KEY SERVICES FOR AWS
- EC2
- VPC
- AZs
- IAM
- Keys, Encryptions
- KMS
- AMIs
- S3
- Glacier
- Storage Gateway
- RDS
- DynamoDB
- Elastic Cache
- MySQL
- AuroraDB
- Athena
- Kinesis
- AWS Glue
- Cloud Formation
- Lambda
- Batch
- SNS
- SQS
- Step Functions
- CloudFront
- EBS
- ECS /ECR / Docker / Fargate
- Redshift
- Cloudwatch
- AWS Auto scaling
- Cloud trail
- EFS
EC2
- Dedicated and Scheduled Dedicated Instances
- On-Demand instance costs
- IAM roles used in EC2 to communicate with other services and credential management
- Snapshots
- Instance requests (Spot, reserved etc)
- Instance types
- Tags
- Target group
- Encryption on EC2 EBS file system
- Ephemeral stores and data loss on restarts
VPC
- Availability Zones(AZ)
- Regions
- DR compliance requirements in terms of distance(know when to use AZ and when to use Regions in terms of distance)
- VPC Endpoint
- VPC Peering
- Route table
- Internet gateway
- VPC NAT Instance, gateway
- Elastic IP
- Security Group vs NACLs
- AWS Bastion Host
- AWS Elastic Load Balancing – ELB
- AWS ELB Monitoring
- AWS Application Load Balancer
- AWS Network Load Balancer
S3
- Storage classes — especially S3-OneZone, S3-Infrequent Access
- S3-Infrequent Access but fast retrieval and costs
- Storing video in S3 Storage encryption — SSE-KMS, SSE-C
- Scenarios with strict encryption requirements
- How it can be used to store images that are easily reproducible
- How to efficiently store data for fast retrieval on S3
- Cross-region replication
- Remember that S3 is not a file system. Keep that in mind for questions where you need to select a file system between EFS, EBS and S3
Glacier
- When it is a good and cost-effective alternative to S3 or EBS/EFS
- Data retrieval times
EBS
- Know the difference with EFS
- Encryption on EBS either with AWS or Client master keys
- Know the different storage classes and when to use which(gp2, io1, st1, sc1) — e.g. for a data warehouse on ec2 instances or a legacy app with performance issues
EFS
- Understand the nature of this distributed file system and how it can be shared by hundreds on EC2 instances
- When to use EFS instead of EBS
AWS Security
- Security groups(SG) — the concept of stateful inspection and that they can only allow rules
- Network Access Control Lists(NACL) — the concept of stateless inspection and that they can allow and deny rules
- SGs vs NACLs
- Restricting access between subnets that share the same SGs
Disaster Recovery on AWS
- DR compliance requirements
Hybrid Architectures — On-premise & Cloud
- AWS as the primary site
- On-premise as the primary site
Auto scaling groups
- Scale-out and Scale-in concepts
- Cost optimisation
- High-availability and fault tolerance
Elastic load balancing
- High availability(HA) concepts
- Combination of cost-effective but HA requirements
- Web applications and ALBs for fast scale-out architectures
AWS Lambda
- Building APIs using lambda and API gateway
- Used as Microservices
- Know how lambda scales
- How it can be used in web applications or not
- Know the lambda timeout limits when presented with a solution that will use lambda as a batch data processing component
DynamoDB
- Table partitioning
- Performance and Cost optimisation
- DynamoDB Accelerator (DAX) — in-memory caching to improve performance
- How RCUs and WCUs work per table
- How partition and sort keys work
- How it can store web session data
Elastic Container Service
- Web applications and containers
ElastiCache
- When to use it to improve performance on the Web or Data layer
- When it is not a good choice
RDS — MySQL, Aurora
- Database User Management
- IAM users integration with RDS
- Using SSH to log in to MySQL on RDS
- How read-replicas work and their data consistency
- Multi-AZ database deployments
- Know the concept only of migrating MySQL/Postgres to Aurora
Route53
- Failover/Weighted/Latency routing
- Using DNS failover in a Disaster Recovery scenario
- How Route53 and Load balancing are different in terms of high-availability
SQS
- Stateless web applications
- Decoupling the database from overloading front end requests
CloudFront
- Static and dynamic web sites’ availability around the world
- How to restrict access to the distribution to specific users — signed URLs
CloudFormation
- Nested templates and how they can improve security
CloudWatch
- Review EC2 audit trails by pushing data in CloudWatch
CloudTrail
- How to collect operational logs from AWS services especially EC2 and push to CloudWatch
Kinesis
- Data Analytics and how to use it to run SQL on real-time data
- Firehose, when to use to load large volumes of real-time data
Elastic BeanStalk
- Building an EC2/ELB/Auto-Scaling/RDS alternative requiring minimal administration
- Docker containers on Elastic BeanStalk
AWS IAM
- AWS IAM Role
- IAM Role – Identity Providers and Federation
- IAM Policy and Permissions
- AWS IAM Roles vs Resource-Based Policies
- AWS IAM Best Practices
- AWS Key Management Service – KMS
- AWS Web Application Firewall – WAF
No comments:
Post a Comment