IT Cheer Up Click: AWS CSAA Key Words Study Note

I mentioned Key Words note in How I Passed AWS CSAA in 3 Months. The Key Words note is a quick cheat sheet to review before the exam. It is based on the practices from my study and the questions from mock exams. So it is not covered all AWS terms. Here is your reference to build your own Key Words note:

Security group vs. ACL

Security Group	Network ACL
Operates at the instance level (first layer of defense)	Operates at the subnet level (second layer of defense)
Supports allow rules only	Supports allow rules and deny rules
Is stateful: Return traffic is automatically allowed, regardless of any rules	Is stateless: Return traffic must be explicitly allowed by rules
We evaluate all rules before deciding whether to allow traffic	We process rules in number order when deciding whether to allow traffic
Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on	Automatically applies to all instances in the subnets it's associated with (backup layer of defense, so you don't have to rely on someone specifying the security group)

Review details and diagram

S3

S3-Standard - Durability of 99.999999999% and availability of 99.99%.
S3-IA (Infrequently Accessed) - Durability of 99.999999999% and availability of 99.99%.
S3-RRS (Reduced Redundancy Storage) - Durability and availability of 99.99%. Lost data is OK to recreate.
Glacier - For archival only. Takes 3 - 5 hours to restore files. Durability of 99.999999999%.
AWS Import/Export accelerates moving large amounts of data into and out of AWS using portable storage devices for transport. But no export on Glacier.
S3 encryption can be done on Server Side S3 Managed Keys (SSE – S3), KMS Managed Keys (SSE – KMS, customer provided keys (SSE-C); and done on client side.

AWS Databases

Scenarios	Types
A managed relational database in the cloud that you can launch in minutes with a just a few clicks.	RDS
A fully managed MySQL compatible relational database with 5X performance and enterprise level features.	Aurora
A fully managed NoSQL database that offers extremely fast performance, seamless scalability and reliability. It supports both document and key-value store models.	DynamoDB
A fast, fully managed, petabyte-scale data warehouse at less than a tenth the cost of traditional solutions. The optimum query performance is through a combination of massively parallel processing, columnar data storage, and very efficient, targeted data compression encoding schemes.	Redshift

EC2 Instance Purchasing Options

On-Demand Instances – Pay, by the second, for the instances that you launch.
Reserved Instances – Purchase, at a significant discount, instances that are always available, for a term from one to three years.
Scheduled Instances – Purchase instances that are always available on the specified recurring schedule, for a one-year term.
Spot Instances – Bid price which can lower costs significantly. (Compare this option vs. Reserved/On-demand in the exam)
Dedicated Hosts – Pay for a physical host that is fully dedicated to running your instances, and bring your existing per-socket, per-core, or per-VM software licenses to reduce costs.
Dedicated Instances – Pay, by the hour, for instances that run on single-tenant hardware.

Management Tools

Cloud Watch - Monitor performance of AWS environment – standard infrastructure metrics.
Cloud Trail - Audit usage of AWS Resources (AWS API calls into log files)
Trusted Advisor - Provides best practices (or checks) in four categories: cost optimization, security, fault tolerance, and performance improvement.
Cloud Formation - Infrastructure template to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.

Route 53

Choose Alias record over CNAME record on ELB.

Routing policy:

Simple routing policy – default.
Failover routing policy – Use when you want to configure active-passive failover.
Geolocation routing policy – Use when you want to route traffic based on the location of your users.
Geoproximity routing policy – Use when you want to route traffic based on the location of your resources and, optionally, shift traffic from resources in one location to resources in another.
Latency routing policy – Use when you have resources in multiple locations and you want to route traffic to the resource that provides the best latency.
Multivalue answer routing policy – Use when you want Route 53 to respond to DNS queries with up to eight healthy records selected at random.
Weighted routing policy – Use to route traffic to multiple resources in proportions that you specify.

Kinesis/EMR/Redshift

Kinesis	Elastic Map Reduce (EMR)	Redshift
Consume large streams of data	Processing big data	Business intelligence, OLAP

Use case: Utilize Kinesis to collect big data and analyze with Kinesis clients, then use EMR to save the BI results to a Redshift.

SNS/SQS/SWF/SES/STS

SNS – Push messages to topics. Notify by email / text messages/ http-end points.
SQS – Pull messages from Queue. De-couple your applications. Standard queue: at least once delivery, FIFO queue: exactly once processing
SWF – Process orders on website. A task is assigned only once and is never duplicated. Maximum workflow execution time – 1 year
SES – Send email via AWS
STS – Security Token Service to request temporary, limited-privilege credentials

Root Privileges vs. Fully Managed

AWS provides the root or system privileges on: EC2, EMR, Elastic BeanStalk, Opswork. DynamoDB, SNS, and SQS are fully managed.

AWS CSAA Key Words Study Note