Topical Cards from Practice Exam 1 Flashcards Preview

AWS Associate Developer Exam > Topical Cards from Practice Exam 1 > Flashcards

Flashcards in Topical Cards from Practice Exam 1 Deck (42)
Loading flashcards...

Amazon Aurora

-MySQL or PostgreSQL compatible editions
-Low Latency



-Not Serverless
-Used for Caching
-Low Latency



-key-value database (no sql)
-low latency


Origin Access Identity

-used for sharing private content via CloudFront
-is a virtual user identity that will be used to give your CF distribution permission to fetch a private object from your origin server (e.g. S3 bucket).



-content delivery network
-for dynamic and static content
-caching with cloud front can reduce network cost and load on ec2s/lambdas for serving popular content
-has Point of Presence(edge locations) for low latency
-has regional location to help reduce latency/network traffic for less popular content that isn't fit for PoP


CloudFront Signed URLs

-Used to enable users to securely access content
-access to individual files, for example, an installation download for your application
-used when your users are using a client (for example, a custom HTTP client) that doesn't support cookies.


CloudFront Signed Cookies

-Used to enable users access to multiple restricted files, for example, all of the files for a video in HLS format or all of the files in the subscribers' area of website.
-don't want to change your current URLs


SSE-C Encryption

-Customer-Provides Keys and manages key creation process
-AWS handels the encryption process
-AWS manages key storage and roation process


Client-side encryption

-encrypting data before sending it to Amazon (you handle encryption process)
-Method 1) use a master key you store within your application
-Method 2) Use a customer master key (CMK) stored in AWS Key Management Service


Source/Destination Check

-Controls whether source/destination checking is enabled on an ec2 instances
-Disabling this attribute enables an instance to handle network traffic that isn't specifically destined for the instance.
-Must be diabled for instances running network address translation, routing, or a firewall service
-enabled by default



-fully managed message queuing service that enables you to decouple and scale microservices
-CANNOT be used as a trigger source for Lambda
-Standard queues offer maximum throughput, best-effort ordering, and at-least-once delivery
-FIFO queues are designed to guarantee that messages are processed exactly once, in the exact order that they are sent
-FIFO queues support up to 3000 messages per second



-highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices
-SNS won't keep our data if it cannot be delivered
-SNS cannot be used for data streaming
-offeres email and text notification capability
-can be used as an event source to trigger Lambdas


Amazon Neptune

-Not Serverless
-Graph Database (highly connected dataset.. ie social network data)
-highly available
-secure with support for HTTPS encrypted client connections and encryption at rest


Amazon Relational Database Service (Amazon RDS)

-Not Serverless
-relational database


Snowball Edge Storage Optimized

-optimal choice if you need to securely and quickly transfer dozens of terabytes to petabytes of data to AWS
-80 TB of usable HDD storage, 40 vCPUs, 1 TB of SATA SSD storage, and up to 40 Gb network connectivity to address large scale data transfer and pre-processing use cases
-original Snowball device had 80TB of storage space


Multi-AZ Amazon RDS

-Multi-AZ deployments for MariaDB, MySQL, Oracle, and PostgreSQL DB instances use Amazon's failover technology
-SQL Server DB instances use SQL Server Database Mirroring
-automatically provisions and maintains a synchronous standby replica in a different Availability Zone
-Failover is automatically handled by Amazon RDS by fliping the canonical name record (CNAME) for your DB instance to point at the standby


Storage Gateway File

-AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage
-Tape Gateway for connecting tape backups to the cloud
-File Gateway for connecting to the cloud in order to store application data files and backup images as durable objects on Amazon S3
-Volume Gateway to present cloud-based iSCSI block storage volumes to your on-premises applications


Network Load Balancer

-best suited for use-cases involving low latency and high throughput workloads that involve scaling to millions of requests per second
-Network Load Balancers expose a fixed IP to the public web
-Network Load Balancers don't support security groups, based on the target group configurations, the IP addresses of the clients or the private IP addresses associated with the Network Load Balancers must be allowed on the web server's security group
-Layer 4 operator


Application Load Balancer

-Ideal for advanced load balancing of HTTP and HTTPS traffic
-Layer 7 operator
-provides advanced request routing targeted at delivery of modern application architectures, including microservices and container-based applications
-expose a fixed DNS (=URL) rather than the IP address


Classic Load Balancer

- intended for applications that were built within the EC2-Classic network
-expose a fixed DNS (=URL) rather than the IP address


Launch Configuration

-Launch Configurations are used to launch EC2 instances in an Auto Scaling Group
-Launch Configurations are Immutable (can't change)
-To modify an EC2 instance's config in an ASG, you need to create a new Launch Congifuration



-offer cost-effective storage that is ideal for a broad range of workloads
-single-digit millisecond latencies
-up to 16,000 IOPS
-range in size from 1 GiB to 16 TiB
-deliver their provisioned performance 99%
-Volume size is 1 GB to 16 TB.


EBS io1

-designed to meet the needs of I/O-intensive workloads, particularly database workloads, that are sensitive to storage performance and consistency
-you to specify a consistent IOPS rate when you create the volume
-delivers the provisioned performance 99.9 percent of the time
-up to 64,000 IOPS per volume
-Volume size is 4 GB to 16TB.


AWS Systems Manager Parameter Store (aka SSM Parameter Store)

-provides secure, hierarchical storage for configuration data management and secrets management
-an store data such as passwords, database strings, EC2 instance IDs, Amazon Machine Image (AMI) IDs, and license codes as parameter values
-can store values as plain text or encrypted data
-can reference parameters via the unique name specified at parameter creation


NAT Gateways

- enable EC2 instances in a private subnet to connect to the internet or other AWS services
-prevent the internet from initiating a connection with those instances
-cannot associate a security group with a NAT gateway.
-can associate exactly one Elastic IP address with a NAT gateway


VPC Peering

-networking connection between two VPCs, non transative
-enables you to route traffic between them using private IPv4 addresses or IPv6 addresses
-EC2 instances in either VPC can communicate with each other as if they are within the same network
-can connect between your own VPCs, or with a VPC in another AWS account


Dynamic Port Mapping

-available with an Application Load Balancer
-makes it easier to run multiple tasks on the same Amazon ECS service on an Amazon ECS cluster
-you can run multiple tasks from a single service on the same container instance


RDS Encryption

-must encrypt prior to launch (cannot change encryption after launch)
-cannot create encrypted read replica from unencrypted master DB
-cannot create an encrypted Read Replica from an unencrypted master DB instance
-Read replicas in same region as master are encrypted with same key
-Read replicas in a different region as master can be encrypted with a different key


IAM Access Key

-used for signing programmatic requests you make to AWS



-can be used for envelope protection of keys before they are written to disk.