Skip to content

aws-cloud practitioner

Exam-prepare:

https://zhuanlan.zhihu.com/p/295326042

https://www.w3schools.com/aws/aws_cloudessentials_awscert.php

practice tests from ExamTopics and Whizlabs

官方考纲:

https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf

introduction

EC2: Elastic Compute Cloud

Cloud computing: The on-demand delivery of IT resources over the internet with pay-as-you-go pricing.

cloud computing deployment models:

  • cloud-based
  • on-premises, also known as a private cloud deployment
  • hybrid

For example, you can launch Amazon Elastic Compute Cloud (Amazon EC2) instances when needed and pay only for the compute time you use. Instead of paying for resources that are unused or dealing with limited capacity, you can access only the capacity that you need, and scale in or out in response to demand.

I guess its different from 阿里云和腾讯云的服务器?

Compute in the cloud

instance types

  • General purpose instances
  • Compute optimized instances
  • Memory optimized instances
  • Accelerated computing instances
  • Storage optimized instances

pricing

  • On-Demand

  • Amazon EC2 Savings Plans

committing to a consistent amount of compute usage for a 1-year or 3-year term.

  • Reserved Instances

  • Spot Instances (computed can be interrupted)

Spot Instances use unused Amazon EC2 computing capacity. They are ideal for workloads with flexible start and end times, or that can withstand interruptions, like a data processing job.

  • Dedicated Hosts

To begin with, Reserved Instances are based on the commitment to use an instance at a particular price over a specific period, while Savings Plans are based on the commitment to spend a particular dollar amount per hour over a specific period.

Messaging and queuing

其实就是消息分发中间服务啦

tightly coupled architecture[monolithic application] v.s. loosely coupled architecture [microservices approach]

  • Amazon Simple Notification Service (Amazon SNS) is a publish/subscribe service. Using Amazon SNS topics, a publisher publishes messages to subscribers.
  • Amazon Simple Queue Service (Amazon SQS) is a message queuing service. (饭店插在针上的小票订单其实就是一个基础的 queue service)

Global Infrastrure And Reliability

Regions: A physical location around the world where we cluster data centers.

Availability Zones: An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region.

Availability Zones

amazon Cloudfront

edge locations: An edge location is a site that Amazon CloudFront uses to store cached copies of your content closer to your customers for faster delivery.

AWS Outpost: a mini

Networking

VPC

Virtual Private Cloud: Establish boundaries around your AWS resources.

subnets

  • Virtual private gateway: Create a VPN(virtual private network) connection between the VPC and the internal corporate network
  • AWS Direct Connect: Establish a dedicated connection between the on-premises data center and the VPC
  • Private subnet
  • Public subnet
  • ACL(Network control list) v.s. Security groups: The former is a virtual firewall that controls inbound and outbound traffic at the subnet level with stateless performace, while the latter is a virtual firewall that controls inbound and outbound traffic for an smaller Amazon EC2 instance with stateful performance.

global networking

Amazon Route 53: a DNS web service

Storage

An instance store provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.

Intsance Store Volumes -> attached to Hypevisor AWS host, which can change between stops and starts of an EC2 instance

For long-lasting storage:

  • Amazon EBS (Elastic Block Store): A service that provides block-level storage volumes that you can use with Amazon EC2 instances.

  • Amazon S3 (Simple Storage Service)

Web enabled; Regionally distributed; Offer cost savings; Serverless

  • S3 standard
  • S3 Standard-Infrequent Access (S3 Standard-IA)
  • S3 One Zone-Infrequent Access (S3 One Zone-IA)
  • S3 Intelligent-Tiering (automatically moves an object to its access tier based on access frequency)
  • S3 glacier (for data archiving) 冰川之意
  • S3 glacier Deep Archive(retrieve 的时间更长)

Object Storage (save the file as a whole) v.s. Block Storage (break files into blocks, better for a bunch of micro edits)

  • Amazon EFS (Elastic File System)

  • Multiple instances reading and writing simultaneously

  • Linux file system
  • Regional resource

  • Automatically scales

  • Amazon Aurora: An Amazon enterprise-class relational database.

  • Amazon RDS (Relational Database Service)

  • Amazon DynamoDB (A non-relational database)

Security

  • Shared responsibility model
  • MFA(multi-factor authentication)

Best practice:

Do not use the root user for everyday tasks.

Instead, use the root user to create your first IAM user and assign it permissions to create other users.

  • IAM user / IAM group /IAM roles (access to services or resources needs to be granted temporarily, instead of long-term)
  • Service control policies (SCPs) - AWS Organizations - Account management
  • DoS: Denial-of-service
  • DDoS: Distributed denial-of-service (which means many Dos hh)
  • UDP Flood:Low-level brutal force attack/ reflection attack -> security groups, AWS network level
  • HTTP Level Attacks:
  • Slowloris Attack: Elastic load balancer
  • Amazon GuardDuty: A service that provides intelligent threat detection for your AWS environment and resources

Monitoring and analytics

  • Amazon cloud watch (Monitor your resources’ utilization and performance, performance metrics, logs)
  • AWS CloudTrail: Track user/account activities, records API calls for your account

Pricing

  • Some services offer tiered pricing / per-unit cost is incrementally lower with increased usage.

Migration and innovation

Snow Family: 居然还有卡车来搬数据!

The cloud journey

The AWS well-architected framework

v.s. on-premises data center

  • The five pillars of the AWS Well-Architected Framework:
  • Operational excellence
  • Security
  • Reliability
  • Performance efficiency
  • Cost optimization
  • Six advantages of cloud computing:
  • Trade upfront expense for variable expense.
  • Benefit from massive economies of scale.
  • Stop guessing capacity.
  • Increase speed and agility.
  • Stop spending money running and maintaining data centers.
  • Go global in minutes.

Exam

Exam-guide

  • What kind of database is AWS DynamoDB? ✅ NoSQL database ❎ Document database
  • What is AWS EC2? ✅ AWS EC2 is a virtual server in the AWS Cloud ❎ AWS EC2 is a serverless compute service
  • Which perspective of the AWS Cloud Adoption Framework focuses on minimizing the business risks? ✅ Governance Perspective
  • Which pillar of the AWS Well-Architected Framework focuses on recovering from service or infrastructure disruptions? ✅ Reliability
  • AWS Artifact is a service that provides access to AWS security and complicance reports. ✅
  • CloudWatch is a monitoring service that monitors your resources, and configures automatic alarms. ✅
  • Which AWS service do you need to use to get complete history of user activity? ✅ AWS CloudTrail
  • If an instance store reboots, does the data in the instance persist? ✅
  • What does AWS Marketplace allows you to do? AWS Marketplace lets you list and sell software
  • With Dedicated Hosts, a physical server is dedicated for your use. Reserved Instances are not physical instances. Reserved Instances are a billing discount applied to the use of On-Demand Instances in your account.
  • spot plan: can be interrupted, price is uncertain
  • AWS Pricing Calculator VS Cost Explorer: The latter can only forecast your costs based on your previous usage. While the former means a price menu.
  • Network ACL vs Security Group: The former works at a subnet level, while the latter works at an EC2 instance level.

Needs to refresh:

  • five pillars

  • AWS CAF - Cloud Adoption Framework

  • There are actually only a handful of services that are considered as global services such as IAM, STS, Route 53, CloudFront and WAF. For Zonal services, the examples are EC2 Instance and EBS Volumes where they are tied to the Availability Zone where they were launched. Take note that although EBS Volumes are considered as a zonal service, the EBS snapshots are considered as a regional since it is not tied to a specific Availability Zone. The rest of the services are regional in scope.