CCP Variation Study
CloudFormation - infrastructure as code, sets up services via templates and scripts. eg. yml, json
CloudTrail - logs all api calls between aws services (who can we blame). eg. aws s3api create-bucket --bucket test-123
CloudFront - Content Distribution Network. it creates a cached copy of our website to edge locations servers and copies to servers located near people trying to download our website
CloudWatch - is a collection of multiple services
CW Logs - any custom log data, memory usage, rails logs, Nginx Logs
CW Metrics - metrics that are based off of logs eg. Memory usage
CW Events - trigger an event based on a condition eg. every hour take snapshot of server.
CW Alarms - triggers notifications based on metrics
CW Dashboard - create visualizations based on metrics
CloudSearch - search engine, we have an ecommerce website and we want to add a search bar.
Direct Connect - Dedicated Fiber optics connections from datacenter to AWS
Amazon Connect - Call Center Service - Get a toll free number, accept inbound and outbound calls, setup automated phone systems.
Media Connect - New Version of Elastic Transcoder - Coverts videos to different video types.
Elastic Transcoder Vs Media Convert
Elastic Transcoder transcodes videos to streaming formats
AWS Elemental MediaConvert
- Transcodes videos to streaming formats
- Overlays images
- Insert videos clips
- Extracts captions data
- Robust UI
SNS Vs SQS
Simple Notification Service (SNS)
- Send Notifications to subscribers of topics via multiple protocol. eg. HTTP, Email, SQS, SMS
- SNS is generally used for sending plain text emails which is triggered via other AWS services. The best example of this is billing alarms.
- Can retry sending in case of failure for HTTPS
- Really good for webhooks, simple internal emails, triggering lambda functions.
Simple Queue Service (SQS) - RabbitMQ, Sidekiq
- Places messages into a queue. Applications pull queue using AWS SDK
- Can retain a message for up to 14 days
- Can send them in sequential order or in parallel
- Can ensure only one message is sent
- Can ensure messages are delivered at least once
- Really good for delayed tasks, queuing up emails.
Inspector Vs Trusted Advisor
Both are security tools and perform audits
- Audits a single EC2 instance.
- Generates a report from a long list of security check.
- Trusted Advisor does not generate out a PDF report
- Gives us a holistic view of recommendations across multiple services and best practices. eg. we have open ports on these security groups OR we should enable MFA on our root account when using trusted advisor.
ALB Vs NLB Vs CLB
Application Load Balancer processes Layer 7 request
- HTTP and HTTPs traffic
- Routing Rules, more usability from one load balancer
- Can attach WAF
Network Load Balancer processes Layer 3,4 TCP/IP data
- TCP and TLS traffic where extreme performance is required
- Capable of handling millions of requests per second while maintaining ultra-low latencies.
- Optimized for sudden and volatile traffic patterns while using a single static IP address per Availability Zone
Classic Load Balancer processes Layer 4 and Layer 7. It is old balancer.
- Intended for applications tat were built within the EC2 Classic Network
- Does not use Target Groups
- All Load Balancers can attached Amazon Certification Manager (ACM) SSL certificate.
SNS Vs SES
Both send Emails
Simple Notification Service
- Send notifications to subscribers of topics via multiple protocol. eg. HTTP, Email, SQS, SMS
- SNS is generally used for sending plain text emails which is triggered via other AWS Services. The best example of this is billing alarms.
- Most exam questions are going to be talking about SNS because lots of services can trigger SNS for notifications.
- We need to know what are topics and subscriptions regarding SNS
Simple Email Service
- A cloud based email service eg. SendGrid
- SES sends html emails. SNS cannot.
- SES can receive inbound emails.
- SES can create Email templates.
- Custom domain name email
- Monitor our email reputation.
Artifact Vs Inspector
Both compile our PDFs.
- Why should an enterprise trust AWS?
- Generates a security report that is based on global compliance frameworks such as;
- Service Organization Control (SOC)
- Payment Card Industry (PCI)
- How do we know this EC2 Instance is Secure?
- Runs a script that analyzes EC2 instance then generates a PDF report telling us which security checks passed.