Which AWS service allows users to provision resources?
About a month ago, I successfully passed the exam and secured the the AWS Cloud Practitioner certification. If you are a platform/backend product leader/manager/owner AND your products/services are built using AWS products/services, I strongly encourage you to prepare for and take this certification. It will not only demonstrate that you understand the cloud value proposition and best practices but also give you a better understanding of AWS's different product and services. As the world adopts the cloud-native mindset, don't get left behind! Show
Successful software product managers demonstrate an understanding and ability to influence/challenge cloud-native intents. Here are my quick tips for those of you interested in pursing this.
My study material had 3 areas:
All the Best! And do leave feedback/comment if you find my study tips helpful. Read the following white papers:
Understand all of the concepts below:
SQS, SES, SNS -
Macie, Shield, Inspector, GuardDuty -
AWS Shared Responsibility Model -
IAM -
AWS CLI Access - When working with AWS from the CLI, you need to provide an access key and secret access key SubNetting - The practice of dividing a network into two or more networks is called subnetting. AWS provides two types of subnetting: one is Public, which allows the internet to access the machine, and another is Private, which is hidden from the internet. Security Group - Acts as a virtual firewall for your instance to control inbound and outbound traffic. AWS Acceptable Use Policy - The policy states that penetration testing may be performed by customers on their own instances with prior approval from AWS. S3 - S3 provides high durability storage of objects. S3 Bucket Policy - These specify what actions are allowed or denied for which principals on the bucket that the bucket policy is attached to (e.g., allow user Alice to PUT but not DELETE objects in the bucket). How to Secure AWS Accounts? -
EC2 Instances -
AWS Support Plans - Every plan has billing support and service health checks.
AWS Cost Explorer - Lets you visualize, understand, and manage your AWS costs and usage over time. You can analyze your cost and usage data at a high level (e.g., total costs and usage across all accounts in your organization) or for highly specific requests. Cost and Usage Report - It is looking back on charges accrued, not looking forward and projecting future charges. AWS Cost and Usage reports provide a detailed data set about your AWS billing, delivered to an Amazon Simple Storage Service (Amazon S3) bucket of your choice. You can receive reports that break down your costs by the hour or day, by product or product resource, or by tags that you define yourself. AWS updates the report in your bucket once a day in comma-separated value (CSV) format. You can view the reports using spreadsheet software such as Microsoft Excel or Apache OpenOffice Calc, or access them from an application using the Amazon S3 API. With the AWS Pricing Calculator, you can input the services you will use, and the configuration of those services, and get an estimate of the costs these services will accrue. AWS Pricing Calculator lets you explore AWS services, and create an estimate for the cost of your use cases on AWS. AWS Marketplace - It is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS. Elastic Load Balancer (ELB): Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault-tolerant. It supports 3 kinds of load balancing -
AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups to add an additional layer of security to your VPC. AWS CodeBuild - It is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers. AWS CodeStar - It is a cloud-based service for creating, managing, and working with software development projects on AWS. You can quickly develop, build, and deploy applications on AWS with an AWS CodeStar project. AWS CodePipeline - It is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. This enables you to rapidly and reliably deliver features and updates. AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application’s underlying components. AWS Artifact - On-demand access to AWS security and compliance reports. AWS SOC-2 report is very helpful as it provides implementation and operational excellence of AWS security controls. Instance MetaData - Contains data for EC2 instance such as public keys, ip address, and instance id Cross-Region Replication (CRR) is used to copy objects across Amazon S3 buckets in different AWS Regions. Nothing in the scenario indicates the data needs to be moved across regions. Multipart Upload allows you to upload a single object as a set of parts. After all parts of your object are uploaded, Amazon S3 then presents the data as a single object. You can use a multipart upload for objects from 5 MB to 5 TB in size. Amazon S3 customers are encouraged to use multipart uploads for objects greater than 100 MB. Elasticache - You can use it to store the results of often-used queries, and this will allow quicker retrieval of this data. It allows you to seamlessly set up, run, and scale popular open-Source compatible in-memory data stores in the cloud. Build data-intensive apps or boost the performance of your existing databases by retrieving data from high throughput and low latency in-memory data stores. It is not for delivery. Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. DAX - Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for Amazon DynamoDB that delivers up to a 10 times performance improvement—from milliseconds to microseconds—even at millions of requests per second. AWS Systems Manager Run Command lets you remotely and securely manage the configuration of your managed instances. A managed instance is any EC2 instance or on-premises machine in your hybrid environment that has been configured for Systems Manager. Glacier Deep Archive meets the requirement and is the cheapest option. Amazon S3 Glacier (mins to hours) and S3 Glacier Deep Archive (12 to 48 hours) are a secure, durable, and extremely low-cost Amazon S3 cloud storage classes for data archiving and long-term backup. They are designed to deliver 99.999999999% durability, and provide comprehensive security and compliance capabilities that can help meet even the most stringent regulatory requirements. Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect. Amazon Route 53 is fully compliant with IPv6 as well. Which AWS services provide automatic replication across AZs?
AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from the most widely used commercial and open-source databases. An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses. Amazon Virtual Private Cloud (VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including the selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications. AWS Partner Network - APN Consulting Partners are professional services firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their journey to the cloud. APN Consulting Partners often implement Technology Partner solutions in addition to the professional services they offer. 5 pillars of a well architected framework: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization. Cloud Best Practices -
Desktop as a Service (DaaS) - Your company has decided to use Amazon WorkSpaces. They can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes. Auto Scaling Group can be used to scale out and scale in the instances as the demand dictates. This will save money and avoid having instances sitting idle for long periods of time. AWS Auto Scaling monitors your applications and automatically adjusts your capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it’s easy to set up application scaling for multiple resources across multiple services in minutes. Core Design Principle - Deploying in Multiple Availability zones will protect against downtime should an Availability Zone be lost. AWS Management Console is a web application for managing Amazon Web Services. 6 Advantages of Cloud Computing -
Request a service limit increase - Use the Limits page in the Amazon EC2 console to request an increase in the limits for resources provided by Amazon EC2 or Amazon VPC on a per-Region basis. Which AWS service allows users to provision resources using a consistent and repeatable process?2- AWS CloudFormation provisions your resources in a safe, repeatable manner, allowing you to build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts.
Which AWS service provides users with up to date guidance to help them provision resources in the cloud in accordance with AWS best practices?AWS Trusted Advisor is an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.
Which service creates and provision AWS resources?AWS Service Catalog allows you to create and manage catalogs of services that are approved for use on AWS. AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment.
Which AWS service models and provision resources based on a template?Which AWS service models and provisions resources based on a template in an automated and secure way? AWS CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, Which tier does every APN Partner start in?
|