Download AWS SAA Exam Concepts Study Guide: A Comprehensive Overview of Key Services and Features and more Exams Network Programming in PDF only on Docsity!
AWS SAA Exam concepts study guide updated for
easy and guaranteed exam passing
Region Regions in AWS refer to geographical locations around the world where AWS data centers are located. Each region is a separate geographic area that consists of multiple availability zones. AWS regions allow users to deploy resources close to their end-users or in specific geographic locations for compliance purposes. AZ Availability Zones (AZs) in AWS are isolated locations within a region for fault tolerance. They provide redundancy and scalability by ensuring resources are spread across multiple data centers. AZs enable high availability, fault isolation, load balancing, disaster recovery, and compliance with data residency requirements. IAM IAM (Identity and Access Management) is AWS's service for securely managing user access to resources. It controls permissions, supports auditing, and integrates with other AWS services. IAM Users
Individuals or services granted access to AWS resources. Managed via IAM, users have credentials and defined permissions. They can belong to groups for easier management, and their access can be controlled and monitored through policies for security and compliance. IAM Groups Groups allow for easier management of permissions by assigning policies to multiple users simultaneously. This simplifies access control and ensures consistency across users with similar roles or responsibilities. IAM Policies JSON documents defining permissions for IAM users, groups, or roles. They specify what actions can be performed on which resources. Policies can be attached to identities or resources, allowing fine-grained access control and security management within AWS. IAM MFA An extra layer of security for IAM users, requiring an additional verification step beyond username and password, typically a temporary code from a physical or virtual device. MFA strengthens account protection against unauthorized access. Access Keys
IAM entities with temporary credentials that AWS services assume to perform actions on your behalf. These roles enable secure access and simplify permissions management for services like Lambda, EC2, and others, enhancing security and reducing the need for long-term credentials. IAM Security Tools AWS services and features used to enhance the security of IAM (Identity and Access Management). These tools include IAM Access Analyzer, IAM Policy Simulator, and IAM Credentials Report, providing insights, simulations, and monitoring to help secure IAM configurations and permissions effectively. IAM Best Practices These practices include implementing the principle of least privilege, regularly reviewing and auditing permissions, enabling MFA, using IAM roles for temporary access, and leveraging IAM policies and groups for centralized management and consistency. EC A web service that provides resizable compute capacity in the cloud. It allows users to launch virtual servers (instances) and scale capacity up or down as needed. EC instances can be used for a variety of computing tasks, from hosting websites to running complex applications. EC2 User Data
A feature allowing users to pass metadata to EC2 instances during launch. This data can be scripts, commands, or configuration files, enabling automated setup and customization of instances. Useful for tasks such as software installation, configuration, and bootstrapping. EC2 instance types t3.micro: Entry-level instance suitable for low-traffic applications and testing. m5.large: General-purpose instance offering balanced compute, memory, and networking resources. c5.xlarge: Compute-optimized instance designed for CPU-intensive workloads. r5.large: Memory-optimized instance optimized for memory-intensive applications and databases. p3.2xlarge: GPU-accelerated instance ideal for machine learning and graphics processing tasks. Security Groups (EC2) Virtual firewalls controlling inbound and outbound traffic for EC2 instances and other AWS resources. They act as a fundamental layer of security, allowing users to define rules that permit or deny specific types of traffic based on protocols, ports, and IP ranges.
Spot price, instances are terminated with a two-minute notice. Spot Instances are suitable for fault-tolerant, flexible, and cost-effective workloads. Spot Fleet A feature allowing users to provision a collection of Spot Instances, On-Demand Instances, and optionally Reserved Instances or Scheduled Instances, within a single request. Spot Fleets help optimize costs and availability by combining various instance types and pricing models to meet workload requirements efficiently. EC2 Launch Types On-Demand Instances: Pay-as-you-go pricing with no long-term commitments. Reserved Instances: Discounted pricing for 1- or 3-year commitments. Spot Instances: Bid-based pricing for spare AWS capacity, offering potential cost savings. Dedicated Hosts: Physical servers dedicated to your use, offering compliance and licensing benefits. Private vs. Public vs. Elastic IP Private IP: Assigned to instances within a private network, allowing communication within the network but not directly accessible from the internet. Public IP: Assigned to instances allowing direct access from the internet. May change when instance is stopped/started.
Elastic IP: Static IP address that can be attached to and detached from instances. Doesn't change when instance is stopped/started, useful for persistent public access. EC2 Placements Groups Logical grouping of instances within the same Availability Zone, aiming to provide enhanced performance, availability, or affinity. There are three types: Cluster, Spread, and Partition. Cluster maximizes network performance, Spread enhances instance resilience, and Partition optimizes for large distributed workloads. ENI A virtual network interface that can be attached to EC2 instances in a VPC. ENIs can have multiple IPv4 and IPv6 addresses, security groups, and MAC addresses. They enable network communication for instances and provide flexibility in network configuration and management. EC2 Hibernate A feature allowing EC2 instances to be stopped and resumed from their previous state, preserving in-memory data. Hibernate saves instance state to Amazon EBS storage, allowing quick restoration of instance functionality and data upon resume, ideal for long-running applications with volatile data. EBS
General Purpose (SSD): Balanced performance for a wide range of workloads. Provisioned IOPS (SSD): High-performance SSD volumes for I/O-intensive applications. Throughput Optimized (HDD): Low-cost HDD volumes designed for frequently accessed, throughput-intensive workloads. Cold HDD: Lowest-cost HDD volumes for infrequently accessed data. Magnetic (Standard): Legacy magnetic volumes offering a baseline performance level at the lowest cost. EBS Multi-Attach A feature allowing a single EBS volume to be attached to multiple EC2 instances simultaneously. It enables shared access to data across multiple instances, facilitating clustered and distributed applications that require concurrent read and write access to a shared storage volume. EBS Encryption A feature providing data-at-rest encryption for Amazon EBS volumes. It encrypts data stored on EBS volumes using AWS-managed keys or customer-managed keys (CMKs) for enhanced security and compliance with data protection standards. EBS encryption helps safeguard sensitive data and prevent unauthorized access. Amazon EFS A scalable, fully managed file storage service for AWS cloud services and on- premises resources. It provides shared file storage accessible from multiple EC
instances and supports NFSv4 protocol. EFS automatically scales storage capacity and throughput as needed, making it suitable for a wide range of use cases, including content repositories, data sharing, and application storage. EFS vs. EBS EFS (Elastic File System): Shared, scalable file storage for multiple EC2 instances via NFS. Suitable for scenarios requiring shared access across instances, scalability, and elasticity without managing storage provisioning. EBS (Elastic Block Store): Block-level storage volumes attached to individual EC instances. Ideal for applications needing low-latency, high-performance storage with persistence and fine-grained control over volume configuration. High Availability A system design approach aiming to minimize downtime by ensuring continuous operation and accessibility of services. It involves redundancy, fault tolerance, and automated failover mechanisms to mitigate single points of failure and maintain service availability during planned maintenance or unexpected failures. Scalability The ability of a system to handle increasing workload by adapting its capacity without sacrificing performance. It can be achieved through horizontal scaling (adding more instances) or vertical scaling (increasing the resources of existing instances). Scalability ensures that a system can accommodate growth in demand efficiently while maintaining optimal performance and availability.
A type of load balancer designed to manage traffic to third-party virtual appliances (VAs) like firewalls, intrusion detection systems (IDS), and deep packet inspection (DPI) systems. It routes traffic to and from multiple VAs, helping to scale network security and inspection capabilities while maintaining high availability and reliability. ELB Sticky Sessions A feature that enables the load balancer to route subsequent requests from the same client to the same target instance, based on session affinity. Sticky sessions help maintain session state for applications that require it, such as those using cookies or other session-based mechanisms, ensuring consistent user experience and avoiding disruptions due to session changes between requests. Cross Zone Load Balancing A feature that evenly distributes incoming traffic across all healthy instances in all availability zones enabled for the load balancer. This ensures that each instance receives a balanced load regardless of the availability zone it resides in, optimizing performance and resource utilization across the entire fleet of instances. SSL certificates Certificates used to encrypt HTTPS traffic between clients and the load balancer, ensuring secure communication. ELB supports both AWS-managed certificates and custom SSL certificates uploaded to the AWS Certificate Manager (ACM). SSL certificates help protect sensitive data transmitted over the internet and establish trust between clients and the load balancer.
Connection Draining A feature that ensures in-flight requests to instances are completed before they are deregistered or become unhealthy. This helps prevent disruption to clients by allowing ongoing requests to finish gracefully, maintaining reliability and reducing the likelihood of errors during instance updates or failures. Auto Scaling Group (ASG) A feature in AWS that automatically adjusts the number of instances in a group based on demand or predefined metrics. It ensures that the desired number of instances are running to handle incoming traffic, optimizing resource usage and maintaining application availability and performance. Autoscaling policies Rules defining how an Auto Scaling Group adjusts its capacity in response to changing demand or predefined metrics. Target Tracking Scaling: Scales based on a target value for a specific metric, such as CPU utilization or request count per instance. Step Scaling: Scales based on predefined scaling adjustments for various ranges of a metric. Simple Scaling: Scales based on a single scaling adjustment when a specific metric crosses a threshold. Amazon RDS
RDS Security Measures implemented to protect Amazon RDS databases and instances from unauthorized access, data breaches, and other security threats. This includes features such as network security groups, encryption at rest and in transit, IAM database authentication, and regular security updates. RDS security ensures the confidentiality, integrity, and availability of data stored in the database service. RDS Proxy A fully managed database proxy service by AWS designed to improve scalability, availability, and security for applications using Amazon RDS databases. RDS Proxy manages database connections, automatically scales to handle fluctuating workloads, and provides features like connection pooling, read/write splitting, and IAM authentication. It enhances database performance and resilience while simplifying application development and management. Elasticache A fully managed in-memory caching service by AWS that supports popular caching engines such as Redis and Memcached. ElastiCache improves application performance by storing frequently accessed data in-memory, reducing latency and relieving the load on backend databases. It's ideal for use cases requiring low- latency data access and high throughput, such as web applications, session management, and real-time analytics. DNS
A decentralized naming system for computers, services, or any resource connected to the Internet. It translates domain names (like example.com) to IP addresses and vice versa, enabling users to access websites and other online services using human-readable domain names instead of numerical IP addresses. DNS plays a crucial role in internet communication and navigation. Amazon Route 53 is a scalable and highly available Domain Name System (DNS) web service provided by AWS. It enables developers to manage DNS routing for their domains, including domain registration, DNS routing, health checking, and traffic management. Route 53 is designed to ensure low-latency, reliable, and efficient domain resolution for end-users accessing web applications and services. Route 53 -- TTL A setting that specifies the amount of time DNS resolvers should cache DNS records before querying the authoritative DNS servers again. TTL values are configured at the DNS record level in Route 53 and help control how quickly changes to DNS records propagate across the internet. Shorter TTL values result in faster DNS record updates but may increase DNS query volume and latency. CNAME A type of DNS record that maps an alias (or canonical name) to another domain name. CNAME records are useful for creating aliases for specific domains or subdomains, but they cannot be used for the root domain (apex) or other DNS record types like SOA or NS records.
Failover routing Routes traffic to a standby resource if the primary resource is unhealthy. Geolocation Routing Routes traffic based on the geographic location of the request, directing users to the nearest resources. Multivalue Answer Routing Returns multiple healthy records for a single DNS query, allowing clients to choose which resource to connect to. Route 53 Health Checks A feature in Amazon Route 53 that monitors the health and availability of endpoints, such as web servers, load balancers, and other resources. Health checks periodically send requests to endpoints and evaluate the responses to determine their health status. Route 53 Health Checks can be configured with various parameters, including endpoint type, request protocol, response code verification, and failure threshold. They help ensure high availability and reliability by automatically routing traffic away from unhealthy endpoints.
Amazon S A scalable object storage service provided by AWS. S3 allows users to store and retrieve any amount of data, making it suitable for a wide range of use cases such as data backup, archival, content distribution, and data lakes. S3 provides high durability, availability, and scalability, along with features like versioning, encryption, and lifecycle management for managing data effectively. S3 Bucket Policy A JSON-based access policy applied to an S3 bucket, defining permissions for accessing and manipulating objects within the bucket. Bucket policies are used to control access at the bucket level and can specify rules for different operations, such as read, write, and delete. They allow fine-grained control over who can access the bucket and under what conditions, including specifying IP addresses, VPC endpoints, or IAM roles. S3 Website A feature of Amazon S3 that allows users to host static websites directly from S buckets. By configuring a bucket for static website hosting and setting the appropriate permissions, users can serve HTML, CSS, JavaScript, and other static files to web visitors. S3 Website hosting is cost-effective, highly scalable, and integrates seamlessly with other AWS services like Route 53 for DNS management and CloudFront for content delivery. S3 Versioning A feature of Amazon S3 that allows users to keep multiple versions of an object in the same bucket. With versioning enabled, S3 stores every version of an object
