1. AWS Storage gateway
(design cost-optimized architectures)
- File Gateway : NFS based access
- Volume Gateway : iSCSI block storage
- Tape Gateway : backups to cloud, NFS X
2. cloudfront, global accelerator
(design high-performing architectures)
A. AWS Global Accelerator
- uses aws global network
- Good for non Http use cases like udp, mqtt
- latency, throughtput better than public internet
- tcp + udp
B. Amazon CloudFront
- uses aws global network
- suitable for cacheable content(image + videos), dynamic content (api)
- http, websocket
3. AWS instance type
(design cost-optimized architectures)
A. On-Demand
- no long term commitments or upfront payments
- recommended for unpredictable workloads that cannot be interrupted
B. Spot instances
- up to 90% off the On-Demand price
- recommended for flexible start and end times
- can withstand distruptions, can be stopped and started multiple times
C. Savings Plan
- 1 or 3 year long term plan
D. Reserved Instances
- up to 75% discount, literally reserved instace for your needs allowing the instnaces to be prepared for your suitable needs
etc. Lambda functions
- not very cost effective
- execution time is only up to 15 min
4. AWS GuardDuty
(design secure architectures)
- a threat detection service that monitors aws accounts, workloads and data
- disable : delete all data
- suspend : stops analyzing data sources
- de-register : no such thing xxxxx
5. DB Table regional coverage
(design secure architectures)
- Amazon Aurora : Mysql + postgresql compatible rdmbs, covers specific regions
- Amazon Aurora Global Database : designed for globally distribution, allowing a single amazon aurora database to span multiple aws regions
6. serverless related
(design resilient architectures)
- Amazon Simple Queue Service (sqs)
- lambda function
7. fast upload to S3 from different regions (Simple Storage Service)
(design cost-optimized architectures)
A. S3 Transfer Acceleration
- enables fast transfer of files over long distances
- optimized network path
B. multipart uploads
- allows upload of single object as a set of parts
- retransmit parts if fails
- s3 assembles once uploads are finished
- in general, when file reaches 100mb or over in size, must consider multipart uploads
8. amazon aurora replication priority
(design resilient architectures)
- priority tier + largest in size
ex. tier 1 (16 tb) vs tier 2 ( 32tb) = tier 1 (16tb)
9. api gateway stateful + stateless
(design high-performing architectures)
- restful apis : http based, stateless client-server communication
- websocket apis : stateful
stateful : maintains connection between server and client
stateless : does not maintain connection
10. s3 cost effective
(design cost-optimized architectures)
- s3 standard-infrequent access (s3 standard-ia) : twice a year data retrieval, low latency, high throughput
11. data analysis, rest api related solution
(design high-performing architectures)
A. amazon api gateway
- supports https api, rest api, websocket
B. kinesis data analytics
- analyze streaming data
C. amazon athena
- anaylze data using standard sql
D. quicksight
- cloud-native serverless business intelligence service
E. lambda
- cannot use to store and retrieve for analysis purposes
12. elb routing
(design resilient architectures)
13. windows workloads + low latency, on-premise smb
(design high-performing architectures)
14. dynamodb cache related
(design high-performing architectures)
- dynamodb accelerator (dax) : used for dynamodb
- elasticache : memcached used for rds and dynamodb
15. s3 access permission
(design secure architectures)
16. iam roles
(design secure architectures)
- enable aws multi-factor authentication
- configure aws cloudtrail to log iam actions
- one account for one user
- least privilege
- use roles to grant access
17. transfer data from on-premise site to aws data center
(design cost-optimized architectures)
- snowball edge storage optimized : allows 80 terabyte
- site to site vpn : low to modest bandwidth
- snowmobile : 100 petabyte
- direct connect : literally directly connection vlans, takes months to set up, does not use internet
18. s3 encyrption
(design secure architectures)
- aws key management service keys : allows audit trail when your cmk was used and by whom
- s3 managed keys : each object is encrypted with unique key, no audit
19. multi-tier, video image related, more resilient related
(design resilient architectures)
- use amazon aurora replica for db
- use cloudfront for alb
- cloudfront : http/https, cache
- global accelerator : tcp/udp, optimial route
20. hot cold data
(design high-performing architectures)
- amazon FSx for Lustre : high performace computing (hpc), hot/cold data optimial parallel
- amazon FSx for Windows File Server : SMB, does not allow update
- amazon EMR : big data platform
- amazon Glue : optimal for batch ETL processing
21. prod and dev ec2 instances
(design cost-optimized architectures)
- 24*7 prod = ec2 reserved instances (ri)
- 8hr dev = on-demand, if 6hr or shorter = spot block
- spot instances can be taken away from aws within two minutes notice, hence only suitable for stateless, fault-tolerant applications
22. s3 delete protection
(design resilient architectures)
- enable versioning on s3
- enable mfa when deleting
23. GuardDuty
(design secure architectures)
- cloudtrail events, vpc flow logs, dns logs
24. s3 traffic handling
(design high-performing architectures)
- s3 an perform parallel reads for each prefix
25. AWS Key Management Service (AWS KMS)
(design secure architectures)
- KMS deletion is dangerous, hence has a waiting period up to 30days, default is 30 days
26. EFS acces from other regions
(design high-performing architectures)
- EFS is a regional service and across multi az.
- connection from other aws regions : inter-region VPC peering connection
- on-premise : AWS VPN connection
27. alb restriction based on country
(design secure architectures)
- aws waf : block or allow requests bsaed on condition such as ip, prevents sql injeciton
- geo restriction feature on cloudfront : cloudfront is not part of vpc
28. sqs handling
(design resilient architectures)
- sqs fifo : supports up to 300 message per sec
29. aws shield billing
(designed cost-optimized architectures)
- consolidated billing should be enabled, allowing for one monthly fee for all aws accounts
30. user accessing dynamic web on-premise server from different region
(design high-performing architectures)
- use cloudfront with custom origin pointing to the on-premises servers
- s3 does not support dynamic website
31. store and analyse large amount of data
A.Amazon Kinesis Data Firehose
- load streaming data
- serverless
- can directly ingest data
B. Amazon Kinesis Data Analytics
- anaylze streaming data in real-time
- cannot directly ingest data
C. Amazon Kinesis Data Streams
- cannot integrate with aws lambda
- cannot directly write the output to s3
D. amazon emr
- Very big industry leading cloud big data platform
32. s3 optimization
- glacier min day is 90days, hence 24hr is not suitable
-
33. ec2 instance storage
34. S3 retention period
- retention period get be applied to object version by default or explicitly
35. ec2 instance boot volume
- hdd (hard disk drive) cannot be used for boot volume
- ssd (solid state drive) : instance store, general purpose solid state
- hdd (hard disk drive) : cold hdd, throughput optitmized hdd
36. only user view contents from specific country
- route53 geolocation routing policy
- georestriction cloudfront
37. upload file to s3
- s3 transfer acceleration : fast uploading using cloudfront edge locations
39. throttle/controls requests
- api gateway
- simple queue service sqs
- amazon kinesis
40. storage price
- s3 < efs < ssd ebs
41. specific time auto scaling
- schedule action
42. cache related
- amazon dynamoDB accelerator dax for dynamodb
- cloudfront for s3 (dynamic web contet, video streams, apis)
- elasticcache redis : read time transactional (chat/mesage, gaming leaderboards, machien learning, session)
43. s3 data transfer charge
- no charge for s3 data transfer
- s3ta only charges for tranfers that are accelerated
44. real time data efficience
- amazon kinesis data stream : real time analytics
- aws lambda functions integrates natively with kinesis data streams
- ec2 instance makes overhead requirements go up
45. connecting private site to aws
- direct connect : takes long time to set up, but guarantees low latency
- direct connect plus : same as above condition but with encryption
- site-to-site vpn : good for immediate set up, but low to modest bandwidth
47. security related
- guard duty : offers threat detection data stored in s3 (cloudtrail events, vpc flow logs, dns logs)
- amazon inspector : ec2 instance
48. data storage cost in s3
- transfer data from s3 standard to one zone ia or other requires 30min days inside s3
- one-zone ia < standard ia
49. ec2 group
- hpc applications = cluster placement group, tightly coupled node
- partition placement group = kafka, hadoop
- spread placement = prevents failure
50. s3 lifecyle
- s3 standard -> s3 standard ia -> s3 intelligent-tiering -> one zone-ia -> glacier instant retrieval -> glacier flexible retrieval -> glacier deep archive
51. ec2 + ecs fees
- ecs related fees are charged based on ec2 usage
- ecs fargate launch type is charged based on vcpu and memory resources
55. aws sns
- sns limit is 1000 execution per second, need to contanct aws support
- aws lambda and sns are serverless and fully manged services
57. rds related
- if you need to customize db os setting, use rds custom**
- for regular amazon rds, changing os setting is not available
59. Microsoft Distributed File System (DFS)
- DFS = Amazon FSx for Windows file server
- HPC (high-performance computing) = Amazon FSx for Lustre
60. auto scaling
- target tracking policy = add or remove capacity to close to specified target value
- step scaling / simple scaling = trigger upon certain value for scaling to process.
61. auto scaling maintenance
- scale out -> pending -> inservice -> enterstandby -> enteringstandby -> standby -> exitstandby
62. content based routing
- alb = content based routing
- only alb or nlb can distribute traffic across speicific points
64. rds multi-az deployment related
- multi-az synchronous replication
- read replicas follow asynchronous
65. in-memory live update data
- Redis is a great choice for real-time transactional and analytical processing use cases such as caching, chat/messaging, gaming leaderboards, geospatial, machine learning, media streaming, queues, real-time analytics, and session store.
