-->

19/09/2019

AWS Certification Pre-Exam Knowledge Refresh- Part 4

Here is the link for part 3


EC2 Auto-Scaling happens Horizontally(Adding more instances) and DB scaling happens vertically(Adding more space on existing instance).

Auto Scale-in Algorithm:




VPC
In a SubNet: You loose 5 Ips
.0 - Network
.1 - Router
.2 - DNS
.3  - Reserved
.255 - Broadcast

VGW - VPC Gateway to communicate with your On-Prem DC
Every subnet will have VPC CIDR with local - which allows the components with in VPC to talk to each other.
Adding 0.0.0.0/0  - IGW(Internet Gateway) will make the subnets public.
On top of IGW on subnet, you still need to add Public IP for each EC2. to make them public.
NAT gateway is used by private VPC components to talk to internet. But need to add 0.0.0.0/0 should be pointed to NATGW.
Network ACL - Stateless allowing traffic In and out of subnet. For connecting to a instance, you need to open both inbound and outbound connections on NACL.
Security Group - Stateful, kind of firewall around EC2 Instances.

Take note that an egress-only Internet gateway is for use with IPv6 traffic only. To enable outbound-only Internet communication over IPv4, use a NAT gateway instead.

VPC Peering - Connecting one VPC to other VPCs. But other networks cannot access second VPC using Peering

VPC Endpoints: VPC Endpoints are the way you can communicate to outside VPC on your private VPC network without going through internet. There are 2 types on VPC Endpoints.
  1. VPC Interface Endpoints: This is the access points setup on your VPC for other AWS services to communicate. Eg: If a call need to be made by a SQS to components within VPC, this will be used.
  2. VPC Gateway Endpoints: This is where your components within VPC need to interact with other AWS services like S3 or a DynamoDB without going through internet. Remember any gateway endpoints need to be listed in Route tables.


IAM Policy will have 3 parts : Action, Effect, Resource
AWS Organizations uses SCP (service control policies) for enforcing restrictions on almost all the users including Root.

Instance metadata is the data about your instance that you can use to configure or manage the running instance. You can get the instance ID, public keys, public IP address and many other information from the instance metadata by firing a URL command in your instance to this URL:

AWS Security Token Service (AWS STS) is the service that you can use to create and provide trusted users with temporary security credentials that can control access to your AWS resources.

AWS DR Strategies:
          Economical--------------------------------------------------------Costly


Pilot Light is a DR scenario in which a minimal version of an environment is always running in the cloud.


AWS Cognito works on 2 components. USER Pool and Identity Pool. You can enable MFA on User Pools.


AWS Cognito Works like this:
  • User authenticate with FB, Google or other auth providers.
  • Get the Authenticated UserID
  • Then send it to AWS Cognito and get Cognito OpenID Token (CognitoID)
  • Send it to AWS STS to assume a role or get Temporary access via Access Keys
 
Amazon Kinesis Data Firehose is the easiest way to load streaming data into data stores and analytics tools. It can capture, transform, and load streaming data into Amazon S3, Amazon Redshift, Amazon Elasticsearch Service, and Splunk, enabling near real-time analytics with existing business intelligence tools and dashboards you are already using today.



Amazon Kinesis Data Streams: By defaults retention period is 24 hours and can be extended to 168 hours.


Amazon SWF interacts with activity workers and deciders by providing them with work assignments known as tasks. There are three types of tasks in Amazon SWF:
  • Activity task – An Activity task tells an activity worker to perform its function, such as to check inventory or charge a credit card. The activity task contains all the information that the activity worker needs to perform its function.
  • Lambda task – A Lambda task is similar to an Activity task, but executes a Lambda function instead of a traditional Amazon SWF activity. For more information about how to define a Lambda task, see AWS hf Tasks.
  • Decision task – A Decision task tells a decider that the state of the workflow execution has changed so that the decider can determine the next activity that needs to be performed. The decision task contains the current workflow history.


Amazon Route 53 currently supports the following DNS record types:
  • -A (address record)
  • -AAAA (IPv6 address record)
  • -CNAME (canonical name record)
  • -CAA (certification authority authorization)
  • -MX (mail exchange record)
  • -NAPTR (name authority pointer record)
  • -NS (name server record)
  • -PTR (pointer record)
  • -SOA (start of authority record)
  • -SPF (sender policy framework)
  • -SRV (service locator)
  • -TXT (text record)

Connection Draining : To ensure that a Classic Load Balancer stops sending requests to instances that are de-registering or unhealthy while keeping the existing connections open, use connection draining



No comments:

Post a Comment