Topical Cards from Digital Cloud AWS Cert Exam Flashcards Preview

AWS Associate Developer Exam > Topical Cards from Digital Cloud AWS Cert Exam > Flashcards

Flashcards in Topical Cards from Digital Cloud AWS Cert Exam Deck (48)
Loading flashcards...

Kinesis Data Analytics

-used for processing and analyzing real-time streaming data from either Firehose or Data streams
-can only output data to S3, RedShift, Elasticsearch and Kinesis Data Streams
-Autoscaling and Managed (no servers)
-Real Time


Kinesis Data Firehose

-the easiest way to deliver data directly to AWS services or servicers like Splunk
-data is NOT stored
-serverless data transforms with lambda functions
-Kinesis Data Streams can be used as the source(s) to Kinesis Data Firehose
-near real-time (1 minute latency)


Kinesis Data Streams

-enables real-time processing of streaming big data
-stores data for later processing by applications (key difference with Firehose which delivers data directly to AWS services)
-partition keys can guarentee ordering
-records accessible from 24 hours (default) to 7 days
-does not deliver it to destinations such as Splunk
-must manage to scaling
-will have to develop code (producer/consumer) to use


Default IAM User Permissions

-By default IAM users are created with no permissions
-an IAM policy must be attached to the user before they can do anything (even view their own access keys)


EBS Encryption

-Data in transit between an instance and an encrypted volume is encrypted
-There is no direct way to change the encryption state of a volume
-All EBS types support encryption


Amazon Glacier Resilience

-99.999999999% durability of archives
-Data is resilient in the event of one entire AZ destruction
-Data is NOT replicated globally


EBS Instance Store Configuration

-Can only specify the instance store volumes for your instance when you launch the instance
-Cannot add EBS volumes after launch


Default Security Group Settings for a VPC

-Inbound rule that allows all traffic from the security group itself
-Outbound rule that allows all traffic to all addresses
-Custom security groups do not have inbound rules by default (blocking all inbound traffic) and allow all outbound traffic by default


RDS Database Restore

-Can restore up to the last 5 minutes
-default DB security group is applied to the new DB instance


Monitoring ELB Traffic

-Use VPC Flow Logs
-To set up, create a VPC flow log for each network interface associated with an ELB


Network ACL

-tied to subnets
-stateless rules (rules applied to incoming traffic will not be applied to outgoing traffic
-support allow and deny rules
-rules applied in order
-by default inbound rule denying all traffic and outbound rule denying all traffic


Enhanced Networking

-provides higher bandwidth, pakcet-per-second, and lower inter-instance latencies


DynamoDB Auto Scaling

-uses AWS Application Auto Scaling Service to adjust provisted throughput capacity to traffic patterns
-most efficient and cost-effective solution to optimizing cost



-automates application deployment to EC2 instances, on-premises instances, serverless lambda.



-mangaged instances of Chef and Puppet



-used to quickly deploy and mange applications in the cloud
-beanstalk handles deployment details for applications in Go, Java, Python, Ruby, Node.js, and PHP


Run Command

-designed to support a wide ranbe of enterprise configuration needs on windws machines
-can install software, run scripts, or powershell commnads
-accessible in the AWS Managment Console


AWS Config

-services that lets you assess, audit, and evaluate the configuration of your AWS Resources


POSIX Permissions

-allow you to restrict access from host by user group for EFS


EFS Security Groups

-can act as a fire wall to restrict network traffic for EFS


Direct Connect Gateway

-transitive peering connections for VPC, VPN, and Direct Connect
-can be assoicated with transit gateway when you have mutiple vpcs in the same region
-can be associated with a virtural private gateway


Direct Connect

-establish private connectivity between AWS and your datacenter
-set up a virtual private gateway on vpn and configured hardware connection to datacenter


VPN CloudHub

-hub-and-spoke VPN model to connect your sites


Transit Gateway

-transitive peering connections for VPC, VPN, and Direct Connect


Private Link

-connect services privately form your service VPC to customers VPC
-eliminates the exposure of data to the public Internet
-dosen't need vpc peering, public internet, NAT gateway, ect
-Must be used with NLB and Elastic Network Interface


VPC Endpoints

-provide private access to aws services within a vpc


Internet Gateway

-provide internet access at VPC level via ipv4 & ipv6


Route Tables

-connect subnets to Interne Gateway, VPC Peering Connections, VPC Endpoints, ect


Nat Instances

-provides internet access to private instances on private subnet
-Managed by user and requires additional set up like disabling source/destination check on the ec2


Network ACL

-Statless, subnet allow and deny rules