Terms - Services
No duplicates - SQS FIFO / Simple WorkFlow (SWF) / Kinesis Data Streams
At least once delivery - SQS Standard
Exactly once processing - SQS FIFO
Instance level firewall - Security Group
Subnet level firewall - NACL
Infrastructure provisioning - CloudFormation
Real-time guidance to resouce provisioning - AWS Trusted Advisor
Recommendations for cost optimization / security / fault tolerance / performance / service limits - AWS Trusted Advisor
View & analyze costs/usage - AWS Cost Explorer
Automated security assessment service - Amazon Inspector
Improve security & compliance of applications - Amazon Inspector
Automatically assess applications for exposure, vulnerabilities and deviations from best practices - Amazon Inspector
Set custom budget alerts / reservation utilization / coverage targets / receive alerts - AWS Budgets
Integrate LDAP Directory Service to IAM - SAML / STS / Custom identity broker
Record of S3 actions - CloudTrail logs
IT audits and API logging for AWS resources - CloudTrail
Track API calls to AWS resources - CloudTrail
Identity which users & accounts called AWS, the source IPs and time of calls - CloudTrail
System monitoring based on server metrics - CloudWatch
Can't track API calls to AWS resources - CloudWatch / X-Ray / API Gateway
Detailed logging of object-level access requests to S3 - S3 server access logs
Static, Public IPv4 address - Elastic IP address
Allow outbound internet connection - NAT Gateway
Data archive - S3 Glacier
Deploy and manage HPC clusters - ParallelCluster
Process huge log files - EMR
Get EC2 data from inside a running instance - Instance metadata
Pub/Sub messaging service - SNS
Message queueing service which supports extensive list of industry-standard messaging APIs & Protocols - MQ
Message queueing service for existing applications - MQ
Message queueing service for brand new applications - SQS
Serverless function orchestrator - Step Functions
Multiple AWS services into serverless workflows - Step Functions
VPC IP traffic - VPC flow logs
Trace and analyze user requests through API Gateway - X-Ray
Debug and analyze microservices apps. with request tracing to find root-cause of issued and performance - X-Ray
Connect On-premises networks and VPCs to a single hub - Transit Gateway
Connect multiple VPCs to a single hub - Transit Gateway
Connect VPCs, VPNs & On-Premises networks to a single gateway, span multiple regions, using network Hub/Spoke model - Transit Gateway
Inter-region peering - Transit Gateway
Private virtual interface - Direct Connect Gateway
Use LACP to aggregate multiple connections at a single Direct Connect endpoint - LAG (Link Aggregation Group)
Share resources between regions - VPC Peering
Route traffic between VPCs using Private IPs - VPC Peering
Connect VPCs across accounts - VPC Peering
Connect VPCs across regions - Inter-region VPC Peering
No inter-region communication - VPC endpoint
OLAP - Redshift
OLTP - RDS
RDS Read-heavy DB workloads - RDS Read-Replica
RDS DB failover - RDS Standby-Replica
Get subset of S3 data using SQL - S3 Select
Query Redshift external tables hosted in S3 - Redshift Spectrum
Automatically move data between access tiers when the access pattern is unpredictable - S3 Intelligent Tiering
Process and return data in close geographical proximity to users - Lambda@Edge
Realtime data streaming - Kinesis
Collect and monitor custom metric - CloudWatch agent
Logs on VPC - Flow logs
Logs on EC2 instances - CloudWatch logs
Process and move data between different AWS services and On-Premises data sources - Data Pipeline
TCP/UDP / Layer-4 traffic - Network Load Balancer
HTTP / Layer-7 traffic / Weighted target groups - Application Load Balancer
No Weighted target groups - Network Load Balancer
Divert traffic between On-Premises and AWS - Application Load Balancer with Weighted target groups / Route53 with Weighted routing policy
Active-Passive failover - Route53 with Failover routing policy
Connect to two or more VPCs that are located in different AWS Regions - Direct Connect Gateway
Document & Key-Value store models - DynamoDB
Fully managed - DynamoDB / API Gateway / Lambda / NAT Gateway / Amazon FSx for Windows File Server
Highly available DB - DynamoDB / SimpleDB
Scalable NoSQL DB - DynamoDB / SimpleDB
No limit on request capacity & storage size - DynamoDB (not SimpleDB)
Flexible data model / High performance / automatic scaling of throughout capacity - DynamoDB
Managed but not Fully Managed - RDS
Relational DB - RDS / Aurora
Used for Graph DB - Neptune
Scaling up and down frequently - Cooldown period of ASG
Configure EC2 without RDP/SSH & run scripts - AWS Systems Manager Run Command
Prevent other consumers from receiving and processing messages - SQS Visibility Timeout
Data through internet API - S3
Object-level storage - S3
Block-level storage - EBS
Low-latency from a single EC2 instance - EBS
IOPS / Small/random IO operations / Bootable volume / Transactional workloads / Critical business applications that require high IOPS performance / Transactional DB workloads / Large DB workloads such as MongoDB, Oracle, MS SQL Server etc., - SSD
Throughput / Large/sequential IO operations / Not bootable volume / Large streaming workloads requiring consistent fast throughout at a lower price / Big data, data warehouses, Log processing / Frequently accessed throughput intensive workloads - HDD
Critical business applications that require high/sustained IOPS performance (small/random IO operations) - EBS provisioned IOPS SSD
Frequently accessed throughput intensive workloads (Large/sequential IO operations) - EBS throughput optimized HDD
Less frequently accessed workloads - Cold HDD
Only Linux workloads - EFS
Rapidly changing data - EFS
Multiple servers - EFS
Concurrently accessible storage - EFS
POSIX compatible file system - EFS
Strong consistency - EFS
File locking - EFS
Performance durability - EFS
High availability - EFS / Multi-AZ
High throughput and IOPS - FSx Windows file server
Extend On-premises data to AWS cloud - Storage Gateway
File system & Active Directory integration - FSx Windows file server & Storage Gateway - File Gateway
Across regions but within account - IAM Roles
Less frequent access + Rapid retrieval - S3 Standard - IA (Infrequent Access) Tiering
List countries the requests originate from - WAF Geo-match condition
List IPs the requests originate from - WAF IP-match condition
Allow or block requests from request origins - WAF Web ACL (NACL can't do this)
Check connection requests using the Protocol and Port set & route the requests to registered targets - LB listener rules
Enable outbound IPv6 communication from instances in VPC to Internet - Egress only Internet Gateway
Where the package should go next (to be routed) - Route Table Target
The packet's final destination (IP / CIDR range) - Route Table Destination
Categorize AWS resources - Tags
Can access specific tags - IAM Policies
Securely share resources across AWS accounts/organizations - Resource Access Manager (RAM)
Random prefix to key names to improve performance - S3 (not required anymore)
To target a specific partition in S3 read - S3 sequential prefix to key names
S3 GET - 5500 requests/second
S3 PUT - 3500 requests/second
Time-sensitive messages / Messages should be processed within a specific time (create alert if the message remains long in the queue) - ApproximateAgeOfOldestMessage CloudWatch metric
Logical grouping of EC2 instances / Instances are close in single AZ / HPC applications - Cluster placement group
Logical grouping of EC2 instances / Instances in different partition do not share underlying hardware / Large distributed and replicated workloads such as Kafka, Hadoop and Cassandra - Partition placement group
Logical grouping of EC2 instances / Small group of instances across distinct underlying hardware to avoid correlated failures / Small number of critical instances that require separation from one another - Spread placement group
Target value / Increase or decrease the current capacity of an Auto Scaling Group based on a target value for a specific metric / if based on utilization metric i.e., a metric that increases or decreases proportionally to the number of instances in an Auto Scaling group- Target tracking scaling
Threshold values / Increase or decrease the current capacity of an Auto Scaling Group based on a set of scaling adjustments, known as step adjustments, that vary based on the size of the alarm breach / if based on non-utilization metric i.e., a metric that DOESN'T increase or decrease proportionally to the number of instances in an Auto Scaling group - Step scaling
Single scaling adjustment / Increase or decrease the current capacity of an Auto Scaling Group based on a single scaling adjustment - Simple scaling
Predictable load changes - Scheduled scaling
Access S3 from VPC in AWS network - Gateway Endpoint / Gateway VPC Endpoint
Gateway Endpoint + access S3 from On-Premises/different AWS region - VPC Interface Endpoint
Connect VPC to AWS services without Internet Gateway, NAT device, VPN or Direct Connect - VPC Interface Endpoint
VPC to VPC - VPC Peering
VPC to Public service like S3/DynamoDB - Endpoints
Endpoints to access public service like S3/DynamoDB - Gateway Endpoint (route table)
Endpoints to access other services - Interface Endpoint (eni)
Secure access to RDS MySQL/PostgreSQL - IAM DB Authentication
Centrally manage SSO access and user permissions for all of your AWS accounts managed through AWS Organizations - AWS SSO
Retain a copy of frequently accessed S3 data locally On-Premises with low-latency / Mount volumes as iSCSI devices - Cached Volume Gateway in AWS Storage Gateway
Low-latency access to your entire dataset - Stored Volume Gateway in AWS Storage Gateway
Cost-effective, durable, long-term offsite alternative for data archiving - Tape Gateway
Store and retrieve Amazon S3 objects through NFS and SMB protocols - File Gateway
Mission-critical data - Reserved EC2 instances
Non-essential batch jobs - Spot EC2 instances
The SQS messages are deleted automatically after - SQS Retention period
Return empty/non-empty response from queue immediately - SQS short-polling
Doesn't return response from queue until a message arrives - SQS long-polling
Encrypted EBS volumes + data at rest - Amazon managed keys in KMS + Own keys in KMS
HIPAA - KMS
Store keys (not passwords) - CloudHSM
Provides SSL certificates - AWS Certificate Manager (ACM)
File system storage + Scalable + HPC (high performance computing) + SMB protocol + Windows NTFS + Active Directory (AD) integration + Distributed File System (DFS) - Amazon FSx for Windows File Server
Move huge On-Premises data to S3/AWS - DataSync
Doesn't support Windows servers/applications - Amazon FSx for Lustre
Available in Multiple AZs/regions - Durable / Durability
Two static IPs - Global Accelerator
Control the proportion of traffic directed to each endpoint - Global Accelerator
Objects which can be associated to the Static IPs provided by AWS Global Accelerator - Network Load Balancers, Application Load Balancers, EC2 Instances, and Elastic IP addresses
Provide visibility into management operations that are performed on resources in your AWS account - AWS CloudTrail Management Events
Provide visibility into the resource operations performed on or within a resource - AWS CloudTrail Data Events
Write-once-read-many (WORM) model - S3 Object Lock
Move/migrate data - DataSync
Move/migrate obsolete data - DataSync
Replicate data - Storage Gateway
Audit stored objects - S3 server access logging
Pending, Pending:Wait, Pending:Proceed, InService - ASG Scale-Out actions
Terminating, Terminating:Wait, Terminating:Proceed, Terminated - ASG Scale-In actions
Collect logs from EC2 instances - CloudWatch agent
Comments
Post a Comment