Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
79 Cards in this Set
- Front
- Back
Availability Zone |
A data center, designed to be isolated from failures. |
|
Region |
Geographical area containing 2 or more Availability Zones. There are currently 11. |
|
Edge Location |
CDN (Content Delivery Network) endpoint for CloudFront. It's where files are cached. There are currently over 50. |
|
VPC |
Virtual Private Cloud. Lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. Have complete control over the IP address range, creation of subnets, and configuration of route tables and network gateways. Can use with VPNs. By default, allowed 5 VPCs in each AWS region. |
|
Route53 |
AWS' DNS service, play on Route 66, runs on port 53. |
|
S3 |
Simple Cloud Storage Service, object-based storage. Not suitable for installing an OS or running a database. "Unlimited" storage. File sizes up to 5 TB. Bucket names must be globally unique. Data is stored lexicographically (in alphabetical order). By default, all newly created buckets are private. |
|
CloudFront |
Content Delivery web service, uses edge locations. |
|
Glacier |
For data archiving and long-term backup. Can take 3 - 5 hours to retrieve a file. |
|
EFS |
Elastic File System. For EC2 instances, block-level storage. |
|
DMS |
Database Migration Service. Allows you to migrate your production database to AWS. AWS manages data-type transformation, compression, and parallel transfer, and ensures that data changes to the source database that occur during the migration process are automatically replicated to the target. Can help you switch from Oracle (paid) to MySQL (free). |
|
IAM |
Identity Access Management, allows you to create/manage users, groups, and roles, and their level of access to the AWS console. It is not region-specific. |
|
KMS |
Key Management Service. |
|
CloudTrail |
For auditing changes on AWS. Provides a record of your AWS API calls. You can use this data to gain visibility into user activity, troubleshoot operational and security incidents, or to help demonstrate compliance with internal policies or regulatory standards. |
|
SES |
Simple Email Service. |
|
SQS |
Simple Queue Service. AWS' first service offering. Distributed queue system that enables web service applications to quickly and reliably queue messages that one component in the app generates to be consumed by another component. They are stored in the queue while awaiting processing. Messages can contain 256KB of text, can be delivered more than once, and does not guarantee FIFO. Billed at 64KB chunks. Default visibility timeout is 30 seconds - can be extended up to 12 hours with ChangeMessageVisibility endpoint. |
|
SWF |
Simple Workflow Service. Makes it easy to coordinate work across distributed application components, as a coordination of tasks. Brokers the interactions between workers and deciders. Allows the decider to get consistent views into the progress of tasks and to initiative new tasks. Stores tasks, assigns workers, monitors their progress, and maintains the application's state. Ensures tasks don't get duplicated. Max workflow length is one year, and the length is measured in seconds. |
|
SNS |
Simple Notification Service. Allows you to setup, operate, and send notifications from the cloud. Can publish messages from an application and immediately deliver them to subscribers or other applications. Has a "publish-subscribe" messaging paradigm. Uses a push mechanism so clients don't have to poll. |
|
IAM Group |
Collection of IAM Users under 1 set of permissions. |
|
IAM Role |
Similar to a IAM User, in that it is an identity with permission policies that determine what the identity can and cannot do in AWS. Does not have any credentials (password or access keys) associated with it. Intended to be assumable by anyone (IAM user) who needs it. |
|
IAM User |
An IAM user is an entity that you create in AWS. The IAM user represents the person or service who uses the IAM user to interact with AWS. |
|
IAM Policy |
Document that defines one or more permissions. Can attach to IAM users, groups, and roles. |
|
ADFS |
Active Directory Federation Service. Provides users with single sign-on access to systems and applications located across organizational boundaries. You authenticate through ADFS first, which returns a SAML cookie, allowing you to login to AWS with a temporary security credential. |
|
SAML |
Secure Assertive Markup Language. https://signin.aws.amazon.com/saml |
|
Web Identity Federation |
For logging in with social media accounts like Facebook or LinkedIn. First you login to the social media account, which gives you a security token, which you use to get into AWS and obtain a temporary security credential, using a call to the AssumeRoleWithWebIdentity endpoint. |
|
True or False? Once an EC2 instance has been created, you cannot switch its role. You can only change the permissions that that role has been assigned. |
True. |
|
EC2 |
Elastic Compute Cloud. An instance is a virtual server in the AWS cloud. With Amazon EC2, you can set up and configure the operating system and applications that run on your instance. |
|
EC2 Spot Instances |
Allow you to bid on spare Amazon EC2 computing capacity. Often available at a discount compared to On-Demand pricing. As soon as the price rises above your bid, the instance is stopped. |
|
EBS |
Elastic Block Storage. Allows you to create storage volumes and attach them to EC2 instances. You can create filesystems, run databases, or any way you would use a block device. Placed in a specific availability zone, where they are automatically replicated to protect against failures. |
|
True or False? You cannot mount an EBS volume to multiple EC2 instances. |
True. You'd have to use EFS (Elastic File System) instead. |
|
True or False? You can assign roles to existing EC2 instances. |
False, you have to assign roles at the time of creation. |
|
Instance metadata |
http://169.254.169.254/latest/meta-data/ Can only be accessed from within the instance itself. Not encrypted. |
|
ELB |
Elastic Load Balancer. Can have multiple SSL certificates. Before using, must configure at least one Listener that will check for connection requests to your load balancer. |
|
ELB Listener |
A process that checks for connection requests to your load balancer. Must be configured with a protocol/port for the front-end (client to load balancer) connections and a protocol/port for the backend (load balancer to backend instance) connections. |
|
Supported ELB Protocols |
HTTP(S), TCP, SSL |
|
HTTP Codes |
200 = Success 3xx = Redirection 4xx = Client Error 5xx = Server Error |
|
Available AWS SDKs |
Android, iOS, JavaScript Java .NET Node.js PHP Python Ruby Go C++ (still in preview) |
|
AWS SDK Default Region |
US-EAST-1 (North Virginia) |
|
EC2 Instance Types |
D for Density I for IOPs R for RAM T for Cheap... general purpose M for Main choice, for general purpose apps C for Compute (CPU Intensive) G for Graphics |
|
S3 Object Consistency |
Read after Write consistency for PUTs of new objects. Eventual Consistency for overwrite PUTs and DELETEs. |
|
S3 Tiers |
S3 Standard - 99.99% availability, "11 - 9's durability" S3-IA - Infrequently Accessed data, but requires rapid access when needed. Costs less but has a retrieval fee. RRS - Reduced Redundancy Storage. Data is less durable, use if it's ok to lose some. Costs less than standard tier. Glacier - very cheap. Archival. Can take 3 - 5 hours to restore a file from it. |
|
URL for accessing an S3 Bucket online |
https://s3-region-name.amazonaws.com/bucket-name |
|
URL for accessing an S3 static website |
https://website-name.s3-website-region-name.amazonaws.com |
|
S3 and CORS |
CORS = Cross-Origin Resource Sharing Have to add CORS config in the bucket that's receiving requests from other places; the "allowed origins" being the places making the requests, whether those be other buckets or websites. |
|
CDN |
Content Delivery Network. A system of distributed servers (network) that delivers web content to a user based on their geographic location, the origin of the web content, and a content delivery server. Content is sent to the nearest edge location to the user, so it can be cached. |
|
(CDN) Distribution and Types |
A CDN consisting of a collection of edge locations. Web Distribution - for websites RTMP Distribution - for media streaming, uses Adobe Flash Media Server's Real-Time Messaging Protocol. |
|
S3 Transfer Acceleration |
Utilizes CloudFront Edge Network to accelerate uploads to S3. Costs extra. https://your-website.s3-accelerate.amazonaws.com |
|
Storage Gateway Types |
Gateway Stored Volumes - entire dataset is stored onsite and is asynchronously backed up to S3. Gateway Cached Volumes - entire dataset is stored on S3 and the most frequently accessed data is cached onsite. Gateway Virtual Tape Library - used for backup and uses popular backup applications like Netbackup, Backup Exec, Veam, etc... |
|
S3 Bucket Encryption |
Amazon uses Advanced Encryption Standard 256. |
|
Supported Relational Databases |
SQL Server Oracle MySQL Server PostgreSQL Aurora MariaDB |
|
OLTP and OLAP |
OLTP - Online Transaction Processing - run on the original copy of the database. OLAP - Online Analytics Processing - run on the data warehouse copy of the database. |
|
Elasticache |
Service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud. Supports Memcached and Redis, which are open-source in-memory caching engines. |
|
DynamoDB |
NoSQL database service, supports both document-based and key-value data models. Runs exclusively on SSDs. Total size of an item (including attribute names and values) cannot exceed 400KB. Spread across 3 geographically distinct data centers. Can have up to 35 levels of nesting. Uses primary keys. |
|
DynamoDB Primary Key Types |
Single attribute - think unique ID, called a hash or partition key. Composite - composed of 2 attributes, consists of a Partition/Hash key and a Sort/Range key. |
|
Partition Key |
DynamoDB uses the partition key's value as an input to an internal hash function. The output determines the partition (the physical location in which the data is stored). No two items in a table can have the same partition key value. |
|
Local Secondary Index |
Has the same partition key, but a different sort key than the default set for a table. Can only be created when creating the table. |
|
Global Secondary Index |
Has a different partition key and a different sort key than the default set for a table. Can be created at the time of table creation, or later. |
|
DynamoDB Streams |
Used to capture any kind of modification of the tables. Can be used to trigger Lambda functions. New item - stream captures an image of the entire item. Updated item - stream captures the before and after image of any attributes that were modified in the item. Deleted item - stream captures an image of the entire item before it was deleted. |
|
Query |
A query operation finds items in a table using only primary key attribute values. You must provide a partition attribute name and a distinct value to search for. Can optionally provide a sort key attribute name/value and use a comparison operator to refine the search results. By default returns all attributes - use ProjectionExpression parameters to refine which attributes are returned. Results are sorted by the Sort key if provided, in ascending order. Set the ScanIndexForward param to reverse it. |
|
Scan |
Examines every item in the table and returns all the data (and all it's attributes). Use ProjectionExpression parameters to refine which attributes are returned. Have to add "filters" to limit the result set. Far less efficient than using a query. |
|
DynamoDB Provisioned Throughput Calculations |
Read Throughput = [((size of read rounded up to multiple of 4KB) / 4KB) * (# of items)] / (2 if eventually consistent) Write Throughput = [(size of write) * (# of items)] |
|
What is the HTTP error you receive when you've exceeded your provisioned throughput for a table or your global secondary indexes? |
400 ProvisionedThroughputExceededException |
|
BatchGetItem |
API call to retrieve up to 100 items, or up to 1MB of data. Can retrieve from multiple tables at once. |
|
SQS Long Polling |
Way to retrieve messages from your SQS queue. Traditional short polling returns immediately. SQS long polling doesn't return a response until a message arrives in the queue, or the long poll times out, at 20 seconds. Long polling makes it easy and cheap to retrieve messages from the queue as soon as they're available. |
|
SNS Topic |
Allows you to group multiple recipients. A topic is an "access point" for allowing recipients to dynamically subscribe for identical copies of the same notification. |
|
SNS vs SQS SQS vs SWF |
SNS uses push, SQS uses pull/poll SQS allows messages to be duplicated, SWF prevents tasks from being duplicated |
|
SNS Protocols |
HTTP(S) Email-JSON Amazon SQS Application Can customize message per protocol. |
|
SWF Tasks |
Invocations of various processing steps in an application which can be performed by executable code, web service calls, human actions, and scripts. |
|
SWF Workers |
Program that interacts with Amazon SWF to get tasks, process received tasks, and return the results. |
|
SWF Deciders |
Program that controls the coordination of tasks, i.e., their ordering, concurrency, and scheduling according to the application logic. |
|
SWF Domain |
Your workflow and activity types and the workflow execution itself are all scoped to a domain. Domains isolate a set of types, executions, and task lists from others within the same account. You can only register a domain by using the AWS management console or by using the RegisterDomain API call. |
|
CloudFormation |
Service that allows you to script your infrastructure. Can choose from preexisting stack/templates. The service is free, but any resources it allocates are not necessarily. Use the GetAtt function to get information. Has Rollback enabled by default - if there's an error in the script, it'll de-provision all the resources it created. |
|
Elastic Beanstalk |
Free service, but pay for the resources it creates. For deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. |
|
VPC Pairing |
Allows you to connect VPCs via a direct network route using private IP addresses. Instances behave as if they were on the same private network. You can peer VPCs with other AWS accounts as well as with VPCs in the same account. There is no "transitive peering." |
|
CIDR |
Classless Inter-domain Routing. Subnetting, range of IP addresses to be used. Subnets are assigned to one availability zone. |
|
Internet Gateway |
An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. |
|
NAT |
Network Address Translation (remaps one IP address space into another by modifying network address information in Internet Protocol datagram packet headers while they are in transit across a traffic routing device. You have to disable Source/Destination Checks. |
|
ACL |
Network Access Control Lists. Like a firewall, can create network rules across entire subnets. Numbered list of rules checked in order. By default, starts as closed (nothing allowed through). Subnets can only be associated to one ACL at a time. |
|
RedShift |
AWS' data warehousing service. |
|
Elastic Map Reduce |
Allows organizations to do complex analysis on large volumes of data. |