AWS SAA-C02

  1. IG
    Internet Gateway - connection that allows traffic between VPC and internet
  2. VPC Peering
    • Network connection between two VPCs within same account or another account.
    • Is NOT transitive (ie A connects to B, B connects to C, does NOT mean A connects to C)
  3. VPC Endpoints
    • Secure connection between VPC and services
    • Two types:
    • - gateway - connects to S3 & DynamoDB
    • - interface - connects to all other services outside of gateway. Powered by PrivateLink (keep traffic inside AWS network) and needs ENI for entry point
    • VPC Endpoints does NOT need IG, NAT & VPN
  4. ENI
    • Elastic Network Interface
    • Virtual network card attached to an instance (EC2)
  5. Elastic Load Balancer
    • ALB (Application Load Balancer) web apps, microservices & containers HTTP/HTTPS
    • NLB (Network Load Balancer) extreme performance TCP, UDP, TLST
    • Auto scale
  6. ElasticCache
    • Two options:
    • - Redis
    •   - Auto failover between AZ
    •   - Backup/restore to S3
    • - Memcache - use for simple cacheing
  7. ECS
    • (Elastic Container Service)
    • - ECS - containers on EC2 (Docker)
    • - Fargate - serverless version of ECS
    • - Elastic Beanstalk - single/multiple containers in single EC2 (simple web app)
    • EKS (Elastic Kubernetes Service)
  8. SNS
    service reads from topics
  9. SQS
    Simple Queue Service - subscribed
  10. Spot Fleets
    A collection of spot instances and optionally on-demand to try to meet specified capacity.
  11. Launch Templates (Auto Scale)
    • Version control
    • T2 unlimited
    • Multiple instance types
    • on-demand or spot instances at same time
    • Reuse templates for regular EC2 launch
  12. Auto Scale
    • Will take time to scale
    • Can use predictive scaling (creates ML model)
  13. ACL
    Access Control List for S3 buckets & objects
  14. NACL
    • Network Access Control List
    • Layer of security that acts like a firewall on the subnet level. Several subnets can be associated with NACL, but a subnet can only be associated with on NACL.
  15. AWS Transit Gateway
    A hub that will connect VPCs with each other. Easier way of managing VPC connections
  16. AWS Backup
    Backup management. Uses Storage Gateway. AWS cloud and/or local datacenter
  17. What is covered in Unifed Auto Scaling?
    • EC2
    • Spot Fleets
    • DynamoDB
    • Aurora Read Replica
    • ECS on Fargate
  18. Define redundency
    Multiple instances dedicated to perform the same tasks.
  19. VPC endpoint traffic is delivered to the service API endpoint via?
    • Proxy
    • VPC gateway and interface endpoints use a proxy to pass traffic to the service API endpoint, bypassing the AWS network entirely.
  20. What network interface resource is designed for the highest network performance?
    • EFA (Elastic Fabric Adapter)
    • The EFA exhibits both the highest throughput and the lowest latency of any network interface in AWS.
  21. What is a benefit of deploying a database using Aurora Serverless instead of a single Aurora read/write endpoint?
    • Elasticity
    • Aurora Serverless allows the customer to define lower and upper boundaries for automated scaling of front-end compute resources for the database, and it automatically scales between them according to load.
  22. Which VPC resources lack any security features?
    • IG (Internet Gateway)
    • The Internet Gateway has no built-in features for monitoring, whitelisting, or blacklisting traffic that passes through it.
  23. Definition of the term high availability?
    • The system will continue to function despite the complete failure of any component of the architecture.
    • High availability is a term used to describe resilient architectures that can continue to function after a short outage when a component is lost.
  24. What's the difference between NACL and a security group?
    • Both act like a virtual firewall to protect VPC with in & out bound rules.
    • Security Group - controls access to the EC2 instances and an instance can have multiple Security Groups associated with its network interface
    • NACL controls traffic from a subnet at the network level
    • In each case the a default NACL is created when a subnet is created and a Security Group when an instance is created.
  25. EFS vs EBS
    • EBS limited to 16 TB. EFS no limit.
    • EFS more expensive (for the most part)
    • EBS can only mount to 1 instance
    • EBS 1 AZ
  26. What do the 9's mean?
    Availablity
  27. Define Flow Logs
    • Capture information about traffic (source & destination)
    • Network interfaces (EC2), subnets & VPC
Author
wallyzfb
ID
358764
Card Set
AWS SAA-C02
Description
Updated