Tag Archives: AWS Certified Solutions Architect Associate level exam

AWS SWF, Beanstalk, EMR, Cloudfomation revision before the CSA exam

Leave a reply

Quick revision on topics AWS SWF, Beanstalk, EMR, Cloudfomation before appearing AWS Certified Solutions Architect – Associate exam.

This article notes down a few important points about AWS (Amazon Web Services) SWF, Beanstalk, EMR, Cloudfomation. This can be helpful in last-minute revision before appearing for the AWS Certified Solutions Architect – Associate level certification exam.

This is forth part of AWS CSA revision series. Rest of the series listed below :

In this article we are checking out key points about SWF (Simple Work Flow), Beanstalk (App deployment Service), EMR (Elastic MAp Reduce), Cloudfomation (Infrastructure as code).

Recommended read : AWS CSA exam preparation guide

Lets get started :

SWF

  • Max simultaneous workflows executions 1,00,000
  • C++ is not supported in SWF
  • There are three actors :
    • activity workers
    • workflow starters
    • deciders
  • Each workflow runs in the domain which is a collection of tasks.
  • Workflows in different domains can not interact

Beanstalk

  • Scala, WebSphere is not available in Beanstalk
  • Its free service. You will be charged for resources it provisions for your application
  • Supported platforms :
    • Java
    • Ruby
    • Python
    • PHP
    • Node.js
    • .net
    • Go
    • Docker

Cloudfront

  • One AWS account can have 100 CF origin access identities at max.
  • Key pairs are only used for EC2 and CloudFront.
  • All CloudFront URL ends with cloudfront.net
  • Cloudfront origins can be S3 bucket, EC2, webserver in an on-premise datacenter
  • It can serve private content by S3 origin access identifiers, signed URLs, and signed cookies.
  • Limits :
    • Req per sec per distribution : 1,00,000
    • Transfer rate per distribution : 40 Gbps
    • Origins per distribution : 25
    • web distributions per account : 200

AWS Infra

  • Total availability zones currently are 42.
  • The total regions are 16.
  • First 3 services launched by AWS are SQS (2004), S3 (2006), EC2 (later in 2006)

AWS CloudFront, SNS, SQS revision before the CSA exam

Leave a reply

Quick revision on topics AWS CloudFront, SNS, SQS before appearing AWS Certified Solutions Architect – Associate exam.

CloudFront, SNS, SQS revision!

This article notes down a few important points about AWS (Amazon Web Services) CloudFront, SNS, and SQS. This can be helpful in last-minute revision before appearing for the AWS Certified Solutions Architect – Associate level certification exam.

This is third part of AWS CSA revision series. Rest of the series listed below :

In this article, we are checking out key points about CloudFront(CDN Content Delivery Network), SNS (Simple Notification Service), and SQS (Simple Queue Service).

Recommended read : AWS CSA exam preparation guide

Lets get started :

AWS Cloudfront

  • Origin can be S3 bucket or CNAME of Elastic Load Balancer ELB
  • S3 bucket as the origin. URL will be bucket_name.s3-reagion.cloudfront.net
  • Private content sharing with signed URL with an expiration time limit
  • To serve a new object version, create a new distribution, or create invalidation of the old objects. Since invalidation costs, creating new distribution always helps.
  • Limits :
    • 1,00,000 Requests per second per distribution
    • 200 distributions per account
    • 40Gbps speed per distribution
    • 25 origins per distribution
    • 20 GB max file size to serve
  • By default, object expiration is 24 hours. The minimum TTL is 0.

Amazon SNS

  • The latest addition to SNS is Lambda
  • SNS has two clients: Publishers and subscribers
  • Publishers communicate with subscribers by sending messages to the topic.
  • Protocol supported :
    • HTTP
    • HTTPS
    • SMS
    • email
    • email-JSON
    • Amazon SQS
    • AWS Lambda
  • SNS Topic of the same name can be created after 30-60 seconds the previous topic deleted.

Amazon SQS

  • The default visibility timeout is 30 secs. The maximum is 12 hours.
  • Mainly used to decouple your application
  • The default period message stays in queue is 4 days. Min-Max periods are 1 min to 2 weeks.
  • The maximum SQS message size is 256KB.
  • Supports an unlimited number of queues and unlimited messages per queue.
  • Long polling can be done from 1 to 20 secs.

AWS VPC, Route53, IAM revision before the CSA exam

1 Reply

Quick revision on topics AWS VPC, Route53, IAM before appearing AWS Certified Solutions Architect – Associate exam.

VPC, Route53, IAM revision!

This article notes down a few important points about AWS (Amazon Web Services) VPC, Route53, and IAM. This can be helpful in last-minute revision before appearing for the AWS Certified Solutions Architect – Associate level certification exam.

This is the second part of the AWS CSA revision series. Rest of the series listed below :

In this article, we are checking out key points about VPC (Virtual Private Cloud), Route53 (DNS Service) and IAM (Identity and Access Management).

Recommended read : AWS CSA exam preparation guide

Lets get started :

VPC (Virtual Private Cloud)

  • NACL (Network Access Control List) controls traffic security at the subnet level
  • Security groups control traffic security at the instance level
  • NACL is stateless (i.e. all traffic need to exclusively allow) while Security groups are stateful (i.e. response traffic is automatically allowed)
  • Only 1 Internet gateway per VPC is allowed.
  • VPC peering can be done between two AWS accounts or other VPS within the same region.
  • VPC peering is a direct network route between two VPC enabling sharing resources in different subnets.
  • Limits :
    • 5 VPC per region
    • 50 customer gateways per region
    • 200 route table per region
    • 50 entries per route table
    • 5 elastic IP
    • 5 security group per network interface
    • 500 security groups per VPC
    • 50 rules per security group
  • First 4 and last 1 IP of each subnet is reserved by AWS as below :
    • x.x.x.0: Network IP
    • x.x.x.1 : VPC router IP
    • x.x.x.2: For VPC DNS
    • x.x.x.3: For future use
    • x.x.x.255: Broadcast IP

Route 53

  • Can register domain, act as DNS, Check health of resources.
  • Port 53 used to serve request by DNS hence the name route 53!
  • Primarily TCP used to serve DNS request but if the response is more than 512 bytes it will use TCP.
  • Currently supported records :
    • A (address record)
    • AAAA (IPv6 address record)
    • CNAME (canonical name record)
    • MX (mail exchange record)
    • NAPTR (name authority pointer record)
    • NS (name server record)
    • PTR (pointer record)
    • SOA (start of authority record)
    • SPF (sender policy framework)
    • SRV (service locator)
    • TXT (text record)
  • Routing policies :
    • Simple routing: Single resource serving traffic
    • Weighted routing: Divert proportion wise traffic to multiple resources
    • Latency routing: Returns result with the lowest latency to requestor origin
    • Failover routing: Active-passive. One resource takes traffic when the other one is failed
    • Geolocation routing: Returns DNS queries based on the geolocation of the user
  • Limits :
    • 500 hosted zones per AWS account
    • 50 domains per AWS account
  • Ideal TTL values for CNAME to the existing domain are 24 hours and CNAM to S3 or ELB is 1 hour.
  • There is no default TTL for any record type in Route 53. You have to specify TTL for your records.
  • Weights can be assigned as integer 0 to 255. 0 means no weight i.e. don’t route to that record. The probability of routing to be done to a particular record equals to the weight of that record/Sum of all record weights.

IAM (Identity and Access Management)

  • Never use the root account for login. Create an admin user and use it for administrative tasks
  • Created users, groups and roles are global and available across all regions in the same AWS account
  • Prebuilt policy for :
    • Administrator – All access
    • Power-user – Everything administrator has except IAM management access
    • Read-only – Only view access (accounting purpose)
  • By default, the newly created user has normal deny on all AWS resources. Explicit allow will override normal deny.
  • Cross account roles can be defined. It assumes access of other users granted to another user.
  • The public key can be viewed in the account settings anytime. The private key visible only at the time of creation.  If lost can not be retrieved and need to create fresh key pair to use.

AWS EC2, S3, RDS revision before the CSA exam

Leave a reply

Quick revision on topics AWS EC2, S3, RDS before appearing AWS Certified Solutions Architect – Associate exam.

EC2, S3, RDS revision!

This article notes down a few important points about AWS (Amazon Web Services) EC2, S3, and RDS. This can be helpful in last-minute revision before appearing for the AWS Certified Solutions Architect – Associate level certification exam.

This is first part of AWS CSA revision series. Rest of the series listed below :

In this article, we are checking out key points about EC2 (Elastic Compute Cloud), S3 (Simple Storage Service) and RDS (Relational Database Service).

Recommended read : AWS CSA exam preparation guide

Lets get started :

EC2 (Elastic Compute Cloud)

  • Its an AWS service that provides scalable virtual servers in cloud.
  • Pricing models are Reserved instances, On-demand instances, and spot instances.
  • Reserved are less costly since you reserve in advance by paying partial or full.
  • On-demand ones are costliest. But their launching depends on current available capacity in that zone
  • Spot instances are bidding unused instances in the Amazon marketplace (cheapest of all). They are allocated and withdrawn according to your bid price.
  • Max 20 running and 20 shut-down instances can exist per account.
  • AMI is Amazon Machine Image used to deploy/install the pre-configured OS on EC2 instances.
  • Instance store backed volumes are ephemeral storage and lost their data once the instance is off
  • EBS (Elastic Block Store) volumes hold data permanently regardless of instance state.
  • EBS volume size: Min 1 GiB, Max 16384 GiB (16 Tib)
  • EBS volume can be attached to 1 instance at a time. It cannot be attached to an instance in a different availability zone.
  • EBS : 3 IOPS per GiB with a minimum of 100 IOPS, burstable to 3000 IOPS
  • EBS Provisioned IOPS. 50:1 ratio to be maintained.
  • RAID 5 and RAID 6 are not recommended for EBS by AWS.
  • IOPS are measures in chucks of 256KB or smaller.
  • EC2-Classic is a deprecated service. Exist in accounts before 24 Dec 2013.
  • The default session timeout for ELB is 60 sec.
  • 5 Elastic IPs per region only.
  • Key pairs are used by EC2 and CloudFront only.
  • SAML URL https://signin.aws.amazon.com/saml
  • Maximum 2 key pairs can be kept per user.
  • Elastic Load Balancer ELB modes :
    • Idle connection timeout
    • Cross zone load balancing
    • Connection draining
    • Proxy protocol
    • Sticky session
    • Health checks
  • Auto Scaling plans :
    • Current instant levels
    • Manual scaling
    • Dynamic scaling
    • Scheduled scaling
  • ELB session timeout is 60 sec.
  • Timeout for connection draining in ELB is 1 sec to 3600 sec. The default is 300 sec.

S3 (Simple Storage Service)

  • objects (files) are stored in buckets. All root folders are buckets and must have a unique name across all AWS infra
  • Unlimited storage and high availability by default
  • 99.999999999% (Eleven 9’s) durability and 99.99% availability for data stored on S3
  • User can enable AES-256 encryption for data at rest
  • Versioning can be enabled but can not be disabled. It can only be suspended then.
  • Life cycle policies can be defined for deletion or archival.
  • The glacier is a low-cost storage option for archiving data. Data in and out of Glacier takes hours or days.
  • Glacier costs 1 cent / 1 GB for a year.
  • Object size : min 0 bytes, max 5 TB
  • Object more than 100MB must use the multipart upload function
  • All regions support read after write consistency for PUTS (new object) and eventual consistency for PUTS (overwrite) & DELETE.
  • The object always stays within the region and synced across all availability zones.
  • The S3 infrequent access (S3-IA) storage class has object durability of 99.999999999% and availability of 99.90%
  • Max object size in a single put is 5GB.

RDS (Relation Database Service)

  • Its fully managed database service in the cloud.
  • Supported databases: Oracle, MySQL, PostgreSQL, MS SQL, Aurora (Amazon homegrown SQL DB)
  • Scale underlying hardware automatically
  • Support read replicas of SQL based DB
  • Disk space : min 5GB, max 3TB
  • Default database port: 3306
  • RDS backup retention policy : 0 days min (no backup) to 35 days max.

DynamoDB

  • Dynamodb supports in-place atomic updates
  • Dynamodb defaults in the US west Oregon region.
  • Max 1MB of data can be retrieved in the single query operation.
  •