability | Architecture can handle growth in users, traffic, or data size with no decrease in overall performance |
| Disposable Resources | Instead of fixed servers, AWS allows your to dynamically provision resources based on your enterprise's current needs |
| Automation | Automating the AWS cloud environment boosts your your system's stability and organization's efficiency |
| Loose coupling | IT infrastructure is able to be organized into smaller, loosely coupled components where a change or failure in one does not affect others |
| Services | In lieu of servers, AWS offers compute, storage, database, analytics, application, and deployment services |
| Databases | Traditional data storage options limited organizations to technologies that are often subject to licensing and maintenance costs. With AWS, diverse database options removes these hindrances allowing users to choose the one that best suites their business needs |
| Datalake | An architectural approach that allows the system to store a large amount of data in a central location so it may be categorized, processes, analyzed, and consumed by different groups in the organization |
| High availability | By removing single points of failure with redundant, multiple components such as hard discs, servers, and network links the system becomes more resistant to disruption. This architecture lends itself well to being automated to increase data recovery when a component fails |
| Caching | Helps improve application performance and increases the cost efficiency of an implementation |
| Security | Most security tools and techniques IT personnel are familiar with are also available on the AWS Cloud. AWS also allows you to add security groups and customize rules on the platform itself |
| AWS Shared Responsibility Model | Customers are responsible for their security and compliance IN the Cloud (Platform, Applications, Identity & Access Management; OS, Network & Firewall Configuration; Client-side Data Encryption, Server-side Data Encryption, and Network Traffic Protection) AWS is responsible for the security OF the Cloud (AWS Foundation Services: Compute, Storage, Database, and Networking; AWS Global Infrastructure: Availability Zones, Regions, and Edge Locations) |
| Infrastructure Security | -Network firewalls built into Amazon VPC -TLS encryption in transit across all services -Private and/or dedicated connections to your data center |
| Infrastructure Resilience | -Technologies built from the ground up to harden itself agains DDoS attacks -Services will automatically scale according to server load -Technologies include Autoscaling groups, CloudFront (Amazon CDN), Route 53 |
| CDN | Content delivery networks provide a globally-distributed network of proxy servers which cache content, such as web videos or other bulky media, more locally to consumers, thus improving access speed for downloading the content. |
| Data Encryption | -Encryption for data at rest include EBS, S3, Glacier, RDS (Oracle and SQL Server) and Redshift -Key management through AWS KMS; either the user or Amazon can manage the keys -Dedicated hardware-based cryptographic key storage using AWS CloudHSM |
| Redshift | Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. The first step to create a data warehouse is to launch a set of nodes, called an Amazon Redshift cluster. After you provision your cluster, you can upload your data set and then perform data analysis queries. Regardless of the size of the data set, Amazon Redshift offers fast query performance using the same SQL-based tools and business intelligence applications that you use today. |
| Amazon S3 Glacier | Amazon S3 Glacier is a secure, durable, and extremely low-cost cloud storage service for data archiving and long-term backup Data is automatically distributed across a minimum of three physical Availability Zones that are geographically separated within an AWS Region. |
| CloudFront | Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds |
| Amazon Redshift cluster | An Amazon Redshift cluster is a set of nodes, which consists of a leader node and one or more compute nodes. The type and number of compute nodes that you need depends on the size of your data, the number of queries you will execute, and the query execution performance that you need. |
| Snapshots | Snapshots are point-in-time backups of a cluster. There are two types of snapshots: automated and manual. Amazon Redshift stores these snapshots internally in Amazon Simple Storage Service (Amazon S3) by using an encrypted Secure Sockets Layer (SSL) connection. If you need to restore from a snapshot, Amazon Redshift creates a new cluster and imports data from the snapshot that you specify. |
| AWS CloudHSM | A cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. CloudHSM offers you the flexibility to integrate with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries |
| Amazon Inspector | A security assessment service that automatically assesses apps for vulnerabilities or deviations from industry sanctioned best practices including impacted networks, OS, and attached storage |
| AWS CloudTrail | Provides deep visibility into API calls detailing who, what, to whom, and from where calls were made (monitoring and logging) |
| Amazon CloudWatch | CloudWatch provides you with data and actionable insights to monitor your applications, understand and respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications and services that run on AWS, and on-premises servers |
| AWS IAM | -AWS IAM lets you define individual user acounts with permissions -AWS Multifactor Authentication for privileged accounts, including options for hardware-based authenticators |
| Cloud computing | On-demand delivery of compute, database, storage, applications, and other IT resources through a cloud services platform via the Internet |
| 6 advantages | 1) Trade Capital Expense for Variable Expense 2) Benefit from massive economies of scale 3) Stop guessing about capacity 4) Increase speed and agility 5) Stop spending $ running and maintaining data centers 6) Go global in minutes |
| 3 types of cloud computing | -IAAS (AWS) manage the server, whether physical or virtual as well as the OS (EC2) -PAAS (GoDaddy, ElasticBeanstalk - upload code and they provision services) someone else manages the underlying hardware and OSs (security patches, updates, maintenance), you just focus on apps (LightSail) -SAAS (Gmail) you manage inbox, google takes care of data centers, servers, networks, storage, maintenance, patching |
| 3 types of cloud computing deployments | Public Cloud - AWS, Azure, GCP, Alibaba private (on prem) - you manage it in your datacenter (Openstack or Vmware) hybrid - mixture of both |
| AWS Global Infrastructure | Covers the following fields: |
| Topics necessary for Certified Cloud Practitioner Exam | -Compute, Storage, and Databases -Migration & Transfer, Network & Content Delivery -Security, Identity, & Compliance -AWS Cost management |
| First Tier concepts | Compute: EC2, Lamda Databases: Relational Database Service (RDS), DynamoDB (Non-relational DB) Storage: Simple Storage Service, Glacier Network: VPC, Route 53 |
| AWS Global Infrastructure - by 2019 | 24 regions (geographical area - us east 1 (nova) 2 or more availability zones) 72 availability zones (data center - building filled with servers (storage arrays, networking gear, firewalls, load balancers) may be serveral data centers but counted as one. Each has redundant power, networking, and connectivity housed in a separate facility > 150 edge regions - endpoints for AWS which are used for caching content (CloudFront (CDN) |
| Types of MFA | -Virtual MFA: installed on your mobile device or comuter -U2F security key: Yubikey or other U2F device -Other |
| Types of access for AWS account | -Programmatic access -AWS Management Console access -Amazon SDKs |
| Format of AWS Policies | JSON |
| What is IAM? | Identity Access Management. It is global, you do not specify a region when dealing with IAM. User and groups are created globally |
| S3 https://s3-{region}.amazonaws.com/{bucketName} | Secure, durable, highly scalable object storage for flat files or data that's already encoded -Object (not block - for OSes) based storage -0 to 5 TB -Files are stored in buckets (like a Folder) -S3 is a universal namespace |
| Objects on AWS | Consists of : -Key (name of file) -Value (data and is made up of sequence of bytes) -Version ID -Metadata -Subresources (Access Control Lists, Torrent) |
| Data Consistency | -Read after Write consistency for PUTS of new objects -Eventual consistency for overwrite PUTS and DELETES |
| S3 Guarantees | 99.99% availability 11 9's for durability |
| S3 Features | -Tiered Storage -Lifecycle Management (manage which storage tier) -Versioning (restore to a previous version) -Encryption at rest -Access Control Lists (individaul file basis) and Bucket Policies -scales automatically to meet your demand |
| 6 Different Storage Classes | -S3 Standard (can sustain loss of 2 facilities concurrently) -S3-IA (infrequently access but quickly, but charged a retrieval fee) -S3 One Zone -S3 Intelligent Tiering (uses machine learning to move data) -S3 Glacier (secure, durable, and low-cost storage for data archiving (minutes to hours) -S3 Glacier Deep Archive (12 hours acceptable) |
| Costs of S3 | -Storage -Requests -Storage Management Pricing -Data Transfer Pricing -Transfer Acceleration -Cross region replication |
| Transfer Acceleration | Fast, easy, secure transfer of files over a long distance b/w end users and a S3 bucket. Uses CloudFront's edge locations -Time of day and network latency affects speed; mostly occurs in regions near you |
| Cross-region replication | Whenever someone uploads to one bucket (say in Europe) it automatically uploads the file to your other bucket (say in South America) |
| CDN | A system of distributed servers (network) that deliver webpages and content to a user based on the geographic location of the user, the origin of the webpage, and the content delivery server |
| CloudFront | -Edge Location -Origin: origin of all the files that the CDN will distribute (S3 bucket, an EC2 instance, an ELB, or Route -Distribution: The name given in the CDN which consists of a collection of Edge Locations |
| CloudFront Distributions | Web: used for Websites RTMP: Media Streaming Content Deliver, you can delete distribution; will take 20 minutes |
| Serverless Website | S3 doesn't use servers but content is static URL: http://{bucketName}.s3-website-{region}.amazonaws.com |
| EC2 | Elastic Compute Cloud: virtual serer in the cloud |
| EC2 Pricing Models | -On demand (low cost and flexible; good for short-term, spiky, or unpredictable workloads or those being developed or tested for the first time -Reserved (1-3 year contract terms; good for steady-state or predictable usage and apps that require reserved capacity; standard reserved, convertible reserved, scheduled reserved) -Spot (bid for instance capacity - good if apps have flexible start and end times) -Dedicated Hosts |
| EBS | Storage volumes that are then attached to Amazon EC2 instances. You may then create a file system on top of the volumes, run a database, or use them like a block (virtual or physical hard disk) device. They are automatically replicated to protect you from failure of a single component |
| Types of EBS | SSD: General Purpose SSD (GP2) - balances price and performance for a wide variety of workloads Provisioned IOPS SSD - highest performance SSD volume for mission-critical low-latency or high-throughput workloads Magnetic: Throughput optimized HDD (ST1) - low cost HDD volume designed for frequently accessed, throughput-intensive workloads Cold HDD (SC1) - lowest cost HDD volume designed for less frequently accessed workloads (file servers) Magnetic - previous generation |
| Communication ports | Linux: SSH (port 22) Microsoft: Remote Desktop Protocol (RDP) (port 3389) http: (port 80) https: port 443 |
| Let it all in vs. let one in | 0.0.0.0/0 {public ip address}/32 |
| IAM Roles | IAM Roles are a secure way to grant permissions to entities you trust. For example: -IAM user in another account -application code running on an EC2 instance that needs to perform actions on AWS resources -an AWS service that needs to act on resources in your account to provide its features -users from a corporate directory who use identity federation with SAML |
| Load Balancers | -Application Layer 7 (Make Intelligent Decisions -Network (Extreme Performance/Static IP Addresses) -Classic (Test & Dev, keep costs low) *Make sure to have EC2s in multiple AZs to ensure no outages |
| Databases - Types | SQL Server Oracle MySQL Server PostgreSQL Aurora MariaDB |
| RDS Features | Multi-AZ for disaster recovery Read replicas - for performance (copies of production database) May have 5 copies of primary databases When they do their writes though, they do it to the primary |
| Non-relational DB | Collection = Table Document = Row Key Value Pairs = Fields Columns in table can vary (Will not affect other rows in table) |
| JSON/NoSQL (Non-relational DB) DynamoDB | { "_id": "23789423473892", "firstName": "John", "lastName": "Smith", "Age": "25", "address": [ {"street": Ocean Ave", "suburb":"Richmond"} ] } |
| Online Transaction Processing (OLTP) vs Online Analytics Processing (OLAP) | OTLP: Order number 23234 brings up Name, Date, Address to deliver to, Delivery Status, etc OLAP: Pulls in large number of records, not just one. ie Sum of Radios sold in EMEA |
| Data Warehousing | Allows you to run complex queries for business intelligence purposes. Used by management to away from main production database so performance is not compromised |
| Tools for Data Warehousing | Cognos, Jaspersoft, SQL Server Reporting Services, Oracle Hyperion, SAP NetWeaver |
| Redshift (for OLAP) | Amazon's service for data warehousing |
| Elasticache | A webservice that makes it easy to deploy, operate, and scale an in-memory cache in the cloud. It enhances the performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches, instead of relying entirely on slower disk-based DBs |
| Memcached, Redis | ElasitCache's open-source in-memory caching engines |
| Steps of Provisioning a RDS instance | -Open a MySQL port to Web-DMZ SG -Create an EC2 Instance -Install Wordpress using Bootstrap scripts - Register the EC2 instance to the target group -updated wordpress to the DNS name of ALB -Take a snapshot to use in autoscaling |
| CloudWatch | Monitors various metrics for RDS |
| Route 53 | Amazon's Domain Naming Service |
| Creating a domain name with Route 53 | If you choose a domain name, ensure you have a S3 bucket with the same name |
| Cloudformation | AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. Meaning you write a template (eg EC2 or RDS) in JSON and use it to launch resources. In other words, you don't need to individually create and configure AWS resources and figure out what's dependent on what; Cloudformation does that for you. Stack - A group of related resources that you manage as a single unit |
| Costs of Elastic Beanstalk and Cloudformation | They are free |
| What can Elastic Beanstalk provision? | EC2, security groups, some RDS Not programmable |
| What can Cloudformation provision? | Almost any AWS service |
| Traditional Computing vs Cloud Computing | -IT Assets as Provisioned Resources -Global, Available and Scalable Capacity -Higher level managed services -Built-in security -Architecting for Cost -Operations on AWS |
| SageMaker | Amazon SageMaker is a service that enables a developer to build and train machine learning models for predictive or analytical applications in the Amazon Web Services (AWS) public cloud |
| Scalability | Scale up (take t2 micro and increase its size so it's a bigger server) eg increasing amount of RAM or CPU Scale out - add multiple virtual machines behind an elastic load balancer |
| Scale Out | -Stateless Applications - for example lambda (runs an algorithm to determine what you want, and returns a result to you -Distribute load to multiple nodes - such as webservers or database servers -Stateless components (the more stateless your components, the more easily your infrastructure scales) eg cookies that store login data valid for x hours -Stateful components eg anything stored in a database -Implement session affinity eg sticky sessions with a cookie - session detects cookie and sends user to the same ec2 instance -Distributed processing (Elastic Mapreduce) -Implement distributed processing |
| Elastic Mapreduce | Amazon Elastic MapReduce (Amazon EMR) is a web service that makes it easy to quickly and cost-effectively process vast amounts of data. Amazon EMR uses Hadoop, an open source framework, to distribute your data and processing across a resizable cluster of Amazon EC2 instances. |
| Instantiating Compute Resources | -Bootstrapping -Golden Images -Containers -Hybrid (containers and ec2 instances) |
| Infrastructure as code | Cloudformation for example provisions all the resources you need as a JSON script |
| Automation | Serverless Management and Deployment - when serverless, you don't need to worry about infrastructure only about deployment using tools such as Codepipeline, Codedeploy, etc Infrastructure Management and Deployment - AWS Elastic Beanstalk, Amazon EC2 auto recovery, AWS systems manager, autoscaling -Alarms and Events (Cloudwatch) -AWS Lambda scheduled events -AWS WAF (web application firewall) security automations |
| Cloudwatch Event example | When someone uploads a photo to a S3 bucket, you can trigger a lambda function to place a watermark on it |
| Loose coupling | -Well defined interfaces: Amazon API gateway (allows you to create your own APIs and expose them to the public internet) -Service Discovery: Implement service discovery where ec2 instance is switched should one fail -Asynchronous integration -Distributed Systems Best Practices: graceful failure in practice |
| SQS | Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications |
| Services Not Servers | -Managed Services -Serverless Architectures Focus on S3 or lambda |
| Vertical Scaling | Scaling vertically takes place through an increase in the specifications of an individual resource, such as upgrading a server with a larger hard drive or a faster CPU. This way of scaling can eventually reach a limit, and it is not always a cost-efficient or highly available approach. |
| Horizontal Scaling | Scaling horizontally takes place through an increase in the number of resources, such as adding more hard drives to a storage array or adding more servers to support an application. This is a great way to build internet-scale applications that leverage the elasticity of cloud computing. |
| Stateless Applications | A stateless application is an application that does not need knowledge of previous interactions and does not store session information. For example, an application that, given the same input, provides the same response to any end user. Stateless apps can scale horizontally |
| Distribute Load to Multiple Nodes | May either use a push or pull model With a push model, you can use Elastic Load Balancing (ELB) to distribute a workload. |
Möchten Sie mit GoConqr kostenlos Ihre eigenen Karteikarten erstellen? Mehr erfahren.