1
Q
AWS Well-Architected Framework
A
Helps customers assess and improve their architectures while getting a better understanding of how their design decisions impact their business
2
Q
Five pillars of the AWS Well-Architected Framework:
A
- Security
- Reliability
- Performance efficiency
- Cost Optimization
- Operational excellence
3
Q
Security
A
- A pillar of the AWS Well-Architected Framework
- Encompasses the ability to protect your information systems and assets while delivering business value through risk assessments and mitigation strategies
4
Q
Five areas of cloud security:
A
- Identity and access management (IAM)
- Detective controls
- Infrastructure protection
- Data protection
- Incident response
5
Q
Identity and access management (IAM)
A
- An area of ‘cloud security’
- Ensures only authorized and authenticated users are able to access your resources, and only in the manner you intend for them to use such resources
6
Q
Detective controls
A
- An area of ‘cloud security’
- Used to identify potential security incidents by considering approaches such as capturing or analyzing logs and integrating auditing controls
7
Q
Infrastructure protection
A
- An area of ‘cloud security’
- Ensures systems and services within your architecture are protected against unintended and unauthorized users
- Users can create network boundaries, users/keys/access levels, application firewalls, gateways, etc.
8
Q
Data protection
A
- An area of ‘cloud security’ in which numerous approaches and methods are to consider — including data classification, encryption, data backup, etc.
9
Q
Incident response
A
- An area of ‘cloud security’
- Involves the process to respond to and mitigate potential security threats
- Ensures your architecture is updated to accommodate a timely investigation in recovery
10
Q
‘Security’ design principles:
A
- Implement security at all layers
- Enable traceability
- Apply the principle of least privilege
- Focus on securing your system
- Automate security best practices
11
Q
Implementing security at all layers
A
- A ‘security’ design principle
- Ensures you secure your infrastructure everywhere and at every layer
- In a physical data center, security is typically only considered at the perimeter — AWS enables you to implement security at the perimeter as well as within and between your resources; which ensures your environment and components are secured from each other
12
Q
Enabling traceability
A
A ‘security’ design principle that’s done through logging and auditing all actions or changes to your environment
13
Q
Applying the principle of least privilege
A
- A ‘security’ design principle
- Ensures that authorization in your environment is appropriate and that you are implementing strong logical access controls to your resources
14
Q
Securing your system
A
- A ‘security’ design principle
- Has you focus on securing your application data and operating systems while AWS provides a secure infrastructure and services
15
Q
Automating security best practices
A
- A ‘security’ design principle
- Includes software-based security mechanisms — which are there to improve your ability to securely scale more rapidly and cost-effective
- Best practice is to automate the response to both routine and anomalous security events
- Example — creating and saving a patched, hardened image of a virtual server so that you can use that same image to create a new instance
16
Q
Reliability
A
- A pillar of the AWS Well-Architected Framework
- Encompasses the ability of a system to recover from infrastructure or service failures
- Focuses on the ability to dynamically acquire computing resources to meet demand and mitigate disruptions
17
Q
Three areas that ‘reliability in the cloud’ is composed of:
A
- Foundations
- Change management
- Failure management
18
Q
Foundations
A
- An area that ‘reliability in the cloud’ is composed of
- Your architecture and system must have a well-planned structure so it can handle changes in demand or with requirements and detect failure and automatically heal itself
- Before architecting any infrastructure, it’s critical to look at its structure before construction of the infrastructure
19
Q
Change management
A
- An area that ‘reliability in the cloud’ is composed of
- Fully understanding and being aware of how change affects your system
- Proactively planning and monitoring how your system will accommodate for quick adjustments to change and reliability
20
Q
Failure management
A
- An area that ‘reliability in the cloud’ is composed of
- Anticipating, becoming aware, responding, and preventing failures
- Ability to take advantage of automation with monitoring, replacing systems in your environment, and later troubleshooting failed systems at a low cost; all while still being reliable
21
Q
‘Reliability’ design principles:
A
- Test recovery procedures
- Automatically recover
- Scale horizontally
- Stop guessing capacity
- Manage change in automation
22
Q
Testing recovery procedures
A
- A ‘reliability’ design principle
- The ability to test how systems fail and validate recovery procedures
- Users can simulate and expose different failures and react before real failure occurs
23
Q
Automatically recover
A
- A ‘reliability’ design principle
- Users are able to trigger automated responses when thresholds are breached
- Makes it possible to anticipate and remediate failures before they occur
24
Q
Scaling horizontally
A
- A ‘reliability’ design principle
- All about increasing aggregate system availability
- If you have one large resource, it’s beneficial to replace that large resource with multiple small resources to reduce impact of a single point of failure on the overall system
25
Stop guessing capacity
- A 'reliability' design principle
- The ability to monitor demand, system utilization, and automate the addition or removal of resources
- Ensures you have the optimal level to satisfy demand without over or under-provisioning
26
Managing change in automation
- A 'reliability' design principle
- Changes to architecture and infrastructure should be done via automation --- this way, you're only needing to manage changes to your automation and not every system or resource
27
Performance efficiency
- A pillar of the AWS Well-Architected Framework
- The ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve
28
Four key components of 'performance efficiency' :
- SELECT customizable resources
- REVIEW to continually innovate
- MONITOR available AWS services
- Considering TRADE-OFFS
29
SELECTING customizable resources
- A key component of 'performance efficiency'
- Choosing the best solution to optimize your architecture --- solutions vary based on the type of workload you have
- Resources are virtualized and allow you to customize solutions in different types and configurations
30
REVIEWING to continually innovate
- A key component of 'performance efficiency'
- Deals with continually innovating solutions and taking advantage of newer technologies and approaches that become available
- Newer released products could improve performance efficiency of your architecture
31
MONITORING available AWS services
- A key component of 'performance efficiency'
- After implementing your architecture, you'll need to monitor its performance to ensure you can remediate issues before customers are affected and become aware of them
- Ability to use tools such as CloudWatch, Kinesis, Lambda, etc.
32
Considering TRADE-OFFS
- A key component of 'performance efficiency'
- To ensure an optimal approach, an example is trading for consistency, durability and space --- versus time or latency to ensure you're delivering higher performance
33
'Performance efficiency' design principles:
- Democratize advanced technologies
- Go global in minutes
- Use a serverless architecture
- Experiment more often
- Have mechanical sympathy
34
Democratize advanced technologies
- A 'performance efficiency' design principle
- Technologies difficult to implement can become simpler to consume by pushing knowledge and complexity into the cloud vendors' domain
- Instead of IT teams learning how to host and run new technologies, they can consume it as a service
35
Going global in minutes
- A 'performance efficiency' design principle
- Ability to easily deploy systems in multiple regions around the world while providing lower latency and better experience for customers at a minimal cost
36
Using a serverless architecture
- A 'performance efficiency' design principle
- Removing the need to run and maintain traditional servers for compute activities --- which removes the operational burden and lowers transactional costs
37
Experimenting more often
- A 'performance efficiency' design principle
| - Virtualization allows for quick testing to enhance efficiency
38
Having mechanical sympathy
- A 'performance efficiency' design principle
| - Suggests using a technology approach that best aligns with what you're trying to achieve
39
Cost Optimization
- A pillar of the AWS Well-Architected Framework
- Encompasses the idea that you build and operate cost-aware systems and maximize its ROI
- Includes the continual process of refinement and improvement of a system throughout its entire life cycle
40
Four key components of 'cost optimization' :
- Use cost-effective resources
- Matching supply with demand
- Increase expenditure awareness
- Optimize over time
41
Using cost-effective resources
- A key component of 'cost optimization'
- Using resources to achieve the best outcome at the lowest price point while meeting your functional requirements
- Ensuring your systems are using appropriate services, resources, and configurations is key to cost savings
- Users should focus on details such as provisioning, sizing, and purchasing options to ensure you have the best architecture for your needs
42
Matching supply with demand
- A key component of 'cost optimization'
- Leveraging the elasticity of the architecture to meet demands as they change
- Ability to auto-scale and be notified by alternate services to adjust your supply due to demand changes
43
Increasing expenditure awareness
- A key component of 'cost optimization'
- Being fully aware of spend and cost drivers that are happening
- Ability to see, understand, and break down the current costs, predict future costs, and plan accordingly enhances the cost optimization of your architecture
44
Optimizing over time
- A key component of 'cost optimization'
| - Ability to measure, monitor, and improve your architecture from data collected in the AWS platform
45
'Cost Optimization' design principles:
- Adopt a consumption model
- Measure overall efficiency
- Reduce spending on data center operations
- Analyze and attribute expenditure
- Use managed services
46
Adopting a consumption model
- A 'cost optimization' design principle
| - Paying only for what resources you use and increasing/decreasing depending on business requirements
47
Measuring overall efficiency
- A 'cost optimization' design principle
- Importance to measure business output of systems and costs associated with delivering it, then taking measurements to understand how gains are made from increasing output and reducing costs
48
Reducing spend on data center operations
- A 'cost optimization' design principle
- There's no longer a need to rack and stack power servers --- AWS takes on this burden so you can focus on business projects instead of infrastructure
49
Analyzing and attributing expenditure
- A 'cost optimization' design principle
| - Accurately identifying usage and cost of systems since customer's can measure ROI
50
Using managed services
- A 'cost optimization' design principle
| - It's a suggestion to reduce cost ownership since it removes operational burden of maintaining servers for small tasks
51
Operational excellence
- A pillar of the AWS Well-Architected Framework
| - Focuses on running and monitoring systems to deliver business value in continually improving processes and procedures
52
'Operational excellence' key ideas:
- Manage and automate changes
- Respond to events
- Defining standards to successfully manage daily operations
53
Fault-Tolerance
- The ability of a system to remain operational even if some components of the system fail
- Can be seen as the built-in redundancy of an application's components
54
Fault-Tolerance tools:
- Amazon Simple Queue Service (Amazon SQS)
- Amazon Simple Storage Service (Amazon S3)
- Amazon Relational Database Service (Amazon RDS)
55
Amazon Simple Queue Service (Amazon SQS)
- A 'fault-tolerant' tool
- It's a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications so that your queue is always available
- Can be used as the backbone of your fault-tolerant application
56
Amazon Simple Storage Service (Amazon S3)
- A 'fault-tolerant' tool
- An object storage service that offers industry-leading scalability, data availability, security, and performance
- Provides highly durable and fault-tolerant data storage
- Ability to utilize and only pay for the storage you use
- Stores all of your data redundantly on multiple devices across multiple facilities in a region --- so if there was ever a failure, you will still have access to your information
57
Amazon Relational Database Service (Amazon RDS)
- A 'fault-tolerant' tool
- It's a service that makes it easy to set up, operate, and scale databases in the cloud as it provides cost-efficient and resizable capacity while automating time-consuming administration tasks
- Provides high availability and fault-tolerance by offering several features to enhance the reliability of your critical databases
- Features include --- automated backups, snapshots, and multi-availability zone deployments
58
High Availability
The goal is to ensure your systems are always functioning and accessible, while having downtime minimized as much as possible without the need for human intervention
59
On-Premise availability
Type of availability that is expensive and is typically only ensured on mission-critical applications
60
AWS availability
- Type of availability that has options to expand availability and recoverability among whichever servers you choose
- Ability to ensure high availability on multiple servers, availability zones, regions, and fault-tolerant services
61
'High Availability' service tools:
- Elastic Load Balancer (ELB)
- Elastic IP address
- Amazon Route 53
- Auto Scaling
- Amazon CloudWatch
62
Elastic Load Balancer (ELB)
- It's a 'high availability' service tool
- A service that distributes incoming traffic (loads) among instances, containers, IP addresses, and Lambda functions
- Can send metrics to Amazon CloudWatch
- It can trigger and notify of high latency or if servers become over-utilized
- Can be customized and it can be public or internal-facing
63
Elastic IP address
- It's a 'high availability' service tool
- They are static IP addresses designed for dynamic cloud computing
- Useful in providing greater fault-tolerance for your application
- Allows to mask a failure of an instance or software by allowing users to use the same IP addresses with replacement resources
- Ensures high availability because clients can still access to your application even if your instance were to fail
64
Amazon Route 53
- It's a 'high availability' service tool
- A web service that's designed to give a reliable and cost-effective way to route end users to Internet applications by translating names like (www.example.com) into numeric IP addresses like (192.0.2.1)
- Designed and maintained with the highest level of availability
- Developed to support simple and latency-based routing, health checks, DNS failovers, and geolocation routing --- all these characteristics increase availability of your customer-facing applications
65
Auto Scaling
- It's a 'highly available' service tool
- Launches and terminates instances based on specific conditions
- Designed to assist in building a flexible system that can adjust and be modified depending on changes in customer demand
- Can avoid limitations of manually creating new resources as you can create new resources on demand or have scheduled provisioning
- Ensures applications and systems are always available
66
Amazon CloudWatch
- It's a 'highly available' service tool
- A monitoring service that provides you with data and actionable insights to monitor applications, respond to performance changes, optimize resource utilization, and get a unified view of operational health
- Ability to create and use your own custom metrics
67
Web Hosting
Can easily deploy and maintain your solution using AWS services for compute, storage, database, and application services
68
Common 'web hosting' dilemmas:
- Handling usage peaks cost-efficiently --- but AWS allows you to use on-demand provisioning so you can adjust capacity to meet needs, and only pay for what you use
- Testing resources can be expensive and time-consuming --- but AWS allows you to provision testing fleets when you need them and navigate between pre-production and production environments with minimal interruption
69
Web hosting benefits/features:
- Architecture is cost-effective and scalable --- AWS allows you to launch and use new hosts in minutes during traffic spikes while scaling down when such spikes are over with
- Traditional hosting presents issues with infrastructure design and costs
- What can you host on AWS? --- websites, social media apps, content management systems, etc.
AWS Certified Cloud Practitioner
flashcards
Decks in class (6)
# Cards
