Cert Notes ¶
Professional Architect¶
-
Elastic Beanstalk
provides support for running Amazon RDS instances in your Elastic Beanstalk environment. This works great for development and testing environments, but is not ideal for a production environment because it ties the lifecycle of the database instance to the lifecycle of your application's environment. If you terminate the environment, the database instance is terminated as well. An integrated database instance also cannot be removed from your environment once added. -
The primary goal of caching is typically to offload reads from your database or other primary data source. In most apps, you have hot spots of data that are regularly queried, but only updated periodically. Think of the front page of a blog or news site, or the top 100 leaderboard in an online game. In this type of case, your app can receive dozens, hundreds, or even thousands of requests for the same data before it's updated again. Having your caching layer handle these queries has several advantages. First, it's considerably cheaper to add an in-memory cache than to scale up to a larger database cluster. Second, an in-memory cache is also easier to scale out, because it's easier to distribute an in-memory cache horizontally than a relational database.
-
The
EBS-Optimized throughput
limits the total IOPS that can be utilized, so using anEBS-Optimized instance
that provides larger throughput would help increase the total random I/O performance. By using an instance type that supports higher EBS-Optimized throughput, we can utilize the increased number of EBS volumes and achieve the desired IOPS performance. -
Volume gateway provides an iSCSI target, which enables you to create volumes and mount them as iSCSI devices from your on-premises application servers. The volume gateway runs in either a cached or stored mode. In either mode, you can take point-in-time snapshots of your volumes and store them in Amazon S3, enabling you to make space-efficient versioned copies of your volumes for data protection and various data reuse needs.
- In the
cached mode
, your primary data is written to S3, while you retain some portion of it locally in a cache for frequently accessed data. - In the
stored mode
, your primary data is stored locally and your entire dataset is available for low-latency access while asynchronously backed up to AWS.
- In the
-
Stateless instances are ideal for scalability since they don't maintain any session information. If one instance fails, users can be directed to another instance without any disruption.
-
The AWS GovCloud (US) Region authentication is completely isolated from Amazon.com. If the organization is planning to host on EC2 in AWS GovCloud then it will be billed to standard AWS account of organization since AWS GovCloud billing is linked with the standard AWS account and is NOT billed separately.
-
In
Amazon ElastiCache
, in-memory caching improves application performance by storing critical pieces of data in memory for low-latency access. Cached information may include the results of I/O-intensive database queries or the results of computationally intensive calculations. -
Provisioned IOPS
volumes are designed to meet the needs of I/O-intensive workloads, particularly database workloads that are sensitive to storage performance and consistency in random access I/O throughput. Provisioned IOPS volumes are designed to meet the needs of I/O-intensive workloads, particularly database workloads, that are sensitive to storage performance and consistency in random access I/O throughput business applications, database workloads, such as MongoDB, RDBMS -
As-describe-launch-configs
describes all the launch config parameters created by the AWS account in the specified region. Generally, it returns values, such as Launch Config name, Instance Type and AMI ID. If the user wants additional parameters, such as the IAM Profile used in the config, he has to run command:as-describe-launch-configs –show-long
-
Amazon EC2 uses an instance profile as a container for an IAM role. When you create an IAM role using the console, the console creates an instance profile automatically and gives it the same name as the role it corresponds to. If you use the AWS CLI, API, or an AWS SDK to create a role, you create the role and instance profile as separate actions, and you might give them different names.
-
The Condition element in IAM (or Condition block) lets you specify conditions for when a policy is in effect. The Condition element is optional.
-
Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.
-
When using string conditions within IAM, short versions of the available comparators can be used instead of the more verbose versions. For instance,
streqi
is the short version ofStringEqualsIgnoreCase
that checks for the exact match between two strings ignoring their case. -
Attempts, one of the three types of items associated with a schedule pipeline in AWS Data Pipeline, provides robust data management. AWS Data Pipeline retries a failed operation. It continues to do so until the task reaches the maximum number of allowed retry attempts. Attempt objects track the various attempts, results, and failure reasons if applicable. Essentially, it is the instance with a counter. AWS Data Pipeline performs retries using the same resources from the previous attempts, such as Amazon EMR clusters and EC2 instances.
-
AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services as well as on premise data sources at specified intervals. With AWS Data Pipeline, you can regularly access your data where it's stored, transform and process it at scale, and efficiently transfer the results to another AWS. AWS Data Pipeline helps you easily create complex data processing workloads that are fault tolerant, repeatable, and highly available. AWS Data Pipeline also allows you to move and process data that was previously locked up in on premise data silos.
-
AWS Direct Connect itself has no specific resources for you to control access to. Therefore, there are no AWS Direct Connect ARNs for you to use in an IAM policy. You use an asterisk (*) as the resource when writing a policy to control access to AWS Direct Connect actions.
-
A
task runner
is an application that polls AWS Data Pipeline for tasks and then performs those tasks. You can either use Task Runner as provided byAWS Data Pipeline
, or create a custom Task Runner application. -
Regardless of how your Lambda function is invoked, AWS Lambda always executes the function. At the time you create a Lambda function, you specify an IAM role that AWS Lambda can assume to execute your Lambda function on your behalf. This role is also referred to as the
execution role
. -
Within an IAM policy,
IfExists
can be added to the end of any condition operator except the Null condition. It can be used to indicate that conditional comparison needs to happen if the policy key is present in the context of a request; otherwise, it can be ignored. -
A
service account
is a special Google account that can be used by applications to access Google services programmatically. This account belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application uses the service account to call the Google API of a service, so that the users aren't directly involved. -
Currently the STS API command
GetSessionToken
is available to every IAM user in your account without previous permission. In contrast, theGetFederationToken
command is restricted and explicit permissions need to be granted so a user can issue calls to this particular Action. -
Example for RDS: Each DB subnet group should have subnets in at least two Availability Zones in a given region. If the RDS instance is required to be accessible from the internet the organization must enable the VPC attributes, DNS hostnames and DNS resolution. For each RDS DB instance that the user runs in a VPC, he should reserve at least one address in each subnet in the DB subnet group for use by Amazon RDS for recovery actions.
-
If you create a VPN connection, you must specify the type of routing that you plan to use, which will depend upon on the make and model of your VPN devices. If your VPN device supports Border Gateway Protocol (BGP), you need to specify dynamic routing when you configure your VPN connection. If your device does not support BGP, you should specify static routing.
-
EC2 allows the user to launch On-Demand instances. If the organization is using an application temporarily only for demo purposes the best way to assign an elastic IP would be:
- Launch an instance with a VPC and assign an EIP to the primary network interface. This way on every instance start it will have the same IP
- Create a bootstrapping script and provide it some metadata, such as user data which can be used to assign an EIP
- Create a controller instance which can schedule the start and stop of the instance and provide an EIP as a parameter so that the controller instance can check the instance boot and assign an EIP The instance metadata gives the current instance data, such as the public/private IP. It can be of no use for assigning an EIP.