1. DR MC GIFT PX
2. root volumes cannot
have encrypted and additional volumes can be encrypted.
3. security groups
are stateful
4. default security
allows all traffic
5. RDP – 3389
6. Mysql/Aurora :
3306
7. Multiple
Security groups can be applied to single EC2
8. All inbound traffic
blocked by default and outbound traffic allowed
9. Changes to security
groups can take effect immediately.
10. We can not
block/deny traffic from security groups
11. EBS-EC2 should
be same region
12. EBS storage
volume type can change without downtime required.
13. Basic Cloud
watch metrics Monitoring – 5min
14. Details Cloud Watch
Monitoring – 1Min
15. Snapshots exist
in s3
16. Snapshots are incremental
17. To create
snapshots of Amazon EBS volumes the server as root devises you should stop the
instance.
18. Snapshots of
encrypted volumes are encrypted automatically
19. Snapshots can be
shared with other AWS accounts or made public
20. RAID = Redundant Array of Independent Disk
o
RAID 0 – Striped, No Redundancy , Good Performance
o
RADI 1- Mirrored, Redundancy
o
RAID 5- Good for reads
o
RAID 10- Striped&Mirrored,Good Redundancy, Good
Performance.
21. We can not add
more instance store volumes and can add additional store volumes.
22. EBS-Stop,
Shutdown, Terminate
23. Instance Store
- reboot, Terminate
24. EBS volumes: the root devise for
an instance launched from the AMI is an Amazon EBS volume created from an
Amazon EBS snapshot
25. Instance Store Volumes: the root devises for an instance launched from the AMI is
an instance store volume created from a template stored in Amazon S3
26. Instance stores
volumes cannot be stopped where EBS root devise volumes can be stopped.
27. ELB Health Check –
o
Reponses Time out:
2- 60 Sec
o
Interval – 5-300 sec
o
Unhealthy threshold
o
Healthy threshold
|
Feature
|
Classic Load Balancer
|
Application Load Balancer
|
|
Protocols
|
HTTP, HTTPS, TCP, SSL
|
HTTP, HTTPS
|
|
Platforms
|
EC2-Classic, EC2-VPC
|
EC2-VPC
|
|
Sticky sessions (cookies)
|
YES (you can provide your own application cookie)
|
Load balancer generated
|
|
Back-end server authentication
|
YES
|
NO
|
|
Back-end server encryption
|
YES
|
YES
|
|
Idle connection timeout
|
YES
|
YES
|
|
Connection draining
|
YES
|
YES
|
|
Cross-zone load balancing
|
YES
|
Always enabled
|
|
Health checks
|
YES
|
YES (Improved)
|
|
CloudWatch metrics
|
YES
|
YES (Improved)
|
|
Access logs
|
YES
|
YES (Improved)
|
|
Path-based routing
|
NO
|
YES>
|
|
Route to multiple ports on a single instance
|
NO
|
YES
|
|
HTTP/2 support
|
NO
|
YES
|
|
Websockets support
|
NO
|
YES
|
|
Load balancer deletion protection
|
NO
|
YES
|
28. No public Ip
address for ELB
29. 2 load balancers:
Application (Internet and Intranet) and Classic Load balancer
30. Instances
monitored by ELB are reported as: InService or OutService
31. ELB has their
own DNS name no Ip address given to it.
32. Cloud Watch –
CPU Utilization,
Amazon S3 supports both virtual-hosted–style and
path-style URLs to access a bucket.
·
In a virtual-hosted–style
URL, the bucket name is part of the domain name in the URL. For example:
o
http://bucket.s3.amazonaws.com
o
http://bucket.s3-aws-region.amazonaws.com.
In a
virtual-hosted–style URL, you can use either of these endpoints. If you make a request
to the
http://bucket.s3.amazonaws.com endpoint, the DNS has sufficient information to
route your request directly to the Region where your bucket resides.
·
In a path-style URL, the
bucket name is not part of the domain (unless you use a Region-specific
endpoint). For example:
o
US East (N. Virginia) Region endpoint,
http://s3.amazonaws.com/bucket
o
Region-specific endpoint,
http://s3-aws-region.amazonaws.com/bucket
In a
path-style URL, the endpoint you use must match the Region in which the bucket
resides. For example, if your bucket is in the South America (São Paulo)
Region, you must use the
http://s3-sa-east-1.amazonaws.com/bucket endpoint.
If your bucket is in the US East (N. Virginia) Region, you must use the http://s3.amazonaws.com/bucket endpoint.
33. We can attach /
Replace IAM Role running EC2 instance.
35. Metadata curl
http://169.254.169.254/latest/metadata/public-ipv4
36. Placement is
logical grouping of instances with in available zones
37. Placement group
cant span multiple available zone
38. PG name must
be unique
39. Only certain
instances types can be launched in pg
40. You cannot
merge PG
41. You cannot
launch existing instance in pg possible only ami
42. EFS supports
nfs4
43. EFS Data is
stored multiple AZ with in region
44. EFS block based
stroage
45. EBS
o
SSD General Purpose – GP2
o
SSD provision IOPS -IO1
o
HDD, throughput Optimized ST1
o
HDD Cold – SC1
o
HDD Magnetic
46. Termination
protection is turned off by default you must turn on
47. AMI’s are regional
48. AWS Lambda is
compute service where you can upload your code and create lambda function
49. AWS Lambda
takes care of provisioning and manage the server that you use to run the code
50. Cloud Watch is
for Performance monitoring
51. Cloud Trail for auditing
(User events, login.)
52. Roles are
universal
53. DNS is used to
convert human friendly domain names into an IP address
54. IPV4 is 32 bits
and IPV6 is 128 bits
55. The last word on
domain name is representing the top-level domain
56. Second word is
in domain name is known as Second level domain
57. CNAME – Canonical
name – mobile website.
58. CNAME can not
used for naked domain names
59. You can’t have
CNAME for website it must A records
60. ELB dot not have
predefined IPV4 address you resolve to them using DNS name
61. Any hosted Zone
has default types NS, SOA records.
62. Route53 Policies
1. Simple Routing Policy- Round ROBIN
2. Weighted Routing Policy (Split your traffic based on different weights(80%,20%)
assigned
3. Latency route your traffic based on the lowest network latency for you end
user.
4. Failover routing policy(Outage) when you created active passive
5. Geolocation routing policy where your traffic will be sent based on the
geolocation
63. 2 types of
backup Automated backups and Database snapshots
64. Automated backup
are default and backups are store in S3
65. Snapshots are
done manually They are stored even after you delete original RDS instance.
66. Encryption
supported My SQL, Oracles Server, PostgreSQL and MariaDB
67. DB Multi AZ is
for Disaster Recover only.
68. Multi AZ
supports SQL Server
o
Oracle,
o
My SQL
o
Postgre
o
MairaDb
69. Read Relplica
will boostup DB performance
70. RR allow you
have readonly copy of you production DB
71. RR supports
o
Mysql
o
POSTgRE sql
o
MariaDB
72. RR used ofr
scaling not for DR
73. Automatic
backups must be turn on in order to deploy RR
74. We can have up
to 5 RR copies of any DB
75. We can RR of RR
76. Each RR will
have its own DNS endpoint
77. You cannot have
RR that have Multi AZ
78. DynamoDb offer
Push button scaling means that you can scale your DB on the fly without any
downtime
79. DynamoDB is fast
and flexible NOSQL database service for all supplication that need consistent
80. DynamoDB fully managed DB and support both document and
key-value data model
81. DynamoDb always
stored in SSD Storage
82. DynamoDb great
FIT for
o
Mobiles
o
Web
o
Gaming
o
Ad-tech
o
IoT
83. DynamoDB Always stored on SSD and spread across 3
geographically distinct data centers
84. DynamoDB
Eventually Consistent Read-Default and strong consistent read
85. Redshift is fast
and power fully managed petabyte scan data warehouse service and its for OLAP
86. Redshift has 2 nodes
o
Single Node (160 GB)
o
Multinode
§ Leader Node
§ Compute Node
87. Redshift only available
in 1 AZ
88. Elastic Cache
o
Memcached
o
Redis(key Value store) and Multi AZ supports
89. Elastic Cache
significantly improve latency and throughput for many read heavy application
workloads
90. Aurora is MySQL
Compatible and 5 times better performance than MySQL
91. Aurora Compute
Resource can scale upto32vCPU
92. 2 copies of your
data is contained in each AZ with minimum 3 AZ,6 copies of your data
93. 2 Types of
Replicas available
94. Aurora Replicas
– currently 15
95. We can import
data in to amazan RDs
o
MySQL import/MySQL
dump for MySQL
o
Data Pump, import/export or SQL Loader for Oracle
o
Full backup or Bulk Copy for SQL Server
96. Amazon Magnetic
storage is suitable for small database workloads where gdata is access less
frequently and Magnetic is not recommended for production
97. General purpose SSD
is suitable for broad range of database workloads that have moderate I/O requirements
98. Provisioned SSD
is an SSD backed storage option designed to deliver fats and predictable and
consistent I/O
99. Default RDS backups
retention period is 7 days
but can be set up to 35days
100. DB snapshots are
user initated and enable you to back up your DB instance
o
Create-db-snapshot,AWS Management
Console,CreateDBSnapshot API
o
Copy-db-snapshot
101.
Automatic
backup is deleted when DBinstance deleted and snapshots are retained after DB
instance is deleted.
102. Migration of Db instance
from inside to outside VPC is not supported and Db snapshot in side VPC can not
be restored to outside VPC
103. You can change
an existing Db subnet to add more subnets and Removing subnet from an existing DB subnet can cause
unavailability for instances is they running in particular AZ that gets
removed from subnet group
104. To begin using
the Amazon RDS you will need an AWS developer account
105. AWS CloudTrail
is webservice that records AWS API calls for your account and deliver log files
to you
106. You can not use
standby for read and Write operations
107. Aurora allows
you to create up to 15 read Replicas for given DB cluster
108. MYSQL, MariaDB
and PostgreSQL currently allow you to create up to 5 Read Replicas
109.
RDS for
PostgreSQl : read replica of read replica are not currently supported.
110. You can promote
read replica as stand alone
|
Feature
|
PostgreSQL
|
MySQL
|
MariaDB
|
|
Maximum Read Replicas allowed
per source DB Instance
|
5
|
5
|
5
|
|
Replication method
|
Asynchronous
Physical |
Asynchronous
Logical |
Asynchronous
Logical |
|
Must automatic backups be
enabled for Read Replica support?
|
Yes
|
Yes
|
Yes
|
|
Engine versions for which Read
Replicas are available
|
9.3.5 or later
|
5.5 or later
|
10.0 or later
|
|
Promotion of Read Replica to a
new standalone DB Instance
|
Supported
|
Supported
|
Supported
|
|
Creation of Indexes on Read
Replica
|
Currently not supported
|
Supported
|
Supported
|
|
Creation of Backups of Read
Replicas
|
Currently not supported
|
Supported
|
Supported
|
|
Chaining of Read Replicas
(i.e., Read Replicas of Read Replicas) |
Currently not supported
|
Supported
|
Supported
|
|
Cross-Region Read Replicas
|
Supported
|
Supported
|
Supported
|
|
Multi-AZ Read Replicas
|
Currently not supported
|
Supported
|
Supported
|
111.
DynamoDB –
Limitation
o
Total size of an item including attribute name and
attribute should not exceed
400KB
o
A scan Operation on table or secondary index has limit
of 1 MB
o
Supports – Number, String, Binary and Boolean
112. From the
DynamoDB console, when you create a new table, leave the 'Use default settings' option
checked, to enable Auto Scaling and apply the same settings for global
secondary indexes for the table
113. Fine Grained Access Control(FGAC) gives a DynamoDB table owner a high degree of control over
the data in the table
114. DynamoDB
reserved capacity cannot cancel and onetime payment is refundable
115. VPC is data center
in the cloud and isolated section of the AWS where you can launch instances
116.
10/8 highest
address range and 10/28
117. Default VPC have
route to internet
118. 1 Subnet = 1 AZ
119.
Security groups
are stateful and Network Access Controls List are stateless
120. You must disable
source destination Check for NAT Instance
121. NAT Instances
must be public subnet
122. NAT Gateways
Scale up to 10 GBPs
123.
Custom NACL is default
DENY all the inbound and outbound traffic
124. VPC flow logs enables
you to capture information about the IP
traffic going to and from n/w interfaces in your VPC
125. VPC flow logs
store as cloud watch logs
126. Flow Logs can have
created in 3 levels
o
Subnet
o
VPC
o
Network Interface Level
127. You can not
create flow logs for VPC that are peered with your VPC
128. Flow logs cannot
have tagged
129. NAT is used to provide
internet traffic to EC2 instances in private subnets
130. Bastion is used
securely administer Ec2 instances (using SSH or RDP) in private subnets
131. SQS is
webservice that gives you access to message queue that can be used to
store message while waiting for computer
to process them
132.
Using the SQS
you can decouple the component of an application so they run independently
133. SQS Messages can contains 128 KB text in any format
134. 2 types of sqs
queues
o
Standard- default-message can be delivered at least
once but no guarantee on order - unlimited
o
FIFO-limited 300 per second
135. SQL is pull based and message can be kept 1 min to 14
days in queue but default in 4 days
136. Visibility time
out is 12 hours in sqs
137. SWS - is webservice that makes it easy to
coordinate work across distributed application components
138. SQS has retention period is 14 days, SWF up to 1 year for
workflow execution
139. SWF ensures that
task assigned only once it never be duplicated
140. SWF Actors
o
Workflow
initiators - An application that can Initiate a workflow
Example : Could be your e-commerce website when placing an order or a mobile
app searching for bus times.
o
Deciders -
Controls the flow of activity task in a workflow execution if some thing
has finished in a workflow a decider decides what to do next
o
Activity
Workers - Carry out the activity tasks
141. SNS – Is
webservice that makes it easy to set up, operate and send notification from the
cloud
142. SNS is push
Notification to apple, Google,Fore OS…
143. SNS can trigger
the Lambda function now.
144. SNS allows you
to group multiple recipients using topics
145. SNS are store
redundantly across he multiple AZ
146. Elastic
Transcoder convert media files from their original format that will play on smartphones,
tables etc
147. API Gateways is
fully managed service that makes it easy for developers to publish, maintain,
monitor and secure API’s at any scale.
148. CORS is
mechanism that allows restricted resources on webpages to be requested from
another domain outside the domain form the first resource was survived
149. Error
– “origin policy cannot be read at the remote resource?” you need to enable
CORS on API Gateways
150. Kinesis – Streaming Data that is generated continuously
by thousands of data source.
o
Purchases from the online stores
o
Stock prices
o
Games data
o
Social network data
151. Kinesis 3 types
of streaming
o Kinesis Streams
§ Kinesis data is
stored in Kinesis Stream for 24 hours and can extend up to 7 days
§ Kinesis streams
consist of shards
o Kinesis Firehose
§ As soon data
arrives to Kinesis it sends data to S3 to redshift
o Kinesis analysis
152. Main components
on VPC is
o
Subnet
o
Internet Gateway
o
NAT Gateway
o
Hardware VPN Connection.
o
Virtual Private Gateway – AWS VPC side of VPN
connection
o
Customer gateways: Customer side of VPN connection
o
Router
o
Peer Connection
o
VPC End point
o
Egress-only
Internet Gateways – Stateful getaway to provide egress only access for
IPv6traffic from the VPC to the internet.
153. If you Access
Aws access via VPN connection, you will incur Internet data transfer charges.
154. You can Public IP including Elastic IP address(EIP’s) to
give EC2 instances in the
VPC the ability to both directly communicate outbound to the internet and
receive unsolicited inbound traffic from the internet
155. Default VPC’s
assigned c CIDR range of 172.31.0.0/16
and Default subnet with
default VPC are assigned to /20 netblocks within the VPC CIDR range
156. Currently VPC supports 5 IP address ranges 1 primary 4
secondary for Ipv4,Each of these ranges can be between /28 and /16 in size and for Ipv6 the VPC of fixed size
of /56
157. Currently you
can create 200 subnets per VPC.
158. You can assign
one or more secondary private IP addresses to an Elastic Network Interfaces or
EC2 instances in VPC
159. VPC does not
support multicast or broadcast
160. There are multiple
ways for your resources within a VPC to communicate with Amazon S3
o
You can use VPC endpoint for S3
o
You can use IG to enables internet access from your
VPC and instances can communicate with S3
o
You can also make all traffic to S3 traverse the
Direct to Pinegrass from your data center
161. You can use the
VPC Flow logs to monitor the network traffic
162. VPC available
I’m multi AZ in all Regions and can span multi AZ
163. Subnets can’t
span multi AZ
164. You can use AMI and
EBS are in VPC that are registered in same region as your VPC
|
Characteristic
|
EC2-Classic
|
Default VPC
|
Nondefault VPC
|
|
Public IPv4 address (from Amazon's
public IP address pool)
|
Your instance receives a public IPv4
address.
|
Your instance launched in a default
subnet receives a public IPv4 address by default, unless you specify
otherwise during launch, or you modify the subnet's public IPv4 address
attribute.
|
Your instance doesn't receive a public
IPv4 address by default, unless you specify otherwise during launch, or you
modify the subnet's public IPv4 address attribute.
|
|
Private IPv4 address
|
Your instance receives a private IPv4
address from the EC2-Classic range each time it's started.
|
Your instance receives a static
private IPv4 address from the address range of your default VPC.
|
Your instance receives a static
private IPv4 address from the address range of your VPC.
|
|
Multiple private IPv4 addresses
|
We select a single private IP address
for your instance; multiple IP addresses are not supported.
|
You can assign multiple private IPv4
addresses to your instance.
|
You can assign multiple private IPv4
addresses to your instance.
|
|
Elastic IP address (IPv4)
|
An Elastic IP is disassociated from
your instance when you stop it.
|
An Elastic IP remains associated with
your instance when you stop it.
|
An Elastic IP remains associated with
your instance when you stop it.
|
|
DNS hostnames
|
DNS hostnames are enabled by default.
|
DNS hostnames are enabled by default.
|
DNS hostnames are disabled by default.
|
|
Security group
|
A security group can reference security groups that
belong to other AWS accounts.
You
can create up to 500 security groups in each region.
|
A security group can reference security groups for
your VPC only.
You
can create up to 500 security groups per VPC.
|
A security group can reference security groups for
your VPC only.
You
can create up to 500 security groups per VPC.
|
|
Security group association
|
You can assign an unlimited number of security
groups to an instance when you launch it.
You
can't change the security groups of your running instance. You can either
modify the rules of the assigned security groups, or replace the instance
with a new one (create an AMI from the instance, launch a new instance from
this AMI with the security groups that you need, disassociate any Elastic IP
address from the original instance and associate it with the new instance,
and then terminate the original instance).
|
You can assign up to 5 security groups to an
instance.
You
can assign security groups to your instance when you launch it and while it's
running.
|
You can assign up to 5 security groups to an
instance.
You
can assign security groups to your instance when you launch it and while it's
running.
|
|
Security group rules
|
You can add rules for inbound traffic only.
You
can add up to 100 rules to a security group.
|
You can add rules for inbound and outbound traffic.
You
can add up to 50 rules to a security group.
|
You can add rules for inbound and outbound traffic.
You
can add up to 50 rules to a security group.
|
|
Tenancy
|
Your instance runs on shared hardware.
|
You can run your instance on shared
hardware or single-tenant hardware.
|
You can run your instance on shared
hardware or single-tenant hardware.
|
|
Accessing the Internet
|
Your instance can access the Internet.
Your instance automatically receives a public IP address, and can access the
Internet directly through the AWS network edge.
|
By default, your instance can access
the Internet. Your instance receives a public IP address by default. An
Internet gateway is attached to your default VPC, and your default subnet has
a route to the Internet gateway.
|
By default, your instance cannot
access the Internet. Your instance doesn't receive a public IP address by
default. Your VPC may have an Internet gateway, depending on how it was
created.
|
|
IPv6 addressing
|
IPv6 addressing is not supported. You
cannot assign IPv6 addresses to your instances.
|
You can optionally associate an IPv6
CIDR block with your VPC and assign IPv6 addresses to instances in your VPC.
|
You can optionally associate an IPv6
CIDR block with your VPC and assign IPv6 addresses to instances in your VPC.
|
165. You can attach
to detach one or more Network Interfaces to an Ec2 instance while its running
and total number is based on the instance type.
166. ENI can have
attached to the instances in same AZ.
167. VPC peering
connection can have created with VPC in different regions.
168. Peered VPC must
have non-overlapped IP ranges
169. There is no
charge for creating VPC
peering however data transfer across peering connection in charged.
170. VPS Limitations
o
5 VPC per AWS account per region
o
200 subnets for VPC
o
5 VPC EIP per AWS account per region
o
1 Internet Gateway
o
5 Virtual Gateways per AWS account per region
o
50 Customer Gateways per AWS account per region
o
10 IpSe VPN Connection per Virtual Private Gateway
171. SQS visibility
timeout is period of time during which SQS prevents other consuming components
from the receiving and processing message.
172. The Maximum
visibility timeout for SQS Message is 12 hours
173. SQS message can contain
up to 10 metadata attributes.
174. SQS long pooling
timeouts 20 seconds.
175. Each SQS
message queue is independent with in each region
176. SNS Delivery
option
o
Http/Https
o
Email, Email-JSON
o
SQS
o
SMS
177. SNS Topic name
should typically be available for reuse approx. 30-60 seconds after previous
topic with same name has been deleted.
178. By Enabling the
“Delivery Status features
in Amazon SNS you can get information on the Following for each message
o
MessageID
o
Time
o
TimeSent
o
Destination Phone number
o
Disposition
o
Disposition Reason
o
Price
o
Dwel Time
179. SNS does not
support MMS Messages
180. SNS offers 10
million subscription by default and up to 256 KB of text data including XML,
JSON and text
181.
AWS config with
the AWS Config rules features create mechanism to automatically track and
respond to changes in your AWS workloads and environments
182. Tagging to make sure all resources in a workload can be easily
identified when needed during operations and responses.
183. Workspace is cloud-based replacement for additional desktop
184. Workspaces are persistent and all data on the D drive is backed up
every 12 hours
185. You do not need
an AWS account to login to workspaces.
186. Docker is software platform that allows you to built, rest and deploy
application quickly
187. EC2 Container Service is highly scalable, fast, container management
service easy to run stop the manager docker container on ec2 instances.
188. Container are a
method of operating system virtualization that allows you to run an application
and its dependencies in resource-isolation process.
189.
Container are created
from a read-only template called image.
190. An image is
read-only template with instruction for creating a Docker container.
191. Images are
stores in Registry such as DockerHub or AWS ECR
192. Task definition
is required to run Docker container in Amazon ECS.
193. Task Definition
are text files in JSON format
194. ECS can schedule
in 2 ways
o
Service Schedule
o
Customer Schedule
195.
Different type
of Virtualization in ECS
o Para-Virtual(PV)
o Hardware Virtual
Machine(HVM)
196. SWF is not a SNS
Subscriber
197. S3 Methodologies
in encryption
o
Server-Side Encryption
o
SSE-S3,
o
SSE-C,
o
SSE-KMS or a client library such as Amazon S3
Encryption client.
198. RDs, DynamoDB
and Elastic Cache stores stales Application.
199. IAM consist of
o
Users
o
Roles
o
Groups
o
Policy Document
200. IAM is global it
does Not apply
regional level
201.
New Users have
no permission when they first created and are assigned Access Key ID and Secret
Access Keys
202. Always setup MFA
for root account
203. Power user allows access all the AWS Resources
except for the management of groups and users with IAM.
204. IAM Policy
limitation
o
User policy size cannot exceed 2048 characters
o
Role policy size cannot exceed 10240 chars
o
Group policy size cannot exceed 5120 char
205. Yes, you can
assign a role to an EC2 instance that is already running.
206. If you Remove IAM
role that is associated with running instance it will be denied access immediately running
application on the same instance.
207. You must have
below IAM roles to launch ECS instances
o
Permission to launch EC2 instances
o
Permission to associate an IAM role with EC2 instance
208. Use IAM to
collect IAM users and define common permission for those users
209. Use managed
policies to share permission across IAM user, groups and roles.
210. Using the IAM roles,
we can grant permission to
access AWS resources owned by another Aws account
211. Federated users
(External users) are users you manage outside the AWS in your corporate
directory but to whom you grant access to your AWS account using temporary
security credentials
212. S3
213. Buckets are a
universal name space
214. Upload an object
to S3 receive a HTTP 200
Code
215. Control access
to buckets using either a bucket
ACL or using bucket policies
216. By default, all
buckets are private, and objects stored inside objects also private
217. S3 stores all
version of an object
218. Once version is
enabled can not be disabled only suspended.
219. CORS: Version
must have enabled in both source and destination buckets
220. CORS: Region must be unique
221.
CORS: files in an existing bucket are not replicated automatically and
subsequent file will replicate
222.
CORS: Delete
markers are replicated
223.
CORS: Delete individual or delete markers will not
replicated
224. CDN: Edge
location is location where content stored as cache, this is separate to an AWS
Region /AZ
225. Currently we
have 50 Edge locations around the world and EDL support both read and write
226. We have 2
distribution models
o Web distribution – Typically used for websites
o RTMP – for media streaming
227. Objects are cached
for the life of the TTL
228. Storage gateways
is service that connects on-premises software appliances with cloud based
storage to provided seamless and secure integration between organization’s on
premises IT environment and AWS storage infrastructure
229. Storage gate way
software appliances for download as a Virtual Machine image that you install on
host in your datacenter.
230. 4 type of gateway
o
File Gateway(NFS)
o
Volume gateway(ISCSI)
§ Stored volume
§ Cached volume
o
Tape gate way(VTL)
231. File Gateway: File
are stored in S3 buckets, accessed through a network file system(NFS) mount point.
232. 
233. Volumes gateway
presents your application with disk volumes using iSCSCI block protocol
234. Stored volume:
store primary data locally while asynchronous backing up data to AWS.
235. 
236.
cached volumes let you use S3 as primary data storage while retaining frequently accessed data locally in your storage gateway
cached volumes let you use S3 as primary data storage while retaining frequently accessed data locally in your storage gateway
237. Tape gateway:
durable, cost -effective solution to archive your data in your AWS cloud
238. 
239. File gateway: for flat file, stored directly on S3
240. Volume gateway
o
Stored volumes: Entire dataset is stored on site
and is asynchronously backed up to S3
o
Cached Volumes:
Entire dataset is stored in S3 and most frequently data accessed data is
cached on site
241. Gateway Virtual Tape Library (VTL): used for backups and uses popular
backup applications like NetBackup, Backup Exec,Veeam etc.
242. SnowBall :
o
Snowball: Is petabyte -scale data transport
solution that’s uses secure application to transfer large amount data into and
out of AWS
o
Snowmobile: Is an Exabyte- scale data transfer
service used to move extremely large amount of data to AWS. Transferring data
with snowmobile is secure, fast and cost effective
243. Snowball can
o
Import to S3
o
Export from S3
244.
S3 Transfer
Acceleration utilizes the cloud front Edge Network to accelerate your upload to
S3.you have to use below district URL to upload to.
<Bucket
Name>.S3-accelerate.amazanaws.com
245. S3 bucket static
website
https://<Bucket Name>.s3-website-<region>. amazonaws.com
246. S3 bucket URL
https://s3-<region>.amazanaws.com/<bucket name>
247. EC2 is
webservice that provided resizable compute capacity in the cloud
248. EC2 Options
o
On-demand
– allow you to pay a fixed rate by the hour(by the second) with no commitment
o
Reserved: provided to your capacity
reservation and offer significant discount on the hourly charge for an instance
o
Spot: enable you to bid whatever price
you want to instance capacity providing for even greater savings
o
Dedicated host: physical ec2 server dedicated for
use
249. S3 can range
from a minimum of 0 bytes
to 5 terabytes.
250. The largest that
can be uploaded in single
PUT is 5 GB.
251. For objects
larger than 100 MB customers
should consider using the Multipart Upload capability
252. You can use Multi-Object Delete to
delete large number if objects from S3.
253. S3 standard is
designed for 99.99$ availability and S3-IA is designed for 99.9%.
254. S3 by default
customer can provision up to 100 buckets per AWS account.
255. An Amazon VPC
Endpoint for S3 is a logical entity with in a VPC that allows connectivity only
to S3.
256. S3-IA is ideally
suited for long-term file storage. Older data sync and share, backup data, and
disaster recovery files.
257. Standard s3-IA
designed for long lived but infrequently accessed data that retained for months
or years. Data that’s deleted from S3-IA within 30 days will be charged for
full 30 days
258. S3-IA minimum
128 KB
259. Amazon Glacier is extremely low-cost storage service as storage for
data archival
260. Objects
retrieved using standard retrieval typically complete between 3-5 hours.
261. When processing
glacier retrieval job S3 first retrieves the requested data from glacier and
then created a temporary copy of the requested data in RRS
262. S3 Transfer acceleration
enables fast, easy and secure transfer of files over long distances between
your client and your S3 buckets.
263. S3 transfer
acceleration user 2 types of end point
o
Faster data transfer: <bucket name>.
s3-accelerate.amazonaws.com
o
Dual-stack: <bucket name>.
s3-accelerate.dualstack.amazonaws.com
264. Transfer acceleration
optimizes the TCP protocol and adds additional intelligent between the client
and the S3 bucket making transfer
acceleration a better choice if a higher throughout is desired.
265. Transfer
acceleration over fully utilized 1 Gbps line can transfer up to 75 Tb in same
time.
266. If you have
objects that are smaller
than the 1 GB or if the data set is less than 1 GB in size you should consider Cloud fronts PUTS/POST
commands for optimal performance.
267. Snowball is deal
for customer moving large batches of data at once.
268. Snowball
typically 5-7 days turnaround time.
269. Direct connect
is good choice for customer with a private networking requirement or direct
connects exchanges
270. By using EBS data on the root
devise will persist independently from life of the instance this enables you to
stop and restart the instance at sub sequent time
271. Local instance store only persists during the life of the instance
272. There is limitation
of sending email from the EC2 address
273. EC2 charges in
your monthly bill will now be calculated based on a per second basis.
274. EC2 instances
are grouped into 5 families
o
General purpose: fixed performance (M4, M5) or burstable performance(T2).
o
Compute Optimized: C5, C4 (More CPU resource and well suited for scale
out computer intense
o
Memory Optimized: X1e, X1, R4: offer large memory size (Db and
cache)
o
Storage Optimized: H1, I3, D2: very High. Low latency I/O capacity
o
Accelerated Compute: P3,P2,G3,F1 parallel processing capabilities
275. By Default, all
accounts are limited to 5 Elastic IP addresses per region
276. EIP is
charged when it is not associated to a running instance
277. You do not need
an EIP for all instances by default every instance comes with private Ip and
internet routable public IP address.
278. Enhanced networking provided higher (packet per
second) I/O performance and lower CPU utilization compared to
traditional implementation.
279. EBS divided into
2 categories
o
SSD – backed storage for transactional workloads primarily on
I/O
o
HDD – backed storage for throughput intensive and big data workloads
280. EBS snapshots
available only through EC2 API’s.
281. Spot
instances best
suited for fault-tolerant, flexible workloads and spot instances
interrupted by Amazon EC2 for capacity requirement within a 2 minutes
notification.
282. ELB
o
Application ELB: if you need flexible application management and TLS
termination
o
Network ELB: If you need extreme performance and static IP
o
Classic ELB: if your application is built within the EC2 classic network
283. Classic ELB
support HTTP, HTTPS, TCP, SSL
284. Each Amazon
Route53 account is limited to 500 hosted zones and 10000 resource record
sets per hosted zones.
285. Yes, we can
create multiple hosted zones with same domain name.
286. Route53 does not
provide webhosting
287. Route53 supports
both Ipv6 and Ipv4
288. Route53 uses VPC
to manage visibility and provide DNS resolution for private DNS hosted zones.
289. You can not
associate SOA and
DNS records for Rtoute53 health checks.
290. Route53 supports
health check over HTTPS, HTTP, TCP.
291. Route53 does not
support DNSSEC at this time.
292. Automatic DB instance retention period default is
7 days but can be set up to 35 days
293. When you delete DB
instance you can create final DB snapshot upon deletion, if you do, you can
use this DB snapshot to restore the delete DB instance later.
294. Automatic
backups are deleted when the DB instance deleted.
295. AWS strongly
recommended you use the DNS name to connect to your DB instances as the
underlying IP address can change
When to use
IAM policies vs. S3 policies
Use IAM policies if:- You need to
control access to AWS services other than S3. IAM policies will be easier
to manage since you can centrally manage all of your permissions in IAM,
instead of spreading them between IAM and S3.
- You have
numerous S3 buckets each with different permissions requirements. IAM
policies will be easier to manage since you don’t have to define a large
number of S3 bucket policies and can instead rely on fewer, more detailed
IAM policies.
- You prefer to
keep access control policies in the IAM environment.
- You want a
simple way to grant cross-account
access to
your S3 environment, without using IAM
roles.
- Your IAM
policies bump up against the size limit (up to 2 kb for users, 5 kb for
groups, and 10 kb for roles). S3 supports bucket policies of up 20 kb.
- You prefer to
keep access control policies in the S3 environment.
- If you’re more
interested in “What can this user do in AWS?” then
IAM policies are probably the way to go. You can easily answer this by
looking up an IAM user and then examining their IAM policies to see what
rights they have.
- If you’re more
interested in “Who can access this S3 bucket?” then
S3 bucket policies will likely suit you better. You can easily answer this
by looking up a bucket and examining the bucket policy.
296.
297. 
