First let me begin by saying, i would not recommend doing certifications just by using some practice tests or by reading some material.
Get the free-tier subscription. Practice, experiment, do some proof of concepts.
I know you cannot implement al the concepts specially where you need large datasets to test certain concepts.
Most of the information is shared out of my notse and observations during the trainings, self-study, experimenting in my free tier subscription and some from practice tests.
The intent of sharing this information is to have a last check before you leave for an exam.
Here is the first of a few articles i am going to share for people going to take certificaton exam. I did cleared both CP and CSAA with only 90% , so if i am misinterpreting anything, please do correct me.
AWS recommends that you delete your root access keys
because you can’t restrict permissions for the root user credentials.
EC2 - Elastic Cloud Compute
Reserved
instances require a purchase term of at least one year.
You can sell
Amazon EC2 reserved instances that still have at least one month remaining in
their term with upfront costs.
You need
to use Reserved Instance Marketplace for selling unused RIs.
EC2 User data is set of extra commands bash/shell that can be ran after launching instance.
Elastic network interface (ENI) is a logical
networking component in a VPC that represents a virtual network card. You can
attach a network interface to an EC2 instance in the following ways:
When it's running (hot attach)
When it's stopped (warm attach)
When the instance is being launched (cold attach).
AMI - Custom AMIs are region specific. In case
of DR scenario, you need to copy AMI to other region and create Instances using
that AMI for Standby purposes. Please make a note that any security created
around EC2 are not part of AMIs.
Placement Groups
are logical groupings or clusters of instances within a single Availability
Zone.
You can launch EC2 instances in a placement group, which
determines how instances are placed on underlying hardware. When you create a
placement group, you specify one of the following strategies for the group:
- Cluster - clusters instances into a low-latency group in a single Availability Zone
- Spread - spreads instances across underlying hardware
Storage optimized instances
are designed for workloads that require high, sequential read and write access
to very large data sets on local storage.
Memory optimized instances
are designed to deliver fast performance for workloads that process large data
sets in memory
Compute optimized instances
are ideal for compute-bound applications that benefit from high-performance
processors, such as batch processing workloads and media transcoding.
General purpose instances
are the most basic type of instances. They provide a balance of compute,
memory, and networking resources, and can be used for a variety of
workloads.
EIP: An Elastic IP
address doesn’t incur charges as long as the following conditions are true:
- The Elastic IP address is associated with an Amazon EC2 instance.
- The instance associated with the Elastic IP address is running.
- The instance has only one Elastic IP address attached to it.
S3- Simple
Storage Services - Non-Archival Storage - Costlier compared to S3
Glacier - Can set Data Life Cycle - Kind
of retention policies to move data to archives. S3 ARN Format: <bucket-name>.s3-website-<AWS-region>.amazonaws.com
S3 is
object storage, i.e., if you change 100 MB in 1GB file, you need to upload
whole 1GB again.
S3 provides: 1- Permissions, 2-Versions, 3. Server Side
Encryption, 4. Client side encryption, 5. Backups and 6. Replication
S3 Glacier Expedited retrievals are typically
made available within 1–5 minutes. Provisioned Capacity ensures that retrieval
capacity for Expedited retrievals is available when you need it. S3 Bulk
retrieval request was server typically in 5-12hours.
S3
non-archival Storage classes :
S3
standard - default storage across multiple AZ for frequent accessed data.
S3
Intelligent-Tier: Data is automatically moved to storage class based on
frequency of access.
S3
Standard-IA : Same as standard but infrequently accessed
S3 One
Zone IA - Its infrequently accessed in just one AZ.
You cannot
transition S3 to S3 Infrequent Access (standard or One-zone) until data reside
for 30 days.
Other than
S3-IA you can move objects to Glacier or Deep archive almost immediately.
Anything
uploaded to S3 is automatically replicated across a region within multiple AZs.
Hard
limits - 100 buckets and 5TB object size. But the largest object size for
single put is 5GB.
S3 Security best practice:
S3 Server Access Logging will provide detailed
object level logging in S3 where Cloud trail will give logging info about API
requests at S3 bucket level.
To enable
the cross-region replication feature in S3,
the following items should be met:
- The source and destination buckets must have versioning enabled.
- The source and destination buckets must be in different AWS Regions.
- Amazon S3 must have permissions to replicate objects from that source bucket to the destination bucket on your behalf.
EBS - Elastic block storage - Enables
redundancy with in AZ. Users can take snapshots of EBS. Please note that EBS
Data will be lost if whole AZ is down. As it maintains redundancy with in AZ.
Types of EBS:
SSD type used where IOPS is important and the disk has to be used for
booting. HDD is used where throughput is important and disk cannot be bootable.
- General purpose SSD: General workloads
- Provisioned IOPS SSD : High performance Volume for low latency. The MAX IOPs provided for this is 1:50. For 10GB disk MAX IOPs is 500GB.
- Throughput optimized HDD : Same as #1 but HDD
- Cold HDD : Less frequent access workloads.
Here is a list of important information about EBS
Volumes:
-When you
create an EBS volume in an Availability Zone, it is automatically replicated
within that zone to prevent data loss due to a failure of any single hardware
component.
-An EBS
volume can only be attached to one EC2 instance at a time.
-After you
create a volume, you can attach it to any EC2 instance in the same Availability
Zone
-An EBS
volume is off-instance storage that can persist independently from the life of
an instance. You can specify not to terminate the EBS volume when you terminate
the EC2 instance during instance creation.
-EBS
volumes support live configuration changes while in production which means that
you can modify the volume type, volume size, and IOPS capacity without service
interruptions.
-Amazon
EBS encryption uses 256-bit Advanced Encryption Standard algorithms (AES-256)
-EBS
Volumes offer 99.999% SLA.
-If a EBS
volume is encrypted the snapshot and the volume restored form that snapshot are
also encrypted.
Amazon Data Lifecycle Manager (Amazon DLM) can
automate the creation, retention, and deletion of snapshots taken to back up
your Amazon EBS volumes using lifecycle policies.
An Amazon
EBS volume is a durable, block-level storage device that you can attach to a
single EC2 instance.
An instance store(ephemeral) provides temporary
block-level storage and is located on disks that are physically attached to the
host computer. The data on ephemeral will be lost when the server
restarts.
A cloud
watch checking an EBS can give 3 states. OK-
Passed, Impaired -Failed, InSuffcientData - check is still in progress.
No comments:
Post a Comment